commit
12ccf169ac
14
Makefile
14
Makefile
|
@ -21,6 +21,9 @@ run_test_file = env \
|
|||
|
||||
all: test
|
||||
|
||||
clean:
|
||||
rm -rf target/*
|
||||
|
||||
test: test-env
|
||||
${run_test_file} ${ROOT_DIR}/test/aes.utest.lua
|
||||
${run_test_file} ${ROOT_DIR}/test/random.utest.lua
|
||||
|
@ -52,7 +55,7 @@ test: test-env
|
|||
${run_test_file} ${ROOT_DIR}/test/portal4.ctest.lua
|
||||
${run_test_file} ${ROOT_DIR}/test/portal5.ctest.lua
|
||||
|
||||
test-env: run-env target/dist/etc/nginx/ssso ${lua_cmods}/bit32.so ${lua_cmods}/cjson.so ${lua_mods}/resty/easy-crypto.lua ${lua_mods}/luaunit.lua
|
||||
test-env: run-env target/dist/etc/nginx/ssso ${lua_mods}/base64.lua ${lua_cmods}/bit32.so ${lua_cmods}/cjson.so ${lua_cmods}/luagcrypt.so ${lua_mods}/luaunit.lua
|
||||
|
||||
target/dist/etc/nginx/ssso: src test/global.json test/login test/portal test/sites
|
||||
rm -rf target/dist/etc/nginx/ssso; \
|
||||
|
@ -82,14 +85,17 @@ ${lua_root}/bin/luarocks: target/src/luarocks/luarocks-${luarocks_version}.tar.g
|
|||
make install \
|
||||
)
|
||||
|
||||
${lua_mods}/base64.lua: ${lua_root}/bin/luarocks
|
||||
${lua_root}/bin/luarocks install base64
|
||||
|
||||
${lua_cmods}/bit32.so: ${lua_root}/bin/luarocks
|
||||
${lua_root}/bin/luarocks install bit32
|
||||
|
||||
${lua_cmods}/cjson.so: ${lua_root}/bin/luarocks
|
||||
${lua_root}/bin/luarocks install lua-cjson
|
||||
|
||||
${lua_mods}/resty/easy-crypto.lua: ${lua_root}/bin/luarocks
|
||||
${lua_root}/bin/luarocks install lua-easy-crypto
|
||||
${lua_cmods}/luagcrypt.so: ${lua_root}/bin/luarocks
|
||||
${lua_root}/bin/luarocks install luagcrypt
|
||||
|
||||
${lua_mods}/luaunit.lua: ${lua_root}/bin/luarocks
|
||||
${lua_root}/bin/luarocks install luaunit
|
||||
|
@ -102,4 +108,4 @@ target/src/luarocks/luarocks-${luarocks_version}.tar.gz:
|
|||
mkdir -p target/src/luarocks; \
|
||||
curl -so target/src/luarocks/luarocks-${luarocks_version}.tar.gz "${luarocks_src}"
|
||||
|
||||
.PHONY: all run-env test-env test
|
||||
.PHONY: all clean run-env test-env test
|
||||
|
|
|
@ -2,10 +2,12 @@ local lu = require("luaunit")
|
|||
local aes = require("resty.openssl.cipher")
|
||||
|
||||
function test_aes()
|
||||
local key1 = "0a123456789a123456789a1234567890"
|
||||
local key2 = "0b123456789b123456789b1234567890"
|
||||
local aes1 = aes.new(nil)
|
||||
local aes2 = aes.new(nil)
|
||||
local enc1 = assert(aes1:encrypt("a", nil, "test", nil, nil))
|
||||
local enc2 = assert(aes2:encrypt("b", nil, "other", nil, nil))
|
||||
local enc1 = assert(aes1:encrypt(key1, "iv", "test", nil, "test"))
|
||||
local enc2 = assert(aes2:encrypt(key2, "iv", "other", nil, "test"))
|
||||
local tag1 = aes1:get_aead_tag()
|
||||
local tag2 = aes2:get_aead_tag()
|
||||
local aes3 = aes.new(nil)
|
||||
|
@ -16,8 +18,8 @@ function test_aes()
|
|||
lu.assertNotEquals(enc2, "other")
|
||||
lu.assertNotEquals(enc1 .. tag1, "test")
|
||||
lu.assertNotEquals(enc2 .. tag2, "other")
|
||||
lu.assertEquals(aes3:decrypt("a", nil, enc1, nil, nil, tag1), "test")
|
||||
lu.assertEquals(aes4:decrypt("b", nil, enc2, nil, nil, tag2), "other")
|
||||
lu.assertEquals(aes3:decrypt(key1, "iv", enc1, nil, "test", tag1), "test")
|
||||
lu.assertEquals(aes4:decrypt(key2, "iv", enc2, nil, "test", tag2), "other")
|
||||
end
|
||||
|
||||
os.exit(lu.LuaUnit.run())
|
||||
|
|
|
@ -1,30 +1,30 @@
|
|||
local real_aes = require("resty.easy-crypto")
|
||||
local gcrypt = require("luagcrypt")
|
||||
|
||||
local function new(_)
|
||||
local fake_instance = {}
|
||||
|
||||
function fake_instance:encrypt(key, _, data, _, _)
|
||||
local aes = real_aes:new({
|
||||
saltSize = 16,
|
||||
ivSize = 12,
|
||||
iterationCount = 2,
|
||||
})
|
||||
local encrypted = assert(aes:encrypt(key, data))
|
||||
self.tag = encrypted:sub(-16)
|
||||
return encrypted:sub(1, -17), nil
|
||||
function fake_instance:encrypt(key, iv, data, _, auth)
|
||||
local cipher = gcrypt.Cipher(gcrypt.CIPHER_AES256, gcrypt.CIPHER_MODE_GCM)
|
||||
cipher:setkey(key)
|
||||
cipher:setiv(iv)
|
||||
cipher:authenticate(auth)
|
||||
local encrypted = assert(cipher:encrypt(data))
|
||||
self.tag = cipher:gettag()
|
||||
return encrypted, nil
|
||||
end
|
||||
|
||||
function fake_instance:get_aead_tag()
|
||||
return self.tag
|
||||
end
|
||||
|
||||
function fake_instance:decrypt(key, _, data, _, _, tag)
|
||||
local aes = real_aes:new({
|
||||
saltSize = 16,
|
||||
ivSize = 12,
|
||||
iterationCount = 2,
|
||||
})
|
||||
return aes:decrypt(key, data .. tag)
|
||||
function fake_instance:decrypt(key, iv, data, _, auth, tag)
|
||||
local cipher = gcrypt.Cipher(gcrypt.CIPHER_AES256, gcrypt.CIPHER_MODE_GCM)
|
||||
cipher:setkey(key)
|
||||
cipher:setiv(iv)
|
||||
cipher:authenticate(auth)
|
||||
local decrypted = assert(cipher:decrypt(data))
|
||||
cipher:checktag(tag)
|
||||
return decrypted
|
||||
end
|
||||
|
||||
return fake_instance
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
local ssl_rand = require("openssl.rand")
|
||||
|
||||
local function bytes(count, _)
|
||||
return ssl_rand.bytes(count)
|
||||
local b = ""
|
||||
for i = 1, count do
|
||||
b = b .. string.char(math.random(0, 255))
|
||||
end
|
||||
return b
|
||||
end
|
||||
|
||||
return {
|
||||
|
|
|
@ -1,17 +1,18 @@
|
|||
local real_sha = require("bgcrypto.sha256")
|
||||
local gcrypt = require("luagcrypt")
|
||||
local sha_proxy = {}
|
||||
|
||||
function sha_proxy:new()
|
||||
local fake_instance = {
|
||||
data = "",
|
||||
sha = gcrypt.Hash(gcrypt.MD_SHA256),
|
||||
}
|
||||
|
||||
function fake_instance:update(data)
|
||||
self.data = self.data .. data
|
||||
self.sha:write(data)
|
||||
end
|
||||
|
||||
function fake_instance:final()
|
||||
return real_sha.digest(self.data, true)
|
||||
local str = self.sha:read(gcrypt.MD_SHA256)
|
||||
return (str:gsub(".", function(char) return string.format("%02x", char:byte()) end))
|
||||
end
|
||||
|
||||
return fake_instance
|
||||
|
|
Loading…
Reference in New Issue