Software /
code /
prosody
Changeset
12702:f63176781940
util.crypto: More digests for sign/verify, use macros for clarity/consistency
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Sat, 02 Jul 2022 14:59:52 +0100 |
parents | 12701:8e402a2ae1b8 |
children | 12703:5bda8598a2af |
files | util-src/crypto.c util/jwt.lua |
diffstat | 2 files changed, 42 insertions(+), 34 deletions(-) [+] |
line wrap: on
line diff
--- a/util-src/crypto.c Sat Jul 02 14:22:20 2022 +0100 +++ b/util-src/crypto.c Sat Jul 02 14:59:52 2022 +0100 @@ -201,16 +201,6 @@ return 1; } -/* ecdsa_sha256_sign(key, data) */ -static int Lecdsa_sha256_sign(lua_State *L) { - return base_evp_sign(L, NID_X9_62_id_ecPublicKey, EVP_sha256()); -} - -/* ecdsa_sha256_verify(key, data, sig) */ -static int Lecdsa_sha256_verify(lua_State *L) { - return base_evp_verify(L, NID_X9_62_id_ecPublicKey, EVP_sha256()); -} - static int push_pkey(lua_State *L, EVP_PKEY *pkey, const int type, const int privkey) { EVP_PKEY **ud = lua_newuserdata(L, sizeof(EVP_PKEY*)); *ud = pkey; @@ -292,22 +282,6 @@ return base_evp_verify(L, NID_ED25519, NULL); } -static int Lrsassa_pkcs1_256_sign(lua_State *L) { - return base_evp_sign(L, NID_rsaEncryption, EVP_sha256()); -} - -static int Lrsassa_pkcs1_256_verify(lua_State *L) { - return base_evp_verify(L, NID_rsaEncryption, EVP_sha256()); -} - -static int Lrsassa_pss_256_sign(lua_State *L) { - return base_evp_sign(L, NID_rsassaPss, EVP_sha256()); -} - -static int Lrsassa_pss_256_verify(lua_State *L) { - return base_evp_verify(L, NID_rsassaPss, EVP_sha256()); -} - /* gcm_encrypt(key, iv, plaintext) */ static int Laes_gcm_encrypt(lua_State *L, const EVP_CIPHER *cipher, const unsigned char expected_key_len) { EVP_CIPHER_CTX *ctx; @@ -529,22 +503,56 @@ return 1; } +#define REG_SIGN_VERIFY(algorithm, digest) \ + { #algorithm "_" #digest "_sign", L ## algorithm ## _ ## digest ## _sign },\ + { #algorithm "_" #digest "_verify", L ## algorithm ## _ ## digest ## _verify }, + +#define IMPL_SIGN_VERIFY(algorithm, key_type, digest) \ + static int L ## algorithm ## _ ## digest ## _sign(lua_State *L) { \ + return base_evp_sign(L, key_type, EVP_ ## digest()); \ + } \ + static int L ## algorithm ## _ ## digest ## _verify(lua_State *L) { \ + return base_evp_verify(L, key_type, EVP_ ## digest()); \ + } + +IMPL_SIGN_VERIFY(ecdsa, NID_X9_62_id_ecPublicKey, sha256) +IMPL_SIGN_VERIFY(ecdsa, NID_X9_62_id_ecPublicKey, sha384) +IMPL_SIGN_VERIFY(ecdsa, NID_X9_62_id_ecPublicKey, sha512) + +IMPL_SIGN_VERIFY(rsassa_pkcs1, NID_rsaEncryption, sha256) +IMPL_SIGN_VERIFY(rsassa_pkcs1, NID_rsaEncryption, sha384) +IMPL_SIGN_VERIFY(rsassa_pkcs1, NID_rsaEncryption, sha512) + +IMPL_SIGN_VERIFY(rsassa_pss, NID_rsassaPss, sha256) +IMPL_SIGN_VERIFY(rsassa_pss, NID_rsassaPss, sha384) +IMPL_SIGN_VERIFY(rsassa_pss, NID_rsassaPss, sha512) + static const luaL_Reg Reg[] = { { "ed25519_sign", Led25519_sign }, { "ed25519_verify", Led25519_verify }, - { "rsassa_pkcs1_256_sign", Lrsassa_pkcs1_256_sign }, - { "rsassa_pkcs1_256_verify", Lrsassa_pkcs1_256_verify }, - { "rsassa_pss_256_sign", Lrsassa_pss_256_sign }, - { "rsassa_pss_256_verify", Lrsassa_pss_256_verify }, + + REG_SIGN_VERIFY(ecdsa, sha256) + REG_SIGN_VERIFY(ecdsa, sha384) + REG_SIGN_VERIFY(ecdsa, sha512) + + REG_SIGN_VERIFY(rsassa_pkcs1, sha256) + REG_SIGN_VERIFY(rsassa_pkcs1, sha384) + REG_SIGN_VERIFY(rsassa_pkcs1, sha512) + + REG_SIGN_VERIFY(rsassa_pss, sha256) + REG_SIGN_VERIFY(rsassa_pss, sha384) + REG_SIGN_VERIFY(rsassa_pss, sha512) + { "aes_128_gcm_encrypt", Laes_128_gcm_encrypt }, { "aes_128_gcm_decrypt", Laes_128_gcm_decrypt }, { "aes_256_gcm_encrypt", Laes_256_gcm_encrypt }, { "aes_256_gcm_decrypt", Laes_256_gcm_decrypt }, - { "ecdsa_sha256_sign", Lecdsa_sha256_sign }, - { "ecdsa_sha256_verify", Lecdsa_sha256_verify }, + { "generate_ed25519_keypair", Lgenerate_ed25519_keypair }, + { "import_private_pem", Limport_private_pem }, { "import_public_pem", Limport_public_pem }, + { "parse_ecdsa_signature", Lparse_ecdsa_signature }, { "build_ecdsa_signature", Lbuild_ecdsa_signature }, { NULL, NULL }
--- a/util/jwt.lua Sat Jul 02 14:22:20 2022 +0100 +++ b/util/jwt.lua Sat Jul 02 14:59:52 2022 +0100 @@ -142,8 +142,8 @@ local algorithms = { HS256 = new_hmac_algorithm("HS256", hashes.hmac_sha256); ES256 = new_ecdsa_algorithm("ES256", crypto.ecdsa_sha256_sign, crypto.ecdsa_sha256_verify); - RS256 = new_rsa_algorithm("RS256", crypto.rsassa_pkcs1_256_sign, crypto.rsassa_pkcs1_256_verify); - PS256 = new_rsa_algorithm("PS256", crypto.rsassa_pss_256_sign, crypto.rsassa_pss_256_verify); + RS256 = new_rsa_algorithm("RS256", crypto.rsassa_pkcs1_sha256_sign, crypto.rsassa_pkcs1_sha256_verify); + PS256 = new_rsa_algorithm("PS256", crypto.rsassa_pss_sha256_sign, crypto.rsassa_pss_sha256_verify); }; local function new_signer(algorithm, key_input)