Browse Source

[trac781] use key class as params

Jelte Jansen 14 years ago
parent
commit
6eab8b3fc5
3 changed files with 28 additions and 19 deletions
  1. 7 6
      src/lib/crypto/crypto.cc
  2. 2 2
      src/lib/crypto/crypto.h
  3. 19 11
      src/lib/crypto/tests/crypto_unittests.cc

+ 7 - 6
src/lib/crypto/crypto.cc

@@ -87,7 +87,7 @@ TSIGKey::getSecretLength() {
 }
 */
 
-void doHMAC(const OutputBuffer& data, char* key, size_t key_len, isc::dns::OutputBuffer& result) {
+void doHMAC(const OutputBuffer& data, TSIGKey key, isc::dns::OutputBuffer& result) {
 
     // needs to be in global scope; can we make a generalized
     // subclassable singleton? (for hsm we'll need more initialization)
@@ -103,7 +103,7 @@ void doHMAC(const OutputBuffer& data, char* key, size_t key_len, isc::dns::Outpu
     hmac.update(reinterpret_cast<const byte*>(data.getData()), data.getLength());
 
     // Take the 'secret' from the key
-    hmac.set_key(reinterpret_cast<byte*>(key), key_len);
+    hmac.set_key(reinterpret_cast<const byte*>(key.getSecret()), key.getSecretLength());
 
     // And generate the mac
     SecureVector<byte> b_result(hmac.final());
@@ -121,11 +121,11 @@ void doHMAC(const OutputBuffer& data, char* key, size_t key_len, isc::dns::Outpu
     std::cout << "HMAC SIG LEN2: " << result.getLength() << std::endl;
 }
 
-bool verifyHMAC(const OutputBuffer& data, char* key, size_t key_len, const isc::dns::OutputBuffer& result) {
+bool verifyHMAC(const OutputBuffer& data, TSIGKey key, const isc::dns::OutputBuffer& result) {
     HashFunction* hash = get_hash("MD5");
     HMAC::HMAC hmac(hash);
     hmac.update(reinterpret_cast<const byte*>(data.getData()), data.getLength());
-    hmac.set_key(reinterpret_cast<byte*>(key), key_len);
+    hmac.set_key(reinterpret_cast<const byte*>(key.getSecret()), key.getSecretLength());
 
     SecureVector<byte> b_result(hmac.final());
     for(byte* i = b_result.begin(); i != b_result.end(); ++i) {
@@ -143,7 +143,6 @@ TSIGKeyFromString(const std::string& str) {
 	size_t pos = str.find(':');
 	if (pos == 0 || pos == str.npos) {
 		// error, TODO: raise
-		std::cout << "[XX] error bad key string" << std::endl;
 		isc_throw(InvalidParameter, "Invalid TSIG key string");
 	}
 	Name key_name(str.substr(0, pos));
@@ -153,8 +152,10 @@ TSIGKeyFromString(const std::string& str) {
 	// optional algorithm part
 	size_t pos2 = str.find(':', pos+1);
 	if (pos2 != str.npos) {
+		if (pos2 == pos + 1) {
+			isc_throw(InvalidParameter, "Invalid TSIG key string");
+		}
 		algo_name = Name(str.substr(pos2+1));
-		//pos2 = str.size() - pos - pos2;
 	} else {
 		pos2 = str.size() - pos;
 	}

+ 2 - 2
src/lib/crypto/crypto.h

@@ -35,8 +35,8 @@
 namespace isc {
 namespace crypto {
 
-void doHMAC(const isc::dns::OutputBuffer& data, char* key, size_t key_len, isc::dns::OutputBuffer& result);
-bool verifyHMAC(const isc::dns::OutputBuffer& data, char* key, size_t key_len, const isc::dns::OutputBuffer& mac);
+void doHMAC(const isc::dns::OutputBuffer& data, isc::dns::TSIGKey key, isc::dns::OutputBuffer& result);
+bool verifyHMAC(const isc::dns::OutputBuffer& data, isc::dns::TSIGKey key, const isc::dns::OutputBuffer& mac);
 isc::dns::TSIGKey TSIGKeyFromString(const std::string& str);
 std::string TSIGKeyToString(const isc::dns::TSIGKey& key);
 

+ 19 - 11
src/lib/crypto/tests/crypto_unittests.cc

@@ -18,6 +18,7 @@
 #include <crypto/crypto.h>
 #include <crypto/crypto_botan.h>
 #include <dns/buffer.h>
+#include <exceptions/exceptions.h>
 
 using namespace isc::dns;
 using namespace isc::crypto;
@@ -26,23 +27,30 @@ TEST(CryptoTest, HMAC_SIGN) {
     char data_b[] = "Hi there";
     OutputBuffer data(8);
     data.writeData(data_b, 8);
-    char key[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b  };
+
+	TSIGKey key = TSIGKeyFromString("test.example:MSG6Ng==:hmac-md5.sig-alg.reg.int");
+
     OutputBuffer hmac_sig(1);
     
-
-    doHMAC(data, key, 16, hmac_sig);
-    bool result = verifyHMAC(data, key, 16, hmac_sig);
+    doHMAC(data, key, hmac_sig);
+    bool result = verifyHMAC(data, key, hmac_sig);
     EXPECT_TRUE(result);
 }
 
 TEST(CryptoText, TSIGKeyFromString) {
 	TSIGKey k1 = TSIGKeyFromString("test.example:MSG6Ng==:hmac-md5.sig-alg.reg.int");
-	TSIGKeyFromString("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.");
-	TSIGKeyFromString("test.example:MSG6Ng==");
-	//TSIGKeyFromString("test.example:");
-	//TSIGKeyFromString("::");
-	//TSIGKeyFromString("test.example:MSG6Ng==:hmac-md5.sig-alg.reg.int");
+	TSIGKey k2 = TSIGKeyFromString("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.");
+	TSIGKey k3 = TSIGKeyFromString("test.example:MSG6Ng==");
 	
-	std::string k1_str = TSIGKeyToString(k1);
-	std::cout << k1_str << std::endl;
+	EXPECT_EQ("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.",
+	          TSIGKeyToString(k1));
+	EXPECT_EQ("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.",
+	          TSIGKeyToString(k2));
+	EXPECT_EQ("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.",
+	          TSIGKeyToString(k3));
+
+	EXPECT_THROW(TSIGKeyFromString(""), isc::InvalidParameter);
+	EXPECT_THROW(TSIGKeyFromString("::"), isc::InvalidParameter);
+	EXPECT_THROW(TSIGKeyFromString("test.example.::"), isc::InvalidParameter);
+	EXPECT_THROW(TSIGKeyFromString("test.example.:MSG6Ng==:unknown"), isc::InvalidParameter);
 }