nghttpx: Use std::array for TicketKey

This commit is contained in:
Tatsuhiro Tsujikawa 2015-07-27 02:12:07 +09:00
parent cd25c6846e
commit e3cdfd12ea
6 changed files with 55 additions and 36 deletions

View File

@ -611,8 +611,8 @@ int generate_ticket_key(TicketKey &ticket_key) {
ticket_key.hmac_keylen = EVP_MD_size(ticket_key.hmac);
assert(static_cast<size_t>(EVP_CIPHER_key_length(ticket_key.cipher)) <=
sizeof(ticket_key.data.enc_key));
assert(ticket_key.hmac_keylen <= sizeof(ticket_key.data.hmac_key));
ticket_key.data.enc_key.size());
assert(ticket_key.hmac_keylen <= ticket_key.data.hmac_key.size());
if (LOG_ENABLED(INFO)) {
LOG(INFO) << "enc_keylen=" << EVP_CIPHER_key_length(ticket_key.cipher)

View File

@ -155,7 +155,7 @@ read_tls_ticket_key_file(const std::vector<std::string> &files,
// with nginx and apache.
hmac_keylen = 16;
}
auto expectedlen = sizeof(keys[0].data.name) + enc_keylen + hmac_keylen;
auto expectedlen = keys[0].data.name.size() + enc_keylen + hmac_keylen;
char buf[256];
assert(sizeof(buf) >= expectedlen);
@ -201,11 +201,11 @@ read_tls_ticket_key_file(const std::vector<std::string> &files,
}
auto p = buf;
memcpy(key.data.name, p, sizeof(key.data.name));
p += sizeof(key.data.name);
memcpy(key.data.enc_key, p, enc_keylen);
std::copy_n(p, key.data.name.size(), std::begin(key.data.name));
p += key.data.name.size();
std::copy_n(p, enc_keylen, std::begin(key.data.enc_key));
p += enc_keylen;
memcpy(key.data.hmac_key, p, hmac_keylen);
std::copy_n(p, hmac_keylen, std::begin(key.data.hmac_key));
if (LOG_ENABLED(INFO)) {
LOG(INFO) << "session ticket key: " << util::format_hex(key.data.name);

View File

@ -229,11 +229,11 @@ struct TicketKey {
size_t hmac_keylen;
struct {
// name of this ticket configuration
uint8_t name[16];
std::array<uint8_t, 16> name;
// encryption key for |cipher|
uint8_t enc_key[32];
std::array<uint8_t, 32> enc_key;
// hmac key for |hmac|
uint8_t hmac_key[32];
std::array<uint8_t, 32> hmac_key;
} data;
};

View File

@ -192,16 +192,24 @@ void test_shrpx_config_read_tls_ticket_key_file(void) {
CU_ASSERT(ticket_keys.get() != nullptr);
CU_ASSERT(2 == ticket_keys->keys.size());
auto key = &ticket_keys->keys[0];
CU_ASSERT(0 ==
memcmp("0..............1", key->data.name, sizeof(key->data.name)));
CU_ASSERT(0 == memcmp("2..............3", key->data.enc_key, 16));
CU_ASSERT(0 == memcmp("4..............5", key->data.hmac_key, 16));
CU_ASSERT(std::equal(std::begin(key->data.name), std::end(key->data.name),
"0..............1"));
CU_ASSERT(std::equal(std::begin(key->data.enc_key),
std::begin(key->data.enc_key) + 16, "2..............3"));
CU_ASSERT(std::equal(std::begin(key->data.hmac_key),
std::begin(key->data.hmac_key) + 16,
"4..............5"));
CU_ASSERT(16 == key->hmac_keylen);
key = &ticket_keys->keys[1];
CU_ASSERT(0 ==
memcmp("6..............7", key->data.name, sizeof(key->data.name)));
CU_ASSERT(0 == memcmp("8..............9", key->data.enc_key, 16));
CU_ASSERT(0 == memcmp("a..............b", key->data.hmac_key, 16));
CU_ASSERT(std::equal(std::begin(key->data.name), std::end(key->data.name),
"6..............7"));
CU_ASSERT(std::equal(std::begin(key->data.enc_key),
std::begin(key->data.enc_key) + 16, "8..............9"));
CU_ASSERT(std::equal(std::begin(key->data.hmac_key),
std::begin(key->data.hmac_key) + 16,
"a..............b"));
CU_ASSERT(16 == key->hmac_keylen);
}
void test_shrpx_config_read_tls_ticket_key_file_aes_256(void) {
@ -227,20 +235,24 @@ void test_shrpx_config_read_tls_ticket_key_file_aes_256(void) {
CU_ASSERT(ticket_keys.get() != nullptr);
CU_ASSERT(2 == ticket_keys->keys.size());
auto key = &ticket_keys->keys[0];
CU_ASSERT(0 ==
memcmp("0..............1", key->data.name, sizeof(key->data.name)));
CU_ASSERT(0 ==
memcmp("2..............................3", key->data.enc_key, 32));
CU_ASSERT(0 ==
memcmp("4..............................5", key->data.hmac_key, 32));
CU_ASSERT(std::equal(std::begin(key->data.name), std::end(key->data.name),
"0..............1"));
CU_ASSERT(std::equal(std::begin(key->data.enc_key),
std::end(key->data.enc_key),
"2..............................3"));
CU_ASSERT(std::equal(std::begin(key->data.hmac_key),
std::end(key->data.hmac_key),
"4..............................5"));
key = &ticket_keys->keys[1];
CU_ASSERT(0 ==
memcmp("6..............7", key->data.name, sizeof(key->data.name)));
CU_ASSERT(0 ==
memcmp("8..............................9", key->data.enc_key, 32));
CU_ASSERT(0 ==
memcmp("a..............................b", key->data.hmac_key, 32));
CU_ASSERT(std::equal(std::begin(key->data.name), std::end(key->data.name),
"6..............7"));
CU_ASSERT(std::equal(std::begin(key->data.enc_key),
std::end(key->data.enc_key),
"8..............................9"));
CU_ASSERT(std::equal(std::begin(key->data.hmac_key),
std::end(key->data.hmac_key),
"a..............................b"));
}
void test_shrpx_config_match_downstream_addr_group(void) {

View File

@ -335,18 +335,20 @@ int ticket_key_cb(SSL *ssl, unsigned char *key_name, unsigned char *iv,
<< util::format_hex(key.data.name);
}
memcpy(key_name, key.data.name, sizeof(key.data.name));
std::copy(std::begin(key.data.name), std::end(key.data.name), key_name);
EVP_EncryptInit_ex(ctx, get_config()->tls_ticket_cipher, nullptr,
key.data.enc_key, iv);
HMAC_Init_ex(hctx, key.data.hmac_key, key.hmac_keylen, key.hmac, nullptr);
key.data.enc_key.data(), iv);
HMAC_Init_ex(hctx, key.data.hmac_key.data(), key.hmac_keylen, key.hmac,
nullptr);
return 1;
}
size_t i;
for (i = 0; i < keys.size(); ++i) {
auto &key = keys[0];
if (memcmp(key_name, key.data.name, sizeof(key.data.name)) == 0) {
if (std::equal(std::begin(key.data.name), std::end(key.data.name),
key_name)) {
break;
}
}
@ -365,8 +367,9 @@ int ticket_key_cb(SSL *ssl, unsigned char *key_name, unsigned char *iv,
}
auto &key = keys[i];
HMAC_Init_ex(hctx, key.data.hmac_key, key.hmac_keylen, key.hmac, nullptr);
EVP_DecryptInit_ex(ctx, key.cipher, nullptr, key.data.enc_key, iv);
HMAC_Init_ex(hctx, key.data.hmac_key.data(), key.hmac_keylen, key.hmac,
nullptr);
EVP_DecryptInit_ex(ctx, key.cipher, nullptr, key.data.enc_key.data(), iv);
return i == 0 ? 1 : 2;
}

View File

@ -216,6 +216,10 @@ template <size_t N> std::string format_hex(const unsigned char (&s)[N]) {
return format_hex(s, N);
}
template <size_t N> std::string format_hex(const std::array<uint8_t, N> &s) {
return format_hex(s.data(), s.size());
}
std::string http_date(time_t t);
// Returns given time |t| from epoch in Common Log format (e.g.,