Annotate

util-src/hashes.c @ 12953:ebe3b2f96cad

mod_tokenauth: Switch to new token format (invalidates existing tokens!) The new format has the following properties: - 5 bytes longer than the previous format - The token now has separate 'id' and 'secret' parts - the token itself is no longer stored in the DB, and the secret part is hashed - The only variable length field (JID) has been moved to the end - The 'secret-token:' prefix (RFC 8959) is now included Compatibility with the old token format was not maintained, and all previously issued tokens are invalid after this commit (they will be removed from the DB if used).
author Matthew Wild <mwild1@gmail.com>
date Tue, 21 Mar 2023 14:33:29 +0000
parent 12844:a3ec87ad8e48
child 12976:a187600ec7d6
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2923
b7049746bd29 Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents: 896
diff changeset
1 /* Prosody IM
b7049746bd29 Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents: 896
diff changeset
2 -- Copyright (C) 2009-2010 Matthew Wild
b7049746bd29 Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents: 896
diff changeset
3 -- Copyright (C) 2009-2010 Waqas Hussain
6615
8e4572a642cb util-src/*.c: astyle --indent=tab --brackets=attach --indent-switches --break-blocks --pad-oper --unpad-paren --add-brackets --align-pointer=type --lineend=linux
Kim Alvefur <zash@zash.se>
parents: 6413
diff changeset
4 --
766
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
5 -- This project is MIT/X11 licensed. Please see the
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
6 -- COPYING file in the source package for more information.
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
7 --
520
e96ac4bb6dd8 and the C files too
Matthew Wild <mwild1@gmail.com>
parents: 441
diff changeset
8 */
e96ac4bb6dd8 and the C files too
Matthew Wild <mwild1@gmail.com>
parents: 441
diff changeset
9
766
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
10 /*
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
11 * hashes.c
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
12 * Lua library for sha1, sha256 and md5 hashes
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
13 */
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
14
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
15 #include <string.h>
5538
62089c9c142d util.hashes, util.sasl.scram: Implement SCRAM-SHA1's Hi in C
Florian Zeitz <florob@babelmonkeys.de>
parents: 5537
diff changeset
16 #include <stdlib.h>
5576
7656b9f06bb5 util.hashes: inttypes.h not available with MS Windows SDK, use MS specific __int32 instead.
Waqas Hussain <waqas20@gmail.com>
parents: 5538
diff changeset
17
7656b9f06bb5 util.hashes: inttypes.h not available with MS Windows SDK, use MS specific __int32 instead.
Waqas Hussain <waqas20@gmail.com>
parents: 5538
diff changeset
18 #ifdef _MSC_VER
7656b9f06bb5 util.hashes: inttypes.h not available with MS Windows SDK, use MS specific __int32 instead.
Waqas Hussain <waqas20@gmail.com>
parents: 5538
diff changeset
19 typedef unsigned __int32 uint32_t;
7656b9f06bb5 util.hashes: inttypes.h not available with MS Windows SDK, use MS specific __int32 instead.
Waqas Hussain <waqas20@gmail.com>
parents: 5538
diff changeset
20 #else
5538
62089c9c142d util.hashes, util.sasl.scram: Implement SCRAM-SHA1's Hi in C
Florian Zeitz <florob@babelmonkeys.de>
parents: 5537
diff changeset
21 #include <inttypes.h>
5576
7656b9f06bb5 util.hashes: inttypes.h not available with MS Windows SDK, use MS specific __int32 instead.
Waqas Hussain <waqas20@gmail.com>
parents: 5538
diff changeset
22 #endif
766
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
23
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
24 #include "lua.h"
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
25 #include "lauxlib.h"
11541
13b84682518e util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp)
Matthew Wild <mwild1@gmail.com>
parents: 9962
diff changeset
26 #include <openssl/crypto.h>
766
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
27 #include <openssl/sha.h>
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
28 #include <openssl/md5.h>
9962
29bc3dff3419 util.hashes: Use HMAC function provided by OpenSSL (fixes #1345)
Kim Alvefur <zash@zash.se>
parents: 7889
diff changeset
29 #include <openssl/hmac.h>
9965
d8e645b4d195 util.hashes: Use PBKDF2 from libcrypto
Kim Alvefur <zash@zash.se>
parents: 9963
diff changeset
30 #include <openssl/evp.h>
12836
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
31 #include <openssl/kdf.h>
12565
2e0c7f5cd8f8 util.hashes: Return OpenSSL error messages on failure
Kim Alvefur <zash@zash.se>
parents: 12564
diff changeset
32 #include <openssl/err.h>
766
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
33
6413
a552f4170aed util-src/*.c: Add macro for compiling with Lua 5.2
Kim Alvefur <zash@zash.se>
parents: 6412
diff changeset
34
12836
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
35 /* Semi-arbitrary limit here. The actual theoretical limit
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
36 * is (255*(hash output octets)), but allocating 16KB on the
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
37 * stack when in practice we only ever request a few dozen
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
38 * bytes seems excessive.
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
39 */
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
40 #define MAX_HKDF_OUTPUT 256
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
41
10480
94cacf9fd0ae util.*.c: Add static qualifiers everywhere
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 9970
diff changeset
42 static const char *hex_tab = "0123456789abcdef";
94cacf9fd0ae util.*.c: Add static qualifiers everywhere
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents: 9970
diff changeset
43 static void toHex(const unsigned char *in, int length, unsigned char *out) {
766
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
44 int i;
6615
8e4572a642cb util-src/*.c: astyle --indent=tab --brackets=attach --indent-switches --break-blocks --pad-oper --unpad-paren --add-brackets --align-pointer=type --lineend=linux
Kim Alvefur <zash@zash.se>
parents: 6413
diff changeset
45
8e4572a642cb util-src/*.c: astyle --indent=tab --brackets=attach --indent-switches --break-blocks --pad-oper --unpad-paren --add-brackets --align-pointer=type --lineend=linux
Kim Alvefur <zash@zash.se>
parents: 6413
diff changeset
46 for(i = 0; i < length; i++) {
8e4572a642cb util-src/*.c: astyle --indent=tab --brackets=attach --indent-switches --break-blocks --pad-oper --unpad-paren --add-brackets --align-pointer=type --lineend=linux
Kim Alvefur <zash@zash.se>
parents: 6413
diff changeset
47 out[i * 2] = hex_tab[(in[i] >> 4) & 0xF];
8e4572a642cb util-src/*.c: astyle --indent=tab --brackets=attach --indent-switches --break-blocks --pad-oper --unpad-paren --add-brackets --align-pointer=type --lineend=linux
Kim Alvefur <zash@zash.se>
parents: 6413
diff changeset
48 out[i * 2 + 1] = hex_tab[(in[i]) & 0xF];
766
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
49 }
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
50 }
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
51
12559
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
52 static int Levp_hash(lua_State *L, const EVP_MD *evp) {
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
53 size_t len;
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
54 unsigned int size = EVP_MAX_MD_SIZE;
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
55 const char *s = luaL_checklstring(L, 1, &len);
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
56 int hex_out = lua_toboolean(L, 2);
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
57
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
58 unsigned char hash[EVP_MAX_MD_SIZE], result[EVP_MAX_MD_SIZE * 2];
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
59
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
60 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
61
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
62 if(ctx == NULL) {
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
63 goto fail;
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
64 }
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
65
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
66 if(!EVP_DigestInit_ex(ctx, evp, NULL)) {
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
67 goto fail;
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
68 }
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
69
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
70 if(!EVP_DigestUpdate(ctx, s, len)) {
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
71 goto fail;
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
72 }
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
73
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
74 if(!EVP_DigestFinal_ex(ctx, hash, &size)) {
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
75 goto fail;
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
76 }
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
77
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
78 EVP_MD_CTX_free(ctx);
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
79
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
80 if(hex_out) {
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
81 toHex(hash, size, result);
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
82 lua_pushlstring(L, (char *)result, size * 2);
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
83 } else {
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
84 lua_pushlstring(L, (char *)hash, size);
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
85 }
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
86
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
87 return 1;
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
88
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
89 fail:
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
90 EVP_MD_CTX_free(ctx);
12565
2e0c7f5cd8f8 util.hashes: Return OpenSSL error messages on failure
Kim Alvefur <zash@zash.se>
parents: 12564
diff changeset
91 return luaL_error(L, ERR_error_string(ERR_get_error(), NULL));
766
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
92 }
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
93
12559
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
94 static int Lsha1(lua_State *L) {
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
95 return Levp_hash(L, EVP_sha1());
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
96 }
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
97
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
98 static int Lsha224(lua_State *L) {
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
99 return Levp_hash(L, EVP_sha224());
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
100 }
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
101
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
102 static int Lsha256(lua_State *L) {
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
103 return Levp_hash(L, EVP_sha256());
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
104 }
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
105
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
106 static int Lsha384(lua_State *L) {
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
107 return Levp_hash(L, EVP_sha384());
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
108 }
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
109
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
110 static int Lsha512(lua_State *L) {
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
111 return Levp_hash(L, EVP_sha512());
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
112 }
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
113
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
114 static int Lmd5(lua_State *L) {
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
115 return Levp_hash(L, EVP_md5());
865631ebb9f2 util.hashes: Refactor hash functions to use OpenSSL EVP methods (fix #1698)
Kim Alvefur <zash@zash.se>
parents: 11562
diff changeset
116 }
766
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
117
12563
d9a4e28689eb util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents: 12562
diff changeset
118 static int Lblake2s256(lua_State *L) {
d9a4e28689eb util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents: 12562
diff changeset
119 return Levp_hash(L, EVP_blake2s256());
d9a4e28689eb util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents: 12562
diff changeset
120 }
d9a4e28689eb util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents: 12562
diff changeset
121
d9a4e28689eb util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents: 12562
diff changeset
122 static int Lblake2b512(lua_State *L) {
d9a4e28689eb util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents: 12562
diff changeset
123 return Levp_hash(L, EVP_blake2b512());
d9a4e28689eb util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents: 12562
diff changeset
124 }
d9a4e28689eb util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents: 12562
diff changeset
125
12564
36e769c64054 util.hashes: Add SHA3 bindings
Kim Alvefur <zash@zash.se>
parents: 12563
diff changeset
126 static int Lsha3_256(lua_State *L) {
36e769c64054 util.hashes: Add SHA3 bindings
Kim Alvefur <zash@zash.se>
parents: 12563
diff changeset
127 return Levp_hash(L, EVP_sha3_256());
36e769c64054 util.hashes: Add SHA3 bindings
Kim Alvefur <zash@zash.se>
parents: 12563
diff changeset
128 }
36e769c64054 util.hashes: Add SHA3 bindings
Kim Alvefur <zash@zash.se>
parents: 12563
diff changeset
129
36e769c64054 util.hashes: Add SHA3 bindings
Kim Alvefur <zash@zash.se>
parents: 12563
diff changeset
130 static int Lsha3_512(lua_State *L) {
36e769c64054 util.hashes: Add SHA3 bindings
Kim Alvefur <zash@zash.se>
parents: 12563
diff changeset
131 return Levp_hash(L, EVP_sha3_512());
36e769c64054 util.hashes: Add SHA3 bindings
Kim Alvefur <zash@zash.se>
parents: 12563
diff changeset
132 }
12563
d9a4e28689eb util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents: 12562
diff changeset
133
12560
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
134 static int Levp_hmac(lua_State *L, const EVP_MD *evp) {
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
135 unsigned char hash[EVP_MAX_MD_SIZE], result[EVP_MAX_MD_SIZE * 2];
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
136 size_t key_len, msg_len;
12568
fc6213104d78 util.hashes: Revert to HMAC() convenience function
Kim Alvefur <zash@zash.se>
parents: 12567
diff changeset
137 unsigned int out_len = EVP_MAX_MD_SIZE;
12560
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
138 const char *key = luaL_checklstring(L, 1, &key_len);
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
139 const char *msg = luaL_checklstring(L, 2, &msg_len);
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
140 const int hex_out = lua_toboolean(L, 3);
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
141
12568
fc6213104d78 util.hashes: Revert to HMAC() convenience function
Kim Alvefur <zash@zash.se>
parents: 12567
diff changeset
142 if(HMAC(evp, key, key_len, (const unsigned char*)msg, msg_len, (unsigned char*)hash, &out_len) == NULL) {
12560
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
143 goto fail;
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
144 }
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
145
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
146 if(hex_out) {
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
147 toHex(hash, out_len, result);
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
148 lua_pushlstring(L, (char *)result, out_len * 2);
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
149 } else {
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
150 lua_pushlstring(L, (char *)hash, out_len);
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
151 }
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
152
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
153 return 1;
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
154
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
155 fail:
12565
2e0c7f5cd8f8 util.hashes: Return OpenSSL error messages on failure
Kim Alvefur <zash@zash.se>
parents: 12564
diff changeset
156 return luaL_error(L, ERR_error_string(ERR_get_error(), NULL));
5537
15464633d8fb util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents: 4829
diff changeset
157 }
15464633d8fb util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents: 4829
diff changeset
158
12560
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
159 static int Lhmac_sha1(lua_State *L) {
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
160 return Levp_hmac(L, EVP_sha1());
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
161 }
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
162
12561
adfb46a3e8a7 util.hashes: Expose sha224 and sha384 HMAC functions
Kim Alvefur <zash@zash.se>
parents: 12560
diff changeset
163 static int Lhmac_sha224(lua_State *L) {
adfb46a3e8a7 util.hashes: Expose sha224 and sha384 HMAC functions
Kim Alvefur <zash@zash.se>
parents: 12560
diff changeset
164 return Levp_hmac(L, EVP_sha224());
adfb46a3e8a7 util.hashes: Expose sha224 and sha384 HMAC functions
Kim Alvefur <zash@zash.se>
parents: 12560
diff changeset
165 }
adfb46a3e8a7 util.hashes: Expose sha224 and sha384 HMAC functions
Kim Alvefur <zash@zash.se>
parents: 12560
diff changeset
166
12560
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
167 static int Lhmac_sha256(lua_State *L) {
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
168 return Levp_hmac(L, EVP_sha256());
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
169 }
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
170
12561
adfb46a3e8a7 util.hashes: Expose sha224 and sha384 HMAC functions
Kim Alvefur <zash@zash.se>
parents: 12560
diff changeset
171 static int Lhmac_sha384(lua_State *L) {
adfb46a3e8a7 util.hashes: Expose sha224 and sha384 HMAC functions
Kim Alvefur <zash@zash.se>
parents: 12560
diff changeset
172 return Levp_hmac(L, EVP_sha384());
adfb46a3e8a7 util.hashes: Expose sha224 and sha384 HMAC functions
Kim Alvefur <zash@zash.se>
parents: 12560
diff changeset
173 }
adfb46a3e8a7 util.hashes: Expose sha224 and sha384 HMAC functions
Kim Alvefur <zash@zash.se>
parents: 12560
diff changeset
174
12560
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
175 static int Lhmac_sha512(lua_State *L) {
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
176 return Levp_hmac(L, EVP_sha512());
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
177 }
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
178
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
179 static int Lhmac_md5(lua_State *L) {
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
180 return Levp_hmac(L, EVP_md5());
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
181 }
1e41dd0f8353 util.hashes: Refactor HMAC bindings (fixes #1589)
Kim Alvefur <zash@zash.se>
parents: 12559
diff changeset
182
12564
36e769c64054 util.hashes: Add SHA3 bindings
Kim Alvefur <zash@zash.se>
parents: 12563
diff changeset
183 static int Lhmac_sha3_256(lua_State *L) {
36e769c64054 util.hashes: Add SHA3 bindings
Kim Alvefur <zash@zash.se>
parents: 12563
diff changeset
184 return Levp_hmac(L, EVP_sha3_256());
36e769c64054 util.hashes: Add SHA3 bindings
Kim Alvefur <zash@zash.se>
parents: 12563
diff changeset
185 }
36e769c64054 util.hashes: Add SHA3 bindings
Kim Alvefur <zash@zash.se>
parents: 12563
diff changeset
186
36e769c64054 util.hashes: Add SHA3 bindings
Kim Alvefur <zash@zash.se>
parents: 12563
diff changeset
187 static int Lhmac_sha3_512(lua_State *L) {
36e769c64054 util.hashes: Add SHA3 bindings
Kim Alvefur <zash@zash.se>
parents: 12563
diff changeset
188 return Levp_hmac(L, EVP_sha3_512());
36e769c64054 util.hashes: Add SHA3 bindings
Kim Alvefur <zash@zash.se>
parents: 12563
diff changeset
189 }
36e769c64054 util.hashes: Add SHA3 bindings
Kim Alvefur <zash@zash.se>
parents: 12563
diff changeset
190
12563
d9a4e28689eb util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents: 12562
diff changeset
191 static int Lhmac_blake2s256(lua_State *L) {
d9a4e28689eb util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents: 12562
diff changeset
192 return Levp_hmac(L, EVP_blake2s256());
d9a4e28689eb util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents: 12562
diff changeset
193 }
d9a4e28689eb util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents: 12562
diff changeset
194
d9a4e28689eb util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents: 12562
diff changeset
195 static int Lhmac_blake2b512(lua_State *L) {
d9a4e28689eb util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents: 12562
diff changeset
196 return Levp_hmac(L, EVP_blake2b512());
d9a4e28689eb util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents: 12562
diff changeset
197 }
d9a4e28689eb util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents: 12562
diff changeset
198
5537
15464633d8fb util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents: 4829
diff changeset
199
12562
4f4d096a14cb util.hashes: Refactor PBKDF2 to deduplicate code
Kim Alvefur <zash@zash.se>
parents: 12561
diff changeset
200 static int Levp_pbkdf2(lua_State *L, const EVP_MD *evp, size_t out_len) {
4f4d096a14cb util.hashes: Refactor PBKDF2 to deduplicate code
Kim Alvefur <zash@zash.se>
parents: 12561
diff changeset
201 unsigned char out[EVP_MAX_MD_SIZE];
9970
4a43feb9ab15 Backed out changeset 61bc5c52c941
Kim Alvefur <zash@zash.se>
parents: 9969
diff changeset
202
9965
d8e645b4d195 util.hashes: Use PBKDF2 from libcrypto
Kim Alvefur <zash@zash.se>
parents: 9963
diff changeset
203 size_t pass_len, salt_len;
d8e645b4d195 util.hashes: Use PBKDF2 from libcrypto
Kim Alvefur <zash@zash.se>
parents: 9963
diff changeset
204 const char *pass = luaL_checklstring(L, 1, &pass_len);
d8e645b4d195 util.hashes: Use PBKDF2 from libcrypto
Kim Alvefur <zash@zash.se>
parents: 9963
diff changeset
205 const unsigned char *salt = (unsigned char *)luaL_checklstring(L, 2, &salt_len);
5538
62089c9c142d util.hashes, util.sasl.scram: Implement SCRAM-SHA1's Hi in C
Florian Zeitz <florob@babelmonkeys.de>
parents: 5537
diff changeset
206 const int iter = luaL_checkinteger(L, 3);
62089c9c142d util.hashes, util.sasl.scram: Implement SCRAM-SHA1's Hi in C
Florian Zeitz <florob@babelmonkeys.de>
parents: 5537
diff changeset
207
12562
4f4d096a14cb util.hashes: Refactor PBKDF2 to deduplicate code
Kim Alvefur <zash@zash.se>
parents: 12561
diff changeset
208 if(PKCS5_PBKDF2_HMAC(pass, pass_len, salt, salt_len, iter, evp, out_len, out) == 0) {
12565
2e0c7f5cd8f8 util.hashes: Return OpenSSL error messages on failure
Kim Alvefur <zash@zash.se>
parents: 12564
diff changeset
209 return luaL_error(L, ERR_error_string(ERR_get_error(), NULL));
6615
8e4572a642cb util-src/*.c: astyle --indent=tab --brackets=attach --indent-switches --break-blocks --pad-oper --unpad-paren --add-brackets --align-pointer=type --lineend=linux
Kim Alvefur <zash@zash.se>
parents: 6413
diff changeset
210 }
8e4572a642cb util-src/*.c: astyle --indent=tab --brackets=attach --indent-switches --break-blocks --pad-oper --unpad-paren --add-brackets --align-pointer=type --lineend=linux
Kim Alvefur <zash@zash.se>
parents: 6413
diff changeset
211
12562
4f4d096a14cb util.hashes: Refactor PBKDF2 to deduplicate code
Kim Alvefur <zash@zash.se>
parents: 12561
diff changeset
212 lua_pushlstring(L, (char *)out, out_len);
5538
62089c9c142d util.hashes, util.sasl.scram: Implement SCRAM-SHA1's Hi in C
Florian Zeitz <florob@babelmonkeys.de>
parents: 5537
diff changeset
213
62089c9c142d util.hashes, util.sasl.scram: Implement SCRAM-SHA1's Hi in C
Florian Zeitz <florob@babelmonkeys.de>
parents: 5537
diff changeset
214 return 1;
62089c9c142d util.hashes, util.sasl.scram: Implement SCRAM-SHA1's Hi in C
Florian Zeitz <florob@babelmonkeys.de>
parents: 5537
diff changeset
215 }
62089c9c142d util.hashes, util.sasl.scram: Implement SCRAM-SHA1's Hi in C
Florian Zeitz <florob@babelmonkeys.de>
parents: 5537
diff changeset
216
12562
4f4d096a14cb util.hashes: Refactor PBKDF2 to deduplicate code
Kim Alvefur <zash@zash.se>
parents: 12561
diff changeset
217 static int Lpbkdf2_sha1(lua_State *L) {
4f4d096a14cb util.hashes: Refactor PBKDF2 to deduplicate code
Kim Alvefur <zash@zash.se>
parents: 12561
diff changeset
218 return Levp_pbkdf2(L, EVP_sha1(), SHA_DIGEST_LENGTH);
4f4d096a14cb util.hashes: Refactor PBKDF2 to deduplicate code
Kim Alvefur <zash@zash.se>
parents: 12561
diff changeset
219 }
6615
8e4572a642cb util-src/*.c: astyle --indent=tab --brackets=attach --indent-switches --break-blocks --pad-oper --unpad-paren --add-brackets --align-pointer=type --lineend=linux
Kim Alvefur <zash@zash.se>
parents: 6413
diff changeset
220
9968
d536796a305f util.hashes: Add PBKDF2-HMAC-SHA256
Kim Alvefur <zash@zash.se>
parents: 9967
diff changeset
221 static int Lpbkdf2_sha256(lua_State *L) {
12562
4f4d096a14cb util.hashes: Refactor PBKDF2 to deduplicate code
Kim Alvefur <zash@zash.se>
parents: 12561
diff changeset
222 return Levp_pbkdf2(L, EVP_sha256(), SHA256_DIGEST_LENGTH);
5538
62089c9c142d util.hashes, util.sasl.scram: Implement SCRAM-SHA1's Hi in C
Florian Zeitz <florob@babelmonkeys.de>
parents: 5537
diff changeset
223 }
62089c9c142d util.hashes, util.sasl.scram: Implement SCRAM-SHA1's Hi in C
Florian Zeitz <florob@babelmonkeys.de>
parents: 5537
diff changeset
224
12836
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
225
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
226 /* HKDF(length, input, salt, info) */
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
227 static int Levp_hkdf(lua_State *L, const EVP_MD *evp) {
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
228 unsigned char out[MAX_HKDF_OUTPUT];
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
229
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
230 size_t input_len, salt_len, info_len;
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
231 size_t actual_out_len = luaL_checkinteger(L, 1);
12844
a3ec87ad8e48 util.hashes: Silence compiler warning about char pointer signedness
Kim Alvefur <zash@zash.se>
parents: 12836
diff changeset
232 const unsigned char *input = (unsigned char *)luaL_checklstring(L, 2, &input_len);
12836
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
233 const unsigned char *salt = (unsigned char *)luaL_optlstring(L, 3, NULL, &salt_len);
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
234 const unsigned char *info = (unsigned char *)luaL_checklstring(L, 4, &info_len);
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
235
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
236 if(actual_out_len > MAX_HKDF_OUTPUT)
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
237 return luaL_error(L, "desired output length %ul exceeds internal limit %ul", actual_out_len, MAX_HKDF_OUTPUT);
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
238
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
239 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
240
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
241 if (EVP_PKEY_derive_init(pctx) <= 0)
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
242 return luaL_error(L, ERR_error_string(ERR_get_error(), NULL));
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
243
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
244 if (EVP_PKEY_CTX_set_hkdf_md(pctx, evp) <= 0)
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
245 return luaL_error(L, ERR_error_string(ERR_get_error(), NULL));
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
246
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
247 if(salt != NULL) {
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
248 if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, salt_len) <= 0)
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
249 return luaL_error(L, ERR_error_string(ERR_get_error(), NULL));
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
250 }
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
251
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
252 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, input, input_len) <= 0)
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
253 return luaL_error(L, ERR_error_string(ERR_get_error(), NULL));
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
254
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
255 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, info, info_len) <= 0)
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
256 return luaL_error(L, ERR_error_string(ERR_get_error(), NULL));
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
257
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
258 if (EVP_PKEY_derive(pctx, out, &actual_out_len) <= 0)
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
259 return luaL_error(L, ERR_error_string(ERR_get_error(), NULL));
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
260
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
261 lua_pushlstring(L, (char *)out, actual_out_len);
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
262
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
263 return 1;
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
264 }
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
265
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
266 static int Lhkdf_sha256(lua_State *L) {
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
267 return Levp_hkdf(L, EVP_sha256());
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
268 }
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
269
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
270 static int Lhkdf_sha384(lua_State *L) {
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
271 return Levp_hkdf(L, EVP_sha384());
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
272 }
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
273
11541
13b84682518e util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp)
Matthew Wild <mwild1@gmail.com>
parents: 9962
diff changeset
274 static int Lhash_equals(lua_State *L) {
13b84682518e util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp)
Matthew Wild <mwild1@gmail.com>
parents: 9962
diff changeset
275 size_t len1, len2;
13b84682518e util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp)
Matthew Wild <mwild1@gmail.com>
parents: 9962
diff changeset
276 const char *s1 = luaL_checklstring(L, 1, &len1);
13b84682518e util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp)
Matthew Wild <mwild1@gmail.com>
parents: 9962
diff changeset
277 const char *s2 = luaL_checklstring(L, 2, &len2);
13b84682518e util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp)
Matthew Wild <mwild1@gmail.com>
parents: 9962
diff changeset
278 if(len1 == len2) {
13b84682518e util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp)
Matthew Wild <mwild1@gmail.com>
parents: 9962
diff changeset
279 lua_pushboolean(L, CRYPTO_memcmp(s1, s2, len1) == 0);
13b84682518e util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp)
Matthew Wild <mwild1@gmail.com>
parents: 9962
diff changeset
280 } else {
13b84682518e util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp)
Matthew Wild <mwild1@gmail.com>
parents: 9962
diff changeset
281 lua_pushboolean(L, 0);
13b84682518e util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp)
Matthew Wild <mwild1@gmail.com>
parents: 9962
diff changeset
282 }
13b84682518e util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp)
Matthew Wild <mwild1@gmail.com>
parents: 9962
diff changeset
283 return 1;
13b84682518e util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp)
Matthew Wild <mwild1@gmail.com>
parents: 9962
diff changeset
284 }
13b84682518e util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp)
Matthew Wild <mwild1@gmail.com>
parents: 9962
diff changeset
285
6615
8e4572a642cb util-src/*.c: astyle --indent=tab --brackets=attach --indent-switches --break-blocks --pad-oper --unpad-paren --add-brackets --align-pointer=type --lineend=linux
Kim Alvefur <zash@zash.se>
parents: 6413
diff changeset
286 static const luaL_Reg Reg[] = {
5537
15464633d8fb util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents: 4829
diff changeset
287 { "sha1", Lsha1 },
15464633d8fb util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents: 4829
diff changeset
288 { "sha224", Lsha224 },
15464633d8fb util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents: 4829
diff changeset
289 { "sha256", Lsha256 },
15464633d8fb util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents: 4829
diff changeset
290 { "sha384", Lsha384 },
15464633d8fb util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents: 4829
diff changeset
291 { "sha512", Lsha512 },
15464633d8fb util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents: 4829
diff changeset
292 { "md5", Lmd5 },
12564
36e769c64054 util.hashes: Add SHA3 bindings
Kim Alvefur <zash@zash.se>
parents: 12563
diff changeset
293 { "sha3_256", Lsha3_256 },
36e769c64054 util.hashes: Add SHA3 bindings
Kim Alvefur <zash@zash.se>
parents: 12563
diff changeset
294 { "sha3_512", Lsha3_512 },
12563
d9a4e28689eb util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents: 12562
diff changeset
295 { "blake2s256", Lblake2s256 },
d9a4e28689eb util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents: 12562
diff changeset
296 { "blake2b512", Lblake2b512 },
5537
15464633d8fb util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents: 4829
diff changeset
297 { "hmac_sha1", Lhmac_sha1 },
12561
adfb46a3e8a7 util.hashes: Expose sha224 and sha384 HMAC functions
Kim Alvefur <zash@zash.se>
parents: 12560
diff changeset
298 { "hmac_sha224", Lhmac_sha224 },
5537
15464633d8fb util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents: 4829
diff changeset
299 { "hmac_sha256", Lhmac_sha256 },
12561
adfb46a3e8a7 util.hashes: Expose sha224 and sha384 HMAC functions
Kim Alvefur <zash@zash.se>
parents: 12560
diff changeset
300 { "hmac_sha384", Lhmac_sha384 },
5537
15464633d8fb util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents: 4829
diff changeset
301 { "hmac_sha512", Lhmac_sha512 },
15464633d8fb util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents: 4829
diff changeset
302 { "hmac_md5", Lhmac_md5 },
12564
36e769c64054 util.hashes: Add SHA3 bindings
Kim Alvefur <zash@zash.se>
parents: 12563
diff changeset
303 { "hmac_sha3_256", Lhmac_sha3_256 },
36e769c64054 util.hashes: Add SHA3 bindings
Kim Alvefur <zash@zash.se>
parents: 12563
diff changeset
304 { "hmac_sha3_512", Lhmac_sha3_512 },
12563
d9a4e28689eb util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents: 12562
diff changeset
305 { "hmac_blake2s256", Lhmac_blake2s256 },
d9a4e28689eb util.hashes: Bind BLAKE2 algoritms supported by OpenSSL
Kim Alvefur <zash@zash.se>
parents: 12562
diff changeset
306 { "hmac_blake2b512", Lhmac_blake2b512 },
9967
dc9bb31cbffe util.hashes: Rename PBKDF2 function
Kim Alvefur <zash@zash.se>
parents: 9966
diff changeset
307 { "scram_Hi_sha1", Lpbkdf2_sha1 }, /* COMPAT */
dc9bb31cbffe util.hashes: Rename PBKDF2 function
Kim Alvefur <zash@zash.se>
parents: 9966
diff changeset
308 { "pbkdf2_hmac_sha1", Lpbkdf2_sha1 },
9968
d536796a305f util.hashes: Add PBKDF2-HMAC-SHA256
Kim Alvefur <zash@zash.se>
parents: 9967
diff changeset
309 { "pbkdf2_hmac_sha256", Lpbkdf2_sha256 },
12836
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
310 { "hkdf_hmac_sha256", Lhkdf_sha256 },
dbe9781fd278 util.hashes: Add HKDF-HMAC-SHA256/HKDF-HMAC-SHA384
Matthew Wild <mwild1@gmail.com>
parents: 12575
diff changeset
311 { "hkdf_hmac_sha384", Lhkdf_sha384 },
11541
13b84682518e util.hashes: Add constant-time string comparison (binding to CRYPTO_memcmp)
Matthew Wild <mwild1@gmail.com>
parents: 9962
diff changeset
312 { "equals", Lhash_equals },
5537
15464633d8fb util.hmac, util.hashes: Implement HMAC functions in C, and move to util.hashes
Florian Zeitz <florob@babelmonkeys.de>
parents: 4829
diff changeset
313 { NULL, NULL }
766
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
314 };
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
315
7889
b8d694646597 util-src/*.c: Attach pointer * to name instead of type
Kim Alvefur <zash@zash.se>
parents: 7835
diff changeset
316 LUALIB_API int luaopen_util_hashes(lua_State *L) {
7818
54669df178c2 util-src: Make C modules assert that the Lua runtime matches what it was compiled for
Kim Alvefur <zash@zash.se>
parents: 6789
diff changeset
317 luaL_checkversion(L);
6411
6c8f6364bc48 util-src/*.c: Don't create globals when loaded
Kim Alvefur <zash@zash.se>
parents: 5774
diff changeset
318 lua_newtable(L);
9957
c8cfd2a5845c util.hashes: Remove redundant semicolon
Kim Alvefur <zash@zash.se>
parents: 7889
diff changeset
319 luaL_setfuncs(L, Reg, 0);
766
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
320 lua_pushliteral(L, "-3.14");
6412
0e94f89d0e62 util-src/*.c: Use the more concise lua_setfield
Kim Alvefur <zash@zash.se>
parents: 6411
diff changeset
321 lua_setfield(L, -2, "version");
11562
0becc168f4f9 util.hashes: Expose OpenSSL version
Kim Alvefur <zash@zash.se>
parents: 11560
diff changeset
322 #ifdef OPENSSL_VERSION
0becc168f4f9 util.hashes: Expose OpenSSL version
Kim Alvefur <zash@zash.se>
parents: 11560
diff changeset
323 lua_pushstring(L, OpenSSL_version(OPENSSL_VERSION));
0becc168f4f9 util.hashes: Expose OpenSSL version
Kim Alvefur <zash@zash.se>
parents: 11560
diff changeset
324 lua_setfield(L, -2, "_LIBCRYPTO_VERSION");
0becc168f4f9 util.hashes: Expose OpenSSL version
Kim Alvefur <zash@zash.se>
parents: 11560
diff changeset
325 #endif
766
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
326 return 1;
433a5226267f Licensing/version updates for some files (forgot to commit, doh...)
Matthew Wild <mwild1@gmail.com>
parents: 520
diff changeset
327 }