-
Notifications
You must be signed in to change notification settings - Fork 102
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add cryptographically strong random string functions.
- Loading branch information
1 parent
e4f5e1d
commit c11f17f
Showing
6 changed files
with
282 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
#ifndef DDEBUG | ||
#define DDEBUG 0 | ||
#endif | ||
#include "ddebug.h" | ||
|
||
#include <ndk.h> | ||
#include "ngx_http_set_secure_random.h" | ||
#include <stdlib.h> | ||
|
||
const int MAX_RANDOM_STRING = 64; | ||
|
||
const int ALPHANUM = 1; | ||
const int LCALPHA = 2; | ||
|
||
ngx_int_t | ||
ngx_http_set_misc_set_secure_random_common(int alphabet_type, ngx_http_request_t *r, | ||
ngx_str_t *res, ngx_http_variable_value_t *v); | ||
|
||
ngx_int_t | ||
ngx_http_set_misc_set_secure_random_alphanum(ngx_http_request_t *r, | ||
ngx_str_t *res, ngx_http_variable_value_t *v) | ||
{ | ||
return ngx_http_set_misc_set_secure_random_common(ALPHANUM, r, res, v); | ||
} | ||
|
||
ngx_int_t | ||
ngx_http_set_misc_set_secure_random_lcalpha(ngx_http_request_t *r, | ||
ngx_str_t *res, ngx_http_variable_value_t *v) | ||
{ | ||
return ngx_http_set_misc_set_secure_random_common(LCALPHA, r, res, v); | ||
} | ||
|
||
ngx_int_t | ||
ngx_http_set_misc_set_secure_random_common(int alphabet_type, ngx_http_request_t *r, | ||
ngx_str_t *res, ngx_http_variable_value_t *v) | ||
{ | ||
static u_char alphabet[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; | ||
u_char entropy[MAX_RANDOM_STRING]; | ||
u_char output[MAX_RANDOM_STRING]; | ||
ngx_int_t length, fd, i; | ||
ssize_t n; | ||
|
||
|
||
length = ngx_atoi(v->data, v->len); | ||
if (length == NGX_ERROR || length < 1 || length > MAX_RANDOM_STRING) { | ||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, | ||
"set_random: bad \"length\" argument: %v", v); | ||
return NGX_ERROR; | ||
} | ||
|
||
fd = ngx_open_file("/dev/urandom", NGX_FILE_RDONLY, NGX_FILE_OPEN, 0); | ||
if (fd == -1) { | ||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, | ||
"set_secure_random: could not open /dev/urandom"); | ||
return NGX_ERROR; | ||
} | ||
|
||
n = ngx_read_fd(fd, entropy, length); | ||
if (n != length) { | ||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, | ||
"set_secure_random: could not read all %d byte(s) from /dev/urandom", length); | ||
return NGX_ERROR; | ||
} | ||
|
||
ngx_close_file(fd); | ||
|
||
for (i = 0; i < length; i++) { | ||
if (alphabet_type == LCALPHA) { | ||
output[i] = entropy[i] % 26 + 'a'; | ||
} else { | ||
output[i] = alphabet[ entropy[i] % (sizeof alphabet - 1) ]; | ||
} | ||
} | ||
|
||
res->data = ngx_palloc(r->pool, length); | ||
if (res->data == NULL) { | ||
return NGX_ERROR; | ||
} | ||
|
||
ngx_memcpy(res->data, output, length); | ||
|
||
res->len = length; | ||
|
||
/* Set all required params */ | ||
v->valid = 1; | ||
v->no_cacheable = 0; | ||
v->not_found = 0; | ||
|
||
return NGX_OK; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
#include <ngx_core.h> | ||
#include <ngx_config.h> | ||
#include <ngx_http.h> | ||
|
||
ngx_int_t ngx_http_set_misc_set_secure_random_alphanum(ngx_http_request_t *r, | ||
ngx_str_t *res, ngx_http_variable_value_t *v); | ||
|
||
ngx_int_t ngx_http_set_misc_set_secure_random_lcalpha(ngx_http_request_t *r, | ||
ngx_str_t *res, ngx_http_variable_value_t *v); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
# vi:filetype=perl | ||
|
||
use Test::Nginx::Socket; | ||
|
||
repeat_each(100); | ||
|
||
plan tests => repeat_each() * 2 * blocks(); | ||
|
||
no_long_string(); | ||
|
||
run_tests(); | ||
|
||
#no_diff(); | ||
|
||
__DATA__ | ||
=== TEST 1: a 32-character alphanum | ||
--- config | ||
location /alphanum { | ||
set_secure_random_alphanum $res 32; | ||
echo $res; | ||
} | ||
--- request | ||
GET /alphanum | ||
--- response_body_like: ^[a-zA-Z0-9]{32}$ | ||
=== TEST 2: a 16-character alphanum | ||
--- config | ||
location /alphanum { | ||
set_secure_random_alphanum $res 16; | ||
echo $res; | ||
} | ||
--- request | ||
GET /alphanum | ||
--- response_body_like: ^[a-zA-Z0-9]{16}$ | ||
=== TEST 3: a 1-character alphanum | ||
--- config | ||
location /alphanum { | ||
set_secure_random_alphanum $res 1; | ||
echo $res; | ||
} | ||
--- request | ||
GET /alphanum | ||
--- response_body_like: ^[a-zA-Z0-9]{1}$ | ||
=== TEST 4: length less than <= 0 should fail | ||
--- config | ||
location /alphanum { | ||
set_secure_random_alphanum $res 0; | ||
echo $res; | ||
} | ||
--- request | ||
GET /alphanum | ||
--- response_body_like: 500 Internal Server Error | ||
--- error_code: 500 | ||
=== TEST 5: length less than <= 0 should fail | ||
--- config | ||
location /alphanum { | ||
set_secure_random_alphanum $res -4; | ||
echo $res; | ||
} | ||
--- request | ||
GET /alphanum | ||
--- response_body_like: 500 Internal Server Error | ||
--- error_code: 500 | ||
=== TEST 6: non-numeric length should fail | ||
--- config | ||
location /alphanum { | ||
set_secure_random_alphanum $res bob; | ||
echo $res; | ||
} | ||
--- request | ||
GET /alphanum | ||
--- response_body_like: 500 Internal Server Error | ||
--- error_code: 500 | ||
=== TEST 7: a 16-character lcalpha | ||
--- config | ||
location /lcalpha { | ||
set_secure_random_lcalpha $res 16; | ||
echo $res; | ||
} | ||
--- request | ||
GET /lcalpha | ||
--- response_body_like: ^[a-z]{16}$ |