Assistance with an iRule

SugarsB · ‎28-Jul-2022

Good day

I need assistance with an iRule that can read the current time, add that as a timestamp and encrypt it in the header.

Regards

Patrik_Jonsson · ‎28-Jul-2022

Interesting challenge. Try this?

when RULE_INIT {
  set static::key "fc2ed2bf490ad801c04ccd46b9d85b0c"
  set static::iv "7e2fe021d573c0eedd93c4b2704b1b3e"
}

when HTTP_REQUEST_SEND {
  set time [clock seconds]
  set encryptedtime [CRYPTO::encrypt -alg aes-128-cbc -keyhex $static::key -ivhex $static:iv $time]
  HTTP::header remove SECRETTIME
  HTTP::header insert SECRETTIME [b64encode $encryptedtime]
}

You can test it like by applying this rule to a test VIP:

when RULE_INIT {
  set static::key "fc2ed2bf490ad801c04ccd46b9d85b0c"
  set static::iv "7e2fe021d573c0eedd93c4b2704b1b3e"
}

when HTTP_REQUEST {
  set time [clock seconds]
  set encryptedtime [CRYPTO::encrypt -alg aes-128-cbc -keyhex $static::key -ivhex $static::iv $time]
  HTTP::respond 200 SECRETTIME [b64encode $encryptedtime]
}

And then test decrypting with curl and openssl:

curl -sI <ip> | grep SECRETTIME | awk '{print $2}' | openssl enc -a -d -aes-128-cbc -K fc2ed2bf490ad801c04ccd46b9d85b0c -iv 7e2fe021d573c0eedd93c4b2704b1b3e

Edit, made key + iv static to avoid being shamed by the iRules community.
Edit2: Added an example and changed to 32 bit hex key to follow the spec. F5 accepts 16 but openssl does not accept it.

Patrik_Jonsson · ‎28-Jul-2022

Forgot how fun it is to be challenged by technical questions in the Devcentral forum. Too bad coding, work and kids takes up too much time. 🤔

LiefZimmerman · ‎28-Jul-2022

I hear ya Patrik! It's hard to maintain balance. Thanks for the assist!

And @SugarsB - if this solved your problem clicking Accept as Solution will give at least one of Patrik's kids a cookie. 🍪

Cheers.

Anthony_Hynes · ‎28-Jul-2022

Thanks for helping out Patrik! We REALLY appreciate your help, support and participation! 🙂

-- Director of Community Development

DevCentral

Assistance with an iRule