On Sun, Jun 17, 2018 at 11:21 AM, Patrick Gansterer <par...@paroga.com>
wrote:
> Make the digest and HMAC function of OpenSSL accesable to the user via
> converters. e.g. They can be used to sign and validate cookies.
> ---
> Makefile | 2 +-
> src/crypto.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 85 insertions(+), 1 deletion(-)
> create mode 100644 src/crypto.c
>
> diff --git a/Makefile b/Makefile
> index 5d170041..9a3a5024 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -609,7 +609,7 @@ OPTIONS_LDFLAGS += $(if $(SSL_LIB),-L$(SSL_LIB)) -lssl
> -lcrypto
> ifneq ($(USE_DL),)
> OPTIONS_LDFLAGS += -ldl
> endif
> -OPTIONS_OBJS += src/ssl_sock.o
> +OPTIONS_OBJS += src/crypto.o src/ssl_sock.o
> endif
>
> # The private cache option affect the way the shctx is built
> diff --git a/src/crypto.c b/src/crypto.c
> new file mode 100644
> index 00000000..dcb343dc
> --- /dev/null
> +++ b/src/crypto.c
> @@ -0,0 +1,84 @@
> +/*
> + * Crypto converters
> + *
> + * Copyright 2018 Patrick Gansterer <par...@paroga.com>
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU General Public License
> + * as published by the Free Software Foundation; either version
> + * 2 of the License, or (at your option) any later version.
> + *
> + */
> +
> +#include <common/chunk.h>
> +
> +#include <proto/arg.h>
> +#include <proto/sample.h>
> +
> +#include <openssl/evp.h>
> +#include <openssl/hmac.h>
> +
> +static int sample_conv_crypto_digest(const struct arg *args, struct
> sample *smp, void *private)
> +{
> + struct chunk *trash = get_trash_chunk();
> + EVP_MD_CTX *ctx = EVP_MD_CTX_new();
> + const EVP_MD *evp = EVP_get_digestbyname(args[0].data.str.str);
> + unsigned char *md = (unsigned char*) trash->str;
> + unsigned int md_len = trash->size;
> +
> + if (!ctx)
> + return 0;
> + if (!evp)
> + return 0;
> +
> + if (!EVP_DigestInit(ctx, evp) ||
> + !EVP_DigestUpdate(ctx, smp->data.u.str.str,
> smp->data.u.str.len) ||
> + !EVP_DigestFinal(ctx, md, &md_len)) {
> + EVP_MD_CTX_free(ctx);
> + return 0;
> + }
> +
> + EVP_MD_CTX_free(ctx);
> +
> + trash->len = md_len;
> + smp->data.u.str = *trash;
> + smp->data.type = SMP_T_BIN;
> + smp->flags &= ~SMP_F_CONST;
> + return 1;
> +}
> +
> +static int sample_conv_crypto_hmac(const struct arg *args, struct sample
> *smp, void *private)
> +{
> + struct chunk *trash = get_trash_chunk();
> + const EVP_MD *evp = EVP_get_digestbyname(args[0].data.str.str);
> + const char* key = args[1].data.str.str;
> + int key_len = args[1].data.str.len;
> + unsigned char *md = (unsigned char*) trash->str;
> + unsigned int md_len = trash->size;
> +
> + trash->len = 0;
> +
> + if (!evp)
> + return 0;
> +
> + if (!HMAC(evp, key, key_len, (const unsigned char*)
> smp->data.u.str.str, smp->data.u.str.len, md, &md_len))
> + return 0;
> +
> + trash->len = md_len;
> + smp->data.u.str = *trash;
> + smp->data.type = SMP_T_BIN;
> + smp->flags &= ~SMP_F_CONST;
> + return 1;
> +}
> +
> +static struct sample_conv_kw_list sample_conv_kws = {ILH, {
> + { "digest", sample_conv_crypto_digest, ARG1(1,STR), NULL,
> SMP_T_BIN, SMP_T_BIN },
> + { "hmac", sample_conv_crypto_hmac, ARG2(2,STR,STR), NULL,
> SMP_T_BIN, SMP_T_BIN },
> + { /* END */ },
> +}};
> +
> +__attribute__((constructor))
> +static void __crypto_init(void)
> +{
> + sample_register_convs(&sample_conv_kws);
> +}
> --
> 2.17.1
>
Hi,
Nice ones.
Can they be used to validate oauth tokens too?
Note: maybe an update for configuration.txt would be helpful too.
Baptiste
