Commit c374a5c5 authored by Jelte Jansen's avatar Jelte Jansen
Browse files

[trac781] make sig args for verify() also raw data

parent cd3ce64a
...@@ -138,11 +138,11 @@ signHMAC(const void* data, size_t data_len, TSIGKey key, ...@@ -138,11 +138,11 @@ signHMAC(const void* data, size_t data_len, TSIGKey key,
bool bool
verifyHMAC(const void* data, size_t data_len, TSIGKey key, verifyHMAC(const void* data, size_t data_len, TSIGKey key,
const isc::dns::OutputBuffer& result) const void* sig, size_t sig_len)
{ {
HMAC hmac(key); HMAC hmac(key);
hmac.update(data, data_len); hmac.update(data, data_len);
return (hmac.verify(result.getData(), result.getLength())); return (hmac.verify(sig, sig_len));
} }
} // namespace crypto } // namespace crypto
......
...@@ -138,7 +138,8 @@ void signHMAC(const void* data, ...@@ -138,7 +138,8 @@ void signHMAC(const void* data,
bool verifyHMAC(const void* data, bool verifyHMAC(const void* data,
size_t data_len, size_t data_len,
isc::dns::TSIGKey key, isc::dns::TSIGKey key,
const isc::dns::OutputBuffer& mac); const void* sig,
size_t sig_len);
} // namespace crypto } // namespace crypto
} // namespace isc } // namespace isc
......
...@@ -49,13 +49,15 @@ namespace { ...@@ -49,13 +49,15 @@ namespace {
// Check whether we can verify it ourselves // Check whether we can verify it ourselves
EXPECT_TRUE(verifyHMAC(data_buf.getData(), data_buf.getLength(), EXPECT_TRUE(verifyHMAC(data_buf.getData(), data_buf.getLength(),
key, hmac_sig)); key, hmac_sig.getData(),
hmac_sig.getLength()));
// Change the sig by flipping the first octet, and check // Change the sig by flipping the first octet, and check
// whether verification fails then // whether verification fails then
hmac_sig.writeUint8At(~hmac_sig[0], 0); hmac_sig.writeUint8At(~hmac_sig[0], 0);
EXPECT_FALSE(verifyHMAC(data_buf.getData(), data_buf.getLength(), EXPECT_FALSE(verifyHMAC(data_buf.getData(), data_buf.getLength(),
key, hmac_sig)); key, hmac_sig.getData(),
hmac_sig.getLength()));
} }
} }
...@@ -291,5 +293,6 @@ TEST(CryptoTest, BadKey) { ...@@ -291,5 +293,6 @@ TEST(CryptoTest, BadKey) {
EXPECT_THROW(signHMAC(data_buf.getData(), data_buf.getLength(), EXPECT_THROW(signHMAC(data_buf.getData(), data_buf.getLength(),
bad_key, hmac_sig), BadKey); bad_key, hmac_sig), BadKey);
EXPECT_THROW(verifyHMAC(data_buf.getData(), data_buf.getLength(), EXPECT_THROW(verifyHMAC(data_buf.getData(), data_buf.getLength(),
bad_key, hmac_sig), BadKey); bad_key, hmac_sig.getData(),
hmac_sig.getLength()), BadKey);
} }
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment