From e51e693640518d918fbddb399d2e0532a3ff1870 Mon Sep 17 00:00:00 2001 From: Ahson Khan Date: Wed, 30 Jun 2021 18:14:11 -0700 Subject: [PATCH] Move the SHA256, 384, and 512 Hash implementations to be internal. (#2523) * Move the SHA256, 384, and 512 Hash implementations to be internal. * Update changelog and add back missing file. * Update samples to not use the SHA256 API since it is internal now. --- .../azure-security-keyvault-common/CHANGELOG.md | 2 ++ .../CMakeLists.txt | 2 +- .../azure/keyvault/common/{ => internal}/sha.hpp | 4 ++-- .../azure-security-keyvault-common/src/sha.cpp | 14 +++++++------- .../test/ut/sha_test.cpp | 4 ++-- .../samples/sample5_sign_verify.md | 16 +++++++--------- .../src/cryptography/signature_algorithm.cpp | 8 ++++---- .../sample5-sign-verify/sample5_sign_verify.cpp | 16 +++++++--------- .../ut/key_cryptographic_client_test_live.cpp | 14 +++++++------- 9 files changed, 39 insertions(+), 41 deletions(-) rename sdk/keyvault/azure-security-keyvault-common/inc/azure/keyvault/common/{ => internal}/sha.hpp (97%) diff --git a/sdk/keyvault/azure-security-keyvault-common/CHANGELOG.md b/sdk/keyvault/azure-security-keyvault-common/CHANGELOG.md index 4110ab13e..1939fc7b2 100644 --- a/sdk/keyvault/azure-security-keyvault-common/CHANGELOG.md +++ b/sdk/keyvault/azure-security-keyvault-common/CHANGELOG.md @@ -6,6 +6,8 @@ ### Breaking Changes +- Removed `SHA256`, `SHA384`, and `SHA512` hashing classes by making them internal since the end user doesn't need them. + ### Key Bugs Fixed ### Fixed diff --git a/sdk/keyvault/azure-security-keyvault-common/CMakeLists.txt b/sdk/keyvault/azure-security-keyvault-common/CMakeLists.txt index d13ad8a18..5567b7a46 100644 --- a/sdk/keyvault/azure-security-keyvault-common/CMakeLists.txt +++ b/sdk/keyvault/azure-security-keyvault-common/CMakeLists.txt @@ -32,7 +32,7 @@ set( inc/azure/keyvault/common/internal/keyvault_pipeline.hpp inc/azure/keyvault/common/internal/single_page.hpp inc/azure/keyvault/common/internal/keyvault_exception.hpp - inc/azure/keyvault/common/sha.hpp + inc/azure/keyvault/common/internal/sha.hpp ) set( diff --git a/sdk/keyvault/azure-security-keyvault-common/inc/azure/keyvault/common/sha.hpp b/sdk/keyvault/azure-security-keyvault-common/inc/azure/keyvault/common/internal/sha.hpp similarity index 97% rename from sdk/keyvault/azure-security-keyvault-common/inc/azure/keyvault/common/sha.hpp rename to sdk/keyvault/azure-security-keyvault-common/inc/azure/keyvault/common/internal/sha.hpp index bde62b5d4..1e2a6ed32 100644 --- a/sdk/keyvault/azure-security-keyvault-common/inc/azure/keyvault/common/sha.hpp +++ b/sdk/keyvault/azure-security-keyvault-common/inc/azure/keyvault/common/internal/sha.hpp @@ -15,7 +15,7 @@ #include #include -namespace Azure { namespace Security { namespace KeyVault { +namespace Azure { namespace Security { namespace KeyVault { namespace _internal { /** * @brief Defines #SHA256. @@ -173,4 +173,4 @@ namespace Azure { namespace Security { namespace KeyVault { } }; -}}} // namespace Azure::Security::KeyVault +}}}} // namespace Azure::Security::KeyVault::_internal diff --git a/sdk/keyvault/azure-security-keyvault-common/src/sha.cpp b/sdk/keyvault/azure-security-keyvault-common/src/sha.cpp index a7e4425d7..5c48cb3a3 100644 --- a/sdk/keyvault/azure-security-keyvault-common/src/sha.cpp +++ b/sdk/keyvault/azure-security-keyvault-common/src/sha.cpp @@ -12,7 +12,7 @@ #include #endif -#include "azure/keyvault/common/sha.hpp" +#include "azure/keyvault/common/internal/sha.hpp" #include #include @@ -97,17 +97,17 @@ public: } // namespace -Azure::Security::KeyVault::SHA256::SHA256() +Azure::Security::KeyVault::_internal::SHA256::SHA256() : m_portableImplementation(std::make_unique(SHASize::SHA256)) { } -Azure::Security::KeyVault::SHA384::SHA384() +Azure::Security::KeyVault::_internal::SHA384::SHA384() : m_portableImplementation(std::make_unique(SHASize::SHA384)) { } -Azure::Security::KeyVault::SHA512::SHA512() +Azure::Security::KeyVault::_internal::SHA512::SHA512() : m_portableImplementation(std::make_unique(SHASize::SHA512)) { } @@ -222,17 +222,17 @@ public: } // namespace -Azure::Security::KeyVault::SHA256::SHA256() +Azure::Security::KeyVault::_internal::SHA256::SHA256() : m_portableImplementation(std::make_unique(BCRYPT_SHA256_ALGORITHM)) { } -Azure::Security::KeyVault::SHA384::SHA384() +Azure::Security::KeyVault::_internal::SHA384::SHA384() : m_portableImplementation(std::make_unique(BCRYPT_SHA384_ALGORITHM)) { } -Azure::Security::KeyVault::SHA512::SHA512() +Azure::Security::KeyVault::_internal::SHA512::SHA512() : m_portableImplementation(std::make_unique(BCRYPT_SHA512_ALGORITHM)) { } diff --git a/sdk/keyvault/azure-security-keyvault-common/test/ut/sha_test.cpp b/sdk/keyvault/azure-security-keyvault-common/test/ut/sha_test.cpp index 64bfabcdf..d40a42388 100644 --- a/sdk/keyvault/azure-security-keyvault-common/test/ut/sha_test.cpp +++ b/sdk/keyvault/azure-security-keyvault-common/test/ut/sha_test.cpp @@ -3,9 +3,9 @@ #include "gtest/gtest.h" -#include "azure/keyvault/common/sha.hpp" +#include "azure/keyvault/common/internal/sha.hpp" -using namespace Azure::Security::KeyVault; +using namespace Azure::Security::KeyVault::_internal; TEST(SHA, SHA256Test) { diff --git a/sdk/keyvault/azure-security-keyvault-keys/samples/sample5_sign_verify.md b/sdk/keyvault/azure-security-keyvault-keys/samples/sample5_sign_verify.md index ceaf254f3..17eda993f 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/samples/sample5_sign_verify.md +++ b/sdk/keyvault/azure-security-keyvault-keys/samples/sample5_sign_verify.md @@ -63,15 +63,13 @@ The `Sign` and `Verify` methods expect a precalculated digest, and the digest ne SHA256 is the hash algorithm used for both RS256 and ES256K which are the algorithms we'll be using in this sample. ```cpp -uint8_t const dataSource[] - = "This is some sample data which we will use to demonstrate sign and verify"; -std::vector data(std::begin(dataSource), std::end(dataSource)); -std::vector digest; - -{ - Azure::Security::KeyVault::SHA256 hashAlgo; - digest = hashAlgo.Final(data.data(), data.size()); -} +// digestBase64 simulates some text data that has been hashed using the SHA256 algorithm +// and then base 64 encoded. It is not relevant for the sample how to create the SHA256 +// hashed digest. +// Example input data source for the digest: +// "This is some sample data which we will use to demonstrate sign and verify" +std::string digestBase64 = "DU9EdhpwhJqnGnieD0qKYEz6e8QPKlOVpYZZro+XtI8="; +std::vector digest = Azure::Core::Convert::Base64Decode(digestBase64); // Sign and Verify from digest SignResult rsaSignResult = rsaCryptoClient.Sign(SignatureAlgorithm::RS256, digest); diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/cryptography/signature_algorithm.cpp b/sdk/keyvault/azure-security-keyvault-keys/src/cryptography/signature_algorithm.cpp index 23353a061..e774077a5 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/src/cryptography/signature_algorithm.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/src/cryptography/signature_algorithm.cpp @@ -1,7 +1,7 @@ // Copyright (c) Microsoft Corporation. All rights reserved. // SPDX-License-Identifier: MIT -#include +#include #include "../private/key_constants.hpp" #include "azure/keyvault/keys/cryptography/signature_algorithm.hpp" @@ -28,19 +28,19 @@ namespace Azure { if (*this == SignatureAlgorithm::RS256 || *this == SignatureAlgorithm::PS256 || *this == SignatureAlgorithm::ES256 || *this == SignatureAlgorithm::ES256K) { - return std::make_unique(); + return std::make_unique<_internal::SHA256>(); } if (*this == SignatureAlgorithm::RS384 || *this == SignatureAlgorithm::PS384 || *this == SignatureAlgorithm::ES384) { - return std::make_unique(); + return std::make_unique<_internal::SHA384>(); } if (*this == SignatureAlgorithm::RS512 || *this == SignatureAlgorithm::PS512 || *this == SignatureAlgorithm::ES512) { - return std::make_unique(); + return std::make_unique<_internal::SHA512>(); } throw std::runtime_error("Unkown Hash algorithm for: " + m_value); } diff --git a/sdk/keyvault/azure-security-keyvault-keys/test/samples/sample5-sign-verify/sample5_sign_verify.cpp b/sdk/keyvault/azure-security-keyvault-keys/test/samples/sample5-sign-verify/sample5_sign_verify.cpp index 0fa9650cf..8b617d6ab 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/test/samples/sample5-sign-verify/sample5_sign_verify.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/test/samples/sample5-sign-verify/sample5_sign_verify.cpp @@ -60,15 +60,13 @@ int main() CryptographyClient ecCryptoClient(cloudEcKey.Id(), credential); - uint8_t const dataSource[] - = "This is some sample data which we will use to demonstrate sign and verify"; - std::vector data(std::begin(dataSource), std::end(dataSource)); - std::vector digest; - - { - Azure::Security::KeyVault::SHA256 hashAlgo; - digest = hashAlgo.Final(data.data(), data.size()); - } + // digestBase64 simulates some text data that has been hashed using the SHA256 algorithm + // and then base 64 encoded. It is not relevant for the sample how to create the SHA256 + // hashed digest. + // Example input data source for the digest: + // "This is some sample data which we will use to demonstrate sign and verify" + std::string digestBase64 = "DU9EdhpwhJqnGnieD0qKYEz6e8QPKlOVpYZZro+XtI8="; + std::vector digest = Azure::Core::Convert::Base64Decode(digestBase64); // Sign and Verify from digest SignResult rsaSignResult = rsaCryptoClient.Sign(SignatureAlgorithm::RS256, digest); diff --git a/sdk/keyvault/azure-security-keyvault-keys/test/ut/key_cryptographic_client_test_live.cpp b/sdk/keyvault/azure-security-keyvault-keys/test/ut/key_cryptographic_client_test_live.cpp index e4a888f92..2a453217b 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/test/ut/key_cryptographic_client_test_live.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/test/ut/key_cryptographic_client_test_live.cpp @@ -7,7 +7,7 @@ #include "gtest/gtest.h" -#include +#include #include "key_client_base_test.hpp" @@ -94,7 +94,7 @@ TEST_P(KeyVaultClientTest, RemoteSignVerifyRSA256) // RS256 { - Azure::Security::KeyVault::SHA256 sha256; + Azure::Security::KeyVault::_internal::SHA256 sha256; auto signatureAlgorithm = SignatureAlgorithm::RS256; std::vector digest = sha256.Final(reinterpret_cast(digestSource.data()), digestSource.size()); @@ -112,7 +112,7 @@ TEST_P(KeyVaultClientTest, RemoteSignVerifyRSA256) // PS256 { - Azure::Security::KeyVault::SHA256 sha256; + Azure::Security::KeyVault::_internal::SHA256 sha256; auto signatureAlgorithm = SignatureAlgorithm::PS256; std::vector digest = sha256.Final(reinterpret_cast(digestSource.data()), digestSource.size()); @@ -142,7 +142,7 @@ TEST_F(KeyVaultClientTest, RemoteSignVerifyES256) auto ecKey = keyClient.CreateEcKey(ecKeyOptions).Value; CryptographyClient cryptoClient(ecKey.Id(), m_credential); - Azure::Security::KeyVault::SHA256 sha256; + Azure::Security::KeyVault::_internal::SHA256 sha256; auto signatureAlgorithm = SignatureAlgorithm::ES256; std::vector digest = sha256.Final(reinterpret_cast(digestSource.data()), digestSource.size()); @@ -165,7 +165,7 @@ TEST_F(KeyVaultClientTest, RemoteSignVerifyES256) auto ecKey = keyClient.CreateEcKey(ecKeyOptions).Value; CryptographyClient cryptoClient(ecKey.Id(), m_credential); - Azure::Security::KeyVault::SHA256 sha256; + Azure::Security::KeyVault::_internal::SHA256 sha256; auto signatureAlgorithm = SignatureAlgorithm::ES256K; std::vector digest = sha256.Final(reinterpret_cast(digestSource.data()), digestSource.size()); @@ -198,7 +198,7 @@ TEST_P(KeyVaultClientTest, RemoteSignVerifyRSA384) // RS384 { - Azure::Security::KeyVault::SHA384 sha384; + Azure::Security::KeyVault::_internal::SHA384 sha384; auto signatureAlgorithm = SignatureAlgorithm::RS384; std::vector digest = sha384.Final(reinterpret_cast(digestSource.data()), digestSource.size()); @@ -216,7 +216,7 @@ TEST_P(KeyVaultClientTest, RemoteSignVerifyRSA384) // PS384 { - Azure::Security::KeyVault::SHA384 sha384; + Azure::Security::KeyVault::_internal::SHA384 sha384; auto signatureAlgorithm = SignatureAlgorithm::PS384; std::vector digest = sha384.Final(reinterpret_cast(digestSource.data()), digestSource.size());