Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 2 | /** |
Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 3 | * Copyright (c) 2013-2014 Regents of the University of California. |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 4 | * |
| 5 | * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions). |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 6 | * |
Alexander Afanasyev | c169a81 | 2014-05-20 20:37:29 -0400 | [diff] [blame] | 7 | * ndn-cxx library is free software: you can redistribute it and/or modify it under the |
| 8 | * terms of the GNU Lesser General Public License as published by the Free Software |
| 9 | * Foundation, either version 3 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY |
| 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A |
| 13 | * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. |
| 14 | * |
| 15 | * You should have received copies of the GNU General Public License and GNU Lesser |
| 16 | * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see |
| 17 | * <http://www.gnu.org/licenses/>. |
| 18 | * |
| 19 | * See AUTHORS.md for complete list of ndn-cxx authors and contributors. |
Alexander Afanasyev | dfa52c4 | 2014-04-24 21:10:11 -0700 | [diff] [blame] | 20 | * |
| 21 | * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/> |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 22 | */ |
| 23 | |
| 24 | #include "sec-tpm.hpp" |
| 25 | |
Alexander Afanasyev | 258ec2b | 2014-05-14 16:15:37 -0700 | [diff] [blame] | 26 | #include "../encoding/oid.hpp" |
| 27 | #include "../encoding/buffer-stream.hpp" |
Junxiao Shi | 482ccc5 | 2014-03-31 13:05:24 -0700 | [diff] [blame] | 28 | #include "cryptopp.hpp" |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 29 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 30 | namespace ndn { |
| 31 | |
Yingdi Yu | 5ec0ee3 | 2014-06-24 16:26:09 -0700 | [diff] [blame] | 32 | using std::string; |
| 33 | |
Yingdi Yu | 4154634 | 2014-11-30 23:37:53 -0800 | [diff] [blame] | 34 | SecTpm::SecTpm(const string& location) |
| 35 | : m_location(location) |
| 36 | { |
| 37 | } |
| 38 | |
| 39 | SecTpm::~SecTpm() |
| 40 | { |
| 41 | } |
| 42 | |
| 43 | std::string |
| 44 | SecTpm::getTpmLocator() |
| 45 | { |
Alexander Afanasyev | 0711380 | 2015-01-15 19:14:36 -0800 | [diff] [blame] | 46 | return this->getScheme() + ":" + m_location; |
Yingdi Yu | 4154634 | 2014-11-30 23:37:53 -0800 | [diff] [blame] | 47 | } |
| 48 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 49 | ConstBufferPtr |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 50 | SecTpm::exportPrivateKeyPkcs5FromTpm(const Name& keyName, const string& passwordStr) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 51 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 52 | using namespace CryptoPP; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 53 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 54 | uint8_t salt[8] = {0}; |
| 55 | uint8_t iv[8] = {0}; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 56 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 57 | // derive key |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 58 | if (!generateRandomBlock(salt, 8) || !generateRandomBlock(iv, 8)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 59 | throw Error("Cannot generate salt or iv"); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 60 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 61 | uint32_t iterationCount = 2048; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 62 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 63 | PKCS5_PBKDF2_HMAC<SHA1> keyGenerator; |
| 64 | size_t derivedLen = 24; //For DES-EDE3-CBC-PAD |
| 65 | byte derived[24] = {0}; |
| 66 | byte purpose = 0; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 67 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 68 | try |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 69 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 70 | keyGenerator.DeriveKey(derived, derivedLen, purpose, |
| 71 | reinterpret_cast<const byte*>(passwordStr.c_str()), passwordStr.size(), |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 72 | salt, 8, iterationCount); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 73 | } |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 74 | catch (CryptoPP::Exception& e) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 75 | { |
| 76 | throw Error("Cannot derived the encryption key"); |
| 77 | } |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 78 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 79 | //encrypt |
| 80 | CBC_Mode< DES_EDE3 >::Encryption e; |
| 81 | e.SetKeyWithIV(derived, derivedLen, iv); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 82 | |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 83 | ConstBufferPtr pkcs8PrivateKey = exportPrivateKeyPkcs8FromTpm(keyName); |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 84 | |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 85 | if (!static_cast<bool>(pkcs8PrivateKey)) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 86 | throw Error("Cannot export the private key, #1"); |
| 87 | |
| 88 | OBufferStream encryptedOs; |
| 89 | try |
| 90 | { |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 91 | StringSource stringSource(pkcs8PrivateKey->buf(), pkcs8PrivateKey->size(), true, |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 92 | new StreamTransformationFilter(e, new FileSink(encryptedOs))); |
| 93 | } |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 94 | catch (CryptoPP::Exception& e) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 95 | { |
| 96 | throw Error("Cannot export the private key, #2"); |
| 97 | } |
| 98 | |
| 99 | //encode |
| 100 | OID pbes2Id("1.2.840.113549.1.5.13"); |
| 101 | OID pbkdf2Id("1.2.840.113549.1.5.12"); |
| 102 | OID pbes2encsId("1.2.840.113549.3.7"); |
| 103 | |
| 104 | OBufferStream pkcs8Os; |
| 105 | try |
| 106 | { |
| 107 | FileSink sink(pkcs8Os); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 108 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 109 | // EncryptedPrivateKeyInfo ::= SEQUENCE { |
| 110 | // encryptionAlgorithm EncryptionAlgorithmIdentifier, |
| 111 | // encryptedData OCTET STRING } |
| 112 | DERSequenceEncoder encryptedPrivateKeyInfo(sink); |
| 113 | { |
| 114 | // EncryptionAlgorithmIdentifier ::= SEQUENCE { |
| 115 | // algorithm OBJECT IDENTIFIER {{PBES2-id}}, |
| 116 | // parameters SEQUENCE {{PBES2-params}} } |
| 117 | DERSequenceEncoder encryptionAlgorithm(encryptedPrivateKeyInfo); |
| 118 | { |
| 119 | pbes2Id.encode(encryptionAlgorithm); |
| 120 | // PBES2-params ::= SEQUENCE { |
| 121 | // keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, |
| 122 | // encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} } |
| 123 | DERSequenceEncoder pbes2Params(encryptionAlgorithm); |
| 124 | { |
| 125 | // AlgorithmIdentifier ::= SEQUENCE { |
| 126 | // algorithm OBJECT IDENTIFIER {{PBKDF2-id}}, |
| 127 | // parameters SEQUENCE {{PBKDF2-params}} } |
| 128 | DERSequenceEncoder pbes2KDFs(pbes2Params); |
| 129 | { |
| 130 | pbkdf2Id.encode(pbes2KDFs); |
| 131 | // AlgorithmIdentifier ::= SEQUENCE { |
| 132 | // salt OCTET STRING, |
| 133 | // iterationCount INTEGER (1..MAX), |
| 134 | // keyLength INTEGER (1..MAX) OPTIONAL, |
| 135 | // prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 } |
| 136 | DERSequenceEncoder pbkdf2Params(pbes2KDFs); |
| 137 | { |
| 138 | DEREncodeOctetString(pbkdf2Params, salt, 8); |
| 139 | DEREncodeUnsigned<uint32_t>(pbkdf2Params, iterationCount, INTEGER); |
| 140 | } |
| 141 | pbkdf2Params.MessageEnd(); |
| 142 | } |
| 143 | pbes2KDFs.MessageEnd(); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 144 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 145 | // AlgorithmIdentifier ::= SEQUENCE { |
| 146 | // algorithm OBJECT IDENTIFIER {{DES-EDE3-CBC-PAD}}, |
| 147 | // parameters OCTET STRING} {{iv}} } |
| 148 | DERSequenceEncoder pbes2Encs(pbes2Params); |
| 149 | { |
| 150 | pbes2encsId.encode(pbes2Encs); |
| 151 | DEREncodeOctetString(pbes2Encs, iv, 8); |
| 152 | } |
| 153 | pbes2Encs.MessageEnd(); |
| 154 | } |
| 155 | pbes2Params.MessageEnd(); |
| 156 | } |
| 157 | encryptionAlgorithm.MessageEnd(); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 158 | |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 159 | DEREncodeOctetString(encryptedPrivateKeyInfo, |
| 160 | encryptedOs.buf()->buf(), encryptedOs.buf()->size()); |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 161 | } |
| 162 | encryptedPrivateKeyInfo.MessageEnd(); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 163 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 164 | return pkcs8Os.buf(); |
| 165 | } |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 166 | catch (CryptoPP::Exception& e) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 167 | { |
| 168 | throw Error("Cannot export the private key, #3"); |
| 169 | } |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 170 | } |
| 171 | |
| 172 | bool |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 173 | SecTpm::importPrivateKeyPkcs5IntoTpm(const Name& keyName, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 174 | const uint8_t* buf, size_t size, |
| 175 | const string& passwordStr) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 176 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 177 | using namespace CryptoPP; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 178 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 179 | OID pbes2Id; |
| 180 | OID pbkdf2Id; |
| 181 | SecByteBlock saltBlock; |
| 182 | uint32_t iterationCount; |
| 183 | OID pbes2encsId; |
| 184 | SecByteBlock ivBlock; |
| 185 | SecByteBlock encryptedDataBlock; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 186 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 187 | try |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 188 | { |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 189 | // decode some decoding processes are not necessary for now, |
| 190 | // because we assume only one encryption scheme. |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 191 | StringSource source(buf, size, true); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 192 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 193 | // EncryptedPrivateKeyInfo ::= SEQUENCE { |
| 194 | // encryptionAlgorithm EncryptionAlgorithmIdentifier, |
| 195 | // encryptedData OCTET STRING } |
| 196 | BERSequenceDecoder encryptedPrivateKeyInfo(source); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 197 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 198 | // EncryptionAlgorithmIdentifier ::= SEQUENCE { |
| 199 | // algorithm OBJECT IDENTIFIER {{PBES2-id}}, |
| 200 | // parameters SEQUENCE {{PBES2-params}} } |
| 201 | BERSequenceDecoder encryptionAlgorithm(encryptedPrivateKeyInfo); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 202 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 203 | pbes2Id.decode(encryptionAlgorithm); |
| 204 | // PBES2-params ::= SEQUENCE { |
| 205 | // keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, |
| 206 | // encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} } |
| 207 | BERSequenceDecoder pbes2Params(encryptionAlgorithm); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 208 | { |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 209 | // AlgorithmIdentifier ::= SEQUENCE { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 210 | // algorithm OBJECT IDENTIFIER {{PBKDF2-id}}, |
| 211 | // parameters SEQUENCE {{PBKDF2-params}} } |
| 212 | BERSequenceDecoder pbes2KDFs(pbes2Params); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 213 | { |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 214 | pbkdf2Id.decode(pbes2KDFs); |
| 215 | // AlgorithmIdentifier ::= SEQUENCE { |
| 216 | // salt OCTET STRING, |
| 217 | // iterationCount INTEGER (1..MAX), |
| 218 | // keyLength INTEGER (1..MAX) OPTIONAL, |
| 219 | // prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 } |
| 220 | BERSequenceDecoder pbkdf2Params(pbes2KDFs); |
| 221 | { |
| 222 | BERDecodeOctetString(pbkdf2Params, saltBlock); |
| 223 | BERDecodeUnsigned<uint32_t>(pbkdf2Params, iterationCount, INTEGER); |
| 224 | } |
| 225 | pbkdf2Params.MessageEnd(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 226 | } |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 227 | pbes2KDFs.MessageEnd(); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 228 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 229 | // AlgorithmIdentifier ::= SEQUENCE { |
| 230 | // algorithm OBJECT IDENTIFIER {{DES-EDE3-CBC-PAD}}, |
| 231 | // parameters OCTET STRING} {{iv}} } |
| 232 | BERSequenceDecoder pbes2Encs(pbes2Params); |
| 233 | { |
| 234 | pbes2encsId.decode(pbes2Encs); |
| 235 | BERDecodeOctetString(pbes2Encs, ivBlock); |
| 236 | } |
| 237 | pbes2Encs.MessageEnd(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 238 | } |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 239 | pbes2Params.MessageEnd(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 240 | } |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 241 | encryptionAlgorithm.MessageEnd(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 242 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 243 | BERDecodeOctetString(encryptedPrivateKeyInfo, encryptedDataBlock); |
| 244 | } |
| 245 | encryptedPrivateKeyInfo.MessageEnd(); |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 246 | } |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 247 | catch (CryptoPP::Exception& e) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 248 | { |
| 249 | return false; |
| 250 | } |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 251 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 252 | PKCS5_PBKDF2_HMAC<SHA1> keyGenerator; |
| 253 | size_t derivedLen = 24; //For DES-EDE3-CBC-PAD |
| 254 | byte derived[24] = {0}; |
| 255 | byte purpose = 0; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 256 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 257 | try |
| 258 | { |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 259 | keyGenerator.DeriveKey(derived, derivedLen, |
| 260 | purpose, |
| 261 | reinterpret_cast<const byte*>(passwordStr.c_str()), passwordStr.size(), |
| 262 | saltBlock.BytePtr(), saltBlock.size(), |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 263 | iterationCount); |
| 264 | } |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 265 | catch (CryptoPP::Exception& e) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 266 | { |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 267 | return false; |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 268 | } |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 269 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 270 | //decrypt |
| 271 | CBC_Mode< DES_EDE3 >::Decryption d; |
| 272 | d.SetKeyWithIV(derived, derivedLen, ivBlock.BytePtr()); |
| 273 | |
| 274 | OBufferStream privateKeyOs; |
| 275 | try |
| 276 | { |
| 277 | StringSource encryptedSource(encryptedDataBlock.BytePtr(), encryptedDataBlock.size(), true, |
| 278 | new StreamTransformationFilter(d, new FileSink(privateKeyOs))); |
| 279 | } |
| 280 | catch (CryptoPP::Exception& e) |
| 281 | { |
| 282 | return false; |
| 283 | } |
| 284 | |
Yingdi Yu | 5e96e00 | 2014-04-23 18:32:15 -0700 | [diff] [blame] | 285 | if (!importPrivateKeyPkcs8IntoTpm(keyName, |
Yingdi Yu | 4b8c6a2 | 2014-04-15 23:00:54 -0700 | [diff] [blame] | 286 | privateKeyOs.buf()->buf(), privateKeyOs.buf()->size())) |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 287 | return false; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 288 | |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 289 | //determine key type |
| 290 | StringSource privateKeySource(privateKeyOs.buf()->buf(), privateKeyOs.buf()->size(), true); |
| 291 | |
| 292 | KeyType publicKeyType = KEY_TYPE_NULL; |
| 293 | SecByteBlock rawKeyBits; |
| 294 | // PrivateKeyInfo ::= SEQUENCE { |
| 295 | // INTEGER, |
| 296 | // SEQUENCE, |
| 297 | // OCTECT STRING} |
| 298 | BERSequenceDecoder privateKeyInfo(privateKeySource); |
| 299 | { |
| 300 | uint32_t versionNum; |
| 301 | BERDecodeUnsigned<uint32_t>(privateKeyInfo, versionNum, INTEGER); |
| 302 | BERSequenceDecoder sequenceDecoder(privateKeyInfo); |
| 303 | { |
| 304 | OID keyTypeOID; |
| 305 | keyTypeOID.decode(sequenceDecoder); |
| 306 | if (keyTypeOID == oid::RSA) |
| 307 | publicKeyType = KEY_TYPE_RSA; |
| 308 | else if (keyTypeOID == oid::ECDSA) |
| 309 | publicKeyType = KEY_TYPE_ECDSA; |
| 310 | else |
| 311 | return false; // Unsupported key type; |
| 312 | } |
| 313 | } |
| 314 | |
| 315 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 316 | //derive public key |
| 317 | OBufferStream publicKeyOs; |
| 318 | |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 319 | try { |
| 320 | switch (publicKeyType) { |
| 321 | case KEY_TYPE_RSA: |
| 322 | { |
| 323 | RSA::PrivateKey privateKey; |
| 324 | privateKey.Load(StringStore(privateKeyOs.buf()->buf(), privateKeyOs.buf()->size()).Ref()); |
| 325 | RSAFunction publicKey(privateKey); |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 326 | |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 327 | FileSink publicKeySink(publicKeyOs); |
| 328 | publicKey.DEREncode(publicKeySink); |
| 329 | publicKeySink.MessageEnd(); |
| 330 | break; |
| 331 | } |
| 332 | case KEY_TYPE_ECDSA: |
| 333 | { |
| 334 | ECDSA<ECP, SHA256>::PrivateKey privateKey; |
| 335 | privateKey.Load(StringStore(privateKeyOs.buf()->buf(), privateKeyOs.buf()->size()).Ref()); |
| 336 | |
| 337 | ECDSA<ECP, SHA256>::PublicKey publicKey; |
| 338 | privateKey.MakePublicKey(publicKey); |
| 339 | publicKey.AccessGroupParameters().SetEncodeAsOID(true); |
| 340 | |
| 341 | FileSink publicKeySink(publicKeyOs); |
| 342 | publicKey.DEREncode(publicKeySink); |
| 343 | publicKeySink.MessageEnd(); |
| 344 | break; |
| 345 | } |
| 346 | default: |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 347 | return false; |
| 348 | } |
Yingdi Yu | 9d9d599 | 2014-06-25 12:25:16 -0700 | [diff] [blame] | 349 | } |
| 350 | catch (CryptoPP::Exception& e) { |
| 351 | return false; |
| 352 | } |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 353 | |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 354 | if (!importPublicKeyPkcs1IntoTpm(keyName, publicKeyOs.buf()->buf(), publicKeyOs.buf()->size())) |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 355 | return false; |
Alexander Afanasyev | fdbfc6d | 2014-04-14 15:12:11 -0700 | [diff] [blame] | 356 | |
Yingdi Yu | 2e57a58 | 2014-02-20 23:34:43 -0800 | [diff] [blame] | 357 | return true; |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 358 | } |
| 359 | |
Yingdi Yu | 7036ce2 | 2014-06-19 18:53:37 -0700 | [diff] [blame] | 360 | bool |
| 361 | SecTpm::getImpExpPassWord(std::string& password, const std::string& prompt) |
| 362 | { |
| 363 | bool isInitialized = false; |
| 364 | |
| 365 | char* pw0 = 0; |
| 366 | |
| 367 | pw0 = getpass(prompt.c_str()); |
| 368 | if (0 == pw0) |
| 369 | return false; |
| 370 | std::string password1 = pw0; |
| 371 | memset(pw0, 0, strlen(pw0)); |
| 372 | |
| 373 | pw0 = getpass("Confirm:"); |
| 374 | if (0 == pw0) |
| 375 | { |
| 376 | std::fill(password1.begin(), password1.end(), 0); |
| 377 | return false; |
| 378 | } |
| 379 | |
| 380 | if (0 == password1.compare(pw0)) |
| 381 | { |
| 382 | isInitialized = true; |
| 383 | password.swap(password1); |
| 384 | } |
| 385 | |
| 386 | std::fill(password1.begin(), password1.end(), 0); |
| 387 | memset(pw0, 0, strlen(pw0)); |
| 388 | |
| 389 | if (password.empty()) |
| 390 | return false; |
| 391 | |
| 392 | return isInitialized; |
| 393 | } |
| 394 | |
Yingdi Yu | 8dceb1d | 2014-02-18 12:45:10 -0800 | [diff] [blame] | 395 | |
Yingdi Yu | fc40d87 | 2014-02-18 12:56:04 -0800 | [diff] [blame] | 396 | } // namespace ndn |