Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / fe4733a1608712e389fe10b329a9fd61575ad075 / . / src / security / key-chain.cpp
blob: 1896c7a3fb0eef0d4706247f92f95901a715c707 [file] [log] [blame]
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]2/**
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame^]3 * Copyright (c) 2013-2017 Regents of the University of California.
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]6 *
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]20 *
21 * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
22 */
23
24#include "key-chain.hpp"
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]25#include "signing-helpers.hpp"
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]26
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]27#include "../util/random.hpp"
28#include "../util/config-file.hpp"
29
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]30#include "sec-public-info-sqlite3.hpp"
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]31
32#ifdef NDN_CXX_HAVE_OSX_SECURITY
33#include "sec-tpm-osx.hpp"
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]34#endif // NDN_CXX_HAVE_OSX_SECURITY
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]35
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]36#include "sec-tpm-file.hpp"
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]37
38namespace ndn {
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]39namespace security {
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]40
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700[diff] [blame]41// Use a GUID as a magic number of KeyChain::DEFAULT_PREFIX identifier
42const Name KeyChain::DEFAULT_PREFIX("/723821fd-f534-44b3-80d9-44bf5f58bbbb");
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]43
44// Note: cannot use default constructor, as it depends on static variables which may or may not be
45// initialized at this point
46const SigningInfo KeyChain::DEFAULT_SIGNING_INFO(SigningInfo::SIGNER_TYPE_NULL, Name(), SignatureInfo());
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700[diff] [blame]47
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]48const RsaKeyParams KeyChain::DEFAULT_KEY_PARAMS;
49
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]50const std::string DEFAULT_PIB_SCHEME = "pib-sqlite3";
51
52#if defined(NDN_CXX_HAVE_OSX_SECURITY) and defined(NDN_CXX_WITH_OSX_KEYCHAIN)
53const std::string DEFAULT_TPM_SCHEME = "tpm-osxkeychain";
54#else
55const std::string DEFAULT_TPM_SCHEME = "tpm-file";
56#endif // defined(NDN_CXX_HAVE_OSX_SECURITY) and defined(NDN_CXX_WITH_OSX_KEYCHAIN)
57
58// When static library is used, not everything is compiled into the resulting binary.
59// Therefore, the following standard PIB and TPMs need to be registered here.
60// http://stackoverflow.com/q/9459980/2150331
61//
62// Also, cannot use Type::SCHEME, as its value may be uninitialized
63NDN_CXX_KEYCHAIN_REGISTER_PIB(SecPublicInfoSqlite3, "pib-sqlite3", "sqlite3");
64
65#ifdef NDN_CXX_HAVE_OSX_SECURITY
66NDN_CXX_KEYCHAIN_REGISTER_TPM(SecTpmOsx, "tpm-osxkeychain", "osx-keychain");
67#endif // NDN_CXX_HAVE_OSX_SECURITY
68
69NDN_CXX_KEYCHAIN_REGISTER_TPM(SecTpmFile, "tpm-file", "file");
70
Alexander Afanasyev34a37632015-01-16 17:37:36 -0800[diff] [blame]71template<class T>
72struct Factory
73{
74 Factory(const std::string& canonicalName, const T& create)
75 : canonicalName(canonicalName)
76 , create(create)
77 {
78 }
79
80 std::string canonicalName;
81 T create;
82};
83typedef Factory<KeyChain::PibCreateFunc> PibFactory;
84typedef Factory<KeyChain::TpmCreateFunc> TpmFactory;
85
86static std::map<std::string, PibFactory>&
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]87getPibFactories()
88{
Alexander Afanasyev34a37632015-01-16 17:37:36 -0800[diff] [blame]89 static std::map<std::string, PibFactory> pibFactories;
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]90 return pibFactories;
91}
92
Alexander Afanasyev34a37632015-01-16 17:37:36 -0800[diff] [blame]93static std::map<std::string, TpmFactory>&
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]94getTpmFactories()
95{
Alexander Afanasyev34a37632015-01-16 17:37:36 -0800[diff] [blame]96 static std::map<std::string, TpmFactory> tpmFactories;
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]97 return tpmFactories;
98}
99
100void
Alexander Afanasyev34a37632015-01-16 17:37:36 -0800[diff] [blame]101KeyChain::registerPibImpl(const std::string& canonicalName,
102 std::initializer_list<std::string> aliases,
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]103 KeyChain::PibCreateFunc createFunc)
104{
Alexander Afanasyev34a37632015-01-16 17:37:36 -0800[diff] [blame]105 for (const std::string& alias : aliases) {
106 getPibFactories().insert(make_pair(alias, PibFactory(canonicalName, createFunc)));
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]107 }
108}
109
110void
Alexander Afanasyev34a37632015-01-16 17:37:36 -0800[diff] [blame]111KeyChain::registerTpmImpl(const std::string& canonicalName,
112 std::initializer_list<std::string> aliases,
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]113 KeyChain::TpmCreateFunc createFunc)
114{
Alexander Afanasyev34a37632015-01-16 17:37:36 -0800[diff] [blame]115 for (const std::string& alias : aliases) {
116 getTpmFactories().insert(make_pair(alias, TpmFactory(canonicalName, createFunc)));
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]117 }
118}
119
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]120KeyChain::KeyChain()
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]121 : m_pib(nullptr)
122 , m_tpm(nullptr)
Yingdi Yu0f5fb692014-06-10 12:07:28 -0700[diff] [blame]123 , m_lastTimestamp(time::toUnixTimestamp(time::system_clock::now()))
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]124{
Alexander Afanasyev57e00362016-06-23 13:22:54 -0700[diff] [blame]125 std::string pibLocator;
126 std::string tpmLocator;
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]127
Alexander Afanasyev57e00362016-06-23 13:22:54 -0700[diff] [blame]128 if (getenv("NDN_CLIENT_PIB") != nullptr) {
129 pibLocator = getenv("NDN_CLIENT_PIB");
130 }
131
132 if (getenv("NDN_CLIENT_TPM") != nullptr) {
133 tpmLocator = getenv("NDN_CLIENT_TPM");
134 }
135
136 if (pibLocator.empty() || tpmLocator.empty()) {
137 ConfigFile config;
138 const ConfigFile::Parsed& parsed = config.getParsedConfiguration();
139
140 if (pibLocator.empty()) {
141 pibLocator = parsed.get<std::string>("pib", "");
142 }
143
144 if (tpmLocator.empty()) {
145 tpmLocator = parsed.get<std::string>("tpm", "");
146 }
147 }
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]148
149 initialize(pibLocator, tpmLocator, false);
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]150}
151
152KeyChain::KeyChain(const std::string& pibName,
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]153 const std::string& tpmName,
154 bool allowReset)
155 : m_pib(nullptr)
156 , m_tpm(nullptr)
Yingdi Yu0f5fb692014-06-10 12:07:28 -0700[diff] [blame]157 , m_lastTimestamp(time::toUnixTimestamp(time::system_clock::now()))
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]158{
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]159 initialize(pibName, tpmName, allowReset);
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]160}
161
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]162KeyChain::~KeyChain()
163{
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]164}
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]165
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]166static inline std::tuple<std::string/*type*/, std::string/*location*/>
167parseUri(const std::string& uri)
168{
169 size_t pos = uri.find(':');
170 if (pos != std::string::npos) {
171 return std::make_tuple(uri.substr(0, pos),
172 uri.substr(pos + 1));
173 }
174 else {
175 return std::make_tuple(uri, "");
176 }
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]177}
178
Yingdi Yu281689a2015-06-13 14:32:32 -0700[diff] [blame]179std::string
180KeyChain::getDefaultPibLocator()
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]181{
Yingdi Yu281689a2015-06-13 14:32:32 -0700[diff] [blame]182 std::string defaultPibLocator = DEFAULT_PIB_SCHEME + ":";
183 return defaultPibLocator;
184}
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]185
Yingdi Yu281689a2015-06-13 14:32:32 -0700[diff] [blame]186static inline std::tuple<std::string/*type*/, std::string/*location*/>
187getCanonicalPibLocator(const std::string& pibLocator)
188{
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]189 std::string pibScheme, pibLocation;
Yingdi Yu281689a2015-06-13 14:32:32 -0700[diff] [blame]190 std::tie(pibScheme, pibLocation) = parseUri(pibLocator);
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]191
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]192 if (pibScheme.empty()) {
193 pibScheme = DEFAULT_PIB_SCHEME;
194 }
Yingdi Yu281689a2015-06-13 14:32:32 -0700[diff] [blame]195
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]196 auto pibFactory = getPibFactories().find(pibScheme);
197 if (pibFactory == getPibFactories().end()) {
Spyridon Mastorakis0d2ed2e2015-07-27 19:09:12 -0700[diff] [blame]198 BOOST_THROW_EXCEPTION(KeyChain::Error("PIB scheme '" + pibScheme + "' is not supported"));
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]199 }
Alexander Afanasyev34a37632015-01-16 17:37:36 -0800[diff] [blame]200 pibScheme = pibFactory->second.canonicalName;
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]201
Yingdi Yu281689a2015-06-13 14:32:32 -0700[diff] [blame]202 return std::make_tuple(pibScheme, pibLocation);
203}
204
205unique_ptr<SecPublicInfo>
206KeyChain::createPib(const std::string& pibLocator)
207{
208 BOOST_ASSERT(!getPibFactories().empty());
209
210 std::string pibScheme, pibLocation;
211 std::tie(pibScheme, pibLocation) = getCanonicalPibLocator(pibLocator);
212 auto pibFactory = getPibFactories().find(pibScheme);
213 BOOST_ASSERT(pibFactory != getPibFactories().end());
214 return pibFactory->second.create(pibLocation);
215}
216
217std::string
218KeyChain::getDefaultTpmLocator()
219{
220 std::string defaultTpmLocator = DEFAULT_TPM_SCHEME + ":";
221 return defaultTpmLocator;
222}
223
224static inline std::tuple<std::string/*type*/, std::string/*location*/>
225getCanonicalTpmLocator(const std::string& tpmLocator)
226{
227 std::string tpmScheme, tpmLocation;
228 std::tie(tpmScheme, tpmLocation) = parseUri(tpmLocator);
229
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]230 if (tpmScheme.empty()) {
231 tpmScheme = DEFAULT_TPM_SCHEME;
232 }
233 auto tpmFactory = getTpmFactories().find(tpmScheme);
234 if (tpmFactory == getTpmFactories().end()) {
Spyridon Mastorakis0d2ed2e2015-07-27 19:09:12 -0700[diff] [blame]235 BOOST_THROW_EXCEPTION(KeyChain::Error("TPM scheme '" + tpmScheme + "' is not supported"));
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]236 }
Alexander Afanasyev34a37632015-01-16 17:37:36 -0800[diff] [blame]237 tpmScheme = tpmFactory->second.canonicalName;
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]238
Yingdi Yu281689a2015-06-13 14:32:32 -0700[diff] [blame]239 return std::make_tuple(tpmScheme, tpmLocation);
240}
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]241
Yingdi Yu281689a2015-06-13 14:32:32 -0700[diff] [blame]242unique_ptr<SecTpm>
243KeyChain::createTpm(const std::string& tpmLocator)
244{
245 BOOST_ASSERT(!getTpmFactories().empty());
246
247 std::string tpmScheme, tpmLocation;
248 std::tie(tpmScheme, tpmLocation) = getCanonicalTpmLocator(tpmLocator);
249 auto tpmFactory = getTpmFactories().find(tpmScheme);
250 BOOST_ASSERT(tpmFactory != getTpmFactories().end());
251 return tpmFactory->second.create(tpmLocation);
252}
253
254void
255KeyChain::initialize(const std::string& pibLocator,
256 const std::string& tpmLocator,
257 bool allowReset)
258{
259 // PIB Locator
260 std::string pibScheme, pibLocation;
261 std::tie(pibScheme, pibLocation) = getCanonicalPibLocator(pibLocator);
262 std::string canonicalPibLocator = pibScheme + ":" + pibLocation;
263
264 // Create PIB
265 m_pib = createPib(canonicalPibLocator);
266
267 // TPM Locator
268 std::string tpmScheme, tpmLocation;
269 std::tie(tpmScheme, tpmLocation) = getCanonicalTpmLocator(tpmLocator);
270 std::string canonicalTpmLocator = tpmScheme + ":" + tpmLocation;
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]271
272 // Create TPM, checking that it matches to the previously associated one
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]273 try {
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]274 if (!allowReset &&
Yingdi Yu281689a2015-06-13 14:32:32 -0700[diff] [blame]275 !m_pib->getTpmLocator().empty() && m_pib->getTpmLocator() != canonicalTpmLocator)
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]276 // Tpm mismatch, but we do not want to reset PIB
Spyridon Mastorakis0d2ed2e2015-07-27 19:09:12 -0700[diff] [blame]277 BOOST_THROW_EXCEPTION(MismatchError("TPM locator supplied does not match TPM locator in PIB: "
278 + m_pib->getTpmLocator() + " != " + canonicalTpmLocator));
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]279 }
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]280 catch (const SecPublicInfo::Error&) {
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]281 // TPM locator is not set in PIB yet.
282 }
283
Alexander Afanasyev07113802015-01-15 19:14:36 -0800[diff] [blame]284 // note that key mismatch may still happen if the TPM locator is initially set to a
285 // wrong one or if the PIB was shared by more than one TPMs before. This is due to the
286 // old PIB does not have TPM info, new pib should not have this problem.
Yingdi Yu281689a2015-06-13 14:32:32 -0700[diff] [blame]287 m_tpm = createTpm(canonicalTpmLocator);
288 m_pib->setTpmLocator(canonicalTpmLocator);
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]289}
290
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]291Name
292KeyChain::createIdentity(const Name& identityName, const KeyParams& params)
293{
294 m_pib->addIdentity(identityName);
295
296 Name keyName;
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]297 try {
298 keyName = m_pib->getDefaultKeyNameForIdentity(identityName);
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700[diff] [blame]299
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]300 shared_ptr<v1::PublicKey> key = m_pib->getPublicKey(keyName);
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700[diff] [blame]301
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]302 if (key->getKeyType() != params.getKeyType()) {
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]303 keyName = generateKeyPair(identityName, true, params);
304 m_pib->setDefaultKeyNameForIdentity(keyName);
305 }
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]306 }
307 catch (const SecPublicInfo::Error& e) {
308 keyName = generateKeyPair(identityName, true, params);
309 m_pib->setDefaultKeyNameForIdentity(keyName);
310 }
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]311
312 Name certName;
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]313 try {
314 certName = m_pib->getDefaultCertificateNameForKey(keyName);
315 }
316 catch (const SecPublicInfo::Error& e) {
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]317 shared_ptr<v1::IdentityCertificate> selfCert = selfSign(keyName);
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]318 m_pib->addCertificateAsIdentityDefault(*selfCert);
319 certName = selfCert->getName();
320 }
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]321
322 return certName;
323}
324
325Name
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]326KeyChain::generateRsaKeyPair(const Name& identityName, bool isKsk, uint32_t keySize)
327{
328 RsaKeyParams params(keySize);
329 return generateKeyPair(identityName, isKsk, params);
330}
331
332Name
333KeyChain::generateEcdsaKeyPair(const Name& identityName, bool isKsk, uint32_t keySize)
334{
335 EcdsaKeyParams params(keySize);
336 return generateKeyPair(identityName, isKsk, params);
337}
338
339Name
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700[diff] [blame]340KeyChain::generateRsaKeyPairAsDefault(const Name& identityName, bool isKsk, uint32_t keySize)
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]341{
342 RsaKeyParams params(keySize);
343
344 Name keyName = generateKeyPair(identityName, isKsk, params);
345
346 m_pib->setDefaultKeyNameForIdentity(keyName);
347
348 return keyName;
349}
350
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700[diff] [blame]351Name
352KeyChain::generateEcdsaKeyPairAsDefault(const Name& identityName, bool isKsk, uint32_t keySize)
353{
354 EcdsaKeyParams params(keySize);
355
356 Name keyName = generateKeyPair(identityName, isKsk, params);
357
358 m_pib->setDefaultKeyNameForIdentity(keyName);
359
360 return keyName;
361}
362
363
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]364shared_ptr<v1::IdentityCertificate>
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]365KeyChain::prepareUnsignedIdentityCertificate(const Name& keyName,
366 const Name& signingIdentity,
367 const time::system_clock::TimePoint& notBefore,
368 const time::system_clock::TimePoint& notAfter,
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]369 const std::vector<v1::CertificateSubjectDescription>& subjectDescription,
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700[diff] [blame]370 const Name& certPrefix)
371{
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]372 shared_ptr<v1::PublicKey> publicKey;
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]373 try {
374 publicKey = m_pib->getPublicKey(keyName);
375 }
376 catch (const SecPublicInfo::Error& e) {
377 return nullptr;
378 }
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700[diff] [blame]379
380 return prepareUnsignedIdentityCertificate(keyName, *publicKey, signingIdentity,
381 notBefore, notAfter,
382 subjectDescription, certPrefix);
383}
384
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]385shared_ptr<v1::IdentityCertificate>
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700[diff] [blame]386KeyChain::prepareUnsignedIdentityCertificate(const Name& keyName,
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]387 const v1::PublicKey& publicKey,
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700[diff] [blame]388 const Name& signingIdentity,
389 const time::system_clock::TimePoint& notBefore,
390 const time::system_clock::TimePoint& notAfter,
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]391 const std::vector<v1::CertificateSubjectDescription>& subjectDescription,
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700[diff] [blame]392 const Name& certPrefix)
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]393{
394 if (keyName.size() < 1)
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]395 return nullptr;
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]396
Alexander Afanasyev9c578182014-05-14 17:28:28 -0700[diff] [blame]397 std::string keyIdPrefix = keyName.get(-1).toUri().substr(0, 4);
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]398 if (keyIdPrefix != "ksk-" && keyIdPrefix != "dsk-")
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]399 return nullptr;
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]400
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]401 Name certName;
402
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]403 if (certPrefix == KeyChain::DEFAULT_PREFIX) {
404 // No certificate prefix hint, infer the prefix
405 if (signingIdentity.isPrefixOf(keyName))
406 certName.append(signingIdentity)
407 .append("KEY")
408 .append(keyName.getSubName(signingIdentity.size()))
409 .append("ID-CERT")
410 .appendVersion();
411 else
412 certName.append(keyName.getPrefix(-1))
413 .append("KEY")
414 .append(keyName.get(-1))
415 .append("ID-CERT")
416 .appendVersion();
417 }
418 else {
419 // cert prefix hint is supplied, determine the cert name.
420 if (certPrefix.isPrefixOf(keyName) && certPrefix != keyName)
421 certName.append(certPrefix)
422 .append("KEY")
423 .append(keyName.getSubName(certPrefix.size()))
424 .append("ID-CERT")
425 .appendVersion();
426 else
427 return nullptr;
428 }
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]429
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]430 auto certificate = make_shared<v1::IdentityCertificate>();
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]431 certificate->setName(certName);
432 certificate->setNotBefore(notBefore);
433 certificate->setNotAfter(notAfter);
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700[diff] [blame]434 certificate->setPublicKeyInfo(publicKey);
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]435
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]436 if (subjectDescription.empty()) {
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]437 v1::CertificateSubjectDescription subjectName(oid::ATTRIBUTE_NAME, keyName.getPrefix(-1).toUri());
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]438 certificate->addSubjectDescription(subjectName);
439 }
440 else {
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]441 std::vector<v1::CertificateSubjectDescription>::const_iterator sdIt = subjectDescription.begin();
442 std::vector<v1::CertificateSubjectDescription>::const_iterator sdEnd = subjectDescription.end();
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]443 for(; sdIt != sdEnd; sdIt++)
444 certificate->addSubjectDescription(*sdIt);
445 }
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]446
447 certificate->encode();
448
449 return certificate;
450}
451
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]452std::tuple<Name, SignatureInfo>
453KeyChain::prepareSignatureInfo(const SigningInfo& params)
454{
455 SignatureInfo sigInfo = params.getSignatureInfo();
456
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]457 shared_ptr<v1::IdentityCertificate> signingCert;
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]458
459 switch (params.getSignerType()) {
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]460 case SigningInfo::SIGNER_TYPE_NULL: {
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]461 if (m_pib->getDefaultCertificate() == nullptr)
462 setDefaultCertificateInternal();
463
464 signingCert = m_pib->getDefaultCertificate();
465 break;
466 }
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]467 case SigningInfo::SIGNER_TYPE_ID: {
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]468 Name signingCertName;
469 try {
470 signingCertName = m_pib->getDefaultCertificateNameForIdentity(params.getSignerName());
471 }
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]472 catch (const SecPublicInfo::Error&) {
473 signingCertName = createIdentity(params.getSignerName(), getDefaultKeyParamsForIdentity(params.getSignerName()));
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]474 }
475
476 signingCert = m_pib->getCertificate(signingCertName);
477
478 break;
479 }
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]480 case SigningInfo::SIGNER_TYPE_KEY: {
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]481 Name signingCertName;
482 try {
483 signingCertName = m_pib->getDefaultCertificateNameForKey(params.getSignerName());
484 }
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]485 catch (const SecPublicInfo::Error&) {
Spyridon Mastorakis0d2ed2e2015-07-27 19:09:12 -0700[diff] [blame]486 BOOST_THROW_EXCEPTION(Error("signing certificate does not exist"));
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]487 }
488
489 signingCert = m_pib->getCertificate(signingCertName);
490
491 break;
492 }
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]493 case SigningInfo::SIGNER_TYPE_CERT: {
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]494 signingCert = m_pib->getCertificate(params.getSignerName());
495 if (signingCert == nullptr)
Spyridon Mastorakis0d2ed2e2015-07-27 19:09:12 -0700[diff] [blame]496 BOOST_THROW_EXCEPTION(Error("signing certificate does not exist"));
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]497
498 break;
499 }
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]500 case SigningInfo::SIGNER_TYPE_SHA256: {
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]501 sigInfo.setSignatureType(tlv::DigestSha256);
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame^]502 return std::make_tuple(SigningInfo::getDigestSha256Identity(), sigInfo);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]503 }
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]504 default:
505 BOOST_THROW_EXCEPTION(Error("Unrecognized signer type"));
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]506 }
507
508 sigInfo.setSignatureType(getSignatureType(signingCert->getPublicKeyInfo().getKeyType(),
509 params.getDigestAlgorithm()));
510 sigInfo.setKeyLocator(KeyLocator(signingCert->getName().getPrefix(-1)));
511
512 return std::make_tuple(signingCert->getPublicKeyName(), sigInfo);
513}
514
515void
516KeyChain::sign(Data& data, const SigningInfo& params)
517{
518 signImpl(data, params);
519}
520
521void
522KeyChain::sign(Interest& interest, const SigningInfo& params)
523{
524 signImpl(interest, params);
525}
526
527Block
528KeyChain::sign(const uint8_t* buffer, size_t bufferLength, const SigningInfo& params)
529{
530 Name keyName;
531 SignatureInfo sigInfo;
532 std::tie(keyName, sigInfo) = prepareSignatureInfo(params);
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]533 return pureSign(buffer, bufferLength, keyName, DigestAlgorithm::SHA256);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]534}
535
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]536Signature
537KeyChain::sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
538{
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]539 shared_ptr<v1::IdentityCertificate> certificate = m_pib->getCertificate(certificateName);
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]540
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]541 if (certificate == nullptr) {
Spyridon Mastorakis0d2ed2e2015-07-27 19:09:12 -0700[diff] [blame]542 BOOST_THROW_EXCEPTION(SecPublicInfo::Error("certificate does not exist"));
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]543 }
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]544
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]545 Signature sig;
Yingdi Yu4a557052014-07-09 16:40:37 -0700[diff] [blame]546
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700[diff] [blame]547 // For temporary usage, we support SHA256 only, but will support more.
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]548 sig.setValue(m_tpm->signInTpm(buffer, bufferLength,
549 certificate->getPublicKeyName(),
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]550 DigestAlgorithm::SHA256));
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700[diff] [blame]551
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]552 return sig;
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]553}
554
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]555shared_ptr<v1::IdentityCertificate>
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]556KeyChain::selfSign(const Name& keyName)
557{
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]558 shared_ptr<v1::PublicKey> pubKey;
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]559 try {
560 pubKey = m_pib->getPublicKey(keyName); // may throw an exception.
561 }
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]562 catch (const SecPublicInfo::Error&) {
563 return nullptr;
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]564 }
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]565
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]566 auto certificate = make_shared<v1::IdentityCertificate>();
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]567
568 Name certificateName = keyName.getPrefix(-1);
569 certificateName.append("KEY").append(keyName.get(-1)).append("ID-CERT").appendVersion();
570
571 certificate->setName(certificateName);
572 certificate->setNotBefore(time::system_clock::now());
Yingdi Yu9d9d5992014-06-25 12:25:16 -0700[diff] [blame]573 certificate->setNotAfter(time::system_clock::now() + time::days(7300)); // ~20 years
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]574 certificate->setPublicKeyInfo(*pubKey);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]575 certificate->addSubjectDescription(v1::CertificateSubjectDescription(oid::ATTRIBUTE_NAME,
576 keyName.toUri()));
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]577 certificate->encode();
578
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]579 certificate->setSignature(Signature(SignatureInfo()));
580
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]581 selfSign(*certificate);
582 return certificate;
583}
584
585void
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]586KeyChain::selfSign(v1::IdentityCertificate& cert)
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]587{
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]588 Name keyName = cert.getPublicKeyName();
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]589
590 if (!m_tpm->doesKeyExistInTpm(keyName, KeyClass::PRIVATE))
Spyridon Mastorakis0d2ed2e2015-07-27 19:09:12 -0700[diff] [blame]591 BOOST_THROW_EXCEPTION(SecTpm::Error("Private key does not exist"));
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]592
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]593 SignatureInfo sigInfo(cert.getSignature().getInfo());
594 sigInfo.setKeyLocator(KeyLocator(cert.getName().getPrefix(-1)));
595 sigInfo.setSignatureType(getSignatureType(cert.getPublicKeyInfo().getKeyType(),
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]596 DigestAlgorithm::SHA256));
Yingdi Yu4a557052014-07-09 16:40:37 -0700[diff] [blame]597
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]598 signPacketWrapper(cert, Signature(sigInfo), keyName, DigestAlgorithm::SHA256);
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]599}
600
601shared_ptr<SecuredBag>
602KeyChain::exportIdentity(const Name& identity, const std::string& passwordStr)
603{
604 if (!m_pib->doesIdentityExist(identity))
Spyridon Mastorakis0d2ed2e2015-07-27 19:09:12 -0700[diff] [blame]605 BOOST_THROW_EXCEPTION(SecPublicInfo::Error("Identity does not exist"));
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]606
607 Name keyName = m_pib->getDefaultKeyNameForIdentity(identity);
608
609 ConstBufferPtr pkcs5;
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]610 try {
611 pkcs5 = m_tpm->exportPrivateKeyPkcs5FromTpm(keyName, passwordStr);
612 }
613 catch (const SecTpm::Error& e) {
614 BOOST_THROW_EXCEPTION(SecPublicInfo::Error("Fail to export PKCS5 of private key"));
615 }
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]616
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]617 shared_ptr<v1::IdentityCertificate> cert;
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]618 try {
619 cert = m_pib->getCertificate(m_pib->getDefaultCertificateNameForKey(keyName));
620 }
621 catch (const SecPublicInfo::Error& e) {
622 cert = selfSign(keyName);
623 m_pib->addCertificateAsIdentityDefault(*cert);
624 }
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]625
Alexander Afanasyevb67090a2014-04-29 22:31:01 -0700[diff] [blame]626 // make_shared on OSX 10.9 has some strange problem here
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]627 return shared_ptr<SecuredBag>(new SecuredBag(*cert, pkcs5));
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]628}
629
630void
631KeyChain::importIdentity(const SecuredBag& securedBag, const std::string& passwordStr)
632{
633 Name certificateName = securedBag.getCertificate().getName();
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]634 Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(certificateName);
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]635 Name identity = keyName.getPrefix(-1);
636
637 // Add identity
638 m_pib->addIdentity(identity);
639
640 // Add key
641 m_tpm->importPrivateKeyPkcs5IntoTpm(keyName,
642 securedBag.getKey()->buf(),
643 securedBag.getKey()->size(),
644 passwordStr);
645
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]646 shared_ptr<v1::PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]647 // HACK! We should set key type according to the pkcs8 info.
Yingdi Yu41546342014-11-30 23:37:53 -0800[diff] [blame]648 m_pib->addKey(keyName, *pubKey);
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]649 m_pib->setDefaultKeyNameForIdentity(keyName);
650
651 // Add cert
652 m_pib->addCertificateAsIdentityDefault(securedBag.getCertificate());
653}
654
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]655const KeyParams&
656KeyChain::getDefaultKeyParamsForIdentity(const Name &identityName) const
657{
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]658 KeyType keyType = KeyType::NONE;
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]659 try {
660 keyType = m_pib->getPublicKeyType(m_pib->getDefaultKeyNameForIdentity(identityName));
661 }
662 catch (const SecPublicInfo::Error& e) { // @TODO Switch to Pib::Error
663 return DEFAULT_KEY_PARAMS;
664 }
665
666 switch (keyType) {
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]667 case KeyType::RSA: {
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]668 static RsaKeyParams defaultRsaParams;
669 return defaultRsaParams;
670 }
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]671 case KeyType::EC: {
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]672 static EcdsaKeyParams defaultEcdsaParams;
673 return defaultEcdsaParams;
674 }
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]675 case KeyType::NONE: {
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]676 return DEFAULT_KEY_PARAMS;
677 }
678 default:
679 BOOST_THROW_EXCEPTION(Error("Unsupported key type"));
680 }
681}
682
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]683void
684KeyChain::setDefaultCertificateInternal()
685{
686 m_pib->refreshDefaultCertificate();
687
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]688 if (m_pib->getDefaultCertificate() == nullptr) {
689 Name defaultIdentity;
690 try {
691 defaultIdentity = m_pib->getDefaultIdentity();
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]692 }
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]693 catch (const SecPublicInfo::Error& e) {
694 uint32_t random = random::generateWord32();
695 defaultIdentity.append("tmp-identity")
696 .append(reinterpret_cast<uint8_t*>(&random), 4);
697 }
698 createIdentity(defaultIdentity);
699 m_pib->setDefaultIdentity(defaultIdentity);
700 m_pib->refreshDefaultCertificate();
701 }
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]702}
703
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]704Name
705KeyChain::generateKeyPair(const Name& identityName, bool isKsk, const KeyParams& params)
706{
707 Name keyName = m_pib->getNewKeyName(identityName, isKsk);
708
709 m_tpm->generateKeyPairInTpm(keyName.toUri(), params);
710
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]711 shared_ptr<v1::PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]712 m_pib->addKey(keyName, *pubKey);
713
714 return keyName;
715}
716
717void
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700[diff] [blame]718KeyChain::signPacketWrapper(Data& data, const Signature& signature,
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]719 const Name& keyName, DigestAlgorithm digestAlgorithm)
720{
721 data.setSignature(signature);
722
723 EncodingBuffer encoder;
724 data.wireEncode(encoder, true);
725
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]726 Block sigValue = pureSign(encoder.buf(), encoder.size(), keyName, digestAlgorithm);
727
728 data.wireEncode(encoder, sigValue);
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]729}
730
731void
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700[diff] [blame]732KeyChain::signPacketWrapper(Interest& interest, const Signature& signature,
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]733 const Name& keyName, DigestAlgorithm digestAlgorithm)
734{
735 time::milliseconds timestamp = time::toUnixTimestamp(time::system_clock::now());
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]736 if (timestamp <= m_lastTimestamp) {
737 timestamp = m_lastTimestamp + time::milliseconds(1);
738 }
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]739
740 Name signedName = interest.getName();
741 signedName
742 .append(name::Component::fromNumber(timestamp.count())) // timestamp
743 .append(name::Component::fromNumber(random::generateWord64())) // nonce
744 .append(signature.getInfo()); // signatureInfo
745
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]746 Block sigValue = pureSign(signedName.wireEncode().value(),
747 signedName.wireEncode().value_size(),
748 keyName,
749 digestAlgorithm);
750
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]751 sigValue.encode();
752 signedName.append(sigValue); // signatureValue
753 interest.setName(signedName);
754}
755
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]756Block
757KeyChain::pureSign(const uint8_t* buf, size_t size,
758 const Name& keyName, DigestAlgorithm digestAlgorithm) const
759{
Yingdi Yufe4733a2015-10-22 14:24:12 -0700[diff] [blame^]760 if (keyName == SigningInfo::getDigestSha256Identity())
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]761 return Block(tlv::SignatureValue, crypto::computeSha256Digest(buf, size));
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]762
763 return m_tpm->signInTpm(buf, size, keyName, digestAlgorithm);
764}
765
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]766Signature
767KeyChain::signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName)
768{
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]769 Signature sig;
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]770 sig.setValue(sign(buffer, bufferLength, signingByIdentity(identityName)));
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]771 return sig;
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]772}
773
774void
775KeyChain::signWithSha256(Data& data)
776{
José Quevedo641de4c2016-01-29 00:11:24 +0000[diff] [blame]777 return sign(data, signingWithSha256());
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]778}
779
780void
Yingdi Yu6ab67812014-11-27 15:00:34 -0800[diff] [blame]781KeyChain::signWithSha256(Interest& interest)
782{
783 DigestSha256 sig;
784
785 time::milliseconds timestamp = time::toUnixTimestamp(time::system_clock::now());
786 if (timestamp <= m_lastTimestamp)
787 timestamp = m_lastTimestamp + time::milliseconds(1);
788
789 Name signedName = interest.getName();
790 signedName
791 .append(name::Component::fromNumber(timestamp.count())) // timestamp
792 .append(name::Component::fromNumber(random::generateWord64())) // nonce
793 .append(sig.getInfo()); // signatureInfo
794
795 Block sigValue(tlv::SignatureValue,
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]796 crypto::computeSha256Digest(signedName.wireEncode().value(),
797 signedName.wireEncode().value_size()));
Yingdi Yu6ab67812014-11-27 15:00:34 -0800[diff] [blame]798
799 sigValue.encode();
800 signedName.append(sigValue); // signatureValue
801 interest.setName(signedName);
802}
803
804void
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]805KeyChain::deleteCertificate(const Name& certificateName)
806{
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]807 m_pib->deleteCertificateInfo(certificateName);
808}
809
810void
811KeyChain::deleteKey(const Name& keyName)
812{
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]813 m_pib->deletePublicKeyInfo(keyName);
814 m_tpm->deleteKeyPairInTpm(keyName);
815}
816
817void
818KeyChain::deleteIdentity(const Name& identity)
819{
Yingdi Yu6147ef42014-12-08 17:48:32 -0800[diff] [blame]820 std::vector<Name> keyNames;
821 m_pib->getAllKeyNamesOfIdentity(identity, keyNames, true);
822 m_pib->getAllKeyNamesOfIdentity(identity, keyNames, false);
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]823
824 m_pib->deleteIdentityInfo(identity);
825
Yingdi Yu6147ef42014-12-08 17:48:32 -0800[diff] [blame]826 for (const auto& keyName : keyNames)
827 m_tpm->deleteKeyPairInTpm(keyName);
Yingdi Yu7036ce22014-06-19 18:53:37 -0700[diff] [blame]828}
829
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]830tlv::SignatureTypeValue
831KeyChain::getSignatureType(KeyType keyType, DigestAlgorithm digestAlgorithm)
832{
833 switch (keyType) {
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]834 case KeyType::RSA:
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]835 return tlv::SignatureSha256WithRsa;
Yingdi Yu99b2a002015-08-12 12:47:44 -0700[diff] [blame]836 case KeyType::EC:
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]837 return tlv::SignatureSha256WithEcdsa;
838 default:
Spyridon Mastorakis0d2ed2e2015-07-27 19:09:12 -0700[diff] [blame]839 BOOST_THROW_EXCEPTION(Error("Unsupported key types"));
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]840 }
841
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]842}
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]843
844} // namespace security
845} // namespace ndn