Move the SHA256, 384, and 512 Hash implementations to be internal. (#2523)

* Move the SHA256, 384, and 512 Hash implementations to be internal.

* Update changelog and add back missing file.

* Update samples to not use the SHA256 API since it is internal now.

sdk/keyvault/azure-security-keyvault-common/CHANGELOG.md

@@ -6,6 +6,8 @@
 
 ### Breaking Changes
 
+- Removed `SHA256`, `SHA384`, and `SHA512` hashing classes by making them internal since the end user doesn't need them.
+
 ### Key Bugs Fixed
 
 ### Fixed

sdk/keyvault/azure-security-keyvault-common/CMakeLists.txt

@@ -32,7 +32,7 @@ set(
     inc/azure/keyvault/common/internal/keyvault_pipeline.hpp
     inc/azure/keyvault/common/internal/single_page.hpp
     inc/azure/keyvault/common/internal/keyvault_exception.hpp
-    inc/azure/keyvault/common/sha.hpp
+    inc/azure/keyvault/common/internal/sha.hpp
 )
 
 set(

sdk/keyvault/azure-security-keyvault-common/inc/azure/keyvault/common/internal/sha.hpp

@@ -15,7 +15,7 @@
 #include <string>
 #include <vector>
 
-namespace Azure { namespace Security { namespace KeyVault {
+namespace Azure { namespace Security { namespace KeyVault { namespace _internal {
 
   /**
    * @brief Defines #SHA256.
@@ -173,4 +173,4 @@ namespace Azure { namespace Security { namespace KeyVault {
     }
   };
 
-}}} // namespace Azure::Security::KeyVault
+}}}} // namespace Azure::Security::KeyVault::_internal

sdk/keyvault/azure-security-keyvault-common/src/sha.cpp

@@ -12,7 +12,7 @@
 #include <openssl/evp.h>
 #endif
 
-#include "azure/keyvault/common/sha.hpp"
+#include "azure/keyvault/common/internal/sha.hpp"
 
 #include <memory>
 #include <stdexcept>
@@ -97,17 +97,17 @@ public:
 
 } // namespace
 
-Azure::Security::KeyVault::SHA256::SHA256()
+Azure::Security::KeyVault::_internal::SHA256::SHA256()
     : m_portableImplementation(std::make_unique<SHAWithOpenSSL>(SHASize::SHA256))
 {
 }
 
-Azure::Security::KeyVault::SHA384::SHA384()
+Azure::Security::KeyVault::_internal::SHA384::SHA384()
     : m_portableImplementation(std::make_unique<SHAWithOpenSSL>(SHASize::SHA384))
 {
 }
 
-Azure::Security::KeyVault::SHA512::SHA512()
+Azure::Security::KeyVault::_internal::SHA512::SHA512()
     : m_portableImplementation(std::make_unique<SHAWithOpenSSL>(SHASize::SHA512))
 {
 }
@@ -222,17 +222,17 @@ public:
 
 } // namespace
 
-Azure::Security::KeyVault::SHA256::SHA256()
+Azure::Security::KeyVault::_internal::SHA256::SHA256()
     : m_portableImplementation(std::make_unique<SHAWithBCrypt>(BCRYPT_SHA256_ALGORITHM))
 {
 }
 
-Azure::Security::KeyVault::SHA384::SHA384()
+Azure::Security::KeyVault::_internal::SHA384::SHA384()
     : m_portableImplementation(std::make_unique<SHAWithBCrypt>(BCRYPT_SHA384_ALGORITHM))
 {
 }
 
-Azure::Security::KeyVault::SHA512::SHA512()
+Azure::Security::KeyVault::_internal::SHA512::SHA512()
     : m_portableImplementation(std::make_unique<SHAWithBCrypt>(BCRYPT_SHA512_ALGORITHM))
 {
 }

sdk/keyvault/azure-security-keyvault-common/test/ut/sha_test.cpp

@@ -3,9 +3,9 @@
 
 #include "gtest/gtest.h"
 
-#include "azure/keyvault/common/sha.hpp"
+#include "azure/keyvault/common/internal/sha.hpp"
 
-using namespace Azure::Security::KeyVault;
+using namespace Azure::Security::KeyVault::_internal;
 
 TEST(SHA, SHA256Test)
 {

sdk/keyvault/azure-security-keyvault-keys/samples/sample5_sign_verify.md

@@ -63,15 +63,13 @@ The `Sign` and `Verify` methods expect a precalculated digest, and the digest ne
 SHA256 is the hash algorithm used for both RS256 and ES256K which are the algorithms we'll be using in this sample.
 
 ```cpp
-uint8_t const dataSource[]
-    = "This is some sample data which we will use to demonstrate sign and verify";
-std::vector<uint8_t> data(std::begin(dataSource), std::end(dataSource));
-std::vector<uint8_t> digest;
-
-{
-    Azure::Security::KeyVault::SHA256 hashAlgo;
-    digest = hashAlgo.Final(data.data(), data.size());
-}
+// digestBase64 simulates some text data that has been hashed using the SHA256 algorithm
+// and then base 64 encoded. It is not relevant for the sample how to create the SHA256
+// hashed digest.
+// Example input data source for the digest:
+// "This is some sample data which we will use to demonstrate sign and verify"
+std::string digestBase64 = "DU9EdhpwhJqnGnieD0qKYEz6e8QPKlOVpYZZro+XtI8=";
+std::vector<uint8_t> digest = Azure::Core::Convert::Base64Decode(digestBase64);
 
 // Sign and Verify from digest
 SignResult rsaSignResult = rsaCryptoClient.Sign(SignatureAlgorithm::RS256, digest);

sdk/keyvault/azure-security-keyvault-keys/src/cryptography/signature_algorithm.cpp

@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-#include <azure/keyvault/common/sha.hpp>
+#include <azure/keyvault/common/internal/sha.hpp>
 
 #include "../private/key_constants.hpp"
 #include "azure/keyvault/keys/cryptography/signature_algorithm.hpp"
@@ -28,19 +28,19 @@ namespace Azure {
     if (*this == SignatureAlgorithm::RS256 || *this == SignatureAlgorithm::PS256
         || *this == SignatureAlgorithm::ES256 || *this == SignatureAlgorithm::ES256K)
     {
-      return std::make_unique<SHA256>();
+      return std::make_unique<_internal::SHA256>();
     }
 
     if (*this == SignatureAlgorithm::RS384 || *this == SignatureAlgorithm::PS384
         || *this == SignatureAlgorithm::ES384)
     {
-      return std::make_unique<SHA384>();
+      return std::make_unique<_internal::SHA384>();
     }
 
     if (*this == SignatureAlgorithm::RS512 || *this == SignatureAlgorithm::PS512
         || *this == SignatureAlgorithm::ES512)
     {
-      return std::make_unique<SHA512>();
+      return std::make_unique<_internal::SHA512>();
     }
     throw std::runtime_error("Unkown Hash algorithm for: " + m_value);
   }

sdk/keyvault/azure-security-keyvault-keys/test/samples/sample5-sign-verify/sample5_sign_verify.cpp

@@ -60,15 +60,13 @@ int main()
 
   CryptographyClient ecCryptoClient(cloudEcKey.Id(), credential);
 
-  uint8_t const dataSource[]
-      = "This is some sample data which we will use to demonstrate sign and verify";
-  std::vector<uint8_t> data(std::begin(dataSource), std::end(dataSource));
-  std::vector<uint8_t> digest;
-
-  {
-    Azure::Security::KeyVault::SHA256 hashAlgo;
-    digest = hashAlgo.Final(data.data(), data.size());
-  }
+  // digestBase64 simulates some text data that has been hashed using the SHA256 algorithm
+  // and then base 64 encoded. It is not relevant for the sample how to create the SHA256
+  // hashed digest.
+  // Example input data source for the digest:
+  // "This is some sample data which we will use to demonstrate sign and verify"
+  std::string digestBase64 = "DU9EdhpwhJqnGnieD0qKYEz6e8QPKlOVpYZZro+XtI8=";
+  std::vector<uint8_t> digest = Azure::Core::Convert::Base64Decode(digestBase64);
 
   // Sign and Verify from digest
   SignResult rsaSignResult = rsaCryptoClient.Sign(SignatureAlgorithm::RS256, digest);

sdk/keyvault/azure-security-keyvault-keys/test/ut/key_cryptographic_client_test_live.cpp

@@ -7,7 +7,7 @@
 
 #include "gtest/gtest.h"
 
-#include <azure/keyvault/common/sha.hpp>
+#include <azure/keyvault/common/internal/sha.hpp>
 
 #include "key_client_base_test.hpp"
 
@@ -94,7 +94,7 @@ TEST_P(KeyVaultClientTest, RemoteSignVerifyRSA256)
 
   // RS256
   {
-    Azure::Security::KeyVault::SHA256 sha256;
+    Azure::Security::KeyVault::_internal::SHA256 sha256;
     auto signatureAlgorithm = SignatureAlgorithm::RS256;
     std::vector<uint8_t> digest
         = sha256.Final(reinterpret_cast<const uint8_t*>(digestSource.data()), digestSource.size());
@@ -112,7 +112,7 @@ TEST_P(KeyVaultClientTest, RemoteSignVerifyRSA256)
 
   // PS256
   {
-    Azure::Security::KeyVault::SHA256 sha256;
+    Azure::Security::KeyVault::_internal::SHA256 sha256;
     auto signatureAlgorithm = SignatureAlgorithm::PS256;
     std::vector<uint8_t> digest
         = sha256.Final(reinterpret_cast<const uint8_t*>(digestSource.data()), digestSource.size());
@@ -142,7 +142,7 @@ TEST_F(KeyVaultClientTest, RemoteSignVerifyES256)
     auto ecKey = keyClient.CreateEcKey(ecKeyOptions).Value;
     CryptographyClient cryptoClient(ecKey.Id(), m_credential);
 
-    Azure::Security::KeyVault::SHA256 sha256;
+    Azure::Security::KeyVault::_internal::SHA256 sha256;
     auto signatureAlgorithm = SignatureAlgorithm::ES256;
     std::vector<uint8_t> digest
         = sha256.Final(reinterpret_cast<const uint8_t*>(digestSource.data()), digestSource.size());
@@ -165,7 +165,7 @@ TEST_F(KeyVaultClientTest, RemoteSignVerifyES256)
     auto ecKey = keyClient.CreateEcKey(ecKeyOptions).Value;
     CryptographyClient cryptoClient(ecKey.Id(), m_credential);
 
-    Azure::Security::KeyVault::SHA256 sha256;
+    Azure::Security::KeyVault::_internal::SHA256 sha256;
     auto signatureAlgorithm = SignatureAlgorithm::ES256K;
     std::vector<uint8_t> digest
         = sha256.Final(reinterpret_cast<const uint8_t*>(digestSource.data()), digestSource.size());
@@ -198,7 +198,7 @@ TEST_P(KeyVaultClientTest, RemoteSignVerifyRSA384)
 
   // RS384
   {
-    Azure::Security::KeyVault::SHA384 sha384;
+    Azure::Security::KeyVault::_internal::SHA384 sha384;
     auto signatureAlgorithm = SignatureAlgorithm::RS384;
     std::vector<uint8_t> digest
         = sha384.Final(reinterpret_cast<const uint8_t*>(digestSource.data()), digestSource.size());
@@ -216,7 +216,7 @@ TEST_P(KeyVaultClientTest, RemoteSignVerifyRSA384)
 
   // PS384
   {
-    Azure::Security::KeyVault::SHA384 sha384;
+    Azure::Security::KeyVault::_internal::SHA384 sha384;
     auto signatureAlgorithm = SignatureAlgorithm::PS384;
     std::vector<uint8_t> digest
         = sha384.Final(reinterpret_cast<const uint8_t*>(digestSource.data()), digestSource.size());