[trac781] move tsigkey to/from string to tsigkey.h/cc

TSIGKeyFromString is now a direct TSIGKey constructor
TSIGKeyToString is now TSIGKey::toText()

src/lib/crypto/crypto.cc

@@ -122,58 +122,6 @@ verifyHMAC(const OutputBuffer& data, TSIGKey key,
                            result.getLength());
 }
 
-isc::dns::TSIGKey
-TSIGKeyFromString(const std::string& str) {
-    size_t pos = str.find(':');
-    if (pos == 0 || pos == str.npos) {
-        // error
-        isc_throw(InvalidParameter, "Invalid TSIG key string");
-    }
-    try {
-        Name key_name(str.substr(0, pos));
-        Name algo_name("hmac-md5.sig-alg.reg.int");
-
-        // optional algorithm part
-        size_t pos2 = str.find(':', pos+1);
-        if (pos2 != str.npos) {
-            if (pos2 == pos + 1) {
-                isc_throw(InvalidParameter, "Invalid TSIG key string");
-            }
-            algo_name = Name(str.substr(pos2+1));
-        } else {
-            pos2 = str.size() - pos;
-        }
-
-        std::string secret_str = str.substr(pos + 1, pos2 - pos - 1);
-    
-        vector<uint8_t> secret;
-        decodeBase64(secret_str, secret);
-        unsigned char secret_b[secret.size()];
-        for (size_t i=0; i < secret.size(); ++i) {
-            secret_b[i] = secret[i];
-        }
-
-        return isc::dns::TSIGKey(key_name, algo_name, secret_b, secret.size());
-    } catch (Exception e) {
-        // 'reduce' the several types of exceptions name parsing and
-        // Base64 decoding can throw to just the InvalidParameter
-        isc_throw(InvalidParameter, e.what());
-    }
-}
-
-std::string
-TSIGKeyToString(const isc::dns::TSIGKey& key) {
-    const uint8_t* secret_b = static_cast<const uint8_t*>(key.getSecret());
-    vector<uint8_t> secret_v;
-    for (size_t i=0; i < key.getSecretLength(); ++i) {
-        secret_v.push_back(secret_b[i]);
-    }
-    std::string secret_str = encodeBase64(secret_v);
-    
-    return key.getKeyName().toText() + ":" + secret_str + ":" + key.getAlgorithmName().toText();
-}
-
-
 } // namespace crypto
 } // namespace isc
 

src/lib/crypto/crypto.h

@@ -84,34 +84,6 @@ bool verifyHMAC(const isc::dns::OutputBuffer& data,
                 isc::dns::TSIGKey key,
                 const isc::dns::OutputBuffer& mac);
 
-/// \brief Create a TSIGKey from an input string
-///
-/// This function takes an input string and creates a TSIG key
-/// from it. The string must be of the form:
-/// <name>:<secret>[:<algorithm>]
-/// Where <name> is a domain name for the key, <secret> is a
-/// base64 representation of the key secret, and the optional
-/// algorithm is an algorithm identifier as specified in RFC4635
-///
-/// Raises an InvalidParameter exception if the input string is
-/// invalid.
-///
-/// \param str The string to make a TSIGKey from
-/// \return The TSIGKey build from the string
-isc::dns::TSIGKey TSIGKeyFromString(const std::string& str);
-
-/// \brief Converts the given TSIGKey to a string value
-///
-/// The resulting string will be of the form
-/// name:secret:algorithm
-/// Where <name> is a domain name for the key, <secret> is a
-/// base64 representation of the key secret, and algorithm is
-/// an algorithm identifier as specified in RFC4635
-///
-/// \param key the TSIG key to convert
-/// \return The string representation of the given TSIGKey.
-std::string TSIGKeyToString(const isc::dns::TSIGKey& key);
-
 } // namespace crypto
 } // namespace isc
 

src/lib/crypto/tests/crypto_unittests.cc

@@ -28,7 +28,6 @@ namespace {
         ASSERT_EQ(buf.getLength(), len);
         const uint8_t* buf_d = static_cast<const uint8_t*>(buf.getData());
         for (size_t i = 0; i < len; ++i) {
-            //std::cout << "[XX] I: " << i << ", buf: " << buf_d[i] << ", dat: " << data[i] << std::endl;
             ASSERT_EQ(buf_d[i], data[i]);
         }
     }
@@ -39,7 +38,7 @@ namespace {
         data_buf.writeData(data.c_str(), data.size());
         OutputBuffer hmac_sig(1);
         
-        TSIGKey key = TSIGKeyFromString(key_str);
+        TSIGKey key(key_str);
         
         signHMAC(data_buf, key, hmac_sig);
         checkBuffer(hmac_sig, expected_hmac, hmac_len);
@@ -51,7 +50,6 @@ namespace {
 // Test values taken from RFC 2202
 //
 TEST(CryptoTest, HMAC_MD5_RFC2202_SIGN) {
-    // 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b = CwsLCwsLCwsLCwsLCwsLCw==
     uint8_t hmac_expected[] = { 0x92, 0x94, 0x72, 0x7a, 0x36, 0x38,
                                 0xbb, 0x1c, 0x13, 0xf4, 0x8e, 0xf8,
                                 0x15, 0x8b, 0xfc, 0x9d };
@@ -98,14 +96,19 @@ TEST(CryptoTest, HMAC_MD5_RFC2202_SIGN) {
                                  0xbf, 0x8f, 0x0b, 0x62, 0xe6, 0xce,
                                  0x61, 0xb9, 0xd0, 0xcd };
     doHMACTest("Test Using Larger Than Block-Size Key - Hash Key First",
-               "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=:hmac-md5.sig-alg.reg.int",
+               "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+               "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+               "qqqqqqqqqo=:hmac-md5.sig-alg.reg.int",
                hmac_expected6, 16);
 
     uint8_t hmac_expected7[] = { 0x6f, 0x63, 0x0f, 0xad, 0x67, 0xcd,
                                  0xa0, 0xee, 0x1f, 0xb1, 0xf5, 0x62,
                                  0xdb, 0x3a, 0xa5, 0x3e };
-    doHMACTest("Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
-               "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=:hmac-md5.sig-alg.reg.int",
+    doHMACTest("Test Using Larger Than Block-Size Key and Larger Than "
+               "One Block-Size Data",
+               "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+               "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+               "qqqqqqqqqo=:hmac-md5.sig-alg.reg.int",
                hmac_expected7, 16);
 
 }
@@ -167,15 +170,20 @@ TEST(CryptoTest, HMAC_SHA1_RFC2202_SIGN) {
                                  0xce, 0x8a, 0x3b, 0x55, 0xed, 0x40,
                                  0x21, 0x12 };
     doHMACTest("Test Using Larger Than Block-Size Key - Hash Key First",
-               "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=:hmac-sha1",
+               "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+               "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+               "qqqqqqqqqo=:hmac-sha1",
                hmac_expected6, 20);
 
     uint8_t hmac_expected7[] = { 0xe8, 0xe9, 0x9d, 0x0f, 0x45, 0x23,
                                  0x7d, 0x78, 0x6d, 0x6b, 0xba, 0xa7,
                                  0x96, 0x5c, 0x78, 0x08, 0xbb, 0xff,
                                  0x1a, 0x91 };
-    doHMACTest("Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
-               "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=:hmac-sha1",
+    doHMACTest("Test Using Larger Than Block-Size Key and Larger Than "
+               "One Block-Size Data",
+               "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+               "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+               "qqqqqqqqqo=:hmac-sha1",
                hmac_expected7, 20);
 }
 
@@ -244,7 +252,10 @@ TEST(CryptoTest, HMAC_SHA256_RFC2202_SIGN) {
                                  0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3,
                                  0x7f, 0x54 };
     doHMACTest("Test Using Larger Than Block-Size Key - Hash Key First",
-               "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=:hmac-sha256",
+               "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+               "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+               "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+               "qqqqqqqqqqqqqqqqqqqqqqo=:hmac-sha256",
                hmac_expected6, 32);
 
     uint8_t hmac_expected7[] = { 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94,
@@ -254,55 +265,13 @@ TEST(CryptoTest, HMAC_SHA256_RFC2202_SIGN) {
                                  0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a,
                                  0x35, 0xe2 };
     doHMACTest("This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.",
-               "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=:hmac-sha256",
+               "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+               "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+               "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+               "qqqqqqqqqqqqqqqqqqqqqqo=:hmac-sha256",
                hmac_expected7, 32);
 }
-/*
-TEST(CryptoTest, HMAC_SHA256_RFC2202_SIGN) {
-    uint8_t hmac_expected[] = {  };
-    doHMACTest("Hi There",
-               "test.example:CwsLCwsLCwsLCwsLCwsLCwsLCws=:hmac-sha1",
-               hmac_expected, 20);
 
-    uint8_t hmac_expected2[] = {  };
-    doHMACTest("what do ya want for nothing?",
-               "test.example:SmVmZQ==:hmac-sha1",
-               hmac_expected2, 20);
-
-    std::string data3;
-    for (int i = 0; i < 50; ++i) {
-        data3.push_back(0xdd);
-    }
-    uint8_t hmac_expected3[] = {  };
-    doHMACTest(data3,
-               "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqo=:hmac-sha1",
-               hmac_expected3, 20);
-
-    std::string data4;
-    for (int i = 0; i < 50; ++i) {
-        data4.push_back(0xcd);
-    }
-    uint8_t hmac_expected4[] = {  };
-    doHMACTest(data4,
-               "test.example:AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGQ==:hmac-sha1",
-               hmac_expected4, 20);
-
-    uint8_t hmac_expected5[] = {  };
-    doHMACTest("Test With Truncation",
-               "test.example:DAwMDAwMDAwMDAwMDAwMDAwMDAw=:hmac-sha1",
-               hmac_expected5, 20);
-               
-    uint8_t hmac_expected6[] = {  };
-    doHMACTest("Test Using Larger Than Block-Size Key - Hash Key First",
-               "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=:hmac-sha1",
-               hmac_expected6, 20);
-
-    uint8_t hmac_expected7[] = {  };
-    doHMACTest("Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
-               "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=:hmac-sha1",
-               hmac_expected7, 20);
-}
-*/
 TEST(CryptoTest, BadKey) {
     TSIGKey bad_key = TSIGKey(Name("test.example."), Name("hmac-sha1."),
                               NULL, 0);
@@ -313,26 +282,3 @@ TEST(CryptoTest, BadKey) {
     EXPECT_THROW(signHMAC(data_buf, bad_key, hmac_sig), BadKey);
     EXPECT_THROW(verifyHMAC(data_buf, bad_key, hmac_sig), BadKey);
 }
-
-TEST(CryptoTest, TSIGKeyFromToString) {
-    TSIGKey k1 = TSIGKeyFromString("test.example:MSG6Ng==:hmac-md5.sig-alg.reg.int");
-    TSIGKey k2 = TSIGKeyFromString("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.");
-    TSIGKey k3 = TSIGKeyFromString("test.example:MSG6Ng==");
-    TSIGKey k4 = TSIGKey(Name("test.example."), Name("hmac-sha1."), NULL, 0);
-    
-    EXPECT_EQ("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.",
-              TSIGKeyToString(k1));
-    EXPECT_EQ("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.",
-              TSIGKeyToString(k2));
-    EXPECT_EQ("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.",
-              TSIGKeyToString(k3));
-    EXPECT_EQ("test.example.::hmac-sha1.", TSIGKeyToString(k4));
-
-    EXPECT_THROW(TSIGKeyFromString(""), isc::InvalidParameter);
-    EXPECT_THROW(TSIGKeyFromString("::"), isc::InvalidParameter);
-    EXPECT_THROW(TSIGKeyFromString("..:aa:"), isc::InvalidParameter);
-    EXPECT_THROW(TSIGKeyFromString("test.example:xxxx:"), isc::InvalidParameter);
-    EXPECT_THROW(TSIGKeyFromString("test.example.::"), isc::InvalidParameter);
-    EXPECT_THROW(TSIGKeyFromString("test.example.:MSG6Ng==:unknown"), isc::InvalidParameter);
-
-}

src/lib/dns/tests/tsigkey_unittest.cc

@@ -227,4 +227,28 @@ TEST_F(TSIGKeyRingTest, findFromSome) {
               keyring.find(Name("noexist.example")).key);
 }
 
+TEST(TSIGTest, TSIGKeyFromToString) {
+    TSIGKey k1 = TSIGKey("test.example:MSG6Ng==:hmac-md5.sig-alg.reg.int");
+    TSIGKey k2 = TSIGKey("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.");
+    TSIGKey k3 = TSIGKey("test.example:MSG6Ng==");
+    TSIGKey k4 = TSIGKey(Name("test.example."), Name("hmac-sha1."), NULL, 0);
+    
+    EXPECT_EQ("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.",
+              k1.toText());
+    EXPECT_EQ("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.",
+              k2.toText());
+    EXPECT_EQ("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.",
+              k3.toText());
+    EXPECT_EQ("test.example.::hmac-sha1.", k4.toText());
+
+    EXPECT_THROW(TSIGKey(""), isc::InvalidParameter);
+    EXPECT_THROW(TSIGKey("::"), isc::InvalidParameter);
+    EXPECT_THROW(TSIGKey("..:aa:"), isc::InvalidParameter);
+    EXPECT_THROW(TSIGKey("test.example:xxxx:"), isc::InvalidParameter);
+    EXPECT_THROW(TSIGKey("test.example.::"), isc::InvalidParameter);
+    EXPECT_THROW(TSIGKey("test.example.:MSG6Ng==:unknown"), isc::InvalidParameter);
+
+}
+
+
 } // end namespace

src/lib/dns/tsigkey.cc

@@ -19,6 +19,7 @@
 #include <exceptions/exceptions.h>
 
 #include <dns/name.h>
+#include <dns/util/base64.h>
 #include <dns/tsigkey.h>
 
 using namespace std;
@@ -59,6 +60,53 @@ TSIGKey::TSIGKey(const Name& key_name, const Name& algorithm_name,
     impl_ = new TSIGKeyImpl(key_name, algorithm_name, secret, secret_len);
 }
 
+TSIGKey::TSIGKey(const std::string& str) : impl_(NULL) {
+    size_t pos = str.find(':');
+    if (pos == 0 || pos == str.npos) {
+        // error
+        isc_throw(InvalidParameter, "Invalid TSIG key string");
+    }
+    try {
+        Name key_name(str.substr(0, pos));
+        Name algo_name("hmac-md5.sig-alg.reg.int");
+
+        // optional algorithm part
+        size_t pos2 = str.find(':', pos+1);
+        if (pos2 != str.npos) {
+            if (pos2 == pos + 1) {
+                isc_throw(InvalidParameter, "Invalid TSIG key string");
+            }
+            algo_name = Name(str.substr(pos2+1));
+        } else {
+            pos2 = str.size() - pos;
+        }
+
+        std::string secret_str = str.substr(pos + 1, pos2 - pos - 1);
+    
+        vector<uint8_t> secret;
+        decodeBase64(secret_str, secret);
+        unsigned char secret_b[secret.size()];
+        for (size_t i=0; i < secret.size(); ++i) {
+            secret_b[i] = secret[i];
+        }
+
+        if (algo_name != HMACMD5_NAME() &&
+            algo_name != HMACSHA1_NAME() &&
+            algo_name != HMACSHA256_NAME()) {
+            isc_throw(InvalidParameter, "Unknown TSIG algorithm is specified: " <<
+                      algo_name);
+        }
+
+        impl_ = new TSIGKeyImpl(key_name, algo_name, secret_b,
+                                secret.size());
+    } catch (Exception e) {
+        // 'reduce' the several types of exceptions name parsing and
+        // Base64 decoding can throw to just the InvalidParameter
+        isc_throw(InvalidParameter, e.what());
+    }
+}
+
+
 TSIGKey::TSIGKey(const TSIGKey& source) : impl_(new TSIGKeyImpl(*source.impl_))
 {}
 
@@ -99,6 +147,19 @@ TSIGKey::getSecretLength() const {
     return (impl_->secret_.size());
 }
 
+std::string
+TSIGKey::toText() const {
+    const uint8_t* secret_b = static_cast<const uint8_t*>(getSecret());
+    vector<uint8_t> secret_v;
+    for (size_t i=0; i < getSecretLength(); ++i) {
+        secret_v.push_back(secret_b[i]);
+    }
+    std::string secret_str = encodeBase64(secret_v);
+    
+    return getKeyName().toText() + ":" + secret_str + ":" +
+           getAlgorithmName().toText();
+}
+
 const
 Name& TSIGKey::HMACMD5_NAME() {
     static Name alg_name("hmac-md5.sig-alg.reg.int");

src/lib/dns/tsigkey.h

@@ -90,6 +90,21 @@ public:
     TSIGKey(const Name& key_name, const Name& algorithm_name,
             const void* secret, size_t secret_len);
 
+    /// \brief Constructor from an input string
+    ///
+    /// The string must be of the form:
+    /// <name>:<secret>[:<algorithm>]
+    /// Where <name> is a domain name for the key, <secret> is a
+    /// base64 representation of the key secret, and the optional
+    /// algorithm is an algorithm identifier as specified in RFC4635
+    ///
+    /// Raises an InvalidParameter exception if the input string is
+    /// invalid.
+    ///
+    /// \param str The string to make a TSIGKey from
+    /// \return The TSIGKey build from the string
+    TSIGKey(const std::string& str);
+
     /// \brief The copy constructor.
     ///
     /// It internally allocates a resource, and if it fails a corresponding
@@ -139,6 +154,18 @@ public:
     const void* getSecret() const;
     //@}
 
+    /// \brief Converts the TSIGKey to a string value
+    ///
+    /// The resulting string will be of the form
+    /// name:secret:algorithm
+    /// Where <name> is a domain name for the key, <secret> is a
+    /// base64 representation of the key secret, and algorithm is
+    /// an algorithm identifier as specified in RFC4635
+    ///
+    /// \param key the TSIG key to convert
+    /// \return The string representation of the given TSIGKey.
+    std::string toText() const;
+
     ///
     /// \name Well known algorithm names as defined in RFC2845 and RFC4635.
     ///