nghttpx: Use std::array for TicketKey
This commit is contained in:
parent
cd25c6846e
commit
e3cdfd12ea
|
@ -611,8 +611,8 @@ int generate_ticket_key(TicketKey &ticket_key) {
|
||||||
ticket_key.hmac_keylen = EVP_MD_size(ticket_key.hmac);
|
ticket_key.hmac_keylen = EVP_MD_size(ticket_key.hmac);
|
||||||
|
|
||||||
assert(static_cast<size_t>(EVP_CIPHER_key_length(ticket_key.cipher)) <=
|
assert(static_cast<size_t>(EVP_CIPHER_key_length(ticket_key.cipher)) <=
|
||||||
sizeof(ticket_key.data.enc_key));
|
ticket_key.data.enc_key.size());
|
||||||
assert(ticket_key.hmac_keylen <= sizeof(ticket_key.data.hmac_key));
|
assert(ticket_key.hmac_keylen <= ticket_key.data.hmac_key.size());
|
||||||
|
|
||||||
if (LOG_ENABLED(INFO)) {
|
if (LOG_ENABLED(INFO)) {
|
||||||
LOG(INFO) << "enc_keylen=" << EVP_CIPHER_key_length(ticket_key.cipher)
|
LOG(INFO) << "enc_keylen=" << EVP_CIPHER_key_length(ticket_key.cipher)
|
||||||
|
|
|
@ -155,7 +155,7 @@ read_tls_ticket_key_file(const std::vector<std::string> &files,
|
||||||
// with nginx and apache.
|
// with nginx and apache.
|
||||||
hmac_keylen = 16;
|
hmac_keylen = 16;
|
||||||
}
|
}
|
||||||
auto expectedlen = sizeof(keys[0].data.name) + enc_keylen + hmac_keylen;
|
auto expectedlen = keys[0].data.name.size() + enc_keylen + hmac_keylen;
|
||||||
char buf[256];
|
char buf[256];
|
||||||
assert(sizeof(buf) >= expectedlen);
|
assert(sizeof(buf) >= expectedlen);
|
||||||
|
|
||||||
|
@ -201,11 +201,11 @@ read_tls_ticket_key_file(const std::vector<std::string> &files,
|
||||||
}
|
}
|
||||||
|
|
||||||
auto p = buf;
|
auto p = buf;
|
||||||
memcpy(key.data.name, p, sizeof(key.data.name));
|
std::copy_n(p, key.data.name.size(), std::begin(key.data.name));
|
||||||
p += sizeof(key.data.name);
|
p += key.data.name.size();
|
||||||
memcpy(key.data.enc_key, p, enc_keylen);
|
std::copy_n(p, enc_keylen, std::begin(key.data.enc_key));
|
||||||
p += enc_keylen;
|
p += enc_keylen;
|
||||||
memcpy(key.data.hmac_key, p, hmac_keylen);
|
std::copy_n(p, hmac_keylen, std::begin(key.data.hmac_key));
|
||||||
|
|
||||||
if (LOG_ENABLED(INFO)) {
|
if (LOG_ENABLED(INFO)) {
|
||||||
LOG(INFO) << "session ticket key: " << util::format_hex(key.data.name);
|
LOG(INFO) << "session ticket key: " << util::format_hex(key.data.name);
|
||||||
|
|
|
@ -229,11 +229,11 @@ struct TicketKey {
|
||||||
size_t hmac_keylen;
|
size_t hmac_keylen;
|
||||||
struct {
|
struct {
|
||||||
// name of this ticket configuration
|
// name of this ticket configuration
|
||||||
uint8_t name[16];
|
std::array<uint8_t, 16> name;
|
||||||
// encryption key for |cipher|
|
// encryption key for |cipher|
|
||||||
uint8_t enc_key[32];
|
std::array<uint8_t, 32> enc_key;
|
||||||
// hmac key for |hmac|
|
// hmac key for |hmac|
|
||||||
uint8_t hmac_key[32];
|
std::array<uint8_t, 32> hmac_key;
|
||||||
} data;
|
} data;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -192,16 +192,24 @@ void test_shrpx_config_read_tls_ticket_key_file(void) {
|
||||||
CU_ASSERT(ticket_keys.get() != nullptr);
|
CU_ASSERT(ticket_keys.get() != nullptr);
|
||||||
CU_ASSERT(2 == ticket_keys->keys.size());
|
CU_ASSERT(2 == ticket_keys->keys.size());
|
||||||
auto key = &ticket_keys->keys[0];
|
auto key = &ticket_keys->keys[0];
|
||||||
CU_ASSERT(0 ==
|
CU_ASSERT(std::equal(std::begin(key->data.name), std::end(key->data.name),
|
||||||
memcmp("0..............1", key->data.name, sizeof(key->data.name)));
|
"0..............1"));
|
||||||
CU_ASSERT(0 == memcmp("2..............3", key->data.enc_key, 16));
|
CU_ASSERT(std::equal(std::begin(key->data.enc_key),
|
||||||
CU_ASSERT(0 == memcmp("4..............5", key->data.hmac_key, 16));
|
std::begin(key->data.enc_key) + 16, "2..............3"));
|
||||||
|
CU_ASSERT(std::equal(std::begin(key->data.hmac_key),
|
||||||
|
std::begin(key->data.hmac_key) + 16,
|
||||||
|
"4..............5"));
|
||||||
|
CU_ASSERT(16 == key->hmac_keylen);
|
||||||
|
|
||||||
key = &ticket_keys->keys[1];
|
key = &ticket_keys->keys[1];
|
||||||
CU_ASSERT(0 ==
|
CU_ASSERT(std::equal(std::begin(key->data.name), std::end(key->data.name),
|
||||||
memcmp("6..............7", key->data.name, sizeof(key->data.name)));
|
"6..............7"));
|
||||||
CU_ASSERT(0 == memcmp("8..............9", key->data.enc_key, 16));
|
CU_ASSERT(std::equal(std::begin(key->data.enc_key),
|
||||||
CU_ASSERT(0 == memcmp("a..............b", key->data.hmac_key, 16));
|
std::begin(key->data.enc_key) + 16, "8..............9"));
|
||||||
|
CU_ASSERT(std::equal(std::begin(key->data.hmac_key),
|
||||||
|
std::begin(key->data.hmac_key) + 16,
|
||||||
|
"a..............b"));
|
||||||
|
CU_ASSERT(16 == key->hmac_keylen);
|
||||||
}
|
}
|
||||||
|
|
||||||
void test_shrpx_config_read_tls_ticket_key_file_aes_256(void) {
|
void test_shrpx_config_read_tls_ticket_key_file_aes_256(void) {
|
||||||
|
@ -227,20 +235,24 @@ void test_shrpx_config_read_tls_ticket_key_file_aes_256(void) {
|
||||||
CU_ASSERT(ticket_keys.get() != nullptr);
|
CU_ASSERT(ticket_keys.get() != nullptr);
|
||||||
CU_ASSERT(2 == ticket_keys->keys.size());
|
CU_ASSERT(2 == ticket_keys->keys.size());
|
||||||
auto key = &ticket_keys->keys[0];
|
auto key = &ticket_keys->keys[0];
|
||||||
CU_ASSERT(0 ==
|
CU_ASSERT(std::equal(std::begin(key->data.name), std::end(key->data.name),
|
||||||
memcmp("0..............1", key->data.name, sizeof(key->data.name)));
|
"0..............1"));
|
||||||
CU_ASSERT(0 ==
|
CU_ASSERT(std::equal(std::begin(key->data.enc_key),
|
||||||
memcmp("2..............................3", key->data.enc_key, 32));
|
std::end(key->data.enc_key),
|
||||||
CU_ASSERT(0 ==
|
"2..............................3"));
|
||||||
memcmp("4..............................5", key->data.hmac_key, 32));
|
CU_ASSERT(std::equal(std::begin(key->data.hmac_key),
|
||||||
|
std::end(key->data.hmac_key),
|
||||||
|
"4..............................5"));
|
||||||
|
|
||||||
key = &ticket_keys->keys[1];
|
key = &ticket_keys->keys[1];
|
||||||
CU_ASSERT(0 ==
|
CU_ASSERT(std::equal(std::begin(key->data.name), std::end(key->data.name),
|
||||||
memcmp("6..............7", key->data.name, sizeof(key->data.name)));
|
"6..............7"));
|
||||||
CU_ASSERT(0 ==
|
CU_ASSERT(std::equal(std::begin(key->data.enc_key),
|
||||||
memcmp("8..............................9", key->data.enc_key, 32));
|
std::end(key->data.enc_key),
|
||||||
CU_ASSERT(0 ==
|
"8..............................9"));
|
||||||
memcmp("a..............................b", key->data.hmac_key, 32));
|
CU_ASSERT(std::equal(std::begin(key->data.hmac_key),
|
||||||
|
std::end(key->data.hmac_key),
|
||||||
|
"a..............................b"));
|
||||||
}
|
}
|
||||||
|
|
||||||
void test_shrpx_config_match_downstream_addr_group(void) {
|
void test_shrpx_config_match_downstream_addr_group(void) {
|
||||||
|
|
|
@ -335,18 +335,20 @@ int ticket_key_cb(SSL *ssl, unsigned char *key_name, unsigned char *iv,
|
||||||
<< util::format_hex(key.data.name);
|
<< util::format_hex(key.data.name);
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(key_name, key.data.name, sizeof(key.data.name));
|
std::copy(std::begin(key.data.name), std::end(key.data.name), key_name);
|
||||||
|
|
||||||
EVP_EncryptInit_ex(ctx, get_config()->tls_ticket_cipher, nullptr,
|
EVP_EncryptInit_ex(ctx, get_config()->tls_ticket_cipher, nullptr,
|
||||||
key.data.enc_key, iv);
|
key.data.enc_key.data(), iv);
|
||||||
HMAC_Init_ex(hctx, key.data.hmac_key, key.hmac_keylen, key.hmac, nullptr);
|
HMAC_Init_ex(hctx, key.data.hmac_key.data(), key.hmac_keylen, key.hmac,
|
||||||
|
nullptr);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
size_t i;
|
size_t i;
|
||||||
for (i = 0; i < keys.size(); ++i) {
|
for (i = 0; i < keys.size(); ++i) {
|
||||||
auto &key = keys[0];
|
auto &key = keys[0];
|
||||||
if (memcmp(key_name, key.data.name, sizeof(key.data.name)) == 0) {
|
if (std::equal(std::begin(key.data.name), std::end(key.data.name),
|
||||||
|
key_name)) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -365,8 +367,9 @@ int ticket_key_cb(SSL *ssl, unsigned char *key_name, unsigned char *iv,
|
||||||
}
|
}
|
||||||
|
|
||||||
auto &key = keys[i];
|
auto &key = keys[i];
|
||||||
HMAC_Init_ex(hctx, key.data.hmac_key, key.hmac_keylen, key.hmac, nullptr);
|
HMAC_Init_ex(hctx, key.data.hmac_key.data(), key.hmac_keylen, key.hmac,
|
||||||
EVP_DecryptInit_ex(ctx, key.cipher, nullptr, key.data.enc_key, iv);
|
nullptr);
|
||||||
|
EVP_DecryptInit_ex(ctx, key.cipher, nullptr, key.data.enc_key.data(), iv);
|
||||||
|
|
||||||
return i == 0 ? 1 : 2;
|
return i == 0 ? 1 : 2;
|
||||||
}
|
}
|
||||||
|
|
|
@ -216,6 +216,10 @@ template <size_t N> std::string format_hex(const unsigned char (&s)[N]) {
|
||||||
return format_hex(s, N);
|
return format_hex(s, N);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
template <size_t N> std::string format_hex(const std::array<uint8_t, N> &s) {
|
||||||
|
return format_hex(s.data(), s.size());
|
||||||
|
}
|
||||||
|
|
||||||
std::string http_date(time_t t);
|
std::string http_date(time_t t);
|
||||||
|
|
||||||
// Returns given time |t| from epoch in Common Log format (e.g.,
|
// Returns given time |t| from epoch in Common Log format (e.g.,
|
||||||
|
|
Loading…
Reference in New Issue