Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
libvmod-ece
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
uplex-varnish
libvmod-ece
Commits
a27102cf
Commit
a27102cf
authored
Sep 05, 2019
by
Geoff Simmons
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
On success, encrypt_record() returns the full length of the record.
Including the length of the authentication tag.
parent
85d7f62c
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
15 additions
and
12 deletions
+15
-12
rfc8188.c
src/rfc8188.c
+1
-1
rfc8188.h
src/rfc8188.h
+9
-6
rfc8188_test.c
src/rfc8188_test.c
+5
-5
No files found.
src/rfc8188.c
View file @
a27102cf
...
...
@@ -324,5 +324,5 @@ encrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *plaintext,
return
(
-
1
);
}
return
(
ciphertext_len
);
return
(
ciphertext_len
+
TAG_LEN
);
}
src/rfc8188.h
View file @
a27102cf
...
...
@@ -171,18 +171,21 @@ ssize_t decrypt_record(EVP_CIPHER_CTX *ctx, unsigned char *ciphertext,
* plaintext for subsequent records must begin at a location that will
* have been overwritten.
*
* plaintext_len MAY NOT be > rs - (TAG_LEN + 1).
* plaintext_len M
UST be >= 0, and M
AY NOT be > rs - (TAG_LEN + 1).
*
* rs for every record MUST equal the record size set for the entire
* message, except possibly for the last record, which may be smaller.
* rs MUST be >= 18. For every record, rs MUST equal the record size
* established for the entire message, except possibly for the last
* record, which may be smaller.
*
*
If last is non-zero, then
this is the last record in the message.
*
last is non-zero iff
this is the last record in the message.
*
* At least rs bytes must be allocated for the buffer at ciphertext.
* The authentication tag is appended at ciphertext + (rs - TAG_LEN).
*
* Returns -1 on error, otherwise the number of ciphertext bytes. That
* number will be equal to (rs - TAG_LEN) for every record.
* Returns -1 on error, otherwise the number of bytes written to
* ciphertext, including the authentication tag. Successful return values
* are always equal to rs, and the next record can be written to
* ciphertext + rs.
*/
ssize_t
encrypt_record
(
EVP_CIPHER_CTX
*
ctx
,
unsigned
char
*
plaintext
,
int
plaintext_len
,
uint32_t
rs
,
uint8_t
cek
[
AES128_KEYLEN
],
...
...
src/rfc8188_test.c
View file @
a27102cf
...
...
@@ -271,7 +271,7 @@ main(int argc, char *argv[])
fprintf
(
stderr
,
"ex1 encrypt_record: %s
\n
"
,
errmsg
);
exit
(
-
1
);
}
assert
((
unsigned
)
len
==
rs
-
TAG_LEN
);
assert
((
unsigned
)
len
==
rs
);
len
=
EVP_EncodeBlock
(
body1_test_b64
,
body1
,
bodylen1
);
assert
(
len
==
72
);
...
...
@@ -317,8 +317,8 @@ main(int argc, char *argv[])
fprintf
(
stderr
,
"ex2 1st record encrypt_record: %s
\n
"
,
errmsg
);
exit
(
-
1
);
}
assert
((
unsigned
)
len
==
exp_rs2
-
TAG_LEN
);
ciphertext_len
=
exp_rs2
;
assert
((
unsigned
)
len
==
exp_rs2
);
ciphertext_len
=
len
;
/* Second record, last 8 bytes of the plaintext */
seq
[
NONCE_LEN
-
1
]
=
1
;
// simulates increment
...
...
@@ -335,8 +335,8 @@ main(int argc, char *argv[])
fprintf
(
stderr
,
"ex1 2nd record encrypt_record: %s
\n
"
,
errmsg
);
exit
(
-
1
);
}
assert
((
unsigned
)
len
==
exp_rs2
-
TAG_LEN
);
ciphertext_len
+=
exp_rs2
;
assert
((
unsigned
)
len
==
exp_rs2
);
ciphertext_len
+=
len
;
assert
(
ciphertext_len
+
HDR_PREFIX_LEN
+
exp_idlen2
==
exp_bodylen2
);
len
=
EVP_EncodeBlock
(
body2_test_b64
,
body2
,
exp_bodylen2
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment