Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
libvmod-ece
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
uplex-varnish
libvmod-ece
Commits
2c41b773
Commit
2c41b773
authored
Sep 13, 2019
by
Geoff Simmons
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add KEY_Wipe(), and use it for secret keys, CEKs and PRKs.
parent
84a0cffa
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
15 additions
and
5 deletions
+15
-5
keys.c
src/keys.c
+12
-4
keys.h
src/keys.h
+1
-0
vfp.c
src/vfp.c
+2
-1
No files found.
src/keys.c
View file @
2c41b773
...
...
@@ -227,6 +227,16 @@ wipe(void * const dst, size_t len, uint8_t val)
}
}
void
KEY_Wipe
(
void
*
const
key
)
{
AN
(
key
);
wipe
(
key
,
AES128_KEYLEN
,
0xff
);
wipe
(
key
,
AES128_KEYLEN
,
0xaa
);
wipe
(
key
,
AES128_KEYLEN
,
0x55
);
wipe
(
key
,
AES128_KEYLEN
,
0x00
);
}
/*
* wipe all the keys, destroy the rwlocks, de-allocate the free list,
* de-allocate the key pages
...
...
@@ -247,10 +257,8 @@ KEY_Fini(void)
key
=
VRBT_ROOT
(
tree_h
);
while
(
key
!=
NULL
)
{
CHECK_OBJ
(
key
,
KEY_MAGIC
);
wipe
(
key
->
key
,
16
,
0xff
);
wipe
(
key
->
key
,
16
,
0xaa
);
wipe
(
key
->
key
,
16
,
0x55
);
wipe
(
key
->
key
,
16
,
0x00
);
AN
(
key
->
key
);
KEY_Wipe
(
key
->
key
);
nxt_k
=
VRBT_NEXT
(
key_tree
,
tree_h
,
key
);
VRBT_REMOVE
(
key_tree
,
tree_h
,
key
);
FREE_OBJ
(
key
);
...
...
src/keys.h
View file @
2c41b773
...
...
@@ -38,3 +38,4 @@ void KEY_Rdlock(uint8_t idlen);
void
KEY_Unlock
(
uint8_t
idlen
);
uint8_t
*
KEY_Get
(
uint8_t
*
id
,
uint8_t
idlen
);
int
KEY_Set
(
VRT_CTX
,
uint8_t
*
id
,
uint8_t
idlen
,
const
uint8_t
*
key
);
void
KEY_Wipe
(
void
*
const
key
);
src/vfp.c
View file @
2c41b773
...
...
@@ -272,6 +272,7 @@ crypto_init(struct vfp_ctx *ctx, struct ece_crypto *crypto, uint8_t *salt,
||
derive_prenonce
(
prk
,
prenonce
,
errmsg
)
!=
0
)
return
(
VERR_DEC
(
ctx
,
"%s"
,
errmsg
));
KEY_Wipe
(
prk
);
crypto
->
prenonce_hi
=
vbe32dec
(
prenonce
);
crypto
->
prenonce_lo
=
vbe64dec
(
prenonce
+
4
);
memcpy
(
crypto
->
cek
,
cek
,
AES128_KEYLEN
);
...
...
@@ -388,8 +389,8 @@ vfp_common_fini(struct vfp_ctx *ctx, struct vfp_entry *ent)
if
(
ece
->
buf
!=
NULL
)
free
(
ece
->
buf
);
if
(
ece
->
crypto
!=
NULL
)
{
/* XXX wipe the cek */
CHECK_OBJ
(
ece
->
crypto
,
ECE_CRYPTO_MAGIC
);
KEY_Wipe
(
ece
->
crypto
->
cek
);
FREE_OBJ
(
ece
->
crypto
);
}
if
(
ece
->
stream
!=
NULL
)
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment