diff --git a/TODO b/TODO index 16beda9a..1b318300 100644 --- a/TODO +++ b/TODO @@ -19,7 +19,6 @@ reports true, but then when the object is created, it doesn't actually support the feature (because the wrong provider was used). why is Random returning unsigned? - why does the MessageAuthenticationCode constructor have default args? code: don't create qobjects during init (that means you, keystoremanager) functions that don't trip a scan should do so on the first try diff --git a/examples/mactest/mactest.cpp b/examples/mactest/mactest.cpp index 560122f2..d6ecde8e 100644 --- a/examples/mactest/mactest.cpp +++ b/examples/mactest/mactest.cpp @@ -7,10 +7,10 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: - + The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. - + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE @@ -47,13 +47,13 @@ int main(int argc, char **argv) if( !QCA::isSupported("hmac(sha1)") ) { printf("HMAC(SHA1) not supported!\n"); } else { - // create the required object. This is equivalent - // to QCA::MessageAuthenticationCode hmacObject("hmac(sha1)"). - QCA::MessageAuthenticationCode hmacObject; + // create the required object using HMAC with SHA-1, and an + // empty key. + QCA::MessageAuthenticationCode hmacObject( "hmac(sha1)", QSecureArray() ); // create the key QCA::SymmetricKey keyObject(key); - + // set the HMAC object to use the key hmacObject.setup(key); // that could also have been done in the diff --git a/include/QtCrypto/qca_basic.h b/include/QtCrypto/qca_basic.h index 79e9adb4..b81a57ef 100644 --- a/include/QtCrypto/qca_basic.h +++ b/include/QtCrypto/qca_basic.h @@ -641,7 +641,8 @@ namespace QCA MessageAuthenticationCode is a class for accessing the various message authentication code algorithms within %QCA. - HMAC using SHA1 ("hmac(sha1)")is recommended for new applications. + HMAC using SHA1 ("hmac(sha1)") or HMAC using SHA256 ("hmac(sha256)") + is recommended for new applications. Note that if your application is potentially susceptable to "replay attacks" where the message is sent more than once, you should include a counter in @@ -661,8 +662,8 @@ namespace QCA \param key the shared key \param provider the provider to use, if a particular provider is required */ - MessageAuthenticationCode(const QString &type = "hmac(sha1)", - const SymmetricKey &key = SymmetricKey(), + MessageAuthenticationCode(const QString &type, + const SymmetricKey &key, const QString &provider = QString()); /** diff --git a/unittest/macunittest/macunittest.cpp b/unittest/macunittest/macunittest.cpp index 3e919217..33af1df1 100644 --- a/unittest/macunittest/macunittest.cpp +++ b/unittest/macunittest/macunittest.cpp @@ -108,7 +108,7 @@ void MACUnitTest::HMACMD5() md5hmac4.update( data4 ); QCOMPARE( QCA::arrayToHex( md5hmac4.final() ), QString( "697eaf0aca3a3aea3a75164746ffaa79" ) ); - QCA::MessageAuthenticationCode md5hmac5( "hmac(md5)" ); + QCA::MessageAuthenticationCode md5hmac5( "hmac(md5)", QSecureArray() ); QCA::SymmetricKey key5( QCA::hexToArray( "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c" ) ); md5hmac5.setup( key5 ); QSecureArray data5( "Test With Truncation" ); @@ -479,7 +479,7 @@ void MACUnitTest::HMACSHA1() QCOMPARE( sha1hmacLenTest.validKeyLength( -2 ), false ); // These tests are from RFC2202, Section 3. - QCA::MessageAuthenticationCode test1; // should be default + QCA::MessageAuthenticationCode test1( "hmac(sha1)", QSecureArray() ); QCA::SymmetricKey key1( QCA::hexToArray( "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b" ) ); test1.setup( key1 ); QSecureArray data1( "Hi There" );