An IV should be generated for each encryption

We now have the ability to decide if the IV is communicated to the client in a non forgeable manner or we only keep it on the server side.

Closes #2

Author: rcosnita

src/ngx_http_encrypted_session_cipher.c

@@ -12,6 +12,7 @@
 
 #include "ngx_http_encrypted_session_cipher.h"
 #include <openssl/evp.h>
+#include <openssl/hmac.h>
 #include <openssl/md5.h>
 #include <stdint.h>
 
@@ -291,3 +292,21 @@ ngx_http_encrypted_session_htonll(uint64_t n)
            + htonl((unsigned long) (n >> 32));
 #endif
 }
+
+unsigned char*
+ngx_http_encrypted_session_hmac(ngx_pool_t *pool,
+    const u_char *key, size_t key_len,
+    const u_char *data, size_t data_len, u_char **dst, size_t *dst_len)
+{
+    u_char *result = NULL;
+    u_char *input = ngx_pcalloc(pool, data_len + 1);
+    ngx_memcpy(input, data, data_len);
+
+    unsigned int len;
+    result = HMAC(EVP_sha256(), key, key_len, input, data_len, result, &len);
+    *dst_len = len;
+    *dst = (u_char*)ngx_pcalloc(pool, len + 1);
+    ngx_memcpy(*dst, result, len);
+
+    return *dst;
+}

src/ngx_http_encrypted_session_cipher.h

@@ -5,6 +5,7 @@
 #include <ngx_core.h>
 #include <ngx_http.h>
 #include <openssl/evp.h>
+#include <openssl/hmac.h>
 
 
 typedef int (*cipher_ctx_reset_handle) (EVP_CIPHER_CTX *ctx);
@@ -34,6 +35,10 @@ ngx_int_t ngx_http_encrypted_session_aes_mac_decrypt(
         size_t key_len, const u_char *in, size_t in_len, u_char **dst,
         size_t *dst_len);
 
+unsigned char* ngx_http_encrypted_session_hmac(
+    ngx_pool_t *pool,
+    const u_char *key, size_t key_len,
+    const u_char *data, size_t data_len, u_char **dst, size_t *dst_len);
 
 #endif /* NGX_HTTP_ENCRYPTED_SESSION_CIPHER_H */