Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
libvmod-blobdigest
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
2
Issues
2
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
uplex-varnish
libvmod-blobdigest
Commits
13e0e731
Commit
13e0e731
authored
Oct 04, 2016
by
Geoff Simmons
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
add more documentation (WIP)
parent
016ebb6a
Pipeline
#33
skipped
Changes
2
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
210 additions
and
38 deletions
+210
-38
README.rst
README.rst
+107
-21
vmod_blobdigest.vcc
src/vmod_blobdigest.vcc
+103
-17
No files found.
README.rst
View file @
13e0e731
...
@@ -24,6 +24,45 @@ SYNOPSIS
...
@@ -24,6 +24,45 @@ SYNOPSIS
import blobdigest [from "path"] ;
import blobdigest [from "path"] ;
::
BLOB blobdigest.hash(ENUM hash, BLOB msg)
new OBJECT = blobdigest.hmac(ENUM hash, BLOB key)
BLOB <obj>.hmac(BLOB msg)
DESCRIPTION
===========
This Varnish Module (VMOD) generates message digests and keyed-hash
message authentication codes (HMACs) using the VCL data type BLOB,
which may contain arbitrary data of any length.
Currently (in Varnish versions through 5.0), BLOBs may only be used in
VCL as arguments of VMOD functions, so this VMOD must be used in
combination with other VMODs. For example, the blobcode VMOD (see `SEE
ALSO`_) may be used to convert BLOBs using binary-to-text encodings,
to initialize data for this VMOD and to save its results. The
advantage of using BLOBs is that operations on the data are separated
from issues such as encoding.
HASH ALGORITHMS
===============
The ``hash`` enum in the following can have one of the following
values:
* ``MD5``
* ``SHA1``
* ``SHA224``
* ``SHA256``
* ``SHA384``
* ``SHA512``
* ``SHA3_224``
* ``SHA3_256``
* ``SHA3_384``
* ``SHA3_512``
CONTENTS
CONTENTS
========
========
...
@@ -32,6 +71,28 @@ CONTENTS
...
@@ -32,6 +71,28 @@ CONTENTS
* BLOB hmac.hmac(BLOB)
* BLOB hmac.hmac(BLOB)
* STRING version()
* STRING version()
.. _func_hash:
BLOB hash(ENUM, BLOB)
---------------------
Prototype
BLOB hash(ENUM hash, BLOB msg)
Returns the message digest for ``msg`` as specified by ``hash``.
Example::
import blobdigest;
import blobcode;
# Decode the base64-encoded string, generate its SHA256 hash,
# and save the hex-encoded result in a header.
set req.http.SHA256
= blobcode.encode(HEXUC,
blobdigest.hash(SHA256,
blobcode.decode(BASE64, "Zm9v"));
.. _obj_hmac:
.. _obj_hmac:
Object hmac
Object hmac
...
@@ -41,13 +102,20 @@ Object hmac
...
@@ -41,13 +102,20 @@ Object hmac
Prototype
Prototype
new OBJ = blobdigest.hmac(ENUM hash, BLOB key)
new OBJ = blobdigest.hmac(ENUM hash, BLOB key)
Description
Creates an object that generates HMACs based on the digest algorithm
Creates an object that generates HMACs based on the
``hash`` and the given ``key``.
digest algorithm ``hash`` and the given ``key``.
Example::
Example
import blobdigest;
``new key = blobcode.blob(BASE64, "a2V5");``
import blobcode;
``new hmac = blobdigest.hmac(SHA256, key.get());``
# Create a key from the base64-encoded string, and use
# the result to initialize an hmac object.
sub vcl_init {
new key = blobcode.blob(BASE64, "a2V5");
new hmac = blobdigest.hmac(SHA256, key.get());
}
.. _func_hmac.hmac:
.. _func_hmac.hmac:
...
@@ -57,20 +125,22 @@ BLOB hmac.hmac(BLOB)
...
@@ -57,20 +125,22 @@ BLOB hmac.hmac(BLOB)
Prototype
Prototype
BLOB hmac.hmac(BLOB msg)
BLOB hmac.hmac(BLOB msg)
Description
Returns the HMAC for ``msg`` based on the key and hash algorithm
Returns the HMAC for ``msg`` based on the key and
provided in the constructor.
hash algorithm provided in the constructor.
Example
Example::
``set req.http.hmac = hmac.hmac(blobcode.decode(BASE64, "Zm9v"));``
.. _func_hash:
# Import a VMOD that tests BLOBs for equality
import blob;
BLOB hash(ENUM, BLOB)
# Check if request header HMAC matches the HMAC for
---------------------
# the hex-encoded data in request header Msg.
# Respond with 401 Not Authorized if the HMAC doesn't check.
Prototype
sub vcl_recv {
BLOB hash(ENUM hash, BLOB msg)
if (!blob.equal(blobcode.decode(SHA256, req.http.HMAC),
hmac.hmac(blobcode.decode(HEX, req.http.Msg)))) {
return(synth(401));
}
.. _func_version:
.. _func_version:
...
@@ -80,8 +150,24 @@ STRING version()
...
@@ -80,8 +150,24 @@ STRING version()
Prototype
Prototype
STRING version()
STRING version()
Description
Returns the version string for this VMOD.
Returns the version string for this VMOD.
Example::
std.log("Using VMOD blobdigest version " + blobdigest.version());
REQUIREMENTS
============
This VMOD requires at least Varnish version 4.1, and has been tested
against versions through 5.0.0.
Perl 5 is required for the build.
SEE ALSO
========
Example
* varnishd(1)
``std.log("Using VMOD blobdigest version " + blobdigest.version());``
* vcl(7)
* VMOD blobcode: https://code.uplex.de/uplex-varnish/libvmod-blobcode
* VMOD blob: https://code.uplex.de/uplex-varnish/libvmod-blob
src/vmod_blobdigest.vcc
View file @
13e0e731
...
@@ -9,36 +9,122 @@
...
@@ -9,36 +9,122 @@
$Module blobdigest 3 digests and hmacs for the VCL blob type
$Module blobdigest 3 digests and hmacs for the VCL blob type
::
BLOB blobdigest.hash(ENUM hash, BLOB msg)
new OBJECT = blobdigest.hmac(ENUM hash, BLOB key)
BLOB <obj>.hmac(BLOB msg)
DESCRIPTION
===========
This Varnish Module (VMOD) generates message digests and keyed-hash
message authentication codes (HMACs) using the VCL data type BLOB,
which may contain arbitrary data of any length.
Currently (in Varnish versions through 5.0), BLOBs may only be used in
VCL as arguments of VMOD functions, so this VMOD must be used in
combination with other VMODs. For example, the blobcode VMOD (see `SEE
ALSO`_) may be used to convert BLOBs using binary-to-text encodings,
to initialize data for this VMOD and to save its results. The
advantage of using BLOBs is that operations on the data are separated
from issues such as encoding.
HASH ALGORITHMS
===============
The ``hash`` enum in the following can have one of the following
values:
* ``MD5``
* ``SHA1``
* ``SHA224``
* ``SHA256``
* ``SHA384``
* ``SHA512``
* ``SHA3_224``
* ``SHA3_256``
* ``SHA3_384``
* ``SHA3_512``
$Function BLOB hash(ENUM {MD5, SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224,
SHA3_256, SHA3_384, SHA3_512} hash, BLOB msg)
Returns the message digest for ``msg`` as specified by ``hash``.
Example::
import blobdigest;
import blobcode;
# Decode the base64-encoded string, generate its SHA256 hash,
# and save the hex-encoded result in a header.
set req.http.SHA256
= blobcode.encode(HEXUC,
blobdigest.hash(SHA256,
blobcode.decode(BASE64, "Zm9v"));
$Object hmac(ENUM {MD5, SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224,
$Object hmac(ENUM {MD5, SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224,
SHA3_256, SHA3_384, SHA3_512} hash, BLOB key)
SHA3_256, SHA3_384, SHA3_512} hash, BLOB key)
Prototype
Prototype
new OBJ = blobdigest.hmac(ENUM hash, BLOB key)
new OBJ = blobdigest.hmac(ENUM hash, BLOB key)
Description
Creates an object that generates HMACs based on the digest algorithm
Creates an object that generates HMACs based on the
``hash`` and the given ``key``.
digest algorithm ``hash`` and the given ``key``.
Example::
import blobdigest;
import blobcode;
Example
# Create a key from the base64-encoded string, and use
``new key = blobcode.blob(BASE64, "a2V5");``
# the result to initialize an hmac object.
``new hmac = blobdigest.hmac(SHA256, key.get());``
sub vcl_init {
new key = blobcode.blob(BASE64, "a2V5");
new hmac = blobdigest.hmac(SHA256, key.get());
}
$Method BLOB .hmac(BLOB msg)
$Method BLOB .hmac(BLOB msg)
Description
Returns the HMAC for ``msg`` based on the key and hash algorithm
Returns the HMAC for ``msg`` based on the key and
provided in the constructor.
hash algorithm provided in the constructor.
Example
Example::
``set req.http.hmac = hmac.hmac(blobcode.decode(BASE64, "Zm9v"));``
$Function BLOB hash(ENUM {MD5, SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224,
# Import a VMOD that tests BLOBs for equality
SHA3_256, SHA3_384, SHA3_512} hash, BLOB msg)
import blob;
# Check if request header HMAC matches the HMAC for
# the hex-encoded data in request header Msg.
# Respond with 401 Not Authorized if the HMAC doesn't check.
sub vcl_recv {
if (!blob.equal(blobcode.decode(SHA256, req.http.HMAC),
hmac.hmac(blobcode.decode(HEX, req.http.Msg)))) {
return(synth(401));
}
$Function STRING version()
$Function STRING version()
Description
Returns the version string for this VMOD.
Returns the version string for this VMOD.
Example::
std.log("Using VMOD blobdigest version " + blobdigest.version());
REQUIREMENTS
============
This VMOD requires at least Varnish version 4.1, and has been tested
against versions through 5.0.0.
Perl 5 is required for the build.
SEE ALSO
========
Example
* varnishd(1)
``std.log("Using VMOD blobdigest version " + blobdigest.version());``
* vcl(7)
* VMOD blobcode: https://code.uplex.de/uplex-varnish/libvmod-blobcode
* VMOD blob: https://code.uplex.de/uplex-varnish/libvmod-blob
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
