security: Move KeyChain to security::v1 namespace and deprecated it
Change-Id: Ic4b6915ca15998a83b410f3f8fac027f797ee7ca
Refs: #3098
diff --git a/src/face.cpp b/src/face.cpp
index 430f65e..9f78680 100644
--- a/src/face.cpp
+++ b/src/face.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,7 +23,6 @@
#include "detail/face-impl.hpp"
#include "encoding/tlv.hpp"
-#include "security/key-chain.hpp"
#include "security/signing-helpers.hpp"
#include "util/time.hpp"
#include "util/random.hpp"
diff --git a/src/face.hpp b/src/face.hpp
index 6c6c957..1940928 100644
--- a/src/face.hpp
+++ b/src/face.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -31,6 +31,7 @@
#include "encoding/nfd-constants.hpp"
#include "lp/nack.hpp"
#include "security/signing-info.hpp"
+#include "security/key-chain.hpp"
#define NDN_FACE_KEEP_DEPRECATED_REGISTRATION_SIGNING
@@ -52,11 +53,6 @@
class RegisteredPrefixId;
class InterestFilterId;
-namespace security {
-class KeyChain;
-} // namespace security
-using security::KeyChain;
-
namespace nfd {
class Controller;
} // namespace nfd
diff --git a/src/mgmt/dispatcher.cpp b/src/mgmt/dispatcher.cpp
index a7f4a06..a7fac52 100644
--- a/src/mgmt/dispatcher.cpp
+++ b/src/mgmt/dispatcher.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -44,7 +44,7 @@
};
}
-Dispatcher::Dispatcher(Face& face, security::KeyChain& keyChain,
+Dispatcher::Dispatcher(Face& face, security::v1::KeyChain& keyChain,
const security::SigningInfo& signingInfo,
size_t imsCapacity)
: m_face(face)
diff --git a/src/mgmt/dispatcher.hpp b/src/mgmt/dispatcher.hpp
index b19aba6..7df61f7 100644
--- a/src/mgmt/dispatcher.hpp
+++ b/src/mgmt/dispatcher.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -145,7 +145,7 @@
* \param signingInfo signing parameters to sign Data with \p keyChain
* \param imsCapacity capacity of the internal InMemoryStorage used by dispatcher
*/
- Dispatcher(Face& face, security::KeyChain& keyChain,
+ Dispatcher(Face& face, security::v1::KeyChain& keyChain,
const security::SigningInfo& signingInfo = security::SigningInfo(),
size_t imsCapacity = 256);
@@ -462,7 +462,7 @@
std::unordered_map<Name, TopPrefixEntry> m_topLevelPrefixes;
Face& m_face;
- security::KeyChain& m_keyChain;
+ security::v1::KeyChain& m_keyChain;
security::SigningInfo m_signingInfo;
typedef std::unordered_map<PartialName, InterestHandler> HandlerMap;
diff --git a/src/mgmt/nfd/controller.cpp b/src/mgmt/nfd/controller.cpp
index cfb7956..4ccb895 100644
--- a/src/mgmt/nfd/controller.cpp
+++ b/src/mgmt/nfd/controller.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -36,7 +36,7 @@
const uint32_t Controller::ERROR_LBOUND = 400;
ValidatorNull Controller::s_validatorNull;
-Controller::Controller(Face& face, KeyChain& keyChain, Validator& validator)
+Controller::Controller(Face& face, security::v1::KeyChain& keyChain, Validator& validator)
: m_face(face)
, m_keyChain(keyChain)
, m_validator(validator)
diff --git a/src/mgmt/nfd/controller.hpp b/src/mgmt/nfd/controller.hpp
index 3d3808c..aa4b285 100644
--- a/src/mgmt/nfd/controller.hpp
+++ b/src/mgmt/nfd/controller.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -27,11 +27,11 @@
#include "status-dataset.hpp"
#include "command-options.hpp"
#include "../../security/validator-null.hpp"
+#include "../../security/key-chain.hpp"
namespace ndn {
namespace security {
-class KeyChain;
class Validator;
} // namespace security
class Face;
@@ -66,7 +66,7 @@
/** \brief construct a Controller that uses face for transport,
* and uses the passed KeyChain to sign commands
*/
- Controller(Face& face, security::KeyChain& keyChain, security::Validator& validator = s_validatorNull);
+ Controller(Face& face, security::v1::KeyChain& keyChain, security::Validator& validator = s_validatorNull);
/** \brief start command execution
*/
@@ -170,7 +170,7 @@
protected:
Face& m_face;
- security::KeyChain& m_keyChain;
+ security::v1::KeyChain& m_keyChain;
security::Validator& m_validator;
private:
diff --git a/src/security/key-chain.hpp b/src/security/key-chain.hpp
index 4f43139..31b26ea 100644
--- a/src/security/key-chain.hpp
+++ b/src/security/key-chain.hpp
@@ -17,951 +17,23 @@
* <http://www.gnu.org/licenses/>.
*
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- *
- * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
*/
-#ifndef NDN_SECURITY_KEY_CHAIN_HPP
-#define NDN_SECURITY_KEY_CHAIN_HPP
+/**
+ * @file security/key-chain.hpp
+ */
-#include "sec-public-info.hpp"
-#include "sec-tpm.hpp"
-#include "key-params.hpp"
-#include "secured-bag.hpp"
-#include "signature-sha256-with-rsa.hpp"
-#include "signature-sha256-with-ecdsa.hpp"
-#include "digest-sha256.hpp"
-#include "signing-info.hpp"
-
-#include "../interest.hpp"
-#include "../util/crypto.hpp"
-#include "../util/random.hpp"
-#include <initializer_list>
+#include "security-common.hpp"
+#include "v1/key-chain.hpp"
+#include "v2/key-chain.hpp"
namespace ndn {
namespace security {
-/**
- * @brief The packet signing interface.
- */
-class KeyChain : noncopyable
-{
-public:
- class Error : public std::runtime_error
- {
- public:
- explicit
- Error(const std::string& what)
- : std::runtime_error(what)
- {
- }
- };
-
- /**
- * @brief Error thrown when the supplied TPM locator to KeyChain constructor does not match
- * the locator stored in PIB
- */
- class MismatchError : public Error
- {
- public:
- explicit
- MismatchError(const std::string& what)
- : Error(what)
- {
- }
- };
-
- typedef function<unique_ptr<SecPublicInfo> (const std::string&)> PibCreateFunc;
- typedef function<unique_ptr<SecTpm>(const std::string&)> TpmCreateFunc;
-
- /**
- * @brief Register a new PIB
- * @param aliases List of schemes with which this PIB will be associated.
- * The first alias in the list is considered a canonical name of the PIB instance.
- */
- template<class PibType>
- static void
- registerPib(std::initializer_list<std::string> aliases);
-
- /**
- * @brief Register a new TPM
- * @param aliases List of schemes with which this TPM will be associated
- * The first alias in the list is considered a canonical name of the TPM instance.
- */
- template<class TpmType>
- static void
- registerTpm(std::initializer_list<std::string> aliases);
-
- /**
- * @brief Get default PIB locator
- */
- static std::string
- getDefaultPibLocator();
-
- /**
- * @brief Create a PIB according to @p pibLocator
- */
- static unique_ptr<SecPublicInfo>
- createPib(const std::string& pibLocator);
-
- /**
- * @brief Get default TPM locator
- */
- static std::string
- getDefaultTpmLocator();
-
- /**
- * @brief Create a TPM according to @p tpmLocator
- */
- static unique_ptr<SecTpm>
- createTpm(const std::string& tpmLocator);
-
- /**
- * @brief Constructor to create KeyChain with default PIB and TPM
- *
- * Default PIB and TPM are platform-dependent and can be overriden system-wide or on
- * per-use basis.
- *
- * @todo Add detailed description about config file behavior here
- */
- KeyChain();
-
- /**
- * @brief KeyChain constructor
- *
- * @sa http://redmine.named-data.net/issues/2260
- *
- * @param pibLocator PIB locator
- * @param tpmLocator TPM locator
- * @param allowReset if true, the PIB will be reset when the supplied tpmLocator
- * mismatches the one in PIB
- */
- KeyChain(const std::string& pibLocator,
- const std::string& tpmLocator,
- bool allowReset = false);
-
- virtual
- ~KeyChain();
-
- /**
- * @brief Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a
- * self-signed certificate of the KSK.
- *
- * @param identityName The name of the identity.
- * @param params The key parameter if a key needs to be generated for the identity.
- * @return The name of the default certificate of the identity.
- */
- Name
- createIdentity(const Name& identityName, const KeyParams& params = DEFAULT_KEY_PARAMS);
-
- /**
- * @brief Generate a pair of RSA keys for the specified identity.
- *
- * @param identityName The name of the identity.
- * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
- * @param keySize The size of the key.
- * @return The generated key name.
- * @see generateEcdsaKeyPair
- */
- Name
- generateRsaKeyPair(const Name& identityName, bool isKsk = false, uint32_t keySize = 2048);
-
- /**
- * @brief Generate a pair of ECDSA keys for the specified identity.
- *
- * @param identityName The name of the identity.
- * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
- * @param keySize The size of the key.
- * @return The generated key name.
- * @see generateRsaKeyPair
- */
- Name
- generateEcdsaKeyPair(const Name& identityName, bool isKsk = false, uint32_t keySize = 256);
-
- /**
- * @brief Generate a pair of RSA keys for the specified identity and set it as default key for
- * the identity.
- *
- * @param identityName The name of the identity.
- * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
- * @param keySize The size of the key.
- * @return The generated key name.
- * @see generateRsaKeyPair, generateEcdsaKeyPair, generateEcdsaKeyPairAsDefault
- */
- Name
- generateRsaKeyPairAsDefault(const Name& identityName, bool isKsk = false, uint32_t keySize = 2048);
-
- /**
- * @brief Generate a pair of ECDSA keys for the specified identity and set it as default key for
- * the identity.
- *
- * @param identityName The name of the identity.
- * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
- * @param keySize The size of the key.
- * @return The generated key name.
- * @see generateRsaKeyPair, generateEcdsaKeyPair, generateRsaKeyPairAsDefault
- */
- Name
- generateEcdsaKeyPairAsDefault(const Name& identityName, bool isKsk = false, uint32_t keySize = 256);
-
- /**
- * @brief prepare an unsigned identity certificate
- *
- * @param keyName Key name, e.g., `/<identity_name>/ksk-123456`.
- * @param signingIdentity The signing identity.
- * @param notBefore Refer to v1::IdentityCertificate.
- * @param notAfter Refer to v1::IdentityCertificate.
- * @param subjectDescription Refer to v1::IdentityCertificate.
- * @param certPrefix Prefix before `KEY` component. By default, KeyChain will infer the
- * certificate name according to the relation between the signingIdentity and
- * the subject identity. If signingIdentity is a prefix of the subject identity,
- * `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted
- * after subject identity (i.e., before `ksk-....`).
- * @return v1::IdentityCertificate.
- */
- shared_ptr<v1::IdentityCertificate>
- prepareUnsignedIdentityCertificate(const Name& keyName,
- const Name& signingIdentity,
- const time::system_clock::TimePoint& notBefore,
- const time::system_clock::TimePoint& notAfter,
- const std::vector<security::v1::CertificateSubjectDescription>& subjectDescription,
- const Name& certPrefix = DEFAULT_PREFIX);
-
- /**
- * @brief prepare an unsigned identity certificate
- *
- * @param keyName Key name, e.g., `/<identity_name>/ksk-123456`.
- * @param publicKey Public key to sign.
- * @param signingIdentity The signing identity.
- * @param notBefore Refer to v1::IdentityCertificate.
- * @param notAfter Refer to v1::IdentityCertificate.
- * @param subjectDescription Refer to v1::IdentityCertificate.
- * @param certPrefix Prefix before `KEY` component. By default, KeyChain will infer the
- * certificate name according to the relation between the signingIdentity and
- * the subject identity. If signingIdentity is a prefix of the subject identity,
- * `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted
- * after subject identity (i.e., before `ksk-....`).
- * @return v1::IdentityCertificate.
- */
- shared_ptr<v1::IdentityCertificate>
- prepareUnsignedIdentityCertificate(const Name& keyName,
- const v1::PublicKey& publicKey,
- const Name& signingIdentity,
- const time::system_clock::TimePoint& notBefore,
- const time::system_clock::TimePoint& notAfter,
- const std::vector<security::v1::CertificateSubjectDescription>& subjectDescription,
- const Name& certPrefix = DEFAULT_PREFIX);
-
- /**
- * @brief Sign data according to the supplied signing information
- *
- * This method uses the supplied signing information @p params to create the SignatureInfo block:
- * - it selects a private key and its certificate to sign the packet
- * - sets the KeyLocator field with the certificate name, and
- * - adds other requested information to the SignatureInfo block).
- *
- * After that, the method assigns the created SignatureInfo to the data packets, generate a
- * signature and sets as part of the SignatureValue block.
- *
- * @param data The data to sign
- * @param params The signing parameters.
- * @throws Error if signing fails.
- * @see SigningInfo
- */
- void
- sign(Data& data, const SigningInfo& params = DEFAULT_SIGNING_INFO);
-
- /**
- * @brief Sign interest according to the supplied signing information
- *
- * This method uses the supplied signing information @p params to create the SignatureInfo block:
- * - it selects a private key and its certificate to sign the packet
- * - sets the KeyLocator field with the certificate name, and
- * - adds other requested information to the SignatureInfo block).
- *
- * After that, the method appends the created SignatureInfo to the interest name, generate a
- * signature and appends it as part of the SignatureValue block to the interest name.
- *
- * @param interest The interest to sign
- * @param params The signing parameters.
- * @throws Error if signing fails.
- * @see SigningInfo
- */
- void
- sign(Interest& interest, const SigningInfo& params = DEFAULT_SIGNING_INFO);
-
- /**
- * @brief Sign buffer according to the supplied signing information
- *
- * @param buffer The buffer to sign
- * @param bufferLength The buffer size
- * @param params The signing parameters.
- * @return a SignatureValue TLV block
- * @throws Error if signing fails.
- * @see SigningInfo
- */
- Block
- sign(const uint8_t* buffer, size_t bufferLength, const SigningInfo& params);
-
- /**
- * @deprecated use sign sign(T&, const SigningInfo&)
- * @brief Sign packet with a particular certificate.
- *
- * @param packet The packet to be signed.
- * @param certificateName The certificate name of the key to use for signing.
- * @throws SecPublicInfo::Error if certificate does not exist.
- */
- template<typename T>
- void
- sign(T& packet, const Name& certificateName);
-
- /**
- * @deprecated Use sign(const uint8_t*, size_t, const SigningInfo&) instead
- * @brief Sign the byte array using a particular certificate.
- *
- * @param buffer The byte array to be signed.
- * @param bufferLength the length of buffer.
- * @param certificateName The certificate name of the signing key.
- * @return The Signature.
- * @throws SecPublicInfo::Error if certificate does not exist.
- */
- Signature
- sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName);
-
- /**
- * @deprecated use sign sign(T&, const SigningInfo&)
- * @brief Sign packet using the default certificate of a particular identity.
- *
- * If there is no default certificate of that identity, this method will create a self-signed
- * certificate.
- *
- * @param packet The packet to be signed.
- * @param identityName The signing identity name.
- */
- template<typename T>
- void
- signByIdentity(T& packet, const Name& identityName);
-
- /**
- * @deprecated use sign(const uint8_t*, size_t, const SigningInfo&) instead
- * @brief Sign the byte array using the default certificate of a particular identity.
- *
- * @param buffer The byte array to be signed.
- * @param bufferLength the length of buffer.
- * @param identityName The identity name.
- * @return The Signature.
- */
- Signature
- signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);
-
- /**
- * @deprecated use sign(Data&, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256))
- * @brief Set Sha256 weak signature for @p data
- */
- void
- signWithSha256(Data& data);
-
- /**
- * @deprecated use sign(Interest&, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256))
- * @brief Set Sha256 weak signature for @p interest
- */
- void
- signWithSha256(Interest& interest);
-
- /**
- * @brief Generate a self-signed certificate for a public key.
- *
- * @param keyName The name of the public key
- * @return The generated certificate, shared_ptr<v1::IdentityCertificate>() if selfSign fails
- */
- shared_ptr<v1::IdentityCertificate>
- selfSign(const Name& keyName);
-
- /**
- * @brief Self-sign the supplied identity certificate.
- *
- * @param cert The supplied cert.
- * @throws SecTpm::Error if the private key does not exist.
- */
- void
- selfSign(v1::IdentityCertificate& cert);
-
- /**
- * @brief delete a certificate.
- *
- * @param certificateName The certificate to be deleted.
- * @throws KeyChain::Error if certificate cannot be deleted.
- */
- void
- deleteCertificate(const Name& certificateName);
-
- /**
- * @brief delete a key.
- *
- * @param keyName The key to be deleted.
- * @throws KeyChain::Error if key cannot be deleted.
- */
- void
- deleteKey(const Name& keyName);
-
- /**
- * @brief delete an identity.
- *
- * @param identity The identity to be deleted.
- * @throws KeyChain::Error if identity cannot be deleted.
- */
- void
- deleteIdentity(const Name& identity);
-
- /**
- * @brief export an identity.
- *
- * @param identity The identity to export.
- * @param passwordStr The password to secure the private key.
- * @return The encoded export data.
- * @throws SecPublicInfo::Error if anything goes wrong in exporting.
- */
- shared_ptr<SecuredBag>
- exportIdentity(const Name& identity, const std::string& passwordStr);
-
- /**
- * @brief import an identity.
- *
- * @param securedBag The encoded import data.
- * @param passwordStr The password to secure the private key.
- */
- void
- importIdentity(const SecuredBag& securedBag, const std::string& passwordStr);
-
- SecPublicInfo&
- getPib()
- {
- return *m_pib;
- }
-
- const SecPublicInfo&
- getPib() const
- {
- return *m_pib;
- }
-
- SecTpm&
- getTpm()
- {
- return *m_tpm;
- }
-
- const SecTpm&
- getTpm() const
- {
- return *m_tpm;
- }
-
- /*******************************
- * Wrapper of SecPublicInfo *
- *******************************/
- bool
- doesIdentityExist(const Name& identityName) const
- {
- return m_pib->doesIdentityExist(identityName);
- }
-
- void
- addIdentity(const Name& identityName)
- {
- return m_pib->addIdentity(identityName);
- }
-
- bool
- doesPublicKeyExist(const Name& keyName) const
- {
- return m_pib->doesPublicKeyExist(keyName);
- }
-
- void
- addPublicKey(const Name& keyName, KeyType keyType, const v1::PublicKey& publicKeyDer)
- {
- return m_pib->addKey(keyName, publicKeyDer);
- }
-
- void
- addKey(const Name& keyName, const v1::PublicKey& publicKeyDer)
- {
- return m_pib->addKey(keyName, publicKeyDer);
- }
-
- shared_ptr<v1::PublicKey>
- getPublicKey(const Name& keyName) const
- {
- return m_pib->getPublicKey(keyName);
- }
-
- bool
- doesCertificateExist(const Name& certificateName) const
- {
- return m_pib->doesCertificateExist(certificateName);
- }
-
- void
- addCertificate(const v1::IdentityCertificate& certificate)
- {
- return m_pib->addCertificate(certificate);
- }
-
- shared_ptr<v1::IdentityCertificate>
- getCertificate(const Name& certificateName) const
- {
- return m_pib->getCertificate(certificateName);
- }
-
- Name
- getDefaultIdentity() const
- {
- return m_pib->getDefaultIdentity();
- }
-
- Name
- getDefaultKeyNameForIdentity(const Name& identityName) const
- {
- return m_pib->getDefaultKeyNameForIdentity(identityName);
- }
-
- /**
- * @brief Get default key parameters for the specified identity
- *
- * If identity has a previously generated key, the returned parameters
- * will include the same type of the key. If there are no existing
- * keys, DEFAULT_KEY_PARAMS is used.
- */
- const KeyParams&
- getDefaultKeyParamsForIdentity(const Name& identityName) const;
-
- Name
- getDefaultCertificateNameForKey(const Name& keyName) const
- {
- return m_pib->getDefaultCertificateNameForKey(keyName);
- }
-
- void
- getAllIdentities(std::vector<Name>& nameList, bool isDefault) const
- {
- return m_pib->getAllIdentities(nameList, isDefault);
- }
-
- void
- getAllKeyNames(std::vector<Name>& nameList, bool isDefault) const
- {
- return m_pib->getAllKeyNames(nameList, isDefault);
- }
-
- void
- getAllKeyNamesOfIdentity(const Name& identity, std::vector<Name>& nameList, bool isDefault) const
- {
- return m_pib->getAllKeyNamesOfIdentity(identity, nameList, isDefault);
- }
-
- void
- getAllCertificateNames(std::vector<Name>& nameList, bool isDefault) const
- {
- return m_pib->getAllCertificateNames(nameList, isDefault);
- }
-
- void
- getAllCertificateNamesOfKey(const Name& keyName,
- std::vector<Name>& nameList,
- bool isDefault) const
- {
- return m_pib->getAllCertificateNamesOfKey(keyName, nameList, isDefault);
- }
-
- void
- deleteCertificateInfo(const Name& certificateName)
- {
- return m_pib->deleteCertificateInfo(certificateName);
- }
-
- void
- deletePublicKeyInfo(const Name& keyName)
- {
- return m_pib->deletePublicKeyInfo(keyName);
- }
-
- void
- deleteIdentityInfo(const Name& identity)
- {
- return m_pib->deleteIdentityInfo(identity);
- }
-
- void
- setDefaultIdentity(const Name& identityName)
- {
- return m_pib->setDefaultIdentity(identityName);
- }
-
- void
- setDefaultKeyNameForIdentity(const Name& keyName)
- {
- return m_pib->setDefaultKeyNameForIdentity(keyName);
- }
-
- void
- setDefaultCertificateNameForKey(const Name& certificateName)
- {
- return m_pib->setDefaultCertificateNameForKey(certificateName);
- }
-
- Name
- getNewKeyName(const Name& identityName, bool useKsk)
- {
- return m_pib->getNewKeyName(identityName, useKsk);
- }
-
- Name
- getDefaultCertificateNameForIdentity(const Name& identityName) const
- {
- return m_pib->getDefaultCertificateNameForIdentity(identityName);
- }
-
- Name
- getDefaultCertificateName() const
- {
- return m_pib->getDefaultCertificateName();
- }
-
- void
- addCertificateAsKeyDefault(const v1::IdentityCertificate& certificate)
- {
- return m_pib->addCertificateAsKeyDefault(certificate);
- }
-
- void
- addCertificateAsIdentityDefault(const v1::IdentityCertificate& certificate)
- {
- return m_pib->addCertificateAsIdentityDefault(certificate);
- }
-
- void
- addCertificateAsSystemDefault(const v1::IdentityCertificate& certificate)
- {
- return m_pib->addCertificateAsSystemDefault(certificate);
- }
-
- shared_ptr<v1::IdentityCertificate>
- getDefaultCertificate() const
- {
- if (!static_cast<bool>(m_pib->getDefaultCertificate()))
- const_cast<KeyChain*>(this)->setDefaultCertificateInternal();
-
- return m_pib->getDefaultCertificate();
- }
-
- void
- refreshDefaultCertificate()
- {
- return m_pib->refreshDefaultCertificate();
- }
-
- /*******************************
- * Wrapper of SecTpm *
- *******************************/
-
- void
- setTpmPassword(const uint8_t* password, size_t passwordLength)
- {
- return m_tpm->setTpmPassword(password, passwordLength);
- }
-
- void
- resetTpmPassword()
- {
- return m_tpm->resetTpmPassword();
- }
-
- void
- setInTerminal(bool inTerminal)
- {
- return m_tpm->setInTerminal(inTerminal);
- }
-
- bool
- getInTerminal() const
- {
- return m_tpm->getInTerminal();
- }
-
- bool
- isLocked() const
- {
- return m_tpm->isLocked();
- }
-
- bool
- unlockTpm(const char* password, size_t passwordLength, bool usePassword)
- {
- return m_tpm->unlockTpm(password, passwordLength, usePassword);
- }
-
- void
- generateKeyPairInTpm(const Name& keyName, const KeyParams& params)
- {
- return m_tpm->generateKeyPairInTpm(keyName, params);
- }
-
- void
- deleteKeyPairInTpm(const Name& keyName)
- {
- return m_tpm->deleteKeyPairInTpm(keyName);
- }
-
- shared_ptr<v1::PublicKey>
- getPublicKeyFromTpm(const Name& keyName) const
- {
- return m_tpm->getPublicKeyFromTpm(keyName);
- }
-
- Block
- signInTpm(const uint8_t* data, size_t dataLength,
- const Name& keyName,
- DigestAlgorithm digestAlgorithm)
- {
- return m_tpm->signInTpm(data, dataLength, keyName, digestAlgorithm);
- }
-
- ConstBufferPtr
- decryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric)
- {
- return m_tpm->decryptInTpm(data, dataLength, keyName, isSymmetric);
- }
-
- ConstBufferPtr
- encryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric)
- {
- return m_tpm->encryptInTpm(data, dataLength, keyName, isSymmetric);
- }
-
- void
- generateSymmetricKeyInTpm(const Name& keyName, const KeyParams& params)
- {
- return m_tpm->generateSymmetricKeyInTpm(keyName, params);
- }
-
- bool
- doesKeyExistInTpm(const Name& keyName, KeyClass keyClass) const
- {
- return m_tpm->doesKeyExistInTpm(keyName, keyClass);
- }
-
- bool
- generateRandomBlock(uint8_t* res, size_t size) const
- {
- return m_tpm->generateRandomBlock(res, size);
- }
-
- void
- addAppToAcl(const Name& keyName, KeyClass keyClass, const std::string& appPath, AclType acl)
- {
- return m_tpm->addAppToAcl(keyName, keyClass, appPath, acl);
- }
-
- ConstBufferPtr
- exportPrivateKeyPkcs5FromTpm(const Name& keyName, const std::string& password)
- {
- return m_tpm->exportPrivateKeyPkcs5FromTpm(keyName, password);
- }
-
- bool
- importPrivateKeyPkcs5IntoTpm(const Name& keyName,
- const uint8_t* buf, size_t size,
- const std::string& password)
- {
- return m_tpm->importPrivateKeyPkcs5IntoTpm(keyName, buf, size, password);
- }
-
-private:
- void
- initialize(const std::string& pibLocatorUri,
- const std::string& tpmLocatorUri,
- bool needReset);
-
- /**
- * @brief Prepare a SignatureInfo TLV according to signing information and return the signing key name
- *
- * @param params The signing parameters.
- * @return The signing key name and prepared SignatureInfo.
- * @throw Error when the requested signing method cannot be satisfied.
- */
- std::tuple<Name, SignatureInfo>
- prepareSignatureInfo(const SigningInfo& params);
-
- /**
- * @brief Internal abstraction of packet signing.
- *
- * @param packet The packet to sign
- * @param params The signing parameters.
- * @throw Error when the signing fails.
- */
- template<typename T>
- void
- signImpl(T& packet, const SigningInfo& params);
-
- /**
- * @brief Set default certificate if it is not initialized
- */
- void
- setDefaultCertificateInternal();
-
- /**
- * @brief Generate a key pair for the specified identity.
- *
- * @param identityName The name of the specified identity.
- * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
- * @param params The parameter of the key.
- * @return The name of the generated key.
- */
- Name
- generateKeyPair(const Name& identityName, bool isKsk = false,
- const KeyParams& params = DEFAULT_KEY_PARAMS);
-
- /**
- * @brief Sign the data using a particular key.
- *
- * @param data Reference to the data packet.
- * @param signature Signature to be added.
- * @param keyName The name of the signing key.
- * @param digestAlgorithm the digest algorithm.
- * @throws Tpm::Error
- */
- void
- signPacketWrapper(Data& data, const Signature& signature,
- const Name& keyName, DigestAlgorithm digestAlgorithm);
-
- /**
- * @brief Sign the interest using a particular key.
- *
- * @param interest Reference to the interest packet.
- * @param signature Signature to be added.
- * @param keyName The name of the signing key.
- * @param digestAlgorithm the digest algorithm.
- * @throws Tpm::Error
- */
- void
- signPacketWrapper(Interest& interest, const Signature& signature,
- const Name& keyName, DigestAlgorithm digestAlgorithm);
-
- /**
- * @brief Generate a SignatureValue block for a buffer @p buf with size @p size using
- * a key with name @p keyName and digest algorithm @p digestAlgorithm.
- */
- Block
- pureSign(const uint8_t* buf, size_t size, const Name& keyName, DigestAlgorithm digestAlgorithm) const;
-
- static void
- registerPibImpl(const std::string& canonicalName,
- std::initializer_list<std::string> aliases, PibCreateFunc createFunc);
-
- static void
- registerTpmImpl(const std::string& canonicalName,
- std::initializer_list<std::string> aliases, TpmCreateFunc createFunc);
-
-public:
- static tlv::SignatureTypeValue
- getSignatureType(KeyType keyType, DigestAlgorithm digestAlgorithm);
-
-public:
- static const Name DEFAULT_PREFIX;
- static const SigningInfo DEFAULT_SIGNING_INFO;
-
- // RsaKeyParams is set to be default for backward compatibility.
- static const RsaKeyParams DEFAULT_KEY_PARAMS;
-
- typedef std::map<std::string, Block> SignParams;
-
-private:
- std::unique_ptr<SecPublicInfo> m_pib;
- std::unique_ptr<SecTpm> m_tpm;
- time::milliseconds m_lastTimestamp;
-};
-
-template<typename T>
-void
-KeyChain::signImpl(T& packet, const SigningInfo& params)
-{
- Name keyName;
- SignatureInfo sigInfo;
- std::tie(keyName, sigInfo) = prepareSignatureInfo(params);
-
- signPacketWrapper(packet, Signature(sigInfo),
- keyName, params.getDigestAlgorithm());
-}
-
-template<typename T>
-void
-KeyChain::sign(T& packet, const Name& certificateName)
-{
- signImpl(packet, SigningInfo(SigningInfo::SIGNER_TYPE_CERT, certificateName));
-}
-
-template<typename T>
-void
-KeyChain::signByIdentity(T& packet, const Name& identityName)
-{
- signImpl(packet, SigningInfo(SigningInfo::SIGNER_TYPE_ID, identityName));
-}
-
-template<class PibType>
-inline void
-KeyChain::registerPib(std::initializer_list<std::string> aliases)
-{
- registerPibImpl(*aliases.begin(), aliases, [] (const std::string& locator) {
- return make_unique<PibType>(locator);
- });
-}
-
-template<class TpmType>
-inline void
-KeyChain::registerTpm(std::initializer_list<std::string> aliases)
-{
- registerTpmImpl(*aliases.begin(), aliases, [] (const std::string& locator) {
- return make_unique<TpmType>(locator);
- });
-}
-
-/**
- * \brief Register SecPib class in ndn-cxx KeyChain
- *
- * This macro should be placed once in the implementation file of the
- * SecPib type within the namespace where the type is declared.
- */
-#define NDN_CXX_KEYCHAIN_REGISTER_PIB(PibType, ...) \
-static class NdnCxxAuto ## PibType ## PibRegistrationClass \
-{ \
-public: \
- NdnCxxAuto ## PibType ## PibRegistrationClass() \
- { \
- ::ndn::KeyChain::registerPib<PibType>({__VA_ARGS__}); \
- } \
-} ndnCxxAuto ## PibType ## PibRegistrationVariable
-
-/**
- * \brief Register SecTpm class in ndn-cxx KeyChain
- *
- * This macro should be placed once in the implementation file of the
- * SecTpm type within the namespace where the type is declared.
- */
-#define NDN_CXX_KEYCHAIN_REGISTER_TPM(TpmType, ...) \
-static class NdnCxxAuto ## TpmType ## TpmRegistrationClass \
-{ \
-public: \
- NdnCxxAuto ## TpmType ## TpmRegistrationClass() \
- { \
- ::ndn::KeyChain::registerTpm<TpmType>({__VA_ARGS__}); \
- } \
-} ndnCxxAuto ## TpmType ## TpmRegistrationVariable
+using security::v1::KeyChain;
} // namespace security
-using security::KeyChain;
+using ndn::security::KeyChain;
} // namespace ndn
-
-#endif // NDN_SECURITY_KEY_CHAIN_HPP
diff --git a/src/security/signing-info.hpp b/src/security/signing-info.hpp
index 6284644..fc91410 100644
--- a/src/security/signing-info.hpp
+++ b/src/security/signing-info.hpp
@@ -28,7 +28,6 @@
#include "pib/key.hpp"
#include "security-common.hpp"
-
namespace ndn {
namespace security {
diff --git a/src/security/key-chain.cpp b/src/security/v1/key-chain.cpp
similarity index 92%
rename from src/security/key-chain.cpp
rename to src/security/v1/key-chain.cpp
index 1896c7a..f70bf05 100644
--- a/src/security/key-chain.cpp
+++ b/src/security/v1/key-chain.cpp
@@ -22,10 +22,10 @@
*/
#include "key-chain.hpp"
-#include "signing-helpers.hpp"
+#include "../signing-helpers.hpp"
-#include "../util/random.hpp"
-#include "../util/config-file.hpp"
+#include "../../util/random.hpp"
+#include "../../util/config-file.hpp"
#include "sec-public-info-sqlite3.hpp"
@@ -37,6 +37,7 @@
namespace ndn {
namespace security {
+namespace v1 {
// Use a GUID as a magic number of KeyChain::DEFAULT_PREFIX identifier
const Name KeyChain::DEFAULT_PREFIX("/723821fd-f534-44b3-80d9-44bf5f58bbbb");
@@ -60,13 +61,13 @@
// http://stackoverflow.com/q/9459980/2150331
//
// Also, cannot use Type::SCHEME, as its value may be uninitialized
-NDN_CXX_KEYCHAIN_REGISTER_PIB(SecPublicInfoSqlite3, "pib-sqlite3", "sqlite3");
+NDN_CXX_V1_KEYCHAIN_REGISTER_PIB(SecPublicInfoSqlite3, "pib-sqlite3", "sqlite3");
#ifdef NDN_CXX_HAVE_OSX_SECURITY
-NDN_CXX_KEYCHAIN_REGISTER_TPM(SecTpmOsx, "tpm-osxkeychain", "osx-keychain");
+NDN_CXX_V1_KEYCHAIN_REGISTER_TPM(SecTpmOsx, "tpm-osxkeychain", "osx-keychain");
#endif // NDN_CXX_HAVE_OSX_SECURITY
-NDN_CXX_KEYCHAIN_REGISTER_TPM(SecTpmFile, "tpm-file", "file");
+NDN_CXX_V1_KEYCHAIN_REGISTER_TPM(SecTpmFile, "tpm-file", "file");
template<class T>
struct Factory
@@ -297,7 +298,7 @@
try {
keyName = m_pib->getDefaultKeyNameForIdentity(identityName);
- shared_ptr<v1::PublicKey> key = m_pib->getPublicKey(keyName);
+ shared_ptr<PublicKey> key = m_pib->getPublicKey(keyName);
if (key->getKeyType() != params.getKeyType()) {
keyName = generateKeyPair(identityName, true, params);
@@ -314,7 +315,7 @@
certName = m_pib->getDefaultCertificateNameForKey(keyName);
}
catch (const SecPublicInfo::Error& e) {
- shared_ptr<v1::IdentityCertificate> selfCert = selfSign(keyName);
+ shared_ptr<IdentityCertificate> selfCert = selfSign(keyName);
m_pib->addCertificateAsIdentityDefault(*selfCert);
certName = selfCert->getName();
}
@@ -361,15 +362,15 @@
}
-shared_ptr<v1::IdentityCertificate>
+shared_ptr<IdentityCertificate>
KeyChain::prepareUnsignedIdentityCertificate(const Name& keyName,
const Name& signingIdentity,
const time::system_clock::TimePoint& notBefore,
const time::system_clock::TimePoint& notAfter,
- const std::vector<v1::CertificateSubjectDescription>& subjectDescription,
+ const std::vector<CertificateSubjectDescription>& subjectDescription,
const Name& certPrefix)
{
- shared_ptr<v1::PublicKey> publicKey;
+ shared_ptr<PublicKey> publicKey;
try {
publicKey = m_pib->getPublicKey(keyName);
}
@@ -382,13 +383,13 @@
subjectDescription, certPrefix);
}
-shared_ptr<v1::IdentityCertificate>
+shared_ptr<IdentityCertificate>
KeyChain::prepareUnsignedIdentityCertificate(const Name& keyName,
- const v1::PublicKey& publicKey,
+ const PublicKey& publicKey,
const Name& signingIdentity,
const time::system_clock::TimePoint& notBefore,
const time::system_clock::TimePoint& notAfter,
- const std::vector<v1::CertificateSubjectDescription>& subjectDescription,
+ const std::vector<CertificateSubjectDescription>& subjectDescription,
const Name& certPrefix)
{
if (keyName.size() < 1)
@@ -427,19 +428,19 @@
return nullptr;
}
- auto certificate = make_shared<v1::IdentityCertificate>();
+ auto certificate = make_shared<IdentityCertificate>();
certificate->setName(certName);
certificate->setNotBefore(notBefore);
certificate->setNotAfter(notAfter);
certificate->setPublicKeyInfo(publicKey);
if (subjectDescription.empty()) {
- v1::CertificateSubjectDescription subjectName(oid::ATTRIBUTE_NAME, keyName.getPrefix(-1).toUri());
+ CertificateSubjectDescription subjectName(oid::ATTRIBUTE_NAME, keyName.getPrefix(-1).toUri());
certificate->addSubjectDescription(subjectName);
}
else {
- std::vector<v1::CertificateSubjectDescription>::const_iterator sdIt = subjectDescription.begin();
- std::vector<v1::CertificateSubjectDescription>::const_iterator sdEnd = subjectDescription.end();
+ std::vector<CertificateSubjectDescription>::const_iterator sdIt = subjectDescription.begin();
+ std::vector<CertificateSubjectDescription>::const_iterator sdEnd = subjectDescription.end();
for(; sdIt != sdEnd; sdIt++)
certificate->addSubjectDescription(*sdIt);
}
@@ -454,7 +455,7 @@
{
SignatureInfo sigInfo = params.getSignatureInfo();
- shared_ptr<v1::IdentityCertificate> signingCert;
+ shared_ptr<IdentityCertificate> signingCert;
switch (params.getSignerType()) {
case SigningInfo::SIGNER_TYPE_NULL: {
@@ -536,7 +537,7 @@
Signature
KeyChain::sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
{
- shared_ptr<v1::IdentityCertificate> certificate = m_pib->getCertificate(certificateName);
+ shared_ptr<IdentityCertificate> certificate = m_pib->getCertificate(certificateName);
if (certificate == nullptr) {
BOOST_THROW_EXCEPTION(SecPublicInfo::Error("certificate does not exist"));
@@ -552,10 +553,10 @@
return sig;
}
-shared_ptr<v1::IdentityCertificate>
+shared_ptr<IdentityCertificate>
KeyChain::selfSign(const Name& keyName)
{
- shared_ptr<v1::PublicKey> pubKey;
+ shared_ptr<PublicKey> pubKey;
try {
pubKey = m_pib->getPublicKey(keyName); // may throw an exception.
}
@@ -563,7 +564,7 @@
return nullptr;
}
- auto certificate = make_shared<v1::IdentityCertificate>();
+ auto certificate = make_shared<IdentityCertificate>();
Name certificateName = keyName.getPrefix(-1);
certificateName.append("KEY").append(keyName.get(-1)).append("ID-CERT").appendVersion();
@@ -572,7 +573,7 @@
certificate->setNotBefore(time::system_clock::now());
certificate->setNotAfter(time::system_clock::now() + time::days(7300)); // ~20 years
certificate->setPublicKeyInfo(*pubKey);
- certificate->addSubjectDescription(v1::CertificateSubjectDescription(oid::ATTRIBUTE_NAME,
+ certificate->addSubjectDescription(CertificateSubjectDescription(oid::ATTRIBUTE_NAME,
keyName.toUri()));
certificate->encode();
@@ -583,7 +584,7 @@
}
void
-KeyChain::selfSign(v1::IdentityCertificate& cert)
+KeyChain::selfSign(IdentityCertificate& cert)
{
Name keyName = cert.getPublicKeyName();
@@ -614,7 +615,7 @@
BOOST_THROW_EXCEPTION(SecPublicInfo::Error("Fail to export PKCS5 of private key"));
}
- shared_ptr<v1::IdentityCertificate> cert;
+ shared_ptr<IdentityCertificate> cert;
try {
cert = m_pib->getCertificate(m_pib->getDefaultCertificateNameForKey(keyName));
}
@@ -631,7 +632,7 @@
KeyChain::importIdentity(const SecuredBag& securedBag, const std::string& passwordStr)
{
Name certificateName = securedBag.getCertificate().getName();
- Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(certificateName);
+ Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certificateName);
Name identity = keyName.getPrefix(-1);
// Add identity
@@ -643,7 +644,7 @@
securedBag.getKey()->size(),
passwordStr);
- shared_ptr<v1::PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
+ shared_ptr<PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
// HACK! We should set key type according to the pkcs8 info.
m_pib->addKey(keyName, *pubKey);
m_pib->setDefaultKeyNameForIdentity(keyName);
@@ -708,7 +709,7 @@
m_tpm->generateKeyPairInTpm(keyName.toUri(), params);
- shared_ptr<v1::PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
+ shared_ptr<PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
m_pib->addKey(keyName, *pubKey);
return keyName;
@@ -838,8 +839,8 @@
default:
BOOST_THROW_EXCEPTION(Error("Unsupported key types"));
}
-
}
+} // namespace v1
} // namespace security
} // namespace ndn
diff --git a/src/security/v1/key-chain.hpp b/src/security/v1/key-chain.hpp
new file mode 100644
index 0000000..73aab90
--- /dev/null
+++ b/src/security/v1/key-chain.hpp
@@ -0,0 +1,968 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2017 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ *
+ * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
+ */
+
+#ifndef NDN_SECURITY_V1_KEY_CHAIN_HPP
+#define NDN_SECURITY_V1_KEY_CHAIN_HPP
+
+#include "sec-public-info.hpp"
+#include "sec-tpm.hpp"
+#include "secured-bag.hpp"
+#include "../key-params.hpp"
+#include "../signature-sha256-with-rsa.hpp"
+#include "../signature-sha256-with-ecdsa.hpp"
+#include "../digest-sha256.hpp"
+#include "../signing-info.hpp"
+
+#include "../../interest.hpp"
+#include "../../util/crypto.hpp"
+#include "../../util/random.hpp"
+#include <initializer_list>
+
+namespace ndn {
+namespace security {
+namespace v1 {
+
+/**
+ * @brief The packet signing interface.
+ *
+ * @deprecated Use v2::KeyChain
+ */
+class KeyChain : noncopyable
+{
+public:
+ class Error : public std::runtime_error
+ {
+ public:
+ explicit
+ Error(const std::string& what)
+ : std::runtime_error(what)
+ {
+ }
+ };
+
+ /**
+ * @brief Error thrown when the supplied TPM locator to KeyChain constructor does not match
+ * the locator stored in PIB
+ */
+ class MismatchError : public Error
+ {
+ public:
+ explicit
+ MismatchError(const std::string& what)
+ : Error(what)
+ {
+ }
+ };
+
+ typedef function<unique_ptr<SecPublicInfo> (const std::string&)> PibCreateFunc;
+ typedef function<unique_ptr<SecTpm>(const std::string&)> TpmCreateFunc;
+
+ /**
+ * @brief Register a new PIB
+ * @param aliases List of schemes with which this PIB will be associated.
+ * The first alias in the list is considered a canonical name of the PIB instance.
+ */
+ template<class PibType>
+ static void
+ registerPib(std::initializer_list<std::string> aliases);
+
+ /**
+ * @brief Register a new TPM
+ * @param aliases List of schemes with which this TPM will be associated
+ * The first alias in the list is considered a canonical name of the TPM instance.
+ */
+ template<class TpmType>
+ static void
+ registerTpm(std::initializer_list<std::string> aliases);
+
+ /**
+ * @brief Get default PIB locator
+ */
+ static std::string
+ getDefaultPibLocator();
+
+ /**
+ * @brief Create a PIB according to @p pibLocator
+ */
+ static unique_ptr<SecPublicInfo>
+ createPib(const std::string& pibLocator);
+
+ /**
+ * @brief Get default TPM locator
+ */
+ static std::string
+ getDefaultTpmLocator();
+
+ /**
+ * @brief Create a TPM according to @p tpmLocator
+ */
+ static unique_ptr<SecTpm>
+ createTpm(const std::string& tpmLocator);
+
+ /**
+ * @brief Constructor to create KeyChain with default PIB and TPM
+ *
+ * Default PIB and TPM are platform-dependent and can be overriden system-wide or on
+ * per-use basis.
+ *
+ * @todo Add detailed description about config file behavior here
+ */
+ KeyChain();
+
+ /**
+ * @brief KeyChain constructor
+ *
+ * @sa http://redmine.named-data.net/issues/2260
+ *
+ * @param pibLocator PIB locator
+ * @param tpmLocator TPM locator
+ * @param allowReset if true, the PIB will be reset when the supplied tpmLocator
+ * mismatches the one in PIB
+ */
+ KeyChain(const std::string& pibLocator,
+ const std::string& tpmLocator,
+ bool allowReset = false);
+
+ virtual
+ ~KeyChain();
+
+ /**
+ * @brief Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a
+ * self-signed certificate of the KSK.
+ *
+ * @param identityName The name of the identity.
+ * @param params The key parameter if a key needs to be generated for the identity.
+ * @return The name of the default certificate of the identity.
+ */
+ Name
+ createIdentity(const Name& identityName, const KeyParams& params = DEFAULT_KEY_PARAMS);
+
+ /**
+ * @brief Generate a pair of RSA keys for the specified identity.
+ *
+ * @param identityName The name of the identity.
+ * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
+ * @param keySize The size of the key.
+ * @return The generated key name.
+ * @see generateEcdsaKeyPair
+ */
+ Name
+ generateRsaKeyPair(const Name& identityName, bool isKsk = false, uint32_t keySize = 2048);
+
+ /**
+ * @brief Generate a pair of ECDSA keys for the specified identity.
+ *
+ * @param identityName The name of the identity.
+ * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
+ * @param keySize The size of the key.
+ * @return The generated key name.
+ * @see generateRsaKeyPair
+ */
+ Name
+ generateEcdsaKeyPair(const Name& identityName, bool isKsk = false, uint32_t keySize = 256);
+
+ /**
+ * @brief Generate a pair of RSA keys for the specified identity and set it as default key for
+ * the identity.
+ *
+ * @param identityName The name of the identity.
+ * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
+ * @param keySize The size of the key.
+ * @return The generated key name.
+ * @see generateRsaKeyPair, generateEcdsaKeyPair, generateEcdsaKeyPairAsDefault
+ */
+ Name
+ generateRsaKeyPairAsDefault(const Name& identityName, bool isKsk = false, uint32_t keySize = 2048);
+
+ /**
+ * @brief Generate a pair of ECDSA keys for the specified identity and set it as default key for
+ * the identity.
+ *
+ * @param identityName The name of the identity.
+ * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
+ * @param keySize The size of the key.
+ * @return The generated key name.
+ * @see generateRsaKeyPair, generateEcdsaKeyPair, generateRsaKeyPairAsDefault
+ */
+ Name
+ generateEcdsaKeyPairAsDefault(const Name& identityName, bool isKsk = false, uint32_t keySize = 256);
+
+ /**
+ * @brief prepare an unsigned identity certificate
+ *
+ * @param keyName Key name, e.g., `/<identity_name>/ksk-123456`.
+ * @param signingIdentity The signing identity.
+ * @param notBefore Refer to IdentityCertificate.
+ * @param notAfter Refer to IdentityCertificate.
+ * @param subjectDescription Refer to IdentityCertificate.
+ * @param certPrefix Prefix before `KEY` component. By default, KeyChain will infer the
+ * certificate name according to the relation between the signingIdentity and
+ * the subject identity. If signingIdentity is a prefix of the subject identity,
+ * `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted
+ * after subject identity (i.e., before `ksk-....`).
+ * @return IdentityCertificate.
+ */
+ shared_ptr<IdentityCertificate>
+ prepareUnsignedIdentityCertificate(const Name& keyName,
+ const Name& signingIdentity,
+ const time::system_clock::TimePoint& notBefore,
+ const time::system_clock::TimePoint& notAfter,
+ const std::vector<CertificateSubjectDescription>& subjectDescription,
+ const Name& certPrefix = DEFAULT_PREFIX);
+
+ /**
+ * @brief prepare an unsigned identity certificate
+ *
+ * @param keyName Key name, e.g., `/<identity_name>/ksk-123456`.
+ * @param publicKey Public key to sign.
+ * @param signingIdentity The signing identity.
+ * @param notBefore Refer to IdentityCertificate.
+ * @param notAfter Refer to IdentityCertificate.
+ * @param subjectDescription Refer to IdentityCertificate.
+ * @param certPrefix Prefix before `KEY` component. By default, KeyChain will infer the
+ * certificate name according to the relation between the signingIdentity and
+ * the subject identity. If signingIdentity is a prefix of the subject identity,
+ * `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted
+ * after subject identity (i.e., before `ksk-....`).
+ * @return IdentityCertificate.
+ */
+ shared_ptr<IdentityCertificate>
+ prepareUnsignedIdentityCertificate(const Name& keyName,
+ const PublicKey& publicKey,
+ const Name& signingIdentity,
+ const time::system_clock::TimePoint& notBefore,
+ const time::system_clock::TimePoint& notAfter,
+ const std::vector<CertificateSubjectDescription>& subjectDescription,
+ const Name& certPrefix = DEFAULT_PREFIX);
+
+ /**
+ * @brief Sign data according to the supplied signing information
+ *
+ * This method uses the supplied signing information @p params to create the SignatureInfo block:
+ * - it selects a private key and its certificate to sign the packet
+ * - sets the KeyLocator field with the certificate name, and
+ * - adds other requested information to the SignatureInfo block).
+ *
+ * After that, the method assigns the created SignatureInfo to the data packets, generate a
+ * signature and sets as part of the SignatureValue block.
+ *
+ * @param data The data to sign
+ * @param params The signing parameters.
+ * @throws Error if signing fails.
+ * @see SigningInfo
+ */
+ void
+ sign(Data& data, const SigningInfo& params = DEFAULT_SIGNING_INFO);
+
+ /**
+ * @brief Sign interest according to the supplied signing information
+ *
+ * This method uses the supplied signing information @p params to create the SignatureInfo block:
+ * - it selects a private key and its certificate to sign the packet
+ * - sets the KeyLocator field with the certificate name, and
+ * - adds other requested information to the SignatureInfo block).
+ *
+ * After that, the method appends the created SignatureInfo to the interest name, generate a
+ * signature and appends it as part of the SignatureValue block to the interest name.
+ *
+ * @param interest The interest to sign
+ * @param params The signing parameters.
+ * @throws Error if signing fails.
+ * @see SigningInfo
+ */
+ void
+ sign(Interest& interest, const SigningInfo& params = DEFAULT_SIGNING_INFO);
+
+ /**
+ * @brief Sign buffer according to the supplied signing information
+ *
+ * @param buffer The buffer to sign
+ * @param bufferLength The buffer size
+ * @param params The signing parameters.
+ * @return a SignatureValue TLV block
+ * @throws Error if signing fails.
+ * @see SigningInfo
+ */
+ Block
+ sign(const uint8_t* buffer, size_t bufferLength, const SigningInfo& params);
+
+ /**
+ * @deprecated use sign sign(T&, const SigningInfo&)
+ * @brief Sign packet with a particular certificate.
+ *
+ * @param packet The packet to be signed.
+ * @param certificateName The certificate name of the key to use for signing.
+ * @throws SecPublicInfo::Error if certificate does not exist.
+ */
+ template<typename T>
+ void
+ sign(T& packet, const Name& certificateName);
+
+ /**
+ * @deprecated Use sign(const uint8_t*, size_t, const SigningInfo&) instead
+ * @brief Sign the byte array using a particular certificate.
+ *
+ * @param buffer The byte array to be signed.
+ * @param bufferLength the length of buffer.
+ * @param certificateName The certificate name of the signing key.
+ * @return The Signature.
+ * @throws SecPublicInfo::Error if certificate does not exist.
+ */
+ Signature
+ sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName);
+
+ /**
+ * @deprecated use sign sign(T&, const SigningInfo&)
+ * @brief Sign packet using the default certificate of a particular identity.
+ *
+ * If there is no default certificate of that identity, this method will create a self-signed
+ * certificate.
+ *
+ * @param packet The packet to be signed.
+ * @param identityName The signing identity name.
+ */
+ template<typename T>
+ void
+ signByIdentity(T& packet, const Name& identityName);
+
+ /**
+ * @deprecated use sign(const uint8_t*, size_t, const SigningInfo&) instead
+ * @brief Sign the byte array using the default certificate of a particular identity.
+ *
+ * @param buffer The byte array to be signed.
+ * @param bufferLength the length of buffer.
+ * @param identityName The identity name.
+ * @return The Signature.
+ */
+ Signature
+ signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);
+
+ /**
+ * @deprecated use sign(Data&, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256))
+ * @brief Set Sha256 weak signature for @p data
+ */
+ void
+ signWithSha256(Data& data);
+
+ /**
+ * @deprecated use sign(Interest&, SigningInfo(SigningInfo::SIGNER_TYPE_SHA256))
+ * @brief Set Sha256 weak signature for @p interest
+ */
+ void
+ signWithSha256(Interest& interest);
+
+ /**
+ * @brief Generate a self-signed certificate for a public key.
+ *
+ * @param keyName The name of the public key
+ * @return The generated certificate, shared_ptr<IdentityCertificate>() if selfSign fails
+ */
+ shared_ptr<IdentityCertificate>
+ selfSign(const Name& keyName);
+
+ /**
+ * @brief Self-sign the supplied identity certificate.
+ *
+ * @param cert The supplied cert.
+ * @throws SecTpm::Error if the private key does not exist.
+ */
+ void
+ selfSign(IdentityCertificate& cert);
+
+ /**
+ * @brief delete a certificate.
+ *
+ * @param certificateName The certificate to be deleted.
+ * @throws KeyChain::Error if certificate cannot be deleted.
+ */
+ void
+ deleteCertificate(const Name& certificateName);
+
+ /**
+ * @brief delete a key.
+ *
+ * @param keyName The key to be deleted.
+ * @throws KeyChain::Error if key cannot be deleted.
+ */
+ void
+ deleteKey(const Name& keyName);
+
+ /**
+ * @brief delete an identity.
+ *
+ * @param identity The identity to be deleted.
+ * @throws KeyChain::Error if identity cannot be deleted.
+ */
+ void
+ deleteIdentity(const Name& identity);
+
+ /**
+ * @brief export an identity.
+ *
+ * @param identity The identity to export.
+ * @param passwordStr The password to secure the private key.
+ * @return The encoded export data.
+ * @throws SecPublicInfo::Error if anything goes wrong in exporting.
+ */
+ shared_ptr<SecuredBag>
+ exportIdentity(const Name& identity, const std::string& passwordStr);
+
+ /**
+ * @brief import an identity.
+ *
+ * @param securedBag The encoded import data.
+ * @param passwordStr The password to secure the private key.
+ */
+ void
+ importIdentity(const SecuredBag& securedBag, const std::string& passwordStr);
+
+ SecPublicInfo&
+ getPib()
+ {
+ return *m_pib;
+ }
+
+ const SecPublicInfo&
+ getPib() const
+ {
+ return *m_pib;
+ }
+
+ SecTpm&
+ getTpm()
+ {
+ return *m_tpm;
+ }
+
+ const SecTpm&
+ getTpm() const
+ {
+ return *m_tpm;
+ }
+
+ /*******************************
+ * Wrapper of SecPublicInfo *
+ *******************************/
+ bool
+ doesIdentityExist(const Name& identityName) const
+ {
+ return m_pib->doesIdentityExist(identityName);
+ }
+
+ void
+ addIdentity(const Name& identityName)
+ {
+ return m_pib->addIdentity(identityName);
+ }
+
+ bool
+ doesPublicKeyExist(const Name& keyName) const
+ {
+ return m_pib->doesPublicKeyExist(keyName);
+ }
+
+ void
+ addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer)
+ {
+ return m_pib->addKey(keyName, publicKeyDer);
+ }
+
+ void
+ addKey(const Name& keyName, const PublicKey& publicKeyDer)
+ {
+ return m_pib->addKey(keyName, publicKeyDer);
+ }
+
+ shared_ptr<PublicKey>
+ getPublicKey(const Name& keyName) const
+ {
+ return m_pib->getPublicKey(keyName);
+ }
+
+ bool
+ doesCertificateExist(const Name& certificateName) const
+ {
+ return m_pib->doesCertificateExist(certificateName);
+ }
+
+ void
+ addCertificate(const IdentityCertificate& certificate)
+ {
+ return m_pib->addCertificate(certificate);
+ }
+
+ shared_ptr<IdentityCertificate>
+ getCertificate(const Name& certificateName) const
+ {
+ return m_pib->getCertificate(certificateName);
+ }
+
+ Name
+ getDefaultIdentity() const
+ {
+ return m_pib->getDefaultIdentity();
+ }
+
+ Name
+ getDefaultKeyNameForIdentity(const Name& identityName) const
+ {
+ return m_pib->getDefaultKeyNameForIdentity(identityName);
+ }
+
+ /**
+ * @brief Get default key parameters for the specified identity
+ *
+ * If identity has a previously generated key, the returned parameters
+ * will include the same type of the key. If there are no existing
+ * keys, DEFAULT_KEY_PARAMS is used.
+ */
+ const KeyParams&
+ getDefaultKeyParamsForIdentity(const Name& identityName) const;
+
+ Name
+ getDefaultCertificateNameForKey(const Name& keyName) const
+ {
+ return m_pib->getDefaultCertificateNameForKey(keyName);
+ }
+
+ void
+ getAllIdentities(std::vector<Name>& nameList, bool isDefault) const
+ {
+ return m_pib->getAllIdentities(nameList, isDefault);
+ }
+
+ void
+ getAllKeyNames(std::vector<Name>& nameList, bool isDefault) const
+ {
+ return m_pib->getAllKeyNames(nameList, isDefault);
+ }
+
+ void
+ getAllKeyNamesOfIdentity(const Name& identity, std::vector<Name>& nameList, bool isDefault) const
+ {
+ return m_pib->getAllKeyNamesOfIdentity(identity, nameList, isDefault);
+ }
+
+ void
+ getAllCertificateNames(std::vector<Name>& nameList, bool isDefault) const
+ {
+ return m_pib->getAllCertificateNames(nameList, isDefault);
+ }
+
+ void
+ getAllCertificateNamesOfKey(const Name& keyName,
+ std::vector<Name>& nameList,
+ bool isDefault) const
+ {
+ return m_pib->getAllCertificateNamesOfKey(keyName, nameList, isDefault);
+ }
+
+ void
+ deleteCertificateInfo(const Name& certificateName)
+ {
+ return m_pib->deleteCertificateInfo(certificateName);
+ }
+
+ void
+ deletePublicKeyInfo(const Name& keyName)
+ {
+ return m_pib->deletePublicKeyInfo(keyName);
+ }
+
+ void
+ deleteIdentityInfo(const Name& identity)
+ {
+ return m_pib->deleteIdentityInfo(identity);
+ }
+
+ void
+ setDefaultIdentity(const Name& identityName)
+ {
+ return m_pib->setDefaultIdentity(identityName);
+ }
+
+ void
+ setDefaultKeyNameForIdentity(const Name& keyName)
+ {
+ return m_pib->setDefaultKeyNameForIdentity(keyName);
+ }
+
+ void
+ setDefaultCertificateNameForKey(const Name& certificateName)
+ {
+ return m_pib->setDefaultCertificateNameForKey(certificateName);
+ }
+
+ Name
+ getNewKeyName(const Name& identityName, bool useKsk)
+ {
+ return m_pib->getNewKeyName(identityName, useKsk);
+ }
+
+ Name
+ getDefaultCertificateNameForIdentity(const Name& identityName) const
+ {
+ return m_pib->getDefaultCertificateNameForIdentity(identityName);
+ }
+
+ Name
+ getDefaultCertificateName() const
+ {
+ return m_pib->getDefaultCertificateName();
+ }
+
+ void
+ addCertificateAsKeyDefault(const IdentityCertificate& certificate)
+ {
+ return m_pib->addCertificateAsKeyDefault(certificate);
+ }
+
+ void
+ addCertificateAsIdentityDefault(const IdentityCertificate& certificate)
+ {
+ return m_pib->addCertificateAsIdentityDefault(certificate);
+ }
+
+ void
+ addCertificateAsSystemDefault(const IdentityCertificate& certificate)
+ {
+ return m_pib->addCertificateAsSystemDefault(certificate);
+ }
+
+ shared_ptr<IdentityCertificate>
+ getDefaultCertificate() const
+ {
+ if (!static_cast<bool>(m_pib->getDefaultCertificate()))
+ const_cast<KeyChain*>(this)->setDefaultCertificateInternal();
+
+ return m_pib->getDefaultCertificate();
+ }
+
+ void
+ refreshDefaultCertificate()
+ {
+ return m_pib->refreshDefaultCertificate();
+ }
+
+ /*******************************
+ * Wrapper of SecTpm *
+ *******************************/
+
+ void
+ setTpmPassword(const uint8_t* password, size_t passwordLength)
+ {
+ return m_tpm->setTpmPassword(password, passwordLength);
+ }
+
+ void
+ resetTpmPassword()
+ {
+ return m_tpm->resetTpmPassword();
+ }
+
+ void
+ setInTerminal(bool inTerminal)
+ {
+ return m_tpm->setInTerminal(inTerminal);
+ }
+
+ bool
+ getInTerminal() const
+ {
+ return m_tpm->getInTerminal();
+ }
+
+ bool
+ isLocked() const
+ {
+ return m_tpm->isLocked();
+ }
+
+ bool
+ unlockTpm(const char* password, size_t passwordLength, bool usePassword)
+ {
+ return m_tpm->unlockTpm(password, passwordLength, usePassword);
+ }
+
+ void
+ generateKeyPairInTpm(const Name& keyName, const KeyParams& params)
+ {
+ return m_tpm->generateKeyPairInTpm(keyName, params);
+ }
+
+ void
+ deleteKeyPairInTpm(const Name& keyName)
+ {
+ return m_tpm->deleteKeyPairInTpm(keyName);
+ }
+
+ shared_ptr<PublicKey>
+ getPublicKeyFromTpm(const Name& keyName) const
+ {
+ return m_tpm->getPublicKeyFromTpm(keyName);
+ }
+
+ Block
+ signInTpm(const uint8_t* data, size_t dataLength,
+ const Name& keyName,
+ DigestAlgorithm digestAlgorithm)
+ {
+ return m_tpm->signInTpm(data, dataLength, keyName, digestAlgorithm);
+ }
+
+ ConstBufferPtr
+ decryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric)
+ {
+ return m_tpm->decryptInTpm(data, dataLength, keyName, isSymmetric);
+ }
+
+ ConstBufferPtr
+ encryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric)
+ {
+ return m_tpm->encryptInTpm(data, dataLength, keyName, isSymmetric);
+ }
+
+ void
+ generateSymmetricKeyInTpm(const Name& keyName, const KeyParams& params)
+ {
+ return m_tpm->generateSymmetricKeyInTpm(keyName, params);
+ }
+
+ bool
+ doesKeyExistInTpm(const Name& keyName, KeyClass keyClass) const
+ {
+ return m_tpm->doesKeyExistInTpm(keyName, keyClass);
+ }
+
+ bool
+ generateRandomBlock(uint8_t* res, size_t size) const
+ {
+ return m_tpm->generateRandomBlock(res, size);
+ }
+
+ void
+ addAppToAcl(const Name& keyName, KeyClass keyClass, const std::string& appPath, AclType acl)
+ {
+ return m_tpm->addAppToAcl(keyName, keyClass, appPath, acl);
+ }
+
+ ConstBufferPtr
+ exportPrivateKeyPkcs5FromTpm(const Name& keyName, const std::string& password)
+ {
+ return m_tpm->exportPrivateKeyPkcs5FromTpm(keyName, password);
+ }
+
+ bool
+ importPrivateKeyPkcs5IntoTpm(const Name& keyName,
+ const uint8_t* buf, size_t size,
+ const std::string& password)
+ {
+ return m_tpm->importPrivateKeyPkcs5IntoTpm(keyName, buf, size, password);
+ }
+
+private:
+ void
+ initialize(const std::string& pibLocatorUri,
+ const std::string& tpmLocatorUri,
+ bool needReset);
+
+ /**
+ * @brief Prepare a SignatureInfo TLV according to signing information and return the signing key name
+ *
+ * @param params The signing parameters.
+ * @return The signing key name and prepared SignatureInfo.
+ * @throw Error when the requested signing method cannot be satisfied.
+ */
+ std::tuple<Name, SignatureInfo>
+ prepareSignatureInfo(const SigningInfo& params);
+
+ /**
+ * @brief Internal abstraction of packet signing.
+ *
+ * @param packet The packet to sign
+ * @param params The signing parameters.
+ * @throw Error when the signing fails.
+ */
+ template<typename T>
+ void
+ signImpl(T& packet, const SigningInfo& params);
+
+ /**
+ * @brief Set default certificate if it is not initialized
+ */
+ void
+ setDefaultCertificateInternal();
+
+ /**
+ * @brief Generate a key pair for the specified identity.
+ *
+ * @param identityName The name of the specified identity.
+ * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
+ * @param params The parameter of the key.
+ * @return The name of the generated key.
+ */
+ Name
+ generateKeyPair(const Name& identityName, bool isKsk = false,
+ const KeyParams& params = DEFAULT_KEY_PARAMS);
+
+ /**
+ * @brief Sign the data using a particular key.
+ *
+ * @param data Reference to the data packet.
+ * @param signature Signature to be added.
+ * @param keyName The name of the signing key.
+ * @param digestAlgorithm the digest algorithm.
+ * @throws Tpm::Error
+ */
+ void
+ signPacketWrapper(Data& data, const Signature& signature,
+ const Name& keyName, DigestAlgorithm digestAlgorithm);
+
+ /**
+ * @brief Sign the interest using a particular key.
+ *
+ * @param interest Reference to the interest packet.
+ * @param signature Signature to be added.
+ * @param keyName The name of the signing key.
+ * @param digestAlgorithm the digest algorithm.
+ * @throws Tpm::Error
+ */
+ void
+ signPacketWrapper(Interest& interest, const Signature& signature,
+ const Name& keyName, DigestAlgorithm digestAlgorithm);
+
+ /**
+ * @brief Generate a SignatureValue block for a buffer @p buf with size @p size using
+ * a key with name @p keyName and digest algorithm @p digestAlgorithm.
+ */
+ Block
+ pureSign(const uint8_t* buf, size_t size, const Name& keyName, DigestAlgorithm digestAlgorithm) const;
+
+ static void
+ registerPibImpl(const std::string& canonicalName,
+ std::initializer_list<std::string> aliases, PibCreateFunc createFunc);
+
+ static void
+ registerTpmImpl(const std::string& canonicalName,
+ std::initializer_list<std::string> aliases, TpmCreateFunc createFunc);
+
+public:
+ static tlv::SignatureTypeValue
+ getSignatureType(KeyType keyType, DigestAlgorithm digestAlgorithm);
+
+public:
+ static const Name DEFAULT_PREFIX;
+ static const SigningInfo DEFAULT_SIGNING_INFO;
+
+ // RsaKeyParams is set to be default for backward compatibility.
+ static const RsaKeyParams DEFAULT_KEY_PARAMS;
+
+ typedef std::map<std::string, Block> SignParams;
+
+private:
+ std::unique_ptr<SecPublicInfo> m_pib;
+ std::unique_ptr<SecTpm> m_tpm;
+ time::milliseconds m_lastTimestamp;
+};
+
+template<typename T>
+void
+KeyChain::signImpl(T& packet, const SigningInfo& params)
+{
+ Name keyName;
+ SignatureInfo sigInfo;
+ std::tie(keyName, sigInfo) = prepareSignatureInfo(params);
+
+ signPacketWrapper(packet, Signature(sigInfo),
+ keyName, params.getDigestAlgorithm());
+}
+
+template<typename T>
+void
+KeyChain::sign(T& packet, const Name& certificateName)
+{
+ signImpl(packet, SigningInfo(SigningInfo::SIGNER_TYPE_CERT, certificateName));
+}
+
+template<typename T>
+void
+KeyChain::signByIdentity(T& packet, const Name& identityName)
+{
+ signImpl(packet, SigningInfo(SigningInfo::SIGNER_TYPE_ID, identityName));
+}
+
+template<class PibType>
+inline void
+KeyChain::registerPib(std::initializer_list<std::string> aliases)
+{
+ registerPibImpl(*aliases.begin(), aliases, [] (const std::string& locator) {
+ return make_unique<PibType>(locator);
+ });
+}
+
+template<class TpmType>
+inline void
+KeyChain::registerTpm(std::initializer_list<std::string> aliases)
+{
+ registerTpmImpl(*aliases.begin(), aliases, [] (const std::string& locator) {
+ return make_unique<TpmType>(locator);
+ });
+}
+
+/**
+ * \brief Register SecPib class in ndn-cxx KeyChain
+ *
+ * This macro should be placed once in the implementation file of the
+ * SecPib type within the namespace where the type is declared.
+ */
+#define NDN_CXX_V1_KEYCHAIN_REGISTER_PIB(PibType, ...) \
+static class NdnCxxAuto ## PibType ## PibRegistrationClass \
+{ \
+public: \
+ NdnCxxAuto ## PibType ## PibRegistrationClass() \
+ { \
+ ::ndn::security::v1::KeyChain::registerPib<PibType>({__VA_ARGS__}); \
+ } \
+} ndnCxxAuto ## PibType ## PibRegistrationVariable
+
+/**
+ * \brief Register SecTpm class in ndn-cxx KeyChain
+ *
+ * This macro should be placed once in the implementation file of the
+ * SecTpm type within the namespace where the type is declared.
+ */
+#define NDN_CXX_V1_KEYCHAIN_REGISTER_TPM(TpmType, ...) \
+static class NdnCxxAuto ## TpmType ## TpmRegistrationClass \
+{ \
+public: \
+ NdnCxxAuto ## TpmType ## TpmRegistrationClass() \
+ { \
+ ::ndn::security::v1::KeyChain::registerTpm<TpmType>({__VA_ARGS__}); \
+ } \
+} ndnCxxAuto ## TpmType ## TpmRegistrationVariable
+
+} // namespace v1
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_SECURITY_V1_KEY_CHAIN_HPP
diff --git a/src/security/sec-public-info-sqlite3.cpp b/src/security/v1/sec-public-info-sqlite3.cpp
similarity index 96%
rename from src/security/sec-public-info-sqlite3.cpp
rename to src/security/v1/sec-public-info-sqlite3.cpp
index b392ba1..efb4e0f 100644
--- a/src/security/sec-public-info-sqlite3.cpp
+++ b/src/security/v1/sec-public-info-sqlite3.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,10 +23,10 @@
*/
#include "sec-public-info-sqlite3.hpp"
-#include "v1/identity-certificate.hpp"
-#include "signature-sha256-with-rsa.hpp"
-#include "signature-sha256-with-ecdsa.hpp"
-#include "../data.hpp"
+#include "identity-certificate.hpp"
+#include "../signature-sha256-with-rsa.hpp"
+#include "../signature-sha256-with-ecdsa.hpp"
+#include "../../data.hpp"
#include <sqlite3.h>
#include <stdio.h>
@@ -37,6 +37,7 @@
namespace ndn {
namespace security {
+namespace v1 {
using std::string;
using std::vector;
@@ -364,7 +365,7 @@
void
SecPublicInfoSqlite3::addKey(const Name& keyName,
- const v1::PublicKey& publicKeyDer)
+ const PublicKey& publicKeyDer)
{
if (keyName.empty())
return;
@@ -397,7 +398,7 @@
sqlite3_finalize(statement);
}
-shared_ptr<v1::PublicKey>
+shared_ptr<PublicKey>
SecPublicInfoSqlite3::getPublicKey(const Name& keyName)
{
if (keyName.empty())
@@ -416,9 +417,9 @@
int res = sqlite3_step(statement);
- shared_ptr<v1::PublicKey> result;
+ shared_ptr<PublicKey> result;
if (res == SQLITE_ROW) {
- result = make_shared<v1::PublicKey>(static_cast<const uint8_t*>(sqlite3_column_blob(statement, 0)),
+ result = make_shared<PublicKey>(static_cast<const uint8_t*>(sqlite3_column_blob(statement, 0)),
sqlite3_column_bytes(statement, 0));
sqlite3_finalize(statement);
return result;
@@ -484,12 +485,12 @@
}
void
-SecPublicInfoSqlite3::addCertificate(const v1::IdentityCertificate& certificate)
+SecPublicInfoSqlite3::addCertificate(const IdentityCertificate& certificate)
{
const Name& certificateName = certificate.getName();
- // KeyName is from v1::IdentityCertificate name, so should be qualified.
+ // KeyName is from IdentityCertificate name, so should be qualified.
Name keyName =
- v1::IdentityCertificate::certificateNameToPublicKeyName(certificate.getName());
+ IdentityCertificate::certificateNameToPublicKeyName(certificate.getName());
addKey(keyName, certificate.getPublicKeyInfo());
@@ -538,7 +539,7 @@
sqlite3_finalize(statement);
}
-shared_ptr<v1::IdentityCertificate>
+shared_ptr<IdentityCertificate>
SecPublicInfoSqlite3::getCertificate(const Name& certificateName)
{
sqlite3_stmt* statement = nullptr;
@@ -552,7 +553,7 @@
int res = sqlite3_step(statement);
if (res == SQLITE_ROW) {
- shared_ptr<v1::IdentityCertificate> certificate = make_shared<v1::IdentityCertificate>();
+ shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>();
try {
certificate->wireDecode(Block(static_cast<const uint8_t*>(sqlite3_column_blob(statement, 0)),
sqlite3_column_bytes(statement, 0)));
@@ -724,7 +725,7 @@
if (!doesCertificateExist(certificateName))
BOOST_THROW_EXCEPTION(Error("certificate does not exist:" + certificateName.toUri()));
- Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(certificateName);
+ Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certificateName);
string keyId = keyName.get(-1).toUri();
Name identityName = keyName.getPrefix(-1);
@@ -952,5 +953,6 @@
return SCHEME;
}
+} // namespace v1
} // namespace security
} // namespace ndn
diff --git a/src/security/sec-public-info-sqlite3.hpp b/src/security/v1/sec-public-info-sqlite3.hpp
similarity index 88%
rename from src/security/sec-public-info-sqlite3.hpp
rename to src/security/v1/sec-public-info-sqlite3.hpp
index fbe7d7e..6e9dfd7 100644
--- a/src/security/sec-public-info-sqlite3.hpp
+++ b/src/security/v1/sec-public-info-sqlite3.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -22,16 +22,17 @@
* @author Jeff Thompson <jefft0@remap.ucla.edu>
*/
-#ifndef NDN_SECURITY_SEC_PUBLIC_INFO_SQLITE3_HPP
-#define NDN_SECURITY_SEC_PUBLIC_INFO_SQLITE3_HPP
+#ifndef NDN_SECURITY_V1_SEC_PUBLIC_INFO_SQLITE3_HPP
+#define NDN_SECURITY_V1_SEC_PUBLIC_INFO_SQLITE3_HPP
-#include "../common.hpp"
+#include "../../common.hpp"
#include "sec-public-info.hpp"
struct sqlite3;
namespace ndn {
namespace security {
+namespace v1 {
class SecPublicInfoSqlite3 : public SecPublicInfo
{
@@ -78,9 +79,9 @@
doesPublicKeyExist(const Name& keyName);
virtual void
- addKey(const Name& keyName, const v1::PublicKey& publicKeyDer);
+ addKey(const Name& keyName, const PublicKey& publicKeyDer);
- virtual shared_ptr<v1::PublicKey>
+ virtual shared_ptr<PublicKey>
getPublicKey(const Name& keyName);
virtual KeyType
@@ -90,9 +91,9 @@
doesCertificateExist(const Name& certificateName);
virtual void
- addCertificate(const v1::IdentityCertificate& certificate);
+ addCertificate(const IdentityCertificate& certificate);
- virtual shared_ptr<v1::IdentityCertificate>
+ virtual shared_ptr<IdentityCertificate>
getCertificate(const Name& certificateName);
@@ -163,10 +164,8 @@
sqlite3* m_database;
};
+} // namespace v1
} // namespace security
-
-using security::SecPublicInfoSqlite3;
-
} // namespace ndn
-#endif // NDN_SECURITY_SEC_PUBLIC_INFO_SQLITE3_HPP
+#endif // NDN_SECURITY_V1_SEC_PUBLIC_INFO_SQLITE3_HPP
diff --git a/src/security/sec-public-info.cpp b/src/security/v1/sec-public-info.cpp
similarity index 86%
rename from src/security/sec-public-info.cpp
rename to src/security/v1/sec-public-info.cpp
index 7002d36..96c4441 100644
--- a/src/security/sec-public-info.cpp
+++ b/src/security/v1/sec-public-info.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,6 +23,7 @@
namespace ndn {
namespace security {
+namespace v1 {
SecPublicInfo::SecPublicInfo(const std::string& location)
: m_location(location)
@@ -40,7 +41,7 @@
}
void
-SecPublicInfo::addPublicKey(const Name& keyName, KeyType keyType, const v1::PublicKey& publicKey)
+SecPublicInfo::addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKey)
{
addKey(keyName, publicKey);
}
@@ -105,7 +106,7 @@
}
void
-SecPublicInfo::addCertificateAsKeyDefault(const v1::IdentityCertificate& certificate)
+SecPublicInfo::addCertificateAsKeyDefault(const IdentityCertificate& certificate)
{
addCertificate(certificate);
setDefaultCertificateNameForKeyInternal(certificate.getName());
@@ -113,35 +114,35 @@
}
void
-SecPublicInfo::addCertificateAsIdentityDefault(const v1::IdentityCertificate& certificate)
+SecPublicInfo::addCertificateAsIdentityDefault(const IdentityCertificate& certificate)
{
addCertificate(certificate);
Name certName = certificate.getName();
- Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(certName);
+ Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certName);
setDefaultKeyNameForIdentityInternal(keyName);
setDefaultCertificateNameForKeyInternal(certName);
refreshDefaultCertificate();
}
void
-SecPublicInfo::addCertificateAsSystemDefault(const v1::IdentityCertificate& certificate)
+SecPublicInfo::addCertificateAsSystemDefault(const IdentityCertificate& certificate)
{
addCertificate(certificate);
Name certName = certificate.getName();
- Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(certName);
+ Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certName);
setDefaultIdentityInternal(keyName.getPrefix(-1));
setDefaultKeyNameForIdentityInternal(keyName);
setDefaultCertificateNameForKeyInternal(certName);
refreshDefaultCertificate();
}
-shared_ptr<v1::IdentityCertificate>
+shared_ptr<IdentityCertificate>
SecPublicInfo::defaultCertificate()
{
return getDefaultCertificate();
}
-shared_ptr<v1::IdentityCertificate>
+shared_ptr<IdentityCertificate>
SecPublicInfo::getDefaultCertificate()
{
return m_defaultCertificate;
@@ -159,5 +160,6 @@
}
}
+} // namespace v1
} // namespace security
} // namespace ndn
diff --git a/src/security/sec-public-info.hpp b/src/security/v1/sec-public-info.hpp
similarity index 89%
rename from src/security/sec-public-info.hpp
rename to src/security/v1/sec-public-info.hpp
index 9f24538..7ed6ef4 100644
--- a/src/security/sec-public-info.hpp
+++ b/src/security/v1/sec-public-info.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,16 +19,17 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_SEC_PUBLIC_INFO_HPP
-#define NDN_SECURITY_SEC_PUBLIC_INFO_HPP
+#ifndef NDN_SECURITY_V1_SEC_PUBLIC_INFO_HPP
+#define NDN_SECURITY_V1_SEC_PUBLIC_INFO_HPP
-#include "../name.hpp"
-#include "security-common.hpp"
-#include "v1/public-key.hpp"
-#include "v1/identity-certificate.hpp"
+#include "../../name.hpp"
+#include "../security-common.hpp"
+#include "public-key.hpp"
+#include "identity-certificate.hpp"
namespace ndn {
namespace security {
+namespace v1 {
/**
* @brief SecPublicInfo is a base class for the storage of public information.
@@ -132,7 +133,7 @@
*/
DEPRECATED(
void
- addPublicKey(const Name& keyName, KeyType keyType, const v1::PublicKey& publicKey));
+ addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKey));
/**
* @brief Add a public key to the identity storage.
@@ -141,7 +142,7 @@
* @param publicKey Reference to the PublicKey object
*/
virtual void
- addKey(const Name& keyName, const v1::PublicKey& publicKey) = 0;
+ addKey(const Name& keyName, const PublicKey& publicKey) = 0;
/**
* @brief Get shared pointer to PublicKey object from the identity storage
@@ -149,7 +150,7 @@
* @param keyName The name of the requested public key
* @throws SecPublicInfo::Error if public key does not exist
*/
- virtual shared_ptr<v1::PublicKey>
+ virtual shared_ptr<PublicKey>
getPublicKey(const Name& keyName) = 0;
/**
@@ -180,7 +181,7 @@
* @param certificate The certificate to be added
*/
virtual void
- addCertificate(const v1::IdentityCertificate& certificate) = 0;
+ addCertificate(const IdentityCertificate& certificate) = 0;
/**
* @brief Get a shared pointer to identity certificate object from the identity storage
@@ -188,7 +189,7 @@
* @param certificateName The name of the requested certificate
* @throws SecPublicInfo::Error if the certificate does not exist
*/
- virtual shared_ptr<v1::IdentityCertificate>
+ virtual shared_ptr<IdentityCertificate>
getCertificate(const Name& certificateName) = 0;
@@ -404,7 +405,7 @@
* @throws SecPublicInfo::Error if the certificate cannot be added (though it is really rare)
*/
void
- addCertificateAsKeyDefault(const v1::IdentityCertificate& certificate);
+ addCertificateAsKeyDefault(const IdentityCertificate& certificate);
/**
* @brief Add a certificate into the public key identity storage and set the certificate as the
@@ -414,7 +415,7 @@
* @throws SecPublicInfo::Error if the certificate cannot be added (though it is really rare)
*/
void
- addCertificateAsIdentityDefault(const v1::IdentityCertificate& certificate);
+ addCertificateAsIdentityDefault(const IdentityCertificate& certificate);
/**
* @brief Add a certificate into the public key identity storage and set the certificate as the
@@ -424,24 +425,24 @@
* @throws SecPublicInfo::Error if the certificate cannot be added (though it is really rare)
*/
void
- addCertificateAsSystemDefault(const v1::IdentityCertificate& certificate);
+ addCertificateAsSystemDefault(const IdentityCertificate& certificate);
/**
* @brief Get cached default certificate of the default identity
*
- * @return The certificate which might be empty shared_ptr<v1::IdentityCertificate>()
+ * @return The certificate which might be empty shared_ptr<IdentityCertificate>()
* @deprecated Use getDefaultCertificate instead
*/
DEPRECATED(
- shared_ptr<v1::IdentityCertificate>
+ shared_ptr<IdentityCertificate>
defaultCertificate());
/**
* @brief Get cached default certificate of the default identity
*
- * @return The certificate which might be empty shared_ptr<v1::IdentityCertificate>()
+ * @return The certificate which might be empty shared_ptr<IdentityCertificate>()
*/
- shared_ptr<v1::IdentityCertificate>
+ shared_ptr<IdentityCertificate>
getDefaultCertificate();
/**
@@ -451,14 +452,22 @@
refreshDefaultCertificate();
protected:
- shared_ptr<v1::IdentityCertificate> m_defaultCertificate;
+ shared_ptr<IdentityCertificate> m_defaultCertificate;
std::string m_location;
};
+} // namespace v1
+
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+using v1::SecPublicInfo;
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
+
} // namespace security
-using security::SecPublicInfo;
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+using security::v1::SecPublicInfo;
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
} // namespace ndn
-#endif // NDN_SECURITY_SEC_PUBLIC_INFO_HPP
+#endif // NDN_SECURITY_V1_SEC_PUBLIC_INFO_HPP
diff --git a/src/security/sec-tpm-file.cpp b/src/security/v1/sec-tpm-file.cpp
similarity index 98%
rename from src/security/sec-tpm-file.cpp
rename to src/security/v1/sec-tpm-file.cpp
index 931d8fd..adda17f 100644
--- a/src/security/sec-tpm-file.cpp
+++ b/src/security/v1/sec-tpm-file.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -25,12 +25,12 @@
#include "sec-tpm-file.hpp"
-#include "../encoding/buffer-stream.hpp"
+#include "../../encoding/buffer-stream.hpp"
#include <boost/filesystem.hpp>
#include <boost/algorithm/string.hpp>
-#include "v1/cryptopp.hpp"
+#include "cryptopp.hpp"
#include <sys/types.h>
#include <sys/stat.h>
@@ -39,6 +39,7 @@
namespace ndn {
namespace security {
+namespace v1 {
using std::string;
using std::ostringstream;
@@ -232,7 +233,7 @@
boost::filesystem::remove(privateKeyPath);
}
-shared_ptr<v1::PublicKey>
+shared_ptr<PublicKey>
SecTpmFile::getPublicKeyFromTpm(const Name& keyName)
{
string keyURI = keyName.toUri();
@@ -251,7 +252,7 @@
BOOST_THROW_EXCEPTION(Error(e.what()));
}
- return make_shared<v1::PublicKey>(reinterpret_cast<const uint8_t*>(os.str().c_str()),
+ return make_shared<PublicKey>(reinterpret_cast<const uint8_t*>(os.str().c_str()),
os.str().size());
}
@@ -321,7 +322,7 @@
AutoSeededRandomPool rng;
// Read public key
- shared_ptr<v1::PublicKey> pubkeyPtr;
+ shared_ptr<PublicKey> pubkeyPtr;
pubkeyPtr = getPublicKeyFromTpm(keyName);
switch (pubkeyPtr->getKeyType()) {
@@ -587,5 +588,6 @@
}
}
+} // namespace v1
} // namespace security
} // namespace ndn
diff --git a/src/security/sec-tpm-file.hpp b/src/security/v1/sec-tpm-file.hpp
similarity index 92%
rename from src/security/sec-tpm-file.hpp
rename to src/security/v1/sec-tpm-file.hpp
index ed25d2d..aaaa4ce 100644
--- a/src/security/sec-tpm-file.hpp
+++ b/src/security/v1/sec-tpm-file.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,15 +23,16 @@
* @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
*/
-#ifndef NDN_SECURITY_SEC_TPM_FILE_HPP
-#define NDN_SECURITY_SEC_TPM_FILE_HPP
+#ifndef NDN_SECURITY_V1_SEC_TPM_FILE_HPP
+#define NDN_SECURITY_V1_SEC_TPM_FILE_HPP
-#include "../common.hpp"
+#include "../../common.hpp"
#include "sec-tpm.hpp"
namespace ndn {
namespace security {
+namespace v1 {
class SecTpmFile : public SecTpm
{
@@ -92,7 +93,7 @@
virtual void
deleteKeyPairInTpm(const Name& keyName);
- virtual shared_ptr<v1::PublicKey>
+ virtual shared_ptr<PublicKey>
getPublicKeyFromTpm(const Name& keyName);
virtual Block
@@ -144,10 +145,8 @@
bool m_inTerminal;
};
+} // namespace v1
} // namespace security
-
-using security::SecTpmFile;
-
} // namespace ndn
-#endif // NDN_SECURITY_SEC_TPM_FILE_HPP
+#endif // NDN_SECURITY_V1_SEC_TPM_FILE_HPP
diff --git a/src/security/sec-tpm-osx.cpp b/src/security/v1/sec-tpm-osx.cpp
similarity index 98%
rename from src/security/sec-tpm-osx.cpp
rename to src/security/v1/sec-tpm-osx.cpp
index 671a6f1..f3c3029 100644
--- a/src/security/sec-tpm-osx.cpp
+++ b/src/security/v1/sec-tpm-osx.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -22,11 +22,11 @@
*/
#include "sec-tpm-osx.hpp"
-#include "v1/public-key.hpp"
+#include "public-key.hpp"
-#include "../encoding/oid.hpp"
-#include "../encoding/buffer-stream.hpp"
-#include "v1/cryptopp.hpp"
+#include "../../encoding/oid.hpp"
+#include "../../encoding/buffer-stream.hpp"
+#include "cryptopp.hpp"
#include <pwd.h>
#include <unistd.h>
@@ -44,6 +44,7 @@
namespace ndn {
namespace security {
+namespace v1 {
using std::string;
@@ -499,7 +500,7 @@
// throw Error("Fail to create a symmetric key");
}
-shared_ptr<v1::PublicKey>
+shared_ptr<PublicKey>
SecTpmOsx::getPublicKeyFromTpm(const Name& keyName)
{
CFReleaser<SecKeychainItemRef> publicKey = m_impl->getKey(keyName, KeyClass::PUBLIC);
@@ -518,7 +519,7 @@
BOOST_THROW_EXCEPTION(Error("Cannot export requested public key from OSX Keychain"));
}
- shared_ptr<v1::PublicKey> key = make_shared<v1::PublicKey>(CFDataGetBytePtr(exportedKey.get()),
+ shared_ptr<PublicKey> key = make_shared<PublicKey>(CFDataGetBytePtr(exportedKey.get()),
CFDataGetLength(exportedKey.get()));
return key;
}
@@ -541,7 +542,7 @@
"in OSX Keychain"));
}
- shared_ptr<v1::PublicKey> publicKey = getPublicKeyFromTpm(keyName);
+ shared_ptr<PublicKey> publicKey = getPublicKeyFromTpm(keyName);
CFReleaser<CFDataRef> exportedKey;
OSStatus res = SecItemExport(privateKey.get(),
@@ -1139,5 +1140,6 @@
}
}
+} // namespace v1
} // namespace security
} // namespace ndn
diff --git a/src/security/sec-tpm-osx.hpp b/src/security/v1/sec-tpm-osx.hpp
similarity index 94%
rename from src/security/sec-tpm-osx.hpp
rename to src/security/v1/sec-tpm-osx.hpp
index 1713f06..7641514 100644
--- a/src/security/sec-tpm-osx.hpp
+++ b/src/security/v1/sec-tpm-osx.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -21,10 +21,10 @@
* @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
*/
-#ifndef NDN_SECURITY_SEC_TPM_OSX_HPP
-#define NDN_SECURITY_SEC_TPM_OSX_HPP
+#ifndef NDN_SECURITY_V1_SEC_TPM_OSX_HPP
+#define NDN_SECURITY_V1_SEC_TPM_OSX_HPP
-#include "../common.hpp"
+#include "../../common.hpp"
#ifndef NDN_CXX_HAVE_OSX_SECURITY
#error "This files should not be compiled ..."
@@ -34,6 +34,7 @@
namespace ndn {
namespace security {
+namespace v1 {
class SecTpmOsx : public SecTpm
{
@@ -161,10 +162,8 @@
shared_ptr<Impl> m_impl;
};
+} // namespace v1
} // namespace security
-
-using security::SecTpmOsx;
-
} // namespace ndn
-#endif // NDN_SECURITY_SEC_TPM_OSX_HPP
+#endif // NDN_SECURITY_V1_SEC_TPM_OSX_HPP
diff --git a/src/security/sec-tpm.cpp b/src/security/v1/sec-tpm.cpp
similarity index 98%
rename from src/security/sec-tpm.cpp
rename to src/security/v1/sec-tpm.cpp
index 2ce3d66..fae3b7e 100644
--- a/src/security/sec-tpm.cpp
+++ b/src/security/v1/sec-tpm.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -23,13 +23,14 @@
#include "sec-tpm.hpp"
-#include "../encoding/oid.hpp"
-#include "../encoding/buffer-stream.hpp"
-#include "v1/cryptopp.hpp"
+#include "../../encoding/oid.hpp"
+#include "../../encoding/buffer-stream.hpp"
+#include "cryptopp.hpp"
#include <unistd.h>
namespace ndn {
namespace security {
+namespace v1 {
SecTpm::SecTpm(const std::string& location)
: m_location(location)
@@ -381,5 +382,6 @@
return isInitialized;
}
+} // namespace v1
} // namespace security
} // namespace ndn
diff --git a/src/security/sec-tpm.hpp b/src/security/v1/sec-tpm.hpp
similarity index 93%
rename from src/security/sec-tpm.hpp
rename to src/security/v1/sec-tpm.hpp
index 3da278e..5acb0c3 100644
--- a/src/security/sec-tpm.hpp
+++ b/src/security/v1/sec-tpm.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -21,18 +21,19 @@
* @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
*/
-#ifndef NDN_SECURITY_SEC_TPM_HPP
-#define NDN_SECURITY_SEC_TPM_HPP
+#ifndef NDN_SECURITY_V1_SEC_TPM_HPP
+#define NDN_SECURITY_V1_SEC_TPM_HPP
-#include "../common.hpp"
-#include "security-common.hpp"
-#include "../name.hpp"
-#include "../data.hpp"
-#include "key-params.hpp"
-#include "v1/public-key.hpp"
+#include "../../common.hpp"
+#include "../security-common.hpp"
+#include "../../name.hpp"
+#include "../../data.hpp"
+#include "../key-params.hpp"
+#include "public-key.hpp"
namespace ndn {
namespace security {
+namespace v1 {
/**
* @brief SecTpm is the base class of the TPM classes.
@@ -301,10 +302,18 @@
std::string m_location;
};
+} // namespace v1
+
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+using v1::SecTpm;
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
+
} // namespace security
-using security::SecTpm;
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+using security::v1::SecTpm;
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
} // namespace ndn
-#endif // NDN_SECURITY_SEC_TPM_HPP
+#endif // NDN_SECURITY_V1_SEC_TPM_HPP
diff --git a/src/security/secured-bag.cpp b/src/security/v1/secured-bag.cpp
similarity index 87%
rename from src/security/secured-bag.cpp
rename to src/security/v1/secured-bag.cpp
index 66fad02..8fccbc6 100644
--- a/src/security/secured-bag.cpp
+++ b/src/security/v1/secured-bag.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,10 +20,12 @@
*/
#include "secured-bag.hpp"
-#include "encoding/tlv-security.hpp"
-#include "util/concepts.hpp"
+#include "../../encoding/tlv-security.hpp"
+#include "../../util/concepts.hpp"
namespace ndn {
+namespace security {
+namespace v1 {
//BOOST_CONCEPT_ASSERT((boost::EqualityComparable<SecuredBag>));
BOOST_CONCEPT_ASSERT((WireEncodable<SecuredBag>));
@@ -41,7 +43,7 @@
this->wireDecode(wire);
}
-SecuredBag::SecuredBag(const v1::IdentityCertificate& cert, ConstBufferPtr key)
+SecuredBag::SecuredBag(const IdentityCertificate& cert, ConstBufferPtr key)
: m_cert(cert)
, m_key(key)
, m_wire(tlv::security::IdentityPackage)
@@ -76,4 +78,6 @@
return m_wire;
}
+} // namespace v1
+} // namespace security
} // namespace ndn
diff --git a/src/security/secured-bag.hpp b/src/security/v1/secured-bag.hpp
similarity index 80%
rename from src/security/secured-bag.hpp
rename to src/security/v1/secured-bag.hpp
index 5dd27fc..fbfb151 100644
--- a/src/security/secured-bag.hpp
+++ b/src/security/v1/secured-bag.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -19,14 +19,15 @@
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
-#ifndef NDN_SECURITY_SECURED_BAG_HPP
-#define NDN_SECURITY_SECURED_BAG_HPP
+#ifndef NDN_SECURITY_V1_SECURED_BAG_HPP
+#define NDN_SECURITY_V1_SECURED_BAG_HPP
-#include "../common.hpp"
-#include "v1/identity-certificate.hpp"
+#include "../../common.hpp"
+#include "identity-certificate.hpp"
namespace ndn {
namespace security {
+namespace v1 {
class SecuredBag
{
@@ -46,7 +47,7 @@
explicit
SecuredBag(const Block& wire);
- SecuredBag(const v1::IdentityCertificate& cert,
+ SecuredBag(const IdentityCertificate& cert,
ConstBufferPtr key);
virtual
@@ -58,7 +59,7 @@
const Block&
wireEncode() const;
- const v1::IdentityCertificate&
+ const IdentityCertificate&
getCertificate() const
{
return m_cert;
@@ -71,16 +72,14 @@
}
private:
- v1::IdentityCertificate m_cert;
+ IdentityCertificate m_cert;
ConstBufferPtr m_key;
mutable Block m_wire;
};
+} // namespace v1
} // namespace security
-
-using security::SecuredBag;
-
} // namespace ndn
-#endif // NDN_SECURITY_SECURED_BAG_HPP
+#endif // NDN_SECURITY_V1_SECURED_BAG_HPP
diff --git a/src/util/dummy-client-face.cpp b/src/util/dummy-client-face.cpp
index 14a7631..f84d997 100644
--- a/src/util/dummy-client-face.cpp
+++ b/src/util/dummy-client-face.cpp
@@ -86,13 +86,13 @@
DummyClientFace::DummyClientFace(const Options& options/* = DummyClientFace::DEFAULT_OPTIONS*/)
: Face(make_shared<DummyClientFace::Transport>())
- , m_internalKeyChain(new KeyChain)
+ , m_internalKeyChain(new security::v1::KeyChain)
, m_keyChain(*m_internalKeyChain)
{
this->construct(options);
}
-DummyClientFace::DummyClientFace(KeyChain& keyChain,
+DummyClientFace::DummyClientFace(security::v1::KeyChain& keyChain,
const Options& options/* = DummyClientFace::DEFAULT_OPTIONS*/)
: Face(make_shared<DummyClientFace::Transport>(), keyChain)
, m_keyChain(keyChain)
@@ -103,13 +103,13 @@
DummyClientFace::DummyClientFace(boost::asio::io_service& ioService,
const Options& options/* = DummyClientFace::DEFAULT_OPTIONS*/)
: Face(make_shared<DummyClientFace::Transport>(), ioService)
- , m_internalKeyChain(new KeyChain)
+ , m_internalKeyChain(new security::v1::KeyChain)
, m_keyChain(*m_internalKeyChain)
{
this->construct(options);
}
-DummyClientFace::DummyClientFace(boost::asio::io_service& ioService, KeyChain& keyChain,
+DummyClientFace::DummyClientFace(boost::asio::io_service& ioService, security::v1::KeyChain& keyChain,
const Options& options/* = DummyClientFace::DEFAULT_OPTIONS*/)
: Face(make_shared<DummyClientFace::Transport>(), ioService, keyChain)
, m_keyChain(keyChain)
diff --git a/src/util/dummy-client-face.hpp b/src/util/dummy-client-face.hpp
index 630913c..cbf22f1 100644
--- a/src/util/dummy-client-face.hpp
+++ b/src/util/dummy-client-face.hpp
@@ -80,7 +80,7 @@
/** \brief Create a dummy face with internal IO service and the specified KeyChain
*/
explicit
- DummyClientFace(KeyChain& keyChain, const Options& options = Options());
+ DummyClientFace(security::v1::KeyChain& keyChain, const Options& options = Options());
/** \brief Create a dummy face with the provided IO service
*/
@@ -89,7 +89,7 @@
/** \brief Create a dummy face with the provided IO service and the specified KeyChain
*/
- DummyClientFace(boost::asio::io_service& ioService, KeyChain& keyChain,
+ DummyClientFace(boost::asio::io_service& ioService, security::v1::KeyChain& keyChain,
const Options& options = Options());
/** \brief cause the Face to receive an interest
@@ -166,8 +166,8 @@
Signal<DummyClientFace, lp::Nack> onSendNack;
private:
- std::unique_ptr<KeyChain> m_internalKeyChain;
- KeyChain& m_keyChain;
+ std::unique_ptr<security::v1::KeyChain> m_internalKeyChain;
+ security::v1::KeyChain& m_keyChain;
std::function<void(time::milliseconds)> m_processEventsOverride;
};
diff --git a/src/util/notification-stream.hpp b/src/util/notification-stream.hpp
index 42d0e36..e9921c0 100644
--- a/src/util/notification-stream.hpp
+++ b/src/util/notification-stream.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -50,7 +50,7 @@
#include "../name.hpp"
#include "../face.hpp"
-#include "../security/key-chain.hpp"
+#include "../security/v1/key-chain.hpp"
#include "concepts.hpp"