security: consistently use EVP_MD conversion helper
Change-Id: Icd95009fba223c461988fe7b341be55972d30f91
diff --git a/src/security/detail/openssl-helper.cpp b/src/security/detail/openssl-helper.cpp
index 27177e2..d854776 100644
--- a/src/security/detail/openssl-helper.cpp
+++ b/src/security/detail/openssl-helper.cpp
@@ -26,7 +26,7 @@
namespace detail {
const EVP_MD*
-toDigestEvpMd(DigestAlgorithm algo)
+digestAlgorithmToEvpMd(DigestAlgorithm algo)
{
switch (algo) {
case DigestAlgorithm::SHA256:
diff --git a/src/security/detail/openssl-helper.hpp b/src/security/detail/openssl-helper.hpp
index dfc630d..51a4a36 100644
--- a/src/security/detail/openssl-helper.hpp
+++ b/src/security/detail/openssl-helper.hpp
@@ -30,7 +30,7 @@
namespace detail {
const EVP_MD*
-toDigestEvpMd(DigestAlgorithm algo);
+digestAlgorithmToEvpMd(DigestAlgorithm algo);
int
getEvpPkeyType(EVP_PKEY* key);
diff --git a/src/security/security-common.hpp b/src/security/security-common.hpp
index 20d8040..2a0a4c8 100644
--- a/src/security/security-common.hpp
+++ b/src/security/security-common.hpp
@@ -1,5 +1,5 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
+/*
* Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
@@ -24,8 +24,6 @@
#include "../common.hpp"
-#define NDN_CXX_KEEP_SECURITY_V1_ALIASES
-
namespace ndn {
namespace signed_interest {
@@ -75,17 +73,20 @@
*
* This KeyId provides roughly uniqueness of the key names.
*/
- RANDOM = 2
+ RANDOM = 2,
};
std::ostream&
operator<<(std::ostream& os, KeyIdType keyIdType);
+/**
+ * @brief The type of a cryptographic key
+ */
enum class KeyType {
- NONE = 0,
- RSA = 1,
- EC = 2,
- AES = 128
+ NONE = 0, ///< Unknown key type
+ RSA = 1, ///< RSA key, supports sign/verify and encrypt/decrypt operations
+ EC = 2, ///< Elliptic Curve key (e.g. for ECDSA), supports sign/verify operations
+ AES = 128, ///< AES key, supports encrypt/decrypt operations
};
std::ostream&
@@ -95,7 +96,7 @@
NONE,
PUBLIC,
PRIVATE,
- SYMMETRIC
+ SYMMETRIC,
};
std::ostream&
@@ -103,7 +104,7 @@
enum class DigestAlgorithm {
NONE = 0,
- SHA256 = 1
+ SHA256 = 1,
};
std::ostream&
@@ -111,7 +112,7 @@
enum class BlockCipherAlgorithm {
NONE,
- AES_CBC
+ AES_CBC,
};
std::ostream&
@@ -119,7 +120,7 @@
enum class CipherOperator {
DECRYPT = 0,
- ENCRYPT = 1
+ ENCRYPT = 1,
};
std::ostream&
@@ -128,7 +129,7 @@
enum class AclType {
NONE,
PUBLIC,
- PRIVATE
+ PRIVATE,
};
std::ostream&
diff --git a/src/security/transform/digest-filter.cpp b/src/security/transform/digest-filter.cpp
index eca72b2..862d784 100644
--- a/src/security/transform/digest-filter.cpp
+++ b/src/security/transform/digest-filter.cpp
@@ -61,7 +61,7 @@
DigestFilter::DigestFilter(DigestAlgorithm algo)
: m_impl(make_unique<Impl>())
{
- const EVP_MD* md = detail::toDigestEvpMd(algo);
+ const EVP_MD* md = detail::digestAlgorithmToEvpMd(algo);
if (md == nullptr)
BOOST_THROW_EXCEPTION(Error(getIndex(), "Unsupported digest algorithm " +
boost::lexical_cast<std::string>(algo)));
diff --git a/src/security/transform/hmac-filter.cpp b/src/security/transform/hmac-filter.cpp
index d45cd85..e150a79 100644
--- a/src/security/transform/hmac-filter.cpp
+++ b/src/security/transform/hmac-filter.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+/*
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -74,7 +74,7 @@
BOOST_ASSERT(key != nullptr);
BOOST_ASSERT(keyLen > 0);
- const EVP_MD* algorithm = detail::toDigestEvpMd(algo);
+ const EVP_MD* algorithm = detail::digestAlgorithmToEvpMd(algo);
if (algorithm == nullptr)
BOOST_THROW_EXCEPTION(Error(getIndex(), "Unsupported digest algorithm"));
diff --git a/src/security/transform/signer-filter.cpp b/src/security/transform/signer-filter.cpp
index 16d3146..ab9fdb3 100644
--- a/src/security/transform/signer-filter.cpp
+++ b/src/security/transform/signer-filter.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+/*
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,8 +20,9 @@
*/
#include "signer-filter.hpp"
-#include "../../encoding/buffer.hpp"
-#include "../detail/openssl.hpp"
+#include "../detail/openssl-helper.hpp"
+
+#include <boost/lexical_cast.hpp>
namespace ndn {
namespace security {
@@ -53,16 +54,14 @@
SignerFilter::SignerFilter(DigestAlgorithm algo, const PrivateKey& key)
: m_impl(new Impl(key))
{
- switch (algo) {
- case DigestAlgorithm::SHA256: {
- if (!BIO_set_md(m_impl->m_md, EVP_sha256()))
- BOOST_THROW_EXCEPTION(Error(getIndex(), "Cannot set digest"));
- break;
- }
+ const EVP_MD* md = detail::digestAlgorithmToEvpMd(algo);
+ if (md == nullptr)
+ BOOST_THROW_EXCEPTION(Error(getIndex(), "Unsupported digest algorithm " +
+ boost::lexical_cast<std::string>(algo)));
- default:
- BOOST_THROW_EXCEPTION(Error(getIndex(), "Digest algorithm is not supported"));
- }
+ if (!BIO_set_md(m_impl->m_md, md))
+ BOOST_THROW_EXCEPTION(Error(getIndex(), "Cannot set digest " +
+ boost::lexical_cast<std::string>(algo)));
}
size_t
diff --git a/src/security/transform/verifier-filter.cpp b/src/security/transform/verifier-filter.cpp
index 5f0c716..1a7eebe 100644
--- a/src/security/transform/verifier-filter.cpp
+++ b/src/security/transform/verifier-filter.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+/*
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -20,7 +20,9 @@
*/
#include "verifier-filter.hpp"
-#include "../detail/openssl.hpp"
+#include "../detail/openssl-helper.hpp"
+
+#include <boost/lexical_cast.hpp>
namespace ndn {
namespace security {
@@ -58,16 +60,14 @@
const uint8_t* sig, size_t sigLen)
: m_impl(new Impl(key, sig, sigLen))
{
- switch (algo) {
- case DigestAlgorithm::SHA256: {
- if (!BIO_set_md(m_impl->m_md, EVP_sha256()))
- BOOST_THROW_EXCEPTION(Error(getIndex(), "Cannot set digest"));
- break;
- }
+ const EVP_MD* md = detail::digestAlgorithmToEvpMd(algo);
+ if (md == nullptr)
+ BOOST_THROW_EXCEPTION(Error(getIndex(), "Unsupported digest algorithm " +
+ boost::lexical_cast<std::string>(algo)));
- default:
- BOOST_THROW_EXCEPTION(Error(getIndex(), "Digest algorithm is not supported"));
- }
+ if (!BIO_set_md(m_impl->m_md, md))
+ BOOST_THROW_EXCEPTION(Error(getIndex(), "Cannot set digest " +
+ boost::lexical_cast<std::string>(algo)));
}
size_t