security: Add hmac calculation support in transformation
Change-Id: Iab6e6fa03dc8582843d0de369b56a8faa4cb6eaa
Refs: #3009
diff --git a/src/security/transform.hpp b/src/security/transform.hpp
index 879902e..7c5776d 100644
--- a/src/security/transform.hpp
+++ b/src/security/transform.hpp
@@ -34,5 +34,6 @@
#include "transform/base64-encode.hpp"
#include "transform/base64-decode.hpp"
#include "transform/digest-filter.hpp"
+#include "transform/hmac-filter.hpp"
#endif // NDN_CXX_SECURITY_TRANSFORM_HPP
diff --git a/src/security/transform/hmac-filter.cpp b/src/security/transform/hmac-filter.cpp
new file mode 100644
index 0000000..10dc0a7
--- /dev/null
+++ b/src/security/transform/hmac-filter.cpp
@@ -0,0 +1,92 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2016 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "hmac-filter.hpp"
+#include "../detail/openssl-helper.hpp"
+
+namespace ndn {
+namespace security {
+namespace transform {
+
+class HmacFilter::Impl
+{
+public:
+ Impl()
+ {
+ HMAC_CTX_init(&m_context);
+ }
+
+ ~Impl()
+ {
+ HMAC_CTX_cleanup(&m_context);
+ }
+
+public:
+ HMAC_CTX m_context;
+};
+
+HmacFilter::HmacFilter(DigestAlgorithm algo, const uint8_t* key, size_t keyLen)
+ : m_impl(new Impl)
+{
+ BOOST_ASSERT(key != nullptr);
+ BOOST_ASSERT(keyLen > 0);
+
+ const EVP_MD* algorithm = detail::toDigestEvpMd(algo);
+ if (algorithm == nullptr)
+ BOOST_THROW_EXCEPTION(Error(getIndex(), "Unsupported digest algorithm"));
+
+ if (HMAC_Init_ex(&m_impl->m_context, key, keyLen, algorithm, nullptr) == 0)
+ BOOST_THROW_EXCEPTION(Error(getIndex(), "Cannot initialize HMAC"));
+}
+
+size_t
+HmacFilter::convert(const uint8_t* buf, size_t size)
+{
+ if (HMAC_Update(&m_impl->m_context, buf, size) == 0)
+ BOOST_THROW_EXCEPTION(Error(getIndex(), "Failed to update HMAC"));
+
+ return size;
+}
+
+void
+HmacFilter::finalize()
+{
+ auto buffer = make_unique<OBuffer>(EVP_MAX_MD_SIZE);
+ unsigned int mdLen = 0;
+
+ if (HMAC_Final(&m_impl->m_context, &(*buffer)[0], &mdLen) == 0)
+ BOOST_THROW_EXCEPTION(Error(getIndex(), "Failed to finalize HMAC"));
+
+ buffer->erase(buffer->begin() + mdLen, buffer->end());
+ setOutputBuffer(std::move(buffer));
+
+ flushAllOutput();
+}
+
+unique_ptr<Transform>
+hmacFilter(DigestAlgorithm algo, const uint8_t* key, size_t keyLen)
+{
+ return make_unique<HmacFilter>(algo, key, keyLen);
+}
+
+} // namespace transform
+} // namespace security
+} // namespace ndn
diff --git a/src/security/transform/hmac-filter.hpp b/src/security/transform/hmac-filter.hpp
new file mode 100644
index 0000000..5409952
--- /dev/null
+++ b/src/security/transform/hmac-filter.hpp
@@ -0,0 +1,72 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2016 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_CXX_SECURITY_TRANSFORM_HMAC_FILTER_HPP
+#define NDN_CXX_SECURITY_TRANSFORM_HMAC_FILTER_HPP
+
+#include "transform-base.hpp"
+#include "../security-common.hpp"
+
+namespace ndn {
+namespace security {
+namespace transform {
+
+/**
+ * @brief The module to generate HMAC for input data.
+ */
+class HmacFilter : public Transform
+{
+public:
+
+ /**
+ * @brief Create a HMAC module to generate HMAC using algorithm @p algo and @p key
+ * @pre @p key must not be nullptr, and @p size must be a positive integer.
+ */
+ HmacFilter(DigestAlgorithm algo, const uint8_t* key, size_t keyLen);
+
+private:
+ /**
+ * @brief write data @p buf into HMAC signer
+ *
+ * @return The number of bytes that are actually accepted
+ */
+ virtual size_t
+ convert(const uint8_t* buf, size_t size) final;
+
+ /**
+ * @brief Finalize HMAC calculation and write the HMAC into next module.
+ */
+ virtual void
+ finalize() final;
+
+private:
+ class Impl;
+ unique_ptr<Impl> m_impl;
+};
+
+unique_ptr<Transform>
+hmacFilter(DigestAlgorithm algo, const uint8_t* key, size_t keyLen);
+
+} // namespace transform
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_CXX_SECURITY_TRANSFORM_HMAC_FILTER_HPP