Skip to content

Commit

Permalink
An IV should be generated for each encryption
Browse files Browse the repository at this point in the history
We now have the ability to decide if the IV is communicated to the client in a non forgeable manner or we only keep it on the server side.

Closes openresty#2
  • Loading branch information
rcosnita committed Oct 30, 2020
1 parent 99662f8 commit 8953ff7
Show file tree
Hide file tree
Showing 3 changed files with 266 additions and 20 deletions.
19 changes: 19 additions & 0 deletions src/ngx_http_encrypted_session_cipher.c
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@

#include "ngx_http_encrypted_session_cipher.h"
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/md5.h>
#include <stdint.h>

Expand Down Expand Up @@ -291,3 +292,21 @@ ngx_http_encrypted_session_htonll(uint64_t n)
+ htonl((unsigned long) (n >> 32));
#endif
}

unsigned char*
ngx_http_encrypted_session_hmac(ngx_pool_t *pool,
const u_char *key, size_t key_len,
const u_char *data, size_t data_len, u_char **dst, size_t *dst_len)
{
u_char *result = NULL;
u_char *input = ngx_pcalloc(pool, data_len + 1);
ngx_memcpy(input, data, data_len);

unsigned int len;
result = HMAC(EVP_sha256(), key, key_len, input, data_len, result, &len);
*dst_len = len;
*dst = (u_char*)ngx_pcalloc(pool, len + 1);
ngx_memcpy(*dst, result, len);

return *dst;
}
5 changes: 5 additions & 0 deletions src/ngx_http_encrypted_session_cipher.h
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
#include <ngx_core.h>
#include <ngx_http.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>


typedef int (*cipher_ctx_reset_handle) (EVP_CIPHER_CTX *ctx);
Expand Down Expand Up @@ -34,6 +35,10 @@ ngx_int_t ngx_http_encrypted_session_aes_mac_decrypt(
size_t key_len, const u_char *in, size_t in_len, u_char **dst,
size_t *dst_len);

unsigned char* ngx_http_encrypted_session_hmac(
ngx_pool_t *pool,
const u_char *key, size_t key_len,
const u_char *data, size_t data_len, u_char **dst, size_t *dst_len);

#endif /* NGX_HTTP_ENCRYPTED_SESSION_CIPHER_H */

Loading

0 comments on commit 8953ff7

Please sign in to comment.