Commit 570bbcef authored by JINMEI Tatuya's avatar JINMEI Tatuya

[trac910] added a new method getTSIGLength() to TSIGContext, which will be

necessary for TC bit support.
parent e8e411dd
......@@ -927,4 +927,76 @@ TEST_F(TSIGTest, tooShortMAC) {
}
}
TEST_F(TSIGTest, getTSIGLength) {
// Check for the most common case with various algorithms
// See the comment in TSIGContext::getTSIGLength() for calculation and
// parameter notation.
// The key name (www.example.com) is the same for most cases, where n1=17
// hmac-md5.sig-alg.reg.int.: n2=26, x=16
EXPECT_EQ(85, tsig_ctx->getTSIGLength());
// hmac-sha1: n2=11, x=20
tsig_ctx.reset(new TSIGContext(TSIGKey(test_name, TSIGKey::HMACSHA1_NAME(),
&dummy_data[0], 20)));
EXPECT_EQ(74, tsig_ctx->getTSIGLength());
// hmac-sha256: n2=13, x=32
tsig_ctx.reset(new TSIGContext(TSIGKey(test_name,
TSIGKey::HMACSHA256_NAME(),
&dummy_data[0], 32)));
EXPECT_EQ(88, tsig_ctx->getTSIGLength());
// hmac-sha224: n2=13, x=28
tsig_ctx.reset(new TSIGContext(TSIGKey(test_name,
TSIGKey::HMACSHA224_NAME(),
&dummy_data[0], 28)));
EXPECT_EQ(84, tsig_ctx->getTSIGLength());
// hmac-sha384: n2=13, x=48
tsig_ctx.reset(new TSIGContext(TSIGKey(test_name,
TSIGKey::HMACSHA384_NAME(),
&dummy_data[0], 48)));
EXPECT_EQ(104, tsig_ctx->getTSIGLength());
// hmac-sha512: n2=13, x=64
tsig_ctx.reset(new TSIGContext(TSIGKey(test_name,
TSIGKey::HMACSHA512_NAME(),
&dummy_data[0], 64)));
EXPECT_EQ(120, tsig_ctx->getTSIGLength());
// bad key case: n1=len(badkey.example.com)=20, n2=26, x=0
tsig_ctx.reset(new TSIGContext(badkey_name, TSIGKey::HMACMD5_NAME(),
keyring));
EXPECT_EQ(72, tsig_ctx->getTSIGLength());
// bad sig case: n1=17, n2=26, x=0
isc::util::detail::gettimeFunction = testGetTime<0x4da8877a>;
createMessageFromFile("message_toWire2.wire");
tsig_ctx.reset(new TSIGContext(TSIGKey(test_name, TSIGKey::HMACMD5_NAME(),
&dummy_data[0],
dummy_data.size())));
{
SCOPED_TRACE("Verify resulting in BADSIG");
commonVerifyChecks(*tsig_ctx, message.getTSIGRecord(),
&received_data[0], received_data.size(),
TSIGError::BAD_SIG(), TSIGContext::RECEIVED_REQUEST);
}
EXPECT_EQ(69, tsig_ctx->getTSIGLength());
// bad time case: n1=17, n2=26, x=16, y=6
isc::util::detail::gettimeFunction = testGetTime<0x4da8877a - 1000>;
tsig_ctx.reset(new TSIGContext(TSIGKey(test_name, TSIGKey::HMACMD5_NAME(),
&dummy_data[0],
dummy_data.size())));
{
SCOPED_TRACE("Verify resulting in BADTIME");
commonVerifyChecks(*tsig_ctx, message.getTSIGRecord(),
&received_data[0], received_data.size(),
TSIGError::BAD_TIME(),
TSIGContext::RECEIVED_REQUEST);
}
EXPECT_EQ(91, tsig_ctx->getTSIGLength());
}
} // end namespace
......@@ -270,6 +270,45 @@ TSIGContext::~TSIGContext() {
delete impl_;
}
size_t
TSIGContext::getTSIGLength() const {
//
// The space required for an TSIG record is:
//
// n1 bytes for the (key) name
// 2 bytes for the type
// 2 bytes for the class
// 4 bytes for the ttl
// 2 bytes for the rdlength
// n2 bytes for the algorithm name
// 6 bytes for the time signed
// 2 bytes for the fudge
// 2 bytes for the MAC size
// x bytes for the MAC
// 2 bytes for the original id
// 2 bytes for the error
// 2 bytes for the other data length
// y bytes for the other data (at most)
// ---------------------------------
// 26 + n1 + n2 + x + y bytes
//
// Normally the digest length ("x") is the length of the underlying
// hash output. If a key related error occurred, however, the
// corresponding TSIG will be "unsigned", and the digest length will be 0.
const size_t digest_len =
(impl_->error_ == TSIGError::BAD_KEY() ||
impl_->error_ == TSIGError::BAD_SIG()) ? 0 : impl_->digest_len_;
// Other Len ("y") is normally 0; if BAD_TIME error occurred, the
// subsequent TSIG will contain 48 bits of the server current time.
const size_t other_len = (impl_->error_ == TSIGError::BAD_TIME()) ? 6 : 0;
return (26 + impl_->key_.getKeyName().getLength() +
impl_->key_.getAlgorithmName().getLength() +
digest_len + other_len);
}
TSIGContext::State
TSIGContext::getState() const {
return (impl_->state_);
......
......@@ -353,6 +353,10 @@ public:
TSIGError verify(const TSIGRecord* const record, const void* const data,
const size_t data_len);
/// TBD: mostly for internal use. context dependent.
/// won't provide python binding.
size_t getTSIGLength() const;
/// Return the current state of the context
///
/// \note
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment