nghttpx: Use std::array for TicketKey
This commit is contained in:
Tatsuhiro Tsujikawa
parent
cd25c6846e
commit
e3cdfd12ea
|
|
@ -611,8 +611,8 @@ int generate_ticket_key(TicketKey &ticket_key) {
|
|||
ticket_key.hmac_keylen = EVP_MD_size(ticket_key.hmac);
|
||||
|
||||
assert(static_cast<size_t>(EVP_CIPHER_key_length(ticket_key.cipher)) <=
|
||||
sizeof(ticket_key.data.enc_key));
|
||||
assert(ticket_key.hmac_keylen <= sizeof(ticket_key.data.hmac_key));
|
||||
ticket_key.data.enc_key.size());
|
||||
assert(ticket_key.hmac_keylen <= ticket_key.data.hmac_key.size());
|
||||
|
||||
if (LOG_ENABLED(INFO)) {
|
||||
LOG(INFO) << "enc_keylen=" << EVP_CIPHER_key_length(ticket_key.cipher)
|
||||
|
|
|
|||
|
|
@ -155,7 +155,7 @@ read_tls_ticket_key_file(const std::vector<std::string> &files,
|
|||
// with nginx and apache.
|
||||
hmac_keylen = 16;
|
||||
}
|
||||
auto expectedlen = sizeof(keys[0].data.name) + enc_keylen + hmac_keylen;
|
||||
auto expectedlen = keys[0].data.name.size() + enc_keylen + hmac_keylen;
|
||||
char buf[256];
|
||||
assert(sizeof(buf) >= expectedlen);
|
||||
|
||||
|
|
@ -201,11 +201,11 @@ read_tls_ticket_key_file(const std::vector<std::string> &files,
|
|||
}
|
||||
|
||||
auto p = buf;
|
||||
memcpy(key.data.name, p, sizeof(key.data.name));
|
||||
p += sizeof(key.data.name);
|
||||
memcpy(key.data.enc_key, p, enc_keylen);
|
||||
std::copy_n(p, key.data.name.size(), std::begin(key.data.name));
|
||||
p += key.data.name.size();
|
||||
std::copy_n(p, enc_keylen, std::begin(key.data.enc_key));
|
||||
p += enc_keylen;
|
||||
memcpy(key.data.hmac_key, p, hmac_keylen);
|
||||
std::copy_n(p, hmac_keylen, std::begin(key.data.hmac_key));
|
||||
|
||||
if (LOG_ENABLED(INFO)) {
|
||||
LOG(INFO) << "session ticket key: " << util::format_hex(key.data.name);
|
||||
|
|
|
|||
|
|
@ -229,11 +229,11 @@ struct TicketKey {
|
|||
size_t hmac_keylen;
|
||||
struct {
|
||||
// name of this ticket configuration
|
||||
uint8_t name[16];
|
||||
std::array<uint8_t, 16> name;
|
||||
// encryption key for |cipher|
|
||||
uint8_t enc_key[32];
|
||||
std::array<uint8_t, 32> enc_key;
|
||||
// hmac key for |hmac|
|
||||
uint8_t hmac_key[32];
|
||||
std::array<uint8_t, 32> hmac_key;
|
||||
} data;
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -192,16 +192,24 @@ void test_shrpx_config_read_tls_ticket_key_file(void) {
|
|||
CU_ASSERT(ticket_keys.get() != nullptr);
|
||||
CU_ASSERT(2 == ticket_keys->keys.size());
|
||||
auto key = &ticket_keys->keys[0];
|
||||
CU_ASSERT(0 ==
|
||||
memcmp("0..............1", key->data.name, sizeof(key->data.name)));
|
||||
CU_ASSERT(0 == memcmp("2..............3", key->data.enc_key, 16));
|
||||
CU_ASSERT(0 == memcmp("4..............5", key->data.hmac_key, 16));
|
||||
CU_ASSERT(std::equal(std::begin(key->data.name), std::end(key->data.name),
|
||||
"0..............1"));
|
||||
CU_ASSERT(std::equal(std::begin(key->data.enc_key),
|
||||
std::begin(key->data.enc_key) + 16, "2..............3"));
|
||||
CU_ASSERT(std::equal(std::begin(key->data.hmac_key),
|
||||
std::begin(key->data.hmac_key) + 16,
|
||||
"4..............5"));
|
||||
CU_ASSERT(16 == key->hmac_keylen);
|
||||
|
||||
key = &ticket_keys->keys[1];
|
||||
CU_ASSERT(0 ==
|
||||
memcmp("6..............7", key->data.name, sizeof(key->data.name)));
|
||||
CU_ASSERT(0 == memcmp("8..............9", key->data.enc_key, 16));
|
||||
CU_ASSERT(0 == memcmp("a..............b", key->data.hmac_key, 16));
|
||||
CU_ASSERT(std::equal(std::begin(key->data.name), std::end(key->data.name),
|
||||
"6..............7"));
|
||||
CU_ASSERT(std::equal(std::begin(key->data.enc_key),
|
||||
std::begin(key->data.enc_key) + 16, "8..............9"));
|
||||
CU_ASSERT(std::equal(std::begin(key->data.hmac_key),
|
||||
std::begin(key->data.hmac_key) + 16,
|
||||
"a..............b"));
|
||||
CU_ASSERT(16 == key->hmac_keylen);
|
||||
}
|
||||
|
||||
void test_shrpx_config_read_tls_ticket_key_file_aes_256(void) {
|
||||
|
|
@ -227,20 +235,24 @@ void test_shrpx_config_read_tls_ticket_key_file_aes_256(void) {
|
|||
CU_ASSERT(ticket_keys.get() != nullptr);
|
||||
CU_ASSERT(2 == ticket_keys->keys.size());
|
||||
auto key = &ticket_keys->keys[0];
|
||||
CU_ASSERT(0 ==
|
||||
memcmp("0..............1", key->data.name, sizeof(key->data.name)));
|
||||
CU_ASSERT(0 ==
|
||||
memcmp("2..............................3", key->data.enc_key, 32));
|
||||
CU_ASSERT(0 ==
|
||||
memcmp("4..............................5", key->data.hmac_key, 32));
|
||||
CU_ASSERT(std::equal(std::begin(key->data.name), std::end(key->data.name),
|
||||
"0..............1"));
|
||||
CU_ASSERT(std::equal(std::begin(key->data.enc_key),
|
||||
std::end(key->data.enc_key),
|
||||
"2..............................3"));
|
||||
CU_ASSERT(std::equal(std::begin(key->data.hmac_key),
|
||||
std::end(key->data.hmac_key),
|
||||
"4..............................5"));
|
||||
|
||||
key = &ticket_keys->keys[1];
|
||||
CU_ASSERT(0 ==
|
||||
memcmp("6..............7", key->data.name, sizeof(key->data.name)));
|
||||
CU_ASSERT(0 ==
|
||||
memcmp("8..............................9", key->data.enc_key, 32));
|
||||
CU_ASSERT(0 ==
|
||||
memcmp("a..............................b", key->data.hmac_key, 32));
|
||||
CU_ASSERT(std::equal(std::begin(key->data.name), std::end(key->data.name),
|
||||
"6..............7"));
|
||||
CU_ASSERT(std::equal(std::begin(key->data.enc_key),
|
||||
std::end(key->data.enc_key),
|
||||
"8..............................9"));
|
||||
CU_ASSERT(std::equal(std::begin(key->data.hmac_key),
|
||||
std::end(key->data.hmac_key),
|
||||
"a..............................b"));
|
||||
}
|
||||
|
||||
void test_shrpx_config_match_downstream_addr_group(void) {
|
||||
|
|
|
|||
|
|
@ -335,18 +335,20 @@ int ticket_key_cb(SSL *ssl, unsigned char *key_name, unsigned char *iv,
|
|||
<< util::format_hex(key.data.name);
|
||||
}
|
||||
|
||||
memcpy(key_name, key.data.name, sizeof(key.data.name));
|
||||
std::copy(std::begin(key.data.name), std::end(key.data.name), key_name);
|
||||
|
||||
EVP_EncryptInit_ex(ctx, get_config()->tls_ticket_cipher, nullptr,
|
||||
key.data.enc_key, iv);
|
||||
HMAC_Init_ex(hctx, key.data.hmac_key, key.hmac_keylen, key.hmac, nullptr);
|
||||
key.data.enc_key.data(), iv);
|
||||
HMAC_Init_ex(hctx, key.data.hmac_key.data(), key.hmac_keylen, key.hmac,
|
||||
nullptr);
|
||||
return 1;
|
||||
}
|
||||
|
||||
size_t i;
|
||||
for (i = 0; i < keys.size(); ++i) {
|
||||
auto &key = keys[0];
|
||||
if (memcmp(key_name, key.data.name, sizeof(key.data.name)) == 0) {
|
||||
if (std::equal(std::begin(key.data.name), std::end(key.data.name),
|
||||
key_name)) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
|
@ -365,8 +367,9 @@ int ticket_key_cb(SSL *ssl, unsigned char *key_name, unsigned char *iv,
|
|||
}
|
||||
|
||||
auto &key = keys[i];
|
||||
HMAC_Init_ex(hctx, key.data.hmac_key, key.hmac_keylen, key.hmac, nullptr);
|
||||
EVP_DecryptInit_ex(ctx, key.cipher, nullptr, key.data.enc_key, iv);
|
||||
HMAC_Init_ex(hctx, key.data.hmac_key.data(), key.hmac_keylen, key.hmac,
|
||||
nullptr);
|
||||
EVP_DecryptInit_ex(ctx, key.cipher, nullptr, key.data.enc_key.data(), iv);
|
||||
|
||||
return i == 0 ? 1 : 2;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -216,6 +216,10 @@ template <size_t N> std::string format_hex(const unsigned char (&s)[N]) {
|
|||
return format_hex(s, N);
|
||||
}
|
||||
|
||||
template <size_t N> std::string format_hex(const std::array<uint8_t, N> &s) {
|
||||
return format_hex(s.data(), s.size());
|
||||
}
|
||||
|
||||
std::string http_date(time_t t);
|
||||
|
||||
// Returns given time |t| from epoch in Common Log format (e.g.,
|
||||
|
|
|
|||
Loading…
Reference in New Issue