diff options
| -rw-r--r-- | crypto/crypto.gyp | 1 | ||||
| -rw-r--r-- | crypto/hmac.cc | 23 | ||||
| -rw-r--r-- | crypto/hmac.h | 6 | ||||
| -rw-r--r-- | crypto/hmac_unittest.cc | 6 | ||||
| -rw-r--r-- | net/http/http_mac_signature.cc | 32 |
5 files changed, 46 insertions, 22 deletions
diff --git a/crypto/crypto.gyp b/crypto/crypto.gyp index c875b3e..f6bb591a 100644 --- a/crypto/crypto.gyp +++ b/crypto/crypto.gyp @@ -119,6 +119,7 @@ 'encryptor_nss.cc', 'encryptor_openssl.cc', 'encryptor_win.cc', + 'hmac.cc', 'hmac.h', 'hmac_mac.cc', 'hmac_nss.cc', diff --git a/crypto/hmac.cc b/crypto/hmac.cc new file mode 100644 index 0000000..a38f514 --- /dev/null +++ b/crypto/hmac.cc @@ -0,0 +1,23 @@ +// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "crypto/hmac.h" + +#include "base/logging.h" + +namespace crypto { + +size_t HMAC::DigestLength() const { + switch (hash_alg_) { + case SHA1: + return 20; + case SHA256: + return 32; + default: + NOTREACHED(); + return 0; + } +} + +} // namespace crypto diff --git a/crypto/hmac.h b/crypto/hmac.h index 816bf60..fcd2657 100644 --- a/crypto/hmac.h +++ b/crypto/hmac.h @@ -30,8 +30,13 @@ class HMAC { explicit HMAC(HashAlgorithm hash_alg); ~HMAC(); + size_t DigestLength() const; + + // TODO(abarth): Add a PreferredKeyLength() member function. + // Initializes this instance using |key| of the length |key_length|. Call Init // only once. It returns false on the second or later calls. + // TODO(abarth): key_length should be a size_t. bool Init(const unsigned char* key, int key_length); // Initializes this instance using |key|. Call Init only once. It returns @@ -44,6 +49,7 @@ class HMAC { // Calculates the HMAC for the message in |data| using the algorithm supplied // to the constructor and the key supplied to the Init method. The HMAC is // returned in |digest|, which has |digest_length| bytes of storage available. + // TODO(abarth): digest_length should be a size_t. bool Sign(const std::string& data, unsigned char* digest, int digest_length); // TODO(albertb): Add a Verify method. diff --git a/crypto/hmac_unittest.cc b/crypto/hmac_unittest.cc index c537c36..0f8f0ec 100644 --- a/crypto/hmac_unittest.cc +++ b/crypto/hmac_unittest.cc @@ -7,8 +7,8 @@ #include "crypto/hmac.h" #include "testing/gtest/include/gtest/gtest.h" -static const int kSHA1DigestSize = 20; -static const int kSHA256DigestSize = 32; +static const size_t kSHA1DigestSize = 20; +static const size_t kSHA256DigestSize = 32; TEST(HMACTest, HmacSafeBrowsingResponseTest) { const int kKeySize = 16; @@ -151,6 +151,7 @@ TEST(HMACTest, RFC4231TestCase6) { ASSERT_TRUE(hmac.Init(key, sizeof(key))); unsigned char calculated_hmac[kSHA256DigestSize]; + EXPECT_EQ(kSHA256DigestSize, hmac.DigestLength()); EXPECT_TRUE(hmac.Sign(data, calculated_hmac, kSHA256DigestSize)); EXPECT_EQ(0, memcmp(kKnownHMACSHA256, calculated_hmac, kSHA256DigestSize)); } @@ -191,6 +192,7 @@ TEST(HMACTest, NSSFIPSPowerUpSelfTest) { ASSERT_TRUE(hmac.Init(kKnownSecretKey, kKnownSecretKeySize)); unsigned char calculated_hmac[kSHA1DigestSize]; + EXPECT_EQ(kSHA1DigestSize, hmac.DigestLength()); EXPECT_TRUE(hmac.Sign(message_data, calculated_hmac, kSHA1DigestSize)); EXPECT_EQ(0, memcmp(kKnownHMACSHA1, calculated_hmac, kSHA1DigestSize)); diff --git a/net/http/http_mac_signature.cc b/net/http/http_mac_signature.cc index 50db6b9..3632f06 100644 --- a/net/http/http_mac_signature.cc +++ b/net/http/http_mac_signature.cc @@ -17,16 +17,7 @@ namespace { const char kSHA1Name[] = "hmac-sha-1"; const char kSHA256Name[] = "hmac-sha-256"; -const int kNonceLength = 256 / 8; - -size_t LengthForHMACAlgorithm(crypto::HMAC::HashAlgorithm algorithm) { - if (algorithm == crypto::HMAC::SHA1) - return 20; - if (algorithm == crypto::HMAC::SHA256) - return 32; - NOTREACHED(); - return 20; -} +const int kNonceLength = 64/8; bool IsPlainStringCharacter(char character) { return character == 0x20 || character == 0x21 || @@ -65,11 +56,12 @@ bool HttpMacSignature::AddStateInfo(const std::string& id, const std::string& issuer) { DCHECK(id_.empty()); - if (!IsPlainString(id) || id.empty() - || mac_key.empty() - || mac_algorithm.empty() - || !IsPlainString(issuer) || issuer.empty()) + if (!IsPlainString(id) || id.empty() || + mac_key.empty() || + mac_algorithm.empty() || + !IsPlainString(issuer) || issuer.empty()) { return false; + } if (mac_algorithm == kSHA1Name) mac_algorithm_ = crypto::HMAC::SHA1; @@ -90,12 +82,12 @@ bool HttpMacSignature::AddHttpInfo(const std::string& method, int port) { DCHECK(method_.empty()); - if (!IsPlainString(method) || method.empty() - || !IsPlainString(request_uri) || request_uri.empty() - || !IsPlainString(host) || host.empty() - || port <= 0 - || port > 65535) + if (!IsPlainString(method) || method.empty() || + !IsPlainString(request_uri) || request_uri.empty() || + !IsPlainString(host) || host.empty() || + port <= 0 || port > 65535) { return false; + } method_ = StringToUpperASCII(method); request_uri_ = request_uri; @@ -156,7 +148,7 @@ std::string HttpMacSignature::GenerateMAC(const std::string& timestamp, hmac.Init(mac_key_); std::string signature; - size_t length = LengthForHMACAlgorithm(mac_algorithm_); + size_t length = hmac.DigestLength(); char* buffer = WriteInto(&signature, length); bool result = hmac.Sign(request, reinterpret_cast<unsigned char*>(buffer), |