+ initial commit into this new module ( extracted from api-gateway-core )

Author: ddascal

.gitignore

@@ -0,0 +1,2 @@
+target
+target/*

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "test/resources/test-nginx"]
+	path = test/resources/test-nginx
+	url = https://github.com/agentzh/test-nginx.git

Makefile

@@ -0,0 +1,27 @@
+# NOTE: Every line in a recipe must begin with a tab character.
+BUILD_DIR ?= target
+
+PREFIX ?=          /usr/local
+LUA_INCLUDE_DIR ?= $(PREFIX)/include
+LUA_LIB_DIR ?=     $(PREFIX)/lib/lua/$(LUA_VERSION)
+INSTALL ?= install
+
+.PHONY: all clean test install
+
+all: ;
+
+install: all
+	$(INSTALL) -d $(DESTDIR)/$(LUA_LIB_DIR)/api-gateway/resty/
+	$(INSTALL) src/lua/api-gateway/resty/*.lua $(DESTDIR)/$(LUA_LIB_DIR)/api-gateway/resty/
+
+test:
+	echo "running tests ..."
+#	cp -r test/resources/api-gateway $(BUILD_DIR)
+	mkdir  -p $(BUILD_DIR)/
+	PATH=/usr/local/sbin:$$PATH TEST_NGINX_SERVROOT=`pwd`/$(BUILD_DIR)/servroot TEST_NGINX_PORT=1989 prove -I ./test/resources/test-nginx/lib -r ./test/perl
+
+package:
+	git archive --format=tar --prefix=api-gateway-hmac-1.0/ -o api-gateway-hmac-1.0.tar.gz -v HEAD
+
+clean: all
+	rm -rf $(BUILD_DIR)/servroot

README.md

@@ -2,3 +2,116 @@ api-gateway-hmac
 ================
 
 Adds HMAC support to Lua with multiple algorithms, via OpenSSL and FFI
+
+Table of Contents
+=================
+
+* [Status](#status)
+* [Description](#description)
+* [Synopsis](#synopsis)
+* [Developer Guide](#developer-guide)
+
+
+Status
+======
+
+This library is considered production ready.
+
+Description
+===========
+
+This library requires an nginx build with OpenSSL,
+the [ngx_lua module](http://wiki.nginx.org/HttpLuaModule), and [LuaJIT 2.0](http://luajit.org/luajit.html).
+
+
+Synopsis
+========
+
+```lua
+    # nginx.conf:
+
+    lua_package_path "/path/to/lua-resty-string/lib/?.lua;;";
+
+    server {
+        location = /test {
+            content_by_lua_file conf/test.lua;
+        }
+    }
+
+    -- conf/test.lua:
+
+    -- HMAC-SHA-1
+    local resty_hmac_sha1 = require "api-gateway.resty.hmac"
+    local hmac_sha1 = resty_hmac_sha1:new()
+
+    local digest = hmac_sha1:digest("sha1","secret-key","Hello world")
+    ngx.say("hmac_sha1: ", digest)
+
+    -- HMAC-SHA-224
+    local resty_hmac_sha224 = require "api-gateway.resty.hmac"
+    local hmac_sha224 = resty_hmac_sha224:new()
+
+    local digest = hmac_sha224:digest("sha224","secret-key","Hello world")
+    ngx.say("hmac_sha224: ", digest)
+
+    -- HMAC-SHA-226
+    local resty_hmac_sha256 = require "api-gateway.resty.hmac"
+    local hmac_sha256 = resty_hmac_sha256:new()
+
+    local digest = hmac_sha256:digest("sha256","secret-key","Hello world")
+    ngx.say("hmac_sha256: ", digest)
+
+    -- HMAC-SHA-384
+    local resty_hmac_sha384 = require "api-gateway.resty.hmac"
+    local hmac_sha384 = resty_hmac_sha384:new()
+
+    local digest = hmac_sha384:digest("sha384","secret-key","Hello world")
+    ngx.say("hmac_sha384: ", digest)
+
+    -- HMAC-SHA-512
+    local resty_hmac_sha512 = require "api-gateway.resty.hmac"
+    local hmac_sha512 = resty_hmac_sha512:new()
+
+    local digest = hmac_sha512:digest("sha512","secret-key","Hello world")
+    ngx.say("hmac_sha512: ", digest)
+
+
+
+```
+[Back to TOC](#table-of-contents)
+
+Developer guide
+===============
+
+## Install the api-gateway first
+ Since this module is running inside the `api-gateway`, make sure the api-gateway binary is installed under `/usr/local/sbin`.
+ You should have 2 binaries in there: `api-gateway` and `nginx`, the latter being only a symbolik link.
+
+## Update git submodules
+```
+git submodule update --init --recursive
+```
+
+## Running the tests
+The tests are based on the `test-nginx` library.
+This library is added a git submodule under `test/resources/test-nginx/` folder, from `https://github.com/agentzh/test-nginx`.
+
+Test files are located in `test/perl`.
+The other libraries such as `Redis`, `test-nginx` are located in `test/resources/`.
+Other files used when running the test are also located in `test/resources`.
+
+## Build locally
+ ```
+sudo LUA_LIB_DIR=/usr/local/api-gateway/lualib make install
+ ```
+
+To execute the test issue the following command:
+ ```
+ make test
+ ```
+
+ If you want to run a single test, the following command helps:
+ ```
+ PATH=/usr/local/sbin:$PATH TEST_NGINX_SERVROOT=`pwd`/target/servroot TEST_NGINX_PORT=1989 prove -I ./test/resources/test-nginx/lib -r ./test/perl/hmac.t
+ ```
+ This command only executes the test `awsv4signature.t`.

src/lua/api-gateway/resty/hmac.lua

@@ -0,0 +1,94 @@
+-- Adds HMAC support to Lua with multiple algorithms, via OpenSSL and FFI
+--
+-- Author: [email protected]
+-- Date: 16/05/14
+--
+
+
+local ffi = require "ffi"
+local ffi_new = ffi.new
+local ffi_str = ffi.string
+local C = ffi.C
+local resty_string = require "resty.string"
+local setmetatable = setmetatable
+local error = error
+
+
+local _M = { _VERSION = '0.09' }
+
+
+local mt = { __index = _M }
+
+--
+-- EVP_MD is defined in openssl/evp.h
+-- HMAC is defined in openssl/hmac.h
+--
+ffi.cdef[[
+typedef struct env_md_st EVP_MD;
+typedef struct env_md_ctx_st EVP_MD_CTX;
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+		    const unsigned char *d, size_t n, unsigned char *md,
+		    unsigned int *md_len);
+const EVP_MD *EVP_sha1(void);
+const EVP_MD *EVP_sha224(void);
+const EVP_MD *EVP_sha256(void);
+const EVP_MD *EVP_sha384(void);
+const EVP_MD *EVP_sha512(void);
+]]
+
+-- table definind the available algorithms and the length of each digest
+-- for more information @see: http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
+local available_algorithms = {
+    sha1   = { alg = C.EVP_sha1(),   length = 160/8  },
+    sha224 = { alg = C.EVP_sha224(), length = 224/8  },
+    sha256 = { alg = C.EVP_sha256(), length = 256/8  },
+    sha384 = { alg = C.EVP_sha384(), length = 384/8  },
+    sha512 = { alg = C.EVP_sha512(), length = 512/8  }
+}
+
+-- 64 is the max lenght and it covers up to sha512 algorithm
+local digest_len = ffi_new("int[?]", 64)
+local buf = ffi_new("char[?]", 64)
+
+
+function _M.new(self)
+    return setmetatable({}, mt)
+end
+
+local function getDigestAlgorithm(dtype)
+    local md_name = available_algorithms[dtype]
+    if ( md_name == nil ) then
+        error("attempt to use unknown algorithm: '" .. dtype ..
+                "'.\n Available algorithms are: sha1,sha224,sha256,sha384,sha512")
+    end
+    return md_name.alg, md_name.length
+end
+
+---
+-- Returns the HMAC digest. The hashing algorithm is defined by the dtype parameter.
+-- The optional raw flag, defaulted to false, is a boolean indicating whether the output should be a direct binary
+-- equivalent of the HMAC or formatted as a hexadecimal string (the default)
+--
+-- @param self
+-- @param dtype The hashing algorithm to use is specified by dtype
+-- @param key The secret
+-- @param msg The message to be signed
+-- @param raw When true, it returns the binary format, else, the hex format is returned
+--
+function _M.digest(self, dtype, key, msg, raw)
+    local evp_md, digest_length_int = getDigestAlgorithm(dtype)
+    if key == nil or msg == nil then
+        error("attempt to digest with a null key or message")
+    end
+
+    C.HMAC(evp_md, key, #key, msg, #msg, buf, digest_len)
+
+    if raw == true then
+        return ffi_str(buf,digest_length_int)
+    end
+
+    return resty_string.to_hex(ffi_str(buf,digest_length_int))
+end
+
+
+return _M