Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 766cea79319cadb3e2369f1469b82cee145f1d7d / . / src / security / sec-tpm-file.cpp
blob: 94ed510361967369328eb65747b312eca6d04588 [file] [log] [blame]
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/**
3 * Copyright (C) 2013 Regents of the University of California.
4 * @author: Xingyu Ma <maxy12@cs.ucla.edu>
5 * Alexander Afanasyev <alexander.afanasyev@ucla.edu>
6 * Yingdi Yu <yingdi@cs.ucla.edu>
7 * See COPYING for copyright and distribution information.
8 */
9
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]10#include "common.hpp"
Yingdi Yu04020922014-01-22 12:46:53 -0800[diff] [blame]11
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]12#include "sec-tpm-file.hpp"
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]13
14#include <boost/filesystem.hpp>
15#include <boost/algorithm/string.hpp>
16
Junxiao Shi482ccc52014-03-31 13:05:24 -0700[diff] [blame]17#include "cryptopp.hpp"
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]18
19#include <sys/types.h>
20#include <sys/stat.h>
21
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]22#include <algorithm>
23
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]24using namespace std;
25
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]26namespace ndn {
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]27
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]28class SecTpmFile::Impl
29{
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]30public:
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]31 Impl(const string& dir)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]32 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]33 if (dir.empty())
Yingdi Yu37e317f2014-03-19 12:16:23 -0700[diff] [blame]34 m_keystorePath = boost::filesystem::path(getenv("HOME")) / ".ndn" / "ndnsec-tpm-file";
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]35 else
36 m_keystorePath = dir;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]37
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]38 boost::filesystem::create_directories (m_keystorePath);
39 }
40
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]41 boost::filesystem::path
42 nameTransform(const string& keyName, const string& extension)
43 {
44 using namespace CryptoPP;
45 string digest;
46 SHA256 hash;
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]47 StringSource src(keyName,
48 true,
49 new HashFilter(hash,
50 new Base64Encoder(new CryptoPP::StringSink(digest))));
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]51
52 boost::algorithm::trim(digest);
53 std::replace(digest.begin(), digest.end(), '/', '%');
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]54
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]55 return m_keystorePath / (digest + extension);
56 }
57
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]58 string
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]59 maintainMapping(const string& keyName)
60 {
61 string keyFileName = nameTransform(keyName, "").string();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]62
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]63 ofstream outfile;
64 string dirFile = (m_keystorePath / "mapping.txt").string();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]65
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]66 outfile.open(dirFile.c_str(), std::ios_base::app);
67 outfile << keyName << ' ' << keyFileName << '\n';
68 outfile.close();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]69
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]70 return keyFileName;
71 }
72
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]73public:
74 boost::filesystem::path m_keystorePath;
75};
76
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]77
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]78SecTpmFile::SecTpmFile(const string& dir)
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]79 : m_impl(new Impl(dir))
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]80 , m_inTerminal(false)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]81{}
82
83void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]84SecTpmFile::generateKeyPairInTpm(const Name& keyName, KeyType keyType, int keySize)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]85{
86 string keyURI = keyName.toUri();
87
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]88 if (doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]89 throw Error("public key exists");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]90 if (doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]91 throw Error("private key exists");
92
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]93 string keyFileName = m_impl->maintainMapping(keyURI);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]94
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]95 try
96 {
97 switch (keyType)
98 {
99 case KEY_TYPE_RSA:
100 {
101 using namespace CryptoPP;
102 AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]103
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]104 InvertibleRSAFunction privateKey;
105 privateKey.Initialize(rng, keySize);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]106
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]107 string privateKeyFileName = keyFileName + ".pri";
108 Base64Encoder privateKeySink(new FileSink(privateKeyFileName.c_str()));
109 privateKey.DEREncode(privateKeySink);
110 privateKeySink.MessageEnd();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]111
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]112 RSAFunction publicKey(privateKey);
113 string publicKeyFileName = keyFileName + ".pub";
114 Base64Encoder publicKeySink(new FileSink(publicKeyFileName.c_str()));
115 publicKey.DEREncode(publicKeySink);
116 publicKeySink.MessageEnd();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]117
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]118 /*set file permission*/
119 chmod(privateKeyFileName.c_str(), 0000400);
120 chmod(publicKeyFileName.c_str(), 0000444);
121 return;
122 }
123 default:
124 throw Error("Unsupported key type!");
125 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]126 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]127 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]128 {
129 throw Error(e.what());
130 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]131}
132
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]133void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]134SecTpmFile::deleteKeyPairInTpm(const Name& keyName)
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]135{
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]136 boost::filesystem::path publicKeyPath(m_impl->nameTransform(keyName.toUri(), ".pub"));
137 boost::filesystem::path privateKeyPath(m_impl->nameTransform(keyName.toUri(), ".pri"));
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]138
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]139 if (boost::filesystem::exists(publicKeyPath))
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]140 boost::filesystem::remove(publicKeyPath);
141
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]142 if (boost::filesystem::exists(privateKeyPath))
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]143 boost::filesystem::remove(privateKeyPath);
144}
145
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]146shared_ptr<PublicKey>
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]147SecTpmFile::getPublicKeyFromTpm(const Name& keyName)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]148{
149 string keyURI = keyName.toUri();
150
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]151 if (!doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]152 throw Error("Public Key does not exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]153
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]154 ostringstream os;
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]155 try
156 {
157 using namespace CryptoPP;
158 FileSource(m_impl->nameTransform(keyURI, ".pub").string().c_str(),
159 true,
160 new Base64Decoder(new FileSink(os)));
161 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]162 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]163 {
164 throw Error(e.what());
165 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]166
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]167 return make_shared<PublicKey>(reinterpret_cast<const uint8_t*>(os.str().c_str()),
168 os.str().size());
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]169}
170
171ConstBufferPtr
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]172SecTpmFile::exportPrivateKeyPkcs8FromTpm(const Name& keyName)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]173{
174 OBufferStream privateKeyOs;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]175 CryptoPP::FileSource(m_impl->nameTransform(keyName.toUri(), ".pri").string().c_str(), true,
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]176 new CryptoPP::Base64Decoder(new CryptoPP::FileSink(privateKeyOs)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]177
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]178 return privateKeyOs.buf();
179}
180
181bool
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]182SecTpmFile::importPrivateKeyPkcs8IntoTpm(const Name& keyName, const uint8_t* buf, size_t size)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]183{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]184 try
185 {
186 using namespace CryptoPP;
187
188 string keyFileName = m_impl->maintainMapping(keyName.toUri());
189 keyFileName.append(".pri");
190 StringSource(buf, size,
191 true,
192 new Base64Encoder(new FileSink(keyFileName.c_str())));
193 return true;
194 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]195 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]196 {
197 return false;
198 }
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]199}
200
201bool
202SecTpmFile::importPublicKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size)
203{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]204 try
205 {
206 using namespace CryptoPP;
207
208 string keyFileName = m_impl->maintainMapping(keyName.toUri());
209 keyFileName.append(".pub");
210 StringSource(buf, size,
211 true,
212 new Base64Encoder(new FileSink(keyFileName.c_str())));
213 return true;
214 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]215 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]216 {
217 return false;
218 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]219}
220
221Block
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]222SecTpmFile::signInTpm(const uint8_t* data, size_t dataLength,
223 const Name& keyName, DigestAlgorithm digestAlgorithm)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]224{
225 string keyURI = keyName.toUri();
226
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]227 if (!doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]228 throw Error("private key doesn't exists");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]229
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]230 try
231 {
232 using namespace CryptoPP;
233 AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]234
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]235 //Read private key
236 ByteQueue bytes;
237 FileSource file(m_impl->nameTransform(keyURI, ".pri").string().c_str(),
238 true, new Base64Decoder);
239 file.TransferTo(bytes);
240 bytes.MessageEnd();
241 RSA::PrivateKey privateKey;
242 privateKey.Load(bytes);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]243
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]244 //Sign message
245 switch (digestAlgorithm)
246 {
247 case DIGEST_ALGORITHM_SHA256:
248 {
249 RSASS<PKCS1v15, SHA256>::Signer signer(privateKey);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]250
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]251 OBufferStream os;
252 StringSource(data, dataLength,
253 true,
254 new SignerFilter(rng, signer, new FileSink(os)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]255
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]256 return Block(Tlv::SignatureValue, os.buf());
257 }
258 default:
259 throw Error("Unsupported digest algorithm!");
260 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]261 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]262 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]263 {
264 throw Error(e.what());
265 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]266}
267
268
269ConstBufferPtr
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]270SecTpmFile::decryptInTpm(const uint8_t* data, size_t dataLength,
271 const Name& keyName, bool isSymmetric)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]272{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]273 throw Error("SecTpmFile::decryptInTpm is not supported!");
274 // string keyURI = keyName.toUri();
275 // if (!isSymmetric)
276 // {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]277 // if (!doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]278 // throw Error("private key doesn't exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]279
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]280 // try{
281 // using namespace CryptoPP;
282 // AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]283
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]284 // //Read private key
285 // ByteQueue bytes;
286 // FileSource file(m_impl->nameTransform(keyURI, ".pri").string().c_str(), true, new Base64Decoder);
287 // file.TransferTo(bytes);
288 // bytes.MessageEnd();
289 // RSA::PrivateKey privateKey;
290 // privateKey.Load(bytes);
291 // RSAES_PKCS1v15_Decryptor decryptor(privateKey);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]292
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]293 // OBufferStream os;
294 // StringSource(data, dataLength, true, new PK_DecryptorFilter(rng, decryptor, new FileSink(os)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]295
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]296 // return os.buf();
297 // }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]298 // catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]299 // throw Error(e.what());
300 // }
301 // }
302 // else
303 // {
304 // throw Error("Symmetric encryption is not implemented!");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]305 // // if (!doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]306 // // throw Error("symmetric key doesn't exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]307
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]308 // // try{
309 // // string keyBits;
310 // // string symKeyFileName = m_impl->nameTransform(keyURI, ".key");
311 // // FileSource(symKeyFileName, true, new HexDecoder(new StringSink(keyBits)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]312
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]313 // // using CryptoPP::AES;
314 // // AutoSeededRandomPool rnd;
315 // // byte iv[AES::BLOCKSIZE];
316 // // rnd.GenerateBlock(iv, AES::BLOCKSIZE);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]317
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]318 // // CFB_Mode<AES>::Decryption decryptor;
319 // // decryptor.SetKeyWithIV(reinterpret_cast<const uint8_t*>(keyBits.c_str()), keyBits.size(), iv);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]320
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]321 // // OBufferStream os;
322 // // StringSource(data, dataLength, true, new StreamTransformationFilter(decryptor,new FileSink(os)));
323 // // return os.buf();
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]324
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]325 // // }catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]326 // // throw Error(e.what());
327 // // }
328 // }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]329}
330
331ConstBufferPtr
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]332SecTpmFile::encryptInTpm(const uint8_t* data, size_t dataLength,
333 const Name& keyName, bool isSymmetric)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]334{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]335 throw Error("SecTpmFile::encryptInTpm is not supported!");
336 // string keyURI = keyName.toUri();
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]337
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]338 // if (!isSymmetric)
339 // {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]340 // if (!doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]341 // throw Error("public key doesn't exist");
342 // try
343 // {
344 // using namespace CryptoPP;
345 // AutoSeededRandomPool rng;
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]346
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]347 // //Read private key
348 // ByteQueue bytes;
349 // FileSource file(m_impl->nameTransform(keyURI, ".pub").string().c_str(), true, new Base64Decoder);
350 // file.TransferTo(bytes);
351 // bytes.MessageEnd();
352 // RSA::PublicKey publicKey;
353 // publicKey.Load(bytes);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]354
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]355 // OBufferStream os;
356 // RSAES_PKCS1v15_Encryptor encryptor(publicKey);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]357
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]358 // StringSource(data, dataLength, true, new PK_EncryptorFilter(rng, encryptor, new FileSink(os)));
359 // return os.buf();
360 // }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]361 // catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]362 // throw Error(e.what());
363 // }
364 // }
365 // else
366 // {
367 // throw Error("Symmetric encryption is not implemented!");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]368 // // if (!doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]369 // // throw Error("symmetric key doesn't exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]370
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]371 // // try{
372 // // string keyBits;
373 // // string symKeyFileName = m_impl->nameTransform(keyURI, ".key");
374 // // FileSource(symKeyFileName, true, new HexDecoder(new StringSink(keyBits)));
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]375
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]376 // // using CryptoPP::AES;
377 // // AutoSeededRandomPool rnd;
378 // // byte iv[AES::BLOCKSIZE];
379 // // rnd.GenerateBlock(iv, AES::BLOCKSIZE);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]380
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]381 // // CFB_Mode<AES>::Encryption encryptor;
382 // // encryptor.SetKeyWithIV(reinterpret_cast<const uint8_t*>(keyBits.c_str()), keyBits.size(), iv);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]383
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]384 // // OBufferStream os;
385 // // StringSource(data, dataLength, true, new StreamTransformationFilter(encryptor, new FileSink(os)));
386 // // return os.buf();
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]387 // // }catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]388 // // throw Error(e.what());
389 // // }
390 // }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]391}
392
393
394void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]395SecTpmFile::generateSymmetricKeyInTpm(const Name& keyName, KeyType keyType, int keySize)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]396{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]397 throw Error("SecTpmFile::generateSymmetricKeyInTpm is not supported!");
398 // string keyURI = keyName.toUri();
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]399
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]400 // if (doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]401 // throw Error("symmetric key exists");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]402
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]403 // string keyFileName = m_impl->maintainMapping(keyURI);
404 // string symKeyFileName = keyFileName + ".key";
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]405
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]406 // try{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]407 // switch (keyType){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]408 // case KEY_TYPE_AES:
409 // {
410 // using namespace CryptoPP;
411 // AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]412
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]413 // SecByteBlock key(0x00, keySize);
414 // rng.GenerateBlock(key, keySize);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]415
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]416 // StringSource(key, key.size(), true, new HexEncoder(new FileSink(symKeyFileName.c_str())));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]417
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]418 // chmod(symKeyFileName.c_str(), 0000400);
419 // return;
420 // }
421 // default:
422 // throw Error("Unsupported symmetric key type!");
423 // }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]424 // }catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]425 // throw Error(e.what());
426 // }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]427}
428
429bool
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]430SecTpmFile::doesKeyExistInTpm(const Name& keyName, KeyClass keyClass)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]431{
432 string keyURI = keyName.toUri();
433 if (keyClass == KEY_CLASS_PUBLIC)
434 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]435 if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".pub")))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]436 return true;
437 else
438 return false;
439 }
440 if (keyClass == KEY_CLASS_PRIVATE)
441 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]442 if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".pri")))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]443 return true;
444 else
445 return false;
446 }
447 if (keyClass == KEY_CLASS_SYMMETRIC)
448 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]449 if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".key")))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]450 return true;
451 else
452 return false;
453 }
454 return false;
455}
456
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]457bool
458SecTpmFile::generateRandomBlock(uint8_t* res, size_t size)
459{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]460 try
461 {
462 CryptoPP::AutoSeededRandomPool rng;
463 rng.GenerateBlock(res, size);
464 return true;
465 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]466 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]467 {
468 return false;
469 }
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]470}
471
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]472} // namespace ndn