Skip to content

L
libvmod-ece
Commit 7b322013 authored by Geoff Simmons's avatar Geoff Simmons
Browse files
Options

Whitespace OCD

parent 23a3dae7
Hide whitespace changes
Inline Side-by-side
Showing with 108 additions and 108 deletions
src/Makefile.am
View file @ 7b322013
AUTOMAKE_OPTIONS = subdir-objects
AM_CFLAGS = $(VARNISHAPI_CFLAGS) @CRYPTO_CFLAGS@ -Wall -Werror -Wextra -std=c99
AM_CFLAGS = $(VARNISHAPI_CFLAGS) @CRYPTO_CFLAGS@ -Wall -Werror -Wextra -std=c99
AM_LDFLAGS = $(VARNISHAPI_LIBS) @CRYPTO_LIBS@ -ldl
EXTRA_DIST = \
......
src/rfc8188.c
View file @ 7b322013
......@@ -56,8 +56,8 @@ static const int aad_len = 0;
static inline void
mk_error(char *buf)
{
snprintf(buf, ERRMSG_LEN, "%s",
ERR_error_string(ERR_get_error(), NULL));
snprintf(buf, ERRMSG_LEN, "%s",
ERR_error_string(ERR_get_error(), NULL));
}
/* ch 2.2 pseudorandom key */
......@@ -66,13 +66,13 @@ derive_prk(uint8_t *salt, uint8_t *key, unsigned char *prk, char *errmsg)
{
unsigned len;
AN(salt);
AN(key);
AN(prk);
AN(errmsg);
AN(salt);
AN(key);
AN(prk);
AN(errmsg);
if (HMAC(EVP_sha256(), salt, SALT_LEN, key, AES128_KEYLEN, prk, &len)
== NULL) {
if (HMAC(EVP_sha256(), salt, SALT_LEN, key, AES128_KEYLEN, prk, &len)
== NULL) {
mk_error(errmsg);
return (-1);
}
......@@ -87,12 +87,12 @@ derive_cek(unsigned char *prk, unsigned char *cek, char *errmsg)
{
unsigned len;
AN(prk);
AN(cek);
AN(errmsg);
AN(prk);
AN(cek);
AN(errmsg);
if (HMAC(EVP_sha256(), prk, SHA256_LEN, cek_info, cek_info_len, cek,
&len) == NULL) {
if (HMAC(EVP_sha256(), prk, SHA256_LEN, cek_info, cek_info_len, cek,
&len) == NULL) {
mk_error(errmsg);
return (-1);
}
......@@ -107,8 +107,8 @@ derive_prenonce(unsigned char *prk, unsigned char *prenonce, char *errmsg)
{
unsigned len;
if (HMAC(EVP_sha256(), prk, SHA256_LEN, nonce_info, nonce_info_len,
prenonce, &len) == NULL) {
if (HMAC(EVP_sha256(), prk, SHA256_LEN, nonce_info, nonce_info_len,
prenonce, &len) == NULL) {
mk_error(errmsg);
return (-1);
}
......@@ -120,43 +120,43 @@ derive_prenonce(unsigned char *prk, unsigned char *prenonce, char *errmsg)
static EVP_CIPHER_CTX *
cipher_ctx_params(EVP_CIPHER_CTX *ctx, int enc, char *errmsg)
{
AN(ctx);
AN(errmsg);
AN(ctx);
AN(errmsg);
(void)EVP_CIPHER_CTX_set_padding(ctx, 0);
if (EVP_CipherInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL, enc)
!= 1) {
!= 1) {
mk_error(errmsg);
return (NULL);
}
return ctx;
return ctx;
}
EVP_CIPHER_CTX *
cipher_ctx_init(int enc, char *errmsg)
{
EVP_CIPHER_CTX *ctx;
EVP_CIPHER_CTX *ctx;
AN(errmsg);
AN(errmsg);
if ((ctx = EVP_CIPHER_CTX_new()) == NULL) {
if ((ctx = EVP_CIPHER_CTX_new()) == NULL) {
mk_error(errmsg);
return (NULL);
}
return cipher_ctx_params(ctx, enc, errmsg);
return (NULL);
}
return cipher_ctx_params(ctx, enc, errmsg);
}
EVP_CIPHER_CTX *
cipher_ctx_reset(EVP_CIPHER_CTX *ctx, int enc, char *errmsg)
{
AN(ctx);
AN(errmsg);
AN(ctx);
AN(errmsg);
if (EVP_CIPHER_CTX_reset(ctx) != 1) {
if (EVP_CIPHER_CTX_reset(ctx) != 1) {
mk_error(errmsg);
return (NULL);
}
return cipher_ctx_params(ctx, enc, errmsg);
return (NULL);
}
return cipher_ctx_params(ctx, enc, errmsg);
}
ssize_t
......@@ -167,13 +167,13 @@ decrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *ciphertext,
int len, plaintext_len;
unsigned char *end = NULL;
AN(ctx);
AN(ciphertext);
AN(cek);
AN(nonce);
AN(plaintext);
AN(last);
AN(errmsg);
AN(ctx);
AN(ciphertext);
AN(cek);
AN(nonce);
AN(plaintext);
AN(last);
AN(errmsg);
if (EVP_CipherInit_ex(ctx, EVP_aes_128_gcm(), NULL, cek, nonce, 0)
!= 1) {
......@@ -222,7 +222,7 @@ decrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *ciphertext,
}
}
if (*last == -1) {
snprintf(errmsg, ERRMSG_LEN, "No delimiter found");
snprintf(errmsg, ERRMSG_LEN, "No delimiter found");
return (-1);
}
......
src/rfc8188.h
View file @ 7b322013
......@@ -55,9 +55,9 @@
static inline uint32_t
be32dec(const void *pp)
{
uint8_t const *p = (uint8_t const *)pp;
uint8_t const *p = (uint8_t const *)pp;
return (((unsigned)p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
return (((unsigned)p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
}
/*
......@@ -125,7 +125,7 @@ EVP_CIPHER_CTX * cipher_ctx_reset(EVP_CIPHER_CTX *ctx, int enc,
static inline void
cipher_ctx_fini(EVP_CIPHER_CTX *ctx)
{
EVP_CIPHER_CTX_free(ctx);
EVP_CIPHER_CTX_free(ctx);
}
/*
......
src/rfc8188_test.c
View file @ 7b322013
......@@ -63,11 +63,11 @@ static const int exp_plaintext_len = 15;
/* 1st example in ch 3.1 */
static const unsigned char body1_b64[] =
"I1BsxtFttlv3u/Oo94xnmwAAEAAA+NAVub2qFgBEuQKRapoZu+IxkIva3MEB1PD+ly8Thjg=",
key1_b64[] = "yqdlZ+tYemfogSmv7Ws5PQ==",
salt_b64[] = "I1BsxtFttlv3u/Oo94xnmw==",
prk1_b64[] = "zyeH5phsIsgUyd4oiSEIy35x+gIi4aM7y0hCF8mwn9g=",
cek1_b64[] = "/wniytB+ofscZDh4tbSjHw==",
nonce1_b64[] = "Bcs8gkIRKLI8GeI8";
key1_b64[] = "yqdlZ+tYemfogSmv7Ws5PQ==",
salt_b64[] = "I1BsxtFttlv3u/Oo94xnmw==",
prk1_b64[] = "zyeH5phsIsgUyd4oiSEIy35x+gIi4aM7y0hCF8mwn9g=",
cek1_b64[] = "/wniytB+ofscZDh4tbSjHw==",
nonce1_b64[] = "Bcs8gkIRKLI8GeI8";
static const int bodylen1 = 53;
static const uint32_t exp_rs1 = 4096;
static const uint8_t exp_idlen1 = 0;
......@@ -75,29 +75,29 @@ static const uint8_t exp_idlen1 = 0;
/* 2nd example in ch 3.2 */
const unsigned char body2_b64[] =
"uNCkWiNYzKTnBN9ji3+qWAAAABkCYTHOG8chz/gnvgOqdGYovxyjuqRyJFjEDyoF1Fvkj6hQPdPHI51OEUKEpgz3SsLWIqS/uA==",
key2_b64[] = "BO3ZVPxUlnLORbVGMpbT1Q==",
exp_keyid2[] = "a1";
key2_b64[] = "BO3ZVPxUlnLORbVGMpbT1Q==",
exp_keyid2[] = "a1";
static const uint32_t exp_rs2 = 25;
static const uint8_t exp_idlen2 = 2;
int
main(int argc, char *argv[])
{
EVP_CIPHER_CTX *ctx;
EVP_CIPHER_CTX *ctx;
unsigned char prk_b64[45], cek_b64[25], nonce_b64[17];
unsigned char key1[AES128_KEYLEN + 2], key2[AES128_KEYLEN + 2],
salt[SALT_LEN + 2], prk[SHA256_LEN], cek[SHA256_LEN],
nonce[SHA256_LEN], seq[NONCE_LEN];
salt[SALT_LEN + 2], prk[SHA256_LEN], cek[SHA256_LEN],
nonce[SHA256_LEN], seq[NONCE_LEN];
unsigned char body1[54], body2[75], plaintext[64], *ciphertext;
char errmsg[ERRMSG_LEN];
char errmsg[ERRMSG_LEN];
uint32_t rs;
uint8_t idlen;
int len, last, plaintext_len;
(void)argc;
(void)argv;
(void)argc;
(void)argv;
/* example 1, ch 3.1 */
/* example 1, ch 3.1 */
len = EVP_DecodeBlock(key1, key1_b64, sizeof(key1_b64) - 1);
assert(len == AES128_KEYLEN + 2);
......@@ -105,32 +105,32 @@ main(int argc, char *argv[])
assert(len == SALT_LEN + 2);
if (derive_prk(salt, key1, prk, errmsg) != 0) {
fprintf(stderr, "ex1 PRK: %s\n", errmsg);
fprintf(stderr, "ex1 PRK: %s\n", errmsg);
exit(-1);
}
}
len = EVP_EncodeBlock(prk_b64, prk, SHA256_LEN);
assert(len == 44);
AZ(memcmp(prk_b64, prk1_b64, len));
AZ(memcmp(prk_b64, prk1_b64, len));
if (derive_cek(prk, cek, errmsg) != 0) {
fprintf(stderr, "ex1 CEK: %s\n", errmsg);
fprintf(stderr, "ex1 CEK: %s\n", errmsg);
exit(-1);
}
}
len = EVP_EncodeBlock(cek_b64, cek, AES128_KEYLEN);
assert(len == 24);
AZ(memcmp(cek_b64, cek1_b64, len));
AZ(memcmp(cek_b64, cek1_b64, len));
memset(seq, 0, NONCE_LEN);
if (derive_prenonce(prk, nonce, errmsg) != 0) {
fprintf(stderr, "ex1 NONCE: %s\n", errmsg);
fprintf(stderr, "ex1 NONCE: %s\n", errmsg);
exit(-1);
}
}
len = EVP_EncodeBlock(nonce_b64, nonce, NONCE_LEN);
assert(len == 16);
AZ(memcmp(nonce_b64, nonce1_b64, len));
AZ(memcmp(nonce_b64, nonce1_b64, len));
len = EVP_DecodeBlock(body1, body1_b64, sizeof(body1_b64) - 1);
assert(len == 54);
......@@ -141,30 +141,30 @@ main(int argc, char *argv[])
assert(rs == exp_rs1);
assert(idlen == exp_idlen1);
if ((ctx = cipher_ctx_init(0, errmsg)) == NULL) {
fprintf(stderr, "ex1: cipher_ctx_init: %s\n", errmsg);
if ((ctx = cipher_ctx_init(0, errmsg)) == NULL) {
fprintf(stderr, "ex1: cipher_ctx_init: %s\n", errmsg);
exit(-1);
}
}
/* bodylen < rs, so we compute ciphertext_len and tag specially */
ciphertext = body1 + HDR_PREFIX_LEN + idlen;
len = decrypt_record(ctx, ciphertext,
bodylen1 - (HDR_PREFIX_LEN + idlen) - TAG_LEN,
body1 + (bodylen1 - TAG_LEN), cek, nonce, plaintext, &last, errmsg);
if (len < 0) {
fprintf(stderr, "ex1 decrypt_record: %s\n", errmsg);
bodylen1 - (HDR_PREFIX_LEN + idlen) - TAG_LEN,
body1 + (bodylen1 - TAG_LEN), cek, nonce, plaintext, &last, errmsg);
if (len < 0) {
fprintf(stderr, "ex1 decrypt_record: %s\n", errmsg);
exit(-1);
}
assert(len == exp_plaintext_len);
AN(last);
AZ(memcmp(plaintext, exp_plaintext, len));
}
assert(len == exp_plaintext_len);
AN(last);
AZ(memcmp(plaintext, exp_plaintext, len));
/* example 2, ch 3.2 */
/* example 2, ch 3.2 */
if ((ctx = cipher_ctx_reset(ctx, 0, errmsg)) == NULL) {
fprintf(stderr, "ex2: cipher_ctx_reset: %s\n", errmsg);
if ((ctx = cipher_ctx_reset(ctx, 0, errmsg)) == NULL) {
fprintf(stderr, "ex2: cipher_ctx_reset: %s\n", errmsg);
exit(-1);
}
}
len = EVP_DecodeBlock(key2, key2_b64, sizeof(key2_b64) - 1);
assert(len == AES128_KEYLEN + 2);
......@@ -172,51 +172,51 @@ main(int argc, char *argv[])
assert(len == 75);
decode_header(body2, &rs, &idlen);
assert(rs == exp_rs2);
assert(idlen = exp_idlen2);
AZ(memcmp(&body2[HDR_PREFIX_LEN], exp_keyid2, idlen));
assert(rs == exp_rs2);
assert(idlen = exp_idlen2);
AZ(memcmp(&body2[HDR_PREFIX_LEN], exp_keyid2, idlen));
if (derive_prk(body2, key2, prk, errmsg) != 0) {
fprintf(stderr, "ex2 PRK: %s\n", errmsg);
fprintf(stderr, "ex2 PRK: %s\n", errmsg);
exit(-1);
}
}
if (derive_cek(prk, cek, errmsg) != 0) {
fprintf(stderr, "ex2 CEK: %s\n", errmsg);
fprintf(stderr, "ex2 CEK: %s\n", errmsg);
exit(-1);
}
}
if (derive_prenonce(prk, nonce, errmsg) != 0) {
fprintf(stderr, "ex2 NONCE: %s\n", errmsg);
fprintf(stderr, "ex2 NONCE: %s\n", errmsg);
exit(-1);
}
}
/* First record */
/* First record */
ciphertext = body2 + HDR_PREFIX_LEN + idlen;
len = decrypt_record(ctx, ciphertext, rs - TAG_LEN,
ciphertext + (rs - TAG_LEN), cek, nonce, plaintext, &last, errmsg);
if (len < 0) {
fprintf(stderr, "ex2 1st record decrypt_record: %s\n", errmsg);
ciphertext + (rs - TAG_LEN), cek, nonce, plaintext, &last, errmsg);
if (len < 0) {
fprintf(stderr, "ex2 1st record decrypt_record: %s\n", errmsg);
exit(-1);
}
AZ(last);
plaintext_len = len;
}
AZ(last);
plaintext_len = len;
/* Second record */
/* Second record */
seq[NONCE_LEN - 1] = 1; // simulates increment
for (int i = 0; i < NONCE_LEN; i++)
nonce[i] ^= seq[i];
ciphertext += rs;
len = decrypt_record(ctx, ciphertext, rs - TAG_LEN,
ciphertext + (rs - TAG_LEN), cek, nonce, plaintext + plaintext_len,
&last, errmsg);
if (len < 0) {
fprintf(stderr, "ex2 2st record decrypt_record: %s\n", errmsg);
ciphertext + (rs - TAG_LEN), cek, nonce, plaintext + plaintext_len,
&last, errmsg);
if (len < 0) {
fprintf(stderr, "ex2 2st record decrypt_record: %s\n", errmsg);
exit(-1);
}
AN(last);
plaintext_len += len;
AZ(memcmp(plaintext, exp_plaintext, len));
}
AN(last);
plaintext_len += len;
AZ(memcmp(plaintext, exp_plaintext, len));
cipher_ctx_fini(ctx);
exit(0);
cipher_ctx_fini(ctx);
exit(0);
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment