New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support session encryption #178

Merged
merged 14 commits into from May 29, 2018

Conversation

2 participants
@kkadosh
Contributor

kkadosh commented May 18, 2018

No description provided.

@kkadosh kkadosh changed the title from Support session cookie encryption to Support session encryption May 20, 2018

@jvoisin jvoisin requested review from buixor and jvoisin May 21, 2018

@jvoisin jvoisin self-assigned this May 21, 2018

@jvoisin jvoisin added the feature label May 21, 2018

@jvoisin jvoisin added this to the 0.3 - Dentalium elephantinum milestone May 21, 2018

@@ -65,6 +67,10 @@ bool is_config_valid;
HashTable *disabled_functions_hook;
HashTable *sp_internal_functions_hook;
HashTable *sp_eval_blacklist_functions_hook;
void *s_module;
void *s_original_mod;
int (*old_s_read)(PS_READ_ARGS);

This comment has been minimized.

@jvoisin

jvoisin May 21, 2018

Collaborator

This could be a static variable in sp_session.c

@@ -36,11 +35,6 @@ int decrypt_cookie(zval *pDest, int num_args, va_list args,
return decrypt_zval(pDest, cookie->simulation, hash_key);
}
/*

This comment has been minimized.

@jvoisin

jvoisin May 21, 2018

Collaborator

Why did you remove this comment?

This comment has been minimized.

@kkadosh

kkadosh May 21, 2018

Contributor

I have moved it into sp_crypt.c .

const size_t emsg_and_nonce_len =
encrypted_msg_len + crypto_secretbox_NONCEBYTES;
unsigned char key[crypto_secretbox_KEYBYTES] = {0};
unsigned char nonce[crypto_secretbox_NONCEBYTES] = {0};

This comment has been minimized.

@jvoisin

jvoisin May 21, 2018

Collaborator

{0} would be alright ;)

static int (*previous_sessionRINIT)(INIT_FUNC_ARGS) = NULL;
static ZEND_INI_MH((*old_OnUpdateSaveHandler)) = NULL;
// PS_READ_ARGS => void **mod_data, zend_string *key, zend_string **val,

This comment has been minimized.

@jvoisin

jvoisin May 21, 2018

Collaborator

Either trash this comment, or replace PS_READ_ARGS by the arguments in the function prototype.

int ret = decrypt_zval(
&val_zval, SNUFFLEUPAGUS_G(config).config_session->simulation,
NULL); // NULL for the moment

This comment has been minimized.

@jvoisin

jvoisin May 21, 2018

Collaborator

What does // NULL for the moment mean?

}
static PHP_INI_MH(sp_OnUpdateSaveHandler) {
if (stage == PHP_INI_STAGE_RUNTIME &&

This comment has been minimized.

@jvoisin

jvoisin May 21, 2018

Collaborator

What is the point of this? I don't get where the "user" string is coming from.

kkadosh added some commits May 21, 2018

@@ -69,7 +66,7 @@ int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) {
generate_key(key);
decrypted = ecalloc(ZSTR_LEN(debase64), 1);
decrypted = ecalloc(ZSTR_LEN(debase64) + crypto_secretbox_ZEROBYTES, 1);

This comment has been minimized.

@jvoisin

jvoisin May 21, 2018

Collaborator

Please check for overflow here ;)

#endif
static php_ps_globals *session_globals = NULL;
static void *s_module;

This comment has been minimized.

@jvoisin

jvoisin May 21, 2018

Collaborator

Please use proper types instead of void* </3

kkadosh added some commits May 21, 2018

@jvoisin

Please do add some documentation too :)

@@ -60,6 +60,46 @@ static int parse_enable(char *line, bool *restrict retval,
return ret;
}
int parse_session(char *line) {
sp_config_session *session =
pecalloc(sizeof(sp_config_session), 1, 1);

This comment has been minimized.

@jvoisin

jvoisin May 28, 2018

Collaborator

Can't the last argument be zero instead of one?

kkadosh and others added some commits May 29, 2018

@jvoisin jvoisin merged commit 7832438 into master May 29, 2018

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

@jvoisin jvoisin deleted the support_session_cookie_encryption branch May 29, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment