Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
| 2 | /** |
| 3 | * Copyright (C) 2013 Regents of the University of California. |
| 4 | * @author: Xingyu Ma <maxy12@cs.ucla.edu> |
| 5 | * Alexander Afanasyev <alexander.afanasyev@ucla.edu> |
| 6 | * Yingdi Yu <yingdi@cs.ucla.edu> |
| 7 | * See COPYING for copyright and distribution information. |
| 8 | */ |
| 9 | |
Alexander Afanasyev | e2dcdfd | 2014-02-07 15:53:28 -0800 | [diff] [blame] | 10 | #include "common.hpp" |
Yingdi Yu | 0402092 | 2014-01-22 12:46:53 -0800 | [diff] [blame] | 11 | |
Alexander Afanasyev | e2dcdfd | 2014-02-07 15:53:28 -0800 | [diff] [blame] | 12 | #include "sec-tpm-file.hpp" |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 13 | |
| 14 | #include <boost/filesystem.hpp> |
| 15 | #include <boost/algorithm/string.hpp> |
| 16 | |
Junxiao Shi | 482ccc5 | 2014-03-31 13:05:24 -0700 | [diff] [blame] | 17 | #include "cryptopp.hpp" |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 18 | |
| 19 | #include <sys/types.h> |
| 20 | #include <sys/stat.h> |
| 21 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 22 | #include <algorithm> |
| 23 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 24 | using namespace std; |
| 25 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 26 | namespace ndn { |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 27 | |
| 28 | class SecTpmFile::Impl { |
| 29 | public: |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 30 | Impl(const string& dir) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 31 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 32 | if (dir.empty()) |
Yingdi Yu | 37e317f | 2014-03-19 12:16:23 -0700 | [diff] [blame] | 33 | m_keystorePath = boost::filesystem::path(getenv("HOME")) / ".ndn" / "ndnsec-tpm-file"; |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 34 | else |
| 35 | m_keystorePath = dir; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 36 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 37 | boost::filesystem::create_directories (m_keystorePath); |
| 38 | } |
| 39 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 40 | boost::filesystem::path |
| 41 | nameTransform(const string& keyName, const string& extension) |
| 42 | { |
| 43 | using namespace CryptoPP; |
| 44 | string digest; |
| 45 | SHA256 hash; |
| 46 | StringSource src(keyName, true, new HashFilter(hash, new Base64Encoder (new CryptoPP::StringSink(digest)))); |
| 47 | |
| 48 | boost::algorithm::trim(digest); |
| 49 | std::replace(digest.begin(), digest.end(), '/', '%'); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 50 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 51 | return m_keystorePath / (digest + extension); |
| 52 | } |
| 53 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 54 | string |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 55 | maintainMapping(const string& keyName) |
| 56 | { |
| 57 | string keyFileName = nameTransform(keyName, "").string(); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 58 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 59 | ofstream outfile; |
| 60 | string dirFile = (m_keystorePath / "mapping.txt").string(); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 61 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 62 | outfile.open(dirFile.c_str(), std::ios_base::app); |
| 63 | outfile << keyName << ' ' << keyFileName << '\n'; |
| 64 | outfile.close(); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 65 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 66 | return keyFileName; |
| 67 | } |
| 68 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 69 | public: |
| 70 | boost::filesystem::path m_keystorePath; |
| 71 | }; |
| 72 | |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 73 | |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 74 | SecTpmFile::SecTpmFile(const string& dir) |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 75 | : m_impl(new Impl(dir)) |
Yingdi Yu | be4150e | 2014-02-18 13:02:46 -0800 | [diff] [blame] | 76 | , m_inTerminal(false) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 77 | {} |
| 78 | |
| 79 | void |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 80 | SecTpmFile::generateKeyPairInTpm(const Name& keyName, KeyType keyType, int keySize) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 81 | { |
| 82 | string keyURI = keyName.toUri(); |
| 83 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 84 | if (doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC)) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 85 | throw Error("public key exists"); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 86 | if (doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE)) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 87 | throw Error("private key exists"); |
| 88 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 89 | string keyFileName = m_impl->maintainMapping(keyURI); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 90 | |
| 91 | try{ |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 92 | switch (keyType){ |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 93 | case KEY_TYPE_RSA: |
| 94 | { |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 95 | using namespace CryptoPP; |
| 96 | AutoSeededRandomPool rng; |
| 97 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 98 | InvertibleRSAFunction privateKey; |
| 99 | privateKey.Initialize(rng, keySize); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 100 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 101 | string privateKeyFileName = keyFileName + ".pri"; |
| 102 | Base64Encoder privateKeySink(new FileSink(privateKeyFileName.c_str())); |
| 103 | privateKey.DEREncode(privateKeySink); |
| 104 | privateKeySink.MessageEnd(); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 105 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 106 | RSAFunction publicKey(privateKey); |
| 107 | string publicKeyFileName = keyFileName + ".pub"; |
| 108 | Base64Encoder publicKeySink(new FileSink(publicKeyFileName.c_str())); |
| 109 | publicKey.DEREncode(publicKeySink); |
| 110 | publicKeySink.MessageEnd(); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 111 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 112 | /*set file permission*/ |
| 113 | chmod(privateKeyFileName.c_str(), 0000400); |
| 114 | chmod(publicKeyFileName.c_str(), 0000444); |
| 115 | return; |
| 116 | } |
| 117 | default: |
| 118 | throw Error("Unsupported key type!"); |
| 119 | } |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 120 | }catch (const CryptoPP::Exception& e){ |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 121 | throw Error(e.what()); |
| 122 | } |
| 123 | } |
| 124 | |
Yingdi Yu | 28fd32f | 2014-01-28 19:03:03 -0800 | [diff] [blame] | 125 | void |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 126 | SecTpmFile::deleteKeyPairInTpm(const Name& keyName) |
Yingdi Yu | 28fd32f | 2014-01-28 19:03:03 -0800 | [diff] [blame] | 127 | { |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 128 | boost::filesystem::path publicKeyPath(m_impl->nameTransform(keyName.toUri(), ".pub")); |
| 129 | boost::filesystem::path privateKeyPath(m_impl->nameTransform(keyName.toUri(), ".pri")); |
Yingdi Yu | 28fd32f | 2014-01-28 19:03:03 -0800 | [diff] [blame] | 130 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 131 | if (boost::filesystem::exists(publicKeyPath)) |
Yingdi Yu | 28fd32f | 2014-01-28 19:03:03 -0800 | [diff] [blame] | 132 | boost::filesystem::remove(publicKeyPath); |
| 133 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 134 | if (boost::filesystem::exists(privateKeyPath)) |
Yingdi Yu | 28fd32f | 2014-01-28 19:03:03 -0800 | [diff] [blame] | 135 | boost::filesystem::remove(privateKeyPath); |
| 136 | } |
| 137 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 138 | shared_ptr<PublicKey> |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 139 | SecTpmFile::getPublicKeyFromTpm(const Name& keyName) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 140 | { |
| 141 | string keyURI = keyName.toUri(); |
| 142 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 143 | if (!doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 144 | throw Error("Public Key already exist"); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 145 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 146 | ostringstream os; |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 147 | try{ |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 148 | using namespace CryptoPP; |
| 149 | FileSource(m_impl->nameTransform(keyURI, ".pub").string().c_str(), true, new Base64Decoder(new FileSink(os))); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 150 | }catch (const CryptoPP::Exception& e){ |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 151 | throw Error(e.what()); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 152 | } |
| 153 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 154 | return make_shared<PublicKey>(reinterpret_cast<const uint8_t*>(os.str().c_str()), os.str().size()); |
| 155 | } |
| 156 | |
| 157 | ConstBufferPtr |
| 158 | SecTpmFile::exportPrivateKeyPkcs1FromTpm(const Name& keyName) |
| 159 | { |
| 160 | OBufferStream privateKeyOs; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 161 | CryptoPP::FileSource(m_impl->nameTransform(keyName.toUri(), ".pri").string().c_str(), true, |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 162 | new CryptoPP::Base64Decoder(new CryptoPP::FileSink(privateKeyOs))); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 163 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 164 | return privateKeyOs.buf(); |
| 165 | } |
| 166 | |
| 167 | bool |
| 168 | SecTpmFile::importPrivateKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size) |
| 169 | { |
| 170 | try{ |
| 171 | string keyFileName = m_impl->maintainMapping(keyName.toUri()); |
| 172 | keyFileName.append(".pri"); |
| 173 | CryptoPP::StringSource(buf, size, true, |
| 174 | new CryptoPP::Base64Encoder(new CryptoPP::FileSink(keyFileName.c_str()))); |
| 175 | return true; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 176 | }catch (...){ |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 177 | return false; |
| 178 | } |
| 179 | } |
| 180 | |
| 181 | bool |
| 182 | SecTpmFile::importPublicKeyPkcs1IntoTpm(const Name& keyName, const uint8_t* buf, size_t size) |
| 183 | { |
| 184 | try{ |
| 185 | string keyFileName = m_impl->maintainMapping(keyName.toUri()); |
| 186 | keyFileName.append(".pub"); |
| 187 | CryptoPP::StringSource(buf, size, true, |
| 188 | new CryptoPP::Base64Encoder(new CryptoPP::FileSink(keyFileName.c_str()))); |
| 189 | return true; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 190 | }catch (...){ |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 191 | return false; |
| 192 | } |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 193 | } |
| 194 | |
| 195 | Block |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 196 | SecTpmFile::signInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 197 | { |
| 198 | string keyURI = keyName.toUri(); |
| 199 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 200 | if (!doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE)) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 201 | throw Error("private key doesn't exists"); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 202 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 203 | try{ |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 204 | using namespace CryptoPP; |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 205 | AutoSeededRandomPool rng; |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 206 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 207 | //Read private key |
| 208 | ByteQueue bytes; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 209 | FileSource file(m_impl->nameTransform(keyURI, ".pri").string().c_str(), true, new Base64Decoder); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 210 | file.TransferTo(bytes); |
| 211 | bytes.MessageEnd(); |
| 212 | RSA::PrivateKey privateKey; |
| 213 | privateKey.Load(bytes); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 214 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 215 | //Sign message |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 216 | switch (digestAlgorithm){ |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 217 | case DIGEST_ALGORITHM_SHA256: |
| 218 | { |
| 219 | RSASS<PKCS1v15, SHA256>::Signer signer(privateKey); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 220 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 221 | OBufferStream os; |
| 222 | StringSource(data, dataLength, true, new SignerFilter(rng, signer, new FileSink(os))); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 223 | |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 224 | return Block(Tlv::SignatureValue, os.buf()); |
| 225 | } |
| 226 | default: |
| 227 | throw Error("Unsupported digest algorithm!"); |
| 228 | } |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 229 | }catch (const CryptoPP::Exception& e){ |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 230 | throw Error(e.what()); |
| 231 | } |
| 232 | } |
| 233 | |
| 234 | |
| 235 | ConstBufferPtr |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 236 | SecTpmFile::decryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 237 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 238 | throw Error("SecTpmFile::decryptInTpm is not supported!"); |
| 239 | // string keyURI = keyName.toUri(); |
| 240 | // if (!isSymmetric) |
| 241 | // { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 242 | // if (!doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 243 | // throw Error("private key doesn't exist"); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 244 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 245 | // try{ |
| 246 | // using namespace CryptoPP; |
| 247 | // AutoSeededRandomPool rng; |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 248 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 249 | // //Read private key |
| 250 | // ByteQueue bytes; |
| 251 | // FileSource file(m_impl->nameTransform(keyURI, ".pri").string().c_str(), true, new Base64Decoder); |
| 252 | // file.TransferTo(bytes); |
| 253 | // bytes.MessageEnd(); |
| 254 | // RSA::PrivateKey privateKey; |
| 255 | // privateKey.Load(bytes); |
| 256 | // RSAES_PKCS1v15_Decryptor decryptor(privateKey); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 257 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 258 | // OBufferStream os; |
| 259 | // StringSource(data, dataLength, true, new PK_DecryptorFilter(rng, decryptor, new FileSink(os))); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 260 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 261 | // return os.buf(); |
| 262 | // } |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 263 | // catch (const CryptoPP::Exception& e){ |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 264 | // throw Error(e.what()); |
| 265 | // } |
| 266 | // } |
| 267 | // else |
| 268 | // { |
| 269 | // throw Error("Symmetric encryption is not implemented!"); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 270 | // // if (!doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 271 | // // throw Error("symmetric key doesn't exist"); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 272 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 273 | // // try{ |
| 274 | // // string keyBits; |
| 275 | // // string symKeyFileName = m_impl->nameTransform(keyURI, ".key"); |
| 276 | // // FileSource(symKeyFileName, true, new HexDecoder(new StringSink(keyBits))); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 277 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 278 | // // using CryptoPP::AES; |
| 279 | // // AutoSeededRandomPool rnd; |
| 280 | // // byte iv[AES::BLOCKSIZE]; |
| 281 | // // rnd.GenerateBlock(iv, AES::BLOCKSIZE); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 282 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 283 | // // CFB_Mode<AES>::Decryption decryptor; |
| 284 | // // decryptor.SetKeyWithIV(reinterpret_cast<const uint8_t*>(keyBits.c_str()), keyBits.size(), iv); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 285 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 286 | // // OBufferStream os; |
| 287 | // // StringSource(data, dataLength, true, new StreamTransformationFilter(decryptor,new FileSink(os))); |
| 288 | // // return os.buf(); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 289 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 290 | // // }catch (const CryptoPP::Exception& e){ |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 291 | // // throw Error(e.what()); |
| 292 | // // } |
| 293 | // } |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 294 | } |
| 295 | |
| 296 | ConstBufferPtr |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 297 | SecTpmFile::encryptInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, bool isSymmetric) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 298 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 299 | throw Error("SecTpmFile::encryptInTpm is not supported!"); |
| 300 | // string keyURI = keyName.toUri(); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 301 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 302 | // if (!isSymmetric) |
| 303 | // { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 304 | // if (!doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 305 | // throw Error("public key doesn't exist"); |
| 306 | // try |
| 307 | // { |
| 308 | // using namespace CryptoPP; |
| 309 | // AutoSeededRandomPool rng; |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 310 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 311 | // //Read private key |
| 312 | // ByteQueue bytes; |
| 313 | // FileSource file(m_impl->nameTransform(keyURI, ".pub").string().c_str(), true, new Base64Decoder); |
| 314 | // file.TransferTo(bytes); |
| 315 | // bytes.MessageEnd(); |
| 316 | // RSA::PublicKey publicKey; |
| 317 | // publicKey.Load(bytes); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 318 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 319 | // OBufferStream os; |
| 320 | // RSAES_PKCS1v15_Encryptor encryptor(publicKey); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 321 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 322 | // StringSource(data, dataLength, true, new PK_EncryptorFilter(rng, encryptor, new FileSink(os))); |
| 323 | // return os.buf(); |
| 324 | // } |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 325 | // catch (const CryptoPP::Exception& e){ |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 326 | // throw Error(e.what()); |
| 327 | // } |
| 328 | // } |
| 329 | // else |
| 330 | // { |
| 331 | // throw Error("Symmetric encryption is not implemented!"); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 332 | // // if (!doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 333 | // // throw Error("symmetric key doesn't exist"); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 334 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 335 | // // try{ |
| 336 | // // string keyBits; |
| 337 | // // string symKeyFileName = m_impl->nameTransform(keyURI, ".key"); |
| 338 | // // FileSource(symKeyFileName, true, new HexDecoder(new StringSink(keyBits))); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 339 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 340 | // // using CryptoPP::AES; |
| 341 | // // AutoSeededRandomPool rnd; |
| 342 | // // byte iv[AES::BLOCKSIZE]; |
| 343 | // // rnd.GenerateBlock(iv, AES::BLOCKSIZE); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 344 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 345 | // // CFB_Mode<AES>::Encryption encryptor; |
| 346 | // // encryptor.SetKeyWithIV(reinterpret_cast<const uint8_t*>(keyBits.c_str()), keyBits.size(), iv); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 347 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 348 | // // OBufferStream os; |
| 349 | // // StringSource(data, dataLength, true, new StreamTransformationFilter(encryptor, new FileSink(os))); |
| 350 | // // return os.buf(); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 351 | // // }catch (const CryptoPP::Exception& e){ |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 352 | // // throw Error(e.what()); |
| 353 | // // } |
| 354 | // } |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 355 | } |
| 356 | |
| 357 | |
| 358 | void |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 359 | SecTpmFile::generateSymmetricKeyInTpm(const Name& keyName, KeyType keyType, int keySize) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 360 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 361 | throw Error("SecTpmFile::generateSymmetricKeyInTpm is not supported!"); |
| 362 | // string keyURI = keyName.toUri(); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 363 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 364 | // if (doesKeyExistInTpm(keyName, KEY_CLASS_SYMMETRIC)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 365 | // throw Error("symmetric key exists"); |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 366 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 367 | // string keyFileName = m_impl->maintainMapping(keyURI); |
| 368 | // string symKeyFileName = keyFileName + ".key"; |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 369 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 370 | // try{ |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 371 | // switch (keyType){ |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 372 | // case KEY_TYPE_AES: |
| 373 | // { |
| 374 | // using namespace CryptoPP; |
| 375 | // AutoSeededRandomPool rng; |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 376 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 377 | // SecByteBlock key(0x00, keySize); |
| 378 | // rng.GenerateBlock(key, keySize); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 379 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 380 | // StringSource(key, key.size(), true, new HexEncoder(new FileSink(symKeyFileName.c_str()))); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 381 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 382 | // chmod(symKeyFileName.c_str(), 0000400); |
| 383 | // return; |
| 384 | // } |
| 385 | // default: |
| 386 | // throw Error("Unsupported symmetric key type!"); |
| 387 | // } |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 388 | // }catch (const CryptoPP::Exception& e){ |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 389 | // throw Error(e.what()); |
| 390 | // } |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 391 | } |
| 392 | |
| 393 | bool |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 394 | SecTpmFile::doesKeyExistInTpm(const Name& keyName, KeyClass keyClass) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 395 | { |
| 396 | string keyURI = keyName.toUri(); |
| 397 | if (keyClass == KEY_CLASS_PUBLIC) |
| 398 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 399 | if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".pub"))) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 400 | return true; |
| 401 | else |
| 402 | return false; |
| 403 | } |
| 404 | if (keyClass == KEY_CLASS_PRIVATE) |
| 405 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 406 | if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".pri"))) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 407 | return true; |
| 408 | else |
| 409 | return false; |
| 410 | } |
| 411 | if (keyClass == KEY_CLASS_SYMMETRIC) |
| 412 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 413 | if (boost::filesystem::exists(m_impl->nameTransform(keyURI, ".key"))) |
Yingdi Yu | 2d9c50f | 2014-01-21 18:25:00 -0800 | [diff] [blame] | 414 | return true; |
| 415 | else |
| 416 | return false; |
| 417 | } |
| 418 | return false; |
| 419 | } |
| 420 | |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 421 | bool |
| 422 | SecTpmFile::generateRandomBlock(uint8_t* res, size_t size) |
| 423 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 424 | try { |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 425 | CryptoPP::AutoSeededRandomPool rng; |
| 426 | rng.GenerateBlock(res, size); |
| 427 | return true; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame^] | 428 | } |
| 429 | catch (const CryptoPP::Exception& e) { |
Yingdi Yu | 4b75275 | 2014-02-18 12:24:03 -0800 | [diff] [blame] | 430 | return false; |
| 431 | } |
| 432 | } |
| 433 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 434 | } // namespace ndn |