summaryrefslogtreecommitdiff
path: root/src/sp_cookie_encryption.c
diff options
context:
space:
mode:
authorThibault "bui" Koechlin2017-12-28 13:37:10 +0100
committerjvoisin2017-12-28 13:37:10 +0100
commitbc4d0e014e9fb1edd05e6f9c91cbf97b6c5546b4 (patch)
treecad37642d9c1e5ef786f29c18a030c4a8a288af2 /src/sp_cookie_encryption.c
parentfe057bba5baaef8fe428b971604194ef9c9119c0 (diff)
Implement regexp support for cookies encryption
It's now possible to encrypt cookies matching a specific regexp. This should close #106
Diffstat (limited to 'src/sp_cookie_encryption.c')
-rw-r--r--src/sp_cookie_encryption.c35
1 files changed, 24 insertions, 11 deletions
diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c
index 04c864f..4e9818f 100644
--- a/src/sp_cookie_encryption.c
+++ b/src/sp_cookie_encryption.c
@@ -39,21 +39,34 @@ static inline void generate_key(unsigned char *key) {
39 PHP_SHA256Final((unsigned char *)key, &ctx); 39 PHP_SHA256Final((unsigned char *)key, &ctx);
40} 40}
41 41
42static inline const sp_cookie *sp_lookup_cookie_config(const char *key) {
43 sp_list_node *it = SNUFFLEUPAGUS_G(config).config_cookie->cookies;
44
45 while (it) {
46 const sp_cookie *config = it->data;
47 if (config && sp_match_value(key, config->name, config->name_r)) {
48 return config;
49 }
50 it = it->next;
51 }
52 return NULL;
53}
54
55/* called at RINIT time with each cookie, eventually decrypt said cookie */
42int decrypt_cookie(zval *pDest, int num_args, va_list args, 56int decrypt_cookie(zval *pDest, int num_args, va_list args,
43 zend_hash_key *hash_key) { 57 zend_hash_key *hash_key) {
44 unsigned char key[crypto_secretbox_KEYBYTES] = {0}; 58 unsigned char key[crypto_secretbox_KEYBYTES] = {0};
45 zend_string *debase64; 59 zend_string *debase64;
46 unsigned char *decrypted; 60 unsigned char *decrypted;
47 sp_cookie *cookie = zend_hash_find_ptr(SNUFFLEUPAGUS_G(config).config_cookie->cookies, 61 const sp_cookie *cookie = sp_lookup_cookie_config(ZSTR_VAL(hash_key->key));
48 hash_key->key);
49 int ret = 0; 62 int ret = 0;
50 63
51 /* If the cookie isn't in the conf, it shouldn't be encrypted. */ 64 /* If the cookie isn't in the conf, it shouldn't be encrypted. */
52 if (!cookie || !cookie->encrypt) { 65 if (!cookie || !cookie->encrypt) {
53 return ZEND_HASH_APPLY_KEEP; 66 return ZEND_HASH_APPLY_KEEP;
54 } 67 }
55 68
56 /* If the cookie has no value, it shouldn't be encrypted. */ 69 /* If the cookie has no value, it shouldn't be encrypted. */
57 if (0 == Z_STRLEN_P(pDest)) { 70 if (0 == Z_STRLEN_P(pDest)) {
58 return ZEND_HASH_APPLY_KEEP; 71 return ZEND_HASH_APPLY_KEEP;
59 } 72 }
@@ -107,10 +120,10 @@ int decrypt_cookie(zval *pDest, int num_args, va_list args,
107 return ZEND_HASH_APPLY_KEEP; 120 return ZEND_HASH_APPLY_KEEP;
108} 121}
109 122
110/** 123/*
111 This function will return the `data` of length `data_len` encrypted in the 124** This function will return the `data` of length `data_len` encrypted in the
112 form `base64(nonce | encrypted_data)` (with `|` being the concatenation 125** form `base64(nonce | encrypted_data)` (with `|` being the concatenation
113 operation). 126** operation).
114*/ 127*/
115static zend_string *encrypt_data(char *data, unsigned long long data_len) { 128static zend_string *encrypt_data(char *data, unsigned long long data_len) {
116 const size_t encrypted_msg_len = crypto_secretbox_ZEROBYTES + data_len + 1; 129 const size_t encrypted_msg_len = crypto_secretbox_ZEROBYTES + data_len + 1;
@@ -182,9 +195,9 @@ PHP_FUNCTION(sp_setcookie) {
182 } 195 }
183 } 196 }
184 197
185 cookie_node = 198 /* lookup existing configuration for said cookie */
186 zend_hash_find_ptr(SNUFFLEUPAGUS_G(config).config_cookie->cookies, name); 199 cookie_node = sp_lookup_cookie_config(ZSTR_VAL(name));
187 200
188 /* If the cookie's value is encrypted, it won't be usable by 201 /* If the cookie's value is encrypted, it won't be usable by
189 * javascript anyway. 202 * javascript anyway.
190 */ 203 */