security: remove default argument from transform::digestFilter
The choice of algorithm to use should be an informed and conscious
decision by the application developer. Moreover, no other transform
filter provides a default.
Change-Id: I92081ec802ef6a7158d620e6d9359f22bcca0d41
diff --git a/src/security/tpm/back-end.cpp b/src/security/tpm/back-end.cpp
index 364b8bb..f15962c 100644
--- a/src/security/tpm/back-end.cpp
+++ b/src/security/tpm/back-end.cpp
@@ -110,15 +110,18 @@
BackEnd::setKeyName(KeyHandle& keyHandle, const Name& identity, const KeyParams& params)
{
name::Component keyId;
+
switch (params.getKeyIdType()) {
- case KeyIdType::USER_SPECIFIED:
+ case KeyIdType::USER_SPECIFIED: {
keyId = params.getKeyId();
break;
+ }
case KeyIdType::SHA256: {
using namespace transform;
-
OBufferStream os;
- bufferSource(*keyHandle.derivePublicKey()) >> digestFilter() >> streamSink(os);
+ bufferSource(*keyHandle.derivePublicKey()) >>
+ digestFilter(DigestAlgorithm::SHA256) >>
+ streamSink(os);
keyId = name::Component(os.buf());
break;
}
@@ -128,7 +131,7 @@
break;
}
default: {
- BOOST_ASSERT(false);
+ BOOST_THROW_EXCEPTION(Error("Unsupported key id type"));
}
}
diff --git a/src/security/transform/digest-filter.hpp b/src/security/transform/digest-filter.hpp
index a9c023e..fe23586 100644
--- a/src/security/transform/digest-filter.hpp
+++ b/src/security/transform/digest-filter.hpp
@@ -64,7 +64,7 @@
};
unique_ptr<Transform>
-digestFilter(DigestAlgorithm algo = DigestAlgorithm::SHA256);
+digestFilter(DigestAlgorithm algo);
} // namespace transform
} // namespace security