Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / fdbfc6d9134da1506caf90eaf62c45375cc5bfb7 / . / src / security / sec-tpm-file.cpp
blob: 3a05282c9f7275e4e11faa89eaea1e6ad26c6b7a [file] [log] [blame]
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/**
3 * Copyright (C) 2013 Regents of the University of California.
4 * @author: Xingyu Ma <maxy12@cs.ucla.edu>
5 * Alexander Afanasyev <alexander.afanasyev@ucla.edu>
6 * Yingdi Yu <yingdi@cs.ucla.edu>
7 * See COPYING for copyright and distribution information.
8 */
9
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]10#include "common.hpp"
Yingdi Yu04020922014-01-22 12:46:53 -0800[diff] [blame]11
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]12#include "sec-tpm-file.hpp"
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]13
14#include <boost/filesystem.hpp>
15#include <boost/algorithm/string.hpp>
16
Junxiao Shi482ccc52014-03-31 13:05:24 -0700[diff] [blame]17#include "cryptopp.hpp"
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]18
19#include <sys/types.h>
20#include <sys/stat.h>
21
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]22#include <algorithm>
23
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]24using namespace std;
25
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]26namespace ndn {
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]27
28class SecTpmFile::Impl {
29public:
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]30 Impl(const string& dir)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]31 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]32 if (dir.empty())
Yingdi Yu37e317f2014-03-19 12:16:23 -0700[diff] [blame]33 m_keystorePath = boost::filesystem::path(getenv("HOME")) / ".ndn" / "ndnsec-tpm-file";
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]34 else
35 m_keystorePath = dir;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]36
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]37 boost::filesystem::create_directories (m_keystorePath);
38 }
39
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]40 boost::filesystem::path
41 nameTransform(const string& keyName, const string& extension)
42 {
43 using namespace CryptoPP;
44 string digest;
45 SHA256 hash;
46 StringSource src(keyName, true, new HashFilter(hash, new Base64Encoder (new CryptoPP::StringSink(digest))));
47
48 boost::algorithm::trim(digest);
49 std::replace(digest.begin(), digest.end(), '/', '%');
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]50
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]51 return m_keystorePath / (digest + extension);
52 }
53
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]54 string
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]55 maintainMapping(const string& keyName)
56 {
57 string keyFileName = nameTransform(keyName, "").string();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]58
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]59 ofstream outfile;
60 string dirFile = (m_keystorePath / "mapping.txt").string();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]61
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]62 outfile.open(dirFile.c_str(), std::ios_base::app);
63 outfile << keyName << ' ' << keyFileName << '\n';
64 outfile.close();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]65
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]66 return keyFileName;
67 }
68
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]69public:
70 boost::filesystem::path m_keystorePath;
71};
72
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]73
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]74SecTpmFile::SecTpmFile(const string& dir)
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]75 : m_impl(new Impl(dir))
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]76 , m_inTerminal(false)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]77{}
78
79void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]80SecTpmFile::generateKeyPairInTpm(const Name& keyName, KeyType keyType, int keySize)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]81{
82 string keyURI = keyName.toUri();
83
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]84 if (doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]85 throw Error("public key exists");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]86 if (doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]87 throw Error("private key exists");
88
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]89 string keyFileName = m_impl->maintainMapping(keyURI);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]90
91 try{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]92 switch (keyType){
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]93 case KEY_TYPE_RSA:
94 {
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]95 using namespace CryptoPP;
96 AutoSeededRandomPool rng;
97
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]98 InvertibleRSAFunction privateKey;
99 privateKey.Initialize(rng, keySize);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]100
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]101 string privateKeyFileName = keyFileName + ".pri";
102 Base64Encoder privateKeySink(new FileSink(privateKeyFileName.c_str()));
103 privateKey.DEREncode(privateKeySink);
104 privateKeySink.MessageEnd();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]105
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]106 RSAFunction publicKey(privateKey);
107 string publicKeyFileName = keyFileName + ".pub";
108 Base64Encoder publicKeySink(new FileSink(publicKeyFileName.c_str()));
109 publicKey.DEREncode(publicKeySink);
110 publicKeySink.MessageEnd();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]111
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]112 /*set file permission*/
113 chmod(privateKeyFileName.c_str(), 0000400);
114 chmod(publicKeyFileName.c_str(), 0000444);
115 return;
116 }
117 default:
118 throw Error("Unsupported key type!");
119 }
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]120 }catch (const CryptoPP::Exception& e){
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]121 throw Error(e.what());
122 }
123}
124
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]125void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]126SecTpmFile::deleteKeyPairInTpm(const Name& keyName)
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]127{
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]128 boost::filesystem::path publicKeyPath(m_impl->nameTransform(keyName.toUri(), ".pub"));
129 boost::filesystem::path privateKeyPath(m_impl->nameTransform(keyName.toUri(), ".pri"));
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]130
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]131 if (boost::filesystem::exists(publicKeyPath))
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]132 boost::filesystem::remove(publicKeyPath);
133
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]134 if (boost::filesystem::exists(privateKeyPath))
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]135 boost::filesystem::remove(privateKeyPath);
136}
137
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]138shared_ptr<PublicKey>
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]139SecTpmFile::getPublicKeyFromTpm(const Name& keyName)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]140{
141 string keyURI = keyName.toUri();
142
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]143 if (!doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]144 throw Error("Public Key already exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]145
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]146 ostringstream os;
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]147 try{
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]148 using namespace CryptoPP;
149 FileSource(m_impl->nameTransform(keyURI, ".pub").string().c_str(), true, new Base64Decoder(new FileSink(os)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]150 }catch (const CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]151 throw Error(e.what());
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]152 }
153
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]154 return make_shared<PublicKey>(reinterpret_cast<const uint8_t*>(os.str().c_str()), os.str().size());
155}
156
157ConstBufferPtr
158SecTpmFile::exportPrivateKeyPkcs1FromTpm(const Name& keyName)
159{
160 OBufferStream privateKeyOs;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]161 CryptoPP::FileSource(m_impl->nameTransform(keyName.toUri(), ".pri").string().c_str(), true,
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]162 new CryptoPP::Base64Decoder(new CryptoPP::FileSink(privateKeyOs)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]163
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]164 return privateKeyOs.buf();
165}
166
167bool
168SecTpmFile::importPrivateKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size)
169{
170 try{
171 string keyFileName = m_impl->maintainMapping(keyName.toUri());
172 keyFileName.append(".pri");
173 CryptoPP::StringSource(buf, size, true,
174 new CryptoPP::Base64Encoder(new CryptoPP::FileSink(keyFileName.c_str())));
175 return true;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]176 }catch (...){
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]177 return false;
178 }
179}
180
181bool
182SecTpmFile::importPublicKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size)
183{
184 try{
185 string keyFileName = m_impl->maintainMapping(keyName.toUri());
186 keyFileName.append(".pub");
187 CryptoPP::StringSource(buf, size, true,
188 new CryptoPP::Base64Encoder(new CryptoPP::FileSink(keyFileName.c_str())));
189 return true;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]190 }catch (...){
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]191 return false;
192 }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]193}
194
195Block
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]196SecTpmFile::signInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]197{
198 string keyURI = keyName.toUri();
199
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]200 if (!doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]201 throw Error("private key doesn't exists");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]202
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]203 try{
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]204 using namespace CryptoPP;
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]205 AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]206
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]207 //Read private key
208 ByteQueue bytes;
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]209 FileSource file(m_impl->nameTransform(keyURI, ".pri").string().c_str(), true, new Base64Decoder);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]210 file.TransferTo(bytes);
211 bytes.MessageEnd();
212 RSA::PrivateKey privateKey;
213 privateKey.Load(bytes);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]214
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]215 //Sign message
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]216 switch (digestAlgorithm){
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]217 case DIGEST_ALGORITHM_SHA256:
218 {
219 RSASS<PKCS1v15, SHA256>::Signer signer(privateKey);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]220
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]221 OBufferStream os;
222 StringSource(data, dataLength, true, new SignerFilter(rng, signer, new FileSink(os)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]223
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]224 return Block(Tlv::SignatureValue, os.buf());
225 }
226 default:
227 throw Error("Unsupported digest algorithm!");
228 }
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]229 }catch (const CryptoPP::Exception& e){
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]230 throw Error(e.what());
231 }
232}
233
234
235ConstBufferPtr
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]236SecTpmFile::decryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]237{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]238 throw Error("SecTpmFile::decryptInTpm is not supported!");
239 // string keyURI = keyName.toUri();
240 // if (!isSymmetric)
241 // {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]242 // if (!doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]243 // throw Error("private key doesn't exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]244
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]245 // try{
246 // using namespace CryptoPP;
247 // AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]248
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]249 // //Read private key
250 // ByteQueue bytes;
251 // FileSource file(m_impl->nameTransform(keyURI, ".pri").string().c_str(), true, new Base64Decoder);
252 // file.TransferTo(bytes);
253 // bytes.MessageEnd();
254 // RSA::PrivateKey privateKey;
255 // privateKey.Load(bytes);
256 // RSAES_PKCS1v15_Decryptor decryptor(privateKey);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]257
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]258 // OBufferStream os;
259 // StringSource(data, dataLength, true, new PK_DecryptorFilter(rng, decryptor, new FileSink(os)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]260
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]261 // return os.buf();
262 // }
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]263 // catch (const CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]264 // throw Error(e.what());
265 // }
266 // }
267 // else
268 // {
269 // throw Error("Symmetric encryption is not implemented!");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]270 // // if (!doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]271 // // throw Error("symmetric key doesn't exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]272
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]273 // // try{
274 // // string keyBits;
275 // // string symKeyFileName = m_impl->nameTransform(keyURI, ".key");
276 // // FileSource(symKeyFileName, true, new HexDecoder(new StringSink(keyBits)));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]277
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]278 // // using CryptoPP::AES;
279 // // AutoSeededRandomPool rnd;
280 // // byte iv[AES::BLOCKSIZE];
281 // // rnd.GenerateBlock(iv, AES::BLOCKSIZE);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]282
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]283 // // CFB_Mode<AES>::Decryption decryptor;
284 // // decryptor.SetKeyWithIV(reinterpret_cast<const uint8_t*>(keyBits.c_str()), keyBits.size(), iv);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]285
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]286 // // OBufferStream os;
287 // // StringSource(data, dataLength, true, new StreamTransformationFilter(decryptor,new FileSink(os)));
288 // // return os.buf();
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]289
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]290 // // }catch (const CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]291 // // throw Error(e.what());
292 // // }
293 // }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]294}
295
296ConstBufferPtr
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]297SecTpmFile::encryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]298{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]299 throw Error("SecTpmFile::encryptInTpm is not supported!");
300 // string keyURI = keyName.toUri();
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]301
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]302 // if (!isSymmetric)
303 // {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]304 // if (!doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]305 // throw Error("public key doesn't exist");
306 // try
307 // {
308 // using namespace CryptoPP;
309 // AutoSeededRandomPool rng;
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]310
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]311 // //Read private key
312 // ByteQueue bytes;
313 // FileSource file(m_impl->nameTransform(keyURI, ".pub").string().c_str(), true, new Base64Decoder);
314 // file.TransferTo(bytes);
315 // bytes.MessageEnd();
316 // RSA::PublicKey publicKey;
317 // publicKey.Load(bytes);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]318
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]319 // OBufferStream os;
320 // RSAES_PKCS1v15_Encryptor encryptor(publicKey);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]321
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]322 // StringSource(data, dataLength, true, new PK_EncryptorFilter(rng, encryptor, new FileSink(os)));
323 // return os.buf();
324 // }
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]325 // catch (const CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]326 // throw Error(e.what());
327 // }
328 // }
329 // else
330 // {
331 // throw Error("Symmetric encryption is not implemented!");
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]332 // // if (!doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]333 // // throw Error("symmetric key doesn't exist");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]334
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]335 // // try{
336 // // string keyBits;
337 // // string symKeyFileName = m_impl->nameTransform(keyURI, ".key");
338 // // FileSource(symKeyFileName, true, new HexDecoder(new StringSink(keyBits)));
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]339
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]340 // // using CryptoPP::AES;
341 // // AutoSeededRandomPool rnd;
342 // // byte iv[AES::BLOCKSIZE];
343 // // rnd.GenerateBlock(iv, AES::BLOCKSIZE);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]344
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]345 // // CFB_Mode<AES>::Encryption encryptor;
346 // // encryptor.SetKeyWithIV(reinterpret_cast<const uint8_t*>(keyBits.c_str()), keyBits.size(), iv);
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]347
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]348 // // OBufferStream os;
349 // // StringSource(data, dataLength, true, new StreamTransformationFilter(encryptor, new FileSink(os)));
350 // // return os.buf();
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]351 // // }catch (const CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]352 // // throw Error(e.what());
353 // // }
354 // }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]355}
356
357
358void
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]359SecTpmFile::generateSymmetricKeyInTpm(const Name& keyName, KeyType keyType, int keySize)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]360{
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]361 throw Error("SecTpmFile::generateSymmetricKeyInTpm is not supported!");
362 // string keyURI = keyName.toUri();
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]363
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]364 // if (doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC))
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]365 // throw Error("symmetric key exists");
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]366
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]367 // string keyFileName = m_impl->maintainMapping(keyURI);
368 // string symKeyFileName = keyFileName + ".key";
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]369
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]370 // try{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]371 // switch (keyType){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]372 // case KEY_TYPE_AES:
373 // {
374 // using namespace CryptoPP;
375 // AutoSeededRandomPool rng;
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]376
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]377 // SecByteBlock key(0x00, keySize);
378 // rng.GenerateBlock(key, keySize);
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]379
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]380 // StringSource(key, key.size(), true, new HexEncoder(new FileSink(symKeyFileName.c_str())));
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]381
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]382 // chmod(symKeyFileName.c_str(), 0000400);
383 // return;
384 // }
385 // default:
386 // throw Error("Unsupported symmetric key type!");
387 // }
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]388 // }catch (const CryptoPP::Exception& e){
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]389 // throw Error(e.what());
390 // }
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]391}
392
393bool
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]394SecTpmFile::doesKeyExistInTpm(const Name& keyName, KeyClass keyClass)
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]395{
396 string keyURI = keyName.toUri();
397 if (keyClass == KEY_CLASS_PUBLIC)
398 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]399 if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".pub")))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]400 return true;
401 else
402 return false;
403 }
404 if (keyClass == KEY_CLASS_PRIVATE)
405 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]406 if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".pri")))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]407 return true;
408 else
409 return false;
410 }
411 if (keyClass == KEY_CLASS_SYMMETRIC)
412 {
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]413 if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".key")))
Yingdi Yu2d9c50f2014-01-21 18:25:00 -0800[diff] [blame]414 return true;
415 else
416 return false;
417 }
418 return false;
419}
420
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]421bool
422SecTpmFile::generateRandomBlock(uint8_t* res, size_t size)
423{
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]424 try {
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]425 CryptoPP::AutoSeededRandomPool rng;
426 rng.GenerateBlock(res, size);
427 return true;
Alexander Afanasyevfdbfc6d2014-04-14 15:12:11 -0700[diff] [blame^]428 }
429 catch (const CryptoPP::Exception& e) {
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]430 return false;
431 }
432}
433
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]434} // namespace ndn