Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
iSulad
提交
7820bb62
I
iSulad
项目概览
openeuler
/
iSulad
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
I
iSulad
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
7820bb62
编写于
7月 20, 2020
作者:
W
WangFengTu
提交者:
lifeng68
7月 25, 2020
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
refactor aes and add llt for aes and base64
Signed-off-by:
N
WangFengTu
<
wangfengtu@huawei.com
>
上级
8150f890
变更
9
隐藏空白更改
内联
并排
Showing
9 changed file
with
146 addition
and
43 deletion
+146
-43
src/daemon/modules/image/oci/registry/aes.c
src/daemon/modules/image/oci/registry/aes.c
+4
-4
src/daemon/modules/image/oci/registry/aes.h
src/daemon/modules/image/oci/registry/aes.h
+4
-2
src/daemon/modules/image/oci/registry/auths.c
src/daemon/modules/image/oci/registry/auths.c
+6
-21
src/utils/cutils/utils_aes.c
src/utils/cutils/utils_aes.c
+37
-7
src/utils/cutils/utils_aes.h
src/utils/cutils/utils_aes.h
+7
-9
test/cutils/CMakeLists.txt
test/cutils/CMakeLists.txt
+1
-0
test/cutils/utils_base64/CMakeLists.txt
test/cutils/utils_base64/CMakeLists.txt
+29
-0
test/cutils/utils_base64/utils_base64_ut.cpp
test/cutils/utils_base64/utils_base64_ut.cpp
+47
-0
test/image/oci/registry/registry_ut.cpp
test/image/oci/registry/registry_ut.cpp
+11
-0
未找到文件。
src/daemon/modules/image/oci/registry/aes.c
浏览文件 @
7820bb62
...
...
@@ -32,7 +32,7 @@ void aes_set_key_path(char *key_path)
return
;
}
int
aes_decode
(
unsigned
char
*
input
,
size_t
input_len
,
unsigned
char
*
output
,
size_t
output_buf_len
)
int
aes_decode
(
unsigned
char
*
input
,
size_t
input_len
,
unsigned
char
*
*
output
)
{
int
ret
=
0
;
unsigned
char
aeskey
[
AES_256_CFB_KEY_LEN
];
...
...
@@ -43,7 +43,7 @@ int aes_decode(unsigned char *input, size_t input_len, unsigned char *output, si
return
ret
;
}
ret
=
util_aes_decode
(
aeskey
,
input
,
input_len
,
(
unsigned
char
*
)
output
,
output_buf_len
);
ret
=
util_aes_decode
(
aeskey
,
input
,
input_len
,
output
);
if
(
ret
<
0
)
{
ERROR
(
"decode aes failed"
);
ret
=
-
1
;
...
...
@@ -55,7 +55,7 @@ out:
return
ret
;
}
int
aes_encode
(
unsigned
char
*
input
,
size_t
input_len
,
unsigned
char
*
output
,
size_t
output_buf_len
)
int
aes_encode
(
unsigned
char
*
input
,
size_t
input_len
,
unsigned
char
*
*
output
)
{
int
ret
=
0
;
unsigned
char
aeskey
[
AES_256_CFB_KEY_LEN
];
...
...
@@ -66,7 +66,7 @@ int aes_encode(unsigned char *input, size_t input_len, unsigned char *output, si
return
ret
;
}
ret
=
util_aes_encode
(
aeskey
,
(
unsigned
char
*
)
input
,
input_len
,
output
,
output_buf_len
);
ret
=
util_aes_encode
(
aeskey
,
input
,
input_len
,
output
);
if
(
ret
<
0
)
{
ERROR
(
"encode aes failed"
);
ret
=
-
1
;
...
...
src/daemon/modules/image/oci/registry/aes.h
浏览文件 @
7820bb62
...
...
@@ -24,8 +24,10 @@ extern "C" {
#define DEFAULT_AUTH_AESKEY "/root/.isulad/" AUTH_AESKEY_NAME
void
aes_set_key_path
(
char
*
key_path
);
int
aes_decode
(
unsigned
char
*
input
,
size_t
input_len
,
unsigned
char
*
output
,
size_t
output_buf_len
);
int
aes_encode
(
unsigned
char
*
input
,
size_t
input_len
,
unsigned
char
*
output
,
size_t
output_buf_len
);
// output length is "input_len+AES_256_CFB_IV_LEN"
int
aes_encode
(
unsigned
char
*
input
,
size_t
input_len
,
unsigned
char
**
output
);
// output length is "input_len-AES_256_CFB_IV_LEN"
int
aes_decode
(
unsigned
char
*
input
,
size_t
input_len
,
unsigned
char
**
output
);
#ifdef __cplusplus
}
...
...
src/daemon/modules/image/oci/registry/auths.c
浏览文件 @
7820bb62
...
...
@@ -68,10 +68,9 @@ static int decode_auth_aes(char *encoded, char **username, char **password)
int
nret
=
0
;
int
ret
=
0
;
unsigned
char
*
decoded
=
NULL
;
size_t
decoded_len
=
0
;
char
**
auth_parts
=
NULL
;
char
*
auth
=
NULL
;
size_t
auth_buf
_len
=
0
;
size_t
decoded
_len
=
0
;
if
(
encoded
==
NULL
||
username
==
NULL
||
password
==
NULL
)
{
ERROR
(
"invalid NULL pointer"
);
...
...
@@ -85,13 +84,7 @@ static int decode_auth_aes(char *encoded, char **username, char **password)
goto
out
;
}
auth_buf_len
=
util_aes_decode_buf_len
(
decoded_len
);
auth
=
util_common_calloc_s
(
auth_buf_len
+
1
);
if
(
auth
==
NULL
)
{
ERROR
(
"out of memory"
);
return
-
1
;
}
ret
=
aes_decode
(
decoded
,
decoded_len
,
(
unsigned
char
*
)
auth
,
auth_buf_len
);
ret
=
aes_decode
(
decoded
,
decoded_len
,
(
unsigned
char
**
)
&
auth
);
if
(
ret
<
0
)
{
ERROR
(
"decode aes failed"
);
ret
=
-
1
;
...
...
@@ -139,7 +132,6 @@ static char *encode_auth_aes(char *username, char *password)
char
*
plain_text_base64
=
NULL
;
char
plain_text
[
PATH_MAX
]
=
{
0
};
unsigned
char
*
aes
=
NULL
;
size_t
aes_buf_len
=
0
;
size_t
aes_len
=
0
;
char
*
aes_base64
=
NULL
;
...
...
@@ -159,15 +151,8 @@ static char *encode_auth_aes(char *username, char *password)
// Do not encode char '\0'
plain_text_base64_encode_len
=
strlen
(
plain_text_base64
);
aes_buf_len
=
util_aes_encode_buf_len
(
plain_text_base64_encode_len
);
aes_len
=
AES_256_CFB_IV_LEN
+
plain_text_base64_encode_len
;
aes
=
util_common_calloc_s
(
aes_buf_len
);
if
(
aes
==
NULL
)
{
ERROR
(
"out of memory"
);
ret
=
-
1
;
goto
out
;
}
ret
=
aes_encode
((
unsigned
char
*
)
plain_text_base64
,
plain_text_base64_encode_len
,
aes
,
aes_buf_len
);
ret
=
aes_encode
((
unsigned
char
*
)
plain_text_base64
,
plain_text_base64_encode_len
,
&
aes
);
if
(
ret
<
0
)
{
ERROR
(
"encode aes failed"
);
ret
=
-
1
;
...
...
@@ -183,12 +168,12 @@ static char *encode_auth_aes(char *username, char *password)
out:
(
void
)
memset
(
plain_text
,
0
,
strlen
(
plain_text
));
free
(
aes
);
free
_sensitive_string
((
char
*
)
aes
);
aes
=
NULL
;
free
(
plain_text_base64
);
free
_sensitive_string
(
plain_text_base64
);
plain_text_base64
=
NULL
;
if
(
ret
!=
0
)
{
free
(
aes_base64
);
free
_sensitive_string
(
aes_base64
);
aes_base64
=
NULL
;
}
return
aes_base64
;
...
...
src/utils/cutils/utils_aes.c
浏览文件 @
7820bb62
...
...
@@ -105,17 +105,24 @@ size_t util_aes_encode_buf_len(size_t len)
return
AES_256_CFB_IV_LEN
+
util_aes_decode_buf_len
(
len
);
}
int
util_aes_encode
(
unsigned
char
*
aeskey
,
unsigned
char
*
bytes
,
size_t
len
,
unsigned
char
*
out
,
size_t
out_len
)
int
util_aes_encode
(
unsigned
char
*
aeskey
,
unsigned
char
*
bytes
,
size_t
len
,
unsigned
char
*
*
out
)
{
int
ret
=
0
;
int
evp_ret
=
0
;
int
tmp_out_len
=
0
;
int
size
=
0
;
int
expected_size
=
len
;
unsigned
char
*
iv
=
out
;
unsigned
char
*
iv
=
NULL
;
const
EVP_CIPHER
*
cipher
=
EVP_aes_256_cfb
();
EVP_CIPHER_CTX
*
ctx
=
EVP_CIPHER_CTX_new
();
*
out
=
util_common_calloc_s
(
util_aes_encode_buf_len
(
len
)
+
1
);
if
(
*
out
==
NULL
)
{
ERROR
(
"out of memory"
);
return
-
1
;
}
iv
=
*
out
;
ret
=
util_generate_random_str
((
char
*
)
iv
,
AES_256_CFB_IV_LEN
);
if
(
ret
!=
0
)
{
ERROR
(
"generate random string for iv failed"
);
...
...
@@ -129,7 +136,7 @@ int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns
goto
out
;
}
evp_ret
=
EVP_EncryptUpdate
(
ctx
,
out
+
AES_256_CFB_IV_LEN
,
&
tmp_out_len
,
bytes
,
len
);
evp_ret
=
EVP_EncryptUpdate
(
ctx
,
(
*
out
)
+
AES_256_CFB_IV_LEN
,
&
tmp_out_len
,
bytes
,
len
);
if
(
evp_ret
!=
1
)
{
ERROR
(
"evp encrypt update failed, result %d: %s"
,
evp_ret
,
strerror
(
errno
));
ret
=
-
1
;
...
...
@@ -137,7 +144,7 @@ int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns
}
size
=
tmp_out_len
;
evp_ret
=
EVP_EncryptFinal
(
ctx
,
out
+
AES_256_CFB_IV_LEN
+
tmp_out_len
,
&
tmp_out_len
);
evp_ret
=
EVP_EncryptFinal
(
ctx
,
(
*
out
)
+
AES_256_CFB_IV_LEN
+
tmp_out_len
,
&
tmp_out_len
);
if
(
evp_ret
!=
1
)
{
ERROR
(
"evp encrypt final failed, result %d: %s"
,
evp_ret
,
strerror
(
errno
));
ret
=
-
1
;
...
...
@@ -151,14 +158,20 @@ int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns
goto
out
;
}
*
(
*
out
+
AES_256_CFB_IV_LEN
+
expected_size
)
=
0
;
out:
EVP_CIPHER_CTX_free
(
ctx
);
ctx
=
NULL
;
if
(
ret
!=
0
)
{
free
(
*
out
);
*
out
=
NULL
;
}
return
ret
;
}
int
util_aes_decode
(
unsigned
char
*
aeskey
,
unsigned
char
*
bytes
,
size_t
len
,
unsigned
char
*
out
,
size_t
out_len
)
int
util_aes_decode
(
unsigned
char
*
aeskey
,
unsigned
char
*
bytes
,
size_t
len
,
unsigned
char
*
*
out
)
{
int
ret
=
0
;
int
evp_ret
=
0
;
...
...
@@ -169,6 +182,17 @@ int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns
const
EVP_CIPHER
*
cipher
=
EVP_aes_256_cfb
();
EVP_CIPHER_CTX
*
ctx
=
EVP_CIPHER_CTX_new
();
if
(
len
<=
AES_256_CFB_IV_LEN
)
{
ERROR
(
"Invalid aes length, it must be larger than %d"
,
AES_256_CFB_IV_LEN
);
return
-
1
;
}
*
out
=
util_common_calloc_s
(
util_aes_decode_buf_len
(
len
)
+
1
);
if
(
*
out
==
NULL
)
{
ERROR
(
"out of memory"
);
return
-
1
;
}
iv
=
bytes
;
evp_ret
=
EVP_DecryptInit
(
ctx
,
cipher
,
aeskey
,
iv
);
if
(
evp_ret
!=
1
)
{
...
...
@@ -178,7 +202,7 @@ int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns
}
expected_size
=
len
-
AES_256_CFB_IV_LEN
;
evp_ret
=
EVP_DecryptUpdate
(
ctx
,
out
,
&
tmp_out_len
,
bytes
+
AES_256_CFB_IV_LEN
,
expected_size
);
evp_ret
=
EVP_DecryptUpdate
(
ctx
,
*
out
,
&
tmp_out_len
,
bytes
+
AES_256_CFB_IV_LEN
,
expected_size
);
if
(
evp_ret
!=
1
)
{
ERROR
(
"evp decrypt update failed, result %d: %s"
,
evp_ret
,
strerror
(
errno
));
ret
=
-
1
;
...
...
@@ -186,7 +210,7 @@ int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns
}
size
=
tmp_out_len
;
evp_ret
=
EVP_DecryptFinal
(
ctx
,
out
+
tmp_out_len
,
&
tmp_out_len
);
evp_ret
=
EVP_DecryptFinal
(
ctx
,
(
*
out
)
+
tmp_out_len
,
&
tmp_out_len
);
if
(
evp_ret
!=
1
)
{
ERROR
(
"evp decrypt final failed, result %d: %s"
,
evp_ret
,
strerror
(
errno
));
ret
=
-
1
;
...
...
@@ -200,9 +224,15 @@ int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns
goto
out
;
}
*
(
*
out
+
expected_size
)
=
0
;
out:
EVP_CIPHER_CTX_free
(
ctx
);
ctx
=
NULL
;
if
(
ret
!=
0
)
{
free
(
*
out
);
*
out
=
NULL
;
}
return
ret
;
}
src/utils/cutils/utils_aes.h
浏览文件 @
7820bb62
...
...
@@ -30,15 +30,13 @@ extern "C" {
int
util_aes_key
(
char
*
key_path
,
bool
create
,
unsigned
char
*
aeskey
);
// This is the output buffer length, not the result data length.
size_t
util_aes_encode_buf_len
(
size_t
len
);
// note: input bytes is "IV+data", "bytes + AES_256_CFB_IV_LEN" is the real data to be encoded.
int
util_aes_encode
(
unsigned
char
*
aeskey
,
unsigned
char
*
bytes
,
size_t
len
,
unsigned
char
*
out
,
size_t
out_len
);
// This is the output buffer length, not the result data length.
size_t
util_aes_decode_buf_len
(
size_t
len
);
// note: output bytes is "IV+data", "bytes + AES_256_CFB_IV_LEN" is the read encoded data.
int
util_aes_decode
(
unsigned
char
*
aeskey
,
unsigned
char
*
bytes
,
size_t
len
,
unsigned
char
*
out
,
size_t
out_len
);
// note: Input bytes is "IV+data", "bytes+AES_256_CFB_IV_LEN" is the real data to be encoded.
// The output length is the input "len" and add the '\0' after end of the length.
int
util_aes_encode
(
unsigned
char
*
aeskey
,
unsigned
char
*
bytes
,
size_t
len
,
unsigned
char
**
out
);
// note: Iutput bytes is "IV+data", "bytes+AES_256_CFB_IV_LEN" is the read encoded data.
// the output length is the input "len-AES_256_CFB_IV_LEN" and add the '\0' after end of the length.
int
util_aes_decode
(
unsigned
char
*
aeskey
,
unsigned
char
*
bytes
,
size_t
len
,
unsigned
char
**
out
);
#ifdef __cplusplus
}
...
...
test/cutils/CMakeLists.txt
浏览文件 @
7820bb62
...
...
@@ -3,3 +3,4 @@ project(iSulad_UT)
add_subdirectory
(
utils_string
)
add_subdirectory
(
utils_convert
)
add_subdirectory
(
utils_array
)
add_subdirectory
(
utils_base64
)
test/cutils/utils_base64/CMakeLists.txt
0 → 100644
浏览文件 @
7820bb62
project
(
iSulad_UT
)
SET
(
EXE utils_base64_ut
)
add_executable
(
${
EXE
}
${
CMAKE_CURRENT_SOURCE_DIR
}
/../../../src/utils/cutils/utils_base64.c
${
CMAKE_CURRENT_SOURCE_DIR
}
/../../../src/utils/cutils/utils.c
${
CMAKE_CURRENT_SOURCE_DIR
}
/../../../src/utils/cutils/utils_array.c
${
CMAKE_CURRENT_SOURCE_DIR
}
/../../../src/utils/cutils/utils_string.c
${
CMAKE_CURRENT_SOURCE_DIR
}
/../../../src/utils/cutils/utils_file.c
${
CMAKE_CURRENT_SOURCE_DIR
}
/../../../src/utils/cutils/utils_convert.c
${
CMAKE_CURRENT_SOURCE_DIR
}
/../../../src/utils/cutils/utils_verify.c
${
CMAKE_CURRENT_SOURCE_DIR
}
/../../../src/utils/cutils/utils_regex.c
${
CMAKE_CURRENT_SOURCE_DIR
}
/../../../src/utils/sha256/sha256.c
${
CMAKE_CURRENT_SOURCE_DIR
}
/../../../src/utils/cutils/path.c
${
CMAKE_CURRENT_SOURCE_DIR
}
/../../../src/utils/cutils/map/map.c
${
CMAKE_CURRENT_SOURCE_DIR
}
/../../../src/utils/cutils/map/rb_tree.c
utils_base64_ut.cpp
)
target_include_directories
(
${
EXE
}
PUBLIC
${
GTEST_INCLUDE_DIR
}
${
CMAKE_CURRENT_SOURCE_DIR
}
/../../include
${
CMAKE_CURRENT_SOURCE_DIR
}
/../../../src/common
${
CMAKE_CURRENT_SOURCE_DIR
}
/../../../src/utils/cutils/map
${
CMAKE_CURRENT_SOURCE_DIR
}
/../../../src/utils/sha256
${
CMAKE_CURRENT_SOURCE_DIR
}
/../../../src/utils/cutils
)
target_link_libraries
(
${
EXE
}
${
GTEST_BOTH_LIBRARIES
}
${
CMAKE_THREAD_LIBS_INIT
}
${
ISULA_LIBUTILS_LIBRARY
}
-lcrypto -lyajl -lz
)
add_test
(
NAME
${
EXE
}
COMMAND
${
EXE
}
)
test/cutils/utils_base64/utils_base64_ut.cpp
0 → 100644
浏览文件 @
7820bb62
/*
* Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
* iSulad licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
* PURPOSE.
* See the Mulan PSL v2 for more details.
* Description: utils_convert unit test
* Author: wangfengtu
* Create: 2020-07-20
*/
#include <stdlib.h>
#include <stdio.h>
#include <climits>
#include <gtest/gtest.h>
#include "utils_base64.h"
TEST
(
utils_base64
,
test_util_base64
)
{
char
*
plain_text
=
(
char
*
)
"^cvdgfdgghaswere3575676y&*`~cx,xfdgdvcvdfd][';./?.,<>|
\\
!@#$%^&*()_+=-090wvvs3sdfel33cxvdf***$"
;
char
*
encoded
=
NULL
;
char
*
decoded
=
NULL
;
size_t
decoded_len
=
0
;
// check long base64 encode/decode
ASSERT_EQ
(
util_base64_encode
((
unsigned
char
*
)
plain_text
,
strlen
(
plain_text
),
&
encoded
),
0
);
ASSERT_STREQ
(
encoded
,
"XmN2ZGdmZGdnaGFzd2VyZTM1NzU2NzZ5JipgfmN4LHhmZGdkdmN2ZGZkXVsnOy4vPy4sPD58XCFAIyQlXiYqKClfKz0tMDkwd3Z2czNzZGZlbDMzY3h2ZGYqKiok"
);
ASSERT_EQ
(
util_base64_decode
((
const
char
*
)
encoded
,
strlen
(
encoded
),
(
unsigned
char
**
)
&
decoded
,
&
decoded_len
),
0
);
ASSERT_STREQ
(
decoded
,
plain_text
);
ASSERT_EQ
(
strlen
(
plain_text
),
decoded_len
);
free
(
encoded
);
encoded
=
NULL
;
free
(
decoded
);
decoded
=
NULL
;
// check base64 decode with suffix '\0'
ASSERT_EQ
(
util_base64_decode
((
const
char
*
)
"MQ=="
,
strlen
(
"MQ=="
),
(
unsigned
char
**
)
&
decoded
,
&
decoded_len
),
0
);
ASSERT_STREQ
(
decoded
,
"1"
);
ASSERT_EQ
(
decoded_len
,
1
);
free
(
decoded
);
}
test/image/oci/registry/registry_ut.cpp
浏览文件 @
7820bb62
...
...
@@ -660,6 +660,17 @@ TEST_F(RegistryUnitTest, test_pull_already_exist)
ASSERT_NE
(
registry_pull
(
&
options
),
0
);
}
TEST_F
(
RegistryUnitTest
,
test_aes
)
{
char
*
text
=
(
char
*
)
"test"
;
unsigned
char
*
encoded
=
NULL
;
char
*
decoded
=
NULL
;
ASSERT_EQ
(
aes_encode
((
unsigned
char
*
)
text
,
strlen
(
text
),
&
encoded
),
0
);
ASSERT_EQ
(
aes_decode
(
encoded
,
AES_256_CFB_IV_LEN
+
strlen
(
text
),
(
unsigned
char
**
)
&
decoded
),
0
);
ASSERT_STREQ
(
decoded
,
text
);
free
(
encoded
);
free
(
decoded
);
}
TEST_F
(
RegistryUnitTest
,
test_cleanup
)
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录