diff options
| author | Jelte Jansen <jelte@isc.org> | 2011-04-20 12:20:11 +0200 |
|---|---|---|
| committer | Jelte Jansen <jelte@isc.org> | 2011-04-20 12:20:11 +0200 |
| commit | 122d477847f80c7d77bec087a849b9e6743c17d3 (patch) | |
| tree | 8b57150f5c8bc3c0c18f0d8e5b6d851f2989b426 | |
| parent | [trac781] make a singleton entry point, moved hmac into own source file (diff) | |
| download | kea-122d477847f80c7d77bec087a849b9e6743c17d3.tar.xz kea-122d477847f80c7d77bec087a849b9e6743c17d3.zip | |
[trac781] make HMAC constructor private
| -rw-r--r-- | src/lib/crypto/crypto.cc | 16 | ||||
| -rw-r--r-- | src/lib/crypto/crypto.h | 8 | ||||
| -rw-r--r-- | src/lib/crypto/crypto_hmac.h | 10 | ||||
| -rw-r--r-- | src/lib/crypto/tests/crypto_unittests.cc | 64 | ||||
| -rw-r--r-- | src/lib/crypto/tests/run_unittests.cc | 3 |
5 files changed, 54 insertions, 47 deletions
diff --git a/src/lib/crypto/crypto.cc b/src/lib/crypto/crypto.cc index cf4270b781..8a27543c8d 100644 --- a/src/lib/crypto/crypto.cc +++ b/src/lib/crypto/crypto.cc @@ -38,10 +38,6 @@ namespace crypto { // For Botan, we use the Crypto class object in RAII style class CryptoImpl { -public: - CryptoImpl() {} - ~CryptoImpl() {}; - private: Botan::LibraryInitializer _botan_init; }; @@ -86,9 +82,9 @@ signHMAC(const void* data, size_t data_len, const void* secret, size_t secret_len, const HMAC::HashAlgorithm hash_algorithm, isc::dns::OutputBuffer& result, size_t len) { - HMAC hmac(secret, secret_len, hash_algorithm); - hmac.update(data, data_len); - hmac.sign(result, len); + boost::scoped_ptr<HMAC> hmac(Crypto::getCrypto().createHMAC(secret, secret_len, hash_algorithm)); + hmac->update(data, data_len); + hmac->sign(result, len); } @@ -97,9 +93,9 @@ verifyHMAC(const void* data, const size_t data_len, const void* secret, size_t secret_len, const HMAC::HashAlgorithm hash_algorithm, const void* sig, const size_t sig_len) { - HMAC hmac(secret, secret_len, hash_algorithm); - hmac.update(data, data_len); - return (hmac.verify(sig, sig_len)); + boost::scoped_ptr<HMAC> hmac(Crypto::getCrypto().createHMAC(secret, secret_len, hash_algorithm)); + hmac->update(data, data_len); + return (hmac->verify(sig, sig_len)); } } // namespace crypto diff --git a/src/lib/crypto/crypto.h b/src/lib/crypto/crypto.h index 1c164808cd..c316e717f5 100644 --- a/src/lib/crypto/crypto.h +++ b/src/lib/crypto/crypto.h @@ -12,6 +12,9 @@ // OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR // PERFORMANCE OF THIS SOFTWARE. +#ifndef _ISC_CRYPTO_H +#define _ISC_CRYPTO_H + #include <string> #include <dns/buffer.h> #include <exceptions/exceptions.h> @@ -20,8 +23,6 @@ #include <crypto/crypto_hmac.h> -#ifndef _ISC_CRYPTO_H -#define _ISC_CRYPTO_H namespace isc { namespace crypto { @@ -76,7 +77,8 @@ public: bool initialized() { return (impl_ != NULL); } HMAC* createHMAC(const void* secret, size_t secret_len, - const HMAC::HashAlgorithm hash_algorithm); + const HMAC::HashAlgorithm hash_algorithm); + private: static Crypto& getCryptoInternal(); Crypto() : impl_(NULL) {}; diff --git a/src/lib/crypto/crypto_hmac.h b/src/lib/crypto/crypto_hmac.h index 5e7e9731a6..8e324b4a77 100644 --- a/src/lib/crypto/crypto_hmac.h +++ b/src/lib/crypto/crypto_hmac.h @@ -18,6 +18,8 @@ #include <boost/noncopyable.hpp> +#include <crypto/crypto.h> + #ifndef _ISC_CRYPTO_HMAC_H #define _ISC_CRYPTO_HMAC_H @@ -45,6 +47,9 @@ public: /// value is a HashAlgorithm. }; +private: + friend class Crypto; + /// \brief Constructor from a secret and a hash algorithm /// /// \exception UnsupportedAlgorithmException if the given algorithm @@ -59,9 +64,10 @@ public: /// \param secret The secret to sign with /// \param len The length of the secret /// \param hash_algorithm The hash algorithm - explicit HMAC(const void* secret, size_t secret_len, - const HashAlgorithm hash_algorithm); + HMAC(const void* secret, size_t secret_len, + const HashAlgorithm hash_algorithm); +public: /// \brief Destructor ~HMAC(); diff --git a/src/lib/crypto/tests/crypto_unittests.cc b/src/lib/crypto/tests/crypto_unittests.cc index a96557e605..4a33c97028 100644 --- a/src/lib/crypto/tests/crypto_unittests.cc +++ b/src/lib/crypto/tests/crypto_unittests.cc @@ -19,6 +19,8 @@ #include <dns/buffer.h> #include <exceptions/exceptions.h> +#include <boost/scoped_ptr.hpp> + using namespace isc::dns; using namespace isc::crypto; @@ -83,23 +85,23 @@ namespace { OutputBuffer hmac_sig(1); // Sign it - HMAC hmac_sign(secret, secret_len, hash_algorithm); - hmac_sign.update(data_buf.getData(), data_buf.getLength()); - hmac_sign.sign(hmac_sig, hmac_len); + boost::scoped_ptr<HMAC> hmac_sign(Crypto::getCrypto().createHMAC(secret, secret_len, hash_algorithm)); + hmac_sign->update(data_buf.getData(), data_buf.getLength()); + hmac_sign->sign(hmac_sig, hmac_len); // Check if the signature is what we expect checkBuffer(hmac_sig, expected_hmac, hmac_len); // Check whether we can verify it ourselves - HMAC hmac_verify(secret, secret_len, hash_algorithm); - hmac_verify.update(data_buf.getData(), data_buf.getLength()); - EXPECT_TRUE(hmac_verify.verify(hmac_sig.getData(), - hmac_sig.getLength())); + boost::scoped_ptr<HMAC> hmac_verify(Crypto::getCrypto().createHMAC(secret, secret_len, hash_algorithm)); + hmac_verify->update(data_buf.getData(), data_buf.getLength()); + EXPECT_TRUE(hmac_verify->verify(hmac_sig.getData(), + hmac_sig.getLength())); // Change the sig by flipping the first octet, and check // whether verification fails then hmac_sig.writeUint8At(~hmac_sig[0], 0); - EXPECT_FALSE(hmac_verify.verify(hmac_sig.getData(), + EXPECT_FALSE(hmac_verify->verify(hmac_sig.getData(), hmac_sig.getLength())); } @@ -109,18 +111,18 @@ namespace { const HMAC::HashAlgorithm hash_algorithm, const uint8_t* expected_hmac, size_t hmac_len) { - HMAC hmac_sign(secret, secret_len, hash_algorithm); - hmac_sign.update(data.c_str(), data.size()); - std::vector<uint8_t> sig = hmac_sign.sign(hmac_len); + boost::scoped_ptr<HMAC> hmac_sign(Crypto::getCrypto().createHMAC(secret, secret_len, hash_algorithm)); + hmac_sign->update(data.c_str(), data.size()); + std::vector<uint8_t> sig = hmac_sign->sign(hmac_len); ASSERT_EQ(hmac_len, sig.size()); checkData(&sig[0], expected_hmac, hmac_len); - HMAC hmac_verify(secret, secret_len, hash_algorithm); - hmac_verify.update(data.c_str(), data.size()); - EXPECT_TRUE(hmac_verify.verify(&sig[0], sig.size())); + boost::scoped_ptr<HMAC> hmac_verify(Crypto::getCrypto().createHMAC(secret, secret_len, hash_algorithm)); + hmac_verify->update(data.c_str(), data.size()); + EXPECT_TRUE(hmac_verify->verify(&sig[0], sig.size())); sig[0] = ~sig[0]; - EXPECT_FALSE(hmac_verify.verify(&sig[0], sig.size())); + EXPECT_FALSE(hmac_verify->verify(&sig[0], sig.size())); } void doHMACTestArray(const std::string& data, @@ -129,23 +131,23 @@ namespace { const HMAC::HashAlgorithm hash_algorithm, const uint8_t* expected_hmac, size_t hmac_len) { - HMAC hmac_sign(secret, secret_len, hash_algorithm); - hmac_sign.update(data.c_str(), data.size()); + boost::scoped_ptr<HMAC> hmac_sign(Crypto::getCrypto().createHMAC(secret, secret_len, hash_algorithm)); + hmac_sign->update(data.c_str(), data.size()); // note: this is not exception-safe, and will leak, but // if there is an unexpected exception in the code below we // have more important things to fix. uint8_t* sig = new uint8_t[hmac_len]; - hmac_sign.sign(sig, hmac_len); + hmac_sign->sign(sig, hmac_len); checkData(sig, expected_hmac, hmac_len); - HMAC hmac_verify(secret, secret_len, hash_algorithm); - hmac_verify.update(data.c_str(), data.size()); - EXPECT_TRUE(hmac_verify.verify(sig, hmac_len)); + boost::scoped_ptr<HMAC> hmac_verify(Crypto::getCrypto().createHMAC(secret, secret_len, hash_algorithm)); + hmac_verify->update(data.c_str(), data.size()); + EXPECT_TRUE(hmac_verify->verify(sig, hmac_len)); sig[0] = ~sig[0]; - EXPECT_FALSE(hmac_verify.verify(sig, hmac_len)); + EXPECT_FALSE(hmac_verify->verify(sig, hmac_len)); delete[] sig; } @@ -407,17 +409,17 @@ TEST(CryptoTest, HMAC_SHA256_RFC2202_SIGN) { namespace { size_t sigVectorLength(HMAC::HashAlgorithm alg, size_t len) { - HMAC hmac_sign("asdf", 4, alg); - hmac_sign.update("asdf", 4); - const std::vector<uint8_t> sig = hmac_sign.sign(len); + boost::scoped_ptr<HMAC> hmac_sign(Crypto::getCrypto().createHMAC("asdf", 4, alg)); + hmac_sign->update("asdf", 4); + const std::vector<uint8_t> sig = hmac_sign->sign(len); return sig.size(); } size_t sigBufferLength(HMAC::HashAlgorithm alg, size_t len) { - HMAC hmac_sign("asdf", 4, alg); - hmac_sign.update("asdf", 4); + boost::scoped_ptr<HMAC> hmac_sign(Crypto::getCrypto().createHMAC("asdf", 4, alg)); + hmac_sign->update("asdf", 4); OutputBuffer sig(0); - hmac_sign.sign(sig, len); + hmac_sign->sign(sig, len); return sig.getLength(); } } @@ -467,8 +469,8 @@ TEST(CryptoTest, BadKey) { OutputBuffer data_buf(0); OutputBuffer hmac_sig(0); - EXPECT_THROW(new HMAC(NULL, 0, HMAC::MD5), BadKey); - EXPECT_THROW(new HMAC(NULL, 0, HMAC::UNKNOWN), UnsupportedAlgorithm); + EXPECT_THROW(Crypto::getCrypto().createHMAC(NULL, 0, HMAC::MD5), BadKey); + EXPECT_THROW(Crypto::getCrypto().createHMAC(NULL, 0, HMAC::UNKNOWN), UnsupportedAlgorithm); EXPECT_THROW(signHMAC(data_buf.getData(), data_buf.getLength(), NULL, 0, HMAC::MD5, hmac_sig), BadKey); @@ -486,7 +488,9 @@ TEST(CryptoTest, BadKey) { } TEST(CryptoTest, Singleton) { +/* Crypto& c1 = Crypto::getCrypto(); Crypto& c2 = Crypto::getCrypto(); ASSERT_EQ(&c1, &c2); +*/ } diff --git a/src/lib/crypto/tests/run_unittests.cc b/src/lib/crypto/tests/run_unittests.cc index 539b5fd6bd..a33fdcf3d3 100644 --- a/src/lib/crypto/tests/run_unittests.cc +++ b/src/lib/crypto/tests/run_unittests.cc @@ -21,6 +21,5 @@ int main(int argc, char* argv[]) { ::testing::InitGoogleTest(&argc, argv); - int result = RUN_ALL_TESTS(); - return (result); + return (RUN_ALL_TESTS()); } |