Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
libvmod-ece
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
uplex-varnish
libvmod-ece
Commits
877f1efa
Commit
877f1efa
authored
Sep 05, 2019
by
Geoff Simmons
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
encrypt_record() appends the authentication tag.
So the calling code doesn't have to.
parent
68bdc698
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
8 additions
and
6 deletions
+8
-6
rfc8188.c
src/rfc8188.c
+3
-1
rfc8188.h
src/rfc8188.h
+3
-2
rfc8188_test.c
src/rfc8188_test.c
+2
-3
No files found.
src/rfc8188.c
View file @
877f1efa
...
...
@@ -257,9 +257,10 @@ ssize_t
encrypt_record
(
EVP_CIPHER_CTX
*
ctx
,
unsigned
char
*
plaintext
,
int
plaintext_len
,
uint32_t
rs
,
uint8_t
cek
[
AES128_KEYLEN
],
unsigned
char
nonce
[
NONCE_LEN
],
int
last
,
unsigned
char
*
ciphertext
,
uint8_t
*
tag
,
char
errmsg
[
ERRMSG_LEN
])
char
errmsg
[
ERRMSG_LEN
])
{
int
delim_idx
,
len
,
ciphertext_len
;
uint8_t
*
tag
;
AN
(
ctx
);
AN
(
plaintext
);
...
...
@@ -304,6 +305,7 @@ encrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *plaintext,
}
ciphertext_len
+=
len
;
tag
=
ciphertext
+
(
rs
-
TAG_LEN
);
if
(
!
EVP_CIPHER_CTX_ctrl
(
ctx
,
EVP_CTRL_GCM_GET_TAG
,
TAG_LEN
,
tag
))
{
mk_error
(
errmsg
);
return
(
-
1
);
...
...
src/rfc8188.h
View file @
877f1efa
...
...
@@ -162,7 +162,7 @@ ssize_t decrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *ciphertext,
* Encrypt a record. Inputs are:
* plaintext, plaintext_len, rs, cek, nonce, last
* Outputs is:
* ciphertext
, tag
* ciphertext
*
* The buffer at plaintext MUST have at least rs bytes allocated.
*
...
...
@@ -171,6 +171,7 @@ ssize_t decrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *ciphertext,
* If last is non-zero, then this is the last record in the message.
*
* At least rs bytes must be allocated for the buffer at ciphertext.
* The authentication tag is appended at ciphertext + (rs - TAG_LEN).
*
* Returns -1 on error, otherwise the number of ciphertext bytes. That
* number will be equal to rs for every record but the last, which may be
...
...
@@ -179,4 +180,4 @@ ssize_t decrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *ciphertext,
ssize_t
encrypt_record
(
EVP_CIPHER_CTX
*
ctx
,
unsigned
char
*
plaintext
,
int
plaintext_len
,
uint32_t
rs
,
uint8_t
cek
[
AES128_KEYLEN
],
unsigned
char
nonce
[
NONCE_LEN
],
int
last
,
unsigned
char
*
ciphertext
,
uint8_t
tag
[
TAG_LEN
],
char
errmsg
[
ERRMSG_LEN
]);
char
errmsg
[
ERRMSG_LEN
]);
src/rfc8188_test.c
View file @
877f1efa
...
...
@@ -88,7 +88,7 @@ main(int argc, char *argv[])
body1_test_b64
[
73
];
unsigned
char
key1
[
AES128_KEYLEN
+
2
],
key2
[
AES128_KEYLEN
+
2
],
salt
[
SALT_LEN
+
2
],
prk
[
SHA256_LEN
],
cek
[
SHA256_LEN
],
nonce
[
SHA256_LEN
],
seq
[
NONCE_LEN
],
tag
[
TAG_LEN
],
nonce
[
SHA256_LEN
],
seq
[
NONCE_LEN
],
body1
[
54
],
body2
[
75
],
plaintext
[
64
],
*
ciphertext
;
char
errmsg
[
ERRMSG_LEN
];
uint32_t
rs
;
...
...
@@ -268,14 +268,13 @@ main(int argc, char *argv[])
last
=
1
;
ciphertext
=
body1
+
HDR_PREFIX_LEN
+
exp_idlen1
;
len
=
encrypt_record
(
ctx
,
plaintext
,
exp_plaintext_len
,
rs
,
cek
,
nonce
,
last
,
ciphertext
,
tag
,
errmsg
);
nonce
,
last
,
ciphertext
,
errmsg
);
if
(
len
<
0
)
{
fprintf
(
stderr
,
"ex1 encrypt_record: %s
\n
"
,
errmsg
);
exit
(
-
1
);
}
assert
((
unsigned
)
len
==
rs
-
TAG_LEN
);
memcpy
(
ciphertext
+
(
rs
-
TAG_LEN
),
tag
,
TAG_LEN
);
len
=
EVP_EncodeBlock
(
body1_test_b64
,
body1
,
bodylen1
);
assert
(
len
==
72
);
AZ
(
memcmp
(
body1_test_b64
,
body1_b64
,
len
));
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment