Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / ba82c16fee1de12dbfb96fa42453c597610bf15a / . / ndn-cpp / security / identity / identity-manager.cpp
blob: c13ed419f8155eb400b6a33be6344fc5db1e139e [file] [log] [blame]
Jeff Thompson25b4e612013-10-10 16:03:24 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]2/**
Jeff Thompson7687dc02013-09-13 11:54:07 -0700[diff] [blame]3 * Copyright (C) 2013 Regents of the University of California.
Jeff Thompson06e787d2013-09-12 19:00:55 -0700[diff] [blame]4 * @author: Yingdi Yu <yingdi@cs.ucla.edu>
Jeff Thompson7687dc02013-09-13 11:54:07 -0700[diff] [blame]5 * @author: Jeff Thompson <jefft0@remap.ucla.edu>
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]6 * See COPYING for copyright and distribution information.
7 */
8
Jeff Thompson6154ae22013-10-18 10:44:57 -0700[diff] [blame]9#if 1 // TODO: Remove this when we don't throw "not implemented".
Jeff Thompson0f2096f2013-10-01 14:49:42 -0700[diff] [blame]10#include <stdexcept>
11#endif
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]12#include <ctime>
13#include <fstream>
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]14#include <math.h>
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]15#include <ndn-cpp/key.hpp>
Jeff Thompson25b4e612013-10-10 16:03:24 -0700[diff] [blame]16#include <ndn-cpp/sha256-with-rsa-signature.hpp>
17#include <ndn-cpp/security/security-exception.hpp>
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]18#include "../../util/logging.hpp"
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]19#include "../../c/util/time.h"
Jeff Thompson25b4e612013-10-10 16:03:24 -0700[diff] [blame]20#include <ndn-cpp/security/identity/identity-manager.hpp>
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]21
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]22INIT_LOGGER("ndn.security.IdentityManager")
23
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700[diff] [blame]24using namespace std;
25using namespace ndn::ptr_lib;
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]26
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700[diff] [blame]27namespace ndn {
Jeff Thompson86e1d752013-09-17 17:22:38 -0700[diff] [blame]28
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]29Name
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]30IdentityManager::createIdentity(const Name& identityName)
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]31{
32 if (!identityStorage_->doesIdentityExist(identityName)) {
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]33 _LOG_DEBUG("Create Identity");
34 identityStorage_->addIdentity(identityName);
35
36 _LOG_DEBUG("Create Default RSA key pair");
37 Name keyName = generateRSAKeyPairAsDefault(identityName, true);
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]38
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]39 _LOG_DEBUG("Create self-signed certificate");
40 shared_ptr<IdentityCertificate> selfCert = selfSign(keyName);
41
42 _LOG_DEBUG("Add self-signed certificate as default");
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]43
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]44 addCertificateAsDefault(*selfCert);
45
46 return keyName;
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]47 }
48 else
49 throw SecurityException("Identity has already been created!");
50}
51
52Name
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]53IdentityManager::generateKeyPair(const Name& identityName, bool isKsk, KeyType keyType, int keySize)
54{
55 _LOG_DEBUG("Get new key ID");
56 Name keyName = identityStorage_->getNewKeyName(identityName, isKsk);
57
58 _LOG_DEBUG("Generate key pair in private storage");
59 privateKeyStorage_->generateKeyPair(keyName.toUri(), keyType, keySize);
60
61 _LOG_DEBUG("Create a key record in public storage");
62 shared_ptr<PublicKey> pubKey = privateKeyStorage_->getPublicKey(keyName.toUri());
63 identityStorage_->addKey(keyName, keyType, pubKey->getKeyDer());
64 _LOG_DEBUG("OK");
65 return keyName;
66}
67
68Name
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]69IdentityManager::generateRSAKeyPair(const Name& identityName, bool isKsk, int keySize)
70{
71 Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize);
72 _LOG_DEBUG("OK2");
73 return keyName;
74}
75
76Name
77IdentityManager::generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk, int keySize)
78{
79 Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]80
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]81 identityStorage_->setDefaultKeyNameForIdentity(keyName, identityName);
82
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]83 return keyName;
84}
85
86Name
Jeff Thompson9a8e82f2013-10-17 14:13:43 -0700[diff] [blame]87IdentityManager::createIdentityCertificate(const Name& keyName, const Name& signerCertificateName, const MillisecondsSince1970& notBefore, const MillisecondsSince1970& notAfter)
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]88{
89 Blob keyBlob = identityStorage_->getKey(keyName);
90 shared_ptr<PublicKey> publicKey = PublicKey::fromDer(keyBlob);
91
92 shared_ptr<IdentityCertificate> certificate = createIdentityCertificate
93 (keyName, *publicKey, signerCertificateName, notBefore, notAfter);
94
95 identityStorage_->addCertificate(*certificate);
96
97 return certificate->getName();
98}
99
100ptr_lib::shared_ptr<IdentityCertificate>
101IdentityManager::createIdentityCertificate
Jeff Thompson9a8e82f2013-10-17 14:13:43 -0700[diff] [blame]102 (const Name& keyName, const PublicKey& publicKey, const Name& signerCertificateName, const MillisecondsSince1970& notBefore, const MillisecondsSince1970& notAfter)
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]103{
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]104 shared_ptr<IdentityCertificate> certificate(new IdentityCertificate());
105
106 Name certificateName;
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]107 MillisecondsSince1970 ti = ::ndn_getNowMilliseconds();
108 // Get the number of seconds.
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]109 ostringstream oss;
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]110 oss << floor(ti / 1000.0);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]111
112 certificateName.append(keyName).append("ID-CERT").append(oss.str());
113 certificate->setName(certificateName);
114
115 certificate->setNotBefore(notBefore);
116 certificate->setNotAfter(notAfter);
117 certificate->setPublicKeyInfo(publicKey);
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]118 certificate->addSubjectDescription(CertificateSubjectDescription("2.5.4.41", keyName.toUri()));
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]119 certificate->encode();
120
121 shared_ptr<Sha256WithRsaSignature> sha256Sig(new Sha256WithRsaSignature());
122
123 KeyLocator keyLocator;
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]124 keyLocator.setType(ndn_KeyLocatorType_KEYNAME);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]125 keyLocator.setKeyName(signerCertificateName);
126
127 sha256Sig->setKeyLocator(keyLocator);
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]128 sha256Sig->getPublisherPublicKeyDigest().setPublisherPublicKeyDigest(*publicKey.getDigest());
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]129
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]130 certificate->setSignature(*sha256Sig);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]131
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]132 SignedBlob unsignedData = certificate->wireEncode();
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]133
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]134 Blob sigBits = privateKeyStorage_->sign(unsignedData, keyName);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]135
Jeff Thompsonba82c162013-10-18 17:21:23 -0700[diff] [blame^]136 sha256Sig->setSignature(sigBits);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]137
138 return certificate;
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]139}
140
141void
142IdentityManager::addCertificateAsDefault(const IdentityCertificate& certificate)
143{
144 identityStorage_->addCertificate(certificate);
145
146 Name keyName = identityStorage_->getKeyNameForCertificate(certificate.getName());
147
148 setDefaultKeyForIdentity(keyName);
149
150 setDefaultCertificateForKey(certificate.getName());
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]151}
152
153void
154IdentityManager::setDefaultCertificateForKey(const Name& certificateName)
155{
156 Name keyName = identityStorage_->getKeyNameForCertificate(certificateName);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]157
158 if(!identityStorage_->doesKeyExist(keyName))
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]159 throw SecurityException("No corresponding Key record for certificaite!");
160
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]161 identityStorage_->setDefaultCertificateNameForKey(keyName, certificateName);
162}
163
164ptr_lib::shared_ptr<Signature>
165IdentityManager::signByCertificate(const uint8_t* data, size_t dataLength, const Name& certificateName)
166{
Jeff Thompsonba82c162013-10-18 17:21:23 -0700[diff] [blame^]167 Name keyName = identityStorage_->getKeyNameForCertificate(certificateName);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]168
169 shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName.toUri());
170
Jeff Thompsonba82c162013-10-18 17:21:23 -0700[diff] [blame^]171 Blob sigBits = privateKeyStorage_->sign(data, dataLength, keyName.toUri());
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]172
173 //For temporary usage, we support RSA + SHA256 only, but will support more.
Jeff Thompsonba82c162013-10-18 17:21:23 -0700[diff] [blame^]174 shared_ptr<Sha256WithRsaSignature> sha256Sig(new Sha256WithRsaSignature());
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]175
176 KeyLocator keyLocator;
Jeff Thompsonba82c162013-10-18 17:21:23 -0700[diff] [blame^]177 keyLocator.setType(ndn_KeyLocatorType_KEYNAME);
178 keyLocator.setKeyName(certificateName);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]179
180 sha256Sig->setKeyLocator(keyLocator);
Jeff Thompsonba82c162013-10-18 17:21:23 -0700[diff] [blame^]181 sha256Sig->getPublisherPublicKeyDigest().setPublisherPublicKeyDigest(*publicKey->getDigest());
182 sha256Sig->setSignature(sigBits);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]183
184 return sha256Sig;
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]185}
186
187void
Jeff Thompson86e1d752013-09-17 17:22:38 -0700[diff] [blame]188IdentityManager::signByCertificate(Data &data, const Name &certificateName, WireFormat& wireFormat)
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]189{
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]190 Name keyName = identityStorage_->getKeyNameForCertificate(certificateName);
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700[diff] [blame]191
192 shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName);
Jeff Thompson86e1d752013-09-17 17:22:38 -0700[diff] [blame]193
194 // For temporary usage, we support RSA + SHA256 only, but will support more.
195 data.setSignature(Sha256WithRsaSignature());
196 // Get a pointer to the clone which Data made.
197 Sha256WithRsaSignature *signature = dynamic_cast<Sha256WithRsaSignature*>(data.getSignature());
198 DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256;
199
200 signature->getKeyLocator().setType(ndn_KeyLocatorType_KEYNAME);
201 signature->getKeyLocator().setKeyName(certificateName);
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700[diff] [blame]202 // Omit the certificate digest.
203 signature->getKeyLocator().setKeyNameType((ndn_KeyNameType)-1);
Jeff Thompson86e1d752013-09-17 17:22:38 -0700[diff] [blame]204 // Ignore witness and leave the digestAlgorithm as the default.
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700[diff] [blame]205 signature->getPublisherPublicKeyDigest().setPublisherPublicKeyDigest(publicKey->getDigest());
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]206
Jeff Thompson86e1d752013-09-17 17:22:38 -0700[diff] [blame]207 // Encode once to get the signed portion.
208 SignedBlob encoding = data.wireEncode(wireFormat);
209
210 signature->setSignature
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700[diff] [blame]211 (privateKeyStorage_->sign(encoding.signedBuf(), encoding.signedSize(), keyName, digestAlgorithm));
Jeff Thompson86e1d752013-09-17 17:22:38 -0700[diff] [blame]212
213 // Encode again to include the signature.
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]214 data.wireEncode(wireFormat);
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]215}
216
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]217shared_ptr<IdentityCertificate>
218IdentityManager::selfSign(const Name& keyName)
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]219{
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]220#if 0
221 shared_ptr<IdentityCertificate> certificate = Create<IdentityCertificate>();
222
223 Name certificateName;
224 certificateName.append(keyName).append("ID-CERT").append("0");
225 certificate->setName(certificateName);
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]226
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]227 Blob keyBlob = identityStorage_->getKey(keyName);
228 shared_ptr<PublicKey> publicKey = PublicKey::fromDer(keyBlob);
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]229
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]230 tm current = boost::posix_time::to_tm(time::Now());
231 current.tm_hour = 0;
232 current.tm_min = 0;
233 current.tm_sec = 0;
Jeff Thompson9a8e82f2013-10-17 14:13:43 -0700[diff] [blame]234 MillisecondsSince1970 notBefore = boost::posix_time::ptime_from_tm(current);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]235 current.tm_year = current.tm_year + 20;
Jeff Thompson9a8e82f2013-10-17 14:13:43 -0700[diff] [blame]236 MillisecondsSince1970 notAfter = boost::posix_time::ptime_from_tm(current);
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]237
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]238 certificate->setNotBefore(notBefore);
239 certificate->setNotAfter(notAfter);
240 certificate->setPublicKeyInfo(*publicKey);
241 certificate->addSubjectDescription(CertificateSubDescrypt("2.5.4.41", keyName.toUri()));
242 certificate->encode();
243
244 shared_ptr<signature::Sha256WithRsa> sha256Sig = shared_ptr<signature::Sha256WithRsa>::Create();
245
246 KeyLocator keyLocator;
247 keyLocator.setType(KeyLocator::KEYNAME);
248 keyLocator.setKeyName(certificateName);
249
250 sha256Sig->setKeyLocator(keyLocator);
251 sha256Sig->setPublisherKeyDigest(*publicKey->getDigest());
252
253 certificate->setSignature(sha256Sig);
254
255 Blob unsignedData = certificate->encodeToUnsignedWire();
256
257 Blob sigBits = privateKeyStorage_->sign(*unsignedData, keyName.toUri());
258
259 sha256Sig->setSignatureBits(*sigBits);
260
261 return certificate;
262#else
Jeff Thompson4affbf52013-10-18 14:36:46 -0700[diff] [blame]263 throw runtime_error("not implemented");
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]264#endif
265}
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]266
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]267}