diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-11-04 10:47:35 +0000 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-11-04 10:47:35 +0000 |
| commit | 3b05acf8ab3fcd31d31cfbf71761a27936bcffaf (patch) | |
| tree | b40ba9d87ada280020603bf9b190e2a5b49005f1 /src/lua/lua_cryptobox.c | |
| parent | c3401688a14e4d874a139ad7b6b7751e950eed5f (diff) | |
| download | rspamd-3b05acf8ab3fcd31d31cfbf71761a27936bcffaf.tar.gz rspamd-3b05acf8ab3fcd31d31cfbf71761a27936bcffaf.zip | |
[Minor] Return cookie timestamp when decrypting
Diffstat (limited to 'src/lua/lua_cryptobox.c')
| -rw-r--r-- | src/lua/lua_cryptobox.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/lua/lua_cryptobox.c b/src/lua/lua_cryptobox.c index ad446cb53..54b09a681 100644 --- a/src/lua/lua_cryptobox.c +++ b/src/lua/lua_cryptobox.c @@ -1881,6 +1881,7 @@ lua_cryptobox_encrypt_cookie (lua_State *L) /* Fill nonce */ ottery_rand_bytes (nonce, sizeof (guint64) + sizeof (guint32)); ts = (guint32)rspamd_get_calendar_ticks (); + ts = GUINT32_TO_LE (ts); memcpy (nonce + sizeof (guint64) + sizeof (guint32), &ts, sizeof (ts)); /* Prepare padded cookie */ @@ -1933,7 +1934,7 @@ lua_cryptobox_encrypt_cookie (lua_State *L) * ``` * @param {string} secret_key secret key as a hex string (must be 16 bytes in raw or 32 in hex) * @param {string} encrypted_cookie encrypted cookie as a base64 encoded string - * @return {string} decrypted value of the cookie + * @return {string+number} decrypted value of the cookie and the cookie timestamp */ static gint lua_cryptobox_decrypt_cookie (lua_State *L) @@ -1942,6 +1943,7 @@ lua_cryptobox_decrypt_cookie (lua_State *L) guchar nonce[RSPAMD_CRYPTOBOX_AES_BLOCKSIZE]; guchar aes_key[RSPAMD_CRYPTOBOX_AES_KEYSIZE]; guchar *src; + guint32 ts; const gchar *sk, *cookie; gsize sklen, cookie_len; @@ -1981,6 +1983,9 @@ lua_cryptobox_decrypt_cookie (lua_State *L) EVP_EncryptInit_ex (ctx, EVP_aes_128_ecb (), NULL, aes_key, NULL); EVP_CIPHER_CTX_set_padding (ctx, 0); + /* Copy time */ + memcpy (&ts, nonce + sizeof (guint64) + sizeof (guint32), sizeof (ts)); + ts = GUINT32_FROM_LE (ts); bklen = sizeof (nonce); blk = nonce; g_assert (EVP_EncryptUpdate (ctx, blk, &bklen, src, @@ -1997,9 +2002,11 @@ lua_cryptobox_decrypt_cookie (lua_State *L) if (src[RSPAMD_CRYPTOBOX_AES_BLOCKSIZE * 2 - 1] != '\0') { /* Bad cookie */ lua_pushnil (L); + lua_pushnil (L); } else { lua_pushstring (L, src + sizeof (nonce)); + lua_pushnumber (L, ts); } rspamd_explicit_memzero (src, RSPAMD_CRYPTOBOX_AES_BLOCKSIZE * 2); @@ -2010,7 +2017,7 @@ lua_cryptobox_decrypt_cookie (lua_State *L) return luaL_error (L, "invalid arguments"); } - return 1; + return 2; } static gint |