Gitiles
Code Review Sign In
gerrit.named-data.net / ndnSIM / ndn-cxx / 3bd90bcd3a9dd77c27484de7060eb55cd976024f / . / ndn-cpp / security / identity / identity-manager.cpp
blob: c7230644c7f9ab20eda91342527b946f5e567feb [file] [log] [blame]
Jeff Thompson25b4e612013-10-10 16:03:24 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]2/**
Jeff Thompson7687dc02013-09-13 11:54:07 -0700[diff] [blame]3 * Copyright (C) 2013 Regents of the University of California.
Jeff Thompson06e787d2013-09-12 19:00:55 -0700[diff] [blame]4 * @author: Yingdi Yu <yingdi@cs.ucla.edu>
Jeff Thompson7687dc02013-09-13 11:54:07 -0700[diff] [blame]5 * @author: Jeff Thompson <jefft0@remap.ucla.edu>
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]6 * See COPYING for copyright and distribution information.
7 */
8
Jeff Thompson6154ae22013-10-18 10:44:57 -0700[diff] [blame]9#if 1 // TODO: Remove this when we don't throw "not implemented".
Jeff Thompson0f2096f2013-10-01 14:49:42 -0700[diff] [blame]10#include <stdexcept>
11#endif
Jeff Thompsond63baba2013-10-18 17:47:58 -0700[diff] [blame]12#include <ndn-cpp/ndn-cpp-config.h>
13#if NDN_CPP_HAVE_TIME_H
14#include <time.h>
15#endif
16#if NDN_CPP_HAVE_SYS_TIME_H
17#include <sys/time.h>
18#endif
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]19#include <ctime>
20#include <fstream>
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]21#include <math.h>
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]22#include <ndn-cpp/key.hpp>
Jeff Thompson25b4e612013-10-10 16:03:24 -0700[diff] [blame]23#include <ndn-cpp/sha256-with-rsa-signature.hpp>
24#include <ndn-cpp/security/security-exception.hpp>
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]25#include "../../util/logging.hpp"
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]26#include "../../c/util/time.h"
Jeff Thompson25b4e612013-10-10 16:03:24 -0700[diff] [blame]27#include <ndn-cpp/security/identity/identity-manager.hpp>
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]28
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]29INIT_LOGGER("ndn.security.IdentityManager")
30
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700[diff] [blame]31using namespace std;
32using namespace ndn::ptr_lib;
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]33
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700[diff] [blame]34namespace ndn {
Jeff Thompson86e1d752013-09-17 17:22:38 -0700[diff] [blame]35
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]36Name
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]37IdentityManager::createIdentity(const Name& identityName)
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]38{
39 if (!identityStorage_->doesIdentityExist(identityName)) {
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]40 _LOG_DEBUG("Create Identity");
41 identityStorage_->addIdentity(identityName);
42
43 _LOG_DEBUG("Create Default RSA key pair");
44 Name keyName = generateRSAKeyPairAsDefault(identityName, true);
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]45
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]46 _LOG_DEBUG("Create self-signed certificate");
47 shared_ptr<IdentityCertificate> selfCert = selfSign(keyName);
48
49 _LOG_DEBUG("Add self-signed certificate as default");
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]50
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]51 addCertificateAsDefault(*selfCert);
52
53 return keyName;
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]54 }
55 else
56 throw SecurityException("Identity has already been created!");
57}
58
59Name
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]60IdentityManager::generateKeyPair(const Name& identityName, bool isKsk, KeyType keyType, int keySize)
61{
62 _LOG_DEBUG("Get new key ID");
63 Name keyName = identityStorage_->getNewKeyName(identityName, isKsk);
64
65 _LOG_DEBUG("Generate key pair in private storage");
66 privateKeyStorage_->generateKeyPair(keyName.toUri(), keyType, keySize);
67
68 _LOG_DEBUG("Create a key record in public storage");
69 shared_ptr<PublicKey> pubKey = privateKeyStorage_->getPublicKey(keyName.toUri());
70 identityStorage_->addKey(keyName, keyType, pubKey->getKeyDer());
71 _LOG_DEBUG("OK");
72 return keyName;
73}
74
75Name
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]76IdentityManager::generateRSAKeyPair(const Name& identityName, bool isKsk, int keySize)
77{
78 Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize);
79 _LOG_DEBUG("OK2");
80 return keyName;
81}
82
83Name
84IdentityManager::generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk, int keySize)
85{
86 Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]87
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]88 identityStorage_->setDefaultKeyNameForIdentity(keyName, identityName);
89
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]90 return keyName;
91}
92
93Name
Jeff Thompson9a8e82f2013-10-17 14:13:43 -0700[diff] [blame]94IdentityManager::createIdentityCertificate(const Name& keyName, const Name& signerCertificateName, const MillisecondsSince1970& notBefore, const MillisecondsSince1970& notAfter)
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]95{
96 Blob keyBlob = identityStorage_->getKey(keyName);
97 shared_ptr<PublicKey> publicKey = PublicKey::fromDer(keyBlob);
98
99 shared_ptr<IdentityCertificate> certificate = createIdentityCertificate
100 (keyName, *publicKey, signerCertificateName, notBefore, notAfter);
101
102 identityStorage_->addCertificate(*certificate);
103
104 return certificate->getName();
105}
106
107ptr_lib::shared_ptr<IdentityCertificate>
108IdentityManager::createIdentityCertificate
Jeff Thompson9a8e82f2013-10-17 14:13:43 -0700[diff] [blame]109 (const Name& keyName, const PublicKey& publicKey, const Name& signerCertificateName, const MillisecondsSince1970& notBefore, const MillisecondsSince1970& notAfter)
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]110{
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]111 shared_ptr<IdentityCertificate> certificate(new IdentityCertificate());
112
113 Name certificateName;
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]114 MillisecondsSince1970 ti = ::ndn_getNowMilliseconds();
115 // Get the number of seconds.
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]116 ostringstream oss;
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]117 oss << floor(ti / 1000.0);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]118
119 certificateName.append(keyName).append("ID-CERT").append(oss.str());
120 certificate->setName(certificateName);
121
122 certificate->setNotBefore(notBefore);
123 certificate->setNotAfter(notAfter);
124 certificate->setPublicKeyInfo(publicKey);
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]125 certificate->addSubjectDescription(CertificateSubjectDescription("2.5.4.41", keyName.toUri()));
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]126 certificate->encode();
127
128 shared_ptr<Sha256WithRsaSignature> sha256Sig(new Sha256WithRsaSignature());
129
130 KeyLocator keyLocator;
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]131 keyLocator.setType(ndn_KeyLocatorType_KEYNAME);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]132 keyLocator.setKeyName(signerCertificateName);
133
134 sha256Sig->setKeyLocator(keyLocator);
Jeff Thompsond63baba2013-10-18 17:47:58 -0700[diff] [blame]135 sha256Sig->getPublisherPublicKeyDigest().setPublisherPublicKeyDigest(publicKey.getDigest());
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]136
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]137 certificate->setSignature(*sha256Sig);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]138
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]139 SignedBlob unsignedData = certificate->wireEncode();
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]140
Jeff Thompsondb686892013-10-18 17:16:31 -0700[diff] [blame]141 Blob sigBits = privateKeyStorage_->sign(unsignedData, keyName);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]142
Jeff Thompsonba82c162013-10-18 17:21:23 -0700[diff] [blame]143 sha256Sig->setSignature(sigBits);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]144
145 return certificate;
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]146}
147
148void
149IdentityManager::addCertificateAsDefault(const IdentityCertificate& certificate)
150{
151 identityStorage_->addCertificate(certificate);
152
153 Name keyName = identityStorage_->getKeyNameForCertificate(certificate.getName());
154
155 setDefaultKeyForIdentity(keyName);
156
157 setDefaultCertificateForKey(certificate.getName());
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]158}
159
160void
161IdentityManager::setDefaultCertificateForKey(const Name& certificateName)
162{
163 Name keyName = identityStorage_->getKeyNameForCertificate(certificateName);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]164
165 if(!identityStorage_->doesKeyExist(keyName))
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]166 throw SecurityException("No corresponding Key record for certificaite!");
167
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]168 identityStorage_->setDefaultCertificateNameForKey(keyName, certificateName);
169}
170
171ptr_lib::shared_ptr<Signature>
172IdentityManager::signByCertificate(const uint8_t* data, size_t dataLength, const Name& certificateName)
173{
Jeff Thompsonba82c162013-10-18 17:21:23 -0700[diff] [blame]174 Name keyName = identityStorage_->getKeyNameForCertificate(certificateName);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]175
176 shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName.toUri());
177
Jeff Thompsonba82c162013-10-18 17:21:23 -0700[diff] [blame]178 Blob sigBits = privateKeyStorage_->sign(data, dataLength, keyName.toUri());
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]179
180 //For temporary usage, we support RSA + SHA256 only, but will support more.
Jeff Thompsonba82c162013-10-18 17:21:23 -0700[diff] [blame]181 shared_ptr<Sha256WithRsaSignature> sha256Sig(new Sha256WithRsaSignature());
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]182
183 KeyLocator keyLocator;
Jeff Thompsonba82c162013-10-18 17:21:23 -0700[diff] [blame]184 keyLocator.setType(ndn_KeyLocatorType_KEYNAME);
185 keyLocator.setKeyName(certificateName);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]186
187 sha256Sig->setKeyLocator(keyLocator);
Jeff Thompsond63baba2013-10-18 17:47:58 -0700[diff] [blame]188 sha256Sig->getPublisherPublicKeyDigest().setPublisherPublicKeyDigest(publicKey->getDigest());
Jeff Thompsonba82c162013-10-18 17:21:23 -0700[diff] [blame]189 sha256Sig->setSignature(sigBits);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]190
191 return sha256Sig;
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]192}
193
194void
Jeff Thompson86e1d752013-09-17 17:22:38 -0700[diff] [blame]195IdentityManager::signByCertificate(Data &data, const Name &certificateName, WireFormat& wireFormat)
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]196{
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]197 Name keyName = identityStorage_->getKeyNameForCertificate(certificateName);
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700[diff] [blame]198
199 shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName);
Jeff Thompson86e1d752013-09-17 17:22:38 -0700[diff] [blame]200
201 // For temporary usage, we support RSA + SHA256 only, but will support more.
202 data.setSignature(Sha256WithRsaSignature());
203 // Get a pointer to the clone which Data made.
204 Sha256WithRsaSignature *signature = dynamic_cast<Sha256WithRsaSignature*>(data.getSignature());
205 DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256;
206
207 signature->getKeyLocator().setType(ndn_KeyLocatorType_KEYNAME);
208 signature->getKeyLocator().setKeyName(certificateName);
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700[diff] [blame]209 // Omit the certificate digest.
210 signature->getKeyLocator().setKeyNameType((ndn_KeyNameType)-1);
Jeff Thompson86e1d752013-09-17 17:22:38 -0700[diff] [blame]211 // Ignore witness and leave the digestAlgorithm as the default.
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700[diff] [blame]212 signature->getPublisherPublicKeyDigest().setPublisherPublicKeyDigest(publicKey->getDigest());
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]213
Jeff Thompson86e1d752013-09-17 17:22:38 -0700[diff] [blame]214 // Encode once to get the signed portion.
215 SignedBlob encoding = data.wireEncode(wireFormat);
216
217 signature->setSignature
Jeff Thompson9296f0c2013-09-23 18:10:27 -0700[diff] [blame]218 (privateKeyStorage_->sign(encoding.signedBuf(), encoding.signedSize(), keyName, digestAlgorithm));
Jeff Thompson86e1d752013-09-17 17:22:38 -0700[diff] [blame]219
220 // Encode again to include the signature.
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]221 data.wireEncode(wireFormat);
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]222}
223
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]224shared_ptr<IdentityCertificate>
225IdentityManager::selfSign(const Name& keyName)
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]226{
Jeff Thompsond63baba2013-10-18 17:47:58 -0700[diff] [blame]227 shared_ptr<IdentityCertificate> certificate(new IdentityCertificate());
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]228
229 Name certificateName;
230 certificateName.append(keyName).append("ID-CERT").append("0");
231 certificate->setName(certificateName);
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]232
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]233 Blob keyBlob = identityStorage_->getKey(keyName);
234 shared_ptr<PublicKey> publicKey = PublicKey::fromDer(keyBlob);
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]235
Jeff Thompsond63baba2013-10-18 17:47:58 -0700[diff] [blame]236#if NDN_CPP_HAVE_GMTIME_SUPPORT
237 time_t nowSeconds = time(NULL);
238 struct tm current = *gmtime(&nowSeconds);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]239 current.tm_hour = 0;
240 current.tm_min = 0;
241 current.tm_sec = 0;
Jeff Thompsond63baba2013-10-18 17:47:58 -0700[diff] [blame]242 MillisecondsSince1970 notBefore = timegm(&current) * 1000.0;
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]243 current.tm_year = current.tm_year + 20;
Jeff Thompsond63baba2013-10-18 17:47:58 -0700[diff] [blame]244 MillisecondsSince1970 notAfter = timegm(&current) * 1000.0;
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]245
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]246 certificate->setNotBefore(notBefore);
247 certificate->setNotAfter(notAfter);
Jeff Thompsond63baba2013-10-18 17:47:58 -0700[diff] [blame]248#else
249 // Don't really expect this to happen.
250 throw SecurityException("selfSign: Can't set certificate validity because time functions are not supported by the standard library.");
251#endif
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]252 certificate->setPublicKeyInfo(*publicKey);
Jeff Thompsond63baba2013-10-18 17:47:58 -0700[diff] [blame]253 certificate->addSubjectDescription(CertificateSubjectDescription("2.5.4.41", keyName.toUri()));
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]254 certificate->encode();
255
Jeff Thompsond63baba2013-10-18 17:47:58 -0700[diff] [blame]256 shared_ptr<Sha256WithRsaSignature> sha256Sig(new Sha256WithRsaSignature());
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]257
258 KeyLocator keyLocator;
Jeff Thompsond63baba2013-10-18 17:47:58 -0700[diff] [blame]259 keyLocator.setType(ndn_KeyLocatorType_KEYNAME);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]260 keyLocator.setKeyName(certificateName);
261
262 sha256Sig->setKeyLocator(keyLocator);
Jeff Thompsond63baba2013-10-18 17:47:58 -0700[diff] [blame]263 sha256Sig->getPublisherPublicKeyDigest().setPublisherPublicKeyDigest(publicKey->getDigest());
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]264
Jeff Thompsond63baba2013-10-18 17:47:58 -0700[diff] [blame]265 certificate->setSignature(*sha256Sig);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]266
Jeff Thompsond63baba2013-10-18 17:47:58 -0700[diff] [blame]267 Blob unsignedData = certificate->wireEncode();
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]268
Jeff Thompsond63baba2013-10-18 17:47:58 -0700[diff] [blame]269 Blob sigBits = privateKeyStorage_->sign(unsignedData, keyName.toUri());
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]270
Jeff Thompsond63baba2013-10-18 17:47:58 -0700[diff] [blame]271 sha256Sig->setSignature(sigBits);
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]272
273 return certificate;
Jeff Thompsone7e069b2013-09-27 15:48:48 -0700[diff] [blame]274}
Jeff Thompsonc69163b2013-10-12 13:49:50 -0700[diff] [blame]275
Jeff Thompson41471912013-09-12 16:21:50 -0700[diff] [blame]276}