Jeff Thompson | 25b4e61 | 2013-10-10 16:03:24 -0700 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 2 | /** |
Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 3 | * Copyright (C) 2013 Regents of the University of California. |
| 4 | * @author: Jeff Thompson <jefft0@remap.ucla.edu> |
Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 5 | * See COPYING for copyright and distribution information. |
| 6 | */ |
| 7 | |
| 8 | #ifndef NDN_KEY_CHAIN_HPP |
Jeff Thompson | 2d27e2f | 2013-08-09 12:55:00 -0700 | [diff] [blame] | 9 | #define NDN_KEY_CHAIN_HPP |
Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 10 | |
Jeff Thompson | 7a67cb6 | 2013-08-26 11:43:18 -0700 | [diff] [blame] | 11 | #include "../data.hpp" |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 12 | #include "../face.hpp" |
| 13 | #include "identity/identity-manager.hpp" |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 14 | #include "encryption/encryption-manager.hpp" |
Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 15 | |
| 16 | namespace ndn { |
| 17 | |
Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 18 | class PolicyManager; |
| 19 | |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 20 | /** |
| 21 | * An OnVerified function object is used to pass a callback to verifyData to report a successful verification. |
| 22 | */ |
| 23 | typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>& data)> OnVerified; |
| 24 | |
| 25 | /** |
| 26 | * An OnVerifyFailed function object is used to pass a callback to verifyData to report a failed verification. |
| 27 | */ |
Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 28 | typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>& data)> OnVerifyFailed; |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 29 | |
Jeff Thompson | ffa36f9 | 2013-09-20 08:42:41 -0700 | [diff] [blame] | 30 | /** |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 31 | * Keychain is the main class of the security library. |
Jeff Thompson | ffa36f9 | 2013-09-20 08:42:41 -0700 | [diff] [blame] | 32 | * |
| 33 | * The Keychain class provides a set of interfaces to the security library such as identity management, policy configuration |
| 34 | * and packet signing and verification. |
| 35 | */ |
Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 36 | class KeyChain { |
| 37 | public: |
Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 38 | KeyChain |
| 39 | (const ptr_lib::shared_ptr<IdentityManager>& identityManager, const ptr_lib::shared_ptr<PolicyManager>& policyManager); |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 40 | |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 41 | /***************************************** |
| 42 | * Identity Management * |
| 43 | *****************************************/ |
| 44 | |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 45 | /** |
| 46 | * Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. |
| 47 | * @param identityName The name of the identity. |
| 48 | * @return The key name of the auto-generated KSK of the identity. |
| 49 | */ |
| 50 | Name |
| 51 | createIdentity(const Name& identityName) |
| 52 | { |
| 53 | return identityManager_->createIdentity(identityName); |
| 54 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 55 | |
| 56 | /** |
| 57 | * Get the default identity. |
| 58 | * @return The default identity name. |
| 59 | */ |
| 60 | Name |
| 61 | getDefaultIdentity() |
| 62 | { |
| 63 | return identityManager_->getDefaultIdentity(); |
| 64 | } |
| 65 | |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 66 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 67 | * Generate a pair of RSA keys for the specified identity. |
| 68 | * @param identityName The name of the identity. |
| 69 | * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK). |
| 70 | * @param keySize The size of the key. |
| 71 | * @return The generated key name. |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 72 | */ |
| 73 | Name |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 74 | generateRSAKeyPair(const Name& identityName, bool isKsk = false, int keySize = 2048) |
| 75 | { |
| 76 | return identityManager_->generateRSAKeyPair(identityName, isKsk, keySize); |
| 77 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 78 | |
| 79 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 80 | * Set a key as the default key of an identity. |
| 81 | * @param keyName The name of the key. |
| 82 | * @param identityName the name of the identity. If not specified, the identity name is inferred from the keyName. |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 83 | */ |
| 84 | void |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 85 | setDefaultKeyForIdentity(const Name& keyName, const Name& identityName = Name()) |
| 86 | { |
| 87 | return identityManager_->setDefaultKeyForIdentity(keyName, identityName); |
| 88 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 89 | |
| 90 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 91 | * Generate a pair of RSA keys for the specified identity and set it as default key for the identity. |
| 92 | * @param identityName The name of the identity. |
| 93 | * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK). |
| 94 | * @param keySize The size of the key. |
| 95 | * @return The generated key name. |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 96 | */ |
| 97 | Name |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 98 | generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 2048) |
| 99 | { |
| 100 | return identityManager_->generateRSAKeyPairAsDefault(identityName, isKsk, keySize); |
| 101 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 102 | |
| 103 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 104 | * Create a public key signing request. |
| 105 | * @param keyName The name of the key. |
| 106 | * @returns The signing request data. |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 107 | */ |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 108 | Blob |
| 109 | createSigningRequest(const Name& keyName) |
| 110 | { |
| 111 | return identityManager_->getPublicKey(keyName)->getKeyDer(); |
| 112 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 113 | |
| 114 | /** |
Jeff Thompson | b63abf5 | 2013-10-04 11:23:34 -0700 | [diff] [blame] | 115 | * Install an identity certificate into the public key identity storage. |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 116 | * @param certificate The certificate to to added. |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 117 | */ |
| 118 | void |
Jeff Thompson | b63abf5 | 2013-10-04 11:23:34 -0700 | [diff] [blame] | 119 | installIdentityCertificate(const Certificate& certificate) |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 120 | { |
| 121 | identityManager_->addCertificate(certificate); |
| 122 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 123 | |
| 124 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 125 | * Set the certificate as the default for its corresponding key. |
| 126 | * @param certificateName The name of the certificate. |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 127 | */ |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 128 | void |
| 129 | setDefaultCertificateForKey(const Name& certificateName) |
| 130 | { |
| 131 | identityManager_->setDefaultCertificateForKey(certificateName); |
| 132 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 133 | |
| 134 | /** |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 135 | * Get a certificate with the specified name. |
| 136 | * @param certificateName The name of the requested certificate. |
| 137 | * @return the requested certificate. |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 138 | */ |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 139 | ptr_lib::shared_ptr<Certificate> |
| 140 | getCertificate(const Name& certificateName) |
| 141 | { |
| 142 | return identityManager_->getCertificate(certificateName); |
| 143 | } |
| 144 | |
| 145 | /** |
| 146 | * Get a certificate even if the certificate is not valid anymore. |
| 147 | * @param certificateName The name of the requested certificate. |
| 148 | * @return the requested certificate. |
| 149 | */ |
| 150 | ptr_lib::shared_ptr<Certificate> |
| 151 | getAnyCertificate(const Name& certificateName) |
| 152 | { |
| 153 | return identityManager_->getAnyCertificate(certificateName); |
| 154 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 155 | |
| 156 | /** |
| 157 | * Revoke a key |
| 158 | * @param keyName the name of the key that will be revoked |
| 159 | */ |
| 160 | void |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 161 | revokeKey(const Name & keyName) |
| 162 | { |
| 163 | //TODO: Implement |
| 164 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 165 | |
| 166 | /** |
| 167 | * Revoke a certificate |
| 168 | * @param certificateName the name of the certificate that will be revoked |
| 169 | */ |
| 170 | void |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 171 | revokeCertificate(const Name & certificateName) |
| 172 | { |
| 173 | //TODO: Implement |
| 174 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 175 | |
| 176 | /***************************************** |
| 177 | * Policy Management * |
| 178 | *****************************************/ |
| 179 | |
| 180 | const ptr_lib::shared_ptr<PolicyManager>& |
| 181 | getPolicyManager() { return policyManager_; } |
| 182 | |
| 183 | /***************************************** |
| 184 | * Sign/Verify * |
| 185 | *****************************************/ |
| 186 | |
Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 187 | /** |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 188 | * Wire encode the Data object, sign it and set its signature. |
Jeff Thompson | ade5b1e | 2013-08-09 12:16:45 -0700 | [diff] [blame] | 189 | * Note: the caller must make sure the timestamp is correct, for example with |
Jeff Thompson | fec716d | 2013-09-11 13:54:36 -0700 | [diff] [blame] | 190 | * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0). |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 191 | * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding. |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 192 | * @param certificateName The certificate name of the key to use for signing. If omitted, infer the signing identity from the data packet name. |
Jeff Thompson | 8d24fe1 | 2013-09-18 15:54:51 -0700 | [diff] [blame] | 193 | * @param wireFormat A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat(). |
Jeff Thompson | 3c73da4 | 2013-08-12 11:19:05 -0700 | [diff] [blame] | 194 | */ |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 195 | void |
Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 196 | sign(Data& data, const Name& certificateName, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat()); |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 197 | |
Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 198 | /** |
| 199 | * Wire encode the Data object, sign it and set its signature. |
| 200 | * Note: the caller must make sure the timestamp is correct, for example with |
| 201 | * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0). |
| 202 | * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding. |
| 203 | * @param identityName The identity name for the key to use for signing. If omitted, infer the signing identity from the data packet name. |
| 204 | * @param wireFormat A WireFormat object used to encode the input. If omitted, use WireFormat getDefaultWireFormat(). |
| 205 | */ |
| 206 | void |
| 207 | signByIdentity(Data& data, const Name& identityName = Name(), WireFormat& wireFormat = *WireFormat::getDefaultWireFormat()); |
Jeff Thompson | 3c73da4 | 2013-08-12 11:19:05 -0700 | [diff] [blame] | 208 | |
| 209 | /** |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 210 | * Check the signature on the Data object and call either onVerify or onVerifyFailed. |
| 211 | * We use callback functions because verify may fetch information to check the signature. |
Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 212 | * @param data The Data object with the signature to check. It is an error if data does not have a wireEncoding. |
| 213 | * To set the wireEncoding, you can call data.wireDecode. |
| 214 | * @param onVerified If the signature is verified, this calls onVerified(data). |
| 215 | * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data). |
Jeff Thompson | 8efe5ad | 2013-08-20 17:36:38 -0700 | [diff] [blame] | 216 | */ |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 217 | void |
Jeff Thompson | 7c5d231 | 2013-09-25 16:07:15 -0700 | [diff] [blame] | 218 | verifyData |
| 219 | (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount = 0); |
Jeff Thompson | 8efe5ad | 2013-08-20 17:36:38 -0700 | [diff] [blame] | 220 | |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 221 | /***************************************** |
| 222 | * Encrypt/Decrypt * |
| 223 | *****************************************/ |
| 224 | |
| 225 | /** |
| 226 | * Generate a symmetric key. |
| 227 | * @param keyName The name of the generated key. |
| 228 | * @param keyType The type of the key, e.g. KEY_TYPE_AES |
| 229 | */ |
| 230 | void |
| 231 | generateSymmetricKey(const Name& keyName, KeyType keyType) |
| 232 | { |
| 233 | encryptionManager_->createSymmetricKey(keyName, keyType); |
| 234 | } |
| 235 | |
| 236 | /** |
| 237 | * Encrypt a byte array. |
| 238 | * @param keyName The name of the encrypting key. |
| 239 | * @param data The byte array that will be encrypted. |
| 240 | * @param dataLength The length of data. |
| 241 | * @param useSymmetric If true then symmetric encryption is used, otherwise asymmetric encryption is used. |
| 242 | * @param encryptMode the encryption mode |
| 243 | * @return the encrypted data as an immutable Blob. |
| 244 | */ |
| 245 | Blob |
| 246 | encrypt(const Name &keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = true, |
| 247 | EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT) |
| 248 | { |
| 249 | return encryptionManager_->encrypt(keyName, data, dataLength, useSymmetric, encryptMode); |
| 250 | } |
| 251 | |
| 252 | /** |
| 253 | * Decrypt a byte array. |
| 254 | * @param keyName The name of the decrypting key. |
| 255 | * @param data The byte array that will be decrypted. |
| 256 | * @param dataLength The length of data. |
| 257 | * @param useSymmetric If true then symmetric encryption is used, otherwise asymmetric encryption is used. |
| 258 | * @param encryptMode the encryption mode |
| 259 | * @return the decrypted data as an immutable Blob. |
| 260 | */ |
| 261 | Blob |
| 262 | decrypt(const Name &keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = true, |
| 263 | EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT) |
| 264 | { |
| 265 | return encryptionManager_->decrypt(keyName, data, dataLength, useSymmetric, encryptMode); |
| 266 | } |
| 267 | |
Jeff Thompson | 8efe5ad | 2013-08-20 17:36:38 -0700 | [diff] [blame] | 268 | /** |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 269 | * Set the Face which will be used to fetch required certificates. |
| 270 | * @param face A pointer to the Face object. |
Jeff Thompson | 1e90d8c | 2013-08-12 16:09:25 -0700 | [diff] [blame] | 271 | */ |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 272 | void |
| 273 | setFace(Face* face) { face_ = face; } |
| 274 | |
| 275 | private: |
Jeff Thompson | 40f361a | 2013-09-25 13:12:48 -0700 | [diff] [blame] | 276 | ptr_lib::shared_ptr<IdentityManager> identityManager_; |
Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 277 | ptr_lib::shared_ptr<PolicyManager> policyManager_; |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 278 | ptr_lib::shared_ptr<EncryptionManager> encryptionManager_; |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 279 | Face* face_; |
| 280 | const int maxSteps_; |
Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 281 | }; |
| 282 | |
| 283 | } |
| 284 | |
| 285 | #endif |