BIND 10 master, updated. 27e122bfdd9edcc04e39cbe8a033d89ef36207d3 [trac782] add optional hmac algorithm support
BIND 10 source code commits
bind10-changes at lists.isc.org
Fri May 20 06:10:23 UTC 2011
The branch, master has been updated
via 27e122bfdd9edcc04e39cbe8a033d89ef36207d3 (commit)
via 75340e4d2906762ecd088180087c9229a253e4ed (commit)
via a1420dabc6ace739cb21044184654717a32604a5 (commit)
via cd689c463a59fa5fee72d3f977835e0369eb3650 (commit)
via fd51a1883a332c305fa4015a6210971d3956fc12 (commit)
via fe59cd140491dbc685932bd22440e28c703c1053 (commit)
from d04505cee4d9df2cb9cf9a2909a948589be4ff09 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 27e122bfdd9edcc04e39cbe8a033d89ef36207d3
Merge: d04505cee4d9df2cb9cf9a2909a948589be4ff09 75340e4d2906762ecd088180087c9229a253e4ed
Author: feng <hanfeng at cnnic.cn>
Date: Fri May 20 14:09:32 2011 +0800
[trac782] add optional hmac algorithm support
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 6 +-
src/lib/cryptolink/crypto_hmac.cc | 9 +
src/lib/cryptolink/cryptolink.h | 12 +-
src/lib/cryptolink/tests/crypto_unittests.cc | 297 ++++++++++++++++++++---
src/lib/dns/python/tests/tsigkey_python_test.py | 3 +
src/lib/dns/python/tsigkey_python.cc | 6 +
src/lib/dns/tests/tsigkey_unittest.cc | 12 +
src/lib/dns/tsigkey.cc | 28 +++
src/lib/dns/tsigkey.h | 3 +
9 files changed, 340 insertions(+), 36 deletions(-)
-----------------------------------------------------------------------
diff --git a/ChangeLog b/ChangeLog
index 8425208..cb89cea 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,6 @@
-bind10-devel-20110519 released on May 19, 2011
+243. [func]* feng
+ Add optional hmac algorithm SHA224/384/812.
+ (Trac#782,git 77d792c9d7c1a3f95d3e6a8b721ac79002cd7db1).
242. [func] jinmei
xfrin: added support for TSIG verify. This change completes TSIG
@@ -80,7 +82,7 @@ bind10-devel-20110519 released on May 19, 2011
(Trac #900, git b395258c708b49a5da8d0cffcb48d83294354ba3)
231. [func]* vorner
- The logging interface changed slightly. We use
+ The logging interface changed slightly. We use
logger.foo(MESSAGE_ID).arg(bar); instead of logger.foo(MESSAGE_ID,
bar); internally. The message definitions use '%1,%2,...'
instead of '%s,%d', which allows us to cope better with
diff --git a/src/lib/cryptolink/crypto_hmac.cc b/src/lib/cryptolink/crypto_hmac.cc
index 9aa9d24..2e0800e 100644
--- a/src/lib/cryptolink/crypto_hmac.cc
+++ b/src/lib/cryptolink/crypto_hmac.cc
@@ -36,6 +36,15 @@ getBotanHashAlgorithmName(isc::cryptolink::HashAlgorithm algorithm) {
case isc::cryptolink::SHA256:
return ("SHA-256");
break;
+ case isc::cryptolink::SHA224:
+ return ("SHA-224");
+ break;
+ case isc::cryptolink::SHA384:
+ return ("SHA-384");
+ break;
+ case isc::cryptolink::SHA512:
+ return ("SHA-512");
+ break;
case isc::cryptolink::UNKNOWN_HASH:
return ("Unknown");
break;
diff --git a/src/lib/cryptolink/cryptolink.h b/src/lib/cryptolink/cryptolink.h
index 1583136..d0f7d38 100644
--- a/src/lib/cryptolink/cryptolink.h
+++ b/src/lib/cryptolink/cryptolink.h
@@ -29,15 +29,19 @@ namespace cryptolink {
/// \brief Hash algorithm identifiers
enum HashAlgorithm {
- MD5 = 0, ///< MD5
- SHA1 = 1, ///< SHA-1
- SHA256 = 2, ///< SHA-256
- UNKNOWN_HASH = 3 ///< This value can be used in conversion
+ UNKNOWN_HASH = 0, ///< This value can be used in conversion
/// functions, to be returned when the
/// input is unknown (but a value MUST be
/// returned), for instance when the input
/// is a Name or a string, and the return
/// value is a HashAlgorithm.
+ MD5 = 1, ///< MD5
+ SHA1 = 2, ///< SHA-1
+ SHA256 = 3, ///< SHA-256
+ SHA224 = 4, ///< SHA-224
+ SHA384 = 5, ///< SHA-384
+ SHA512 = 6 ///< SHA-512
+
};
// Forward declaration for createHMAC()
diff --git a/src/lib/cryptolink/tests/crypto_unittests.cc b/src/lib/cryptolink/tests/crypto_unittests.cc
index a1ffaab..9cc4a14 100644
--- a/src/lib/cryptolink/tests/crypto_unittests.cc
+++ b/src/lib/cryptolink/tests/crypto_unittests.cc
@@ -340,19 +340,84 @@ TEST(CryptoLinkTest, DISABLED_HMAC_SHA1_RFC2202_SIGN_TRUNCATED) {
//
// Test values taken from RFC 4231
//
-TEST(CryptoLinkTest, HMAC_SHA256_RFC2202_SIGN) {
- const uint8_t secret[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
- const uint8_t hmac_expected[] = { 0xb0, 0x34, 0x4c, 0x61, 0xd8,
+//
+// Test data from RFC4231, including secret key
+// and source data, they are common for sha224/256/384/512
+// so put them together in seperate space
+namespace {
+ static const uint8_t secret1[] = {
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
+ };
+
+ static const uint8_t secret2[] = "Jefe";
+ static const uint8_t secret3[] = {
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa
+ };
+ static const uint8_t secret4[] = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+ 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
+ 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12,
+ 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+ 0x19
+ };
+ static const uint8_t secret5[] = {
+ 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
+ 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
+ 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
+ 0x0c, 0x0c
+ };
+
+ static uint8_t secret6[131];
+ static uint8_t secret7[131];
+
+ static const std::string data1("Hi There");
+ static const std::string data2("what do ya want for nothing?");
+ static const std::string data3(std::string(50, 0xdd));
+ static const std::string data4(std::string(50, 0xcd));
+ static const std::string data5("Test With Truncation");
+ static const std::string data6("Test Using Larger Than Block-Size Key - Hash Key First");
+ static const std::string data7("This is a test using a larger than block-size key and a"
+ " larger than block-size data. The key needs to be hashe"
+ "d before being used by the HMAC algorithm.");
+#define SECRECT(n) secret##n
+#define DATA(n) data##n
+#define HMAC_EXPECTED(n) hmac_expected##n
+
+#define RUN_NTH_TEST_CASE_FOR_ALG(index, hash_algorithm) do {\
+ doHMACTest(DATA(index), \
+ SECRECT(index), sizeof(SECRECT(index)), \
+ (hash_algorithm), HMAC_EXPECTED(index), \
+ sizeof(HMAC_EXPECTED(index)));\
+ }while(0)
+
+#define RUN_TEST_CASES_FOR_ALG(alg) do {\
+ memcpy(secret6, std::string(131, 0xaa).c_str(), 131); \
+ memcpy(secret7, std::string(131, 0xaa).c_str(), 131); \
+ RUN_NTH_TEST_CASE_FOR_ALG(1, alg); \
+ RUN_NTH_TEST_CASE_FOR_ALG(2, alg); \
+ RUN_NTH_TEST_CASE_FOR_ALG(3, alg); \
+ RUN_NTH_TEST_CASE_FOR_ALG(4, alg); \
+ RUN_NTH_TEST_CASE_FOR_ALG(5, alg); \
+ RUN_NTH_TEST_CASE_FOR_ALG(6, alg); \
+ RUN_NTH_TEST_CASE_FOR_ALG(7, alg); \
+ }while(0)
+
+
+};
+
+TEST(CryptoLinkTest, HMAC_SHA256_RFC4231_SIGN) {
+ const uint8_t hmac_expected1[] = { 0xb0, 0x34, 0x4c, 0x61, 0xd8,
0xdb, 0x38, 0x53, 0x5c, 0xa8,
0xaf, 0xce, 0xaf, 0x0b, 0xf1,
0x2b, 0x88, 0x1d, 0xc2, 0x00,
0xc9, 0x83, 0x3d, 0xa7, 0x26,
0xe9, 0x37, 0x6c, 0x2e, 0x32,
0xcf, 0xf7 };
- doHMACTest("Hi There", secret, 20, SHA256, hmac_expected, 32);
-
const uint8_t hmac_expected2[] = { 0x5b, 0xdc, 0xc1, 0x46, 0xbf,
0x60, 0x75, 0x4e, 0x6a, 0x04,
0x24, 0x26, 0x08, 0x95, 0x75,
@@ -360,13 +425,6 @@ TEST(CryptoLinkTest, HMAC_SHA256_RFC2202_SIGN) {
0x9d, 0x27, 0x39, 0x83, 0x9d,
0xec, 0x58, 0xb9, 0x64, 0xec,
0x38, 0x43 };
- doHMACTest("what do ya want for nothing?", "Jefe", 4, SHA256,
- hmac_expected2, 32);
-
- const uint8_t secret3[] = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa };
const uint8_t hmac_expected3[] = { 0x77, 0x3e, 0xa9, 0x1e, 0x36,
0x80, 0x0e, 0x46, 0x85, 0x4d,
0xb8, 0xeb, 0xd0, 0x91, 0x81,
@@ -374,13 +432,6 @@ TEST(CryptoLinkTest, HMAC_SHA256_RFC2202_SIGN) {
0x3e, 0xf8, 0xc1, 0x22, 0xd9,
0x63, 0x55, 0x14, 0xce, 0xd5,
0x65, 0xfe };
- doHMACTest(std::string(50, 0xdd), secret3, 20, SHA256, hmac_expected3, 32);
-
- const uint8_t secret4[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
- 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
- 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12,
- 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
- 0x19 };
const uint8_t hmac_expected4[] = { 0x82, 0x55, 0x8a, 0x38, 0x9a,
0x44, 0x3c, 0x0e, 0xa4, 0xcc,
0x81, 0x98, 0x99, 0xf2, 0x08,
@@ -388,8 +439,10 @@ TEST(CryptoLinkTest, HMAC_SHA256_RFC2202_SIGN) {
0xe5, 0x78, 0xf8, 0x07, 0x7a,
0x2e, 0x3f, 0xf4, 0x67, 0x29,
0x66, 0x5b };
- doHMACTest(std::string(50, 0xcd), secret4, 25, SHA256, hmac_expected4, 32);
-
+// const uint8_t hmac_expected5[] = { 0xa3, 0xb6, 0x16, 0x74, 0x73,
+// 0x10, 0x0e, 0xe0, 0x6e, 0x0c,
+// 0x79, 0x6c, 0x29, 0x55, 0x55,
+// 0x2b };
const uint8_t hmac_expected6[] = { 0x60, 0xe4, 0x31, 0x59, 0x1e,
0xe0, 0xb6, 0x7f, 0x0d, 0x8a,
0x26, 0xaa, 0xcb, 0xf5, 0xb7,
@@ -397,9 +450,6 @@ TEST(CryptoLinkTest, HMAC_SHA256_RFC2202_SIGN) {
0x37, 0x28, 0xc5, 0x14, 0x05,
0x46, 0x04, 0x0f, 0x0e, 0xe3,
0x7f, 0x54 };
- doHMACTest("Test Using Larger Than Block-Size Key - Hash Key First",
- std::string(131, 0xaa).c_str(), 131, SHA256, hmac_expected6, 32);
-
const uint8_t hmac_expected7[] = { 0x9b, 0x09, 0xff, 0xa7, 0x1b,
0x94, 0x2f, 0xcb, 0x27, 0x63,
0x5f, 0xbc, 0xd5, 0xb0, 0xe9,
@@ -407,10 +457,197 @@ TEST(CryptoLinkTest, HMAC_SHA256_RFC2202_SIGN) {
0x4f, 0x07, 0x13, 0x93, 0x8a,
0x7f, 0x51, 0x53, 0x5c, 0x3a,
0x35, 0xe2 };
- doHMACTest("This is a test using a larger than block-size key and a"
- " larger than block-size data. The key needs to be hashe"
- "d before being used by the HMAC algorithm.",
- std::string(131, 0xaa).c_str(), 131, SHA256, hmac_expected7, 32);
+
+ memcpy(secret6, std::string(131, 0xaa).c_str(), 131);
+ memcpy(secret7, std::string(131, 0xaa).c_str(), 131);
+ RUN_NTH_TEST_CASE_FOR_ALG(1, SHA256);
+ RUN_NTH_TEST_CASE_FOR_ALG(2, SHA256);
+ RUN_NTH_TEST_CASE_FOR_ALG(3, SHA256);
+ RUN_NTH_TEST_CASE_FOR_ALG(4, SHA256);
+ RUN_NTH_TEST_CASE_FOR_ALG(6, SHA256);
+ RUN_NTH_TEST_CASE_FOR_ALG(7, SHA256);
+
+}
+
+
+//
+// Test values taken from RFC 4231, test optional algorithm 224,384,512
+//
+TEST(CryptoLinkTest, HMAC_SHA224_RFC4231_SIGN) {
+ const uint8_t hmac_expected1[] = {
+ 0x89,0x6f,0xb1,0x12,0x8a,0xbb,0xdf,0x19,0x68,0x32,0x10,0x7c,
+ 0xd4,0x9d,0xf3,0x3f,0x47,0xb4,0xb1,0x16,0x99,0x12,0xba,0x4f,
+ 0x53,0x68,0x4b,0x22
+ };
+ const uint8_t hmac_expected2[] = {
+ 0xa3,0x0e,0x01,0x09,0x8b,0xc6,0xdb,0xbf,0x45,0x69,0x0f,0x3a,
+ 0x7e,0x9e,0x6d,0x0f,0x8b,0xbe,0xa2,0xa3,0x9e,0x61,0x48,0x00,
+ 0x8f,0xd0,0x5e,0x44
+ };
+
+ const uint8_t hmac_expected3[] = {
+ 0x7f,0xb3,0xcb,0x35,0x88,0xc6,0xc1,0xf6,0xff,0xa9,0x69,0x4d,
+ 0x7d,0x6a,0xd2,0x64,0x93,0x65,0xb0,0xc1,0xf6,0x5d,0x69,0xd1,
+ 0xec,0x83,0x33,0xea
+ };
+
+ const uint8_t hmac_expected4[] = {
+ 0x6c,0x11,0x50,0x68,0x74,0x01,0x3c,0xac,0x6a,0x2a,0xbc,0x1b,
+ 0xb3,0x82,0x62,0x7c,0xec,0x6a,0x90,0xd8,0x6e,0xfc,0x01,0x2d,
+ 0xe7,0xaf,0xec,0x5a
+ };
+
+// const uint8_t hmac_expected5[] = {
+// 0x0e,0x2a,0xea,0x68,0xa9,0x0c,0x8d,0x37,0xc9,0x88,0xbc,0xdb,0x9f,
+// 0xca,0x6f,0xa8
+// };
+
+ const uint8_t hmac_expected6[] = {
+ 0x95,0xe9,0xa0,0xdb,0x96,0x20,0x95,0xad,0xae,0xbe,0x9b,0x2d,0x6f,
+ 0x0d,0xbc,0xe2,0xd4,0x99,0xf1,0x12,0xf2,0xd2,0xb7,0x27,0x3f,0xa6,
+ 0x87,0x0e
+ };
+
+ const uint8_t hmac_expected7[] = {
+ 0x3a,0x85,0x41,0x66,0xac,0x5d,0x9f,0x02,0x3f,0x54,0xd5,0x17,0xd0,
+ 0xb3,0x9d,0xbd,0x94,0x67,0x70,0xdb,0x9c,0x2b,0x95,0xc9,0xf6,0xf5,
+ 0x65,0xd1
+ };
+
+ memcpy(secret6, std::string(131, 0xaa).c_str(), 131);
+ memcpy(secret7, std::string(131, 0xaa).c_str(), 131);
+ RUN_NTH_TEST_CASE_FOR_ALG(1, SHA224);
+ RUN_NTH_TEST_CASE_FOR_ALG(2, SHA224);
+ RUN_NTH_TEST_CASE_FOR_ALG(3, SHA224);
+ RUN_NTH_TEST_CASE_FOR_ALG(4, SHA224);
+ RUN_NTH_TEST_CASE_FOR_ALG(6, SHA224);
+ RUN_NTH_TEST_CASE_FOR_ALG(7, SHA224);
+}
+
+
+TEST(CryptoLinkTest, HMAC_SHA384_RFC4231_SIGN) {
+ const uint8_t hmac_expected1[] = {
+ 0xaf,0xd0,0x39,0x44,0xd8,0x48,0x95,0x62,0x6b,0x08,0x25,0xf4,
+ 0xab,0x46,0x90,0x7f,0x15,0xf9,0xda,0xdb,0xe4,0x10,0x1e,0xc6,
+ 0x82,0xaa,0x03,0x4c,0x7c,0xeb,0xc5,0x9c,0xfa,0xea,0x9e,0xa9,
+ 0x07,0x6e,0xde,0x7f,0x4a,0xf1,0x52,0xe8,0xb2,0xfa,0x9c,0xb6
+ };
+
+ const uint8_t hmac_expected2[] = {
+ 0xaf,0x45,0xd2,0xe3,0x76,0x48,0x40,0x31,0x61,0x7f,0x78,0xd2,
+ 0xb5,0x8a,0x6b,0x1b,0x9c,0x7e,0xf4,0x64,0xf5,0xa0,0x1b,0x47,
+ 0xe4,0x2e,0xc3,0x73,0x63,0x22,0x44,0x5e,0x8e,0x22,0x40,0xca,
+ 0x5e,0x69,0xe2,0xc7,0x8b,0x32,0x39,0xec,0xfa,0xb2,0x16,0x49
+ };
+
+ const uint8_t hmac_expected3[] = {
+ 0x88,0x06,0x26,0x08,0xd3,0xe6,0xad,0x8a,0x0a,0xa2,0xac,0xe0,
+ 0x14,0xc8,0xa8,0x6f,0x0a,0xa6,0x35,0xd9,0x47,0xac,0x9f,0xeb,
+ 0xe8,0x3e,0xf4,0xe5,0x59,0x66,0x14,0x4b,0x2a,0x5a,0xb3,0x9d,
+ 0xc1,0x38,0x14,0xb9,0x4e,0x3a,0xb6,0xe1,0x01,0xa3,0x4f,0x27
+ };
+
+ const uint8_t hmac_expected4[] = {
+ 0x3e,0x8a,0x69,0xb7,0x78,0x3c,0x25,0x85,0x19,0x33,0xab,0x62,
+ 0x90,0xaf,0x6c,0xa7,0x7a,0x99,0x81,0x48,0x08,0x50,0x00,0x9c,
+ 0xc5,0x57,0x7c,0x6e,0x1f,0x57,0x3b,0x4e,0x68,0x01,0xdd,0x23,
+ 0xc4,0xa7,0xd6,0x79,0xcc,0xf8,0xa3,0x86,0xc6,0x74,0xcf,0xfb,
+ };
+
+// const uint8_t hmac_expected5[] = {
+// 0x3a,0xbf,0x34,0xc3,0x50,0x3b,0x2a,0x23,0xa4,0x6e,0xfc,0x61,0x9b,
+// 0xae,0xf8,0x97,
+// };
+
+ const uint8_t hmac_expected6[] = {
+ 0x4e,0xce,0x08,0x44,0x85,0x81,0x3e,0x90,0x88,0xd2,0xc6,0x3a,0x04,
+ 0x1b,0xc5,0xb4,0x4f,0x9e,0xf1,0x01,0x2a,0x2b,0x58,0x8f,0x3c,0xd1,
+ 0x1f,0x05,0x03,0x3a,0xc4,0xc6,0x0c,0x2e,0xf6,0xab,0x40,0x30,0xfe,
+ 0x82,0x96,0x24,0x8d,0xf1,0x63,0xf4,0x49,0x52
+ };
+
+ const uint8_t hmac_expected7[] = {
+ 0x66,0x17,0x17,0x8e,0x94,0x1f,0x02,0x0d,0x35,0x1e,0x2f,0x25,0x4e,
+ 0x8f,0xd3,0x2c,0x60,0x24,0x20,0xfe,0xb0,0xb8,0xfb,0x9a,0xdc,0xce,
+ 0xbb,0x82,0x46,0x1e,0x99,0xc5,0xa6,0x78,0xcc,0x31,0xe7,0x99,0x17,
+ 0x6d,0x38,0x60,0xe6,0x11,0x0c,0x46,0x52,0x3e
+ };
+
+ memcpy(secret6, std::string(131, 0xaa).c_str(), 131);
+ memcpy(secret7, std::string(131, 0xaa).c_str(), 131);
+ RUN_NTH_TEST_CASE_FOR_ALG(1, SHA384);
+ RUN_NTH_TEST_CASE_FOR_ALG(2, SHA384);
+ RUN_NTH_TEST_CASE_FOR_ALG(3, SHA384);
+ RUN_NTH_TEST_CASE_FOR_ALG(4, SHA384);
+ RUN_NTH_TEST_CASE_FOR_ALG(6, SHA384);
+ RUN_NTH_TEST_CASE_FOR_ALG(7, SHA384);
+}
+
+TEST(CryptoLinkTest, HMAC_SHA512_RFC4231_SIGN) {
+ const uint8_t hmac_expected1[] = {
+ 0x87,0xaa,0x7c,0xde,0xa5,0xef,0x61,0x9d,0x4f,0xf0,0xb4,0x24,
+ 0x1a,0x1d,0x6c,0xb0,0x23,0x79,0xf4,0xe2,0xce,0x4e,0xc2,0x78,
+ 0x7a,0xd0,0xb3,0x05,0x45,0xe1,0x7c,0xde,0xda,0xa8,0x33,0xb7,
+ 0xd6,0xb8,0xa7,0x02,0x03,0x8b,0x27,0x4e,0xae,0xa3,0xf4,0xe4,
+ 0xbe,0x9d,0x91,0x4e,0xeb,0x61,0xf1,0x70,0x2e,0x69,0x6c,0x20,
+ 0x3a,0x12,0x68,0x54
+ };
+ const uint8_t hmac_expected2[] = {
+ 0x16,0x4b,0x7a,0x7b,0xfc,0xf8,0x19,0xe2,0xe3,0x95,0xfb,0xe7,
+ 0x3b,0x56,0xe0,0xa3,0x87,0xbd,0x64,0x22,0x2e,0x83,0x1f,0xd6,
+ 0x10,0x27,0x0c,0xd7,0xea,0x25,0x05,0x54,0x97,0x58,0xbf,0x75,
+ 0xc0,0x5a,0x99,0x4a,0x6d,0x03,0x4f,0x65,0xf8,0xf0,0xe6,0xfd,
+ 0xca,0xea,0xb1,0xa3,0x4d,0x4a,0x6b,0x4b,0x63,0x6e,0x07,0x0a,
+ 0x38,0xbc,0xe7,0x37
+ };
+
+ const uint8_t hmac_expected3[] = {
+ 0xfa,0x73,0xb0,0x08,0x9d,0x56,0xa2,0x84,0xef,0xb0,0xf0,0x75,
+ 0x6c,0x89,0x0b,0xe9,0xb1,0xb5,0xdb,0xdd,0x8e,0xe8,0x1a,0x36,
+ 0x55,0xf8,0x3e,0x33,0xb2,0x27,0x9d,0x39,0xbf,0x3e,0x84,0x82,
+ 0x79,0xa7,0x22,0xc8,0x06,0xb4,0x85,0xa4,0x7e,0x67,0xc8,0x07,
+ 0xb9,0x46,0xa3,0x37,0xbe,0xe8,0x94,0x26,0x74,0x27,0x88,0x59,
+ 0xe1,0x32,0x92,0xfb
+ };
+
+ const uint8_t hmac_expected4[] = {
+ 0xb0,0xba,0x46,0x56,0x37,0x45,0x8c,0x69,0x90,0xe5,0xa8,0xc5,
+ 0xf6,0x1d,0x4a,0xf7,0xe5,0x76,0xd9,0x7f,0xf9,0x4b,0x87,0x2d,
+ 0xe7,0x6f,0x80,0x50,0x36,0x1e,0xe3,0xdb,0xa9,0x1c,0xa5,0xc1,
+ 0x1a,0xa2,0x5e,0xb4,0xd6,0x79,0x27,0x5c,0xc5,0x78,0x80,0x63,
+ 0xa5,0xf1,0x97,0x41,0x12,0x0c,0x4f,0x2d,0xe2,0xad,0xeb,0xeb,
+ 0x10,0xa2,0x98,0xdd
+ };
+
+// const uint8_t hmac_expected5[] = {
+// 0x41,0x5f,0xad,0x62,0x71,0x58,0x0a,0x53,0x1d,0x41,0x79,0xbc,0x89,
+// 0x1d,0x87,0xa6,
+// };
+
+ const uint8_t hmac_expected6[] = {
+ 0x80,0xb2,0x42,0x63,0xc7,0xc1,0xa3,0xeb,0xb7,0x14,0x93,0xc1,0xdd,
+ 0x7b,0xe8,0xb4,0x9b,0x46,0xd1,0xf4,0x1b,0x4a,0xee,0xc1,0x12,0x1b,
+ 0x01,0x37,0x83,0xf8,0xf3,0x52,0x6b,0x56,0xd0,0x37,0xe0,0x5f,0x25,
+ 0x98,0xbd,0x0f,0xd2,0x21,0x5d,0x6a,0x1e,0x52,0x95,0xe6,0x4f,0x73,
+ 0xf6,0x3f,0x0a,0xec,0x8b,0x91,0x5a,0x98,0x5d,0x78,0x65,0x98
+ };
+
+ const uint8_t hmac_expected7[] = {
+ 0xe3,0x7b,0x6a,0x77,0x5d,0xc8,0x7d,0xba,0xa4,0xdf,0xa9,0xf9,0x6e,
+ 0x5e,0x3f,0xfd,0xde,0xbd,0x71,0xf8,0x86,0x72,0x89,0x86,0x5d,0xf5,
+ 0xa3,0x2d,0x20,0xcd,0xc9,0x44,0xb6,0x02,0x2c,0xac,0x3c,0x49,0x82,
+ 0xb1,0x0d,0x5e,0xeb,0x55,0xc3,0xe4,0xde,0x15,0x13,0x46,0x76,0xfb,
+ 0x6d,0xe0,0x44,0x60,0x65,0xc9,0x74,0x40,0xfa,0x8c,0x6a,0x58
+ };
+
+ memcpy(secret6, std::string(131, 0xaa).c_str(), 131);
+ memcpy(secret7, std::string(131, 0xaa).c_str(), 131);
+ RUN_NTH_TEST_CASE_FOR_ALG(1, SHA512);
+ RUN_NTH_TEST_CASE_FOR_ALG(2, SHA512);
+ RUN_NTH_TEST_CASE_FOR_ALG(3, SHA512);
+ RUN_NTH_TEST_CASE_FOR_ALG(4, SHA512);
+ RUN_NTH_TEST_CASE_FOR_ALG(6, SHA512);
+ RUN_NTH_TEST_CASE_FOR_ALG(7, SHA512);
}
TEST(CryptoLinkTest, DISABLED_HMAC_SHA256_RFC2202_SIGN_TRUNCATED) {
diff --git a/src/lib/dns/python/tests/tsigkey_python_test.py b/src/lib/dns/python/tests/tsigkey_python_test.py
index 305c8dd..516bea4 100644
--- a/src/lib/dns/python/tests/tsigkey_python_test.py
+++ b/src/lib/dns/python/tests/tsigkey_python_test.py
@@ -25,6 +25,9 @@ class TSIGKeyTest(unittest.TestCase):
TSIGKey.HMACMD5_NAME)
self.assertEqual(Name('hmac-sha1'), TSIGKey.HMACSHA1_NAME)
self.assertEqual(Name('hmac-sha256'), TSIGKey.HMACSHA256_NAME)
+ self.assertEqual(Name('hmac-sha224'), TSIGKey.HMACSHA224_NAME)
+ self.assertEqual(Name('hmac-sha384'), TSIGKey.HMACSHA384_NAME)
+ self.assertEqual(Name('hmac-sha512'), TSIGKey.HMACSHA512_NAME)
def test_init(self):
key = TSIGKey(self.key_name, TSIGKey.HMACMD5_NAME, self.secret)
diff --git a/src/lib/dns/python/tsigkey_python.cc b/src/lib/dns/python/tsigkey_python.cc
index 875a2c1..f0906cb 100644
--- a/src/lib/dns/python/tsigkey_python.cc
+++ b/src/lib/dns/python/tsigkey_python.cc
@@ -256,6 +256,12 @@ initModulePart_TSIGKey(PyObject* mod) {
createNameObject(TSIGKey::HMACSHA1_NAME()));
installClassVariable(tsigkey_type, "HMACSHA256_NAME",
createNameObject(TSIGKey::HMACSHA256_NAME()));
+ installClassVariable(tsigkey_type, "HMACSHA224_NAME",
+ createNameObject(TSIGKey::HMACSHA224_NAME()));
+ installClassVariable(tsigkey_type, "HMACSHA384_NAME",
+ createNameObject(TSIGKey::HMACSHA384_NAME()));
+ installClassVariable(tsigkey_type, "HMACSHA512_NAME",
+ createNameObject(TSIGKey::HMACSHA512_NAME()));
} catch (const exception& ex) {
const string ex_what =
"Unexpected failure in TSIGKey initialization: " +
diff --git a/src/lib/dns/tests/tsigkey_unittest.cc b/src/lib/dns/tests/tsigkey_unittest.cc
index dac3c49..20ee802 100644
--- a/src/lib/dns/tests/tsigkey_unittest.cc
+++ b/src/lib/dns/tests/tsigkey_unittest.cc
@@ -40,6 +40,9 @@ TEST_F(TSIGKeyTest, algorithmNames) {
EXPECT_EQ(Name("hmac-md5.sig-alg.reg.int"), TSIGKey::HMACMD5_NAME());
EXPECT_EQ(Name("hmac-sha1"), TSIGKey::HMACSHA1_NAME());
EXPECT_EQ(Name("hmac-sha256"), TSIGKey::HMACSHA256_NAME());
+ EXPECT_EQ(Name("hmac-sha224"), TSIGKey::HMACSHA224_NAME());
+ EXPECT_EQ(Name("hmac-sha384"), TSIGKey::HMACSHA384_NAME());
+ EXPECT_EQ(Name("hmac-sha512"), TSIGKey::HMACSHA512_NAME());
// Also check conversion to cryptolink definitions
EXPECT_EQ(isc::cryptolink::MD5, TSIGKey(key_name, TSIGKey::HMACMD5_NAME(),
@@ -49,6 +52,15 @@ TEST_F(TSIGKeyTest, algorithmNames) {
EXPECT_EQ(isc::cryptolink::SHA256, TSIGKey(key_name,
TSIGKey::HMACSHA256_NAME(),
NULL, 0).getAlgorithm());
+ EXPECT_EQ(isc::cryptolink::SHA224, TSIGKey(key_name,
+ TSIGKey::HMACSHA224_NAME(),
+ NULL, 0).getAlgorithm());
+ EXPECT_EQ(isc::cryptolink::SHA384, TSIGKey(key_name,
+ TSIGKey::HMACSHA384_NAME(),
+ NULL, 0).getAlgorithm());
+ EXPECT_EQ(isc::cryptolink::SHA512, TSIGKey(key_name,
+ TSIGKey::HMACSHA512_NAME(),
+ NULL, 0).getAlgorithm());
}
TEST_F(TSIGKeyTest, construct) {
diff --git a/src/lib/dns/tsigkey.cc b/src/lib/dns/tsigkey.cc
index 4082fbe..d7d60eb 100644
--- a/src/lib/dns/tsigkey.cc
+++ b/src/lib/dns/tsigkey.cc
@@ -42,6 +42,16 @@ namespace {
if (name == TSIGKey::HMACSHA256_NAME()) {
return (isc::cryptolink::SHA256);
}
+ if (name == TSIGKey::HMACSHA224_NAME()) {
+ return (isc::cryptolink::SHA224);
+ }
+ if (name == TSIGKey::HMACSHA384_NAME()) {
+ return (isc::cryptolink::SHA384);
+ }
+ if (name == TSIGKey::HMACSHA512_NAME()) {
+ return (isc::cryptolink::SHA512);
+ }
+
return (isc::cryptolink::UNKNOWN_HASH);
}
}
@@ -207,6 +217,24 @@ Name& TSIGKey::HMACSHA256_NAME() {
return (alg_name);
}
+const
+Name& TSIGKey::HMACSHA224_NAME() {
+ static Name alg_name("hmac-sha224");
+ return (alg_name);
+}
+
+const
+Name& TSIGKey::HMACSHA384_NAME() {
+ static Name alg_name("hmac-sha384");
+ return (alg_name);
+}
+
+const
+Name& TSIGKey::HMACSHA512_NAME() {
+ static Name alg_name("hmac-sha512");
+ return (alg_name);
+}
+
struct TSIGKeyRing::TSIGKeyRingImpl {
typedef map<Name, TSIGKey> TSIGKeyMap;
typedef pair<Name, TSIGKey> NameAndKey;
diff --git a/src/lib/dns/tsigkey.h b/src/lib/dns/tsigkey.h
index f0df709..31211d1 100644
--- a/src/lib/dns/tsigkey.h
+++ b/src/lib/dns/tsigkey.h
@@ -206,6 +206,9 @@ public:
static const Name& HMACMD5_NAME(); ///< HMAC-MD5 (RFC2845)
static const Name& HMACSHA1_NAME(); ///< HMAC-SHA1 (RFC4635)
static const Name& HMACSHA256_NAME(); ///< HMAC-SHA256 (RFC4635)
+ static const Name& HMACSHA224_NAME(); ///< HMAC-SHA256 (RFC4635)
+ static const Name& HMACSHA384_NAME(); ///< HMAC-SHA256 (RFC4635)
+ static const Name& HMACSHA512_NAME(); ///< HMAC-SHA256 (RFC4635)
//@}
private:
More information about the bind10-changes
mailing list