1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added QMessageAuthenticationCode

Browse Source 
QMessageAuthenticationCode is HMAC implementation based on
QCryptographicHash abilities. HMAC is often used in OAuth and similar
authentication protocols.

Change-Id: Ifc73947ad06c36a1b770315b7e89ba5c01c5e79e
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
This commit is contained in:
Ruslan Nigmatullin 2013-01-11 16:10:53 +04:00 committed by The Qt Project
parent 273713b81f
commit d4adcfb8cc
9 changed files with 586 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
dist/changes-5.1.0 vendored
View File

@ -54,6 +54,9 @@ QtCore
* Added operators for adding and subtracting QMargins objects, * Added operators for adding and subtracting QMargins objects,
multiplication and division for int/qreal and unary minus. multiplication and division for int/qreal and unary minus.
- QMessageAuthenticationCode
* New class for hash-based message authentication code added to QtCore.
- -
QtGui QtGui

62
src/corelib/doc/snippets/qmessageauthenticationcode/main.cpp Normal file
View File

@ -0,0 +1,62 @@
/****************************************************************************
**
** Copyright (C) 2013 Ruslan Nigmatullin <euroelessar@yandex.ru>
** Contact: http://www.qt-project.org/legal
**
** This file is part of the documentation of the Qt Toolkit.
**
** $QT_BEGIN_LICENSE:BSD$
** You may use this file under the terms of the BSD license as follows:
**
** "Redistribution and use in source and binary forms, with or without
** modification, are permitted provided that the following conditions are
** met:
** * Redistributions of source code must retain the above copyright
** notice, this list of conditions and the following disclaimer.
** * Redistributions in binary form must reproduce the above copyright
** notice, this list of conditions and the following disclaimer in
** the documentation and/or other materials provided with the
** distribution.
** * Neither the name of Digia Plc and its Subsidiary(-ies) nor the names
** of its contributors may be used to endorse or promote products derived
** from this software without specific prior written permission.
**
**
** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
** LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
** A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
** OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
** SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
** LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
** DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
** THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
** OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE."
**
** $QT_END_LICENSE$
**
****************************************************************************/
#include <QtCore>
int main(int argc, char *argv[])
{
QCoreApplication app(argc, argv);
//! [0]
QByteArray key = "key";
QByteArray message = "The quick brown fox jumps over the lazy dog";
//! [0]
//! [1]
QMessageAuthenticationCode code(QCryptographicHash::Sha1);
code.setKey(key);
code.addData(message);
code.result().toHex(); // returns "de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"
//! [1]
//! [2]
QMessageAuthenticationCode::hash(message, key, QCryptographicHash::Sha1).toHex();
//! [2]
}

275
src/corelib/tools/qmessageauthenticationcode.cpp Normal file
View File

@ -0,0 +1,275 @@
/****************************************************************************
**
** Copyright (C) 2013 Ruslan Nigmatullin <euroelessar@yandex.ru>
** Contact: http://www.qt-project.org/legal
**
** This file is part of the QtCore module of the Qt Toolkit.
**
** $QT_BEGIN_LICENSE:LGPL$
** Commercial License Usage
** Licensees holding valid commercial Qt licenses may use this file in
** accordance with the commercial license agreement provided with the
** Software or, alternatively, in accordance with the terms contained in
** a written agreement between you and Digia. For licensing terms and
** conditions see http://qt.digia.com/licensing. For further information
** use the contact form at http://qt.digia.com/contact-us.
**
** GNU Lesser General Public License Usage
** Alternatively, this file may be used under the terms of the GNU Lesser
** General Public License version 2.1 as published by the Free Software
** Foundation and appearing in the file LICENSE.LGPL included in the
** packaging of this file. Please review the following information to
** ensure the GNU Lesser General Public License version 2.1 requirements
** will be met: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.
**
** In addition, as a special exception, Digia gives you certain additional
** rights. These rights are described in the Digia Qt LGPL Exception
** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.
**
** GNU General Public License Usage
** Alternatively, this file may be used under the terms of the GNU
** General Public License version 3.0 as published by the Free Software
** Foundation and appearing in the file LICENSE.GPL included in the
** packaging of this file. Please review the following information to
** ensure the GNU General Public License version 3.0 requirements will be
** met: http://www.gnu.org/copyleft/gpl.html.
**
**
** $QT_END_LICENSE$
**
****************************************************************************/
#include "qmessageauthenticationcode.h"
#include "qvarlengtharray.h"
/*
These #defines replace the typedefs needed by the RFC6234 code. Normally
the typedefs would come from from stdint.h, but since this header is not
available on all platforms (MSVC 2008, for example), we #define them to the
Qt equivalents.
*/
#define uint64_t QT_PREPEND_NAMESPACE(quint64)
#define uint32_t QT_PREPEND_NAMESPACE(quint32)
#define uint8_t QT_PREPEND_NAMESPACE(quint8)
#define int_least16_t QT_PREPEND_NAMESPACE(qint16)
// Header from rfc6234 with 1 modification:
// sha1.h - commented out '#include <stdint.h>' on line 74
#include "../../3rdparty/rfc6234/sha.h"
#undef uint64_t
#undef uint32_t
#undef uint68_t
#undef int_least16_t
QT_BEGIN_NAMESPACE
static int qt_hash_block_size(QCryptographicHash::Algorithm method)
{
switch (method) {
case QCryptographicHash::Md4:
return 64;
case QCryptographicHash::Md5:
return 64;
case QCryptographicHash::Sha1:
return SHA1_Message_Block_Size;
case QCryptographicHash::Sha224:
return SHA224_Message_Block_Size;
case QCryptographicHash::Sha256:
return SHA256_Message_Block_Size;
case QCryptographicHash::Sha384:
return SHA384_Message_Block_Size;
case QCryptographicHash::Sha512:
return SHA512_Message_Block_Size;
}
return 0;
}
class QMessageAuthenticationCodePrivate
{
public:
QMessageAuthenticationCodePrivate(QCryptographicHash::Algorithm m)
: messageHash(m), method(m), messageHashInited(false)
{
}
QByteArray key;
QByteArray result;
QCryptographicHash messageHash;
QCryptographicHash::Algorithm method;
bool messageHashInited;
void initMessageHash();
};
void QMessageAuthenticationCodePrivate::initMessageHash()
{
if (messageHashInited)
return;
messageHashInited = true;
const int blockSize = qt_hash_block_size(method);
if (key.size() > blockSize) {
QCryptographicHash hash(method);
hash.addData(key);
key = hash.result();
hash.reset();
}
if (key.size() < blockSize) {
const int size = key.size();
key.resize(blockSize);
memset(key.data() + size, 0, blockSize - size);
}
QVarLengthArray<char> iKeyPad(blockSize);
const char * const keyData = key.constData();
for (int i = 0; i < blockSize; ++i)
iKeyPad[i] = keyData[i] ^ 0x36;
messageHash.addData(iKeyPad.data(), iKeyPad.size());
}
/*!
\class QMessageAuthenticationCode
\inmodule QtCore
\brief The QMessageAuthenticationCode class provides a way to generate
hash-based message authentication codes.
\since 5.1
\ingroup tools
\reentrant
QMessageAuthenticationCode supports all cryptographic hashes which are supported by
QCryptographicHash.
To generate message authentication code, pass hash algorithm QCryptographicHash::Algorithm
to constructor, then set key and message by setKey() and addData() functions. Result
can be acquired by result() function.
\snippet qmessageauthenticationcode/main.cpp 0
\dots
\snippet qmessageauthenticationcode/main.cpp 1
Alternatively, this effect can be achieved by providing message,
key and method to hash() method.
\snippet qmessageauthenticationcode/main.cpp 2
\sa QCryptographicHash
*/
/*!
Constructs an object that can be used to create a cryptographic hash from data
using method \a method and key \a key.
*/
QMessageAuthenticationCode::QMessageAuthenticationCode(QCryptographicHash::Algorithm method,
const QByteArray &key)
: d(new QMessageAuthenticationCodePrivate(method))
{
d->key = key;
}
/*!
Destroys the object.
*/
QMessageAuthenticationCode::~QMessageAuthenticationCode()
{
delete d;
}
/*!
Resets message data. Calling this method doesn't affect the key.
*/
void QMessageAuthenticationCode::reset()
{
d->result.clear();
d->messageHash.reset();
d->messageHashInited = false;
}
/*!
Sets secret \a key. Calling this method automatically resets the object state.
*/
void QMessageAuthenticationCode::setKey(const QByteArray &key)
{
reset();
d->key = key;
}
/*!
Adds the first \a length chars of \a data to the message.
*/
void QMessageAuthenticationCode::addData(const char *data, int length)
{
d->initMessageHash();
d->messageHash.addData(data, length);
}
/*!
\overload addData()
*/
void QMessageAuthenticationCode::addData(const QByteArray &data)
{
d->initMessageHash();
d->messageHash.addData(data);
}
/*!
Reads the data from the open QIODevice \a device until it ends
and adds it to message. Returns true if reading was successful.
\note \a device must be already opened.
*/
bool QMessageAuthenticationCode::addData(QIODevice *device)
{
d->initMessageHash();
return d->messageHash.addData(device);
}
/*!
Returns the final authentication code.
\sa QByteArray::toHex()
*/
QByteArray QMessageAuthenticationCode::result() const
{
if (!d->result.isEmpty())
return d->result;
d->initMessageHash();
const int blockSize = qt_hash_block_size(d->method);
QByteArray hashedMessage = d->messageHash.result();
QVarLengthArray<char> oKeyPad(blockSize);
const char * const keyData = d->key.constData();
for (int i = 0; i < blockSize; ++i)
oKeyPad[i] = keyData[i] ^ 0x5c;
QCryptographicHash hash(d->method);
hash.addData(oKeyPad.data(), oKeyPad.size());
hash.addData(hashedMessage);
d->result = hash.result();
return d->result;
}
/*!
Returns the authentication code for the message \a message using
the key \a key and the method \a method.
*/
QByteArray QMessageAuthenticationCode::hash(const QByteArray &message, const QByteArray &key,
QCryptographicHash::Algorithm method)
{
QMessageAuthenticationCode mac(method);
mac.setKey(key);
mac.addData(message);
return mac.result();
}
QT_END_NAMESPACE

84
src/corelib/tools/qmessageauthenticationcode.h Normal file
View File

@ -0,0 +1,84 @@
/****************************************************************************
**
** Copyright (C) 2013 Ruslan Nigmatullin <euroelessar@yandex.ru>
** Contact: http://www.qt-project.org/legal
**
** This file is part of the QtCore module of the Qt Toolkit.
**
** $QT_BEGIN_LICENSE:LGPL$
** Commercial License Usage
** Licensees holding valid commercial Qt licenses may use this file in
** accordance with the commercial license agreement provided with the
** Software or, alternatively, in accordance with the terms contained in
** a written agreement between you and Digia. For licensing terms and
** conditions see http://qt.digia.com/licensing. For further information
** use the contact form at http://qt.digia.com/contact-us.
**
** GNU Lesser General Public License Usage
** Alternatively, this file may be used under the terms of the GNU Lesser
** General Public License version 2.1 as published by the Free Software
** Foundation and appearing in the file LICENSE.LGPL included in the
** packaging of this file. Please review the following information to
** ensure the GNU Lesser General Public License version 2.1 requirements
** will be met: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.
**
** In addition, as a special exception, Digia gives you certain additional
** rights. These rights are described in the Digia Qt LGPL Exception
** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.
**
** GNU General Public License Usage
** Alternatively, this file may be used under the terms of the GNU
** General Public License version 3.0 as published by the Free Software
** Foundation and appearing in the file LICENSE.GPL included in the
** packaging of this file. Please review the following information to
** ensure the GNU General Public License version 3.0 requirements will be
** met: http://www.gnu.org/copyleft/gpl.html.
**
**
** $QT_END_LICENSE$
**
****************************************************************************/
#ifndef QMESSAGEAUTHENTICATIONCODE_H
#define QMESSAGEAUTHENTICATIONCODE_H
#include <QtCore/qcryptographichash.h>
QT_BEGIN_HEADER
QT_BEGIN_NAMESPACE
class QMessageAuthenticationCodePrivate;
class QIODevice;
class Q_CORE_EXPORT QMessageAuthenticationCode
{
public:
explicit QMessageAuthenticationCode(QCryptographicHash::Algorithm method,
const QByteArray &key = QByteArray());
~QMessageAuthenticationCode();
void reset();
void setKey(const QByteArray &key);
void addData(const char *data, int length);
void addData(const QByteArray &data);
bool addData(QIODevice *device);
QByteArray result() const;
static QByteArray hash(const QByteArray &message, const QByteArray &key,
QCryptographicHash::Algorithm method);
private:
Q_DISABLE_COPY(QMessageAuthenticationCode)
QMessageAuthenticationCodePrivate *d;
};
QT_END_NAMESPACE
QT_END_HEADER
#endif

2
src/corelib/tools/tools.pri
View File

@ -29,6 +29,7 @@ HEADERS += \
tools/qlocale_data_p.h \ tools/qlocale_data_p.h \
tools/qmap.h \ tools/qmap.h \
tools/qmargins.h \ tools/qmargins.h \
tools/qmessageauthenticationcode.h \
tools/qcontiguouscache.h \ tools/qcontiguouscache.h \
tools/qpodlist_p.h \ tools/qpodlist_p.h \
tools/qpair.h \ tools/qpair.h \
@ -82,6 +83,7 @@ SOURCES += \
tools/qpoint.cpp \ tools/qpoint.cpp \
tools/qmap.cpp \ tools/qmap.cpp \
tools/qmargins.cpp \ tools/qmargins.cpp \
tools/qmessageauthenticationcode.cpp \
tools/qcontiguouscache.cpp \ tools/qcontiguouscache.cpp \
tools/qrect.cpp \ tools/qrect.cpp \
tools/qregexp.cpp \ tools/qregexp.cpp \

1
tests/auto/corelib/tools/qmessageauthenticationcode/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
tst_qmessageauthenticationcode

7
tests/auto/corelib/tools/qmessageauthenticationcode/qmessageauthenticationcode.pro Normal file
View File

@ -0,0 +1,7 @@
CONFIG += testcase parallel_test
TARGET = tst_qmessageauthenticationcode
QT = core testlib
SOURCES = tst_qmessageauthenticationcode.cpp
TESTDATA += data/*
DEFINES += QT_DISABLE_DEPRECATED_BEFORE=0

151
tests/auto/corelib/tools/qmessageauthenticationcode/tst_qmessageauthenticationcode.cpp Normal file
View File

@ -0,0 +1,151 @@
/****************************************************************************
**
** Copyright (C) 2013 Ruslan Nigmatullin <euroelessar@yandex.ru>
** Contact: http://www.qt-project.org/legal
**
** This file is part of the test suite of the Qt Toolkit.
**
** $QT_BEGIN_LICENSE:LGPL$
** Commercial License Usage
** Licensees holding valid commercial Qt licenses may use this file in
** accordance with the commercial license agreement provided with the
** Software or, alternatively, in accordance with the terms contained in
** a written agreement between you and Digia. For licensing terms and
** conditions see http://qt.digia.com/licensing. For further information
** use the contact form at http://qt.digia.com/contact-us.
**
** GNU Lesser General Public License Usage
** Alternatively, this file may be used under the terms of the GNU Lesser
** General Public License version 2.1 as published by the Free Software
** Foundation and appearing in the file LICENSE.LGPL included in the
** packaging of this file. Please review the following information to
** ensure the GNU Lesser General Public License version 2.1 requirements
** will be met: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.
**
** In addition, as a special exception, Digia gives you certain additional
** rights. These rights are described in the Digia Qt LGPL Exception
** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.
**
** GNU General Public License Usage
** Alternatively, this file may be used under the terms of the GNU
** General Public License version 3.0 as published by the Free Software
** Foundation and appearing in the file LICENSE.GPL included in the
** packaging of this file. Please review the following information to
** ensure the GNU General Public License version 3.0 requirements will be
** met: http://www.gnu.org/copyleft/gpl.html.
**
**
** $QT_END_LICENSE$
**
****************************************************************************/
#include <QtCore/QCoreApplication>
#include <QtTest/QtTest>
class tst_QMessageAuthenticationCode : public QObject
{
Q_OBJECT
private slots:
void result_data();
void result();
void result_incremental_data();
void result_incremental();
};
Q_DECLARE_METATYPE(QCryptographicHash::Algorithm)
void tst_QMessageAuthenticationCode::result_data()
{
QTest::addColumn<QCryptographicHash::Algorithm>("algo");
QTest::addColumn<QByteArray>("key");
QTest::addColumn<QByteArray>("message");
QTest::addColumn<QByteArray>("code");
// Empty values
QTest::newRow("md5-empty") << QCryptographicHash::Md5
<< QByteArray()
<< QByteArray()
<< QByteArray::fromHex("74e6f7298a9c2d168935f58c001bad88");
QTest::newRow("sha1-empty") << QCryptographicHash::Sha1
<< QByteArray()
<< QByteArray()
<< QByteArray::fromHex("fbdb1d1b18aa6c08324b7d64b71fb76370690e1d");
QTest::newRow("sha256-empty") << QCryptographicHash::Sha256
<< QByteArray()
<< QByteArray()
<< QByteArray::fromHex("b613679a0814d9ec772f95d778c35fc5ff1697c493715653c6c712144292c5ad");
// Some not-empty
QTest::newRow("md5") << QCryptographicHash::Md5
<< QByteArray("key")
<< QByteArray("The quick brown fox jumps over the lazy dog")
<< QByteArray::fromHex("80070713463e7749b90c2dc24911e275");
QTest::newRow("sha1") << QCryptographicHash::Sha1
<< QByteArray("key")
<< QByteArray("The quick brown fox jumps over the lazy dog")
<< QByteArray::fromHex("de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9");
QTest::newRow("sha256") << QCryptographicHash::Sha256
<< QByteArray("key")
<< QByteArray("The quick brown fox jumps over the lazy dog")
<< QByteArray::fromHex("f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8");
// Some from rfc-2104
QTest::newRow("rfc-md5-1") << QCryptographicHash::Md5
<< QByteArray::fromHex("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b")
<< QByteArray("Hi There")
<< QByteArray::fromHex("9294727a3638bb1c13f48ef8158bfc9d");
QTest::newRow("rfc-md5-2") << QCryptographicHash::Md5
<< QByteArray("Jefe")
<< QByteArray("what do ya want for nothing?")
<< QByteArray::fromHex("750c783e6ab0b503eaa86e310a5db738");
QTest::newRow("rfc-md5-3") << QCryptographicHash::Md5
<< QByteArray::fromHex("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")
<< QByteArray(50, 0xdd)
<< QByteArray::fromHex("56be34521d144c88dbb8c733f0e8b3f6");
}
void tst_QMessageAuthenticationCode::result()
{
QFETCH(QCryptographicHash::Algorithm, algo);
QFETCH(QByteArray, key);
QFETCH(QByteArray, message);
QFETCH(QByteArray, code);
QMessageAuthenticationCode mac(algo);
mac.setKey(key);
mac.addData(message);
QByteArray result = mac.result();
QCOMPARE(result, code);
}
void tst_QMessageAuthenticationCode::result_incremental_data()
{
result_data();
}
void tst_QMessageAuthenticationCode::result_incremental()
{
QFETCH(QCryptographicHash::Algorithm, algo);
QFETCH(QByteArray, key);
QFETCH(QByteArray, message);
QFETCH(QByteArray, code);
int index = message.length() / 2;
QByteArray leftPart(message.mid(0, index));
QByteArray rightPart(message.mid(index));
QCOMPARE(leftPart + rightPart, message);
QMessageAuthenticationCode mac(algo);
mac.setKey(key);
mac.addData(leftPart);
mac.addData(rightPart);
QByteArray result = mac.result();
QCOMPARE(result, code);
}
QTEST_MAIN(tst_QMessageAuthenticationCode)
#include "tst_qmessageauthenticationcode.moc"

1
tests/auto/corelib/tools/tools.pro
View File

@ -22,6 +22,7 @@ SUBDIRS=\
qlocale \ qlocale \
qmap \ qmap \
qmargins \ qmargins \
qmessageauthenticationcode \
qpair \ qpair \
qpoint \ qpoint \
qpointf \ qpointf \