Skip to content

TS-4491: support sha256 and sha512 in ts_lua #681

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
shukitchan wants to merge 1 commit into from
Closed

TS-4491: support sha256 and sha512 in ts_lua #681

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
79 changes: 79 additions & 0 deletions doc/admin-guide/plugins/ts_lua.en.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2107,6 +2107,85 @@ Here is an example:
bin = ts.sha1_bin(uri)
end

`TOP <#ts-lua-plugin>`_

ts.sha256
-------
**syntax:** *digest = ts.sha256(str)*

**context:** global

**description:** Returns the hexadecimal representation of the SHA256 digest of the ``str`` argument.

Here is an example:

::

function do_remap()
uri = ts.client_request.get_uri()
print(uri) -- /foo
print(ts.sha256(uri)) -- 6f64c6e6261f492ac220b0a4cd9a14c6373181b92a4a8040c1fcde5db31ffc94
end


`TOP <#ts-lua-plugin>`_

ts.sha256_bin
-----------
**syntax:** *digest = ts.sha256_bin(str)*

**context:** global

**description:** Returns the binary form of the SHA256 digest of the ``str`` argument.

Here is an example:

::

function do_remap()
uri = ts.client_request.get_uri()
bin = ts.sha256_bin(uri)
end

`TOP <#ts-lua-plugin>`_

ts.sha512
-------
**syntax:** *digest = ts.sha512(str)*
Copy link
Copy Markdown
Contributor

@jpeach jpeach May 31, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think a better syntax might be to explicitly pass a parameter to specify the result format, eg, RAW, HEX, BASE64.

Copy link
Copy Markdown
Contributor Author

@shukitchan shukitchan May 31, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can add to that. And to keep backward compatibility, make those other functions to be alias to that.


**context:** global

**description:** Returns the hexadecimal representation of the SHA512 digest of the ``str`` argument.

Here is an example:

::

function do_remap()
uri = ts.client_request.get_uri()
print(uri) -- /foo
print(ts.sha512(uri)) -- d94cf0c4cc46986d0c188634245644f56fa624be2d5754a0a7aa44661b8571...
end


`TOP <#ts-lua-plugin>`_

ts.sha512_bin
-----------
**syntax:** *digest = ts.sha512_bin(str)*

**context:** global

**description:** Returns the binary form of the SHA512 digest of the ``str`` argument.

Here is an example:

::

function do_remap()
uri = ts.client_request.get_uri()
bin = ts.sha512_bin(uri)
end

`TOP <#ts-lua-plugin>`_

Expand Down
150 changes: 149 additions & 1 deletion plugins/experimental/ts_lua/ts_lua_crypto.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,21 @@

#define TS_LUA_MD5_DIGEST_LENGTH 16
#define TS_LUA_SHA_DIGEST_LENGTH 20
#define TS_LUA_SHA256_DIGEST_LENGTH 32
Copy link
Copy Markdown
Contributor

@jpeach jpeach May 31, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OpenSSL already has SHA256_DIGEST_LENGTH.

Copy link
Copy Markdown
Contributor Author

@shukitchan shukitchan May 31, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I should change the other constants as well to use openssl.

#define TS_LUA_SHA512_DIGEST_LENGTH 64
Copy link
Copy Markdown
Contributor

@jpeach jpeach May 31, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OpenSSL already has SHA512_DIGEST_LENGTH

Copy link
Copy Markdown
Contributor Author

@shukitchan shukitchan May 31, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here


static int ts_lua_md5(lua_State *L);
static int ts_lua_md5_bin(lua_State *L);

static int ts_lua_sha1(lua_State *L);
static int ts_lua_sha1_bin(lua_State *L);

static int ts_lua_sha256(lua_State *L);
static int ts_lua_sha256_bin(lua_State *L);

static int ts_lua_sha512(lua_State *L);
static int ts_lua_sha512_bin(lua_State *L);

static int ts_lua_base64_encode(lua_State *L);
static int ts_lua_base64_decode(lua_State *L);

Expand All @@ -47,14 +55,30 @@ ts_lua_inject_crypto_api(lua_State *L)
lua_pushcfunction(L, ts_lua_md5_bin);
lua_setfield(L, -2, "md5_bin");

/* ts.sha1_bin(...) */
/* ts.sha1(...) */
lua_pushcfunction(L, ts_lua_sha1);
lua_setfield(L, -2, "sha1");

/* ts.sha1_bin(...) */
lua_pushcfunction(L, ts_lua_sha1_bin);
lua_setfield(L, -2, "sha1_bin");

/* ts.sha256(...) */
lua_pushcfunction(L, ts_lua_sha256);
lua_setfield(L, -2, "sha256");

/* ts.sha256_bin(...) */
lua_pushcfunction(L, ts_lua_sha256_bin);
lua_setfield(L, -2, "sha256_bin");

/* ts.sha512(...) */
lua_pushcfunction(L, ts_lua_sha512);
lua_setfield(L, -2, "sha512");

/* ts.sha512_bin(...) */
lua_pushcfunction(L, ts_lua_sha512_bin);
lua_setfield(L, -2, "sha512_bin");

/* ts.base64_encode(...) */
lua_pushcfunction(L, ts_lua_base64_encode);
lua_setfield(L, -2, "base64_encode");
Expand Down Expand Up @@ -197,6 +221,130 @@ ts_lua_sha1_bin(lua_State *L)
return 1;
}

static int
ts_lua_sha256(lua_State *L)
{
u_char *src;
size_t slen;

SHA256_CTX sha;
u_char sha_buf[TS_LUA_SHA256_DIGEST_LENGTH];
u_char hex_buf[2 * sizeof(sha_buf)];

if (lua_gettop(L) != 1) {
return luaL_error(L, "expecting one argument");
}

if (lua_isnil(L, 1)) {
src = (u_char *)"";
slen = 0;

} else {
src = (u_char *)luaL_checklstring(L, 1, &slen);
}

SHA256_Init(&sha);
SHA256_Update(&sha, src, slen);
SHA256_Final(sha_buf, &sha);

ts_lua_hex_dump(hex_buf, sha_buf, sizeof(sha_buf));
lua_pushlstring(L, (char *)hex_buf, sizeof(hex_buf));

return 1;
}

static int
ts_lua_sha256_bin(lua_State *L)
{
u_char *src;
size_t slen;

SHA256_CTX sha;
u_char sha_buf[TS_LUA_SHA256_DIGEST_LENGTH];

if (lua_gettop(L) != 1) {
return luaL_error(L, "expecting one argument");
}

if (lua_isnil(L, 1)) {
src = (u_char *)"";
slen = 0;

} else {
src = (u_char *)luaL_checklstring(L, 1, &slen);
}

SHA256_Init(&sha);
SHA256_Update(&sha, src, slen);
SHA256_Final(sha_buf, &sha);

lua_pushlstring(L, (char *)sha_buf, sizeof(sha_buf));

return 1;
}

static int
ts_lua_sha512(lua_State *L)
{
u_char *src;
size_t slen;

SHA512_CTX sha;
u_char sha_buf[TS_LUA_SHA512_DIGEST_LENGTH];
u_char hex_buf[2 * sizeof(sha_buf)];

if (lua_gettop(L) != 1) {
return luaL_error(L, "expecting one argument");
}

if (lua_isnil(L, 1)) {
src = (u_char *)"";
slen = 0;

} else {
src = (u_char *)luaL_checklstring(L, 1, &slen);
}

SHA512_Init(&sha);
SHA512_Update(&sha, src, slen);
SHA512_Final(sha_buf, &sha);

ts_lua_hex_dump(hex_buf, sha_buf, sizeof(sha_buf));
lua_pushlstring(L, (char *)hex_buf, sizeof(hex_buf));

return 1;
}

static int
ts_lua_sha512_bin(lua_State *L)
Copy link
Copy Markdown
Contributor

@jpeach jpeach May 31, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rather than duplicating all these hashing APIs, can we pass flags to a common implementation?

{
u_char *src;
size_t slen;

SHA512_CTX sha;
u_char sha_buf[TS_LUA_SHA512_DIGEST_LENGTH];

if (lua_gettop(L) != 1) {
return luaL_error(L, "expecting one argument");
}

if (lua_isnil(L, 1)) {
src = (u_char *)"";
slen = 0;

} else {
src = (u_char *)luaL_checklstring(L, 1, &slen);
}

SHA512_Init(&sha);
SHA512_Update(&sha, src, slen);
SHA512_Final(sha_buf, &sha);

lua_pushlstring(L, (char *)sha_buf, sizeof(sha_buf));

return 1;
}

static int
ts_lua_base64_encode(lua_State *L)
{
Expand Down