commit
12ccf169ac
14
Makefile
14
Makefile
|
@ -21,6 +21,9 @@ run_test_file = env \
|
||||||
|
|
||||||
all: test
|
all: test
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -rf target/*
|
||||||
|
|
||||||
test: test-env
|
test: test-env
|
||||||
${run_test_file} ${ROOT_DIR}/test/aes.utest.lua
|
${run_test_file} ${ROOT_DIR}/test/aes.utest.lua
|
||||||
${run_test_file} ${ROOT_DIR}/test/random.utest.lua
|
${run_test_file} ${ROOT_DIR}/test/random.utest.lua
|
||||||
|
@ -52,7 +55,7 @@ test: test-env
|
||||||
${run_test_file} ${ROOT_DIR}/test/portal4.ctest.lua
|
${run_test_file} ${ROOT_DIR}/test/portal4.ctest.lua
|
||||||
${run_test_file} ${ROOT_DIR}/test/portal5.ctest.lua
|
${run_test_file} ${ROOT_DIR}/test/portal5.ctest.lua
|
||||||
|
|
||||||
test-env: run-env target/dist/etc/nginx/ssso ${lua_cmods}/bit32.so ${lua_cmods}/cjson.so ${lua_mods}/resty/easy-crypto.lua ${lua_mods}/luaunit.lua
|
test-env: run-env target/dist/etc/nginx/ssso ${lua_mods}/base64.lua ${lua_cmods}/bit32.so ${lua_cmods}/cjson.so ${lua_cmods}/luagcrypt.so ${lua_mods}/luaunit.lua
|
||||||
|
|
||||||
target/dist/etc/nginx/ssso: src test/global.json test/login test/portal test/sites
|
target/dist/etc/nginx/ssso: src test/global.json test/login test/portal test/sites
|
||||||
rm -rf target/dist/etc/nginx/ssso; \
|
rm -rf target/dist/etc/nginx/ssso; \
|
||||||
|
@ -82,14 +85,17 @@ ${lua_root}/bin/luarocks: target/src/luarocks/luarocks-${luarocks_version}.tar.g
|
||||||
make install \
|
make install \
|
||||||
)
|
)
|
||||||
|
|
||||||
|
${lua_mods}/base64.lua: ${lua_root}/bin/luarocks
|
||||||
|
${lua_root}/bin/luarocks install base64
|
||||||
|
|
||||||
${lua_cmods}/bit32.so: ${lua_root}/bin/luarocks
|
${lua_cmods}/bit32.so: ${lua_root}/bin/luarocks
|
||||||
${lua_root}/bin/luarocks install bit32
|
${lua_root}/bin/luarocks install bit32
|
||||||
|
|
||||||
${lua_cmods}/cjson.so: ${lua_root}/bin/luarocks
|
${lua_cmods}/cjson.so: ${lua_root}/bin/luarocks
|
||||||
${lua_root}/bin/luarocks install lua-cjson
|
${lua_root}/bin/luarocks install lua-cjson
|
||||||
|
|
||||||
${lua_mods}/resty/easy-crypto.lua: ${lua_root}/bin/luarocks
|
${lua_cmods}/luagcrypt.so: ${lua_root}/bin/luarocks
|
||||||
${lua_root}/bin/luarocks install lua-easy-crypto
|
${lua_root}/bin/luarocks install luagcrypt
|
||||||
|
|
||||||
${lua_mods}/luaunit.lua: ${lua_root}/bin/luarocks
|
${lua_mods}/luaunit.lua: ${lua_root}/bin/luarocks
|
||||||
${lua_root}/bin/luarocks install luaunit
|
${lua_root}/bin/luarocks install luaunit
|
||||||
|
@ -102,4 +108,4 @@ target/src/luarocks/luarocks-${luarocks_version}.tar.gz:
|
||||||
mkdir -p target/src/luarocks; \
|
mkdir -p target/src/luarocks; \
|
||||||
curl -so target/src/luarocks/luarocks-${luarocks_version}.tar.gz "${luarocks_src}"
|
curl -so target/src/luarocks/luarocks-${luarocks_version}.tar.gz "${luarocks_src}"
|
||||||
|
|
||||||
.PHONY: all run-env test-env test
|
.PHONY: all clean run-env test-env test
|
||||||
|
|
|
@ -2,10 +2,12 @@ local lu = require("luaunit")
|
||||||
local aes = require("resty.openssl.cipher")
|
local aes = require("resty.openssl.cipher")
|
||||||
|
|
||||||
function test_aes()
|
function test_aes()
|
||||||
|
local key1 = "0a123456789a123456789a1234567890"
|
||||||
|
local key2 = "0b123456789b123456789b1234567890"
|
||||||
local aes1 = aes.new(nil)
|
local aes1 = aes.new(nil)
|
||||||
local aes2 = aes.new(nil)
|
local aes2 = aes.new(nil)
|
||||||
local enc1 = assert(aes1:encrypt("a", nil, "test", nil, nil))
|
local enc1 = assert(aes1:encrypt(key1, "iv", "test", nil, "test"))
|
||||||
local enc2 = assert(aes2:encrypt("b", nil, "other", nil, nil))
|
local enc2 = assert(aes2:encrypt(key2, "iv", "other", nil, "test"))
|
||||||
local tag1 = aes1:get_aead_tag()
|
local tag1 = aes1:get_aead_tag()
|
||||||
local tag2 = aes2:get_aead_tag()
|
local tag2 = aes2:get_aead_tag()
|
||||||
local aes3 = aes.new(nil)
|
local aes3 = aes.new(nil)
|
||||||
|
@ -16,8 +18,8 @@ function test_aes()
|
||||||
lu.assertNotEquals(enc2, "other")
|
lu.assertNotEquals(enc2, "other")
|
||||||
lu.assertNotEquals(enc1 .. tag1, "test")
|
lu.assertNotEquals(enc1 .. tag1, "test")
|
||||||
lu.assertNotEquals(enc2 .. tag2, "other")
|
lu.assertNotEquals(enc2 .. tag2, "other")
|
||||||
lu.assertEquals(aes3:decrypt("a", nil, enc1, nil, nil, tag1), "test")
|
lu.assertEquals(aes3:decrypt(key1, "iv", enc1, nil, "test", tag1), "test")
|
||||||
lu.assertEquals(aes4:decrypt("b", nil, enc2, nil, nil, tag2), "other")
|
lu.assertEquals(aes4:decrypt(key2, "iv", enc2, nil, "test", tag2), "other")
|
||||||
end
|
end
|
||||||
|
|
||||||
os.exit(lu.LuaUnit.run())
|
os.exit(lu.LuaUnit.run())
|
||||||
|
|
|
@ -1,30 +1,30 @@
|
||||||
local real_aes = require("resty.easy-crypto")
|
local gcrypt = require("luagcrypt")
|
||||||
|
|
||||||
local function new(_)
|
local function new(_)
|
||||||
local fake_instance = {}
|
local fake_instance = {}
|
||||||
|
|
||||||
function fake_instance:encrypt(key, _, data, _, _)
|
function fake_instance:encrypt(key, iv, data, _, auth)
|
||||||
local aes = real_aes:new({
|
local cipher = gcrypt.Cipher(gcrypt.CIPHER_AES256, gcrypt.CIPHER_MODE_GCM)
|
||||||
saltSize = 16,
|
cipher:setkey(key)
|
||||||
ivSize = 12,
|
cipher:setiv(iv)
|
||||||
iterationCount = 2,
|
cipher:authenticate(auth)
|
||||||
})
|
local encrypted = assert(cipher:encrypt(data))
|
||||||
local encrypted = assert(aes:encrypt(key, data))
|
self.tag = cipher:gettag()
|
||||||
self.tag = encrypted:sub(-16)
|
return encrypted, nil
|
||||||
return encrypted:sub(1, -17), nil
|
|
||||||
end
|
end
|
||||||
|
|
||||||
function fake_instance:get_aead_tag()
|
function fake_instance:get_aead_tag()
|
||||||
return self.tag
|
return self.tag
|
||||||
end
|
end
|
||||||
|
|
||||||
function fake_instance:decrypt(key, _, data, _, _, tag)
|
function fake_instance:decrypt(key, iv, data, _, auth, tag)
|
||||||
local aes = real_aes:new({
|
local cipher = gcrypt.Cipher(gcrypt.CIPHER_AES256, gcrypt.CIPHER_MODE_GCM)
|
||||||
saltSize = 16,
|
cipher:setkey(key)
|
||||||
ivSize = 12,
|
cipher:setiv(iv)
|
||||||
iterationCount = 2,
|
cipher:authenticate(auth)
|
||||||
})
|
local decrypted = assert(cipher:decrypt(data))
|
||||||
return aes:decrypt(key, data .. tag)
|
cipher:checktag(tag)
|
||||||
|
return decrypted
|
||||||
end
|
end
|
||||||
|
|
||||||
return fake_instance
|
return fake_instance
|
||||||
|
|
|
@ -1,7 +1,9 @@
|
||||||
local ssl_rand = require("openssl.rand")
|
|
||||||
|
|
||||||
local function bytes(count, _)
|
local function bytes(count, _)
|
||||||
return ssl_rand.bytes(count)
|
local b = ""
|
||||||
|
for i = 1, count do
|
||||||
|
b = b .. string.char(math.random(0, 255))
|
||||||
|
end
|
||||||
|
return b
|
||||||
end
|
end
|
||||||
|
|
||||||
return {
|
return {
|
||||||
|
|
|
@ -1,17 +1,18 @@
|
||||||
local real_sha = require("bgcrypto.sha256")
|
local gcrypt = require("luagcrypt")
|
||||||
local sha_proxy = {}
|
local sha_proxy = {}
|
||||||
|
|
||||||
function sha_proxy:new()
|
function sha_proxy:new()
|
||||||
local fake_instance = {
|
local fake_instance = {
|
||||||
data = "",
|
sha = gcrypt.Hash(gcrypt.MD_SHA256),
|
||||||
}
|
}
|
||||||
|
|
||||||
function fake_instance:update(data)
|
function fake_instance:update(data)
|
||||||
self.data = self.data .. data
|
self.sha:write(data)
|
||||||
end
|
end
|
||||||
|
|
||||||
function fake_instance:final()
|
function fake_instance:final()
|
||||||
return real_sha.digest(self.data, true)
|
local str = self.sha:read(gcrypt.MD_SHA256)
|
||||||
|
return (str:gsub(".", function(char) return string.format("%02x", char:byte()) end))
|
||||||
end
|
end
|
||||||
|
|
||||||
return fake_instance
|
return fake_instance
|
||||||
|
|
Loading…
Reference in New Issue