Jeff Thompson | 25b4e61 | 2013-10-10 16:03:24 -0700 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 2 | /** |
Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 3 | * Copyright (C) 2013 Regents of the University of California. |
Jeff Thompson | 06e787d | 2013-09-12 19:00:55 -0700 | [diff] [blame] | 4 | * @author: Yingdi Yu <yingdi@cs.ucla.edu> |
Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 5 | * @author: Jeff Thompson <jefft0@remap.ucla.edu> |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 6 | * See COPYING for copyright and distribution information. |
| 7 | */ |
| 8 | |
Jeff Thompson | 6154ae2 | 2013-10-18 10:44:57 -0700 | [diff] [blame] | 9 | #if 1 // TODO: Remove this when we don't throw "not implemented". |
Jeff Thompson | 0f2096f | 2013-10-01 14:49:42 -0700 | [diff] [blame] | 10 | #include <stdexcept> |
| 11 | #endif |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 12 | #include <ctime> |
| 13 | #include <fstream> |
| 14 | #include <ndn-cpp/key.hpp> |
Jeff Thompson | 25b4e61 | 2013-10-10 16:03:24 -0700 | [diff] [blame] | 15 | #include <ndn-cpp/sha256-with-rsa-signature.hpp> |
| 16 | #include <ndn-cpp/security/security-exception.hpp> |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 17 | #include "../../util/logging.hpp" |
Jeff Thompson | 25b4e61 | 2013-10-10 16:03:24 -0700 | [diff] [blame] | 18 | #include <ndn-cpp/security/identity/identity-manager.hpp> |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 19 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 20 | INIT_LOGGER("ndn.security.IdentityManager") |
| 21 | |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 22 | using namespace std; |
| 23 | using namespace ndn::ptr_lib; |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 24 | |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 25 | namespace ndn { |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 26 | |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 27 | Name |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 28 | IdentityManager::createIdentity(const Name& identityName) |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 29 | { |
| 30 | if (!identityStorage_->doesIdentityExist(identityName)) { |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 31 | _LOG_DEBUG("Create Identity"); |
| 32 | identityStorage_->addIdentity(identityName); |
| 33 | |
| 34 | _LOG_DEBUG("Create Default RSA key pair"); |
| 35 | Name keyName = generateRSAKeyPairAsDefault(identityName, true); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 36 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 37 | _LOG_DEBUG("Create self-signed certificate"); |
| 38 | shared_ptr<IdentityCertificate> selfCert = selfSign(keyName); |
| 39 | |
| 40 | _LOG_DEBUG("Add self-signed certificate as default"); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 41 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 42 | addCertificateAsDefault(*selfCert); |
| 43 | |
| 44 | return keyName; |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 45 | } |
| 46 | else |
| 47 | throw SecurityException("Identity has already been created!"); |
| 48 | } |
| 49 | |
| 50 | Name |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 51 | IdentityManager::generateKeyPair(const Name& identityName, bool isKsk, KeyType keyType, int keySize) |
| 52 | { |
| 53 | _LOG_DEBUG("Get new key ID"); |
| 54 | Name keyName = identityStorage_->getNewKeyName(identityName, isKsk); |
| 55 | |
| 56 | _LOG_DEBUG("Generate key pair in private storage"); |
| 57 | privateKeyStorage_->generateKeyPair(keyName.toUri(), keyType, keySize); |
| 58 | |
| 59 | _LOG_DEBUG("Create a key record in public storage"); |
| 60 | shared_ptr<PublicKey> pubKey = privateKeyStorage_->getPublicKey(keyName.toUri()); |
| 61 | identityStorage_->addKey(keyName, keyType, pubKey->getKeyDer()); |
| 62 | _LOG_DEBUG("OK"); |
| 63 | return keyName; |
| 64 | } |
| 65 | |
| 66 | Name |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 67 | IdentityManager::generateRSAKeyPair(const Name& identityName, bool isKsk, int keySize) |
| 68 | { |
| 69 | Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize); |
| 70 | _LOG_DEBUG("OK2"); |
| 71 | return keyName; |
| 72 | } |
| 73 | |
| 74 | Name |
| 75 | IdentityManager::generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk, int keySize) |
| 76 | { |
| 77 | Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 78 | |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 79 | identityStorage_->setDefaultKeyNameForIdentity(keyName, identityName); |
| 80 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 81 | return keyName; |
| 82 | } |
| 83 | |
| 84 | Name |
Jeff Thompson | 9a8e82f | 2013-10-17 14:13:43 -0700 | [diff] [blame] | 85 | IdentityManager::createIdentityCertificate(const Name& keyName, const Name& signerCertificateName, const MillisecondsSince1970& notBefore, const MillisecondsSince1970& notAfter) |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 86 | { |
| 87 | Blob keyBlob = identityStorage_->getKey(keyName); |
| 88 | shared_ptr<PublicKey> publicKey = PublicKey::fromDer(keyBlob); |
| 89 | |
| 90 | shared_ptr<IdentityCertificate> certificate = createIdentityCertificate |
| 91 | (keyName, *publicKey, signerCertificateName, notBefore, notAfter); |
| 92 | |
| 93 | identityStorage_->addCertificate(*certificate); |
| 94 | |
| 95 | return certificate->getName(); |
| 96 | } |
| 97 | |
| 98 | ptr_lib::shared_ptr<IdentityCertificate> |
| 99 | IdentityManager::createIdentityCertificate |
Jeff Thompson | 9a8e82f | 2013-10-17 14:13:43 -0700 | [diff] [blame] | 100 | (const Name& keyName, const PublicKey& publicKey, const Name& signerCertificateName, const MillisecondsSince1970& notBefore, const MillisecondsSince1970& notAfter) |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 101 | { |
| 102 | #if 0 |
| 103 | shared_ptr<IdentityCertificate> certificate(new IdentityCertificate()); |
| 104 | |
| 105 | Name certificateName; |
| 106 | TimeInterval ti = time::NowUnixTimestamp(); |
| 107 | ostringstream oss; |
| 108 | oss << ti.total_seconds(); |
| 109 | |
| 110 | certificateName.append(keyName).append("ID-CERT").append(oss.str()); |
| 111 | certificate->setName(certificateName); |
| 112 | |
| 113 | certificate->setNotBefore(notBefore); |
| 114 | certificate->setNotAfter(notAfter); |
| 115 | certificate->setPublicKeyInfo(publicKey); |
| 116 | certificate->addSubjectDescription(CertificateSubDescrypt("2.5.4.41", keyName.toUri())); |
| 117 | certificate->encode(); |
| 118 | |
| 119 | shared_ptr<Sha256WithRsaSignature> sha256Sig(new Sha256WithRsaSignature()); |
| 120 | |
| 121 | KeyLocator keyLocator; |
| 122 | keyLocator.setType(KeyLocator::KEYNAME); |
| 123 | keyLocator.setKeyName(signerCertificateName); |
| 124 | |
| 125 | sha256Sig->setKeyLocator(keyLocator); |
| 126 | sha256Sig->setPublisherKeyDigest(*publicKey.getDigest()); |
| 127 | |
| 128 | certificate->setSignature(sha256Sig); |
| 129 | |
| 130 | SignedBlob unsignedData = certificate->encodeToUnsignedWire(); |
| 131 | |
| 132 | Blob sigBits = privateKeyStorage_->sign(*unsignedData, keyName); |
| 133 | |
| 134 | sha256Sig->setSignatureBits(*sigBits); |
| 135 | |
| 136 | return certificate; |
| 137 | #else |
Jeff Thompson | 4affbf5 | 2013-10-18 14:36:46 -0700 | [diff] [blame] | 138 | throw runtime_error("not implemented"); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 139 | #endif |
| 140 | } |
| 141 | |
| 142 | void |
| 143 | IdentityManager::addCertificateAsDefault(const IdentityCertificate& certificate) |
| 144 | { |
| 145 | identityStorage_->addCertificate(certificate); |
| 146 | |
| 147 | Name keyName = identityStorage_->getKeyNameForCertificate(certificate.getName()); |
| 148 | |
| 149 | setDefaultKeyForIdentity(keyName); |
| 150 | |
| 151 | setDefaultCertificateForKey(certificate.getName()); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 152 | } |
| 153 | |
| 154 | void |
| 155 | IdentityManager::setDefaultCertificateForKey(const Name& certificateName) |
| 156 | { |
| 157 | Name keyName = identityStorage_->getKeyNameForCertificate(certificateName); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 158 | |
| 159 | if(!identityStorage_->doesKeyExist(keyName)) |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 160 | throw SecurityException("No corresponding Key record for certificaite!"); |
| 161 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 162 | identityStorage_->setDefaultCertificateNameForKey(keyName, certificateName); |
| 163 | } |
| 164 | |
| 165 | ptr_lib::shared_ptr<Signature> |
| 166 | IdentityManager::signByCertificate(const uint8_t* data, size_t dataLength, const Name& certificateName) |
| 167 | { |
| 168 | #if 0 |
| 169 | Name keyName = identityStorage_->getKeyNameForCertificate(certName); |
| 170 | |
| 171 | shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName.toUri()); |
| 172 | |
| 173 | Blob sigBits = privateKeyStorage_->sign(blob, keyName.toUri()); |
| 174 | |
| 175 | //For temporary usage, we support RSA + SHA256 only, but will support more. |
| 176 | shared_ptr<signature::Sha256WithRsa> sha256Sig = shared_ptr<signature::Sha256WithRsa>::Create(); |
| 177 | |
| 178 | KeyLocator keyLocator; |
| 179 | keyLocator.setType(KeyLocator::KEYNAME); |
| 180 | keyLocator.setKeyName(certName); |
| 181 | |
| 182 | sha256Sig->setKeyLocator(keyLocator); |
| 183 | sha256Sig->setPublisherKeyDigest(*publicKey->getDigest()); |
| 184 | sha256Sig->setSignatureBits(*sigBits); |
| 185 | |
| 186 | return sha256Sig; |
| 187 | #else |
Jeff Thompson | 4affbf5 | 2013-10-18 14:36:46 -0700 | [diff] [blame] | 188 | throw runtime_error("not implemented"); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 189 | #endif |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 190 | } |
| 191 | |
| 192 | void |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 193 | IdentityManager::signByCertificate(Data &data, const Name &certificateName, WireFormat& wireFormat) |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 194 | { |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 195 | Name keyName = identityStorage_->getKeyNameForCertificate(certificateName); |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 196 | |
| 197 | shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName); |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 198 | |
| 199 | // For temporary usage, we support RSA + SHA256 only, but will support more. |
| 200 | data.setSignature(Sha256WithRsaSignature()); |
| 201 | // Get a pointer to the clone which Data made. |
| 202 | Sha256WithRsaSignature *signature = dynamic_cast<Sha256WithRsaSignature*>(data.getSignature()); |
| 203 | DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256; |
| 204 | |
| 205 | signature->getKeyLocator().setType(ndn_KeyLocatorType_KEYNAME); |
| 206 | signature->getKeyLocator().setKeyName(certificateName); |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 207 | // Omit the certificate digest. |
| 208 | signature->getKeyLocator().setKeyNameType((ndn_KeyNameType)-1); |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 209 | // Ignore witness and leave the digestAlgorithm as the default. |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 210 | signature->getPublisherPublicKeyDigest().setPublisherPublicKeyDigest(publicKey->getDigest()); |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 211 | |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 212 | // Encode once to get the signed portion. |
| 213 | SignedBlob encoding = data.wireEncode(wireFormat); |
| 214 | |
| 215 | signature->setSignature |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 216 | (privateKeyStorage_->sign(encoding.signedBuf(), encoding.signedSize(), keyName, digestAlgorithm)); |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 217 | |
| 218 | // Encode again to include the signature. |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 219 | data.wireEncode(wireFormat); |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 220 | } |
| 221 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 222 | shared_ptr<IdentityCertificate> |
| 223 | IdentityManager::selfSign(const Name& keyName) |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 224 | { |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 225 | #if 0 |
| 226 | shared_ptr<IdentityCertificate> certificate = Create<IdentityCertificate>(); |
| 227 | |
| 228 | Name certificateName; |
| 229 | certificateName.append(keyName).append("ID-CERT").append("0"); |
| 230 | certificate->setName(certificateName); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 231 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 232 | Blob keyBlob = identityStorage_->getKey(keyName); |
| 233 | shared_ptr<PublicKey> publicKey = PublicKey::fromDer(keyBlob); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 234 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 235 | tm current = boost::posix_time::to_tm(time::Now()); |
| 236 | current.tm_hour = 0; |
| 237 | current.tm_min = 0; |
| 238 | current.tm_sec = 0; |
Jeff Thompson | 9a8e82f | 2013-10-17 14:13:43 -0700 | [diff] [blame] | 239 | MillisecondsSince1970 notBefore = boost::posix_time::ptime_from_tm(current); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 240 | current.tm_year = current.tm_year + 20; |
Jeff Thompson | 9a8e82f | 2013-10-17 14:13:43 -0700 | [diff] [blame] | 241 | MillisecondsSince1970 notAfter = boost::posix_time::ptime_from_tm(current); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 242 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 243 | certificate->setNotBefore(notBefore); |
| 244 | certificate->setNotAfter(notAfter); |
| 245 | certificate->setPublicKeyInfo(*publicKey); |
| 246 | certificate->addSubjectDescription(CertificateSubDescrypt("2.5.4.41", keyName.toUri())); |
| 247 | certificate->encode(); |
| 248 | |
| 249 | shared_ptr<signature::Sha256WithRsa> sha256Sig = shared_ptr<signature::Sha256WithRsa>::Create(); |
| 250 | |
| 251 | KeyLocator keyLocator; |
| 252 | keyLocator.setType(KeyLocator::KEYNAME); |
| 253 | keyLocator.setKeyName(certificateName); |
| 254 | |
| 255 | sha256Sig->setKeyLocator(keyLocator); |
| 256 | sha256Sig->setPublisherKeyDigest(*publicKey->getDigest()); |
| 257 | |
| 258 | certificate->setSignature(sha256Sig); |
| 259 | |
| 260 | Blob unsignedData = certificate->encodeToUnsignedWire(); |
| 261 | |
| 262 | Blob sigBits = privateKeyStorage_->sign(*unsignedData, keyName.toUri()); |
| 263 | |
| 264 | sha256Sig->setSignatureBits(*sigBits); |
| 265 | |
| 266 | return certificate; |
| 267 | #else |
Jeff Thompson | 4affbf5 | 2013-10-18 14:36:46 -0700 | [diff] [blame] | 268 | throw runtime_error("not implemented"); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 269 | #endif |
| 270 | } |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 271 | |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 272 | } |