Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
libvmod-crypto
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
uplex-varnish
libvmod-crypto
Commits
2e119b29
Unverified
Commit
2e119b29
authored
Mar 24, 2021
by
Nils Goroll
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update generated docs
parent
3186384d
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
164 additions
and
49 deletions
+164
-49
README.rst
README.rst
+155
-41
vmod_crypto.rst
src/vmod_crypto.rst
+9
-8
No files found.
README.rst
View file @
2e119b29
..
.. NB: This file is machine generated, DO NOT EDIT!
..
.. Edit
vmod
.vcc and run make instead
.. Edit
./vmod_crypto
.vcc and run make instead
..
.. role:: ref(emphasis)
.. _vmod_crypto(3):
===========
vmod_crypto
===========
---------------------
Varnish crypto Modul
e
---------------------
---------------------
---------------------------------------------
Public Key signature generation and verification for Varnish-Cach
e
---------------------
---------------------------------------------
:Manual section: 3
SYNOPSIS
========
.. parsed-literal::
::
import crypto [from "path"] ;
import crypto [as name] [from "path"]
new xkey = crypto.key()
BLOB xkey.use()
new xverifier = verifier(ENUM digest, STRING key)
VOID xkey.pem_pubkey(STRING)
VOID xkey.pem_privkey(STRING, STRING password)
VOID xkey.rsa(BLOB n, BLOB e, [BLOB d])
new xverifier = crypto.verifier(ENUM digest, [STRING pem], [BLOB key])
BOOL xverifier.update(STRING)
BOOL xverifier.update_blob(BLOB)
BOOL xverifier.reset()
BOOL xverifier.valid(BLOB signature)
new xsigner = crypto.signer(ENUM digest, [STRING pem], [BLOB key])
BOOL xsigner.update(STRING)
BOOL xsigner.update_blob(BLOB)
BOOL xsigner.reset()
BLOB xsigner.final()
DESCRIPTION
===========
...
...
@@ -64,56 +80,100 @@ Example
return (synth(400, "invalid signature"));
}
}
} -start
CONTENTS
========
.. _crypto.key():
new xkey = crypto.key()
-----------------------
Create a generic key object. The algorithm gets defined by the method
called upon it.
Any methods on `crypto.key()`_ may only be used in ``sub vcl_init {}``.
.. _xkey.use():
BLOB xkey.use()
---------------
Wrap the key in a blob to be passed to `crypto.verifier()`_
.. _xkey.pem_pubkey():
VOID xkey.pem_pubkey(STRING)
----------------------------
Create a key from the PEM-encoded public key.
The cryptographic method to be used and the key length are
automatically determined from _pem_. Typically supported methods
comprise RSA and DSA.
Any error is fatal to vcl initialization.
.. _xkey.pem_privkey():
VOID xkey.pem_privkey(STRING, STRING password=0)
------------------------------------------------
* :ref:`obj_verifier`
* :ref:`func_verifier.reset`
* :ref:`func_verifier.update`
* :ref:`func_verifier.update_blob`
* :ref:`func_verifier.valid`
Create a key from the PEM-encoded private key, optionally decrypting
it using `password`.
The cryptographic method to be used and the key length are
automatically determined from _pem_. Typically supported methods
comprise RSA and DSA.
Any error is fatal to vcl initialization.
.. _xkey.rsa():
VOID xkey.rsa(BLOB n, BLOB e, [BLOB d])
---------------------------------------
.. _obj_verifier:
Create an RSA key from the parameters n, e, and optionally d.
new xverifier = verifier(ENUM digest, STRING key)
-------------------------------------------------
Any error is fatal to vcl initialization.
.. _crypto.verifier():
new xverifier = crypto.verifier(ENUM digest, [STRING pem], [BLOB key])
----------------------------------------------------------------------
::
new xverifier = verifier(
new xverifier =
crypto.
verifier(
ENUM {md_null, md4, md5, sha1, sha224, sha256, sha384, sha512, ripemd160, rmd160, whirlpool} digest,
STRING key
[STRING pem],
[BLOB key]
)
Create an object to verify signatures created using _digest_ and
_key_.
The _key_ argument is a PEM-encoded public key specification.
The _key_ argument should be a call to `xkey.use()`_ on the respective
`crypto.key()`_ object.
The cryptographic method to be used and the key length are
automatically determined from _key_. Typically supported method
s
comprise RSA and DSA
.
Alternatively to _key_, the _pem_ argument may be used to pass a
PEM-encoded public key specification. Use of the _pem_ argument i
s
deprecated
.
.. _func_verifier.update:
Either the _key_ or the _pem_ argument must be given.
.. _xverifier.update():
BOOL xverifier.update(STRING)
-----------------------------
Add strings to the data to be verfied with the verifier object.
.. _func_verifier.update_blob:
.. _xverifier.update_blob():
BOOL xverifier.update_blob(BLOB)
--------------------------------
Add a blob to the data to be verified with the verifier object.
.. _func_verifier.reset:
.. _xverifier.reset():
BOOL xverifier.reset()
----------------------
...
...
@@ -121,8 +181,7 @@ BOOL xverifier.reset()
Reset the verfication state as if previous calls to the update methods
had not happened.
.. _func_verifier.valid:
.. _xverifier.valid():
BOOL xverifier.valid(BLOB signature)
------------------------------------
...
...
@@ -134,20 +193,75 @@ Note that after calling .valid(), .update can be called again to add
additional data, which can then be validated against a (different)
signature using another call to .valid().
.. _crypto.signer():
SEE ALSO
========vcl\(7),varnishd\(1)
new xsigner = crypto.signer(ENUM digest, [STRING pem], [BLOB key])
------------------------------------------------------------------
::
new xsigner = crypto.signer(
ENUM {md_null, md4, md5, sha1, sha224, sha256, sha384, sha512, ripemd160, rmd160, whirlpool} digest,
[STRING pem],
[BLOB key]
)
Create an object to create signatures using _digest_ and _key_.
The _key_ argument should be a call to `xkey.use()`_ on the respective
`crypto.key()`_ private key object.
Alternatively to _key_, the _pem_ argument may be used to pass a
PEM-encoded private key specification. Password protection is not
supported with a _pem_ argument. Use of the _pem_ argument is
deprecated.
Either the _key_ or the _pem_ argument must be given.
.. _xsigner.update():
BOOL xsigner.update(STRING)
---------------------------
Add strings to the data to be signed.
.. _xsigner.update_blob():
BOOL xsigner.update_blob(BLOB)
------------------------------
Add a blob to the data to be signed.
.. _xsigner.reset():
BOOL xsigner.reset()
--------------------
Reset the signer state as if previous calls to the update methods had
not happened.
.. _xsigner.final():
BLOB xsigner.final()
--------------------
Return the signature for data added using `xsigner.update()` and
`xsigner.update_blob()`.
Note that after calling `xsigner.final()`,
`xsigner.update()`/`xsigner.update_blob()` can be called again to add
additional data, and more signatures can be generated with
`xsigner.final()`.
SEE ALSO
========vcl\(7),varnishd\(1)
COPYRIGHT
=========
::
Copyright 2018 UPLEX Nils Goroll Systemoptimierung
Copyright 2018
,2021
UPLEX Nils Goroll Systemoptimierung
All rights reserved
Author: Nils Goroll <nils.goroll@uplex.de>
...
...
src/vmod_crypto.rst
View file @
2e119b29
...
...
@@ -9,9 +9,9 @@
.. _vmod_crypto(3):
======================================================
VMOD crypto - Public Key
hash verification for Varnish
======================================================
======================================================
==========================
VMOD crypto - Public Key
signature generation and verification for Varnish-Cache
======================================================
==========================
SYNOPSIS
========
...
...
@@ -114,7 +114,7 @@ VOID xkey.pem_privkey(STRING, STRING password=0)
------------------------------------------------
Create a key from the PEM-encoded private key, optionally decrypting
it using
`password`
.
it using
_password_
.
The cryptographic method to be used and the key length are
automatically determined from _pem_. Typically supported methods
...
...
@@ -186,9 +186,10 @@ BOOL xverifier.valid(BLOB signature)
Check if _signature_ is a valid signature for the _verifier_ object
given the previous updates.
Note that after calling .valid(), .update can be called again to add
additional data, which can then be validated against a (different)
signature using another call to .valid().
Note that after calling `xverifier.valid()`, `xverifier.update()` can
be called again to add additional data, which can then be validated
against a (different) signature using another call to
`xverifier.valid()`.
.. _crypto.signer():
...
...
@@ -258,7 +259,7 @@ COPYRIGHT
::
Copyright 2018 UPLEX Nils Goroll Systemoptimierung
Copyright 2018
,2021
UPLEX Nils Goroll Systemoptimierung
All rights reserved
Author: Nils Goroll <nils.goroll@uplex.de>
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment