diff options
| author | xXx-caillou-xXx | 2018-07-13 10:36:50 +0200 |
|---|---|---|
| committer | jvoisin | 2018-07-13 08:36:50 +0000 |
| commit | 7963580d72a358975133f86f01de2d2eab08ba38 (patch) | |
| tree | 4bec345d70f687a2a6002b36e2f2fc79318959f6 /src/sp_crypt.c | |
| parent | 12b740bc7bb01ffe397cecc5b6fa25b136304911 (diff) | |
Massively optimize how rules are handled
This commit does a lot of things:
- Use hashtables instead of lists to store the rules
- Rules that can be applied at launch time won't be tried at runtime
- Improve feedback when writing nonsensical rules
- Make intensive use of `zend_string` instead of `char*`
Diffstat (limited to 'src/sp_crypt.c')
| -rw-r--r-- | src/sp_crypt.c | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/src/sp_crypt.c b/src/sp_crypt.c index 6a46d06..d3588b4 100644 --- a/src/sp_crypt.c +++ b/src/sp_crypt.c | |||
| @@ -7,10 +7,13 @@ ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) | |||
| 7 | void generate_key(unsigned char *key) { | 7 | void generate_key(unsigned char *key) { |
| 8 | PHP_SHA256_CTX ctx; | 8 | PHP_SHA256_CTX ctx; |
| 9 | const char *user_agent = getenv("HTTP_USER_AGENT"); | 9 | const char *user_agent = getenv("HTTP_USER_AGENT"); |
| 10 | const char *env_var = | 10 | const zend_string *env_var_zend = |
| 11 | getenv(SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var); | 11 | SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var; |
| 12 | const char *encryption_key = | 12 | const zend_string *encryption_key_zend = |
| 13 | SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key; | 13 | SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key; |
| 14 | const char *env_var = (env_var_zend ? getenv(ZSTR_VAL(env_var_zend)) : NULL); | ||
| 15 | const char *encryption_key = | ||
| 16 | (encryption_key_zend ? ZSTR_VAL(encryption_key_zend) : NULL); | ||
| 14 | 17 | ||
| 15 | assert(32 == crypto_secretbox_KEYBYTES); // 32 is the size of a SHA256. | 18 | assert(32 == crypto_secretbox_KEYBYTES); // 32 is the size of a SHA256. |
| 16 | assert(encryption_key); // Encryption key can't be NULL | 19 | assert(encryption_key); // Encryption key can't be NULL |
| @@ -24,10 +27,12 @@ void generate_key(unsigned char *key) { | |||
| 24 | if (env_var) { | 27 | if (env_var) { |
| 25 | PHP_SHA256Update(&ctx, (unsigned char *)env_var, strlen(env_var)); | 28 | PHP_SHA256Update(&ctx, (unsigned char *)env_var, strlen(env_var)); |
| 26 | } else { | 29 | } else { |
| 27 | sp_log_err("cookie_encryption", | 30 | sp_log_err( |
| 28 | "The environment variable '%s'" | 31 | "cookie_encryption", |
| 29 | "is empty, cookies are weakly encrypted.", | 32 | "The environment variable '%s'" |
| 30 | SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var); | 33 | "is empty, cookies are weakly encrypted.", |
| 34 | ZSTR_VAL( | ||
| 35 | SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var)); | ||
| 31 | } | 36 | } |
| 32 | 37 | ||
| 33 | if (encryption_key) { | 38 | if (encryption_key) { |
| @@ -119,8 +124,9 @@ int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) { | |||
| 119 | ** form `base64(nonce | encrypted_data)` (with `|` being the concatenation | 124 | ** form `base64(nonce | encrypted_data)` (with `|` being the concatenation |
| 120 | ** operation). | 125 | ** operation). |
| 121 | */ | 126 | */ |
| 122 | zend_string *encrypt_zval(char *data, unsigned long long data_len) { | 127 | zend_string *encrypt_zval(zend_string *data) { |
| 123 | const size_t encrypted_msg_len = crypto_secretbox_ZEROBYTES + data_len + 1; | 128 | const size_t encrypted_msg_len = |
| 129 | crypto_secretbox_ZEROBYTES + ZSTR_LEN(data) + 1; | ||
| 124 | // FIXME : We know that this len is too long | 130 | // FIXME : We know that this len is too long |
| 125 | const size_t emsg_and_nonce_len = | 131 | const size_t emsg_and_nonce_len = |
| 126 | encrypted_msg_len + crypto_secretbox_NONCEBYTES; | 132 | encrypted_msg_len + crypto_secretbox_NONCEBYTES; |
| @@ -137,7 +143,8 @@ zend_string *encrypt_zval(char *data, unsigned long long data_len) { | |||
| 137 | 143 | ||
| 138 | /* tweetnacl's API requires the message to be padded with | 144 | /* tweetnacl's API requires the message to be padded with |
| 139 | crypto_secretbox_ZEROBYTES zeroes. */ | 145 | crypto_secretbox_ZEROBYTES zeroes. */ |
| 140 | memcpy(data_to_encrypt + crypto_secretbox_ZEROBYTES, data, data_len); | 146 | memcpy(data_to_encrypt + crypto_secretbox_ZEROBYTES, ZSTR_VAL(data), |
| 147 | ZSTR_LEN(data)); | ||
| 141 | 148 | ||
| 142 | assert(sizeof(zend_long) <= crypto_secretbox_NONCEBYTES); | 149 | assert(sizeof(zend_long) <= crypto_secretbox_NONCEBYTES); |
| 143 | 150 | ||
| @@ -149,4 +156,4 @@ zend_string *encrypt_zval(char *data, unsigned long long data_len) { | |||
| 149 | zend_string *z = php_base64_encode(encrypted_data, emsg_and_nonce_len); | 156 | zend_string *z = php_base64_encode(encrypted_data, emsg_and_nonce_len); |
| 150 | 157 | ||
| 151 | return z; | 158 | return z; |
| 152 | } \ No newline at end of file | 159 | } |