Jeff Thompson | 25b4e61 | 2013-10-10 16:03:24 -0700 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 2 | /** |
Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 3 | * Copyright (C) 2013 Regents of the University of California. |
Jeff Thompson | ba16b8f | 2013-12-16 13:11:47 -0800 | [diff] [blame] | 4 | * @author: Yingdi Yu <yingdi@cs.ucla.edu> |
Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 5 | * @author: Jeff Thompson <jefft0@remap.ucla.edu> |
Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 6 | * See COPYING for copyright and distribution information. |
| 7 | */ |
| 8 | |
| 9 | #ifndef NDN_KEY_CHAIN_HPP |
Jeff Thompson | 2d27e2f | 2013-08-09 12:55:00 -0700 | [diff] [blame] | 10 | #define NDN_KEY_CHAIN_HPP |
Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 11 | |
Yingdi Yu | 4f32463 | 2014-01-15 18:10:03 -0800 | [diff] [blame] | 12 | #include "identity-certificate.hpp" |
| 13 | #include "public-key.hpp" |
| 14 | #include "signature-sha256-with-rsa.hpp" |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 15 | |
Yingdi Yu | 4f32463 | 2014-01-15 18:10:03 -0800 | [diff] [blame] | 16 | #include "sec-public-info-sqlite3.hpp" |
| 17 | #include "sec-public-info-memory.hpp" |
| 18 | #include "sec-tpm-osx.hpp" |
| 19 | #include "sec-tpm-memory.hpp" |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 20 | |
Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 21 | |
| 22 | namespace ndn { |
| 23 | |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 24 | /** |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 25 | * KeyChain is one of the main classes of the security library. |
Jeff Thompson | ffa36f9 | 2013-09-20 08:42:41 -0700 | [diff] [blame] | 26 | * |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 27 | * The KeyChain class provides a set of interfaces of identity management and private key related operations. |
Jeff Thompson | ffa36f9 | 2013-09-20 08:42:41 -0700 | [diff] [blame] | 28 | */ |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 29 | template<class Info, class Tpm> |
| 30 | class KeyChainImpl : public Info, public Tpm |
| 31 | { |
Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 32 | public: |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 33 | // struct Error : public std::runtime_error { Error(const std::string &what) : std::runtime_error(what) {} }; |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 34 | |
| 35 | /** |
| 36 | * Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. |
| 37 | * @param identityName The name of the identity. |
| 38 | * @return The key name of the auto-generated KSK of the identity. |
| 39 | */ |
| 40 | Name |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 41 | createIdentity(const Name& identityName) |
| 42 | { |
| 43 | if (!Info::doesIdentityExist(identityName)) { |
| 44 | Info::addIdentity(identityName); |
| 45 | |
| 46 | Name keyName = generateRSAKeyPairAsDefault(identityName, true); |
| 47 | |
| 48 | ptr_lib::shared_ptr<IdentityCertificate> selfCert = selfSign(keyName); |
| 49 | |
| 50 | Info::addCertificateAsDefault(*selfCert); |
| 51 | |
| 52 | return keyName; |
| 53 | } |
| 54 | else |
| 55 | return Name(); |
| 56 | } |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 57 | |
| 58 | /** |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 59 | * Generate a pair of RSA keys for the specified identity. |
| 60 | * @param identityName The name of the identity. |
| 61 | * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK). |
| 62 | * @param keySize The size of the key. |
| 63 | * @return The generated key name. |
| 64 | */ |
| 65 | Name |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 66 | generateRSAKeyPair(const Name& identityName, bool isKsk = false, int keySize = 2048) |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 67 | { |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 68 | return generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize); |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 69 | } |
Alexander Afanasyev | 64a3d81 | 2014-01-05 23:35:05 -0800 | [diff] [blame] | 70 | |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 71 | /** |
| 72 | * Generate a pair of RSA keys for the specified identity and set it as default key for the identity. |
| 73 | * @param identityName The name of the identity. |
| 74 | * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK). |
| 75 | * @param keySize The size of the key. |
| 76 | * @return The generated key name. |
| 77 | */ |
| 78 | Name |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 79 | generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk = false, int keySize = 2048) |
| 80 | { |
| 81 | Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize); |
| 82 | |
| 83 | Info::setDefaultKeyNameForIdentity(keyName); |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 84 | |
| 85 | return keyName; |
| 86 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 87 | |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 88 | /** |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 89 | * Create an identity certificate for a public key managed by this IdentityManager. |
| 90 | * @param certificatePrefix The name of public key to be signed. |
| 91 | * @param signerCertificateName The name of signing certificate. |
| 92 | * @param notBefore The notBefore value in the validity field of the generated certificate. |
| 93 | * @param notAfter The notAfter vallue in validity field of the generated certificate. |
| 94 | * @return The name of generated identity certificate. |
| 95 | */ |
| 96 | ptr_lib::shared_ptr<IdentityCertificate> |
| 97 | createIdentityCertificate |
| 98 | (const Name& certificatePrefix, |
| 99 | const Name& signerCertificateName, |
| 100 | const MillisecondsSince1970& notBefore, |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 101 | const MillisecondsSince1970& notAfter) |
| 102 | { |
| 103 | Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix); |
| 104 | |
| 105 | ptr_lib::shared_ptr<PublicKey> pubKey = Info::getPublicKey(keyName); |
| 106 | if (!pubKey) |
| 107 | throw std::runtime_error("Requested public key [" + keyName.toUri() + "] doesn't exist"); |
| 108 | |
| 109 | ptr_lib::shared_ptr<IdentityCertificate> certificate = |
| 110 | createIdentityCertificate(certificatePrefix, |
| 111 | *pubKey, |
| 112 | signerCertificateName, |
| 113 | notBefore, notAfter); |
| 114 | |
| 115 | Info::addCertificate(*certificate); |
| 116 | |
| 117 | return certificate; |
| 118 | } |
| 119 | |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 120 | |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 121 | /** |
| 122 | * Create an identity certificate for a public key supplied by the caller. |
| 123 | * @param certificatePrefix The name of public key to be signed. |
| 124 | * @param publickey The public key to be signed. |
| 125 | * @param signerCertificateName The name of signing certificate. |
| 126 | * @param notBefore The notBefore value in the validity field of the generated certificate. |
| 127 | * @param notAfter The notAfter vallue in validity field of the generated certificate. |
| 128 | * @return The generated identity certificate. |
| 129 | */ |
| 130 | ptr_lib::shared_ptr<IdentityCertificate> |
| 131 | createIdentityCertificate |
| 132 | (const Name& certificatePrefix, |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 133 | const PublicKey& publicKey, |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 134 | const Name& signerCertificateName, |
| 135 | const MillisecondsSince1970& notBefore, |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 136 | const MillisecondsSince1970& notAfter) |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 137 | { |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 138 | ptr_lib::shared_ptr<IdentityCertificate> certificate (new IdentityCertificate()); |
| 139 | Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix); |
| 140 | |
| 141 | Name certificateName = certificatePrefix; |
| 142 | certificateName.append("ID-CERT").appendVersion(); |
| 143 | |
| 144 | certificate->setName(certificateName); |
| 145 | certificate->setNotBefore(notBefore); |
| 146 | certificate->setNotAfter(notAfter); |
| 147 | certificate->setPublicKeyInfo(publicKey); |
| 148 | certificate->addSubjectDescription(CertificateSubjectDescription("2.5.4.41", keyName.toUri())); |
| 149 | certificate->encode(); |
| 150 | |
| 151 | sign(*certificate, signerCertificateName); |
| 152 | |
| 153 | return certificate; |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 154 | } |
| 155 | |
Yingdi Yu | 3c5887c | 2014-01-21 18:19:49 -0800 | [diff] [blame^] | 156 | /** |
| 157 | * Fetch the private key for keyName and sign the data, and set the signature block of the data packet. |
| 158 | * Throw Error if signing fails. |
| 159 | * @param data Reference to the input data packet. |
| 160 | * @param keyName The name of the signing key. |
| 161 | * @param digestAlgorithm the digest algorithm. |
| 162 | */ |
| 163 | void |
| 164 | signInTpm(Data &data, const Name& keyName, DigestAlgorithm digestAlgorithm) |
| 165 | { |
| 166 | data.setSignatureValue |
| 167 | (Tpm::signInTpm(data.wireEncode().value(), |
| 168 | data.wireEncode().value_size() - data.getSignature().getValue().size(), |
| 169 | keyName, digestAlgorithm)); |
| 170 | } |
| 171 | |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 172 | void |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 173 | sign(Data &data) |
| 174 | { |
| 175 | if (!Info::defaultCertificate()) |
| 176 | { |
| 177 | Info::refreshDefaultCertificate(); |
| 178 | |
| 179 | if(!Info::defaultCertificate()) |
| 180 | throw std::runtime_error("Default IdentityCertificate cannot be determined"); |
| 181 | } |
| 182 | |
| 183 | sign(data, *Info::defaultCertificate()); |
| 184 | } |
Alexander Afanasyev | e64788e | 2014-01-05 22:38:21 -0800 | [diff] [blame] | 185 | |
Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 186 | /** |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 187 | * Wire encode the Data object, sign it and set its signature. |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 188 | * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding. |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 189 | * @param certificateName The certificate name of the key to use for signing. If omitted, infer the signing identity from the data packet name. |
Jeff Thompson | 3c73da4 | 2013-08-12 11:19:05 -0700 | [diff] [blame] | 190 | */ |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 191 | void |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 192 | sign(Data& data, const Name& certificateName) |
| 193 | { |
| 194 | ptr_lib::shared_ptr<IdentityCertificate> cert = Info::getCertificate(certificateName); |
| 195 | if (!cert) |
| 196 | throw std::runtime_error("Requested certificate [" + certificateName.toUri() + "] doesn't exist"); |
| 197 | |
| 198 | SignatureSha256WithRsa signature; |
| 199 | signature.setKeyLocator(certificateName.getPrefix(-1)); // implicit conversion should take care |
| 200 | data.setSignature(signature); |
| 201 | |
| 202 | // For temporary usage, we support RSA + SHA256 only, but will support more. |
Yingdi Yu | 3c5887c | 2014-01-21 18:19:49 -0800 | [diff] [blame^] | 203 | signInTpm(data, cert->getPublicKeyName(), DIGEST_ALGORITHM_SHA256); |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 204 | } |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 205 | |
| 206 | void |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 207 | sign(Data& data, const IdentityCertificate& certificate) |
| 208 | { |
| 209 | SignatureSha256WithRsa signature; |
| 210 | signature.setKeyLocator(certificate.getName().getPrefix(-1)); |
| 211 | data.setSignature(signature); |
| 212 | |
| 213 | // For temporary usage, we support RSA + SHA256 only, but will support more. |
Yingdi Yu | 3c5887c | 2014-01-21 18:19:49 -0800 | [diff] [blame^] | 214 | signInTpm(data, certificate.getPublicKeyName(), DIGEST_ALGORITHM_SHA256); |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 215 | } |
Jeff Thompson | 79a2d5d | 2013-09-27 14:32:23 -0700 | [diff] [blame] | 216 | |
Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 217 | /** |
Jeff Thompson | c01e178 | 2013-10-21 14:08:42 -0700 | [diff] [blame] | 218 | * Sign the byte array using a certificate name and return a Signature object. |
| 219 | * @param buffer The byte array to be signed. |
| 220 | * @param bufferLength the length of buffer. |
| 221 | * @param certificateName The certificate name used to get the signing key and which will be put into KeyLocator. |
| 222 | * @return The Signature. |
| 223 | */ |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 224 | Signature |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 225 | sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName) |
| 226 | { |
| 227 | ptr_lib::shared_ptr<IdentityCertificate> cert = Info::getCertificate(certificateName); |
| 228 | if (!cert) |
| 229 | throw std::runtime_error("Requested certificate [" + certificateName.toUri() + "] doesn't exist"); |
| 230 | |
| 231 | SignatureSha256WithRsa signature; |
| 232 | signature.setKeyLocator(certificateName.getPrefix(-1)); // implicit conversion should take care |
| 233 | |
| 234 | // For temporary usage, we support RSA + SHA256 only, but will support more. |
Yingdi Yu | b4bb85a | 2014-01-16 10:11:04 -0800 | [diff] [blame] | 235 | signature.setValue(Tpm::signInTpm(buffer, bufferLength, cert->getPublicKeyName(), DIGEST_ALGORITHM_SHA256)); |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 236 | return signature; |
| 237 | } |
Jeff Thompson | c01e178 | 2013-10-21 14:08:42 -0700 | [diff] [blame] | 238 | |
| 239 | /** |
Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 240 | * Wire encode the Data object, sign it and set its signature. |
Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 241 | * @param data The Data object to be signed. This updates its signature and key locator field and wireEncoding. |
| 242 | * @param identityName The identity name for the key to use for signing. If omitted, infer the signing identity from the data packet name. |
Jeff Thompson | 29ce310 | 2013-09-27 11:47:48 -0700 | [diff] [blame] | 243 | */ |
| 244 | void |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 245 | signByIdentity(Data& data, const Name& identityName = Name()) |
| 246 | { |
| 247 | Name signingCertificateName = Info::getDefaultCertificateNameForIdentity(identityName); |
| 248 | |
| 249 | if (signingCertificateName.getComponentCount() == 0) |
| 250 | throw std::runtime_error("No qualified certificate name found!"); |
| 251 | |
| 252 | sign(data, signingCertificateName); |
| 253 | } |
Jeff Thompson | 3c73da4 | 2013-08-12 11:19:05 -0700 | [diff] [blame] | 254 | |
| 255 | /** |
Jeff Thompson | c01e178 | 2013-10-21 14:08:42 -0700 | [diff] [blame] | 256 | * Sign the byte array using an identity name and return a Signature object. |
| 257 | * @param buffer The byte array to be signed. |
| 258 | * @param bufferLength the length of buffer. |
| 259 | * @param identityName The identity name. |
| 260 | * @return The Signature. |
| 261 | */ |
Alexander Afanasyev | 64a3d81 | 2014-01-05 23:35:05 -0800 | [diff] [blame] | 262 | Signature |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 263 | signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName = Name()) |
| 264 | { |
| 265 | Name signingCertificateName = Info::getDefaultCertificateNameForIdentity(identityName); |
| 266 | |
| 267 | if (signingCertificateName.size() == 0) |
| 268 | throw std::runtime_error("No qualified certificate name found!"); |
| 269 | |
| 270 | return sign(buffer, bufferLength, signingCertificateName); |
| 271 | } |
Jeff Thompson | c01e178 | 2013-10-21 14:08:42 -0700 | [diff] [blame] | 272 | |
| 273 | /** |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 274 | * Generate a self-signed certificate for a public key. |
| 275 | * @param keyName The name of the public key. |
| 276 | * @return The generated certificate. |
| 277 | */ |
| 278 | ptr_lib::shared_ptr<IdentityCertificate> |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 279 | selfSign(const Name& keyName) |
| 280 | { |
Yingdi Yu | 7ea6950 | 2014-01-15 17:21:29 -0800 | [diff] [blame] | 281 | if(keyName.empty()) |
| 282 | throw std::runtime_error("Incorrect key name: " + keyName.toUri()); |
| 283 | |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 284 | ptr_lib::shared_ptr<IdentityCertificate> certificate = ptr_lib::make_shared<IdentityCertificate>(); |
| 285 | |
| 286 | Name certificateName = keyName.getPrefix(-1); |
| 287 | certificateName.append("KEY").append(keyName.get(-1)).append("ID-CERT").appendVersion(); |
| 288 | |
| 289 | ptr_lib::shared_ptr<PublicKey> pubKey = Info::getPublicKey(keyName); |
| 290 | if (!pubKey) |
| 291 | throw std::runtime_error("Requested public key [" + keyName.toUri() + "] doesn't exist"); |
| 292 | |
| 293 | certificate->setName(certificateName); |
| 294 | certificate->setNotBefore(getNow()); |
| 295 | certificate->setNotAfter(getNow() + 630720000 /* 20 years*/); |
| 296 | certificate->setPublicKeyInfo(*pubKey); |
| 297 | certificate->addSubjectDescription(CertificateSubjectDescription("2.5.4.41", keyName.toUri())); |
| 298 | certificate->encode(); |
| 299 | |
| 300 | selfSign(*certificate); |
| 301 | return certificate; |
| 302 | } |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 303 | |
| 304 | /** |
| 305 | * @brief Self-sign the supplied identity certificate |
Jeff Thompson | 8efe5ad | 2013-08-20 17:36:38 -0700 | [diff] [blame] | 306 | */ |
Jeff Thompson | 2ce8f49 | 2013-09-17 18:01:25 -0700 | [diff] [blame] | 307 | void |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 308 | selfSign (IdentityCertificate& cert) |
| 309 | { |
| 310 | SignatureSha256WithRsa signature; |
| 311 | signature.setKeyLocator(cert.getName().getPrefix(-1)); // implicit conversion should take care |
| 312 | cert.setSignature(signature); |
| 313 | |
| 314 | // For temporary usage, we support RSA + SHA256 only, but will support more. |
Yingdi Yu | 3c5887c | 2014-01-21 18:19:49 -0800 | [diff] [blame^] | 315 | signInTpm(cert, cert.getPublicKeyName(), DIGEST_ALGORITHM_SHA256); |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 316 | } |
| 317 | |
Jeff Thompson | 8efe5ad | 2013-08-20 17:36:38 -0700 | [diff] [blame] | 318 | |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 319 | private: |
| 320 | /** |
| 321 | * Generate a key pair for the specified identity. |
| 322 | * @param identityName The name of the specified identity. |
| 323 | * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK). |
| 324 | * @param keyType The type of the key pair, e.g. KEY_TYPE_RSA. |
| 325 | * @param keySize The size of the key pair. |
| 326 | * @return The name of the generated key. |
| 327 | */ |
| 328 | Name |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 329 | generateKeyPair(const Name& identityName, bool isKsk = false, KeyType keyType = KEY_TYPE_RSA, int keySize = 2048) |
| 330 | { |
| 331 | Name keyName = Info::getNewKeyName(identityName, isKsk); |
| 332 | |
| 333 | Tpm::generateKeyPairInTpm(keyName.toUri(), keyType, keySize); |
| 334 | |
| 335 | ptr_lib::shared_ptr<PublicKey> pubKey = Tpm::getPublicKeyFromTpm(keyName.toUri()); |
Yingdi Yu | ef26ee3 | 2014-01-15 16:41:14 -0800 | [diff] [blame] | 336 | Info::addPublicKey(keyName, keyType, *pubKey); |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 337 | |
| 338 | return keyName; |
| 339 | } |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 340 | |
| 341 | static Name |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 342 | getKeyNameFromCertificatePrefix(const Name& certificatePrefix) |
| 343 | { |
| 344 | Name result; |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 345 | |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 346 | std::string keyString("KEY"); |
| 347 | int i = 0; |
| 348 | for(; i < certificatePrefix.size(); i++) { |
| 349 | if (certificatePrefix.get(i).toEscapedString() == keyString) |
| 350 | break; |
| 351 | } |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 352 | |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 353 | if (i >= certificatePrefix.size()) |
| 354 | throw std::runtime_error("Identity Certificate Prefix does not have a KEY component"); |
Alexander Afanasyev | bd5ba40 | 2014-01-05 22:41:09 -0800 | [diff] [blame] | 355 | |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 356 | result.append(certificatePrefix.getSubName(0, i)); |
| 357 | result.append(certificatePrefix.getSubName(i + 1, certificatePrefix.size()-i-1)); |
| 358 | |
| 359 | return result; |
| 360 | } |
| 361 | |
Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 362 | }; |
| 363 | |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 364 | } |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 365 | |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 366 | #ifdef NDN_CPP_HAVE_OSX_SECURITY |
| 367 | |
| 368 | namespace ndn |
Alexander Afanasyev | e64788e | 2014-01-05 22:38:21 -0800 | [diff] [blame] | 369 | { |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 370 | typedef KeyChainImpl<SecPublicInfoSqlite3, SecTpmOsx> KeyChain; |
| 371 | }; |
Yingdi Yu | 2abd73f | 2014-01-08 23:34:11 -0800 | [diff] [blame] | 372 | |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 373 | #else |
Alexander Afanasyev | e64788e | 2014-01-05 22:38:21 -0800 | [diff] [blame] | 374 | |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 375 | namespace ndn |
Alexander Afanasyev | e64788e | 2014-01-05 22:38:21 -0800 | [diff] [blame] | 376 | { |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 377 | typedef KeyChainImpl<SecPublicInfoMemory, SecTpmMemory> KeyChain; |
| 378 | }; |
Alexander Afanasyev | e64788e | 2014-01-05 22:38:21 -0800 | [diff] [blame] | 379 | |
Yingdi Yu | 31b4af2 | 2014-01-14 14:13:00 -0800 | [diff] [blame] | 380 | #endif //NDN_CPP_HAVE_OSX_SECURITY |
Jeff Thompson | 47c93cf | 2013-08-09 00:38:48 -0700 | [diff] [blame] | 381 | |
| 382 | #endif |