Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
libvmod-crypto
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
uplex-varnish
libvmod-crypto
Commits
2e119b29
Unverified
Commit
2e119b29
authored
Mar 24, 2021
by
Nils Goroll
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update generated docs
parent
3186384d
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
164 additions
and
49 deletions
+164
-49
README.rst
README.rst
+155
-41
vmod_crypto.rst
src/vmod_crypto.rst
+9
-8
No files found.
README.rst
View file @
2e119b29
..
..
.. NB: This file is machine generated, DO NOT EDIT!
.. NB: This file is machine generated, DO NOT EDIT!
..
..
.. Edit
vmod
.vcc and run make instead
.. Edit
./vmod_crypto
.vcc and run make instead
..
..
.. role:: ref(emphasis)
.. role:: ref(emphasis)
.. _vmod_crypto(3):
===========
===========
vmod_crypto
vmod_crypto
===========
===========
---------------------
---------------------
---------------------------------------------
Varnish crypto Modul
e
Public Key signature generation and verification for Varnish-Cach
e
---------------------
---------------------
---------------------------------------------
:Manual section: 3
:Manual section: 3
SYNOPSIS
SYNOPSIS
========
========
.. parsed-literal::
::
import crypto [as name] [from "path"]
new xkey = crypto.key()
BLOB xkey.use()
import crypto [from "path"] ;
VOID xkey.pem_pubkey(STRING)
new xverifier = verifier(ENUM digest, STRING key)
VOID xkey.pem_privkey(STRING, STRING password)
VOID xkey.rsa(BLOB n, BLOB e, [BLOB d])
new xverifier = crypto.verifier(ENUM digest, [STRING pem], [BLOB key])
BOOL xverifier.update(STRING)
BOOL xverifier.update(STRING)
...
@@ -36,6 +43,15 @@ SYNOPSIS
...
@@ -36,6 +43,15 @@ SYNOPSIS
BOOL xverifier.valid(BLOB signature)
BOOL xverifier.valid(BLOB signature)
new xsigner = crypto.signer(ENUM digest, [STRING pem], [BLOB key])
BOOL xsigner.update(STRING)
BOOL xsigner.update_blob(BLOB)
BOOL xsigner.reset()
BLOB xsigner.final()
DESCRIPTION
DESCRIPTION
...
@@ -64,56 +80,100 @@ Example
...
@@ -64,56 +80,100 @@ Example
return (synth(400, "invalid signature"));
return (synth(400, "invalid signature"));
}
}
}
}
} -start
CONTENTS
.. _crypto.key():
========
new xkey = crypto.key()
-----------------------
Create a generic key object. The algorithm gets defined by the method
called upon it.
Any methods on `crypto.key()`_ may only be used in ``sub vcl_init {}``.
.. _xkey.use():
BLOB xkey.use()
---------------
Wrap the key in a blob to be passed to `crypto.verifier()`_
.. _xkey.pem_pubkey():
VOID xkey.pem_pubkey(STRING)
----------------------------
Create a key from the PEM-encoded public key.
The cryptographic method to be used and the key length are
automatically determined from _pem_. Typically supported methods
comprise RSA and DSA.
Any error is fatal to vcl initialization.
.. _xkey.pem_privkey():
VOID xkey.pem_privkey(STRING, STRING password=0)
------------------------------------------------
Create a key from the PEM-encoded private key, optionally decrypting
it using `password`.
The cryptographic method to be used and the key length are
automatically determined from _pem_. Typically supported methods
comprise RSA and DSA.
Any error is fatal to vcl initialization.
* :ref:`obj_verifier`
.. _xkey.rsa():
* :ref:`func_verifier.reset`
* :ref:`func_verifier.update`
* :ref:`func_verifier.update_blob`
* :ref:`func_verifier.valid`
VOID xkey.rsa(BLOB n, BLOB e, [BLOB d])
---------------------------------------
.. _obj_verifier:
Create an RSA key from the parameters n, e, and optionally d.
new xverifier = verifier(ENUM digest, STRING key)
Any error is fatal to vcl initialization.
-------------------------------------------------
.. _crypto.verifier():
new xverifier = crypto.verifier(ENUM digest, [STRING pem], [BLOB key])
----------------------------------------------------------------------
::
::
new xverifier = verifier(
new xverifier =
crypto.
verifier(
ENUM {md_null, md4, md5, sha1, sha224, sha256, sha384, sha512, ripemd160, rmd160, whirlpool} digest,
ENUM {md_null, md4, md5, sha1, sha224, sha256, sha384, sha512, ripemd160, rmd160, whirlpool} digest,
STRING key
[STRING pem],
[BLOB key]
)
)
Create an object to verify signatures created using _digest_ and
Create an object to verify signatures created using _digest_ and
_key_.
_key_.
The _key_ argument is a PEM-encoded public key specification.
The _key_ argument should be a call to `xkey.use()`_ on the respective
`crypto.key()`_ object.
The cryptographic method to be used and the key length are
Alternatively to _key_, the _pem_ argument may be used to pass a
automatically determined from _key_. Typically supported method
s
PEM-encoded public key specification. Use of the _pem_ argument i
s
comprise RSA and DSA
.
deprecated
.
.. _func_verifier.update:
Either the _key_ or the _pem_ argument must be given.
.. _xverifier.update():
BOOL xverifier.update(STRING)
BOOL xverifier.update(STRING)
-----------------------------
-----------------------------
Add strings to the data to be verfied with the verifier object.
Add strings to the data to be verfied with the verifier object.
.. _xverifier.update_blob():
.. _func_verifier.update_blob:
BOOL xverifier.update_blob(BLOB)
BOOL xverifier.update_blob(BLOB)
--------------------------------
--------------------------------
Add a blob to the data to be verified with the verifier object.
Add a blob to the data to be verified with the verifier object.
.. _xverifier.reset():
.. _func_verifier.reset:
BOOL xverifier.reset()
BOOL xverifier.reset()
----------------------
----------------------
...
@@ -121,8 +181,7 @@ BOOL xverifier.reset()
...
@@ -121,8 +181,7 @@ BOOL xverifier.reset()
Reset the verfication state as if previous calls to the update methods
Reset the verfication state as if previous calls to the update methods
had not happened.
had not happened.
.. _xverifier.valid():
.. _func_verifier.valid:
BOOL xverifier.valid(BLOB signature)
BOOL xverifier.valid(BLOB signature)
------------------------------------
------------------------------------
...
@@ -134,20 +193,75 @@ Note that after calling .valid(), .update can be called again to add
...
@@ -134,20 +193,75 @@ Note that after calling .valid(), .update can be called again to add
additional data, which can then be validated against a (different)
additional data, which can then be validated against a (different)
signature using another call to .valid().
signature using another call to .valid().
.. _crypto.signer():
SEE ALSO
new xsigner = crypto.signer(ENUM digest, [STRING pem], [BLOB key])
========vcl\(7),varnishd\(1)
------------------------------------------------------------------
::
new xsigner = crypto.signer(
ENUM {md_null, md4, md5, sha1, sha224, sha256, sha384, sha512, ripemd160, rmd160, whirlpool} digest,
[STRING pem],
[BLOB key]
)
Create an object to create signatures using _digest_ and _key_.
The _key_ argument should be a call to `xkey.use()`_ on the respective
`crypto.key()`_ private key object.
Alternatively to _key_, the _pem_ argument may be used to pass a
PEM-encoded private key specification. Password protection is not
supported with a _pem_ argument. Use of the _pem_ argument is
deprecated.
Either the _key_ or the _pem_ argument must be given.
.. _xsigner.update():
BOOL xsigner.update(STRING)
---------------------------
Add strings to the data to be signed.
.. _xsigner.update_blob():
BOOL xsigner.update_blob(BLOB)
------------------------------
Add a blob to the data to be signed.
.. _xsigner.reset():
BOOL xsigner.reset()
--------------------
Reset the signer state as if previous calls to the update methods had
not happened.
.. _xsigner.final():
BLOB xsigner.final()
--------------------
Return the signature for data added using `xsigner.update()` and
`xsigner.update_blob()`.
Note that after calling `xsigner.final()`,
`xsigner.update()`/`xsigner.update_blob()` can be called again to add
additional data, and more signatures can be generated with
`xsigner.final()`.
SEE ALSO
========vcl\(7),varnishd\(1)
COPYRIGHT
COPYRIGHT
=========
=========
::
::
Copyright 2018 UPLEX Nils Goroll Systemoptimierung
Copyright 2018
,2021
UPLEX Nils Goroll Systemoptimierung
All rights reserved
All rights reserved
Author: Nils Goroll <nils.goroll@uplex.de>
Author: Nils Goroll <nils.goroll@uplex.de>
...
...
src/vmod_crypto.rst
View file @
2e119b29
...
@@ -9,9 +9,9 @@
...
@@ -9,9 +9,9 @@
.. _vmod_crypto(3):
.. _vmod_crypto(3):
======================================================
======================================================
==========================
VMOD crypto - Public Key
hash verification for Varnish
VMOD crypto - Public Key
signature generation and verification for Varnish-Cache
======================================================
======================================================
==========================
SYNOPSIS
SYNOPSIS
========
========
...
@@ -114,7 +114,7 @@ VOID xkey.pem_privkey(STRING, STRING password=0)
...
@@ -114,7 +114,7 @@ VOID xkey.pem_privkey(STRING, STRING password=0)
------------------------------------------------
------------------------------------------------
Create a key from the PEM-encoded private key, optionally decrypting
Create a key from the PEM-encoded private key, optionally decrypting
it using
`password`
.
it using
_password_
.
The cryptographic method to be used and the key length are
The cryptographic method to be used and the key length are
automatically determined from _pem_. Typically supported methods
automatically determined from _pem_. Typically supported methods
...
@@ -186,9 +186,10 @@ BOOL xverifier.valid(BLOB signature)
...
@@ -186,9 +186,10 @@ BOOL xverifier.valid(BLOB signature)
Check if _signature_ is a valid signature for the _verifier_ object
Check if _signature_ is a valid signature for the _verifier_ object
given the previous updates.
given the previous updates.
Note that after calling .valid(), .update can be called again to add
Note that after calling `xverifier.valid()`, `xverifier.update()` can
additional data, which can then be validated against a (different)
be called again to add additional data, which can then be validated
signature using another call to .valid().
against a (different) signature using another call to
`xverifier.valid()`.
.. _crypto.signer():
.. _crypto.signer():
...
@@ -258,7 +259,7 @@ COPYRIGHT
...
@@ -258,7 +259,7 @@ COPYRIGHT
::
::
Copyright 2018 UPLEX Nils Goroll Systemoptimierung
Copyright 2018
,2021
UPLEX Nils Goroll Systemoptimierung
All rights reserved
All rights reserved
Author: Nils Goroll <nils.goroll@uplex.de>
Author: Nils Goroll <nils.goroll@uplex.de>
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment