Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / dfa52c4400de8a576ea8b206135020cabe8d158d / . / src / security / sec-tpm-memory.cpp
blob: 990247d9a5c4e4d2ac0141f372e50d0b0819ec99 [file] [log] [blame]
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/**
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame^]3 * Copyright (c) 2013-2014, Regents of the University of California.
4 * All rights reserved.
5 *
6 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
7 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
8 *
9 * This file licensed under New BSD License. See COPYING for detailed information about
10 * ndn-cxx library copyright, permissions, and redistribution restrictions.
11 *
12 * @author Jeff Thompson <jefft0@remap.ucla.edu>
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]13 */
14
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]15#include "common.hpp"
16
17#include "sec-tpm-memory.hpp"
18#include "public-key.hpp"
19
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]20#include "openssl.hpp"
Junxiao Shi482ccc52014-03-31 13:05:24 -0700[diff] [blame]21#include "cryptopp.hpp"
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]22
23using namespace std;
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]24
25namespace ndn {
26
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]27/**
28 * RsaPrivateKey is a simple class to hold an RSA private key.
29 */
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]30class SecTpmMemory::RsaPrivateKey
31{
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]32public:
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]33 RsaPrivateKey(const uint8_t* keyDer, size_t keyDerLength)
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]34 {
35 // Use a temporary pointer since d2i updates it.
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]36 const uint8_t* derPointer = keyDer;
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]37 m_privateKey = d2i_RSAPrivateKey(NULL, &derPointer, keyDerLength);
38 if (!m_privateKey)
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]39 throw Error("RsaPrivateKey constructor: Error decoding private key DER");
40 }
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]41
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]42 ~RsaPrivateKey()
43 {
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]44 if (m_privateKey)
45 RSA_free(m_privateKey);
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]46 }
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]47
48 rsa_st*
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]49 getPrivateKey()
50 {
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]51 return m_privateKey;
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]52 }
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]53
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]54private:
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]55 rsa_st* m_privateKey;
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]56};
57
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]58SecTpmMemory::~SecTpmMemory()
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]59{
60}
61
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]62void
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]63SecTpmMemory::setKeyPairForKeyName(const Name& keyName,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]64 const uint8_t* publicKeyDer, size_t publicKeyDerLength,
65 const uint8_t* privateKeyDer, size_t privateKeyDerLength)
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]66{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]67 m_publicKeyStore[keyName.toUri()] = make_shared<PublicKey>(publicKeyDer, publicKeyDerLength);
68 m_privateKeyStore[keyName.toUri()] = make_shared<RsaPrivateKey>(privateKeyDer,
69 privateKeyDerLength);
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]70}
71
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]72void
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]73SecTpmMemory::generateKeyPairInTpm(const Name& keyName, KeyType keyType, int keySize)
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]74{
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]75 throw Error("SecTpmMemory::generateKeyPair not implemented");
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]76}
77
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]78void
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]79SecTpmMemory::deleteKeyPairInTpm(const Name& keyName)
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]80{
81 throw Error("SecTpmMemory::deleteKeyPairInTpm not implemented");
82}
83
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]84ConstBufferPtr
85SecTpmMemory::exportPrivateKeyPkcs1FromTpm(const Name& keyName)
86{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]87 return shared_ptr<Buffer>();
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]88}
89
90bool
91SecTpmMemory::importPrivateKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size)
92{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]93 return false;
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]94}
95
96bool
97SecTpmMemory::importPublicKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size)
98{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]99 return false;
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]100}
101
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]102shared_ptr<PublicKey>
Yingdi Yu87581582014-01-14 14:28:39 -0800[diff] [blame]103SecTpmMemory::getPublicKeyFromTpm(const Name& keyName)
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]104{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]105 PublicKeyStore::iterator publicKey = m_publicKeyStore.find(keyName.toUri());
106 if (publicKey == m_publicKeyStore.end())
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]107 throw Error(string("MemoryPrivateKeyStorage: Cannot find public key ") + keyName.toUri());
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]108 return publicKey->second;
109}
110
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]111Block
112SecTpmMemory::signInTpm(const uint8_t* data, size_t dataLength,
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]113 const Name& keyName,
114 DigestAlgorithm digestAlgorithm)
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]115{
116 if (digestAlgorithm != DIGEST_ALGORITHM_SHA256)
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]117 throw Error("Unsupported digest algorithm.");
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]118
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]119 // Find the private key and sign.
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]120 PrivateKeyStore::iterator privateKey = m_privateKeyStore.find(keyName.toUri());
121 if (privateKey == m_privateKeyStore.end())
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]122 throw Error(string("MemoryPrivateKeyStorage: Cannot find private key ") + keyName.toUri());
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]123
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]124 uint8_t digest[SHA256_DIGEST_LENGTH];
125 SHA256_CTX sha256;
126 SHA256_Init(&sha256);
127 SHA256_Update(&sha256, data, dataLength);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]128 SHA256_Final(digest,& sha256);
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]129
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]130 BufferPtr signatureBuffer = make_shared<Buffer>();
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]131 signatureBuffer->resize(RSA_size(privateKey->second->getPrivateKey()));
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]132
133 unsigned int signatureBitsLength;
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]134 if (!RSA_sign(NID_sha256, digest, sizeof(digest),
135 signatureBuffer->buf(),
136 &signatureBitsLength,
137 privateKey->second->getPrivateKey()))
138 {
139 throw Error("Error in RSA_sign");
140 }
141
142 return Block(Tlv::SignatureValue, signatureBuffer);
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]143}
144
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]145ConstBufferPtr
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]146SecTpmMemory::decryptInTpm(const uint8_t* data, size_t dataLength,
147 const Name& keyName, bool isSymmetric)
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]148{
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]149 throw Error("MemoryPrivateKeyStorage::decrypt not implemented");
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]150}
151
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]152ConstBufferPtr
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]153SecTpmMemory::encryptInTpm(const uint8_t* data, size_t dataLength,
154 const Name& keyName, bool isSymmetric)
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]155{
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]156 throw Error("MemoryPrivateKeyStorage::encrypt not implemented");
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]157}
158
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]159void
Yingdi Yub4bb85a2014-01-16 10:11:04 -0800[diff] [blame]160SecTpmMemory::generateSymmetricKeyInTpm(const Name& keyName, KeyType keyType, int keySize)
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]161{
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]162 throw Error("MemoryPrivateKeyStorage::generateKey not implemented");
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]163}
164
165bool
Yingdi Yub4bb85a2014-01-16 10:11:04 -0800[diff] [blame]166SecTpmMemory::doesKeyExistInTpm(const Name& keyName, KeyClass keyClass)
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]167{
168 if (keyClass == KEY_CLASS_PUBLIC)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]169 return m_publicKeyStore.find(keyName.toUri()) != m_publicKeyStore.end();
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]170 else if (keyClass == KEY_CLASS_PRIVATE)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]171 return m_privateKeyStore.find(keyName.toUri()) != m_privateKeyStore.end();
Jeff Thompson6c314bc2013-09-23 18:09:38 -0700[diff] [blame]172 else
173 // KEY_CLASS_SYMMETRIC not implemented yet.
174 return false;
175}
176
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]177bool
178SecTpmMemory::generateRandomBlock(uint8_t* res, size_t size)
179{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]180 try
181 {
182 CryptoPP::AutoSeededRandomPool rng;
183 rng.GenerateBlock(res, size);
184 return true;
185 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]186 catch (CryptoPP::Exception& e)
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]187 {
188 return false;
189 }
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]190}
191
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]192} // namespace ndn