security: accept HMAC keys shorter than the hash function's output length
Refs: #3075
Change-Id: Id4798a420f2f75cbc3269e3629c397b8fb729d21
diff --git a/ndn-cxx/security/key-params.cpp b/ndn-cxx/security/key-params.cpp
index e1f38b8..2b50519 100644
--- a/ndn-cxx/security/key-params.cpp
+++ b/ndn-cxx/security/key-params.cpp
@@ -48,7 +48,6 @@
const uint32_t DEFAULT_EC_KEY_SIZE = 256;
const uint32_t AES_KEY_SIZES[] = {128, 192, 256};
const uint32_t DEFAULT_AES_KEY_SIZE = 128;
-const uint32_t MIN_HMAC_KEY_SIZE = 224;
const uint32_t DEFAULT_HMAC_KEY_SIZE = 256;
uint32_t
@@ -100,10 +99,7 @@
uint32_t
HmacKeyParamsInfo::checkKeySize(uint32_t size)
{
- // the minimum key size depends on the exact digest algorithm used in the HMAC, so we
- // only do a basic sanity check here and postpone stricter checking until the actual
- // HMAC computation in SignerFilter/VerifierFilter, where the digest algorithm is known
- if (size < MIN_HMAC_KEY_SIZE || size % 8 != 0)
+ if (size == 0 || size % 8 != 0)
NDN_THROW(KeyParams::Error("Unsupported HMAC key size " + to_string(size)));
return size;
}
diff --git a/ndn-cxx/security/transform/signer-filter.cpp b/ndn-cxx/security/transform/signer-filter.cpp
index 3c0535d..33f380f 100644
--- a/ndn-cxx/security/transform/signer-filter.cpp
+++ b/ndn-cxx/security/transform/signer-filter.cpp
@@ -44,13 +44,6 @@
NDN_THROW(Error(getIndex(), "Unsupported digest algorithm " +
boost::lexical_cast<std::string>(algo)));
- if (key.getKeyType() == KeyType::HMAC) {
- size_t mdSize = static_cast<size_t>(EVP_MD_size(md)) * 8;
- if (key.getKeySize() < mdSize)
- NDN_THROW(Error(getIndex(), "HMAC key is shorter than the digest output (" +
- to_string(key.getKeySize()) + " < " + to_string(mdSize) + " bits)"));
- }
-
if (EVP_DigestSignInit(m_impl->ctx, nullptr, md, nullptr,
reinterpret_cast<EVP_PKEY*>(key.getEvpPkey())) != 1)
NDN_THROW(Error(getIndex(), "Failed to initialize signing context with " +
diff --git a/tests/unit/security/key-params.t.cpp b/tests/unit/security/key-params.t.cpp
index 78f3a4e..b2dafcd 100644
--- a/tests/unit/security/key-params.t.cpp
+++ b/tests/unit/security/key-params.t.cpp
@@ -124,7 +124,7 @@
BOOST_CHECK_EQUAL(params2.getKeyIdType(), KeyIdType::USER_SPECIFIED);
BOOST_CHECK_EQUAL(params2.getKeyId(), keyId);
- BOOST_CHECK_THROW(HmacKeyParams(keyId, 192), KeyParams::Error); // too short
+ BOOST_CHECK_THROW(HmacKeyParams(keyId, 0), KeyParams::Error);
BOOST_CHECK_THROW(HmacKeyParams(keyId, 300), KeyParams::Error); // not a multiple of 8
HmacKeyParams params3;
diff --git a/tests/unit/security/transform/signer-filter.t.cpp b/tests/unit/security/transform/signer-filter.t.cpp
index 4c75204..4f3fa04 100644
--- a/tests/unit/security/transform/signer-filter.t.cpp
+++ b/tests/unit/security/transform/signer-filter.t.cpp
@@ -131,34 +131,111 @@
BOOST_CHECK(verifySignature(DATA, sizeof(DATA), sig->data(), sig->size(), pubKey->data(), pubKey->size()));
}
-BOOST_AUTO_TEST_CASE(Hmac)
+BOOST_AUTO_TEST_SUITE(Hmac)
+
+// Test vectors from RFC 4231
+// https://tools.ietf.org/html/rfc4231#section-4
+BOOST_AUTO_TEST_CASE(Rfc4231Test1)
{
- auto sKey = generatePrivateKey(HmacKeyParams());
+ // Test case 1
+ const uint8_t rawKey[] = {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b};
+ const std::string data("Hi There");
+ const uint8_t hmacSha224[] = {0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32,
+ 0x10, 0x7c, 0xd4, 0x9d, 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16,
+ 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22};
+ const uint8_t hmacSha256[] = {0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8,
+ 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00,
+ 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32,
+ 0xcf, 0xf7};
+ const uint8_t hmacSha384[] = {0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08,
+ 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb,
+ 0xe4, 0x10, 0x1e, 0xc6, 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb,
+ 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f,
+ 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6};
+ const uint8_t hmacSha512[] = {0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0,
+ 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2,
+ 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1,
+ 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7, 0x02,
+ 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d,
+ 0x91, 0x4e, 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20,
+ 0x3a, 0x12, 0x68, 0x54};
- BOOST_CHECK_THROW(SignerFilter(DigestAlgorithm::NONE, *sKey), Error);
+ PrivateKey key;
+ key.loadRaw(KeyType::HMAC, rawKey, sizeof(rawKey));
- OBufferStream os;
- bufferSource(DATA, sizeof(DATA)) >> signerFilter(DigestAlgorithm::SHA256, *sKey) >> streamSink(os);
- auto sig = os.buf();
+ BOOST_CHECK_THROW(SignerFilter(DigestAlgorithm::NONE, key), Error);
- BOOST_CHECK_EQUAL(sig->size(), 32);
+ OBufferStream os224;
+ bufferSource(data) >> signerFilter(DigestAlgorithm::SHA224, key) >> streamSink(os224);
+ auto sig = os224.buf();
+ BOOST_CHECK_EQUAL_COLLECTIONS(sig->begin(), sig->end(), hmacSha224, hmacSha224 + sizeof(hmacSha224));
+
+ OBufferStream os256;
+ bufferSource(data) >> signerFilter(DigestAlgorithm::SHA256, key) >> streamSink(os256);
+ sig = os256.buf();
+ BOOST_CHECK_EQUAL_COLLECTIONS(sig->begin(), sig->end(), hmacSha256, hmacSha256 + sizeof(hmacSha256));
+
+ OBufferStream os384;
+ bufferSource(data) >> signerFilter(DigestAlgorithm::SHA384, key) >> streamSink(os384);
+ sig = os384.buf();
+ BOOST_CHECK_EQUAL_COLLECTIONS(sig->begin(), sig->end(), hmacSha384, hmacSha384 + sizeof(hmacSha384));
+
+ OBufferStream os512;
+ bufferSource(data) >> signerFilter(DigestAlgorithm::SHA512, key) >> streamSink(os512);
+ sig = os512.buf();
+ BOOST_CHECK_EQUAL_COLLECTIONS(sig->begin(), sig->end(), hmacSha512, hmacSha512 + sizeof(hmacSha512));
}
-BOOST_AUTO_TEST_CASE(HmacKeyTooShort)
+BOOST_AUTO_TEST_CASE(Rfc4231Test2)
{
- auto sKey = generatePrivateKey(HmacKeyParams(256));
+ // Test case 2 (HMAC-SHA-256 only)
+ const char rawKey[] = "Jefe";
+ const std::string data("what do ya want for nothing?");
+ const uint8_t hmacSha256[] = {0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04,
+ 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08,
+ 0x9d, 0x27, 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec,
+ 0x38, 0x43};
- OBufferStream os;
- BOOST_CHECK_THROW(bufferSource(DATA, sizeof(DATA)) >>
- signerFilter(DigestAlgorithm::SHA512, *sKey) >>
- streamSink(os),
- Error);
+ PrivateKey key;
+ key.loadRaw(KeyType::HMAC, reinterpret_cast<const uint8_t*>(rawKey), std::strlen(rawKey));
+
+ OBufferStream os256;
+ bufferSource(data) >> signerFilter(DigestAlgorithm::SHA256, key) >> streamSink(os256);
+ auto sig = os256.buf();
+ BOOST_CHECK_EQUAL_COLLECTIONS(sig->begin(), sig->end(), hmacSha256, hmacSha256 + sizeof(hmacSha256));
}
+BOOST_AUTO_TEST_CASE(Rfc4231Test3)
+{
+ // Test case 3 (HMAC-SHA-256 only)
+ const uint8_t rawKey[] = {0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa};
+ const uint8_t data[] = {0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd};
+ const uint8_t hmacSha256[] = {0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d,
+ 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b,
+ 0x3e, 0xf8, 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5,
+ 0x65, 0xfe};
+
+ PrivateKey key;
+ key.loadRaw(KeyType::HMAC, rawKey, sizeof(rawKey));
+
+ OBufferStream os256;
+ bufferSource(data, sizeof(data)) >> signerFilter(DigestAlgorithm::SHA256, key) >> streamSink(os256);
+ auto sig = os256.buf();
+ BOOST_CHECK_EQUAL_COLLECTIONS(sig->begin(), sig->end(), hmacSha256, hmacSha256 + sizeof(hmacSha256));
+}
+
+BOOST_AUTO_TEST_SUITE_END() // Hmac
+
BOOST_AUTO_TEST_CASE(InvalidKey)
{
- PrivateKey sKey;
- BOOST_CHECK_THROW(SignerFilter(DigestAlgorithm::SHA256, sKey), Error);
+ PrivateKey key;
+ BOOST_CHECK_THROW(SignerFilter(DigestAlgorithm::SHA256, key), Error);
}
BOOST_AUTO_TEST_SUITE_END() // TestSignerFilter