Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / ec3cbad729e259e2758e0d372fbb329b35980aa3 / . / src / security / identity / identity-manager.cpp
blob: 0c572126b1de102d989f49ebdec673082b87d783 [file] [log] [blame]
Jeff Thompson25b4e612013-10-10 16:03:24 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]2/**
Jeff Thompson7687dc02013-09-13 11:54:07 -0700[diff] [blame]3 * Copyright (C) 2013 Regents of the University of California.
Jeff Thompson06e787d2013-09-12 19:00:55 -0700[diff] [blame]4 * @author: Yingdi Yu <yingdi@cs.ucla.edu>
Jeff Thompson7687dc02013-09-13 11:54:07 -0700[diff] [blame]5 * @author: Jeff Thompson <jefft0@remap.ucla.edu>
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]6 * See COPYING for copyright and distribution information.
7 */
8
Jeff Thompsond63baba2013-10-18 17:47:58 -0700[diff] [blame]9#include <ndn-cpp/ndn-cpp-config.h>
10#if NDN_CPP_HAVE_TIME_H
11#include <time.h>
12#endif
13#if NDN_CPP_HAVE_SYS_TIME_H
14#include <sys/time.h>
15#endif
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]16#include <ctime>
17#include <fstream>
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]18#include <math.h>
Jeff Thompson71b2f872013-12-17 12:03:17 -0800[diff] [blame]19#include <ndn-cpp/key-locator.hpp>
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]20
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]21#include "../../util/logging.hpp"
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]22#include "../../c/util/time.h"
Jeff Thompson25b4e612013-10-10 16:03:24 -0700[diff] [blame]23#include <ndn-cpp/security/identity/identity-manager.hpp>
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]24#include "../certificate/identity-certificate.hpp"
25#include "../signature/signature-sha256-with-rsa.hpp"
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]26
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]27INIT_LOGGER("ndn.security.IdentityManager")
28
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700[diff] [blame]29using namespace std;
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]30
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700[diff] [blame]31namespace ndn {
Jeff Thompson86e1d752013-09-17 17:22:38 -0700[diff] [blame]32
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]33IdentityManager::IdentityManager(const ptr_lib::shared_ptr<IdentityStorage> &identityStorage /* = DefaultIdentityStorage */,
34 const ptr_lib::shared_ptr<PrivateKeyStorage> &privateKeyStorage /* = DefaultPrivateKeyStorage */)
35 : identityStorage_(identityStorage)
36 , privateKeyStorage_(privateKeyStorage)
37{
38}
39
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]40Name
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]41IdentityManager::createIdentity(const Name& identityName)
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]42{
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]43 if (!info().doesIdentityExist(identityName)) {
44 _LOG_DEBUG("Create Identity");
45 info().addIdentity(identityName);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]46
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]47 _LOG_DEBUG("Create Default RSA key pair");
48 Name keyName = generateRSAKeyPairAsDefault(identityName, true);
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]49
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]50 _LOG_DEBUG("Create self-signed certificate");
51 ptr_lib::shared_ptr<IdentityCertificate> selfCert = selfSign(keyName);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]52
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]53 _LOG_DEBUG("Add self-signed certificate as default");
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]54
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]55 addCertificateAsDefault(*selfCert);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]56
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]57 return keyName;
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]58 }
59 else
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]60 throw Error("Identity has already been created!");
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]61}
62
63Name
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]64IdentityManager::generateKeyPair(const Name& identityName, bool isKsk, KeyType keyType, int keySize)
65{
66 _LOG_DEBUG("Get new key ID");
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]67 Name keyName = info().getNewKeyName(identityName, isKsk);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]68
69 _LOG_DEBUG("Generate key pair in private storage");
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]70 tpm().generateKeyPair(keyName.toUri(), keyType, keySize);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]71
72 _LOG_DEBUG("Create a key record in public storage");
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]73 ptr_lib::shared_ptr<PublicKey> pubKey = tpm().getPublicKey(keyName.toUri());
74 info().addKey(keyName, keyType, *pubKey);
Jeff Thompson418b05a2013-10-22 17:48:54 -0700[diff] [blame]75
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]76 return keyName;
77}
78
79Name
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]80IdentityManager::generateRSAKeyPair(const Name& identityName, bool isKsk, int keySize)
81{
82 Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize);
Jeff Thompson418b05a2013-10-22 17:48:54 -0700[diff] [blame]83
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]84 return keyName;
85}
86
87Name
88IdentityManager::generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk, int keySize)
89{
Alexander Afanasyeve64788e2014-01-05 22:38:21 -0800[diff] [blame]90 defaultCertificate_.reset();
91
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]92 Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]93
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]94 info().setDefaultKeyNameForIdentity(keyName, identityName);
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]95
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]96 return keyName;
97}
98
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]99ptr_lib::shared_ptr<IdentityCertificate>
Jeff Thompson418b05a2013-10-22 17:48:54 -0700[diff] [blame]100IdentityManager::createIdentityCertificate(const Name& certificatePrefix,
101 const Name& signerCertificateName,
102 const MillisecondsSince1970& notBefore,
103 const MillisecondsSince1970& notAfter)
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]104{
Jeff Thompson418b05a2013-10-22 17:48:54 -0700[diff] [blame]105 Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix);
Alexander Afanasyeve64788e2014-01-05 22:38:21 -0800[diff] [blame]106
107 ptr_lib::shared_ptr<PublicKey> pubKey = info().getKey(keyName);
108 if (!pubKey)
109 throw Error("Requested public key [" + keyName.toUri() + "] doesn't exist");
Jeff Thompson418b05a2013-10-22 17:48:54 -0700[diff] [blame]110
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]111 ptr_lib::shared_ptr<IdentityCertificate> certificate =
112 createIdentityCertificate(certificatePrefix,
Alexander Afanasyeve64788e2014-01-05 22:38:21 -0800[diff] [blame]113 *pubKey,
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]114 signerCertificateName,
115 notBefore, notAfter);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]116
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]117 info().addCertificate(*certificate);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]118
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]119 return certificate;
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]120}
121
122ptr_lib::shared_ptr<IdentityCertificate>
Jeff Thompson418b05a2013-10-22 17:48:54 -0700[diff] [blame]123IdentityManager::createIdentityCertificate(const Name& certificatePrefix,
124 const PublicKey& publicKey,
125 const Name& signerCertificateName,
126 const MillisecondsSince1970& notBefore,
127 const MillisecondsSince1970& notAfter)
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]128{
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]129 ptr_lib::shared_ptr<IdentityCertificate> certificate (new IdentityCertificate());
Jeff Thompson418b05a2013-10-22 17:48:54 -0700[diff] [blame]130 Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]131
Jeff Thompson418b05a2013-10-22 17:48:54 -0700[diff] [blame]132 Name certificateName = certificatePrefix;
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]133 certificateName.append("ID-CERT").appendVersion();
Jeff Thompson418b05a2013-10-22 17:48:54 -0700[diff] [blame]134
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]135 certificate->setName(certificateName);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]136 certificate->setNotBefore(notBefore);
137 certificate->setNotAfter(notAfter);
138 certificate->setPublicKeyInfo(publicKey);
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]139 certificate->addSubjectDescription(CertificateSubjectDescription("2.5.4.41", keyName.toUri()));
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]140 certificate->encode();
141
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]142 signByCertificate(*certificate, signerCertificateName);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]143
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]144 return certificate;
145}
146
147ptr_lib::shared_ptr<IdentityCertificate>
148IdentityManager::selfSign(const Name& keyName)
149{
150 ptr_lib::shared_ptr<IdentityCertificate> certificate(new IdentityCertificate());
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]151
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]152 Name certificateName = keyName.getSubName(0, keyName.size() - 1);
153 certificateName.append("KEY").append(keyName.get(keyName.size() - 1)).append("ID-CERT").appendVersion();
Alexander Afanasyeve64788e2014-01-05 22:38:21 -0800[diff] [blame]154
155 ptr_lib::shared_ptr<PublicKey> pubKey = info().getKey(keyName);
156 if (!pubKey)
157 throw Error("Requested public key [" + keyName.toUri() + "] doesn't exist");
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]158
159 certificate->setName(certificateName);
160 certificate->setNotBefore(ndn_getNowMilliseconds());
161 certificate->setNotAfter(ndn_getNowMilliseconds() + 630720000 /* 20 years*/);
Alexander Afanasyeve64788e2014-01-05 22:38:21 -0800[diff] [blame]162 certificate->setPublicKeyInfo(*pubKey);
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]163 certificate->addSubjectDescription(CertificateSubjectDescription("2.5.4.41", keyName.toUri()));
164 certificate->encode();
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]165
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]166 selfSign(*certificate);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]167 return certificate;
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]168}
169
170void
171IdentityManager::addCertificateAsDefault(const IdentityCertificate& certificate)
172{
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]173 info().addCertificate(certificate);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]174
Jeff Thompson418b05a2013-10-22 17:48:54 -0700[diff] [blame]175 setDefaultCertificateForKey(certificate);
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]176}
177
178void
Jeff Thompson418b05a2013-10-22 17:48:54 -0700[diff] [blame]179IdentityManager::addCertificateAsIdentityDefault(const IdentityCertificate& certificate)
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]180{
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]181 info().addCertificate(certificate);
Jeff Thompson418b05a2013-10-22 17:48:54 -0700[diff] [blame]182
183 Name keyName = certificate.getPublicKeyName();
184
185 setDefaultKeyForIdentity(keyName);
186
187 setDefaultCertificateForKey(certificate);
188}
189
190void
191IdentityManager::setDefaultCertificateForKey(const IdentityCertificate& certificate)
192{
Alexander Afanasyeve64788e2014-01-05 22:38:21 -0800[diff] [blame]193 defaultCertificate_.reset();
194
Jeff Thompson418b05a2013-10-22 17:48:54 -0700[diff] [blame]195 Name keyName = certificate.getPublicKeyName();
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]196
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]197 if(!info().doesKeyExist(keyName))
198 throw Error("No corresponding Key record for certificate!");
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]199
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]200 info().setDefaultCertificateNameForKey(keyName, certificate.getName());
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]201}
Alexander Afanasyeve64788e2014-01-05 22:38:21 -0800[diff] [blame]202
203void
204IdentityManager::sign(Data &data)
205{
206 if (!defaultCertificate_)
207 {
208 defaultCertificate_ = info().getCertificate(
209 info().getDefaultCertificateNameForIdentity(
210 info().getDefaultIdentity()));
211
212 if(!defaultCertificate_)
213 throw Error("Default IdentityCertificate cannot be determined");
214 }
215
216 signByCertificate(data, *defaultCertificate_);
217}
218
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]219Signature
Jeff Thompsonc01e1782013-10-21 14:08:42 -0700[diff] [blame]220IdentityManager::signByCertificate(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
Jeff Thompson74942612013-10-24 16:42:32 -0700[diff] [blame]221{
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]222 ptr_lib::shared_ptr<IdentityCertificate> cert = info().getCertificate(certificateName);
Alexander Afanasyeve64788e2014-01-05 22:38:21 -0800[diff] [blame]223 if (!cert)
224 throw Error("Requested certificate [" + certificateName.toUri() + "] doesn't exist");
225
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]226 SignatureSha256WithRsa signature;
227 signature.setKeyLocator(certificateName.getPrefix(-1)); // implicit conversion should take care
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]228
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]229 // For temporary usage, we support RSA + SHA256 only, but will support more.
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]230 signature.setValue
231 (tpm().sign(buffer, bufferLength, cert->getPublicKeyName(), DIGEST_ALGORITHM_SHA256));
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]232 return signature;
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]233}
234
235void
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]236IdentityManager::signByCertificate(Data &data, const Name &certificateName)
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]237{
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]238 ptr_lib::shared_ptr<IdentityCertificate> cert = info().getCertificate(certificateName);
Alexander Afanasyeve64788e2014-01-05 22:38:21 -0800[diff] [blame]239 if (!cert)
240 throw Error("Requested certificate [" + certificateName.toUri() + "] doesn't exist");
241
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]242 SignatureSha256WithRsa signature;
243 signature.setKeyLocator(certificateName.getPrefix(-1)); // implicit conversion should take care
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]244 data.setSignature(signature);
Jeff Thompson86e1d752013-09-17 17:22:38 -0700[diff] [blame]245
246 // For temporary usage, we support RSA + SHA256 only, but will support more.
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]247 tpm().sign(data, cert->getPublicKeyName(), DIGEST_ALGORITHM_SHA256);
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]248}
249
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]250void
Alexander Afanasyeve64788e2014-01-05 22:38:21 -0800[diff] [blame]251IdentityManager::signByCertificate(Data& data, const IdentityCertificate& certificate)
252{
253 SignatureSha256WithRsa signature;
254 signature.setKeyLocator(certificate.getName().getPrefix(-1));
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]255 data.setSignature(signature);
Alexander Afanasyeve64788e2014-01-05 22:38:21 -0800[diff] [blame]256
257 // For temporary usage, we support RSA + SHA256 only, but will support more.
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]258 tpm().sign(data, certificate.getPublicKeyName(), DIGEST_ALGORITHM_SHA256);
Alexander Afanasyeve64788e2014-01-05 22:38:21 -0800[diff] [blame]259}
260
261void
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]262IdentityManager::selfSign (IdentityCertificate& cert)
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]263{
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]264 SignatureSha256WithRsa signature;
265 signature.setKeyLocator(cert.getName().getPrefix(cert.getName().size()-1)); // implicit conversion should take care
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]266 cert.setSignature(signature);
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]267
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]268 // For temporary usage, we support RSA + SHA256 only, but will support more.
Alexander Afanasyev04b22a92014-01-05 22:40:17 -0800[diff] [blame]269 tpm().sign(cert, cert.getPublicKeyName(), DIGEST_ALGORITHM_SHA256);
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]270}
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]271
Jeff Thompson418b05a2013-10-22 17:48:54 -0700[diff] [blame]272Name
273IdentityManager::getKeyNameFromCertificatePrefix(const Name & certificatePrefix)
274{
275 Name result;
276
277 string keyString("KEY");
278 int i = 0;
279 for(; i < certificatePrefix.size(); i++) {
280 if (certificatePrefix.get(i).toEscapedString() == keyString)
281 break;
282 }
283
284 if (i >= certificatePrefix.size())
Alexander Afanasyevbf1a67a2014-01-05 23:36:13 -0800[diff] [blame]285 throw Error("Identity Certificate Prefix does not have a KEY component");
Jeff Thompson418b05a2013-10-22 17:48:54 -0700[diff] [blame]286
287 result.append(certificatePrefix.getSubName(0, i));
288 result.append(certificatePrefix.getSubName(i + 1, certificatePrefix.size()-i-1));
289
290 return result;
291}
292
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]293}