Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / caac54eb94693a62718d9c7bf4f67bb1145924fd / . / src / security / sec-tpm-file.cpp
blob: 096fe9db6ddd1ae11fcce248cd5cb1c30f364c8f [file] [log] [blame]
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/**
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]3 * Copyright (c) 2013-2014, Regents of the University of California.
4 * All rights reserved.
5 *
6 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
7 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
8 *
9 * This file licensed under New BSD License. See COPYING for detailed information about
10 * ndn-cxx library copyright, permissions, and redistribution restrictions.
11 *
12 * @author Xingyu Ma <http://www.linkedin.com/pub/xingyu-ma/1a/384/5a8>
13 * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
14 * @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]15 */
16
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]17#include "common.hpp"
Yingdi Yu04020922014-01-22 12:46:53 -0800[diff] [blame]18
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]19#include "sec-tpm-file.hpp"
Alexander Afanasyev258ec2b2014-05-14 16:15:37 -0700[diff] [blame]20#include "../encoding/buffer-stream.hpp"
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]21
22#include <boost/filesystem.hpp>
23#include <boost/algorithm/string.hpp>
24
Junxiao Shi482ccc52014-03-31 13:05:24 -0700[diff] [blame]25#include "cryptopp.hpp"
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]26
27#include <sys/types.h>
28#include <sys/stat.h>
29
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]30#include <algorithm>
31
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]32using namespace std;
33
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]34namespace ndn {
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]35
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]36class SecTpmFile::Impl
37{
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]38public:
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]39 Impl(const string& dir)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]40 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]41 if (dir.empty())
Yingdi Yu37e317f2014-03-19 12:16:23 -0700[diff] [blame]42 m_keystorePath = boost::filesystem::path(getenv("HOME")) / ".ndn" / "ndnsec-tpm-file";
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]43 else
44 m_keystorePath = dir;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]45
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]46 boost::filesystem::create_directories (m_keystorePath);
47 }
48
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]49 boost::filesystem::path
50 nameTransform(const string& keyName, const string& extension)
51 {
52 using namespace CryptoPP;
53 string digest;
54 SHA256 hash;
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]55 StringSource src(keyName,
56 true,
57 new HashFilter(hash,
58 new Base64Encoder(new CryptoPP::StringSink(digest))));
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]59
60 boost::algorithm::trim(digest);
61 std::replace(digest.begin(), digest.end(), '/', '%');
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]62
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]63 return m_keystorePath / (digest + extension);
64 }
65
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]66 string
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]67 maintainMapping(const string& keyName)
68 {
69 string keyFileName = nameTransform(keyName, "").string();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]70
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]71 ofstream outfile;
72 string dirFile = (m_keystorePath / "mapping.txt").string();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]73
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]74 outfile.open(dirFile.c_str(), std::ios_base::app);
75 outfile << keyName << ' ' << keyFileName << '\n';
76 outfile.close();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]77
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]78 return keyFileName;
79 }
80
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]81public:
82 boost::filesystem::path m_keystorePath;
83};
84
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]85
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]86SecTpmFile::SecTpmFile(const string& dir)
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]87 : m_impl(new Impl(dir))
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]88 , m_inTerminal(false)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]89{}
90
91void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]92SecTpmFile::generateKeyPairInTpm(const Name& keyName, KeyType keyType, int keySize)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]93{
94 string keyURI = keyName.toUri();
95
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]96 if (doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]97 throw Error("public key exists");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]98 if (doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]99 throw Error("private key exists");
100
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]101 string keyFileName = m_impl->maintainMapping(keyURI);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]102
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]103 try
104 {
105 switch (keyType)
106 {
107 case KEY_TYPE_RSA:
108 {
109 using namespace CryptoPP;
110 AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]111
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]112 InvertibleRSAFunction privateKey;
113 privateKey.Initialize(rng, keySize);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]114
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]115 string privateKeyFileName = keyFileName + ".pri";
116 Base64Encoder privateKeySink(new FileSink(privateKeyFileName.c_str()));
117 privateKey.DEREncode(privateKeySink);
118 privateKeySink.MessageEnd();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]119
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]120 RSAFunction publicKey(privateKey);
121 string publicKeyFileName = keyFileName + ".pub";
122 Base64Encoder publicKeySink(new FileSink(publicKeyFileName.c_str()));
123 publicKey.DEREncode(publicKeySink);
124 publicKeySink.MessageEnd();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]125
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]126 /*set file permission*/
127 chmod(privateKeyFileName.c_str(), 0000400);
128 chmod(publicKeyFileName.c_str(), 0000444);
129 return;
130 }
131 default:
132 throw Error("Unsupported key type!");
133 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]134 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]135 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]136 {
137 throw Error(e.what());
138 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]139}
140
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]141void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]142SecTpmFile::deleteKeyPairInTpm(const Name& keyName)
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]143{
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]144 boost::filesystem::path publicKeyPath(m_impl->nameTransform(keyName.toUri(), ".pub"));
145 boost::filesystem::path privateKeyPath(m_impl->nameTransform(keyName.toUri(), ".pri"));
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]146
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]147 if (boost::filesystem::exists(publicKeyPath))
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]148 boost::filesystem::remove(publicKeyPath);
149
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]150 if (boost::filesystem::exists(privateKeyPath))
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]151 boost::filesystem::remove(privateKeyPath);
152}
153
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]154shared_ptr<PublicKey>
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]155SecTpmFile::getPublicKeyFromTpm(const Name& keyName)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]156{
157 string keyURI = keyName.toUri();
158
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]159 if (!doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]160 throw Error("Public Key does not exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]161
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]162 ostringstream os;
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]163 try
164 {
165 using namespace CryptoPP;
166 FileSource(m_impl->nameTransform(keyURI, ".pub").string().c_str(),
167 true,
168 new Base64Decoder(new FileSink(os)));
169 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]170 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]171 {
172 throw Error(e.what());
173 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]174
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]175 return make_shared<PublicKey>(reinterpret_cast<const uint8_t*>(os.str().c_str()),
176 os.str().size());
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]177}
178
179ConstBufferPtr
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]180SecTpmFile::exportPrivateKeyPkcs8FromTpm(const Name& keyName)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]181{
182 OBufferStream privateKeyOs;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]183 CryptoPP::FileSource(m_impl->nameTransform(keyName.toUri(), ".pri").string().c_str(), true,
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]184 new CryptoPP::Base64Decoder(new CryptoPP::FileSink(privateKeyOs)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]185
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]186 return privateKeyOs.buf();
187}
188
189bool
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]190SecTpmFile::importPrivateKeyPkcs8IntoTpm(const Name& keyName, const uint8_t* buf, size_t size)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]191{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]192 try
193 {
194 using namespace CryptoPP;
195
196 string keyFileName = m_impl->maintainMapping(keyName.toUri());
197 keyFileName.append(".pri");
198 StringSource(buf, size,
199 true,
200 new Base64Encoder(new FileSink(keyFileName.c_str())));
201 return true;
202 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]203 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]204 {
205 return false;
206 }
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]207}
208
209bool
210SecTpmFile::importPublicKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size)
211{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]212 try
213 {
214 using namespace CryptoPP;
215
216 string keyFileName = m_impl->maintainMapping(keyName.toUri());
217 keyFileName.append(".pub");
218 StringSource(buf, size,
219 true,
220 new Base64Encoder(new FileSink(keyFileName.c_str())));
221 return true;
222 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]223 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]224 {
225 return false;
226 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]227}
228
229Block
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]230SecTpmFile::signInTpm(const uint8_t* data, size_t dataLength,
231 const Name& keyName, DigestAlgorithm digestAlgorithm)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]232{
233 string keyURI = keyName.toUri();
234
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]235 if (!doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]236 throw Error("private key doesn't exists");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]237
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]238 try
239 {
240 using namespace CryptoPP;
241 AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]242
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]243 //Read private key
244 ByteQueue bytes;
245 FileSource file(m_impl->nameTransform(keyURI, ".pri").string().c_str(),
246 true, new Base64Decoder);
247 file.TransferTo(bytes);
248 bytes.MessageEnd();
249 RSA::PrivateKey privateKey;
250 privateKey.Load(bytes);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]251
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]252 //Sign message
253 switch (digestAlgorithm)
254 {
255 case DIGEST_ALGORITHM_SHA256:
256 {
257 RSASS<PKCS1v15, SHA256>::Signer signer(privateKey);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]258
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]259 OBufferStream os;
260 StringSource(data, dataLength,
261 true,
262 new SignerFilter(rng, signer, new FileSink(os)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]263
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]264 return Block(Tlv::SignatureValue, os.buf());
265 }
266 default:
267 throw Error("Unsupported digest algorithm!");
268 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]269 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]270 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]271 {
272 throw Error(e.what());
273 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]274}
275
276
277ConstBufferPtr
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]278SecTpmFile::decryptInTpm(const uint8_t* data, size_t dataLength,
279 const Name& keyName, bool isSymmetric)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]280{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]281 throw Error("SecTpmFile::decryptInTpm is not supported!");
282 // string keyURI = keyName.toUri();
283 // if (!isSymmetric)
284 // {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]285 // if (!doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]286 // throw Error("private key doesn't exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]287
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]288 // try{
289 // using namespace CryptoPP;
290 // AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]291
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]292 // //Read private key
293 // ByteQueue bytes;
294 // FileSource file(m_impl->nameTransform(keyURI, ".pri").string().c_str(), true, new Base64Decoder);
295 // file.TransferTo(bytes);
296 // bytes.MessageEnd();
297 // RSA::PrivateKey privateKey;
298 // privateKey.Load(bytes);
299 // RSAES_PKCS1v15_Decryptor decryptor(privateKey);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]300
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]301 // OBufferStream os;
302 // StringSource(data, dataLength, true, new PK_DecryptorFilter(rng, decryptor, new FileSink(os)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]303
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]304 // return os.buf();
305 // }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]306 // catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]307 // throw Error(e.what());
308 // }
309 // }
310 // else
311 // {
312 // throw Error("Symmetric encryption is not implemented!");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]313 // // if (!doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]314 // // throw Error("symmetric key doesn't exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]315
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]316 // // try{
317 // // string keyBits;
318 // // string symKeyFileName = m_impl->nameTransform(keyURI, ".key");
319 // // FileSource(symKeyFileName, true, new HexDecoder(new StringSink(keyBits)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]320
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]321 // // using CryptoPP::AES;
322 // // AutoSeededRandomPool rnd;
323 // // byte iv[AES::BLOCKSIZE];
324 // // rnd.GenerateBlock(iv, AES::BLOCKSIZE);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]325
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]326 // // CFB_Mode<AES>::Decryption decryptor;
327 // // decryptor.SetKeyWithIV(reinterpret_cast<const uint8_t*>(keyBits.c_str()), keyBits.size(), iv);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]328
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]329 // // OBufferStream os;
330 // // StringSource(data, dataLength, true, new StreamTransformationFilter(decryptor,new FileSink(os)));
331 // // return os.buf();
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]332
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]333 // // }catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]334 // // throw Error(e.what());
335 // // }
336 // }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]337}
338
339ConstBufferPtr
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]340SecTpmFile::encryptInTpm(const uint8_t* data, size_t dataLength,
341 const Name& keyName, bool isSymmetric)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]342{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]343 throw Error("SecTpmFile::encryptInTpm is not supported!");
344 // string keyURI = keyName.toUri();
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]345
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]346 // if (!isSymmetric)
347 // {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]348 // if (!doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]349 // throw Error("public key doesn't exist");
350 // try
351 // {
352 // using namespace CryptoPP;
353 // AutoSeededRandomPool rng;
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]354
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]355 // //Read private key
356 // ByteQueue bytes;
357 // FileSource file(m_impl->nameTransform(keyURI, ".pub").string().c_str(), true, new Base64Decoder);
358 // file.TransferTo(bytes);
359 // bytes.MessageEnd();
360 // RSA::PublicKey publicKey;
361 // publicKey.Load(bytes);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]362
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]363 // OBufferStream os;
364 // RSAES_PKCS1v15_Encryptor encryptor(publicKey);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]365
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]366 // StringSource(data, dataLength, true, new PK_EncryptorFilter(rng, encryptor, new FileSink(os)));
367 // return os.buf();
368 // }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]369 // catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]370 // throw Error(e.what());
371 // }
372 // }
373 // else
374 // {
375 // throw Error("Symmetric encryption is not implemented!");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]376 // // if (!doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]377 // // throw Error("symmetric key doesn't exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]378
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]379 // // try{
380 // // string keyBits;
381 // // string symKeyFileName = m_impl->nameTransform(keyURI, ".key");
382 // // FileSource(symKeyFileName, true, new HexDecoder(new StringSink(keyBits)));
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]383
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]384 // // using CryptoPP::AES;
385 // // AutoSeededRandomPool rnd;
386 // // byte iv[AES::BLOCKSIZE];
387 // // rnd.GenerateBlock(iv, AES::BLOCKSIZE);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]388
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]389 // // CFB_Mode<AES>::Encryption encryptor;
390 // // encryptor.SetKeyWithIV(reinterpret_cast<const uint8_t*>(keyBits.c_str()), keyBits.size(), iv);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]391
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]392 // // OBufferStream os;
393 // // StringSource(data, dataLength, true, new StreamTransformationFilter(encryptor, new FileSink(os)));
394 // // return os.buf();
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]395 // // }catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]396 // // throw Error(e.what());
397 // // }
398 // }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]399}
400
401
402void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]403SecTpmFile::generateSymmetricKeyInTpm(const Name& keyName, KeyType keyType, int keySize)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]404{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]405 throw Error("SecTpmFile::generateSymmetricKeyInTpm is not supported!");
406 // string keyURI = keyName.toUri();
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]407
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]408 // if (doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]409 // throw Error("symmetric key exists");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]410
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]411 // string keyFileName = m_impl->maintainMapping(keyURI);
412 // string symKeyFileName = keyFileName + ".key";
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]413
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]414 // try{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]415 // switch (keyType){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]416 // case KEY_TYPE_AES:
417 // {
418 // using namespace CryptoPP;
419 // AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]420
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]421 // SecByteBlock key(0x00, keySize);
422 // rng.GenerateBlock(key, keySize);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]423
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]424 // StringSource(key, key.size(), true, new HexEncoder(new FileSink(symKeyFileName.c_str())));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]425
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]426 // chmod(symKeyFileName.c_str(), 0000400);
427 // return;
428 // }
429 // default:
430 // throw Error("Unsupported symmetric key type!");
431 // }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]432 // }catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]433 // throw Error(e.what());
434 // }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]435}
436
437bool
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]438SecTpmFile::doesKeyExistInTpm(const Name& keyName, KeyClass keyClass)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]439{
440 string keyURI = keyName.toUri();
441 if (keyClass == KEY_CLASS_PUBLIC)
442 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]443 if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".pub")))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]444 return true;
445 else
446 return false;
447 }
448 if (keyClass == KEY_CLASS_PRIVATE)
449 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]450 if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".pri")))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]451 return true;
452 else
453 return false;
454 }
455 if (keyClass == KEY_CLASS_SYMMETRIC)
456 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]457 if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".key")))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]458 return true;
459 else
460 return false;
461 }
462 return false;
463}
464
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]465bool
466SecTpmFile::generateRandomBlock(uint8_t* res, size_t size)
467{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]468 try
469 {
470 CryptoPP::AutoSeededRandomPool rng;
471 rng.GenerateBlock(res, size);
472 return true;
473 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]474 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]475 {
476 return false;
477 }
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]478}
479
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]480} // namespace ndn