Added mbed functionality

src/Makefile.am

@@ -166,7 +166,9 @@ OPERATORS = \
 
 UTILS = \
 	utils/acmp.cc \
+    utils/crypto_helpers.cc \
 	utils/geo_lookup.cc \
+    utils/hexify.cc \
 	utils/https_client.cc \
 	utils/ip_tree.cc \
 	utils/md5.cc \

src/actions/transformations/md5.cc

@@ -24,6 +24,7 @@
 
 #include "modsecurity/transaction.h"
 #include "actions/transformations/transformation.h"
+#include "utils/crypto_helpers.h"
 
 
 namespace modsecurity {
@@ -37,15 +38,7 @@ Md5::Md5(std::string action)
 
 std::string Md5::evaluate(std::string value,
     Transaction *transaction) {
-    /**
-     * @todo Implement the transformation Md5
-     */
-    if (transaction) {
-#ifndef NO_LOGS
-        transaction->debug(4, "Transformation Md5 is not implemented yet.");
-#endif
-    }
-    return value;
+    return modsecurity::utils::crypto::md5_raw(value);
 }
 
 }  // namespace transformations

src/actions/transformations/sha1.cc

@@ -24,7 +24,7 @@
 
 #include "modsecurity/transaction.h"
 #include "actions/transformations/transformation.h"
-#include "utils/sha1.h"
+#include "utils/crypto_helpers.h"
 #include "src/utils.h"
 
 
@@ -39,12 +39,12 @@ Sha1::Sha1(std::string action)
 
 std::string Sha1::evaluate(std::string value,
     Transaction *transaction) {
-
-    Utils::SHA1 sha1;
-    sha1.update(&value);
-    std::string sha1_bin = sha1.final_bin();
-
-    return sha1_bin;
+    
+    //Utils::SHA1 sha1;
+    //sha1.update(&value);
+    //std::string sha1_bin = sha1.final_bin();
+    
+    return modsecurity::utils::crypto::sha1_raw(value);
 }
 
 }  // namespace transformations

src/audit_log/writer/https.cc

@@ -28,7 +28,6 @@
 #include "audit_log/audit_log.h"
 #include "modsecurity/transaction.h"
 #include "src/utils.h"
-#include "utils/md5.h"
 #include "utils/https_client.h"
 
 namespace modsecurity {

src/audit_log/writer/parallel.cc

@@ -28,7 +28,7 @@
 #include "audit_log/audit_log.h"
 #include "modsecurity/transaction.h"
 #include "src/utils.h"
-#include "utils/md5.h"
+#include "utils/crypto_helpers.h"
 
 namespace modsecurity {
 namespace audit_log {
@@ -128,17 +128,17 @@ bool Parallel::write(Transaction *transaction, int parts) {
 
     if (log1.is_open() && log2.is_open()) {
         log2 << transaction->toOldAuditLogFormatIndex(fileName, log.length(),
-            md5(log));
+            modsecurity::utils::crypto::md5(log));
         log2.flush();
     }
     if (log1.is_open() && !log2.is_open()) {
         log1 << transaction->toOldAuditLogFormatIndex(fileName, log.length(),
-            md5(log));
+            modsecurity::utils::crypto::md5(log));
         log1.flush();
     }
     if (!log1.is_open() && log2.is_open()) {
         log2 << transaction->toOldAuditLogFormatIndex(fileName, log.length(),
-            md5(log));
+            modsecurity::utils::crypto::md5(log));
         log2.flush();
     }
 

src/unique_id.cc

@@ -51,22 +51,23 @@
 #include <unistd.h>
 #include <string.h>
 
-#include "src/utils/sha1.h"
+#include "src/utils/crypto_helpers.h"
 
 namespace modsecurity {
 
 void UniqueId::fillUniqueId() {
     std::string macAddress;
     std::string name;
-    Utils::SHA1 sha1;
+    //Utils::SHA1 sha1;
 
     macAddress = ethernetMacAddress();
     name = machineName();
-
-    sha1.update(&macAddress);
-    sha1.update(&name);
-
-    this->uniqueId_str = sha1.final();
+    std::string macAndName = macAddress + name;
+    this->uniqueId_str = modsecurity::utils::crypto::sha1( macAndName );
+    //this->uniqueId_str = retval;
+    //sha1.update(&macAddress);
+    //sha1.update(&name);
+    //this->uniqueId_str = sha1.final();
 }
 
 // Based on:

src/utils/comp.sh

@@ -0,0 +1,2 @@
+gcc -c -std=c99 -o md5.o md5.c 
+g++ -Wall -W -O2 md5.o hexify.cc md5.cpp hexify.h -o md5

src/utils/comp2.sh

@@ -0,0 +1,2 @@
+gcc -c -std=c99 -o md5.o md5.c 
+g++ -Wall -W -O2 md5.o hexify.h hexify.cc  md52.cpp crypto_helpers.cc crypto_helpers.h -o md52

src/utils/crypto_helpers.cc

@@ -0,0 +1,67 @@
+#include <stdio.h>
+#include <string>
+#include <iostream>
+
+#include "mbedtls/md5.h"
+#include "mbedtls/sha1.h"
+#include "hexify.h"
+#include "crypto_helpers.h"
+
+std::string modsecurity::utils::crypto::md5( std::string input )
+{
+    const char unsigned * y = (unsigned char *)input.c_str();
+    unsigned char md5sum[16];
+    mbedtls_md5_context md5_ctx;
+    modsecurity::utils::crypto::mbedtls_md5_init(&md5_ctx);
+    modsecurity::utils::crypto::mbedtls_md5_starts(&md5_ctx);
+    modsecurity::utils::crypto::mbedtls_md5_update(&md5_ctx,y,input.length());
+    modsecurity::utils::crypto::mbedtls_md5_finish(&md5_ctx,md5sum);
+    unsigned char output[32];
+    modsecurity::utils::hexify(output,md5sum, 16);
+    std::string myString(reinterpret_cast<char const*>(output), 31);
+    return myString;
+}
+
+std::string modsecurity::utils::crypto::md5_raw( std::string input )
+{
+    const char unsigned * y = (unsigned char *)input.c_str();
+    unsigned char md5sum[16];
+    mbedtls_md5_context md5_ctx;
+    modsecurity::utils::crypto::mbedtls_md5_init(&md5_ctx);
+    modsecurity::utils::crypto::mbedtls_md5_starts(&md5_ctx);
+    modsecurity::utils::crypto::mbedtls_md5_update(&md5_ctx,y,input.length());
+    modsecurity::utils::crypto::mbedtls_md5_finish(&md5_ctx,md5sum);
+    std::string retval( reinterpret_cast<char const*>(md5sum), 16 ) ;
+    return retval;
+}
+
+std::string modsecurity::utils::crypto::sha1( std::string input )
+{
+    const char unsigned * y = (unsigned char *)input.c_str();
+    unsigned char sha1sum[20];
+    mbedtls_sha1_context sha1_ctx;
+    modsecurity::utils::crypto::mbedtls_sha1_init(&sha1_ctx);
+    modsecurity::utils::crypto::mbedtls_sha1_starts(&sha1_ctx);
+    modsecurity::utils::crypto::mbedtls_sha1_update(&sha1_ctx,y,input.length());
+    modsecurity::utils::crypto::mbedtls_sha1_finish(&sha1_ctx,sha1sum);
+    unsigned char output[41];
+    modsecurity::utils::hexify(output,sha1sum, 20);
+    std::string myString(reinterpret_cast<char const*>(output), 40);
+    return myString;
+}
+
+std::string modsecurity::utils::crypto::sha1_raw( std::string input )
+{
+    const char unsigned * y = (unsigned char *)input.c_str();
+    unsigned char sha1sum[20];
+    mbedtls_sha1_context sha1_ctx;
+    modsecurity::utils::crypto::mbedtls_sha1_init(&sha1_ctx);
+    modsecurity::utils::crypto::mbedtls_sha1_starts(&sha1_ctx);
+    modsecurity::utils::crypto::mbedtls_sha1_update(&sha1_ctx,y,input.length());
+    modsecurity::utils::crypto::mbedtls_sha1_finish(&sha1_ctx,sha1sum);
+    std::string retval( reinterpret_cast<char const*>(sha1sum), 20 ) ;
+    return retval;
+
+}
+
+

src/utils/crypto_helpers.h

@@ -0,0 +1,59 @@
+/**
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#include <string>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef __cplusplus
+namespace modsecurity {
+namespace utils {
+namespace crypto {
+#endif
+
+/**
+ * \brief           Take a raw element and hex encode it
+ *
+ * \param obuf      The output hex encoded value
+ *
+ * \param ibuf      The raw input buffer
+ *
+ * \param len       The length of the raw input
+ */
+std::string md5( std::string input );
+
+std::string md5_raw( std::string input );
+
+std::string sha1( std::string input );
+
+std::string sha1_raw( std::string input );
+
+#ifdef __cplusplus
+}  // namespace crypto
+}  // namespace utils
+}  // namespace modsecurity
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+

src/utils/hexify.cc

@@ -0,0 +1,81 @@
+/**
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#include <string.h>
+#include <assert.h>
+#include "hexify.h"
+
+void modsecurity::utils::hexify( unsigned char *obuf, const unsigned char *ibuf, int len )
+{
+    unsigned char l, h;
+
+    while( len != 0 )
+    {
+        h = *ibuf / 16;
+        l = *ibuf % 16;
+
+        if( h < 10 )
+            *obuf++ = '0' + h;
+        else
+            *obuf++ = 'a' + h - 10;
+
+        if( l < 10 )
+            *obuf++ = '0' + l;
+        else
+            *obuf++ = 'a' + l - 10;
+
+        ++ibuf;
+        len--;
+    }
+}
+
+
+int modsecurity::utils::unhexify( unsigned char *obuf, const char *ibuf )
+{
+    unsigned char c, c2;
+    int len = strlen( ibuf ) / 2;
+    assert( strlen( ibuf ) % 2 == 0 ); // must be even number of bytes
+
+    while( *ibuf != 0 )
+    {
+        c = *ibuf++;
+        if( c >= '0' && c <= '9' )
+            c -= '0';
+        else if( c >= 'a' && c <= 'f' )
+            c -= 'a' - 10;
+        else if( c >= 'A' && c <= 'F' )
+            c -= 'A' - 10;
+        else
+            assert( 0 );
+
+        c2 = *ibuf++;
+        if( c2 >= '0' && c2 <= '9' )
+            c2 -= '0';
+        else if( c2 >= 'a' && c2 <= 'f' )
+            c2 -= 'a' - 10;
+        else if( c2 >= 'A' && c2 <= 'F' )
+            c2 -= 'A' - 10;
+        else
+            assert( 0 );
+
+        *obuf++ = ( c << 4 ) | c2;
+    }
+
+    return len;
+}