Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 2 | /** |
Alexander Afanasyev | 4c9a3d5 | 2017-01-03 17:45:19 -0800 | [diff] [blame] | 3 | * Copyright (c) 2013-2017 Regents of the University of California. |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 4 | * |
| 5 | * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions). |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 6 | * |
Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 7 | * ndn-cxx library is free software: you can redistribute it and/or modify it under the |
| 8 | * terms of the GNU Lesser General Public License as published by the Free Software |
| 9 | * Foundation, either version 3 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY |
| 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A |
| 13 | * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. |
| 14 | * |
| 15 | * You should have received copies of the GNU General Public License and GNU Lesser |
| 16 | * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see |
| 17 | * <http://www.gnu.org/licenses/>. |
| 18 | * |
| 19 | * See AUTHORS.md for complete list of ndn-cxx authors and contributors. |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 20 | * |
| 21 | * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/> |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 22 | */ |
| 23 | |
| 24 | #include "sec-tpm.hpp" |
| 25 | |
Alexander Afanasyev | 4c9a3d5 | 2017-01-03 17:45:19 -0800 | [diff] [blame] | 26 | #include "../../encoding/oid.hpp" |
| 27 | #include "../../encoding/buffer-stream.hpp" |
| 28 | #include "cryptopp.hpp" |
Alexander Afanasyev | a2ada22 | 2015-01-22 18:34:16 -0800 | [diff] [blame] | 29 | #include <unistd.h> |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 30 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 31 | namespace ndn { |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 32 | namespace security { |
Alexander Afanasyev | 4c9a3d5 | 2017-01-03 17:45:19 -0800 | [diff] [blame] | 33 | namespace v1 { |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 34 | |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 35 | SecTpm::SecTpm(const std::string& location) |
Yingdi Yu | 4154634 | 2014-11-30 23:37:53 -0800 | [diff] [blame] | 36 | : m_location(location) |
| 37 | { |
| 38 | } |
| 39 | |
| 40 | SecTpm::~SecTpm() |
| 41 | { |
| 42 | } |
| 43 | |
| 44 | std::string |
| 45 | SecTpm::getTpmLocator() |
| 46 | { |
Alexander Afanasyev | 0711380 | 2015-01-15 19:14:36 -0800 | [diff] [blame] | 47 | return this->getScheme() + ":" + m_location; |
Yingdi Yu | 4154634 | 2014-11-30 23:37:53 -0800 | [diff] [blame] | 48 | } |
| 49 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 50 | ConstBufferPtr |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 51 | SecTpm::exportPrivateKeyPkcs5FromTpm(const Name& keyName, const std::string& passwordStr) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 52 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 53 | using namespace CryptoPP; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 54 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 55 | uint8_t salt[8] = {0}; |
| 56 | uint8_t iv[8] = {0}; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 57 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 58 | // derive key |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 59 | if (!generateRandomBlock(salt, 8) || !generateRandomBlock(iv, 8)) |
Spyridon Mastorakis | 0d2ed2e | 2015-07-27 19:09:12 -0700 | [diff] [blame] | 60 | BOOST_THROW_EXCEPTION(Error("Cannot generate salt or iv")); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 61 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 62 | uint32_t iterationCount = 2048; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 63 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 64 | PKCS5_PBKDF2_HMAC<SHA1> keyGenerator; |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 65 | size_t derivedLen = 24; // For DES-EDE3-CBC-PAD |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 66 | byte derived[24] = {0}; |
| 67 | byte purpose = 0; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 68 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 69 | try { |
| 70 | keyGenerator.DeriveKey(derived, derivedLen, purpose, |
| 71 | reinterpret_cast<const byte*>(passwordStr.c_str()), passwordStr.size(), |
| 72 | salt, 8, iterationCount); |
| 73 | } |
| 74 | catch (const CryptoPP::Exception& e) { |
| 75 | BOOST_THROW_EXCEPTION(Error("Cannot derived the encryption key")); |
| 76 | } |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 77 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 78 | // encrypt |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 79 | CBC_Mode< DES_EDE3 >::Encryption e; |
| 80 | e.SetKeyWithIV(derived, derivedLen, iv); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 81 | |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 82 | ConstBufferPtr pkcs8PrivateKey = exportPrivateKeyPkcs8FromTpm(keyName); |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 83 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 84 | if (pkcs8PrivateKey == nullptr) |
Spyridon Mastorakis | 0d2ed2e | 2015-07-27 19:09:12 -0700 | [diff] [blame] | 85 | BOOST_THROW_EXCEPTION(Error("Cannot export the private key, #1")); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 86 | |
| 87 | OBufferStream encryptedOs; |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 88 | try { |
| 89 | StringSource stringSource(pkcs8PrivateKey->buf(), pkcs8PrivateKey->size(), true, |
| 90 | new StreamTransformationFilter(e, new FileSink(encryptedOs))); |
| 91 | } |
| 92 | catch (const CryptoPP::Exception& e) { |
| 93 | BOOST_THROW_EXCEPTION(Error("Cannot export the private key, #2")); |
| 94 | } |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 95 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 96 | // encode |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 97 | Oid pbes2Id("1.2.840.113549.1.5.13"); |
| 98 | Oid pbkdf2Id("1.2.840.113549.1.5.12"); |
| 99 | Oid pbes2encsId("1.2.840.113549.3.7"); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 100 | |
| 101 | OBufferStream pkcs8Os; |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 102 | try { |
| 103 | FileSink sink(pkcs8Os); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 104 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 105 | // EncryptedPrivateKeyInfo ::= SEQUENCE { |
| 106 | // encryptionAlgorithm EncryptionAlgorithmIdentifier, |
| 107 | // encryptedData OCTET STRING } |
| 108 | DERSequenceEncoder encryptedPrivateKeyInfo(sink); |
| 109 | { |
| 110 | // EncryptionAlgorithmIdentifier ::= SEQUENCE { |
| 111 | // algorithm OBJECT IDENTIFIER {{PBES2-id}}, |
| 112 | // parameters SEQUENCE {{PBES2-params}} } |
| 113 | DERSequenceEncoder encryptionAlgorithm(encryptedPrivateKeyInfo); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 114 | { |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 115 | pbes2Id.encode(encryptionAlgorithm); |
| 116 | // PBES2-params ::= SEQUENCE { |
| 117 | // keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, |
| 118 | // encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} } |
| 119 | DERSequenceEncoder pbes2Params(encryptionAlgorithm); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 120 | { |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 121 | // AlgorithmIdentifier ::= SEQUENCE { |
| 122 | // algorithm OBJECT IDENTIFIER {{PBKDF2-id}}, |
| 123 | // parameters SEQUENCE {{PBKDF2-params}} } |
| 124 | DERSequenceEncoder pbes2KDFs(pbes2Params); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 125 | { |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 126 | pbkdf2Id.encode(pbes2KDFs); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 127 | // AlgorithmIdentifier ::= SEQUENCE { |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 128 | // salt OCTET STRING, |
| 129 | // iterationCount INTEGER (1..MAX), |
| 130 | // keyLength INTEGER (1..MAX) OPTIONAL, |
| 131 | // prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 } |
| 132 | DERSequenceEncoder pbkdf2Params(pbes2KDFs); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 133 | { |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 134 | DEREncodeOctetString(pbkdf2Params, salt, 8); |
| 135 | DEREncodeUnsigned<uint32_t>(pbkdf2Params, iterationCount, INTEGER); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 136 | } |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 137 | pbkdf2Params.MessageEnd(); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 138 | } |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 139 | pbes2KDFs.MessageEnd(); |
| 140 | |
| 141 | // AlgorithmIdentifier ::= SEQUENCE { |
| 142 | // algorithm OBJECT IDENTIFIER {{DES-EDE3-CBC-PAD}}, |
| 143 | // parameters OCTET STRING} {{iv}} } |
| 144 | DERSequenceEncoder pbes2Encs(pbes2Params); |
| 145 | { |
| 146 | pbes2encsId.encode(pbes2Encs); |
| 147 | DEREncodeOctetString(pbes2Encs, iv, 8); |
| 148 | } |
| 149 | pbes2Encs.MessageEnd(); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 150 | } |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 151 | pbes2Params.MessageEnd(); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 152 | } |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 153 | encryptionAlgorithm.MessageEnd(); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 154 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 155 | DEREncodeOctetString(encryptedPrivateKeyInfo, |
| 156 | encryptedOs.buf()->buf(), encryptedOs.buf()->size()); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 157 | } |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 158 | encryptedPrivateKeyInfo.MessageEnd(); |
| 159 | |
| 160 | return pkcs8Os.buf(); |
| 161 | } |
| 162 | catch (const CryptoPP::Exception& e) { |
| 163 | BOOST_THROW_EXCEPTION(Error("Cannot export the private key, #3")); |
| 164 | } |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 165 | } |
| 166 | |
| 167 | bool |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 168 | SecTpm::importPrivateKeyPkcs5IntoTpm(const Name& keyName, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 169 | const uint8_t* buf, size_t size, |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 170 | const std::string& passwordStr) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 171 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 172 | using namespace CryptoPP; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 173 | |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 174 | Oid pbes2Id; |
| 175 | Oid pbkdf2Id; |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 176 | SecByteBlock saltBlock; |
| 177 | uint32_t iterationCount; |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 178 | Oid pbes2encsId; |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 179 | SecByteBlock ivBlock; |
| 180 | SecByteBlock encryptedDataBlock; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 181 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 182 | try { |
| 183 | // decode some decoding processes are not necessary for now, |
| 184 | // because we assume only one encryption scheme. |
| 185 | StringSource source(buf, size, true); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 186 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 187 | // EncryptedPrivateKeyInfo ::= SEQUENCE { |
| 188 | // encryptionAlgorithm EncryptionAlgorithmIdentifier, |
| 189 | // encryptedData OCTET STRING } |
| 190 | BERSequenceDecoder encryptedPrivateKeyInfo(source); |
| 191 | { |
| 192 | // EncryptionAlgorithmIdentifier ::= SEQUENCE { |
| 193 | // algorithm OBJECT IDENTIFIER {{PBES2-id}}, |
| 194 | // parameters SEQUENCE {{PBES2-params}} } |
| 195 | BERSequenceDecoder encryptionAlgorithm(encryptedPrivateKeyInfo); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 196 | { |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 197 | pbes2Id.decode(encryptionAlgorithm); |
| 198 | // PBES2-params ::= SEQUENCE { |
| 199 | // keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, |
| 200 | // encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} } |
| 201 | BERSequenceDecoder pbes2Params(encryptionAlgorithm); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 202 | { |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 203 | // AlgorithmIdentifier ::= SEQUENCE { |
| 204 | // algorithm OBJECT IDENTIFIER {{PBKDF2-id}}, |
| 205 | // parameters SEQUENCE {{PBKDF2-params}} } |
| 206 | BERSequenceDecoder pbes2KDFs(pbes2Params); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 207 | { |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 208 | pbkdf2Id.decode(pbes2KDFs); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 209 | // AlgorithmIdentifier ::= SEQUENCE { |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 210 | // salt OCTET STRING, |
| 211 | // iterationCount INTEGER (1..MAX), |
| 212 | // keyLength INTEGER (1..MAX) OPTIONAL, |
| 213 | // prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 } |
| 214 | BERSequenceDecoder pbkdf2Params(pbes2KDFs); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 215 | { |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 216 | BERDecodeOctetString(pbkdf2Params, saltBlock); |
| 217 | BERDecodeUnsigned<uint32_t>(pbkdf2Params, iterationCount, INTEGER); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 218 | } |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 219 | pbkdf2Params.MessageEnd(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 220 | } |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 221 | pbes2KDFs.MessageEnd(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 222 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 223 | // AlgorithmIdentifier ::= SEQUENCE { |
| 224 | // algorithm OBJECT IDENTIFIER {{DES-EDE3-CBC-PAD}}, |
| 225 | // parameters OCTET STRING} {{iv}} } |
| 226 | BERSequenceDecoder pbes2Encs(pbes2Params); |
| 227 | { |
| 228 | pbes2encsId.decode(pbes2Encs); |
| 229 | BERDecodeOctetString(pbes2Encs, ivBlock); |
| 230 | } |
| 231 | pbes2Encs.MessageEnd(); |
| 232 | } |
| 233 | pbes2Params.MessageEnd(); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 234 | } |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 235 | encryptionAlgorithm.MessageEnd(); |
| 236 | |
| 237 | BERDecodeOctetString(encryptedPrivateKeyInfo, encryptedDataBlock); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 238 | } |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 239 | encryptedPrivateKeyInfo.MessageEnd(); |
| 240 | } |
| 241 | catch (const CryptoPP::Exception& e) { |
| 242 | return false; |
| 243 | } |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 244 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 245 | PKCS5_PBKDF2_HMAC<SHA1> keyGenerator; |
| 246 | size_t derivedLen = 24; //For DES-EDE3-CBC-PAD |
| 247 | byte derived[24] = {0}; |
| 248 | byte purpose = 0; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 249 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 250 | try { |
| 251 | keyGenerator.DeriveKey(derived, derivedLen, |
| 252 | purpose, |
| 253 | reinterpret_cast<const byte*>(passwordStr.c_str()), passwordStr.size(), |
| 254 | saltBlock.BytePtr(), saltBlock.size(), |
| 255 | iterationCount); |
| 256 | } |
| 257 | catch (const CryptoPP::Exception& e) { |
| 258 | return false; |
| 259 | } |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 260 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 261 | //decrypt |
| 262 | CBC_Mode< DES_EDE3 >::Decryption d; |
| 263 | d.SetKeyWithIV(derived, derivedLen, ivBlock.BytePtr()); |
| 264 | |
| 265 | OBufferStream privateKeyOs; |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 266 | try { |
| 267 | StringSource encryptedSource(encryptedDataBlock.BytePtr(), encryptedDataBlock.size(), true, |
| 268 | new StreamTransformationFilter(d, new FileSink(privateKeyOs))); |
| 269 | } |
| 270 | catch (const CryptoPP::Exception& e) { |
| 271 | return false; |
| 272 | } |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 273 | |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 274 | if (!importPrivateKeyPkcs8IntoTpm(keyName, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 275 | privateKeyOs.buf()->buf(), privateKeyOs.buf()->size())) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 276 | return false; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 277 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 278 | // determine key type |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 279 | StringSource privateKeySource(privateKeyOs.buf()->buf(), privateKeyOs.buf()->size(), true); |
| 280 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 281 | KeyType publicKeyType = KeyType::NONE; |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 282 | SecByteBlock rawKeyBits; |
| 283 | // PrivateKeyInfo ::= SEQUENCE { |
| 284 | // INTEGER, |
| 285 | // SEQUENCE, |
| 286 | // OCTECT STRING} |
| 287 | BERSequenceDecoder privateKeyInfo(privateKeySource); |
| 288 | { |
| 289 | uint32_t versionNum; |
| 290 | BERDecodeUnsigned<uint32_t>(privateKeyInfo, versionNum, INTEGER); |
| 291 | BERSequenceDecoder sequenceDecoder(privateKeyInfo); |
| 292 | { |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 293 | Oid keyTypeOid; |
| 294 | keyTypeOid.decode(sequenceDecoder); |
| 295 | if (keyTypeOid == oid::RSA) |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 296 | publicKeyType = KeyType::RSA; |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 297 | else if (keyTypeOid == oid::ECDSA) |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 298 | publicKeyType = KeyType::EC; |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 299 | else |
| 300 | return false; // Unsupported key type; |
| 301 | } |
| 302 | } |
| 303 | |
| 304 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 305 | // derive public key |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 306 | OBufferStream publicKeyOs; |
| 307 | |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 308 | try { |
| 309 | switch (publicKeyType) { |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 310 | case KeyType::RSA: { |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 311 | RSA::PrivateKey privateKey; |
| 312 | privateKey.Load(StringStore(privateKeyOs.buf()->buf(), privateKeyOs.buf()->size()).Ref()); |
| 313 | RSAFunction publicKey(privateKey); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 314 | |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 315 | FileSink publicKeySink(publicKeyOs); |
| 316 | publicKey.DEREncode(publicKeySink); |
| 317 | publicKeySink.MessageEnd(); |
| 318 | break; |
| 319 | } |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 320 | |
| 321 | case KeyType::EC: { |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 322 | ECDSA<ECP, SHA256>::PrivateKey privateKey; |
| 323 | privateKey.Load(StringStore(privateKeyOs.buf()->buf(), privateKeyOs.buf()->size()).Ref()); |
| 324 | |
| 325 | ECDSA<ECP, SHA256>::PublicKey publicKey; |
| 326 | privateKey.MakePublicKey(publicKey); |
| 327 | publicKey.AccessGroupParameters().SetEncodeAsOID(true); |
| 328 | |
| 329 | FileSink publicKeySink(publicKeyOs); |
| 330 | publicKey.DEREncode(publicKeySink); |
| 331 | publicKeySink.MessageEnd(); |
| 332 | break; |
| 333 | } |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 334 | |
| 335 | default: |
| 336 | return false; |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 337 | } |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 338 | } |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 339 | catch (const CryptoPP::Exception& e) { |
| 340 | return false; |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 341 | } |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 342 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 343 | if (!importPublicKeyPkcs1IntoTpm(keyName, publicKeyOs.buf()->buf(), publicKeyOs.buf()->size())) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 344 | return false; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 345 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 346 | return true; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 347 | } |
| 348 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 349 | bool |
| 350 | SecTpm::getImpExpPassWord(std::string& password, const std::string& prompt) |
| 351 | { |
| 352 | bool isInitialized = false; |
| 353 | |
Alexander Afanasyev | cf3a667 | 2015-02-01 20:33:22 -0800 | [diff] [blame] | 354 | #ifdef NDN_CXX_HAVE_GETPASS |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 355 | char* pw0 = nullptr; |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 356 | |
| 357 | pw0 = getpass(prompt.c_str()); |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 358 | if (pw0 == nullptr) |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 359 | return false; |
| 360 | std::string password1 = pw0; |
| 361 | memset(pw0, 0, strlen(pw0)); |
| 362 | |
| 363 | pw0 = getpass("Confirm:"); |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 364 | if (pw0 == nullptr) { |
| 365 | std::fill(password1.begin(), password1.end(), 0); |
| 366 | return false; |
| 367 | } |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 368 | |
Yingdi Yu | 99b2a00 | 2015-08-12 12:47:44 -0700 | [diff] [blame] | 369 | if (password1.compare(pw0) == 0) { |
| 370 | isInitialized = true; |
| 371 | password.swap(password1); |
| 372 | } |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 373 | |
| 374 | std::fill(password1.begin(), password1.end(), 0); |
| 375 | memset(pw0, 0, strlen(pw0)); |
| 376 | |
| 377 | if (password.empty()) |
| 378 | return false; |
| 379 | |
Alexander Afanasyev | a2ada22 | 2015-01-22 18:34:16 -0800 | [diff] [blame] | 380 | #endif // NDN_CXX_HAVE_GETPASS |
| 381 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 382 | return isInitialized; |
| 383 | } |
| 384 | |
Alexander Afanasyev | 4c9a3d5 | 2017-01-03 17:45:19 -0800 | [diff] [blame] | 385 | } // namespace v1 |
Alexander Afanasyev | 2fa5939 | 2016-07-29 17:24:23 -0700 | [diff] [blame] | 386 | } // namespace security |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 387 | } // namespace ndn |