Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
Kea
Commits
55d2df9d
Commit
55d2df9d
authored
Dec 24, 2014
by
Francis Dupont
Browse files
[master] merge cryptolink API cleanup (trac3606a)
parent
1e44d65c
Changes
13
Hide whitespace changes
Inline
Side-by-side
ChangeLog
View file @
55d2df9d
870. [func] fdupont
Cleanup the cryptolink API (e.g., removing spurious 'magic'
zero length parameters).
(Trac #3606, git ...)
869. [func] tomek
'mac-sources' configuration parameter added. The DHCPv6 server
can now be configured to use various MAC/Hardware address
...
...
src/lib/cryptolink/botan_hash.cc
View file @
55d2df9d
...
...
@@ -115,7 +115,7 @@ public:
try
{
Botan
::
SecureVector
<
Botan
::
byte
>
b_result
(
hash_
->
final
());
if
(
len
==
0
||
len
>
b_result
.
size
())
{
if
(
len
>
b_result
.
size
())
{
len
=
b_result
.
size
();
}
result
.
writeData
(
b_result
.
begin
(),
len
);
...
...
@@ -146,7 +146,7 @@ public:
std
::
vector
<
uint8_t
>
final
(
size_t
len
)
{
try
{
Botan
::
SecureVector
<
Botan
::
byte
>
b_result
(
hash_
->
final
());
if
(
len
==
0
||
len
>
b_result
.
size
())
{
if
(
len
>
b_result
.
size
())
{
return
(
std
::
vector
<
uint8_t
>
(
b_result
.
begin
(),
b_result
.
end
()));
}
else
{
return
(
std
::
vector
<
uint8_t
>
(
b_result
.
begin
(),
&
b_result
[
len
]));
...
...
src/lib/cryptolink/botan_hmac.cc
View file @
55d2df9d
...
...
@@ -128,7 +128,7 @@ public:
try
{
Botan
::
SecureVector
<
Botan
::
byte
>
b_result
(
hmac_
->
final
());
if
(
len
==
0
||
len
>
b_result
.
size
())
{
if
(
len
>
b_result
.
size
())
{
len
=
b_result
.
size
();
}
result
.
writeData
(
b_result
.
begin
(),
len
);
...
...
@@ -159,7 +159,7 @@ public:
std
::
vector
<
uint8_t
>
sign
(
size_t
len
)
{
try
{
Botan
::
SecureVector
<
Botan
::
byte
>
b_result
(
hmac_
->
final
());
if
(
len
==
0
||
len
>
b_result
.
size
())
{
if
(
len
>
b_result
.
size
())
{
return
(
std
::
vector
<
uint8_t
>
(
b_result
.
begin
(),
b_result
.
end
()));
}
else
{
return
(
std
::
vector
<
uint8_t
>
(
b_result
.
begin
(),
&
b_result
[
len
]));
...
...
@@ -180,10 +180,10 @@ public:
try
{
Botan
::
SecureVector
<
Botan
::
byte
>
our_mac
=
hmac_
->
final
();
size_t
size
=
getOutputLength
();
if
(
len
!=
0
&&
(
len
<
10
||
len
<
size
/
2
)
)
{
if
(
len
<
10
||
len
<
size
/
2
)
{
return
(
false
);
}
if
(
len
==
0
||
len
>
size
)
{
if
(
len
>
size
)
{
len
=
size
;
}
return
(
Botan
::
same_mem
(
&
our_mac
[
0
],
...
...
src/lib/cryptolink/crypto_hash.cc
View file @
55d2df9d
...
...
@@ -30,6 +30,9 @@ digest(const void* data, const size_t data_len,
boost
::
scoped_ptr
<
Hash
>
hash
(
CryptoLink
::
getCryptoLink
().
createHash
(
hash_algorithm
));
hash
->
update
(
data
,
data_len
);
if
(
len
==
0
)
{
len
=
hash
->
getOutputLength
();
}
hash
->
final
(
result
,
len
);
}
...
...
src/lib/cryptolink/crypto_hash.h
View file @
55d2df9d
...
...
@@ -74,9 +74,9 @@ public:
/// \param result The OutputBuffer to append the result to
/// \param len The number of bytes from the result to copy. If this
/// value is smaller than the algorithms output size, the
/// result will be truncated. If this value is larger,
or 0
///
(the default), it
will be
ignor
ed
void
final
(
isc
::
util
::
OutputBuffer
&
result
,
size_t
len
=
0
);
/// result will be truncated. If this value is larger,
///
only output size bytes
will be
copi
ed
void
final
(
isc
::
util
::
OutputBuffer
&
result
,
size_t
len
);
/// \brief Calculate the final digest
///
...
...
@@ -103,10 +103,10 @@ public:
///
/// \param len The number of bytes from the result to copy. If this
/// value is smaller than the algorithms output size, the
/// result will be truncated. If this value is larger,
or 0
///
(the default), it
will be
ignor
ed
/// result will be truncated. If this value is larger,
///
only output size bytes
will be
copi
ed
/// \return a vector containing the signature
std
::
vector
<
uint8_t
>
final
(
size_t
len
=
0
);
std
::
vector
<
uint8_t
>
final
(
size_t
len
);
private:
HashImpl
*
impl_
;
...
...
@@ -128,8 +128,9 @@ private:
/// \param data_len The length of the data
/// \param hash_algorithm The hash algorithm
/// \param result The digest will be appended to this buffer
/// \param len If this is non-zero and less than the output size,
/// the result will be truncated to len bytes
/// \param len If this is non-zero and less than the output size, the result
/// will be truncated to len bytes. If greater than output size
/// (or equal to zero) only output size bytes are written
void
digest
(
const
void
*
data
,
const
size_t
data_len
,
const
HashAlgorithm
hash_algorithm
,
...
...
src/lib/cryptolink/crypto_hmac.cc
View file @
55d2df9d
...
...
@@ -32,6 +32,9 @@ signHMAC(const void* data, const size_t data_len, const void* secret,
secret_len
,
hash_algorithm
));
hmac
->
update
(
data
,
data_len
);
if
(
len
==
0
)
{
len
=
hmac
->
getOutputLength
();
}
hmac
->
sign
(
result
,
len
);
}
...
...
@@ -46,7 +49,11 @@ verifyHMAC(const void* data, const size_t data_len, const void* secret,
secret_len
,
hash_algorithm
));
hmac
->
update
(
data
,
data_len
);
return
(
hmac
->
verify
(
sig
,
sig_len
));
size_t
len
=
sig_len
;
if
(
len
==
0
)
{
len
=
hmac
->
getOutputLength
();
}
return
(
hmac
->
verify
(
sig
,
len
));
}
void
...
...
src/lib/cryptolink/crypto_hmac.h
View file @
55d2df9d
...
...
@@ -84,9 +84,9 @@ public:
/// \param result The OutputBuffer to append the result to
/// \param len The number of bytes from the result to copy. If this
/// value is smaller than the algorithms output size, the
/// result will be truncated. If this value is larger,
or 0
///
(the default), it
will be
ignor
ed
void
sign
(
isc
::
util
::
OutputBuffer
&
result
,
size_t
len
=
0
);
/// result will be truncated. If this value is larger,
///
only output size bytes
will be
copi
ed
void
sign
(
isc
::
util
::
OutputBuffer
&
result
,
size_t
len
);
/// \brief Calculate the final signature
///
...
...
@@ -110,10 +110,10 @@ public:
///
/// \param len The number of bytes from the result to copy. If this
/// value is smaller than the algorithms output size, the
/// result will be truncated. If this value is larger,
or 0
///
(the default), it
will be
ignor
ed
/// result will be truncated. If this value is larger,
///
only output size bytes
will be
copi
ed
/// \return a vector containing the signature
std
::
vector
<
uint8_t
>
sign
(
size_t
len
=
0
);
std
::
vector
<
uint8_t
>
sign
(
size_t
len
);
/// \brief Verify an existing signature
///
...
...
@@ -121,8 +121,8 @@ public:
/// in the underlying library
///
/// \param sig The signature to verify
/// \param len The length of the signature. If this is
non-zero,
///
and smaller
than the output length of the algorithm,
/// \param len The length of the signature. If this is
smaller
/// than the output length of the algorithm,
/// only len bytes will be checked
/// \return true if the signature is correct, false otherwise
///
...
...
@@ -136,7 +136,7 @@ private:
/// \brief Create an HMAC signature for the given data
///
/// This is a convenience function that calculates the
hmac
signature,
/// This is a convenience function that calculates the
HMAC
signature,
/// given a fixed amount of data. Internally it does the same as
/// creating an HMAC object, feeding it the data, and calculating the
/// resulting signature.
...
...
@@ -158,8 +158,9 @@ private:
/// \param secret_len The length of the secret
/// \param hash_algorithm The hash algorithm
/// \param result The signature will be appended to this buffer
/// \param len If this is non-zero and less than the output size,
/// the result will be truncated to len bytes
/// \param len If this is non-zero and less than the output size, the result
/// will be truncated to len bytes. If greater than output size
/// (or equal to zero) only output size bytes are written
void
signHMAC
(
const
void
*
data
,
const
size_t
data_len
,
const
void
*
secret
,
...
...
@@ -173,7 +174,8 @@ void signHMAC(const void* data,
/// This is a convenience function that verifies an hmac signature,
/// given a fixed amount of data. Internally it does the same as
/// creating an HMAC object, feeding it the data, and checking the
/// resulting signature.
/// resulting signature at the exception a zero sig_len is
/// internally replaced by the output size.
///
/// \exception UnsupportedAlgorithm if the given algorithm is unknown
/// or not supported by the underlying library
...
...
src/lib/cryptolink/openssl_hash.cc
View file @
55d2df9d
...
...
@@ -105,7 +105,7 @@ public:
size_t
size
=
getOutputLength
();
std
::
vector
<
unsigned
char
>
digest
(
size
);
EVP_DigestFinal_ex
(
md_
.
get
(),
&
digest
[
0
],
NULL
);
if
(
len
==
0
||
len
>
size
)
{
if
(
len
>
size
)
{
len
=
size
;
}
result
.
writeData
(
&
digest
[
0
],
len
);
...
...
@@ -131,7 +131,7 @@ public:
size_t
size
=
getOutputLength
();
std
::
vector
<
unsigned
char
>
digest
(
size
);
EVP_DigestFinal_ex
(
md_
.
get
(),
&
digest
[
0
],
NULL
);
if
(
len
!=
0
&&
len
<
size
)
{
if
(
len
<
size
)
{
digest
.
resize
(
len
);
}
return
(
std
::
vector
<
uint8_t
>
(
digest
.
begin
(),
digest
.
end
()));
...
...
src/lib/cryptolink/openssl_hmac.cc
View file @
55d2df9d
...
...
@@ -89,7 +89,7 @@ public:
size_t
size
=
getOutputLength
();
ossl
::
SecBuf
<
unsigned
char
>
digest
(
size
);
HMAC_Final
(
md_
.
get
(),
&
digest
[
0
],
NULL
);
if
(
len
==
0
||
len
>
size
)
{
if
(
len
>
size
)
{
len
=
size
;
}
result
.
writeData
(
&
digest
[
0
],
len
);
...
...
@@ -115,7 +115,7 @@ public:
size_t
size
=
getOutputLength
();
ossl
::
SecBuf
<
unsigned
char
>
digest
(
size
);
HMAC_Final
(
md_
.
get
(),
&
digest
[
0
],
NULL
);
if
(
len
!=
0
&&
len
<
size
)
{
if
(
len
<
size
)
{
digest
.
resize
(
len
);
}
return
(
std
::
vector
<
uint8_t
>
(
digest
.
begin
(),
digest
.
end
()));
...
...
@@ -126,12 +126,12 @@ public:
/// See @ref isc::cryptolink::HMAC::verify() for details.
bool
verify
(
const
void
*
sig
,
size_t
len
)
{
size_t
size
=
getOutputLength
();
if
(
len
!=
0
&&
(
len
<
10
||
len
<
size
/
2
)
)
{
if
(
len
<
10
||
len
<
size
/
2
)
{
return
(
false
);
}
ossl
::
SecBuf
<
unsigned
char
>
digest
(
size
);
HMAC_Final
(
md_
.
get
(),
&
digest
[
0
],
NULL
);
if
(
len
==
0
||
len
>
size
)
{
if
(
len
>
size
)
{
len
=
size
;
}
return
(
digest
.
same
(
sig
,
len
));
...
...
src/lib/cryptolink/tests/hash_unittests.cc
View file @
55d2df9d
...
...
@@ -130,7 +130,7 @@ namespace {
// note: this is not exception-safe, and can leak, but
// if there is an unexpected exception in the code below we
// have more important things to fix.
boost
::
scoped_array
<
uint8_t
>
result
(
new
uint8_t
[
hash_len
]);
boost
::
scoped_array
<
uint8_t
>
result
(
new
uint8_t
[
hash_len
]);
hash_digest
->
final
(
result
.
get
(),
hash_len
);
checkData
(
result
.
get
(),
expected_hash
,
hash_len
);
...
...
@@ -562,37 +562,31 @@ namespace {
TEST
(
HashTest
,
HashLength
)
{
std
::
vector
<
uint8_t
>
result
;
EXPECT_EQ
(
16
,
digestVectorLength
(
MD5
,
0
));
EXPECT_EQ
(
8
,
digestVectorLength
(
MD5
,
8
));
EXPECT_EQ
(
16
,
digestVectorLength
(
MD5
,
16
));
EXPECT_EQ
(
16
,
digestVectorLength
(
MD5
,
40
));
EXPECT_EQ
(
16
,
digestVectorLength
(
MD5
,
2000
));
EXPECT_EQ
(
20
,
digestBufferLength
(
SHA1
,
0
));
EXPECT_EQ
(
8
,
digestBufferLength
(
SHA1
,
8
));
EXPECT_EQ
(
20
,
digestBufferLength
(
SHA1
,
20
));
EXPECT_EQ
(
20
,
digestBufferLength
(
SHA1
,
40
));
EXPECT_EQ
(
20
,
digestBufferLength
(
SHA1
,
2000
));
EXPECT_EQ
(
32
,
digestBufferLength
(
SHA256
,
0
));
EXPECT_EQ
(
8
,
digestBufferLength
(
SHA256
,
8
));
EXPECT_EQ
(
32
,
digestBufferLength
(
SHA256
,
32
));
EXPECT_EQ
(
32
,
digestBufferLength
(
SHA256
,
40
));
EXPECT_EQ
(
32
,
digestBufferLength
(
SHA256
,
3200
));
EXPECT_EQ
(
16
,
digestBufferLength
(
MD5
,
0
));
EXPECT_EQ
(
8
,
digestBufferLength
(
MD5
,
8
));
EXPECT_EQ
(
16
,
digestBufferLength
(
MD5
,
16
));
EXPECT_EQ
(
16
,
digestBufferLength
(
MD5
,
40
));
EXPECT_EQ
(
16
,
digestBufferLength
(
MD5
,
2000
));
EXPECT_EQ
(
20
,
digestBufferLength
(
SHA1
,
0
));
EXPECT_EQ
(
8
,
digestBufferLength
(
SHA1
,
8
));
EXPECT_EQ
(
20
,
digestBufferLength
(
SHA1
,
20
));
EXPECT_EQ
(
20
,
digestBufferLength
(
SHA1
,
40
));
EXPECT_EQ
(
20
,
digestBufferLength
(
SHA1
,
2000
));
EXPECT_EQ
(
32
,
digestBufferLength
(
SHA256
,
0
));
EXPECT_EQ
(
8
,
digestBufferLength
(
SHA256
,
8
));
EXPECT_EQ
(
32
,
digestBufferLength
(
SHA256
,
32
));
EXPECT_EQ
(
32
,
digestBufferLength
(
SHA256
,
40
));
...
...
src/lib/cryptolink/tests/hmac_unittests.cc
View file @
55d2df9d
...
...
@@ -602,37 +602,31 @@ namespace {
TEST
(
HMACTest
,
HMACSigLengthArgument
)
{
std
::
vector
<
uint8_t
>
sig
;
EXPECT_EQ
(
16
,
sigVectorLength
(
MD5
,
0
));
EXPECT_EQ
(
8
,
sigVectorLength
(
MD5
,
8
));
EXPECT_EQ
(
16
,
sigVectorLength
(
MD5
,
16
));
EXPECT_EQ
(
16
,
sigVectorLength
(
MD5
,
40
));
EXPECT_EQ
(
16
,
sigVectorLength
(
MD5
,
2000
));
EXPECT_EQ
(
20
,
sigBufferLength
(
SHA1
,
0
));
EXPECT_EQ
(
8
,
sigBufferLength
(
SHA1
,
8
));
EXPECT_EQ
(
20
,
sigBufferLength
(
SHA1
,
20
));
EXPECT_EQ
(
20
,
sigBufferLength
(
SHA1
,
40
));
EXPECT_EQ
(
20
,
sigBufferLength
(
SHA1
,
2000
));
EXPECT_EQ
(
32
,
sigBufferLength
(
SHA256
,
0
));
EXPECT_EQ
(
8
,
sigBufferLength
(
SHA256
,
8
));
EXPECT_EQ
(
32
,
sigBufferLength
(
SHA256
,
32
));
EXPECT_EQ
(
32
,
sigBufferLength
(
SHA256
,
40
));
EXPECT_EQ
(
32
,
sigBufferLength
(
SHA256
,
3200
));
EXPECT_EQ
(
16
,
sigBufferLength
(
MD5
,
0
));
EXPECT_EQ
(
8
,
sigBufferLength
(
MD5
,
8
));
EXPECT_EQ
(
16
,
sigBufferLength
(
MD5
,
16
));
EXPECT_EQ
(
16
,
sigBufferLength
(
MD5
,
40
));
EXPECT_EQ
(
16
,
sigBufferLength
(
MD5
,
2000
));
EXPECT_EQ
(
20
,
sigBufferLength
(
SHA1
,
0
));
EXPECT_EQ
(
8
,
sigBufferLength
(
SHA1
,
8
));
EXPECT_EQ
(
20
,
sigBufferLength
(
SHA1
,
20
));
EXPECT_EQ
(
20
,
sigBufferLength
(
SHA1
,
40
));
EXPECT_EQ
(
20
,
sigBufferLength
(
SHA1
,
2000
));
EXPECT_EQ
(
32
,
sigBufferLength
(
SHA256
,
0
));
EXPECT_EQ
(
8
,
sigBufferLength
(
SHA256
,
8
));
EXPECT_EQ
(
32
,
sigBufferLength
(
SHA256
,
32
));
EXPECT_EQ
(
32
,
sigBufferLength
(
SHA256
,
40
));
...
...
src/lib/dns/nsec3hash.cc
View file @
55d2df9d
// Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
// Copyright (C) 2012
,2014
Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
...
...
@@ -120,7 +120,7 @@ iterateSHA1(const uint8_t* input, size_t inlength,
boost
::
scoped_ptr
<
Hash
>
hash
(
CryptoLink
::
getCryptoLink
().
createHash
(
SHA1
));
hash
->
update
(
input
,
inlength
);
hash
->
update
(
salt
,
saltlen
);
// this works whether saltlen == or > 0
hash
->
final
(
output
);
hash
->
final
(
output
,
hash
->
getOutputLength
()
);
}
string
...
...
src/lib/dns/tsig.cc
View file @
55d2df9d
...
...
@@ -78,7 +78,7 @@ struct TSIGContext::TSIGContextImpl {
hmac_
.
reset
(
CryptoLink
::
getCryptoLink
().
createHMAC
(
key_
.
getSecret
(),
key_
.
getSecretLength
(),
key_
.
getAlgorithm
()),
deleteHMAC
);
deleteHMAC
);
}
catch
(
const
isc
::
Exception
&
)
{
return
;
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment