BIND 10 trac781, updated. 4d55533790df1992aee5c088d4f91593d055c080 [trac781] test both 'direct' and convenience methods

BIND 10 source code commits bind10-changes at lists.isc.org
Thu Apr 14 14:17:37 UTC 2011 

The branch, trac781 has been updated
       via  4d55533790df1992aee5c088d4f91593d055c080 (commit)
      from  c374a5c5a329a307346be02d5b884ab57e1cb8c1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4d55533790df1992aee5c088d4f91593d055c080
Author: Jelte Jansen <jelte at isc.org>
Date:   Thu Apr 14 16:17:15 2011 +0200

    [trac781] test both 'direct' and convenience methods

-----------------------------------------------------------------------

Summary of changes:
 src/lib/crypto/crypto.cc                 |   18 ++++++------
 src/lib/crypto/crypto.h                  |   16 ++++++------
 src/lib/crypto/tests/crypto_unittests.cc |   41 ++++++++++++++++++++++++++++-
 3 files changed, 56 insertions(+), 19 deletions(-)

-----------------------------------------------------------------------
diff --git a/src/lib/crypto/crypto.cc b/src/lib/crypto/crypto.cc
index f0ebea7..1e5cecb 100644
--- a/src/lib/crypto/crypto.cc
+++ b/src/lib/crypto/crypto.cc
@@ -82,12 +82,12 @@ public:
 
     ~HMACImpl() { delete hmac_; }
 
-    void update(const void* data, size_t len) {
+    void update(const void* data, const size_t len) {
         // update the data from whatever we get (probably as a buffer)
         hmac_->update(static_cast<const Botan::byte*>(data), len);
     }
 
-    void sign(isc::dns::OutputBuffer& result) {
+    void sign(isc::dns::OutputBuffer& result) const {
         // And generate the mac
         Botan::SecureVector<Botan::byte> b_result(hmac_->final());
     
@@ -95,7 +95,7 @@ public:
         result.writeData(b_result.begin(), b_result.size());
     }
     
-    bool verify(const void* sig, size_t len) {
+    bool verify(const void* sig, const size_t len) const {
         return (hmac_->verify_mac(static_cast<const Botan::byte*>(sig), len));
     }
 
@@ -112,22 +112,22 @@ HMAC::~HMAC() {
 }
 
 void
-HMAC::update(const void* data, size_t len) {
+HMAC::update(const void* data, const size_t len) {
     impl_->update(data, len);
 }
 
 void
-HMAC::sign(isc::dns::OutputBuffer& result) {
+HMAC::sign(isc::dns::OutputBuffer& result) const {
     impl_->sign(result);
 }
 
 bool
-HMAC::verify(const void* sig, size_t len) {
+HMAC::verify(const void* sig, const size_t len) const {
     return (impl_->verify(sig, len));
 }
 
 void
-signHMAC(const void* data, size_t data_len, TSIGKey key,
+signHMAC(const void* data, size_t data_len, const TSIGKey& key,
          isc::dns::OutputBuffer& result)
 {
     HMAC hmac(key);
@@ -137,8 +137,8 @@ signHMAC(const void* data, size_t data_len, TSIGKey key,
 
 
 bool
-verifyHMAC(const void* data, size_t data_len, TSIGKey key,
-           const void* sig, size_t sig_len)
+verifyHMAC(const void* data, const size_t data_len, const TSIGKey& key,
+           const void* sig, const size_t sig_len)
 {
     HMAC hmac(key);
     hmac.update(data, data_len);
diff --git a/src/lib/crypto/crypto.h b/src/lib/crypto/crypto.h
index 53f1605..8597c23 100644
--- a/src/lib/crypto/crypto.h
+++ b/src/lib/crypto/crypto.h
@@ -77,21 +77,21 @@ public:
     ///
     /// \param data The data to add
     /// \param len The size of the data
-    void update(const void* data, size_t len);
+    void update(const void* data, const size_t len);
 
     /// \brief Calculate the final signature
     ///
     /// The result will be appended to the given outputbuffer
     ///
     /// \param result The OutputBuffer to append the result to
-    void sign(isc::dns::OutputBuffer& result);
+    void sign(isc::dns::OutputBuffer& result) const;
 
     /// \brief Verify an existing signature
     ///
     /// \param sig The signature to verify
     /// \param len The length of the sig
     /// \return true if the signature is correct, false otherwise
-    bool verify(const void* sig, size_t len);
+    bool verify(const void* sig, size_t len) const;
 
 private:
     HMACImpl* impl_;
@@ -114,8 +114,8 @@ private:
 /// \param key The TSIGKey to sign with
 /// \param result The signature will be appended to this buffer
 void signHMAC(const void* data,
-              size_t data_len,
-              isc::dns::TSIGKey key,
+              const size_t data_len,
+              const isc::dns::TSIGKey& key,
               isc::dns::OutputBuffer& result);
 
 /// \brief Verify an HMAC signature for the given data
@@ -136,10 +136,10 @@ void signHMAC(const void* data,
 /// \param mac The signature to verify
 /// \return True if the signature verifies, false if not
 bool verifyHMAC(const void* data,
-                size_t data_len,
-                isc::dns::TSIGKey key,
+                const size_t data_len,
+                const isc::dns::TSIGKey& key,
                 const void* sig,
-                size_t sig_len);
+                const size_t sig_len);
 
 } // namespace crypto
 } // namespace isc
diff --git a/src/lib/crypto/tests/crypto_unittests.cc b/src/lib/crypto/tests/crypto_unittests.cc
index 057622f..d857be7 100644
--- a/src/lib/crypto/tests/crypto_unittests.cc
+++ b/src/lib/crypto/tests/crypto_unittests.cc
@@ -32,8 +32,9 @@ namespace {
         }
     }
 
-    void doHMACTest(std::string data, std::string key_str,
-                    uint8_t* expected_hmac, size_t hmac_len) {
+    // Sign and verify with the convenience functions
+    void doHMACTestConv(std::string data, std::string key_str,
+                        uint8_t* expected_hmac, size_t hmac_len) {
         OutputBuffer data_buf(data.size());
         data_buf.writeData(data.c_str(), data.size());
         OutputBuffer hmac_sig(1);
@@ -59,6 +60,42 @@ namespace {
                                key, hmac_sig.getData(),
                                hmac_sig.getLength()));
     }
+
+    // Sign and verify with an instantiation of an HMAC object
+    void doHMACTestDirect(std::string data, std::string key_str,
+                          uint8_t* expected_hmac, size_t hmac_len) {
+        OutputBuffer data_buf(data.size());
+        data_buf.writeData(data.c_str(), data.size());
+        OutputBuffer hmac_sig(1);
+
+        TSIGKey key(key_str);
+
+        // Sign it
+        HMAC hmac_sign(key);
+        hmac_sign.update(data_buf.getData(), data_buf.getLength());
+        hmac_sign.sign(hmac_sig);
+
+        // Check if the signature is what we expect
+        checkBuffer(hmac_sig, expected_hmac, hmac_len);
+
+        // Check whether we can verify it ourselves
+        HMAC hmac_verify(key);
+        hmac_verify.update(data_buf.getData(), data_buf.getLength());
+        EXPECT_TRUE(hmac_verify.verify(hmac_sig.getData(),
+                                       hmac_sig.getLength()));
+
+        // Change the sig by flipping the first octet, and check
+        // whether verification fails then
+        hmac_sig.writeUint8At(~hmac_sig[0], 0);
+        EXPECT_FALSE(hmac_verify.verify(hmac_sig.getData(),
+                                        hmac_sig.getLength()));
+    }
+
+    void doHMACTest(std::string data, std::string key_str,
+                    uint8_t* expected_hmac, size_t hmac_len) {
+        doHMACTestConv(data, key_str, expected_hmac, hmac_len);
+        doHMACTestDirect(data, key_str, expected_hmac, hmac_len);
+    }
 }
 
 //

More information about the bind10-changes mailing list