Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 4b8c6a20bbc8207e7044da000c4af1ffeea07717 / . / src / security / sec-tpm-file.cpp
blob: 5238ca4dec34b27c791750d7bf4bfc5e74700b17 [file] [log] [blame]
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/**
3 * Copyright (C) 2013 Regents of the University of California.
4 * @author: Xingyu Ma <maxy12@cs.ucla.edu>
5 * Alexander Afanasyev <alexander.afanasyev@ucla.edu>
6 * Yingdi Yu <yingdi@cs.ucla.edu>
7 * See COPYING for copyright and distribution information.
8 */
9
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]10#include "common.hpp"
Yingdi Yu04020922014-01-22 12:46:53 -0800[diff] [blame]11
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]12#include "sec-tpm-file.hpp"
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]13
14#include <boost/filesystem.hpp>
15#include <boost/algorithm/string.hpp>
16
Junxiao Shi482ccc52014-03-31 13:05:24 -0700[diff] [blame]17#include "cryptopp.hpp"
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]18
19#include <sys/types.h>
20#include <sys/stat.h>
21
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]22#include <algorithm>
23
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]24using namespace std;
25
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]26namespace ndn {
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]27
28class SecTpmFile::Impl {
29public:
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]30 Impl(const string& dir)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]31 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]32 if (dir.empty())
Yingdi Yu37e317f2014-03-19 12:16:23 -0700[diff] [blame]33 m_keystorePath = boost::filesystem::path(getenv("HOME")) / ".ndn" / "ndnsec-tpm-file";
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]34 else
35 m_keystorePath = dir;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]36
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]37 boost::filesystem::create_directories (m_keystorePath);
38 }
39
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]40 boost::filesystem::path
41 nameTransform(const string& keyName, const string& extension)
42 {
43 using namespace CryptoPP;
44 string digest;
45 SHA256 hash;
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame^]46 StringSource src(keyName,
47 true,
48 new HashFilter(hash,
49 new Base64Encoder(new CryptoPP::StringSink(digest))));
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]50
51 boost::algorithm::trim(digest);
52 std::replace(digest.begin(), digest.end(), '/', '%');
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]53
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]54 return m_keystorePath / (digest + extension);
55 }
56
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]57 string
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]58 maintainMapping(const string& keyName)
59 {
60 string keyFileName = nameTransform(keyName, "").string();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]61
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]62 ofstream outfile;
63 string dirFile = (m_keystorePath / "mapping.txt").string();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]64
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]65 outfile.open(dirFile.c_str(), std::ios_base::app);
66 outfile << keyName << ' ' << keyFileName << '\n';
67 outfile.close();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]68
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]69 return keyFileName;
70 }
71
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]72public:
73 boost::filesystem::path m_keystorePath;
74};
75
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]76
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]77SecTpmFile::SecTpmFile(const string& dir)
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]78 : m_impl(new Impl(dir))
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]79 , m_inTerminal(false)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]80{}
81
82void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]83SecTpmFile::generateKeyPairInTpm(const Name& keyName, KeyType keyType, int keySize)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]84{
85 string keyURI = keyName.toUri();
86
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]87 if (doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]88 throw Error("public key exists");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]89 if (doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]90 throw Error("private key exists");
91
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]92 string keyFileName = m_impl->maintainMapping(keyURI);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]93
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame^]94 try
95 {
96 switch (keyType)
97 {
98 case KEY_TYPE_RSA:
99 {
100 using namespace CryptoPP;
101 AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]102
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame^]103 InvertibleRSAFunction privateKey;
104 privateKey.Initialize(rng, keySize);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]105
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame^]106 string privateKeyFileName = keyFileName + ".pri";
107 Base64Encoder privateKeySink(new FileSink(privateKeyFileName.c_str()));
108 privateKey.DEREncode(privateKeySink);
109 privateKeySink.MessageEnd();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]110
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame^]111 RSAFunction publicKey(privateKey);
112 string publicKeyFileName = keyFileName + ".pub";
113 Base64Encoder publicKeySink(new FileSink(publicKeyFileName.c_str()));
114 publicKey.DEREncode(publicKeySink);
115 publicKeySink.MessageEnd();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]116
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame^]117 /*set file permission*/
118 chmod(privateKeyFileName.c_str(), 0000400);
119 chmod(publicKeyFileName.c_str(), 0000444);
120 return;
121 }
122 default:
123 throw Error("Unsupported key type!");
124 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]125 }
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame^]126 catch (const CryptoPP::Exception& e)
127 {
128 throw Error(e.what());
129 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]130}
131
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]132void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]133SecTpmFile::deleteKeyPairInTpm(const Name& keyName)
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]134{
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]135 boost::filesystem::path publicKeyPath(m_impl->nameTransform(keyName.toUri(), ".pub"));
136 boost::filesystem::path privateKeyPath(m_impl->nameTransform(keyName.toUri(), ".pri"));
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]137
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]138 if (boost::filesystem::exists(publicKeyPath))
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]139 boost::filesystem::remove(publicKeyPath);
140
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]141 if (boost::filesystem::exists(privateKeyPath))
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]142 boost::filesystem::remove(privateKeyPath);
143}
144
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]145shared_ptr<PublicKey>
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]146SecTpmFile::getPublicKeyFromTpm(const Name& keyName)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]147{
148 string keyURI = keyName.toUri();
149
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]150 if (!doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]151 throw Error("Public Key already exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]152
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]153 ostringstream os;
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame^]154 try
155 {
156 using namespace CryptoPP;
157 FileSource(m_impl->nameTransform(keyURI, ".pub").string().c_str(),
158 true,
159 new Base64Decoder(new FileSink(os)));
160 }
161 catch (const CryptoPP::Exception& e)
162 {
163 throw Error(e.what());
164 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]165
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame^]166 return make_shared<PublicKey>(reinterpret_cast<const uint8_t*>(os.str().c_str()),
167 os.str().size());
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]168}
169
170ConstBufferPtr
171SecTpmFile::exportPrivateKeyPkcs1FromTpm(const Name& keyName)
172{
173 OBufferStream privateKeyOs;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]174 CryptoPP::FileSource(m_impl->nameTransform(keyName.toUri(), ".pri").string().c_str(), true,
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]175 new CryptoPP::Base64Decoder(new CryptoPP::FileSink(privateKeyOs)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]176
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]177 return privateKeyOs.buf();
178}
179
180bool
181SecTpmFile::importPrivateKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size)
182{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame^]183 try
184 {
185 using namespace CryptoPP;
186
187 string keyFileName = m_impl->maintainMapping(keyName.toUri());
188 keyFileName.append(".pri");
189 StringSource(buf, size,
190 true,
191 new Base64Encoder(new FileSink(keyFileName.c_str())));
192 return true;
193 }
194 catch (const CryptoPP::Exception& e)
195 {
196 return false;
197 }
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]198}
199
200bool
201SecTpmFile::importPublicKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size)
202{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame^]203 try
204 {
205 using namespace CryptoPP;
206
207 string keyFileName = m_impl->maintainMapping(keyName.toUri());
208 keyFileName.append(".pub");
209 StringSource(buf, size,
210 true,
211 new Base64Encoder(new FileSink(keyFileName.c_str())));
212 return true;
213 }
214 catch (const CryptoPP::Exception& e)
215 {
216 return false;
217 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]218}
219
220Block
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame^]221SecTpmFile::signInTpm(const uint8_t* data, size_t dataLength,
222 const Name& keyName, DigestAlgorithm digestAlgorithm)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]223{
224 string keyURI = keyName.toUri();
225
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]226 if (!doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]227 throw Error("private key doesn't exists");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]228
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame^]229 try
230 {
231 using namespace CryptoPP;
232 AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]233
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame^]234 //Read private key
235 ByteQueue bytes;
236 FileSource file(m_impl->nameTransform(keyURI, ".pri").string().c_str(),
237 true, new Base64Decoder);
238 file.TransferTo(bytes);
239 bytes.MessageEnd();
240 RSA::PrivateKey privateKey;
241 privateKey.Load(bytes);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]242
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame^]243 //Sign message
244 switch (digestAlgorithm)
245 {
246 case DIGEST_ALGORITHM_SHA256:
247 {
248 RSASS<PKCS1v15, SHA256>::Signer signer(privateKey);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]249
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame^]250 OBufferStream os;
251 StringSource(data, dataLength,
252 true,
253 new SignerFilter(rng, signer, new FileSink(os)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]254
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame^]255 return Block(Tlv::SignatureValue, os.buf());
256 }
257 default:
258 throw Error("Unsupported digest algorithm!");
259 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]260 }
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame^]261 catch (const CryptoPP::Exception& e)
262 {
263 throw Error(e.what());
264 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]265}
266
267
268ConstBufferPtr
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame^]269SecTpmFile::decryptInTpm(const uint8_t* data, size_t dataLength,
270 const Name& keyName, bool isSymmetric)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]271{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]272 throw Error("SecTpmFile::decryptInTpm is not supported!");
273 // string keyURI = keyName.toUri();
274 // if (!isSymmetric)
275 // {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]276 // if (!doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]277 // throw Error("private key doesn't exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]278
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]279 // try{
280 // using namespace CryptoPP;
281 // AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]282
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]283 // //Read private key
284 // ByteQueue bytes;
285 // FileSource file(m_impl->nameTransform(keyURI, ".pri").string().c_str(), true, new Base64Decoder);
286 // file.TransferTo(bytes);
287 // bytes.MessageEnd();
288 // RSA::PrivateKey privateKey;
289 // privateKey.Load(bytes);
290 // RSAES_PKCS1v15_Decryptor decryptor(privateKey);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]291
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]292 // OBufferStream os;
293 // StringSource(data, dataLength, true, new PK_DecryptorFilter(rng, decryptor, new FileSink(os)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]294
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]295 // return os.buf();
296 // }
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]297 // catch (const CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]298 // throw Error(e.what());
299 // }
300 // }
301 // else
302 // {
303 // throw Error("Symmetric encryption is not implemented!");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]304 // // if (!doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]305 // // throw Error("symmetric key doesn't exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]306
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]307 // // try{
308 // // string keyBits;
309 // // string symKeyFileName = m_impl->nameTransform(keyURI, ".key");
310 // // FileSource(symKeyFileName, true, new HexDecoder(new StringSink(keyBits)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]311
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]312 // // using CryptoPP::AES;
313 // // AutoSeededRandomPool rnd;
314 // // byte iv[AES::BLOCKSIZE];
315 // // rnd.GenerateBlock(iv, AES::BLOCKSIZE);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]316
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]317 // // CFB_Mode<AES>::Decryption decryptor;
318 // // decryptor.SetKeyWithIV(reinterpret_cast<const uint8_t*>(keyBits.c_str()), keyBits.size(), iv);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]319
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]320 // // OBufferStream os;
321 // // StringSource(data, dataLength, true, new StreamTransformationFilter(decryptor,new FileSink(os)));
322 // // return os.buf();
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]323
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]324 // // }catch (const CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]325 // // throw Error(e.what());
326 // // }
327 // }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]328}
329
330ConstBufferPtr
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame^]331SecTpmFile::encryptInTpm(const uint8_t* data, size_t dataLength,
332 const Name& keyName, bool isSymmetric)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]333{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]334 throw Error("SecTpmFile::encryptInTpm is not supported!");
335 // string keyURI = keyName.toUri();
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]336
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]337 // if (!isSymmetric)
338 // {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]339 // if (!doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]340 // throw Error("public key doesn't exist");
341 // try
342 // {
343 // using namespace CryptoPP;
344 // AutoSeededRandomPool rng;
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]345
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]346 // //Read private key
347 // ByteQueue bytes;
348 // FileSource file(m_impl->nameTransform(keyURI, ".pub").string().c_str(), true, new Base64Decoder);
349 // file.TransferTo(bytes);
350 // bytes.MessageEnd();
351 // RSA::PublicKey publicKey;
352 // publicKey.Load(bytes);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]353
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]354 // OBufferStream os;
355 // RSAES_PKCS1v15_Encryptor encryptor(publicKey);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]356
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]357 // StringSource(data, dataLength, true, new PK_EncryptorFilter(rng, encryptor, new FileSink(os)));
358 // return os.buf();
359 // }
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]360 // catch (const CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]361 // throw Error(e.what());
362 // }
363 // }
364 // else
365 // {
366 // throw Error("Symmetric encryption is not implemented!");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]367 // // if (!doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]368 // // throw Error("symmetric key doesn't exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]369
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]370 // // try{
371 // // string keyBits;
372 // // string symKeyFileName = m_impl->nameTransform(keyURI, ".key");
373 // // FileSource(symKeyFileName, true, new HexDecoder(new StringSink(keyBits)));
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]374
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]375 // // using CryptoPP::AES;
376 // // AutoSeededRandomPool rnd;
377 // // byte iv[AES::BLOCKSIZE];
378 // // rnd.GenerateBlock(iv, AES::BLOCKSIZE);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]379
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]380 // // CFB_Mode<AES>::Encryption encryptor;
381 // // encryptor.SetKeyWithIV(reinterpret_cast<const uint8_t*>(keyBits.c_str()), keyBits.size(), iv);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]382
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]383 // // OBufferStream os;
384 // // StringSource(data, dataLength, true, new StreamTransformationFilter(encryptor, new FileSink(os)));
385 // // return os.buf();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]386 // // }catch (const CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]387 // // throw Error(e.what());
388 // // }
389 // }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]390}
391
392
393void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]394SecTpmFile::generateSymmetricKeyInTpm(const Name& keyName, KeyType keyType, int keySize)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]395{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]396 throw Error("SecTpmFile::generateSymmetricKeyInTpm is not supported!");
397 // string keyURI = keyName.toUri();
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]398
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]399 // if (doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]400 // throw Error("symmetric key exists");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]401
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]402 // string keyFileName = m_impl->maintainMapping(keyURI);
403 // string symKeyFileName = keyFileName + ".key";
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]404
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]405 // try{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]406 // switch (keyType){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]407 // case KEY_TYPE_AES:
408 // {
409 // using namespace CryptoPP;
410 // AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]411
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]412 // SecByteBlock key(0x00, keySize);
413 // rng.GenerateBlock(key, keySize);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]414
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]415 // StringSource(key, key.size(), true, new HexEncoder(new FileSink(symKeyFileName.c_str())));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]416
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]417 // chmod(symKeyFileName.c_str(), 0000400);
418 // return;
419 // }
420 // default:
421 // throw Error("Unsupported symmetric key type!");
422 // }
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]423 // }catch (const CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]424 // throw Error(e.what());
425 // }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]426}
427
428bool
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]429SecTpmFile::doesKeyExistInTpm(const Name& keyName, KeyClass keyClass)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]430{
431 string keyURI = keyName.toUri();
432 if (keyClass == KEY_CLASS_PUBLIC)
433 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]434 if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".pub")))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]435 return true;
436 else
437 return false;
438 }
439 if (keyClass == KEY_CLASS_PRIVATE)
440 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]441 if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".pri")))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]442 return true;
443 else
444 return false;
445 }
446 if (keyClass == KEY_CLASS_SYMMETRIC)
447 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]448 if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".key")))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]449 return true;
450 else
451 return false;
452 }
453 return false;
454}
455
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]456bool
457SecTpmFile::generateRandomBlock(uint8_t* res, size_t size)
458{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame^]459 try
460 {
461 CryptoPP::AutoSeededRandomPool rng;
462 rng.GenerateBlock(res, size);
463 return true;
464 }
465 catch (const CryptoPP::Exception& e)
466 {
467 return false;
468 }
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]469}
470
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]471} // namespace ndn