Commit c374a5c5 authored by Jelte Jansen's avatar Jelte Jansen
Browse files

[trac781] make sig args for verify() also raw data

parent cd3ce64a
......@@ -138,11 +138,11 @@ signHMAC(const void* data, size_t data_len, TSIGKey key,
bool
verifyHMAC(const void* data, size_t data_len, TSIGKey key,
const isc::dns::OutputBuffer& result)
const void* sig, size_t sig_len)
{
HMAC hmac(key);
hmac.update(data, data_len);
return (hmac.verify(result.getData(), result.getLength()));
return (hmac.verify(sig, sig_len));
}
} // namespace crypto
......
......@@ -138,7 +138,8 @@ void signHMAC(const void* data,
bool verifyHMAC(const void* data,
size_t data_len,
isc::dns::TSIGKey key,
const isc::dns::OutputBuffer& mac);
const void* sig,
size_t sig_len);
} // namespace crypto
} // namespace isc
......
......@@ -49,13 +49,15 @@ namespace {
// Check whether we can verify it ourselves
EXPECT_TRUE(verifyHMAC(data_buf.getData(), data_buf.getLength(),
key, hmac_sig));
key, hmac_sig.getData(),
hmac_sig.getLength()));
// Change the sig by flipping the first octet, and check
// whether verification fails then
hmac_sig.writeUint8At(~hmac_sig[0], 0);
EXPECT_FALSE(verifyHMAC(data_buf.getData(), data_buf.getLength(),
key, hmac_sig));
key, hmac_sig.getData(),
hmac_sig.getLength()));
}
}
......@@ -291,5 +293,6 @@ TEST(CryptoTest, BadKey) {
EXPECT_THROW(signHMAC(data_buf.getData(), data_buf.getLength(),
bad_key, hmac_sig), BadKey);
EXPECT_THROW(verifyHMAC(data_buf.getData(), data_buf.getLength(),
bad_key, hmac_sig), BadKey);
bad_key, hmac_sig.getData(),
hmac_sig.getLength()), BadKey);
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment