UNPKG

ndn-js

Version:

A JavaScript client library for Named Data Networking

github.com/named-data/ndn-js

named-data/ndn-js

259 lines (232 loc) 8.91 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
/** * Copyright (C) 2017-2019 Regents of the University of California. * @author: Jeff Thompson <jefft0@remap.ucla.edu> * @author: From ndn-cxx security https://github.com/named-data/ndn-cxx/blob/master/ndn-cxx/security/tpm/back-end-file.hpp * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * A copy of the GNU Lesser General Public License is in the file COPYING. */ /** @ignore */ var path = require('path'); /** @ignore */ var fs = require('fs'); /** @ignore */ var Crypto = require('../../crypto.js'); /** @ignore */ var Blob = require('../../util/blob.js').Blob; /** @ignore */ var TpmPrivateKey = require('./tpm-private-key.js').TpmPrivateKey; /** @ignore */ var TpmKeyHandleMemory = require('./tpm-key-handle-memory.js').TpmKeyHandleMemory; /** @ignore */ var TpmBackEnd = require('./tpm-back-end.js').TpmBackEnd; /** @ignore */ var SyncPromise = require('../../util/sync-promise.js').SyncPromise; /** * TpmBackEndFile extends TpmBackEnd to implement a TPM back-end using on-disk * file storage. In this TPM, each private key is stored in a separate file with * permission 0400, i.e., owner read-only. The key is stored in PKCS #1 format * in base64 encoding. * * Create a TpmBackEndFile to use the given path to store files (of provided) or * to the default location. * @param {string} locationPath (optional) The full path of the directory to * store private keys. If omitted or null or "", use the default location * ~/.ndn/ndnsec-key-file. * @constructor */ var TpmBackEndFile = function TpmBackEndFile(locationPath) { // Call the base constructor. TpmBackEnd.call(this); if (locationPath == undefined || locationPath == "") { var home = process.env.HOME || process.env.HOMEPATH || process.env.USERPROFILE; locationPath = path.join(home, ".ndn", "ndnsec-key-file"); } this.keyStorePath_ = locationPath; }; TpmBackEndFile.prototype = new TpmBackEnd(); TpmBackEndFile.prototype.name = "TpmBackEndFile"; exports.TpmBackEndFile = TpmBackEndFile; /** * Create a TpmBackEndFile.Error which extends TpmBackEnd.Error and represents a * non-semantic error in backend TPM file processing. * Call with: throw new TpmBackEndFile.Error(new Error("message")). * @constructor * @param {Error} error The exception created with new Error. */ TpmBackEndFile.Error = function TpmBackEndFileError(error) { // Call the base constructor. TpmBackEnd.Error.call(this, error); } TpmBackEndFile.Error.prototype = new TpmBackEnd.Error(); TpmBackEndFile.Error.prototype.name = "TpmBackEndFileError"; TpmBackEndFile.getScheme = function() { return "tpm-file"; }; /** * A protected method to check if the key with name keyName exists in the TPM. * @param {Name} keyName The name of the key. * @param {boolean} useSync (optional) If true then return a SyncPromise which * is already fulfilled. If omitted or false, this may return a SyncPromise or * an async Promise. * @return {Promise|SyncPromise} A promise which returns true if the key exists. */ TpmBackEndFile.prototype.doHasKeyPromise_ = function(keyName, useSync) { return Promise.resolve(this.hasKey_(keyName)); }; /** * Do the work of doHasKeyPromise_ * @param {Name} keyName The name of the key. * @return {boolean} True if the key exists. */ TpmBackEndFile.prototype.hasKey_ = function(keyName) { if (!fs.existsSync(this.toFilePath_(keyName))) return false; try { this.loadKey_(keyName); return true; } catch (ex) { return false; } }; /** * A protected method to get the handle of the key with name keyName. * @param {Name} keyName The name of the key. * @param {boolean} useSync (optional) If true then return a SyncPromise which * is already fulfilled. If omitted or false, this may return a SyncPromise or * an async Promise. * @return {Promise|SyncPromise} A promise which returns a TpmKeyHandle of the * key, or returns null if the key does not exist. */ TpmBackEndFile.prototype.doGetKeyHandlePromise_ = function(keyName, useSync) { if (!this.hasKey_(keyName)) return null; return new TpmKeyHandleMemory(this.loadKey_(keyName)); }; /** * A protected method to create a key for identityName according to params. The * created key is named as: /<identityName>/[keyId]/KEY . The key name is set in * the returned TpmKeyHandle. * @param {Name} identityName The name if the identity. * @param {KeyParams} params The KeyParams for creating the key. * @param {boolean} useSync (optional) If true then return a SyncPromise which * is already fulfilled. If omitted or false, this may return a SyncPromise or * an async Promise. * @return {Promise|SyncPromise} A promise which returns the TpmKeyHandle of * the created key, or a promise rejected with TpmBackEnd.Error if the key * cannot be created. */ TpmBackEndFile.prototype.doCreateKeyPromise_ = function (identityName, params, useSync) { var key; try { // We know that TpmPrivateKey.generatePrivateKeyPromise is sync. key = SyncPromise.getValue(TpmPrivateKey.generatePrivateKeyPromise(params)); } catch (ex) { return Promise.reject(new TpmBackEndFile.Error(new Error ("Error in TpmPrivateKey.generatePrivateKey: " + ex))); } var keyHandle = new TpmKeyHandleMemory(key); TpmBackEnd.setKeyName(keyHandle, identityName, params); try { this.saveKey_(keyHandle.getKeyName(), key); } catch (ex) { return Promise.reject(ex); } return Promise.resolve(keyHandle); }; /** * A protected method to delete the key with name keyName. If the key doesn't * exist, do nothing. * @param {Name} keyName The name of the key to delete. * @param {boolean} useSync (optional) If true then return a SyncPromise which * is already fulfilled. If omitted or false, this may return a SyncPromise or * an async Promise. * @return {Promise|SyncPromise} A promise which fulfills when finished, or a * promise rejected with TpmBackEnd.Error if the deletion fails. */ TpmBackEndFile.prototype.doDeleteKeyPromise_ = function(keyName, useSync) { var filePath = this.toFilePath_(keyName); if (fs.existsSync(filePath)) { try { fs.unlinkSync(filePath); } catch (ex) { return Promise.reject(new TpmBackEndFile.Error(new Error ("Error deleting private key file: " + ex))); } } return Promise.resolve(); }; // TODO: doExportKeyPromise_ // TODO: doImportKeyPromise_ /** * Load the private key with name keyName from the key file directory. * @param {Name} keyName The name of the key. * @return {TpmPrivateKey} The key loaded into a TpmPrivateKey. */ TpmBackEndFile.prototype.loadKey_ = function(keyName) { var key = new TpmPrivateKey(); var pkcs; try { var base64Content = fs.readFileSync(this.toFilePath_(keyName)).toString(); pkcs = new Buffer(base64Content, 'base64'); } catch (ex) { throw new TpmBackEndFile.Error(new Error ("Error reading private key file: " + ex)); } try { key.loadPkcs1(pkcs, null); } catch (ex) { throw new TpmBackEndFile.Error(new Error ("Error decoding private key file: " + ex)); } return key; }; /** * Save the private key using keyName into the key file directory. * @param {Name} keyName The name of the key. * @param {TpmPrivateKey} key The private key to save. */ TpmBackEndFile.prototype.saveKey_ = function(keyName, key) { var filePath = this.toFilePath_(keyName); var base64; try { base64 = key.toPkcs1().buf().toString('base64'); } catch (ex) { throw new TpmBackEndFile.Error(new Error ("Error encoding private key file: " + ex)); } try { var options = { mode: parseInt('0400', 8) }; fs.writeFileSync(filePath, base64, options); } catch (ex) { throw new TpmBackEndFile.Error(new Error ("Error writing private key file: " + ex)); } }; /** * Get the file path for the keyName, which is keyStorePath_ + "/" + * hex(sha256(keyName-wire-encoding)) + ".privkey" . * @param {Name} keyName The name of the key. * @return {string} The file path for the key. */ TpmBackEndFile.prototype.toFilePath_ = function(keyName) { var keyEncoding = keyName.wireEncode(); var hash = Crypto.createHash('sha256'); hash.update(keyEncoding.buf()); var digest = hash.digest(); return path.join (this.keyStorePath_, new Blob(digest, false).toHex() + ".privkey"); };