Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
| 2 | /** |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame^] | 3 | * Copyright (c) 2013-2014, Regents of the University of California. |
| 4 | * All rights reserved. |
| 5 | * |
| 6 | * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions). |
| 7 | * See AUTHORS.md for complete list of ndn-cxx authors and contributors. |
| 8 | * |
| 9 | * This file licensed under New BSD License. See COPYING for detailed information about |
| 10 | * ndn-cxx library copyright, permissions, and redistribution restrictions. |
| 11 | * |
| 12 | * @author Xingyu Ma <http://www.linkedin.com/pub/xingyu-ma/1a/384/5a8> |
| 13 | * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/> |
| 14 | * @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html> |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 15 | */ |
| 16 | |
Alexander Afanasyev | e2dcdfd | 2014-02-07 15:53:28 -0800 | [diff] [blame] | 17 | #include "common.hpp" |
Yingdi Yu | 0402092 | 2014-01-22 12:46:53 -0800 | [diff] [blame] | 18 | |
Alexander Afanasyev | e2dcdfd | 2014-02-07 15:53:28 -0800 | [diff] [blame] | 19 | #include "sec-tpm-file.hpp" |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 20 | |
| 21 | #include <boost/filesystem.hpp> |
| 22 | #include <boost/algorithm/string.hpp> |
| 23 | |
Junxiao Shi | 482ccc5 | 2014-03-31 13:05:24 -0700 | [diff] [blame] | 24 | #include "cryptopp.hpp" |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 25 | |
| 26 | #include <sys/types.h> |
| 27 | #include <sys/stat.h> |
| 28 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 29 | #include <algorithm> |
| 30 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 31 | using namespace std; |
| 32 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 33 | namespace ndn { |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 34 | |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 35 | class SecTpmFile::Impl |
| 36 | { |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 37 | public: |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 38 | Impl(const string& dir) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 39 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 40 | if (dir.empty()) |
Yingdi Yu | 37e317f | 2014-03-19 12:16:23 -0700 | [diff] [blame] | 41 | m_keystorePath = boost::filesystem::path(getenv("HOME")) / ".ndn" / "ndnsec-tpm-file"; |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 42 | else |
| 43 | m_keystorePath = dir; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 44 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 45 | boost::filesystem::create_directories (m_keystorePath); |
| 46 | } |
| 47 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 48 | boost::filesystem::path |
| 49 | nameTransform(const string& keyName, const string& extension) |
| 50 | { |
| 51 | using namespace CryptoPP; |
| 52 | string digest; |
| 53 | SHA256 hash; |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 54 | StringSource src(keyName, |
| 55 | true, |
| 56 | new HashFilter(hash, |
| 57 | new Base64Encoder(new CryptoPP::StringSink(digest)))); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 58 | |
| 59 | boost::algorithm::trim(digest); |
| 60 | std::replace(digest.begin(), digest.end(), '/', '%'); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 61 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 62 | return m_keystorePath / (digest + extension); |
| 63 | } |
| 64 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 65 | string |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 66 | maintainMapping(const string& keyName) |
| 67 | { |
| 68 | string keyFileName = nameTransform(keyName, "").string(); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 69 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 70 | ofstream outfile; |
| 71 | string dirFile = (m_keystorePath / "mapping.txt").string(); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 72 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 73 | outfile.open(dirFile.c_str(), std::ios_base::app); |
| 74 | outfile << keyName << ' ' << keyFileName << '\n'; |
| 75 | outfile.close(); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 76 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 77 | return keyFileName; |
| 78 | } |
| 79 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 80 | public: |
| 81 | boost::filesystem::path m_keystorePath; |
| 82 | }; |
| 83 | |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 84 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 85 | SecTpmFile::SecTpmFile(const string& dir) |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 86 | : m_impl(new Impl(dir)) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 87 | , m_inTerminal(false) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 88 | {} |
| 89 | |
| 90 | void |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 91 | SecTpmFile::generateKeyPairInTpm(const Name& keyName, KeyType keyType, int keySize) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 92 | { |
| 93 | string keyURI = keyName.toUri(); |
| 94 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 95 | if (doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC)) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 96 | throw Error("public key exists"); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 97 | if (doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE)) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 98 | throw Error("private key exists"); |
| 99 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 100 | string keyFileName = m_impl->maintainMapping(keyURI); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 101 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 102 | try |
| 103 | { |
| 104 | switch (keyType) |
| 105 | { |
| 106 | case KEY_TYPE_RSA: |
| 107 | { |
| 108 | using namespace CryptoPP; |
| 109 | AutoSeededRandomPool rng; |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 110 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 111 | InvertibleRSAFunction privateKey; |
| 112 | privateKey.Initialize(rng, keySize); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 113 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 114 | string privateKeyFileName = keyFileName + ".pri"; |
| 115 | Base64Encoder privateKeySink(new FileSink(privateKeyFileName.c_str())); |
| 116 | privateKey.DEREncode(privateKeySink); |
| 117 | privateKeySink.MessageEnd(); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 118 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 119 | RSAFunction publicKey(privateKey); |
| 120 | string publicKeyFileName = keyFileName + ".pub"; |
| 121 | Base64Encoder publicKeySink(new FileSink(publicKeyFileName.c_str())); |
| 122 | publicKey.DEREncode(publicKeySink); |
| 123 | publicKeySink.MessageEnd(); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 124 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 125 | /*set file permission*/ |
| 126 | chmod(privateKeyFileName.c_str(), 0000400); |
| 127 | chmod(publicKeyFileName.c_str(), 0000444); |
| 128 | return; |
| 129 | } |
| 130 | default: |
| 131 | throw Error("Unsupported key type!"); |
| 132 | } |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 133 | } |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 134 | catch (CryptoPP::Exception& e) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 135 | { |
| 136 | throw Error(e.what()); |
| 137 | } |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 138 | } |
| 139 | |
Yingdi Yu | 28fd32f | 2014-01-28 19:03:03 -0800 | [diff] [blame] | 140 | void |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 141 | SecTpmFile::deleteKeyPairInTpm(const Name& keyName) |
Yingdi Yu | 28fd32f | 2014-01-28 19:03:03 -0800 | [diff] [blame] | 142 | { |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 143 | boost::filesystem::path publicKeyPath(m_impl->nameTransform(keyName.toUri(), ".pub")); |
| 144 | boost::filesystem::path privateKeyPath(m_impl->nameTransform(keyName.toUri(), ".pri")); |
Yingdi Yu | 28fd32f | 2014-01-28 19:03:03 -0800 | [diff] [blame] | 145 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 146 | if (boost::filesystem::exists(publicKeyPath)) |
Yingdi Yu | 28fd32f | 2014-01-28 19:03:03 -0800 | [diff] [blame] | 147 | boost::filesystem::remove(publicKeyPath); |
| 148 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 149 | if (boost::filesystem::exists(privateKeyPath)) |
Yingdi Yu | 28fd32f | 2014-01-28 19:03:03 -0800 | [diff] [blame] | 150 | boost::filesystem::remove(privateKeyPath); |
| 151 | } |
| 152 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 153 | shared_ptr<PublicKey> |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 154 | SecTpmFile::getPublicKeyFromTpm(const Name& keyName) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 155 | { |
| 156 | string keyURI = keyName.toUri(); |
| 157 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 158 | if (!doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC)) |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 159 | throw Error("Public Key does not exist"); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 160 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 161 | ostringstream os; |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 162 | try |
| 163 | { |
| 164 | using namespace CryptoPP; |
| 165 | FileSource(m_impl->nameTransform(keyURI, ".pub").string().c_str(), |
| 166 | true, |
| 167 | new Base64Decoder(new FileSink(os))); |
| 168 | } |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 169 | catch (CryptoPP::Exception& e) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 170 | { |
| 171 | throw Error(e.what()); |
| 172 | } |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 173 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 174 | return make_shared<PublicKey>(reinterpret_cast<const uint8_t*>(os.str().c_str()), |
| 175 | os.str().size()); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 176 | } |
| 177 | |
| 178 | ConstBufferPtr |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 179 | SecTpmFile::exportPrivateKeyPkcs8FromTpm(const Name& keyName) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 180 | { |
| 181 | OBufferStream privateKeyOs; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 182 | CryptoPP::FileSource(m_impl->nameTransform(keyName.toUri(), ".pri").string().c_str(), true, |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 183 | new CryptoPP::Base64Decoder(new CryptoPP::FileSink(privateKeyOs))); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 184 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 185 | return privateKeyOs.buf(); |
| 186 | } |
| 187 | |
| 188 | bool |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 189 | SecTpmFile::importPrivateKeyPkcs8IntoTpm(const Name& keyName, const uint8_t* buf, size_t size) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 190 | { |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 191 | try |
| 192 | { |
| 193 | using namespace CryptoPP; |
| 194 | |
| 195 | string keyFileName = m_impl->maintainMapping(keyName.toUri()); |
| 196 | keyFileName.append(".pri"); |
| 197 | StringSource(buf, size, |
| 198 | true, |
| 199 | new Base64Encoder(new FileSink(keyFileName.c_str()))); |
| 200 | return true; |
| 201 | } |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 202 | catch (CryptoPP::Exception& e) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 203 | { |
| 204 | return false; |
| 205 | } |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 206 | } |
| 207 | |
| 208 | bool |
| 209 | SecTpmFile::importPublicKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size) |
| 210 | { |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 211 | try |
| 212 | { |
| 213 | using namespace CryptoPP; |
| 214 | |
| 215 | string keyFileName = m_impl->maintainMapping(keyName.toUri()); |
| 216 | keyFileName.append(".pub"); |
| 217 | StringSource(buf, size, |
| 218 | true, |
| 219 | new Base64Encoder(new FileSink(keyFileName.c_str()))); |
| 220 | return true; |
| 221 | } |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 222 | catch (CryptoPP::Exception& e) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 223 | { |
| 224 | return false; |
| 225 | } |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 226 | } |
| 227 | |
| 228 | Block |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 229 | SecTpmFile::signInTpm(const uint8_t* data, size_t dataLength, |
| 230 | const Name& keyName, DigestAlgorithm digestAlgorithm) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 231 | { |
| 232 | string keyURI = keyName.toUri(); |
| 233 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 234 | if (!doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE)) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 235 | throw Error("private key doesn't exists"); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 236 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 237 | try |
| 238 | { |
| 239 | using namespace CryptoPP; |
| 240 | AutoSeededRandomPool rng; |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 241 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 242 | //Read private key |
| 243 | ByteQueue bytes; |
| 244 | FileSource file(m_impl->nameTransform(keyURI, ".pri").string().c_str(), |
| 245 | true, new Base64Decoder); |
| 246 | file.TransferTo(bytes); |
| 247 | bytes.MessageEnd(); |
| 248 | RSA::PrivateKey privateKey; |
| 249 | privateKey.Load(bytes); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 250 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 251 | //Sign message |
| 252 | switch (digestAlgorithm) |
| 253 | { |
| 254 | case DIGEST_ALGORITHM_SHA256: |
| 255 | { |
| 256 | RSASS<PKCS1v15, SHA256>::Signer signer(privateKey); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 257 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 258 | OBufferStream os; |
| 259 | StringSource(data, dataLength, |
| 260 | true, |
| 261 | new SignerFilter(rng, signer, new FileSink(os))); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 262 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 263 | return Block(Tlv::SignatureValue, os.buf()); |
| 264 | } |
| 265 | default: |
| 266 | throw Error("Unsupported digest algorithm!"); |
| 267 | } |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 268 | } |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 269 | catch (CryptoPP::Exception& e) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 270 | { |
| 271 | throw Error(e.what()); |
| 272 | } |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 273 | } |
| 274 | |
| 275 | |
| 276 | ConstBufferPtr |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 277 | SecTpmFile::decryptInTpm(const uint8_t* data, size_t dataLength, |
| 278 | const Name& keyName, bool isSymmetric) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 279 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 280 | throw Error("SecTpmFile::decryptInTpm is not supported!"); |
| 281 | // string keyURI = keyName.toUri(); |
| 282 | // if (!isSymmetric) |
| 283 | // { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 284 | // if (!doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 285 | // throw Error("private key doesn't exist"); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 286 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 287 | // try{ |
| 288 | // using namespace CryptoPP; |
| 289 | // AutoSeededRandomPool rng; |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 290 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 291 | // //Read private key |
| 292 | // ByteQueue bytes; |
| 293 | // FileSource file(m_impl->nameTransform(keyURI, ".pri").string().c_str(), true, new Base64Decoder); |
| 294 | // file.TransferTo(bytes); |
| 295 | // bytes.MessageEnd(); |
| 296 | // RSA::PrivateKey privateKey; |
| 297 | // privateKey.Load(bytes); |
| 298 | // RSAES_PKCS1v15_Decryptor decryptor(privateKey); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 299 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 300 | // OBufferStream os; |
| 301 | // StringSource(data, dataLength, true, new PK_DecryptorFilter(rng, decryptor, new FileSink(os))); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 302 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 303 | // return os.buf(); |
| 304 | // } |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 305 | // catch (CryptoPP::Exception& e){ |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 306 | // throw Error(e.what()); |
| 307 | // } |
| 308 | // } |
| 309 | // else |
| 310 | // { |
| 311 | // throw Error("Symmetric encryption is not implemented!"); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 312 | // // if (!doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 313 | // // throw Error("symmetric key doesn't exist"); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 314 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 315 | // // try{ |
| 316 | // // string keyBits; |
| 317 | // // string symKeyFileName = m_impl->nameTransform(keyURI, ".key"); |
| 318 | // // FileSource(symKeyFileName, true, new HexDecoder(new StringSink(keyBits))); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 319 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 320 | // // using CryptoPP::AES; |
| 321 | // // AutoSeededRandomPool rnd; |
| 322 | // // byte iv[AES::BLOCKSIZE]; |
| 323 | // // rnd.GenerateBlock(iv, AES::BLOCKSIZE); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 324 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 325 | // // CFB_Mode<AES>::Decryption decryptor; |
| 326 | // // decryptor.SetKeyWithIV(reinterpret_cast<const uint8_t*>(keyBits.c_str()), keyBits.size(), iv); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 327 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 328 | // // OBufferStream os; |
| 329 | // // StringSource(data, dataLength, true, new StreamTransformationFilter(decryptor,new FileSink(os))); |
| 330 | // // return os.buf(); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 331 | |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 332 | // // }catch (CryptoPP::Exception& e){ |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 333 | // // throw Error(e.what()); |
| 334 | // // } |
| 335 | // } |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 336 | } |
| 337 | |
| 338 | ConstBufferPtr |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 339 | SecTpmFile::encryptInTpm(const uint8_t* data, size_t dataLength, |
| 340 | const Name& keyName, bool isSymmetric) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 341 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 342 | throw Error("SecTpmFile::encryptInTpm is not supported!"); |
| 343 | // string keyURI = keyName.toUri(); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 344 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 345 | // if (!isSymmetric) |
| 346 | // { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 347 | // if (!doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 348 | // throw Error("public key doesn't exist"); |
| 349 | // try |
| 350 | // { |
| 351 | // using namespace CryptoPP; |
| 352 | // AutoSeededRandomPool rng; |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 353 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 354 | // //Read private key |
| 355 | // ByteQueue bytes; |
| 356 | // FileSource file(m_impl->nameTransform(keyURI, ".pub").string().c_str(), true, new Base64Decoder); |
| 357 | // file.TransferTo(bytes); |
| 358 | // bytes.MessageEnd(); |
| 359 | // RSA::PublicKey publicKey; |
| 360 | // publicKey.Load(bytes); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 361 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 362 | // OBufferStream os; |
| 363 | // RSAES_PKCS1v15_Encryptor encryptor(publicKey); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 364 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 365 | // StringSource(data, dataLength, true, new PK_EncryptorFilter(rng, encryptor, new FileSink(os))); |
| 366 | // return os.buf(); |
| 367 | // } |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 368 | // catch (CryptoPP::Exception& e){ |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 369 | // throw Error(e.what()); |
| 370 | // } |
| 371 | // } |
| 372 | // else |
| 373 | // { |
| 374 | // throw Error("Symmetric encryption is not implemented!"); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 375 | // // if (!doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 376 | // // throw Error("symmetric key doesn't exist"); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 377 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 378 | // // try{ |
| 379 | // // string keyBits; |
| 380 | // // string symKeyFileName = m_impl->nameTransform(keyURI, ".key"); |
| 381 | // // FileSource(symKeyFileName, true, new HexDecoder(new StringSink(keyBits))); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 382 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 383 | // // using CryptoPP::AES; |
| 384 | // // AutoSeededRandomPool rnd; |
| 385 | // // byte iv[AES::BLOCKSIZE]; |
| 386 | // // rnd.GenerateBlock(iv, AES::BLOCKSIZE); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 387 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 388 | // // CFB_Mode<AES>::Encryption encryptor; |
| 389 | // // encryptor.SetKeyWithIV(reinterpret_cast<const uint8_t*>(keyBits.c_str()), keyBits.size(), iv); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 390 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 391 | // // OBufferStream os; |
| 392 | // // StringSource(data, dataLength, true, new StreamTransformationFilter(encryptor, new FileSink(os))); |
| 393 | // // return os.buf(); |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 394 | // // }catch (CryptoPP::Exception& e){ |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 395 | // // throw Error(e.what()); |
| 396 | // // } |
| 397 | // } |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 398 | } |
| 399 | |
| 400 | |
| 401 | void |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 402 | SecTpmFile::generateSymmetricKeyInTpm(const Name& keyName, KeyType keyType, int keySize) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 403 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 404 | throw Error("SecTpmFile::generateSymmetricKeyInTpm is not supported!"); |
| 405 | // string keyURI = keyName.toUri(); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 406 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 407 | // if (doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 408 | // throw Error("symmetric key exists"); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 409 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 410 | // string keyFileName = m_impl->maintainMapping(keyURI); |
| 411 | // string symKeyFileName = keyFileName + ".key"; |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 412 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 413 | // try{ |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 414 | // switch (keyType){ |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 415 | // case KEY_TYPE_AES: |
| 416 | // { |
| 417 | // using namespace CryptoPP; |
| 418 | // AutoSeededRandomPool rng; |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 419 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 420 | // SecByteBlock key(0x00, keySize); |
| 421 | // rng.GenerateBlock(key, keySize); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 422 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 423 | // StringSource(key, key.size(), true, new HexEncoder(new FileSink(symKeyFileName.c_str()))); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 424 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 425 | // chmod(symKeyFileName.c_str(), 0000400); |
| 426 | // return; |
| 427 | // } |
| 428 | // default: |
| 429 | // throw Error("Unsupported symmetric key type!"); |
| 430 | // } |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 431 | // }catch (CryptoPP::Exception& e){ |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 432 | // throw Error(e.what()); |
| 433 | // } |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 434 | } |
| 435 | |
| 436 | bool |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 437 | SecTpmFile::doesKeyExistInTpm(const Name& keyName, KeyClass keyClass) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 438 | { |
| 439 | string keyURI = keyName.toUri(); |
| 440 | if (keyClass == KEY_CLASS_PUBLIC) |
| 441 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 442 | if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".pub"))) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 443 | return true; |
| 444 | else |
| 445 | return false; |
| 446 | } |
| 447 | if (keyClass == KEY_CLASS_PRIVATE) |
| 448 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 449 | if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".pri"))) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 450 | return true; |
| 451 | else |
| 452 | return false; |
| 453 | } |
| 454 | if (keyClass == KEY_CLASS_SYMMETRIC) |
| 455 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 456 | if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".key"))) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 457 | return true; |
| 458 | else |
| 459 | return false; |
| 460 | } |
| 461 | return false; |
| 462 | } |
| 463 | |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 464 | bool |
| 465 | SecTpmFile::generateRandomBlock(uint8_t* res, size_t size) |
| 466 | { |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 467 | try |
| 468 | { |
| 469 | CryptoPP::AutoSeededRandomPool rng; |
| 470 | rng.GenerateBlock(res, size); |
| 471 | return true; |
| 472 | } |
Alexander Afanasyev | 2a7f720 | 2014-04-23 14:25:29 -0700 | [diff] [blame] | 473 | catch (CryptoPP::Exception& e) |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 474 | { |
| 475 | return false; |
| 476 | } |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 477 | } |
| 478 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 479 | } // namespace ndn |