Jeff Thompson | 25b4e61 | 2013-10-10 16:03:24 -0700 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 2 | /** |
Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 3 | * Copyright (C) 2013 Regents of the University of California. |
Jeff Thompson | 06e787d | 2013-09-12 19:00:55 -0700 | [diff] [blame] | 4 | * @author: Yingdi Yu <yingdi@cs.ucla.edu> |
Jeff Thompson | 7687dc0 | 2013-09-13 11:54:07 -0700 | [diff] [blame] | 5 | * @author: Jeff Thompson <jefft0@remap.ucla.edu> |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 6 | * See COPYING for copyright and distribution information. |
| 7 | */ |
| 8 | |
Jeff Thompson | 6154ae2 | 2013-10-18 10:44:57 -0700 | [diff] [blame] | 9 | #if 1 // TODO: Remove this when we don't throw "not implemented". |
Jeff Thompson | 0f2096f | 2013-10-01 14:49:42 -0700 | [diff] [blame] | 10 | #include <stdexcept> |
| 11 | #endif |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 12 | #include <ctime> |
| 13 | #include <fstream> |
Jeff Thompson | db68689 | 2013-10-18 17:16:31 -0700 | [diff] [blame^] | 14 | #include <math.h> |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 15 | #include <ndn-cpp/key.hpp> |
Jeff Thompson | 25b4e61 | 2013-10-10 16:03:24 -0700 | [diff] [blame] | 16 | #include <ndn-cpp/sha256-with-rsa-signature.hpp> |
| 17 | #include <ndn-cpp/security/security-exception.hpp> |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 18 | #include "../../util/logging.hpp" |
Jeff Thompson | db68689 | 2013-10-18 17:16:31 -0700 | [diff] [blame^] | 19 | #include "../../c/util/time.h" |
Jeff Thompson | 25b4e61 | 2013-10-10 16:03:24 -0700 | [diff] [blame] | 20 | #include <ndn-cpp/security/identity/identity-manager.hpp> |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 21 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 22 | INIT_LOGGER("ndn.security.IdentityManager") |
| 23 | |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 24 | using namespace std; |
| 25 | using namespace ndn::ptr_lib; |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 26 | |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 27 | namespace ndn { |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 28 | |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 29 | Name |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 30 | IdentityManager::createIdentity(const Name& identityName) |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 31 | { |
| 32 | if (!identityStorage_->doesIdentityExist(identityName)) { |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 33 | _LOG_DEBUG("Create Identity"); |
| 34 | identityStorage_->addIdentity(identityName); |
| 35 | |
| 36 | _LOG_DEBUG("Create Default RSA key pair"); |
| 37 | Name keyName = generateRSAKeyPairAsDefault(identityName, true); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 38 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 39 | _LOG_DEBUG("Create self-signed certificate"); |
| 40 | shared_ptr<IdentityCertificate> selfCert = selfSign(keyName); |
| 41 | |
| 42 | _LOG_DEBUG("Add self-signed certificate as default"); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 43 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 44 | addCertificateAsDefault(*selfCert); |
| 45 | |
| 46 | return keyName; |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 47 | } |
| 48 | else |
| 49 | throw SecurityException("Identity has already been created!"); |
| 50 | } |
| 51 | |
| 52 | Name |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 53 | IdentityManager::generateKeyPair(const Name& identityName, bool isKsk, KeyType keyType, int keySize) |
| 54 | { |
| 55 | _LOG_DEBUG("Get new key ID"); |
| 56 | Name keyName = identityStorage_->getNewKeyName(identityName, isKsk); |
| 57 | |
| 58 | _LOG_DEBUG("Generate key pair in private storage"); |
| 59 | privateKeyStorage_->generateKeyPair(keyName.toUri(), keyType, keySize); |
| 60 | |
| 61 | _LOG_DEBUG("Create a key record in public storage"); |
| 62 | shared_ptr<PublicKey> pubKey = privateKeyStorage_->getPublicKey(keyName.toUri()); |
| 63 | identityStorage_->addKey(keyName, keyType, pubKey->getKeyDer()); |
| 64 | _LOG_DEBUG("OK"); |
| 65 | return keyName; |
| 66 | } |
| 67 | |
| 68 | Name |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 69 | IdentityManager::generateRSAKeyPair(const Name& identityName, bool isKsk, int keySize) |
| 70 | { |
| 71 | Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize); |
| 72 | _LOG_DEBUG("OK2"); |
| 73 | return keyName; |
| 74 | } |
| 75 | |
| 76 | Name |
| 77 | IdentityManager::generateRSAKeyPairAsDefault(const Name& identityName, bool isKsk, int keySize) |
| 78 | { |
| 79 | Name keyName = generateKeyPair(identityName, isKsk, KEY_TYPE_RSA, keySize); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 80 | |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 81 | identityStorage_->setDefaultKeyNameForIdentity(keyName, identityName); |
| 82 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 83 | return keyName; |
| 84 | } |
| 85 | |
| 86 | Name |
Jeff Thompson | 9a8e82f | 2013-10-17 14:13:43 -0700 | [diff] [blame] | 87 | IdentityManager::createIdentityCertificate(const Name& keyName, const Name& signerCertificateName, const MillisecondsSince1970& notBefore, const MillisecondsSince1970& notAfter) |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 88 | { |
| 89 | Blob keyBlob = identityStorage_->getKey(keyName); |
| 90 | shared_ptr<PublicKey> publicKey = PublicKey::fromDer(keyBlob); |
| 91 | |
| 92 | shared_ptr<IdentityCertificate> certificate = createIdentityCertificate |
| 93 | (keyName, *publicKey, signerCertificateName, notBefore, notAfter); |
| 94 | |
| 95 | identityStorage_->addCertificate(*certificate); |
| 96 | |
| 97 | return certificate->getName(); |
| 98 | } |
| 99 | |
| 100 | ptr_lib::shared_ptr<IdentityCertificate> |
| 101 | IdentityManager::createIdentityCertificate |
Jeff Thompson | 9a8e82f | 2013-10-17 14:13:43 -0700 | [diff] [blame] | 102 | (const Name& keyName, const PublicKey& publicKey, const Name& signerCertificateName, const MillisecondsSince1970& notBefore, const MillisecondsSince1970& notAfter) |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 103 | { |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 104 | shared_ptr<IdentityCertificate> certificate(new IdentityCertificate()); |
| 105 | |
| 106 | Name certificateName; |
Jeff Thompson | db68689 | 2013-10-18 17:16:31 -0700 | [diff] [blame^] | 107 | MillisecondsSince1970 ti = ::ndn_getNowMilliseconds(); |
| 108 | // Get the number of seconds. |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 109 | ostringstream oss; |
Jeff Thompson | db68689 | 2013-10-18 17:16:31 -0700 | [diff] [blame^] | 110 | oss << floor(ti / 1000.0); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 111 | |
| 112 | certificateName.append(keyName).append("ID-CERT").append(oss.str()); |
| 113 | certificate->setName(certificateName); |
| 114 | |
| 115 | certificate->setNotBefore(notBefore); |
| 116 | certificate->setNotAfter(notAfter); |
| 117 | certificate->setPublicKeyInfo(publicKey); |
Jeff Thompson | db68689 | 2013-10-18 17:16:31 -0700 | [diff] [blame^] | 118 | certificate->addSubjectDescription(CertificateSubjectDescription("2.5.4.41", keyName.toUri())); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 119 | certificate->encode(); |
| 120 | |
| 121 | shared_ptr<Sha256WithRsaSignature> sha256Sig(new Sha256WithRsaSignature()); |
| 122 | |
| 123 | KeyLocator keyLocator; |
Jeff Thompson | db68689 | 2013-10-18 17:16:31 -0700 | [diff] [blame^] | 124 | keyLocator.setType(ndn_KeyLocatorType_KEYNAME); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 125 | keyLocator.setKeyName(signerCertificateName); |
| 126 | |
| 127 | sha256Sig->setKeyLocator(keyLocator); |
Jeff Thompson | db68689 | 2013-10-18 17:16:31 -0700 | [diff] [blame^] | 128 | sha256Sig->getPublisherPublicKeyDigest().setPublisherPublicKeyDigest(*publicKey.getDigest()); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 129 | |
Jeff Thompson | db68689 | 2013-10-18 17:16:31 -0700 | [diff] [blame^] | 130 | certificate->setSignature(*sha256Sig); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 131 | |
Jeff Thompson | db68689 | 2013-10-18 17:16:31 -0700 | [diff] [blame^] | 132 | SignedBlob unsignedData = certificate->wireEncode(); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 133 | |
Jeff Thompson | db68689 | 2013-10-18 17:16:31 -0700 | [diff] [blame^] | 134 | Blob sigBits = privateKeyStorage_->sign(unsignedData, keyName); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 135 | |
Jeff Thompson | db68689 | 2013-10-18 17:16:31 -0700 | [diff] [blame^] | 136 | sha256Sig->setSignature(*sigBits); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 137 | |
| 138 | return certificate; |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 139 | } |
| 140 | |
| 141 | void |
| 142 | IdentityManager::addCertificateAsDefault(const IdentityCertificate& certificate) |
| 143 | { |
| 144 | identityStorage_->addCertificate(certificate); |
| 145 | |
| 146 | Name keyName = identityStorage_->getKeyNameForCertificate(certificate.getName()); |
| 147 | |
| 148 | setDefaultKeyForIdentity(keyName); |
| 149 | |
| 150 | setDefaultCertificateForKey(certificate.getName()); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 151 | } |
| 152 | |
| 153 | void |
| 154 | IdentityManager::setDefaultCertificateForKey(const Name& certificateName) |
| 155 | { |
| 156 | Name keyName = identityStorage_->getKeyNameForCertificate(certificateName); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 157 | |
| 158 | if(!identityStorage_->doesKeyExist(keyName)) |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 159 | throw SecurityException("No corresponding Key record for certificaite!"); |
| 160 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 161 | identityStorage_->setDefaultCertificateNameForKey(keyName, certificateName); |
| 162 | } |
| 163 | |
| 164 | ptr_lib::shared_ptr<Signature> |
| 165 | IdentityManager::signByCertificate(const uint8_t* data, size_t dataLength, const Name& certificateName) |
| 166 | { |
| 167 | #if 0 |
| 168 | Name keyName = identityStorage_->getKeyNameForCertificate(certName); |
| 169 | |
| 170 | shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName.toUri()); |
| 171 | |
| 172 | Blob sigBits = privateKeyStorage_->sign(blob, keyName.toUri()); |
| 173 | |
| 174 | //For temporary usage, we support RSA + SHA256 only, but will support more. |
| 175 | shared_ptr<signature::Sha256WithRsa> sha256Sig = shared_ptr<signature::Sha256WithRsa>::Create(); |
| 176 | |
| 177 | KeyLocator keyLocator; |
| 178 | keyLocator.setType(KeyLocator::KEYNAME); |
| 179 | keyLocator.setKeyName(certName); |
| 180 | |
| 181 | sha256Sig->setKeyLocator(keyLocator); |
| 182 | sha256Sig->setPublisherKeyDigest(*publicKey->getDigest()); |
| 183 | sha256Sig->setSignatureBits(*sigBits); |
| 184 | |
| 185 | return sha256Sig; |
| 186 | #else |
Jeff Thompson | 4affbf5 | 2013-10-18 14:36:46 -0700 | [diff] [blame] | 187 | throw runtime_error("not implemented"); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 188 | #endif |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 189 | } |
| 190 | |
| 191 | void |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 192 | IdentityManager::signByCertificate(Data &data, const Name &certificateName, WireFormat& wireFormat) |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 193 | { |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 194 | Name keyName = identityStorage_->getKeyNameForCertificate(certificateName); |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 195 | |
| 196 | shared_ptr<PublicKey> publicKey = privateKeyStorage_->getPublicKey(keyName); |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 197 | |
| 198 | // For temporary usage, we support RSA + SHA256 only, but will support more. |
| 199 | data.setSignature(Sha256WithRsaSignature()); |
| 200 | // Get a pointer to the clone which Data made. |
| 201 | Sha256WithRsaSignature *signature = dynamic_cast<Sha256WithRsaSignature*>(data.getSignature()); |
| 202 | DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256; |
| 203 | |
| 204 | signature->getKeyLocator().setType(ndn_KeyLocatorType_KEYNAME); |
| 205 | signature->getKeyLocator().setKeyName(certificateName); |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 206 | // Omit the certificate digest. |
| 207 | signature->getKeyLocator().setKeyNameType((ndn_KeyNameType)-1); |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 208 | // Ignore witness and leave the digestAlgorithm as the default. |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 209 | signature->getPublisherPublicKeyDigest().setPublisherPublicKeyDigest(publicKey->getDigest()); |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 210 | |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 211 | // Encode once to get the signed portion. |
| 212 | SignedBlob encoding = data.wireEncode(wireFormat); |
| 213 | |
| 214 | signature->setSignature |
Jeff Thompson | 9296f0c | 2013-09-23 18:10:27 -0700 | [diff] [blame] | 215 | (privateKeyStorage_->sign(encoding.signedBuf(), encoding.signedSize(), keyName, digestAlgorithm)); |
Jeff Thompson | 86e1d75 | 2013-09-17 17:22:38 -0700 | [diff] [blame] | 216 | |
| 217 | // Encode again to include the signature. |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 218 | data.wireEncode(wireFormat); |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 219 | } |
| 220 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 221 | shared_ptr<IdentityCertificate> |
| 222 | IdentityManager::selfSign(const Name& keyName) |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 223 | { |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 224 | #if 0 |
| 225 | shared_ptr<IdentityCertificate> certificate = Create<IdentityCertificate>(); |
| 226 | |
| 227 | Name certificateName; |
| 228 | certificateName.append(keyName).append("ID-CERT").append("0"); |
| 229 | certificate->setName(certificateName); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 230 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 231 | Blob keyBlob = identityStorage_->getKey(keyName); |
| 232 | shared_ptr<PublicKey> publicKey = PublicKey::fromDer(keyBlob); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 233 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 234 | tm current = boost::posix_time::to_tm(time::Now()); |
| 235 | current.tm_hour = 0; |
| 236 | current.tm_min = 0; |
| 237 | current.tm_sec = 0; |
Jeff Thompson | 9a8e82f | 2013-10-17 14:13:43 -0700 | [diff] [blame] | 238 | MillisecondsSince1970 notBefore = boost::posix_time::ptime_from_tm(current); |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 239 | current.tm_year = current.tm_year + 20; |
Jeff Thompson | 9a8e82f | 2013-10-17 14:13:43 -0700 | [diff] [blame] | 240 | MillisecondsSince1970 notAfter = boost::posix_time::ptime_from_tm(current); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 241 | |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 242 | certificate->setNotBefore(notBefore); |
| 243 | certificate->setNotAfter(notAfter); |
| 244 | certificate->setPublicKeyInfo(*publicKey); |
| 245 | certificate->addSubjectDescription(CertificateSubDescrypt("2.5.4.41", keyName.toUri())); |
| 246 | certificate->encode(); |
| 247 | |
| 248 | shared_ptr<signature::Sha256WithRsa> sha256Sig = shared_ptr<signature::Sha256WithRsa>::Create(); |
| 249 | |
| 250 | KeyLocator keyLocator; |
| 251 | keyLocator.setType(KeyLocator::KEYNAME); |
| 252 | keyLocator.setKeyName(certificateName); |
| 253 | |
| 254 | sha256Sig->setKeyLocator(keyLocator); |
| 255 | sha256Sig->setPublisherKeyDigest(*publicKey->getDigest()); |
| 256 | |
| 257 | certificate->setSignature(sha256Sig); |
| 258 | |
| 259 | Blob unsignedData = certificate->encodeToUnsignedWire(); |
| 260 | |
| 261 | Blob sigBits = privateKeyStorage_->sign(*unsignedData, keyName.toUri()); |
| 262 | |
| 263 | sha256Sig->setSignatureBits(*sigBits); |
| 264 | |
| 265 | return certificate; |
| 266 | #else |
Jeff Thompson | 4affbf5 | 2013-10-18 14:36:46 -0700 | [diff] [blame] | 267 | throw runtime_error("not implemented"); |
Jeff Thompson | e7e069b | 2013-09-27 15:48:48 -0700 | [diff] [blame] | 268 | #endif |
| 269 | } |
Jeff Thompson | c69163b | 2013-10-12 13:49:50 -0700 | [diff] [blame] | 270 | |
Jeff Thompson | 4147191 | 2013-09-12 16:21:50 -0700 | [diff] [blame] | 271 | } |