Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
| 2 | /** |
| 3 | * Copyright (C) 2013 Regents of the University of California. |
| 4 | * @author: Xingyu Ma <maxy12@cs.ucla.edu> |
| 5 | * Alexander Afanasyev <alexander.afanasyev@ucla.edu> |
| 6 | * Yingdi Yu <yingdi@cs.ucla.edu> |
| 7 | * See COPYING for copyright and distribution information. |
| 8 | */ |
| 9 | |
Alexander Afanasyev | e2dcdfd | 2014-02-07 15:53:28 -0800 | [diff] [blame] | 10 | #include "common.hpp" |
Yingdi Yu | 0402092 | 2014-01-22 12:46:53 -0800 | [diff] [blame] | 11 | |
Alexander Afanasyev | e2dcdfd | 2014-02-07 15:53:28 -0800 | [diff] [blame] | 12 | #include "sec-tpm-file.hpp" |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 13 | |
| 14 | #include <boost/filesystem.hpp> |
| 15 | #include <boost/algorithm/string.hpp> |
| 16 | |
| 17 | #include <cryptopp/rsa.h> |
| 18 | #include <cryptopp/files.h> |
| 19 | #include <cryptopp/base64.h> |
| 20 | #include <cryptopp/hex.h> |
| 21 | #include <cryptopp/osrng.h> |
| 22 | #include <cryptopp/sha.h> |
| 23 | #include <cryptopp/pssr.h> |
| 24 | #include <cryptopp/modes.h> |
| 25 | |
| 26 | #include <sys/types.h> |
| 27 | #include <sys/stat.h> |
| 28 | |
| 29 | using namespace CryptoPP; |
| 30 | using namespace ndn; |
| 31 | using namespace std; |
| 32 | |
| 33 | namespace ndn |
| 34 | { |
| 35 | |
| 36 | class SecTpmFile::Impl { |
| 37 | public: |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame^] | 38 | Impl(const string& dir) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 39 | { |
| 40 | if(dir.empty()) |
Yingdi Yu | 0402092 | 2014-01-22 12:46:53 -0800 | [diff] [blame] | 41 | m_keystorePath = boost::filesystem::path(getenv("HOME")) / ".ndnx" / "ndnsec-tpm-file"; |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 42 | else |
| 43 | m_keystorePath = dir; |
| 44 | |
| 45 | boost::filesystem::create_directories (m_keystorePath); |
| 46 | } |
| 47 | |
| 48 | public: |
| 49 | boost::filesystem::path m_keystorePath; |
| 50 | }; |
| 51 | |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame^] | 52 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 53 | SecTpmFile::SecTpmFile(const string & dir) |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame^] | 54 | : m_impl(new Impl(dir)) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 55 | {} |
| 56 | |
| 57 | void |
| 58 | SecTpmFile::generateKeyPairInTpm(const Name & keyName, KeyType keyType, int keySize) |
| 59 | { |
| 60 | string keyURI = keyName.toUri(); |
| 61 | |
| 62 | if(doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC)) |
| 63 | throw Error("public key exists"); |
| 64 | if(doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE)) |
| 65 | throw Error("private key exists"); |
| 66 | |
| 67 | string keyFileName = nameTransform(keyURI, ""); |
| 68 | maintainMapping(keyURI, keyFileName); |
| 69 | |
| 70 | try{ |
| 71 | switch(keyType){ |
| 72 | case KEY_TYPE_RSA: |
| 73 | { |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame^] | 74 | using namespace CryptoPP; |
| 75 | AutoSeededRandomPool rng; |
| 76 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 77 | InvertibleRSAFunction privateKey; |
| 78 | privateKey.Initialize(rng, keySize); |
| 79 | |
| 80 | string privateKeyFileName = keyFileName + ".pri"; |
| 81 | Base64Encoder privateKeySink(new FileSink(privateKeyFileName.c_str())); |
| 82 | privateKey.DEREncode(privateKeySink); |
| 83 | privateKeySink.MessageEnd(); |
| 84 | |
| 85 | RSAFunction publicKey(privateKey); |
| 86 | string publicKeyFileName = keyFileName + ".pub"; |
| 87 | Base64Encoder publicKeySink(new FileSink(publicKeyFileName.c_str())); |
| 88 | publicKey.DEREncode(publicKeySink); |
| 89 | publicKeySink.MessageEnd(); |
| 90 | |
| 91 | /*set file permission*/ |
| 92 | chmod(privateKeyFileName.c_str(), 0000400); |
| 93 | chmod(publicKeyFileName.c_str(), 0000444); |
| 94 | return; |
| 95 | } |
| 96 | default: |
| 97 | throw Error("Unsupported key type!"); |
| 98 | } |
| 99 | }catch(const CryptoPP::Exception& e){ |
| 100 | throw Error(e.what()); |
| 101 | } |
| 102 | } |
| 103 | |
Yingdi Yu | 28fd32f | 2014-01-28 19:03:03 -0800 | [diff] [blame] | 104 | void |
| 105 | SecTpmFile::deleteKeyPairInTpm(const Name &keyName) |
| 106 | { |
| 107 | boost::filesystem::path publicKeyPath(nameTransform(keyName.toUri(), ".pub")); |
| 108 | boost::filesystem::path privateKeyPath(nameTransform(keyName.toUri(), ".pri")); |
| 109 | |
| 110 | if(boost::filesystem::exists(publicKeyPath)) |
| 111 | boost::filesystem::remove(publicKeyPath); |
| 112 | |
| 113 | if(boost::filesystem::exists(privateKeyPath)) |
| 114 | boost::filesystem::remove(privateKeyPath); |
| 115 | } |
| 116 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 117 | ptr_lib::shared_ptr<PublicKey> |
| 118 | SecTpmFile::getPublicKeyFromTpm(const Name & keyName) |
| 119 | { |
| 120 | string keyURI = keyName.toUri(); |
| 121 | |
| 122 | if(!doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC)) |
| 123 | throw Error("public key doesn't exists"); |
| 124 | |
| 125 | string publicKeyFileName = nameTransform(keyURI, ".pub"); |
| 126 | std::ostringstream os; |
| 127 | try{ |
| 128 | FileSource(publicKeyFileName.c_str(), true, new Base64Decoder(new FileSink(os))); |
| 129 | }catch(const CryptoPP::Exception& e){ |
| 130 | throw Error(e.what()); |
| 131 | } |
| 132 | |
| 133 | return ptr_lib::make_shared<PublicKey>(reinterpret_cast<const uint8_t*>(os.str().c_str()), os.str().size()); |
| 134 | } |
| 135 | |
| 136 | Block |
| 137 | SecTpmFile::signInTpm(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm) |
| 138 | { |
| 139 | string keyURI = keyName.toUri(); |
| 140 | |
| 141 | if(!doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE)) |
| 142 | throw Error("private key doesn't exists"); |
| 143 | |
| 144 | try{ |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame^] | 145 | using namespace CryptoPP; |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 146 | AutoSeededRandomPool rng; |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame^] | 147 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 148 | //Read private key |
| 149 | ByteQueue bytes; |
| 150 | string privateKeyFileName = nameTransform(keyURI, ".pri"); |
| 151 | FileSource file(privateKeyFileName.c_str(), true, new Base64Decoder); |
| 152 | file.TransferTo(bytes); |
| 153 | bytes.MessageEnd(); |
| 154 | RSA::PrivateKey privateKey; |
| 155 | privateKey.Load(bytes); |
| 156 | |
| 157 | //Sign message |
| 158 | switch(digestAlgorithm){ |
| 159 | case DIGEST_ALGORITHM_SHA256: |
| 160 | { |
| 161 | RSASS<PKCS1v15, SHA256>::Signer signer(privateKey); |
| 162 | |
| 163 | OBufferStream os; |
| 164 | StringSource(data, dataLength, true, new SignerFilter(rng, signer, new FileSink(os))); |
| 165 | |
| 166 | return Block(Tlv::SignatureValue, os.buf()); |
| 167 | } |
| 168 | default: |
| 169 | throw Error("Unsupported digest algorithm!"); |
| 170 | } |
| 171 | }catch(const CryptoPP::Exception& e){ |
| 172 | throw Error(e.what()); |
| 173 | } |
| 174 | } |
| 175 | |
| 176 | |
| 177 | ConstBufferPtr |
| 178 | SecTpmFile::decryptInTpm(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric) |
| 179 | { |
| 180 | string keyURI = keyName.toUri(); |
| 181 | if (!isSymmetric) |
| 182 | { |
| 183 | if(!doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE)) |
| 184 | throw Error("private key doesn't exist"); |
| 185 | |
| 186 | try{ |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame^] | 187 | using namespace CryptoPP; |
| 188 | AutoSeededRandomPool rng; |
| 189 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 190 | //Read private key |
| 191 | ByteQueue bytes; |
| 192 | string privateKeyFileName = nameTransform(keyURI, ".pri"); |
| 193 | FileSource file(privateKeyFileName.c_str(), true, new Base64Decoder); |
| 194 | file.TransferTo(bytes); |
| 195 | bytes.MessageEnd(); |
| 196 | RSA::PrivateKey privateKey; |
| 197 | privateKey.Load(bytes); |
| 198 | RSAES_PKCS1v15_Decryptor decryptor(privateKey); |
| 199 | |
| 200 | OBufferStream os; |
| 201 | StringSource(data, dataLength, true, new PK_DecryptorFilter(rng, decryptor, new FileSink(os))); |
| 202 | |
| 203 | return os.buf(); |
| 204 | } |
| 205 | catch(const CryptoPP::Exception& e){ |
| 206 | throw Error(e.what()); |
| 207 | } |
| 208 | } |
| 209 | else |
| 210 | { |
| 211 | throw Error("Symmetric encryption is not implemented!"); |
| 212 | // if(!doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC)) |
| 213 | // throw Error("symmetric key doesn't exist"); |
| 214 | |
| 215 | // try{ |
| 216 | // string keyBits; |
| 217 | // string symKeyFileName = nameTransform(keyURI, ".key"); |
| 218 | // FileSource(symKeyFileName, true, new HexDecoder(new StringSink(keyBits))); |
| 219 | |
| 220 | // using CryptoPP::AES; |
| 221 | // AutoSeededRandomPool rnd; |
| 222 | // byte iv[AES::BLOCKSIZE]; |
| 223 | // rnd.GenerateBlock(iv, AES::BLOCKSIZE); |
| 224 | |
| 225 | // CFB_Mode<AES>::Decryption decryptor; |
| 226 | // decryptor.SetKeyWithIV(reinterpret_cast<const uint8_t*>(keyBits.c_str()), keyBits.size(), iv); |
| 227 | |
| 228 | // OBufferStream os; |
| 229 | // StringSource(data, dataLength, true, new StreamTransformationFilter(decryptor,new FileSink(os))); |
| 230 | // return os.buf(); |
| 231 | |
| 232 | // }catch(const CryptoPP::Exception& e){ |
| 233 | // throw Error(e.what()); |
| 234 | // } |
| 235 | } |
| 236 | } |
| 237 | |
| 238 | ConstBufferPtr |
| 239 | SecTpmFile::encryptInTpm(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric) |
| 240 | { |
| 241 | string keyURI = keyName.toUri(); |
| 242 | |
| 243 | if (!isSymmetric) |
| 244 | { |
| 245 | if(!doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC)) |
| 246 | throw Error("public key doesn't exist"); |
| 247 | try |
| 248 | { |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame^] | 249 | using namespace CryptoPP; |
| 250 | AutoSeededRandomPool rng; |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 251 | |
| 252 | //Read private key |
| 253 | ByteQueue bytes; |
| 254 | string publicKeyFileName = nameTransform(keyURI, ".pub"); |
| 255 | FileSource file(publicKeyFileName.c_str(), true, new Base64Decoder); |
| 256 | file.TransferTo(bytes); |
| 257 | bytes.MessageEnd(); |
| 258 | RSA::PublicKey publicKey; |
| 259 | publicKey.Load(bytes); |
| 260 | |
| 261 | OBufferStream os; |
| 262 | RSAES_PKCS1v15_Encryptor encryptor(publicKey); |
| 263 | |
| 264 | StringSource(data, dataLength, true, new PK_EncryptorFilter(rng, encryptor, new FileSink(os))); |
| 265 | return os.buf(); |
| 266 | } |
| 267 | catch(const CryptoPP::Exception& e){ |
| 268 | throw Error(e.what()); |
| 269 | } |
| 270 | } |
| 271 | else |
| 272 | { |
| 273 | throw Error("Symmetric encryption is not implemented!"); |
| 274 | // if(!doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC)) |
| 275 | // throw Error("symmetric key doesn't exist"); |
| 276 | |
| 277 | // try{ |
| 278 | // string keyBits; |
| 279 | // string symKeyFileName = nameTransform(keyURI, ".key"); |
| 280 | // FileSource(symKeyFileName, true, new HexDecoder(new StringSink(keyBits))); |
| 281 | |
| 282 | // using CryptoPP::AES; |
| 283 | // AutoSeededRandomPool rnd; |
| 284 | // byte iv[AES::BLOCKSIZE]; |
| 285 | // rnd.GenerateBlock(iv, AES::BLOCKSIZE); |
| 286 | |
| 287 | // CFB_Mode<AES>::Encryption encryptor; |
| 288 | // encryptor.SetKeyWithIV(reinterpret_cast<const uint8_t*>(keyBits.c_str()), keyBits.size(), iv); |
| 289 | |
| 290 | // OBufferStream os; |
| 291 | // StringSource(data, dataLength, true, new StreamTransformationFilter(encryptor, new FileSink(os))); |
| 292 | // return os.buf(); |
| 293 | // }catch(const CryptoPP::Exception& e){ |
| 294 | // throw Error(e.what()); |
| 295 | // } |
| 296 | } |
| 297 | } |
| 298 | |
| 299 | |
| 300 | void |
| 301 | SecTpmFile::generateSymmetricKeyInTpm(const Name & keyName, KeyType keyType, int keySize) |
| 302 | { |
| 303 | string keyURI = keyName.toUri(); |
| 304 | |
| 305 | if(doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC)) |
| 306 | throw Error("symmetric key exists"); |
| 307 | |
| 308 | string keyFileName = nameTransform(keyURI, ""); |
| 309 | maintainMapping(keyURI, keyFileName); |
| 310 | string symKeyFileName = keyFileName + ".key"; |
| 311 | |
| 312 | try{ |
| 313 | switch(keyType){ |
| 314 | case KEY_TYPE_AES: |
| 315 | { |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame^] | 316 | using namespace CryptoPP; |
| 317 | AutoSeededRandomPool rng; |
| 318 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 319 | SecByteBlock key(0x00, keySize); |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame^] | 320 | rng.GenerateBlock(key, keySize); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 321 | |
| 322 | StringSource(key, key.size(), true, new HexEncoder(new FileSink(symKeyFileName.c_str()))); |
| 323 | |
| 324 | chmod(symKeyFileName.c_str(), 0000400); |
| 325 | return; |
| 326 | } |
| 327 | default: |
| 328 | throw Error("Unsupported symmetric key type!"); |
| 329 | } |
| 330 | }catch(const CryptoPP::Exception& e){ |
| 331 | throw Error(e.what()); |
| 332 | } |
| 333 | } |
| 334 | |
| 335 | bool |
| 336 | SecTpmFile::doesKeyExistInTpm(const Name & keyName, KeyClass keyClass) |
| 337 | { |
| 338 | string keyURI = keyName.toUri(); |
| 339 | if (keyClass == KEY_CLASS_PUBLIC) |
| 340 | { |
| 341 | string publicKeyName = SecTpmFile::nameTransform(keyURI, ".pub"); |
| 342 | fstream fin(publicKeyName.c_str(),ios::in); |
| 343 | if (fin) |
| 344 | return true; |
| 345 | else |
| 346 | return false; |
| 347 | } |
| 348 | if (keyClass == KEY_CLASS_PRIVATE) |
| 349 | { |
| 350 | string privateKeyName = SecTpmFile::nameTransform(keyURI, ".pri"); |
| 351 | fstream fin(privateKeyName.c_str(),ios::in); |
| 352 | if (fin) |
| 353 | return true; |
| 354 | else |
| 355 | return false; |
| 356 | } |
| 357 | if (keyClass == KEY_CLASS_SYMMETRIC) |
| 358 | { |
| 359 | string symmetricKeyName = SecTpmFile::nameTransform(keyURI, ".key"); |
| 360 | fstream fin(symmetricKeyName.c_str(),ios::in); |
| 361 | if (fin) |
| 362 | return true; |
| 363 | else |
| 364 | return false; |
| 365 | } |
| 366 | return false; |
| 367 | } |
| 368 | |
| 369 | std::string SecTpmFile::nameTransform(const string &keyName, const string &extension) |
| 370 | { |
| 371 | std::string digest; |
| 372 | CryptoPP::SHA256 hash; |
| 373 | CryptoPP::StringSource foo(keyName, true, |
| 374 | new CryptoPP::HashFilter(hash, |
| 375 | new CryptoPP::Base64Encoder (new CryptoPP::StringSink(digest)) |
| 376 | ) |
| 377 | ); |
| 378 | boost::algorithm::trim(digest); |
| 379 | for (std::string::iterator ch = digest.begin(); ch != digest.end(); ch++) |
| 380 | { |
| 381 | if (*ch == '/') |
| 382 | { |
| 383 | *ch = '%'; |
| 384 | } |
| 385 | } |
| 386 | |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame^] | 387 | return (m_impl->m_keystorePath / (digest + extension)).string(); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 388 | } |
| 389 | |
| 390 | void |
| 391 | SecTpmFile::maintainMapping(string str1, string str2) |
| 392 | { |
| 393 | std::ofstream outfile; |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame^] | 394 | string dirFile = (m_impl->m_keystorePath / "mapping.txt").string(); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 395 | |
| 396 | outfile.open(dirFile.c_str(), std::ios_base::app); |
| 397 | outfile << str1 << ' ' << str2 << '\n'; |
| 398 | outfile.close(); |
| 399 | } |
| 400 | |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame^] | 401 | bool |
| 402 | SecTpmFile::generateRandomBlock(uint8_t* res, size_t size) |
| 403 | { |
| 404 | try{ |
| 405 | CryptoPP::AutoSeededRandomPool rng; |
| 406 | rng.GenerateBlock(res, size); |
| 407 | return true; |
| 408 | }catch(const CryptoPP::Exception& e){ |
| 409 | return false; |
| 410 | } |
| 411 | } |
| 412 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 413 | } //ndn |