d4/d52/private-key_8cpp_source.html

 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
  * Copyright (c) 2013-2019 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
  * terms of the GNU Lesser General Public License as published by the Free Software
  * Foundation, either version 3 of the License, or (at your option) any later version.
  *
  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
  * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
  *
  * You should have received copies of the GNU General Public License and GNU Lesser
  * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
  * <http://www.gnu.org/licenses/>.
  *
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */

 #include "ndn-cxx/security/transform/private-key.hpp"
 #include "ndn-cxx/security/transform/base64-decode.hpp"
 #include "ndn-cxx/security/transform/base64-encode.hpp"
 #include "ndn-cxx/security/transform/buffer-source.hpp"
 #include "ndn-cxx/security/transform/stream-sink.hpp"
 #include "ndn-cxx/security/transform/stream-source.hpp"
 #include "ndn-cxx/security/impl/openssl-helper.hpp"
 #include "ndn-cxx/security/key-params.hpp"
 #include "ndn-cxx/encoding/buffer-stream.hpp"

 #include <boost/lexical_cast.hpp>
 #include <cstring>

 #define ENSURE_PRIVATE_KEY_LOADED(key) \
   do { \
     if ((key) == nullptr) \
       NDN_THROW(Error("Private key has not been loaded yet")); \
   } while (false)

 #define ENSURE_PRIVATE_KEY_NOT_LOADED(key) \
   do { \
     if ((key) != nullptr) \
       NDN_THROW(Error("Private key has already been loaded")); \
   } while (false)

 namespace ndn {
 namespace security {
 namespace transform {

 static void
 opensslInitAlgorithms()
 {
 #if OPENSSL_VERSION_NUMBER < 0x1010000fL
   static bool isInitialized = false;
   if (!isInitialized) {
     OpenSSL_add_all_algorithms();
     isInitialized = true;
   }
 #endif // OPENSSL_VERSION_NUMBER < 0x1010000fL
 }

 class PrivateKey::Impl
 {
 public:
   Impl() noexcept
     : key(nullptr)
   {
   }

   ~Impl()
   {
     EVP_PKEY_free(key);
   }

 public:
   EVP_PKEY* key;
 };

 PrivateKey::PrivateKey()
   : m_impl(make_unique<Impl>())
 {
 }

 PrivateKey::~PrivateKey() = default;

 KeyType
 PrivateKey::getKeyType() const
 {
   if (!m_impl->key)
     return KeyType::NONE;

   switch (detail::getEvpPkeyType(m_impl->key)) {
   case EVP_PKEY_RSA:
     return KeyType::RSA;
   case EVP_PKEY_EC:
     return KeyType::EC;
   default:
     return KeyType::NONE;
   }
 }

 void
 PrivateKey::loadPkcs1(const uint8_t* buf, size_t size)
 {
   ENSURE_PRIVATE_KEY_NOT_LOADED(m_impl->key);
   opensslInitAlgorithms();

   if (d2i_AutoPrivateKey(&m_impl->key, &buf, static_cast<long>(size)) == nullptr)
     NDN_THROW(Error("Failed to load private key"));
 }

 void
 PrivateKey::loadPkcs1(std::istream& is)
 {
   OBufferStream os;
   streamSource(is) >> streamSink(os);
   this->loadPkcs1(os.buf()->data(), os.buf()->size());
 }

 void
 PrivateKey::loadPkcs1Base64(const uint8_t* buf, size_t size)
 {
   OBufferStream os;
   bufferSource(buf, size) >> base64Decode() >> streamSink(os);
   this->loadPkcs1(os.buf()->data(), os.buf()->size());
 }

 void
 PrivateKey::loadPkcs1Base64(std::istream& is)
 {
   OBufferStream os;
   streamSource(is) >> base64Decode() >> streamSink(os);
   this->loadPkcs1(os.buf()->data(), os.buf()->size());
 }

 void
 PrivateKey::loadPkcs8(const uint8_t* buf, size_t size, const char* pw, size_t pwLen)
 {
   BOOST_ASSERT(std::strlen(pw) == pwLen);
   ENSURE_PRIVATE_KEY_NOT_LOADED(m_impl->key);
   opensslInitAlgorithms();

   detail::Bio membio(BIO_s_mem());
   if (!membio.write(buf, size))
     NDN_THROW(Error("Failed to copy buffer"));

   if (d2i_PKCS8PrivateKey_bio(membio, &m_impl->key, nullptr, const_cast<char*>(pw)) == nullptr)
     NDN_THROW(Error("Failed to load private key"));
 }

 static inline int
 passwordCallbackWrapper(char* buf, int size, int rwflag, void* u)
 {
   BOOST_ASSERT(size >= 0);
   auto cb = reinterpret_cast<PrivateKey::PasswordCallback*>(u);
   return (*cb)(buf, static_cast<size_t>(size), rwflag);
 }

 void
 PrivateKey::loadPkcs8(const uint8_t* buf, size_t size, PasswordCallback pwCallback)
 {
   ENSURE_PRIVATE_KEY_NOT_LOADED(m_impl->key);
   opensslInitAlgorithms();

   detail::Bio membio(BIO_s_mem());
   if (!membio.write(buf, size))
     NDN_THROW(Error("Failed to copy buffer"));

   if (pwCallback)
     m_impl->key = d2i_PKCS8PrivateKey_bio(membio, nullptr, &passwordCallbackWrapper, &pwCallback);
   else
     m_impl->key = d2i_PKCS8PrivateKey_bio(membio, nullptr, nullptr, nullptr);

   if (m_impl->key == nullptr)
     NDN_THROW(Error("Failed to load private key"));
 }

 void
 PrivateKey::loadPkcs8(std::istream& is, const char* pw, size_t pwLen)
 {
   OBufferStream os;
   streamSource(is) >> streamSink(os);
   this->loadPkcs8(os.buf()->data(), os.buf()->size(), pw, pwLen);
 }

 void
 PrivateKey::loadPkcs8(std::istream& is, PasswordCallback pwCallback)
 {
   OBufferStream os;
   streamSource(is) >> streamSink(os);
   this->loadPkcs8(os.buf()->data(), os.buf()->size(), pwCallback);
 }

 void
 PrivateKey::loadPkcs8Base64(const uint8_t* buf, size_t size, const char* pw, size_t pwLen)
 {
   OBufferStream os;
   bufferSource(buf, size) >> base64Decode() >> streamSink(os);
   this->loadPkcs8(os.buf()->data(), os.buf()->size(), pw, pwLen);
 }

 void
 PrivateKey::loadPkcs8Base64(const uint8_t* buf, size_t size, PasswordCallback pwCallback)
 {
   OBufferStream os;
   bufferSource(buf, size) >> base64Decode() >> streamSink(os);
   this->loadPkcs8(os.buf()->data(), os.buf()->size(), pwCallback);
 }

 void
 PrivateKey::loadPkcs8Base64(std::istream& is, const char* pw, size_t pwLen)
 {
   OBufferStream os;
   streamSource(is) >> base64Decode() >> streamSink(os);
   this->loadPkcs8(os.buf()->data(), os.buf()->size(), pw, pwLen);
 }

 void
 PrivateKey::loadPkcs8Base64(std::istream& is, PasswordCallback pwCallback)
 {
   OBufferStream os;
   streamSource(is) >> base64Decode() >> streamSink(os);
   this->loadPkcs8(os.buf()->data(), os.buf()->size(), pwCallback);
 }

 void
 PrivateKey::savePkcs1(std::ostream& os) const
 {
   bufferSource(*this->toPkcs1()) >> streamSink(os);
 }

 void
 PrivateKey::savePkcs1Base64(std::ostream& os) const
 {
   bufferSource(*this->toPkcs1()) >> base64Encode() >> streamSink(os);
 }

 void
 PrivateKey::savePkcs8(std::ostream& os, const char* pw, size_t pwLen) const
 {
   bufferSource(*this->toPkcs8(pw, pwLen)) >> streamSink(os);
 }

 void
 PrivateKey::savePkcs8(std::ostream& os, PasswordCallback pwCallback) const
 {
   bufferSource(*this->toPkcs8(pwCallback)) >> streamSink(os);
 }

 void
 PrivateKey::savePkcs8Base64(std::ostream& os, const char* pw, size_t pwLen) const
 {
   bufferSource(*this->toPkcs8(pw, pwLen)) >> base64Encode() >> streamSink(os);
 }

 void
 PrivateKey::savePkcs8Base64(std::ostream& os, PasswordCallback pwCallback) const
 {
   bufferSource(*this->toPkcs8(pwCallback)) >> base64Encode() >> streamSink(os);
 }

 ConstBufferPtr
 PrivateKey::derivePublicKey() const
 {
   ENSURE_PRIVATE_KEY_LOADED(m_impl->key);

   uint8_t* pkcs8 = nullptr;
   int len = i2d_PUBKEY(m_impl->key, &pkcs8);
   if (len < 0)
     NDN_THROW(Error("Failed to derive public key"));

   auto result = make_shared<Buffer>(pkcs8, len);
   OPENSSL_free(pkcs8);

   return result;
 }

 ConstBufferPtr
 PrivateKey::decrypt(const uint8_t* cipherText, size_t cipherLen) const
 {
   ENSURE_PRIVATE_KEY_LOADED(m_impl->key);

   int keyType = detail::getEvpPkeyType(m_impl->key);
   switch (keyType) {
     case EVP_PKEY_NONE:
       NDN_THROW(Error("Failed to determine key type"));
     case EVP_PKEY_RSA:
       return rsaDecrypt(cipherText, cipherLen);
     default:
       NDN_THROW(Error("Decryption is not supported for key type " + to_string(keyType)));
   }
 }

 void*
 PrivateKey::getEvpPkey() const
 {
   return m_impl->key;
 }

 ConstBufferPtr
 PrivateKey::toPkcs1() const
 {
   ENSURE_PRIVATE_KEY_LOADED(m_impl->key);
   opensslInitAlgorithms();

   detail::Bio membio(BIO_s_mem());
   if (!i2d_PrivateKey_bio(membio, m_impl->key))
     NDN_THROW(Error("Cannot convert key to PKCS #1 format"));

   auto buffer = make_shared<Buffer>(BIO_pending(membio));
   membio.read(buffer->data(), buffer->size());

   return buffer;
 }

 ConstBufferPtr
 PrivateKey::toPkcs8(const char* pw, size_t pwLen) const
 {
   BOOST_ASSERT(std::strlen(pw) == pwLen);
   ENSURE_PRIVATE_KEY_LOADED(m_impl->key);
   opensslInitAlgorithms();

   detail::Bio membio(BIO_s_mem());
   if (!i2d_PKCS8PrivateKey_bio(membio, m_impl->key, EVP_aes_256_cbc(), nullptr, 0,
                                nullptr, const_cast<char*>(pw)))
     NDN_THROW(Error("Cannot convert key to PKCS #8 format"));

   auto buffer = make_shared<Buffer>(BIO_pending(membio));
   membio.read(buffer->data(), buffer->size());

   return buffer;
 }

 ConstBufferPtr
 PrivateKey::toPkcs8(PasswordCallback pwCallback) const
 {
   ENSURE_PRIVATE_KEY_LOADED(m_impl->key);
   opensslInitAlgorithms();

   detail::Bio membio(BIO_s_mem());
   if (!i2d_PKCS8PrivateKey_bio(membio, m_impl->key, EVP_aes_256_cbc(), nullptr, 0,
                                &passwordCallbackWrapper, &pwCallback))
     NDN_THROW(Error("Cannot convert key to PKCS #8 format"));

   auto buffer = make_shared<Buffer>(BIO_pending(membio));
   membio.read(buffer->data(), buffer->size());

   return buffer;
 }

 ConstBufferPtr
 PrivateKey::rsaDecrypt(const uint8_t* cipherText, size_t cipherLen) const
 {
   detail::EvpPkeyCtx ctx(m_impl->key);

   if (EVP_PKEY_decrypt_init(ctx) <= 0)
     NDN_THROW(Error("Failed to initialize decryption context"));

   if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0)
     NDN_THROW(Error("Failed to set padding"));

   size_t outlen = 0;
   // Determine buffer length
   if (EVP_PKEY_decrypt(ctx, nullptr, &outlen, cipherText, cipherLen) <= 0)
     NDN_THROW(Error("Failed to estimate output length"));

   auto out = make_shared<Buffer>(outlen);
   if (EVP_PKEY_decrypt(ctx, out->data(), &outlen, cipherText, cipherLen) <= 0)
     NDN_THROW(Error("Failed to decrypt ciphertext"));

   out->resize(outlen);
   return out;
 }

 unique_ptr<PrivateKey>
 PrivateKey::generateRsaKey(uint32_t keySize)
 {
   detail::EvpPkeyCtx kctx(EVP_PKEY_RSA);

   if (EVP_PKEY_keygen_init(kctx) <= 0)
     NDN_THROW(PrivateKey::Error("Failed to initialize RSA keygen context"));

   if (EVP_PKEY_CTX_set_rsa_keygen_bits(kctx, static_cast<int>(keySize)) <= 0)
     NDN_THROW(PrivateKey::Error("Failed to set RSA key length"));

   auto privateKey = make_unique<PrivateKey>();
   if (EVP_PKEY_keygen(kctx, &privateKey->m_impl->key) <= 0)
     NDN_THROW(PrivateKey::Error("Failed to generate RSA key"));

   return privateKey;
 }

 unique_ptr<PrivateKey>
 PrivateKey::generateEcKey(uint32_t keySize)
 {
   detail::EvpPkeyCtx pctx(EVP_PKEY_EC);

   if (EVP_PKEY_paramgen_init(pctx) <= 0)
     NDN_THROW(PrivateKey::Error("Failed to initialize EC paramgen context"));

   int ret;
   switch (keySize) {
   case 224:
     ret = EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_secp224r1);
     break;
   case 256:
     ret = EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_X9_62_prime256v1); // same as secp256r1
     break;
   case 384:
     ret = EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_secp384r1);
     break;
   case 521:
     ret = EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_secp521r1);
     break;
   default:
     NDN_THROW(std::invalid_argument("Unsupported EC key length " + to_string(keySize)));
   }
   if (ret <= 0)
     NDN_THROW(PrivateKey::Error("Failed to set EC curve"));

   Impl params;
   if (EVP_PKEY_paramgen(pctx, &params.key) <= 0)
     NDN_THROW(PrivateKey::Error("Failed to generate EC parameters"));

   detail::EvpPkeyCtx kctx(params.key);
   if (EVP_PKEY_keygen_init(kctx) <= 0)
     NDN_THROW(PrivateKey::Error("Failed to initialize EC keygen context"));

   auto privateKey = make_unique<PrivateKey>();
   if (EVP_PKEY_keygen(kctx, &privateKey->m_impl->key) <= 0)
     NDN_THROW(PrivateKey::Error("Failed to generate EC key"));

   return privateKey;
 }

 unique_ptr<PrivateKey>
 generatePrivateKey(const KeyParams& keyParams)
 {
   switch (keyParams.getKeyType()) {
     case KeyType::RSA: {
       const RsaKeyParams& rsaParams = static_cast<const RsaKeyParams&>(keyParams);
       return PrivateKey::generateRsaKey(rsaParams.getKeySize());
     }
     case KeyType::EC: {
       const EcKeyParams& ecParams = static_cast<const EcKeyParams&>(keyParams);
       return PrivateKey::generateEcKey(ecParams.getKeySize());
     }
     default:
       NDN_THROW(std::invalid_argument("Unsupported asymmetric key type " +
                                       boost::lexical_cast<std::string>(keyParams.getKeyType())));
   }
 }

 } // namespace transform
 } // namespace security
 } // namespace ndn
ndn
Definition: data.cpp:26

ndn::KeyType::NONE
Unknown key type.

ndn::security::transform::PrivateKey::loadPkcs8
void loadPkcs8(const uint8_t *buf, size_t size, const char *pw, size_t pwLen)
Load the private key in encrypted PKCS#8 format from a buffer buf with passphrase pw...
Definition: private-key.cpp:138

ndn::security::transform::PrivateKey::loadPkcs1Base64
void loadPkcs1Base64(const uint8_t *buf, size_t size)
Load the private key in base64-encoded PKCS#1 format from a buffer buf.
Definition: private-key.cpp:122

ndn::security::transform::PrivateKey::PasswordCallback
function< int(char *buf, size_t bufSize, bool shouldConfirm)> PasswordCallback
Callback for application to handle password input.
Definition: private-key.hpp:55

ENSURE_PRIVATE_KEY_NOT_LOADED
#define ENSURE_PRIVATE_KEY_NOT_LOADED(key)
Definition: private-key.cpp:41

stream-source.hpp

ndn::KeyParams::getKeyType
KeyType getKeyType() const
Definition: key-params.hpp:48

ndn::SimplePublicKeyParams::getKeySize
uint32_t getKeySize() const
Definition: key-params.hpp:176

ndn::security::transform::PrivateKey::loadPkcs1
void loadPkcs1(const uint8_t *buf, size_t size)
Load the private key in PKCS#1 format from a buffer buf.
Definition: private-key.cpp:104

ndn::security::transform::base64Decode
unique_ptr< Transform > base64Decode(bool expectNewlineEvery64Bytes)
Definition: base64-decode.cpp:129

ndn::KeyType::RSA
RSA key, supports sign/verify and encrypt/decrypt operations.

ndn::security::transform::PrivateKey::savePkcs1Base64
void savePkcs1Base64(std::ostream &os) const
Save the private key in base64-encoded PKCS#1 format into a stream os.
Definition: private-key.cpp:234

key-params.hpp

ndn::security::transform::passwordCallbackWrapper
static int passwordCallbackWrapper(char *buf, int size, int rwflag, void *u)
Definition: private-key.cpp:153

private-key.hpp

ENSURE_PRIVATE_KEY_LOADED
#define ENSURE_PRIVATE_KEY_LOADED(key)
Definition: private-key.cpp:35

ndn::security::transform::PrivateKey::savePkcs8
void savePkcs8(std::ostream &os, const char *pw, size_t pwLen) const
Save the private key in encrypted PKCS#8 format into a stream os.
Definition: private-key.cpp:240

NDN_THROW
#define NDN_THROW(e)
Definition: exception.hpp:61

ndn::security::transform::PrivateKey::PrivateKey
PrivateKey()
Create an empty private key instance.
Definition: private-key.cpp:80

ndn::KeyType
KeyType
The type of a cryptographic key.
Definition: security-common.hpp:85

ndn::security::transform::PrivateKey::loadPkcs8Base64
void loadPkcs8Base64(const uint8_t *buf, size_t size, const char *pw, size_t pwLen)
Load the private key in base64-encoded encrypted PKCS#8 format from a buffer buf with passphrase pw...
Definition: private-key.cpp:196

stream-sink.hpp

buffer-source.hpp

ndn::security::transform::PrivateKey::derivePublicKey
ConstBufferPtr derivePublicKey() const
Definition: private-key.cpp:264

ndn::security::transform::PrivateKey::~PrivateKey
~PrivateKey()

ndn::security::transform::PrivateKey::getKeyType
KeyType getKeyType() const
Get the type of the private key.
Definition: private-key.cpp:88

ndn::security::transform::PrivateKey::savePkcs1
void savePkcs1(std::ostream &os) const
Save the private key in PKCS#1 format into a stream os.
Definition: private-key.cpp:228

ndn::security::transform::streamSink
unique_ptr< Sink > streamSink(std::ostream &os)
Definition: stream-sink.cpp:53

ndn::security::transform::bufferSource
BufferSource bufferSource
Definition: buffer-source.hpp:73

ndn::KeyType::EC
Elliptic Curve key (e.g. for ECDSA), supports sign/verify operations.

base64-encode.hpp

transform

ndn::security::transform::opensslInitAlgorithms
static void opensslInitAlgorithms()
Definition: private-key.cpp:52

ndn::OBufferStream::buf
shared_ptr< Buffer > buf()
Flush written data to the stream and return shared pointer to the underlying buffer.
Definition: buffer-stream.cpp:54

ndn::security::transform::PrivateKey::Error
Definition: private-key.hpp:41

ndn::security::transform::PrivateKey::generatePrivateKey
friend unique_ptr< PrivateKey > generatePrivateKey(const KeyParams &)
Generate a private key according to keyParams.
Definition: private-key.cpp:438

ndn::KeyParams
Base class of key parameters.
Definition: key-params.hpp:35

ndn::security::transform::PrivateKey::decrypt
ConstBufferPtr decrypt(const uint8_t *cipherText, size_t cipherLen) const
Definition: private-key.cpp:280

ndn::OBufferStream
implements an output stream that constructs ndn::Buffer
Definition: buffer-stream.hpp:70

ndn::to_string
std::string to_string(const V &v)
Definition: backports.hpp:67

ndn::security::transform::PrivateKey::savePkcs8Base64
void savePkcs8Base64(std::ostream &os, const char *pw, size_t pwLen) const
Save the private key in base64-encoded encrypted PKCS#8 format into a stream os.
Definition: private-key.cpp:252

ndn::SimplePublicKeyParams
SimplePublicKeyParams is a template for public keys with only one parameter: size.
Definition: key-params.hpp:149

buffer-stream.hpp

ndn::security::transform::streamSource
StreamSource streamSource
Definition: stream-source.hpp:62

base64-decode.hpp

ndn::ConstBufferPtr
shared_ptr< const Buffer > ConstBufferPtr
Definition: buffer.hpp:126

ndn::security::transform::base64Encode
unique_ptr< Transform > base64Encode(bool needBreak)
Definition: base64-encode.cpp:129