refactor aes and add llt for aes and base64

Signed-off-by: N WangFengTu <wangfengtu@huawei.com>

refactor aes and add llt for aes and base64
Signed-off-by: N WangFengTu <wangfengtu@huawei.com>
7820bb62 · WangFengTu · lifeng68 · 8150f890 · 7820bb62 · 7820bb62
9 changed file
--- a/src/daemon/modules/image/oci/registry/aes.c
+++ b/src/daemon/modules/image/oci/registry/aes.c
@@ -32,7 +32,7 @@ void aes_set_key_path(char *key_path)
    return;
 }

-int aes_decode(unsigned char *input, size_t input_len, unsigned char *output, size_t output_buf_len)
+int aes_decode(unsigned char *input, size_t input_len, unsigned char **output)
 {
    int ret = 0;
    unsigned char aeskey[AES_256_CFB_KEY_LEN];
@@ -43,7 +43,7 @@ int aes_decode(unsigned char *input, size_t input_len, unsigned char *output, si
        return ret;
    }

-    ret = util_aes_decode(aeskey, input, input_len, (unsigned char *)output, output_buf_len);
+    ret = util_aes_decode(aeskey, input, input_len, output);
    if (ret < 0) {
        ERROR("decode aes failed");
        ret = -1;
@@ -55,7 +55,7 @@ out:
    return ret;
 }

-int aes_encode(unsigned char *input, size_t input_len, unsigned char *output, size_t output_buf_len)
+int aes_encode(unsigned char *input, size_t input_len, unsigned char **output)
 {
    int ret = 0;
    unsigned char aeskey[AES_256_CFB_KEY_LEN];
@@ -66,7 +66,7 @@ int aes_encode(unsigned char *input, size_t input_len, unsigned char *output, si
        return ret;
    }

-    ret = util_aes_encode(aeskey, (unsigned char *)input, input_len, output, output_buf_len);
+    ret = util_aes_encode(aeskey, input, input_len, output);
    if (ret < 0) {
        ERROR("encode aes failed");
        ret = -1;

--- a/src/daemon/modules/image/oci/registry/aes.h
+++ b/src/daemon/modules/image/oci/registry/aes.h
@@ -24,8 +24,10 @@ extern "C" {
 #define DEFAULT_AUTH_AESKEY "/root/.isulad/" AUTH_AESKEY_NAME

 void aes_set_key_path(char *key_path);
-int aes_decode(unsigned char *input, size_t input_len, unsigned char *output, size_t output_buf_len);
-int aes_encode(unsigned char *input, size_t input_len, unsigned char *output, size_t output_buf_len);
+// output length is "input_len+AES_256_CFB_IV_LEN"
+int aes_encode(unsigned char *input, size_t input_len, unsigned char **output);
+// output length is "input_len-AES_256_CFB_IV_LEN"
+int aes_decode(unsigned char *input, size_t input_len, unsigned char **output);

 #ifdef __cplusplus
 }

--- a/src/daemon/modules/image/oci/registry/auths.c
+++ b/src/daemon/modules/image/oci/registry/auths.c
@@ -68,10 +68,9 @@ static int decode_auth_aes(char *encoded, char **username, char **password)
    int nret = 0;
    int ret = 0;
    unsigned char *decoded = NULL;
-    size_t decoded_len = 0;
    char **auth_parts = NULL;
    char *auth = NULL;
-    size_t auth_buf_len = 0;
+    size_t decoded_len = 0;

    if (encoded == NULL || username == NULL || password == NULL) {
        ERROR("invalid NULL pointer");
@@ -85,13 +84,7 @@ static int decode_auth_aes(char *encoded, char **username, char **password)
        goto out;
    }

-    auth_buf_len = util_aes_decode_buf_len(decoded_len);
-    auth = util_common_calloc_s(auth_buf_len + 1);
-    if (auth == NULL) {
-        ERROR("out of memory");
-        return -1;
-    }
-    ret = aes_decode(decoded, decoded_len, (unsigned char *)auth, auth_buf_len);
+    ret = aes_decode(decoded, decoded_len, (unsigned char **)&auth);
    if (ret < 0) {
        ERROR("decode aes failed");
        ret = -1;
@@ -139,7 +132,6 @@ static char *encode_auth_aes(char *username, char *password)
    char *plain_text_base64 = NULL;
    char plain_text[PATH_MAX] = { 0 };
    unsigned char *aes = NULL;
-    size_t aes_buf_len = 0;
    size_t aes_len = 0;
    char *aes_base64 = NULL;

@@ -159,15 +151,8 @@ static char *encode_auth_aes(char *username, char *password)

    // Do not encode char '\0'
    plain_text_base64_encode_len = strlen(plain_text_base64);
-    aes_buf_len = util_aes_encode_buf_len(plain_text_base64_encode_len);
    aes_len = AES_256_CFB_IV_LEN + plain_text_base64_encode_len;
-    aes = util_common_calloc_s(aes_buf_len);
-    if (aes == NULL) {
-        ERROR("out of memory");
-        ret = -1;
-        goto out;
-    }
-    ret = aes_encode((unsigned char *)plain_text_base64, plain_text_base64_encode_len, aes, aes_buf_len);
+    ret = aes_encode((unsigned char *)plain_text_base64, plain_text_base64_encode_len, &aes);
    if (ret < 0) {
        ERROR("encode aes failed");
        ret = -1;
@@ -183,12 +168,12 @@ static char *encode_auth_aes(char *username, char *password)

 out:
    (void)memset(plain_text, 0, strlen(plain_text));
-    free(aes);
+    free_sensitive_string((char*)aes);
    aes = NULL;
-    free(plain_text_base64);
+    free_sensitive_string(plain_text_base64);
    plain_text_base64 = NULL;
    if (ret != 0) {
-        free(aes_base64);
+        free_sensitive_string(aes_base64);
        aes_base64 = NULL;
    }
    return aes_base64;

--- a/src/utils/cutils/utils_aes.c
+++ b/src/utils/cutils/utils_aes.c
@@ -105,17 +105,24 @@ size_t util_aes_encode_buf_len(size_t len)
    return AES_256_CFB_IV_LEN + util_aes_decode_buf_len(len);
 }

-int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, unsigned char *out, size_t out_len)
+int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, unsigned char **out)
 {
    int ret = 0;
    int evp_ret = 0;
    int tmp_out_len = 0;
    int size = 0;
    int expected_size = len;
-    unsigned char *iv = out;
+    unsigned char *iv = NULL;
    const EVP_CIPHER *cipher = EVP_aes_256_cfb();
    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();

+    *out = util_common_calloc_s(util_aes_encode_buf_len(len) + 1);
+    if (*out == NULL) {
+        ERROR("out of memory");
+        return -1;
+    }
+    iv = *out;
+
    ret = util_generate_random_str((char *)iv, AES_256_CFB_IV_LEN);
    if (ret != 0) {
        ERROR("generate random string for iv failed");
@@ -129,7 +136,7 @@ int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns
        goto out;
    }

-    evp_ret = EVP_EncryptUpdate(ctx, out + AES_256_CFB_IV_LEN, &tmp_out_len, bytes, len);
+    evp_ret = EVP_EncryptUpdate(ctx, (*out) + AES_256_CFB_IV_LEN, &tmp_out_len, bytes, len);
    if (evp_ret != 1) {
        ERROR("evp encrypt update failed, result %d: %s", evp_ret, strerror(errno));
        ret = -1;
@@ -137,7 +144,7 @@ int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns
    }
    size = tmp_out_len;

-    evp_ret = EVP_EncryptFinal(ctx, out + AES_256_CFB_IV_LEN + tmp_out_len, &tmp_out_len);
+    evp_ret = EVP_EncryptFinal(ctx, (*out) + AES_256_CFB_IV_LEN + tmp_out_len, &tmp_out_len);
    if (evp_ret != 1) {
        ERROR("evp encrypt final failed, result %d: %s", evp_ret, strerror(errno));
        ret = -1;
@@ -151,14 +158,20 @@ int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns
        goto out;
    }

+    *(*out + AES_256_CFB_IV_LEN + expected_size) = 0;
+
 out:
    EVP_CIPHER_CTX_free(ctx);
    ctx = NULL;
+    if (ret != 0) {
+        free(*out);
+        *out = NULL;
+    }

    return ret;
 }

-int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, unsigned char *out, size_t out_len)
+int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, unsigned char **out)
 {
    int ret = 0;
    int evp_ret = 0;
@@ -169,6 +182,17 @@ int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns
    const EVP_CIPHER *cipher = EVP_aes_256_cfb();
    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();

+    if (len <= AES_256_CFB_IV_LEN) {
+        ERROR("Invalid aes length, it must be larger than %d", AES_256_CFB_IV_LEN);
+        return -1;
+    }
+
+    *out = util_common_calloc_s(util_aes_decode_buf_len(len) + 1);
+    if (*out == NULL) {
+        ERROR("out of memory");
+        return -1;
+    }
+
    iv = bytes;
    evp_ret = EVP_DecryptInit(ctx, cipher, aeskey, iv);
    if (evp_ret != 1) {
@@ -178,7 +202,7 @@ int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns
    }

    expected_size = len - AES_256_CFB_IV_LEN;
-    evp_ret = EVP_DecryptUpdate(ctx, out, &tmp_out_len, bytes + AES_256_CFB_IV_LEN, expected_size);
+    evp_ret = EVP_DecryptUpdate(ctx, *out, &tmp_out_len, bytes + AES_256_CFB_IV_LEN, expected_size);
    if (evp_ret != 1) {
        ERROR("evp decrypt update failed, result %d: %s", evp_ret, strerror(errno));
        ret = -1;
@@ -186,7 +210,7 @@ int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns
    }
    size = tmp_out_len;

-    evp_ret = EVP_DecryptFinal(ctx, out + tmp_out_len, &tmp_out_len);
+    evp_ret = EVP_DecryptFinal(ctx, (*out) + tmp_out_len, &tmp_out_len);
    if (evp_ret != 1) {
        ERROR("evp decrypt final failed, result %d: %s", evp_ret, strerror(errno));
        ret = -1;
@@ -200,9 +224,15 @@ int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns
        goto out;
    }

+    *(*out + expected_size) = 0;
+
 out:
    EVP_CIPHER_CTX_free(ctx);
    ctx = NULL;
+    if (ret != 0) {
+        free(*out);
+        *out = NULL;
+    }

    return ret;
 }
--- a/src/utils/cutils/utils_aes.h
+++ b/src/utils/cutils/utils_aes.h
@@ -30,15 +30,13 @@ extern "C" {

 int util_aes_key(char *key_path, bool create, unsigned char *aeskey);

-// This is the output buffer length, not the result data length.
-size_t util_aes_encode_buf_len(size_t len);
-// note: input bytes is "IV+data", "bytes + AES_256_CFB_IV_LEN" is the real data to be encoded.
-int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, unsigned char *out, size_t out_len);
-
-// This is the output buffer length, not the result data length.
-size_t util_aes_decode_buf_len(size_t len);
-// note: output bytes is "IV+data", "bytes + AES_256_CFB_IV_LEN" is the read encoded data.
-int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, unsigned char *out, size_t out_len);
+// note: Input bytes is "IV+data", "bytes+AES_256_CFB_IV_LEN" is the real data to be encoded.
+//       The output length is the input "len" and add the '\0' after end of the length.
+int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, unsigned char **out);
+
+// note: Iutput bytes is "IV+data", "bytes+AES_256_CFB_IV_LEN" is the read encoded data.
+//       the output length is the input "len-AES_256_CFB_IV_LEN" and add the '\0' after end of the length.
+int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, unsigned char **out);

 #ifdef __cplusplus
 }

--- a/test/cutils/CMakeLists.txt
+++ b/test/cutils/CMakeLists.txt
@@ -3,3 +3,4 @@ project(iSulad_UT)
 add_subdirectory(utils_string)
 add_subdirectory(utils_convert)
 add_subdirectory(utils_array)
+add_subdirectory(utils_base64)
--- a/test/cutils/utils_base64/CMakeLists.txt
+++ b/test/cutils/utils_base64/CMakeLists.txt
+project(iSulad_UT)
+
+SET(EXE utils_base64_ut)
+
+add_executable(${EXE}
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_base64.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_array.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_string.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_file.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_convert.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_verify.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/utils_regex.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/sha256/sha256.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/path.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/map.c
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map/rb_tree.c
+    utils_base64_ut.cpp)
+
+target_include_directories(${EXE} PUBLIC
+    ${GTEST_INCLUDE_DIR}
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../include
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/common
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils/map
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/sha256
+    ${CMAKE_CURRENT_SOURCE_DIR}/../../../src/utils/cutils
+    )
+target_link_libraries(${EXE} ${GTEST_BOTH_LIBRARIES} ${CMAKE_THREAD_LIBS_INIT} ${ISULA_LIBUTILS_LIBRARY} -lcrypto -lyajl -lz)
+add_test(NAME ${EXE} COMMAND ${EXE})
--- a/test/cutils/utils_base64/utils_base64_ut.cpp
+++ b/test/cutils/utils_base64/utils_base64_ut.cpp
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * iSulad licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Description: utils_convert unit test
+ * Author: wangfengtu
+ * Create: 2020-07-20
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <climits>
+#include <gtest/gtest.h>
+#include "utils_base64.h"
+
+TEST(utils_base64, test_util_base64)
+{
+    char *plain_text = (char*)"^cvdgfdgghaswere3575676y&*`~cx,xfdgdvcvdfd][';./?.,<>|\\!@#$%^&*()_+=-090wvvs3sdfel33cxvdf***$";
+    char *encoded = NULL;
+    char *decoded = NULL;
+    size_t decoded_len = 0;
+
+    // check long base64 encode/decode
+    ASSERT_EQ(util_base64_encode((unsigned char*)plain_text, strlen(plain_text), &encoded), 0);
+    ASSERT_STREQ(encoded, "XmN2ZGdmZGdnaGFzd2VyZTM1NzU2NzZ5JipgfmN4LHhmZGdkdmN2ZGZkXVsnOy4vPy4sPD58XCFAIyQlXiYqKClfKz0tMDkwd3Z2czNzZGZlbDMzY3h2ZGYqKiok");
+    ASSERT_EQ(util_base64_decode((const char*)encoded, strlen(encoded), (unsigned char**)&decoded, &decoded_len), 0);
+    ASSERT_STREQ(decoded, plain_text);
+    ASSERT_EQ(strlen(plain_text), decoded_len);
+
+    free(encoded);
+    encoded = NULL;
+    free(decoded);
+    decoded = NULL;
+
+    // check base64 decode with suffix '\0'
+    ASSERT_EQ(util_base64_decode((const char*)"MQ==", strlen("MQ=="), (unsigned char**)&decoded, &decoded_len), 0);
+    ASSERT_STREQ(decoded, "1");
+    ASSERT_EQ(decoded_len, 1);
+
+    free(decoded);
+}
--- a/test/image/oci/registry/registry_ut.cpp
+++ b/test/image/oci/registry/registry_ut.cpp
@@ -660,6 +660,17 @@ TEST_F(RegistryUnitTest, test_pull_already_exist)
    ASSERT_NE(registry_pull(&options), 0);
 }

+TEST_F(RegistryUnitTest, test_aes)
+{
+    char *text = (char*)"test";
+    unsigned char *encoded = NULL;
+    char *decoded = NULL;
+    ASSERT_EQ(aes_encode((unsigned char *)text, strlen(text), &encoded), 0);
+    ASSERT_EQ(aes_decode(encoded, AES_256_CFB_IV_LEN+strlen(text), (unsigned char **)&decoded), 0);
+    ASSERT_STREQ(decoded, text);
+    free(encoded);
+    free(decoded);
+}

 TEST_F(RegistryUnitTest, test_cleanup)
 {