Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Use TweetNaCl instead of Cryptlib for suspension encapsulation |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
1c90f0c41c6623fe2801304079009524 |
| User & Date: | murphy 2015-05-04 09:22:50 |
Context
|
2015-05-04
| ||
| 10:39 | Allow WebGate to work with the standard suspension egg check-in: d11a75d327 user: murphy tags: trunk | |
| 09:22 | Use TweetNaCl instead of Cryptlib for suspension encapsulation check-in: 1c90f0c41c user: murphy tags: trunk | |
| 09:15 | Moved suspension module into separate compilation unit, isolating disabled interrupts check-in: 72a7ba057e user: murphy tags: trunk | |
Changes
Changes to webgate-suspend.scm.
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 |
;;; Support for suspended computations
(define current-suspension-key
(make-parameter
(sprintf
"~a:~a:~a"
(current-user-id) (current-group-id) (current-directory))))
(define (wrap-suspension sk)
(let ((evp (create-envelope FORMAT-CRYPTLIB)))
(dynamic-wind
void
(lambda ()
(attribute-set! evp OPTION-ENCR-ALGO ALGO-AES)
(attribute-set! evp OPTION-ENCR-HASH ALGO-SHA2)
(attribute-set! evp OPTION-ENCR-MAC ALGO-HMAC-SHA2)
(attribute-set! evp ENVINFO-INTEGRITY INTEGRITY-FULL)
(attribute-set!/string evp ENVINFO-PASSWORD (current-suspension-key))
(attribute-set! evp ENVINFO-DATASIZE (string-length sk))
(let ((port (open-output-object evp)))
(write-string sk #f port)
(close-output-port port))
(base64-encode (read-string #f (open-input-object evp #f #t)) #t))
(lambda ()
(destroy-object evp)))))
(define crypt-condition?
(condition-predicate 'crypt))
(define crypt-condition-code
(condition-property-accessor 'crypt 'code #f))
(define (unwrap-suspension sk)
(condition-case
(let ((evp (create-envelope FORMAT-AUTO)))
(dynamic-wind
void
(lambda ()
(with-exception-handler
(let ((abort (current-exception-handler)))
(lambda (exn)
(if (and (crypt-condition? exn)
(eqv? (crypt-condition-code exn) ENVELOPE-RESOURCE))
(attribute-set!/string
evp ENVINFO-PASSWORD (current-suspension-key))
(abort exn))))
(lambda ()
(let ((port (open-output-object evp)))
(write-string (base64-decode sk) #f port)
(close-output-port port))
(and (eqv? (attribute evp ENVINFO-INTEGRITY) INTEGRITY-FULL)
(read-string #f (open-input-object evp #f #t))))))
(lambda ()
(destroy-object evp))))
((exn crypt) #f)
((exn syntax) #f)))
(define-resource (suspended "suspended" sk parameters)
(cond
((unwrap-suspension sk)
=> (cut continuation-resume <> parameters))
(else
(make-error-response
404 "The requested suspended resource was not found on the server."))))
(define (send/suspend proc)
(continuation-suspend
(lambda (sk)
(proc (resource-uri suspended (wrap-suspension sk))))))
|
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | < < < < < < < < < < < < < < < < < < |
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
;;; Support for suspended computations
(define current-suspension-key
(make-parameter
(sprintf
"~a:~a:~a"
(current-user-id) (current-group-id) (current-directory))
(lambda (v)
(cond
((blob? v)
v)
(else
(let loop ([v (->string v)] [n 1000])
(if (positive? n)
(loop (hash v) (fx- n 1))
(string->blob (substring/shared v 0 symmetric-box-keybytes)))))))))
(define (suspension-nonce)
(substring/shared
(hash
(let ((getenv (resource-context-getenv (current-resource-context))))
(sprintf
"~a:~a/~a:~a"
(getenv "REMOTE_ADDR") (getenv "REMOTE_PORT")
(current-seconds) (current-milliseconds))))
0 symmetric-box-noncebytes))
(define (wrap-suspension sk)
(let* ((n (suspension-nonce))
(c ((symmetric-box (current-suspension-key)) sk (blob->u8vector/shared (string->blob n)))))
(base64-encode (string-append n c) #t)))
(define (unwrap-suspension sk)
(and-let* ((sk (condition-case (base64-decode sk) ((exn syntax) #f)))
((> (string-length sk) symmetric-box-noncebytes))
(n (substring/shared sk 0 symmetric-box-noncebytes))
(c (substring/shared sk symmetric-box-noncebytes)))
((symmetric-unbox (current-suspension-key)) c (blob->u8vector/shared (string->blob n)))))
(define-resource (suspended "suspended" sk parameters)
(cond
((unwrap-suspension sk)
=> (cut continuation-resume <> parameters))
(else
(make-error-response
404 "The requested suspended resource was not found on the server."))))
(define (send/suspend proc)
(continuation-suspend
(lambda (sk)
(proc (resource-uri suspended (wrap-suspension sk))))))
|
Changes to webgate.meta.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
;; -*- mode: Scheme; -*-
((category net)
(license "BSD")
(author "Thomas Chust")
(synopsis "(S)CGI web application framework")
(needs srfi-99 protobuf cryptlib)
(files "webgate.scm"
"at-expr.scm"
"suspension.scm"
"webgate-utils.scm"
"webgate-core.scm"
"webgate-suspend.scm"
"webgate-cgi.scm"
"webgate-scgi.scm"))
|
| |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
;; -*- mode: Scheme; -*-
((category net)
(license "BSD")
(author "Thomas Chust")
(synopsis "(S)CGI web application framework")
(needs srfi-99 protobuf tweetnacl)
(files "webgate.scm"
"at-expr.scm"
"suspension.scm"
"webgate-utils.scm"
"webgate-core.scm"
"webgate-suspend.scm"
"webgate-cgi.scm"
"webgate-scgi.scm"))
|
Changes to webgate.scm.
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
..
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
;; ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN ;; CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ;; SOFTWARE. (require-library srfi-1 srfi-4 srfi-13 srfi-14 srfi-18 srfi-69 srfi-99 data-structures ports extras lolevel irregex tcp posix suspension cryptlib) (module webgate-utils (write-netstring read-netstring make-at-reader make-at-read-table use-at-read-table uri-encode uri-decode base64-encode base64-decode write-html) ................................................................................ (module webgate-suspend (current-suspension-key suspended send/suspend) (import scheme chicken srfi-1 srfi-18 srfi-69 extras suspension cryptlib webgate-utils webgate-core (only posix current-user-id current-group-id current-directory)) (include "webgate-suspend.scm")) (module webgate-cgi (cgi-main-loop) (import |
|
|
|
|
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
..
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
;; ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN ;; CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ;; SOFTWARE. (require-library srfi-1 srfi-4 srfi-13 srfi-14 srfi-18 srfi-69 srfi-99 data-structures ports extras lolevel irregex tcp posix suspension tweetnacl) (module webgate-utils (write-netstring read-netstring make-at-reader make-at-read-table use-at-read-table uri-encode uri-decode base64-encode base64-decode write-html) ................................................................................ (module webgate-suspend (current-suspension-key suspended send/suspend) (import scheme chicken srfi-1 srfi-4 srfi-13 srfi-18 srfi-69 data-structures extras suspension tweetnacl webgate-utils webgate-core (only posix current-user-id current-group-id current-directory)) (include "webgate-suspend.scm")) (module webgate-cgi (cgi-main-loop) (import |