Browse Source

[trac951] Revert "[trac951] we do have truncation support (at least in the api), so remove check and enable tests"

This reverts commit 76ae47d1f6061a09f4a8e20852a9874ea28a4e19.

We cannot yet remove the additional check and re-enable the corresponding
tests.  See my comment on ticket #951.
JINMEI Tatuya 14 years ago
parent
commit
5637b1961a
2 changed files with 11 additions and 3 deletions
  1. 8 0
      src/lib/cryptolink/crypto_hmac.cc
  2. 3 3
      src/lib/cryptolink/tests/crypto_unittests.cc

+ 8 - 0
src/lib/cryptolink/crypto_hmac.cc

@@ -182,6 +182,14 @@ public:
         // SEE BELOW FOR TEMPORARY CHANGE
         try {
             Botan::SecureVector<Botan::byte> our_mac = hmac_->final();
+            if (len < getOutputLength()) {
+                // Currently we don't support truncated signature.  To avoid
+                // validating too short signature accidently, we enforce the
+                // standard signature size for the moment.
+                // Once we support truncation correctly, this if-clause should
+                // (and the capitalized comment above) be removed.
+                return (false);
+            }
             if (len == 0 || len > getOutputLength()) {
                 len = getOutputLength();
             }

+ 3 - 3
src/lib/cryptolink/tests/crypto_unittests.cc

@@ -250,7 +250,7 @@ TEST(CryptoLinkTest, HMAC_MD5_RFC2202_SIGN) {
 }
 
 // Temporarily disabled
-TEST(CryptoLinkTest, HMAC_MD5_RFC2202_SIGN_TRUNCATED) {
+TEST(CryptoLinkTest, DISABLED_HMAC_MD5_RFC2202_SIGN_TRUNCATED) {
     const uint8_t secret5[] = { 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
                                 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
                                 0x0c, 0x0c, 0x0c, 0x0c };
@@ -322,7 +322,7 @@ TEST(CryptoLinkTest, HMAC_SHA1_RFC2202_SIGN) {
 }
 
 // Temporarily disabled
-TEST(CryptoLinkTest, HMAC_SHA1_RFC2202_SIGN_TRUNCATED) {
+TEST(CryptoLinkTest, DISABLED_HMAC_SHA1_RFC2202_SIGN_TRUNCATED) {
     const uint8_t secret5[] = { 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
                                 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
                                 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
@@ -650,7 +650,7 @@ TEST(CryptoLinkTest, HMAC_SHA512_RFC4231_SIGN) {
     RUN_NTH_TEST_CASE_FOR_ALG(7, SHA512); 
 }
 
-TEST(CryptoLinkTest, HMAC_SHA256_RFC2202_SIGN_TRUNCATED) {
+TEST(CryptoLinkTest, DISABLED_HMAC_SHA256_RFC2202_SIGN_TRUNCATED) {
     const uint8_t secret5[] = { 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
                                 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
                                 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,