Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 3c5887ce4e7a2c1febb5dd4783c821f18cd74235^! / .
commit3c5887ce4e7a2c1febb5dd4783c821f18cd74235[log] [tgz]
authorYingdi Yu <yuyingdi@gmail.com>Tue Jan 21 18:19:49 2014 -0800
committerYingdi Yu <yuyingdi@gmail.com>Tue Jan 21 19:20:47 2014 -0800
tree431aafe6ae95c97c0ed97465bf65987577456261
parent2715839103fd8c7cd2ba300ea2e01e674ba1baac [diff]
security: Moving signInTpm(Data& data, ...) from SecTpm to KeyChain.

The method is no longer a pure virtual method, and sub-classes of SecTpm do not have to implement this one.
Although the method is now a part of KeyChain, but it is still named as signInTpm to be distinguished from the other sign methods of KeyChain.
signInTpm takes the public key name as argument, well sign methods take certificate name as argument.

Change-Id: I6a1546f760a7446341a152bb2f716032f2b7bb58

diff --git a/include/ndn-cpp-dev/security/key-chain.hpp b/include/ndn-cpp-dev/security/key-chain.hpp
index fffa05d..c5df5db 100644
--- a/include/ndn-cpp-dev/security/key-chain.hpp
+++ b/include/ndn-cpp-dev/security/key-chain.hpp

@@ -153,6 +153,22 @@
     return certificate;
   }
 
+  /**
+   * Fetch the private key for keyName and sign the data, and set the signature block of the data packet.
+   * Throw Error if signing fails.
+   * @param data Reference to the input data packet.
+   * @param keyName The name of the signing key.
+   * @param digestAlgorithm the digest algorithm.
+   */  
+  void
+  signInTpm(Data &data, const Name& keyName, DigestAlgorithm digestAlgorithm)
+  {
+    data.setSignatureValue
+      (Tpm::signInTpm(data.wireEncode().value(),
+                      data.wireEncode().value_size() - data.getSignature().getValue().size(),
+                      keyName, digestAlgorithm));
+  }
+
   void
   sign(Data &data)
   {
@@ -184,7 +200,7 @@
     data.setSignature(signature);
 
     // For temporary usage, we support RSA + SHA256 only, but will support more.
-    Tpm::signInTpm(data, cert->getPublicKeyName(), DIGEST_ALGORITHM_SHA256);
+    signInTpm(data, cert->getPublicKeyName(), DIGEST_ALGORITHM_SHA256);
   }
 
   void
@@ -195,7 +211,7 @@
     data.setSignature(signature);
 
     // For temporary usage, we support RSA + SHA256 only, but will support more.
-    Tpm::signInTpm(data, certificate.getPublicKeyName(), DIGEST_ALGORITHM_SHA256);
+    signInTpm(data, certificate.getPublicKeyName(), DIGEST_ALGORITHM_SHA256);
   }
   
   /**
@@ -296,7 +312,7 @@
     cert.setSignature(signature);
 
     // For temporary usage, we support RSA + SHA256 only, but will support more.
-    Tpm::signInTpm(cert, cert.getPublicKeyName(), DIGEST_ALGORITHM_SHA256);
+    signInTpm(cert, cert.getPublicKeyName(), DIGEST_ALGORITHM_SHA256);
   }
 
 

diff --git a/include/ndn-cpp-dev/security/sec-tpm-memory.hpp b/include/ndn-cpp-dev/security/sec-tpm-memory.hpp
index 8203272..21dc272 100644
--- a/include/ndn-cpp-dev/security/sec-tpm-memory.hpp
+++ b/include/ndn-cpp-dev/security/sec-tpm-memory.hpp

@@ -68,9 +68,6 @@
    */  
   virtual Block 
   signInTpm(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm);
-
-  virtual void 
-  signInTpm(Data &data, const Name& keyName, DigestAlgorithm digestAlgorithm);
   
   /**
    * Decrypt data.

diff --git a/include/ndn-cpp-dev/security/sec-tpm-osx.hpp b/include/ndn-cpp-dev/security/sec-tpm-osx.hpp
index 4839e3d..2ea9ff1 100644
--- a/include/ndn-cpp-dev/security/sec-tpm-osx.hpp
+++ b/include/ndn-cpp-dev/security/sec-tpm-osx.hpp

@@ -37,16 +37,13 @@
 
   // From TrustedPlatformModule
   virtual void 
-  generateKeyPairInTpm(const Name& keyName, KeyType keyType = KEY_TYPE_RSA, int keySize = 2048);
+  generateKeyPairInTpm(const Name& keyName, KeyType keyType, int keySize);
 
   virtual ptr_lib::shared_ptr<PublicKey> 
   getPublicKeyFromTpm(const Name& keyName);
   
   virtual Block
   signInTpm(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm);
-
-  virtual void
-  signInTpm(Data &data, const Name& keyName, DigestAlgorithm digestAlgorithm);
   
   /**
    * Decrypt data.

diff --git a/include/ndn-cpp-dev/security/sec-tpm.hpp b/include/ndn-cpp-dev/security/sec-tpm.hpp
index c6b5328..dd9a55e 100644
--- a/include/ndn-cpp-dev/security/sec-tpm.hpp
+++ b/include/ndn-cpp-dev/security/sec-tpm.hpp

@@ -45,18 +45,16 @@
   getPublicKeyFromTpm(const Name& keyName) = 0;
   
   /**
-   * Fetch the private key for keyName and sign the data, returning a signature Blob.
+   * Fetch the private key for keyName and sign the data, returning a signature block.
    * @param data Pointer to the input byte array.
    * @param dataLength The length of data.
    * @param keyName The name of the signing key.
    * @param digestAlgorithm the digest algorithm.
-   * @return The signature, or a null pointer if signing fails.
+   * @return The signature block.
+   * @throws SecTpm::Error
    */  
   virtual Block
   signInTpm(const uint8_t *data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm) = 0;
-
-  virtual void
-  signInTpm(Data &data, const Name& keyName, DigestAlgorithm digestAlgorithm) = 0;
   
   /**
    * Decrypt data.

diff --git a/src/security/sec-tpm-memory.cpp b/src/security/sec-tpm-memory.cpp
index 3ee60aa..c9617ba 100644
--- a/src/security/sec-tpm-memory.cpp
+++ b/src/security/sec-tpm-memory.cpp

@@ -109,45 +109,6 @@
   return Block(Tlv::SignatureValue, signatureBuffer);
 }
 
-void
-SecTpmMemory::signInTpm(Data &d,
-                const Name& keyName,
-                DigestAlgorithm digestAlgorithm)
-{
-  if (digestAlgorithm != DIGEST_ALGORITHM_SHA256)
-    Error("MemoryPrivateKeyStorage::sign only SHA256 digest is supported");
-
-  // Find the private key and sign.
-  PrivateKeyStore::iterator privateKey = privateKeyStore_.find(keyName.toUri());
-  if (privateKey == privateKeyStore_.end())
-    throw Error(string("MemoryPrivateKeyStorage: Cannot find private key ") + keyName.toUri());
-  
-  uint8_t digest[SHA256_DIGEST_LENGTH];
-  SHA256_CTX sha256;
-  SHA256_Init(&sha256);
-
-  SHA256_Update(&sha256, d.getName().    wireEncode().wire(), d.getName().    wireEncode().size());
-  SHA256_Update(&sha256, d.getMetaInfo().wireEncode().wire(), d.getMetaInfo().wireEncode().size());
-  SHA256_Update(&sha256, d.getContent().              wire(), d.getContent().              size());
-  SHA256_Update(&sha256, d.getSignature().getInfo().  wire(), d.getSignature().getInfo().  size());
-  
-  SHA256_Final(digest, &sha256);
-
-  BufferPtr signatureBuffer = ptr_lib::make_shared<Buffer>();
-  signatureBuffer->resize(RSA_size(privateKey->second->getPrivateKey()));
-  
-  unsigned int signatureBitsLength;  
-  if (!RSA_sign(NID_sha256, digest, sizeof(digest),
-                signatureBuffer->buf(),
-                &signatureBitsLength,
-                privateKey->second->getPrivateKey()))
-    {
-      throw Error("Error in RSA_sign");
-    }
-
-  d.setSignatureValue(Block(Tlv::SignatureValue, signatureBuffer));
-}
-
 ConstBufferPtr
 SecTpmMemory::decryptInTpm(const Name& keyName, const uint8_t* data, size_t dataLength, bool isSymmetric)
 {

diff --git a/src/security/sec-tpm-osx.cpp b/src/security/sec-tpm-osx.cpp
index db319c4..23a33f0 100644
--- a/src/security/sec-tpm-osx.cpp
+++ b/src/security/sec-tpm-osx.cpp

@@ -279,15 +279,6 @@
                  ptr_lib::make_shared<Buffer>(CFDataGetBytePtr(signature), CFDataGetLength(signature)));
   }
 
-  void
-  SecTpmOsx::signInTpm(Data &data, const Name& keyName, DigestAlgorithm digestAlgorithm)
-  {
-    data.setSignatureValue
-      (signInTpm(data.wireEncode().value(),
-            data.wireEncode().value_size() - data.getSignature().getValue().size(),
-            keyName, digestAlgorithm));
-  }
-
   ConstBufferPtr
   SecTpmOsx::decryptInTpm(const Name & keyName, const uint8_t* data, size_t dataLength, bool sym)
   {