[trac781] test both 'direct' and convenience methods

src/lib/crypto/crypto.cc

@@ -82,12 +82,12 @@ public:
 
     ~HMACImpl() { delete hmac_; }
 
-    void update(const void* data, size_t len) {
+    void update(const void* data, const size_t len) {
         // update the data from whatever we get (probably as a buffer)
         hmac_->update(static_cast<const Botan::byte*>(data), len);
     }
 
-    void sign(isc::dns::OutputBuffer& result) {
+    void sign(isc::dns::OutputBuffer& result) const {
         // And generate the mac
         Botan::SecureVector<Botan::byte> b_result(hmac_->final());
     
@@ -95,7 +95,7 @@ public:
         result.writeData(b_result.begin(), b_result.size());
     }
     
-    bool verify(const void* sig, size_t len) {
+    bool verify(const void* sig, const size_t len) const {
         return (hmac_->verify_mac(static_cast<const Botan::byte*>(sig), len));
     }
 
@@ -112,22 +112,22 @@ HMAC::~HMAC() {
 }
 
 void
-HMAC::update(const void* data, size_t len) {
+HMAC::update(const void* data, const size_t len) {
     impl_->update(data, len);
 }
 
 void
-HMAC::sign(isc::dns::OutputBuffer& result) {
+HMAC::sign(isc::dns::OutputBuffer& result) const {
     impl_->sign(result);
 }
 
 bool
-HMAC::verify(const void* sig, size_t len) {
+HMAC::verify(const void* sig, const size_t len) const {
     return (impl_->verify(sig, len));
 }
 
 void
-signHMAC(const void* data, size_t data_len, TSIGKey key,
+signHMAC(const void* data, size_t data_len, const TSIGKey& key,
          isc::dns::OutputBuffer& result)
 {
     HMAC hmac(key);
@@ -137,8 +137,8 @@ signHMAC(const void* data, size_t data_len, TSIGKey key,
 
 
 bool
-verifyHMAC(const void* data, size_t data_len, TSIGKey key,
-           const void* sig, size_t sig_len)
+verifyHMAC(const void* data, const size_t data_len, const TSIGKey& key,
+           const void* sig, const size_t sig_len)
 {
     HMAC hmac(key);
     hmac.update(data, data_len);

src/lib/crypto/crypto.h

@@ -77,21 +77,21 @@ public:
     ///
     /// \param data The data to add
     /// \param len The size of the data
-    void update(const void* data, size_t len);
+    void update(const void* data, const size_t len);
 
     /// \brief Calculate the final signature
     ///
     /// The result will be appended to the given outputbuffer
     ///
     /// \param result The OutputBuffer to append the result to
-    void sign(isc::dns::OutputBuffer& result);
+    void sign(isc::dns::OutputBuffer& result) const;
 
     /// \brief Verify an existing signature
     ///
     /// \param sig The signature to verify
     /// \param len The length of the sig
     /// \return true if the signature is correct, false otherwise
-    bool verify(const void* sig, size_t len);
+    bool verify(const void* sig, size_t len) const;
 
 private:
     HMACImpl* impl_;
@@ -114,8 +114,8 @@ private:
 /// \param key The TSIGKey to sign with
 /// \param result The signature will be appended to this buffer
 void signHMAC(const void* data,
-              size_t data_len,
-              isc::dns::TSIGKey key,
+              const size_t data_len,
+              const isc::dns::TSIGKey& key,
               isc::dns::OutputBuffer& result);
 
 /// \brief Verify an HMAC signature for the given data
@@ -136,10 +136,10 @@ void signHMAC(const void* data,
 /// \param mac The signature to verify
 /// \return True if the signature verifies, false if not
 bool verifyHMAC(const void* data,
-                size_t data_len,
-                isc::dns::TSIGKey key,
+                const size_t data_len,
+                const isc::dns::TSIGKey& key,
                 const void* sig,
-                size_t sig_len);
+                const size_t sig_len);
 
 } // namespace crypto
 } // namespace isc

src/lib/crypto/tests/crypto_unittests.cc

@@ -32,8 +32,9 @@ namespace {
         }
     }
 
-    void doHMACTest(std::string data, std::string key_str,
-                    uint8_t* expected_hmac, size_t hmac_len) {
+    // Sign and verify with the convenience functions
+    void doHMACTestConv(std::string data, std::string key_str,
+                        uint8_t* expected_hmac, size_t hmac_len) {
         OutputBuffer data_buf(data.size());
         data_buf.writeData(data.c_str(), data.size());
         OutputBuffer hmac_sig(1);
@@ -59,6 +60,42 @@ namespace {
                                key, hmac_sig.getData(),
                                hmac_sig.getLength()));
     }
+
+    // Sign and verify with an instantiation of an HMAC object
+    void doHMACTestDirect(std::string data, std::string key_str,
+                          uint8_t* expected_hmac, size_t hmac_len) {
+        OutputBuffer data_buf(data.size());
+        data_buf.writeData(data.c_str(), data.size());
+        OutputBuffer hmac_sig(1);
+
+        TSIGKey key(key_str);
+
+        // Sign it
+        HMAC hmac_sign(key);
+        hmac_sign.update(data_buf.getData(), data_buf.getLength());
+        hmac_sign.sign(hmac_sig);
+
+        // Check if the signature is what we expect
+        checkBuffer(hmac_sig, expected_hmac, hmac_len);
+
+        // Check whether we can verify it ourselves
+        HMAC hmac_verify(key);
+        hmac_verify.update(data_buf.getData(), data_buf.getLength());
+        EXPECT_TRUE(hmac_verify.verify(hmac_sig.getData(),
+                                       hmac_sig.getLength()));
+
+        // Change the sig by flipping the first octet, and check
+        // whether verification fails then
+        hmac_sig.writeUint8At(~hmac_sig[0], 0);
+        EXPECT_FALSE(hmac_verify.verify(hmac_sig.getData(),
+                                        hmac_sig.getLength()));
+    }
+
+    void doHMACTest(std::string data, std::string key_str,
+                    uint8_t* expected_hmac, size_t hmac_len) {
+        doHMACTestConv(data, key_str, expected_hmac, hmac_len);
+        doHMACTestDirect(data, key_str, expected_hmac, hmac_len);
+    }
 }
 
 //