void SPX::Initialize(bool Encryption, const KeyParams &KeyParam) { if (KeyParam.Key().size() != 16 && KeyParam.Key().size() != 24 && KeyParam.Key().size() != 32 && KeyParam.Key().size() != 64) throw CryptoSymmetricCipherException("SPX:Initialize", "Invalid key size! Valid sizes are 16, 24, 32 and 64 bytes."); _isEncryption = Encryption; ExpandKey(KeyParam.Key()); }
Name IdentityManager::generateKeyPair (const Name& identityName, bool isKsk, const KeyParams& params) { Name keyName = identityStorage_->getNewKeyName(identityName, isKsk); privateKeyStorage_->generateKeyPair(keyName, params); ptr_lib::shared_ptr<PublicKey> pubKey = privateKeyStorage_->getPublicKey(keyName); identityStorage_->addKey(keyName, params.getKeyType(), pubKey->getKeyDer()); return keyName; }
void RHX::Initialize(bool Encryption, const KeyParams &KeyParam) { uint dgtsze = GetIkmSize(m_kdfEngineType); #if defined(DEBUGASSERT_ENABLED) assert(KeyParam.Key().size() >= m_legalKeySizes[0] && KeyParam.Key().size() <= m_legalKeySizes[m_legalKeySizes.size() - 1]); if (dgtsze != 0) assert(KeyParam.Key().size() % dgtsze == 0); assert(KeyParam.Key().size() >= m_ikmSize); #endif #if defined(CPPEXCEPTIONS_ENABLED) std::string msg = "Invalid key size! Key must be either 16, 24, 32, 64 bytes or, a multiple of the hkdf hash output size."; if (KeyParam.Key().size() < m_legalKeySizes[0]) throw CryptoSymmetricCipherException("RHX:Initialize", msg); if (dgtsze != 0 && KeyParam.Key().size() > m_legalKeySizes[3] && (KeyParam.Key().size() % dgtsze) != 0) throw CryptoSymmetricCipherException("RHX:Initialize", msg); for (size_t i = 0; i < m_legalKeySizes.size(); ++i) { if (KeyParam.Key().size() == m_legalKeySizes[i]) break; if (i == m_legalKeySizes.size() - 1) throw CryptoSymmetricCipherException("RHX:Initialize", msg); } if (m_kdfEngineType != Digests::None) { if (KeyParam.Key().size() < m_ikmSize) throw CryptoSymmetricCipherException("RHX:Initialize", "Invalid key! HKDF extended mode requires key be at least hash output size."); } #endif if (m_kdfEngineType != Digests::None) m_kdfEngine = GetDigest(m_kdfEngineType); m_isEncryption = Encryption; // expand the key ExpandKey(Encryption, KeyParam.Key()); // ready to transform data m_isInitialized = true; }
void CBC::Initialize(bool Encryption, const KeyParams &KeyParam) { #if defined(DEBUGASSERT_ENABLED) if (KeyParam.IV().size() == 64) assert(HasSSE()); if (KeyParam.IV().size() == 128) assert(HasAVX()); if (IsParallel()) { assert(ParallelBlockSize() >= ParallelMinimumSize() || ParallelBlockSize() <= ParallelMaximumSize()); assert(ParallelBlockSize() % ParallelMinimumSize() == 0); } assert(KeyParam.IV().size() > 15); assert(KeyParam.Key().size() > 15); #endif #if defined(CPPEXCEPTIONS_ENABLED) if (KeyParam.IV().size() == 64 && !HasSSE()) throw CryptoSymmetricCipherException("CBC:Initialize", "SSE 128bit intrinsics are not available on this system!"); if (KeyParam.IV().size() == 128 && !HasAVX()) throw CryptoSymmetricCipherException("CBC:Initialize", "AVX 256bit intrinsics are not available on this system!"); if (KeyParam.IV().size() < 16) throw CryptoSymmetricCipherException("CBC:Initialize", "Requires a minimum 16 bytes of IV!"); if (KeyParam.Key().size() < 16) throw CryptoSymmetricCipherException("CBC:Initialize", "Requires a minimum 16 bytes of Key!"); if (IsParallel() && ParallelBlockSize() < ParallelMinimumSize() || ParallelBlockSize() > ParallelMaximumSize()) throw CryptoSymmetricCipherException("CBC:Initialize", "The parallel block size is out of bounds!"); if (IsParallel() && ParallelBlockSize() % ParallelMinimumSize() != 0) throw CryptoSymmetricCipherException("CBC:Initialize", "The parallel block size must be evenly aligned to the ParallelMinimumSize!"); #endif m_blockCipher->Initialize(Encryption, KeyParam); m_cbcVector = KeyParam.IV(); m_isEncryption = Encryption; m_wideBlock = m_cbcVector.size() == 64 || m_cbcVector.size() == 128; if (m_wideBlock) m_blockSize = m_cbcVector.size(); m_isInitialized = true; }
void FilePrivateKeyStorage::generateKeyPair (const Name& keyName, const KeyParams& params) { if (doesKeyExist(keyName, KEY_CLASS_PUBLIC)) throw SecurityException("Public Key already exists"); if (doesKeyExist(keyName, KEY_CLASS_PRIVATE)) throw SecurityException("Private Key already exists"); Blob publicKeyDer; Blob privateKeyDer; if (params.getKeyType() == KEY_TYPE_RSA) { const RsaKeyParams& rsaParams = static_cast<const RsaKeyParams&>(params); BIGNUM* exponent = 0; RSA* rsa = 0; exponent = BN_new(); if (BN_set_word(exponent, RSA_F4) == 1) { rsa = RSA_new(); if (RSA_generate_key_ex(rsa, rsaParams.getKeySize(), exponent, NULL) == 1) { // Encode the public key. int length = i2d_RSA_PUBKEY(rsa, NULL); publicKeyDer = Blob(ptr_lib::make_shared<vector<uint8_t> >(length), false); uint8_t* derPointer = const_cast<uint8_t*>(publicKeyDer.buf()); i2d_RSA_PUBKEY(rsa, &derPointer); // Encode the private key. length = i2d_RSAPrivateKey(rsa, NULL); vector<uint8_t> pkcs1PrivateKeyDer(length); derPointer = &pkcs1PrivateKeyDer[0]; i2d_RSAPrivateKey(rsa, &derPointer); privateKeyDer = encodePkcs8PrivateKey (pkcs1PrivateKeyDer, OID(RSA_ENCRYPTION_OID), ptr_lib::make_shared<DerNode::DerNull>()); } } BN_free(exponent); RSA_free(rsa); } else if (params.getKeyType() == KEY_TYPE_ECDSA) { const EcdsaKeyParams& ecdsaParams = static_cast<const EcdsaKeyParams&>(params); OID parametersOid; int curveId = -1; // Find the entry in EC_KEY_INFO. for (size_t i = 0 ; i < sizeof(EC_KEY_INFO) / sizeof(EC_KEY_INFO[0]); ++i) { if (EC_KEY_INFO[i].keySize == ecdsaParams.getKeySize()) { curveId = EC_KEY_INFO[i].curveId; parametersOid.setIntegerList (EC_KEY_INFO[i].oidIntegerList, EC_KEY_INFO[i].oidIntegerListLength); break; } } if (curveId == -1) throw SecurityException("Unsupported keySize for KEY_TYPE_ECDSA"); EC_KEY* ecKey = EC_KEY_new_by_curve_name(curveId); if (ecKey != NULL) { if (EC_KEY_generate_key(ecKey) == 1) { // Encode the public key. int length = i2d_EC_PUBKEY(ecKey, NULL); vector<uint8_t> opensslPublicKeyDer(length); uint8_t* derPointer = &opensslPublicKeyDer[0]; i2d_EC_PUBKEY(ecKey, &derPointer); // Convert the openssl style to ndn-cxx which has the simple AlgorithmIdentifier. // Find the bit string which is the second child. ptr_lib::shared_ptr<DerNode> parsedNode = DerNode::parse (&opensslPublicKeyDer[0], 0); const std::vector<ptr_lib::shared_ptr<DerNode> >& children = parsedNode->getChildren(); publicKeyDer = encodeSubjectPublicKeyInfo (OID(EC_ENCRYPTION_OID), ptr_lib::make_shared<DerNode::DerOid>(parametersOid), children[1]); // Encode the private key. EC_KEY_set_enc_flags(ecKey, EC_PKEY_NO_PARAMETERS | EC_PKEY_NO_PUBKEY); length = i2d_ECPrivateKey(ecKey, NULL); vector<uint8_t> pkcs1PrivateKeyDer(length); derPointer = &pkcs1PrivateKeyDer[0]; i2d_ECPrivateKey(ecKey, &derPointer); privateKeyDer = encodePkcs8PrivateKey (pkcs1PrivateKeyDer, OID(EC_ENCRYPTION_OID), ptr_lib::make_shared<DerNode::DerOid>(parametersOid)); } } EC_KEY_free(ecKey); } else throw SecurityException("Unsupported key type"); string keyUri = keyName.toUri(); string publicKeyFilePath = nameTransform(keyUri, ".pub"); string privateKeyFilePath = nameTransform(keyUri, ".pri"); ofstream publicKeyFile(publicKeyFilePath.c_str()); publicKeyFile << toBase64(publicKeyDer.buf(), publicKeyDer.size(), true); ofstream privateKeyFile(privateKeyFilePath.c_str()); privateKeyFile << toBase64(privateKeyDer.buf(), privateKeyDer.size(), true); ::chmod(publicKeyFilePath.c_str(), S_IRUSR | S_IRGRP | S_IROTH); ::chmod(privateKeyFilePath.c_str(), S_IRUSR); }
void SecTpmFile::generateKeyPairInTpm(const Name& keyName, const KeyParams& params) { string keyURI = keyName.toUri(); if (doesKeyExistInTpm(keyName, KeyClass::PUBLIC)) BOOST_THROW_EXCEPTION(Error("public key exists")); if (doesKeyExistInTpm(keyName, KeyClass::PRIVATE)) BOOST_THROW_EXCEPTION(Error("private key exists")); string keyFileName = m_impl->maintainMapping(keyURI); try { switch (params.getKeyType()) { case KeyType::RSA: { using namespace CryptoPP; const RsaKeyParams& rsaParams = static_cast<const RsaKeyParams&>(params); AutoSeededRandomPool rng; InvertibleRSAFunction privateKey; privateKey.Initialize(rng, rsaParams.getKeySize()); string privateKeyFileName = keyFileName + ".pri"; Base64Encoder privateKeySink(new FileSink(privateKeyFileName.c_str())); privateKey.DEREncode(privateKeySink); privateKeySink.MessageEnd(); RSAFunction publicKey(privateKey); string publicKeyFileName = keyFileName + ".pub"; Base64Encoder publicKeySink(new FileSink(publicKeyFileName.c_str())); publicKey.DEREncode(publicKeySink); publicKeySink.MessageEnd(); // set file permission chmod(privateKeyFileName.c_str(), 0000400); chmod(publicKeyFileName.c_str(), 0000444); return; } case KeyType::EC: { using namespace CryptoPP; const EcdsaKeyParams& ecdsaParams = static_cast<const EcdsaKeyParams&>(params); CryptoPP::OID curveName; switch (ecdsaParams.getKeySize()) { case 256: curveName = ASN1::secp256r1(); break; case 384: curveName = ASN1::secp384r1(); break; default: curveName = ASN1::secp256r1(); break; } AutoSeededRandomPool rng; ECDSA<ECP, SHA256>::PrivateKey privateKey; DL_GroupParameters_EC<ECP> cryptoParams(curveName); cryptoParams.SetEncodeAsOID(true); privateKey.Initialize(rng, cryptoParams); ECDSA<ECP, SHA256>::PublicKey publicKey; privateKey.MakePublicKey(publicKey); publicKey.AccessGroupParameters().SetEncodeAsOID(true); string privateKeyFileName = keyFileName + ".pri"; Base64Encoder privateKeySink(new FileSink(privateKeyFileName.c_str())); privateKey.DEREncode(privateKeySink); privateKeySink.MessageEnd(); string publicKeyFileName = keyFileName + ".pub"; Base64Encoder publicKeySink(new FileSink(publicKeyFileName.c_str())); publicKey.Save(publicKeySink); publicKeySink.MessageEnd(); // set file permission chmod(privateKeyFileName.c_str(), 0000400); chmod(publicKeyFileName.c_str(), 0000444); return; } default: BOOST_THROW_EXCEPTION(Error("Unsupported key type")); } } catch (const KeyParams::Error& e) { BOOST_THROW_EXCEPTION(Error(e.what())); } catch (const CryptoPP::Exception& e) { BOOST_THROW_EXCEPTION(Error(e.what())); } }
explicit SimplePublicKeyParams(const KeyParams& params) : KeyParams(params.getKeyType()) { throw KeyParams::Error("Incorrect key parameters (incompatible key type)"); }