Home Explore Help
Sign In
zorun
/
kea
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[trac781] use key class as params

Jelte Jansen 14 years ago
parent
e29c4f167f
commit
6eab8b3fc5
3 changed files with 28 additions and 19 deletions
Split View Show Diff Stats
  1. 7 6
      src/lib/crypto/crypto.cc
  2. 2 2
      src/lib/crypto/crypto.h
  3. 19 11
      src/lib/crypto/tests/crypto_unittests.cc

+ 7 - 6
src/lib/crypto/crypto.cc
View File 

@@ -87,7 +87,7 @@ TSIGKey::getSecretLength() {
 
 }
 
 */
 
 
-void doHMAC(const OutputBuffer& data, char* key, size_t key_len, isc::dns::OutputBuffer& result) {
 
+void doHMAC(const OutputBuffer& data, TSIGKey key, isc::dns::OutputBuffer& result) {
 
 
     // needs to be in global scope; can we make a generalized
 
     // subclassable singleton? (for hsm we'll need more initialization)
 
@@ -103,7 +103,7 @@ void doHMAC(const OutputBuffer& data, char* key, size_t key_len, isc::dns::Outpu
 
     hmac.update(reinterpret_cast<const byte*>(data.getData()), data.getLength());
 
 
     // Take the 'secret' from the key
 
-    hmac.set_key(reinterpret_cast<byte*>(key), key_len);
 
+    hmac.set_key(reinterpret_cast<const byte*>(key.getSecret()), key.getSecretLength());
 
 
     // And generate the mac
 
     SecureVector<byte> b_result(hmac.final());
 
@@ -121,11 +121,11 @@ void doHMAC(const OutputBuffer& data, char* key, size_t key_len, isc::dns::Outpu
 
     std::cout << "HMAC SIG LEN2: " << result.getLength() << std::endl;
 
 }
 
 
-bool verifyHMAC(const OutputBuffer& data, char* key, size_t key_len, const isc::dns::OutputBuffer& result) {
 
+bool verifyHMAC(const OutputBuffer& data, TSIGKey key, const isc::dns::OutputBuffer& result) {
 
     HashFunction* hash = get_hash("MD5");
 
     HMAC::HMAC hmac(hash);
 
     hmac.update(reinterpret_cast<const byte*>(data.getData()), data.getLength());
 
-    hmac.set_key(reinterpret_cast<byte*>(key), key_len);
 
+    hmac.set_key(reinterpret_cast<const byte*>(key.getSecret()), key.getSecretLength());
 
 
     SecureVector<byte> b_result(hmac.final());
 
     for(byte* i = b_result.begin(); i != b_result.end(); ++i) {
 
@@ -143,7 +143,6 @@ TSIGKeyFromString(const std::string& str) {
 
 	size_t pos = str.find(':');
 
 	if (pos == 0 || pos == str.npos) {
 
 		// error, TODO: raise
 
-		std::cout << "[XX] error bad key string" << std::endl;
 
 		isc_throw(InvalidParameter, "Invalid TSIG key string");
 
 	}
 
 	Name key_name(str.substr(0, pos));
 
@@ -153,8 +152,10 @@ TSIGKeyFromString(const std::string& str) {
 
 	// optional algorithm part
 
 	size_t pos2 = str.find(':', pos+1);
 
 	if (pos2 != str.npos) {
 
+		if (pos2 == pos + 1) {
 
+			isc_throw(InvalidParameter, "Invalid TSIG key string");
 
+		}
 
 		algo_name = Name(str.substr(pos2+1));
 
-		//pos2 = str.size() - pos - pos2;
 
 	} else {
 
 		pos2 = str.size() - pos;
 
 	}

+ 2 - 2
src/lib/crypto/crypto.h
View File 

@@ -35,8 +35,8 @@
 
 namespace isc {
 
 namespace crypto {
 
 
-void doHMAC(const isc::dns::OutputBuffer& data, char* key, size_t key_len, isc::dns::OutputBuffer& result);
 
-bool verifyHMAC(const isc::dns::OutputBuffer& data, char* key, size_t key_len, const isc::dns::OutputBuffer& mac);
 
+void doHMAC(const isc::dns::OutputBuffer& data, isc::dns::TSIGKey key, isc::dns::OutputBuffer& result);
 
+bool verifyHMAC(const isc::dns::OutputBuffer& data, isc::dns::TSIGKey key, const isc::dns::OutputBuffer& mac);
 
 isc::dns::TSIGKey TSIGKeyFromString(const std::string& str);
 
 std::string TSIGKeyToString(const isc::dns::TSIGKey& key);

+ 19 - 11
src/lib/crypto/tests/crypto_unittests.cc
View File 

@@ -18,6 +18,7 @@
 
 #include <crypto/crypto.h>
 
 #include <crypto/crypto_botan.h>
 
 #include <dns/buffer.h>
 
+#include <exceptions/exceptions.h>
 
 
 using namespace isc::dns;
 
 using namespace isc::crypto;
 
@@ -26,23 +27,30 @@ TEST(CryptoTest, HMAC_SIGN) {
 
     char data_b[] = "Hi there";
 
     OutputBuffer data(8);
 
     data.writeData(data_b, 8);
 
-    char key[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b  };
 
+
 
+	TSIGKey key = TSIGKeyFromString("test.example:MSG6Ng==:hmac-md5.sig-alg.reg.int");
 
+
 
     OutputBuffer hmac_sig(1);
 
     
-
 
-    doHMAC(data, key, 16, hmac_sig);
 
-    bool result = verifyHMAC(data, key, 16, hmac_sig);
 
+    doHMAC(data, key, hmac_sig);
 
+    bool result = verifyHMAC(data, key, hmac_sig);
 
     EXPECT_TRUE(result);
 
 }
 
 
 TEST(CryptoText, TSIGKeyFromString) {
 
 	TSIGKey k1 = TSIGKeyFromString("test.example:MSG6Ng==:hmac-md5.sig-alg.reg.int");
 
-	TSIGKeyFromString("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.");
 
-	TSIGKeyFromString("test.example:MSG6Ng==");
 
-	//TSIGKeyFromString("test.example:");
 
-	//TSIGKeyFromString("::");
 
-	//TSIGKeyFromString("test.example:MSG6Ng==:hmac-md5.sig-alg.reg.int");
 
+	TSIGKey k2 = TSIGKeyFromString("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.");
 
+	TSIGKey k3 = TSIGKeyFromString("test.example:MSG6Ng==");
 
 	
-	std::string k1_str = TSIGKeyToString(k1);
 
-	std::cout << k1_str << std::endl;
 
+	EXPECT_EQ("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.",
 
+	          TSIGKeyToString(k1));
 
+	EXPECT_EQ("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.",
 
+	          TSIGKeyToString(k2));
 
+	EXPECT_EQ("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.",
 
+	          TSIGKeyToString(k3));
 
+
 
+	EXPECT_THROW(TSIGKeyFromString(""), isc::InvalidParameter);
 
+	EXPECT_THROW(TSIGKeyFromString("::"), isc::InvalidParameter);
 
+	EXPECT_THROW(TSIGKeyFromString("test.example.::"), isc::InvalidParameter);
 
+	EXPECT_THROW(TSIGKeyFromString("test.example.:MSG6Ng==:unknown"), isc::InvalidParameter);
 
 }