Merge branch 'devel' into cipher_test

- Only a few URLs are allowed now and this _will_ break some implementations
- Print information in the log about which URL was kicked

encrypted_proxy/README.md

@@ -0,0 +1,8 @@
+The code in here should be able to help to build up some encrypting proxy.
+
+If your app uses a lot of libravatar and therefore has to do a lot of DNS
+lookups, change your app in such a way, that it encodes the mail address,
+sends it over to the proxy, which will decrypt it, do the DNS lookup and
+return the image binary.
+
+No guarantee for this code. It's untested and just provided as example.

encrypted_proxy/lib/MyCypher.php

@@ -0,0 +1,90 @@
+<?php
+
+/**
+ * Valid encryption methods AES-256-CFB 
+ * Code kindly borrowed from:
+ * https://github.com/arajapandi/php-python-encrypt-decrypt
+ * 
+ * $cypher = new MyCypher($iv);
+ * $php_encrypted      = $cypher->encrypt('test');
+ * $php_decrypted      = $cypher->decrypt($php_encrypted);
+ */
+class MyCypher {
+
+    private $key = 'asdfa923aksadsYahoasdw998sdsads';
+    private $iv = null;
+    private $method = "AES-256-CFB";
+    private $blocksize = 32;
+    private $padwith = '`';
+
+    /*
+     * construct for cypher class - get, set key and iv
+     */
+
+    function __construct($iv, $key = null) {
+
+        if (is_string($key)) {
+            $this->key = $key;
+        }
+
+        $this->iv = $iv;
+    }
+
+    /*
+     * get hased key - if key is not set on init, then default key wil be used
+     */
+
+    private function getKEY() {
+
+        if (empty($this->key)) {
+            die('Key not set!');
+        }
+
+        return substr(hash('sha256', $this->key), 0, 32);
+    }
+
+    /*
+     * get hashed IV value - if no IV values then it throw error
+     */
+
+    private function getIV() {
+
+        if (empty($this->iv)) {
+            die('IV not set!');
+        }
+
+        return substr(hash('sha256', $this->iv), 0, 16);
+    }
+
+    /*
+     * Encrypt given string using AES encryption standard
+     */
+
+    public function encrypt($secret) {
+
+        try {
+
+            $padded_secret = $secret . str_repeat($this->padwith, ($this->blocksize - strlen($secret) % $this->blocksize));
+            $encrypted_string = openssl_encrypt($padded_secret, $this->method, $this->getKEY(), OPENSSL_RAW_DATA, $this->getIV());
+            $encrypted_secret = base64_encode($encrypted_string);
+            return $encrypted_secret;
+        } catch (Exception $e) {
+            die('Error : ' . $e->getMessage());
+        }
+    }
+
+    /*
+     * Decrypt given string using AES standard
+     */
+
+    public function decrypt($secret) {
+        try {
+            $decoded_secret = base64_decode($secret);
+            $decrypted_secret = openssl_decrypt($decoded_secret, $this->method, $this->getKEY(), OPENSSL_RAW_DATA, $this->getIV());
+            return rtrim($decrypted_secret, $this->padwith);
+        } catch (Exception $e) {
+            die('Error : ' . $e->getMessage());
+        }
+    }
+
+}

encrypted_proxy/lib/MyCypher.py

@@ -0,0 +1,73 @@
+#!/usr/bin/env python2
+#encoding: UTF-8
+
+# Code kindly borrowed from:
+# https://github.com/arajapandi/php-python-encrypt-decrypt
+
+# Python Class for AES encryption
+"""
+    Example Usage
+    enc_str = cipher.encrypt('secret')
+    enc_str = cipher.decrypt(enc_str)
+    print(enc_str); #secret
+"""
+
+from Crypto.Cipher import AES
+import base64
+import hashlib
+import sys
+
+class MyCypher:
+    # Default Key for encryption
+    rawkey      = 'asdfa923aksadsYahoasdw998sdsads'
+    method      = AES.MODE_CFB
+    blocksize   = 32  # 16, 32..etc
+    padwith     = '`'.encode('utf-8') # padding value for string  
+    
+    #lambda function for padding
+    pad         = lambda self, s: s + (self.blocksize - len(s) % self.blocksize) * self.padwith
+    
+    """
+    construct for cypher class - get, set key and iv
+    """
+    def __init__(self, iv, key=''):
+        
+        if(not key): 
+            key = self.rawkey
+            
+        self.key    = key.encode('utf-8')
+        self.iv     = iv.encode('utf-8')
+    
+    """
+    get hased key - if key is not set on init, then default key wil be used
+    """
+    def getKEY(self):
+        if(not self.key):
+            sys.exit()
+            
+        return hashlib.sha256(self.key).hexdigest()[:32]
+    
+    """
+    get hashed IV value - if no IV values then it throw error
+    """
+    def getIV(self):
+        if(not self.iv):
+            sys.exit()
+            
+        self.iv = self.iv
+        return hashlib.sha256(self.iv).hexdigest()[:16]
+    
+    """
+    Encrypt given string using AES encryption standard
+    """
+    def encrypt(self, raw):
+        cipher = AES.new(self.getKEY(), self.method, self.getIV(), segment_size=128)
+        return base64.b64encode(cipher.encrypt(self.pad(raw)))
+    
+    """
+    Decrypt given string using AES standard
+    """
+    def decrypt(self, encrypted):
+        encrypted = base64.b64decode(encrypted)
+        cipher = AES.new(self.getKEY(), self.method, self.getIV(), segment_size=128)
+        return cipher.decrypt(encrypted).rstrip(self.padwith)

encrypted_proxy/proxy.py

@@ -0,0 +1,32 @@
+#!/usr/bin/env python3
+
+import urllib.request
+import sys
+import os
+from lib.MyCypher import MyCypher
+import libravatar
+
+# Both need to be the same as in your client code that encrypts the
+# mail address
+iv = 'asdf'
+key = 'Hallo123'
+
+#sys.stderr.buffer.write(b'%s' % bytes(os.environ.get("QUERY_STRING", "No Query String in url"), 'utf-8'))
+
+cypher = MyCypher(iv = iv, key = key)
+mail = cypher.decrypt(os.environ.get('QUERY_STRING').encode('utf-8')).decode('utf-8')
+
+link = libravatar.libravatar_url(mail)
+sys.stderr.buffer.write(b'%s' % bytes(link, 'utf-8'))
+
+data = None
+with urllib.request.urlopen(link) as f:
+    data = f.read()
+
+for header in f.headers._headers:
+    if header[0] == 'Content-Type':
+        sys.stdout.buffer.write(b"%s: %s\n\n" % (bytes(header[0], 'utf-8'), bytes(header[1], 'utf-8')))
+        sys.stdout.flush()
+        break
+
+sys.stdout.buffer.write(data)

encrypted_proxy/test_code/decrypt.py

@@ -0,0 +1,9 @@
+#!/usr/bin/env python
+
+from MyCypher import MyCypher
+
+encstr = bytes('drEN/LqPBu1wJYHpN5eCjZXqVgvDEP3rZnXJt85Ma0k=', 'utf-8')
+
+cypher = MyCypher(iv = str('asdf'))
+print(cypher.decrypt(encstr))
+

encrypted_proxy/test_code/encrypt.php

@@ -0,0 +1,8 @@
+<?php
+include 'lib/MyCypher.php';
+
+$iv = 'asdf';
+$key = 'Hallo123';
+$cypher = new MyCypher($iv=$iv, $key=$key);
+$php_encrypted = $cypher->encrypt('oliver@linux-kernel.at');
+print($php_encrypted);