Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / c169a81a5caf3cb4dc14a0258719bc1ef09663cc / . / src / security / sec-tpm-file.cpp
blob: c8b460cb2a91bc9f8043f1660a1e91e82e96d59e [file] [log] [blame]
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame^]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]2/**
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame^]3 * Copyright (c) 2013-2014 Regents of the University of California.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]6 *
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame^]7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]20 *
21 * @author Xingyu Ma <http://www.linkedin.com/pub/xingyu-ma/1a/384/5a8>
22 * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
23 * @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]24 */
25
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]26#include "common.hpp"
Yingdi Yu04020922014-01-22 12:46:53 -0800[diff] [blame]27
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]28#include "sec-tpm-file.hpp"
Alexander Afanasyev258ec2b2014-05-14 16:15:37 -0700[diff] [blame]29#include "../encoding/buffer-stream.hpp"
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]30
31#include <boost/filesystem.hpp>
32#include <boost/algorithm/string.hpp>
33
Junxiao Shi482ccc52014-03-31 13:05:24 -0700[diff] [blame]34#include "cryptopp.hpp"
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]35
36#include <sys/types.h>
37#include <sys/stat.h>
38
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]39#include <algorithm>
40
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]41using namespace std;
42
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]43namespace ndn {
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]44
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]45class SecTpmFile::Impl
46{
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]47public:
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]48 Impl(const string& dir)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]49 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]50 if (dir.empty())
Yingdi Yu37e317f2014-03-19 12:16:23 -0700[diff] [blame]51 m_keystorePath = boost::filesystem::path(getenv("HOME")) / ".ndn" / "ndnsec-tpm-file";
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]52 else
53 m_keystorePath = dir;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]54
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]55 boost::filesystem::create_directories (m_keystorePath);
56 }
57
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]58 boost::filesystem::path
59 nameTransform(const string& keyName, const string& extension)
60 {
61 using namespace CryptoPP;
62 string digest;
63 SHA256 hash;
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]64 StringSource src(keyName,
65 true,
66 new HashFilter(hash,
67 new Base64Encoder(new CryptoPP::StringSink(digest))));
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]68
69 boost::algorithm::trim(digest);
70 std::replace(digest.begin(), digest.end(), '/', '%');
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]71
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]72 return m_keystorePath / (digest + extension);
73 }
74
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]75 string
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]76 maintainMapping(const string& keyName)
77 {
78 string keyFileName = nameTransform(keyName, "").string();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]79
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]80 ofstream outfile;
81 string dirFile = (m_keystorePath / "mapping.txt").string();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]82
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]83 outfile.open(dirFile.c_str(), std::ios_base::app);
84 outfile << keyName << ' ' << keyFileName << '\n';
85 outfile.close();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]86
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]87 return keyFileName;
88 }
89
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]90public:
91 boost::filesystem::path m_keystorePath;
92};
93
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]94
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]95SecTpmFile::SecTpmFile(const string& dir)
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]96 : m_impl(new Impl(dir))
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]97 , m_inTerminal(false)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]98{}
99
100void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]101SecTpmFile::generateKeyPairInTpm(const Name& keyName, KeyType keyType, int keySize)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]102{
103 string keyURI = keyName.toUri();
104
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]105 if (doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]106 throw Error("public key exists");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]107 if (doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]108 throw Error("private key exists");
109
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]110 string keyFileName = m_impl->maintainMapping(keyURI);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]111
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]112 try
113 {
114 switch (keyType)
115 {
116 case KEY_TYPE_RSA:
117 {
118 using namespace CryptoPP;
119 AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]120
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]121 InvertibleRSAFunction privateKey;
122 privateKey.Initialize(rng, keySize);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]123
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]124 string privateKeyFileName = keyFileName + ".pri";
125 Base64Encoder privateKeySink(new FileSink(privateKeyFileName.c_str()));
126 privateKey.DEREncode(privateKeySink);
127 privateKeySink.MessageEnd();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]128
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]129 RSAFunction publicKey(privateKey);
130 string publicKeyFileName = keyFileName + ".pub";
131 Base64Encoder publicKeySink(new FileSink(publicKeyFileName.c_str()));
132 publicKey.DEREncode(publicKeySink);
133 publicKeySink.MessageEnd();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]134
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]135 /*set file permission*/
136 chmod(privateKeyFileName.c_str(), 0000400);
137 chmod(publicKeyFileName.c_str(), 0000444);
138 return;
139 }
140 default:
141 throw Error("Unsupported key type!");
142 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]143 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]144 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]145 {
146 throw Error(e.what());
147 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]148}
149
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]150void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]151SecTpmFile::deleteKeyPairInTpm(const Name& keyName)
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]152{
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]153 boost::filesystem::path publicKeyPath(m_impl->nameTransform(keyName.toUri(), ".pub"));
154 boost::filesystem::path privateKeyPath(m_impl->nameTransform(keyName.toUri(), ".pri"));
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]155
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]156 if (boost::filesystem::exists(publicKeyPath))
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]157 boost::filesystem::remove(publicKeyPath);
158
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]159 if (boost::filesystem::exists(privateKeyPath))
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]160 boost::filesystem::remove(privateKeyPath);
161}
162
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]163shared_ptr<PublicKey>
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]164SecTpmFile::getPublicKeyFromTpm(const Name& keyName)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]165{
166 string keyURI = keyName.toUri();
167
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]168 if (!doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]169 throw Error("Public Key does not exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]170
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]171 ostringstream os;
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]172 try
173 {
174 using namespace CryptoPP;
175 FileSource(m_impl->nameTransform(keyURI, ".pub").string().c_str(),
176 true,
177 new Base64Decoder(new FileSink(os)));
178 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]179 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]180 {
181 throw Error(e.what());
182 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]183
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]184 return make_shared<PublicKey>(reinterpret_cast<const uint8_t*>(os.str().c_str()),
185 os.str().size());
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]186}
187
188ConstBufferPtr
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]189SecTpmFile::exportPrivateKeyPkcs8FromTpm(const Name& keyName)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]190{
191 OBufferStream privateKeyOs;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]192 CryptoPP::FileSource(m_impl->nameTransform(keyName.toUri(), ".pri").string().c_str(), true,
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]193 new CryptoPP::Base64Decoder(new CryptoPP::FileSink(privateKeyOs)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]194
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]195 return privateKeyOs.buf();
196}
197
198bool
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]199SecTpmFile::importPrivateKeyPkcs8IntoTpm(const Name& keyName, const uint8_t* buf, size_t size)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]200{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]201 try
202 {
203 using namespace CryptoPP;
204
205 string keyFileName = m_impl->maintainMapping(keyName.toUri());
206 keyFileName.append(".pri");
207 StringSource(buf, size,
208 true,
209 new Base64Encoder(new FileSink(keyFileName.c_str())));
210 return true;
211 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]212 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]213 {
214 return false;
215 }
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]216}
217
218bool
219SecTpmFile::importPublicKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size)
220{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]221 try
222 {
223 using namespace CryptoPP;
224
225 string keyFileName = m_impl->maintainMapping(keyName.toUri());
226 keyFileName.append(".pub");
227 StringSource(buf, size,
228 true,
229 new Base64Encoder(new FileSink(keyFileName.c_str())));
230 return true;
231 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]232 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]233 {
234 return false;
235 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]236}
237
238Block
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]239SecTpmFile::signInTpm(const uint8_t* data, size_t dataLength,
240 const Name& keyName, DigestAlgorithm digestAlgorithm)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]241{
242 string keyURI = keyName.toUri();
243
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]244 if (!doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]245 throw Error("private key doesn't exists");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]246
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]247 try
248 {
249 using namespace CryptoPP;
250 AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]251
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]252 //Read private key
253 ByteQueue bytes;
254 FileSource file(m_impl->nameTransform(keyURI, ".pri").string().c_str(),
255 true, new Base64Decoder);
256 file.TransferTo(bytes);
257 bytes.MessageEnd();
258 RSA::PrivateKey privateKey;
259 privateKey.Load(bytes);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]260
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]261 //Sign message
262 switch (digestAlgorithm)
263 {
264 case DIGEST_ALGORITHM_SHA256:
265 {
266 RSASS<PKCS1v15, SHA256>::Signer signer(privateKey);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]267
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]268 OBufferStream os;
269 StringSource(data, dataLength,
270 true,
271 new SignerFilter(rng, signer, new FileSink(os)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]272
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]273 return Block(Tlv::SignatureValue, os.buf());
274 }
275 default:
276 throw Error("Unsupported digest algorithm!");
277 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]278 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]279 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]280 {
281 throw Error(e.what());
282 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]283}
284
285
286ConstBufferPtr
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]287SecTpmFile::decryptInTpm(const uint8_t* data, size_t dataLength,
288 const Name& keyName, bool isSymmetric)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]289{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]290 throw Error("SecTpmFile::decryptInTpm is not supported!");
291 // string keyURI = keyName.toUri();
292 // if (!isSymmetric)
293 // {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]294 // if (!doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]295 // throw Error("private key doesn't exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]296
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]297 // try{
298 // using namespace CryptoPP;
299 // AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]300
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]301 // //Read private key
302 // ByteQueue bytes;
303 // FileSource file(m_impl->nameTransform(keyURI, ".pri").string().c_str(), true, new Base64Decoder);
304 // file.TransferTo(bytes);
305 // bytes.MessageEnd();
306 // RSA::PrivateKey privateKey;
307 // privateKey.Load(bytes);
308 // RSAES_PKCS1v15_Decryptor decryptor(privateKey);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]309
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]310 // OBufferStream os;
311 // StringSource(data, dataLength, true, new PK_DecryptorFilter(rng, decryptor, new FileSink(os)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]312
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]313 // return os.buf();
314 // }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]315 // catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]316 // throw Error(e.what());
317 // }
318 // }
319 // else
320 // {
321 // throw Error("Symmetric encryption is not implemented!");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]322 // // if (!doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]323 // // throw Error("symmetric key doesn't exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]324
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]325 // // try{
326 // // string keyBits;
327 // // string symKeyFileName = m_impl->nameTransform(keyURI, ".key");
328 // // FileSource(symKeyFileName, true, new HexDecoder(new StringSink(keyBits)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]329
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]330 // // using CryptoPP::AES;
331 // // AutoSeededRandomPool rnd;
332 // // byte iv[AES::BLOCKSIZE];
333 // // rnd.GenerateBlock(iv, AES::BLOCKSIZE);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]334
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]335 // // CFB_Mode<AES>::Decryption decryptor;
336 // // decryptor.SetKeyWithIV(reinterpret_cast<const uint8_t*>(keyBits.c_str()), keyBits.size(), iv);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]337
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]338 // // OBufferStream os;
339 // // StringSource(data, dataLength, true, new StreamTransformationFilter(decryptor,new FileSink(os)));
340 // // return os.buf();
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]341
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]342 // // }catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]343 // // throw Error(e.what());
344 // // }
345 // }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]346}
347
348ConstBufferPtr
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]349SecTpmFile::encryptInTpm(const uint8_t* data, size_t dataLength,
350 const Name& keyName, bool isSymmetric)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]351{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]352 throw Error("SecTpmFile::encryptInTpm is not supported!");
353 // string keyURI = keyName.toUri();
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]354
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]355 // if (!isSymmetric)
356 // {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]357 // if (!doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]358 // throw Error("public key doesn't exist");
359 // try
360 // {
361 // using namespace CryptoPP;
362 // AutoSeededRandomPool rng;
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]363
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]364 // //Read private key
365 // ByteQueue bytes;
366 // FileSource file(m_impl->nameTransform(keyURI, ".pub").string().c_str(), true, new Base64Decoder);
367 // file.TransferTo(bytes);
368 // bytes.MessageEnd();
369 // RSA::PublicKey publicKey;
370 // publicKey.Load(bytes);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]371
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]372 // OBufferStream os;
373 // RSAES_PKCS1v15_Encryptor encryptor(publicKey);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]374
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]375 // StringSource(data, dataLength, true, new PK_EncryptorFilter(rng, encryptor, new FileSink(os)));
376 // return os.buf();
377 // }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]378 // catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]379 // throw Error(e.what());
380 // }
381 // }
382 // else
383 // {
384 // throw Error("Symmetric encryption is not implemented!");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]385 // // if (!doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]386 // // throw Error("symmetric key doesn't exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]387
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]388 // // try{
389 // // string keyBits;
390 // // string symKeyFileName = m_impl->nameTransform(keyURI, ".key");
391 // // FileSource(symKeyFileName, true, new HexDecoder(new StringSink(keyBits)));
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]392
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]393 // // using CryptoPP::AES;
394 // // AutoSeededRandomPool rnd;
395 // // byte iv[AES::BLOCKSIZE];
396 // // rnd.GenerateBlock(iv, AES::BLOCKSIZE);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]397
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]398 // // CFB_Mode<AES>::Encryption encryptor;
399 // // encryptor.SetKeyWithIV(reinterpret_cast<const uint8_t*>(keyBits.c_str()), keyBits.size(), iv);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]400
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]401 // // OBufferStream os;
402 // // StringSource(data, dataLength, true, new StreamTransformationFilter(encryptor, new FileSink(os)));
403 // // return os.buf();
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]404 // // }catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]405 // // throw Error(e.what());
406 // // }
407 // }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]408}
409
410
411void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]412SecTpmFile::generateSymmetricKeyInTpm(const Name& keyName, KeyType keyType, int keySize)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]413{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]414 throw Error("SecTpmFile::generateSymmetricKeyInTpm is not supported!");
415 // string keyURI = keyName.toUri();
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]416
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]417 // if (doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]418 // throw Error("symmetric key exists");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]419
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]420 // string keyFileName = m_impl->maintainMapping(keyURI);
421 // string symKeyFileName = keyFileName + ".key";
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]422
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]423 // try{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]424 // switch (keyType){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]425 // case KEY_TYPE_AES:
426 // {
427 // using namespace CryptoPP;
428 // AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]429
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]430 // SecByteBlock key(0x00, keySize);
431 // rng.GenerateBlock(key, keySize);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]432
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]433 // StringSource(key, key.size(), true, new HexEncoder(new FileSink(symKeyFileName.c_str())));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]434
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]435 // chmod(symKeyFileName.c_str(), 0000400);
436 // return;
437 // }
438 // default:
439 // throw Error("Unsupported symmetric key type!");
440 // }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]441 // }catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]442 // throw Error(e.what());
443 // }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]444}
445
446bool
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]447SecTpmFile::doesKeyExistInTpm(const Name& keyName, KeyClass keyClass)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]448{
449 string keyURI = keyName.toUri();
450 if (keyClass == KEY_CLASS_PUBLIC)
451 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]452 if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".pub")))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]453 return true;
454 else
455 return false;
456 }
457 if (keyClass == KEY_CLASS_PRIVATE)
458 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]459 if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".pri")))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]460 return true;
461 else
462 return false;
463 }
464 if (keyClass == KEY_CLASS_SYMMETRIC)
465 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]466 if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".key")))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]467 return true;
468 else
469 return false;
470 }
471 return false;
472}
473
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]474bool
475SecTpmFile::generateRandomBlock(uint8_t* res, size_t size)
476{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]477 try
478 {
479 CryptoPP::AutoSeededRandomPool rng;
480 rng.GenerateBlock(res, size);
481 return true;
482 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]483 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]484 {
485 return false;
486 }
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]487}
488
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]489} // namespace ndn