blob: 97db9d8a863cd97ffc2043ebd0fd2f7baad8567e [file] [log] [blame]
Jeff Thompson25b4e612013-10-10 16:03:24 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
Jeff Thompson47c93cf2013-08-09 00:38:48 -07002/**
Jeff Thompson7687dc02013-09-13 11:54:07 -07003 * Copyright (C) 2013 Regents of the University of California.
4 * @author: Jeff Thompson <jefft0@remap.ucla.edu>
Jeff Thompson47c93cf2013-08-09 00:38:48 -07005 * See COPYING for copyright and distribution information.
6 */
7
8#ifndef NDN_KEY_CHAIN_HPP
Jeff Thompson2d27e2f2013-08-09 12:55:00 -07009#define NDN_KEY_CHAIN_HPP
Jeff Thompson47c93cf2013-08-09 00:38:48 -070010
Jeff Thompson7a67cb62013-08-26 11:43:18 -070011#include "../data.hpp"
Jeff Thompson2ce8f492013-09-17 18:01:25 -070012#include "../face.hpp"
13#include "identity/identity-manager.hpp"
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070014#include "encryption/encryption-manager.hpp"
Jeff Thompson47c93cf2013-08-09 00:38:48 -070015
16namespace ndn {
17
Jeff Thompson29ce3102013-09-27 11:47:48 -070018class PolicyManager;
19
Jeff Thompson2ce8f492013-09-17 18:01:25 -070020/**
21 * An OnVerified function object is used to pass a callback to verifyData to report a successful verification.
22 */
23typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>& data)> OnVerified;
24
25/**
26 * An OnVerifyFailed function object is used to pass a callback to verifyData to report a failed verification.
27 */
Jeff Thompson29ce3102013-09-27 11:47:48 -070028typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>& data)> OnVerifyFailed;
Jeff Thompson2ce8f492013-09-17 18:01:25 -070029
Jeff Thompsonffa36f92013-09-20 08:42:41 -070030/**
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070031 * Keychain is the main class of the security library.
Jeff Thompsonffa36f92013-09-20 08:42:41 -070032 *
33 * The Keychain class provides a set of interfaces to the security library such as identity management, policy configuration
34 * and packet signing and verification.
35 */
Jeff Thompson47c93cf2013-08-09 00:38:48 -070036class KeyChain {
37public:
Jeff Thompson29ce3102013-09-27 11:47:48 -070038 KeyChain
39 (const ptr_lib::shared_ptr<IdentityManager>& identityManager, const ptr_lib::shared_ptr<PolicyManager>& policyManager);
Jeff Thompson2ce8f492013-09-17 18:01:25 -070040
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070041 /*****************************************
42 * Identity Management *
43 *****************************************/
44
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070045 /**
46 * Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.
47 * @param identityName The name of the identity.
48 * @return The key name of the auto-generated KSK of the identity.
49 */
50 Name
51 createIdentity(const Name& identityName)
52 {
53 return identityManager_->createIdentity(identityName);
54 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070055
56 /**
57 * Get the default identity.
58 * @return The default identity name.
59 */
60 Name
61 getDefaultIdentity()
62 {
63 return identityManager_->getDefaultIdentity();
64 }
65
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070066 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -070067 * Generate a pair of RSA keys for the specified identity.
68 * @param identityName The name of the identity.
69 * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
70 * @param keySize The size of the key.
71 * @return The generated key name.
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070072 */
73 Name
Jeff Thompsone7e069b2013-09-27 15:48:48 -070074 generateRSAKeyPair(const Name& identityName, bool isKsk = false, int keySize = 2048)
75 {
76 return identityManager_->generateRSAKeyPair(identityName, isKsk, keySize);
77 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070078
79 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -070080 * Set a key as the default key of an identity.
81 * @param keyName The name of the key.
82 * @param identityName the name of the identity. If not specified, the identity name is inferred from the keyName.
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070083 */
84 void
Jeff Thompsone7e069b2013-09-27 15:48:48 -070085 setDefaultKeyForIdentity(const Name& keyName, const Name& identityName = Name())
86 {
87 return identityManager_->setDefaultKeyForIdentity(keyName, identityName);
88 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070089
90 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -070091 * Generate a pair of RSA keys for the specified identity and set it as default key for the identity.
92 * @param identityName The name of the identity.
93 * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
94 * @param keySize The size of the key.
95 * @return The generated key name.
Jeff Thompson79a2d5d2013-09-27 14:32:23 -070096 */
97 Name
Jeff Thompsone7e069b2013-09-27 15:48:48 -070098 generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 2048)
99 {
100 return identityManager_->generateRSAKeyPairAsDefault(identityName, isKsk, keySize);
101 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700102
103 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700104 * Create a public key signing request.
105 * @param keyName The name of the key.
106 * @returns The signing request data.
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700107 */
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700108 Blob
109 createSigningRequest(const Name& keyName)
110 {
111 return identityManager_->getPublicKey(keyName)->getKeyDer();
112 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700113
114 /**
Jeff Thompsonb63abf52013-10-04 11:23:34 -0700115 * Install an identity certificate into the public key identity storage.
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700116 * @param certificate The certificate to to added.
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700117 */
118 void
Jeff Thompsonb63abf52013-10-04 11:23:34 -0700119 installIdentityCertificate(const Certificate& certificate)
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700120 {
121 identityManager_->addCertificate(certificate);
122 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700123
124 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700125 * Set the certificate as the default for its corresponding key.
126 * @param certificateName The name of the certificate.
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700127 */
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700128 void
129 setDefaultCertificateForKey(const Name& certificateName)
130 {
131 identityManager_->setDefaultCertificateForKey(certificateName);
132 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700133
134 /**
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700135 * Get a certificate with the specified name.
136 * @param certificateName The name of the requested certificate.
137 * @return the requested certificate.
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700138 */
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700139 ptr_lib::shared_ptr<Certificate>
140 getCertificate(const Name& certificateName)
141 {
142 return identityManager_->getCertificate(certificateName);
143 }
144
145 /**
146 * Get a certificate even if the certificate is not valid anymore.
147 * @param certificateName The name of the requested certificate.
148 * @return the requested certificate.
149 */
150 ptr_lib::shared_ptr<Certificate>
151 getAnyCertificate(const Name& certificateName)
152 {
153 return identityManager_->getAnyCertificate(certificateName);
154 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700155
156 /**
157 * Revoke a key
158 * @param keyName the name of the key that will be revoked
159 */
160 void
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700161 revokeKey(const Name & keyName)
162 {
163 //TODO: Implement
164 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700165
166 /**
167 * Revoke a certificate
168 * @param certificateName the name of the certificate that will be revoked
169 */
170 void
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700171 revokeCertificate(const Name & certificateName)
172 {
173 //TODO: Implement
174 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700175
176 /*****************************************
177 * Policy Management *
178 *****************************************/
179
180 const ptr_lib::shared_ptr<PolicyManager>&
181 getPolicyManager() { return policyManager_; }
182
183 /*****************************************
184 * Sign/Verify *
185 *****************************************/
186
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700187 /**
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700188 * Wire encode the Data object, sign it and set its signature.
Jeff Thompsonade5b1e2013-08-09 12:16:45 -0700189 * Note: the caller must make sure the timestamp is correct, for example with
Jeff Thompsonfec716d2013-09-11 13:54:36 -0700190 * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700191 * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding.
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700192 * @param certificateName The certificate name of the key to use for signing. If omitted, infer the signing identity from the data packet name.
Jeff Thompson8d24fe12013-09-18 15:54:51 -0700193 * @param wireFormat A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
Jeff Thompson3c73da42013-08-12 11:19:05 -0700194 */
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700195 void
Jeff Thompson29ce3102013-09-27 11:47:48 -0700196 sign(Data& data, const Name& certificateName, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700197
Jeff Thompson29ce3102013-09-27 11:47:48 -0700198 /**
199 * Wire encode the Data object, sign it and set its signature.
200 * Note: the caller must make sure the timestamp is correct, for example with
201 * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
202 * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding.
203 * @param identityName The identity name for the key to use for signing. If omitted, infer the signing identity from the data packet name.
204 * @param wireFormat A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat().
205 */
206 void
207 signByIdentity(Data& data, const Name& identityName = Name(), WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
Jeff Thompson3c73da42013-08-12 11:19:05 -0700208
209 /**
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700210 * Check the signature on the Data object and call either onVerify or onVerifyFailed.
211 * We use callback functions because verify may fetch information to check the signature.
Jeff Thompson29ce3102013-09-27 11:47:48 -0700212 * @param data The Data object with the signature to check. It is an error if data does not have a wireEncoding.
213 * To set the wireEncoding, you can call data.wireDecode.
214 * @param onVerified If the signature is verified, this calls onVerified(data).
215 * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
Jeff Thompson8efe5ad2013-08-20 17:36:38 -0700216 */
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700217 void
Jeff Thompson7c5d2312013-09-25 16:07:15 -0700218 verifyData
219 (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount = 0);
Jeff Thompson8efe5ad2013-08-20 17:36:38 -0700220
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700221 /*****************************************
222 * Encrypt/Decrypt *
223 *****************************************/
224
225 /**
226 * Generate a symmetric key.
227 * @param keyName The name of the generated key.
228 * @param keyType The type of the key, e.g. KEY_TYPE_AES
229 */
230 void
231 generateSymmetricKey(const Name& keyName, KeyType keyType)
232 {
233 encryptionManager_->createSymmetricKey(keyName, keyType);
234 }
235
236 /**
237 * Encrypt a byte array.
238 * @param keyName The name of the encrypting key.
239 * @param data The byte array that will be encrypted.
240 * @param dataLength The length of data.
241 * @param useSymmetric If true then symmetric encryption is used, otherwise asymmetric encryption is used.
242 * @param encryptMode the encryption mode
243 * @return the encrypted data as an immutable Blob.
244 */
245 Blob
246 encrypt(const Name &keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = true,
247 EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT)
248 {
249 return encryptionManager_->encrypt(keyName, data, dataLength, useSymmetric, encryptMode);
250 }
251
252 /**
253 * Decrypt a byte array.
254 * @param keyName The name of the decrypting key.
255 * @param data The byte array that will be decrypted.
256 * @param dataLength The length of data.
257 * @param useSymmetric If true then symmetric encryption is used, otherwise asymmetric encryption is used.
258 * @param encryptMode the encryption mode
259 * @return the decrypted data as an immutable Blob.
260 */
261 Blob
262 decrypt(const Name &keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = true,
263 EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT)
264 {
265 return encryptionManager_->decrypt(keyName, data, dataLength, useSymmetric, encryptMode);
266 }
267
Jeff Thompson8efe5ad2013-08-20 17:36:38 -0700268 /**
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700269 * Set the Face which will be used to fetch required certificates.
270 * @param face A pointer to the Face object.
Jeff Thompson1e90d8c2013-08-12 16:09:25 -0700271 */
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700272 void
273 setFace(Face* face) { face_ = face; }
274
275private:
Jeff Thompson40f361a2013-09-25 13:12:48 -0700276 ptr_lib::shared_ptr<IdentityManager> identityManager_;
Jeff Thompson29ce3102013-09-27 11:47:48 -0700277 ptr_lib::shared_ptr<PolicyManager> policyManager_;
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700278 ptr_lib::shared_ptr<EncryptionManager> encryptionManager_;
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700279 Face* face_;
280 const int maxSteps_;
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700281};
282
283}
284
285#endif