Comparison

util/jwt.lua @ 12704:31a2bd84191d

util.jwt: All the algorithms (+ all the tests!) Except 'none'. Not implementing that one.
author Matthew Wild <mwild1@gmail.com>
date Sat, 02 Jul 2022 15:29:04 +0100
parent 12702:f63176781940
child 12705:008a7097fdc5
comparison
equal deleted inserted replaced
12703:5bda8598a2af 12704:31a2bd84191d
32 local function new_static_header(algorithm_name) 32 local function new_static_header(algorithm_name)
33 return b64url('{"alg":"'..algorithm_name..'","typ":"JWT"}') .. '.'; 33 return b64url('{"alg":"'..algorithm_name..'","typ":"JWT"}') .. '.';
34 end 34 end
35 35
36 -- HS*** family 36 -- HS*** family
37 local function new_hmac_algorithm(name, hmac) 37 local function new_hmac_algorithm(name)
38 local static_header = new_static_header(name); 38 local static_header = new_static_header(name);
39
40 local hmac = hashes["hmac_sha"..name:sub(-3)];
39 41
40 local function sign(key, payload) 42 local function sign(key, payload)
41 local encoded_payload = json.encode(payload); 43 local encoded_payload = json.encode(payload);
42 local signed = static_header .. b64url(encoded_payload); 44 local signed = static_header .. b64url(encoded_payload);
43 local signature = hmac(key, signed); 45 local signature = hmac(key, signed);
120 end; 122 end;
121 }; 123 };
122 end 124 end
123 125
124 -- RS***, PS*** 126 -- RS***, PS***
125 local function new_rsa_algorithm(name, c_sign, c_verify) 127 local rsa_sign_algos = { RS = "rsassa_pkcs1", PS = "rsassa_pss" };
128 local function new_rsa_algorithm(name)
129 local family, digest_bits = name:match("^(..)(...)$");
130 local c_sign = crypto[rsa_sign_algos[family].."_sha"..digest_bits.."_sign"];
131 local c_verify = crypto[rsa_sign_algos[family].."_sha"..digest_bits.."_verify"];
126 return new_crypto_algorithm(name, "rsaEncryption", c_sign, c_verify); 132 return new_crypto_algorithm(name, "rsaEncryption", c_sign, c_verify);
127 end 133 end
128 134
129 -- ES*** 135 -- ES***
130 local function new_ecdsa_algorithm(name, c_sign, c_verify) 136 local function new_ecdsa_algorithm(name, c_sign, c_verify)
138 end 144 end
139 return new_crypto_algorithm(name, "id-ecPublicKey", c_sign, c_verify, encode_ecdsa_sig, decode_ecdsa_sig); 145 return new_crypto_algorithm(name, "id-ecPublicKey", c_sign, c_verify, encode_ecdsa_sig, decode_ecdsa_sig);
140 end 146 end
141 147
142 local algorithms = { 148 local algorithms = {
143 HS256 = new_hmac_algorithm("HS256", hashes.hmac_sha256); 149 HS256 = new_hmac_algorithm("HS256"), HS384 = new_hmac_algorithm("HS384"), HS512 = new_hmac_algorithm("HS512");
144 ES256 = new_ecdsa_algorithm("ES256", crypto.ecdsa_sha256_sign, crypto.ecdsa_sha256_verify); 150 ES256 = new_ecdsa_algorithm("ES256", crypto.ecdsa_sha256_sign, crypto.ecdsa_sha256_verify);
145 RS256 = new_rsa_algorithm("RS256", crypto.rsassa_pkcs1_sha256_sign, crypto.rsassa_pkcs1_sha256_verify); 151 RS256 = new_rsa_algorithm("RS256"), RS384 = new_rsa_algorithm("RS384"), RS512 = new_rsa_algorithm("RS512");
146 PS256 = new_rsa_algorithm("PS256", crypto.rsassa_pss_sha256_sign, crypto.rsassa_pss_sha256_verify); 152 PS256 = new_rsa_algorithm("PS256"), PS384 = new_rsa_algorithm("PS384"), PS512 = new_rsa_algorithm("PS512");
147 }; 153 };
148 154
149 local function new_signer(algorithm, key_input) 155 local function new_signer(algorithm, key_input)
150 local impl = assert(algorithms[algorithm], "Unknown JWT algorithm: "..algorithm); 156 local impl = assert(algorithms[algorithm], "Unknown JWT algorithm: "..algorithm);
151 local key = (impl.load_private_key or impl.load_key)(key_input); 157 local key = (impl.load_private_key or impl.load_key)(key_input);
165 end 171 end
166 172
167 return { 173 return {
168 new_signer = new_signer; 174 new_signer = new_signer;
169 new_verifier = new_verifier; 175 new_verifier = new_verifier;
176 _algorithms = algorithms;
170 -- Deprecated 177 -- Deprecated
171 sign = algorithms.HS256.sign; 178 sign = algorithms.HS256.sign;
172 verify = algorithms.HS256.verify; 179 verify = algorithms.HS256.verify;
173 }; 180 };
174 181