Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / e64788e1998d648e928aa4e50517f5135dd24958 / . / include / ndn-cpp / security / key-chain.hpp
blob: c39736e8e7f1ae9649bc1f09d7491bbc74d48dab [file] [log] [blame]
Jeff Thompson25b4e612013-10-10 16:03:24 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]2/**
Jeff Thompson7687dc02013-09-13 11:54:07 -0700[diff] [blame]3 * Copyright (C) 2013 Regents of the University of California.
Jeff Thompsonba16b8f2013-12-16 13:11:47 -0800[diff] [blame]4 * @author: Yingdi Yu <yingdi@cs.ucla.edu>
Jeff Thompson7687dc02013-09-13 11:54:07 -0700[diff] [blame]5 * @author: Jeff Thompson <jefft0@remap.ucla.edu>
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]6 * See COPYING for copyright and distribution information.
7 */
8
9#ifndef NDN_KEY_CHAIN_HPP
Jeff Thompson2d27e2f2013-08-09 12:55:00 -0700[diff] [blame]10#define NDN_KEY_CHAIN_HPP
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]11
Jeff Thompson7a67cb62013-08-26 11:43:18 -0700[diff] [blame]12#include "../data.hpp"
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]13#include "../face.hpp"
14#include "identity/identity-manager.hpp"
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]15#include "encryption/encryption-manager.hpp"
Jeff Thompsonba16b8f2013-12-16 13:11:47 -0800[diff] [blame]16#include "policy/validation-request.hpp"
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]17
18namespace ndn {
19
Jeff Thompson29ce3102013-09-27 11:47:48 -0700[diff] [blame]20class PolicyManager;
21
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]22/**
Jeff Thompsonba16b8f2013-12-16 13:11:47 -0800[diff] [blame]23 * KeyChain is the main class of the security library.
Jeff Thompsonffa36f92013-09-20 08:42:41 -0700[diff] [blame]24 *
Jeff Thompsonba16b8f2013-12-16 13:11:47 -0800[diff] [blame]25 * The KeyChain class provides a set of interfaces to the security library such as identity management, policy configuration
Jeff Thompsonffa36f92013-09-20 08:42:41 -0700[diff] [blame]26 * and packet signing and verification.
27 */
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]28class KeyChain {
29public:
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]30 struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} };
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]31
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]32 KeyChain(const ptr_lib::shared_ptr<IdentityManager> &identityManager = DefaultIdentityManager,
33 const ptr_lib::shared_ptr<PolicyManager> &policyManager = DefaultPolicyManager,
34 const ptr_lib::shared_ptr<EncryptionManager> &encryptionManager = DefaultEncryptionManager);
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]35
36 /**
37 * @brief Set the Face which will be used to fetch required certificates.
38 * @param face A pointer to the Face object.
39 *
40 * Setting face is necessary for keychain operation that involve fetching data.
41 */
42 void
43 setFace(const ptr_lib::shared_ptr<Face> &face) { face_ = face; }
44
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]45 /*****************************************
46 * Identity Management *
47 *****************************************/
48
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]49 inline IdentityManager&
50 identities()
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]51 {
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]52 if (!identityManager_)
53 throw Error("IdentityManager is not assigned to the KeyChain");
54
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]55 return *identityManager_;
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]56 }
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]57
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]58 /*****************************************
59 * Policy Management *
60 *****************************************/
61
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]62 inline PolicyManager&
63 policies()
64 {
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]65 if (!policyManager_)
66 throw Error("PolicyManager is not assigned to the KeyChain");
67
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]68 return *policyManager_;
69 }
70
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]71 /*****************************************
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]72 * Encryption Management *
73 *****************************************/
74
75 inline EncryptionManager&
76 encryption()
77 {
78 if (!encryptionManager_)
79 throw Error("EncryptionManager is not assigned to the KeyChain");
80
81 return *encryptionManager_;
82 }
83
84 /*****************************************
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]85 * Sign/Verify *
86 *****************************************/
87
Alexander Afanasyeve64788e2014-01-05 22:38:21 -0800[diff] [blame^]88 inline void
89 sign(Data& data);
90
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]91 /**
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]92 * Wire encode the Data object, sign it and set its signature.
Jeff Thompsonade5b1e2013-08-09 12:16:45 -0700[diff] [blame]93 * Note: the caller must make sure the timestamp is correct, for example with
Jeff Thompsonfec716d2013-09-11 13:54:36 -0700[diff] [blame]94 * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]95 * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding.
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700[diff] [blame]96 * @param certificateName The certificate name of the key to use for signing. If omitted, infer the signing identity from the data packet name.
Jeff Thompson3c73da42013-08-12 11:19:05 -0700[diff] [blame]97 */
Alexander Afanasyeve64788e2014-01-05 22:38:21 -0800[diff] [blame^]98 inline void
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]99 sign(Data& data, const Name& certificateName);
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]100
Jeff Thompson29ce3102013-09-27 11:47:48 -0700[diff] [blame]101 /**
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700[diff] [blame]102 * Sign the byte array using a certificate name and return a Signature object.
103 * @param buffer The byte array to be signed.
104 * @param bufferLength the length of buffer.
105 * @param certificateName The certificate name used to get the signing key and which will be put into KeyLocator.
106 * @return The Signature.
107 */
Alexander Afanasyeve64788e2014-01-05 22:38:21 -0800[diff] [blame^]108 inline Signature
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700[diff] [blame]109 sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName);
110
111 /**
Jeff Thompson29ce3102013-09-27 11:47:48 -0700[diff] [blame]112 * Wire encode the Data object, sign it and set its signature.
113 * Note: the caller must make sure the timestamp is correct, for example with
114 * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
115 * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding.
116 * @param identityName The identity name for the key to use for signing. If omitted, infer the signing identity from the data packet name.
Jeff Thompson29ce3102013-09-27 11:47:48 -0700[diff] [blame]117 */
118 void
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]119 signByIdentity(Data& data, const Name& identityName = Name());
Jeff Thompson3c73da42013-08-12 11:19:05 -0700[diff] [blame]120
121 /**
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700[diff] [blame]122 * Sign the byte array using an identity name and return a Signature object.
123 * @param buffer The byte array to be signed.
124 * @param bufferLength the length of buffer.
125 * @param identityName The identity name.
126 * @return The Signature.
127 */
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]128 Signature
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700[diff] [blame]129 signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);
130
131 /**
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]132 * Check the signature on the Data object and call either onVerify or onVerifyFailed.
133 * We use callback functions because verify may fetch information to check the signature.
Jeff Thompson29ce3102013-09-27 11:47:48 -0700[diff] [blame]134 * @param data The Data object with the signature to check. It is an error if data does not have a wireEncoding.
135 * To set the wireEncoding, you can call data.wireDecode.
136 * @param onVerified If the signature is verified, this calls onVerified(data).
137 * @param onVerifyFailed If the signature check fails, this calls onVerifyFailed(data).
Jeff Thompson8efe5ad2013-08-20 17:36:38 -0700[diff] [blame]138 */
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]139 void
Jeff Thompson7c5d2312013-09-25 16:07:15 -0700[diff] [blame]140 verifyData
141 (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount = 0);
Jeff Thompson8efe5ad2013-08-20 17:36:38 -0700[diff] [blame]142
Jeff Thompson79a2d5d2013-09-27 14:32:23 -0700[diff] [blame]143 /*****************************************
144 * Encrypt/Decrypt *
145 *****************************************/
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]146 // todo
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]147
148public:
149 static const ptr_lib::shared_ptr<IdentityManager> DefaultIdentityManager;
150 static const ptr_lib::shared_ptr<PolicyManager> DefaultPolicyManager;
151 static const ptr_lib::shared_ptr<EncryptionManager> DefaultEncryptionManager;
152
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]153private:
Jeff Thompsoncda349e2013-11-05 17:37:39 -0800[diff] [blame]154 void
155 onCertificateData
156 (const ptr_lib::shared_ptr<const Interest> &interest, const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
157
158 void
159 onCertificateInterestTimeout
160 (const ptr_lib::shared_ptr<const Interest> &interest, int retry, const OnVerifyFailed& onVerifyFailed,
161 const ptr_lib::shared_ptr<Data> &data, ptr_lib::shared_ptr<ValidationRequest> nextStep);
162
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]163private:
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]164 ptr_lib::shared_ptr<IdentityManager> identityManager_;
165 ptr_lib::shared_ptr<PolicyManager> policyManager_;
166 ptr_lib::shared_ptr<EncryptionManager> encryptionManager_;
167
Alexander Afanasyev64a3d812014-01-05 23:35:05 -0800[diff] [blame]168 ptr_lib::shared_ptr<Face> face_;
169
Jeff Thompson2ce8f492013-09-17 18:01:25 -0700[diff] [blame]170 const int maxSteps_;
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]171};
172
Alexander Afanasyeve64788e2014-01-05 22:38:21 -0800[diff] [blame^]173void
174KeyChain::sign(Data& data)
175{
176 identities().sign(data);
177}
178
179void
180KeyChain::sign(Data& data, const Name& certificateName)
181{
182 identities().signByCertificate(data, certificateName);
183}
184
185Signature
186KeyChain::sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
187{
188 return identities().signByCertificate(buffer, bufferLength, certificateName);
189}
190
Jeff Thompson47c93cf2013-08-09 00:38:48 -0700[diff] [blame]191}
192
193#endif