Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
libvmod-ece
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
uplex-varnish
libvmod-ece
Commits
7b322013
Commit
7b322013
authored
Sep 04, 2019
by
Geoff Simmons
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Whitespace OCD
parent
23a3dae7
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
108 additions
and
108 deletions
+108
-108
Makefile.am
src/Makefile.am
+1
-1
rfc8188.c
src/rfc8188.c
+39
-39
rfc8188.h
src/rfc8188.h
+3
-3
rfc8188_test.c
src/rfc8188_test.c
+65
-65
No files found.
src/Makefile.am
View file @
7b322013
AUTOMAKE_OPTIONS
=
subdir-objects
AM_CFLAGS
=
$(VARNISHAPI_CFLAGS)
@CRYPTO_CFLAGS@
-Wall
-Werror
-Wextra
-std
=
c99
AM_CFLAGS
=
$(VARNISHAPI_CFLAGS)
@CRYPTO_CFLAGS@
-Wall
-Werror
-Wextra
-std
=
c99
AM_LDFLAGS
=
$(VARNISHAPI_LIBS)
@CRYPTO_LIBS@
-ldl
EXTRA_DIST
=
\
...
...
src/rfc8188.c
View file @
7b322013
...
...
@@ -56,8 +56,8 @@ static const int aad_len = 0;
static
inline
void
mk_error
(
char
*
buf
)
{
snprintf
(
buf
,
ERRMSG_LEN
,
"%s"
,
ERR_error_string
(
ERR_get_error
(),
NULL
));
snprintf
(
buf
,
ERRMSG_LEN
,
"%s"
,
ERR_error_string
(
ERR_get_error
(),
NULL
));
}
/* ch 2.2 pseudorandom key */
...
...
@@ -66,13 +66,13 @@ derive_prk(uint8_t *salt, uint8_t *key, unsigned char *prk, char *errmsg)
{
unsigned
len
;
AN
(
salt
);
AN
(
key
);
AN
(
prk
);
AN
(
errmsg
);
AN
(
salt
);
AN
(
key
);
AN
(
prk
);
AN
(
errmsg
);
if
(
HMAC
(
EVP_sha256
(),
salt
,
SALT_LEN
,
key
,
AES128_KEYLEN
,
prk
,
&
len
)
==
NULL
)
{
if
(
HMAC
(
EVP_sha256
(),
salt
,
SALT_LEN
,
key
,
AES128_KEYLEN
,
prk
,
&
len
)
==
NULL
)
{
mk_error
(
errmsg
);
return
(
-
1
);
}
...
...
@@ -87,12 +87,12 @@ derive_cek(unsigned char *prk, unsigned char *cek, char *errmsg)
{
unsigned
len
;
AN
(
prk
);
AN
(
cek
);
AN
(
errmsg
);
AN
(
prk
);
AN
(
cek
);
AN
(
errmsg
);
if
(
HMAC
(
EVP_sha256
(),
prk
,
SHA256_LEN
,
cek_info
,
cek_info_len
,
cek
,
&
len
)
==
NULL
)
{
if
(
HMAC
(
EVP_sha256
(),
prk
,
SHA256_LEN
,
cek_info
,
cek_info_len
,
cek
,
&
len
)
==
NULL
)
{
mk_error
(
errmsg
);
return
(
-
1
);
}
...
...
@@ -107,8 +107,8 @@ derive_prenonce(unsigned char *prk, unsigned char *prenonce, char *errmsg)
{
unsigned
len
;
if
(
HMAC
(
EVP_sha256
(),
prk
,
SHA256_LEN
,
nonce_info
,
nonce_info_len
,
prenonce
,
&
len
)
==
NULL
)
{
if
(
HMAC
(
EVP_sha256
(),
prk
,
SHA256_LEN
,
nonce_info
,
nonce_info_len
,
prenonce
,
&
len
)
==
NULL
)
{
mk_error
(
errmsg
);
return
(
-
1
);
}
...
...
@@ -120,43 +120,43 @@ derive_prenonce(unsigned char *prk, unsigned char *prenonce, char *errmsg)
static
EVP_CIPHER_CTX
*
cipher_ctx_params
(
EVP_CIPHER_CTX
*
ctx
,
int
enc
,
char
*
errmsg
)
{
AN
(
ctx
);
AN
(
errmsg
);
AN
(
ctx
);
AN
(
errmsg
);
(
void
)
EVP_CIPHER_CTX_set_padding
(
ctx
,
0
);
if
(
EVP_CipherInit_ex
(
ctx
,
EVP_aes_128_gcm
(),
NULL
,
NULL
,
NULL
,
enc
)
!=
1
)
{
!=
1
)
{
mk_error
(
errmsg
);
return
(
NULL
);
}
return
ctx
;
return
ctx
;
}
EVP_CIPHER_CTX
*
cipher_ctx_init
(
int
enc
,
char
*
errmsg
)
{
EVP_CIPHER_CTX
*
ctx
;
EVP_CIPHER_CTX
*
ctx
;
AN
(
errmsg
);
AN
(
errmsg
);
if
((
ctx
=
EVP_CIPHER_CTX_new
())
==
NULL
)
{
if
((
ctx
=
EVP_CIPHER_CTX_new
())
==
NULL
)
{
mk_error
(
errmsg
);
return
(
NULL
);
}
return
cipher_ctx_params
(
ctx
,
enc
,
errmsg
);
return
(
NULL
);
}
return
cipher_ctx_params
(
ctx
,
enc
,
errmsg
);
}
EVP_CIPHER_CTX
*
cipher_ctx_reset
(
EVP_CIPHER_CTX
*
ctx
,
int
enc
,
char
*
errmsg
)
{
AN
(
ctx
);
AN
(
errmsg
);
AN
(
ctx
);
AN
(
errmsg
);
if
(
EVP_CIPHER_CTX_reset
(
ctx
)
!=
1
)
{
if
(
EVP_CIPHER_CTX_reset
(
ctx
)
!=
1
)
{
mk_error
(
errmsg
);
return
(
NULL
);
}
return
cipher_ctx_params
(
ctx
,
enc
,
errmsg
);
return
(
NULL
);
}
return
cipher_ctx_params
(
ctx
,
enc
,
errmsg
);
}
ssize_t
...
...
@@ -167,13 +167,13 @@ decrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *ciphertext,
int
len
,
plaintext_len
;
unsigned
char
*
end
=
NULL
;
AN
(
ctx
);
AN
(
ciphertext
);
AN
(
cek
);
AN
(
nonce
);
AN
(
plaintext
);
AN
(
last
);
AN
(
errmsg
);
AN
(
ctx
);
AN
(
ciphertext
);
AN
(
cek
);
AN
(
nonce
);
AN
(
plaintext
);
AN
(
last
);
AN
(
errmsg
);
if
(
EVP_CipherInit_ex
(
ctx
,
EVP_aes_128_gcm
(),
NULL
,
cek
,
nonce
,
0
)
!=
1
)
{
...
...
@@ -222,7 +222,7 @@ decrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *ciphertext,
}
}
if
(
*
last
==
-
1
)
{
snprintf
(
errmsg
,
ERRMSG_LEN
,
"No delimiter found"
);
snprintf
(
errmsg
,
ERRMSG_LEN
,
"No delimiter found"
);
return
(
-
1
);
}
...
...
src/rfc8188.h
View file @
7b322013
...
...
@@ -55,9 +55,9 @@
static
inline
uint32_t
be32dec
(
const
void
*
pp
)
{
uint8_t
const
*
p
=
(
uint8_t
const
*
)
pp
;
uint8_t
const
*
p
=
(
uint8_t
const
*
)
pp
;
return
(((
unsigned
)
p
[
0
]
<<
24
)
|
(
p
[
1
]
<<
16
)
|
(
p
[
2
]
<<
8
)
|
p
[
3
]);
return
(((
unsigned
)
p
[
0
]
<<
24
)
|
(
p
[
1
]
<<
16
)
|
(
p
[
2
]
<<
8
)
|
p
[
3
]);
}
/*
...
...
@@ -125,7 +125,7 @@ EVP_CIPHER_CTX * cipher_ctx_reset(EVP_CIPHER_CTX *ctx, int enc,
static
inline
void
cipher_ctx_fini
(
EVP_CIPHER_CTX
*
ctx
)
{
EVP_CIPHER_CTX_free
(
ctx
);
EVP_CIPHER_CTX_free
(
ctx
);
}
/*
...
...
src/rfc8188_test.c
View file @
7b322013
...
...
@@ -63,11 +63,11 @@ static const int exp_plaintext_len = 15;
/* 1st example in ch 3.1 */
static
const
unsigned
char
body1_b64
[]
=
"I1BsxtFttlv3u/Oo94xnmwAAEAAA+NAVub2qFgBEuQKRapoZu+IxkIva3MEB1PD+ly8Thjg="
,
key1_b64
[]
=
"yqdlZ+tYemfogSmv7Ws5PQ=="
,
salt_b64
[]
=
"I1BsxtFttlv3u/Oo94xnmw=="
,
prk1_b64
[]
=
"zyeH5phsIsgUyd4oiSEIy35x+gIi4aM7y0hCF8mwn9g="
,
cek1_b64
[]
=
"/wniytB+ofscZDh4tbSjHw=="
,
nonce1_b64
[]
=
"Bcs8gkIRKLI8GeI8"
;
key1_b64
[]
=
"yqdlZ+tYemfogSmv7Ws5PQ=="
,
salt_b64
[]
=
"I1BsxtFttlv3u/Oo94xnmw=="
,
prk1_b64
[]
=
"zyeH5phsIsgUyd4oiSEIy35x+gIi4aM7y0hCF8mwn9g="
,
cek1_b64
[]
=
"/wniytB+ofscZDh4tbSjHw=="
,
nonce1_b64
[]
=
"Bcs8gkIRKLI8GeI8"
;
static
const
int
bodylen1
=
53
;
static
const
uint32_t
exp_rs1
=
4096
;
static
const
uint8_t
exp_idlen1
=
0
;
...
...
@@ -75,29 +75,29 @@ static const uint8_t exp_idlen1 = 0;
/* 2nd example in ch 3.2 */
const
unsigned
char
body2_b64
[]
=
"uNCkWiNYzKTnBN9ji3+qWAAAABkCYTHOG8chz/gnvgOqdGYovxyjuqRyJFjEDyoF1Fvkj6hQPdPHI51OEUKEpgz3SsLWIqS/uA=="
,
key2_b64
[]
=
"BO3ZVPxUlnLORbVGMpbT1Q=="
,
exp_keyid2
[]
=
"a1"
;
key2_b64
[]
=
"BO3ZVPxUlnLORbVGMpbT1Q=="
,
exp_keyid2
[]
=
"a1"
;
static
const
uint32_t
exp_rs2
=
25
;
static
const
uint8_t
exp_idlen2
=
2
;
int
main
(
int
argc
,
char
*
argv
[])
{
EVP_CIPHER_CTX
*
ctx
;
EVP_CIPHER_CTX
*
ctx
;
unsigned
char
prk_b64
[
45
],
cek_b64
[
25
],
nonce_b64
[
17
];
unsigned
char
key1
[
AES128_KEYLEN
+
2
],
key2
[
AES128_KEYLEN
+
2
],
salt
[
SALT_LEN
+
2
],
prk
[
SHA256_LEN
],
cek
[
SHA256_LEN
],
nonce
[
SHA256_LEN
],
seq
[
NONCE_LEN
];
salt
[
SALT_LEN
+
2
],
prk
[
SHA256_LEN
],
cek
[
SHA256_LEN
],
nonce
[
SHA256_LEN
],
seq
[
NONCE_LEN
];
unsigned
char
body1
[
54
],
body2
[
75
],
plaintext
[
64
],
*
ciphertext
;
char
errmsg
[
ERRMSG_LEN
];
char
errmsg
[
ERRMSG_LEN
];
uint32_t
rs
;
uint8_t
idlen
;
int
len
,
last
,
plaintext_len
;
(
void
)
argc
;
(
void
)
argv
;
(
void
)
argc
;
(
void
)
argv
;
/* example 1, ch 3.1 */
/* example 1, ch 3.1 */
len
=
EVP_DecodeBlock
(
key1
,
key1_b64
,
sizeof
(
key1_b64
)
-
1
);
assert
(
len
==
AES128_KEYLEN
+
2
);
...
...
@@ -105,32 +105,32 @@ main(int argc, char *argv[])
assert
(
len
==
SALT_LEN
+
2
);
if
(
derive_prk
(
salt
,
key1
,
prk
,
errmsg
)
!=
0
)
{
fprintf
(
stderr
,
"ex1 PRK: %s
\n
"
,
errmsg
);
fprintf
(
stderr
,
"ex1 PRK: %s
\n
"
,
errmsg
);
exit
(
-
1
);
}
}
len
=
EVP_EncodeBlock
(
prk_b64
,
prk
,
SHA256_LEN
);
assert
(
len
==
44
);
AZ
(
memcmp
(
prk_b64
,
prk1_b64
,
len
));
AZ
(
memcmp
(
prk_b64
,
prk1_b64
,
len
));
if
(
derive_cek
(
prk
,
cek
,
errmsg
)
!=
0
)
{
fprintf
(
stderr
,
"ex1 CEK: %s
\n
"
,
errmsg
);
fprintf
(
stderr
,
"ex1 CEK: %s
\n
"
,
errmsg
);
exit
(
-
1
);
}
}
len
=
EVP_EncodeBlock
(
cek_b64
,
cek
,
AES128_KEYLEN
);
assert
(
len
==
24
);
AZ
(
memcmp
(
cek_b64
,
cek1_b64
,
len
));
AZ
(
memcmp
(
cek_b64
,
cek1_b64
,
len
));
memset
(
seq
,
0
,
NONCE_LEN
);
if
(
derive_prenonce
(
prk
,
nonce
,
errmsg
)
!=
0
)
{
fprintf
(
stderr
,
"ex1 NONCE: %s
\n
"
,
errmsg
);
fprintf
(
stderr
,
"ex1 NONCE: %s
\n
"
,
errmsg
);
exit
(
-
1
);
}
}
len
=
EVP_EncodeBlock
(
nonce_b64
,
nonce
,
NONCE_LEN
);
assert
(
len
==
16
);
AZ
(
memcmp
(
nonce_b64
,
nonce1_b64
,
len
));
AZ
(
memcmp
(
nonce_b64
,
nonce1_b64
,
len
));
len
=
EVP_DecodeBlock
(
body1
,
body1_b64
,
sizeof
(
body1_b64
)
-
1
);
assert
(
len
==
54
);
...
...
@@ -141,30 +141,30 @@ main(int argc, char *argv[])
assert
(
rs
==
exp_rs1
);
assert
(
idlen
==
exp_idlen1
);
if
((
ctx
=
cipher_ctx_init
(
0
,
errmsg
))
==
NULL
)
{
fprintf
(
stderr
,
"ex1: cipher_ctx_init: %s
\n
"
,
errmsg
);
if
((
ctx
=
cipher_ctx_init
(
0
,
errmsg
))
==
NULL
)
{
fprintf
(
stderr
,
"ex1: cipher_ctx_init: %s
\n
"
,
errmsg
);
exit
(
-
1
);
}
}
/* bodylen < rs, so we compute ciphertext_len and tag specially */
ciphertext
=
body1
+
HDR_PREFIX_LEN
+
idlen
;
len
=
decrypt_record
(
ctx
,
ciphertext
,
bodylen1
-
(
HDR_PREFIX_LEN
+
idlen
)
-
TAG_LEN
,
body1
+
(
bodylen1
-
TAG_LEN
),
cek
,
nonce
,
plaintext
,
&
last
,
errmsg
);
if
(
len
<
0
)
{
fprintf
(
stderr
,
"ex1 decrypt_record: %s
\n
"
,
errmsg
);
bodylen1
-
(
HDR_PREFIX_LEN
+
idlen
)
-
TAG_LEN
,
body1
+
(
bodylen1
-
TAG_LEN
),
cek
,
nonce
,
plaintext
,
&
last
,
errmsg
);
if
(
len
<
0
)
{
fprintf
(
stderr
,
"ex1 decrypt_record: %s
\n
"
,
errmsg
);
exit
(
-
1
);
}
assert
(
len
==
exp_plaintext_len
);
AN
(
last
);
AZ
(
memcmp
(
plaintext
,
exp_plaintext
,
len
));
}
assert
(
len
==
exp_plaintext_len
);
AN
(
last
);
AZ
(
memcmp
(
plaintext
,
exp_plaintext
,
len
));
/* example 2, ch 3.2 */
/* example 2, ch 3.2 */
if
((
ctx
=
cipher_ctx_reset
(
ctx
,
0
,
errmsg
))
==
NULL
)
{
fprintf
(
stderr
,
"ex2: cipher_ctx_reset: %s
\n
"
,
errmsg
);
if
((
ctx
=
cipher_ctx_reset
(
ctx
,
0
,
errmsg
))
==
NULL
)
{
fprintf
(
stderr
,
"ex2: cipher_ctx_reset: %s
\n
"
,
errmsg
);
exit
(
-
1
);
}
}
len
=
EVP_DecodeBlock
(
key2
,
key2_b64
,
sizeof
(
key2_b64
)
-
1
);
assert
(
len
==
AES128_KEYLEN
+
2
);
...
...
@@ -172,51 +172,51 @@ main(int argc, char *argv[])
assert
(
len
==
75
);
decode_header
(
body2
,
&
rs
,
&
idlen
);
assert
(
rs
==
exp_rs2
);
assert
(
idlen
=
exp_idlen2
);
AZ
(
memcmp
(
&
body2
[
HDR_PREFIX_LEN
],
exp_keyid2
,
idlen
));
assert
(
rs
==
exp_rs2
);
assert
(
idlen
=
exp_idlen2
);
AZ
(
memcmp
(
&
body2
[
HDR_PREFIX_LEN
],
exp_keyid2
,
idlen
));
if
(
derive_prk
(
body2
,
key2
,
prk
,
errmsg
)
!=
0
)
{
fprintf
(
stderr
,
"ex2 PRK: %s
\n
"
,
errmsg
);
fprintf
(
stderr
,
"ex2 PRK: %s
\n
"
,
errmsg
);
exit
(
-
1
);
}
}
if
(
derive_cek
(
prk
,
cek
,
errmsg
)
!=
0
)
{
fprintf
(
stderr
,
"ex2 CEK: %s
\n
"
,
errmsg
);
fprintf
(
stderr
,
"ex2 CEK: %s
\n
"
,
errmsg
);
exit
(
-
1
);
}
}
if
(
derive_prenonce
(
prk
,
nonce
,
errmsg
)
!=
0
)
{
fprintf
(
stderr
,
"ex2 NONCE: %s
\n
"
,
errmsg
);
fprintf
(
stderr
,
"ex2 NONCE: %s
\n
"
,
errmsg
);
exit
(
-
1
);
}
}
/* First record */
/* First record */
ciphertext
=
body2
+
HDR_PREFIX_LEN
+
idlen
;
len
=
decrypt_record
(
ctx
,
ciphertext
,
rs
-
TAG_LEN
,
ciphertext
+
(
rs
-
TAG_LEN
),
cek
,
nonce
,
plaintext
,
&
last
,
errmsg
);
if
(
len
<
0
)
{
fprintf
(
stderr
,
"ex2 1st record decrypt_record: %s
\n
"
,
errmsg
);
ciphertext
+
(
rs
-
TAG_LEN
),
cek
,
nonce
,
plaintext
,
&
last
,
errmsg
);
if
(
len
<
0
)
{
fprintf
(
stderr
,
"ex2 1st record decrypt_record: %s
\n
"
,
errmsg
);
exit
(
-
1
);
}
AZ
(
last
);
plaintext_len
=
len
;
}
AZ
(
last
);
plaintext_len
=
len
;
/* Second record */
/* Second record */
seq
[
NONCE_LEN
-
1
]
=
1
;
// simulates increment
for
(
int
i
=
0
;
i
<
NONCE_LEN
;
i
++
)
nonce
[
i
]
^=
seq
[
i
];
ciphertext
+=
rs
;
len
=
decrypt_record
(
ctx
,
ciphertext
,
rs
-
TAG_LEN
,
ciphertext
+
(
rs
-
TAG_LEN
),
cek
,
nonce
,
plaintext
+
plaintext_len
,
&
last
,
errmsg
);
if
(
len
<
0
)
{
fprintf
(
stderr
,
"ex2 2st record decrypt_record: %s
\n
"
,
errmsg
);
ciphertext
+
(
rs
-
TAG_LEN
),
cek
,
nonce
,
plaintext
+
plaintext_len
,
&
last
,
errmsg
);
if
(
len
<
0
)
{
fprintf
(
stderr
,
"ex2 2st record decrypt_record: %s
\n
"
,
errmsg
);
exit
(
-
1
);
}
AN
(
last
);
plaintext_len
+=
len
;
AZ
(
memcmp
(
plaintext
,
exp_plaintext
,
len
));
}
AN
(
last
);
plaintext_len
+=
len
;
AZ
(
memcmp
(
plaintext
,
exp_plaintext
,
len
));
cipher_ctx_fini
(
ctx
);
exit
(
0
);
cipher_ctx_fini
(
ctx
);
exit
(
0
);
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment