Blame - src/security/sec-tpm.cpp - ndn-cxx

blob: 13b04a8c4db1d5f360be208c0b62f87502e61c09 [file] [log] [blame]

Yingdi Yu	8dceb1d	2014-02-18 12:45:10 -0800	[diff] [blame^]	1	/* -- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -- */
				2	/**
				3	* Copyright (C) 2013 Regents of the University of California.
				4	* @author: Yingdi Yu <yingdi@cs.ucla.edu>
				5	* See COPYING for copyright and distribution information.
				6	*/
				7
				8	#include "sec-tpm.hpp"
				9
				10	#include <cryptopp/rsa.h>
				11	#include <cryptopp/files.h>
				12	#include <cryptopp/base64.h>
				13	#include <cryptopp/hex.h>
				14	#include <cryptopp/osrng.h>
				15	#include <cryptopp/sha.h>
				16	#include <cryptopp/pssr.h>
				17	#include <cryptopp/modes.h>
				18	#include <cryptopp/pwdbased.h>
				19	#include <cryptopp/sha.h>
				20	#include <cryptopp/des.h>
				21
				22	using namespace std;
				23
				24	namespace ndn {
				25
				26	ConstBufferPtr
				27	SecTpm::exportPrivateKeyPkcs8FromTpm(const Name& keyName, bool inTerminal, const string& passwordStr)
				28	{
				29	uint8_t salt[8] = {0};
				30	uint8_t iv[8] = {0};
				31
				32	try{
				33	using namespace CryptoPP;
				34
				35	// check password
				36	string password;
				37	if(passwordStr.empty())
				38	if(!inTerminal)
				39	return shared_ptr<Buffer>();
				40	else
				41	{
				42	int count = 0;
				43	while(!getPassWord(password, keyName.toUri()))
				44	{
				45	cerr << "Password mismatch!" << endl;
				46	count++;
				47	if(count > 3)
				48	return shared_ptr<Buffer>();
				49	}
				50	}
				51	else
				52	password = passwordStr;
				53
				54	// derive key
				55	if(!generateRandomBlock(salt, 8))
				56	return shared_ptr<Buffer>();
				57
				58	if(!generateRandomBlock(iv, 8))
				59	return shared_ptr<Buffer>();
				60
				61	uint32_t iterationCount = 2048;
				62
				63	PKCS5_PBKDF2_HMAC<SHA1> keyGenerator;
				64	size_t derivedLen = 24; //For DES-EDE3-CBC-PAD
				65	byte derived[24] = {0};
				66	byte purpose = 0;
				67
				68	keyGenerator.DeriveKey(derived, derivedLen,
				69	purpose,
				70	reinterpret_cast<const byte*>(password.c_str()), password.size(),
				71	salt, 8,
				72	iterationCount);
				73
				74	memset(const_cast<char*>(password.c_str()), 0, password.size());
				75
				76	//encrypt
				77	CBC_Mode< DES_EDE3 >::Encryption e;
				78	e.SetKeyWithIV(derived, derivedLen, iv);
				79
				80	string encrypted;
				81	OBufferStream encryptedOs;
				82	ConstBufferPtr pkcs1PrivateKey = exportPrivateKeyPkcs1FromTpm(keyName);
				83	StringSource stringSource(pkcs1PrivateKey->buf(), pkcs1PrivateKey->size(), true,
				84	new StreamTransformationFilter(e, new FileSink(encryptedOs)));
				85
				86	//encode
				87	OID pbes2Id("1.2.840.113549.1.5.13");
				88	OID pbkdf2Id("1.2.840.113549.1.5.12");
				89	OID pbes2encsId("1.2.840.113549.3.7");
				90
				91	OBufferStream pkcs8Os;
				92	FileSink sink(pkcs8Os);
				93
				94	// EncryptedPrivateKeyInfo ::= SEQUENCE {
				95	// encryptionAlgorithm EncryptionAlgorithmIdentifier,
				96	// encryptedData OCTET STRING }
				97	DERSequenceEncoder encryptedPrivateKeyInfo(sink);
				98	{
				99	// EncryptionAlgorithmIdentifier ::= SEQUENCE {
				100	// algorithm OBJECT IDENTIFIER {{PBES2-id}},
				101	// parameters SEQUENCE {{PBES2-params}} }
				102	DERSequenceEncoder encryptionAlgorithm(encryptedPrivateKeyInfo);
				103	{
				104	pbes2Id.encode(encryptionAlgorithm);
				105	// PBES2-params ::= SEQUENCE {
				106	// keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
				107	// encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} }
				108	DERSequenceEncoder pbes2Params(encryptionAlgorithm);
				109	{
				110	// AlgorithmIdentifier ::= SEQUENCE {
				111	// algorithm OBJECT IDENTIFIER {{PBKDF2-id}},
				112	// parameters SEQUENCE {{PBKDF2-params}} }
				113	DERSequenceEncoder pbes2KDFs(pbes2Params);
				114	{
				115	pbkdf2Id.encode(pbes2KDFs);
				116	// AlgorithmIdentifier ::= SEQUENCE {
				117	// salt OCTET STRING,
				118	// iterationCount INTEGER (1..MAX),
				119	// keyLength INTEGER (1..MAX) OPTIONAL,
				120	// prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 }
				121	DERSequenceEncoder pbkdf2Params(pbes2KDFs);
				122	{
				123	DEREncodeOctetString(pbkdf2Params, salt, 8);
				124	DEREncodeUnsigned<uint32_t>(pbkdf2Params, iterationCount, INTEGER);
				125	}
				126	pbkdf2Params.MessageEnd();
				127	}
				128	pbes2KDFs.MessageEnd();
				129
				130	// AlgorithmIdentifier ::= SEQUENCE {
				131	// algorithm OBJECT IDENTIFIER {{DES-EDE3-CBC-PAD}},
				132	// parameters OCTET STRING} {{iv}} }
				133	DERSequenceEncoder pbes2Encs(pbes2Params);
				134	{
				135	pbes2encsId.encode(pbes2Encs);
				136	DEREncodeOctetString(pbes2Encs, iv, 8);
				137	}
				138	pbes2Encs.MessageEnd();
				139	}
				140	pbes2Params.MessageEnd();
				141	}
				142	encryptionAlgorithm.MessageEnd();
				143
				144	DEREncodeOctetString(encryptedPrivateKeyInfo, encryptedOs.buf()->buf(), encryptedOs.buf()->size());
				145	}
				146	encryptedPrivateKeyInfo.MessageEnd();
				147
				148	return pkcs8Os.buf();
				149	}catch(...){
				150	return shared_ptr<Buffer>();
				151	}
				152	}
				153
				154	bool
				155	SecTpm::importPrivateKeyPkcs8IntoTpm(const Name& keyName, const uint8_t* buf, size_t size, bool inTerminal, const string& passwordStr)
				156	{
				157	try{
				158	using namespace CryptoPP;
				159
				160	OID pbes2Id;
				161	OID pbkdf2Id;
				162	SecByteBlock saltBlock;
				163	uint32_t iterationCount;
				164	OID pbes2encsId;
				165	SecByteBlock ivBlock;
				166	SecByteBlock encryptedDataBlock;
				167
				168	//decode some decoding processes are not necessary for now, because we assume only one encryption scheme.
				169	StringSource source(buf, size, true);
				170
				171	// EncryptedPrivateKeyInfo ::= SEQUENCE {
				172	// encryptionAlgorithm EncryptionAlgorithmIdentifier,
				173	// encryptedData OCTET STRING }
				174	BERSequenceDecoder encryptedPrivateKeyInfo(source);
				175	{
				176	// EncryptionAlgorithmIdentifier ::= SEQUENCE {
				177	// algorithm OBJECT IDENTIFIER {{PBES2-id}},
				178	// parameters SEQUENCE {{PBES2-params}} }
				179	BERSequenceDecoder encryptionAlgorithm(encryptedPrivateKeyInfo);
				180	{
				181	pbes2Id.decode(encryptionAlgorithm);
				182	// PBES2-params ::= SEQUENCE {
				183	// keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
				184	// encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} }
				185	BERSequenceDecoder pbes2Params(encryptionAlgorithm);
				186	{
				187	// AlgorithmIdentifier ::= SEQUENCE {
				188	// algorithm OBJECT IDENTIFIER {{PBKDF2-id}},
				189	// parameters SEQUENCE {{PBKDF2-params}} }
				190	BERSequenceDecoder pbes2KDFs(pbes2Params);
				191	{
				192	pbkdf2Id.decode(pbes2KDFs);
				193	// AlgorithmIdentifier ::= SEQUENCE {
				194	// salt OCTET STRING,
				195	// iterationCount INTEGER (1..MAX),
				196	// keyLength INTEGER (1..MAX) OPTIONAL,
				197	// prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 }
				198	BERSequenceDecoder pbkdf2Params(pbes2KDFs);
				199	{
				200	BERDecodeOctetString(pbkdf2Params, saltBlock);
				201	BERDecodeUnsigned<uint32_t>(pbkdf2Params, iterationCount, INTEGER);
				202	}
				203	pbkdf2Params.MessageEnd();
				204	}
				205	pbes2KDFs.MessageEnd();
				206
				207	// AlgorithmIdentifier ::= SEQUENCE {
				208	// algorithm OBJECT IDENTIFIER {{DES-EDE3-CBC-PAD}},
				209	// parameters OCTET STRING} {{iv}} }
				210	BERSequenceDecoder pbes2Encs(pbes2Params);
				211	{
				212	pbes2encsId.decode(pbes2Encs);
				213	BERDecodeOctetString(pbes2Encs, ivBlock);
				214	}
				215	pbes2Encs.MessageEnd();
				216	}
				217	pbes2Params.MessageEnd();
				218	}
				219	encryptionAlgorithm.MessageEnd();
				220
				221	BERDecodeOctetString(encryptedPrivateKeyInfo, encryptedDataBlock);
				222	}
				223	encryptedPrivateKeyInfo.MessageEnd();
				224
				225
				226	PKCS5_PBKDF2_HMAC<SHA1> keyGenerator;
				227	size_t derivedLen = 24; //For DES-EDE3-CBC-PAD
				228	byte derived[24] = {0};
				229	byte purpose = 0;
				230
				231	string password;
				232	if(passwordStr.empty())
				233	if(inTerminal)
				234	{
				235	char* pw = getpass("Password for the private key: ");
				236	if (!pw)
				237	return false;
				238	password = pw;
				239	memset(pw, 0, strlen(pw));
				240	}
				241	else
				242	return false;
				243	else
				244	password = passwordStr;
				245
				246	keyGenerator.DeriveKey(derived, derivedLen,
				247	purpose,
				248	reinterpret_cast<const byte*>(password.c_str()), password.size(),
				249	saltBlock.BytePtr(), saltBlock.size(),
				250	iterationCount);
				251
				252	memset(const_cast<char*>(password.c_str()), 0, password.size());
				253
				254	//decrypt
				255	CBC_Mode< DES_EDE3 >::Decryption d;
				256	d.SetKeyWithIV(derived, derivedLen, ivBlock.BytePtr());
				257
				258	OBufferStream privateKeyOs;
				259	StringSource encryptedSource(encryptedDataBlock.BytePtr(), encryptedDataBlock.size(), true,
				260	new StreamTransformationFilter(d, new FileSink(privateKeyOs)));
				261
				262	if(!importPrivateKeyPkcs1IntoTpm(keyName, privateKeyOs.buf()->buf(), privateKeyOs.buf()->size()))
				263	return false;
				264
				265	//derive public key
				266	RSA::PrivateKey privateKey;
				267	privateKey.Load(StringStore(privateKeyOs.buf()->buf(), privateKeyOs.buf()->size()).Ref());
				268
				269	RSAFunction publicKey(privateKey);
				270
				271	OBufferStream publicKeyOs;
				272	FileSink publicKeySink(publicKeyOs);
				273	publicKey.DEREncode(publicKeySink);
				274	publicKeySink.MessageEnd();
				275
				276	if(!importPublicKeyPkcs1IntoTpm(keyName, publicKeyOs.buf()->buf(), publicKeyOs.buf()->size()))
				277	return false;
				278
				279	return true;
				280	}catch(std::runtime_error& e){
				281	cerr << e.what() << endl;
				282	return false;
				283	}
				284	}
				285
				286
				287	}//ndn