/**
* Copyright (C) 2017-2018 Regents of the University of California.
* @author: Jeff Thompson <[email protected]>
* @author: From ndn-cxx security https://github.com/named-data/ndn-cxx/blob/master/src/security/tpm/back-end-file.hpp
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
* A copy of the GNU Lesser General Public License is in the file COPYING.
*/
/** @ignore */
var path = require('path'); /** @ignore */
var fs = require('fs'); /** @ignore */
var Crypto = require('../../crypto.js'); /** @ignore */
var Blob = require('../../util/blob.js').Blob; /** @ignore */
var TpmPrivateKey = require('./tpm-private-key.js').TpmPrivateKey; /** @ignore */
var TpmKeyHandleMemory = require('./tpm-key-handle-memory.js').TpmKeyHandleMemory; /** @ignore */
var TpmBackEnd = require('./tpm-back-end.js').TpmBackEnd; /** @ignore */
var SyncPromise = require('../../util/sync-promise.js').SyncPromise;
/**
* TpmBackEndFile extends TpmBackEnd to implement a TPM back-end using on-disk
* file storage. In this TPM, each private key is stored in a separate file with
* permission 0400, i.e., owner read-only. The key is stored in PKCS #1 format
* in base64 encoding.
*
* Create a TpmBackEndFile to use the given path to store files (of provided) or
* to the default location.
* @param {string} locationPath (optional) The full path of the directory to
* store private keys. If omitted or null or "", use the default location
* ~/.ndn/ndnsec-key-file.
* @constructor
*/
var TpmBackEndFile = function TpmBackEndFile(locationPath)
{
// Call the base constructor.
TpmBackEnd.call(this);
if (locationPath == undefined || locationPath == "") {
var home = process.env.HOME || process.env.HOMEPATH || process.env.USERPROFILE;
locationPath = path.join(home, ".ndn", "ndnsec-key-file");
}
this.keyStorePath_ = locationPath;
};
TpmBackEndFile.prototype = new TpmBackEnd();
TpmBackEndFile.prototype.name = "TpmBackEndFile";
exports.TpmBackEndFile = TpmBackEndFile;
/**
* Create a TpmBackEndFile.Error which extends TpmBackEnd.Error and represents a
* non-semantic error in backend TPM file processing.
* Call with: throw new TpmBackEndFile.Error(new Error("message")).
* @constructor
* @param {Error} error The exception created with new Error.
*/
TpmBackEndFile.Error = function TpmBackEndFileError(error)
{
// Call the base constructor.
TpmBackEnd.Error.call(this, error);
}
TpmBackEndFile.Error.prototype = new TpmBackEnd.Error();
TpmBackEndFile.Error.prototype.name = "TpmBackEndFileError";
TpmBackEndFile.getScheme = function() { return "tpm-file"; };
/**
* A protected method to check if the key with name keyName exists in the TPM.
* @param {Name} keyName The name of the key.
* @param {boolean} useSync (optional) If true then return a SyncPromise which
* is already fulfilled. If omitted or false, this may return a SyncPromise or
* an async Promise.
* @return {Promise|SyncPromise} A promise which returns true if the key exists.
*/
TpmBackEndFile.prototype.doHasKeyPromise_ = function(keyName, useSync)
{
return Promise.resolve(this.hasKey_(keyName));
};
/**
* Do the work of doHasKeyPromise_
* @param {Name} keyName The name of the key.
* @return {boolean} True if the key exists.
*/
TpmBackEndFile.prototype.hasKey_ = function(keyName)
{
if (!fs.existsSync(this.toFilePath_(keyName)))
return false;
try {
this.loadKey_(keyName);
return true;
} catch (ex) {
return false;
}
};
/**
* A protected method to get the handle of the key with name keyName.
* @param {Name} keyName The name of the key.
* @param {boolean} useSync (optional) If true then return a SyncPromise which
* is already fulfilled. If omitted or false, this may return a SyncPromise or
* an async Promise.
* @return {Promise|SyncPromise} A promise which returns a TpmKeyHandle of the
* key, or returns null if the key does not exist.
*/
TpmBackEndFile.prototype.doGetKeyHandlePromise_ = function(keyName, useSync)
{
if (!this.hasKey_(keyName))
return null;
return new TpmKeyHandleMemory(this.loadKey_(keyName));
};
/**
* A protected method to create a key for identityName according to params. The
* created key is named as: /<identityName>/[keyId]/KEY . The key name is set in
* the returned TpmKeyHandle.
* @param {Name} identityName The name if the identity.
* @param {KeyParams} params The KeyParams for creating the key.
* @param {boolean} useSync (optional) If true then return a SyncPromise which
* is already fulfilled. If omitted or false, this may return a SyncPromise or
* an async Promise.
* @return {Promise|SyncPromise} A promise which returns the TpmKeyHandle of
* the created key, or a promise rejected with TpmBackEnd.Error if the key
* cannot be created.
*/
TpmBackEndFile.prototype.doCreateKeyPromise_ = function
(identityName, params, useSync)
{
var key;
try {
// We know that TpmPrivateKey.generatePrivateKeyPromise is sync.
key = SyncPromise.getValue(TpmPrivateKey.generatePrivateKeyPromise(params));
} catch (ex) {
return Promise.reject(new TpmBackEndFile.Error(new Error
("Error in TpmPrivateKey.generatePrivateKey: " + ex)));
}
var keyHandle = new TpmKeyHandleMemory(key);
TpmBackEnd.setKeyName(keyHandle, identityName, params);
try {
this.saveKey_(keyHandle.getKeyName(), key);
} catch (ex) {
return Promise.reject(ex);
}
return Promise.resolve(keyHandle);
};
/**
* A protected method to delete the key with name keyName. If the key doesn't
* exist, do nothing.
* @param {Name} keyName The name of the key to delete.
* @param {boolean} useSync (optional) If true then return a SyncPromise which
* is already fulfilled. If omitted or false, this may return a SyncPromise or
* an async Promise.
* @return {Promise|SyncPromise} A promise which fulfills when finished, or a
* promise rejected with TpmBackEnd.Error if the deletion fails.
*/
TpmBackEndFile.prototype.doDeleteKeyPromise_ = function(keyName, useSync)
{
var filePath = this.toFilePath_(keyName);
if (fs.existsSync(filePath)) {
try {
fs.unlinkSync(filePath);
} catch (ex) {
return Promise.reject(new TpmBackEndFile.Error(new Error
("Error deleting private key file: " + ex)));
}
}
return Promise.resolve();
};
// TODO: doExportKeyPromise_
// TODO: doImportKeyPromise_
/**
* Load the private key with name keyName from the key file directory.
* @param {Name} keyName The name of the key.
* @return {TpmPrivateKey} The key loaded into a TpmPrivateKey.
*/
TpmBackEndFile.prototype.loadKey_ = function(keyName)
{
var key = new TpmPrivateKey();
var pkcs;
try {
var base64Content = fs.readFileSync(this.toFilePath_(keyName)).toString();
pkcs = new Buffer(base64Content, 'base64');
} catch (ex) {
throw new TpmBackEndFile.Error(new Error
("Error reading private key file: " + ex));
}
try {
key.loadPkcs1(pkcs, null);
} catch (ex) {
throw new TpmBackEndFile.Error(new Error
("Error decoding private key file: " + ex));
}
return key;
};
/**
* Save the private key using keyName into the key file directory.
* @param {Name} keyName The name of the key.
* @param {TpmPrivateKey} key The private key to save.
*/
TpmBackEndFile.prototype.saveKey_ = function(keyName, key)
{
var filePath = this.toFilePath_(keyName);
var base64;
try {
base64 = key.toPkcs1().buf().toString('base64');
} catch (ex) {
throw new TpmBackEndFile.Error(new Error
("Error encoding private key file: " + ex));
}
try {
var options = { mode: parseInt('0400', 8) };
fs.writeFileSync(filePath, base64, options);
} catch (ex) {
throw new TpmBackEndFile.Error(new Error
("Error writing private key file: " + ex));
}
};
/**
* Get the file path for the keyName, which is keyStorePath_ + "/" +
* hex(sha256(keyName-wire-encoding)) + ".privkey" .
* @param {Name} keyName The name of the key.
* @return {string} The file path for the key.
*/
TpmBackEndFile.prototype.toFilePath_ = function(keyName)
{
var keyEncoding = keyName.wireEncode();
var hash = Crypto.createHash('sha256');
hash.update(keyEncoding.buf());
var digest = hash.digest();
return path.join
(this.keyStorePath_, new Blob(digest, false).toHex() + ".privkey");
};