Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / dfa52c4400de8a576ea8b206135020cabe8d158d / . / src / security / sec-tpm-file.cpp
blob: c49fcd7169b4a534de8665b3302cb5db84730d52 [file] [log] [blame]
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/**
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame^]3 * Copyright (c) 2013-2014, Regents of the University of California.
4 * All rights reserved.
5 *
6 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
7 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
8 *
9 * This file licensed under New BSD License. See COPYING for detailed information about
10 * ndn-cxx library copyright, permissions, and redistribution restrictions.
11 *
12 * @author Xingyu Ma <http://www.linkedin.com/pub/xingyu-ma/1a/384/5a8>
13 * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
14 * @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]15 */
16
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]17#include "common.hpp"
Yingdi Yu04020922014-01-22 12:46:53 -0800[diff] [blame]18
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]19#include "sec-tpm-file.hpp"
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]20
21#include <boost/filesystem.hpp>
22#include <boost/algorithm/string.hpp>
23
Junxiao Shi482ccc52014-03-31 13:05:24 -0700[diff] [blame]24#include "cryptopp.hpp"
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]25
26#include <sys/types.h>
27#include <sys/stat.h>
28
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]29#include <algorithm>
30
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]31using namespace std;
32
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]33namespace ndn {
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]34
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]35class SecTpmFile::Impl
36{
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]37public:
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]38 Impl(const string& dir)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]39 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]40 if (dir.empty())
Yingdi Yu37e317f2014-03-19 12:16:23 -0700[diff] [blame]41 m_keystorePath = boost::filesystem::path(getenv("HOME")) / ".ndn" / "ndnsec-tpm-file";
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]42 else
43 m_keystorePath = dir;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]44
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]45 boost::filesystem::create_directories (m_keystorePath);
46 }
47
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]48 boost::filesystem::path
49 nameTransform(const string& keyName, const string& extension)
50 {
51 using namespace CryptoPP;
52 string digest;
53 SHA256 hash;
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]54 StringSource src(keyName,
55 true,
56 new HashFilter(hash,
57 new Base64Encoder(new CryptoPP::StringSink(digest))));
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]58
59 boost::algorithm::trim(digest);
60 std::replace(digest.begin(), digest.end(), '/', '%');
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]61
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]62 return m_keystorePath / (digest + extension);
63 }
64
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]65 string
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]66 maintainMapping(const string& keyName)
67 {
68 string keyFileName = nameTransform(keyName, "").string();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]69
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]70 ofstream outfile;
71 string dirFile = (m_keystorePath / "mapping.txt").string();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]72
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]73 outfile.open(dirFile.c_str(), std::ios_base::app);
74 outfile << keyName << ' ' << keyFileName << '\n';
75 outfile.close();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]76
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]77 return keyFileName;
78 }
79
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]80public:
81 boost::filesystem::path m_keystorePath;
82};
83
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]84
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]85SecTpmFile::SecTpmFile(const string& dir)
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]86 : m_impl(new Impl(dir))
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]87 , m_inTerminal(false)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]88{}
89
90void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]91SecTpmFile::generateKeyPairInTpm(const Name& keyName, KeyType keyType, int keySize)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]92{
93 string keyURI = keyName.toUri();
94
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]95 if (doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]96 throw Error("public key exists");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]97 if (doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]98 throw Error("private key exists");
99
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]100 string keyFileName = m_impl->maintainMapping(keyURI);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]101
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]102 try
103 {
104 switch (keyType)
105 {
106 case KEY_TYPE_RSA:
107 {
108 using namespace CryptoPP;
109 AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]110
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]111 InvertibleRSAFunction privateKey;
112 privateKey.Initialize(rng, keySize);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]113
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]114 string privateKeyFileName = keyFileName + ".pri";
115 Base64Encoder privateKeySink(new FileSink(privateKeyFileName.c_str()));
116 privateKey.DEREncode(privateKeySink);
117 privateKeySink.MessageEnd();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]118
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]119 RSAFunction publicKey(privateKey);
120 string publicKeyFileName = keyFileName + ".pub";
121 Base64Encoder publicKeySink(new FileSink(publicKeyFileName.c_str()));
122 publicKey.DEREncode(publicKeySink);
123 publicKeySink.MessageEnd();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]124
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]125 /*set file permission*/
126 chmod(privateKeyFileName.c_str(), 0000400);
127 chmod(publicKeyFileName.c_str(), 0000444);
128 return;
129 }
130 default:
131 throw Error("Unsupported key type!");
132 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]133 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]134 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]135 {
136 throw Error(e.what());
137 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]138}
139
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]140void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]141SecTpmFile::deleteKeyPairInTpm(const Name& keyName)
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]142{
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]143 boost::filesystem::path publicKeyPath(m_impl->nameTransform(keyName.toUri(), ".pub"));
144 boost::filesystem::path privateKeyPath(m_impl->nameTransform(keyName.toUri(), ".pri"));
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]145
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]146 if (boost::filesystem::exists(publicKeyPath))
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]147 boost::filesystem::remove(publicKeyPath);
148
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]149 if (boost::filesystem::exists(privateKeyPath))
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]150 boost::filesystem::remove(privateKeyPath);
151}
152
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]153shared_ptr<PublicKey>
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]154SecTpmFile::getPublicKeyFromTpm(const Name& keyName)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]155{
156 string keyURI = keyName.toUri();
157
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]158 if (!doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]159 throw Error("Public Key does not exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]160
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]161 ostringstream os;
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]162 try
163 {
164 using namespace CryptoPP;
165 FileSource(m_impl->nameTransform(keyURI, ".pub").string().c_str(),
166 true,
167 new Base64Decoder(new FileSink(os)));
168 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]169 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]170 {
171 throw Error(e.what());
172 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]173
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]174 return make_shared<PublicKey>(reinterpret_cast<const uint8_t*>(os.str().c_str()),
175 os.str().size());
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]176}
177
178ConstBufferPtr
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]179SecTpmFile::exportPrivateKeyPkcs8FromTpm(const Name& keyName)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]180{
181 OBufferStream privateKeyOs;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]182 CryptoPP::FileSource(m_impl->nameTransform(keyName.toUri(), ".pri").string().c_str(), true,
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]183 new CryptoPP::Base64Decoder(new CryptoPP::FileSink(privateKeyOs)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]184
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]185 return privateKeyOs.buf();
186}
187
188bool
Yingdi Yu5e96e002014-04-23 18:32:15 -0700[diff] [blame]189SecTpmFile::importPrivateKeyPkcs8IntoTpm(const Name& keyName, const uint8_t* buf, size_t size)
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]190{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]191 try
192 {
193 using namespace CryptoPP;
194
195 string keyFileName = m_impl->maintainMapping(keyName.toUri());
196 keyFileName.append(".pri");
197 StringSource(buf, size,
198 true,
199 new Base64Encoder(new FileSink(keyFileName.c_str())));
200 return true;
201 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]202 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]203 {
204 return false;
205 }
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]206}
207
208bool
209SecTpmFile::importPublicKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size)
210{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]211 try
212 {
213 using namespace CryptoPP;
214
215 string keyFileName = m_impl->maintainMapping(keyName.toUri());
216 keyFileName.append(".pub");
217 StringSource(buf, size,
218 true,
219 new Base64Encoder(new FileSink(keyFileName.c_str())));
220 return true;
221 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]222 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]223 {
224 return false;
225 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]226}
227
228Block
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]229SecTpmFile::signInTpm(const uint8_t* data, size_t dataLength,
230 const Name& keyName, DigestAlgorithm digestAlgorithm)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]231{
232 string keyURI = keyName.toUri();
233
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]234 if (!doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]235 throw Error("private key doesn't exists");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]236
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]237 try
238 {
239 using namespace CryptoPP;
240 AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]241
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]242 //Read private key
243 ByteQueue bytes;
244 FileSource file(m_impl->nameTransform(keyURI, ".pri").string().c_str(),
245 true, new Base64Decoder);
246 file.TransferTo(bytes);
247 bytes.MessageEnd();
248 RSA::PrivateKey privateKey;
249 privateKey.Load(bytes);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]250
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]251 //Sign message
252 switch (digestAlgorithm)
253 {
254 case DIGEST_ALGORITHM_SHA256:
255 {
256 RSASS<PKCS1v15, SHA256>::Signer signer(privateKey);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]257
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]258 OBufferStream os;
259 StringSource(data, dataLength,
260 true,
261 new SignerFilter(rng, signer, new FileSink(os)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]262
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]263 return Block(Tlv::SignatureValue, os.buf());
264 }
265 default:
266 throw Error("Unsupported digest algorithm!");
267 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]268 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]269 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]270 {
271 throw Error(e.what());
272 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]273}
274
275
276ConstBufferPtr
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]277SecTpmFile::decryptInTpm(const uint8_t* data, size_t dataLength,
278 const Name& keyName, bool isSymmetric)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]279{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]280 throw Error("SecTpmFile::decryptInTpm is not supported!");
281 // string keyURI = keyName.toUri();
282 // if (!isSymmetric)
283 // {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]284 // if (!doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]285 // throw Error("private key doesn't exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]286
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]287 // try{
288 // using namespace CryptoPP;
289 // AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]290
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]291 // //Read private key
292 // ByteQueue bytes;
293 // FileSource file(m_impl->nameTransform(keyURI, ".pri").string().c_str(), true, new Base64Decoder);
294 // file.TransferTo(bytes);
295 // bytes.MessageEnd();
296 // RSA::PrivateKey privateKey;
297 // privateKey.Load(bytes);
298 // RSAES_PKCS1v15_Decryptor decryptor(privateKey);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]299
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]300 // OBufferStream os;
301 // StringSource(data, dataLength, true, new PK_DecryptorFilter(rng, decryptor, new FileSink(os)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]302
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]303 // return os.buf();
304 // }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]305 // catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]306 // throw Error(e.what());
307 // }
308 // }
309 // else
310 // {
311 // throw Error("Symmetric encryption is not implemented!");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]312 // // if (!doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]313 // // throw Error("symmetric key doesn't exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]314
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]315 // // try{
316 // // string keyBits;
317 // // string symKeyFileName = m_impl->nameTransform(keyURI, ".key");
318 // // FileSource(symKeyFileName, true, new HexDecoder(new StringSink(keyBits)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]319
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]320 // // using CryptoPP::AES;
321 // // AutoSeededRandomPool rnd;
322 // // byte iv[AES::BLOCKSIZE];
323 // // rnd.GenerateBlock(iv, AES::BLOCKSIZE);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]324
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]325 // // CFB_Mode<AES>::Decryption decryptor;
326 // // decryptor.SetKeyWithIV(reinterpret_cast<const uint8_t*>(keyBits.c_str()), keyBits.size(), iv);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]327
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]328 // // OBufferStream os;
329 // // StringSource(data, dataLength, true, new StreamTransformationFilter(decryptor,new FileSink(os)));
330 // // return os.buf();
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]331
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]332 // // }catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]333 // // throw Error(e.what());
334 // // }
335 // }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]336}
337
338ConstBufferPtr
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]339SecTpmFile::encryptInTpm(const uint8_t* data, size_t dataLength,
340 const Name& keyName, bool isSymmetric)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]341{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]342 throw Error("SecTpmFile::encryptInTpm is not supported!");
343 // string keyURI = keyName.toUri();
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]344
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]345 // if (!isSymmetric)
346 // {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]347 // if (!doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]348 // throw Error("public key doesn't exist");
349 // try
350 // {
351 // using namespace CryptoPP;
352 // AutoSeededRandomPool rng;
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]353
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]354 // //Read private key
355 // ByteQueue bytes;
356 // FileSource file(m_impl->nameTransform(keyURI, ".pub").string().c_str(), true, new Base64Decoder);
357 // file.TransferTo(bytes);
358 // bytes.MessageEnd();
359 // RSA::PublicKey publicKey;
360 // publicKey.Load(bytes);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]361
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]362 // OBufferStream os;
363 // RSAES_PKCS1v15_Encryptor encryptor(publicKey);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]364
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]365 // StringSource(data, dataLength, true, new PK_EncryptorFilter(rng, encryptor, new FileSink(os)));
366 // return os.buf();
367 // }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]368 // catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]369 // throw Error(e.what());
370 // }
371 // }
372 // else
373 // {
374 // throw Error("Symmetric encryption is not implemented!");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]375 // // if (!doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]376 // // throw Error("symmetric key doesn't exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]377
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]378 // // try{
379 // // string keyBits;
380 // // string symKeyFileName = m_impl->nameTransform(keyURI, ".key");
381 // // FileSource(symKeyFileName, true, new HexDecoder(new StringSink(keyBits)));
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]382
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]383 // // using CryptoPP::AES;
384 // // AutoSeededRandomPool rnd;
385 // // byte iv[AES::BLOCKSIZE];
386 // // rnd.GenerateBlock(iv, AES::BLOCKSIZE);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]387
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]388 // // CFB_Mode<AES>::Encryption encryptor;
389 // // encryptor.SetKeyWithIV(reinterpret_cast<const uint8_t*>(keyBits.c_str()), keyBits.size(), iv);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]390
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]391 // // OBufferStream os;
392 // // StringSource(data, dataLength, true, new StreamTransformationFilter(encryptor, new FileSink(os)));
393 // // return os.buf();
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]394 // // }catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]395 // // throw Error(e.what());
396 // // }
397 // }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]398}
399
400
401void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]402SecTpmFile::generateSymmetricKeyInTpm(const Name& keyName, KeyType keyType, int keySize)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]403{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]404 throw Error("SecTpmFile::generateSymmetricKeyInTpm is not supported!");
405 // string keyURI = keyName.toUri();
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]406
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]407 // if (doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]408 // throw Error("symmetric key exists");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]409
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]410 // string keyFileName = m_impl->maintainMapping(keyURI);
411 // string symKeyFileName = keyFileName + ".key";
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]412
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]413 // try{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]414 // switch (keyType){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]415 // case KEY_TYPE_AES:
416 // {
417 // using namespace CryptoPP;
418 // AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]419
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]420 // SecByteBlock key(0x00, keySize);
421 // rng.GenerateBlock(key, keySize);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]422
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]423 // StringSource(key, key.size(), true, new HexEncoder(new FileSink(symKeyFileName.c_str())));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]424
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]425 // chmod(symKeyFileName.c_str(), 0000400);
426 // return;
427 // }
428 // default:
429 // throw Error("Unsupported symmetric key type!");
430 // }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]431 // }catch (CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]432 // throw Error(e.what());
433 // }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]434}
435
436bool
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]437SecTpmFile::doesKeyExistInTpm(const Name& keyName, KeyClass keyClass)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]438{
439 string keyURI = keyName.toUri();
440 if (keyClass == KEY_CLASS_PUBLIC)
441 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]442 if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".pub")))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]443 return true;
444 else
445 return false;
446 }
447 if (keyClass == KEY_CLASS_PRIVATE)
448 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]449 if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".pri")))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]450 return true;
451 else
452 return false;
453 }
454 if (keyClass == KEY_CLASS_SYMMETRIC)
455 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame]456 if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".key")))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]457 return true;
458 else
459 return false;
460 }
461 return false;
462}
463
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]464bool
465SecTpmFile::generateRandomBlock(uint8_t* res, size_t size)
466{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]467 try
468 {
469 CryptoPP::AutoSeededRandomPool rng;
470 rng.GenerateBlock(res, size);
471 return true;
472 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]473 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]474 {
475 return false;
476 }
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]477}
478
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]479} // namespace ndn