diff options
| author | Jelte Jansen <jelte@isc.org> | 2011-04-21 16:02:16 +0200 |
|---|---|---|
| committer | Jelte Jansen <jelte@isc.org> | 2011-04-21 16:02:16 +0200 |
| commit | a1703e5ae5fc9458c066fb4aab7666bf4e5fdb8a (patch) | |
| tree | 9a7a75e900d977bf3ecbe435532e384087da17b3 /src/lib/cryptolink | |
| parent | Merge branch 'trac781' of ssh://bind10.isc.org/var/bind10/git/bind10 into tra... (diff) | |
| download | kea-a1703e5ae5fc9458c066fb4aab7666bf4e5fdb8a.tar.xz kea-a1703e5ae5fc9458c066fb4aab7666bf4e5fdb8a.zip | |
[trac781] some more updates (added doc and a few test changes)
Diffstat (limited to 'src/lib/cryptolink')
| -rw-r--r-- | src/lib/cryptolink/cryptolink.cc | 11 | ||||
| -rw-r--r-- | src/lib/cryptolink/cryptolink.h | 24 | ||||
| -rw-r--r-- | src/lib/cryptolink/tests/crypto_unittests.cc | 39 |
3 files changed, 46 insertions, 28 deletions
diff --git a/src/lib/cryptolink/cryptolink.cc b/src/lib/cryptolink/cryptolink.cc index 834253b5d7..2f2aeefa25 100644 --- a/src/lib/cryptolink/cryptolink.cc +++ b/src/lib/cryptolink/cryptolink.cc @@ -69,6 +69,17 @@ CryptoLink::createHMAC(const void* secret, size_t secret_len, return (new HMAC(secret, secret_len, hash_algorithm)); } +auto_ptr<HMAC> +CryptoLink::createHMAC2(const void* secret, size_t secret_len, + const HMAC::HashAlgorithm hash_algorithm) +{ + std::auto_ptr<HMAC> asdf(new HMAC(secret, secret_len, hash_algorithm)); + return asdf; + //return asdf; + //HMAC* h = createHMAC(secret, secret_len, hash_algorithm); + //return (boost::scoped_ptr<HMAC>(h)); +} + } // namespace cryptolink } // namespace isc diff --git a/src/lib/cryptolink/cryptolink.h b/src/lib/cryptolink/cryptolink.h index eaeb300d96..77b55e904a 100644 --- a/src/lib/cryptolink/cryptolink.h +++ b/src/lib/cryptolink/cryptolink.h @@ -20,9 +20,11 @@ #include <exceptions/exceptions.h> #include <boost/noncopyable.hpp> +#include <boost/scoped_ptr.hpp> #include <cryptolink/crypto_hmac.h> +#include <memory> namespace isc { namespace cryptolink { @@ -72,9 +74,9 @@ public: /// Forward declaration for pimpl class CryptoLinkImpl; -/// \brief +/// \brief Singleton entry point and factory class /// -/// This is singleton class that serves as the entry point to +/// This is a singleton class that serves as the entry point to /// the underlying cryptography library, and as a factory for objects /// within the cryptolink library. /// @@ -85,9 +87,21 @@ class CryptoLinkImpl; /// to getCryptoLink. Any subsequent call to initialize() will be a /// noop. /// +/// In order for the CryptoLink library to be sure that the underlying +/// library has been initialized, and because we do not want to add +/// such a check to every class and function within it, we have made +/// the constructors of all classes within cryptolink private. This way +/// a caller cannot instantiate an object before the library is +/// initialized, but must use CryptoLink's create method (e.g. +/// createHMAC()), which enforces (automatic) initialization. +/// +/// In order for the CryptoLink class to be able to create objects that +/// have private constructors, it is declared a friend class of these +/// classes. +/// /// \note All other classes within cryptolink should have private -/// constructors as well, and should have a factory function from this -/// class. +/// constructors as well, and should have a factory function from +/// CryptoLink. /// // Internal note: we can use this class later to initialize and manage // dynamic (PKCS#11) libs @@ -145,6 +159,8 @@ public: /// \param hash_algorithm The hash algorithm HMAC* createHMAC(const void* secret, size_t secret_len, const HMAC::HashAlgorithm hash_algorithm); + std::auto_ptr<HMAC> createHMAC2(const void* secret, size_t secret_len, + const HMAC::HashAlgorithm hash_algorithm); private: // To enable us to use an optional explicit initialization call, diff --git a/src/lib/cryptolink/tests/crypto_unittests.cc b/src/lib/cryptolink/tests/crypto_unittests.cc index b5bde59ec0..4202bb9ae2 100644 --- a/src/lib/cryptolink/tests/crypto_unittests.cc +++ b/src/lib/cryptolink/tests/crypto_unittests.cc @@ -147,7 +147,7 @@ namespace { hash_algorithm)); hmac_sign->update(data.c_str(), data.size()); - // note: this is not exception-safe, and will leak, but + // note: this is not exception-safe, and can leak, but // if there is an unexpected exception in the code below we // have more important things to fix. uint8_t* sig = new uint8_t[hmac_len]; @@ -204,7 +204,6 @@ TEST(CryptoLinkTest, HMAC_MD5_RFC2202_SIGN) { doHMACTest("what do ya want for nothing?", "Jefe", 4, HMAC::MD5, hmac_expected2, 16); - const std::string data3(50, 0xdd); const uint8_t secret3[] = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa }; @@ -212,7 +211,7 @@ TEST(CryptoLinkTest, HMAC_MD5_RFC2202_SIGN) { 0x14, 0x4c, 0x88, 0xdb, 0xb8, 0xc7, 0x33, 0xf0, 0xe8, 0xb3, 0xf6}; - doHMACTest(data3, secret3, 16, HMAC::MD5, hmac_expected3, 16); + doHMACTest(std::string(50, 0xdd), secret3, 16, HMAC::MD5, hmac_expected3, 16); const std::string data4(50, 0xcd); const uint8_t secret4[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, @@ -238,22 +237,20 @@ TEST(CryptoLinkTest, HMAC_MD5_RFC2202_SIGN) { doHMACTest("Test With Truncation", secret5, 16, HMAC::MD5, hmac_expected5, 12); - const std::string secret6(80, 0xaa); const uint8_t hmac_expected6[] = { 0x6b, 0x1a, 0xb7, 0xfe, 0x4b, 0xd7, 0xbf, 0x8f, 0x0b, 0x62, 0xe6, 0xce, 0x61, 0xb9, 0xd0, 0xcd }; doHMACTest("Test Using Larger Than Block-Size Key - Hash Key First", - secret6.c_str(), 80, HMAC::MD5, hmac_expected6, 16); + std::string(80, 0xaa).c_str(), 80, HMAC::MD5, hmac_expected6, 16); - // same secret as for test 6 const uint8_t hmac_expected7[] = { 0x6f, 0x63, 0x0f, 0xad, 0x67, 0xcd, 0xa0, 0xee, 0x1f, 0xb1, 0xf5, 0x62, 0xdb, 0x3a, 0xa5, 0x3e }; doHMACTest("Test Using Larger Than Block-Size Key and Larger Than " "One Block-Size Data", - secret6.c_str(), 80, HMAC::MD5, hmac_expected7, 16); + std::string(80, 0xaa).c_str(), 80, HMAC::MD5, hmac_expected7, 16); } // @@ -276,7 +273,6 @@ TEST(CryptoLinkTest, HMAC_SHA1_RFC2202_SIGN) { doHMACTest("what do ya want for nothing?", "Jefe", 4, HMAC::SHA1, hmac_expected2, 20); - const std::string data3(50, 0xdd); const uint8_t secret3[] = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, @@ -285,9 +281,8 @@ TEST(CryptoLinkTest, HMAC_SHA1_RFC2202_SIGN) { 0xac, 0x11, 0xcd, 0x91, 0xa3, 0x9a, 0xf4, 0x8a, 0xa1, 0x7b, 0x4f, 0x63, 0xf1, 0x75, 0xd3 }; - doHMACTest(data3, secret3, 20, HMAC::SHA1, hmac_expected3, 20); + doHMACTest(std::string(50, 0xdd), secret3, 20, HMAC::SHA1, hmac_expected3, 20); - const std::string data4(50, 0xcd); const uint8_t secret4[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, @@ -297,7 +292,7 @@ TEST(CryptoLinkTest, HMAC_SHA1_RFC2202_SIGN) { 0x62, 0x50, 0xc6, 0xbc, 0x84, 0x14, 0xf9, 0xbf, 0x50, 0xc8, 0x6c, 0x2d, 0x72, 0x35, 0xda }; - doHMACTest(data4, secret4, 25, HMAC::SHA1, hmac_expected4, 20); + doHMACTest(std::string(50, 0xcd), secret4, 25, HMAC::SHA1, hmac_expected4, 20); const uint8_t secret5[] = { 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, @@ -312,22 +307,20 @@ TEST(CryptoLinkTest, HMAC_SHA1_RFC2202_SIGN) { doHMACTest("Test With Truncation", secret5, 20, HMAC::SHA1, hmac_expected5, 12); - const std::string secret6(80, 0xaa); const uint8_t hmac_expected6[] = { 0xaa, 0x4a, 0xe5, 0xe1, 0x52, 0x72, 0xd0, 0x0e, 0x95, 0x70, 0x56, 0x37, 0xce, 0x8a, 0x3b, 0x55, 0xed, 0x40, 0x21, 0x12 }; doHMACTest("Test Using Larger Than Block-Size Key - Hash Key First", - secret6.c_str(), 80, HMAC::SHA1, hmac_expected6, 20); + std::string(80, 0xaa).c_str(), 80, HMAC::SHA1, hmac_expected6, 20); - // same secret as for test 6 const uint8_t hmac_expected7[] = { 0xe8, 0xe9, 0x9d, 0x0f, 0x45, 0x23, 0x7d, 0x78, 0x6d, 0x6b, 0xba, 0xa7, 0x96, 0x5c, 0x78, 0x08, 0xbb, 0xff, 0x1a, 0x91 }; doHMACTest("Test Using Larger Than Block-Size Key and Larger Than " "One Block-Size Data", - secret6.c_str(), 80, HMAC::SHA1, hmac_expected7, 20); + std::string(80, 0xaa).c_str(), 80, HMAC::SHA1, hmac_expected7, 20); } // @@ -356,7 +349,6 @@ TEST(CryptoLinkTest, HMAC_SHA256_RFC2202_SIGN) { doHMACTest("what do ya want for nothing?", "Jefe", 4, HMAC::SHA256, hmac_expected2, 32); - const std::string data3(50, 0xdd); const uint8_t secret3[] = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, @@ -368,9 +360,8 @@ TEST(CryptoLinkTest, HMAC_SHA256_RFC2202_SIGN) { 0x3e, 0xf8, 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe }; - doHMACTest(data3, secret3, 20, HMAC::SHA256, hmac_expected3, 32); + doHMACTest(std::string(50, 0xdd), secret3, 20, HMAC::SHA256, hmac_expected3, 32); - const std::string data4(50, 0xcd); const uint8_t secret4[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, @@ -383,7 +374,7 @@ TEST(CryptoLinkTest, HMAC_SHA256_RFC2202_SIGN) { 0xe5, 0x78, 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b }; - doHMACTest(data4, secret4, 25, HMAC::SHA256, hmac_expected4, 32); + doHMACTest(std::string(50, 0xcd), secret4, 25, HMAC::SHA256, hmac_expected4, 32); const uint8_t secret5[] = { 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, @@ -396,7 +387,6 @@ TEST(CryptoLinkTest, HMAC_SHA256_RFC2202_SIGN) { doHMACTest("Test With Truncation", secret5, 20, HMAC::SHA256, hmac_expected5, 16); - const std::string secret6(131, 0xaa); const uint8_t hmac_expected6[] = { 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26, 0xaa, 0xcb, 0xf5, 0xb7, @@ -405,9 +395,8 @@ TEST(CryptoLinkTest, HMAC_SHA256_RFC2202_SIGN) { 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54 }; doHMACTest("Test Using Larger Than Block-Size Key - Hash Key First", - secret6.c_str(), 131, HMAC::SHA256, hmac_expected6, 32); + std::string(131, 0xaa).c_str(), 131, HMAC::SHA256, hmac_expected6, 32); - // Same secret as test 6 const uint8_t hmac_expected7[] = { 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f, 0xbc, 0xd5, 0xb0, 0xe9, @@ -418,14 +407,16 @@ TEST(CryptoLinkTest, HMAC_SHA256_RFC2202_SIGN) { doHMACTest("This is a test using a larger than block-size key and a" " larger than block-size data. The key needs to be hashe" "d before being used by the HMAC algorithm.", - secret6.c_str(), 131, HMAC::SHA256, hmac_expected7, 32); + std::string(131, 0xaa).c_str(), 131, HMAC::SHA256, hmac_expected7, 32); } namespace { size_t sigVectorLength(HMAC::HashAlgorithm alg, size_t len) { - boost::scoped_ptr<HMAC> hmac_sign( + std::auto_ptr<HMAC> hmac_sign( CryptoLink::getCryptoLink().createHMAC("asdf", 4, alg)); + //boost::scoped_ptr<HMAC> hmac_sign( + // CryptoLink::getCryptoLink().createHMAC("asdf", 4, alg)); hmac_sign->update("asdf", 4); const std::vector<uint8_t> sig = hmac_sign->sign(len); return (sig.size()); |