12#include <boost/scoped_ptr.hpp> 
   14#include <openssl/evp.h> 
   34    explicit HMACImpl(
const void* secret, 
size_t secret_len,
 
   36        : hash_algorithm_(hash_algorithm), md_(), digest_() {
 
   40                      "Unknown hash algorithm: " <<
 
   41                      static_cast<int>(hash_algorithm));
 
   43        if (secret_len == 0) {
 
   47        md_ = EVP_MD_CTX_new();
 
   53            EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
 
   54                                         reinterpret_cast<const unsigned char*
>(secret),
 
   59                      "OpenSSL EVP_PKEY_new_raw_private_key() failed");
 
   62        if (!EVP_DigestSignInit(md_, NULL, algo, NULL, pkey)) {
 
 
   80        return (hash_algorithm_);
 
 
   87        return (EVP_MD_CTX_size(md_));
 
 
   98        if (!EVP_DigestSignUpdate(md_, 
data, len)) {
 
 
  109        size_t digest_len = size;
 
  110        if (!EVP_DigestSignFinal(md_, &
digest[0], &digest_len)) {
 
  113        if (digest_len != size) {
 
 
  125    void sign(
void* result, 
size_t len) {
 
  128        size_t digest_len = size;
 
  129        if (!EVP_DigestSignFinal(md_, &
digest[0], &digest_len)) {
 
  132        if (digest_len != size) {
 
  138        std::memcpy(result, &
digest[0], len);
 
 
  144    std::vector<uint8_t> 
sign(
size_t len) {
 
  147        size_t digest_len = size;
 
  148        if (!EVP_DigestSignFinal(md_, &
digest[0], &digest_len)) {
 
  151        if (digest_len != size) {
 
  157        return (std::vector<uint8_t>(
digest.begin(), 
digest.end()));
 
 
  163    bool verify(
const void* sig, 
size_t len) {
 
  166        if (len < 10 || len < size / 2) {
 
  169        if (digest_.size() == 0) {
 
  170            digest_.resize(size);
 
  171            size_t digest_len = size;
 
  172            if (!EVP_DigestSignFinal(md_, &digest_[0], &digest_len)) {
 
  175            if (digest_len != size) {
 
  182        return (digest_.same(sig, len));
 
 
  196HMAC::HMAC(
const void* secret, 
size_t secret_length,
 
  199    impl_ = 
new HMACImpl(secret, secret_length, hash_algorithm);
 
  208    return (impl_->getHashAlgorithm());
 
  213    return (impl_->getOutputLength());
 
  218    impl_->update(data, len);
 
  222HMAC::sign(isc::util::OutputBuffer& result, 
size_t len) {
 
  223    impl_->sign(result, len);
 
  228    impl_->sign(result, len);
 
  233    return impl_->sign(len);
 
  238    return (impl_->verify(sig, len));
 
This exception is thrown when the underlying library could not handle the key data.
Botan implementation of HMAC.
std::vector< uint8_t > sign(size_t len)
Calculate the final signature.
void sign(void *result, size_t len)
Calculate the final signature.
size_t getOutputLength() const
Returns the output size of the digest.
HashAlgorithm getHashAlgorithm() const
Returns the HashAlgorithm of the object.
HMACImpl(const void *secret, size_t secret_len, const HashAlgorithm hash_algorithm)
Constructor from a secret and a hash algorithm.
void sign(isc::util::OutputBuffer &result, size_t len)
Calculate the final signature.
bool verify(const void *sig, size_t len)
Verify an existing signature.
void update(const void *data, const size_t len)
Add data to digest.
void update(const void *data, const size_t len)
Add data to digest.
bool verify(const void *sig, size_t len)
Verify an existing signature.
size_t getOutputLength() const
Returns the output size of the digest.
void sign(isc::util::OutputBuffer &result, size_t len)
Calculate the final signature.
HashAlgorithm getHashAlgorithm() const
Returns the HashAlgorithm of the object.
This exception is raised when a general error that was not specifically caught is thrown by the under...
This exception is thrown when a cryptographic action is requested for an algorithm that is not suppor...
Secure Buffers which are wiped out when released.
The OutputBuffer class is a buffer abstraction for manipulating mutable data.
void writeData(const void *data, size_t len)
Copy an arbitrary length of data into the buffer.
#define isc_throw(type, stream)
A shortcut macro to insert known values into exception arguments.
const EVP_MD * getHashAlgorithm(isc::cryptolink::HashAlgorithm algorithm)
Decode the HashAlgorithm enum into an EVP_MD pointer (or 0)
HashAlgorithm
Hash algorithm identifiers.
void digest(const void *data, const size_t data_len, const HashAlgorithm hash_algorithm, isc::util::OutputBuffer &result, size_t len)
Create an Hash digest for the given data.
Defines the logger used by the top-level component of kea-lfc.