28 #include "../../encoding/buffer-stream.hpp" 30 #include <boost/filesystem.hpp> 31 #include <boost/algorithm/string.hpp> 35 #include <sys/types.h> 45 using std::ostringstream;
50 class SecTpmFile::Impl
54 Impl(
const string& dir)
56 boost::filesystem::path actualDir;
58 #ifdef NDN_CXX_HAVE_TESTS 59 if (getenv(
"TEST_HOME") !=
nullptr) {
60 actualDir = boost::filesystem::path(getenv(
"TEST_HOME")) /
".ndn";
63 #endif // NDN_CXX_HAVE_TESTS 64 if (getenv(
"HOME") !=
nullptr) {
65 actualDir = boost::filesystem::path(getenv(
"HOME")) /
".ndn";
68 actualDir = boost::filesystem::path(
".") /
".ndn";
72 actualDir = boost::filesystem::path(dir);
75 m_keystorePath = actualDir /
"ndnsec-tpm-file";
76 boost::filesystem::create_directories(m_keystorePath);
79 boost::filesystem::path
80 transformName(
const string& keyName,
const string& extension)
85 StringSource src(keyName,
88 new Base64Encoder(
new CryptoPP::StringSink(digest))));
90 boost::algorithm::trim(digest);
91 std::replace(digest.begin(), digest.end(),
'/',
'%');
93 return m_keystorePath / (digest + extension);
97 maintainMapping(
const string& keyName)
99 string keyFileName = transformName(keyName,
"").string();
102 string dirFile = (m_keystorePath /
"mapping.txt").
string();
104 outfile.open(dirFile.c_str(), std::ios_base::app);
105 outfile << keyName <<
' ' << keyFileName <<
'\n';
112 boost::filesystem::path m_keystorePath;
118 , m_impl(new Impl(location))
119 , m_inTerminal(false)
130 string keyURI = keyName.
toUri();
133 BOOST_THROW_EXCEPTION(
Error(
"public key exists"));
135 BOOST_THROW_EXCEPTION(
Error(
"private key exists"));
137 string keyFileName = m_impl->maintainMapping(keyURI);
145 AutoSeededRandomPool rng;
146 InvertibleRSAFunction privateKey;
147 privateKey.Initialize(rng, rsaParams.
getKeySize());
149 string privateKeyFileName = keyFileName +
".pri";
150 Base64Encoder privateKeySink(
new FileSink(privateKeyFileName.c_str()));
151 privateKey.DEREncode(privateKeySink);
152 privateKeySink.MessageEnd();
154 RSAFunction publicKey(privateKey);
155 string publicKeyFileName = keyFileName +
".pub";
156 Base64Encoder publicKeySink(
new FileSink(publicKeyFileName.c_str()));
157 publicKey.DEREncode(publicKeySink);
158 publicKeySink.MessageEnd();
161 chmod(privateKeyFileName.c_str(), 0000400);
162 chmod(publicKeyFileName.c_str(), 0000444);
171 CryptoPP::OID curveName;
174 curveName = ASN1::secp256r1();
177 curveName = ASN1::secp384r1();
180 curveName = ASN1::secp256r1();
184 AutoSeededRandomPool rng;
186 ECDSA<ECP, SHA256>::PrivateKey privateKey;
187 DL_GroupParameters_EC<ECP> cryptoParams(curveName);
188 cryptoParams.SetEncodeAsOID(
true);
189 privateKey.Initialize(rng, cryptoParams);
191 ECDSA<ECP, SHA256>::PublicKey publicKey;
192 privateKey.MakePublicKey(publicKey);
193 publicKey.AccessGroupParameters().SetEncodeAsOID(
true);
195 string privateKeyFileName = keyFileName +
".pri";
196 Base64Encoder privateKeySink(
new FileSink(privateKeyFileName.c_str()));
197 privateKey.DEREncode(privateKeySink);
198 privateKeySink.MessageEnd();
200 string publicKeyFileName = keyFileName +
".pub";
201 Base64Encoder publicKeySink(
new FileSink(publicKeyFileName.c_str()));
202 publicKey.Save(publicKeySink);
203 publicKeySink.MessageEnd();
206 chmod(privateKeyFileName.c_str(), 0000400);
207 chmod(publicKeyFileName.c_str(), 0000444);
212 BOOST_THROW_EXCEPTION(
Error(
"Unsupported key type"));
216 BOOST_THROW_EXCEPTION(
Error(e.what()));
218 catch (
const CryptoPP::Exception& e) {
219 BOOST_THROW_EXCEPTION(
Error(e.what()));
226 boost::filesystem::path publicKeyPath(m_impl->transformName(keyName.
toUri(),
".pub"));
227 boost::filesystem::path privateKeyPath(m_impl->transformName(keyName.
toUri(),
".pri"));
229 if (boost::filesystem::exists(publicKeyPath))
230 boost::filesystem::remove(publicKeyPath);
232 if (boost::filesystem::exists(privateKeyPath))
233 boost::filesystem::remove(privateKeyPath);
236 shared_ptr<PublicKey>
239 string keyURI = keyName.
toUri();
242 BOOST_THROW_EXCEPTION(
Error(
"Public Key does not exist"));
247 FileSource(m_impl->transformName(keyURI,
".pub").string().c_str(),
249 new Base64Decoder(
new FileSink(os)));
251 catch (
const CryptoPP::Exception& e) {
252 BOOST_THROW_EXCEPTION(
Error(e.what()));
255 return make_shared<PublicKey>(
reinterpret_cast<const uint8_t*
>(os.str().c_str()),
269 CryptoPP::FileSource(m_impl->transformName(keyName.
toUri(),
".pri").
string().c_str(),
true,
270 new CryptoPP::Base64Decoder(
new CryptoPP::FileSink(privateKeyOs)));
272 return privateKeyOs.
buf();
281 string keyFileName = m_impl->maintainMapping(keyName.
toUri());
282 keyFileName.append(
".pri");
283 StringSource(buf, size,
285 new Base64Encoder(
new FileSink(keyFileName.c_str())));
288 catch (
const CryptoPP::Exception& e) {
299 string keyFileName = m_impl->maintainMapping(keyName.
toUri());
300 keyFileName.append(
".pub");
301 StringSource(buf, size,
303 new Base64Encoder(
new FileSink(keyFileName.c_str())));
306 catch (
const CryptoPP::Exception& e) {
315 string keyURI = keyName.
toUri();
318 BOOST_THROW_EXCEPTION(
Error(
"private key doesn't exist"));
322 AutoSeededRandomPool rng;
325 shared_ptr<PublicKey> pubkeyPtr;
328 switch (pubkeyPtr->getKeyType()) {
332 FileSource file(m_impl->transformName(keyURI,
".pri").string().c_str(),
333 true,
new Base64Decoder);
334 file.TransferTo(bytes);
336 RSA::PrivateKey privateKey;
337 privateKey.Load(bytes);
340 switch (digestAlgorithm) {
342 RSASS<PKCS1v15, SHA256>::Signer signer(privateKey);
345 StringSource(data, dataLength,
347 new SignerFilter(rng, signer,
new FileSink(os)));
353 BOOST_THROW_EXCEPTION(
Error(
"Unsupported digest algorithm"));
360 FileSource file(m_impl->transformName(keyURI,
".pri").string().c_str(),
361 true,
new Base64Decoder);
362 file.TransferTo(bytes);
366 switch (digestAlgorithm) {
368 ECDSA<ECP, SHA256>::PrivateKey privateKey;
369 privateKey.Load(bytes);
370 ECDSA<ECP, SHA256>::Signer signer(privateKey);
373 StringSource(data, dataLength,
375 new SignerFilter(rng, signer,
new FileSink(os)));
378 size_t bufSize = DSAConvertSignatureFormat(buf,
sizeof(buf), DSA_DER,
379 os.
buf()->buf(), os.
buf()->size(),
382 shared_ptr<Buffer> sigBuffer = make_shared<Buffer>(buf, bufSize);
388 BOOST_THROW_EXCEPTION(
Error(
"Unsupported digest algorithm"));
393 BOOST_THROW_EXCEPTION(
Error(
"Unsupported key type"));
396 catch (
const CryptoPP::Exception& e) {
397 BOOST_THROW_EXCEPTION(
Error(e.what()));
404 const Name& keyName,
bool isSymmetric)
406 BOOST_THROW_EXCEPTION(
Error(
"SecTpmFile::decryptInTpm is not supported"));
467 const Name& keyName,
bool isSymmetric)
469 BOOST_THROW_EXCEPTION(
Error(
"SecTpmFile::encryptInTpm is not supported"));
530 BOOST_THROW_EXCEPTION(
Error(
"SecTpmFile::generateSymmetricKeyInTpm is not supported"));
565 string keyURI = keyName.
toUri();
567 return boost::filesystem::exists(m_impl->transformName(keyURI,
".pub"));
570 return boost::filesystem::exists(m_impl->transformName(keyURI,
".pri"));
573 return boost::filesystem::exists(m_impl->transformName(keyURI,
".key"));
582 CryptoPP::AutoSeededRandomPool rng;
583 rng.GenerateBlock(res, size);
586 catch (
const CryptoPP::Exception& e) {
Copyright (c) 2013-2017 Regents of the University of California.
virtual ConstBufferPtr decryptInTpm(const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric)
Decrypt data.
Copyright (c) 2013-2017 Regents of the University of California.
virtual ConstBufferPtr exportPrivateKeyPkcs8FromTpm(const Name &keyName)
Export a private key in PKCS#8 format.
KeyType getKeyType() const
uint32_t getKeySize() const
virtual void generateSymmetricKeyInTpm(const Name &keyName, const KeyParams ¶ms)
Generate a symmetric key.
virtual shared_ptr< PublicKey > getPublicKeyFromTpm(const Name &keyName)
Get a public key.
Represents a TLV element of NDN packet format.
virtual Block signInTpm(const uint8_t *data, size_t dataLength, const Name &keyName, DigestAlgorithm digestAlgorithm)
Sign data.
virtual bool importPublicKeyPkcs1IntoTpm(const Name &keyName, const uint8_t *buf, size_t size)
Import a public key in PKCS#1 formatted buffer of size bufferSize.
std::string toUri() const
Get URI representation of the name.
virtual bool importPrivateKeyPkcs8IntoTpm(const Name &keyName, const uint8_t *buf, size_t size)
Import a private key from PKCS#8 formatted buffer of size bufferSize.
virtual bool doesKeyExistInTpm(const Name &keyName, KeyClass keyClass)
Check if a particular key exists.
static const std::string SCHEME
Use the SHA256 hash of the public key as the key id.
Represents an absolute name.
virtual void generateKeyPairInTpm(const Name &keyName, const KeyParams ¶ms)
Generate a pair of asymmetric keys.
virtual bool generateRandomBlock(uint8_t *res, size_t size)
Generate a random block.
shared_ptr< Buffer > buf()
Flush written data to the stream and return shared pointer to the underlying buffer.
virtual ConstBufferPtr encryptInTpm(const uint8_t *data, size_t dataLength, const Name &keyName, bool isSymmetric)
Encrypt data.
SecTpm is the base class of the TPM classes.
virtual std::string getScheme()
SecTpmFile(const std::string &dir="")
Base class of key parameters.
virtual void deleteKeyPairInTpm(const Name &keyName)
Delete a key pair of asymmetric keys.
implements an output stream that constructs ndn::Buffer
shared_ptr< const Buffer > ConstBufferPtr
SimplePublicKeyParams is a template for public keys with only one parameter: size.