From e1312746f6d6130bb7bf3c5079276c41455f9fde Mon Sep 17 00:00:00 2001 From: wzxjohn Date: Thu, 31 Aug 2023 09:17:08 +0800 Subject: [PATCH 1/3] feat: add AAD support in aes gcm --- lib/resty/aes.lua | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/lib/resty/aes.lua b/lib/resty/aes.lua index 448a82c..58a7b29 100644 --- a/lib/resty/aes.lua +++ b/lib/resty/aes.lua @@ -224,7 +224,7 @@ function _M.new(self, key, salt, _cipher, _hash, hash_rounds, iv_len, enable_pad end -function _M.encrypt(self, s) +function _M.encrypt(self, s, aad) local typ = type(self) if typ ~= "table" then error("bad argument #1 self: table expected, got " .. typ, 2) @@ -241,6 +241,16 @@ function _M.encrypt(self, s) return nil, "EVP_EncryptInit_ex failed" end + if self._cipher == "gcm" then + if aad ~= nil then + local aad_buf = ffi_new("unsigned char[?]", #aad) + ffi.copy(aad_buf, aad, #aad) + if C.EVP_EncryptUpdate(ctx, nil, tmp_len, aad_buf, #aad) == 0 then + return nil, "C.EVP_EncryptUpdate failed" + end + end + end + if C.EVP_EncryptUpdate(ctx, buf, out_len, s, s_len) == 0 then return nil, "EVP_EncryptUpdate failed" end @@ -284,6 +294,16 @@ function _M.decrypt(self, s, tag) return nil, "EVP_DecryptInit_ex failed" end + if self._cipher == "gcm" then + if aad ~= nil then + local aad_buf = ffi_new("unsigned char[?]", #aad) + ffi.copy(aad_buf, aad, #aad) + if C.EVP_DecryptUpdate(ctx, nil, tmp_len, aad_buf, #aad) == 0 then + return nil, "C.EVP_DecryptUpdate failed" + end + end + end + if C.EVP_DecryptUpdate(ctx, buf, out_len, s, s_len) == 0 then return nil, "EVP_DecryptUpdate failed" end From 63920e1df99bacb846c19b1e73817a5cc7c51f98 Mon Sep 17 00:00:00 2001 From: wzxjohn Date: Thu, 31 Aug 2023 09:21:38 +0800 Subject: [PATCH 2/3] fix: add aad to decrypt param --- lib/resty/aes.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/resty/aes.lua b/lib/resty/aes.lua index 58a7b29..6db7a42 100644 --- a/lib/resty/aes.lua +++ b/lib/resty/aes.lua @@ -277,7 +277,7 @@ function _M.encrypt(self, s, aad) end -function _M.decrypt(self, s, tag) +function _M.decrypt(self, s, tag, aad) local typ = type(self) if typ ~= "table" then error("bad argument #1 self: table expected, got " .. typ, 2) From bb983a1ad278a18b86252ba713833a4ed49bab7c Mon Sep 17 00:00:00 2001 From: wzxjohn Date: Thu, 1 Feb 2024 09:46:54 +0800 Subject: [PATCH 3/3] Apply suggestions from code review Co-authored-by: lijunlong --- lib/resty/aes.lua | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/lib/resty/aes.lua b/lib/resty/aes.lua index 6db7a42..6ee4e18 100644 --- a/lib/resty/aes.lua +++ b/lib/resty/aes.lua @@ -243,9 +243,7 @@ function _M.encrypt(self, s, aad) if self._cipher == "gcm" then if aad ~= nil then - local aad_buf = ffi_new("unsigned char[?]", #aad) - ffi.copy(aad_buf, aad, #aad) - if C.EVP_EncryptUpdate(ctx, nil, tmp_len, aad_buf, #aad) == 0 then + if C.EVP_EncryptUpdate(ctx, nil, tmp_len, aad, #aad) == 0 then return nil, "C.EVP_EncryptUpdate failed" end end @@ -296,9 +294,7 @@ function _M.decrypt(self, s, tag, aad) if self._cipher == "gcm" then if aad ~= nil then - local aad_buf = ffi_new("unsigned char[?]", #aad) - ffi.copy(aad_buf, aad, #aad) - if C.EVP_DecryptUpdate(ctx, nil, tmp_len, aad_buf, #aad) == 0 then + if C.EVP_DecryptUpdate(ctx, nil, tmp_len, aad, #aad) == 0 then return nil, "C.EVP_DecryptUpdate failed" end end