Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 7036ce2cbf05b60f660b3093652d8dcb4f05c9e5 / . / src / security / sec-tpm-file.cpp
blob: 6634f6839330beab4ab51e654428ce81650e8188 [file] [log] [blame]
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]2/**
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]3 * Copyright (c) 2013-2014 Regents of the University of California.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]6 *
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]20 *
21 * @author Xingyu Ma <http://www.linkedin.com/pub/xingyu-ma/1a/384/5a8>
22 * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
23 * @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]24 */
25
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]26#include "common.hpp"
Yingdi Yu04020922014-01-22 12:46:53 -0800[diff] [blame]27
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]28#include "sec-tpm-file.hpp"
Alexander Afanasyev258ec2b2014-05-14 16:15:37 -0700[diff] [blame]29#include "../encoding/buffer-stream.hpp"
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]30
31#include <boost/filesystem.hpp>
32#include <boost/algorithm/string.hpp>
33
Junxiao Shi482ccc52014-03-31 13:05:24 -0700[diff] [blame]34#include "cryptopp.hpp"
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]35
36#include <sys/types.h>
37#include <sys/stat.h>
38
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]39#include <algorithm>
40
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]41namespace ndn {
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]42
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]43using std::string;
44using std::ostringstream;
45using std::ofstream;
46
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]47class SecTpmFile::Impl
48{
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]49public:
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]50 explicit
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]51 Impl(const string& dir)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]52 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]53 if (dir.empty())
Yingdi Yu37e317f2014-03-19 12:16:23 -0700[diff] [blame]54 m_keystorePath = boost::filesystem::path(getenv("HOME")) / ".ndn" / "ndnsec-tpm-file";
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]55 else
56 m_keystorePath = dir;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]57
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]58 boost::filesystem::create_directories(m_keystorePath);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]59 }
60
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]61 boost::filesystem::path
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]62 transformName(const string& keyName, const string& extension)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]63 {
64 using namespace CryptoPP;
65 string digest;
66 SHA256 hash;
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]67 StringSource src(keyName,
68 true,
69 new HashFilter(hash,
70 new Base64Encoder(new CryptoPP::StringSink(digest))));
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]71
72 boost::algorithm::trim(digest);
73 std::replace(digest.begin(), digest.end(), '/', '%');
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]74
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]75 return m_keystorePath / (digest + extension);
76 }
77
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]78 string
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]79 maintainMapping(const string& keyName)
80 {
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]81 string keyFileName = transformName(keyName, "").string();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]82
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]83 ofstream outfile;
84 string dirFile = (m_keystorePath / "mapping.txt").string();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]85
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]86 outfile.open(dirFile.c_str(), std::ios_base::app);
87 outfile << keyName << ' ' << keyFileName << '\n';
88 outfile.close();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]89
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]90 return keyFileName;
91 }
92
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]93public:
94 boost::filesystem::path m_keystorePath;
95};
96
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]97
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]98SecTpmFile::SecTpmFile(const string& dir)
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]99 : m_impl(new Impl(dir))
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]100 , m_inTerminal(false)
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]101{
102}
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]103
104void
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]105SecTpmFile::generateKeyPairInTpm(const Name& keyName, const KeyParams& params)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]106{
107 string keyURI = keyName.toUri();
108
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]109 if (doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]110 throw Error("public key exists");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]111 if (doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]112 throw Error("private key exists");
113
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]114 string keyFileName = m_impl->maintainMapping(keyURI);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]115
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]116 try
117 {
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]118 switch (params.getKeyType())
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]119 {
120 case KEY_TYPE_RSA:
121 {
122 using namespace CryptoPP;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]123
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]124 const RsaKeyParams& rsaParams = static_cast<const RsaKeyParams&>(params);
125 AutoSeededRandomPool rng;
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]126 InvertibleRSAFunction privateKey;
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]127 privateKey.Initialize(rng, rsaParams.getKeySize());
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]128
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]129 string privateKeyFileName = keyFileName + ".pri";
130 Base64Encoder privateKeySink(new FileSink(privateKeyFileName.c_str()));
131 privateKey.DEREncode(privateKeySink);
132 privateKeySink.MessageEnd();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]133
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]134 RSAFunction publicKey(privateKey);
135 string publicKeyFileName = keyFileName + ".pub";
136 Base64Encoder publicKeySink(new FileSink(publicKeyFileName.c_str()));
137 publicKey.DEREncode(publicKeySink);
138 publicKeySink.MessageEnd();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]139
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]140 /*set file permission*/
141 chmod(privateKeyFileName.c_str(), 0000400);
142 chmod(publicKeyFileName.c_str(), 0000444);
143 return;
144 }
145 default:
146 throw Error("Unsupported key type!");
147 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]148 }
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]149 catch (KeyParams::Error& e)
150 {
151 throw Error(e.what());
152 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]153 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]154 {
155 throw Error(e.what());
156 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]157}
158
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]159void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]160SecTpmFile::deleteKeyPairInTpm(const Name& keyName)
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]161{
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]162 boost::filesystem::path publicKeyPath(m_impl->transformName(keyName.toUri(), ".pub"));
163 boost::filesystem::path privateKeyPath(m_impl->transformName(keyName.toUri(), ".pri"));
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]164
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]165 if (boost::filesystem::exists(publicKeyPath))
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]166 boost::filesystem::remove(publicKeyPath);
167
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]168 if (boost::filesystem::exists(privateKeyPath))
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]169 boost::filesystem::remove(privateKeyPath);
170}
171
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]172shared_ptr<PublicKey>
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]173SecTpmFile::getPublicKeyFromTpm(const Name& keyName)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]174{
175 string keyURI = keyName.toUri();
176
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]177 if (!doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]178 throw Error("Public Key does not exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]179
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]180 ostringstream os;
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]181 try
182 {
183 using namespace CryptoPP;
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]184 FileSource(m_impl->transformName(keyURI, ".pub").string().c_str(),
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]185 true,
186 new Base64Decoder(new FileSink(os)));
187 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]188 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]189 {
190 throw Error(e.what());
191 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]192
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]193 return make_shared<PublicKey>(reinterpret_cast<const uint8_t*>(os.str().c_str()),
194 os.str().size());
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]195}
196
197ConstBufferPtr
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]198SecTpmFile::exportPrivateKeyPkcs8FromTpm(const Name& keyName)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]199{
200 OBufferStream privateKeyOs;
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]201 CryptoPP::FileSource(m_impl->transformName(keyName.toUri(), ".pri").string().c_str(), true,
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]202 new CryptoPP::Base64Decoder(new CryptoPP::FileSink(privateKeyOs)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]203
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]204 return privateKeyOs.buf();
205}
206
207bool
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]208SecTpmFile::importPrivateKeyPkcs8IntoTpm(const Name& keyName, const uint8_t* buf, size_t size)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]209{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]210 try
211 {
212 using namespace CryptoPP;
213
214 string keyFileName = m_impl->maintainMapping(keyName.toUri());
215 keyFileName.append(".pri");
216 StringSource(buf, size,
217 true,
218 new Base64Encoder(new FileSink(keyFileName.c_str())));
219 return true;
220 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]221 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]222 {
223 return false;
224 }
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]225}
226
227bool
228SecTpmFile::importPublicKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size)
229{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]230 try
231 {
232 using namespace CryptoPP;
233
234 string keyFileName = m_impl->maintainMapping(keyName.toUri());
235 keyFileName.append(".pub");
236 StringSource(buf, size,
237 true,
238 new Base64Encoder(new FileSink(keyFileName.c_str())));
239 return true;
240 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]241 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]242 {
243 return false;
244 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]245}
246
247Block
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]248SecTpmFile::signInTpm(const uint8_t* data, size_t dataLength,
249 const Name& keyName, DigestAlgorithm digestAlgorithm)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]250{
251 string keyURI = keyName.toUri();
252
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]253 if (!doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]254 throw Error("private key doesn't exists");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]255
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]256 try
257 {
258 using namespace CryptoPP;
259 AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]260
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]261 //Read private key
262 ByteQueue bytes;
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]263 FileSource file(m_impl->transformName(keyURI, ".pri").string().c_str(),
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]264 true, new Base64Decoder);
265 file.TransferTo(bytes);
266 bytes.MessageEnd();
267 RSA::PrivateKey privateKey;
268 privateKey.Load(bytes);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]269
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]270 //Sign message
271 switch (digestAlgorithm)
272 {
273 case DIGEST_ALGORITHM_SHA256:
274 {
275 RSASS<PKCS1v15, SHA256>::Signer signer(privateKey);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]276
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]277 OBufferStream os;
278 StringSource(data, dataLength,
279 true,
280 new SignerFilter(rng, signer, new FileSink(os)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]281
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]282 return Block(Tlv::SignatureValue, os.buf());
283 }
284 default:
285 throw Error("Unsupported digest algorithm!");
286 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]287 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]288 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]289 {
290 throw Error(e.what());
291 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]292}
293
294
295ConstBufferPtr
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]296SecTpmFile::decryptInTpm(const uint8_t* data, size_t dataLength,
297 const Name& keyName, bool isSymmetric)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]298{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]299 throw Error("SecTpmFile::decryptInTpm is not supported!");
300 // string keyURI = keyName.toUri();
301 // if (!isSymmetric)
302 // {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]303 // if (!doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]304 // throw Error("private key doesn't exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]305
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]306 // try{
307 // using namespace CryptoPP;
308 // AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]309
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]310 // //Read private key
311 // ByteQueue bytes;
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]312 // FileSource file(m_impl->transformName(keyURI, ".pri").string().c_str(), true, new Base64Decoder);
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]313 // file.TransferTo(bytes);
314 // bytes.MessageEnd();
315 // RSA::PrivateKey privateKey;
316 // privateKey.Load(bytes);
317 // RSAES_PKCS1v15_Decryptor decryptor(privateKey);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]318
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]319 // OBufferStream os;
320 // StringSource(data, dataLength, true, new PK_DecryptorFilter(rng, decryptor, new FileSink(os)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]321
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]322 // return os.buf();
323 // }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]324 // catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]325 // throw Error(e.what());
326 // }
327 // }
328 // else
329 // {
330 // throw Error("Symmetric encryption is not implemented!");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]331 // // if (!doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]332 // // throw Error("symmetric key doesn't exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]333
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]334 // // try{
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]335 // // string keyBits;
336 // // string symKeyFileName = m_impl->transformName(keyURI, ".key");
337 // // FileSource(symKeyFileName, true, new HexDecoder(new StringSink(keyBits)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]338
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]339 // // using CryptoPP::AES;
340 // // AutoSeededRandomPool rnd;
341 // // byte iv[AES::BLOCKSIZE];
342 // // rnd.GenerateBlock(iv, AES::BLOCKSIZE);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]343
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]344 // // CFB_Mode<AES>::Decryption decryptor;
345 // // decryptor.SetKeyWithIV(reinterpret_cast<const uint8_t*>(keyBits.c_str()), keyBits.size(), iv);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]346
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]347 // // OBufferStream os;
348 // // StringSource(data, dataLength, true, new StreamTransformationFilter(decryptor,new FileSink(os)));
349 // // return os.buf();
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]350
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]351 // // }catch (CryptoPP::Exception& e){
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]352 // // throw Error(e.what());
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]353 // // }
354 // }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]355}
356
357ConstBufferPtr
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]358SecTpmFile::encryptInTpm(const uint8_t* data, size_t dataLength,
359 const Name& keyName, bool isSymmetric)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]360{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]361 throw Error("SecTpmFile::encryptInTpm is not supported!");
362 // string keyURI = keyName.toUri();
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]363
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]364 // if (!isSymmetric)
365 // {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]366 // if (!doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]367 // throw Error("public key doesn't exist");
368 // try
369 // {
370 // using namespace CryptoPP;
371 // AutoSeededRandomPool rng;
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]372
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]373 // //Read private key
374 // ByteQueue bytes;
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]375 // FileSource file(m_impl->transformName(keyURI, ".pub").string().c_str(), true, new Base64Decoder);
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]376 // file.TransferTo(bytes);
377 // bytes.MessageEnd();
378 // RSA::PublicKey publicKey;
379 // publicKey.Load(bytes);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]380
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]381 // OBufferStream os;
382 // RSAES_PKCS1v15_Encryptor encryptor(publicKey);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]383
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]384 // StringSource(data, dataLength, true, new PK_EncryptorFilter(rng, encryptor, new FileSink(os)));
385 // return os.buf();
386 // }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]387 // catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]388 // throw Error(e.what());
389 // }
390 // }
391 // else
392 // {
393 // throw Error("Symmetric encryption is not implemented!");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]394 // // if (!doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]395 // // throw Error("symmetric key doesn't exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]396
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]397 // // try{
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]398 // // string keyBits;
399 // // string symKeyFileName = m_impl->transformName(keyURI, ".key");
400 // // FileSource(symKeyFileName, true, new HexDecoder(new StringSink(keyBits)));
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]401
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]402 // // using CryptoPP::AES;
403 // // AutoSeededRandomPool rnd;
404 // // byte iv[AES::BLOCKSIZE];
405 // // rnd.GenerateBlock(iv, AES::BLOCKSIZE);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]406
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]407 // // CFB_Mode<AES>::Encryption encryptor;
408 // // encryptor.SetKeyWithIV(reinterpret_cast<const uint8_t*>(keyBits.c_str()), keyBits.size(), iv);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]409
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]410 // // OBufferStream os;
411 // // StringSource(data, dataLength, true, new StreamTransformationFilter(encryptor, new FileSink(os)));
412 // // return os.buf();
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]413 // // }catch (CryptoPP::Exception& e){
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]414 // // throw Error(e.what());
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]415 // // }
416 // }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]417}
418
419
420void
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]421SecTpmFile::generateSymmetricKeyInTpm(const Name& keyName, const KeyParams& params)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]422{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]423 throw Error("SecTpmFile::generateSymmetricKeyInTpm is not supported!");
424 // string keyURI = keyName.toUri();
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]425
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]426 // if (doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]427 // throw Error("symmetric key exists");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]428
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]429 // string keyFileName = m_impl->maintainMapping(keyURI);
430 // string symKeyFileName = keyFileName + ".key";
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]431
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]432 // try{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]433 // switch (keyType){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]434 // case KEY_TYPE_AES:
435 // {
436 // using namespace CryptoPP;
437 // AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]438
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]439 // SecByteBlock key(0x00, keySize);
440 // rng.GenerateBlock(key, keySize);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]441
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]442 // StringSource(key, key.size(), true, new HexEncoder(new FileSink(symKeyFileName.c_str())));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]443
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]444 // chmod(symKeyFileName.c_str(), 0000400);
445 // return;
446 // }
447 // default:
448 // throw Error("Unsupported symmetric key type!");
449 // }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]450 // }catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]451 // throw Error(e.what());
452 // }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]453}
454
455bool
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]456SecTpmFile::doesKeyExistInTpm(const Name& keyName, KeyClass keyClass)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]457{
458 string keyURI = keyName.toUri();
459 if (keyClass == KEY_CLASS_PUBLIC)
460 {
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]461 if (boost::filesystem::exists(m_impl->transformName(keyURI, ".pub")))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]462 return true;
463 else
464 return false;
465 }
466 if (keyClass == KEY_CLASS_PRIVATE)
467 {
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]468 if (boost::filesystem::exists(m_impl->transformName(keyURI, ".pri")))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]469 return true;
470 else
471 return false;
472 }
473 if (keyClass == KEY_CLASS_SYMMETRIC)
474 {
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame^]475 if (boost::filesystem::exists(m_impl->transformName(keyURI, ".key")))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]476 return true;
477 else
478 return false;
479 }
480 return false;
481}
482
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]483bool
484SecTpmFile::generateRandomBlock(uint8_t* res, size_t size)
485{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]486 try
487 {
488 CryptoPP::AutoSeededRandomPool rng;
489 rng.GenerateBlock(res, size);
490 return true;
491 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]492 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]493 {
494 return false;
495 }
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]496}
497
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]498} // namespace ndn