Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 83eb1cc88e8e3eb5cabf858419f2a3ad841819dc / . / src / security / sec-tpm.cpp
blob: 2ce3d6613303465065b68d631b6097bacf6a6284 [file] [log] [blame]
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]2/**
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]3 * Copyright (c) 2013-2016 Regents of the University of California.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]6 *
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]20 *
21 * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]22 */
23
24#include "sec-tpm.hpp"
25
Alexander Afanasyev258ec2b2014-05-14 16:15:37 -0700[diff] [blame]26#include "../encoding/oid.hpp"
27#include "../encoding/buffer-stream.hpp"
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]28#include "v1/cryptopp.hpp"
Alexander Afanasyeva2ada222015-01-22 18:34:16 -0800[diff] [blame]29#include <unistd.h>
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]30
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]31namespace ndn {
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]32namespace security {
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]33
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]34SecTpm::SecTpm(const std::string& location)
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]35 : m_location(location)
36{
37}
38
39SecTpm::~SecTpm()
40{
41}
42
43std::string
44SecTpm::getTpmLocator()
45{
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]46 return this->getScheme() + ":" + m_location;
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]47}
48
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]49ConstBufferPtr
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]50SecTpm::exportPrivateKeyPkcs5FromTpm(const Name& keyName, const std::string& passwordStr)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]51{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]52 using namespace CryptoPP;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]53
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]54 uint8_t salt[8] = {0};
55 uint8_t iv[8] = {0};
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]56
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]57 // derive key
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]58 if (!generateRandomBlock(salt, 8) || !generateRandomBlock(iv, 8))
Spyridon Mastorakis0d2ed2e2015-07-27 19:09:12 -0700[diff] [blame]59 BOOST_THROW_EXCEPTION(Error("Cannot generate salt or iv"));
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]60
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]61 uint32_t iterationCount = 2048;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]62
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]63 PKCS5_PBKDF2_HMAC<SHA1> keyGenerator;
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]64 size_t derivedLen = 24; // For DES-EDE3-CBC-PAD
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]65 byte derived[24] = {0};
66 byte purpose = 0;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]67
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]68 try {
69 keyGenerator.DeriveKey(derived, derivedLen, purpose,
70 reinterpret_cast<const byte*>(passwordStr.c_str()), passwordStr.size(),
71 salt, 8, iterationCount);
72 }
73 catch (const CryptoPP::Exception& e) {
74 BOOST_THROW_EXCEPTION(Error("Cannot derived the encryption key"));
75 }
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]76
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]77 // encrypt
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]78 CBC_Mode< DES_EDE3 >::Encryption e;
79 e.SetKeyWithIV(derived, derivedLen, iv);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]80
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]81 ConstBufferPtr pkcs8PrivateKey = exportPrivateKeyPkcs8FromTpm(keyName);
Yingdi Yu9d9d5992014-06-25 12:25:16 -0700[diff] [blame]82
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]83 if (pkcs8PrivateKey == nullptr)
Spyridon Mastorakis0d2ed2e2015-07-27 19:09:12 -0700[diff] [blame]84 BOOST_THROW_EXCEPTION(Error("Cannot export the private key, #1"));
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]85
86 OBufferStream encryptedOs;
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]87 try {
88 StringSource stringSource(pkcs8PrivateKey->buf(), pkcs8PrivateKey->size(), true,
89 new StreamTransformationFilter(e, new FileSink(encryptedOs)));
90 }
91 catch (const CryptoPP::Exception& e) {
92 BOOST_THROW_EXCEPTION(Error("Cannot export the private key, #2"));
93 }
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]94
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]95 // encode
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]96 Oid pbes2Id("1.2.840.113549.1.5.13");
97 Oid pbkdf2Id("1.2.840.113549.1.5.12");
98 Oid pbes2encsId("1.2.840.113549.3.7");
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]99
100 OBufferStream pkcs8Os;
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]101 try {
102 FileSink sink(pkcs8Os);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]103
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]104 // EncryptedPrivateKeyInfo ::= SEQUENCE {
105 // encryptionAlgorithm EncryptionAlgorithmIdentifier,
106 // encryptedData OCTET STRING }
107 DERSequenceEncoder encryptedPrivateKeyInfo(sink);
108 {
109 // EncryptionAlgorithmIdentifier ::= SEQUENCE {
110 // algorithm OBJECT IDENTIFIER {{PBES2-id}},
111 // parameters SEQUENCE {{PBES2-params}} }
112 DERSequenceEncoder encryptionAlgorithm(encryptedPrivateKeyInfo);
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]113 {
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]114 pbes2Id.encode(encryptionAlgorithm);
115 // PBES2-params ::= SEQUENCE {
116 // keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
117 // encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} }
118 DERSequenceEncoder pbes2Params(encryptionAlgorithm);
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]119 {
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]120 // AlgorithmIdentifier ::= SEQUENCE {
121 // algorithm OBJECT IDENTIFIER {{PBKDF2-id}},
122 // parameters SEQUENCE {{PBKDF2-params}} }
123 DERSequenceEncoder pbes2KDFs(pbes2Params);
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]124 {
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]125 pbkdf2Id.encode(pbes2KDFs);
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]126 // AlgorithmIdentifier ::= SEQUENCE {
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]127 // salt OCTET STRING,
128 // iterationCount INTEGER (1..MAX),
129 // keyLength INTEGER (1..MAX) OPTIONAL,
130 // prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 }
131 DERSequenceEncoder pbkdf2Params(pbes2KDFs);
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]132 {
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]133 DEREncodeOctetString(pbkdf2Params, salt, 8);
134 DEREncodeUnsigned<uint32_t>(pbkdf2Params, iterationCount, INTEGER);
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]135 }
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]136 pbkdf2Params.MessageEnd();
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]137 }
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]138 pbes2KDFs.MessageEnd();
139
140 // AlgorithmIdentifier ::= SEQUENCE {
141 // algorithm OBJECT IDENTIFIER {{DES-EDE3-CBC-PAD}},
142 // parameters OCTET STRING} {{iv}} }
143 DERSequenceEncoder pbes2Encs(pbes2Params);
144 {
145 pbes2encsId.encode(pbes2Encs);
146 DEREncodeOctetString(pbes2Encs, iv, 8);
147 }
148 pbes2Encs.MessageEnd();
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]149 }
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]150 pbes2Params.MessageEnd();
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]151 }
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]152 encryptionAlgorithm.MessageEnd();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]153
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]154 DEREncodeOctetString(encryptedPrivateKeyInfo,
155 encryptedOs.buf()->buf(), encryptedOs.buf()->size());
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]156 }
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]157 encryptedPrivateKeyInfo.MessageEnd();
158
159 return pkcs8Os.buf();
160 }
161 catch (const CryptoPP::Exception& e) {
162 BOOST_THROW_EXCEPTION(Error("Cannot export the private key, #3"));
163 }
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]164}
165
166bool
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]167SecTpm::importPrivateKeyPkcs5IntoTpm(const Name& keyName,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]168 const uint8_t* buf, size_t size,
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]169 const std::string& passwordStr)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]170{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]171 using namespace CryptoPP;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]172
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]173 Oid pbes2Id;
174 Oid pbkdf2Id;
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]175 SecByteBlock saltBlock;
176 uint32_t iterationCount;
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]177 Oid pbes2encsId;
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]178 SecByteBlock ivBlock;
179 SecByteBlock encryptedDataBlock;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]180
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]181 try {
182 // decode some decoding processes are not necessary for now,
183 // because we assume only one encryption scheme.
184 StringSource source(buf, size, true);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]185
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]186 // EncryptedPrivateKeyInfo ::= SEQUENCE {
187 // encryptionAlgorithm EncryptionAlgorithmIdentifier,
188 // encryptedData OCTET STRING }
189 BERSequenceDecoder encryptedPrivateKeyInfo(source);
190 {
191 // EncryptionAlgorithmIdentifier ::= SEQUENCE {
192 // algorithm OBJECT IDENTIFIER {{PBES2-id}},
193 // parameters SEQUENCE {{PBES2-params}} }
194 BERSequenceDecoder encryptionAlgorithm(encryptedPrivateKeyInfo);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]195 {
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]196 pbes2Id.decode(encryptionAlgorithm);
197 // PBES2-params ::= SEQUENCE {
198 // keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
199 // encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} }
200 BERSequenceDecoder pbes2Params(encryptionAlgorithm);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]201 {
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]202 // AlgorithmIdentifier ::= SEQUENCE {
203 // algorithm OBJECT IDENTIFIER {{PBKDF2-id}},
204 // parameters SEQUENCE {{PBKDF2-params}} }
205 BERSequenceDecoder pbes2KDFs(pbes2Params);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]206 {
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]207 pbkdf2Id.decode(pbes2KDFs);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]208 // AlgorithmIdentifier ::= SEQUENCE {
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]209 // salt OCTET STRING,
210 // iterationCount INTEGER (1..MAX),
211 // keyLength INTEGER (1..MAX) OPTIONAL,
212 // prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 }
213 BERSequenceDecoder pbkdf2Params(pbes2KDFs);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]214 {
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]215 BERDecodeOctetString(pbkdf2Params, saltBlock);
216 BERDecodeUnsigned<uint32_t>(pbkdf2Params, iterationCount, INTEGER);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]217 }
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]218 pbkdf2Params.MessageEnd();
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]219 }
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]220 pbes2KDFs.MessageEnd();
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]221
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]222 // AlgorithmIdentifier ::= SEQUENCE {
223 // algorithm OBJECT IDENTIFIER {{DES-EDE3-CBC-PAD}},
224 // parameters OCTET STRING} {{iv}} }
225 BERSequenceDecoder pbes2Encs(pbes2Params);
226 {
227 pbes2encsId.decode(pbes2Encs);
228 BERDecodeOctetString(pbes2Encs, ivBlock);
229 }
230 pbes2Encs.MessageEnd();
231 }
232 pbes2Params.MessageEnd();
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]233 }
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]234 encryptionAlgorithm.MessageEnd();
235
236 BERDecodeOctetString(encryptedPrivateKeyInfo, encryptedDataBlock);
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]237 }
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]238 encryptedPrivateKeyInfo.MessageEnd();
239 }
240 catch (const CryptoPP::Exception& e) {
241 return false;
242 }
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]243
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]244 PKCS5_PBKDF2_HMAC<SHA1> keyGenerator;
245 size_t derivedLen = 24; //For DES-EDE3-CBC-PAD
246 byte derived[24] = {0};
247 byte purpose = 0;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]248
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]249 try {
250 keyGenerator.DeriveKey(derived, derivedLen,
251 purpose,
252 reinterpret_cast<const byte*>(passwordStr.c_str()), passwordStr.size(),
253 saltBlock.BytePtr(), saltBlock.size(),
254 iterationCount);
255 }
256 catch (const CryptoPP::Exception& e) {
257 return false;
258 }
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]259
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]260 //decrypt
261 CBC_Mode< DES_EDE3 >::Decryption d;
262 d.SetKeyWithIV(derived, derivedLen, ivBlock.BytePtr());
263
264 OBufferStream privateKeyOs;
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]265 try {
266 StringSource encryptedSource(encryptedDataBlock.BytePtr(), encryptedDataBlock.size(), true,
267 new StreamTransformationFilter(d, new FileSink(privateKeyOs)));
268 }
269 catch (const CryptoPP::Exception& e) {
270 return false;
271 }
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]272
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]273 if (!importPrivateKeyPkcs8IntoTpm(keyName,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]274 privateKeyOs.buf()->buf(), privateKeyOs.buf()->size()))
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]275 return false;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]276
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]277 // determine key type
Yingdi Yu9d9d5992014-06-25 12:25:16 -0700[diff] [blame]278 StringSource privateKeySource(privateKeyOs.buf()->buf(), privateKeyOs.buf()->size(), true);
279
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]280 KeyType publicKeyType = KeyType::NONE;
Yingdi Yu9d9d5992014-06-25 12:25:16 -0700[diff] [blame]281 SecByteBlock rawKeyBits;
282 // PrivateKeyInfo ::= SEQUENCE {
283 // INTEGER,
284 // SEQUENCE,
285 // OCTECT STRING}
286 BERSequenceDecoder privateKeyInfo(privateKeySource);
287 {
288 uint32_t versionNum;
289 BERDecodeUnsigned<uint32_t>(privateKeyInfo, versionNum, INTEGER);
290 BERSequenceDecoder sequenceDecoder(privateKeyInfo);
291 {
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]292 Oid keyTypeOid;
293 keyTypeOid.decode(sequenceDecoder);
294 if (keyTypeOid == oid::RSA)
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]295 publicKeyType = KeyType::RSA;
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]296 else if (keyTypeOid == oid::ECDSA)
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]297 publicKeyType = KeyType::EC;
Yingdi Yu9d9d5992014-06-25 12:25:16 -0700[diff] [blame]298 else
299 return false; // Unsupported key type;
300 }
301 }
302
303
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]304 // derive public key
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]305 OBufferStream publicKeyOs;
306
Yingdi Yu9d9d5992014-06-25 12:25:16 -0700[diff] [blame]307 try {
308 switch (publicKeyType) {
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]309 case KeyType::RSA: {
Yingdi Yu9d9d5992014-06-25 12:25:16 -0700[diff] [blame]310 RSA::PrivateKey privateKey;
311 privateKey.Load(StringStore(privateKeyOs.buf()->buf(), privateKeyOs.buf()->size()).Ref());
312 RSAFunction publicKey(privateKey);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]313
Yingdi Yu9d9d5992014-06-25 12:25:16 -0700[diff] [blame]314 FileSink publicKeySink(publicKeyOs);
315 publicKey.DEREncode(publicKeySink);
316 publicKeySink.MessageEnd();
317 break;
318 }
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]319
320 case KeyType::EC: {
Yingdi Yu9d9d5992014-06-25 12:25:16 -0700[diff] [blame]321 ECDSA<ECP, SHA256>::PrivateKey privateKey;
322 privateKey.Load(StringStore(privateKeyOs.buf()->buf(), privateKeyOs.buf()->size()).Ref());
323
324 ECDSA<ECP, SHA256>::PublicKey publicKey;
325 privateKey.MakePublicKey(publicKey);
326 publicKey.AccessGroupParameters().SetEncodeAsOID(true);
327
328 FileSink publicKeySink(publicKeyOs);
329 publicKey.DEREncode(publicKeySink);
330 publicKeySink.MessageEnd();
331 break;
332 }
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]333
334 default:
335 return false;
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]336 }
Yingdi Yu9d9d5992014-06-25 12:25:16 -0700[diff] [blame]337 }
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]338 catch (const CryptoPP::Exception& e) {
339 return false;
Yingdi Yu9d9d5992014-06-25 12:25:16 -0700[diff] [blame]340 }
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]341
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]342 if (!importPublicKeyPkcs1IntoTpm(keyName, publicKeyOs.buf()->buf(), publicKeyOs.buf()->size()))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]343 return false;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]344
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]345 return true;
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]346}
347
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]348bool
349SecTpm::getImpExpPassWord(std::string& password, const std::string& prompt)
350{
351 bool isInitialized = false;
352
Alexander Afanasyevcf3a6672015-02-01 20:33:22 -0800[diff] [blame]353#ifdef NDN_CXX_HAVE_GETPASS
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]354 char* pw0 = nullptr;
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]355
356 pw0 = getpass(prompt.c_str());
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]357 if (pw0 == nullptr)
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]358 return false;
359 std::string password1 = pw0;
360 memset(pw0, 0, strlen(pw0));
361
362 pw0 = getpass("Confirm:");
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]363 if (pw0 == nullptr) {
364 std::fill(password1.begin(), password1.end(), 0);
365 return false;
366 }
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]367
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]368 if (password1.compare(pw0) == 0) {
369 isInitialized = true;
370 password.swap(password1);
371 }
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]372
373 std::fill(password1.begin(), password1.end(), 0);
374 memset(pw0, 0, strlen(pw0));
375
376 if (password.empty())
377 return false;
378
Alexander Afanasyeva2ada222015-01-22 18:34:16 -0800[diff] [blame]379#endif // NDN_CXX_HAVE_GETPASS
380
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]381 return isInitialized;
382}
383
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]384} // namespace security
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]385} // namespace ndn