security: Add hmac calculation support in transformation
Change-Id: Iab6e6fa03dc8582843d0de369b56a8faa4cb6eaa
Refs: #3009
diff --git a/src/security/transform.hpp b/src/security/transform.hpp
index 879902e..7c5776d 100644
--- a/src/security/transform.hpp
+++ b/src/security/transform.hpp
@@ -34,5 +34,6 @@
#include "transform/base64-encode.hpp"
#include "transform/base64-decode.hpp"
#include "transform/digest-filter.hpp"
+#include "transform/hmac-filter.hpp"
#endif // NDN_CXX_SECURITY_TRANSFORM_HPP
diff --git a/src/security/transform/hmac-filter.cpp b/src/security/transform/hmac-filter.cpp
new file mode 100644
index 0000000..10dc0a7
--- /dev/null
+++ b/src/security/transform/hmac-filter.cpp
@@ -0,0 +1,92 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2016 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "hmac-filter.hpp"
+#include "../detail/openssl-helper.hpp"
+
+namespace ndn {
+namespace security {
+namespace transform {
+
+class HmacFilter::Impl
+{
+public:
+ Impl()
+ {
+ HMAC_CTX_init(&m_context);
+ }
+
+ ~Impl()
+ {
+ HMAC_CTX_cleanup(&m_context);
+ }
+
+public:
+ HMAC_CTX m_context;
+};
+
+HmacFilter::HmacFilter(DigestAlgorithm algo, const uint8_t* key, size_t keyLen)
+ : m_impl(new Impl)
+{
+ BOOST_ASSERT(key != nullptr);
+ BOOST_ASSERT(keyLen > 0);
+
+ const EVP_MD* algorithm = detail::toDigestEvpMd(algo);
+ if (algorithm == nullptr)
+ BOOST_THROW_EXCEPTION(Error(getIndex(), "Unsupported digest algorithm"));
+
+ if (HMAC_Init_ex(&m_impl->m_context, key, keyLen, algorithm, nullptr) == 0)
+ BOOST_THROW_EXCEPTION(Error(getIndex(), "Cannot initialize HMAC"));
+}
+
+size_t
+HmacFilter::convert(const uint8_t* buf, size_t size)
+{
+ if (HMAC_Update(&m_impl->m_context, buf, size) == 0)
+ BOOST_THROW_EXCEPTION(Error(getIndex(), "Failed to update HMAC"));
+
+ return size;
+}
+
+void
+HmacFilter::finalize()
+{
+ auto buffer = make_unique<OBuffer>(EVP_MAX_MD_SIZE);
+ unsigned int mdLen = 0;
+
+ if (HMAC_Final(&m_impl->m_context, &(*buffer)[0], &mdLen) == 0)
+ BOOST_THROW_EXCEPTION(Error(getIndex(), "Failed to finalize HMAC"));
+
+ buffer->erase(buffer->begin() + mdLen, buffer->end());
+ setOutputBuffer(std::move(buffer));
+
+ flushAllOutput();
+}
+
+unique_ptr<Transform>
+hmacFilter(DigestAlgorithm algo, const uint8_t* key, size_t keyLen)
+{
+ return make_unique<HmacFilter>(algo, key, keyLen);
+}
+
+} // namespace transform
+} // namespace security
+} // namespace ndn
diff --git a/src/security/transform/hmac-filter.hpp b/src/security/transform/hmac-filter.hpp
new file mode 100644
index 0000000..5409952
--- /dev/null
+++ b/src/security/transform/hmac-filter.hpp
@@ -0,0 +1,72 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2016 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_CXX_SECURITY_TRANSFORM_HMAC_FILTER_HPP
+#define NDN_CXX_SECURITY_TRANSFORM_HMAC_FILTER_HPP
+
+#include "transform-base.hpp"
+#include "../security-common.hpp"
+
+namespace ndn {
+namespace security {
+namespace transform {
+
+/**
+ * @brief The module to generate HMAC for input data.
+ */
+class HmacFilter : public Transform
+{
+public:
+
+ /**
+ * @brief Create a HMAC module to generate HMAC using algorithm @p algo and @p key
+ * @pre @p key must not be nullptr, and @p size must be a positive integer.
+ */
+ HmacFilter(DigestAlgorithm algo, const uint8_t* key, size_t keyLen);
+
+private:
+ /**
+ * @brief write data @p buf into HMAC signer
+ *
+ * @return The number of bytes that are actually accepted
+ */
+ virtual size_t
+ convert(const uint8_t* buf, size_t size) final;
+
+ /**
+ * @brief Finalize HMAC calculation and write the HMAC into next module.
+ */
+ virtual void
+ finalize() final;
+
+private:
+ class Impl;
+ unique_ptr<Impl> m_impl;
+};
+
+unique_ptr<Transform>
+hmacFilter(DigestAlgorithm algo, const uint8_t* key, size_t keyLen);
+
+} // namespace transform
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_CXX_SECURITY_TRANSFORM_HMAC_FILTER_HPP
diff --git a/tests/unit-tests/security/transform.t.cpp b/tests/unit-tests/security/transform.t.cpp
index f0a6b27..c60cdef 100644
--- a/tests/unit-tests/security/transform.t.cpp
+++ b/tests/unit-tests/security/transform.t.cpp
@@ -61,6 +61,9 @@
transform::DigestFilter* digestFilter = nullptr;
BOOST_CHECK(digestFilter == nullptr);
+
+ transform::HmacFilter* hmacFilter = nullptr;
+ BOOST_CHECK(hmacFilter == nullptr);
}
BOOST_AUTO_TEST_SUITE_END() // TestTransform
diff --git a/tests/unit-tests/security/transform/hmac-filter.t.cpp b/tests/unit-tests/security/transform/hmac-filter.t.cpp
new file mode 100644
index 0000000..4ff6a15
--- /dev/null
+++ b/tests/unit-tests/security/transform/hmac-filter.t.cpp
@@ -0,0 +1,141 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2016 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "security/transform/buffer-source.hpp"
+#include "security/transform/step-source.hpp"
+#include "security/transform/hmac-filter.hpp"
+#include "security/transform/stream-sink.hpp"
+#include "encoding/buffer-stream.hpp"
+
+#include "boost-test.hpp"
+
+namespace ndn {
+namespace security {
+namespace transform {
+namespace tests {
+
+BOOST_AUTO_TEST_SUITE(Security)
+BOOST_AUTO_TEST_SUITE(Transform)
+BOOST_AUTO_TEST_SUITE(TestHmacFilter)
+
+BOOST_AUTO_TEST_CASE(Basic)
+{
+ uint8_t key[16] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+ };
+
+ uint8_t data[16] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+ };
+
+ uint8_t digest[32] = {
+ 0x9f, 0x3a, 0xa2, 0x88, 0x26, 0xb3, 0x74, 0x85,
+ 0xca, 0x05, 0x01, 0x4d, 0x71, 0x42, 0xb3, 0xea,
+ 0x3f, 0xfb, 0xda, 0x5a, 0x35, 0xbf, 0xd2, 0x0f,
+ 0x2f, 0x9c, 0x8f, 0xcc, 0x6d, 0x30, 0x48, 0x54
+ };
+
+ OBufferStream os;
+ bufferSource(data, sizeof(data)) >> hmacFilter(DIGEST_ALGORITHM_SHA256, key, sizeof(key)) >> streamSink(os);
+
+ ConstBufferPtr buf = os.buf();
+ BOOST_CHECK_EQUAL_COLLECTIONS(digest, digest + sizeof(digest), buf->begin(), buf->end());
+}
+
+BOOST_AUTO_TEST_CASE(StepByStep)
+{
+ uint8_t key[16] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+ };
+
+ uint8_t data[16] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+ };
+
+ uint8_t digest[32] = {
+ 0x9f, 0x3a, 0xa2, 0x88, 0x26, 0xb3, 0x74, 0x85,
+ 0xca, 0x05, 0x01, 0x4d, 0x71, 0x42, 0xb3, 0xea,
+ 0x3f, 0xfb, 0xda, 0x5a, 0x35, 0xbf, 0xd2, 0x0f,
+ 0x2f, 0x9c, 0x8f, 0xcc, 0x6d, 0x30, 0x48, 0x54
+ };
+
+ OBufferStream os;
+ StepSource source;
+ source >> hmacFilter(DIGEST_ALGORITHM_SHA256, key, sizeof(key)) >> streamSink(os);
+ source.write(data, 1);
+ source.write(data + 1, 2);
+ source.write(data + 3, 3);
+ source.write(data + 6, 4);
+ source.write(data + 10, 5);
+ source.write(data + 15, 1);
+ source.end();
+
+ ConstBufferPtr buf = os.buf();
+ BOOST_CHECK_EQUAL_COLLECTIONS(digest, digest + sizeof(digest), buf->begin(), buf->end());
+}
+
+BOOST_AUTO_TEST_CASE(EmptyInput)
+{
+ uint8_t key[16] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+ };
+
+ uint8_t digest[32] = {
+ 0x07, 0xEF, 0xF8, 0xB3, 0x26, 0xB7, 0x79, 0x8C,
+ 0x9C, 0xCF, 0xCB, 0xDB, 0xE5, 0x79, 0x48, 0x9A,
+ 0xC7, 0x85, 0xA7, 0x99, 0x5A, 0x04, 0x61, 0x8B,
+ 0x1A, 0x28, 0x13, 0xC2, 0x67, 0x44, 0x77, 0x7D
+ };
+
+ OBufferStream os;
+ StepSource source;
+ source >> hmacFilter(DIGEST_ALGORITHM_SHA256, key, sizeof(key)) >> streamSink(os);
+ source.end();
+
+ ConstBufferPtr buf = os.buf();
+ BOOST_CHECK_EQUAL_COLLECTIONS(digest, digest + sizeof(digest), buf->begin(), buf->end());
+}
+
+BOOST_AUTO_TEST_CASE(Error)
+{
+ uint8_t key[16] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+ };
+
+ OBufferStream os;
+ BOOST_REQUIRE_THROW(stepSource() >> hmacFilter(DIGEST_ALGORITHM_NONE, key, sizeof(key)) >> streamSink(os),
+ transform::Error);
+}
+
+BOOST_AUTO_TEST_SUITE_END() // TestHmacFilter
+BOOST_AUTO_TEST_SUITE_END() // Transform
+BOOST_AUTO_TEST_SUITE_END() // Security
+
+} // namespace tests
+} // namespace transform
+} // namespace security
+} // namespace ndn