From bc4d0e014e9fb1edd05e6f9c91cbf97b6c5546b4 Mon Sep 17 00:00:00 2001 From: Thibault "bui" Koechlin Date: Thu, 28 Dec 2017 13:37:10 +0100 Subject: Implement regexp support for cookies encryption It's now possible to encrypt cookies matching a specific regexp. This should close #106 --- src/sp_cookie_encryption.c | 35 ++++++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 11 deletions(-) (limited to 'src/sp_cookie_encryption.c') diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c index 04c864f..4e9818f 100644 --- a/src/sp_cookie_encryption.c +++ b/src/sp_cookie_encryption.c @@ -39,21 +39,34 @@ static inline void generate_key(unsigned char *key) { PHP_SHA256Final((unsigned char *)key, &ctx); } +static inline const sp_cookie *sp_lookup_cookie_config(const char *key) { + sp_list_node *it = SNUFFLEUPAGUS_G(config).config_cookie->cookies; + + while (it) { + const sp_cookie *config = it->data; + if (config && sp_match_value(key, config->name, config->name_r)) { + return config; + } + it = it->next; + } + return NULL; +} + +/* called at RINIT time with each cookie, eventually decrypt said cookie */ int decrypt_cookie(zval *pDest, int num_args, va_list args, zend_hash_key *hash_key) { unsigned char key[crypto_secretbox_KEYBYTES] = {0}; zend_string *debase64; unsigned char *decrypted; - sp_cookie *cookie = zend_hash_find_ptr(SNUFFLEUPAGUS_G(config).config_cookie->cookies, - hash_key->key); + const sp_cookie *cookie = sp_lookup_cookie_config(ZSTR_VAL(hash_key->key)); int ret = 0; - + /* If the cookie isn't in the conf, it shouldn't be encrypted. */ if (!cookie || !cookie->encrypt) { return ZEND_HASH_APPLY_KEEP; } - /* If the cookie has no value, it shouldn't be encrypted. */ + /* If the cookie has no value, it shouldn't be encrypted. */ if (0 == Z_STRLEN_P(pDest)) { return ZEND_HASH_APPLY_KEEP; } @@ -107,10 +120,10 @@ int decrypt_cookie(zval *pDest, int num_args, va_list args, return ZEND_HASH_APPLY_KEEP; } -/** - This function will return the `data` of length `data_len` encrypted in the - form `base64(nonce | encrypted_data)` (with `|` being the concatenation - operation). +/* +** This function will return the `data` of length `data_len` encrypted in the +** form `base64(nonce | encrypted_data)` (with `|` being the concatenation +** operation). */ static zend_string *encrypt_data(char *data, unsigned long long data_len) { const size_t encrypted_msg_len = crypto_secretbox_ZEROBYTES + data_len + 1; @@ -182,9 +195,9 @@ PHP_FUNCTION(sp_setcookie) { } } - cookie_node = - zend_hash_find_ptr(SNUFFLEUPAGUS_G(config).config_cookie->cookies, name); - + /* lookup existing configuration for said cookie */ + cookie_node = sp_lookup_cookie_config(ZSTR_VAL(name)); + /* If the cookie's value is encrypted, it won't be usable by * javascript anyway. */ -- cgit v1.3