An IV should be generated for each encryption

rcosnita · rcosnita · commit 51507901118a · 2020-10-30T12:58:15.000+02:00
We now have the ability to decide if the IV is communicated to the client in a non forgeable manner or we only keep it on the server side. Closes #2
diff --git a/src/ngx_http_encrypted_session_cipher.c b/src/ngx_http_encrypted_session_cipher.c
@@ -12,6 +12,7 @@
 
 #include "ngx_http_encrypted_session_cipher.h"
 #include <openssl/evp.h>
+#include <openssl/hmac.h>
 #include <openssl/md5.h>
 #include <stdint.h>
 
@@ -291,3 +292,21 @@ ngx_http_encrypted_session_htonll(uint64_t n)
            + htonl((unsigned long) (n >> 32));
 #endif
 }
+
+unsigned char*
+ngx_http_encrypted_session_hmac(ngx_pool_t *pool,
+    const u_char *key, size_t key_len,
+    const u_char *data, size_t data_len, u_char **dst, size_t *dst_len)
+{
+    u_char *result = NULL;
+    u_char *input = ngx_pcalloc(pool, data_len + 1);
+    memcpy(input, data, data_len);
+
+    unsigned int len;
+    result = HMAC(EVP_sha256(), key, key_len, input, data_len, result, &len);
+    *dst_len = len;
+    *dst = (u_char*)ngx_pcalloc(pool, len + 1);
+    memcpy(*dst, result, len);
+
+    return *dst;
+}
diff --git a/src/ngx_http_encrypted_session_cipher.h b/src/ngx_http_encrypted_session_cipher.h
@@ -5,6 +5,7 @@
 #include <ngx_core.h>
 #include <ngx_http.h>
 #include <openssl/evp.h>
+#include <openssl/hmac.h>
 
 
 typedef int (*cipher_ctx_reset_handle) (EVP_CIPHER_CTX *ctx);
@@ -34,6 +35,10 @@ ngx_int_t ngx_http_encrypted_session_aes_mac_decrypt(
         size_t key_len, const u_char *in, size_t in_len, u_char **dst,
         size_t *dst_len);
 
+unsigned char* ngx_http_encrypted_session_hmac(
+    ngx_pool_t *pool,
+    const u_char *key, size_t key_len,
+    const u_char *data, size_t data_len, u_char **dst, size_t *dst_len);
 
 #endif /* NGX_HTTP_ENCRYPTED_SESSION_CIPHER_H */
 
diff --git a/src/ngx_http_encrypted_session_module.c b/src/ngx_http_encrypted_session_module.c
@@ -10,6 +10,7 @@
 #include "ddebug.h"
 
 #include <ndk.h>
+#include <string.h>
 #include "ngx_http_encrypted_session_cipher.h"
 
 #define ngx_http_encrypted_session_default_iv (u_char *) "deadbeefdeadbeef"
@@ -19,11 +20,16 @@
 
 typedef struct {
     u_char              *key;
+    size_t              key_len;
     u_char              *iv;
+    size_t              iv_len;
     time_t               expires;
-
+    ngx_flag_t          iv_in_content;
 } ngx_http_encrypted_session_conf_t;
 
+const char *PARTS_DELIMITER = ":";
+const size_t PARTS_DELIMITER_LEN = 1;
+const size_t NUM_OF_DELIMITERS = 2;
 
 static ngx_int_t ngx_http_set_encode_encrypted_session(ngx_http_request_t *r,
     ngx_str_t *res, ngx_http_variable_value_t *v);
@@ -42,6 +48,8 @@ static char *ngx_http_encrypted_session_iv(ngx_conf_t *cf, ngx_command_t *cmd,
 static char *ngx_http_encrypted_session_expires(ngx_conf_t *cf,
     ngx_command_t *cmd, void *conf);
 
+static char *ngx_http_encrypted_iv_in_content(ngx_conf_t *cf,
+    ngx_command_t *cmd, void *conf);
 
 static ngx_int_t ngx_http_encrypted_session_init(ngx_conf_t *cf);
 static void *ngx_http_encrypted_session_create_main_conf(ngx_conf_t *cf);
@@ -53,7 +61,6 @@ static void *ngx_http_encrypted_session_create_conf(ngx_conf_t *cf);
 static char *ngx_http_encrypted_session_merge_conf(ngx_conf_t *cf, void *parent,
     void *child);
 
-
 static  ndk_set_var_t  ngx_http_set_encode_encrypted_session_filter = {
     NDK_SET_VAR_VALUE,
     (void *) ngx_http_set_encode_encrypted_session,
@@ -115,7 +122,14 @@ static ngx_command_t  ngx_http_encrypted_session_commands[] = {
         0,
         &ngx_http_set_decode_encrypted_session_filter
     },
-
+    { ngx_string("include_iv_in_encrypted_payload"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_SIF_CONF
+      |NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF|NGX_CONF_NOARGS,
+      ngx_http_encrypted_iv_in_content,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      0,
+      NULL
+    },
     ngx_null_command
 };
 
@@ -151,14 +165,14 @@ ngx_module_t  ngx_http_encrypted_session_module = {
 };
 
 static ngx_str_t ngx_http_get_variable_by_name(ngx_http_request_t *r,
-    unsigned char *name, ngx_http_encrypted_session_conf_t *conf)
+    unsigned char *name, size_t name_len, ngx_http_encrypted_session_conf_t *conf)
 {
     ngx_http_variable_value_t  *v;
     ngx_str_t name_str;
     name_str.data = name;
-    name_str.len = strlen((const char *)name);
+    name_str.len = name_len;
 
-    ngx_uint_t key = ngx_hash_strlow(name, name, name_str.len);
+    ngx_uint_t key = ngx_hash_strlow(name, name, name_len);
     v = ngx_http_get_variable(r, &name_str, key);
 
     if (v->not_found) {
@@ -171,6 +185,37 @@ static ngx_str_t ngx_http_get_variable_by_name(ngx_http_request_t *r,
     return var_value;
 }
 
+static char*
+ngx_http_encrypted_session_build_payload(ngx_http_request_t *r,
+   char *input, size_t input_len, ngx_str_t *iv)
+{
+    size_t new_len = input_len + iv->len + PARTS_DELIMITER_LEN;
+    char *data = (char *)ngx_pcalloc(r->pool, new_len + 1);
+    data = strncat(data, (char *)iv->data, iv->len);
+    data = strcat(data, PARTS_DELIMITER);
+    data = strncat(data, input, input_len);
+
+    return data;
+}
+
+static ngx_str_t*
+ngx_http_session_encrypted_compute_hmac(ngx_http_request_t *r,
+    ngx_str_t *key, ngx_str_t *content)
+{
+    size_t signature_len;
+    u_char* signature;
+
+    ngx_http_encrypted_session_hmac(r->pool, key->data, key->len,
+                                    content->data, content->len,
+                                    &signature, &signature_len);
+
+    ngx_str_t *result = (ngx_str_t*)ngx_pcalloc(r->pool, sizeof(ngx_str_t));
+    result->len = signature_len;
+    result->data = (u_char*)ngx_pcalloc(r->pool, signature_len + 1);
+    result->data = signature;
+    return result;
+}
+
 static ngx_int_t
 ngx_http_set_encode_encrypted_session(ngx_http_request_t *r,
     ngx_str_t *res, ngx_http_variable_value_t *v)
@@ -196,12 +241,23 @@ ngx_http_set_encode_encrypted_session(ngx_http_request_t *r,
     ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                    "encrypted_session: expires=%T", conf->expires);
 
-    ngx_str_t iv = ngx_http_get_variable_by_name(r, conf->iv, conf);
-    ngx_str_t key = ngx_http_get_variable_by_name(r, conf->key, conf);
+    ngx_str_t iv = ngx_http_get_variable_by_name(r, conf->iv, conf->iv_len,
+                                                 conf);
+    ngx_str_t key = ngx_http_get_variable_by_name(r, conf->key, conf->key_len,
+                                                  conf);
+
+    char *data = (char *)v->data;
+    if (conf->iv_in_content) {
+        data = ngx_http_encrypted_session_build_payload(r, data, v->len, &iv);
+        ngx_log_error(NGX_LOG_DEBUG, r->connection->log, 0,
+                      "encrypted_session: content to encrypt=%s",
+                      data);
+        v->len = strlen(data);
+    }
 
     rc = ngx_http_encrypted_session_aes_mac_encrypt(emcf, r->pool,
             r->connection->log, iv.data, iv.len, key.data, key.len,
-            v->data, v->len, (ngx_uint_t) conf->expires, &dst, &len);
+            (u_char*)data, v->len, (ngx_uint_t) conf->expires, &dst, &len);
 
     if (rc != NGX_OK) {
         dst = NULL;
@@ -211,6 +267,33 @@ ngx_http_set_encode_encrypted_session(ngx_http_request_t *r,
                       "encrypted_session: failed to encrypt");
     }
 
+    if (conf->iv_in_content) {
+        size_t signature_content_len = iv.len + len;
+        char* signature_content = (char*)ngx_pcalloc(r->pool, signature_content_len + 1);
+        signature_content = strncat(signature_content, (char*)iv.data, iv.len);
+        signature_content = strncat(signature_content, (char*)dst, len);
+
+        ngx_str_t signature_input;
+        signature_input.len = signature_content_len;
+        signature_input.data = (u_char*)signature_content;
+        ngx_str_t *signature = ngx_http_session_encrypted_compute_hmac(r, &key,
+            &signature_input);
+
+        size_t new_len = iv.len + len + signature->len + NUM_OF_DELIMITERS * PARTS_DELIMITER_LEN;
+        char *new_content = (char*)ngx_pcalloc(r->pool, new_len + 1);
+        new_content = strncat(new_content, (char*)iv.data, iv.len);
+        new_content = strcat(new_content, PARTS_DELIMITER);
+        new_content = strncat(new_content, (char*)dst, len);
+        new_content = strcat(new_content, PARTS_DELIMITER);
+        new_content = strncat(new_content, (char*)signature->data, signature->len);
+        len = new_len;
+        dst = (u_char*)new_content;
+
+        ngx_log_error(NGX_LOG_DEBUG, r->connection->log, 0,
+                      "encrypted_session: full response=%s",
+                      dst);
+    }
+
     res->data = dst;
     res->len = len;
 
@@ -240,18 +323,88 @@ ngx_http_set_decode_encrypted_session(ngx_http_request_t *r,
         return NGX_ERROR;
     }
 
-    ngx_str_t iv = ngx_http_get_variable_by_name(r, conf->iv, conf);
-    ngx_str_t key = ngx_http_get_variable_by_name(r, conf->key, conf);
+    ngx_str_t key = ngx_http_get_variable_by_name(r, conf->key, conf->key_len,
+                                                  conf);
+
+    ngx_str_t iv;
+    char *data = (char*)v->data;
+    size_t data_len = v->len;
+
+
+    if (!conf->iv_in_content)
+    {
+        iv = ngx_http_get_variable_by_name(r, conf->iv, conf->iv_len, conf);
+    }
+    else
+    {
+        ngx_log_error(NGX_LOG_DEBUG, r->connection->log, 0,
+                    "encrypted_session: input to decrypt=%s",
+                    data);
+        iv.len = strcspn(data, PARTS_DELIMITER);
+        iv.data = (u_char*)ngx_pcalloc(r->pool, iv.len + 1);
+        strncpy((char*)iv.data, (char*)v->data, iv.len);
+
+        ngx_log_error(NGX_LOG_DEBUG, r->connection->log, 0,
+                    "encrypted_session: iv=%s", iv.data);
+
+        size_t signature_start = iv.len + strcspn(&data[iv.len + 1], PARTS_DELIMITER) + NUM_OF_DELIMITERS * PARTS_DELIMITER_LEN;
+        size_t signature_len = v->len - signature_start;
+
+        u_char* signature = (u_char*)ngx_pcalloc(r->pool, signature_len + 1);
+        strncpy((char*)signature, &data[data_len - signature_len], signature_len);
+
+        ngx_log_error(NGX_LOG_DEBUG, r->connection->log, 0,
+                      "encrypted_session: signature=%s", signature);
+
+        data_len = v->len - iv.len - signature_len - NUM_OF_DELIMITERS * PARTS_DELIMITER_LEN;
+        data = (char*)ngx_pcalloc(r->pool, data_len + 1);
+        strncpy(data, (char*)(&v->data[iv.len + 1]), data_len);
+
+        ngx_log_error(NGX_LOG_DEBUG, r->connection->log, 0,
+                      "encrypted_session: data=%s", data);
+
+        ngx_str_t signature_input;
+        signature_input.len = iv.len + data_len;
+        signature_input.data = (u_char*)ngx_pcalloc(r->pool, signature_input.len + 1);
+        strncat((char*)signature_input.data, (char*)iv.data, iv.len);
+        strncat((char*)signature_input.data, (char*)data, data_len);
+
+        ngx_str_t *computed_signature = ngx_http_session_encrypted_compute_hmac(r,
+            &key, &signature_input);
+        if (signature_len != computed_signature->len ||
+              strncmp((char*)computed_signature->data, (char*)signature, signature_len) != 0)
+        {
+            ngx_log_error(NGX_LOG_WARN, r->connection->log, 0,
+                          "encrypted_session: signatures do not match");
+            res->data = NULL;
+            res->len = 0;
+
+            return NGX_OK;
+        }
+    }
 
     rc = ngx_http_encrypted_session_aes_mac_decrypt(emcf, r->pool,
             r->connection->log, iv.data, iv.len, key.data, key.len,
-            v->data, v->len, &dst, &len);
+            (u_char*)data, data_len, &dst, &len);
 
     if (rc != NGX_OK) {
+        ngx_log_error(NGX_LOG_WARN, r->connection->log, 0,
+                    "encrypted_session: failed to decrypt");
         dst = NULL;
         len = 0;
     }
 
+    if (conf->iv_in_content) {
+        size_t payload_len = len - iv.len - 1;
+        u_char *result = ngx_pcalloc(r->pool, payload_len + 1);
+        memcpy(result, &dst[iv.len + 1], payload_len);
+        dst = result;
+        len = payload_len;
+        ngx_log_error(NGX_LOG_DEBUG, r->connection->log, 0,
+                    "encrypted_session: decrypted content=%s",
+                    dst);
+    }
+
     res->data = dst;
     res->len = len;
 
@@ -273,7 +426,9 @@ ngx_http_encrypted_session_key(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
     value = cf->args->elts;
 
     if (value[1].len > 1 && value[1].data[0] == '$') {
-      llcf->key = &(value[1].data[1]);
+      llcf->key_len = value[1].len - 1;
+      llcf->key = (u_char*)ngx_pcalloc(cf->pool, llcf->key_len);
+      strncpy((char*)llcf->key, (char*)&(value[1].data[1]), llcf->key_len);
       return NGX_CONF_OK;
     }
 
@@ -287,6 +442,7 @@ ngx_http_encrypted_session_key(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
     }
 
     llcf->key = value[1].data;
+    llcf->key_len = value[1].len;
 
     return NGX_CONF_OK;
 }
@@ -307,6 +463,7 @@ ngx_http_encrypted_session_iv(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 
     if (value[1].len > 1 && value[1].data[0] == '$') {
       llcf->iv = &(value[1].data[1]);
+      llcf->iv_len = value[1].len - 1;
       return NGX_CONF_OK;
     }
 
@@ -320,6 +477,7 @@ ngx_http_encrypted_session_iv(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
     }
 
     llcf->iv = ngx_pcalloc(cf->pool, ngx_http_encrypted_session_iv_length);
+    llcf->iv_len = ngx_http_encrypted_session_iv_length;
 
     if (llcf->iv == NULL) {
         return NGX_CONF_ERROR;
@@ -360,6 +518,13 @@ ngx_http_encrypted_session_expires(ngx_conf_t *cf, ngx_command_t *cmd,
     return NGX_CONF_OK;
 }
 
+static char *ngx_http_encrypted_iv_in_content(ngx_conf_t *cf,
+   ngx_command_t *cmd, void *conf)
+{
+   ngx_http_encrypted_session_conf_t  *llcf = conf;
+   llcf->iv_in_content = 1;
+   return NGX_CONF_OK;
+}
 
 static void
 ngx_http_encrypted_session_free_cipher_ctx(void *data)
@@ -435,8 +600,11 @@ ngx_http_encrypted_session_create_conf(ngx_conf_t *cf)
     }
 
     conf->key     = NGX_CONF_UNSET_PTR;
+    conf->key_len = NGX_CONF_UNSET;
     conf->iv      = NGX_CONF_UNSET_PTR;
+    conf->iv_len  = NGX_CONF_UNSET;
     conf->expires = NGX_CONF_UNSET;
+    conf->iv_in_content = NGX_CONF_UNSET;
 
     return conf;
 }
@@ -449,12 +617,17 @@ ngx_http_encrypted_session_merge_conf(ngx_conf_t *cf, void *parent, void *child)
     ngx_http_encrypted_session_conf_t *conf = child;
 
     ngx_conf_merge_ptr_value(conf->key, prev->key, NULL);
+    ngx_conf_merge_size_value(conf->key_len, prev->key_len,
+                              (size_t)ngx_http_encrypted_session_key_length);
 
     ngx_conf_merge_ptr_value(conf->iv, prev->iv,
                              ngx_http_encrypted_session_default_iv);
+    ngx_conf_merge_size_value(conf->iv_len, prev->iv_len,
+                              (size_t)ngx_http_encrypted_session_iv_length);
 
     ngx_conf_merge_value(conf->expires, prev->expires,
                          ngx_http_encrypted_session_default_expires);
+    ngx_conf_merge_value(conf->iv_in_content, prev->iv_in_content, 0);
 
     return NGX_CONF_OK;
 }
