security: remove unused KeyClass and AclType enums
Also remove v2::PublicKey alias of transform::PublicKey
Change-Id: I891ffca065613d37c5534b9729c1b6827d440f47
diff --git a/ndn-cxx/security/security-common.cpp b/ndn-cxx/security/security-common.cpp
index 93ba0da..4de326d 100644
--- a/ndn-cxx/security/security-common.cpp
+++ b/ndn-cxx/security/security-common.cpp
@@ -30,7 +30,7 @@
{
switch (keyIdType) {
case KeyIdType::USER_SPECIFIED:
- return os << "USER_SPECIFIED";
+ return os << "USER-SPECIFIED";
case KeyIdType::SHA256:
return os << "SHA256";
case KeyIdType::RANDOM:
@@ -58,22 +58,6 @@
}
std::ostream&
-operator<<(std::ostream& os, KeyClass keyClass)
-{
- switch (keyClass) {
- case KeyClass::NONE:
- return os << "NONE";
- case KeyClass::PUBLIC:
- return os << "PUBLIC";
- case KeyClass::PRIVATE:
- return os << "PRIVATE";
- case KeyClass::SYMMETRIC:
- return os << "SYMMETRIC";
- }
- return os << static_cast<int>(keyClass);
-}
-
-std::ostream&
operator<<(std::ostream& os, DigestAlgorithm algorithm)
{
switch (algorithm) {
@@ -110,7 +94,7 @@
case BlockCipherAlgorithm::NONE:
return os << "NONE";
case BlockCipherAlgorithm::AES_CBC:
- return os << "AES_CBC";
+ return os << "AES-CBC";
}
return os << static_cast<int>(algorithm);
}
@@ -127,18 +111,4 @@
return os << static_cast<int>(op);
}
-std::ostream&
-operator<<(std::ostream& os, AclType aclType)
-{
- switch (aclType) {
- case AclType::NONE:
- return os << "NONE";
- case AclType::PUBLIC:
- return os << "PUBLIC";
- case AclType::PRIVATE:
- return os << "PRIVATE";
- }
- return os << static_cast<int>(aclType);
-}
-
} // namespace ndn
diff --git a/ndn-cxx/security/security-common.hpp b/ndn-cxx/security/security-common.hpp
index 92067b7..1484cbc 100644
--- a/ndn-cxx/security/security-common.hpp
+++ b/ndn-cxx/security/security-common.hpp
@@ -53,25 +53,25 @@
} // namespace command_interest
/**
- * @brief The type of KeyId component in a key name
+ * @brief The type of KeyId component in a key name.
*/
enum class KeyIdType {
/**
- * @brief User-specified key ID
+ * @brief User-specified key id.
*
- * It is user's responsibility to assure the uniqueness of the key names.
+ * It is the user's responsibility to ensure the uniqueness of the key names.
*/
USER_SPECIFIED = 0,
/**
- * @brief Use the SHA256 hash of the public key as the key id
+ * @brief Use the SHA256 hash of the public key as key id.
*
- * This KeyId type guarantees the uniqueness of the key names.
+ * This KeyIdType guarantees the uniqueness of the key names.
*/
SHA256 = 1,
/**
- * @brief Use a 64-bit random number as the key id
+ * @brief Use a 64-bit random number as key id.
*
- * This KeyId provides roughly uniqueness of the key names.
+ * This KeyIdType provides uniqueness (with very high probability) of the key names.
*/
RANDOM = 2,
};
@@ -80,41 +80,31 @@
operator<<(std::ostream& os, KeyIdType keyIdType);
/**
- * @brief The type of a cryptographic key
+ * @brief The type of a cryptographic key.
*/
enum class KeyType {
- NONE = 0, ///< Unknown key type
- RSA = 1, ///< RSA key, supports sign/verify and encrypt/decrypt operations
- EC = 2, ///< Elliptic Curve key (e.g. for ECDSA), supports sign/verify operations
- AES = 128, ///< AES key, supports encrypt/decrypt operations
- HMAC = 256, ///< HMAC key, supports sign/verify operations
+ NONE = 0, ///< Unknown or unsupported key type
+ RSA, ///< RSA key, supports sign/verify and encrypt/decrypt operations
+ EC, ///< Elliptic Curve key (e.g. for ECDSA), supports sign/verify operations
+ AES, ///< AES key, supports encrypt/decrypt operations
+ HMAC, ///< HMAC key, supports sign/verify operations
};
std::ostream&
operator<<(std::ostream& os, KeyType keyType);
-enum class KeyClass {
- NONE,
- PUBLIC,
- PRIVATE,
- SYMMETRIC,
-};
-
-std::ostream&
-operator<<(std::ostream& os, KeyClass keyClass);
-
enum class DigestAlgorithm {
- NONE = 0,
- SHA224 = 2,
- SHA256 = 1,
- SHA384 = 3,
- SHA512 = 4,
- BLAKE2B_512 = 10,
- BLAKE2S_256 = 11,
- SHA3_224 = 20,
- SHA3_256 = 21,
- SHA3_384 = 22,
- SHA3_512 = 23,
+ NONE = 0,
+ SHA224,
+ SHA256,
+ SHA384,
+ SHA512,
+ BLAKE2B_512,
+ BLAKE2S_256,
+ SHA3_224,
+ SHA3_256,
+ SHA3_384,
+ SHA3_512,
};
std::ostream&
@@ -129,31 +119,13 @@
operator<<(std::ostream& os, BlockCipherAlgorithm algorithm);
enum class CipherOperator {
- DECRYPT = 0,
- ENCRYPT = 1,
+ DECRYPT,
+ ENCRYPT,
};
std::ostream&
operator<<(std::ostream& os, CipherOperator op);
-enum class AclType {
- NONE,
- PUBLIC,
- PRIVATE,
-};
-
-std::ostream&
-operator<<(std::ostream& os, AclType aclType);
-
-namespace security {
-namespace transform {
-class PublicKey;
-} // namespace transform
-namespace v2 {
-using transform::PublicKey;
-} // namespace v2
-} // namespace security
-
} // namespace ndn
#endif // NDN_SECURITY_SECURITY_COMMON_HPP
diff --git a/ndn-cxx/security/transform/block-cipher.cpp b/ndn-cxx/security/transform/block-cipher.cpp
index 950099e..985720e 100644
--- a/ndn-cxx/security/transform/block-cipher.cpp
+++ b/ndn-cxx/security/transform/block-cipher.cpp
@@ -153,7 +153,7 @@
if (ivLen != requiredIvLen)
NDN_THROW(Error(getIndex(), "IV length must be " + to_string(requiredIvLen)));
- BIO_set_cipher(m_impl->m_cipher, cipherType, key, iv, static_cast<int>(op));
+ BIO_set_cipher(m_impl->m_cipher, cipherType, key, iv, op == CipherOperator::ENCRYPT ? 1 : 0);
}
unique_ptr<Transform>
diff --git a/ndn-cxx/security/verification-helpers.cpp b/ndn-cxx/security/verification-helpers.cpp
index 7b1d469..625537e 100644
--- a/ndn-cxx/security/verification-helpers.cpp
+++ b/ndn-cxx/security/verification-helpers.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2019 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -39,12 +39,12 @@
bool
verifySignature(const uint8_t* blob, size_t blobLen, const uint8_t* sig, size_t sigLen,
- const v2::PublicKey& pKey)
+ const transform::PublicKey& key)
{
bool result = false;
try {
using namespace transform;
- bufferSource(blob, blobLen) >> verifierFilter(DigestAlgorithm::SHA256, pKey, sig, sigLen)
+ bufferSource(blob, blobLen) >> verifierFilter(DigestAlgorithm::SHA256, key, sig, sigLen)
>> boolSink(result);
}
catch (const transform::Error&) {
@@ -57,7 +57,7 @@
verifySignature(const uint8_t* data, size_t dataLen, const uint8_t* sig, size_t sigLen,
const uint8_t* key, size_t keyLen)
{
- v2::PublicKey pKey;
+ transform::PublicKey pKey;
try {
pKey.loadPkcs8(key, keyLen);
}
@@ -106,7 +106,7 @@
static bool
verifySignature(const std::tuple<bool, const uint8_t*, size_t, const uint8_t*, size_t>& params,
- const v2::PublicKey& pKey)
+ const transform::PublicKey& key)
{
bool isParsable = false;
const uint8_t* buf = nullptr;
@@ -117,7 +117,7 @@
std::tie(isParsable, buf, bufLen, sig, sigLen) = params;
if (isParsable)
- return verifySignature(buf, bufLen, sig, sigLen, pKey);
+ return verifySignature(buf, bufLen, sig, sigLen, key);
else
return false;
}
@@ -141,13 +141,13 @@
}
bool
-verifySignature(const Data& data, const v2::PublicKey& key)
+verifySignature(const Data& data, const transform::PublicKey& key)
{
return verifySignature(parse(data), key);
}
bool
-verifySignature(const Interest& interest, const v2::PublicKey& key)
+verifySignature(const Interest& interest, const transform::PublicKey& key)
{
return verifySignature(parse(interest), key);
}
diff --git a/ndn-cxx/security/verification-helpers.hpp b/ndn-cxx/security/verification-helpers.hpp
index 75bb00a..b864e3d 100644
--- a/ndn-cxx/security/verification-helpers.hpp
+++ b/ndn-cxx/security/verification-helpers.hpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2019 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -35,19 +35,20 @@
class Key;
} // namespace pib
+namespace transform {
+class PublicKey;
+} // namespace transform
+
namespace v2 {
class Certificate;
} // namespace v2
/**
* @brief Verify @p blob using @p key against @p sig.
- *
- * This is the core function, all other verifySignature overloads are implemented in terms
- * of this function.
*/
bool
verifySignature(const uint8_t* blob, size_t blobLen, const uint8_t* sig, size_t sigLen,
- const v2::PublicKey& pKey);
+ const transform::PublicKey& key);
/**
* @brief Verify @p blob using @p key against @p sig.
@@ -64,7 +65,7 @@
/**
* @brief Verify @p interest using @p key.
- * @note This method verifies only signature of the signed interest
+ * @note This method verifies only signature of the signed interest.
* @sa docs/specs/signed-interest.rst
*/
bool
@@ -74,15 +75,15 @@
* @brief Verify @p data using @p key.
*/
bool
-verifySignature(const Data& data, const v2::PublicKey& key);
+verifySignature(const Data& data, const transform::PublicKey& key);
/**
* @brief Verify @p interest using @p key.
- * @note This method verifies only signature of the signed interest
+ * @note This method verifies only signature of the signed interest.
* @sa docs/specs/signed-interest.rst
*/
bool
-verifySignature(const Interest& interest, const v2::PublicKey& key);
+verifySignature(const Interest& interest, const transform::PublicKey& key);
/**
* @brief Verify @p data using @p key.
@@ -92,7 +93,7 @@
/**
* @brief Verify @p interest using @p key.
- * @note This method verifies only signature of the signed interest
+ * @note This method verifies only signature of the signed interest.
* @sa docs/specs/signed-interest.rst
*/
bool
@@ -106,7 +107,7 @@
/**
* @brief Verify @p interest using @p cert.
- * @note This method verifies only signature of the signed interest
+ * @note This method verifies only signature of the signed interest.
* @sa docs/specs/signed-interest.rst
*/
bool
@@ -116,9 +117,6 @@
/**
* @brief Verify @p blob against @p digest using @p algorithm.
- *
- * This is the core function, all other verifyDigest overloads are implemented in terms
- * of this function.
*/
bool
verifyDigest(const uint8_t* blob, size_t blobLen, const uint8_t* digest, size_t digestLen,
@@ -132,7 +130,7 @@
/**
* @brief Verify @p interest against digest @p algorithm.
- * @note This method verifies only signature of the signed interest
+ * @note This method verifies only signature of the signed interest.
* @sa docs/specs/signed-interest.rst
*/
bool
diff --git a/tests/unit/security/key-params.t.cpp b/tests/unit/security/key-params.t.cpp
index 336520d..78f3a4e 100644
--- a/tests/unit/security/key-params.t.cpp
+++ b/tests/unit/security/key-params.t.cpp
@@ -150,7 +150,7 @@
BOOST_AUTO_TEST_CASE(KeyIdTypeToString)
{
- BOOST_CHECK_EQUAL(boost::lexical_cast<std::string>(KeyIdType::USER_SPECIFIED), "USER_SPECIFIED");
+ BOOST_CHECK_EQUAL(boost::lexical_cast<std::string>(KeyIdType::USER_SPECIFIED), "USER-SPECIFIED");
BOOST_CHECK_EQUAL(boost::lexical_cast<std::string>(KeyIdType::SHA256), "SHA256");
BOOST_CHECK_EQUAL(boost::lexical_cast<std::string>(KeyIdType::RANDOM), "RANDOM");
BOOST_CHECK_EQUAL(boost::lexical_cast<std::string>(static_cast<KeyIdType>(12345)), "12345");
diff --git a/tests/unit/security/pib/pib-impl.t.cpp b/tests/unit/security/pib/pib-impl.t.cpp
index a1f2e47..2cbdc2f 100644
--- a/tests/unit/security/pib/pib-impl.t.cpp
+++ b/tests/unit/security/pib/pib-impl.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2019 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -28,7 +28,7 @@
#include "tests/unit/security/pib/pib-data-fixture.hpp"
#include <boost/filesystem.hpp>
-#include <boost/mpl/list.hpp>
+#include <boost/mpl/vector.hpp>
namespace ndn {
namespace security {
@@ -68,8 +68,7 @@
PibSqlite3 pib;
};
-typedef boost::mpl::list<PibMemoryFixture,
- PibSqlite3Fixture> PibImpls;
+using PibImpls = boost::mpl::vector<PibMemoryFixture, PibSqlite3Fixture>;
BOOST_FIXTURE_TEST_CASE_TEMPLATE(TpmLocator, T, PibImpls, T)
{
@@ -288,13 +287,16 @@
this->pib.addCertificate(this->id2Key2Cert1);
BOOST_CHECK_EQUAL(this->pib.getDefaultKeyOfIdentity(this->id2), this->id2Key2Name);
- BOOST_CHECK_EQUAL(this->pib.getDefaultCertificateOfKey(this->id2Key2Name).getName(), this->id2Key2Cert1.getName());
+ BOOST_CHECK_EQUAL(this->pib.getDefaultCertificateOfKey(this->id2Key2Name).getName(),
+ this->id2Key2Cert1.getName());
this->pib.addCertificate(this->id2Key2Cert2);
- BOOST_CHECK_EQUAL(this->pib.getDefaultCertificateOfKey(this->id2Key2Name).getName(), this->id2Key2Cert1.getName());
+ BOOST_CHECK_EQUAL(this->pib.getDefaultCertificateOfKey(this->id2Key2Name).getName(),
+ this->id2Key2Cert1.getName());
this->pib.removeCertificate(this->id2Key2Cert2.getName());
- BOOST_CHECK_EQUAL(this->pib.getDefaultCertificateOfKey(this->id2Key2Name).getName(), this->id2Key2Cert1.getName());
+ BOOST_CHECK_EQUAL(this->pib.getDefaultCertificateOfKey(this->id2Key2Name).getName(),
+ this->id2Key2Cert1.getName());
}
BOOST_FIXTURE_TEST_CASE_TEMPLATE(Overwrite, T, PibImpls, T)
diff --git a/tests/unit/security/verification-helpers.t.cpp b/tests/unit/security/verification-helpers.t.cpp
index c7854a5..977ec30 100644
--- a/tests/unit/security/verification-helpers.t.cpp
+++ b/tests/unit/security/verification-helpers.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2019 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -27,7 +27,7 @@
#include "tests/identity-management-fixture.hpp"
#include "tests/make-interest-data.hpp"
-#include <boost/mpl/list.hpp>
+#include <boost/mpl/vector.hpp>
namespace ndn {
namespace security {
@@ -422,14 +422,14 @@
// - .badSigInterest a valid and signed interest packet that cannot be verified by cert
// (signed by a different private key)
-typedef boost::mpl::list<EcdsaDataset, RsaDataset> SignatureDatasets;
+using SignatureDatasets = boost::mpl::vector<EcdsaDataset, RsaDataset>;
BOOST_AUTO_TEST_CASE_TEMPLATE(VerifySignature, Dataset, SignatureDatasets)
{
Dataset dataset;
v2::Certificate cert(Block(dataset.cert.data(), dataset.cert.size()));
Buffer keyRaw = cert.getPublicKey();
- v2::PublicKey key;
+ transform::PublicKey key;
key.loadPkcs8(keyRaw.data(), keyRaw.size());
Data data(Block(dataset.goodData.data(), dataset.goodData.size()));
Data badSigData(Block(dataset.badSigData.data(), dataset.badSigData.size()));
@@ -469,7 +469,7 @@
// - pib::Key version is tested as part of v2/key-chain.t.cpp (Security/V2/TestKeyChain)
}
-typedef boost::mpl::list<Sha256Dataset> DigestDatasets;
+using DigestDatasets = boost::mpl::vector<Sha256Dataset>;
BOOST_AUTO_TEST_CASE_TEMPLATE(VerifyDigest, Dataset, DigestDatasets)
{