da/dc6/back-end-osx_8cpp_source.html

 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
  * Copyright (c) 2013-2018 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
  * terms of the GNU Lesser General Public License as published by the Free Software
  * Foundation, either version 3 of the License, or (at your option) any later version.
  *
  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
  * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
  *
  * You should have received copies of the GNU General Public License and GNU Lesser
  * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
  * <http://www.gnu.org/licenses/>.
  *
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */

 #include "ndn-cxx/security/tpm/back-end-osx.hpp"
 #include "ndn-cxx/security/tpm/key-handle-osx.hpp"
 #include "ndn-cxx/security/tpm/tpm.hpp"
 #include "ndn-cxx/security/transform/private-key.hpp"
 #include "ndn-cxx/detail/cf-string-osx.hpp"
 #include "ndn-cxx/encoding/buffer-stream.hpp"

 #include <Security/Security.h>
 #include <cstring>

 namespace ndn {
 namespace security {
 namespace tpm {

 namespace cfstring = detail::cfstring;
 using detail::CFReleaser;

 class BackEndOsx::Impl
 {
 public:
   SecKeychainRef keyChainRef;
   bool isTerminalMode = false;
 };

 static CFReleaser<CFDataRef>
 makeCFDataNoCopy(const uint8_t* buf, size_t buflen)
 {
   return CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, buf, buflen, kCFAllocatorNull);
 }

 static CFReleaser<CFMutableDictionaryRef>
 makeCFMutableDictionary()
 {
   return CFDictionaryCreateMutable(kCFAllocatorDefault, 0,
                                    &kCFTypeDictionaryKeyCallBacks,
                                    &kCFTypeDictionaryValueCallBacks);
 }

 static std::string
 getErrorMessage(OSStatus status)
 {
   CFReleaser<CFStringRef> msg = SecCopyErrorMessageString(status, nullptr);
   if (msg != nullptr)
     return cfstring::toStdString(msg.get());
   else
     return "<no error message>";
 }

 static std::string
 getFailureReason(CFErrorRef err)
 {
   CFReleaser<CFStringRef> reason = CFErrorCopyFailureReason(err);
   if (reason != nullptr)
     return cfstring::toStdString(reason.get());
   else
     return "<unknown reason>";
 }

 static CFTypeRef
 getAsymKeyType(KeyType keyType)
 {
   switch (keyType) {
   case KeyType::RSA:
     return kSecAttrKeyTypeRSA;
   case KeyType::EC:
     return kSecAttrKeyTypeECDSA;
   default:
     BOOST_THROW_EXCEPTION(Tpm::Error("Unsupported key type"));
   }
 }

 static CFTypeRef
 getDigestAlgorithm(DigestAlgorithm digestAlgo)
 {
   switch (digestAlgo) {
   case DigestAlgorithm::SHA224:
   case DigestAlgorithm::SHA256:
   case DigestAlgorithm::SHA384:
   case DigestAlgorithm::SHA512:
     return kSecDigestSHA2;
   default:
     return nullptr;
   }
 }

 static int
 getDigestSize(DigestAlgorithm digestAlgo)
 {
   switch (digestAlgo) {
   case DigestAlgorithm::SHA224:
     return 224;
   case DigestAlgorithm::SHA256:
     return 256;
   case DigestAlgorithm::SHA384:
     return 384;
   case DigestAlgorithm::SHA512:
     return 512;
   default:
     return -1;
   }
 }

 static KeyRefOsx
 getKeyRef(const Name& keyName)
 {
   auto keyLabel = cfstring::fromStdString(keyName.toUri());

   auto query = makeCFMutableDictionary();
   CFDictionaryAddValue(query.get(), kSecClass, kSecClassKey);
   CFDictionaryAddValue(query.get(), kSecAttrKeyClass, kSecAttrKeyClassPrivate);
   CFDictionaryAddValue(query.get(), kSecAttrLabel, keyLabel.get());
   CFDictionaryAddValue(query.get(), kSecReturnRef, kCFBooleanTrue);

   KeyRefOsx keyRef;
   // C-style cast is used as per Apple convention
   OSStatus res = SecItemCopyMatching(query.get(), (CFTypeRef*)&keyRef.get());
   keyRef.retain();

   if (res == errSecSuccess) {
     return keyRef;
   }
   else if (res == errSecItemNotFound) {
     return nullptr;
   }
   else {
     BOOST_THROW_EXCEPTION(BackEnd::Error("Key lookup in keychain failed: " + getErrorMessage(res)));
   }
 }

 static void
 exportItem(const KeyRefOsx& keyRef, transform::PrivateKey& outKey)
 {
   // use a temporary password for PKCS8 encoding
   const char pw[] = "correct horse battery staple";
   auto passphrase = cfstring::fromBuffer(reinterpret_cast<const uint8_t*>(pw), std::strlen(pw));

   SecItemImportExportKeyParameters keyParams;
   std::memset(&keyParams, 0, sizeof(keyParams));
   keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
   keyParams.passphrase = passphrase.get();

   CFReleaser<CFDataRef> exportedKey;
   OSStatus res = SecItemExport(keyRef.get(),           // secItemOrArray
                                kSecFormatWrappedPKCS8, // outputFormat
                                0,                      // flags
                                &keyParams,             // keyParams
                                &exportedKey.get());    // exportedData

   if (res != errSecSuccess) {
     BOOST_THROW_EXCEPTION(BackEnd::Error("Failed to export private key: "s + getErrorMessage(res)));
   }

   outKey.loadPkcs8(CFDataGetBytePtr(exportedKey.get()), CFDataGetLength(exportedKey.get()),
                    pw, std::strlen(pw));
 }

 BackEndOsx::BackEndOsx(const std::string&)
   : m_impl(make_unique<Impl>())
 {
   SecKeychainSetUserInteractionAllowed(!m_impl->isTerminalMode);

   OSStatus res = SecKeychainCopyDefault(&m_impl->keyChainRef);
   if (res == errSecNoDefaultKeychain) {
     BOOST_THROW_EXCEPTION(Error("No default keychain, create one first"));
   }
 }

 BackEndOsx::~BackEndOsx() = default;

 const std::string&
 BackEndOsx::getScheme()
 {
   static std::string scheme = "tpm-osxkeychain";
   return scheme;
 }

 bool
 BackEndOsx::isTerminalMode() const
 {
   return m_impl->isTerminalMode;
 }

 void
 BackEndOsx::setTerminalMode(bool isTerminal) const
 {
   m_impl->isTerminalMode = isTerminal;
   SecKeychainSetUserInteractionAllowed(!isTerminal);
 }

 bool
 BackEndOsx::isTpmLocked() const
 {
   SecKeychainStatus keychainStatus;
   OSStatus res = SecKeychainGetStatus(m_impl->keyChainRef, &keychainStatus);
   if (res != errSecSuccess)
     return true;
   else
     return (kSecUnlockStateStatus & keychainStatus) == 0;
 }

 bool
 BackEndOsx::unlockTpm(const char* pw, size_t pwLen) const
 {
   // If the default key chain is already unlocked, return immediately.
   if (!isTpmLocked())
     return true;

   if (m_impl->isTerminalMode) {
     // Use the supplied password.
     SecKeychainUnlock(m_impl->keyChainRef, pwLen, pw, true);
   }
   else {
     // If inTerminal is not set, get the password from GUI.
     SecKeychainUnlock(m_impl->keyChainRef, 0, nullptr, false);
   }

   return !isTpmLocked();
 }

 ConstBufferPtr
 BackEndOsx::sign(const KeyRefOsx& key, DigestAlgorithm digestAlgo, const uint8_t* buf, size_t size)
 {
   CFReleaser<CFErrorRef> error;
   CFReleaser<SecTransformRef> signer = SecSignTransformCreate(key.get(), &error.get());
   if (signer == nullptr) {
     BOOST_THROW_EXCEPTION(Error("Failed to create sign transform: " + getFailureReason(error.get())));
   }

   // Set input
   auto data = makeCFDataNoCopy(buf, size);
   SecTransformSetAttribute(signer.get(), kSecTransformInputAttributeName, data.get(), &error.get());
   if (error != nullptr) {
     BOOST_THROW_EXCEPTION(Error("Failed to configure input of sign transform: " +
                                 getFailureReason(error.get())));
   }

   // Enable use of padding
   SecTransformSetAttribute(signer.get(), kSecPaddingKey, kSecPaddingPKCS1Key, &error.get());
   if (error != nullptr) {
     BOOST_THROW_EXCEPTION(Error("Failed to configure padding of sign transform: " +
                                 getFailureReason(error.get())));
   }

   // Set digest type
   SecTransformSetAttribute(signer.get(), kSecDigestTypeAttribute, getDigestAlgorithm(digestAlgo), &error.get());
   if (error != nullptr) {
     BOOST_THROW_EXCEPTION(Error("Failed to configure digest type of sign transform: " +
                                 getFailureReason(error.get())));
   }

   // Set digest length
   int digestSize = getDigestSize(digestAlgo);
   CFReleaser<CFNumberRef> cfDigestSize = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &digestSize);
   SecTransformSetAttribute(signer.get(), kSecDigestLengthAttribute, cfDigestSize.get(), &error.get());
   if (error != nullptr) {
     BOOST_THROW_EXCEPTION(Error("Failed to configure digest length of sign transform: " +
                                 getFailureReason(error.get())));
   }

   // Actually sign
   // C-style cast is used as per Apple convention
   CFReleaser<CFDataRef> signature = (CFDataRef)SecTransformExecute(signer.get(), &error.get());
   if (signature == nullptr) {
     BOOST_THROW_EXCEPTION(Error("Failed to sign data: " + getFailureReason(error.get())));
   }

   return make_shared<Buffer>(CFDataGetBytePtr(signature.get()), CFDataGetLength(signature.get()));
 }

 ConstBufferPtr
 BackEndOsx::decrypt(const KeyRefOsx& key, const uint8_t* cipherText, size_t cipherSize)
 {
   CFReleaser<CFErrorRef> error;
   CFReleaser<SecTransformRef> decryptor = SecDecryptTransformCreate(key.get(), &error.get());
   if (decryptor == nullptr) {
     BOOST_THROW_EXCEPTION(Error("Failed to create decrypt transform: " + getFailureReason(error.get())));
   }

   auto data = makeCFDataNoCopy(cipherText, cipherSize);
   SecTransformSetAttribute(decryptor.get(), kSecTransformInputAttributeName, data.get(), &error.get());
   if (error != nullptr) {
     BOOST_THROW_EXCEPTION(Error("Failed to configure input of decrypt transform: " +
                                 getFailureReason(error.get())));
   }

   SecTransformSetAttribute(decryptor.get(), kSecPaddingKey, kSecPaddingOAEPKey, &error.get());
   if (error != nullptr) {
     BOOST_THROW_EXCEPTION(Error("Failed to configure padding of decrypt transform: " +
                                 getFailureReason(error.get())));
   }

   // C-style cast is used as per Apple convention
   CFReleaser<CFDataRef> plainText = (CFDataRef)SecTransformExecute(decryptor.get(), &error.get());
   if (plainText == nullptr) {
     BOOST_THROW_EXCEPTION(Error("Failed to decrypt data: " + getFailureReason(error.get())));
   }

   return make_shared<Buffer>(CFDataGetBytePtr(plainText.get()), CFDataGetLength(plainText.get()));
 }

 ConstBufferPtr
 BackEndOsx::derivePublicKey(const KeyRefOsx& key)
 {
   transform::PrivateKey privateKey;
   exportItem(key, privateKey);
   return privateKey.derivePublicKey();
 }

 bool
 BackEndOsx::doHasKey(const Name& keyName) const
 {
   return getKeyRef(keyName) != nullptr;
 }

 unique_ptr<KeyHandle>
 BackEndOsx::doGetKeyHandle(const Name& keyName) const
 {
   KeyRefOsx keyRef = getKeyRef(keyName);
   if (keyRef == nullptr) {
     return nullptr;
   }

   return make_unique<KeyHandleOsx>(keyRef.get());
 }

 unique_ptr<KeyHandle>
 BackEndOsx::doCreateKey(const Name& identityName, const KeyParams& params)
 {
   KeyType keyType = params.getKeyType();
   uint32_t keySize;
   switch (keyType) {
     case KeyType::RSA: {
       const RsaKeyParams& rsaParams = static_cast<const RsaKeyParams&>(params);
       keySize = rsaParams.getKeySize();
       break;
     }
     case KeyType::EC: {
       const EcKeyParams& ecParams = static_cast<const EcKeyParams&>(params);
       keySize = ecParams.getKeySize();
       break;
     }
     default: {
       BOOST_THROW_EXCEPTION(Tpm::Error("Failed to generate key pair: Unsupported key type"));
     }
   }
   CFReleaser<CFNumberRef> cfKeySize = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &keySize);

   auto attrDict = makeCFMutableDictionary();
   CFDictionaryAddValue(attrDict.get(), kSecAttrKeyType, getAsymKeyType(keyType));
   CFDictionaryAddValue(attrDict.get(), kSecAttrKeySizeInBits, cfKeySize.get());

   KeyRefOsx publicKey, privateKey;
   OSStatus res = SecKeyGeneratePair(attrDict.get(), &publicKey.get(), &privateKey.get());
   publicKey.retain();
   privateKey.retain();

   if (res != errSecSuccess) {
     BOOST_THROW_EXCEPTION(Error("Failed to generate key pair: " + getErrorMessage(res)));
   }

   unique_ptr<KeyHandle> keyHandle = make_unique<KeyHandleOsx>(privateKey.get());
   setKeyName(*keyHandle, identityName, params);

   SecKeychainAttribute attrs[1]; // maximum number of attributes
   SecKeychainAttributeList attrList = {0, attrs};
   std::string keyUri = keyHandle->getKeyName().toUri();
   {
     attrs[attrList.count].tag = kSecKeyPrintName;
     attrs[attrList.count].length = keyUri.size();
     attrs[attrList.count].data = const_cast<char*>(keyUri.data());
     attrList.count++;
   }

   SecKeychainItemModifyAttributesAndData((SecKeychainItemRef)privateKey.get(), &attrList, 0, nullptr);
   SecKeychainItemModifyAttributesAndData((SecKeychainItemRef)publicKey.get(), &attrList, 0, nullptr);

   return keyHandle;
 }

 void
 BackEndOsx::doDeleteKey(const Name& keyName)
 {
   auto keyLabel = cfstring::fromStdString(keyName.toUri());

   auto query = makeCFMutableDictionary();
   CFDictionaryAddValue(query.get(), kSecClass, kSecClassKey);
   CFDictionaryAddValue(query.get(), kSecAttrLabel, keyLabel.get());
   CFDictionaryAddValue(query.get(), kSecMatchLimit, kSecMatchLimitAll);

   OSStatus res = SecItemDelete(query.get());

   if (res != errSecSuccess && res != errSecItemNotFound) {
     BOOST_THROW_EXCEPTION(Error("Failed to delete key pair: " + getErrorMessage(res)));
   }
 }

 ConstBufferPtr
 BackEndOsx::doExportKey(const Name& keyName, const char* pw, size_t pwLen)
 {
   KeyRefOsx keychainItem = getKeyRef(keyName);
   if (keychainItem == nullptr) {
     BOOST_THROW_EXCEPTION(Error("Failed to export private key: " + getErrorMessage(errSecItemNotFound)));
   }

   transform::PrivateKey exportedKey;
   OBufferStream pkcs8;
   try {
     exportItem(keychainItem, exportedKey);
     exportedKey.savePkcs8(pkcs8, pw, pwLen);
   }
   catch (const transform::PrivateKey::Error& e) {
     BOOST_THROW_EXCEPTION(Error("Failed to export private key: "s + e.what()));
   }
   return pkcs8.buf();
 }

 void
 BackEndOsx::doImportKey(const Name& keyName, const uint8_t* buf, size_t size,
                         const char* pw, size_t pwLen)
 {
   transform::PrivateKey privKey;
   OBufferStream pkcs1;
   try {
     // do the PKCS8 decoding ourselves, see bug #4450
     privKey.loadPkcs8(buf, size, pw, pwLen);
     privKey.savePkcs1(pkcs1);
   }
   catch (const transform::PrivateKey::Error& e) {
     BOOST_THROW_EXCEPTION(Error("Failed to import private key: "s + e.what()));
   }
   auto keyToImport = makeCFDataNoCopy(pkcs1.buf()->data(), pkcs1.buf()->size());

   SecExternalFormat externalFormat = kSecFormatOpenSSL;
   SecExternalItemType externalType = kSecItemTypePrivateKey;

   auto keyUri = keyName.toUri();
   auto keyLabel = cfstring::fromStdString(keyUri);
   CFReleaser<SecAccessRef> access;
   OSStatus res = SecAccessCreate(keyLabel.get(), // descriptor
                                  nullptr,        // trustedlist (null == trust only the calling app)
                                  &access.get()); // accessRef

   if (res != errSecSuccess) {
     BOOST_THROW_EXCEPTION(Error("Failed to import private key: " + getErrorMessage(res)));
   }

   SecItemImportExportKeyParameters keyParams;
   std::memset(&keyParams, 0, sizeof(keyParams));
   keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
   keyParams.accessRef = access.get();

   CFReleaser<CFArrayRef> outItems;
   res = SecItemImport(keyToImport.get(),   // importedData
                       nullptr,             // fileNameOrExtension
                       &externalFormat,     // inputFormat
                       &externalType,       // itemType
                       0,                   // flags
                       &keyParams,          // keyParams
                       m_impl->keyChainRef, // importKeychain
                       &outItems.get());    // outItems

   if (res != errSecSuccess) {
     BOOST_THROW_EXCEPTION(Error("Failed to import private key: " + getErrorMessage(res)));
   }

   // C-style cast is used as per Apple convention
   SecKeychainItemRef keychainItem = (SecKeychainItemRef)CFArrayGetValueAtIndex(outItems.get(), 0);
   SecKeychainAttribute attrs[1]; // maximum number of attributes
   SecKeychainAttributeList attrList = {0, attrs};
   {
     attrs[attrList.count].tag = kSecKeyPrintName;
     attrs[attrList.count].length = keyUri.size();
     attrs[attrList.count].data = const_cast<char*>(keyUri.data());
     attrList.count++;
   }
   SecKeychainItemModifyAttributesAndData(keychainItem, &attrList, 0, nullptr);
 }

 } // namespace tpm
 } // namespace security
 } // namespace ndn
ndn::security::tpm::makeCFDataNoCopy
static CFReleaser< CFDataRef > makeCFDataNoCopy(const uint8_t *buf, size_t buflen)
Definition: back-end-osx.cpp:47

ndn::detail::cfstring::fromStdString
CFReleaser< CFStringRef > fromStdString(const std::string &str)
Create a CFString by copying characters from a std::string.
Definition: cf-string-osx.cpp:39

cf-string-osx.hpp
This file contains utilities to deal with Apple Core Foundation&#39;s CFString and related types...

ndn::security::tpm::BackEndOsx::decrypt
static ConstBufferPtr decrypt(const KeyRefOsx &key, const uint8_t *cipherText, size_t cipherSize)
Definition: back-end-osx.cpp:298

ndn::security::tpm::BackEndOsx::isTpmLocked
bool isTpmLocked() const final
Check if the TPM is locked.
Definition: back-end-osx.cpp:218

ndn
Definition: data.cpp:26

ndn::detail::cfstring::toStdString
std::string toStdString(CFStringRef cfStr)
Convert a CFString to a std::string.
Definition: cf-string-osx.cpp:49

ndn::security::transform::PrivateKey::loadPkcs8
void loadPkcs8(const uint8_t *buf, size_t size, const char *pw, size_t pwLen)
Load the private key in encrypted PKCS#8 format from a buffer buf with passphrase pw...
Definition: private-key.cpp:138

ndn::DigestAlgorithm::SHA224

ndn::security::tpm::makeCFMutableDictionary
static CFReleaser< CFMutableDictionaryRef > makeCFMutableDictionary()
Definition: back-end-osx.cpp:53

ndn::KeyParams::getKeyType
KeyType getKeyType() const
Definition: key-params.hpp:48

ndn::SimplePublicKeyParams::getKeySize
uint32_t getKeySize() const
Definition: key-params.hpp:176

ndn::KeyType::RSA
RSA key, supports sign/verify and encrypt/decrypt operations.

ndn::security::tpm::getDigestAlgorithm
static CFTypeRef getDigestAlgorithm(DigestAlgorithm digestAlgo)
Definition: back-end-osx.cpp:94

ndn::security::tpm::BackEnd::Error
Definition: back-end.hpp:43

ndn::security::tpm::getKeyRef
static KeyRefOsx getKeyRef(const Name &keyName)
Get reference to private key with name keyName.
Definition: back-end-osx.cpp:128

private-key.hpp

ndn::security::tpm::getErrorMessage
static std::string getErrorMessage(OSStatus status)
Definition: back-end-osx.cpp:61

ndn::security::transform::PrivateKey::savePkcs8
void savePkcs8(std::ostream &os, const char *pw, size_t pwLen) const
Save the private key in encrypted PKCS#8 format into a stream os.
Definition: private-key.cpp:240

ndn::KeyType
KeyType
The type of a cryptographic key.
Definition: security-common.hpp:85

ndn::security::tpm::BackEndOsx::getScheme
static const std::string & getScheme()
Definition: back-end-osx.cpp:198

ndn::Name::toUri
std::string toUri() const
Get URI representation of the name.
Definition: name.cpp:116

ndn::security::tpm::BackEndOsx::isTerminalMode
bool isTerminalMode() const final
Check if the TPM is in terminal mode.
Definition: back-end-osx.cpp:205

ndn::security::tpm::BackEndOsx::setTerminalMode
void setTerminalMode(bool isTerminal) const final
Set the terminal mode of the TPM.
Definition: back-end-osx.cpp:211

ndn::detail::CFReleaser::retain
void retain(const T &typeRef)
Definition: cf-releaser-osx.hpp:117

ndn::security::tpm::getAsymKeyType
static CFTypeRef getAsymKeyType(KeyType keyType)
Definition: back-end-osx.cpp:81

ndn::security::tpm::getDigestSize
static int getDigestSize(DigestAlgorithm digestAlgo)
Definition: back-end-osx.cpp:108

ndn::security::tpm::BackEndOsx::derivePublicKey
static ConstBufferPtr derivePublicKey(const KeyRefOsx &key)
Definition: back-end-osx.cpp:329

ndn::security::transform::PrivateKey::derivePublicKey
ConstBufferPtr derivePublicKey() const
Definition: private-key.cpp:264

ndn::security::transform::PrivateKey::savePkcs1
void savePkcs1(std::ostream &os) const
Save the private key in PKCS#1 format into a stream os.
Definition: private-key.cpp:228

back-end-osx.hpp

ndn::security::tpm::BackEndOsx::BackEndOsx
BackEndOsx(const std::string &location="")
Create TPM backed based on macOS Keychain Services.
Definition: back-end-osx.cpp:184

transform::PrivateKey

ndn::security::tpm::BackEndOsx::unlockTpm
bool unlockTpm(const char *pw, size_t pwLen) const final
Unlock the TPM.
Definition: back-end-osx.cpp:229

ndn::security::tpm::BackEndOsx::~BackEndOsx
~BackEndOsx() final

ndn::KeyType::EC
Elliptic Curve key (e.g. for ECDSA), supports sign/verify operations.

key-handle-osx.hpp

ndn::KeyIdType::SHA256
Use the SHA256 hash of the public key as the key id.

ndn::Name
Represents an absolute name.
Definition: name.hpp:43

ndn::DigestAlgorithm::SHA512

ndn::security::tpm::BackEnd::setKeyName
static void setKeyName(KeyHandle &keyHandle, const Name &identity, const KeyParams &params)
Set the key name in keyHandle according to identity and params.
Definition: back-end.cpp:110

ndn::DigestAlgorithm::SHA384

ndn::detail::CFReleaser
Helper class to wrap CoreFoundation object pointers.
Definition: cf-releaser-osx.hpp:49

ndn::security::tpm::BackEndOsx::sign
static ConstBufferPtr sign(const KeyRefOsx &key, DigestAlgorithm digestAlgorithm, const uint8_t *buf, size_t size)
Sign buf with key using digestAlgorithm.
Definition: back-end-osx.cpp:248

ndn::detail::cfstring::fromBuffer
CFReleaser< CFStringRef > fromBuffer(const uint8_t *buf, size_t buflen)
Create a CFString by copying bytes from a raw buffer.
Definition: cf-string-osx.cpp:29

tpm.hpp

ndn::OBufferStream::buf
shared_ptr< Buffer > buf()
Flush written data to the stream and return shared pointer to the underlying buffer.
Definition: buffer-stream.cpp:54

ndn::security::transform::PrivateKey::Error
Definition: private-key.hpp:41

ndn::KeyParams
Base class of key parameters.
Definition: key-params.hpp:35

ndn::security::tpm::getFailureReason
static std::string getFailureReason(CFErrorRef err)
Definition: back-end-osx.cpp:71

ndn::OBufferStream
implements an output stream that constructs ndn::Buffer
Definition: buffer-stream.hpp:70

ndn::security::tpm::exportItem
static void exportItem(const KeyRefOsx &keyRef, transform::PrivateKey &outKey)
Export a private key from the Keychain to outKey.
Definition: back-end-osx.cpp:158

ndn::SimplePublicKeyParams
SimplePublicKeyParams is a template for public keys with only one parameter: size.
Definition: key-params.hpp:149

buffer-stream.hpp

ndn::DigestAlgorithm
DigestAlgorithm
Definition: security-common.hpp:105

ndn::detail::CFReleaser::get
const T & get() const
Definition: cf-releaser-osx.hpp:92

ndn::security::tpm::Tpm::Error
Definition: tpm.hpp:66

ndn::ConstBufferPtr
shared_ptr< const Buffer > ConstBufferPtr
Definition: buffer.hpp:126