security: make some functions static in BackEndOsx, simplify KeyHandleOsx
Change-Id: I178a5fe4bbffe6a5337b546653a90724f3ef41f5
Refs: #4075
diff --git a/src/security/tpm/back-end-osx.cpp b/src/security/tpm/back-end-osx.cpp
index 145ffeb..3a2035e 100644
--- a/src/security/tpm/back-end-osx.cpp
+++ b/src/security/tpm/back-end-osx.cpp
@@ -21,13 +21,13 @@
#include "back-end-osx.hpp"
#include "key-handle-osx.hpp"
-#include "../transform/private-key.hpp"
#include "tpm.hpp"
+#include "../transform/private-key.hpp"
#include <CoreServices/CoreServices.h>
-#include <Security/Security.h>
-#include <Security/SecRandom.h>
#include <Security/SecDigestTransform.h>
+#include <Security/SecRandom.h>
+#include <Security/Security.h>
namespace ndn {
namespace security {
@@ -52,7 +52,8 @@
CFReleaser<SecKeychainItemRef>
getKey(const Name& keyName)
{
- CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(nullptr, keyName.toUri().c_str(), kCFStringEncodingUTF8);
+ CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(nullptr, keyName.toUri().c_str(),
+ kCFStringEncodingUTF8);
CFReleaser<CFMutableDictionaryRef> attrDict =
CFDictionaryCreateMutable(nullptr, 5, &kCFTypeDictionaryKeyCallBacks, nullptr);
@@ -193,19 +194,16 @@
}
ConstBufferPtr
-BackEndOsx::sign(const KeyRefOsx& key, DigestAlgorithm digestAlgorithm,
- const uint8_t* buf, size_t size) const
+BackEndOsx::sign(const KeyRefOsx& key, DigestAlgorithm digestAlgo, const uint8_t* buf, size_t size)
{
- CFReleaser<CFDataRef> dataRef = CFDataCreateWithBytesNoCopy(nullptr, buf, size, kCFAllocatorNull);
-
CFReleaser<CFErrorRef> error;
- // C-style cast is used as per Apple convention
CFReleaser<SecTransformRef> signer = SecSignTransformCreate(key.get(), &error.get());
if (error != nullptr) {
BOOST_THROW_EXCEPTION(Error("Fail to create signer"));
}
// Set input
+ CFReleaser<CFDataRef> dataRef = CFDataCreateWithBytesNoCopy(nullptr, buf, size, kCFAllocatorNull);
SecTransformSetAttribute(signer.get(), kSecTransformInputAttributeName, dataRef.get(), &error.get());
if (error != nullptr) {
BOOST_THROW_EXCEPTION(Error("Fail to configure input of signer"));
@@ -214,25 +212,23 @@
// Enable use of padding
SecTransformSetAttribute(signer.get(), kSecPaddingKey, kSecPaddingPKCS1Key, &error.get());
if (error != nullptr) {
- BOOST_THROW_EXCEPTION(Error("Fail to configure digest algorithm of signer"));
+ BOOST_THROW_EXCEPTION(Error("Fail to configure padding of signer"));
}
- // Set padding type
- SecTransformSetAttribute(signer.get(), kSecDigestTypeAttribute, getDigestAlgorithm(digestAlgorithm), &error.get());
+ // Set digest type
+ SecTransformSetAttribute(signer.get(), kSecDigestTypeAttribute, getDigestAlgorithm(digestAlgo), &error.get());
if (error != nullptr) {
- BOOST_THROW_EXCEPTION(Error("Fail to configure digest algorithm of signer"));
+ BOOST_THROW_EXCEPTION(Error("Fail to configure digest type of signer"));
}
- // Set digest attribute
- long digestSize = getDigestSize(digestAlgorithm);
+ // Set digest length
+ long digestSize = getDigestSize(digestAlgo);
CFReleaser<CFNumberRef> cfDigestSize = CFNumberCreate(nullptr, kCFNumberLongType, &digestSize);
- SecTransformSetAttribute(signer.get(),
- kSecDigestLengthAttribute,
- cfDigestSize.get(),
- &error.get());
+ SecTransformSetAttribute(signer.get(), kSecDigestLengthAttribute, cfDigestSize.get(), &error.get());
if (error != nullptr) {
- BOOST_THROW_EXCEPTION(Error("Fail to configure digest size of signer"));
+ BOOST_THROW_EXCEPTION(Error("Fail to configure digest length of signer"));
}
+
// Actually sign
// C-style cast is used as per Apple convention
CFReleaser<CFDataRef> signature = (CFDataRef)SecTransformExecute(signer.get(), &error.get());
@@ -242,31 +238,30 @@
}
if (signature == nullptr) {
- BOOST_THROW_EXCEPTION(Error("Signature is NULL!\n"));
+ BOOST_THROW_EXCEPTION(Error("Signature is null"));
}
return make_shared<Buffer>(CFDataGetBytePtr(signature.get()), CFDataGetLength(signature.get()));
}
ConstBufferPtr
-BackEndOsx::decrypt(const KeyRefOsx& key, const uint8_t* cipherText, size_t cipherSize) const
+BackEndOsx::decrypt(const KeyRefOsx& key, const uint8_t* cipherText, size_t cipherSize)
{
- CFReleaser<CFDataRef> dataRef = CFDataCreateWithBytesNoCopy(nullptr, cipherText, cipherSize, kCFAllocatorNull);
-
CFReleaser<CFErrorRef> error;
CFReleaser<SecTransformRef> decryptor = SecDecryptTransformCreate(key.get(), &error.get());
if (error != nullptr) {
- BOOST_THROW_EXCEPTION(Error("Fail to create decrypt"));
+ BOOST_THROW_EXCEPTION(Error("Fail to create decryptor"));
}
+ CFReleaser<CFDataRef> dataRef = CFDataCreateWithBytesNoCopy(nullptr, cipherText, cipherSize, kCFAllocatorNull);
SecTransformSetAttribute(decryptor.get(), kSecTransformInputAttributeName, dataRef.get(), &error.get());
if (error != nullptr) {
- BOOST_THROW_EXCEPTION(Error("Fail to configure decrypt"));
+ BOOST_THROW_EXCEPTION(Error("Fail to configure decryptor input"));
}
SecTransformSetAttribute(decryptor.get(), kSecPaddingKey, kSecPaddingOAEPKey, &error.get());
if (error != nullptr) {
- BOOST_THROW_EXCEPTION(Error("Fail to configure decrypt #2"));
+ BOOST_THROW_EXCEPTION(Error("Fail to configure decryptor padding"));
}
CFReleaser<CFDataRef> output = (CFDataRef)SecTransformExecute(decryptor.get(), &error.get());
@@ -276,13 +271,14 @@
}
if (output == nullptr) {
- BOOST_THROW_EXCEPTION(Error("Output is NULL!\n"));
+ BOOST_THROW_EXCEPTION(Error("Output is null"));
}
+
return make_shared<Buffer>(CFDataGetBytePtr(output.get()), CFDataGetLength(output.get()));
}
ConstBufferPtr
-BackEndOsx::derivePublicKey(const KeyRefOsx& key) const
+BackEndOsx::derivePublicKey(const KeyRefOsx& key)
{
CFReleaser<CFDataRef> exportedKey;
OSStatus res = SecItemExport(key.get(), // secItemOrArray
@@ -308,7 +304,8 @@
bool
BackEndOsx::doHasKey(const Name& keyName) const
{
- CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(nullptr, keyName.toUri().c_str(), kCFStringEncodingUTF8);
+ CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(nullptr, keyName.toUri().c_str(),
+ kCFStringEncodingUTF8);
CFReleaser<CFMutableDictionaryRef> attrDict =
CFDictionaryCreateMutable(nullptr, 4, &kCFTypeDictionaryKeyCallBacks, nullptr);
@@ -322,7 +319,7 @@
OSStatus res = SecItemCopyMatching((CFDictionaryRef)attrDict.get(), (CFTypeRef*)&itemRef.get());
itemRef.retain();
- return (res == errSecSuccess);
+ return res == errSecSuccess;
}
unique_ptr<KeyHandle>
@@ -336,7 +333,7 @@
return nullptr;
}
- return make_unique<KeyHandleOsx>(*this, (SecKeyRef)keyItem.get());
+ return make_unique<KeyHandleOsx>((SecKeyRef)keyItem.get());
}
unique_ptr<KeyHandle>
@@ -386,7 +383,7 @@
}
}
- unique_ptr<KeyHandle> keyHandle = make_unique<KeyHandleOsx>(*this, privateKey.get());
+ unique_ptr<KeyHandle> keyHandle = make_unique<KeyHandleOsx>(privateKey.get());
setKeyName(*keyHandle, identityName, params);
SecKeychainAttribute attrs[1]; // maximum number of attributes
@@ -408,7 +405,8 @@
void
BackEndOsx::doDeleteKey(const Name& keyName)
{
- CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(nullptr, keyName.toUri().c_str(), kCFStringEncodingUTF8);
+ CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(nullptr, keyName.toUri().c_str(),
+ kCFStringEncodingUTF8);
CFReleaser<CFMutableDictionaryRef> searchDict =
CFDictionaryCreateMutable(nullptr, 5, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
@@ -473,7 +471,8 @@
SecExternalFormat externalFormat = kSecFormatWrappedPKCS8;
SecExternalItemType externalType = kSecItemTypePrivateKey;
- CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(nullptr, keyName.toUri().c_str(), kCFStringEncodingUTF8);
+ CFReleaser<CFStringRef> keyLabel = CFStringCreateWithCString(nullptr, keyName.toUri().c_str(),
+ kCFStringEncodingUTF8);
CFReleaser<CFStringRef> passphrase =
CFStringCreateWithBytes(nullptr, reinterpret_cast<const uint8_t*>(pw), pwLen, kCFStringEncodingUTF8, false);
CFReleaser<SecAccessRef> access;
@@ -519,7 +518,7 @@
{
attrs[attrList.count].tag = kSecKeyPrintName;
attrs[attrList.count].length = keyUri.size();
- attrs[attrList.count].data = const_cast<char*>(keyUri.c_str());
+ attrs[attrList.count].data = const_cast<char*>(keyUri.data());
attrList.count++;
}
diff --git a/src/security/tpm/back-end-osx.hpp b/src/security/tpm/back-end-osx.hpp
index 1a644d9..61f7f68 100644
--- a/src/security/tpm/back-end-osx.hpp
+++ b/src/security/tpm/back-end-osx.hpp
@@ -1,5 +1,5 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
+/*
* Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
@@ -79,17 +79,16 @@
/**
* @brief Sign @p buf with @p key using @p digestAlgorithm.
*/
- ConstBufferPtr
- sign(const KeyRefOsx& key, DigestAlgorithm digestAlgorithm, const uint8_t* buf, size_t size) const;
+ static ConstBufferPtr
+ sign(const KeyRefOsx& key, DigestAlgorithm digestAlgorithm, const uint8_t* buf, size_t size);
- ConstBufferPtr
- decrypt(const KeyRefOsx& key, const uint8_t* cipherText, size_t cipherSize) const;
+ static ConstBufferPtr
+ decrypt(const KeyRefOsx& key, const uint8_t* cipherText, size_t cipherSize);
- ConstBufferPtr
- derivePublicKey(const KeyRefOsx& key) const;
+ static ConstBufferPtr
+ derivePublicKey(const KeyRefOsx& key);
private: // inherited from tpm::BackEnd
-
/**
* @return True if a key with name @p keyName exists in TPM.
*/
diff --git a/src/security/tpm/key-handle-mem.cpp b/src/security/tpm/key-handle-mem.cpp
index d9b5c32..d9fb590 100644
--- a/src/security/tpm/key-handle-mem.cpp
+++ b/src/security/tpm/key-handle-mem.cpp
@@ -20,20 +20,20 @@
*/
#include "key-handle-mem.hpp"
-#include "../transform.hpp"
+#include "../transform/buffer-source.hpp"
#include "../transform/private-key.hpp"
+#include "../transform/signer-filter.hpp"
+#include "../transform/stream-sink.hpp"
#include "../../encoding/buffer-stream.hpp"
namespace ndn {
namespace security {
namespace tpm {
-using transform::PrivateKey;
-
-KeyHandleMem::KeyHandleMem(shared_ptr<PrivateKey> key)
- : m_key(key)
+KeyHandleMem::KeyHandleMem(shared_ptr<transform::PrivateKey> key)
+ : m_key(std::move(key))
{
- BOOST_ASSERT(key != nullptr);
+ BOOST_ASSERT(m_key != nullptr);
}
ConstBufferPtr
diff --git a/src/security/tpm/key-handle-osx.cpp b/src/security/tpm/key-handle-osx.cpp
index 518a673..05e7023 100644
--- a/src/security/tpm/key-handle-osx.cpp
+++ b/src/security/tpm/key-handle-osx.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2016 Regents of the University of California.
+/*
+ * Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -26,9 +26,8 @@
namespace security {
namespace tpm {
-KeyHandleOsx::KeyHandleOsx(const BackEndOsx& impl, const KeyRefOsx& key)
- : m_impl(impl)
- , m_key(key)
+KeyHandleOsx::KeyHandleOsx(const KeyRefOsx& key)
+ : m_key(key)
{
if (m_key.get() == 0)
BOOST_THROW_EXCEPTION(Error("key is not set"));
@@ -37,19 +36,19 @@
ConstBufferPtr
KeyHandleOsx::doSign(DigestAlgorithm digestAlgorithm, const uint8_t* buf, size_t size) const
{
- return m_impl.sign(m_key, digestAlgorithm, buf, size);
+ return BackEndOsx::sign(m_key, digestAlgorithm, buf, size);
}
ConstBufferPtr
KeyHandleOsx::doDecrypt(const uint8_t* cipherText, size_t cipherTextLen) const
{
- return m_impl.decrypt(m_key, cipherText, cipherTextLen);
+ return BackEndOsx::decrypt(m_key, cipherText, cipherTextLen);
}
ConstBufferPtr
KeyHandleOsx::doDerivePublicKey() const
{
- return m_impl.derivePublicKey(m_key);
+ return BackEndOsx::derivePublicKey(m_key);
}
} // namespace tpm
diff --git a/src/security/tpm/key-handle-osx.hpp b/src/security/tpm/key-handle-osx.hpp
index c1b338f..a6e1484 100644
--- a/src/security/tpm/key-handle-osx.hpp
+++ b/src/security/tpm/key-handle-osx.hpp
@@ -1,5 +1,5 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
+/*
* Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
@@ -33,26 +33,14 @@
namespace security {
namespace tpm {
-class BackEndOsx;
-
/**
* @brief Abstraction of TPM key handle used by the TPM based on OS X Keychain Service.
*/
class KeyHandleOsx : public KeyHandle
{
public:
- class Error : public KeyHandle::Error
- {
- public:
- explicit
- Error(const std::string& what)
- : KeyHandle::Error(what)
- {
- }
- };
-
-public:
- KeyHandleOsx(const BackEndOsx& impl, const KeyRefOsx& key);
+ explicit
+ KeyHandleOsx(const KeyRefOsx& key);
private:
ConstBufferPtr
@@ -65,7 +53,6 @@
doDerivePublicKey() const final;
private:
- const BackEndOsx& m_impl;
KeyRefOsx m_key;
};