Jeff Thompson | 25b4e61 | 2013-10-10 16:03:24 -0700 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 2 | /** |
Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 3 | * Copyright (C) 2013 Regents of the University of California. |
Jeff Thompson | 06e787d | 2013-09-12 19:00:55 -0700 | [diff] [blame] | 4 | * @author: Yingdi Yu <yingdi@cs.ucla.edu> |
Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 5 | * @author: Jeff Thompson <jefft0@remap.ucla.edu> |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 6 | * See COPYING for copyright and distribution information. |
| 7 | */ |
| 8 | |
Jeff Thompson | d63baba | 2013-10-18 17:47:58 -0700 | [diff] [blame] | 9 | #include <ndn-cpp/ndn-cpp-config.h> |
| 10 | #if NDN_CPP_HAVE_TIME_H |
| 11 | #include <time.h> |
| 12 | #endif |
| 13 | #if NDN_CPP_HAVE_SYS_TIME_H |
| 14 | #include <sys/time.h> |
| 15 | #endif |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 16 | #include <ctime> |
| 17 | #include <fstream> |
Jeff Thompson | db68689 | 2013-10-18 17:16:31 -0700 | [diff] [blame] | 18 | #include <math.h> |
Jeff Thompson | 71b2f87 | 2013-12-17 12:03:17 -0800 | [diff] [blame] | 19 | #include <ndn-cpp/key-locator.hpp> |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 20 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 21 | #include "../../util/logging.hpp" |
Jeff Thompson | db68689 | 2013-10-18 17:16:31 -0700 | [diff] [blame] | 22 | #include "../../c/util/time.h" |
Jeff Thompson | 25b4e61 | 2013-10-10 16:03:24 -0700 | [diff] [blame] | 23 | #include <ndn-cpp/security/identity/identity-manager.hpp> |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 24 | #include "../certificate/identity-certificate.hpp" |
| 25 | #include "../signature/signature-sha256-with-rsa.hpp" |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 26 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 27 | INIT_LOGGER("ndn.security.IdentityManager") |
| 28 | |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 29 | using namespace std; |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 30 | |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 31 | namespace ndn { |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 32 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 33 | IdentityManager::IdentityManager(const ptr_lib::shared_ptr<IdentityStorage> &identityStorage /* = DefaultIdentityStorage */, |
| 34 | const ptr_lib::shared_ptr<PrivateKeyStorage> &privateKeyStorage /* = DefaultPrivateKeyStorage */) |
| 35 | : identityStorage_(identityStorage) |
| 36 | , privateKeyStorage_(privateKeyStorage) |
| 37 | { |
| 38 | } |
| 39 | |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 40 | Name |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 41 | IdentityManager::createIdentity(const Name& identityName) |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 42 | { |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 43 | if (!info().doesIdentityExist(identityName)) { |
| 44 | _LOG_DEBUG("Create Identity"); |
| 45 | info().addIdentity(identityName); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 46 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 47 | _LOG_DEBUG("Create Default RSA key pair"); |
| 48 | Name keyName = generateRSAKeyPairAsDefault(identityName, true); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 49 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 50 | _LOG_DEBUG("Create self-signed certificate"); |
| 51 | ptr_lib::shared_ptr<IdentityCertificate> selfCert = selfSign(keyName); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 52 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 53 | _LOG_DEBUG("Add self-signed certificate as default"); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 54 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 55 | addCertificateAsDefault(*selfCert); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 56 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 57 | return keyName; |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 58 | } |
| 59 | else |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 60 | throw Error("Identity has already been created!"); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 61 | } |
| 62 | |
| 63 | Name |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 64 | IdentityManager::generateKeyPair(const Name& identityName, bool isKsk, KeyType keyType, int keySize) |
| 65 | { |
| 66 | _LOG_DEBUG("Get new key ID"); |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 67 | Name keyName = info().getNewKeyName(identityName, isKsk); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 68 | |
| 69 | _LOG_DEBUG("Generate key pair in private storage"); |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 70 | tpm().generateKeyPair(keyName.toUri(), keyType, keySize); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 71 | |
| 72 | _LOG_DEBUG("Create a key record in public storage"); |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 73 | ptr_lib::shared_ptr<PublicKey> pubKey = tpm().getPublicKey(keyName.toUri()); |
| 74 | info().addKey(keyName, keyType, *pubKey); |
Jeff Thompson | 418b05a | 2013-10-22 17:48:54 -0700 | [diff] [blame] | 75 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 76 | return keyName; |
| 77 | } |
| 78 | |
| 79 | Name |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 80 | IdentityManager::generateRSAKeyPair(const Name& identityName, bool isKsk, int keySize) |
| 81 | { |
| 82 | Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize); |
Jeff Thompson | 418b05a | 2013-10-22 17:48:54 -0700 | [diff] [blame] | 83 | |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 84 | return keyName; |
| 85 | } |
| 86 | |
| 87 | Name |
| 88 | IdentityManager::generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk, int keySize) |
| 89 | { |
Alexander Afanasyev | e64788e | 2014-01-05 22:38:21 -0800 | [diff] [blame] | 90 | defaultCertificate_.reset(); |
| 91 | |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 92 | Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 93 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 94 | info().setDefaultKeyNameForIdentity(keyName, identityName); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 95 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 96 | return keyName; |
| 97 | } |
| 98 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 99 | ptr_lib::shared_ptr<IdentityCertificate> |
Jeff Thompson | 418b05a | 2013-10-22 17:48:54 -0700 | [diff] [blame] | 100 | IdentityManager::createIdentityCertificate(const Name& certificatePrefix, |
| 101 | const Name& signerCertificateName, |
| 102 | const MillisecondsSince1970& notBefore, |
| 103 | const MillisecondsSince1970& notAfter) |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 104 | { |
Jeff Thompson | 418b05a | 2013-10-22 17:48:54 -0700 | [diff] [blame] | 105 | Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix); |
Alexander Afanasyev | e64788e | 2014-01-05 22:38:21 -0800 | [diff] [blame] | 106 | |
| 107 | ptr_lib::shared_ptr<PublicKey> pubKey = info().getKey(keyName); |
| 108 | if (!pubKey) |
| 109 | throw Error("Requested public key [" + keyName.toUri() + "] doesn't exist"); |
Jeff Thompson | 418b05a | 2013-10-22 17:48:54 -0700 | [diff] [blame] | 110 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 111 | ptr_lib::shared_ptr<IdentityCertificate> certificate = |
| 112 | createIdentityCertificate(certificatePrefix, |
Alexander Afanasyev | e64788e | 2014-01-05 22:38:21 -0800 | [diff] [blame] | 113 | *pubKey, |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 114 | signerCertificateName, |
| 115 | notBefore, notAfter); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 116 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 117 | info().addCertificate(*certificate); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 118 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 119 | return certificate; |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 120 | } |
| 121 | |
| 122 | ptr_lib::shared_ptr<IdentityCertificate> |
Jeff Thompson | 418b05a | 2013-10-22 17:48:54 -0700 | [diff] [blame] | 123 | IdentityManager::createIdentityCertificate(const Name& certificatePrefix, |
| 124 | const PublicKey& publicKey, |
| 125 | const Name& signerCertificateName, |
| 126 | const MillisecondsSince1970& notBefore, |
| 127 | const MillisecondsSince1970& notAfter) |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 128 | { |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 129 | ptr_lib::shared_ptr<IdentityCertificate> certificate (new IdentityCertificate()); |
Jeff Thompson | 418b05a | 2013-10-22 17:48:54 -0700 | [diff] [blame] | 130 | Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 131 | |
Jeff Thompson | 418b05a | 2013-10-22 17:48:54 -0700 | [diff] [blame] | 132 | Name certificateName = certificatePrefix; |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 133 | certificateName.append("ID-CERT").appendVersion(); |
Jeff Thompson | 418b05a | 2013-10-22 17:48:54 -0700 | [diff] [blame] | 134 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 135 | certificate->setName(certificateName); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 136 | certificate->setNotBefore(notBefore); |
| 137 | certificate->setNotAfter(notAfter); |
| 138 | certificate->setPublicKeyInfo(publicKey); |
Jeff Thompson | db68689 | 2013-10-18 17:16:31 -0700 | [diff] [blame] | 139 | certificate->addSubjectDescription(CertificateSubjectDescription("2.5.4.41", keyName.toUri())); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 140 | certificate->encode(); |
| 141 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 142 | signByCertificate(*certificate, signerCertificateName); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 143 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 144 | return certificate; |
| 145 | } |
| 146 | |
| 147 | ptr_lib::shared_ptr<IdentityCertificate> |
| 148 | IdentityManager::selfSign(const Name& keyName) |
| 149 | { |
| 150 | ptr_lib::shared_ptr<IdentityCertificate> certificate(new IdentityCertificate()); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 151 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 152 | Name certificateName = keyName.getSubName(0, keyName.size() - 1); |
| 153 | certificateName.append("KEY").append(keyName.get(keyName.size() - 1)).append("ID-CERT").appendVersion(); |
Alexander Afanasyev | e64788e | 2014-01-05 22:38:21 -0800 | [diff] [blame] | 154 | |
| 155 | ptr_lib::shared_ptr<PublicKey> pubKey = info().getKey(keyName); |
| 156 | if (!pubKey) |
| 157 | throw Error("Requested public key [" + keyName.toUri() + "] doesn't exist"); |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 158 | |
| 159 | certificate->setName(certificateName); |
| 160 | certificate->setNotBefore(ndn_getNowMilliseconds()); |
| 161 | certificate->setNotAfter(ndn_getNowMilliseconds() + 630720000 /* 20 years*/); |
Alexander Afanasyev | e64788e | 2014-01-05 22:38:21 -0800 | [diff] [blame] | 162 | certificate->setPublicKeyInfo(*pubKey); |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 163 | certificate->addSubjectDescription(CertificateSubjectDescription("2.5.4.41", keyName.toUri())); |
| 164 | certificate->encode(); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 165 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 166 | selfSign(*certificate); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 167 | return certificate; |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 168 | } |
| 169 | |
| 170 | void |
| 171 | IdentityManager::addCertificateAsDefault(const IdentityCertificate& certificate) |
| 172 | { |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 173 | info().addCertificate(certificate); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 174 | |
Jeff Thompson | 418b05a | 2013-10-22 17:48:54 -0700 | [diff] [blame] | 175 | setDefaultCertificateForKey(certificate); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 176 | } |
| 177 | |
| 178 | void |
Jeff Thompson | 418b05a | 2013-10-22 17:48:54 -0700 | [diff] [blame] | 179 | IdentityManager::addCertificateAsIdentityDefault(const IdentityCertificate& certificate) |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 180 | { |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 181 | info().addCertificate(certificate); |
Jeff Thompson | 418b05a | 2013-10-22 17:48:54 -0700 | [diff] [blame] | 182 | |
| 183 | Name keyName = certificate.getPublicKeyName(); |
| 184 | |
| 185 | setDefaultKeyForIdentity(keyName); |
| 186 | |
| 187 | setDefaultCertificateForKey(certificate); |
| 188 | } |
| 189 | |
| 190 | void |
| 191 | IdentityManager::setDefaultCertificateForKey(const IdentityCertificate& certificate) |
| 192 | { |
Alexander Afanasyev | e64788e | 2014-01-05 22:38:21 -0800 | [diff] [blame] | 193 | defaultCertificate_.reset(); |
| 194 | |
Jeff Thompson | 418b05a | 2013-10-22 17:48:54 -0700 | [diff] [blame] | 195 | Name keyName = certificate.getPublicKeyName(); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 196 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 197 | if(!info().doesKeyExist(keyName)) |
| 198 | throw Error("No corresponding Key record for certificate!"); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 199 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 200 | info().setDefaultCertificateNameForKey(keyName, certificate.getName()); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 201 | } |
Alexander Afanasyev | e64788e | 2014-01-05 22:38:21 -0800 | [diff] [blame] | 202 | |
| 203 | void |
| 204 | IdentityManager::sign(Data &data) |
| 205 | { |
| 206 | if (!defaultCertificate_) |
| 207 | { |
| 208 | defaultCertificate_ = info().getCertificate( |
| 209 | info().getDefaultCertificateNameForIdentity( |
| 210 | info().getDefaultIdentity())); |
| 211 | |
| 212 | if(!defaultCertificate_) |
| 213 | throw Error("Default IdentityCertificate cannot be determined"); |
| 214 | } |
| 215 | |
| 216 | signByCertificate(data, *defaultCertificate_); |
| 217 | } |
| 218 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 219 | Signature |
Jeff Thompson | c01e178 | 2013-10-21 14:08:42 -0700 | [diff] [blame] | 220 | IdentityManager::signByCertificate(const uint8_t* buffer, size_t bufferLength, const Name& certificateName) |
Jeff Thompson | 7494261 | 2013-10-24 16:42:32 -0700 | [diff] [blame] | 221 | { |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 222 | ptr_lib::shared_ptr<IdentityCertificate> cert = info().getCertificate(certificateName); |
Alexander Afanasyev | e64788e | 2014-01-05 22:38:21 -0800 | [diff] [blame] | 223 | if (!cert) |
| 224 | throw Error("Requested certificate [" + certificateName.toUri() + "] doesn't exist"); |
| 225 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 226 | SignatureSha256WithRsa signature; |
| 227 | signature.setKeyLocator(certificateName.getPrefix(-1)); // implicit conversion should take care |
Alexander Afanasyev | 04b22a9 | 2014-01-05 22:40:17 -0800 | [diff] [blame] | 228 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 229 | // For temporary usage, we support RSA + SHA256 only, but will support more. |
Alexander Afanasyev | 04b22a9 | 2014-01-05 22:40:17 -0800 | [diff] [blame] | 230 | signature.setValue |
| 231 | (tpm().sign(buffer, bufferLength, cert->getPublicKeyName(), DIGEST_ALGORITHM_SHA256)); |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 232 | return signature; |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 233 | } |
| 234 | |
| 235 | void |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 236 | IdentityManager::signByCertificate(Data &data, const Name &certificateName) |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 237 | { |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 238 | ptr_lib::shared_ptr<IdentityCertificate> cert = info().getCertificate(certificateName); |
Alexander Afanasyev | e64788e | 2014-01-05 22:38:21 -0800 | [diff] [blame] | 239 | if (!cert) |
| 240 | throw Error("Requested certificate [" + certificateName.toUri() + "] doesn't exist"); |
| 241 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 242 | SignatureSha256WithRsa signature; |
| 243 | signature.setKeyLocator(certificateName.getPrefix(-1)); // implicit conversion should take care |
Alexander Afanasyev | 04b22a9 | 2014-01-05 22:40:17 -0800 | [diff] [blame] | 244 | data.setSignature(signature); |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 245 | |
| 246 | // For temporary usage, we support RSA + SHA256 only, but will support more. |
Alexander Afanasyev | 04b22a9 | 2014-01-05 22:40:17 -0800 | [diff] [blame] | 247 | tpm().sign(data, cert->getPublicKeyName(), DIGEST_ALGORITHM_SHA256); |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 248 | } |
| 249 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 250 | void |
Alexander Afanasyev | e64788e | 2014-01-05 22:38:21 -0800 | [diff] [blame] | 251 | IdentityManager::signByCertificate(Data& data, const IdentityCertificate& certificate) |
| 252 | { |
| 253 | SignatureSha256WithRsa signature; |
| 254 | signature.setKeyLocator(certificate.getName().getPrefix(-1)); |
Alexander Afanasyev | 04b22a9 | 2014-01-05 22:40:17 -0800 | [diff] [blame] | 255 | data.setSignature(signature); |
Alexander Afanasyev | e64788e | 2014-01-05 22:38:21 -0800 | [diff] [blame] | 256 | |
| 257 | // For temporary usage, we support RSA + SHA256 only, but will support more. |
Alexander Afanasyev | 04b22a9 | 2014-01-05 22:40:17 -0800 | [diff] [blame] | 258 | tpm().sign(data, certificate.getPublicKeyName(), DIGEST_ALGORITHM_SHA256); |
Alexander Afanasyev | e64788e | 2014-01-05 22:38:21 -0800 | [diff] [blame] | 259 | } |
| 260 | |
| 261 | void |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 262 | IdentityManager::selfSign (IdentityCertificate& cert) |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 263 | { |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 264 | SignatureSha256WithRsa signature; |
| 265 | signature.setKeyLocator(cert.getName().getPrefix(cert.getName().size()-1)); // implicit conversion should take care |
Alexander Afanasyev | 04b22a9 | 2014-01-05 22:40:17 -0800 | [diff] [blame] | 266 | cert.setSignature(signature); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 267 | |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 268 | // For temporary usage, we support RSA + SHA256 only, but will support more. |
Alexander Afanasyev | 04b22a9 | 2014-01-05 22:40:17 -0800 | [diff] [blame] | 269 | tpm().sign(cert, cert.getPublicKeyName(), DIGEST_ALGORITHM_SHA256); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 270 | } |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 271 | |
Jeff Thompson | 418b05a | 2013-10-22 17:48:54 -0700 | [diff] [blame] | 272 | Name |
| 273 | IdentityManager::getKeyNameFromCertificatePrefix(const Name & certificatePrefix) |
| 274 | { |
| 275 | Name result; |
| 276 | |
| 277 | string keyString("KEY"); |
| 278 | int i = 0; |
| 279 | for(; i < certificatePrefix.size(); i++) { |
| 280 | if (certificatePrefix.get(i).toEscapedString() == keyString) |
| 281 | break; |
| 282 | } |
| 283 | |
| 284 | if (i >= certificatePrefix.size()) |
Alexander Afanasyev | bf1a67a | 2014-01-05 23:36:13 -0800 | [diff] [blame] | 285 | throw Error("Identity Certificate Prefix does not have a KEY component"); |
Jeff Thompson | 418b05a | 2013-10-22 17:48:54 -0700 | [diff] [blame] | 286 | |
| 287 | result.append(certificatePrefix.getSubName(0, i)); |
| 288 | result.append(certificatePrefix.getSubName(i + 1, certificatePrefix.size()-i-1)); |
| 289 | |
| 290 | return result; |
| 291 | } |
| 292 | |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 293 | } |