security: Add KeyParams to support multiple types of keys.
Different types of keys may require different size options and default key size.
This commit also fixes the undefined behavior when processing the password of TPM.
Change-Id: I8fb95f28468be8299002f0d5146a4496ea1da25f
Refs: #1660
Refs: #1693
diff --git a/tests/unit-tests/security/test-sec-tpm-osx.cpp b/tests/unit-tests/security/test-sec-tpm-osx.cpp
index a179e30..da92cc9 100644
--- a/tests/unit-tests/security/test-sec-tpm-osx.cpp
+++ b/tests/unit-tests/security/test-sec-tpm-osx.cpp
@@ -28,7 +28,6 @@
#include "boost-test.hpp"
-using namespace std;
namespace ndn {
BOOST_AUTO_TEST_SUITE(SecurityTestSecTpmOsx)
@@ -38,9 +37,10 @@
SecTpmOsx tpm;
Name keyName("/TestSecTpmOsx/Delete/ksk-" +
- boost::lexical_cast<string>(
+ boost::lexical_cast<std::string>(
time::toUnixTimestamp(time::system_clock::now()).count()));
- BOOST_CHECK_NO_THROW(tpm.generateKeyPairInTpm(keyName, KEY_TYPE_RSA, 2048));
+ RsaKeyParams params(2048);
+ BOOST_CHECK_NO_THROW(tpm.generateKeyPairInTpm(keyName, params));
BOOST_REQUIRE_EQUAL(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC), true);
BOOST_REQUIRE_EQUAL(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE), true);
@@ -56,9 +56,10 @@
SecTpmOsx tpm;
Name keyName("/TestSecTpmOsx/SignVerify/ksk-" +
- boost::lexical_cast<string>(
+ boost::lexical_cast<std::string>(
time::toUnixTimestamp(time::system_clock::now()).count()));
- BOOST_CHECK_NO_THROW(tpm.generateKeyPairInTpm(keyName, KEY_TYPE_RSA, 2048));
+ RsaKeyParams params(2048);
+ BOOST_CHECK_NO_THROW(tpm.generateKeyPairInTpm(keyName, params));
Data data("/TestSecTpmOsx/SignVaerify/Data/1");
const uint8_t content[] = {0x01, 0x02, 0x03, 0x04};
@@ -67,22 +68,22 @@
BOOST_CHECK_NO_THROW(sigBlock = tpm.signInTpm(content, sizeof(content),
keyName, DIGEST_ALGORITHM_SHA256));
- shared_ptr<PublicKey> pubkeyPtr;
- BOOST_CHECK_NO_THROW(pubkeyPtr = tpm.getPublicKeyFromTpm(keyName));
+ shared_ptr<PublicKey> publicKey;
+ BOOST_CHECK_NO_THROW(publicKey = tpm.getPublicKeyFromTpm(keyName));
try
{
using namespace CryptoPP;
- RSA::PublicKey publicKey;
+ RSA::PublicKey rsaPublicKey;
ByteQueue queue;
- queue.Put(reinterpret_cast<const byte*>(pubkeyPtr->get().buf()), pubkeyPtr->get().size());
- publicKey.Load(queue);
+ queue.Put(reinterpret_cast<const byte*>(publicKey->get().buf()), publicKey->get().size());
+ rsaPublicKey.Load(queue);
- RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
- bool result = verifier.VerifyMessage(content, sizeof(content),
- sigBlock.value(), sigBlock.value_size());
+ RSASS<PKCS1v15, SHA256>::Verifier verifier(rsaPublicKey);
+ bool isVerified = verifier.VerifyMessage(content, sizeof(content),
+ sigBlock.value(), sigBlock.value_size());
- BOOST_CHECK_EQUAL(result, true);
+ BOOST_CHECK_EQUAL(isVerified, true);
}
catch (CryptoPP::Exception& e)
{
@@ -101,13 +102,17 @@
uint8_t* block = new uint8_t[size];
tpm.generateRandomBlock(block, size);
- map<uint8_t, int> counter;
- for(size_t i = 0; i < size; i++)
- counter[block[i]] += 1;
+ std::map<uint8_t, int> counter;
+ for (size_t i = 0; i < size; i++)
+ {
+ counter[block[i]] += 1;
+ }
float dev = 0.0;
- for(size_t i = 0; i != 255; i++)
- dev += ((counter[i] - scale) * (counter[i] - scale)) * 1.0 / (scale * scale);
+ for (size_t i = 0; i != 255; i++)
+ {
+ dev += ((counter[i] - scale) * (counter[i] - scale)) * 1.0 / (scale * scale);
+ }
BOOST_CHECK_CLOSE(dev / 256, 0.001, 100);
@@ -120,30 +125,31 @@
SecTpmOsx tpm;
Name keyName("/TestSecTpmOsx/ExportImportKey/ksk-" +
- boost::lexical_cast<string>(
+ boost::lexical_cast<std::string>(
time::toUnixTimestamp(time::system_clock::now()).count()));
- BOOST_CHECK_NO_THROW(tpm.generateKeyPairInTpm(keyName, KEY_TYPE_RSA, 2048));
+ RsaKeyParams params(2048);
+ BOOST_CHECK_NO_THROW(tpm.generateKeyPairInTpm(keyName, params));
- BOOST_REQUIRE(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE) == true);
- BOOST_REQUIRE(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC) == true);
+ BOOST_REQUIRE_EQUAL(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE), true);
+ BOOST_REQUIRE_EQUAL(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC), true);
ConstBufferPtr exported;
BOOST_CHECK_NO_THROW(exported = tpm.exportPrivateKeyPkcs5FromTpm(keyName, "1234"));
- shared_ptr<PublicKey> pubkeyPtr;
- BOOST_REQUIRE_NO_THROW(pubkeyPtr = tpm.getPublicKeyFromTpm(keyName));
+ shared_ptr<PublicKey> publicKey;
+ BOOST_REQUIRE_NO_THROW(publicKey = tpm.getPublicKeyFromTpm(keyName));
tpm.deleteKeyPairInTpm(keyName);
- BOOST_REQUIRE(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE) == false);
- BOOST_REQUIRE(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC) == false);
+ BOOST_REQUIRE_EQUAL(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE), false);
+ BOOST_REQUIRE_EQUAL(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC), false);
BOOST_REQUIRE(tpm.importPrivateKeyPkcs5IntoTpm(keyName,
exported->buf(), exported->size(),
"1234"));
- BOOST_REQUIRE(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC) == true);
- BOOST_REQUIRE(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE) == true);
+ BOOST_REQUIRE_EQUAL(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC), true);
+ BOOST_REQUIRE_EQUAL(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE), true);
const uint8_t content[] = {0x01, 0x02, 0x03, 0x04};
Block sigBlock;
@@ -154,16 +160,16 @@
{
using namespace CryptoPP;
- RSA::PublicKey publicKey;
+ RSA::PublicKey rsaPublicKey;
ByteQueue queue;
- queue.Put(reinterpret_cast<const byte*>(pubkeyPtr->get().buf()), pubkeyPtr->get().size());
- publicKey.Load(queue);
+ queue.Put(reinterpret_cast<const byte*>(publicKey->get().buf()), publicKey->get().size());
+ rsaPublicKey.Load(queue);
- RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
- bool result = verifier.VerifyMessage(content, sizeof(content),
- sigBlock.value(), sigBlock.value_size());
+ RSASS<PKCS1v15, SHA256>::Verifier verifier(rsaPublicKey);
+ bool isVerified = verifier.VerifyMessage(content, sizeof(content),
+ sigBlock.value(), sigBlock.value_size());
- BOOST_CHECK_EQUAL(result, true);
+ BOOST_CHECK_EQUAL(isVerified, true);
}
catch (CryptoPP::Exception& e)
{