26 #include "../encoding/oid.hpp" 27 #include "../encoding/buffer-stream.hpp" 36 : m_location(location)
55 uint8_t salt[8] = {0};
60 BOOST_THROW_EXCEPTION(
Error(
"Cannot generate salt or iv"));
62 uint32_t iterationCount = 2048;
64 PKCS5_PBKDF2_HMAC<SHA1> keyGenerator;
65 size_t derivedLen = 24;
66 byte derived[24] = {0};
71 keyGenerator.DeriveKey(derived, derivedLen, purpose,
72 reinterpret_cast<const byte*>(passwordStr.c_str()), passwordStr.size(),
73 salt, 8, iterationCount);
75 catch (CryptoPP::Exception& e)
77 BOOST_THROW_EXCEPTION(
Error(
"Cannot derived the encryption key"));
81 CBC_Mode< DES_EDE3 >::Encryption e;
82 e.SetKeyWithIV(derived, derivedLen, iv);
86 if (!static_cast<bool>(pkcs8PrivateKey))
87 BOOST_THROW_EXCEPTION(
Error(
"Cannot export the private key, #1"));
92 StringSource stringSource(pkcs8PrivateKey->buf(), pkcs8PrivateKey->size(),
true,
93 new StreamTransformationFilter(e,
new FileSink(encryptedOs)));
95 catch (CryptoPP::Exception& e)
97 BOOST_THROW_EXCEPTION(
Error(
"Cannot export the private key, #2"));
101 OID pbes2Id(
"1.2.840.113549.1.5.13");
102 OID pbkdf2Id(
"1.2.840.113549.1.5.12");
103 OID pbes2encsId(
"1.2.840.113549.3.7");
108 FileSink sink(pkcs8Os);
113 DERSequenceEncoder encryptedPrivateKeyInfo(sink);
118 DERSequenceEncoder encryptionAlgorithm(encryptedPrivateKeyInfo);
120 pbes2Id.
encode(encryptionAlgorithm);
124 DERSequenceEncoder pbes2Params(encryptionAlgorithm);
129 DERSequenceEncoder pbes2KDFs(pbes2Params);
131 pbkdf2Id.
encode(pbes2KDFs);
137 DERSequenceEncoder pbkdf2Params(pbes2KDFs);
139 DEREncodeOctetString(pbkdf2Params, salt, 8);
140 DEREncodeUnsigned<uint32_t>(pbkdf2Params, iterationCount, INTEGER);
142 pbkdf2Params.MessageEnd();
144 pbes2KDFs.MessageEnd();
149 DERSequenceEncoder pbes2Encs(pbes2Params);
151 pbes2encsId.
encode(pbes2Encs);
152 DEREncodeOctetString(pbes2Encs, iv, 8);
154 pbes2Encs.MessageEnd();
156 pbes2Params.MessageEnd();
158 encryptionAlgorithm.MessageEnd();
160 DEREncodeOctetString(encryptedPrivateKeyInfo,
161 encryptedOs.
buf()->buf(), encryptedOs.
buf()->size());
163 encryptedPrivateKeyInfo.MessageEnd();
165 return pkcs8Os.
buf();
167 catch (CryptoPP::Exception& e)
169 BOOST_THROW_EXCEPTION(
Error(
"Cannot export the private key, #3"));
175 const uint8_t* buf,
size_t size,
176 const string& passwordStr)
182 SecByteBlock saltBlock;
183 uint32_t iterationCount;
185 SecByteBlock ivBlock;
186 SecByteBlock encryptedDataBlock;
192 StringSource source(buf, size,
true);
197 BERSequenceDecoder encryptedPrivateKeyInfo(source);
202 BERSequenceDecoder encryptionAlgorithm(encryptedPrivateKeyInfo);
204 pbes2Id.
decode(encryptionAlgorithm);
208 BERSequenceDecoder pbes2Params(encryptionAlgorithm);
213 BERSequenceDecoder pbes2KDFs(pbes2Params);
215 pbkdf2Id.
decode(pbes2KDFs);
221 BERSequenceDecoder pbkdf2Params(pbes2KDFs);
223 BERDecodeOctetString(pbkdf2Params, saltBlock);
224 BERDecodeUnsigned<uint32_t>(pbkdf2Params, iterationCount, INTEGER);
226 pbkdf2Params.MessageEnd();
228 pbes2KDFs.MessageEnd();
233 BERSequenceDecoder pbes2Encs(pbes2Params);
235 pbes2encsId.
decode(pbes2Encs);
236 BERDecodeOctetString(pbes2Encs, ivBlock);
238 pbes2Encs.MessageEnd();
240 pbes2Params.MessageEnd();
242 encryptionAlgorithm.MessageEnd();
244 BERDecodeOctetString(encryptedPrivateKeyInfo, encryptedDataBlock);
246 encryptedPrivateKeyInfo.MessageEnd();
248 catch (CryptoPP::Exception& e)
253 PKCS5_PBKDF2_HMAC<SHA1> keyGenerator;
254 size_t derivedLen = 24;
255 byte derived[24] = {0};
260 keyGenerator.DeriveKey(derived, derivedLen,
262 reinterpret_cast<const byte*>(passwordStr.c_str()), passwordStr.size(),
263 saltBlock.BytePtr(), saltBlock.size(),
266 catch (CryptoPP::Exception& e)
272 CBC_Mode< DES_EDE3 >::Decryption d;
273 d.SetKeyWithIV(derived, derivedLen, ivBlock.BytePtr());
278 StringSource encryptedSource(encryptedDataBlock.BytePtr(), encryptedDataBlock.size(),
true,
279 new StreamTransformationFilter(d,
new FileSink(privateKeyOs)));
281 catch (CryptoPP::Exception& e)
287 privateKeyOs.
buf()->buf(), privateKeyOs.
buf()->size()))
291 StringSource privateKeySource(privateKeyOs.
buf()->buf(), privateKeyOs.
buf()->size(),
true);
294 SecByteBlock rawKeyBits;
299 BERSequenceDecoder privateKeyInfo(privateKeySource);
302 BERDecodeUnsigned<uint32_t>(privateKeyInfo, versionNum, INTEGER);
303 BERSequenceDecoder sequenceDecoder(privateKeyInfo);
306 keyTypeOID.
decode(sequenceDecoder);
321 switch (publicKeyType) {
324 RSA::PrivateKey privateKey;
325 privateKey.Load(StringStore(privateKeyOs.
buf()->buf(), privateKeyOs.
buf()->size()).Ref());
326 RSAFunction publicKey(privateKey);
328 FileSink publicKeySink(publicKeyOs);
329 publicKey.DEREncode(publicKeySink);
330 publicKeySink.MessageEnd();
335 ECDSA<ECP, SHA256>::PrivateKey privateKey;
336 privateKey.Load(StringStore(privateKeyOs.
buf()->buf(), privateKeyOs.
buf()->size()).Ref());
338 ECDSA<ECP, SHA256>::PublicKey publicKey;
339 privateKey.MakePublicKey(publicKey);
340 publicKey.AccessGroupParameters().SetEncodeAsOID(
true);
342 FileSink publicKeySink(publicKeyOs);
343 publicKey.DEREncode(publicKeySink);
344 publicKeySink.MessageEnd();
351 catch (CryptoPP::Exception& e) {
364 bool isInitialized =
false;
366 #ifdef NDN_CXX_HAVE_GETPASS 369 pw0 = getpass(prompt.c_str());
372 std::string password1 = pw0;
373 memset(pw0, 0, strlen(pw0));
375 pw0 = getpass(
"Confirm:");
378 std::fill(password1.begin(), password1.end(), 0);
382 if (0 == password1.compare(pw0))
384 isInitialized =
true;
385 password.swap(password1);
388 std::fill(password1.begin(), password1.end(), 0);
389 memset(pw0, 0, strlen(pw0));
391 if (password.empty())
394 #endif // NDN_CXX_HAVE_GETPASS 396 return isInitialized;
Copyright (c) 2011-2015 Regents of the University of California.
virtual ConstBufferPtr exportPrivateKeyPkcs8FromTpm(const Name &keyName)=0
Export a private key in PKCS#8 format.
std::string getTpmLocator()
Copyright (c) 2013-2014 Regents of the University of California.
void encode(CryptoPP::BufferedTransformation &out) const
virtual bool importPublicKeyPkcs1IntoTpm(const Name &keyName, const uint8_t *buffer, size_t bufferSize)=0
Import a public key in PKCS#1 formatted buffer of size bufferSize.
shared_ptr< Buffer > buf()
Flush written data to the stream and return shared pointer to the underlying buffer.
void decode(CryptoPP::BufferedTransformation &in)
virtual bool generateRandomBlock(uint8_t *res, size_t size)=0
Generate a random block.
ConstBufferPtr exportPrivateKeyPkcs5FromTpm(const Name &keyName, const std::string &password)
Export a private key in PKCS#5 format.
Name abstraction to represent an absolute name.
bool importPrivateKeyPkcs5IntoTpm(const Name &keyName, const uint8_t *buffer, size_t bufferSize, const std::string &password)
Import a private key in PKCS#5 formatted buffer of size bufferSize.
virtual bool getImpExpPassWord(std::string &password, const std::string &prompt)
Get import/export password.
Class implementing interface similar to ostringstream, but to construct ndn::Buffer.
virtual bool importPrivateKeyPkcs8IntoTpm(const Name &keyName, const uint8_t *buffer, size_t bufferSize)=0
Import a private key from PKCS#8 formatted buffer of size bufferSize.
shared_ptr< const Buffer > ConstBufferPtr
const OID ECDSA("1.2.840.10045.2.1")
virtual std::string getScheme()=0
const OID RSA("1.2.840.113549.1.1.1")
SecTpm(const std::string &location)