back-end.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2017 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  */
21 
22 #include "back-end.hpp"
23 #include "key-handle.hpp"
24 #include "tpm.hpp"
25 #include "../pib/key.hpp"
26 #include "../transform/buffer-source.hpp"
27 #include "../transform/digest-filter.hpp"
28 #include "../transform/stream-sink.hpp"
29 #include "../../encoding/buffer-stream.hpp"
30 #include "../../util/random.hpp"
31 
32 namespace ndn {
33 namespace security {
34 namespace tpm {
35 
36 BackEnd::~BackEnd() = default;
37 
38 bool
39 BackEnd::hasKey(const Name& keyName) const
40 {
41  return doHasKey(keyName);
42 }
43 
44 unique_ptr<KeyHandle>
45 BackEnd::getKeyHandle(const Name& keyName) const
46 {
47  return doGetKeyHandle(keyName);
48 }
49 
50 unique_ptr<KeyHandle>
51 BackEnd::createKey(const Name& identity, const KeyParams& params)
52 {
53  // key name checking
54  switch (params.getKeyIdType()) {
55  case KeyIdType::USER_SPECIFIED: { // keyId is pre-set.
56  Name keyName = v2::constructKeyName(identity, params.getKeyId());
57  if (hasKey(keyName)) {
58  BOOST_THROW_EXCEPTION(Tpm::Error("Key `" + keyName.toUri() + "` already exists"));
59  }
60  break;
61  }
62  case KeyIdType::SHA256: {
63  // KeyName will be assigned in setKeyName after key is generated
64  break;
65  }
66  case KeyIdType::RANDOM: {
67  Name keyName;
68  name::Component keyId;
69  do {
70  keyId = name::Component::fromNumber(random::generateSecureWord64());
71  keyName = v2::constructKeyName(identity, keyId);
72  } while (hasKey(keyName));
73 
74  const_cast<KeyParams&>(params).setKeyId(keyId);
75  break;
76  }
77  default: {
78  BOOST_THROW_EXCEPTION(Error("Unsupported key id type"));
79  }
80  }
81 
82  return doCreateKey(identity, params);
83 }
84 
85 void
86 BackEnd::deleteKey(const Name& keyName)
87 {
88  doDeleteKey(keyName);
89 }
90 
91 ConstBufferPtr
92 BackEnd::exportKey(const Name& keyName, const char* pw, size_t pwLen)
93 {
94  if (!hasKey(keyName)) {
95  BOOST_THROW_EXCEPTION(Error("Key `" + keyName.toUri() + "` does not exist"));
96  }
97  return doExportKey(keyName, pw, pwLen);
98 }
99 
100 void
101 BackEnd::importKey(const Name& keyName, const uint8_t* pkcs8, size_t pkcs8Len, const char* pw, size_t pwLen)
102 {
103  if (hasKey(keyName)) {
104  BOOST_THROW_EXCEPTION(Error("Key `" + keyName.toUri() + "` already exists"));
105  }
106  doImportKey(keyName, pkcs8, pkcs8Len, pw, pwLen);
107 }
108 
109 void
110 BackEnd::setKeyName(KeyHandle& keyHandle, const Name& identity, const KeyParams& params)
111 {
112  name::Component keyId;
113 
114  switch (params.getKeyIdType()) {
115  case KeyIdType::USER_SPECIFIED: {
116  keyId = params.getKeyId();
117  break;
118  }
119  case KeyIdType::SHA256: {
120  using namespace transform;
121  OBufferStream os;
122  bufferSource(*keyHandle.derivePublicKey()) >>
123  digestFilter(DigestAlgorithm::SHA256) >>
124  streamSink(os);
125  keyId = name::Component(os.buf());
126  break;
127  }
128  case KeyIdType::RANDOM: {
129  BOOST_ASSERT(!params.getKeyId().empty());
130  keyId = params.getKeyId();
131  break;
132  }
133  default: {
134  BOOST_THROW_EXCEPTION(Error("Unsupported key id type"));
135  }
136  }
137 
138  keyHandle.setKeyName(v2::constructKeyName(identity, keyId));
139 }
140 
141 bool
142 BackEnd::isTerminalMode() const
143 {
144  return true;
145 }
146 
147 void
148 BackEnd::setTerminalMode(bool isTerminal) const
149 {
150 }
151 
152 bool
153 BackEnd::isTpmLocked() const
154 {
155  return false;
156 }
157 
158 bool
159 BackEnd::unlockTpm(const char* pw, size_t pwLen) const
160 {
161  return !isTpmLocked();
162 }
163 
164 } // namespace tpm
165 } // namespace security
166 } // namespace ndn
ndn::security::tpm::KeyHandle::setKeyName
void setKeyName(const Name &keyName)
Definition: key-handle.cpp:49
ndn::name::Component::fromNumber
static Component fromNumber(uint64_t number)
Create a component encoded as nonNegativeInteger.
Definition: name-component.cpp:291
ndn
Copyright (c) 2013-2017 Regents of the University of California.
Definition: common.hpp:66
ndn::security::tpm::KeyHandle::derivePublicKey
ConstBufferPtr derivePublicKey() const
Definition: key-handle.cpp:43
ndn::security::tpm::BackEnd::createKey
unique_ptr< KeyHandle > createKey(const Name &identity, const KeyParams &params)
Create key for identity according to params.
Definition: back-end.cpp:51
ndn::random::generateSecureWord64
uint64_t generateSecureWord64()
Generate a cryptographically secure random integer from the range [0, 2^64)
Definition: random.cpp:39
ndn::security::tpm::BackEnd::setTerminalMode
virtual void setTerminalMode(bool isTerminal) const
Set the terminal mode of TPM.
Definition: back-end.cpp:148
ndn::security::tpm::BackEnd::importKey
void importKey(const Name &keyName, const uint8_t *pkcs8, size_t pkcs8Len, const char *pw, size_t pwLen)
Import a private key in encrypted PKCS #8 format.
Definition: back-end.cpp:101
ndn::security::tpm::BackEnd::deleteKey
void deleteKey(const Name &keyName)
Delete a key with name keyName.
Definition: back-end.cpp:86
ndn::security::tpm::KeyHandle
Abstraction of TPM key handle.
Definition: key-handle.hpp:38
ndn::security::tpm::BackEnd::isTpmLocked
virtual bool isTpmLocked() const
Definition: back-end.cpp:153
ndn::Name::toUri
std::string toUri() const
Get URI representation of the name.
Definition: name.cpp:122
ndn::security::tpm::BackEnd::exportKey
ConstBufferPtr exportKey(const Name &keyName, const char *pw, size_t pwLen)
Definition: back-end.cpp:92
ndn::security::tpm::BackEnd::isTerminalMode
virtual bool isTerminalMode() const
Check if TPM is in terminal mode.
Definition: back-end.cpp:142
ndn::security::tpm::BackEnd::hasKey
bool hasKey(const Name &keyName) const
Definition: back-end.cpp:39
ndn::security::transform::streamSink
unique_ptr< Sink > streamSink(std::ostream &os)
Definition: stream-sink.cpp:53
ndn::security::transform::digestFilter
unique_ptr< Transform > digestFilter(DigestAlgorithm algo)
Definition: digest-filter.cpp:78
ndn::KeyIdType::SHA256
Use the SHA256 hash of the public key as the key id.
ndn::Name
Represents an absolute name.
Definition: name.hpp:42
ndn::security::tpm::BackEnd::setKeyName
static void setKeyName(KeyHandle &keyHandle, const Name &identity, const KeyParams &params)
Set the key name in keyHandle according to identity and params.
Definition: back-end.cpp:110
ndn::security::tpm::BackEnd::unlockTpm
virtual bool unlockTpm(const char *pw, size_t pwLen) const
Unlock TPM.
Definition: back-end.cpp:159
ndn::KeyParams::getKeyIdType
KeyIdType getKeyIdType() const
Definition: key-params.hpp:58
ndn::security::tpm::BackEnd::getKeyHandle
unique_ptr< KeyHandle > getKeyHandle(const Name &keyName) const
Definition: back-end.cpp:45
ndn::name::Component
Component holds a read-only name component value.
Definition: name-component.hpp:47
ndn::OBufferStream::buf
shared_ptr< Buffer > buf()
Flush written data to the stream and return shared pointer to the underlying buffer.
Definition: buffer-stream.cpp:54
ndn::security::v2::constructKeyName
Name constructKeyName(const Name &identity, const name::Component &keyId)
Construct key name based on the appropriate naming conventions.
Definition: key.cpp:143
ndn::KeyIdType::RANDOM
Use a 64-bit random number as the key id.
ndn::KeyParams
Base class of key parameters.
Definition: key-params.hpp:35
ndn::OBufferStream
implements an output stream that constructs ndn::Buffer
Definition: buffer-stream.hpp:70
ndn::KeyIdType::USER_SPECIFIED
User-specified key ID.
ndn::KeyParams::getKeyId
const name::Component & getKeyId() const
Definition: key-params.hpp:64
ndn::ConstBufferPtr
shared_ptr< const Buffer > ConstBufferPtr
Definition: buffer.hpp:89