Commit e219a9fb authored by Jelte Jansen's avatar Jelte Jansen

Merge branch 'trac951'

parents 432a1a86 54c201f1
......@@ -183,9 +183,9 @@ public:
try {
Botan::SecureVector<Botan::byte> our_mac = hmac_->final();
if (len < getOutputLength()) {
// Currently we don't support truncated signature. To avoid
// validating too short signature accidently, we enforce the
// standard signature size for the moment.
// Currently we don't support truncated signature in TSIG (see
// #920). To avoid validating too short signature accidently,
// we enforce the standard signature size for the moment.
// Once we support truncation correctly, this if-clause should
// (and the capitalized comment above) be removed.
return (false);
......
......@@ -16,7 +16,7 @@ TESTS += run_unittests
run_unittests_SOURCES = run_unittests.cc
run_unittests_SOURCES += crypto_unittests.cc
run_unittests_CPPFLAGS = $(AM_CPPFLAGS) $(GTEST_INCLUDES)
run_unittests_LDFLAGS = $(AM_LDFLAGS) $(GTEST_LDFLAGS)
run_unittests_LDFLAGS = ${BOTAN_LDFLAGS} $(AM_LDFLAGS) $(GTEST_LDFLAGS)
run_unittests_LDADD = $(GTEST_LDADD)
run_unittests_LDADD += $(top_builddir)/src/lib/cryptolink/libcryptolink.la
run_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests.la
......
......@@ -473,7 +473,7 @@ TEST(CryptoLinkTest, HMAC_SHA256_RFC4231_SIGN) {
//
// Test values taken from RFC 4231, test optional algorithm 224,384,512
//
TEST(CryptoLinkTest, DISABLED_HMAC_SHA224_RFC4231_SIGN) {
TEST(CryptoLinkTest, HMAC_SHA224_RFC4231_SIGN) {
const uint8_t hmac_expected1[] = {
0x89,0x6f,0xb1,0x12,0x8a,0xbb,0xdf,0x19,0x68,0x32,0x10,0x7c,
0xd4,0x9d,0xf3,0x3f,0x47,0xb4,0xb1,0x16,0x99,0x12,0xba,0x4f,
......
......@@ -53,7 +53,11 @@ run_unittests_SOURCES += tsigkey_unittest.cc
run_unittests_SOURCES += tsigrecord_unittest.cc
run_unittests_SOURCES += run_unittests.cc
run_unittests_CPPFLAGS = $(AM_CPPFLAGS) $(GTEST_INCLUDES)
run_unittests_LDFLAGS = $(AM_LDFLAGS) $(GTEST_LDFLAGS)
# We shouldn't need to include BOTAN_LDFLAGS here, but there
# is one test system where the path for GTEST_LDFLAGS contains
# an older version of botan, and somehow that version gets
# linked if we don't
run_unittests_LDFLAGS = $(AM_LDFLAGS) $(BOTAN_LDFLAGS) $(GTEST_LDFLAGS)
run_unittests_LDADD = $(GTEST_LDADD)
run_unittests_LDADD += $(top_builddir)/src/lib/dns/libdns++.la
run_unittests_LDADD += $(top_builddir)/src/lib/util/libutil.la
......
......@@ -425,6 +425,29 @@ TEST_F(TSIGTest, signUsingHMACSHA1) {
}
}
TEST_F(TSIGTest, signUsingHMACSHA224) {
isc::util::detail::gettimeFunction = testGetTime<0x4dae7d5f>;
secret.clear();
decodeBase64("MA+QDhXbyqUak+qnMFyTyEirzng=", secret);
TSIGContext sha1_ctx(TSIGKey(test_name, TSIGKey::HMACSHA224_NAME(),
&secret[0], secret.size()));
const uint16_t sha1_qid = 0x0967;
const uint8_t expected_mac[] = {
0x3b, 0x93, 0xd3, 0xc5, 0xf9, 0x64, 0xb9, 0xc5, 0x00, 0x35,
0x02, 0x69, 0x9f, 0xfc, 0x44, 0xd6, 0xe2, 0x66, 0xf4, 0x08,
0xef, 0x33, 0xa2, 0xda, 0xa1, 0x48, 0x71, 0xd3
};
{
SCOPED_TRACE("Sign test using HMAC-SHA1");
commonSignChecks(createMessageAndSign(sha1_qid, test_name, &sha1_ctx),
sha1_qid, 0x4dae7d5f, expected_mac,
sizeof(expected_mac), 0, 0, NULL,
TSIGKey::HMACSHA224_NAME());
}
}
// The first part of this test checks verifying the signed query used for
// the "sign" test.
// The second part of this test generates a signed response to the signed
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment