still one error left
Change-Id: Id89dd6c85e02032b788d6cf97fc8b3ae9964b757
diff --git a/src/ca-module.cpp b/src/ca-module.cpp
index 6df30eb..a7c2fdb 100644
--- a/src/ca-module.cpp
+++ b/src/ca-module.cpp
@@ -234,8 +234,8 @@
std::array<uint8_t, 32> salt;
random::generateSecureBytes(salt.data(), salt.size());
// hkdf
- uint8_t aesKey[AES_128_KEY_LEN];
- hkdf(sharedSecret.data(), sharedSecret.size(), salt.data(), salt.size(), aesKey, sizeof(aesKey));
+ std::array<uint8_t, 16> aesKey;
+ hkdf(sharedSecret.data(), sharedSecret.size(), salt.data(), salt.size(), aesKey.data(), aesKey.size());
// verify identity name
if (!m_config.m_caItem.m_caPrefix.isPrefixOf(clientCert->getIdentity())
@@ -307,9 +307,8 @@
}
RequestId id;
std::memcpy(id.data(), requestIdData, id.size());
- RequestState requestState(m_config.m_caItem.m_caPrefix, id,
- requestType, Status::BEFORE_CHALLENGE, *clientCert,
- makeBinaryBlock(ndn::tlv::ContentType_Key, aesKey, sizeof(aesKey)));
+ RequestState requestState(m_config.m_caItem.m_caPrefix, id, requestType,
+ Status::BEFORE_CHALLENGE, *clientCert, std::move(aesKey));
try {
m_storage->addRequest(requestState);
}
@@ -355,7 +354,7 @@
Buffer paramTLVPayload;
try {
paramTLVPayload = decodeBlockWithAesGcm128(request.getApplicationParameters(),
- requestState->m_encryptionKey.value(),
+ requestState->m_encryptionKey.data(),
requestState->m_requestId.data(),
requestState->m_requestId.size());
}
diff --git a/src/detail/ca-request-state.cpp b/src/detail/ca-request-state.cpp
index 3d69969..0de0820 100644
--- a/src/detail/ca-request-state.cpp
+++ b/src/detail/ca-request-state.cpp
@@ -61,7 +61,7 @@
}
RequestState::RequestState(const Name& caName, const RequestId& requestId, RequestType requestType, Status status,
- const security::Certificate& cert, Block encryptionKey, uint32_t aesBlockCounter)
+ const security::Certificate& cert, std::array<uint8_t, 16>&& encryptionKey, uint32_t aesBlockCounter)
: m_caPrefix(caName)
, m_requestId(requestId)
, m_requestType(requestType)
@@ -73,10 +73,10 @@
}
RequestState::RequestState(const Name& caName, const RequestId& requestId, RequestType requestType, Status status,
- const security::Certificate& cert, const std::string& challengeType,
- const std::string& challengeStatus, const time::system_clock::TimePoint& challengeTp,
- size_t remainingTries, time::seconds remainingTime, JsonSection&& challengeSecrets,
- Block encryptionKey, uint32_t aesBlockCounter)
+ const security::Certificate& cert, const std::string& challengeType,
+ const std::string& challengeStatus, const time::system_clock::TimePoint& challengeTp,
+ size_t remainingTries, time::seconds remainingTime, JsonSection&& challengeSecrets,
+ std::array<uint8_t, 16>&& encryptionKey, uint32_t aesBlockCounter)
: m_caPrefix(caName)
, m_requestId(requestId)
, m_requestType(requestType)
diff --git a/src/detail/ca-request-state.hpp b/src/detail/ca-request-state.hpp
index 94305c0..49c862e 100644
--- a/src/detail/ca-request-state.hpp
+++ b/src/detail/ca-request-state.hpp
@@ -89,7 +89,7 @@
* @brief Used to instantiate a RequestState when challenge is not started.
*/
RequestState(const Name& caName, const RequestId& requestId, RequestType requestType, Status status,
- const security::Certificate& cert, Block m_encryptionKey, uint32_t aesBlockCounter = 0);
+ const security::Certificate& cert, std::array<uint8_t, 16>&& m_encryptionKey, uint32_t aesBlockCounter = 0);
/**
* @brief Used to instantiate a RequestState after challenge is started.
*/
@@ -97,7 +97,7 @@
const security::Certificate& cert, const std::string& challengeType,
const std::string& challengeStatus, const time::system_clock::TimePoint& challengeTp,
size_t remainingTries, time::seconds remainingTime, JsonSection&& challengeSecrets,
- Block m_encryptionKey, uint32_t aesBlockCounter);
+ std::array<uint8_t, 16>&& m_encryptionKey, uint32_t aesBlockCounter);
public:
/**
@@ -123,7 +123,7 @@
/**
* @brief The encryption key for the requester.
*/
- Block m_encryptionKey;
+ std::array<uint8_t, 16> m_encryptionKey;
/**
* @brief The AES block counter for the requester.
*/
diff --git a/src/detail/ca-sqlite.cpp b/src/detail/ca-sqlite.cpp
index bc5dfd6..6ef80bc 100644
--- a/src/detail/ca-sqlite.cpp
+++ b/src/detail/ca-sqlite.cpp
@@ -145,16 +145,17 @@
auto remainingTries = statement.getInt(8);
auto remainingTime = statement.getInt(9);
auto requestType = static_cast<RequestType>(statement.getInt(10));
- auto encryptionKey = statement.getBlock(11);
+ std::array<uint8_t, 16> encryptionKey;
+ std::memcpy(encryptionKey.data(), statement.getBlob(11), statement.getSize(11));
auto aesCounter = statement.getInt(12);
if (challengeType != "") {
return RequestState(caName, requestId, requestType, status, cert,
- challengeType, challengeStatus, time::fromIsoString(challengeTp),
- remainingTries, time::seconds(remainingTime),
- convertString2Json(challengeSecrets), encryptionKey, aesCounter);
+ challengeType, challengeStatus, time::fromIsoString(challengeTp),
+ remainingTries, time::seconds(remainingTime),
+ convertString2Json(challengeSecrets), std::move(encryptionKey), aesCounter);
}
else {
- return RequestState(caName, requestId, requestType, status, cert, encryptionKey);
+ return RequestState(caName, requestId, requestType, status, cert, std::move(encryptionKey));
}
}
else {
@@ -176,7 +177,7 @@
statement.bind(3, static_cast<int>(request.m_status));
statement.bind(4, static_cast<int>(request.m_requestType));
statement.bind(5, request.m_cert.wireEncode(), SQLITE_TRANSIENT);
- statement.bind(12, request.m_encryptionKey, SQLITE_TRANSIENT);
+ statement.bind(12, request.m_encryptionKey.data(), request.m_encryptionKey.size(), SQLITE_TRANSIENT);
statement.bind(13, request.m_aesBlockCounter);
if (request.m_challengeState) {
statement.bind(6, request.m_challengeType, SQLITE_TRANSIENT);
@@ -246,16 +247,19 @@
auto remainingTries = statement.getInt(9);
auto remainingTime = statement.getInt(10);
auto requestType = static_cast<RequestType>(statement.getInt(11));
- auto encryptionKey = statement.getBlock(12);
+ std::array<uint8_t, 16> encryptionKey;
+ std::memcpy(encryptionKey.data(), statement.getBlob(12), statement.getSize(12));
auto aesBlockCounter = statement.getInt(13);
if (challengeType != "") {
result.push_back(RequestState(caName, requestId, requestType, status, cert,
- challengeType, challengeStatus, time::fromIsoString(challengeTp),
- remainingTries, time::seconds(remainingTime),
- convertString2Json(challengeSecrets), encryptionKey, aesBlockCounter));
+ challengeType, challengeStatus, time::fromIsoString(challengeTp),
+ remainingTries, time::seconds(remainingTime),
+ convertString2Json(challengeSecrets),
+ std::move(encryptionKey), aesBlockCounter));
}
else {
- result.push_back(RequestState(caName, requestId, requestType, status, cert, encryptionKey, aesBlockCounter));
+ result.push_back(RequestState(caName, requestId, requestType,
+ status, cert, std::move(encryptionKey), aesBlockCounter));
}
}
return result;
@@ -268,7 +272,7 @@
Sqlite3Statement statement(m_database,
R"_SQLTEXT_(SELECT id, request_id, ca_name, status,
challenge_status, cert_request, challenge_type, challenge_secrets,
- challenge_tp, remaining_tries, remaining_time, request_type,
+ challenge_tp, remaining_tries, remaining_time, request_type,
encryption_key, aes_block_counter
FROM RequestStates WHERE ca_name = ?)_SQLTEXT_");
statement.bind(1, caName.wireEncode(), SQLITE_TRANSIENT);
@@ -286,16 +290,19 @@
auto remainingTries = statement.getInt(9);
auto remainingTime = statement.getInt(10);
auto requestType = static_cast<RequestType>(statement.getInt(11));
- auto encryptionKey = statement.getBlock(12);
+ std::array<uint8_t, 16> encryptionKey;
+ std::memcpy(encryptionKey.data(), statement.getBlob(12), statement.getSize(12));
auto aesBlockCounter = statement.getInt(13);
if (challengeType != "") {
result.push_back(RequestState(caName, requestId, requestType, status, cert,
- challengeType, challengeStatus, time::fromIsoString(challengeTp),
- remainingTries, time::seconds(remainingTime),
- convertString2Json(challengeSecrets), encryptionKey, aesBlockCounter));
+ challengeType, challengeStatus, time::fromIsoString(challengeTp),
+ remainingTries, time::seconds(remainingTime),
+ convertString2Json(challengeSecrets),
+ std::move(encryptionKey), aesBlockCounter));
}
else {
- result.push_back(RequestState(caName, requestId, requestType, status, cert, encryptionKey, aesBlockCounter));
+ result.push_back(RequestState(caName, requestId, requestType, status,
+ cert, std::move(encryptionKey), aesBlockCounter));
}
}
return result;
diff --git a/src/detail/challenge-encoder.cpp b/src/detail/challenge-encoder.cpp
index 5c3a4d4..22dc6c7 100644
--- a/src/detail/challenge-encoder.cpp
+++ b/src/detail/challenge-encoder.cpp
@@ -39,7 +39,7 @@
response.push_back(makeNestedBlock(tlv::IssuedCertName, *issuedCertName));
}
response.encode();
- return encodeBlockWithAesGcm128(ndn::tlv::Content, request.m_encryptionKey.value(),
+ return encodeBlockWithAesGcm128(ndn::tlv::Content, request.m_encryptionKey.data(),
response.value(), response.value_size(),
request.m_requestId.data(), request.m_requestId.size(), request.m_aesBlockCounter);
}
@@ -47,7 +47,7 @@
void
ChallengeEncoder::decodeDataContent(const Block& contentBlock, requester::RequestContext& state)
{
- auto result = decodeBlockWithAesGcm128(contentBlock, state.m_aesKey,
+ auto result = decodeBlockWithAesGcm128(contentBlock, state.m_aesKey.data(),
state.m_requestId.data(), state.m_requestId.size());
auto data = makeBinaryBlock(tlv::EncryptedPayload, result.data(), result.size());
data.parse();
diff --git a/src/requester-state.hpp b/src/requester-state.hpp
index 9ee0b53..9c14c1e 100644
--- a/src/requester-state.hpp
+++ b/src/requester-state.hpp
@@ -88,7 +88,7 @@
/**
* @brief AES key derived from the ecdh shared secret.
*/
- uint8_t m_aesKey[16] = {0};
+ std::array<uint8_t, 16> m_aesKey = {0};
/**
* @brief The counter of AES blocks that have been encrypted.
*/
diff --git a/src/requester.cpp b/src/requester.cpp
index 52c0014..8a8dc86 100644
--- a/src/requester.cpp
+++ b/src/requester.cpp
@@ -206,7 +206,7 @@
// ECDH and HKDF
auto sharedSecret = state.m_ecdh.deriveSecret(ecdhKey);
hkdf(sharedSecret.data(), sharedSecret.size(),
- salt.data(), salt.size(), state.m_aesKey, sizeof(state.m_aesKey));
+ salt.data(), salt.size(), state.m_aesKey.data(), state.m_aesKey.size());
// update state
return challenges;
@@ -243,7 +243,7 @@
interest->setCanBePrefix(false);
// encrypt the Interest parameters
- auto paramBlock = encodeBlockWithAesGcm128(ndn::tlv::ApplicationParameters, state.m_aesKey,
+ auto paramBlock = encodeBlockWithAesGcm128(ndn::tlv::ApplicationParameters, state.m_aesKey.data(),
challengeParams.value(), challengeParams.value_size(),
state.m_requestId.data(),
state.m_requestId.size(),