security: Added EncryptionManager.
diff --git a/Makefile.am b/Makefile.am
index 4efdccc..26ead13 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -69,6 +69,7 @@
ndn-cpp/security/security-exception.cpp ndn-cpp/security/security-exception.hpp \
ndn-cpp/security/certificate/oid.cpp ndn-cpp/security/certificate/oid.hpp \
ndn-cpp/security/certificate/public-key.cpp ndn-cpp/security/certificate/public-key.hpp \
+ ndn-cpp/security/encryption/encryption-manager.hpp \
ndn-cpp/security/identity/identity-manager.cpp ndn-cpp/security/identity/identity-manager.hpp \
ndn-cpp/security/identity/identity-storage.hpp \
ndn-cpp/security/identity/memory-identity-storage.cpp ndn-cpp/security/identity/memory-identity-storage.hpp \
diff --git a/Makefile.in b/Makefile.in
index 7a3de7e..3a24a6a 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -534,6 +534,7 @@
ndn-cpp/security/security-exception.cpp ndn-cpp/security/security-exception.hpp \
ndn-cpp/security/certificate/oid.cpp ndn-cpp/security/certificate/oid.hpp \
ndn-cpp/security/certificate/public-key.cpp ndn-cpp/security/certificate/public-key.hpp \
+ ndn-cpp/security/encryption/encryption-manager.hpp \
ndn-cpp/security/identity/identity-manager.cpp ndn-cpp/security/identity/identity-manager.hpp \
ndn-cpp/security/identity/identity-storage.hpp \
ndn-cpp/security/identity/memory-identity-storage.cpp ndn-cpp/security/identity/memory-identity-storage.hpp \
diff --git a/ndn-cpp/security/encryption/encryption-manager.hpp b/ndn-cpp/security/encryption/encryption-manager.hpp
new file mode 100644
index 0000000..88a69c8
--- /dev/null
+++ b/ndn-cpp/security/encryption/encryption-manager.hpp
@@ -0,0 +1,34 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_ENCRYPTION_MANAGER_HPP
+#define NDN_ENCRYPTION_MANAGER_HPP
+
+#include "../../name.hpp"
+#include "../security-common.hpp"
+
+namespace ndn {
+
+class EncryptionManager {
+public:
+ virtual ~EncryptionManager() {}
+
+ virtual void
+ createSymmetricKey(const Name& keyName, KeyType keyType, const Name& signkeyName = Name(), bool isSymmetric = true) = 0;
+
+ virtual Blob
+ encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = false,
+ EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT) = 0;
+
+ virtual Blob
+ decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = false,
+ EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT) = 0;
+};
+
+}
+
+#endif
diff --git a/ndn-cpp/security/key-chain.hpp b/ndn-cpp/security/key-chain.hpp
index ff54aa9..5a1198a 100644
--- a/ndn-cpp/security/key-chain.hpp
+++ b/ndn-cpp/security/key-chain.hpp
@@ -10,6 +10,7 @@
#include "../data.hpp"
#include "../face.hpp"
#include "identity/identity-manager.hpp"
+#include "encryption/encryption-manager.hpp"
namespace ndn {
@@ -26,7 +27,7 @@
typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>& data)> OnVerifyFailed;
/**
- * Keychain is main class of security library.
+ * Keychain is the main class of the security library.
*
* The Keychain class provides a set of interfaces to the security library such as identity management, policy configuration
* and packet signing and verification.
@@ -36,6 +37,126 @@
KeyChain
(const ptr_lib::shared_ptr<IdentityManager>& identityManager, const ptr_lib::shared_ptr<PolicyManager>& policyManager);
+ /*****************************************
+ * Identity Management *
+ *****************************************/
+
+#if 0
+ /**
+ * Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.
+ * @param identityName The name of the identity.
+ * @return The key name of the auto-generated KSK of the identity.
+ */
+ Name
+ createIdentity(const Name& identityName)
+ {
+ return identityManager_->createIdentity(identityName);
+ }
+#endif
+
+ /**
+ * Get the default identity.
+ * @return The default identity name.
+ */
+ Name
+ getDefaultIdentity()
+ {
+ return identityManager_->getDefaultIdentity();
+ }
+
+#if 0
+ /**
+ * Generate a pair of RSA keys for the specified identity
+ * @param identity the name of the identity
+ * @param ksk create a KSK or not, true for KSK, false for DSK
+ * @param keySize the size of the key
+ * @return the generated key name
+ */
+ Name
+ generateRSAKeyPair (const Name& identity, bool ksk = false, int keySize = 2048);
+
+ /**
+ * Set a key as the default key of an identity
+ * @param keyName the name of the key
+ * @param identity the name of the identity, if not specified the identity name can be inferred from the keyName
+ */
+ void
+ setDefaultKeyForIdentity (const Name& keyName, const Name& identity = Name());
+
+ /**
+ * Generate a pair of RSA keys for the specified identity and set it as default key of the identity
+ * @param identity the name of the identity
+ * @param ksk create a KSK or not, true for KSK, false for DSK
+ * @param keySize the size of the key
+ * @return the generated key name
+ */
+ Name
+ generateRSAKeyPairAsDefault (const Name& identity, bool ksk = false, int keySize = 2048);
+
+ /**
+ * Create a public key signing request
+ * @param keyName the name of the key
+ * @returns signing request blob
+ */
+ Ptr<Blob>
+ createSigningRequest(const Name& keyName);
+
+ /**
+ * Install a certificate into identity
+ * @param certificate the certificate in terms of Data packet
+ */
+ void
+ installCertificate(Ptr<Certificate> certificate);
+
+ /**
+ * Set a certificate as the default certificate name of the corresponding key
+ * @param certificateName the name of the certificate
+ */
+ void
+ setDefaultCertificateForKey(const Name& certificateName);
+
+ /**
+ * Get certificate
+ * @param certificateName name of the certificate
+ * @returns certificate that is valid
+ */
+ Ptr<Certificate>
+ getCertificate(const Name& certificateName);
+
+ /**
+ * Get certificate even if it is not valid
+ * @param certificateName name of the certificate
+ * @returns certificate that is valid
+ */
+ Ptr<Certificate>
+ getAnyCertificate(const Name& certName);
+
+ /**
+ * Revoke a key
+ * @param keyName the name of the key that will be revoked
+ */
+ void
+ revokeKey(const Name & keyName);
+
+ /**
+ * Revoke a certificate
+ * @param certificateName the name of the certificate that will be revoked
+ */
+ void
+ revokeCertificate(const Name & certificateName);
+#endif
+
+ /*****************************************
+ * Policy Management *
+ *****************************************/
+
+ const ptr_lib::shared_ptr<PolicyManager>&
+ getPolicyManager() { return policyManager_; }
+
+ /*****************************************
+ * Sign/Verify *
+ *****************************************/
+
/**
* Wire encode the Data object, sign it and set its signature.
* Note: the caller must make sure the timestamp is correct, for example with
@@ -46,7 +167,7 @@
*/
void
sign(Data& data, const Name& certificateName, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
-
+
/**
* Wire encode the Data object, sign it and set its signature.
* Note: the caller must make sure the timestamp is correct, for example with
@@ -70,6 +191,53 @@
verifyData
(const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount = 0);
+ /*****************************************
+ * Encrypt/Decrypt *
+ *****************************************/
+
+ /**
+ * Generate a symmetric key.
+ * @param keyName The name of the generated key.
+ * @param keyType The type of the key, e.g. KEY_TYPE_AES
+ */
+ void
+ generateSymmetricKey(const Name& keyName, KeyType keyType)
+ {
+ encryptionManager_->createSymmetricKey(keyName, keyType);
+ }
+
+ /**
+ * Encrypt a byte array.
+ * @param keyName The name of the encrypting key.
+ * @param data The byte array that will be encrypted.
+ * @param dataLength The length of data.
+ * @param useSymmetric If true then symmetric encryption is used, otherwise asymmetric encryption is used.
+ * @param encryptMode the encryption mode
+ * @return the encrypted data as an immutable Blob.
+ */
+ Blob
+ encrypt(const Name &keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = true,
+ EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT)
+ {
+ return encryptionManager_->encrypt(keyName, data, dataLength, useSymmetric, encryptMode);
+ }
+
+ /**
+ * Decrypt a byte array.
+ * @param keyName The name of the decrypting key.
+ * @param data The byte array that will be decrypted.
+ * @param dataLength The length of data.
+ * @param useSymmetric If true then symmetric encryption is used, otherwise asymmetric encryption is used.
+ * @param encryptMode the encryption mode
+ * @return the decrypted data as an immutable Blob.
+ */
+ Blob
+ decrypt(const Name &keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = true,
+ EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT)
+ {
+ return encryptionManager_->decrypt(keyName, data, dataLength, useSymmetric, encryptMode);
+ }
+
/**
* Set the Face which will be used to fetch required certificates.
* @param face A pointer to the Face object.
@@ -80,6 +248,7 @@
private:
ptr_lib::shared_ptr<IdentityManager> identityManager_;
ptr_lib::shared_ptr<PolicyManager> policyManager_;
+ ptr_lib::shared_ptr<EncryptionManager> encryptionManager_;
Face* face_;
const int maxSteps_;
};
diff --git a/ndn-cpp/security/security-common.hpp b/ndn-cpp/security/security-common.hpp
index c9693a8..1222480 100644
--- a/ndn-cpp/security/security-common.hpp
+++ b/ndn-cpp/security/security-common.hpp
@@ -37,9 +37,9 @@
};
enum EncryptMode {
- ENCRYPTION_MODE_DEFAULT,
- ENCRYPTION_MODE_CFB_AES,
- // ENCRYPTION_MODE_CBC_AES
+ ENCRYPT_MODE_DEFAULT,
+ ENCRYPT_MODE_CFB_AES,
+ // ENCRYPT_MODE_CBC_AES
};
}