walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Use std::array for TicketKey

This commit is contained in:
Tatsuhiro Tsujikawa 2015-07-27 02:12:07 +09:00
parent cd25c6846e
commit e3cdfd12ea
6 changed files with 55 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/shrpx.cc
View File

@ -611,8 +611,8 @@ int generate_ticket_key(TicketKey &ticket_key) {
ticket_key.hmac_keylen = EVP_MD_size(ticket_key.hmac); ticket_key.hmac_keylen = EVP_MD_size(ticket_key.hmac);
assert(static_cast<size_t>(EVP_CIPHER_key_length(ticket_key.cipher)) <= assert(static_cast<size_t>(EVP_CIPHER_key_length(ticket_key.cipher)) <=
sizeof(ticket_key.data.enc_key)); ticket_key.data.enc_key.size());
assert(ticket_key.hmac_keylen <= sizeof(ticket_key.data.hmac_key)); assert(ticket_key.hmac_keylen <= ticket_key.data.hmac_key.size());
if (LOG_ENABLED(INFO)) { if (LOG_ENABLED(INFO)) {
LOG(INFO) << "enc_keylen=" << EVP_CIPHER_key_length(ticket_key.cipher) LOG(INFO) << "enc_keylen=" << EVP_CIPHER_key_length(ticket_key.cipher)

10
src/shrpx_config.cc
View File

@ -155,7 +155,7 @@ read_tls_ticket_key_file(const std::vector<std::string> &files,
// with nginx and apache. // with nginx and apache.
hmac_keylen = 16; hmac_keylen = 16;
} }
auto expectedlen = sizeof(keys[0].data.name) + enc_keylen + hmac_keylen; auto expectedlen = keys[0].data.name.size() + enc_keylen + hmac_keylen;
char buf[256]; char buf[256];
assert(sizeof(buf) >= expectedlen); assert(sizeof(buf) >= expectedlen);
@ -201,11 +201,11 @@ read_tls_ticket_key_file(const std::vector<std::string> &files,
} }
auto p = buf; auto p = buf;
memcpy(key.data.name, p, sizeof(key.data.name)); std::copy_n(p, key.data.name.size(), std::begin(key.data.name));
p += sizeof(key.data.name); p += key.data.name.size();
memcpy(key.data.enc_key, p, enc_keylen); std::copy_n(p, enc_keylen, std::begin(key.data.enc_key));
p += enc_keylen; p += enc_keylen;
memcpy(key.data.hmac_key, p, hmac_keylen); std::copy_n(p, hmac_keylen, std::begin(key.data.hmac_key));
if (LOG_ENABLED(INFO)) { if (LOG_ENABLED(INFO)) {
LOG(INFO) << "session ticket key: " << util::format_hex(key.data.name); LOG(INFO) << "session ticket key: " << util::format_hex(key.data.name);

6
src/shrpx_config.h
View File

@ -229,11 +229,11 @@ struct TicketKey {
size_t hmac_keylen; size_t hmac_keylen;
struct { struct {
// name of this ticket configuration // name of this ticket configuration
uint8_t name[16]; std::array<uint8_t, 16> name;
// encryption key for |cipher| // encryption key for |cipher|
uint8_t enc_key[32]; std::array<uint8_t, 32> enc_key;
// hmac key for |hmac| // hmac key for |hmac|
uint8_t hmac_key[32]; std::array<uint8_t, 32> hmac_key;
} data; } data;
}; };

52
src/shrpx_config_test.cc
View File

@ -192,16 +192,24 @@ void test_shrpx_config_read_tls_ticket_key_file(void) {
CU_ASSERT(ticket_keys.get() != nullptr); CU_ASSERT(ticket_keys.get() != nullptr);
CU_ASSERT(2 == ticket_keys->keys.size()); CU_ASSERT(2 == ticket_keys->keys.size());
auto key = &ticket_keys->keys[0]; auto key = &ticket_keys->keys[0];
CU_ASSERT(0 == CU_ASSERT(std::equal(std::begin(key->data.name), std::end(key->data.name),
memcmp("0..............1", key->data.name, sizeof(key->data.name))); "0..............1"));
CU_ASSERT(0 == memcmp("2..............3", key->data.enc_key, 16)); CU_ASSERT(std::equal(std::begin(key->data.enc_key),
CU_ASSERT(0 == memcmp("4..............5", key->data.hmac_key, 16)); std::begin(key->data.enc_key) + 16, "2..............3"));
CU_ASSERT(std::equal(std::begin(key->data.hmac_key),
std::begin(key->data.hmac_key) + 16,
"4..............5"));
CU_ASSERT(16 == key->hmac_keylen);
key = &ticket_keys->keys[1]; key = &ticket_keys->keys[1];
CU_ASSERT(0 == CU_ASSERT(std::equal(std::begin(key->data.name), std::end(key->data.name),
memcmp("6..............7", key->data.name, sizeof(key->data.name))); "6..............7"));
CU_ASSERT(0 == memcmp("8..............9", key->data.enc_key, 16)); CU_ASSERT(std::equal(std::begin(key->data.enc_key),
CU_ASSERT(0 == memcmp("a..............b", key->data.hmac_key, 16)); std::begin(key->data.enc_key) + 16, "8..............9"));
CU_ASSERT(std::equal(std::begin(key->data.hmac_key),
std::begin(key->data.hmac_key) + 16,
"a..............b"));
CU_ASSERT(16 == key->hmac_keylen);
} }
void test_shrpx_config_read_tls_ticket_key_file_aes_256(void) { void test_shrpx_config_read_tls_ticket_key_file_aes_256(void) {
@ -227,20 +235,24 @@ void test_shrpx_config_read_tls_ticket_key_file_aes_256(void) {
CU_ASSERT(ticket_keys.get() != nullptr); CU_ASSERT(ticket_keys.get() != nullptr);
CU_ASSERT(2 == ticket_keys->keys.size()); CU_ASSERT(2 == ticket_keys->keys.size());
auto key = &ticket_keys->keys[0]; auto key = &ticket_keys->keys[0];
CU_ASSERT(0 == CU_ASSERT(std::equal(std::begin(key->data.name), std::end(key->data.name),
memcmp("0..............1", key->data.name, sizeof(key->data.name))); "0..............1"));
CU_ASSERT(0 == CU_ASSERT(std::equal(std::begin(key->data.enc_key),
memcmp("2..............................3", key->data.enc_key, 32)); std::end(key->data.enc_key),
CU_ASSERT(0 == "2..............................3"));
memcmp("4..............................5", key->data.hmac_key, 32)); CU_ASSERT(std::equal(std::begin(key->data.hmac_key),
std::end(key->data.hmac_key),
"4..............................5"));
key = &ticket_keys->keys[1]; key = &ticket_keys->keys[1];
CU_ASSERT(0 == CU_ASSERT(std::equal(std::begin(key->data.name), std::end(key->data.name),
memcmp("6..............7", key->data.name, sizeof(key->data.name))); "6..............7"));
CU_ASSERT(0 == CU_ASSERT(std::equal(std::begin(key->data.enc_key),
memcmp("8..............................9", key->data.enc_key, 32)); std::end(key->data.enc_key),
CU_ASSERT(0 == "8..............................9"));
memcmp("a..............................b", key->data.hmac_key, 32)); CU_ASSERT(std::equal(std::begin(key->data.hmac_key),
std::end(key->data.hmac_key),
"a..............................b"));
} }
void test_shrpx_config_match_downstream_addr_group(void) { void test_shrpx_config_match_downstream_addr_group(void) {

15
src/shrpx_ssl.cc
View File

@ -335,18 +335,20 @@ int ticket_key_cb(SSL *ssl, unsigned char *key_name, unsigned char *iv,
<< util::format_hex(key.data.name); << util::format_hex(key.data.name);
} }
memcpy(key_name, key.data.name, sizeof(key.data.name)); std::copy(std::begin(key.data.name), std::end(key.data.name), key_name);
EVP_EncryptInit_ex(ctx, get_config()->tls_ticket_cipher, nullptr, EVP_EncryptInit_ex(ctx, get_config()->tls_ticket_cipher, nullptr,
key.data.enc_key, iv); key.data.enc_key.data(), iv);
HMAC_Init_ex(hctx, key.data.hmac_key, key.hmac_keylen, key.hmac, nullptr); HMAC_Init_ex(hctx, key.data.hmac_key.data(), key.hmac_keylen, key.hmac,
nullptr);
return 1; return 1;
} }
size_t i; size_t i;
for (i = 0; i < keys.size(); ++i) { for (i = 0; i < keys.size(); ++i) {
auto &key = keys[0]; auto &key = keys[0];
if (memcmp(key_name, key.data.name, sizeof(key.data.name)) == 0) { if (std::equal(std::begin(key.data.name), std::end(key.data.name),
key_name)) {
break; break;
} }
} }
@ -365,8 +367,9 @@ int ticket_key_cb(SSL *ssl, unsigned char *key_name, unsigned char *iv,
} }
auto &key = keys[i]; auto &key = keys[i];
HMAC_Init_ex(hctx, key.data.hmac_key, key.hmac_keylen, key.hmac, nullptr); HMAC_Init_ex(hctx, key.data.hmac_key.data(), key.hmac_keylen, key.hmac,
EVP_DecryptInit_ex(ctx, key.cipher, nullptr, key.data.enc_key, iv); nullptr);
EVP_DecryptInit_ex(ctx, key.cipher, nullptr, key.data.enc_key.data(), iv);
return i == 0 ? 1 : 2; return i == 0 ? 1 : 2;
} }

4
src/util.h
View File

@ -216,6 +216,10 @@ template <size_t N> std::string format_hex(const unsigned char (&s)[N]) {
return format_hex(s, N); return format_hex(s, N);
} }
template <size_t N> std::string format_hex(const std::array<uint8_t, N> &s) {
return format_hex(s.data(), s.size());
}
std::string http_date(time_t t); std::string http_date(time_t t);
// Returns given time |t| from epoch in Common Log format (e.g., // Returns given time |t| from epoch in Common Log format (e.g.,