From 5bcab797b6527074b2b983cdb431a9583da9fe2f Mon Sep 17 00:00:00 2001 From: Aapo Talvensaari Date: Tue, 29 Oct 2019 13:33:43 +0200 Subject: [PATCH] chore(*) release 1.0 (#26) --- .luacheckrc | 2 + Changes.md | 7 +- LICENSE | 2 +- Makefile | 4 + README.md | 1483 ++++++++++---------- lib/resty/nettle.lua | 107 +- lib/resty/nettle/aead.lua | 31 - lib/resty/nettle/aes.lua | 727 +++++----- lib/resty/nettle/arcfour.lua | 69 +- lib/resty/nettle/asn1.lua | 197 --- lib/resty/nettle/base16.lua | 122 +- lib/resty/nettle/base64.lua | 213 ++- lib/resty/nettle/blowfish.lua | 71 +- lib/resty/nettle/buffer.lua | 31 - lib/resty/nettle/camellia.lua | 259 ++-- lib/resty/nettle/cast128.lua | 81 +- lib/resty/nettle/chacha-poly1305.lua | 98 +- lib/resty/nettle/chacha.lua | 79 +- lib/resty/nettle/cipher.lua | 27 - lib/resty/nettle/cmac.lua | 82 ++ lib/resty/nettle/curve25519.lua | 32 +- lib/resty/nettle/des.lua | 275 ++-- lib/resty/nettle/dsa.lua | 73 +- lib/resty/nettle/ecc.lua | 175 ++- lib/resty/nettle/ecdsa.lua | 60 +- lib/resty/nettle/ed25519-sha512.lua | 71 +- lib/resty/nettle/eddsa.lua | 2 + lib/resty/nettle/gmp.lua | 81 +- lib/resty/nettle/gosthash94.lua | 52 +- lib/resty/nettle/hash.lua | 25 - lib/resty/nettle/hmac.lua | 250 ++-- lib/resty/nettle/hogweed.lua | 81 +- lib/resty/nettle/knuth-lfib.lua | 57 +- lib/resty/nettle/library.lua | 92 +- lib/resty/nettle/md2.lua | 52 +- lib/resty/nettle/md4.lua | 52 +- lib/resty/nettle/md5.lua | 48 +- lib/resty/nettle/mpz.lua | 99 +- lib/resty/nettle/padding.lua | 11 + lib/resty/nettle/padding/ansix923.lua | 72 +- lib/resty/nettle/padding/base64.lua | 32 +- lib/resty/nettle/padding/iso10126.lua | 63 +- lib/resty/nettle/padding/iso7816-4.lua | 64 +- lib/resty/nettle/padding/nopadding.lua | 8 +- lib/resty/nettle/padding/pkcs7.lua | 72 +- lib/resty/nettle/padding/spacepadding.lua | 64 +- lib/resty/nettle/padding/zeropadding.lua | 64 +- lib/resty/nettle/pbkdf2.lua | 29 +- lib/resty/nettle/poly1305.lua | 60 +- lib/resty/nettle/random.lua | 32 + lib/resty/nettle/rc4.lua | 1 + lib/resty/nettle/ripemd160.lua | 48 +- lib/resty/nettle/rsa.lua | 582 ++++---- lib/resty/nettle/salsa20.lua | 118 +- lib/resty/nettle/serpent.lua | 87 +- lib/resty/nettle/sha1.lua | 49 +- lib/resty/nettle/sha2.lua | 195 ++- lib/resty/nettle/sha3.lua | 181 +-- lib/resty/nettle/twofish.lua | 406 +++--- lib/resty/nettle/types/aead.lua | 24 - lib/resty/nettle/types/aes.lua | 127 +- lib/resty/nettle/types/arcfour.lua | 24 + lib/resty/nettle/types/asn1.lua | 47 - lib/resty/nettle/types/base16.lua | 38 + lib/resty/nettle/types/base64.lua | 70 + lib/resty/nettle/types/blowfish.lua | 26 + lib/resty/nettle/types/buffer.lua | 13 - lib/resty/nettle/types/camellia.lua | 77 +- lib/resty/nettle/types/cast128.lua | 29 + lib/resty/nettle/types/cbc.lua | 19 +- lib/resty/nettle/types/ccm.lua | 181 ++- lib/resty/nettle/types/cfb.lua | 30 + lib/resty/nettle/types/chacha-poly1305.lua | 43 + lib/resty/nettle/types/chacha.lua | 25 +- lib/resty/nettle/types/cipher.lua | 18 - lib/resty/nettle/types/cmac.lua | 51 + lib/resty/nettle/types/common.lua | 30 + lib/resty/nettle/types/ctr.lua | 12 +- lib/resty/nettle/types/curve25519.lua | 10 + lib/resty/nettle/types/des.lua | 52 +- lib/resty/nettle/types/dsa.lua | 118 +- lib/resty/nettle/types/eax.lua | 83 +- lib/resty/nettle/types/ecc.lua | 69 +- lib/resty/nettle/types/ecdsa.lua | 23 + lib/resty/nettle/types/ed25519-sha512.lua | 18 + lib/resty/nettle/types/gcm.lua | 204 ++- lib/resty/nettle/types/gosthash94.lua | 23 + lib/resty/nettle/types/hash.lua | 18 - lib/resty/nettle/types/hmac.lua | 141 ++ lib/resty/nettle/types/knuth-lfib.lua | 25 + lib/resty/nettle/types/md2.lua | 26 + lib/resty/nettle/types/md4.lua | 26 + lib/resty/nettle/types/md5.lua | 29 +- lib/resty/nettle/types/mpz.lua | 24 +- lib/resty/nettle/types/nettle-types.lua | 35 + lib/resty/nettle/types/pbkdf2.lua | 16 + lib/resty/nettle/types/poly1305.lua | 36 +- lib/resty/nettle/types/ripemd160.lua | 27 +- lib/resty/nettle/types/rsa.lua | 318 ++++- lib/resty/nettle/types/salsa20.lua | 33 + lib/resty/nettle/types/serpent.lua | 33 + lib/resty/nettle/types/sha1.lua | 27 +- lib/resty/nettle/types/sha2.lua | 82 +- lib/resty/nettle/types/sha3.lua | 90 ++ lib/resty/nettle/types/twofish.lua | 34 + lib/resty/nettle/types/umac.lua | 133 ++ lib/resty/nettle/types/version.lua | 10 + lib/resty/nettle/types/xts.lua | 66 + lib/resty/nettle/types/yarrow.lua | 48 + lib/resty/nettle/umac.lua | 242 ++-- lib/resty/nettle/version.lua | 19 +- lib/resty/nettle/yarrow.lua | 114 +- lua-resty-nettle-dev-1.rockspec | 178 ++- 113 files changed, 6127 insertions(+), 4694 deletions(-) create mode 100644 .luacheckrc create mode 100644 Makefile delete mode 100644 lib/resty/nettle/aead.lua delete mode 100644 lib/resty/nettle/asn1.lua delete mode 100644 lib/resty/nettle/buffer.lua delete mode 100644 lib/resty/nettle/cipher.lua create mode 100644 lib/resty/nettle/cmac.lua create mode 100644 lib/resty/nettle/eddsa.lua delete mode 100644 lib/resty/nettle/hash.lua create mode 100644 lib/resty/nettle/padding.lua create mode 100644 lib/resty/nettle/random.lua create mode 100644 lib/resty/nettle/rc4.lua delete mode 100644 lib/resty/nettle/types/aead.lua create mode 100644 lib/resty/nettle/types/arcfour.lua delete mode 100644 lib/resty/nettle/types/asn1.lua create mode 100644 lib/resty/nettle/types/base16.lua create mode 100644 lib/resty/nettle/types/base64.lua create mode 100644 lib/resty/nettle/types/blowfish.lua delete mode 100644 lib/resty/nettle/types/buffer.lua create mode 100644 lib/resty/nettle/types/cast128.lua create mode 100644 lib/resty/nettle/types/cfb.lua create mode 100644 lib/resty/nettle/types/chacha-poly1305.lua delete mode 100644 lib/resty/nettle/types/cipher.lua create mode 100644 lib/resty/nettle/types/cmac.lua create mode 100644 lib/resty/nettle/types/common.lua create mode 100644 lib/resty/nettle/types/curve25519.lua create mode 100644 lib/resty/nettle/types/ecdsa.lua create mode 100644 lib/resty/nettle/types/ed25519-sha512.lua create mode 100644 lib/resty/nettle/types/gosthash94.lua delete mode 100644 lib/resty/nettle/types/hash.lua create mode 100644 lib/resty/nettle/types/hmac.lua create mode 100644 lib/resty/nettle/types/knuth-lfib.lua create mode 100644 lib/resty/nettle/types/md2.lua create mode 100644 lib/resty/nettle/types/md4.lua create mode 100644 lib/resty/nettle/types/nettle-types.lua create mode 100644 lib/resty/nettle/types/pbkdf2.lua create mode 100644 lib/resty/nettle/types/salsa20.lua create mode 100644 lib/resty/nettle/types/serpent.lua create mode 100644 lib/resty/nettle/types/sha3.lua create mode 100644 lib/resty/nettle/types/twofish.lua create mode 100644 lib/resty/nettle/types/umac.lua create mode 100644 lib/resty/nettle/types/version.lua create mode 100644 lib/resty/nettle/types/xts.lua create mode 100644 lib/resty/nettle/types/yarrow.lua diff --git a/.luacheckrc b/.luacheckrc new file mode 100644 index 0000000..5e28250 --- /dev/null +++ b/.luacheckrc @@ -0,0 +1,2 @@ +std = "ngx_lua" + diff --git a/Changes.md b/Changes.md index 2d0c44e..b0d1ae9 100644 --- a/Changes.md +++ b/Changes.md @@ -2,7 +2,12 @@ All notable changes to `lua-resty-nettle` will be documented in this file. -## [0.104] - 2017-09-29 +## [1.0] - 2019-10-28 +### Everything +- Huge refactoring. A lot of new stuff. From this on, I will keep better changelog, ;-). + + +## [0.105] - 2017-09-29 ### Fixed - Hogweed library loading (copy paste bug, sorry) diff --git a/LICENSE b/LICENSE index 63811d2..ff37876 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2014 - 2017, Aapo Talvensaari +Copyright (c) 2014 - 2019, Aapo Talvensaari All rights reserved. Redistribution and use in source and binary forms, with or without modification, diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..9d80593 --- /dev/null +++ b/Makefile @@ -0,0 +1,4 @@ +.PHONY: lint + +lint: + @luacheck -q ./lib diff --git a/README.md b/README.md index d93fd25..bf9ed8a 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,16 @@ LuaJIT FFI bindings for [Nettle](http://www.lysator.liu.se/~nisse/nettle/nettle.html) (a low-level cryptographic library) +## Requirements + +The bindings require `libnettle`, and in some cases also `libhogweed` (comes with `libnettle`) and `gmp`. +Supported Nettle versions are 3.4.x and 3.5.x. Nettle can be downloaded from here: +[www.lysator.liu.se/~nisse/nettle/](https://www.lysator.liu.se/~nisse/nettle/). + +Bindings are tested with Linux and macOS on x64 architecture, but I don't see any reason why they wouldn't work +with other platforms and architectures. + + ## Synopsis ```lua @@ -14,838 +24,802 @@ local ipairs = ipairs local concat = table.concat local function hex(str,spacer) - return (gsub(str,"(.)", function (c) - return format("%02X%s", byte(c), spacer or "") - end)) + return (gsub(str,"(.)", function (c) + return format("%02X%s", byte(c), spacer or "") + end)) end do - local md2 = require "resty.nettle.md2" - print("md2 ", #md2(""), hex(md2(""))) - local hash = md2.new() - hash:update("") - print("md2 ", #hash:digest(), hex(hash:digest())) + local md2 = require "resty.nettle.md2" + print("md2 ", #md2(""), hex(md2(""))) + local hash = md2.new() + hash:update("") + print("md2 ", #hash:digest(), hex(hash:digest())) end do - local md4 = require "resty.nettle.md4" - print("md4 ", #md4(""), hex(md4(""))) - local hash = md4.new() - hash:update("") - print("md4 ", #hash:digest(), hex(hash:digest())) + local md4 = require "resty.nettle.md4" + print("md4 ", #md4(""), hex(md4(""))) + local hash = md4.new() + hash:update("") + print("md4 ", #hash:digest(), hex(hash:digest())) end do - local md5 = require "resty.nettle.md5" - print("md5 ", #md5(""), hex(md5(""))) - local hash = md5.new() - hash:update("") - print("md5 ", #hash:digest(), hex(hash:digest())) + local md5 = require "resty.nettle.md5" + print("md5 ", #md5(""), hex(md5(""))) + local hash = md5.new() + hash:update("") + print("md5 ", #hash:digest(), hex(hash:digest())) end do - local ripemd160 = require "resty.nettle.ripemd160" - local hash = ripemd160.new() - hash:update("") - print("ripemd160", #hash:digest(), hex(hash:digest())) + local ripemd160 = require "resty.nettle.ripemd160" + local hash = ripemd160.new() + hash:update("") + print("ripemd160", #hash:digest(), hex(hash:digest())) end do - local gosthash94 = require "resty.nettle.gosthash94" - local hash = gosthash94.new() - hash:update("") - print("gosthash94", #hash:digest(), hex(hash:digest())) + local gosthash94 = require "resty.nettle.gosthash94" + local hash = gosthash94.new() + hash:update("") + print("gosthash94", #hash:digest(), hex(hash:digest())) end do - local sha1 = require "resty.nettle.sha1" - print("sha1 ", #sha1(""), hex(sha1(""))) - local hash = sha1.new() - hash:update("") - print("sha1 ", #hash:digest(), hex(hash:digest())) + local sha1 = require "resty.nettle.sha1" + print("sha1 ", #sha1(""), hex(sha1(""))) + local hash = sha1.new() + hash:update("") + print("sha1 ", #hash:digest(), hex(hash:digest())) end do - local sha2 = require "resty.nettle.sha2" - - local hash = sha2.sha224.new() - hash:update("") - print("sha224 ", #hash:digest(), hex(hash:digest())) - print("sha224 ", #sha2.sha224(""), hex(sha2.sha224(""))) - - local hash = sha2.sha256.new() - hash:update("") - print("sha256 ", #hash:digest(), hex(hash:digest())) - print("sha256 ", #sha2.sha256(""), hex(sha2.sha256(""))) - - local hash = sha2.sha384.new() - hash:update("") - print("sha384 ", #hash:digest(), hex(hash:digest())) - print("sha384 ", #sha2.sha384(""), hex(sha2.sha384(""))) - - local hash = sha2.sha512.new() - hash:update("") - print("sha512 ", #hash:digest(), hex(hash:digest())) - print("sha512 ", #sha2.sha512(""), hex(sha2.sha512(""))) - - local hash = sha2.sha512_224.new() - hash:update("") - print("sha512_224", #hash:digest(), hex(hash:digest())) - print("sha512_224", #sha2.sha512_224(""), hex(sha2.sha512_224(""))) - - local hash = sha2.sha512_256.new() - hash:update("") - print("sha512_256", #hash:digest(), hex(hash:digest())) - print("sha512_256", #sha2.sha512_256(""), hex(sha2.sha512_256(""))) + local sha2 = require "resty.nettle.sha2" + + local hash = sha2.sha224.new() + hash:update("") + print("sha224 ", #hash:digest(), hex(hash:digest())) + print("sha224 ", #sha2.sha224(""), hex(sha2.sha224(""))) + + local hash = sha2.sha256.new() + hash:update("") + print("sha256 ", #hash:digest(), hex(hash:digest())) + print("sha256 ", #sha2.sha256(""), hex(sha2.sha256(""))) + + local hash = sha2.sha384.new() + hash:update("") + print("sha384 ", #hash:digest(), hex(hash:digest())) + print("sha384 ", #sha2.sha384(""), hex(sha2.sha384(""))) + + local hash = sha2.sha512.new() + hash:update("") + print("sha512 ", #hash:digest(), hex(hash:digest())) + print("sha512 ", #sha2.sha512(""), hex(sha2.sha512(""))) + + local hash = sha2.sha512_224.new() + hash:update("") + print("sha512_224", #hash:digest(), hex(hash:digest())) + print("sha512_224", #sha2.sha512_224(""), hex(sha2.sha512_224(""))) + + local hash = sha2.sha512_256.new() + hash:update("") + print("sha512_256", #hash:digest(), hex(hash:digest())) + print("sha512_256", #sha2.sha512_256(""), hex(sha2.sha512_256(""))) end do - local sha3 = require "resty.nettle.sha3" + local sha3 = require "resty.nettle.sha3" - local hash = sha3.sha224.new() - hash:update("") - print("sha3 224", #hash:digest(), hex(hash:digest())) + local hash = sha3.sha224.new() + hash:update("") + print("sha3 224", #hash:digest(), hex(hash:digest())) - local hash = sha3.sha256.new() - hash:update("") - print("sha3 256", #hash:digest(), hex(hash:digest())) + local hash = sha3.sha256.new() + hash:update("") + print("sha3 256", #hash:digest(), hex(hash:digest())) - local hash = sha3.sha384.new() - hash:update("") - print("sha3 384", #hash:digest(), hex(hash:digest())) + local hash = sha3.sha384.new() + hash:update("") + print("sha3 384", #hash:digest(), hex(hash:digest())) - local hash = sha3.sha512.new() - hash:update("") - print("sha3 512", #hash:digest(), hex(hash:digest())) + local hash = sha3.sha512.new() + hash:update("") + print("sha3 512", #hash:digest(), hex(hash:digest())) end do - local hmac = require "resty.nettle.hmac" - print("hmac md5", #hmac("md5", "a", "a"), hex(hmac("md5", "a", "a"))) - print("hmac md5", #hmac.md5("a", "a"), hex(hmac.md5("a", "a"))) - local hash = hmac.md5.new("a") - hash:update("a") - local dgst = hash:digest() - print("hmac md5", #dgst, hex(dgst)) - - local hash = hmac.ripemd160.new("a") - hash:update("a") - local dgst = hash:digest() - print("hmac ripemd160", #dgst, hex(dgst)) - - local hash = hmac.sha1.new("a") - hash:update("a") - local dgst = hash:digest() - print("hmac sha1", #dgst, hex(dgst)) - - local hash = hmac.sha224.new("a") - hash:update("a") - local dgst = hash:digest() - print("hmac sha224", #dgst, hex(dgst)) - - local hash = hmac.sha256.new("a") - hash:update("a") - local dgst = hash:digest() - print("hmac sha256", #dgst, hex(dgst)) - - local hash = hmac.sha384.new("a") - hash:update("a") - local dgst = hash:digest() - print("hmac sha384", #dgst, hex(dgst)) - - local hash = hmac.sha512.new("a") - hash:update("a") - local dgst = hash:digest() - print("hmac sha512", #dgst, hex(dgst)) + local hmac = require "resty.nettle.hmac" + print("hmac md5", #hmac("md5", "a", "a"), hex(hmac("md5", "a", "a"))) + print("hmac md5", #hmac.md5("a", "a"), hex(hmac.md5("a", "a"))) + local hash = hmac.md5.new("a") + hash:update("a") + local dgst = hash:digest() + print("hmac md5", #dgst, hex(dgst)) + + local hash = hmac.ripemd160.new("a") + hash:update("a") + local dgst = hash:digest() + print("hmac ripemd160", #dgst, hex(dgst)) + + local hash = hmac.sha1.new("a") + hash:update("a") + local dgst = hash:digest() + print("hmac sha1", #dgst, hex(dgst)) + + local hash = hmac.sha224.new("a") + hash:update("a") + local dgst = hash:digest() + print("hmac sha224", #dgst, hex(dgst)) + + local hash = hmac.sha256.new("a") + hash:update("a") + local dgst = hash:digest() + print("hmac sha256", #dgst, hex(dgst)) + + local hash = hmac.sha384.new("a") + hash:update("a") + local dgst = hash:digest() + print("hmac sha384", #dgst, hex(dgst)) + + local hash = hmac.sha512.new("a") + hash:update("a") + local dgst = hash:digest() + print("hmac sha512", #dgst, hex(dgst)) end do - local umac = require "resty.nettle.umac" - local hash = umac.umac32.new("umac32") - hash:update("") - local dgst = hash:digest() - print("umac32 ", #dgst, hex(dgst)) - - local hash = umac.umac64.new("umac64") - hash:update("") - local dgst = hash:digest() - print("umac64 ", #dgst, hex(dgst)) - - local hash = umac.umac96.new("umac96") - hash:update("") - local dgst = hash:digest() - print("umac96 ", #dgst, hex(dgst)) - - local hash = umac.umac128.new("umac128") - hash:update("") - local dgst = hash:digest() - print("umac128 ", #dgst, hex(dgst)) + local umac = require "resty.nettle.umac" + local hash = umac.umac32.new("umac32") + hash:update("") + local dgst = hash:digest() + print("umac32 ", #dgst, hex(dgst)) + + local hash = umac.umac64.new("umac64") + hash:update("") + local dgst = hash:digest() + print("umac64 ", #dgst, hex(dgst)) + + local hash = umac.umac96.new("umac96") + hash:update("") + local dgst = hash:digest() + print("umac96 ", #dgst, hex(dgst)) + + local hash = umac.umac128.new("umac128") + hash:update("") + local dgst = hash:digest() + print("umac128 ", #dgst, hex(dgst)) end do - local poly = require "resty.nettle.poly1305" - local hash = poly.new("poly") - hash:update("") - local dgst = hash:digest() - print("poly1305 ", #dgst, hex(dgst)) + local poly = require "resty.nettle.poly1305" + local hash = poly.new("poly") + hash:update("") + local dgst = hash:digest() + print("poly1305 ", #dgst, hex(dgst)) end do - local pbkdf2 = require "resty.nettle.pbkdf2" - local hmac = pbkdf2.hmac_sha1("password", 1, "salt", 20) - print("pbkdf2 sha1", #hmac, hex(hmac)) - local hmac = pbkdf2.hmac_sha256("pass\0word", 4096, "sa\0lt", 32) - print("pbkdf2 sha256", #hmac, hex(hmac)) + local pbkdf2 = require "resty.nettle.pbkdf2" + local hmac = pbkdf2.hmac_sha1("password", 1, "salt", 20) + print("pbkdf2 sha1", #hmac, hex(hmac)) + local hmac = pbkdf2.hmac_sha256("pass\0word", 4096, "sa\0lt", 32) + print("pbkdf2 sha256", #hmac, hex(hmac)) end print() do - local aes = require "resty.nettle.aes" - local aes128 = aes.new("testtesttesttest") - local ciphertext = aes128:encrypt("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") - print("aes128 encrypt", #ciphertext, hex(ciphertext)) - local aes128 = aes.new("testtesttesttest") - local plaintext = aes128:decrypt(ciphertext) - print("aes128 decrypt", #plaintext, plaintext) - - print() - - local aes128 = aes.new("testtesttesttest", "cbc", "testtesttesttest") - local ciphertext = aes128:encrypt("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") - print("aes128 cbc enc", #ciphertext, hex(ciphertext)) - local aes128 = aes.new("testtesttesttest", "cbc", "testtesttesttest") - local plaintext = aes128:decrypt(ciphertext) - print("aes128 cbc dec", #plaintext, plaintext) - - print() - - local aes128 = aes.new("testtesttesttest", "ctr", "testtesttesttest") - local ciphertext = aes128:encrypt("a") - print("aes128 ctr enc", #ciphertext, hex(ciphertext)) - local aes128 = aes.new("testtesttesttest", "ctr", "testtesttesttest") - local plaintext = aes128:decrypt(ciphertext) - print("aes128 ctr dec", #plaintext, plaintext) - - print() - - local aes128 = aes.new("testtesttesttest", "eax", "testtesttest") - local ciphertext, digest = aes128:encrypt("a") - print("aes128 eax enc", #ciphertext, hex(ciphertext)) - print("aes128 eax dgst", #digest, hex(digest)) - local aes128 = aes.new("testtesttesttest", "eax", "testtesttest") - local plaintext, digest = aes128:decrypt(ciphertext) - print("aes128 eax dec", #plaintext, plaintext) - print("aes128 eax dgst", #digest, hex(digest)) - - print() - - local aes128 = aes.new("testtesttesttest", "gcm", "testtesttest") - local ciphertext, digest = aes128:encrypt("a") - print("aes128 gcm enc", #ciphertext, hex(ciphertext)) - print("aes128 gcm dgst", #digest, hex(digest)) - local aes128 = aes.new("testtesttesttest", "gcm", "testtesttest") - local plaintext, digest = aes128:decrypt(ciphertext) - print("aes128 gcm dec", #plaintext, plaintext) - print("aes128 gcm dgst", #digest, hex(digest)) - - print() - - local aes128 = aes.new("testtesttesttest", "ccm", "testtesttest") - local ciphertext, digest = aes128:encrypt("a") - print("aes128 ccm enc", #ciphertext, hex(ciphertext)) - print("aes128 ccm dgst", #digest, hex(digest)) - local aes128 = aes.new("testtesttesttest", "ccm", "testtesttest") - local plaintext, digest = aes128:decrypt(ciphertext) - print("aes128 ccm dec", #plaintext, plaintext) - print("aes128 ccm dgst", #digest, hex(digest)) - - print() - - local aes192 = aes.new("testtesttesttesttesttest") - local ciphertext = aes192:encrypt("a") - print("aes192 encrypt", #ciphertext, hex(ciphertext)) - local aes192 = aes.new("testtesttesttesttesttest") - local plaintext = aes192:decrypt(ciphertext) - print("aes192 decrypt", #plaintext, plaintext) - - print() - - local aes192 = aes.new("testtesttesttesttesttest", "cbc", "testtesttesttest") - local ciphertext = aes192:encrypt("a") - print("aes192 cbc enc", #ciphertext, hex(ciphertext)) - local aes192 = aes.new("testtesttesttesttesttest", "cbc", "testtesttesttest") - local plaintext = aes192:decrypt(ciphertext) - print("aes192 cbc dec", #plaintext, plaintext) - - print() - - local aes192 = aes.new("testtesttesttesttesttest", "ctr", "testtesttesttest") - local ciphertext = aes192:encrypt("a") - print("aes192 ctr enc", #ciphertext, hex(ciphertext)) - local aes192 = aes.new("testtesttesttesttesttest", "ctr", "testtesttesttest") - local plaintext = aes192:decrypt(ciphertext) - print("aes192 ctr dec", #plaintext, plaintext) - - print() - - local aes192 = aes.new("testtesttesttesttesttest", "gcm", "testtesttest") - local ciphertext, digest = aes192:encrypt("a") - print("aes192 gcm enc", #ciphertext, hex(ciphertext)) - print("aes192 gcm dgst", #digest, hex(digest)) - local aes192 = aes.new("testtesttesttesttesttest", "gcm", "testtesttest") - local plaintext, digest = aes192:decrypt(ciphertext) - print("aes192 gcm dec", #plaintext, plaintext) - print("aes192 gcm dgst", #digest, hex(digest)) - - print() - - local aes192 = aes.new("testtesttesttesttesttest", "ccm", "testtesttest") - local ciphertext, digest = aes192:encrypt("a") - print("aes192 ccm enc", #ciphertext, hex(ciphertext)) - print("aes192 ccm dgst", #digest, hex(digest)) - local aes192 = aes.new("testtesttesttesttesttest", "ccm", "testtesttest") - local plaintext, digest = aes192:decrypt(ciphertext) - print("aes192 ccm dec", #plaintext, plaintext) - print("aes192 ccm dgst", #digest, hex(digest)) - - print() - - local aes256 = aes.new("testtesttesttesttesttesttesttest") - local ciphertext = aes256:encrypt("a") - print("aes256 encrypt", #ciphertext, hex(ciphertext)) - local aes256 = aes.new("testtesttesttesttesttesttesttest") - local plaintext = aes256:decrypt(ciphertext) - print("aes256 decrypt", #plaintext, plaintext) - - print() - - local aes256 = aes.new("testtesttesttesttesttesttesttest", "cbc", "testtesttesttest") - local ciphertext = aes256:encrypt("a") - print("aes256 cbc enc", #ciphertext, hex(ciphertext)) - local aes256 = aes.new("testtesttesttesttesttesttesttest", "cbc", "testtesttesttest") - local plaintext = aes256:decrypt(ciphertext) - print("aes256 cbc dec", #plaintext, plaintext) - - print() - - local aes256 = aes.new("testtesttesttesttesttesttesttest", "ctr", "testtesttesttest") - local ciphertext = aes256:encrypt("a") - print("aes256 ctr enc", #ciphertext, hex(ciphertext)) - local aes256 = aes.new("testtesttesttesttesttesttesttest", "ctr", "testtesttesttest") - local plaintext = aes256:decrypt(ciphertext) - print("aes256 ctr dec", #plaintext, plaintext) - - print() - - local aes256 = aes.new("testtesttesttesttesttesttesttest", "gcm", "testtesttest", "testtesttesttest1asdasdasdasdasdasdasdasdasdasdasdasdasdasdasd") - local ciphertext, digest = aes256:encrypt("a") - print("aes256 gcm enc", #ciphertext, hex(ciphertext)) - print("aes256 gcm dgst", #digest, hex(digest)) - local aes256 = aes.new("testtesttesttesttesttesttesttest", "gcm", "testtesttest", "testtesttesttest1asdasdasdasdasdasdasdasdasdasdasdasdasdasdasd") - local plaintext, digest = aes256:decrypt(ciphertext) - print("aes256 gcm dec", #plaintext, plaintext) - print("aes256 gcm dgst", #digest, hex(digest)) - - print() - - local aes256 = aes.new("testtesttesttesttesttesttesttest", "ccm", "testtesttest", "testtesttesttest1asdasdasdasdasdasdasdasdasdasdasdasdasdasdasd") - local ciphertext, digest = aes256:encrypt("a") - print("aes256 ccm enc", #ciphertext, hex(ciphertext)) - print("aes256 ccm dgst", #digest, hex(digest)) - local aes256 = aes.new("testtesttesttesttesttesttesttest", "ccm", "testtesttest", "testtesttesttest1asdasdasdasdasdasdasdasdasdasdasdasdasdasdasd") - local plaintext, digest = aes256:decrypt(ciphertext) - print("aes256 ccm dec", #plaintext, plaintext) - print("aes256 ccm dgst", #digest, hex(digest)) + local aes = require "resty.nettle.aes" + local aes128 = aes.new("testtesttesttest") + local ciphertext = aes128:encrypt("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") + print("aes128 encrypt", #ciphertext, hex(ciphertext)) + local aes128 = aes.new("testtesttesttest") + local plaintext = aes128:decrypt(ciphertext) + print("aes128 decrypt", #plaintext, plaintext) + + print() + + local aes128 = aes.new("testtesttesttest", "cbc", "testtesttesttest") + local ciphertext = aes128:encrypt("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") + print("aes128 cbc enc", #ciphertext, hex(ciphertext)) + local aes128 = aes.new("testtesttesttest", "cbc", "testtesttesttest") + local plaintext = aes128:decrypt(ciphertext) + print("aes128 cbc dec", #plaintext, plaintext) + + print() + + local aes128 = aes.new("testtesttesttest", "ctr", "testtesttesttest") + local ciphertext = aes128:encrypt("a") + print("aes128 ctr enc", #ciphertext, hex(ciphertext)) + local aes128 = aes.new("testtesttesttest", "ctr", "testtesttesttest") + local plaintext = aes128:decrypt(ciphertext) + print("aes128 ctr dec", #plaintext, plaintext) + + print() + + local aes128 = aes.new("testtesttesttest", "eax", "testtesttest") + local ciphertext, digest = aes128:encrypt("a") + print("aes128 eax enc", #ciphertext, hex(ciphertext)) + print("aes128 eax dgst", #digest, hex(digest)) + local aes128 = aes.new("testtesttesttest", "eax", "testtesttest") + local plaintext, digest = aes128:decrypt(ciphertext) + print("aes128 eax dec", #plaintext, plaintext) + print("aes128 eax dgst", #digest, hex(digest)) + + print() + + local aes128 = aes.new("testtesttesttest", "gcm", "testtesttest") + local ciphertext, digest = aes128:encrypt("a") + print("aes128 gcm enc", #ciphertext, hex(ciphertext)) + print("aes128 gcm dgst", #digest, hex(digest)) + local aes128 = aes.new("testtesttesttest", "gcm", "testtesttest") + local plaintext, digest = aes128:decrypt(ciphertext) + print("aes128 gcm dec", #plaintext, plaintext) + print("aes128 gcm dgst", #digest, hex(digest)) + + print() + + local aes128 = aes.new("testtesttesttest", "ccm", "testtesttest") + local ciphertext, digest = aes128:encrypt("a") + print("aes128 ccm enc", #ciphertext, hex(ciphertext)) + print("aes128 ccm dgst", #digest, hex(digest)) + local aes128 = aes.new("testtesttesttest", "ccm", "testtesttest") + local plaintext, digest = aes128:decrypt(ciphertext) + print("aes128 ccm dec", #plaintext, plaintext) + print("aes128 ccm dgst", #digest, hex(digest)) + + print() + + local aes192 = aes.new("testtesttesttesttesttest") + local ciphertext = aes192:encrypt("a") + print("aes192 encrypt", #ciphertext, hex(ciphertext)) + local aes192 = aes.new("testtesttesttesttesttest") + local plaintext = aes192:decrypt(ciphertext) + print("aes192 decrypt", #plaintext, plaintext) + + print() + + local aes192 = aes.new("testtesttesttesttesttest", "cbc", "testtesttesttest") + local ciphertext = aes192:encrypt("a") + print("aes192 cbc enc", #ciphertext, hex(ciphertext)) + local aes192 = aes.new("testtesttesttesttesttest", "cbc", "testtesttesttest") + local plaintext = aes192:decrypt(ciphertext) + print("aes192 cbc dec", #plaintext, plaintext) + + print() + + local aes192 = aes.new("testtesttesttesttesttest", "ctr", "testtesttesttest") + local ciphertext = aes192:encrypt("a") + print("aes192 ctr enc", #ciphertext, hex(ciphertext)) + local aes192 = aes.new("testtesttesttesttesttest", "ctr", "testtesttesttest") + local plaintext = aes192:decrypt(ciphertext) + print("aes192 ctr dec", #plaintext, plaintext) + + print() + + local aes192 = aes.new("testtesttesttesttesttest", "gcm", "testtesttest") + local ciphertext, digest = aes192:encrypt("a") + print("aes192 gcm enc", #ciphertext, hex(ciphertext)) + print("aes192 gcm dgst", #digest, hex(digest)) + local aes192 = aes.new("testtesttesttesttesttest", "gcm", "testtesttest") + local plaintext, digest = aes192:decrypt(ciphertext) + print("aes192 gcm dec", #plaintext, plaintext) + print("aes192 gcm dgst", #digest, hex(digest)) + + print() + + local aes192 = aes.new("testtesttesttesttesttest", "ccm", "testtesttest") + local ciphertext, digest = aes192:encrypt("a") + print("aes192 ccm enc", #ciphertext, hex(ciphertext)) + print("aes192 ccm dgst", #digest, hex(digest)) + local aes192 = aes.new("testtesttesttesttesttest", "ccm", "testtesttest") + local plaintext, digest = aes192:decrypt(ciphertext) + print("aes192 ccm dec", #plaintext, plaintext) + print("aes192 ccm dgst", #digest, hex(digest)) + + print() + + local aes256 = aes.new("testtesttesttesttesttesttesttest") + local ciphertext = aes256:encrypt("a") + print("aes256 encrypt", #ciphertext, hex(ciphertext)) + local aes256 = aes.new("testtesttesttesttesttesttesttest") + local plaintext = aes256:decrypt(ciphertext) + print("aes256 decrypt", #plaintext, plaintext) + + print() + + local aes256 = aes.new("testtesttesttesttesttesttesttest", "cbc", "testtesttesttest") + local ciphertext = aes256:encrypt("a") + print("aes256 cbc enc", #ciphertext, hex(ciphertext)) + local aes256 = aes.new("testtesttesttesttesttesttesttest", "cbc", "testtesttesttest") + local plaintext = aes256:decrypt(ciphertext) + print("aes256 cbc dec", #plaintext, plaintext) + + print() + + local aes256 = aes.new("testtesttesttesttesttesttesttest", "ctr", "testtesttesttest") + local ciphertext = aes256:encrypt("a") + print("aes256 ctr enc", #ciphertext, hex(ciphertext)) + local aes256 = aes.new("testtesttesttesttesttesttesttest", "ctr", "testtesttesttest") + local plaintext = aes256:decrypt(ciphertext) + print("aes256 ctr dec", #plaintext, plaintext) + + print() + + local aes256 = aes.new("testtesttesttesttesttesttesttest", "gcm", "testtesttest", "testtesttesttest1asdasdasdasdasdasdasdasdasdasdasdasdasdasdasd") + local ciphertext, digest = aes256:encrypt("a") + print("aes256 gcm enc", #ciphertext, hex(ciphertext)) + print("aes256 gcm dgst", #digest, hex(digest)) + local aes256 = aes.new("testtesttesttesttesttesttesttest", "gcm", "testtesttest", "testtesttesttest1asdasdasdasdasdasdasdasdasdasdasdasdasdasdasd") + local plaintext, digest = aes256:decrypt(ciphertext) + print("aes256 gcm dec", #plaintext, plaintext) + print("aes256 gcm dgst", #digest, hex(digest)) + + print() + + local aes256 = aes.new("testtesttesttesttesttesttesttest", "ccm", "testtesttest", "testtesttesttest1asdasdasdasdasdasdasdasdasdasdasdasdasdasdasd") + local ciphertext, digest = aes256:encrypt("a") + print("aes256 ccm enc", #ciphertext, hex(ciphertext)) + print("aes256 ccm dgst", #digest, hex(digest)) + local aes256 = aes.new("testtesttesttesttesttesttesttest", "ccm", "testtesttest", "testtesttesttest1asdasdasdasdasdasdasdasdasdasdasdasdasdasdasd") + local plaintext, digest = aes256:decrypt(ciphertext) + print("aes256 ccm dec", #plaintext, plaintext) + print("aes256 ccm dgst", #digest, hex(digest)) end print() do - local camellia = require "resty.nettle.camellia" - local camellia128 = camellia.new("testtesttesttest") - local ciphertext = camellia128:encrypt("a") - print("cam128 encrypt", #ciphertext, hex(ciphertext)) - local camellia128 = camellia.new("testtesttesttest") - local plaintext = camellia128:decrypt(ciphertext) - print("cam128 decrypt", #plaintext, plaintext) - - print() - - local camellia128 = camellia.new("testtesttesttest", "gcm", "testtesttest") - local ciphertext, digest = camellia128:encrypt("a") - print("cam128 gcm enc", #ciphertext, hex(ciphertext)) - print("cam128 gcm dgst", #digest, hex(digest)) - local camellia128 = camellia.new("testtesttesttest", "gcm", "testtesttest") - local plaintext, digest = camellia128:decrypt(ciphertext) - print("cam128 gcm dec", #plaintext, plaintext) - print("cam128 gcm dgst", #digest, hex(digest)) - - print() - - local camellia192 = camellia.new("testtesttesttesttesttest") - local ciphertext = camellia192:encrypt("a") - print("cam192 encrypt", #ciphertext, hex(ciphertext)) - local camellia192 = camellia.new("testtesttesttesttesttest") - local plaintext = camellia192:decrypt(ciphertext) - print("cam192 decrypt", #plaintext, plaintext) - - print() - - local camellia256 = camellia.new("testtesttesttesttesttesttesttest") - local ciphertext = camellia256:encrypt("a") - print("cam256 encrypt", #ciphertext, hex(ciphertext)) - local camellia256 = camellia.new("testtesttesttesttesttesttesttest") - local plaintext = camellia256:decrypt(ciphertext) - print("cam256 decrypt", #plaintext, plaintext) - - print() - - local camellia256 = camellia.new("testtesttesttesttesttesttesttest", "gcm", "testtesttest", "testtesttesttest1asdasdasdasdasdasdasdasdasdasdasdasdasdasdasd") - local ciphertext, digest = camellia256:encrypt("a") - print("cam256 gcm enc", #ciphertext, hex(ciphertext)) - print("cam256 gcm dgst", #digest, hex(digest)) - local camellia256 = camellia.new("testtesttesttesttesttesttesttest", "gcm", "testtesttest", "testtesttesttest1asdasdasdasdasdasdasdasdasdasdasdasdasdasdasd") - local plaintext, digest = camellia256:decrypt(ciphertext) - print("cam256 gcm dec", #plaintext, plaintext) - print("cam256 gcm dgst", #digest, hex(digest)) + local camellia = require "resty.nettle.camellia" + local camellia128 = camellia.new("testtesttesttest") + local ciphertext = camellia128:encrypt("a") + print("cam128 encrypt", #ciphertext, hex(ciphertext)) + local camellia128 = camellia.new("testtesttesttest") + local plaintext = camellia128:decrypt(ciphertext) + print("cam128 decrypt", #plaintext, plaintext) + + print() + + local camellia128 = camellia.new("testtesttesttest", "gcm", "testtesttest") + local ciphertext, digest = camellia128:encrypt("a") + print("cam128 gcm enc", #ciphertext, hex(ciphertext)) + print("cam128 gcm dgst", #digest, hex(digest)) + local camellia128 = camellia.new("testtesttesttest", "gcm", "testtesttest") + local plaintext, digest = camellia128:decrypt(ciphertext) + print("cam128 gcm dec", #plaintext, plaintext) + print("cam128 gcm dgst", #digest, hex(digest)) + + print() + + local camellia192 = camellia.new("testtesttesttesttesttest") + local ciphertext = camellia192:encrypt("a") + print("cam192 encrypt", #ciphertext, hex(ciphertext)) + local camellia192 = camellia.new("testtesttesttesttesttest") + local plaintext = camellia192:decrypt(ciphertext) + print("cam192 decrypt", #plaintext, plaintext) + + print() + + local camellia256 = camellia.new("testtesttesttesttesttesttesttest") + local ciphertext = camellia256:encrypt("a") + print("cam256 encrypt", #ciphertext, hex(ciphertext)) + local camellia256 = camellia.new("testtesttesttesttesttesttesttest") + local plaintext = camellia256:decrypt(ciphertext) + print("cam256 decrypt", #plaintext, plaintext) + + print() + + local camellia256 = camellia.new("testtesttesttesttesttesttesttest", "gcm", "testtesttest", "testtesttesttest1asdasdasdasdasdasdasdasdasdasdasdasdasdasdasd") + local ciphertext, digest = camellia256:encrypt("a") + print("cam256 gcm enc", #ciphertext, hex(ciphertext)) + print("cam256 gcm dgst", #digest, hex(digest)) + local camellia256 = camellia.new("testtesttesttesttesttesttesttest", "gcm", "testtesttest", "testtesttesttest1asdasdasdasdasdasdasdasdasdasdasdasdasdasdasd") + local plaintext, digest = camellia256:decrypt(ciphertext) + print("cam256 gcm dec", #plaintext, plaintext) + print("cam256 gcm dgst", #digest, hex(digest)) end print() do - local arcfour = require "resty.nettle.arcfour" - local af = arcfour.new("testtesttesttest") - local ciphertext = af:encrypt("a") - print("ARCFOUR encrypt", #ciphertext, hex(ciphertext)) - local af = arcfour.new("testtesttesttest") - local plaintext = af:decrypt(ciphertext) - print("ARCFOUR decrypt", #plaintext, plaintext) + local arcfour = require "resty.nettle.arcfour" + local af = arcfour.new("testtesttesttest") + local ciphertext = af:encrypt("a") + print("ARCFOUR encrypt", #ciphertext, hex(ciphertext)) + local af = arcfour.new("testtesttesttest") + local plaintext = af:decrypt(ciphertext) + print("ARCFOUR decrypt", #plaintext, plaintext) end print() do - local blowfish = require "resty.nettle.blowfish" - local bf = blowfish.new("testtesttesttest") - local ciphertext = bf:encrypt("a") - print("BLOWFISH enc", #ciphertext, hex(ciphertext)) - local bf = blowfish.new("testtesttesttest") - local plaintext = bf:decrypt(ciphertext) - print("BLOWFISH dec", #plaintext, plaintext) + local blowfish = require "resty.nettle.blowfish" + local bf = blowfish.new("testtesttesttest") + local ciphertext = bf:encrypt("a") + print("BLOWFISH enc", #ciphertext, hex(ciphertext)) + local bf = blowfish.new("testtesttesttest") + local plaintext = bf:decrypt(ciphertext) + print("BLOWFISH dec", #plaintext, plaintext) end print() do - local twofish = require "resty.nettle.twofish" - local tf = twofish.new("testtesttesttest") - local ciphertext = tf:encrypt("a") - print("TWOFISH enc", #ciphertext, hex(ciphertext)) - local tf = twofish.new("testtesttesttest") - local plaintext = tf:decrypt(ciphertext) - print("TWOFISH dec", #plaintext, plaintext) + local twofish = require "resty.nettle.twofish" + local tf = twofish.new("testtesttesttest") + local ciphertext = tf:encrypt("a") + print("TWOFISH enc", #ciphertext, hex(ciphertext)) + local tf = twofish.new("testtesttesttest") + local plaintext = tf:decrypt(ciphertext) + print("TWOFISH dec", #plaintext, plaintext) end print() do - local serpent = require "resty.nettle.serpent" - local sp = serpent.new("testtesttesttest") - local ciphertext = sp:encrypt("a") - print("SERPENT enc", #ciphertext, hex(ciphertext)) - local sp = serpent.new("testtesttesttest") - local plaintext = sp:decrypt(ciphertext) - print("SERPENT dec", #plaintext, plaintext) + local serpent = require "resty.nettle.serpent" + local sp = serpent.new("testtesttesttest") + local ciphertext = sp:encrypt("a") + print("SERPENT enc", #ciphertext, hex(ciphertext)) + local sp = serpent.new("testtesttesttest") + local plaintext = sp:decrypt(ciphertext) + print("SERPENT dec", #plaintext, plaintext) end print() do - local cast128 = require "resty.nettle.cast128" - local ct = cast128.new("testtesttesttest") - local ciphertext = ct:encrypt("a") - print("CAST128 enc", #ciphertext, hex(ciphertext)) - local ct = cast128.new("testtesttesttest") - local plaintext = ct:decrypt(ciphertext) - print("CAST128 dec", #plaintext, plaintext) + local cast128 = require "resty.nettle.cast128" + local ct = cast128.new("testtesttesttest") + local ciphertext = ct:encrypt("a") + print("CAST128 enc", #ciphertext, hex(ciphertext)) + local ct = cast128.new("testtesttesttest") + local plaintext = ct:decrypt(ciphertext) + print("CAST128 dec", #plaintext, plaintext) end print() do - local chacha = require "resty.nettle.chacha" - local cc = chacha.new("testtesttesttesttesttesttesttest", "testtest") - local ciphertext = cc:encrypt("a") - print("ChaCha enc", #ciphertext, hex(ciphertext)) - local cc = chacha.new("testtesttesttesttesttesttesttest", "testtest") - local plaintext = cc:decrypt(ciphertext) - print("ChaCha dec", #plaintext, plaintext) + local chacha = require "resty.nettle.chacha" + local cc = chacha.new("testtesttesttesttesttesttesttest", "testtest") + local ciphertext = cc:encrypt("a") + print("ChaCha enc", #ciphertext, hex(ciphertext)) + local cc = chacha.new("testtesttesttesttesttesttesttest", "testtest") + local plaintext = cc:decrypt(ciphertext) + print("ChaCha dec", #plaintext, plaintext) end print() do - local salsa20 = require "resty.nettle.salsa20" - local ss = salsa20.new("testtesttesttest", "testtest") - local ciphertext = ss:encrypt("a") - print("Salsa20 128 enc", #ciphertext, hex(ciphertext)) - local ss = salsa20.new("testtesttesttest", "testtest") - local plaintext = ss:decrypt(ciphertext) - print("Salsa20 128 dec", #plaintext, plaintext) + local salsa20 = require "resty.nettle.salsa20" + local ss = salsa20.new("testtesttesttest", "testtest") + local ciphertext = ss:encrypt("a") + print("Salsa20 128 enc", #ciphertext, hex(ciphertext)) + local ss = salsa20.new("testtesttesttest", "testtest") + local plaintext = ss:decrypt(ciphertext) + print("Salsa20 128 dec", #plaintext, plaintext) end print() do - local salsa20 = require "resty.nettle.salsa20" - local ss = salsa20.new("testtesttesttesttesttesttesttest", "testtest") - local ciphertext = ss:encrypt("a") - print("Salsa20 256 enc", #ciphertext, hex(ciphertext)) - local ss = salsa20.new("testtesttesttesttesttesttesttest", "testtest") - local plaintext = ss:decrypt(ciphertext) - print("Salsa20 256 dec", #plaintext, plaintext) + local salsa20 = require "resty.nettle.salsa20" + local ss = salsa20.new("testtesttesttesttesttesttesttest", "testtest") + local ciphertext = ss:encrypt("a") + print("Salsa20 256 enc", #ciphertext, hex(ciphertext)) + local ss = salsa20.new("testtesttesttesttesttesttesttest", "testtest") + local plaintext = ss:decrypt(ciphertext) + print("Salsa20 256 dec", #plaintext, plaintext) end print() do - local salsa20 = require "resty.nettle.salsa20" - local ss = salsa20.new("testtesttesttest", "testtest", 12) - local ciphertext = ss:encrypt("a") - print("Sal20r12 128 e", #ciphertext, hex(ciphertext)) - local ss = salsa20.new("testtesttesttest", "testtest", 12) - local plaintext = ss:decrypt(ciphertext) - print("Sal20r12 128 d", #plaintext, plaintext) + local salsa20 = require "resty.nettle.salsa20" + local ss = salsa20.new("testtesttesttest", "testtest", 12) + local ciphertext = ss:encrypt("a") + print("Sal20r12 128 e", #ciphertext, hex(ciphertext)) + local ss = salsa20.new("testtesttesttest", "testtest", 12) + local plaintext = ss:decrypt(ciphertext) + print("Sal20r12 128 d", #plaintext, plaintext) end print() do - local salsa20 = require "resty.nettle.salsa20" - local ss = salsa20.new("testtesttesttesttesttesttesttest", "testtest", 12) - local ciphertext = ss:encrypt("a") - print("Sal20r12 256 e", #ciphertext, hex(ciphertext)) - local ss = salsa20.new("testtesttesttesttesttesttesttest", "testtest", 12) - local plaintext = ss:decrypt(ciphertext) - print("Sal20r12 256 d", #plaintext, plaintext) + local salsa20 = require "resty.nettle.salsa20" + local ss = salsa20.new("testtesttesttesttesttesttesttest", "testtest", 12) + local ciphertext = ss:encrypt("a") + print("Sal20r12 256 e", #ciphertext, hex(ciphertext)) + local ss = salsa20.new("testtesttesttesttesttesttesttest", "testtest", 12) + local plaintext = ss:decrypt(ciphertext) + print("Sal20r12 256 d", #plaintext, plaintext) end print() do - local chacha_poly1305 = require "resty.nettle.chacha-poly1305" - local cp = chacha_poly1305.new("testtesttesttesttesttesttesttest", "testtesttesttest", "testtest") - local ciphertext, digest = cp:encrypt("a") - print("cc-p1305 enc", #ciphertext, hex(ciphertext)) - print("cc-p1305 dgst", #digest, hex(digest)) - local cp = chacha_poly1305.new("testtesttesttesttesttesttesttest", "testtesttesttest", "testtest") - local plaintext, digest = cp:decrypt(ciphertext) - print("cc-p1305 dec", #plaintext, plaintext) - print("cc-p1305 dgst", #digest, hex(digest)) + local chacha_poly1305 = require "resty.nettle.chacha-poly1305" + local cp = chacha_poly1305.new("testtesttesttesttesttesttesttest", "testtesttesttest", "testtest") + local ciphertext, digest = cp:encrypt("a") + print("cc-p1305 enc", #ciphertext, hex(ciphertext)) + print("cc-p1305 dgst", #digest, hex(digest)) + local cp = chacha_poly1305.new("testtesttesttesttesttesttesttest", "testtesttesttest", "testtest") + local plaintext, digest = cp:decrypt(ciphertext) + print("cc-p1305 dec", #plaintext, plaintext) + print("cc-p1305 dgst", #digest, hex(digest)) end print() do - local des = require "resty.nettle.des" - print("DES check ", "testtest", des.check_parity("testtest")) - print("DES fix ", "testtest", des.fix_parity("testtest")) - print("DES check ", des.fix_parity("testtest"), des.check_parity(des.fix_parity("testtest"))) + local des = require "resty.nettle.des" + print("DES check ", "testtest", des.check_parity("testtest")) + print("DES fix ", "testtest", des.fix_parity("testtest")) + print("DES check ", des.fix_parity("testtest"), des.check_parity(des.fix_parity("testtest"))) end print() do - local des = require "resty.nettle.des" - local ds, wk = des.new("testtest") - local ciphertext = ds:encrypt("a") - print("DES enc ", wk, #ciphertext, hex(ciphertext)) - local ds, wk = des.new("testtest") - local plaintext = ds:decrypt(ciphertext) - print("DES dec ", wk, #plaintext, plaintext) + local des = require "resty.nettle.des" + local ds, wk = des.new("testtest") + local ciphertext = ds:encrypt("a") + print("DES enc ", wk, #ciphertext, hex(ciphertext)) + local ds, wk = des.new("testtest") + local plaintext = ds:decrypt(ciphertext) + print("DES dec ", wk, #plaintext, plaintext) end print() do - local des = require "resty.nettle.des" - local ds, wk = des.new("testtest", "cbc", "kalakala") - local ciphertext = ds:encrypt("testtestkalakala") - print("DES cbc enc ", wk, #ciphertext, hex(ciphertext)) - local ds, wk = des.new("testtest", "cbc", "kalakala") - local plaintext = ds:decrypt(ciphertext) - print("DES cbc dec ", wk, #plaintext, plaintext) + local des = require "resty.nettle.des" + local ds, wk = des.new("testtest", "cbc", "kalakala") + local ciphertext = ds:encrypt("testtestkalakala") + print("DES cbc enc ", wk, #ciphertext, hex(ciphertext)) + local ds, wk = des.new("testtest", "cbc", "kalakala") + local plaintext = ds:decrypt(ciphertext) + print("DES cbc dec ", wk, #plaintext, plaintext) end print() do - local des = require "resty.nettle.des" - local ds, wk = des.new("testtest", "ctr", "kalakala") - local ciphertext = ds:encrypt("testtestkalakala") - print("DES ctr enc ", wk, #ciphertext, hex(ciphertext)) - local ds, wk = des.new("testtest", "ctr", "kalakala") - local plaintext = ds:decrypt(ciphertext) - print("DES ctr dec ", wk, #plaintext, plaintext) + local des = require "resty.nettle.des" + local ds, wk = des.new("testtest", "ctr", "kalakala") + local ciphertext = ds:encrypt("testtestkalakala") + print("DES ctr enc ", wk, #ciphertext, hex(ciphertext)) + local ds, wk = des.new("testtest", "ctr", "kalakala") + local plaintext = ds:decrypt(ciphertext) + print("DES ctr dec ", wk, #plaintext, plaintext) end print() do - local des = require "resty.nettle.des" - print("DES3 check ", "testtestkalakalatesttest", des.check_parity("testtestkalakalatesttest")) - print("DES3 fix ", "testtestkalakalatesttest", des.fix_parity("testtestkalakalatesttest")) - print("DES3 check ", des.fix_parity("testtestkalakalatesttest"), des.check_parity(des.fix_parity("testtestkalakalatesttest"))) + local des = require "resty.nettle.des" + print("DES3 check ", "testtestkalakalatesttest", des.check_parity("testtestkalakalatesttest")) + print("DES3 fix ", "testtestkalakalatesttest", des.fix_parity("testtestkalakalatesttest")) + print("DES3 check ", des.fix_parity("testtestkalakalatesttest"), des.check_parity(des.fix_parity("testtestkalakalatesttest"))) end print() do - local des = require "resty.nettle.des" - local ds, wk = des.new("testtestkalakalatesttest") - local ciphertext = ds:encrypt("a") - print("DES3 enc ", wk, #ciphertext, hex(ciphertext)) - local ds, wk = des.new("testtestkalakalatesttest") - local plaintext = ds:decrypt(ciphertext) - print("DES3 dec ", wk, #plaintext, plaintext) + local des = require "resty.nettle.des" + local ds, wk = des.new("testtestkalakalatesttest") + local ciphertext = ds:encrypt("a") + print("DES3 enc ", wk, #ciphertext, hex(ciphertext)) + local ds, wk = des.new("testtestkalakalatesttest") + local plaintext = ds:decrypt(ciphertext) + print("DES3 dec ", wk, #plaintext, plaintext) end print() do - local des = require "resty.nettle.des" - local ds, wk = des.new("testtestkalakalatesttest", "cbc", "kalakala") - local ciphertext = ds:encrypt("testtestkalakala") - print("DES3 cbc enc", wk, #ciphertext, hex(ciphertext)) - local ds, wk = des.new("testtestkalakalatesttest", "cbc", "kalakala") - local plaintext = ds:decrypt(ciphertext) - print("DES3 cbc dec", wk, #plaintext, plaintext) + local des = require "resty.nettle.des" + local ds, wk = des.new("testtestkalakalatesttest", "cbc", "kalakala") + local ciphertext = ds:encrypt("testtestkalakala") + print("DES3 cbc enc", wk, #ciphertext, hex(ciphertext)) + local ds, wk = des.new("testtestkalakalatesttest", "cbc", "kalakala") + local plaintext = ds:decrypt(ciphertext) + print("DES3 cbc dec", wk, #plaintext, plaintext) end print() do - local des = require "resty.nettle.des" - local ds, wk = des.new("testtestkalakalatesttest", "ctr", "kalakala") - local ciphertext = ds:encrypt("testtestkalakala") - print("DES3 ctr enc", wk, #ciphertext, hex(ciphertext)) - local ds, wk = des.new("testtestkalakalatesttest", "ctr", "kalakala") - local plaintext = ds:decrypt(ciphertext) - print("DES3 ctr dec", wk, #plaintext, plaintext) + local des = require "resty.nettle.des" + local ds, wk = des.new("testtestkalakalatesttest", "ctr", "kalakala") + local ciphertext = ds:encrypt("testtestkalakala") + print("DES3 ctr enc", wk, #ciphertext, hex(ciphertext)) + local ds, wk = des.new("testtestkalakalatesttest", "ctr", "kalakala") + local plaintext = ds:decrypt(ciphertext) + print("DES3 ctr dec", wk, #plaintext, plaintext) end print() do - local base64 = require "resty.nettle.base64" - local encoded = base64.encode("testtesttesttest") - print("BASE64 enc", #encoded, encoded) - local decoded = base64.decode(encoded) - print("BASE64 dec", #decoded, decoded) - - print() - - local encoded = base64.encode("testtesttesttest+&", true) - print("BASE64 enc-url", #encoded, encoded) - local decoded = base64.decode(encoded, true) - print("BASE64 dec-url", #decoded, decoded) - - print() - - - local base64enc = base64.encoder.new() - print(base64enc:single("t")) - print(base64enc:single("e")) - print(base64enc:single("s")) - print(base64enc:single("t")) - print(base64enc:update("test")) - print(base64enc:single("t")) - print(base64enc:single("e")) - print(base64enc:single("s")) - print(base64enc:single("t")) - print(base64enc:update("test")) - print(base64enc:final()) - - print() - - local base64dec = base64.decoder.new() - print(base64dec:single("d")) - print(base64dec:single("G")) - print(base64dec:single("V")) - print(base64dec:single("z")) - print(base64dec:single("d")) - print(base64dec:update("HRlc3")) - print(base64dec:single("R")) - print(base64dec:single("0")) - print(base64dec:single("Z")) - print(base64dec:single("X")) - print(base64dec:single("N")) - print(base64dec:single("0")) - print(base64dec:update("dGVzdA==")) - print(base64dec:final()) + local base64 = require "resty.nettle.base64" + local encoded = base64.encode("testtesttesttest") + print("BASE64 enc", #encoded, encoded) + local decoded = base64.decode(encoded) + print("BASE64 dec", #decoded, decoded) + + print() + + local encoded = base64.encode("testtesttesttest+&", true) + print("BASE64 enc-url", #encoded, encoded) + local decoded = base64.decode(encoded, true) + print("BASE64 dec-url", #decoded, decoded) + + print() + + + local base64enc = base64.encoder.new() + print(base64enc:single("t")) + print(base64enc:single("e")) + print(base64enc:single("s")) + print(base64enc:single("t")) + print(base64enc:update("test")) + print(base64enc:single("t")) + print(base64enc:single("e")) + print(base64enc:single("s")) + print(base64enc:single("t")) + print(base64enc:update("test")) + print(base64enc:final()) + + print() + + local base64dec = base64.decoder.new() + print(base64dec:single("d")) + print(base64dec:single("G")) + print(base64dec:single("V")) + print(base64dec:single("z")) + print(base64dec:single("d")) + print(base64dec:update("HRlc3")) + print(base64dec:single("R")) + print(base64dec:single("0")) + print(base64dec:single("Z")) + print(base64dec:single("X")) + print(base64dec:single("N")) + print(base64dec:single("0")) + print(base64dec:update("dGVzdA==")) + print(base64dec:final()) end print() do - local base16 = require "resty.nettle.base16" - local encoded = base16.encode("testtesttesttest") - print("BASE16 enc", #encoded, encoded) - local decoded = base16.decode(encoded) - print("BASE16 dec", #decoded, decoded) - - print() - - local base16enc = base16.encoder.new() - print(base16enc:single("t")) - print(base16enc:single("e")) - print(base16enc:single("s")) - print(base16enc:single("t")) - print(base16enc:update("test")) - print(base16enc:single("t")) - print(base16enc:single("e")) - print(base16enc:single("s")) - print(base16enc:single("t")) - print(base16enc:update("test")) - - print() - - local base16dec = base16.decoder.new() - print(base16dec:single("7")) - print(base16dec:single("4")) - print(base16dec:single("6")) - print(base16dec:single("5")) - print(base16dec:single("7")) - print(base16dec:single("3")) - print(base16dec:single("7")) - print(base16dec:single("4")) - print(base16dec:update("74657374")) - print(base16dec:single("7")) - print(base16dec:single("4")) - print(base16dec:single("6")) - print(base16dec:single("5")) - print(base16dec:single("7")) - print(base16dec:single("3")) - print(base16dec:single("7")) - print(base16dec:single("4")) - print(base16dec:update("74657374")) - print(base16dec:final()) + local base16 = require "resty.nettle.base16" + local encoded = base16.encode("testtesttesttest") + print("BASE16 enc", #encoded, encoded) + local decoded = base16.decode(encoded) + print("BASE16 dec", #decoded, decoded) + + print() + + local base16enc = base16.encoder.new() + print(base16enc:single("t")) + print(base16enc:single("e")) + print(base16enc:single("s")) + print(base16enc:single("t")) + print(base16enc:update("test")) + print(base16enc:single("t")) + print(base16enc:single("e")) + print(base16enc:single("s")) + print(base16enc:single("t")) + print(base16enc:update("test")) + + print() + + local base16dec = base16.decoder.new() + print(base16dec:single("7")) + print(base16dec:single("4")) + print(base16dec:single("6")) + print(base16dec:single("5")) + print(base16dec:single("7")) + print(base16dec:single("3")) + print(base16dec:single("7")) + print(base16dec:single("4")) + print(base16dec:update("74657374")) + print(base16dec:single("7")) + print(base16dec:single("4")) + print(base16dec:single("6")) + print(base16dec:single("5")) + print(base16dec:single("7")) + print(base16dec:single("3")) + print(base16dec:single("7")) + print(base16dec:single("4")) + print(base16dec:update("74657374")) + print(base16dec:final()) end print() do - local yarrow = require "resty.nettle.yarrow" - local y = yarrow.new() - print(y.sources) - print(y.seeded) - y:seed("testtesttesttesttesttesttesttest") - print(y.seeded) - - print(hex(y:random(30))) - print(hex(y:random(30))) - - y:fast_reseed() + local yarrow = require "resty.nettle.yarrow" + local y = yarrow.new() + print(y.sources) + print(y.seeded) + y:seed("testtesttesttesttesttesttesttest") + print(y.seeded) - print(hex(y:random(30))) + print(hex(y:random(30))) + print(hex(y:random(30))) - y:slow_reseed() - print(hex(y:random(30))) -end + y:fast_reseed() -print() + print(hex(y:random(30))) -do - local knuth = require "resty.nettle.knuth-lfib" - local k = knuth.new() - print(k:number()) - print(k:number()) - print(hex(k:random(10))) - local t = k:array(10) - print(t) - print(concat(t, '|')) + y:slow_reseed() + print(hex(y:random(30))) end print() do - local rsa = require "resty.nettle.rsa" - local hex = require "resty.nettle.base16" - local kp = rsa.keypair.new() - print(hex.encode(kp.sexp)) - local r = rsa.new() - local gibb = r:encrypt("fish") - print(gibb) - local clear = r:decrypt(gibb) - print(clear) + local knuth = require "resty.nettle.knuth-lfib" + local k = knuth.new() + print(k:number()) + print(k:number()) + print(hex(k:random(10))) + local t = k:array(10) + print(concat(t, '|')) end print() do - local hash = require "resty.nettle.hash" - local hashes = hash.hashes - for _, h in ipairs(hashes) do - print(h.name, h.context_size, h.block_size, h.init, h.update, h.digest) - end + local rsa = require "resty.nettle.rsa" + local r = rsa.new() + local gibb = r:encrypt("fish") + print(hex(gibb)) + local clear = r:decrypt(gibb) + print(clear) end print() do - local cipher = require "resty.nettle.cipher" - local ciphers = cipher.ciphers - for _, c in ipairs(ciphers) do - print(c.name, c.context_size, c.block_size, c.key_size, c.set_encrypt_key, c.set_decrypt_key, c.encrypt, c.decrypt) - end + local ed = require "resty.nettle.ed25519-sha512" + local pri = "testtesttesttesttesttesttesttest" + print("EdDSA25519 SHA-512 private key", #pri, pri) + local pub = ed.public_key(pri) + print("EdDSA25519 SHA-512 public key", #pub, hex(pub)) + local msg = "hello" + print("EdDSA25519 SHA-512 message", #msg, msg) + local sig = ed.sign(pub, pri, msg) + print("EdDSA25519 SHA-512 signature", #sig, hex(sig)) + local chk = ed.verify(pub, msg, sig) + print("EdDSA25519 SHA-512 verify (true)", chk) + local err = "error" + local chk = ed.verify(pub, err, sig) + print("EdDSA25519 SHA-512 verify (false)", chk) end - -print() - -do - local aead = require "resty.nettle.aead" - local aeads = aead.aeads - for _, a in ipairs(aeads) do - print(a.name, a.context_size, a.block_size, a.key_size, a.nonce_size, a.set_encrypt_key, a.set_decrypt_key, a.set_nonce, a.update, a.encrypt, a.decrypt, a.digest) - end -end - -print() - -do - local ed = require "resty.nettle.ed25519-sha512" - local pri = "testtesttesttesttesttesttesttest" - print("EdDSA25519 SHA-512 private key", #pri, pri) - local pub = ed.public_key(pri) - print("EdDSA25519 SHA-512 public key", #pub, hex(pub)) - local msg = "hello" - print("EdDSA25519 SHA-512 message", #msg, msg) - local sig = ed.sign(pub, pri, msg) - print("EdDSA25519 SHA-512 signature", #sig, hex(sig)) - local chk = ed.verify(pub, msg, sig) - print("EdDSA25519 SHA-512 verify (true)", chk) - local err = "error" - local chk = ed.verify(pub, err, sig) - print("EdDSA25519 SHA-512 verify (false)", chk) -end - -print() ``` The above should output this (randoms are different of course): ```text -md2 16 8350E5A3E24C153DF2275C9F80692773 -md2 16 8350E5A3E24C153DF2275C9F80692773 -md4 16 31D6CFE0D16AE931B73C59D7E0C089C0 -md4 16 31D6CFE0D16AE931B73C59D7E0C089C0 -md5 16 D41D8CD98F00B204E9800998ECF8427E -md5 16 D41D8CD98F00B204E9800998ECF8427E -ripemd160 20 9C1185A5C5E9FC54612808977EE8F548B2258D31 -gosthash94 32 CE85B99CC46752FFFEE35CAB9A7B0278ABB4C2D2055CFF685AF4912C49490F8D -sha1 20 DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 -sha1 20 DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 +md2 16 8350E5A3E24C153DF2275C9F80692773 +md2 16 8350E5A3E24C153DF2275C9F80692773 +md4 16 31D6CFE0D16AE931B73C59D7E0C089C0 +md4 16 31D6CFE0D16AE931B73C59D7E0C089C0 +md5 16 D41D8CD98F00B204E9800998ECF8427E +md5 16 D41D8CD98F00B204E9800998ECF8427E +ripemd160 20 9C1185A5C5E9FC54612808977EE8F548B2258D31 +gosthash94 32 CE85B99CC46752FFFEE35CAB9A7B0278ABB4C2D2055CFF685AF4912C49490F8D +sha1 20 DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 +sha1 20 DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 sha224 28 D14A028C2A3A2BC9476102BB288234C415A2B01F828EA62AC5B3E42F sha224 28 D14A028C2A3A2BC9476102BB288234C415A2B01F828EA62AC5B3E42F sha256 32 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 @@ -854,29 +828,29 @@ sha384 48 38B060A751AC96384CD9327EB1B1E36A21FDB71114BE07434C0CC7BF63F6E1DA sha384 48 38B060A751AC96384CD9327EB1B1E36A21FDB71114BE07434C0CC7BF63F6E1DA274EDEBFE76F65FBD51AD2F14898B95B sha512 64 CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E sha512 64 CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E -sha512_224 28 6ED0DD02806FA89E25DE060C19D3AC86CABB87D6A0DDD05C333B84F4 -sha512_224 28 6ED0DD02806FA89E25DE060C19D3AC86CABB87D6A0DDD05C333B84F4 -sha512_256 32 C672B8D1EF56ED28AB87C3622C5114069BDD3AD7B8F9737498D0C01ECEF0967A -sha512_256 32 C672B8D1EF56ED28AB87C3622C5114069BDD3AD7B8F9737498D0C01ECEF0967A -sha3 224 28 F71837502BA8E10837BDD8D365ADB85591895602FC552B48B7390ABD -sha3 256 32 C5D2460186F7233C927E7DB2DCC703C0E500B653CA82273B7BFAD8045D85A470 -sha3 384 48 2C23146A63A29ACF99E73B88F8C24EAA7DC60AA771780CCC006AFBFA8FE2479B2DD2B21362337441AC12B515911957FF -sha3 512 64 0EAB42DE4C3CEB9235FC91ACFFE746B29C29A8C366B7C60E4E67C466F36A4304C00FA9CAF9D87976BA469BCBE06713B435F091EF2769FB160CDAB33D3670680E -hmac md5 16 06F30DC9049F859EA0CCB39FDC8FD5C2 -hmac md5 16 06F30DC9049F859EA0CCB39FDC8FD5C2 -hmac md5 16 06F30DC9049F859EA0CCB39FDC8FD5C2 +sha512_224 28 6ED0DD02806FA89E25DE060C19D3AC86CABB87D6A0DDD05C333B84F4 +sha512_224 28 6ED0DD02806FA89E25DE060C19D3AC86CABB87D6A0DDD05C333B84F4 +sha512_256 32 C672B8D1EF56ED28AB87C3622C5114069BDD3AD7B8F9737498D0C01ECEF0967A +sha512_256 32 C672B8D1EF56ED28AB87C3622C5114069BDD3AD7B8F9737498D0C01ECEF0967A +sha3 224 28 6B4E03423667DBB73B6E15454F0EB1ABD4597F9A1B078E3F5B5A6BC7 +sha3 256 32 A7FFC6F8BF1ED76651C14756A061D662F580FF4DE43B49FA82D80A4B80F8434A +sha3 384 48 0C63A75B845E4F7D01107D852E4C2485C51A50AAAA94FC61995E71BBEE983A2AC3713831264ADB47FB6BD1E058D5F004 +sha3 512 64 A69F73CCA23A9AC5C8B567DC185A756E97C982164FE25859E0D1DCC1475C80A615B2123AF1F5F94C11E3E9402C3AC558F500199D95B6D3E301758586281DCD26 +hmac md5 16 06F30DC9049F859EA0CCB39FDC8FD5C2 +hmac md5 16 06F30DC9049F859EA0CCB39FDC8FD5C2 +hmac md5 16 06F30DC9049F859EA0CCB39FDC8FD5C2 hmac ripemd160 20 ECB2E5CA0EEFFD84F5566B5DE1D037EF1F9689EF -hmac sha1 20 3902ED847FF28930B5F141ABFA8B471681253673 -hmac sha224 28 7A5027C4F3A358A76D943D6D83A8242675FE96E2D30A526FE9E19629 -hmac sha256 32 3ECF5388E220DA9E0F919485DEB676D8BEE3AEC046A779353B463418511EE622 -hmac sha384 48 724C212553F366248BC76017E812C8ACC85B94FEC2F396C2A925BCC2571F7AB29FEDEE6B3B3013BBF9DE7B89549D5A69 -hmac sha512 64 FC8C80E6B943CD07ECCECF01BC6038BAE68EBB6FA2E1E62B44753D7C177AF7A46B089DF349A19F7622A22312C76906CA9C984E1446D3AB86A98FDFA1425341C5 -umac32 4 D262065C -umac64 8 DA7E5EB7E37A27E6 -umac96 12 6B8FBA819AB2FEFA8A18F5AA +hmac sha1 20 3902ED847FF28930B5F141ABFA8B471681253673 +hmac sha224 28 7A5027C4F3A358A76D943D6D83A8242675FE96E2D30A526FE9E19629 +hmac sha256 32 3ECF5388E220DA9E0F919485DEB676D8BEE3AEC046A779353B463418511EE622 +hmac sha384 48 724C212553F366248BC76017E812C8ACC85B94FEC2F396C2A925BCC2571F7AB29FEDEE6B3B3013BBF9DE7B89549D5A69 +hmac sha512 64 FC8C80E6B943CD07ECCECF01BC6038BAE68EBB6FA2E1E62B44753D7C177AF7A46B089DF349A19F7622A22312C76906CA9C984E1446D3AB86A98FDFA1425341C5 +umac32 4 D262065C +umac64 8 DA7E5EB7E37A27E6 +umac96 12 6B8FBA819AB2FEFA8A18F5AA umac128 16 D55988EE39924D7642FFB401A79BCE29 poly1305 16 879E865A98C8CDE7C899D9A3A243EDB9 -pbkdf2 sha1 20 0C60C80F961F0E71F3A9B524AF6012062FE037A6 +pbkdf2 sha1 20 0C60C80F961F0E71F3A9B524AF6012062FE037A6 pbkdf2 sha256 32 89B69D0516F829893C696226650A86878C029AC13EE276509D5AE58B6466A724 aes128 encrypt 32 2EBEA9810D3056A2159BBE45A72429692EBEA9810D3056A2159BBE45A7242969 @@ -966,17 +940,17 @@ ARCFOUR decrypt 1 a BLOWFISH enc 8 821C2FA4533A2FD2 BLOWFISH dec 8 a -TWOFISH enc 16 6375B41B0C29E7446D217F79A909BB4B -TWOFISH dec 16 a +TWOFISH enc 16 6375B41B0C29E7446D217F79A909BB4B +TWOFISH dec 16 a -SERPENT enc 16 0F65C1891EA2BCCA60A1AA228A84B233 -SERPENT dec 16 a +SERPENT enc 16 0F65C1891EA2BCCA60A1AA228A84B233 +SERPENT dec 16 a -CAST128 enc 8 FA80BC104398019E -CAST128 dec 8 a +CAST128 enc 8 FA80BC104398019E +CAST128 dec 8 a -ChaCha enc 1 E2 -ChaCha dec 1 a +ChaCha enc 1 E2 +ChaCha dec 1 a Salsa20 128 enc 1 27 Salsa20 128 dec 1 a @@ -1027,30 +1001,30 @@ BASE64 dec 16 testtesttesttest BASE64 enc-url 24 dGVzdHRlc3R0ZXN0dGVzdCsm BASE64 dec-url 18 testtesttesttest+& -d 1 -G 1 -Vz 2 -d 1 +d 1 +G 1 +Vz 2 +d 1 HRlc3 5 -R0 2 -Z 1 -X 1 -N0 2 +R0 2 +Z 1 +X 1 +N0 2 dGVzd 5 -A== 3 +A== 3 - 0 -t 1 -e 1 -s 1 - 0 + 0 +t 1 +e 1 +s 1 + 0 ttes 4 -t 1 -t 1 - 0 -e 1 -s 1 -t 1 +t 1 +t 1 + 0 +e 1 +s 1 +t 1 test 4 true @@ -1068,23 +1042,23 @@ BASE16 dec 16 testtesttesttest 74 74657374 - 0 -t 1 - 0 -e 1 - 0 -s 1 - 0 -t 1 + 0 +t 1 + 0 +e 1 + 0 +s 1 + 0 +t 1 test 4 - 0 -t 1 - 0 -e 1 - 0 -s 1 - 0 -t 1 + 0 +t 1 + 0 +e 1 + 0 +s 1 + 0 +t 1 test 4 true @@ -1099,55 +1073,17 @@ true 1028764519 765133839 DC1424283A03BA0C01E9 -table: 0x000d4f18 584484306|437203720|985724606|714176836|864733948|650443754|198142580|632065637|974210952|193718333 -2831313a707269766174652d6b657928393a7273612d706b63733128313a6e3531333a00b72e931e33293988ba371a3bc51d8be07878ead61928dd08f7a4f6fa5dbada2cd7e42a4278078e9cade85753df73856e049ebce7526b8ef5c23eb146e11f47d0bece456f46f3ef8ef9cd915b61ce406eb32571933f8a51bdbee60a11b7b603ce355cfdea9fbb65d650b4a4ac9c1d6280016aa64fae54fe93add285487b2f54c97f80ca80e747c06082cecaea07ec12b4ade6bbc7656c91e428c76f9d0b088e41eacdf59c70ba3c4d148cbccc911a7bc196157199ee18c3061bc7816be41208287a8e9056c371bfcbb687de21bcc5149e5080e2d1f0bd08161781598e4ebeecd48101a5b5266eff2711639d1a91ea2f8243560c14d798e2ee205249ce725cd5a133b846cfc960c3c7716d0fc47cf82b1e850777bad0b3c33a7e00f70adde47b4088021ba6b1b97ef8ede84b80d50a20e6e7f33bfc973985c1bcc42244c679300b003095c1c85f5c4aa44134e23465e54701836719857994d1ecbae4b1af5fa7aff76ff66ca546475b7da7cf08733a58b25048d875fa2b0e8d28e057524bef3118b276085cc4795d67ed3308a64b52a920a086d1426834830b7a0171d282383ecb8e70072e0406f690f359fdf32d6ae90198c87f8003ef3c67652865bfae07d83839d13c505208322c0b308eb1ea82cdc3ea9a17a8c46f18edc980007171d37137359f8b701a51dc5f05d33e77a7b9d593f789ae92395a249a80753e70995a4cf32928313a65333a0100012928313a643531323a33571a649c72316de0c310d72fa7d84c51779259ef3344bffea87d902e34f071211111c70f5d0edb5ae283973e49625c336f4a028b5719fa4736caf8d29fb1c10fb9403cafe62e7e2405397823316b5d9b58233ce1d22296cbaa2da84994f9fc1178beb1c3930237cee6d2408e80addab28af191e38a6ecf75284bb2c4d3bf2fba4c9e75025d59cdb2dbc283553515090eb45c6cc64067a34aca9abda919fcc4fcca3ccc5bcbd69ac3e7ae02a7a88486fd49854d5f2e117ae4ce45b7b7745655020472efde57432a153e7f437564c72297ed87a4cf942b7005a67b33275edb81b3a6828b02fa99089a1711312134419c80c2dd1ffa4d1f4d1e41f1edaa9fda3f99da654fccbf647e66f2b317d26315f7f8f6dd0e355784e5316232bbae40d211463d2a53e79680d8877dc8aba1e3af40ad0dabeeba6443835013f0c526879dc470b42c7eaf6b8c6d8ab7104fa540e4000c015004235eb5c908a93a4e6b4cf8121c4fae56d79b4a3693177b08d02872d0cc759d02798a45c4925a55d3fd958675262990d659561e5d6287f171cd470492229fd3e22e02af16b39735e63e8dde52aeb3f9ecdbfd4fd1c5b5a6c5e87b73aeeae028d041e94d8d3f61e4a36a4ac4c145f10d24614df14829a420601ce4c8be26bbde6c2684eb4b7a9dabb048af7713403be9c45b6e4052b11830cf7b0f05501c99b8dc5f165e7dccab5a08c1b924012928313a703235373a00c1ae955ce14e79c49043884c11ef020befc02243c674cb8aeb5e91a28d5be88a393108da9ac9d76034566611ebd4c0ccc0fed8889a521172ab3a178decabd27cfcb8e49d3f7d09d15f799bddc4e8c41d7a817b8eda60b0244a9fa36f3b1b8142e51b214b29ac6ee126ee33157b3d3b09f33ffd2bedcd77b9c7dcd0feae004609431f8ea928d29938dd96d5e09824dc4cedaf8b2c1fbcf9792f684573df2ecb18a6e11f76f204edf9014f1e78e37692ae47e102bc0e915fb272c99cb92def6a8d8d8218b6b745b93761d102a6445c68f8beb65e7595f4c2365187bbf1d1fd1b89cd0a5b981b1031f3c72ced7d1ea8bd47b2a9a285a91fcd55b842c15f80acc3ab2928313a713235373a00f21f1cca83f50f2bc05dcb1d5bf16806c77816103489152acd67058c6d2034cd2926eb4fda950023c22dc4be98b75dcfb90a5703f49c8e84508bd062adeabdb8a08f5e5f044811024fdd854cd4f1d9ca4ecb1e4f14c20520b898fbcd147125fe2e676a7292180949c359f843fbc318665dd653d150deefd14241675a7b758d40c3a5fcd321b8b8c31e40eff5e28de2c6aa1ddf7b0d15036b73e1bce829e47a618d5ff4a32426e2eb7dfb16d7bc1c15830eafe8e9b7e8cbe40ab0588fa87bacd4728548c3c5c3ff5667a41722e0f3eaff230d932dc2c173081c69e86df25975c042e872bd2a422bbe6715578fc714a85da2d7b857280ce2232d4f6279126853d92928313a613235363a6f1d17776792bbecf6cea77cecb4efb9a55bd6cc87282e358e7e7c9283027d4fff2b9066c9728e6b14db944727c2b0b146ef6d8e40ea603426e376ebe72153ea7c9a1e1dd0748d935e70c7e8dcb4a4fe3c6fd850c61bbe31b3d60dcf1c5bd5366975bd0dffe47ae01493871f05cac4fa1a61557f4438223da4d99bd4e0422bebd8645c55d3a3ae5f9f508f770011f588f4bb46de937eb8a8bb77d8907733c3346b58afd26f5a40a4200a21f33c9ba3def441b46deaf59faf228763b021183f4ae22a06bf9c3915df1df0e8d23659c5a71ed24532b44aecb878e1a403417331bf46b07087bccef7b96144f72256da7b6c8ca521260936c3782ff3ac387bfba16d2928313a623235363a26435e746eb82aa69a66f83372954b004f439e10ff8c6e68ee3f0ab46f867871b7c02bcdd9d85446526893401fb852be021b2d3735d00c01c30ce568c2dd67102767a0dd593ade5d442bd8e6147d08131db2a1de938439f53ad70a6c157ff026244539a0539032df925cc48c51dc3a1deb5474b88e943cc810356fd4efcfdafbd22f882e019544b5a9314ffac6cbef7bbfe4aaadb29a9088c9ae72012aa5ade57ec71c4d2fe8695217fdb7556ea7ed8a61a6d123266a46d68a0de661059a4dece11049388f277351bf5d423ec3d8285a1bbb087861dfda82fca28c15dc07e140fa11ec1812f6941d2a03486c3365035a90e290824d9503a3d5844726a50f11b92928313a633235363a7f035bcbd5ed883ecf9b04bc2885e03808dbc7236fab91535221818ed69e3437ad4cb31d3be024f3b24b4e6b1cbe85d0611ec0d59a67123ddb38747625a9da9a8574f7efab95e2b2147fbbc0855e7c1bca1be7d5d38948b3fef16985dcb955e6092be4589f70cbea927d01cf72e926ed06b31e38954d2874a9b5106a89002b67c5bdeb18d1f2ff5d05d89cfb5ff98308be4cdb7f0fce1a7b7fc749588d3afb060411838ab9fdaf01bec936e9cdb0cd8a20f6cab3d01c472c98dcc12266d76a720c4461b98aa276b64763e8d322f6b3e54cad2aebecf30184500479c967853dd2eeb3e1eb32eeda3f43c0f0920573e8dfb7f52bf488f43b06240d6cfd31d26e73292929 -60825a64566db004c282188996f74d5d84b9fa7ef971155b220e8ba36eb262e68299480c5eb067d873b531ed077b00c7602c8126485d0bf34a54470865a76441ac39734a0dfd0d0879a5bb1e3034f0c4afc48b1472ea50b449cb5f9aaabb26250423c4bf78300792636d5d6d503d120da9154e0398194a8284ce2643ab266326ea4d629bb738937ed1617df7ee7bf7429942409d48781e1fceb1c2608af60fed42a37caaf0f35616bb41959d151a873e5f4565be8220f8b4058dc975ae77cd221ae2f66260300401a3e8e171ad658100ad7e239a9259f952e7599a1d0cdb0cdb4a792792e9d7a7fdb99ed4ac0fc752f1bc4785218a31642a631b95e402b8b6686a4690aa6e092af88c542bd0e62353c461bbdd956fe3018b17634b10c6f7c8767985dfc2e5e9d395af516ddd710444d2b39d2d03da405cd041a75850f02292a660e541a00f47a6938295ddbad84de448bc78deb767611f991c919da007614032cfa17f1fb40d145f1d5238e33a1de784e3e474ad80325b57598ad35283f4f438bbe67844fb070243ba0dd112fa39305888a44086fd12d7649d80d3d3bfa2b4e574ec177927c7ef3e9e1ec69662be16ca7922e5cb15d2484daad1cf12fde129281219d919b53aaabd8ff9d47852f7b6bfd76e8504eeb07a0fa4ca7b2561cadecbd6df3cd709dbe6bccbd2c74b21ef071093340e28e237e8f21e1ba78192ec8933 +411CFFB5C68DC3BA80CE5A72E127A5E06B1AEB7820BCEE14C738708DC048F8889CD3A86E16379F6E56DACF941C0841CA2C7B948D336CD5E529587383B2C03438C60B4BBE3BB2D3CF7CCB25BC9260FEA7C6117CC9E0D289DA0D85614CFBAEB33590AD43CF8C65802B794F160E04AFB98B883887E7A290AB3E2EFEF46D5D6D760E78904CAF3BBCE8ADC3C3B400012D06AB40032B2BB4689DF84A1AB0AB8CF72B89BDC8F1A572270B8A8A4C5C61DA01FADC1F5D9DCF70BD6E1C3A79990467295D32DF4182C8EC81A4C2050DFAB419102393886920D40FD5DE5AA6CC4E435F70A9341B849266B092E3C3C33623C34262C907A9FB92A1A480B87E6E375E9DE96D104CFF6A97800BD8B9F2C454FC99D9FF400865EFC8CE882F50BA9488DB47A071311EB0B1CC3F6D477A39098F2714F92229B4497AE78DC6477BBF1705071C58B459F907C3D7D82727A7FA87C3ECEA1EACE01B92341FC93499AC00C1473721E4EED81B39C7635BC810C516BDD0F184B19AE8C92BE4E025419E01DA5A2CA712375EA0BA9C3D9E35BC57AB24FA695B8685E5BE570BC8148CAF5BF0C3AFA74F588080E60DFDE821B1271FE7F111831DE64E39F12FF309298E57819D1B284A29349707DB5D7BD9604FA433FBF0B718CC9B15B02AB9AA34C53ECBBE759018AC9D3251EEEA8CE6CCAC56AA1402FB078A7A3E802554BEDACF8F7976CFC68EAC8DA06FD6FA4CE1 fish -md2 84 16 cdata: 0x0008f87c cdata: 0x0008f89f cdata: 0x0008f9dd -md4 96 64 cdata: 0x0008fa7b cdata: 0x0008fa9a cdata: 0x0008fbd6 -md5 96 64 cdata: 0x0009025a cdata: 0x00090279 cdata: 0x00090352 -ripemd160 104 64 cdata: 0x00091503 cdata: 0x0009152b cdata: 0x00091604 -sha1 104 64 cdata: 0x00093512 cdata: 0x0009353a cdata: 0x00093613 -sha224 112 64 cdata: 0x00094c4d cdata: 0x000949f3 cdata: 0x00094c77 -sha256 112 64 cdata: 0x000949c9 cdata: 0x000949f3 cdata: 0x00094ae4 -sha384 216 128 cdata: 0x00095f3f cdata: 0x00095b51 cdata: 0x00095f81 -sha512 216 128 cdata: 0x00095b0f cdata: 0x00095b51 cdata: 0x00095c62 - -aes128 176 16 16 cdata: 0x00083e58 cdata: 0x00083e93 cdata: 0x00083a55 cdata: 0x000836a5 -aes192 208 16 24 cdata: 0x00083eb7 cdata: 0x00083ef2 cdata: 0x00083a9e cdata: 0x000836ee -aes256 240 16 32 cdata: 0x00083f16 cdata: 0x00083f51 cdata: 0x00083ae7 cdata: 0x00083737 -camellia128 192 16 16 cdata: 0x00086486 cdata: 0x00086ac4 cdata: 0x00086a60 cdata: 0x00086a60 -camellia192 256 16 24 cdata: 0x00087329 cdata: 0x000874b8 cdata: 0x00087430 cdata: 0x00087430 -camellia256 256 16 32 cdata: 0x00086ae8 cdata: 0x00087494 cdata: 0x00087430 cdata: 0x00087430 -cast128 84 8 16 cdata: 0x00088f54 cdata: 0x00088f54 cdata: 0x000874dc cdata: 0x000879c0 -serpent128 528 16 16 cdata: 0x0009839d cdata: 0x0009839d cdata: 0x000983e0 cdata: 0x000994a0 -serpent192 528 16 24 cdata: 0x000983b2 cdata: 0x000983b2 cdata: 0x000983e0 cdata: 0x000994a0 -serpent256 528 16 32 cdata: 0x000983c7 cdata: 0x000983c7 cdata: 0x000983e0 cdata: 0x000994a0 -twofish128 4256 16 16 cdata: 0x0009ac4c cdata: 0x0009ac4c cdata: 0x0009ac8b cdata: 0x0009aee9 -twofish192 4256 16 24 cdata: 0x0009ac61 cdata: 0x0009ac61 cdata: 0x0009ac8b cdata: 0x0009aee9 -twofish256 4256 16 32 cdata: 0x0009ac76 cdata: 0x0009ac76 cdata: 0x0009ac8b cdata: 0x0009aee9 -arctwo40 128 8 5 cdata: 0x00084686 cdata: 0x00084686 cdata: 0x000841ad cdata: 0x00084324 -arctwo64 128 8 8 cdata: 0x000846a0 cdata: 0x000846a0 cdata: 0x000841ad cdata: 0x00084324 -arctwo128 128 8 16 cdata: 0x000846ba cdata: 0x000846ba cdata: 0x000841ad cdata: 0x00084324 -arctwo_gutmann128 128 8 16 cdata: 0x000846d4 cdata: 0x000846d4 cdata: 0x000841ad cdata: 0x00084324 - -gcm_aes128 4336 16 16 12 cdata: 0x0008d6b3 cdata: 0x0008d6b3 cdata: 0x0008d7c3 cdata: 0x0008d705 cdata: 0x0008d728 cdata: 0x0008d760 cdata: 0x0008d798 -gcm_aes192 4368 16 24 12 cdata: 0x0008d7d8 cdata: 0x0008d7d8 cdata: 0x0008d8e8 cdata: 0x0008d82a cdata: 0x0008d84d cdata: 0x0008d885 cdata: 0x0008d8bd -gcm_aes256 4400 16 32 12 cdata: 0x0008d8fd cdata: 0x0008d8fd cdata: 0x0008da0d cdata: 0x0008d94f cdata: 0x0008d972 cdata: 0x0008d9aa cdata: 0x0008d9e2 -gcm_camellia128 4352 16 16 12 cdata: 0x0008da22 cdata: 0x0008da22 cdata: 0x0008db32 cdata: 0x0008da74 cdata: 0x0008da97 cdata: 0x0008dacf cdata: 0x0008db07 -gcm_camellia256 4416 16 32 12 cdata: 0x0008db47 cdata: 0x0008db47 cdata: 0x0008dc57 cdata: 0x0008db99 cdata: 0x0008dbbc cdata: 0x0008dbf4 cdata: 0x0008dc2c -eax_aes128 272 16 16 16 cdata: 0x0008ce11 cdata: 0x0008ce11 cdata: 0x0008cf10 cdata: 0x0008ce62 cdata: 0x0008ce87 cdata: 0x0008ceb9 cdata: 0x0008ceeb -chacha_poly1305 176 64 32 12 cdata: 0x0008a065 cdata: 0x0008a065 cdata: 0x0008a06f cdata: 0x0008a0ce cdata: 0x0008a214 cdata: 0x0008a2df cdata: 0x0008a35a - -EdDSA25519 SHA-512 private key 32 testtesttesttesttesttesttesttest -EdDSA25519 SHA-512 public key 32 06B77FC89D2B9785433DD37A9B98A3C8FA37F03DB2B2CC0E79BE76F87B223D21 -EdDSA25519 SHA-512 message 5 hello -EdDSA25519 SHA-512 signature 64 0E202379D19190BC1A933D3DD1753FF0B833393BEED1DC12469309F2A07094348E340C302069CDB7C7C54C21CCDA8891F21FA4588D63803C9538F2A513DA6E04 +EdDSA25519 SHA-512 private key 32 testtesttesttesttesttesttesttest +EdDSA25519 SHA-512 public key 32 06B77FC89D2B9785433DD37A9B98A3C8FA37F03DB2B2CC0E79BE76F87B223D21 +EdDSA25519 SHA-512 message 5 hello +EdDSA25519 SHA-512 signature 64 0E202379D19190BC1A933D3DD1753FF0B833393BEED1DC12469309F2A07094348E340C302069CDB7C7C54C21CCDA8891F21FA4588D63803C9538F2A513DA6E04 EdDSA25519 SHA-512 verify (true) true -EdDSA25519 SHA-512 verify (false) false +EdDSA25519 SHA-512 verify (false) nil ``` ## Installation @@ -1170,18 +1106,6 @@ LuaRocks repository for `lua-resty-nettle` is located at https://luarocks.org/mo ## Hash Functions -#### SHA-1 - -```lua -local hash = require "resty.nettle.sha1" -local dgst = hash "test" --- or -local sha1 = hash.new() -sha1:update "te" -sha1:update "st" -local dgst = sha1:digest() -``` - #### SHA-224 ```lua @@ -1370,6 +1294,18 @@ ripe:update "st" local dgst = ripe:digest() ``` +#### SHA-1 + +```lua +local hash = require "resty.nettle.sha1" +local dgst = hash "test" +-- or +local sha1 = hash.new() +sha1:update "te" +sha1:update "st" +local dgst = sha1:digest() +``` + #### GOSTHASH94 ```lua @@ -1390,10 +1326,12 @@ local dgst = gh94:digest() #### HMAC-SHA256 #### HMAC-SHA512 #### UMAC +#### CMAC #### Poly1305 ## Key Derivation Functions +#### HKDF #### PBKDF2-HMAC-SHA1 #### PBKDF2-HMAC-SHA256 @@ -1416,6 +1354,8 @@ local dgst = gh94:digest() #### Cipher Block Chaining (CBC) #### Counter Mode (CTR) +#### Cipher Feedback Mode (CFB) +#### XEX-based tweaked-codebook Mode with Ciphertext Stealing (XTS) ## Authenticated Encryption with Associated Data @@ -1426,8 +1366,11 @@ local dgst = gh94:digest() ## Asymmentric Encryption (aka Public Key Encryption) -#### RSA (only preliminary support for now) -#### DSA (not implemented yet) +#### RSA +#### RSA PSS +#### DSA +#### ECDSA +#### EdDSA ## Randomness @@ -1448,7 +1391,7 @@ The changes of every release of this module is recorded in [Changes.md](https:// `lua-resty-nettle` uses two clause BSD license. ``` -Copyright (c) 2014 – 2017, Aapo Talvensaari +Copyright (c) 2014 – 2019, Aapo Talvensaari All rights reserved. Redistribution and use in source and binary forms, with or without modification, diff --git a/lib/resty/nettle.lua b/lib/resty/nettle.lua index 297e641..7737a3c 100644 --- a/lib/resty/nettle.lua +++ b/lib/resty/nettle.lua @@ -1,59 +1,48 @@ -local require = require -local nettle, padding = { _VERSION = "0.105" }, {} -nettle.aead = require "resty.nettle.aead" -nettle.aes = require "resty.nettle.aes" -nettle.arcfour = require "resty.nettle.arcfour" -nettle.asn1 = require "resty.nettle.asn1" -nettle.base16 = require "resty.nettle.base16" -nettle.base64 = require "resty.nettle.base64" -nettle.blowfish = require "resty.nettle.blowfish" -nettle.buffer = require "resty.nettle.buffer" -nettle.camellia = require "resty.nettle.camellia" -nettle.cast128 = require "resty.nettle.cast128" -nettle.chacha = require "resty.nettle.chacha" -nettle.chacha_poly1305 = require "resty.nettle.chacha-poly1305" -nettle["chacha-poly1305"] = nettle.chacha_poly1305 -nettle.cipher = require "resty.nettle.cipher" -nettle.curve25519 = require "resty.nettle.curve25519" -nettle.des = require "resty.nettle.des" -nettle.dsa = require "resty.nettle.dsa" -nettle.ecc = require "resty.nettle.ecc" -nettle.ecdsa = require "resty.nettle.ecdsa" -nettle.ed25519_sha512 = require "resty.nettle.ed25519-sha512" -nettle["ed25519-sha512"] = nettle.ed25519_sha512 -nettle.gmp = require "resty.nettle.gmp" -nettle.gosthash94 = require "resty.nettle.gosthash94" -nettle.hash = require "resty.nettle.hash" -nettle.hmac = require "resty.nettle.hmac" -nettle.hogweed = require "resty.nettle.hogweed" -nettle.knuth_lfib = require "resty.nettle.knuth-lfib" -nettle["knuth-lfib"] = nettle.knuth_lfib -nettle.library = require "resty.nettle.library" -nettle.md2 = require "resty.nettle.md2" -nettle.md4 = require "resty.nettle.md4" -nettle.md5 = require "resty.nettle.md5" -nettle.mpz = require "resty.nettle.mpz" -nettle.pbkdf2 = require "resty.nettle.pbkdf2" -nettle.poly1305 = require "resty.nettle.poly1305" -nettle.ripemd160 = require "resty.nettle.ripemd160" -nettle.rsa = require "resty.nettle.rsa" -nettle.salsa20 = require "resty.nettle.salsa20" -nettle.serpent = require "resty.nettle.serpent" -nettle.sha1 = require "resty.nettle.sha1" -nettle.sha2 = require "resty.nettle.sha2" -nettle.sha3 = require "resty.nettle.sha3" -nettle.twofish = require "resty.nettle.twofish" -nettle.umac = require "resty.nettle.umac" -nettle.version = require "resty.nettle.version" -nettle.yarrow = require "resty.nettle.yarrow" -padding.ansix923 = require "resty.nettle.padding.ansix923" -padding.base64 = require "resty.nettle.padding.base64" -padding.iso7816_4 = require "resty.nettle.padding.iso7816-4" -padding["iso7816-4"] = padding.iso7816_4 -padding.iso10126 = require "resty.nettle.padding.iso10126" -padding.nopadding = require "resty.nettle.padding.nopadding" -padding.pkcs7 = require "resty.nettle.padding.pkcs7" -padding.spacepadding = require "resty.nettle.padding.spacepadding" -padding.zeropadding = require "resty.nettle.padding.zeropadding" -nettle.padding = padding -return nettle +return { + _VERSION = "1.0", + aes = require "resty.nettle.aes", + arcfour = require "resty.nettle.arcfour", + base16 = require "resty.nettle.base16", + base64 = require "resty.nettle.base64", + blowfish = require "resty.nettle.blowfish", + camellia = require "resty.nettle.camellia", + cast128 = require "resty.nettle.cast128", + chacha = require "resty.nettle.chacha", + chacha_poly1305 = require "resty.nettle.chacha-poly1305", + ["chacha-poly1305"] = require "resty.nettle.chacha-poly1305", + cmac = require "resty.nettle.cmac", + curve25519 = require "resty.nettle.curve25519", + des = require "resty.nettle.des", + dsa = require "resty.nettle.dsa", + ecc = require "resty.nettle.ecc", + ecdsa = require "resty.nettle.ecdsa", + ed25519_sha512 = require "resty.nettle.ed25519-sha512", + ["ed25519-sha512"] = require "resty.nettle.ed25519-sha512", + gmp = require "resty.nettle.gmp", + gosthash94 = require "resty.nettle.gosthash94", + hmac = require "resty.nettle.hmac", + hogweed = require "resty.nettle.hogweed", + knuth_lfib = require "resty.nettle.knuth-lfib", + ["knuth-lfib"] = require "resty.nettle.knuth-lfib", + library = require "resty.nettle.library", + md2 = require "resty.nettle.md2", + md4 = require "resty.nettle.md4", + md5 = require "resty.nettle.md5", + mpz = require "resty.nettle.mpz", + padding = require "resty.nettle.padding", + pbkdf2 = require "resty.nettle.pbkdf2", + poly1305 = require "resty.nettle.poly1305", + random = require "resty.nettle.random", + rc4 = require "resty.nettle.rc4", + ripemd160 = require "resty.nettle.ripemd160", + rsa = require "resty.nettle.rsa", + salsa20 = require "resty.nettle.salsa20", + serpent = require "resty.nettle.serpent", + sha1 = require "resty.nettle.sha1", + sha2 = require "resty.nettle.sha2", + sha3 = require "resty.nettle.sha3", + twofish = require "resty.nettle.twofish", + umac = require "resty.nettle.umac", + version = require "resty.nettle.version", + yarrow = require "resty.nettle.yarrow", +} diff --git a/lib/resty/nettle/aead.lua b/lib/resty/nettle/aead.lua deleted file mode 100644 index b6da828..0000000 --- a/lib/resty/nettle/aead.lua +++ /dev/null @@ -1,31 +0,0 @@ -require "resty.nettle.types.aead" -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_str = ffi.string -local tonumber = tonumber -local aeads = {} -do - local i, as = 0, lib.nettle_aeads - while as[i] ~= nil do - local aead = { - name = ffi_str(as[i].name), - context_size = tonumber(as[i].context_size), - block_size = tonumber(as[i].block_size), - key_size = tonumber(as[i].key_size), - nonce_size = tonumber(as[i].nonce_size), - set_encrypt_key = as[i].set_encrypt_key, - set_decrypt_key = as[i].set_decrypt_key, - set_nonce = as[i].set_nonce, - update = as[i].update, - encrypt = as[i].encrypt, - decrypt = as[i].decrypt, - digest = as[i].digest - } - aeads[i+1] = aead - aeads[aead.name] = aead - i=i+1 - end -end -return { - aeads = aeads -} diff --git a/lib/resty/nettle/aes.lua b/lib/resty/nettle/aes.lua index 296c1bb..a0fdcf4 100644 --- a/lib/resty/nettle/aes.lua +++ b/lib/resty/nettle/aes.lua @@ -1,393 +1,418 @@ -require "resty.nettle.types.aes" +require "resty.nettle.types.cbc" +require "resty.nettle.types.cfb" +require "resty.nettle.types.ctr" -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_copy = ffi.copy -local ffi_str = ffi.string -local ceil = math.ceil -local huge = math.huge -local type = type +local aes_context = require "resty.nettle.types.aes" +local eax_context = require "resty.nettle.types.eax" +local gcm_context = require "resty.nettle.types.gcm" +local ccm_context = require "resty.nettle.types.ccm" +local types = require "resty.nettle.types.common" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_copy = ffi.copy +local ffi_str = ffi.string +local lower = string.lower +local ceil = math.ceil +local huge = math.huge +local type = type local setmetatable = setmetatable -ffi_cdef[[ -void nettle_aes128_set_encrypt_key(struct aes128_ctx *ctx, const uint8_t *key); -void nettle_aes128_set_decrypt_key(struct aes128_ctx *ctx, const uint8_t *key); -void nettle_aes128_invert_key(struct aes128_ctx *dst, const struct aes128_ctx *src); -void nettle_aes128_encrypt(const struct aes128_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_aes128_decrypt(const struct aes128_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_aes192_set_encrypt_key(struct aes192_ctx *ctx, const uint8_t *key); -void nettle_aes192_set_decrypt_key(struct aes192_ctx *ctx, const uint8_t *key); -void nettle_aes192_invert_key(struct aes192_ctx *dst, const struct aes192_ctx *src); -void nettle_aes192_encrypt(const struct aes192_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_aes192_decrypt(const struct aes192_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_aes256_set_encrypt_key(struct aes256_ctx *ctx, const uint8_t *key); -void nettle_aes256_set_decrypt_key(struct aes256_ctx *ctx, const uint8_t *key); -void nettle_aes256_invert_key(struct aes256_ctx *dst, const struct aes256_ctx *src); -void nettle_aes256_encrypt(const struct aes256_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_aes256_decrypt(const struct aes256_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_eax_aes128_set_key(struct eax_aes128_ctx *ctx, const uint8_t *key); -void nettle_eax_aes128_set_nonce(struct eax_aes128_ctx *ctx, size_t length, const uint8_t *iv); -void nettle_eax_aes128_update(struct eax_aes128_ctx *ctx, size_t length, const uint8_t *data); -void nettle_eax_aes128_encrypt(struct eax_aes128_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_eax_aes128_decrypt(struct eax_aes128_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_eax_aes128_digest (struct eax_aes128_ctx *ctx, size_t length, uint8_t *digest); -void nettle_gcm_aes128_set_key(struct gcm_aes128_ctx *ctx, const uint8_t *key); -void nettle_gcm_aes128_update (struct gcm_aes128_ctx *ctx, size_t length, const uint8_t *data); -void nettle_gcm_aes128_set_iv (struct gcm_aes128_ctx *ctx, size_t length, const uint8_t *iv); -void nettle_gcm_aes128_encrypt(struct gcm_aes128_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_gcm_aes128_decrypt(struct gcm_aes128_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_gcm_aes128_digest (struct gcm_aes128_ctx *ctx, size_t length, uint8_t *digest); -void nettle_gcm_aes192_set_key(struct gcm_aes192_ctx *ctx, const uint8_t *key); -void nettle_gcm_aes192_update (struct gcm_aes192_ctx *ctx, size_t length, const uint8_t *data); -void nettle_gcm_aes192_set_iv (struct gcm_aes192_ctx *ctx, size_t length, const uint8_t *iv); -void nettle_gcm_aes192_encrypt(struct gcm_aes192_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_gcm_aes192_decrypt(struct gcm_aes192_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_gcm_aes192_digest (struct gcm_aes192_ctx *ctx, size_t length, uint8_t *digest); -void nettle_gcm_aes256_set_key(struct gcm_aes256_ctx *ctx, const uint8_t *key); -void nettle_gcm_aes256_update (struct gcm_aes256_ctx *ctx, size_t length, const uint8_t *data); -void nettle_gcm_aes256_set_iv (struct gcm_aes256_ctx *ctx, size_t length, const uint8_t *iv); -void nettle_gcm_aes256_encrypt(struct gcm_aes256_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_gcm_aes256_decrypt(struct gcm_aes256_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_gcm_aes256_digest (struct gcm_aes256_ctx *ctx, size_t length, uint8_t *digest); -void nettle_ccm_aes128_set_key(struct ccm_aes128_ctx *ctx, const uint8_t *key); -void nettle_ccm_aes128_set_nonce(struct ccm_aes128_ctx *ctx, size_t length, const uint8_t *nonce, size_t authlen, size_t msglen, size_t taglen); -void nettle_ccm_aes128_update (struct ccm_aes128_ctx *ctx, size_t length, const uint8_t *data); -void nettle_ccm_aes128_encrypt(struct ccm_aes128_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_ccm_aes128_decrypt(struct ccm_aes128_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_ccm_aes128_digest(struct ccm_aes128_ctx *ctx, size_t length, uint8_t *digest); -void nettle_ccm_aes192_set_key(struct ccm_aes192_ctx *ctx, const uint8_t *key); -void nettle_ccm_aes192_set_nonce(struct ccm_aes192_ctx *ctx, size_t length, const uint8_t *nonce, size_t authlen, size_t msglen, size_t taglen); -void nettle_ccm_aes192_update(struct ccm_aes192_ctx *ctx, size_t length, const uint8_t *data); -void nettle_ccm_aes192_encrypt(struct ccm_aes192_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_ccm_aes192_decrypt(struct ccm_aes192_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_ccm_aes192_digest(struct ccm_aes192_ctx *ctx, size_t length, uint8_t *digest); -void nettle_ccm_aes256_set_key(struct ccm_aes256_ctx *ctx, const uint8_t *key); -void nettle_ccm_aes256_set_nonce(struct ccm_aes256_ctx *ctx, size_t length, const uint8_t *nonce, size_t authlen, size_t msglen, size_t taglen); -void nettle_ccm_aes256_update(struct ccm_aes256_ctx *ctx, size_t length, const uint8_t *data); -void nettle_ccm_aes256_encrypt(struct ccm_aes256_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_ccm_aes256_decrypt(struct ccm_aes256_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_ccm_aes256_digest(struct ccm_aes256_ctx *ctx, size_t length, uint8_t *digest); -]] - -local uint8t = ffi_typeof "uint8_t[?]" - local ciphers = { - ecb = { - [128] = { - setkey = lib.nettle_aes128_set_encrypt_key, - invert = lib.nettle_aes128_invert_key, - encrypt = lib.nettle_aes128_encrypt, - decrypt = lib.nettle_aes128_decrypt, - context = ffi_typeof "NETTLE_AES128_CTX[1]" - }, - [192] = { - setkey = lib.nettle_aes192_set_encrypt_key, - invert = lib.nettle_aes192_invert_key, - encrypt = lib.nettle_aes192_encrypt, - decrypt = lib.nettle_aes192_decrypt, - context = ffi_typeof "NETTLE_AES192_CTX[1]" - }, - [256] = { - setkey = lib.nettle_aes256_set_encrypt_key, - invert = lib.nettle_aes256_invert_key, - encrypt = lib.nettle_aes256_encrypt, - decrypt = lib.nettle_aes256_decrypt, - context = ffi_typeof "NETTLE_AES256_CTX[1]" - } + ecb = { + [128] = { + setkey = lib.nettle_aes128_set_encrypt_key, + invert = lib.nettle_aes128_invert_key, + encrypt = lib.nettle_aes128_encrypt, + decrypt = lib.nettle_aes128_decrypt, + context = aes_context.aes128, }, - cbc = { - iv_size = 16, - [128] = { - setkey = lib.nettle_aes128_set_encrypt_key, - invert = lib.nettle_aes128_invert_key, - encrypt = lib.nettle_cbc_encrypt, - decrypt = lib.nettle_cbc_decrypt, - cipher = { - encrypt = lib.nettle_aes128_encrypt, - decrypt = lib.nettle_aes128_decrypt - }, - context = ffi_typeof "NETTLE_AES128_CTX[1]" - }, - [192] = { - setkey = lib.nettle_aes192_set_encrypt_key, - invert = lib.nettle_aes192_invert_key, - encrypt = lib.nettle_cbc_encrypt, - decrypt = lib.nettle_cbc_decrypt, - cipher = { - encrypt = lib.nettle_aes192_encrypt, - decrypt = lib.nettle_aes192_decrypt - }, - context = ffi_typeof "NETTLE_AES192_CTX[1]" - }, - [256] = { - setkey = lib.nettle_aes256_set_encrypt_key, - invert = lib.nettle_aes256_invert_key, - encrypt = lib.nettle_cbc_encrypt, - decrypt = lib.nettle_cbc_decrypt, - cipher = { - encrypt = lib.nettle_aes256_encrypt, - decrypt = lib.nettle_aes256_decrypt - }, - context = ffi_typeof "NETTLE_AES256_CTX[1]" - } + [192] = { + setkey = lib.nettle_aes192_set_encrypt_key, + invert = lib.nettle_aes192_invert_key, + encrypt = lib.nettle_aes192_encrypt, + decrypt = lib.nettle_aes192_decrypt, + context = aes_context.aes192, }, - ctr = { - iv_size = 16, - [128] = { - setkey = lib.nettle_aes128_set_encrypt_key, - encrypt = lib.nettle_ctr_crypt, - decrypt = lib.nettle_ctr_crypt, - cipher = { - encrypt = lib.nettle_aes128_encrypt, - decrypt = lib.nettle_aes128_encrypt - }, - context = ffi_typeof "NETTLE_AES128_CTX[1]" - }, - [192] = { - setkey = lib.nettle_aes192_set_encrypt_key, - encrypt = lib.nettle_ctr_crypt, - decrypt = lib.nettle_ctr_crypt, - cipher = { - encrypt = lib.nettle_aes192_encrypt, - decrypt = lib.nettle_aes192_encrypt - }, - context = ffi_typeof "NETTLE_AES192_CTX[1]" - }, - [256] = { - setkey = lib.nettle_aes256_set_encrypt_key, - encrypt = lib.nettle_ctr_crypt, - decrypt = lib.nettle_ctr_crypt, - cipher = { - encrypt = lib.nettle_aes256_encrypt, - decrypt = lib.nettle_aes256_encrypt - }, - context = ffi_typeof "NETTLE_AES256_CTX[1]" - } + [256] = { + setkey = lib.nettle_aes256_set_encrypt_key, + invert = lib.nettle_aes256_invert_key, + encrypt = lib.nettle_aes256_encrypt, + decrypt = lib.nettle_aes256_decrypt, + context = aes_context.aes256, }, - eax = { - iv_size = huge, - [128] = { - setkey = lib.nettle_eax_aes128_set_key, - setiv = lib.nettle_eax_aes128_set_nonce, - update = lib.nettle_eax_aes128_update, - encrypt = lib.nettle_eax_aes128_encrypt, - decrypt = lib.nettle_eax_aes128_decrypt, - digest = lib.nettle_eax_aes128_digest, - context = ffi_typeof "NETTLE_EAX_AES128_CTX[1]" - } + }, + cbc = { + iv_size = 16, + [128] = { + setkey = lib.nettle_aes128_set_encrypt_key, + invert = lib.nettle_aes128_invert_key, + encrypt = lib.nettle_cbc_encrypt, + decrypt = lib.nettle_cbc_decrypt, + cipher = { + encrypt = lib.nettle_aes128_encrypt, + decrypt = lib.nettle_aes128_decrypt + }, + context = aes_context.aes128, }, - gcm = { - iv_size = 12, - [128] = { - setkey = lib.nettle_gcm_aes128_set_key, - setiv = lib.nettle_gcm_aes128_set_iv, - update = lib.nettle_gcm_aes128_update, - encrypt = lib.nettle_gcm_aes128_encrypt, - decrypt = lib.nettle_gcm_aes128_decrypt, - digest = lib.nettle_gcm_aes128_digest, - context = ffi_typeof "NETTLE_GCM_AES128_CTX[1]" - }, - [192] = { - setkey = lib.nettle_gcm_aes192_set_key, - setiv = lib.nettle_gcm_aes192_set_iv, - update = lib.nettle_gcm_aes192_update, - encrypt = lib.nettle_gcm_aes192_encrypt, - decrypt = lib.nettle_gcm_aes192_decrypt, - digest = lib.nettle_gcm_aes192_digest, - context = ffi_typeof "NETTLE_GCM_AES192_CTX[1]" - }, - [256] = { - setkey = lib.nettle_gcm_aes256_set_key, - setiv = lib.nettle_gcm_aes256_set_iv, - update = lib.nettle_gcm_aes256_update, - encrypt = lib.nettle_gcm_aes256_encrypt, - decrypt = lib.nettle_gcm_aes256_decrypt, - digest = lib.nettle_gcm_aes256_digest, - context = ffi_typeof "NETTLE_GCM_AES256_CTX[1]" - } + [192] = { + setkey = lib.nettle_aes192_set_encrypt_key, + invert = lib.nettle_aes192_invert_key, + encrypt = lib.nettle_cbc_encrypt, + decrypt = lib.nettle_cbc_decrypt, + cipher = { + encrypt = lib.nettle_aes192_encrypt, + decrypt = lib.nettle_aes192_decrypt + }, + context = aes_context.aes192, + }, + [256] = { + setkey = lib.nettle_aes256_set_encrypt_key, + invert = lib.nettle_aes256_invert_key, + encrypt = lib.nettle_cbc_encrypt, + decrypt = lib.nettle_cbc_decrypt, + cipher = { + encrypt = lib.nettle_aes256_encrypt, + decrypt = lib.nettle_aes256_decrypt + }, + context = aes_context.aes256, + }, + }, + cfb = { + iv_size = 16, + [128] = { + setkey = lib.nettle_aes128_set_encrypt_key, + encrypt = lib.nettle_cfb_encrypt, + decrypt = lib.nettle_cfb_decrypt, + cipher = { + encrypt = lib.nettle_aes128_encrypt, + decrypt = lib.nettle_aes128_encrypt + }, + context = aes_context.aes128, + }, + [192] = { + setkey = lib.nettle_aes192_set_encrypt_key, + encrypt = lib.nettle_cfb_encrypt, + decrypt = lib.nettle_cfb_decrypt, + cipher = { + encrypt = lib.nettle_aes192_encrypt, + decrypt = lib.nettle_aes192_encrypt + }, + context = aes_context.aes192, + }, + [256] = { + setkey = lib.nettle_aes256_set_encrypt_key, + encrypt = lib.nettle_cfb_encrypt, + decrypt = lib.nettle_cfb_decrypt, + cipher = { + encrypt = lib.nettle_aes256_encrypt, + decrypt = lib.nettle_aes256_encrypt + }, + context = aes_context.aes256, + }, + }, + ctr = { + iv_size = 16, + [128] = { + setkey = lib.nettle_aes128_set_encrypt_key, + encrypt = lib.nettle_ctr_crypt, + decrypt = lib.nettle_ctr_crypt, + cipher = { + encrypt = lib.nettle_aes128_encrypt, + decrypt = lib.nettle_aes128_encrypt + }, + context = aes_context.aes128, + }, + [192] = { + setkey = lib.nettle_aes192_set_encrypt_key, + encrypt = lib.nettle_ctr_crypt, + decrypt = lib.nettle_ctr_crypt, + cipher = { + encrypt = lib.nettle_aes192_encrypt, + decrypt = lib.nettle_aes192_encrypt + }, + context = aes_context.aes192, + }, + [256] = { + setkey = lib.nettle_aes256_set_encrypt_key, + encrypt = lib.nettle_ctr_crypt, + decrypt = lib.nettle_ctr_crypt, + cipher = { + encrypt = lib.nettle_aes256_encrypt, + decrypt = lib.nettle_aes256_encrypt + }, + context = aes_context.aes256, + }, + }, + eax = { + iv_size = huge, + [128] = { + setkey = lib.nettle_eax_aes128_set_key, + setiv = lib.nettle_eax_aes128_set_nonce, + update = lib.nettle_eax_aes128_update, + encrypt = lib.nettle_eax_aes128_encrypt, + decrypt = lib.nettle_eax_aes128_decrypt, + digest = lib.nettle_eax_aes128_digest, + context = eax_context.eax_aes128, + }, + }, + gcm = { + iv_size = 12, + [128] = { + setkey = lib.nettle_gcm_aes128_set_key, + setiv = lib.nettle_gcm_aes128_set_iv, + update = lib.nettle_gcm_aes128_update, + encrypt = lib.nettle_gcm_aes128_encrypt, + decrypt = lib.nettle_gcm_aes128_decrypt, + digest = lib.nettle_gcm_aes128_digest, + context = gcm_context.gcm_aes128, + }, + [192] = { + setkey = lib.nettle_gcm_aes192_set_key, + setiv = lib.nettle_gcm_aes192_set_iv, + update = lib.nettle_gcm_aes192_update, + encrypt = lib.nettle_gcm_aes192_encrypt, + decrypt = lib.nettle_gcm_aes192_decrypt, + digest = lib.nettle_gcm_aes192_digest, + context = gcm_context.gcm_aes192, + }, + [256] = { + setkey = lib.nettle_gcm_aes256_set_key, + setiv = lib.nettle_gcm_aes256_set_iv, + update = lib.nettle_gcm_aes256_update, + encrypt = lib.nettle_gcm_aes256_encrypt, + decrypt = lib.nettle_gcm_aes256_decrypt, + digest = lib.nettle_gcm_aes256_digest, + context = gcm_context.gcm_aes256, + }, + }, + ccm = { + iv_size = { 7, 14 }, + [128] = { + setkey = lib.nettle_ccm_aes128_set_key, + setiv = lib.nettle_ccm_aes128_set_nonce, + update = lib.nettle_ccm_aes128_update, + encrypt = lib.nettle_ccm_aes128_encrypt, + decrypt = lib.nettle_ccm_aes128_decrypt, + digest = lib.nettle_ccm_aes128_digest, + context = ccm_context.ccm_aes128, }, - ccm = { - iv_size = { 7, 14 }, - [128] = { - setkey = lib.nettle_ccm_aes128_set_key, - setiv = lib.nettle_ccm_aes128_set_nonce, - update = lib.nettle_ccm_aes128_update, - encrypt = lib.nettle_ccm_aes128_encrypt, - decrypt = lib.nettle_ccm_aes128_decrypt, - digest = lib.nettle_ccm_aes128_digest, - context = ffi_typeof "NETTLE_CCM_AES128_CTX[1]" + [192] = { + setkey = lib.nettle_ccm_aes192_set_key, + setiv = lib.nettle_ccm_aes192_set_nonce, + update = lib.nettle_ccm_aes192_update, + encrypt = lib.nettle_ccm_aes192_encrypt, + decrypt = lib.nettle_ccm_aes192_decrypt, + digest = lib.nettle_ccm_aes192_digest, + context = ccm_context.ccm_aes192, + }, + [256] = { + setkey = lib.nettle_ccm_aes256_set_key, + setiv = lib.nettle_ccm_aes256_set_nonce, + update = lib.nettle_ccm_aes256_update, + encrypt = lib.nettle_ccm_aes256_encrypt, + decrypt = lib.nettle_ccm_aes256_decrypt, + digest = lib.nettle_ccm_aes256_digest, + context = ccm_context.ccm_aes256, + }, + }, +} + +do + local version = require "resty.nettle.version" + if version.major > 3 or (version.major == 3 and version.minor > 4) then + ciphers.cfb8 = { + iv_size = 16, + [128] = { + setkey = lib.nettle_aes128_set_encrypt_key, + encrypt = lib.nettle_cfb8_encrypt, + decrypt = lib.nettle_cfb8_decrypt, + cipher = { + encrypt = lib.nettle_aes128_encrypt, + decrypt = lib.nettle_aes128_encrypt + }, + context = aes_context.aes128, + }, + [192] = { + setkey = lib.nettle_aes192_set_encrypt_key, + encrypt = lib.nettle_cfb8_encrypt, + decrypt = lib.nettle_cfb8_decrypt, + cipher = { + encrypt = lib.nettle_aes192_encrypt, + decrypt = lib.nettle_aes192_encrypt }, - [192] = { - setkey = lib.nettle_ccm_aes192_set_key, - setiv = lib.nettle_ccm_aes192_set_nonce, - update = lib.nettle_ccm_aes192_update, - encrypt = lib.nettle_ccm_aes192_encrypt, - decrypt = lib.nettle_ccm_aes192_decrypt, - digest = lib.nettle_ccm_aes192_digest, - context = ffi_typeof "NETTLE_CCM_AES192_CTX[1]" + context = aes_context.aes192, + }, + [256] = { + setkey = lib.nettle_aes256_set_encrypt_key, + encrypt = lib.nettle_cfb8_encrypt, + decrypt = lib.nettle_cfb8_decrypt, + cipher = { + encrypt = lib.nettle_aes256_encrypt, + decrypt = lib.nettle_aes256_encrypt }, - [256] = { - setkey = lib.nettle_ccm_aes256_set_key, - setiv = lib.nettle_ccm_aes256_set_nonce, - update = lib.nettle_ccm_aes256_update, - encrypt = lib.nettle_ccm_aes256_encrypt, - decrypt = lib.nettle_ccm_aes256_decrypt, - digest = lib.nettle_ccm_aes256_digest, - context = ffi_typeof "NETTLE_CCM_AES256_CTX[1]" - } + context = aes_context.aes256, + }, } -} -local dgt = ffi_new(uint8t, 16) + end +end local ccm = {} ccm.__index = ccm function ccm:encrypt(src, len) - local cipher = self.cipher - local context = self.context - local iv = self.iv - local ad = self.ad or "" - local lad = #ad - local len = len or #src - cipher.setiv(context, #iv, iv, lad, len, 16) - if ad then cipher.update(context, lad, ad) end - local dst = ffi_new(uint8t, len) - cipher.encrypt(context, len, dst, src) - cipher.digest(context, 16, dgt) - return ffi_str(dst, len), ffi_str(dgt, 16) + local cipher = self.cipher + local context = self.context + local iv = self.iv + local ad = self.ad or "" + local lad = #ad + len = len or #src + cipher.setiv(context, #iv, iv, lad, len, 16) + if ad then cipher.update(context, lad, ad) end + local dst = ffi_new(types.uint8_t, len) + cipher.encrypt(context, len, dst, src) + cipher.digest(context, 16, types.uint8_t_16) + return ffi_str(dst, len), ffi_str(types.uint8_t_16, 16) end function ccm:decrypt(src, len) - local cipher = self.cipher - local context = self.context - local iv = self.iv - local ad = self.ad or "" - local lad = #ad - local len = len or #src - cipher.setiv(context, #iv, iv, lad, len, 16) - if ad then cipher.update(context, lad, ad) end - local dst = ffi_new(uint8t, len) - cipher.decrypt(context, len, dst, src) - cipher.digest(context, 16, dgt) - return ffi_str(dst, len), ffi_str(dgt, 16) + local cipher = self.cipher + local context = self.context + local iv = self.iv + local ad = self.ad or "" + local lad = #ad + len = len or #src + cipher.setiv(context, #iv, iv, lad, len, 16) + if ad then cipher.update(context, lad, ad) end + local dst = ffi_new(types.uint8_t, len) + cipher.decrypt(context, len, dst, src) + cipher.digest(context, 16, types.uint8_t_16) + return ffi_str(dst, len), ffi_str(types.uint8_t_16, 16) end local aes = {} aes.__index = aes function aes.new(key, mode, iv, ad) - local len = #key - if len ~= 16 and len ~= 24 and len ~= 32 then - return nil, "the AES supported key sizes are 128, 192, and 256 bits" - end - mode = (mode or "ecb"):lower() - local config = ciphers[mode] - if not config then - return nil, "the AES supported modes are ECB, CBC, CTR, EAX, GCM, and CCM" - end - local bits = len * 8 - local cipher = config[bits] - local context = ffi_new(cipher.context) - cipher.setkey(context, key) - local iv_size = config.iv_size - if iv_size then - iv = iv or "" - if iv_size == huge then - iv_size = #iv - else - if type(iv_size) == "table" then - if #iv < iv_size[1] or #iv > iv_size[2] then - return nil, "the AES-" .. mode:upper() .. " supported initialization vector sizes are between " .. (iv_size[1] * 8) .. " and " .. (iv_size[2] * 8) .. " bits" - end - return setmetatable({ - context = context, - cipher = cipher, - iv = iv, - ad = ad - }, ccm) - else - if #iv ~= iv_size then - return nil, "the AES-" .. mode:upper() .. " supported initialization vector size is " .. (iv_size * 8) .. " bits" - end - end + local len = #key + if len ~= 16 and len ~= 24 and len ~= 32 then + return nil, "the AES supported key sizes are 128, 192, and 256 bits" + end + + if mode then + mode = lower(mode) + else + mode = "ecb" + end + + local config = ciphers[mode] + if not config then + return nil, "the AES supported modes are ECB, CBC, CTR, EAX, GCM, CCM, and XTS" + end + local bits = len * 8 + local cipher = config[bits] + local context = ffi_new(cipher.context) + cipher.setkey(context, key) + local iv_size = config.iv_size + if iv_size then + iv = iv or "" + if iv_size == huge then + iv_size = #iv + else + if type(iv_size) == "table" then + if #iv < iv_size[1] or #iv > iv_size[2] then + return nil, "the AES-" .. mode:upper() .. " supported initialization vector sizes are between " .. + (iv_size[1] * 8) .. " and " .. (iv_size[2] * 8) .. " bits" end - if cipher.setiv then - cipher.setiv(context, iv_size, iv) - else - return setmetatable({ - context = context, - cipher = cipher, - iv = iv }, aes) + return setmetatable({ + context = context, + cipher = cipher, + iv = iv, + ad = ad + }, ccm) + else + if #iv ~= iv_size then + return nil, "the AES-" .. mode:upper() .. " supported initialization vector size is " .. + (iv_size * 8) .. " bits" end + end end - if ad and cipher.update then - cipher.update(context, #ad, ad) - end - return setmetatable({ + if cipher.setiv then + cipher.setiv(context, iv_size, iv) + else + return setmetatable({ context = context, - cipher = cipher }, aes) + cipher = cipher, + iv = iv + }, aes) + end + end + if ad and cipher.update then + cipher.update(context, #ad, ad) + end + return setmetatable({ + context = context, + cipher = cipher + }, aes) end function aes:encrypt(src, len) - local cipher = self.cipher - local context = self.context - if cipher.invert and self.inverted then - cipher.invert(context, context) - self.inverted = nil - end - len = len or #src - if self.iv then - local dln = len - if cipher.invert then dln = ceil(dln / 16) * 16 end - local dst = ffi_new(uint8t, dln) - ffi_copy(dst, src, len) - local ivl = #self.iv - local iv = ffi_new(uint8t, ivl) - ffi_copy(iv, self.iv, ivl) - cipher.encrypt(context, cipher.cipher.encrypt, 16, iv, dln, dst, dst) - return ffi_str(dst, dln) - elseif cipher.digest then - local dst = ffi_new(uint8t, len) - cipher.encrypt(context, len, dst, src) - cipher.digest(context, 16, dgt) - return ffi_str(dst, len), ffi_str(dgt, 16) - end - local dln = ceil(len / 16) * 16 - local dst = ffi_new(uint8t, dln) + local cipher = self.cipher + local context = self.context + if cipher.invert and self.inverted then + cipher.invert(context, context) + self.inverted = nil + end + len = len or #src + if self.iv then + local dln = len + if cipher.invert then dln = ceil(dln / 16) * 16 end + local dst = ffi_new(types.uint8_t, dln) ffi_copy(dst, src, len) - cipher.encrypt(context, dln, dst, dst) + local ivl = #self.iv + local iv = ffi_new(types.uint8_t, ivl) + ffi_copy(iv, self.iv, ivl) + cipher.encrypt(context, cipher.cipher.encrypt, 16, iv, dln, dst, dst) return ffi_str(dst, dln) + elseif cipher.digest then + local dst = ffi_new(types.uint8_t, len) + cipher.encrypt(context, len, dst, src) + cipher.digest(context, 16, types.uint8_t_16) + return ffi_str(dst, len), ffi_str(types.uint8_t_16, 16) + end + local dln = ceil(len / 16) * 16 + local dst = ffi_new(types.uint8_t, dln) + ffi_copy(dst, src, len) + cipher.encrypt(context, dln, dst, dst) + return ffi_str(dst, dln) end function aes:decrypt(src, len) - local cipher = self.cipher - local context = self.context - if cipher.invert and not self.inverted then - cipher.invert(context, context) - self.inverted = true - end - len = len or #src - if self.iv then - local dln = cipher.invert and ceil(len / 16) * 16 or len - local dst = ffi_new(uint8t, dln) - local ivl = #self.iv - local iv = ffi_new(uint8t, ivl) - ffi_copy(iv, self.iv, ivl) - cipher.decrypt(context, cipher.cipher.decrypt, 16, iv, dln, dst, src) - return ffi_str(dst, len) - elseif cipher.digest then - local dst = ffi_new(uint8t, len) - cipher.decrypt(context, len, dst, src) - cipher.digest(context, 16, dgt) - return ffi_str(dst, len), ffi_str(dgt, 16) - end - local dln = ceil(len / 16) * 16 - local dst = ffi_new(uint8t, dln) - cipher.decrypt(context, dln, dst, src) + local cipher = self.cipher + local context = self.context + if cipher.invert and not self.inverted then + cipher.invert(context, context) + self.inverted = true + end + len = len or #src + if self.iv then + local dln = cipher.invert and ceil(len / 16) * 16 or len + local dst = ffi_new(types.uint8_t, dln) + local ivl = #self.iv + local iv = ffi_new(types.uint8_t, ivl) + ffi_copy(iv, self.iv, ivl) + cipher.decrypt(context, cipher.cipher.decrypt, 16, iv, dln, dst, src) return ffi_str(dst, len) + elseif cipher.digest then + local dst = ffi_new(types.uint8_t, len) + cipher.decrypt(context, len, dst, src) + cipher.digest(context, 16, types.uint8_t_16) + return ffi_str(dst, len), ffi_str(types.uint8_t_16, 16) + end + local dln = ceil(len / 16) * 16 + local dst = ffi_new(types.uint8_t, dln) + cipher.decrypt(context, dln, dst, src) + return ffi_str(dst, len) end return aes diff --git a/lib/resty/nettle/arcfour.lua b/lib/resty/nettle/arcfour.lua index 2cec400..2c80ad3 100644 --- a/lib/resty/nettle/arcfour.lua +++ b/lib/resty/nettle/arcfour.lua @@ -1,55 +1,44 @@ -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_copy = ffi.copy -local ffi_str = ffi.string +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.arcfour" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_copy = ffi.copy +local ffi_str = ffi.string local setmetatable = setmetatable -ffi_cdef[[ -typedef struct arcfour_ctx { - uint8_t S[256]; - uint8_t i; - uint8_t j; -} NETTLE_ARCFOUR_CTX; -void nettle_arcfour_set_key(struct arcfour_ctx *ctx, size_t length, const uint8_t *key); -void nettle_arcfour128_set_key(struct arcfour_ctx *ctx, const uint8_t *key); -void nettle_arcfour_crypt(struct arcfour_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -]] - -local uint8t = ffi_typeof "uint8_t[?]" - local arcfour = {} arcfour.__index = arcfour -local context = ffi_typeof "NETTLE_ARCFOUR_CTX[1]" -local setkey = lib.nettle_arcfour_set_key -local crypt = lib.nettle_arcfour_crypt - function arcfour.new(key) - local len = #key - if len < 1 or len > 256 then - return nil, "the ARCFOUR supported key sizes are between 1 and 256 bits" - end - local ct = ffi_new(context) - setkey(ct, len, key) - return setmetatable({ context = ct }, arcfour) + local len = #key + if len < 1 or len > 32 then + return nil, "the ARCFOUR supported key sizes are between 1 and 256 bits" + end + + local ct = ffi_new(context) + if len == 16 then + lib.nettle_arcfour128_set_key(ct, key) + else + lib.nettle_arcfour_set_key(ct, len, key) + end + + return setmetatable({ context = ct }, arcfour) end function arcfour:encrypt(src, len) - len = len or #src - local dst = ffi_new(uint8t, len) - ffi_copy(dst, src, len) - crypt(self.context, len, dst, dst) - return ffi_str(dst, len) + len = len or #src + local dst = ffi_new(types.uint8_t, len) + ffi_copy(dst, src, len) + lib.nettle_arcfour_crypt(self.context, len, dst, dst) + return ffi_str(dst, len) end function arcfour:decrypt(src, len) - len = len or #src - local dst = ffi_new(uint8t, len) - crypt(self.context, len, dst, src) - return ffi_str(dst, len) + len = len or #src + local dst = ffi_new(types.uint8_t, len) + lib.nettle_arcfour_crypt(self.context, len, dst, src) + return ffi_str(dst, len) end return arcfour diff --git a/lib/resty/nettle/asn1.lua b/lib/resty/nettle/asn1.lua deleted file mode 100644 index e531b24..0000000 --- a/lib/resty/nettle/asn1.lua +++ /dev/null @@ -1,197 +0,0 @@ --- TODO: THIS IS NOT DONE, IT IS NOT FULLY IMPLEMENTED. - -require "resty.nettle.types.asn1" - -local lib = require "resty.nettle.hogweed" -local band = require "bit".band -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_str = ffi.string -local ffi_cdef = ffi.cdef -local ffi_typeof = ffi.typeof -local tonumber = tonumber -local floor = math.floor -local fmod = math.fmod - -ffi_cdef[[ -enum asn1_iterator_result nettle_asn1_der_iterator_first(struct asn1_der_iterator *iterator, size_t length, const uint8_t *input); -enum asn1_iterator_result nettle_asn1_der_iterator_next(struct asn1_der_iterator *iterator); -enum asn1_iterator_result nettle_asn1_der_decode_constructed(struct asn1_der_iterator *i, struct asn1_der_iterator *contents); -enum asn1_iterator_result nettle_asn1_der_decode_constructed_last(struct asn1_der_iterator *i); -enum asn1_iterator_result nettle_asn1_der_decode_bitstring(struct asn1_der_iterator *i, struct asn1_der_iterator *contents); -enum asn1_iterator_result nettle_asn1_der_decode_bitstring_last(struct asn1_der_iterator *i); -int nettle_asn1_der_get_uint32(struct asn1_der_iterator *i, uint32_t *x); -]] - -local ctx = ffi_typeof "struct asn1_der_iterator" -local uint = ffi_new "uint32_t[1]" - -local decoders = { - [lib.ASN1_BOOLEAN] = function(context) - end, - [lib.ASN1_INTEGER] = function(context) - end, - [lib.ASN1_BITSTRING] = function(context) - end, - [lib.ASN1_OCTETSTRING] = function(context) - end, - [lib.ASN1_NULL] = function(context) - end, - [lib.ASN1_IDENTIFIER] = function(context) - end, - [lib.ASN1_REAL] = function(context) - end, - [lib.ASN1_ENUMERATED] = function(context) - end, - [lib.ASN1_UTF8STRING] = function(context) - end, - [lib.ASN1_SEQUENCE] = function(context) - end, - [lib.ASN1_SET] = function(context) - end, - [lib.ASN1_PRINTABLESTRING] = function(context) - end, - [lib.ASN1_TELETEXSTRING] = function(context) - end, - [lib.ASN1_IA5STRING] = function(context) - end, - [lib.ASN1_UTC] = function(context) - end, - [lib.ASN1_UNIVERSALSTRING] = function(context) - end, - [lib.ASN1_BMPSTRING] = function(context) - end, -} - - -local function integer(context) - lib.nettle_asn1_der_get_uint32(context, uint) - return tonumber(uint[0]) -end - -local function identifier(context) - local oid = {} - local ind = 0 - local pos = 0 - local lst = context.length - 1 - local str = context.data - if pos <= lst then - local oct = str[pos] - oid[2] = fmod(oct, 40) - oid[1] = floor((oct - oid[2]) / 40) - ind = 2 - pos = pos + 1 - end - while pos <= lst do - local c = 0 - local oct - repeat - oct = str[pos] - pos = pos + 1 - c = c * 128 + band(0x7F, oct) - until oct < 128 - ind = ind + 1 - oid[ind] = c - end - return oid -end - -local asn1 = {} -asn1.__index = asn1 - -local function parse(state) - local i = 1 - while i > 0 do - if state[i][2] == lib.ASN1_ITERATOR_CONSTRUCTED then - if state[i][1].pos == state[i][1].buffer_length then - state[i][2] = lib.nettle_asn1_der_decode_constructed_last(state[i][1]) - else - i = i + 1 - state[i] = { ffi_new(ctx) } - state[i][2] = lib.nettle_asn1_der_decode_constructed(state[i-1][1], state[i][1]) - end - elseif state[i][2] == lib.ASN1_ITERATOR_PRIMITIVE then - local t = state[i][1].type - if t == lib.ASN1_BOOLEAN then - print "ASN1_BOOLEAN" - elseif t == lib.ASN1_INTEGER then - print "ASN1_INTEGER" - print(" number: ", integer(state[i][1])) - elseif t == lib.ASN1_BITSTRING then - print "ASN1_BITSTRING" - - if state[i][1].pos == state[i][1].buffer_length then - --state[i][2] = lib.nettle_asn1_der_decode_bitstring_last(state[i][1]) - --state[i][1] = state[i][1] - else - local s2 = {{ ffi_new(ctx) }} - s2[1][2] = lib.nettle_asn1_der_decode_bitstring(state[i][1], s2[1][1]) - parse(s2) - end - - - elseif t == lib.ASN1_OCTETSTRING then - print "ASN1_OCTETSTRING" - print(" data: ", ffi_str(state[i][1].data, state[i][1].length)) - elseif t == lib.ASN1_NULL then - print "ASN1_NULL" - elseif t == lib.ASN1_IDENTIFIER then - print "ASN1_IDENTIFIER" - print(" data: ", table.concat(identifier(state[i][1]), ".")) - elseif t == lib.ASN1_REAL then - print "ASN1_REAL" - print(" data: ", ffi_str(state[i][1].data, state[i][1].length)) - elseif t == lib.ASN1_ENUMERATED then - print "ASN1_ENUMERATED" - print(" data: ", ffi_str(state[i][1].data, state[i][1].length)) - elseif t == lib.ASN1_UTF8STRING then - print "ASN1_UTF8STRING" - print(" data: ", ffi_str(state[i][1].data, state[i][1].length)) - elseif t == lib.ASN1_SEQUENCE then - print "ASN1_SEQUENCE" - elseif t == lib.ASN1_SET then - print "ASN1_SET" - elseif t == lib.ASN1_PRINTABLESTRING then - print "ASN1_PRINTABLESTRING" - print(" data: ", ffi_str(state[i][1].data, state[i][1].length)) - elseif t == lib.ASN1_TELETEXSTRING then - print "ASN1_TELETEXSTRING" - elseif t == lib.ASN1_IA5STRING then - print "ASN1_IA5STRING" - print(" data: ", ffi_str(state[i][1].data, state[i][1].length)) - elseif t == lib.ASN1_UTC then - print "ASN1_UTC" - print(" data: ", ffi_str(state[i][1].data, state[i][1].length)) - elseif t == lib.ASN1_UNIVERSALSTRING then - print "ASN1_UNIVERSALSTRING" - print(" data: ", ffi_str(state[i][1].data, state[i][1].length)) - elseif t == lib.ASN1_BMPSTRING then - print "ASN1_BMPSTRING" - print(" data: ", ffi_str(state[i][1].data, state[i][1].length)) - else - print "UNKNOWN" - end - state[i][2] = lib.nettle_asn1_der_iterator_next(state[i][1]) - elseif state[i][2] == lib.ASN1_ITERATOR_END then - print("ASN1_ITERATOR_END") - state[i] = nil - i = i - 1 - if i ~= 0 then - state[i][2] = lib.ASN1_ITERATOR_PRIMITIVE - end - elseif state[i][2] == lib.ASN1_ITERATOR_ERROR then - print("ASN1_ITERATOR_ERROR") - state[i] = nil - i = i - 1 - end - end - -end - -function asn1.decode(input) - local state = {{ ffi_new(ctx) }} - state[1][2] = lib.nettle_asn1_der_iterator_first(state[1][1], #input, input) - parse(state) -end - -return asn1 diff --git a/lib/resty/nettle/base16.lua b/lib/resty/nettle/base16.lua index 3c6290c..3261987 100644 --- a/lib/resty/nettle/base16.lua +++ b/lib/resty/nettle/base16.lua @@ -1,105 +1,89 @@ -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_str = ffi.string -local byte = string.byte -local tonumber = tonumber +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.base16" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_str = ffi.string +local byte = string.byte +local floor = math.floor +local tonumber = tonumber local setmetatable = setmetatable -ffi_cdef[[ -typedef struct base16_decode_ctx { - unsigned word; - unsigned bits; -} NETTLE_BASE16_DECODE_CTX; -void nettle_base16_encode_single(uint8_t *dst, uint8_t src); -void nettle_base16_encode_update(uint8_t *dst, size_t length, const uint8_t *src); -void nettle_base16_decode_init(struct base16_decode_ctx *ctx); -int nettle_base16_decode_single(struct base16_decode_ctx *ctx, uint8_t *dst, uint8_t src); -int nettle_base16_decode_update(struct base16_decode_ctx *ctx, size_t *dst_length, uint8_t *dst, size_t src_length, const uint8_t *src); -int nettle_base16_decode_final(struct base16_decode_ctx *ctx); -]] -local ctxdec = ffi_typeof "NETTLE_BASE16_DECODE_CTX[1]" - -local length = ffi_new "size_t[1]" -local uint8t = ffi_typeof "uint8_t[?]" -local buf8 = ffi_new(uint8t, 1) -local buf16 = ffi_new(uint8t, 2) - local encoder = {} encoder.__index = encoder function encoder.new() - return setmetatable({}, encoder) + return setmetatable({}, encoder) end -function encoder:single(src) - lib.nettle_base16_encode_single(buf16, (src:byte())) - return ffi_str(buf16, 2) +function encoder.single(_, src) + lib.nettle_base16_encode_single(types.char_2, (byte(src))) + return ffi_str(types.char_2, 2) end -function encoder:update(src) - local len = #src - local dln = len * 2 - local dst = ffi_new(uint8t, dln) - lib.nettle_base16_encode_update(dst, len, src) - return ffi_str(dst, dln) +function encoder.update(_, src) + local len = #src + local dln = len * 2 + local dst = ffi_new(types.char, dln) + lib.nettle_base16_encode_update(dst, len, src) + return ffi_str(dst, dln) end local decoder = {} decoder.__index = decoder function decoder.new() - local ctx = ffi_new(ctxdec) - lib.nettle_base16_decode_init(ctx) - return setmetatable({ context = ctx }, decoder) + local ctx = ffi_new(context) + lib.nettle_base16_decode_init(ctx) + return setmetatable({ context = ctx }, decoder) end function decoder:single(src) - local len = lib.nettle_base16_decode_single(self.context, buf8, byte(src)) - return ffi_str(buf8, len), len + local len = lib.nettle_base16_decode_single(self.context, types.uint8_t_1, byte(src)) + return ffi_str(types.uint8_t_1, len), len end function decoder:update(src) - local len = #src - local dst = ffi_new(uint8t, (len + 1) / 2) - if lib.nettle_base16_decode_update(self.context, length, dst, len, src) ~= 1 then - return nil, "unable to decode base16 data" - end - local len = tonumber(length[0]) - return ffi_str(dst, len), len + local len = #src + local dln = floor((len + 1) / 2) + local dst = ffi_new(types.uint8_t, dln) + if lib.nettle_base16_decode_update(self.context, types.size_t_8, dst, len, src) ~= 1 then + return nil, "unable to decode base16 data" + end + len = tonumber(types.size_t_8[0]) + return ffi_str(dst, len), len end function decoder:final() - if lib.nettle_base16_decode_final(self.context) ~= 1 then - return nil, "end of the base16 data is incorrect" - end - return true + if lib.nettle_base16_decode_final(self.context) ~= 1 then + return nil, "end of the base16 data is incorrect" + end + return true end local base16 = { encoder = encoder, decoder = decoder } function base16.encode(src) - local len = #src - local dln = len * 2 - local dst = ffi_new(uint8t, dln) - lib.nettle_base16_encode_update(dst, len, src) - return ffi_str(dst, dln) + local len = #src + local dln = len * 2 + local dst = ffi_new(types.uint8_t, dln) + lib.nettle_base16_encode_update(dst, len, src) + return ffi_str(dst, dln) end function base16.decode(src) - local ctx = ffi_new(ctxdec) - local len = #src - local dst = ffi_new(uint8t, (len + 1) / 2) - lib.nettle_base16_decode_init(ctx) - if lib.nettle_base16_decode_update(ctx, length, dst, len, src) ~= 1 then - return nil, "unable to decode base16 data" - end - if lib.nettle_base16_decode_final(ctx) ~= 1 then - return nil, "end of the base16 data is incorrect" - end - return ffi_str(dst, length[0]) + local ctx = ffi_new(context) + local len = #src + local dln = floor((len + 1) / 2) + local dst = ffi_new(types.uint8_t, dln) + lib.nettle_base16_decode_init(ctx) + if lib.nettle_base16_decode_update(ctx, types.size_t_8, dst, len, src) ~= 1 then + return nil, "unable to decode base16 data" + end + if lib.nettle_base16_decode_final(ctx) ~= 1 then + return nil, "end of the base16 data is incorrect" + end + return ffi_str(dst, types.size_t_8[0]) end return base16 diff --git a/lib/resty/nettle/base64.lua b/lib/resty/nettle/base64.lua index 5668b5d..b748cac 100644 --- a/lib/resty/nettle/base64.lua +++ b/lib/resty/nettle/base64.lua @@ -1,175 +1,134 @@ -local lib = require "resty.nettle.library" -local bit = require "bit" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_str = ffi.string -local bnot = bit.bnot -local band = bit.band -local byte = string.byte -local ceil = math.ceil -local floor = math.floor -local tonumber = tonumber +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.base64" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_str = ffi.string +local byte = string.byte +local floor = math.floor +local tonumber = tonumber local setmetatable = setmetatable -ffi_cdef[[ -void nettle_base64_encode_init (struct base64_encode_ctx *ctx); -void nettle_base64url_encode_init(struct base64_encode_ctx *ctx); -size_t nettle_base64_encode_single (struct base64_encode_ctx *ctx, char *dst, uint8_t src); -size_t nettle_base64_encode_update (struct base64_encode_ctx *ctx, char *dst, size_t length, const uint8_t *src); -size_t nettle_base64_encode_final (struct base64_encode_ctx *ctx, char *dst); -void nettle_base64_encode_raw (char *dst, size_t length, const uint8_t *src); -void nettle_base64_decode_init (struct base64_decode_ctx *ctx); -void nettle_base64url_decode_init(struct base64_decode_ctx *ctx); -int nettle_base64_decode_single (struct base64_decode_ctx *ctx, uint8_t *dst, char src); -int nettle_base64_decode_update (struct base64_decode_ctx *ctx, size_t *dst_length, uint8_t *dst, size_t src_length, const char *src); -int nettle_base64_decode_final (struct base64_decode_ctx *ctx); -]] - -local ctxenc = ffi_typeof [[ -struct base64_encode_ctx { - const char *alphabet; - unsigned short word; - unsigned char bits; -}]] - -local ctxdec = ffi_typeof [[ -struct base64_decode_ctx { - const signed char *table; - unsigned short word; - unsigned char bits; - unsigned char padding; -}]] - -local length = ffi_new "size_t[1]" -local uint8t = ffi_typeof "uint8_t[?]" -local buf8 = ffi_new(uint8t, 1) - -local chart = ffi_typeof "char[?]" -local char16 = ffi_new(chart, 2) -local char24 = ffi_new(chart, 3) - local encoder = {} encoder.__index = encoder function encoder.new(urlsafe) - local ctx = ffi_new(ctxenc) - if urlsafe then - lib.nettle_base64url_encode_init(ctx) - else - lib.nettle_base64_encode_init(ctx) - end - return setmetatable({ context = ctx }, encoder) + local ctx = ffi_new(context.encode) + if urlsafe then + lib.nettle_base64url_encode_init(ctx) + else + lib.nettle_base64_encode_init(ctx) + end + return setmetatable({ context = ctx }, encoder) end function encoder:single(src) - local len = lib.nettle_base64_encode_single(self.context, char16, byte(src)) - return ffi_str(char16, len), tonumber(len) + local len = lib.nettle_base64_encode_single(self.context, types.char_2, byte(src)) + return ffi_str(types.char_2, len), tonumber(len) end function encoder:update(src) - local len = #src - local dln = ceil(4 * len / 3) - local dst = ffi_new(chart, dln) - local len = lib.nettle_base64_encode_update(self.context, dst, len, src) - return ffi_str(dst, len), tonumber(len) + local len = #src + local dln = floor((len * 8 + 4) / 6) + local dst = ffi_new(types.char, dln) + len = lib.nettle_base64_encode_update(self.context, dst, len, src) + return ffi_str(dst, len), tonumber(len) end function encoder:final() - local len = lib.nettle_base64_encode_final(self.context, char24) - return ffi_str(char24, len), tonumber(len) + local len = lib.nettle_base64_encode_final(self.context, types.char_3) + return ffi_str(types.char_3, len), tonumber(len) end local decoder = {} decoder.__index = decoder function decoder.new(urlsafe) - local ctx = ffi_new(ctxdec) - if urlsafe then - lib.nettle_base64url_decode_init(ctx) - else - lib.nettle_base64_decode_init(ctx) - end - return setmetatable({ context = ctx }, decoder) + local ctx = ffi_new(context.decode) + if urlsafe then + lib.nettle_base64url_decode_init(ctx) + else + lib.nettle_base64_decode_init(ctx) + end + return setmetatable({ context = ctx }, decoder) end function decoder:single(src) - local len = lib.nettle_base64_decode_single(self.context, buf8, byte(src)) - return ffi_str(buf8, len), len + local len = lib.nettle_base64_decode_single(self.context, types.uint8_t_1, byte(src)) + return ffi_str(types.uint8_t_1, len), len end function decoder:update(src) - local len = #src - local dln = floor(len * 3 / 4) - local dst = ffi_new(uint8t, dln) - if lib.nettle_base64_decode_update(self.context, length, dst, len, src) ~= 1 then - return nil, "unable to decode base64 data" - end - local len = tonumber(length[0]) - return ffi_str(dst, len), len + local len = #src + local dln = floor((len + 1) * 6 / 8) + local dst = ffi_new(types.uint8_t, dln) + if lib.nettle_base64_decode_update(self.context, types.size_t_8, dst, len, src) ~= 1 then + return nil, "unable to decode base64 data" + end + len = tonumber(types.size_t_8[0]) + return ffi_str(dst, len), len end function decoder:final() - if lib.nettle_base64_decode_final(self.context) ~= 1 then - return nil, "final padding of base64 is incorrect" - end - return true + if lib.nettle_base64_decode_final(self.context) ~= 1 then + return nil, "final padding of base64 is incorrect" + end + return true end local base64 = setmetatable({ encoder = encoder, decoder = decoder }, { - __call = function(_, src) - local len = #src - local dln = ceil(4 * len / 3) - local dst = ffi_new(chart, dln) - lib.nettle_base64_encode_raw(dst, len, src) - return ffi_str(dst, dln) - end + __call = function(_, src) + local len = #src + local dln = floor((len + 2) / 3) * 4 + local dst = ffi_new(types.char, dln) + lib.nettle_base64_encode_raw(dst, len, src) + return ffi_str(dst, dln) + end }) function base64.encode(src, urlsafe) - local ctx = ffi_new(ctxenc) - if urlsafe then - lib.nettle_base64url_encode_init(ctx) - else - lib.nettle_base64_encode_init(ctx) - end - local len = #src - local dln = band((4 * len / 3) + 3, bnot(3)) - local dst = ffi_new(chart, dln) - dst = ffi_str(dst, lib.nettle_base64_encode_update(ctx, dst, len, src)) - local fnl = lib.nettle_base64_encode_final(ctx, char24) - if fnl > 0 then - return dst .. ffi_str(char24, fnl) - end - return dst + local ctx = ffi_new(context.encode) + if urlsafe then + lib.nettle_base64url_encode_init(ctx) + else + lib.nettle_base64_encode_init(ctx) + end + local len = #src + local dln = floor((len * 8 + 4) / 6) + local dst = ffi_new(types.char, dln) + dst = ffi_str(dst, lib.nettle_base64_encode_update(ctx, dst, len, src)) + local fnl = lib.nettle_base64_encode_final(ctx, types.char_3) + if fnl > 0 then + return dst .. ffi_str(types.char_3, fnl) + end + return dst end function base64.decode(src, urlsafe) - local ctx = ffi_new(ctxdec) - local len = #src - local dln = floor(len * 3 / 4) - local dst = ffi_new(uint8t, dln) - if urlsafe then - lib.nettle_base64url_decode_init(ctx) - else - lib.nettle_base64_decode_init(ctx) - end - if lib.nettle_base64_decode_update(ctx, length, dst, len, src) ~= 1 then - return nil, "unable to decode base64 data" - end - if lib.nettle_base64_decode_final(ctx) ~= 1 then - return nil, "final padding of base64 is incorrect" - end - return ffi_str(dst, length[0]) + local ctx = ffi_new(context.decode) + local len = #src + local dln = floor((len + 1) * 6 / 8) + local dst = ffi_new(types.uint8_t, dln) + if urlsafe then + lib.nettle_base64url_decode_init(ctx) + else + lib.nettle_base64_decode_init(ctx) + end + if lib.nettle_base64_decode_update(ctx, types.size_t_8, dst, len, src) ~= 1 then + return nil, "unable to decode base64 data" + end + if lib.nettle_base64_decode_final(ctx) ~= 1 then + return nil, "final padding of base64 is incorrect" + end + return ffi_str(dst, types.size_t_8[0]) end function base64.urlencode(src) - return base64.encode(src, true) + return base64.encode(src, true) end function base64.urldecode(src) - return base64.decode(src, true) + return base64.decode(src, true) end return base64 diff --git a/lib/resty/nettle/blowfish.lua b/lib/resty/nettle/blowfish.lua index a21da36..605baa1 100644 --- a/lib/resty/nettle/blowfish.lua +++ b/lib/resty/nettle/blowfish.lua @@ -1,58 +1,41 @@ -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_copy = ffi.copy -local ffi_str = ffi.string -local ceil = math.ceil +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.blowfish" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_copy = ffi.copy +local ffi_str = ffi.string +local ceil = math.ceil local setmetatable = setmetatable -ffi_cdef[[ -typedef struct blowfish_ctx { - uint32_t s[4][256]; - uint32_t p[18]; -} NETTLE_BLOWFISH_CTX; -int nettle_blowfish_set_key(struct blowfish_ctx *ctx, size_t length, const uint8_t *key); -int nettle_blowfish128_set_key(struct blowfish_ctx *ctx, const uint8_t *key); -void nettle_blowfish_encrypt(const struct blowfish_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_blowfish_decrypt(const struct blowfish_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -]] - -local uint8t = ffi_typeof "uint8_t[?]" - local blowfish = {} blowfish.__index = blowfish -local context = ffi_typeof "NETTLE_BLOWFISH_CTX[1]" -local setkey = lib.nettle_blowfish_set_key -local encrypt = lib.nettle_blowfish_encrypt -local decrypt = lib.nettle_blowfish_decrypt - function blowfish.new(key) - local len = #key - if len < 8 or len > 56 then - return nil, "the BLOWFISH supported key sizes are between 64 and 448 bits" - end - local ct = ffi_new(context) - local wk = setkey(ct, len, key) - return setmetatable({ context = ct }, blowfish), wk ~= 1 + local len = #key + if len < 8 or len > 56 then + return nil, "the BLOWFISH supported key sizes are between 64 and 448 bits" + end + local ct = ffi_new(context) + local wk = lib.nettle_blowfish_set_key(ct, len, key) + return setmetatable({ context = ct }, blowfish), wk ~= 1 end function blowfish:encrypt(src, len) - len = len or #src - local dln = ceil(len / 8) * 8 - local dst = ffi_new(uint8t, dln) - ffi_copy(dst, src, len) - encrypt(self.context, dln, dst, dst) - return ffi_str(dst, dln) + len = len or #src + local dln = ceil(len / 8) * 8 + local dst = ffi_new(types.uint8_t, dln) + ffi_copy(dst, src, len) + lib.nettle_blowfish_encrypt(self.context, dln, dst, dst) + return ffi_str(dst, dln) end function blowfish:decrypt(src, len) - len = len or #src - local dln = ceil(len / 8) * 8 - local dst = ffi_new(uint8t, dln) - decrypt(self.context, dln, dst, src) - return ffi_str(dst, len) + len = len or #src + local dln = ceil(len / 8) * 8 + local dst = ffi_new(types.uint8_t, dln) + lib.nettle_blowfish_decrypt(self.context, dln, dst, src) + return ffi_str(dst, len) end + return blowfish diff --git a/lib/resty/nettle/buffer.lua b/lib/resty/nettle/buffer.lua deleted file mode 100644 index 89319f3..0000000 --- a/lib/resty/nettle/buffer.lua +++ /dev/null @@ -1,31 +0,0 @@ -require "resty.nettle.types.buffer" - -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_gc = ffi.gc -local ffi_new = ffi.new -local ffi_cdef = ffi.cdef -local ffi_typeof = ffi.typeof - -ffi_cdef[[ -void nettle_buffer_init(struct nettle_buffer *buffer); -void nettle_buffer_init_realloc(struct nettle_buffer *buffer, void *realloc_ctx, nettle_realloc_func *realloc); -void nettle_buffer_init_size(struct nettle_buffer *buffer, size_t length, uint8_t *space); -void nettle_buffer_clear(struct nettle_buffer *buffer); -void nettle_buffer_reset(struct nettle_buffer *buffer); -int nettle_buffer_grow(struct nettle_buffer *buffer, size_t length); -int nettle_buffer_write(struct nettle_buffer *buffer, size_t length, const uint8_t *data); -uint8_t * nettle_buffer_space(struct nettle_buffer *buffer, size_t length); -int nettle_buffer_copy(struct nettle_buffer *dst, const struct nettle_buffer *src); -]] - -local buf = ffi_typeof "NETTLE_BUFFER" -local buffer = {} - -function buffer.new() - local b = ffi_gc(ffi_new(buf), lib.nettle_buffer_clear) - lib.nettle_buffer_init(b) - return b -end - -return buffer diff --git a/lib/resty/nettle/camellia.lua b/lib/resty/nettle/camellia.lua index 1b84851..678de34 100644 --- a/lib/resty/nettle/camellia.lua +++ b/lib/resty/nettle/camellia.lua @@ -1,159 +1,140 @@ -require "resty.nettle.types.camellia" - -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_copy = ffi.copy -local ffi_str = ffi.string -local ceil = math.ceil +local camellia_context = require "resty.nettle.types.camellia" +local gcm_context = require "resty.nettle.types.gcm" +local types = require "resty.nettle.types.common" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_copy = ffi.copy +local ffi_str = ffi.string +local ceil = math.ceil +local lower = string.lower local setmetatable = setmetatable -ffi_cdef[[ -void nettle_camellia128_set_encrypt_key(struct camellia128_ctx *ctx, const uint8_t *key); -void nettle_camellia128_invert_key(struct camellia128_ctx *dst, const struct camellia128_ctx *src); -void nettle_camellia128_crypt(const struct camellia128_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_camellia192_set_encrypt_key(struct camellia256_ctx *ctx, const uint8_t *key); -void nettle_camellia256_set_encrypt_key(struct camellia256_ctx *ctx, const uint8_t *key); -void nettle_camellia256_invert_key(struct camellia256_ctx *dst, const struct camellia256_ctx *src); -void nettle_camellia256_crypt(const struct camellia256_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_gcm_camellia128_set_key(struct gcm_camellia128_ctx *ctx, const uint8_t *key); -void nettle_gcm_camellia128_update (struct gcm_camellia128_ctx *ctx, size_t length, const uint8_t *data); -void nettle_gcm_camellia128_set_iv (struct gcm_camellia128_ctx *ctx, size_t length, const uint8_t *iv); -void nettle_gcm_camellia128_encrypt(struct gcm_camellia128_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_gcm_camellia128_decrypt(struct gcm_camellia128_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_gcm_camellia128_digest (struct gcm_camellia128_ctx *ctx, size_t length, uint8_t *digest); -void nettle_gcm_camellia256_set_key(struct gcm_camellia256_ctx *ctx, const uint8_t *key); -void nettle_gcm_camellia256_update (struct gcm_camellia256_ctx *ctx, size_t length, const uint8_t *data); -void nettle_gcm_camellia256_set_iv (struct gcm_camellia256_ctx *ctx, size_t length, const uint8_t *iv); -void nettle_gcm_camellia256_encrypt(struct gcm_camellia256_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_gcm_camellia256_decrypt(struct gcm_camellia256_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_gcm_camellia256_digest (struct gcm_camellia256_ctx *ctx, size_t length, uint8_t *digest); -]] - -local uint8t = ffi_typeof "uint8_t[?]" - local ciphers = { - ecb = { - [128] = { - setkey = lib.nettle_camellia128_set_encrypt_key, - invert = lib.nettle_camellia128_invert_key, - encrypt = lib.nettle_camellia128_crypt, - decrypt = lib.nettle_camellia128_crypt, - context = ffi_typeof "NETTLE_CAMELLIA128_CTX[1]" - }, - [192] = { - setkey = lib.nettle_camellia192_set_encrypt_key, - invert = lib.nettle_camellia256_invert_key, - encrypt = lib.nettle_camellia256_crypt, - decrypt = lib.nettle_camellia256_crypt, - context = ffi_typeof "NETTLE_CAMELLIA256_CTX[1]" - }, - [256] = { - setkey = lib.nettle_camellia256_set_encrypt_key, - invert = lib.nettle_camellia256_invert_key, - encrypt = lib.nettle_camellia256_crypt, - decrypt = lib.nettle_camellia256_crypt, - context = ffi_typeof "NETTLE_CAMELLIA256_CTX[1]" - } + ecb = { + [128] = { + setkey = lib.nettle_camellia128_set_encrypt_key, + invert = lib.nettle_camellia128_invert_key, + encrypt = lib.nettle_camellia128_crypt, + decrypt = lib.nettle_camellia128_crypt, + context = camellia_context.camellia128 + }, + [192] = { + setkey = lib.nettle_camellia192_set_encrypt_key, + invert = lib.nettle_camellia256_invert_key, + encrypt = lib.nettle_camellia256_crypt, + decrypt = lib.nettle_camellia256_crypt, + context = camellia_context.camellia192 }, - gcm = { - iv_size = 12, - [128] = { - setkey = lib.nettle_gcm_camellia128_set_key, - setiv = lib.nettle_gcm_camellia128_set_iv, - update = lib.nettle_gcm_camellia128_update, - encrypt = lib.nettle_gcm_camellia128_encrypt, - decrypt = lib.nettle_gcm_camellia128_decrypt, - digest = lib.nettle_gcm_camellia128_digest, - context = ffi_typeof "NETTLE_GCM_CAMELLIA128_CTX[1]" - }, - [256] = { - setkey = lib.nettle_gcm_camellia256_set_key, - setiv = lib.nettle_gcm_camellia256_set_iv, - update = lib.nettle_gcm_camellia256_update, - encrypt = lib.nettle_gcm_camellia256_encrypt, - decrypt = lib.nettle_gcm_camellia256_decrypt, - digest = lib.nettle_gcm_camellia256_digest, - context = ffi_typeof "NETTLE_GCM_CAMELLIA256_CTX[1]" - } + [256] = { + setkey = lib.nettle_camellia256_set_encrypt_key, + invert = lib.nettle_camellia256_invert_key, + encrypt = lib.nettle_camellia256_crypt, + decrypt = lib.nettle_camellia256_crypt, + context = camellia_context.camellia256 } + }, + gcm = { + iv_size = 12, + [128] = { + setkey = lib.nettle_gcm_camellia128_set_key, + setiv = lib.nettle_gcm_camellia128_set_iv, + update = lib.nettle_gcm_camellia128_update, + encrypt = lib.nettle_gcm_camellia128_encrypt, + decrypt = lib.nettle_gcm_camellia128_decrypt, + digest = lib.nettle_gcm_camellia128_digest, + context = gcm_context.gcm_camellia128 + }, + [256] = { + setkey = lib.nettle_gcm_camellia256_set_key, + setiv = lib.nettle_gcm_camellia256_set_iv, + update = lib.nettle_gcm_camellia256_update, + encrypt = lib.nettle_gcm_camellia256_encrypt, + decrypt = lib.nettle_gcm_camellia256_decrypt, + digest = lib.nettle_gcm_camellia256_digest, + context = gcm_context.gcm_camellia256 + } + } } -local dgt = ffi_new(uint8t, 16) - local camellia = {} camellia.__index = camellia function camellia.new(key, mode, iv, ad) - local len = #key - if len ~= 16 and len ~= 24 and len ~= 32 then - return nil, "the Camellia supported key sizes are 128, 192, and 256 bits" - end - mode = (mode or "ecb"):lower() - local config = ciphers[mode] - if not config then - return nil, "the Camellia supported modes are ECB, and GCM" + local len = #key + if len ~= 16 and len ~= 24 and len ~= 32 then + return nil, "the Camellia supported key sizes are 128, 192, and 256 bits" + end + if mode then + mode = lower(mode) + else + mode = "ecb" + end + local config = ciphers[mode] + if not config then + return nil, "the Camellia supported modes are ECB, and GCM" + end + local bits = len * 8 + local cipher = config[bits] + local context = ffi_new(cipher.context) + cipher.setkey(context, key) + local iv_size = config.iv_size + if iv_size then + iv = iv or "" + if #iv ~= iv_size then + return nil, "the Camellia-" .. mode:upper() .. " supported initialization vector size is " .. + (iv_size * 8) .. " bits" end - local bits = len * 8 - local cipher = config[bits] - local context = ffi_new(cipher.context) - cipher.setkey(context, key) - local iv_size = config.iv_size - if iv_size then - iv = iv or "" - if #iv ~= iv_size then - return nil, "the Camellia-" .. mode:upper() .. " supported initialization vector size is " .. (iv_size * 8) .. " bits" - end - cipher.setiv(context, iv_size, iv) - end - if ad and cipher.update then - cipher.update(context, #ad, ad) - end - return setmetatable({ - context = context, - cipher = cipher }, camellia) + cipher.setiv(context, iv_size, iv) + end + if ad and cipher.update then + cipher.update(context, #ad, ad) + end + + return setmetatable({ + context = context, + cipher = cipher + }, camellia) end function camellia:encrypt(src, len) - local cipher = self.cipher - local context = self.context - if cipher.invert and self.inverted then - cipher.invert(context, context) - self.inverted = nil - end - len = len or #src - if cipher.digest then - local dst = ffi_new(uint8t, len) - cipher.encrypt(context, len, dst, src) - cipher.digest(context, 16, dgt) - return ffi_str(dst, len), ffi_str(dgt, 16) - end - local dln = ceil(len / 16) * 16 - local dst = ffi_new(uint8t, dln) - ffi_copy(dst, src, len) - cipher.encrypt(context, dln, dst, dst) - return ffi_str(dst, dln) + local cipher = self.cipher + local context = self.context + if cipher.invert and self.inverted then + cipher.invert(context, context) + self.inverted = nil + end + len = len or #src + if cipher.digest then + local dst = ffi_new(types.uint8_t, len) + cipher.encrypt(context, len, dst, src) + cipher.digest(context, 16, types.uint8_t_16) + return ffi_str(dst, len), ffi_str(types.uint8_t_16, 16) + end + local dln = ceil(len / 16) * 16 + local dst = ffi_new(types.uint8_t, dln) + ffi_copy(dst, src, len) + cipher.encrypt(context, dln, dst, dst) + return ffi_str(dst, dln) end function camellia:decrypt(src, len) - local cipher = self.cipher - local context = self.context - if cipher.invert and not self.inverted then - cipher.invert(context, context) - self.inverted = true - end - len = len or #src - if cipher.digest then - local dst = ffi_new(uint8t, len) - cipher.decrypt(context, len, dst, src) - cipher.digest(context, 16, dgt) - return ffi_str(dst, len), ffi_str(dgt, 16) - end - local dln = ceil(len / 16) * 16 - local dst = ffi_new(uint8t, dln) - cipher.decrypt(context, dln, dst, src) - return ffi_str(dst, len) + local cipher = self.cipher + local context = self.context + if cipher.invert and not self.inverted then + cipher.invert(context, context) + self.inverted = true + end + len = len or #src + if cipher.digest then + local dst = ffi_new(types.uint8_t, len) + cipher.decrypt(context, len, dst, src) + cipher.digest(context, 16, types.uint8_t_16) + return ffi_str(dst, len), ffi_str(types.uint8_t_16, 16) + end + local dln = ceil(len / 16) * 16 + local dst = ffi_new(types.uint8_t, dln) + cipher.decrypt(context, dln, dst, src) + return ffi_str(dst, len) end return camellia diff --git a/lib/resty/nettle/cast128.lua b/lib/resty/nettle/cast128.lua index 19fba21..b192d64 100644 --- a/lib/resty/nettle/cast128.lua +++ b/lib/resty/nettle/cast128.lua @@ -1,64 +1,45 @@ -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_copy = ffi.copy -local ffi_str = ffi.string -local ceil = math.ceil +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.cast128" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_copy = ffi.copy +local ffi_str = ffi.string +local ceil = math.ceil local setmetatable = setmetatable -ffi_cdef[[ -typedef struct cast128_ctx { - unsigned rounds; - unsigned char Kr[16]; - uint32_t Km[16]; -} NETTLE_CAST128_CTX; -void nettle_cast5_set_key(struct cast128_ctx *ctx, size_t length, const uint8_t *key); -void nettle_cast128_set_key(struct cast128_ctx *ctx, const uint8_t *key); -void nettle_cast128_encrypt(const struct cast128_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_cast128_decrypt(const struct cast128_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -]] - -local uint8t = ffi_typeof "uint8_t[?]" - local cast128 = {} cast128.__index = cast128 -local context = ffi_typeof "NETTLE_CAST128_CTX[1]" -local setkey = lib.nettle_cast5_set_key -local setkey128 = lib.nettle_cast128_set_key -local encrypt = lib.nettle_cast128_encrypt -local decrypt = lib.nettle_cast128_decrypt - function cast128.new(key) - local len = #key - if len < 5 or len > 16 then - return nil, "the CAST128 supported key sizes are between 40 and 128 bits" - end - local ct = ffi_new(context) - if len == 16 then - setkey128(ct, key) - else - setkey(ct, len, key) - end - return setmetatable({ context = ct }, cast128) + local len = #key + if len < 5 or len > 16 then + return nil, "the CAST128 supported key sizes are between 40 and 128 bits" + end + local ct = ffi_new(context) + if len == 16 then + lib.nettle_cast128_set_key(ct, key) + else + lib.nettle_cast5_set_key(ct, len, key) + end + return setmetatable({ context = ct }, cast128) end function cast128:encrypt(src, len) - len = len or #src - local dln = ceil(len / 8) * 8 - local dst = ffi_new(uint8t, dln) - ffi_copy(dst, src, len) - encrypt(self.context, dln, dst, dst) - return ffi_str(dst, dln) + len = len or #src + local dln = ceil(len / 8) * 8 + local dst = ffi_new(types.uint8_t, dln) + ffi_copy(dst, src, len) + lib.nettle_cast128_encrypt(self.context, dln, dst, dst) + return ffi_str(dst, dln) end function cast128:decrypt(src, len) - len = len or #src - local dln = ceil(len / 8) * 8 - local dst = ffi_new(uint8t, dln) - decrypt(self.context, dln, dst, src) - return ffi_str(dst, len) + len = len or #src + local dln = ceil(len / 8) * 8 + local dst = ffi_new(types.uint8_t, dln) + lib.nettle_cast128_decrypt(self.context, dln, dst, src) + return ffi_str(dst, len) end + return cast128 diff --git a/lib/resty/nettle/chacha-poly1305.lua b/lib/resty/nettle/chacha-poly1305.lua index 5c4453c..6be4ad0 100644 --- a/lib/resty/nettle/chacha-poly1305.lua +++ b/lib/resty/nettle/chacha-poly1305.lua @@ -1,80 +1,48 @@ -require "resty.nettle.types.chacha" -require "resty.nettle.types.poly1305" - -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_str = ffi.string +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.chacha-poly1305" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_str = ffi.string local setmetatable = setmetatable -ffi_cdef[[ -typedef struct chacha_poly1305_ctx { - struct chacha_ctx chacha; - struct poly1305_ctx poly1305; - union nettle_block16 s; - uint64_t auth_size; - uint64_t data_size; - uint8_t block[16]; - unsigned index; -} NETTLE_CHACHA_POLY1305; -void nettle_chacha_poly1305_set_key(struct chacha_poly1305_ctx *ctx, const uint8_t *key); -void nettle_chacha_poly1305_set_nonce(struct chacha_poly1305_ctx *ctx, const uint8_t *nonce); -void nettle_chacha_poly1305_update(struct chacha_poly1305_ctx *ctx, size_t length, const uint8_t *data); -void nettle_chacha_poly1305_encrypt(struct chacha_poly1305_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_chacha_poly1305_decrypt(struct chacha_poly1305_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_chacha_poly1305_digest(struct chacha_poly1305_ctx *ctx, size_t length, uint8_t *digest); -]] - -local uint8t = ffi_typeof "uint8_t[?]" -local dgt = ffi_new(uint8t, 16) - local chacha_poly1305 = {} chacha_poly1305.__index = chacha_poly1305 -local context = ffi_typeof "NETTLE_CHACHA_POLY1305[1]" -local setkey = lib.nettle_chacha_poly1305_set_key -local setnonce = lib.nettle_chacha_poly1305_set_nonce -local update = lib.nettle_chacha_poly1305_update -local encrypt = lib.nettle_chacha_poly1305_encrypt -local decrypt = lib.nettle_chacha_poly1305_decrypt -local digest = lib.nettle_chacha_poly1305_digest - function chacha_poly1305.new(key, nonce, ad) - local kl = #key - if kl ~= 32 then - return nil, "the ChaCha-Poly1305 supported key size is 256 bits" - end - local nl = #nonce - if nl ~= 16 then - return nil, "the ChaCha-Poly1305 supported nonce size is 128 bits" - end - local ct = ffi_new(context) - setkey(ct, key) - setnonce(ct, nonce) - if ad then - update(ct, #ad, ad) - end - return setmetatable({ context = ct }, chacha_poly1305) + local kl = #key + if kl ~= 32 then + return nil, "the ChaCha-Poly1305 supported key size is 256 bits" + end + local nl = #nonce + if nl ~= 16 then + return nil, "the ChaCha-Poly1305 supported nonce size is 128 bits" + end + local ct = ffi_new(context) + lib.nettle_chacha_poly1305_set_key(ct, key) + lib.nettle_chacha_poly1305_set_nonce(ct, nonce) + if ad then + lib.nettle_chacha_poly1305_update(ct, #ad, ad) + end + return setmetatable({ context = ct }, chacha_poly1305) end function chacha_poly1305:encrypt(src) - local len = #src - local ctx = self.context - local dst = ffi_new(uint8t, len) - encrypt(ctx, len, dst, src) - digest(ctx, 16, dgt) - return ffi_str(dst, len), ffi_str(dgt, 16) + local len = #src + local ctx = self.context + local dst = ffi_new(types.uint8_t, len) + lib.nettle_chacha_poly1305_encrypt(ctx, len, dst, src) + lib.nettle_chacha_poly1305_digest(ctx, 16, types.uint8_t_16) + return ffi_str(dst, len), ffi_str(types.uint8_t_16, 16) end function chacha_poly1305:decrypt(src) - local len = #src - local ctx = self.context - local dst = ffi_new(uint8t, len) - decrypt(ctx, len, dst, src) - digest(ctx, 16, dgt) - return ffi_str(dst, len), ffi_str(dgt, 16) + local len = #src + local ctx = self.context + local dst = ffi_new(types.uint8_t, len) + lib.nettle_chacha_poly1305_decrypt(ctx, len, dst, src) + lib.nettle_chacha_poly1305_digest(ctx, 16, types.uint8_t_16) + return ffi_str(dst, len), ffi_str(types.uint8_t_16, 16) end return chacha_poly1305 diff --git a/lib/resty/nettle/chacha.lua b/lib/resty/nettle/chacha.lua index 57c1925..5c7cd34 100644 --- a/lib/resty/nettle/chacha.lua +++ b/lib/resty/nettle/chacha.lua @@ -1,58 +1,55 @@ -require "resty.nettle.types.chacha" - -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_copy = ffi.copy -local ffi_str = ffi.string +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.chacha" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_copy = ffi.copy +local ffi_str = ffi.string local setmetatable = setmetatable -ffi_cdef[[ -void nettle_chacha_set_key(struct chacha_ctx *ctx, const uint8_t *key); -void nettle_chacha_set_nonce(struct chacha_ctx *ctx, const uint8_t *nonce); -void nettle_chacha_crypt(struct chacha_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -]] - -local uint8t = ffi_typeof "uint8_t[?]" - local chacha = {} chacha.__index = chacha -local context = ffi_typeof "NETTLE_CHACHA_CTX[1]" -local setkey = lib.nettle_chacha_set_key -local setnonce = lib.nettle_chacha_set_nonce -local crypt = lib.nettle_chacha_crypt - function chacha.new(key, nonce) - local kl = #key - if kl ~= 32 then - return nil, "the ChaCha supported key size is 256 bits" + local kl = #key + if kl ~= 32 then + return nil, "the ChaCha supported key size is 256 bits" + end + + local nl + if nonce then + nl = #nonce + if nl ~= 8 and nl ~= 12 then + return nil, "the ChaCha supported nonce sizes are 64 bits and 96 bits" end - local nl = #nonce - if nl ~= 8 then - return nil, "the ChaCha supported nonce size is 64 bits" + end + + local ct = ffi_new(context) + lib.nettle_chacha_set_key(ct, key) + if nonce then + if nl == 8 then + lib.nettle_chacha_set_nonce(ct, nonce) + elseif nl == 12 then + lib.nettle_chacha_set_nonce96(ct, nonce) end - local ct = ffi_new(context) - setkey(ct, key) - setnonce(ct, nonce) - return setmetatable({ context = ct }, chacha) + end + + return setmetatable({ context = ct }, chacha) end function chacha:encrypt(src, len) - len = len or #src - local dst = ffi_new(uint8t, len) - ffi_copy(dst, src, len) - crypt(self.context, len, dst, dst) - return ffi_str(dst, len) + len = len or #src + local dst = ffi_new(types.uint8_t, len) + ffi_copy(dst, src, len) + lib.nettle_chacha_crypt(self.context, len, dst, dst) + return ffi_str(dst, len) end function chacha:decrypt(src, len) - len = len or #src - local dst = ffi_new(uint8t, len) - crypt(self.context, len, dst, src) - return ffi_str(dst, len) + len = len or #src + local dst = ffi_new(types.uint8_t, len) + lib.nettle_chacha_crypt(self.context, len, dst, src) + return ffi_str(dst, len) end return chacha diff --git a/lib/resty/nettle/cipher.lua b/lib/resty/nettle/cipher.lua deleted file mode 100644 index 75353c8..0000000 --- a/lib/resty/nettle/cipher.lua +++ /dev/null @@ -1,27 +0,0 @@ -require "resty.nettle.types.cipher" -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_str = ffi.string -local tonumber = tonumber -local ciphers = {} -do - local i, cs = 0, lib.nettle_ciphers - while cs[i] ~= nil do - local cipher = { - name = ffi_str(cs[i].name), - context_size = tonumber(cs[i].context_size), - block_size = tonumber(cs[i].block_size), - key_size = tonumber(cs[i].key_size), - set_encrypt_key = cs[i].set_encrypt_key, - set_decrypt_key = cs[i].set_decrypt_key, - encrypt = cs[i].encrypt, - decrypt = cs[i].decrypt - } - ciphers[i+1] = cipher - ciphers[cipher.name] = cipher - i=i+1 - end -end -return { - ciphers = ciphers -} diff --git a/lib/resty/nettle/cmac.lua b/lib/resty/nettle/cmac.lua new file mode 100644 index 0000000..fd6707b --- /dev/null +++ b/lib/resty/nettle/cmac.lua @@ -0,0 +1,82 @@ +do + local version = require "resty.nettle.version" + if version.major < 3 or (version.major == 3 and version.minor < 5) then + return nil, string.format("CMAC is not supportted with Nettle %s", version) + end +end + +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.cmac" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_str = ffi.string +local setmetatable = setmetatable + +local cmacs = { + aes128 = { + context = context.aes128, + buffer = types.uint8_t_16, + setkey = lib.nettle_cmac_aes128_set_key, + update = lib.nettle_cmac_aes128_update, + digest = lib.nettle_cmac_aes128_digest, + }, + aes256 = { + context = context.aes256, + buffer = types.uint8_t_16, + setkey = lib.nettle_cmac_aes256_set_key, + update = lib.nettle_cmac_aes256_update, + digest = lib.nettle_cmac_aes256_digest, + }, +} + +cmacs[128] = cmacs.aes128 +cmacs[256] = cmacs.aes256 + +local cmac = {} +cmac.__index = cmac + +function cmac:update(data, len) + return self.cmac.update(self.context, len or #data, data) +end + +function cmac:digest() + local cmc = self.cmac + cmc.digest(self.context, 16, cmc.buffer) + return ffi_str(cmac.buffer, 16) +end + +local function factory(mac) + return setmetatable({ + new = function(key) + local ctx = ffi_new(mac.context) + mac.setkey(ctx, key) + return setmetatable({ context = ctx, cmac = mac }, cmac) + end + }, { + __call = function(_, key, data, len) + local ctx = ffi_new(mac.context) + mac.setkey(ctx, key) + mac.update(ctx, len or #data, data) + mac.digest(ctx, 16, mac.buffer) + return ffi_str(mac.buffer, 16) + end + }) +end + +return setmetatable({ + aes128 = factory(cmacs.aes128), + aes256 = factory(cmacs.aes256) +}, { + __call = function(_, cipher, key, data, len) + local mac = cmacs[cipher] + if not mac then + return nil, "the supported cmac ciphers are aes128 and aes256" + end + local ctx = ffi_new(mac.context) + mac.setkey(ctx, key) + mac.update(ctx, len or #data, data) + mac.digest(ctx, 16, mac.buffer) + return ffi_str(mac.buffer, 16) + end +}) diff --git a/lib/resty/nettle/curve25519.lua b/lib/resty/nettle/curve25519.lua index 1cd2c43..0b24757 100644 --- a/lib/resty/nettle/curve25519.lua +++ b/lib/resty/nettle/curve25519.lua @@ -1,29 +1,19 @@ -require "resty.nettle.types.des" +require "resty.nettle.types.curve25519" -local lib = require "resty.nettle.hogweed" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_str = ffi.string -local ffi_cdef = ffi.cdef -local ffi_typeof = ffi.typeof - -local t = ffi_typeof "uint8_t[32]" -local q = ffi_new(t) - -ffi_cdef[[ -void nettle_curve25519_mul_g(uint8_t *q, const uint8_t *n); -void nettle_curve25519_mul(uint8_t *q, const uint8_t *n, const uint8_t *p); -]] +local types = require "resty.nettle.types.common" +local lib = require "resty.nettle.hogweed" +local ffi = require "ffi" +local ffi_str = ffi.string local curve = {} function curve.mul(n, p) - if p then - lib.nettle_curve25519_mul(q, n, p) - else - lib.nettle_curve25519_mul_g(q, n) - end - return ffi_str(q, 32); + if p then + lib.nettle_curve25519_mul(types.uint8_t_32, n, p) + else + lib.nettle_curve25519_mul_g(types.uint8_t_32, n) + end + return ffi_str(types.uint8_t_32, 32); end return curve diff --git a/lib/resty/nettle/des.lua b/lib/resty/nettle/des.lua index 5e894e3..3623503 100644 --- a/lib/resty/nettle/des.lua +++ b/lib/resty/nettle/des.lua @@ -1,170 +1,159 @@ -require "resty.nettle.types.des" - -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_copy = ffi.copy -local ffi_cdef = ffi.cdef -local ffi_str = ffi.string -local ceil = math.ceil +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.des" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_copy = ffi.copy +local ffi_str = ffi.string +local lower = string.lower +local ceil = math.ceil local setmetatable = setmetatable -ffi_cdef[[ -int nettle_des_set_key(struct des_ctx *ctx, const uint8_t *key); -void nettle_des_encrypt(const struct des_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_des_decrypt(const struct des_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -int nettle_des_check_parity(size_t length, const uint8_t *key); -void nettle_des_fix_parity(size_t length, uint8_t *dst, const uint8_t *src); -int nettle_des3_set_key(struct des3_ctx *ctx, const uint8_t *key); -void nettle_des3_encrypt(const struct des3_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_des3_decrypt(const struct des3_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -]] - -local uint8t = ffi_typeof "uint8_t[?]" - local des = {} des.__index = des local ciphers = { - des = { - ecb = { - context = ffi_typeof "NETTLE_DES_CTX[1]", - setkey = lib.nettle_des_set_key, - encrypt = lib.nettle_des_encrypt, - decrypt = lib.nettle_des_decrypt - }, - cbc = { - iv_size = 8, - context = ffi_typeof "NETTLE_DES_CTX[1]", - setkey = lib.nettle_des_set_key, - encrypt = lib.nettle_cbc_encrypt, - decrypt = lib.nettle_cbc_decrypt, - cipher = { - encrypt = lib.nettle_des_encrypt, - decrypt = lib.nettle_des_decrypt - } - }, - ctr = { - iv_size = 8, - context = ffi_typeof "NETTLE_DES_CTX[1]", - setkey = lib.nettle_des_set_key, - encrypt = lib.nettle_ctr_crypt, - decrypt = lib.nettle_ctr_crypt, - cipher = { - encrypt = lib.nettle_des_encrypt, - decrypt = lib.nettle_des_encrypt - } - } + des = { + ecb = { + context = context.des, + setkey = lib.nettle_des_set_key, + encrypt = lib.nettle_des_encrypt, + decrypt = lib.nettle_des_decrypt + }, + cbc = { + iv_size = 8, + context = context.des, + setkey = lib.nettle_des_set_key, + encrypt = lib.nettle_cbc_encrypt, + decrypt = lib.nettle_cbc_decrypt, + cipher = { + encrypt = lib.nettle_des_encrypt, + decrypt = lib.nettle_des_decrypt + } + }, + ctr = { + iv_size = 8, + context = context.des, + setkey = lib.nettle_des_set_key, + encrypt = lib.nettle_ctr_crypt, + decrypt = lib.nettle_ctr_crypt, + cipher = { + encrypt = lib.nettle_des_encrypt, + decrypt = lib.nettle_des_encrypt + } + } + }, + des3 = { + ecb = { + context = context.des3, + setkey = lib.nettle_des3_set_key, + encrypt = lib.nettle_des3_encrypt, + decrypt = lib.nettle_des3_decrypt + }, + cbc = { + iv_size = 8, + context = context.des3, + setkey = lib.nettle_des3_set_key, + encrypt = lib.nettle_cbc_encrypt, + decrypt = lib.nettle_cbc_decrypt, + cipher = { + encrypt = lib.nettle_des3_encrypt, + decrypt = lib.nettle_des3_decrypt + } }, - des3 = { - ecb = { - context = ffi_typeof "NETTLE_DES3_CTX[1]", - setkey = lib.nettle_des3_set_key, - encrypt = lib.nettle_des3_encrypt, - decrypt = lib.nettle_des3_decrypt - }, - cbc = { - iv_size = 8, - context = ffi_typeof "NETTLE_DES3_CTX[1]", - setkey = lib.nettle_des3_set_key, - encrypt = lib.nettle_cbc_encrypt, - decrypt = lib.nettle_cbc_decrypt, - cipher = { - encrypt = lib.nettle_des3_encrypt, - decrypt = lib.nettle_des3_decrypt - } - }, - ctr = { - iv_size = 8, - context = ffi_typeof "NETTLE_DES3_CTX[1]", - setkey = lib.nettle_des3_set_key, - encrypt = lib.nettle_ctr_crypt, - decrypt = lib.nettle_ctr_crypt, - cipher = { - encrypt = lib.nettle_des3_encrypt, - decrypt = lib.nettle_des3_encrypt - } - } + ctr = { + iv_size = 8, + context = context.des3, + setkey = lib.nettle_des3_set_key, + encrypt = lib.nettle_ctr_crypt, + decrypt = lib.nettle_ctr_crypt, + cipher = { + encrypt = lib.nettle_des3_encrypt, + decrypt = lib.nettle_des3_encrypt + } } + } } function des.new(key, mode, iv) - local len = #key - if len ~= 8 and len ~= 24 then - return nil, "the DES supported key size is 64 bits, and DES3 supported key size is 192 bits" + local len = #key + if len ~= 8 and len ~= 24 then + return nil, "the DES supported key size is 64 bits, and DES3 supported key size is 192 bits" + end + local cipher + if len == 8 then + cipher = ciphers.des + else + cipher = ciphers.des3 + end + if mode then + mode = lower(mode) + else + mode = "ecb" + end + cipher = cipher[mode] + if not cipher then + return nil, "the DES/DES3 supported modes are currently ECB, CBC, and CTR" + end + local iv_size = cipher.iv_size + if iv_size then + if #iv ~= iv_size then + return nil, "the DES-/DES3-" .. mode:upper() .. " supported initialization vector size is " .. + (iv_size * 8) .. " bits" end - local cipher - if len == 8 then - cipher = ciphers.des - else - cipher = ciphers.des3 - end - mode = (mode or "ecb"):lower() - cipher = cipher[mode] - if not cipher then - return nil, "the DES/DES3 supported modes are currently ECB, CBC, and CTR" - end - local iv_size = cipher.iv_size - if iv_size then - if #iv ~= iv_size then - return nil, "the DES-/DES3-" .. mode:upper() .. " supported initialization vector size is " .. (iv_size * 8) .. " bits" - end - end - local ct = ffi_new(cipher.context) - local wk = cipher.setkey(ct, key) - return setmetatable({ context = ct, cipher = cipher, iv = iv }, des), wk ~= 1 + end + local ct = ffi_new(cipher.context) + local wk = cipher.setkey(ct, key) + return setmetatable({ context = ct, cipher = cipher, iv = iv }, des), wk ~= 1 end function des.check_parity(key) - local len = #key - if len ~= 8 and len ~= 24 then - return nil, "the DES supported key size is 64 bits, and DES3 supported key size is 192 bits" - end - return lib.nettle_des_check_parity(len, key) == 1 + local len = #key + if len ~= 8 and len ~= 24 then + return nil, "the DES supported key size is 64 bits, and DES3 supported key size is 192 bits" + end + return lib.nettle_des_check_parity(len, key) == 1 end function des.fix_parity(src) - local len = #src - if len ~= 8 and len ~= 24 then - return nil, "the DES supported key size is 64 bits, and DES3 supported key size is 192 bits" - end - local dst = ffi_new(uint8t, len) - lib.nettle_des_fix_parity(len, dst, src) - return ffi_str(dst, len) + local len = #src + if len ~= 8 and len ~= 24 then + return nil, "the DES supported key size is 64 bits, and DES3 supported key size is 192 bits" + end + local dst = ffi_new(types.uint8_t, len) + lib.nettle_des_fix_parity(len, dst, src) + return ffi_str(dst, len) end function des:encrypt(src, len) - len = len or #src - local cipher = self.cipher - local context = self.context - local dln = ceil(len / 8) * 8 - local dst = ffi_new(uint8t, dln) - ffi_copy(dst, src, len) - if self.iv then - local iv = ffi_new(uint8t, 8) - ffi_copy(iv, self.iv, 8) - cipher.encrypt(context, cipher.cipher.encrypt, 8, iv, dln, dst, dst) - else - cipher.encrypt(context, dln, dst, dst) - end - return ffi_str(dst, dln) + len = len or #src + local cip = self.cipher + local ctx = self.context + local dln = ceil(len / 8) * 8 + local dst = ffi_new(types.uint8_t, dln) + ffi_copy(dst, src, len) + if self.iv then + ffi_copy(types.uint8_t_8, self.iv, 8) + cip.encrypt(ctx, cip.cipher.encrypt, 8, types.uint8_t_8, dln, dst, dst) + else + cip.encrypt(ctx, dln, dst, dst) + end + return ffi_str(dst, dln) end function des:decrypt(src, len) - local cipher = self.cipher - local context = self.context - len = len or #src - local dln = ceil(len / 8) * 8 - local dst = ffi_new(uint8t, dln) - if self.iv then - local iv = ffi_new(uint8t, 8) - ffi_copy(iv, self.iv, 8) - cipher.decrypt(context, cipher.cipher.decrypt, 8, iv, dln, dst, src) - else - cipher.decrypt(context, dln, dst, src) - end - return ffi_str(dst, len) + local cip = self.cipher + local ctx = self.context + len = len or #src + local dln = ceil(len / 8) * 8 + local dst = ffi_new(types.uint8_t, dln) + if self.iv then + ffi_copy(types.uint8_t_8, self.iv, 8) + cip.decrypt(ctx, cip.cipher.decrypt, 8, types.uint8_t_8, dln, dst, src) + else + cip.decrypt(ctx, dln, dst, src) + end + return ffi_str(dst, len) end return des diff --git a/lib/resty/nettle/dsa.lua b/lib/resty/nettle/dsa.lua index f9d2394..b5158ae 100644 --- a/lib/resty/nettle/dsa.lua +++ b/lib/resty/nettle/dsa.lua @@ -1,65 +1,44 @@ -require "resty.nettle.types.dsa" -require "resty.nettle.library" - -local hogweed = require "resty.nettle.hogweed" -local mpz = require "resty.nettle.mpz" -local ffi = require "ffi" -local ffi_gc = ffi.gc -local ffi_new = ffi.new -local ffi_cdef = ffi.cdef -local ffi_typeof = ffi.typeof +local mpz = require "resty.nettle.mpz" +local context = require "resty.nettle.types.dsa" +local hogweed = require "resty.nettle.hogweed" +local ffi = require "ffi" +local ffi_gc = ffi.gc +local ffi_new = ffi.new local setmetatable = setmetatable -ffi_cdef[[ -void nettle_dsa_params_init(struct dsa_params *params); -void nettle_dsa_params_clear(struct dsa_params *params); -void nettle_dsa_signature_init(struct dsa_signature *signature); -void nettle_dsa_signature_clear(struct dsa_signature *signature); -int nettle_dsa_sign(const struct dsa_params *params, const mpz_t x, void *random_ctx, nettle_random_func *random, size_t digest_size, const uint8_t *digest, struct dsa_signature *signature); -int nettle_dsa_verify(const struct dsa_params *params, const mpz_t y, size_t digest_size, const uint8_t *digest, const struct dsa_signature *signature); -int nettle_dsa_generate_params(struct dsa_params *params, void *random_ctx, nettle_random_func *random, void *progress_ctx, nettle_progress_func *progress, unsigned p_bits, unsigned q_bits); -void nettle_dsa_generate_keypair(const struct dsa_params *params, mpz_t pub, mpz_t key, void *random_ctx, nettle_random_func *random); -int nettle_dsa_keypair_to_sexp(struct nettle_buffer *buffer, const char *algorithm_name, const struct dsa_params *params, const mpz_t pub, const mpz_t priv); -]] - -local size = ffi_new "size_t[1]" -local buf = ffi_typeof "uint8_t[?]" -local sig = ffi_typeof "NETTLE_DSA_SIGNATURE[1]" - local signature = {} signature.__index = signature -function signature.new(r, s, base) - local context = ffi_gc(ffi_new(sig), hogweed.nettle_dsa_signature_clear) - hogweed.nettle_dsa_signature_init(context) - if r then - local ok, err = mpz.set(context[0].r, r, base) - if not ok then - return nil, err - end +function signature.new(r, s) + local ctx = ffi_gc(ffi_new(context.signature), hogweed.nettle_dsa_signature_clear) + hogweed.nettle_dsa_signature_init(ctx) + if r then + local ok, err = mpz.set(ctx.r, r) + if not ok then + return nil, err end + end - if s then - local ok, err = mpz.set(context[0].s, s, base) - if not ok then - return nil, err - end + if s then + local ok, err = mpz.set(ctx.s, s) + if not ok then + return nil, err end + end - return setmetatable({ context = context }, signature) + return setmetatable({ context = ctx }, signature) end -local dsa = { signature = signature } -dsa.__index = dsa - -function dsa.new() +function signature:r(len) + return mpz.tostring(self.context.r, len) end -function dsa:encrypt() +function signature:s(len) + return mpz.tostring(self.context.s, len) end -function dsa:decrypt() -end +local dsa = { signature = signature } +dsa.__index = dsa return dsa diff --git a/lib/resty/nettle/ecc.lua b/lib/resty/nettle/ecc.lua index 78be422..17879ea 100644 --- a/lib/resty/nettle/ecc.lua +++ b/lib/resty/nettle/ecc.lua @@ -1,51 +1,34 @@ -require "resty.nettle.types.dsa" -require "resty.nettle.types.ecc" - -local hogweed = require "resty.nettle.hogweed" -local mpz = require "resty.nettle.mpz" -local ffi = require "ffi" -local ffi_gc = ffi.gc -local ffi_new = ffi.new -local ffi_cdef = ffi.cdef -local ffi_typeof = ffi.typeof +local context = require "resty.nettle.types.ecc" +local hogweed = require "resty.nettle.hogweed" +local mpz = require "resty.nettle.mpz" +local ffi = require "ffi" +local ffi_gc = ffi.gc +local ffi_new = ffi.new local setmetatable = setmetatable -local type = type - -ffi_cdef[[ -void nettle_ecc_point_init(struct ecc_point *p, const struct ecc_curve *ecc); -void nettle_ecc_point_clear(struct ecc_point *p); -int nettle_ecc_point_set(struct ecc_point *p, const mpz_t x, const mpz_t y); -void nettle_ecc_point_get(const struct ecc_point *p, mpz_t x, mpz_t y); -void nettle_ecc_scalar_init(struct ecc_scalar *s, const struct ecc_curve *ecc); -void nettle_ecc_scalar_clear(struct ecc_scalar *s); -int nettle_ecc_scalar_set(struct ecc_scalar *s, const mpz_t z); -void nettle_ecc_scalar_get(const struct ecc_scalar *s, mpz_t z); -void nettle_ecc_scalar_random(struct ecc_scalar *s, void *random_ctx, nettle_random_func *random); -void nettle_ecc_point_mul(struct ecc_point *r, const struct ecc_scalar *n, const struct ecc_point *p); -void nettle_ecc_point_mul_g(struct ecc_point *r, const struct ecc_scalar *n); -]] - -local pub = ffi_typeof "NETTLE_ECC_POINT[1]" +local type = type + +local mpz_t_1 = mpz.new() +local mpz_t_2 = mpz.new() local curves = {} do - local pcall = pcall - - local function curve(name) - local o, c = pcall(function() - return hogweed[name] - end) - if o then - return c - end + local pcall = pcall + + local function curve(name) + local o, c = pcall(function() + return hogweed[name]() + end) + if o then + return c end + end - curves["P-192"] = curve("nettle_secp_192r1") - curves["P-224"] = curve("nettle_secp_224r1") - curves["P-256"] = curve("nettle_secp_256r1") - curves["P-384"] = curve("nettle_secp_384r1") - curves["P-521"] = curve("nettle_secp_521r1") + curves["P-192"] = curve("nettle_get_secp_192r1") + curves["P-224"] = curve("nettle_get_secp_224r1") + curves["P-256"] = curve("nettle_get_secp_256r1") + curves["P-384"] = curve("nettle_get_secp_384r1") + curves["P-521"] = curve("nettle_get_secp_521r1") end local curve = {} @@ -56,36 +39,100 @@ local point = {} point.__index = point -function point.new(c, x, y, base) - local context = ffi_gc(ffi_new(pub), hogweed.nettle_ecc_point_clear) +function point.new(c, x, y) + local ctx = ffi_gc(ffi_new(context.point), hogweed.nettle_ecc_point_clear) + + c = c or curves["P-256"] - if type(c) == "cdata" then - hogweed.nettle_ecc_point_init(context, c) - elseif curves[c] then - hogweed.nettle_ecc_point_init(context, curves[c]) - else - return nil, "invalid curve for ECC point" + if type(c) == "cdata" then + hogweed.nettle_ecc_point_init(ctx, c) + elseif curves[c] then + hogweed.nettle_ecc_point_init(ctx, curves[c]) + else + return nil, "invalid curve for ECC point" + end + + if x and y then + mpz.set(mpz_t_1, x) + mpz.set(mpz_t_2, y) + if hogweed.nettle_ecc_point_set(ctx, mpz_t_1, mpz_t_2) ~= 1 then + return nil, "unable to set ECC point" end + end + + return setmetatable({ context = ctx }, point) +end + +function point:coordinates() + hogweed.nettle_ecc_point_get(self.context, mpz_t_1, mpz_t_2) + return { + x = mpz.tostring(mpz_t_1, 66), + y = mpz.tostring(mpz_t_2, 66), + } +end + +function point:xy() + local xy, err = self:coordinates() + if not xy then + return nil, err + end + + return xy.x .. xy.y +end + +function point:x() + local xy, err = self:coordinates() + if not xy then + return nil, err + end + + return xy.x +end - if x and y then - local mx, my, err - mx, err = mpz.new(x, base) - if not mx then - return nil, err - end - my, err = mpz.new(y, base) - if not my then - return nil, err - end - if hogweed.nettle_ecc_point_set(context, mx, my) ~= 1 then - return nil, "unable to set ECC point" - end +function point:y() + local xy, err = self:coordinates() + if not xy then + return nil, err + end + + return xy.y +end + +local scalar = {} + +scalar.__index = scalar + +function scalar.new(c, z) + local ctx = ffi_gc(ffi_new(context.scalar), hogweed.nettle_ecc_scalar_clear) + + c = c or curves["P-256"] + + if type(c) == "cdata" then + hogweed.nettle_ecc_scalar_init(ctx, c) + elseif curves[c] then + hogweed.nettle_ecc_scalar_init(ctx, curves[c]) + else + return nil, "invalid curve for ECC scalar" + end + + if z then + mpz.set(mpz_t_1, z) + + if hogweed.nettle_ecc_scalar_set(ctx, mpz_t_1) ~= 1 then + return nil, "unable to set ECC scalar" end + end + + return setmetatable({ context = ctx }, scalar) +end + - return setmetatable({ context = context }, point) +function scalar:d(len) + hogweed.nettle_ecc_scalar_get(self.context, mpz_t_1) + return mpz.tostring(mpz_t_1, len) end -local ecc = { point = point, curve = curve } +local ecc = { point = point, scalar = scalar, curve = curve } ecc.__index = ecc diff --git a/lib/resty/nettle/ecdsa.lua b/lib/resty/nettle/ecdsa.lua index fee5575..1b0d81c 100644 --- a/lib/resty/nettle/ecdsa.lua +++ b/lib/resty/nettle/ecdsa.lua @@ -1,31 +1,57 @@ -require "resty.nettle.types.ecc" +require "resty.nettle.types.ecdsa" -local hogweed = require "resty.nettle.hogweed" -local dsa = require "resty.nettle.dsa" -local ecc = require "resty.nettle.ecc" -local ffi = require "ffi" -local ffi_cdef = ffi.cdef +local random = require "resty.nettle.random" +local hogweed = require "resty.nettle.hogweed" +local dsa = require "resty.nettle.dsa" +local ecc = require "resty.nettle.ecc" local setmetatable = setmetatable -ffi_cdef[[ -void nettle_ecdsa_sign(const struct ecc_scalar *key, void *random_ctx, nettle_random_func *random, size_t digest_length, const uint8_t *digest, struct dsa_signature *signature); -int nettle_ecdsa_verify(const struct ecc_point *pub, size_t length, const uint8_t *digest, const struct dsa_signature *signature); -void nettle_ecdsa_generate_keypair(struct ecc_point *pub, struct ecc_scalar *key, void *random_ctx, nettle_random_func *random); -]] +local sig = dsa.signature.new() -local ecdsa = { signature = dsa.signature, point = ecc.point } +local keypair = {} + +function keypair.new(c) + local p, err = ecc.point.new(c) + if not p then + return nil, err + end + + local s + s, err = ecc.scalar.new(c) + if not s then + return nil, err + end + + hogweed.nettle_ecdsa_generate_keypair(p.context, s.context, random.context, random.func) + + return setmetatable({ + point = p, + scalar = s, + }, keypair) +end + +local ecdsa = { signature = dsa.signature, point = ecc.point, scalar = ecc.scalar, keypair = keypair } ecdsa.__index = ecdsa function ecdsa.new(point, scalar) - return setmetatable({ point = point, scalar = scalar }, ecdsa) + return setmetatable({ point = point, scalar = scalar }, ecdsa) end function ecdsa:verify(digest, signature) - if hogweed.nettle_ecdsa_verify(self.point.context, #digest, digest, signature.context or signature) ~= 1 then - return nil, "unable to ECDSA verify" - end - return true + if hogweed.nettle_ecdsa_verify(self.point.context, #digest, digest, signature.context or signature) ~= 1 then + return nil, "unable to ECDSA verify" + end + return true +end + +function ecdsa:sign(digest, len) + hogweed.nettle_ecdsa_sign(self.scalar.context, random.context, random.func, #digest, digest, sig.context) + + return { + r = sig:r(len), + s = sig:s(len), + } end return ecdsa diff --git a/lib/resty/nettle/ed25519-sha512.lua b/lib/resty/nettle/ed25519-sha512.lua index 213a404..744c6cd 100644 --- a/lib/resty/nettle/ed25519-sha512.lua +++ b/lib/resty/nettle/ed25519-sha512.lua @@ -1,51 +1,50 @@ -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_cdef = ffi.cdef -local ffi_str = ffi.string -local ffi_typeof = ffi.typeof -local hogweed = require "resty.nettle.hogweed" +require "resty.nettle.types.ed25519-sha512" -ffi_cdef[[ -void nettle_ed25519_sha512_public_key(uint8_t *pub, const uint8_t *priv); -void nettle_ed25519_sha512_sign(const uint8_t *pub, const uint8_t *priv, size_t length, const uint8_t *msg, uint8_t *signature); - int nettle_ed25519_sha512_verify(const uint8_t *pub, size_t length, const uint8_t *msg, const uint8_t *signature); -]] +local types = require "resty.nettle.types.common" +local hogweed = require "resty.nettle.hogweed" +local ffi = require "ffi" +local ffi_str = ffi.string -local uint8t = ffi_typeof "uint8_t[?]" -local sig = ffi_new(uint8t, 64) -local pub = ffi_new(uint8t, 32) local ed = {} function ed.public_key(pri) - if #pri ~= 32 then - return nil, "the EdDSA25519 SHA-512 supported key size is 256 bits" - end - hogweed.nettle_ed25519_sha512_public_key(pub, pri) - return ffi_str(pub, 32) + if #pri ~= 32 then + return nil, "the EdDSA25519 SHA-512 supported key size is 256 bits" + end + hogweed.nettle_ed25519_sha512_public_key(types.uint8_t_32, pri) + return ffi_str(types.uint8_t_32, 32) end function ed.sign(pub, pri, msg) - if #pub ~= 32 then - return nil, "the EdDSA25519 SHA-512 supported public key size is 256 bits" - end - if #pri ~= 32 then - return nil, "the EdDSA25519 SHA-512 supported private key size is 256 bits" + if pri and not pub then + local err + pub, err = ed.public_key(pri) + if not pub then + return nil, err end - hogweed.nettle_ed25519_sha512_sign(pub, pri, #msg, msg, sig) - return ffi_str(sig, 64) + end + + if #pub ~= 32 then + return nil, "the EdDSA25519 SHA-512 supported public key size is 256 bits" + end + if #pri ~= 32 then + return nil, "the EdDSA25519 SHA-512 supported private key size is 256 bits" + end + hogweed.nettle_ed25519_sha512_sign(pub, pri, #msg, msg, types.uint8_t_64) + return ffi_str(types.uint8_t_64, 64) end function ed.verify(pub, msg, sig) - if #pub ~= 32 then - return nil, "the EdDSA25519 SHA-512 supported public key size is 256 bits" - end - if #sig ~= 64 then - return nil, "the EdDSA25519 SHA-512 supported signature size is 256 bits" - end - if hogweed.nettle_ed25519_sha512_verify(pub, #msg, msg, sig) ~= 1 then - return nil, "unable to EdDSA25519 SHA-512 verify" - end - return true + if #pub ~= 32 then + return nil, "the EdDSA25519 SHA-512 supported public key size is 256 bits" + end + if #sig ~= 64 then + return nil, "the EdDSA25519 SHA-512 supported signature size is 512 bits" + end + if hogweed.nettle_ed25519_sha512_verify(pub, #msg, msg, sig) ~= 1 then + return nil, "unable to EdDSA25519 SHA-512 verify" + end + return true end return ed diff --git a/lib/resty/nettle/eddsa.lua b/lib/resty/nettle/eddsa.lua new file mode 100644 index 0000000..2032728 --- /dev/null +++ b/lib/resty/nettle/eddsa.lua @@ -0,0 +1,2 @@ +return require "resty.nettle.ed25519-sha512" + diff --git a/lib/resty/nettle/gmp.lua b/lib/resty/nettle/gmp.lua index b6f3324..356f2b8 100644 --- a/lib/resty/nettle/gmp.lua +++ b/lib/resty/nettle/gmp.lua @@ -1,54 +1,55 @@ -local ffi = require "ffi" +local ffi = require "ffi" local ffi_load = ffi.load -local ipairs = ipairs -local pcall = pcall -local lib_path = _GMP_LIB_PATH +local ipairs = ipairs +local assert = assert +local pcall = pcall +local lib_path = _GMP_LIB_PATH -- luacheck: ignore if lib_path then - local sub = string.sub - local sep = sub(package.config, 1, 1) or "/" - if sub(lib_path, -1) ~= sep then - lib_path = lib_path .. sep - end + local sub = string.sub + local sep = sub(package.config, 1, 1) or "/" + if sub(lib_path, -1) ~= sep then + lib_path = lib_path .. sep + end end local function L() - local ok, lib + local ok, lib - if lib_path then - for _, t in ipairs{ "so", "dylib", "dll" } do - ok, lib = pcall(ffi_load, lib_path .. "libgmp." .. t) - if ok and lib then return lib end - ok, lib = pcall(ffi_load, lib_path .. "gmp." .. t) - if ok and lib then return lib end - for i = 10, 3, -1 do - ok, lib = pcall(ffi_load, lib_path .. "libgmp." .. t .. "." .. i) - if ok and lib then return lib end - ok, lib = pcall(ffi_load, lib_path .. "gmp." .. t .. "." .. i) - if ok and lib then return lib end - ok, lib = pcall(ffi_load, lib_path .. "gmp." .. i) - if ok and lib then return lib end - end - end + if lib_path then + for _, t in ipairs { "so", "dylib", "dll" } do + ok, lib = pcall(ffi_load, lib_path .. "libgmp." .. t) + if ok and lib then return lib end + ok, lib = pcall(ffi_load, lib_path .. "gmp." .. t) + if ok and lib then return lib end + for i = 10, 3, -1 do + ok, lib = pcall(ffi_load, lib_path .. "libgmp." .. t .. "." .. i) + if ok and lib then return lib end + ok, lib = pcall(ffi_load, lib_path .. "gmp." .. t .. "." .. i) + if ok and lib then return lib end + ok, lib = pcall(ffi_load, lib_path .. "gmp." .. i) + if ok and lib then return lib end + end end + end - ok, lib = pcall(ffi_load, "gmp") - if ok and lib then return lib end + ok, lib = pcall(ffi_load, "gmp") + if ok and lib then return lib end - for _, t in ipairs{ "so", "dylib", "dll" } do - ok, lib = pcall(ffi_load, "gmp." .. t) - if ok and lib then return lib end - for i = 10, 3, -1 do - ok, lib = pcall(ffi_load, "gmp." .. i) - if ok and lib then return lib end - ok, lib = pcall(ffi_load, "gmp." .. t .. "." .. i) - if ok and lib then return lib end - ok, lib = pcall(ffi_load, "libgmp." .. t .. "." .. i) - if ok and lib then return lib end - end + for _, t in ipairs { "so", "dylib", "dll" } do + ok, lib = pcall(ffi_load, "gmp." .. t) + if ok and lib then return lib end + for i = 10, 3, -1 do + ok, lib = pcall(ffi_load, "gmp." .. i) + if ok and lib then return lib end + ok, lib = pcall(ffi_load, "gmp." .. t .. "." .. i) + if ok and lib then return lib end + ok, lib = pcall(ffi_load, "libgmp." .. t .. "." .. i) + if ok and lib then return lib end end + end - return nil, "unable to load gmp" + return nil, "unable to load gmp" end -return L() +return (assert(L())) diff --git a/lib/resty/nettle/gosthash94.lua b/lib/resty/nettle/gosthash94.lua index c0b7783..4b660b0 100644 --- a/lib/resty/nettle/gosthash94.lua +++ b/lib/resty/nettle/gosthash94.lua @@ -1,49 +1,35 @@ -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_str = ffi.string +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.gosthash94" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_str = ffi.string local setmetatable = setmetatable -ffi_cdef[[ -typedef struct gosthash94_ctx { - uint32_t hash[8]; - uint32_t sum[8]; - uint8_t message[32]; - uint64_t length; -} NETTLE_GOSTHASH94_CTX; -void nettle_gosthash94_init(struct gosthash94_ctx *ctx); -void nettle_gosthash94_update(struct gosthash94_ctx *ctx, size_t length, const uint8_t *data); -void nettle_gosthash94_digest(struct gosthash94_ctx *ctx, size_t length, uint8_t *digest); -]] - -local ctx = ffi_typeof "NETTLE_GOSTHASH94_CTX[1]" -local buf = ffi_new("uint8_t[?]", 32) local gosthash94 = setmetatable({}, { - __call = function(_, data, len) - local context = ffi_new(ctx) - lib.nettle_gosthash94_init(context) - lib.nettle_gosthash94_update(context, len or #data, data) - lib.nettle_gosthash94_digest(context, 32, buf) - return ffi_str(buf, 32) - end + __call = function(_, data, len) + local ctx = ffi_new(context) + lib.nettle_gosthash94_init(ctx) + lib.nettle_gosthash94_update(ctx, len or #data, data) + lib.nettle_gosthash94_digest(ctx, 32, types.uint8_t_32) + return ffi_str(types.uint8_t_32, 32) + end }) gosthash94.__index = gosthash94 function gosthash94.new() - local self = setmetatable({ context = ffi_new(ctx) }, gosthash94) - lib.nettle_gosthash94_init(self.context) - return self + local self = setmetatable({ context = ffi_new(context) }, gosthash94) + lib.nettle_gosthash94_init(self.context) + return self end function gosthash94:update(data, len) - return lib.nettle_gosthash94_update(self.context, len or #data, data) + return lib.nettle_gosthash94_update(self.context, len or #data, data) end function gosthash94:digest() - lib.nettle_gosthash94_digest(self.context, 32, buf) - return ffi_str(buf, 32) + lib.nettle_gosthash94_digest(self.context, 32, types.uint8_t_32) + return ffi_str(types.uint8_t_32, 32) end return gosthash94 diff --git a/lib/resty/nettle/hash.lua b/lib/resty/nettle/hash.lua deleted file mode 100644 index ed6288a..0000000 --- a/lib/resty/nettle/hash.lua +++ /dev/null @@ -1,25 +0,0 @@ -require "resty.nettle.types.hash" -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local tonumber = tonumber -local ffi_str = ffi.string -local hashes = {} -do - local i, hs = 0, lib.nettle_hashes - while hs[i] ~= nil do - local hash = { - name = ffi_str(hs[i].name), - context_size = tonumber(hs[i].context_size), - block_size = tonumber(hs[i].block_size), - init = hs[i].init, - update = hs[i].update, - digest = hs[i].digest - } - hashes[i+1] = hash - hashes[hash.name] = hash - i=i+1 - end -end -return { - hashes = hashes -} diff --git a/lib/resty/nettle/hmac.lua b/lib/resty/nettle/hmac.lua index 129470d..e648a4d 100644 --- a/lib/resty/nettle/hmac.lua +++ b/lib/resty/nettle/hmac.lua @@ -1,180 +1,120 @@ -require "resty.nettle.types.md5" -require "resty.nettle.types.ripemd160" -require "resty.nettle.types.sha1" -require "resty.nettle.types.sha2" - -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_str = ffi.string +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.hmac" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_str = ffi.string +local lower = string.lower local setmetatable = setmetatable -ffi_cdef[[ -typedef struct hmac_md5_ctx { - struct md5_ctx outer; - struct md5_ctx inner; - struct md5_ctx state; -} NETTLE_HMAC_MD5_CTX; -void nettle_hmac_md5_set_key(struct hmac_md5_ctx *ctx, size_t key_length, const uint8_t *key); -void nettle_hmac_md5_update (struct hmac_md5_ctx *ctx, size_t length, const uint8_t *data); -void nettle_hmac_md5_digest (struct hmac_md5_ctx *ctx, size_t length, uint8_t *digest); -typedef struct hmac_sha1_ctx { - struct sha1_ctx outer; - struct sha1_ctx inner; - struct sha1_ctx state; -} NETTLE_HMAC_SHA1_CTX; -void nettle_hmac_sha1_set_key(struct hmac_sha1_ctx *ctx, size_t key_length, const uint8_t *key); -void nettle_hmac_sha1_update (struct hmac_sha1_ctx *ctx, size_t length, const uint8_t *data); -void nettle_hmac_sha1_digest (struct hmac_sha1_ctx *ctx, size_t length, uint8_t *digest); -typedef struct hmac_sha256_ctx { - struct sha256_ctx outer; - struct sha256_ctx inner; - struct sha256_ctx state; -} NETTLE_HMAC_SHA256_CTX; -void nettle_hmac_sha224_set_key(struct hmac_sha256_ctx *ctx, size_t key_length, const uint8_t *key); -void nettle_hmac_sha224_digest (struct hmac_sha256_ctx *ctx, size_t length, uint8_t *digest); -void nettle_hmac_sha256_set_key(struct hmac_sha256_ctx *ctx, size_t key_length, const uint8_t *key); -void nettle_hmac_sha256_update (struct hmac_sha256_ctx *ctx, size_t length, const uint8_t *data); -void nettle_hmac_sha256_digest (struct hmac_sha256_ctx *ctx, size_t length, uint8_t *digest); -typedef struct hmac_sha512_ctx { - struct sha512_ctx outer; - struct sha512_ctx inner; - struct sha512_ctx state; -} NETTLE_HMAC_SHA512_CTX; -void nettle_hmac_sha384_set_key(struct hmac_sha512_ctx *ctx, size_t key_length, const uint8_t *key); -void nettle_hmac_sha384_digest (struct hmac_sha512_ctx *ctx, size_t length, uint8_t *digest); -void nettle_hmac_sha512_set_key(struct hmac_sha512_ctx *ctx, size_t key_length, const uint8_t *key); -void nettle_hmac_sha512_update (struct hmac_sha512_ctx *ctx, size_t length, const uint8_t *data); -void nettle_hmac_sha512_digest (struct hmac_sha512_ctx *ctx, size_t length, uint8_t *digest); -typedef struct hmac_ripemd160_ctx { - struct ripemd160_ctx outer; - struct ripemd160_ctx inner; - struct ripemd160_ctx state; -} NETTLE_HMAC_RIPEMD160_CTX; -void nettle_hmac_ripemd160_set_key(struct hmac_ripemd160_ctx *ctx, size_t key_length, const uint8_t *key); -void nettle_hmac_ripemd160_update (struct hmac_ripemd160_ctx *ctx, size_t length, const uint8_t *data); -void nettle_hmac_ripemd160_digest (struct hmac_ripemd160_ctx *ctx, size_t length, uint8_t *digest); -]] - -local uint8t = ffi_typeof "uint8_t[?]" -local ctxmd5 = ffi_typeof "NETTLE_HMAC_MD5_CTX[1]" -local ctx160 = ffi_typeof "NETTLE_HMAC_RIPEMD160_CTX[1]" -local ctxsha = ffi_typeof "NETTLE_HMAC_SHA1_CTX[1]" -local ctx256 = ffi_typeof "NETTLE_HMAC_SHA256_CTX[1]" -local ctx512 = ffi_typeof "NETTLE_HMAC_SHA512_CTX[1]" -local buf128 = ffi_new(uint8t, 16) -local buf160 = ffi_new(uint8t, 20) -local buf224 = ffi_new(uint8t, 28) -local buf256 = ffi_new(uint8t, 32) -local buf384 = ffi_new(uint8t, 48) -local buf512 = ffi_new(uint8t, 64) - local hmacs = { - md5 = { - length = 16, - context = ctxmd5, - buffer = buf128, - setkey = lib.nettle_hmac_md5_set_key, - update = lib.nettle_hmac_md5_update, - digest = lib.nettle_hmac_md5_digest - }, - sha1 = { - length = 20, - context = ctxsha, - buffer = buf160, - setkey = lib.nettle_hmac_sha1_set_key, - update = lib.nettle_hmac_sha1_update, - digest = lib.nettle_hmac_sha1_digest - }, - sha224 = { - length = 28, - context = ctx256, - buffer = buf224, - setkey = lib.nettle_hmac_sha224_set_key, - update = lib.nettle_hmac_sha256_update, - digest = lib.nettle_hmac_sha224_digest - }, - sha256 = { - length = 32, - context = ctx256, - buffer = buf256, - setkey = lib.nettle_hmac_sha256_set_key, - update = lib.nettle_hmac_sha256_update, - digest = lib.nettle_hmac_sha256_digest - }, - sha384 = { - length = 48, - context = ctx512, - buffer = buf384, - setkey = lib.nettle_hmac_sha384_set_key, - update = lib.nettle_hmac_sha512_update, - digest = lib.nettle_hmac_sha384_digest - }, - sha512 = { - length = 64, - context = ctx512, - buffer = buf512, - setkey = lib.nettle_hmac_sha512_set_key, - update = lib.nettle_hmac_sha512_update, - digest = lib.nettle_hmac_sha512_digest - }, - ripemd160 = { - length = 20, - context = ctx160, - buffer = buf160, - setkey = lib.nettle_hmac_ripemd160_set_key, - update = lib.nettle_hmac_ripemd160_update, - digest = lib.nettle_hmac_ripemd160_digest - } + md5 = { + length = 16, + context = context.md5, + buffer = types.uint8_t_16, + setkey = lib.nettle_hmac_md5_set_key, + update = lib.nettle_hmac_md5_update, + digest = lib.nettle_hmac_md5_digest, + }, + ripemd160 = { + length = 20, + context = context.ripemd160, + buffer = types.uint8_t_20, + setkey = lib.nettle_hmac_ripemd160_set_key, + update = lib.nettle_hmac_ripemd160_update, + digest = lib.nettle_hmac_ripemd160_digest, + }, + sha1 = { + length = 20, + context = context.sha1, + buffer = types.uint8_t_20, + setkey = lib.nettle_hmac_sha1_set_key, + update = lib.nettle_hmac_sha1_update, + digest = lib.nettle_hmac_sha1_digest, + }, + sha224 = { + length = 28, + context = context.sha224, + buffer = types.uint8_t_28, + setkey = lib.nettle_hmac_sha224_set_key, + update = lib.nettle_hmac_sha256_update, + digest = lib.nettle_hmac_sha224_digest, + }, + sha256 = { + length = 32, + context = context.sha256, + buffer = types.uint8_t_32, + setkey = lib.nettle_hmac_sha256_set_key, + update = lib.nettle_hmac_sha256_update, + digest = lib.nettle_hmac_sha256_digest, + }, + sha384 = { + length = 48, + context = context.sha384, + buffer = types.uint8_t_48, + setkey = lib.nettle_hmac_sha384_set_key, + update = lib.nettle_hmac_sha512_update, + digest = lib.nettle_hmac_sha384_digest, + }, + sha512 = { + length = 64, + context = context.sha512, + buffer = types.uint8_t_64, + setkey = lib.nettle_hmac_sha512_set_key, + update = lib.nettle_hmac_sha512_update, + digest = lib.nettle_hmac_sha512_digest, + }, } local hmac = {} hmac.__index = hmac function hmac:update(data, len) - return self.hmac.update(self.context, len or #data, data) + return self.hmac.update(self.context, len or #data, data) end function hmac:digest() - local hmac = self.hmac - hmac.digest(self.context, hmac.length, hmac.buffer) - return ffi_str(hmac.buffer, hmac.length) + local hmc = self.hmac + hmc.digest(self.context, hmc.length, hmc.buffer) + return ffi_str(hmc.buffer, hmc.length) end local function factory(mac) - return setmetatable({ new = function(key) - local ctx = ffi_new(mac.context) - mac.setkey(ctx, #key, key) - return setmetatable({ context = ctx, hmac = mac }, hmac) - end }, { - __call = function(_, key, data, len) - local ctx = ffi_new(mac.context) - mac.setkey(ctx, #key, key) - mac.update(ctx, len or #data, data) - mac.digest(ctx, mac.length, mac.buffer) - return ffi_str(mac.buffer, mac.length) - end - }) + return setmetatable({ + new = function(key) + local ctx = ffi_new(mac.context) + mac.setkey(ctx, #key, key) + return setmetatable({ context = ctx, hmac = mac }, hmac) + end + }, { + __call = function(_, key, data, len) + local ctx = ffi_new(mac.context) + mac.setkey(ctx, #key, key) + mac.update(ctx, len or #data, data) + mac.digest(ctx, mac.length, mac.buffer) + return ffi_str(mac.buffer, mac.length) + end + }) end return setmetatable({ - md5 = factory(hmacs.md5), - sha1 = factory(hmacs.sha1), - sha224 = factory(hmacs.sha224), - sha256 = factory(hmacs.sha256), - sha384 = factory(hmacs.sha384), - sha512 = factory(hmacs.sha512), - ripemd160 = factory(hmacs.ripemd160), -}, { __call = function(_, algorithm, key, data, len) - local mac = hmacs[algorithm:lower()] + md5 = factory(hmacs.md5), + ripemd160 = factory(hmacs.ripemd160), + sha1 = factory(hmacs.sha1), + sha224 = factory(hmacs.sha224), + sha256 = factory(hmacs.sha256), + sha384 = factory(hmacs.sha384), + sha512 = factory(hmacs.sha512), +}, { + __call = function(_, algorithm, key, data, len) + local mac = hmacs[lower(algorithm)] if not mac then - return nil, "the supported HMAC algorithms are MD5, SHA1, SHA224, SHA256, SHA384, SHA512, and RIPEMD160" + return nil, "the supported HMAC algorithms are MD5, SHA1, SHA224, SHA256, SHA384, SHA512, and RIPEMD160" end local ctx = ffi_new(mac.context) mac.setkey(ctx, #key, key) mac.update(ctx, len or #data, data) mac.digest(ctx, mac.length, mac.buffer) return ffi_str(mac.buffer, mac.length) -end }) + end +}) diff --git a/lib/resty/nettle/hogweed.lua b/lib/resty/nettle/hogweed.lua index ab55538..9cfdd6f 100644 --- a/lib/resty/nettle/hogweed.lua +++ b/lib/resty/nettle/hogweed.lua @@ -1,53 +1,54 @@ -local ffi = require "ffi" +local ffi = require "ffi" local ffi_load = ffi.load -local ipairs = ipairs -local pcall = pcall -local lib_path = _HOGWEED_LIB_PATH +local ipairs = ipairs +local assert = assert +local pcall = pcall +local lib_path = _HOGWEED_LIB_PATH -- luacheck: ignore if lib_path then - local sub = string.sub - local sep = sub(package.config, 1, 1) or "/" - if sub(lib_path, -1) ~= sep then - lib_path = lib_path .. sep - end + local sub = string.sub + local sep = sub(package.config, 1, 1) or "/" + if sub(lib_path, -1) ~= sep then + lib_path = lib_path .. sep + end end local function L() - local ok, lib + local ok, lib - if lib_path then - for _, t in ipairs{ "so", "dylib", "dll" } do - ok, lib = pcall(ffi_load, lib_path .. "libhogweed." .. t) - if ok and lib then return lib end - ok, lib = pcall(ffi_load, lib_path .. "hogweed." .. t) - if ok and lib then return lib end - for i = 4, 2, -1 do - ok, lib = pcall(ffi_load, lib_path .. "libhogweed." .. t .. "." .. i) - if ok and lib then return lib end - ok, lib = pcall(ffi_load, lib_path .. "hogweed." .. t .. "." .. i) - if ok and lib then return lib end - ok, lib = pcall(ffi_load, lib_path .. "hogweed." .. i) - if ok and lib then return lib end - end - end + if lib_path then + for _, t in ipairs { "so", "dylib", "dll" } do + ok, lib = pcall(ffi_load, lib_path .. "libhogweed." .. t) + if ok and lib then return lib end + ok, lib = pcall(ffi_load, lib_path .. "hogweed." .. t) + if ok and lib then return lib end + for i = 5, 4, -1 do + ok, lib = pcall(ffi_load, lib_path .. "libhogweed." .. t .. "." .. i) + if ok and lib then return lib end + ok, lib = pcall(ffi_load, lib_path .. "hogweed." .. t .. "." .. i) + if ok and lib then return lib end + ok, lib = pcall(ffi_load, lib_path .. "hogweed." .. i) + if ok and lib then return lib end + end end + end - ok, lib = pcall(ffi_load, "hogweed") - if ok and lib then return lib end + ok, lib = pcall(ffi_load, "hogweed") + if ok and lib then return lib end - for _, t in ipairs{ "so", "dylib", "dll" } do - ok, lib = pcall(ffi_load, "hogweed." .. t) - if ok and lib then return lib end - for i = 4, 2, -1 do - ok, lib = pcall(ffi_load, "hogweed." .. i) - if ok and lib then return lib end - ok, lib = pcall(ffi_load, "hogweed." .. t .. "." .. i) - if ok and lib then return lib end - ok, lib = pcall(ffi_load, "libhogweed." .. t .. "." .. i) - if ok and lib then return lib end - end + for _, t in ipairs { "so", "dylib", "dll" } do + ok, lib = pcall(ffi_load, "hogweed." .. t) + if ok and lib then return lib end + for i = 5, 4, -1 do + ok, lib = pcall(ffi_load, "hogweed." .. i) + if ok and lib then return lib end + ok, lib = pcall(ffi_load, "hogweed." .. t .. "." .. i) + if ok and lib then return lib end + ok, lib = pcall(ffi_load, "libhogweed." .. t .. "." .. i) + if ok and lib then return lib end end - return nil, "unable to load hogweed" + end + return nil, "unable to load hogweed" end -return L() +return (assert(L())) diff --git a/lib/resty/nettle/knuth-lfib.lua b/lib/resty/nettle/knuth-lfib.lua index cfe1b0b..1a3d5ed 100644 --- a/lib/resty/nettle/knuth-lfib.lua +++ b/lib/resty/nettle/knuth-lfib.lua @@ -1,57 +1,42 @@ -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_str = ffi.string +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.knuth-lfib" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_str = ffi.string local setmetatable = setmetatable -ffi_cdef[[ -typedef struct knuth_lfib_ctx { - uint32_t x[100]; - unsigned index; -} NETTLE_KNUTH_LFIB_CTX; -void nettle_knuth_lfib_init(struct knuth_lfib_ctx *ctx, uint32_t seed); -uint32_t nettle_knuth_lfib_get(struct knuth_lfib_ctx *ctx); -void nettle_knuth_lfib_get_array(struct knuth_lfib_ctx *ctx, size_t n, uint32_t *a); -void nettle_knuth_lfib_random(struct knuth_lfib_ctx *ctx, size_t n, uint8_t *dst); -]] - -local uint8t = ffi_typeof "uint8_t[?]" -local uint32t = ffi_typeof "uint32_t[?]" -local ctx = ffi_typeof "NETTLE_KNUTH_LFIB_CTX[1]" - local knuth = { func = lib.nettle_knuth_lfib_random } knuth.__index = knuth function knuth.context(seed) - local context = ffi_new(ctx) - lib.nettle_knuth_lfib_init(context, seed or 0) - return context + local ctx = ffi_new(context) + lib.nettle_knuth_lfib_init(ctx, seed or 0) + return ctx end function knuth.new(seed) - local self = setmetatable({ context = ffi_new(ctx) }, knuth) - lib.nettle_knuth_lfib_init(self.context, seed or 0) - return self + local self = setmetatable({ context = ffi_new(context) }, knuth) + lib.nettle_knuth_lfib_init(self.context, seed or 0) + return self end function knuth:number() - return lib.nettle_knuth_lfib_get(self.context) + return lib.nettle_knuth_lfib_get(self.context) end function knuth:array(n) - local b = ffi_new(uint32t, n) - lib.nettle_knuth_lfib_get_array(self.context, n, b) - local r = {} - for i=1, n do r[i] = b[i-1] end - return r + local b = ffi_new(types.uint32_t, n) + lib.nettle_knuth_lfib_get_array(self.context, n, b) + local r = {} + for i = 1, n do r[i] = b[i - 1] end + return r end function knuth:random(n) - local b = ffi_new(uint8t, n) - lib.nettle_knuth_lfib_random(self.context, n, b) - return ffi_str(b, n) + local b = ffi_new(types.uint8_t, n) + lib.nettle_knuth_lfib_random(self.context, n, b) + return ffi_str(b, n) end return knuth diff --git a/lib/resty/nettle/library.lua b/lib/resty/nettle/library.lua index 54e746c..9cddfe6 100644 --- a/lib/resty/nettle/library.lua +++ b/lib/resty/nettle/library.lua @@ -1,63 +1,55 @@ -local ffi = require "ffi" +require "resty.nettle.types.nettle-types" + +local ffi = require "ffi" local ffi_load = ffi.load -local ffi_cdef = ffi.cdef -local ipairs = ipairs -local pcall = pcall -local lib_path = _NETTLE_LIB_PATH +local ipairs = ipairs +local assert = assert +local pcall = pcall +local lib_path = _NETTLE_LIB_PATH -- luacheck: ignore if lib_path then - local sub = string.sub - local sep = sub(package.config, 1, 1) or "/" - if sub(lib_path, -1) ~= sep then - lib_path = lib_path .. sep - end + local sub = string.sub + local sep = sub(package.config, 1, 1) or "/" + if sub(lib_path, -1) ~= sep then + lib_path = lib_path .. sep + end end - -ffi_cdef[[ -union nettle_block16 { uint8_t b[16]; unsigned long w[16 / sizeof(unsigned long)]; }; -typedef void *nettle_realloc_func(void *ctx, void *p, size_t length); -typedef void nettle_cipher_func(const void *ctx, size_t length, uint8_t *dst, const uint8_t *src); -typedef void nettle_random_func(void *ctx, size_t length, uint8_t *dst); -typedef void nettle_progress_func(void *ctx, int c); -]] - local function L() - local ok, lib + local ok, lib - if lib_path then - for _, t in ipairs{ "so", "dylib", "dll" } do - ok, lib = pcall(ffi_load, lib_path .. "libnettle." .. t) - if ok and lib then return lib end - ok, lib = pcall(ffi_load, lib_path .. "nettle." .. t) - if ok and lib then return lib end - for i = 6, 4, -1 do - ok, lib = pcall(ffi_load, lib_path .. "libnettle." .. t .. "." .. i) - if ok and lib then return lib end - ok, lib = pcall(ffi_load, lib_path .. "nettle." .. t .. "." .. i) - if ok and lib then return lib end - ok, lib = pcall(ffi_load, lib_path .. "nettle." .. i) - if ok and lib then return lib end - end - end + if lib_path then + for _, t in ipairs { "so", "dylib", "dll" } do + ok, lib = pcall(ffi_load, lib_path .. "libnettle." .. t) + if ok and lib then return lib end + ok, lib = pcall(ffi_load, lib_path .. "nettle." .. t) + if ok and lib then return lib end + for i = 7, 6, -1 do + ok, lib = pcall(ffi_load, lib_path .. "libnettle." .. t .. "." .. i) + if ok and lib then return lib end + ok, lib = pcall(ffi_load, lib_path .. "nettle." .. t .. "." .. i) + if ok and lib then return lib end + ok, lib = pcall(ffi_load, lib_path .. "nettle." .. i) + if ok and lib then return lib end + end end + end - ok, lib = pcall(ffi_load, "nettle") + ok, lib = pcall(ffi_load, "nettle") + if ok and lib then return lib end + for _, t in ipairs { "so", "dylib", "dll" } do + ok, lib = pcall(ffi_load, "nettle." .. t) if ok and lib then return lib end - for _, t in ipairs{ "so", "dylib", "dll" } do - ok, lib = pcall(ffi_load, "nettle." .. t) - if ok and lib then return lib end - if ok and lib then return lib end - for i = 6, 4, -1 do - ok, lib = pcall(ffi_load, "nettle." .. i) - if ok and lib then return lib end - ok, lib = pcall(ffi_load, "nettle." .. t .. "." .. i) - if ok and lib then return lib end - ok, lib = pcall(ffi_load, "libnettle." .. t .. "." .. i) - if ok and lib then return lib end - end + for i = 7, 6, -1 do + ok, lib = pcall(ffi_load, "nettle." .. i) + if ok and lib then return lib end + ok, lib = pcall(ffi_load, "nettle." .. t .. "." .. i) + if ok and lib then return lib end + ok, lib = pcall(ffi_load, "libnettle." .. t .. "." .. i) + if ok and lib then return lib end end - return nil, "unable to load nettle" + end + return nil, "unable to load nettle" end -return L() +return (assert(L())) diff --git a/lib/resty/nettle/md2.lua b/lib/resty/nettle/md2.lua index 6f17e4f..c1fde8a 100644 --- a/lib/resty/nettle/md2.lua +++ b/lib/resty/nettle/md2.lua @@ -1,49 +1,35 @@ -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_str = ffi.string +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.md2" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_str = ffi.string local setmetatable = setmetatable -ffi_cdef[[ -typedef struct md2_ctx { - uint8_t C[16]; - uint8_t X[48]; - uint8_t block[16]; - unsigned index; -} NETTLE_MD2_CTX; -void nettle_md2_init(struct md2_ctx *ctx); -void nettle_md2_update(struct md2_ctx *ctx, size_t length, const uint8_t *data); -void nettle_md2_digest(struct md2_ctx *ctx, size_t length, uint8_t *digest); -]] - -local ctx = ffi_typeof "NETTLE_MD2_CTX[1]" -local buf = ffi_new("uint8_t[?]", 16) local md2 = setmetatable({}, { - __call = function(_, data, len) - local context = ffi_new(ctx) - lib.nettle_md2_init(context) - lib.nettle_md2_update(context, len or #data, data) - lib.nettle_md2_digest(context, 16, buf) - return ffi_str(buf, 16) - end + __call = function(_, data, len) + local ctx = ffi_new(context) + lib.nettle_md2_init(ctx) + lib.nettle_md2_update(ctx, len or #data, data) + lib.nettle_md2_digest(ctx, 16, types.uint8_t_16) + return ffi_str(types.uint8_t_16, 16) + end }) md2.__index = md2 function md2.new() - local self = setmetatable({ context = ffi_new(ctx) }, md2) - lib.nettle_md2_init(self.context) - return self + local self = setmetatable({ context = ffi_new(context) }, md2) + lib.nettle_md2_init(self.context) + return self end function md2:update(data, len) - return lib.nettle_md2_update(self.context, len or #data, data) + return lib.nettle_md2_update(self.context, len or #data, data) end function md2:digest() - lib.nettle_md2_digest(self.context, 16, buf) - return ffi_str(buf, 16) + lib.nettle_md2_digest(self.context, 16, types.uint8_t_16) + return ffi_str(types.uint8_t_16, 16) end return md2 diff --git a/lib/resty/nettle/md4.lua b/lib/resty/nettle/md4.lua index 5256277..5d8345d 100644 --- a/lib/resty/nettle/md4.lua +++ b/lib/resty/nettle/md4.lua @@ -1,49 +1,35 @@ -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_str = ffi.string +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.md4" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_str = ffi.string local setmetatable = setmetatable -ffi_cdef[[ -typedef struct md4_ctx { - uint32_t state[16]; - uint64_t count; - uint8_t block[64]; - unsigned index; -} NETTLE_MD4_CTX; -void nettle_md4_init(struct md4_ctx *ctx); -void nettle_md4_update(struct md4_ctx *ctx, size_t length, const uint8_t *data); -void nettle_md4_digest(struct md4_ctx *ctx, size_t length, uint8_t *digest); -]] - -local ctx = ffi_typeof "NETTLE_MD4_CTX[1]" -local buf = ffi_new("uint8_t[?]", 16) local md4 = setmetatable({}, { - __call = function(_, data, len) - local context = ffi_new(ctx) - lib.nettle_md4_init(context) - lib.nettle_md4_update(context, len or #data, data) - lib.nettle_md4_digest(context, 16, buf) - return ffi_str(buf, 16) - end + __call = function(_, data, len) + local ctx = ffi_new(context) + lib.nettle_md4_init(ctx) + lib.nettle_md4_update(ctx, len or #data, data) + lib.nettle_md4_digest(ctx, 16, types.uint8_t_16) + return ffi_str(types.uint8_t_16, 16) + end }) md4.__index = md4 function md4.new() - local self = setmetatable({ context = ffi_new(ctx) }, md4) - lib.nettle_md4_init(self.context) - return self + local self = setmetatable({ context = ffi_new(context) }, md4) + lib.nettle_md4_init(self.context) + return self end function md4:update(data, len) - return lib.nettle_md4_update(self.context, len or #data, data) + return lib.nettle_md4_update(self.context, len or #data, data) end function md4:digest() - lib.nettle_md4_digest(self.context, 16, buf) - return ffi_str(buf, 16) + lib.nettle_md4_digest(self.context, 16, types.uint8_t_16) + return ffi_str(types.uint8_t_16, 16) end return md4 diff --git a/lib/resty/nettle/md5.lua b/lib/resty/nettle/md5.lua index fc5c92b..070a1c1 100644 --- a/lib/resty/nettle/md5.lua +++ b/lib/resty/nettle/md5.lua @@ -1,45 +1,35 @@ -require "resty.nettle.types.md5" - -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_str = ffi.string +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.md5" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_str = ffi.string local setmetatable = setmetatable -ffi_cdef[[ -void nettle_md5_init(struct md5_ctx *ctx); -void nettle_md5_update(struct md5_ctx *ctx, size_t length, const uint8_t *data); -void nettle_md5_digest(struct md5_ctx *ctx, size_t length, uint8_t *digest); -]] - -local ctx = ffi_typeof "NETTLE_MD5_CTX[1]" -local buf = ffi_new("uint8_t[?]", 16) local md5 = setmetatable({}, { - __call = function(_, data, len) - local context = ffi_new(ctx) - lib.nettle_md5_init(context) - lib.nettle_md5_update(context, len or #data, data) - lib.nettle_md5_digest(context, 16, buf) - return ffi_str(buf, 16) - end + __call = function(_, data, len) + local ctx = ffi_new(context) + lib.nettle_md5_init(ctx) + lib.nettle_md5_update(ctx, len or #data, data) + lib.nettle_md5_digest(ctx, 16, types.uint8_t_16) + return ffi_str(types.uint8_t_16, 16) + end }) md5.__index = md5 function md5.new() - local self = setmetatable({ context = ffi_new(ctx) }, md5) - lib.nettle_md5_init(self.context) - return self + local self = setmetatable({ context = ffi_new(context) }, md5) + lib.nettle_md5_init(self.context) + return self end function md5:update(data, len) - return lib.nettle_md5_update(self.context, len or #data, data) + return lib.nettle_md5_update(self.context, len or #data, data) end function md5:digest() - lib.nettle_md5_digest(self.context, 16, buf) - return ffi_str(buf, 16) + lib.nettle_md5_digest(self.context, 16, types.uint8_t_16) + return ffi_str(types.uint8_t_16, 16) end return md5 diff --git a/lib/resty/nettle/mpz.lua b/lib/resty/nettle/mpz.lua index acf2d0a..7d065a7 100644 --- a/lib/resty/nettle/mpz.lua +++ b/lib/resty/nettle/mpz.lua @@ -1,78 +1,67 @@ require "resty.nettle.types.mpz" -local gmp = require "resty.nettle.gmp" -local ffi = require "ffi" -local ffi_gc = ffi.gc -local ffi_str = ffi.string -local ffi_new = ffi.new -local ffi_cdef = ffi.cdef -local ffi_typeof = ffi.typeof -local type = type +local context = require "resty.nettle.types.mpz" +local types = require "resty.nettle.types.common" +local hogweed = require "resty.nettle.hogweed" +local gmp = require "resty.nettle.gmp" -ffi_cdef[[ -void __gmpz_init(mpz_t); -void __gmpz_clear(mpz_ptr); -size_t __gmpz_sizeinbase(const mpz_t op, int base); -char * __gmpz_get_str(char *str, int base, const mpz_t op); -int __gmpz_set_str(mpz_t rop, const char *str, int base); -void __gmpz_set_ui(mpz_t, unsigned long int iv); -int __gmpz_invert(mpz_ptr, mpz_srcptr, mpz_srcptr); -void __gmpz_sub_ui(mpz_ptr, mpz_srcptr, unsigned long int); -void __gmpz_fdiv_r(mpz_ptr, mpz_srcptr, mpz_srcptr); -]] - -local ctx = ffi_typeof "mpz_t" -local chr = ffi_typeof "char[?]" +local ffi = require "ffi" +local ffi_gc = ffi.gc +local ffi_str = ffi.string +local ffi_new = ffi.new +local type = type local mpz = {} mpz.__index = mpz -function mpz.new(value, base) - local context = ffi_gc(ffi_new(ctx), gmp.__gmpz_clear) - gmp.__gmpz_init(context) - if value then - local ok, err = mpz.set(context, value, base) - if not ok then - return nil, err - end +function mpz.new(value) + local mpz_t = ffi_gc(ffi_new(context), gmp.__gmpz_clear) + if value then + if type(value) == "string" then + hogweed.nettle_mpz_init_set_str_256_u(mpz_t, #value, value) + elseif type(value) == "number" then + gmp.__gmpz_init_set_ui(mpz_t, value) end - return context + else + gmp.__gmpz_init(mpz_t) + end + return mpz_t end -function mpz.sizeof(op, base) - return gmp.__gmpz_sizeinbase(op, base or 16) +function mpz.size(mpz_t) + return hogweed.nettle_mpz_sizeinbase_256_u(mpz_t) end -function mpz.string(op, base) - local l = mpz.sizeof(op, base) - local b = ffi_new(chr, l + 2) - return ffi_str(gmp.__gmpz_get_str(b, base or 16, op), l) +function mpz.invert(rop, op1, op2) + return gmp.__gmpz_invert(rop, op1, op2) end -function mpz.set(op, value, base) - local t = type(value) - if t == "string" then - if gmp.__gmpz_set_str(op, value, base or 16) ~= 0 then - return nil, "unable to set mpz_t value from a string" - end - elseif t == "number" then - gmp.__gmpz_set_ui(op, value) - else - return nil, "unable to set mpz_t value from an unsupported data type" - end - return true +function mpz.sub(rop, op1, op2) + gmp.__gmpz_sub_ui(rop, op1, op2) end -function mpz.invert(rop, op1, op2) - return gmp.__gmpz_invert(rop, op1, op2) +function mpz.div(rop, op1, op2) + gmp.__gmpz_fdiv_r(rop, op1, op2) end -function mpz.sub(rop, op1, op2) - gmp.__gmpz_sub_ui(rop, op1, op2) + +function mpz.set(mpz_t, value) + local t = type(value) + if t == "string" then + hogweed.nettle_mpz_set_str_256_u(mpz_t, #value, value) + elseif t == "number" then + gmp.__gmpz_set_ui(mpz_t, value) + else + return nil, "unable to set mpz_t value from an unsupported data type" + end + return true end -function mpz.div(rop, op1, op2) - gmp.__gmpz_fdiv_r(rop, op1, op2) +function mpz.tostring(mpz_t, len) + len = len or mpz.size(mpz_t) + local buf = ffi_new(types.uint8_t, len) + hogweed.nettle_mpz_get_str_256(len, buf, mpz_t) + return ffi_str(buf, len) end return mpz diff --git a/lib/resty/nettle/padding.lua b/lib/resty/nettle/padding.lua new file mode 100644 index 0000000..f672c17 --- /dev/null +++ b/lib/resty/nettle/padding.lua @@ -0,0 +1,11 @@ +return { + ansix923 = require "resty.nettle.padding.ansix923", + base64 = require "resty.nettle.padding.base64", + iso7816_4 = require "resty.nettle.padding.iso7816-4", + ["iso7816-4"] = require "resty.nettle.padding.iso7816-4", + iso10126 = require "resty.nettle.padding.iso10126", + nopadding = require "resty.nettle.padding.nopadding", + pkcs7 = require "resty.nettle.padding.pkcs7", + spacepadding = require "resty.nettle.padding.spacepadding", + zeropadding = require "resty.nettle.padding.zeropadding", +} diff --git a/lib/resty/nettle/padding/ansix923.lua b/lib/resty/nettle/padding/ansix923.lua index e1a8e58..e95fb92 100644 --- a/lib/resty/nettle/padding/ansix923.lua +++ b/lib/resty/nettle/padding/ansix923.lua @@ -1,42 +1,44 @@ -local string = string -local type = type -local char = string.char -local byte = string.byte -local rep = string.rep -local sub = string.sub +local string = string +local type = type +local char = string.char +local byte = string.byte +local rep = string.rep +local sub = string.sub local padding = {} function padding.pad(data, blocksize, optional) - blocksize = blocksize or 16 - if type(blocksize) ~= "number" then - return nil, "invalid block size data type" - end - if blocksize < 1 or blocksize > 256 then - return nil, "invalid block size" - end - local ps = blocksize - #data % blocksize - if optional and ps == blocksize then return data end - return data .. rep("\0", ps - 1) .. char(ps) + blocksize = blocksize or 16 + if type(blocksize) ~= "number" then + return nil, "invalid block size data type" + end + if blocksize < 1 or blocksize > 256 then + return nil, "invalid block size" + end + local ps = blocksize - #data % blocksize + if optional and ps == blocksize then return data end + return data .. rep("\0", ps - 1) .. char(ps) end + function padding.unpad(data, blocksize) - blocksize = blocksize or 16 - if type(blocksize) ~= "number" then - return nil, "invalid block size data type" - end - if blocksize < 1 or blocksize > 256 then - return nil, "invalid block size" - end - local len = #data - if len % blocksize ~= 0 then - return nil, "data length is not a multiple of the block size" - end - local chr = sub(data, -1) - local rem = byte(chr) - if rem > 0 and rem <= blocksize then - local chk = sub(data, -rem) - if chk == rep("\0", rem - 1) .. chr then - return sub(data, 1, len - rem) - end + blocksize = blocksize or 16 + if type(blocksize) ~= "number" then + return nil, "invalid block size data type" + end + if blocksize < 1 or blocksize > 256 then + return nil, "invalid block size" + end + local len = #data + if len % blocksize ~= 0 then + return nil, "data length is not a multiple of the block size" + end + local chr = sub(data, -1) + local rem = byte(chr) + if rem > 0 and rem <= blocksize then + local chk = sub(data, -rem) + if chk == rep("\0", rem - 1) .. chr then + return sub(data, 1, len - rem) end - return data + end + return data end + return padding diff --git a/lib/resty/nettle/padding/base64.lua b/lib/resty/nettle/padding/base64.lua index e4695cd..9231ad4 100644 --- a/lib/resty/nettle/padding/base64.lua +++ b/lib/resty/nettle/padding/base64.lua @@ -1,21 +1,23 @@ -local string = string -local gsub = string.gsub -local rep = string.rep +local string = string +local gsub = string.gsub +local rep = string.rep local padding = {} function padding.pad(data) - local n = #data % 4 - return n == 0 and data or (data .. rep("=", 4 - n)) + local n = #data % 4 + return n == 0 and data or (data .. rep("=", 4 - n)) end + function padding.unpad(data) - local len = #data - if len % 4 ~= 0 then - return nil, "data is incorrectly padded" - end - data = gsub(data, "=+$", "") - local rem = len - #data - if rem < 0 or rem > 2 then - return nil, "data has invalid padding" - end - return data + local len = #data + if len % 4 ~= 0 then + return nil, "data is incorrectly padded" + end + data = gsub(data, "=+$", "") + local rem = len - #data + if rem < 0 or rem > 2 then + return nil, "data has invalid padding" + end + return data end + return padding diff --git a/lib/resty/nettle/padding/iso10126.lua b/lib/resty/nettle/padding/iso10126.lua index 4f989ef..5fb087c 100644 --- a/lib/resty/nettle/padding/iso10126.lua +++ b/lib/resty/nettle/padding/iso10126.lua @@ -1,37 +1,38 @@ -local require = require -local yarrow = require "resty.nettle.yarrow".new(require "resty.nettle.knuth-lfib".new():random(32)) -local string = string -local type = type -local char = string.char -local byte = string.byte -local sub = string.sub +local random = require "resty.nettle.random" +local string = string +local type = type +local char = string.char +local byte = string.byte +local sub = string.sub local padding = {} function padding.pad(data, blocksize, optional) - blocksize = blocksize or 16 - if type(blocksize) ~= "number" then - return nil, "invalid block size data type" - end - if blocksize < 1 or blocksize > 256 then - return nil, "invalid block size" - end - local ps = blocksize - #data % blocksize - if optional and ps == blocksize then return data end - return data .. yarrow:random(ps - 1) .. char(ps) + blocksize = blocksize or 16 + if type(blocksize) ~= "number" then + return nil, "invalid block size data type" + end + if blocksize < 1 or blocksize > 256 then + return nil, "invalid block size" + end + local ps = blocksize - #data % blocksize + if optional and ps == blocksize then return data end + return data .. random.bytes(ps - 1) .. char(ps) end + function padding.unpad(data, blocksize) - blocksize = blocksize or 16 - if type(blocksize) ~= "number" then - return nil, "invalid block size data type" - end - if blocksize < 1 or blocksize > 256 then - return nil, "invalid block size" - end - local len = #data - if len % blocksize ~= 0 then - return nil, "data length is not a multiple of the block size" - end - local chr = sub(data, -1) - local rem = byte(chr) - return (rem > 0 and rem <= blocksize) and sub(data, 1, len - rem) or data + blocksize = blocksize or 16 + if type(blocksize) ~= "number" then + return nil, "invalid block size data type" + end + if blocksize < 1 or blocksize > 256 then + return nil, "invalid block size" + end + local len = #data + if len % blocksize ~= 0 then + return nil, "data length is not a multiple of the block size" + end + local chr = sub(data, -1) + local rem = byte(chr) + return (rem > 0 and rem <= blocksize) and sub(data, 1, len - rem) or data end + return padding diff --git a/lib/resty/nettle/padding/iso7816-4.lua b/lib/resty/nettle/padding/iso7816-4.lua index d97e20d..60c9502 100644 --- a/lib/resty/nettle/padding/iso7816-4.lua +++ b/lib/resty/nettle/padding/iso7816-4.lua @@ -1,37 +1,39 @@ -local string = string -local type = type -local gsub = string.gsub -local rep = string.rep -local sub = string.sub +local string = string +local type = type +local gsub = string.gsub +local rep = string.rep +local sub = string.sub local padding = {} function padding.pad(data, blocksize, optional) - blocksize = blocksize or 16 - if type(blocksize) ~= "number" then - return nil, "invalid block size data type" - end - if blocksize < 1 or blocksize > 256 then - return nil, "invalid block size" - end - local ps = blocksize - #data % blocksize - if optional and ps == blocksize then return data end - return data .. "\x80" .. rep("\0", ps - 1) + blocksize = blocksize or 16 + if type(blocksize) ~= "number" then + return nil, "invalid block size data type" + end + if blocksize < 1 or blocksize > 256 then + return nil, "invalid block size" + end + local ps = blocksize - #data % blocksize + if optional and ps == blocksize then return data end + return data .. "\x80" .. rep("\0", ps - 1) end + function padding.unpad(data, blocksize) - blocksize = blocksize or 16 - if type(blocksize) ~= "number" then - return nil, "invalid block size data type" - end - if blocksize < 1 or blocksize > 256 then - return nil, "invalid block size" - end - local len = #data - if len % blocksize ~= 0 then - return nil, "data length is not a multiple of the block size" - end - local d = gsub(data, "%z+$", "") - if sub(d, -1) == "\x80" then - return sub(d, 1, #d - 1) - end - return data + blocksize = blocksize or 16 + if type(blocksize) ~= "number" then + return nil, "invalid block size data type" + end + if blocksize < 1 or blocksize > 256 then + return nil, "invalid block size" + end + local len = #data + if len % blocksize ~= 0 then + return nil, "data length is not a multiple of the block size" + end + local d = gsub(data, "%z+$", "") + if sub(d, -1) == "\x80" then + return sub(d, 1, #d - 1) + end + return data end + return padding diff --git a/lib/resty/nettle/padding/nopadding.lua b/lib/resty/nettle/padding/nopadding.lua index d4afc6a..a6058a6 100644 --- a/lib/resty/nettle/padding/nopadding.lua +++ b/lib/resty/nettle/padding/nopadding.lua @@ -1,8 +1,10 @@ local padding = {} function padding.pad(data) - return data + return data end + function padding.unpad(data) - return data + return data end -return padding \ No newline at end of file + +return padding diff --git a/lib/resty/nettle/padding/pkcs7.lua b/lib/resty/nettle/padding/pkcs7.lua index 2766aef..2ec4cae 100644 --- a/lib/resty/nettle/padding/pkcs7.lua +++ b/lib/resty/nettle/padding/pkcs7.lua @@ -1,42 +1,44 @@ -local string = string -local type = type -local char = string.char -local byte = string.byte -local rep = string.rep -local sub = string.sub +local string = string +local type = type +local char = string.char +local byte = string.byte +local rep = string.rep +local sub = string.sub local padding = {} function padding.pad(data, blocksize, optional) - blocksize = blocksize or 16 - if type(blocksize) ~= "number" then - return nil, "invalid block size data type" - end - if blocksize < 1 or blocksize > 256 then - return nil, "invalid block size" - end - local ps = blocksize - #data % blocksize - if optional and ps == blocksize then return data end - return data .. rep(char(ps), ps) + blocksize = blocksize or 16 + if type(blocksize) ~= "number" then + return nil, "invalid block size data type" + end + if blocksize < 1 or blocksize > 256 then + return nil, "invalid block size" + end + local ps = blocksize - #data % blocksize + if optional and ps == blocksize then return data end + return data .. rep(char(ps), ps) end + function padding.unpad(data, blocksize) - blocksize = blocksize or 16 - if type(blocksize) ~= "number" then - return nil, "invalid block size data type" - end - if blocksize < 1 or blocksize > 256 then - return nil, "invalid block size" - end - local len = #data - if len % blocksize ~= 0 then - return nil, "data length is not a multiple of the block size" - end - local chr = sub(data, -1) - local rem = byte(chr) - if rem > 0 and rem <= blocksize then - local chk = sub(data, -rem) - if chk == rep(chr, rem) then - return sub(data, 1, len - rem) - end + blocksize = blocksize or 16 + if type(blocksize) ~= "number" then + return nil, "invalid block size data type" + end + if blocksize < 1 or blocksize > 256 then + return nil, "invalid block size" + end + local len = #data + if len % blocksize ~= 0 then + return nil, "data length is not a multiple of the block size" + end + local chr = sub(data, -1) + local rem = byte(chr) + if rem > 0 and rem <= blocksize then + local chk = sub(data, -rem) + if chk == rep(chr, rem) then + return sub(data, 1, len - rem) end - return data + end + return data end + return padding diff --git a/lib/resty/nettle/padding/spacepadding.lua b/lib/resty/nettle/padding/spacepadding.lua index 5539f89..87af321 100644 --- a/lib/resty/nettle/padding/spacepadding.lua +++ b/lib/resty/nettle/padding/spacepadding.lua @@ -1,37 +1,39 @@ -local string = string -local type = type -local gsub = string.gsub -local rep = string.rep +local string = string +local type = type +local gsub = string.gsub +local rep = string.rep local padding = {} function padding.pad(data, blocksize, optional) - blocksize = blocksize or 16 - if type(blocksize) ~= "number" then - return nil, "invalid block size data type" - end - if blocksize < 1 or blocksize > 256 then - return nil, "invalid block size" - end - local ps = blocksize - #data % blocksize - if optional and ps == blocksize then return data end - return data .. rep(" ", ps) + blocksize = blocksize or 16 + if type(blocksize) ~= "number" then + return nil, "invalid block size data type" + end + if blocksize < 1 or blocksize > 256 then + return nil, "invalid block size" + end + local ps = blocksize - #data % blocksize + if optional and ps == blocksize then return data end + return data .. rep(" ", ps) end + function padding.unpad(data, blocksize) - blocksize = blocksize or 16 - if type(blocksize) ~= "number" then - return nil, "invalid block size data type" - end - if blocksize < 1 or blocksize > 256 then - return nil, "invalid block size" - end - local len = #data - if len % blocksize ~= 0 then - return nil, "data length is not a multiple of the block size" - end - data = gsub(data, " +$", "") - local rem = len - #data - if rem < 0 or rem > blocksize then - return nil, "data has invalid padding" - end - return data + blocksize = blocksize or 16 + if type(blocksize) ~= "number" then + return nil, "invalid block size data type" + end + if blocksize < 1 or blocksize > 256 then + return nil, "invalid block size" + end + local len = #data + if len % blocksize ~= 0 then + return nil, "data length is not a multiple of the block size" + end + data = gsub(data, " +$", "") + local rem = len - #data + if rem < 0 or rem > blocksize then + return nil, "data has invalid padding" + end + return data end + return padding diff --git a/lib/resty/nettle/padding/zeropadding.lua b/lib/resty/nettle/padding/zeropadding.lua index 4066bac..34be407 100644 --- a/lib/resty/nettle/padding/zeropadding.lua +++ b/lib/resty/nettle/padding/zeropadding.lua @@ -1,37 +1,39 @@ -local string = string -local type = type -local gsub = string.gsub -local rep = string.rep +local string = string +local type = type +local gsub = string.gsub +local rep = string.rep local padding = {} function padding.pad(data, blocksize, optional) - blocksize = blocksize or 16 - if type(blocksize) ~= "number" then - return nil, "invalid block size data type" - end - if blocksize < 1 or blocksize > 256 then - return nil, "invalid block size" - end - local ps = blocksize - #data % blocksize - if optional and ps == blocksize then return data end - return data .. rep("\0", ps) + blocksize = blocksize or 16 + if type(blocksize) ~= "number" then + return nil, "invalid block size data type" + end + if blocksize < 1 or blocksize > 256 then + return nil, "invalid block size" + end + local ps = blocksize - #data % blocksize + if optional and ps == blocksize then return data end + return data .. rep("\0", ps) end + function padding.unpad(data, blocksize) - blocksize = blocksize or 16 - if type(blocksize) ~= "number" then - return nil, "invalid block size data type" - end - if blocksize < 1 or blocksize > 256 then - return nil, "invalid block size" - end - local len = #data - if len % blocksize ~= 0 then - return nil, "data length is not a multiple of the block size" - end - data = gsub(data, "%z+$", "") - local rem = len - #data - if rem < 0 or rem > blocksize then - return nil, "data has invalid padding" - end - return data + blocksize = blocksize or 16 + if type(blocksize) ~= "number" then + return nil, "invalid block size data type" + end + if blocksize < 1 or blocksize > 256 then + return nil, "invalid block size" + end + local len = #data + if len % blocksize ~= 0 then + return nil, "data length is not a multiple of the block size" + end + data = gsub(data, "%z+$", "") + local rem = len - #data + if rem < 0 or rem > blocksize then + return nil, "data has invalid padding" + end + return data end + return padding diff --git a/lib/resty/nettle/pbkdf2.lua b/lib/resty/nettle/pbkdf2.lua index 19dc5c3..5c8eebc 100644 --- a/lib/resty/nettle/pbkdf2.lua +++ b/lib/resty/nettle/pbkdf2.lua @@ -1,28 +1,23 @@ -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_str = ffi.string +require "resty.nettle.types.pbkdf2" -ffi_cdef[[ -void nettle_pbkdf2_hmac_sha1(size_t key_length, const uint8_t *key, unsigned iterations, size_t salt_length, const uint8_t *salt, size_t length, uint8_t *dst); -void nettle_pbkdf2_hmac_sha256(size_t key_length, const uint8_t *key, unsigned iterations, size_t salt_length, const uint8_t *salt, size_t length, uint8_t *dst); -]] +local types = require "resty.nettle.types.common" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_str = ffi.string -local uint8t = ffi_typeof "uint8_t[?]" local pbkdf2 = {} function pbkdf2.hmac_sha1(key, iterations, salt, len) - local buf = ffi_new(uint8t, len) - lib.nettle_pbkdf2_hmac_sha1(#key, key, iterations, #salt, salt, len, buf) - return ffi_str(buf, len) + local buf = ffi_new(types.uint8_t, len) + lib.nettle_pbkdf2_hmac_sha1(#key, key, iterations, #salt, salt, len, buf) + return ffi_str(buf, len) end function pbkdf2.hmac_sha256(key, iterations, salt, len) - local buf = ffi_new(uint8t, len) - lib.nettle_pbkdf2_hmac_sha256(#key, key, iterations, #salt, salt, len, buf) - return ffi_str(buf, len) + local buf = ffi_new(types.uint8_t, len) + lib.nettle_pbkdf2_hmac_sha256(#key, key, iterations, #salt, salt, len, buf) + return ffi_str(buf, len) end return pbkdf2 diff --git a/lib/resty/nettle/poly1305.lua b/lib/resty/nettle/poly1305.lua index dce4896..9df2268 100644 --- a/lib/resty/nettle/poly1305.lua +++ b/lib/resty/nettle/poly1305.lua @@ -1,53 +1,41 @@ -require "resty.nettle.types.poly1305" - -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_str = ffi.string +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.poly1305" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_str = ffi.string local setmetatable = setmetatable -ffi_cdef[[ -void nettle_poly1305_aes_set_key(struct poly1305_aes_ctx *ctx, const uint8_t *key); -void nettle_poly1305_aes_set_nonce(struct poly1305_aes_ctx *ctx, const uint8_t *nonce); -void nettle_poly1305_aes_update(struct poly1305_aes_ctx *ctx, size_t length, const uint8_t *data); -void nettle_poly1305_aes_digest(struct poly1305_aes_ctx *ctx, size_t length, uint8_t *digest); -]] - -local ctxply = ffi_typeof "NETTLE_POLY1305_AES_CTX[1]" -local buf128 = ffi_new("uint8_t[?]", 16) - local poly1305 = setmetatable({}, { - __call = function(_, key, nonce, data, len) - local context = ffi_new(ctxply) - lib.nettle_poly1305_aes_set_key(context, key) - if nonce then - lib.nettle_poly1305_aes_set_nonce(context, #nonce, nonce) - end - lib.nettle_poly1305_aes_update(context, len or #data, data) - lib.nettle_poly1305_aes_digest(context, 16, buf128) - return ffi_str(buf128, 16) + __call = function(_, key, nonce, data, len) + local ctx = ffi_new(context.poly1395_aes) + lib.nettle_poly1305_aes_set_key(ctx, key) + if nonce then + lib.nettle_poly1305_aes_set_nonce(ctx, #nonce, nonce) end + lib.nettle_poly1305_aes_update(ctx, len or #data, data) + lib.nettle_poly1305_aes_digest(ctx, 16, types.uint8_t_16) + return ffi_str(types.uint8_t_16, 16) + end }) poly1305.__index = poly1305 function poly1305.new(key, nonce) - local self = setmetatable({ context = ffi_new(ctxply) }, poly1305) - lib.nettle_poly1305_aes_set_key(self.context, key) - if nonce then - lib.nettle_poly1305_aes_set_nonce(self.context, #nonce, nonce) - end - return self + local self = setmetatable({ context = ffi_new(context.poly1395_aes) }, poly1305) + lib.nettle_poly1305_aes_set_key(self.context, key) + if nonce then + lib.nettle_poly1305_aes_set_nonce(self.context, #nonce, nonce) + end + return self end function poly1305:update(data, len) - return lib.nettle_poly1305_aes_update(self.context, len or #data, data) + return lib.nettle_poly1305_aes_update(self.context, len or #data, data) end function poly1305:digest() - lib.nettle_poly1305_aes_digest(self.context, 16, buf128) - return ffi_str(buf128, 16) + lib.nettle_poly1305_aes_digest(self.context, 16, types.uint8_t_16) + return ffi_str(types.uint8_t_16, 16) end return poly1305 diff --git a/lib/resty/nettle/random.lua b/lib/resty/nettle/random.lua new file mode 100644 index 0000000..79f5539 --- /dev/null +++ b/lib/resty/nettle/random.lua @@ -0,0 +1,32 @@ +if ngx then + local random = require "resty.random" + + local ffi = require "ffi" + local C = ffi.C + + return { + bytes = random.bytes, + context = nil, + func = function(_, length, dst) + C.RAND_bytes(dst, length) + end + } +end + +local knuth = require "resty.nettle.knuth-lfib" + +math.randomseed(os.clock() * 1000000 * os.time()) + +math.random() +math.random() +math.random() + +local k = knuth.new(math.random() * 100000000000000) + +return { + bytes = function(n) + return k:random(n) + end, + context = k.context, + func = knuth.func, +} diff --git a/lib/resty/nettle/rc4.lua b/lib/resty/nettle/rc4.lua new file mode 100644 index 0000000..e5da200 --- /dev/null +++ b/lib/resty/nettle/rc4.lua @@ -0,0 +1 @@ +return require "resty.nettle.arcfour" diff --git a/lib/resty/nettle/ripemd160.lua b/lib/resty/nettle/ripemd160.lua index 9d12e32..dfd74ec 100644 --- a/lib/resty/nettle/ripemd160.lua +++ b/lib/resty/nettle/ripemd160.lua @@ -1,45 +1,35 @@ -require "resty.nettle.types.ripemd160" - -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_str = ffi.string +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.ripemd160" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_str = ffi.string local setmetatable = setmetatable -ffi_cdef[[ -void nettle_ripemd160_init(struct ripemd160_ctx *ctx); -void nettle_ripemd160_update(struct ripemd160_ctx *ctx, size_t length, const uint8_t *data); -void nettle_ripemd160_digest(struct ripemd160_ctx *ctx, size_t length, uint8_t *digest); -]] - -local ctx = ffi_typeof "NETTLE_RIPEMD160_CTX[1]" -local buf = ffi_new("uint8_t[?]", 20) local ripemd160 = setmetatable({}, { - __call = function(_, data, len) - local context = ffi_new(ctx) - lib.nettle_ripemd160_init(context) - lib.nettle_ripemd160_update(context, len or #data, data) - lib.nettle_ripemd160_digest(context, 20, buf) - return ffi_str(buf, 20) - end + __call = function(_, data, len) + local ctx = ffi_new(context) + lib.nettle_ripemd160_init(ctx) + lib.nettle_ripemd160_update(ctx, len or #data, data) + lib.nettle_ripemd160_digest(ctx, 20, types.uint8_t_20) + return ffi_str(types.uint8_t_20, 20) + end }) ripemd160.__index = ripemd160 function ripemd160.new() - local self = setmetatable({ context = ffi_new(ctx) }, ripemd160) - lib.nettle_ripemd160_init(self.context) - return self + local self = setmetatable({ context = ffi_new(context) }, ripemd160) + lib.nettle_ripemd160_init(self.context) + return self end function ripemd160:update(data, len) - return lib.nettle_ripemd160_update(self.context, len or #data, data) + return lib.nettle_ripemd160_update(self.context, len or #data, data) end function ripemd160:digest() - lib.nettle_ripemd160_digest(self.context, 20, buf) - return ffi_str(buf, 20) + lib.nettle_ripemd160_digest(self.context, 20, types.uint8_t_20) + return ffi_str(types.uint8_t_20, 20) end return ripemd160 diff --git a/lib/resty/nettle/rsa.lua b/lib/resty/nettle/rsa.lua index b531b58..5dd3bc7 100644 --- a/lib/resty/nettle/rsa.lua +++ b/lib/resty/nettle/rsa.lua @@ -1,368 +1,360 @@ require "resty.nettle.library" -require "resty.nettle.types.rsa" require "resty.nettle.types.md5" require "resty.nettle.types.sha1" require "resty.nettle.types.sha2" -local ffi = require "ffi" -local ffi_gc = ffi.gc -local ffi_new = ffi.new -local ffi_cdef = ffi.cdef -local ffi_typeof = ffi.typeof -local ffi_str = ffi.string -local rawget = rawget +local mpz = require "resty.nettle.mpz" +local random = require "resty.nettle.random" +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.rsa" +local hogweed = require "resty.nettle.hogweed" +local ffi = require "ffi" +local ffi_gc = ffi.gc +local ffi_new = ffi.new +local ffi_str = ffi.string local setmetatable = setmetatable -local mpz = require "resty.nettle.mpz" -local buffer = require "resty.nettle.buffer" -local yarrow = require "resty.nettle.yarrow" -local knuth = require "resty.nettle.knuth-lfib" -local hogweed = require "resty.nettle.hogweed" - -ffi_cdef[[ -void nettle_rsa_public_key_init(struct rsa_public_key *key); -void nettle_rsa_public_key_clear(struct rsa_public_key *key); -int nettle_rsa_public_key_prepare(struct rsa_public_key *key); -void nettle_rsa_private_key_init(struct rsa_private_key *key); -void nettle_rsa_private_key_clear(struct rsa_private_key *key); -int nettle_rsa_private_key_prepare(struct rsa_private_key *key); -int nettle_rsa_md5_sign(const struct rsa_private_key *key, struct md5_ctx *hash, mpz_t signature); -int nettle_rsa_md5_verify(const struct rsa_public_key *key, struct md5_ctx *hash, const mpz_t signature); -int nettle_rsa_sha1_sign(const struct rsa_private_key *key, struct sha1_ctx *hash, mpz_t signature); -int nettle_rsa_sha1_verify(const struct rsa_public_key *key, struct sha1_ctx *hash, const mpz_t signature); -int nettle_rsa_sha256_sign(const struct rsa_private_key *key, struct sha256_ctx *hash, mpz_t signature); -int nettle_rsa_sha256_verify(const struct rsa_public_key *key, struct sha256_ctx *hash, const mpz_t signature); -int nettle_rsa_sha512_sign(const struct rsa_private_key *key, struct sha512_ctx *hash, mpz_t signature); -int nettle_rsa_sha512_verify(const struct rsa_public_key *key, struct sha512_ctx *hash, const mpz_t signature); -int nettle_rsa_md5_sign_digest(const struct rsa_private_key *key, const uint8_t *digest, mpz_t s); -int nettle_rsa_md5_verify_digest(const struct rsa_public_key *key, const uint8_t *digest, const mpz_t signature); -int nettle_rsa_sha1_sign_digest(const struct rsa_private_key *key, const uint8_t *digest, mpz_t s); -int nettle_rsa_sha1_verify_digest(const struct rsa_public_key *key, const uint8_t *digest, const mpz_t signature); -int nettle_rsa_sha256_sign_digest(const struct rsa_private_key *key, const uint8_t *digest, mpz_t s); -int nettle_rsa_sha256_verify_digest(const struct rsa_public_key *key, const uint8_t *digest, const mpz_t signature); -int nettle_rsa_pss_sha256_verify_digest(const struct rsa_public_key *key, size_t salt_length, const uint8_t *digest, const mpz_t signature); -int nettle_rsa_pss_sha384_verify_digest(const struct rsa_public_key *key, size_t salt_length, const uint8_t *digest, const mpz_t signature); -int nettle_rsa_sha512_sign_digest(const struct rsa_private_key *key, const uint8_t *digest, mpz_t s); -int nettle_rsa_sha512_verify_digest(const struct rsa_public_key *key, const uint8_t *digest, const mpz_t signature); -int nettle_rsa_pss_sha512_verify_digest(const struct rsa_public_key *key, size_t salt_length, const uint8_t *digest, const mpz_t signature); -int nettle_rsa_pkcs1_sign(const struct rsa_private_key *key, size_t length, const uint8_t *digest_info, mpz_t s); -int nettle_rsa_pkcs1_verify(const struct rsa_public_key *key, size_t length, const uint8_t *digest_info, const mpz_t signature); -int nettle_rsa_encrypt(const struct rsa_public_key *key, void *random_ctx, nettle_random_func *random, size_t length, const uint8_t *cleartext, mpz_t cipher); -int nettle_rsa_decrypt(const struct rsa_private_key *key, size_t *length, uint8_t *cleartext, const mpz_t ciphertext); -void nettle_rsa_compute_root(const struct rsa_private_key *key, mpz_t x, const mpz_t m); -int nettle_rsa_generate_keypair(struct rsa_public_key *pub, struct rsa_private_key *key, void *random_ctx, nettle_random_func *random, void *progress_ctx, nettle_progress_func *progress, unsigned n_size, unsigned e_size); -int nettle_rsa_keypair_to_sexp(struct nettle_buffer *buffer, const char *algorithm_name, const struct rsa_public_key *pub, const struct rsa_private_key *priv); -int nettle_rsa_keypair_from_sexp(struct rsa_public_key *pub, struct rsa_private_key *priv, unsigned limit, size_t length, const uint8_t *expr); -int nettle_rsa_keypair_from_der(struct rsa_public_key *pub, struct rsa_private_key *priv, unsigned limit, size_t length, const uint8_t *data); -]] -local size = ffi_new "size_t[1]" -local buf = ffi_typeof "uint8_t[?]" -local pub = ffi_typeof "NETTLE_RSA_PUBLIC_KEY[1]" -local pri = ffi_typeof "NETTLE_RSA_PRIVATE_KEY[1]" -local sig = mpz.new() + +local sig = mpz.new() local public = {} public.__index = public -function public.new(n, e, base) - local context = ffi_gc(ffi_new(pub), hogweed.nettle_rsa_public_key_clear) - hogweed.nettle_rsa_public_key_init(context[0]) - if e then - local ok, err = mpz.set(context[0].e, e, base) - if not ok then - return nil, err - end - end - if n then - local ok, err = mpz.set(context[0].n, n, base) - if not ok then - return nil, err - end - end - if e and n then - if hogweed.nettle_rsa_public_key_prepare(context) ~= 1 then - return nil, "unable to prepare RSA public key" - end +function public.new(n, e) + local ctx = ffi_gc(ffi_new(context.public), hogweed.nettle_rsa_public_key_clear) + hogweed.nettle_rsa_public_key_init(ctx) + if e then + mpz.set(ctx.e, e) + end + if n then + mpz.set(ctx.n, n) + end + if e and n then + if hogweed.nettle_rsa_public_key_prepare(ctx) ~= 1 then + return nil, "unable to prepare RSA public key" end - return setmetatable({ context = context }, public) + end + return setmetatable({ context = ctx }, public) end -function public:e(base) - return mpz.string(self.context[0].e, base) +function public:e() + return mpz.tostring(self.context.e) end -function public:n(base) - return mpz.string(self.context[0].n, base) +function public:n() + return mpz.tostring(self.context.n) end local private = {} private.__index = private -function private.new(d, p, q, a, b, c, base) - local context = ffi_gc(ffi_new(pri), hogweed.nettle_rsa_private_key_clear) - hogweed.nettle_rsa_private_key_init(context) - if d then - local ok, err = mpz.set(context[0].d, d, base) - if not ok then - return nil, err - end - end - local p1 - if p then - local ok, err = mpz.set(context[0].p, p, base) - if not ok then - return nil, err - end - if d and not a then - p1 = mpz.new() - mpz.sub(p1, context[0].p, 1) - end - end - local q1 - if q then - local ok, err = mpz.set(context[0].q, q, base) - if not ok then - return nil, err - end - if d and not b then - q1 = mpz.new() - mpz.sub(q1, context[0].q, 1) - end +function private.new(d, p, q, a, b, c) + local ctx = ffi_gc(ffi_new(context.private), hogweed.nettle_rsa_private_key_clear) + hogweed.nettle_rsa_private_key_init(ctx) + if d then + mpz.set(ctx.d, d) + end + local p1 + if p then + mpz.set(ctx.p, p) + if d and not a then + p1 = mpz.new() + mpz.sub(p1, ctx.p, 1) end - if a then - local ok, err = mpz.set(context[0].a, a, base) - if not ok then - return nil, err - end - elseif p1 then - mpz.div(context[0].a, context[0].d, p1) + end + local q1 + if q then + mpz.set(ctx.q, q) + if d and not b then + q1 = mpz.new() + mpz.sub(q1, ctx.q, 1) end - if b then - local ok, err = mpz.set(context[0].b, b, base) - if not ok then - return nil, err - end - elseif q1 then - mpz.div(context[0].b, context[0].d, q1) + end + if a then + mpz.set(ctx.a, a) + elseif p1 then + mpz.div(ctx.a, ctx.d, p1) + end + if b then + mpz.set(ctx.b, b) + elseif q1 then + mpz.div(ctx.b, ctx.d, q1) + end + if c then + mpz.set(ctx.c, c) + elseif q and p then + if mpz.invert(ctx.c, ctx.q, ctx.p) == 0 then + mpz.invert(ctx.c, ctx.q, ctx.p) -- try again once end - if c then - local ok, err = mpz.set(context[0].c, c, base) - if not ok then - return nil, err - end - elseif q and p then - if mpz.invert(context[0].c, context[0].q, context[0].p) == 0 then - mpz.invert(context[0].c, context[0].q, context[0].p) -- try again once - end + end + if d or p or q or a or b or c then + if hogweed.nettle_rsa_private_key_prepare(ctx) ~= 1 then + return nil, "unable to prepare an RSA private key" end - if d or p or q or a or b or c then - if hogweed.nettle_rsa_private_key_prepare(context) ~= 1 then - return nil, "unable to prepare an RSA private key" - end - end - return setmetatable({ context = context }, private) + end + return setmetatable({ context = ctx }, private) end -function private:d(base) - return mpz.string(self.context[0].d, base) +function private:d() + return mpz.tostring(self.context.d) end -function private:p(base) - return mpz.string(self.context[0].p, base) +function private:p() + return mpz.tostring(self.context.p) end -function private:q(base) - return mpz.string(self.context[0].q, base) +function private:q() + return mpz.tostring(self.context.q) end -function private:a(base) - return mpz.string(self.context[0].a, base) +function private:a() + return mpz.tostring(self.context.a) end -function private:b(base) - return mpz.string(self.context[0].b, base) +function private:b() + return mpz.tostring(self.context.b) end -function private:c(base) - return mpz.string(self.context[0].c, base) +function private:c() + return mpz.tostring(self.context.c) end local keypair = {} -function keypair:__index(n) - if n == "sexp" then - local b = buffer.new() - hogweed.nettle_rsa_keypair_to_sexp(b, nil, self.public.context, self.private.context) - return ffi_str(b.contents, b.size) - else - return rawget(keypair, n) - end -end +keypair.__index = keypair -function keypair.new(n, e, r, p, seed) - n = n or 4096 - e = e or 65537 - local rf, rc - if r == "knuth-lfib" or r == "knuth" then - rc = knuth.context(seed) - rf = knuth.func - else - rc = yarrow.context(seed or knuth.new():random(32)) - rf = yarrow.func - end - local ok, err, pux, prx - pux, err = public.new() - if not pux then - return nil, err - end - prx, err = private.new() - if not prx then - return nil, err - end - ok, err = mpz.set(pux.context[0].e, e) - if not ok then - return nil, err - end - if hogweed.nettle_rsa_generate_keypair(pux.context, prx.context, rc, rf, nil, p, n, 0) ~= 1 then - return nil, "unable to generate RSA keypair" - end - return setmetatable({ - public = pux, - private = prx - }, keypair) +function keypair.new(n, e) + n = n or 4096 + e = e or 65537 + local pux, err = public.new() + if not pux then + return nil, err + end + local prx + prx, err = private.new() + if not prx then + return nil, err + end + local ok + ok, err = mpz.set(pux.context.e, e) + if not ok then + return nil, err + end + if hogweed.nettle_rsa_generate_keypair(pux.context, + prx.context, + random.context, random.func, + nil, nil, + n, 0) ~= 1 then + return nil, "unable to generate RSA keypair" + end + return setmetatable({ + public = pux, + private = prx + }, keypair) end function keypair.der(data) - local pux = public.new() - local prx = private.new() - if hogweed.nettle_rsa_keypair_from_der(pux.context, prx.context, 0, #data, data) ~= 1 then - return nil, "unable to generate RSA keypair from DER" - end - return setmetatable({ - public = pux, - private = prx - }, keypair) + local pux = public.new() + local prx = private.new() + if hogweed.nettle_rsa_keypair_from_der(pux.context, + prx.context, + 0, #data, data) ~= 1 then + return nil, "unable to generate RSA keypair from DER" + end + return setmetatable({ + public = pux, + private = prx + }, keypair) end local rsa = { keypair = keypair, key = { public = public, private = private } } rsa.__index = rsa function rsa.new(pub, pri) - if not pub and not pri then - local kp = keypair.new() - pub = kp.public - pri = kp.private - end - return setmetatable({ public = pub, private = pri }, rsa) + if not pub and not pri then + local kp = keypair.new() + pub = kp.public + pri = kp.private + end + return setmetatable({ public = pub, private = pri }, rsa) +end + +function rsa:encrypt(plain) + local encrypted, err = mpz.new() + if not encrypted then + return nil, err + end + if hogweed.nettle_rsa_encrypt(self.public.context, + random.context, random.func, + #plain, plain, + encrypted) ~= 1 then + return nil, "unable to RSA encrypt" + end + return mpz.tostring(encrypted) end -function rsa:encrypt(plain, r, seed) - local encrypted, err = mpz.new() - if not encrypted then - return nil, err +function rsa:decrypt(encrypted) + local ct, err = mpz.new(encrypted) + if not ct then + return nil, err + end + local sz = self.private.context.size + local b = ffi_new(types.uint8_t, sz) + types.size_t_8[0] = sz + if hogweed.nettle_rsa_decrypt(self.private.context, types.size_t_8, b, ct) ~= 1 then + return nil, "unable to RSA decrypt" + end + return ffi_str(b, types.size_t_8[0]) +end + +function rsa:sign_digest(digest) + if self.public then + return self:sign_digest_tr(digest) + end + + local l = #digest + if l == 16 then + if hogweed.nettle_rsa_md5_sign_digest(self.private.context, digest, sig) ~= 1 then + return nil, "unable to RSA MD5 sign" end - local rf, rc - if r == "knuth-lfib" or r == "knuth" then - rc = knuth.context(seed) - rf = knuth.func - else - rc = yarrow.context(seed or knuth.new():random(32)) - rf = yarrow.func + elseif l == 20 then + if hogweed.nettle_rsa_sha1_sign_digest(self.private.context, digest, sig) ~= 1 then + return nil, "unable to RSA SHA1 sign" end - if hogweed.nettle_rsa_encrypt(self.public.context, rc, rf, #plain, plain, encrypted) ~= 1 then - return nil, "unable to RSA encrypt" + elseif l == 32 then + if hogweed.nettle_rsa_sha256_sign_digest(self.private.context, digest, sig) ~= 1 then + return nil, "unable to RSA SHA256 sign" end - return mpz.string(encrypted) + elseif l == 64 then + if hogweed.nettle_rsa_sha512_sign_digest(self.private.context, digest, sig) ~= 1 then + return nil, "unable to RSA SHA512 sign" + end + else + return nil, "supported RSA digests for signing are MD5, SHA1, SHA256, and SHA512" + end + + return mpz.tostring(sig) end -function rsa:decrypt(encrypted) - local ct, err = mpz.new(encrypted) - if not ct then - return nil, err +function rsa:sign_digest_tr(digest) + local l = #digest + if l == 16 then + if hogweed.nettle_rsa_md5_sign_digest_tr(self.public.context, + self.private.context, + random.context, random.func, + digest, sig) ~= 1 then + return nil, "unable to RSA MD5 sign digest with blinding" + end + elseif l == 20 then + if hogweed.nettle_rsa_sha1_sign_digest_tr(self.public.context, + self.private.context, + random.context, random.func, + digest, sig) ~= 1 then + return nil, "unable to RSA SHA1 sign digest with blinding" end - local sz = self.private.context[0].size - local s = ffi_new(size) - local b = ffi_new(buf, sz) - s[0] = sz - if hogweed.nettle_rsa_decrypt(self.private.context, s, b, ct) ~= 1 then - return nil, "unable to RSA decrypt" + elseif l == 32 then + if hogweed.nettle_rsa_sha256_sign_digest_tr(self.public.context, + self.private.context, + random.context, random.func, + digest, sig) ~= 1 then + return nil, "unable to RSA SHA256 sign digest with blinding" end - return ffi_str(b, s[0]) + elseif l == 64 then + if hogweed.nettle_rsa_sha512_sign_digest_tr(self.public.context, + self.private.context, + random.context, random.func, + digest, sig) ~= 1 then + return nil, "unable to RSA SHA512 sign digest with blinding" + end + else + return nil, "supported RSA digests with blinding are MD5, SHA1, SHA256, and SHA512" + end + + return mpz.tostring(sig) end -function rsa:sign(digest, base) - local l = #digest - if l == 16 then - if hogweed.nettle_rsa_md5_sign_digest(self.private.context, digest, sig) ~= 1 then - return nil, "unable to RSA MD5 sign" - end - elseif l == 20 then - if hogweed.nettle_rsa_sha1_sign_digest(self.private.context, digest, sig) ~= 1 then - return nil, "unable to RSA SHA1 sign" - end - elseif l == 32 then - if hogweed.nettle_rsa_sha256_sign_digest(self.private.context, digest, sig) ~= 1 then - return nil, "unable to RSA SHA256 sign" - end - elseif l == 64 then - if hogweed.nettle_rsa_sha512_sign_digest(self.private.context, digest, sig) ~= 1 then - return nil, "unable to RSA SHA512 sign" - end - else - return nil, "supported digests are MD5, SHA1, SHA256, and SHA512" +function rsa:verify_digest(digest, signature) + mpz.set(sig, signature) + local l = #digest + if l == 16 then + if hogweed.nettle_rsa_md5_verify_digest(self.public.context, digest, sig) ~= 1 then + return nil, "unable to RSA MD5 verify digest" + end + elseif l == 20 then + if hogweed.nettle_rsa_sha1_verify_digest(self.public.context, digest, sig) ~= 1 then + return nil, "unable to RSA SHA1 verify digest" + end + elseif l == 32 then + if hogweed.nettle_rsa_sha256_verify_digest(self.public.context, digest, sig) ~= 1 then + return nil, "unable to RSA SHA256 verify digest" end - return mpz.string(sig, base) + elseif l == 64 then + if hogweed.nettle_rsa_sha512_verify_digest(self.public.context, digest, sig) ~= 1 then + return nil, "unable to RSA SHA512 verify digest" + end + else + return nil, "supported RSA digests are MD5, SHA1, SHA256, and SHA512" + end + return true end -function rsa:verify(digest, signature, base) - local sig, err = mpz.new(signature, base) - if not sig then - return nil, err +function rsa:pss_sign_digest(digest) + local l = #digest + if l == 32 then + if hogweed.nettle_rsa_pss_sha256_sign_digest_tr(self.public.context, + self.private.context, + random.context, random.func, + 32, random.bytes(32), + digest, sig) ~= 1 then + return nil, "unable to RSA-PSS SHA256 sign digest" + end + elseif l == 48 then + if hogweed.nettle_rsa_pss_sha384_sign_digest_tr(self.public.context, + self.private.context, + random.context, random.func, + 48, random.bytes(48), + digest, sig) ~= 1 then + return nil, "unable to RSA-PSS SHA384 sign digest" end - local l = #digest - if l == 16 then - if hogweed.nettle_rsa_md5_verify_digest(self.public.context, digest, sig) ~= 1 then - return nil, "unable to RSA MD5 verify" - end - elseif l == 20 then - if hogweed.nettle_rsa_sha1_verify_digest(self.public.context, digest, sig) ~= 1 then - return nil, "unable to RSA SHA1 verify" - end - elseif l == 32 then - if hogweed.nettle_rsa_sha256_verify_digest(self.public.context, digest, sig) ~= 1 then - return nil, "unable to RSA SHA256 verify" - end - elseif l == 64 then - if hogweed.nettle_rsa_sha512_verify_digest(self.public.context, digest, sig) ~= 1 then - return nil, "unable to RSA SHA512 verify" - end - else - return nil, "supported digests are MD5, SHA1, SHA256, and SHA512" + elseif l == 64 then + if hogweed.nettle_rsa_pss_sha512_sign_digest_tr(self.public.context, + self.private.context, + random.context, random.func, + 64, random.bytes(64), + digest, sig) ~= 1 then + return nil, "unable to RSA-PSS SHA512 sign digest" end - return true + else + return nil, "supported RSA-PSS digests for signing are SHA256, SHA384, and SHA512" + end + + return mpz.tostring(sig) end -function rsa:verify_pss(digest, signature, base, salt_length) - local sig, err = mpz.new(signature, base) - if not sig then - return nil, err +function rsa:pss_verify_digest(digest, signature) + mpz.set(sig, signature) + local l = #digest + if l == 32 then + if hogweed.nettle_rsa_pss_sha256_verify_digest(self.public.context, + 32, + digest, sig) ~= 1 then + return nil, "unable to RSA-PSS SHA256 verify digest" + end + elseif l == 48 then + if hogweed.nettle_rsa_pss_sha384_verify_digest(self.public.context, + 48, + digest, sig) ~= 1 then + return nil, "unable to RSA-PSS SHA384 verify digest" end - local l = #digest - if l == 32 then - if hogweed.nettle_rsa_pss_sha256_verify_digest(self.public.context, salt_length or 32, digest, sig) ~= 1 then - return nil, "unable to RSA PSS SHA256 verify" - end - elseif l == 48 then - if hogweed.nettle_rsa_pss_sha384_verify_digest(self.public.context, salt_length or 48, digest, sig) ~= 1 then - return nil, "unable to RSA PSS SHA384 verify" - end - elseif l == 64 then - if hogweed.nettle_rsa_pss_sha512_verify_digest(self.public.context, salt_length or 64, digest, sig) ~= 1 then - return nil, "unable to RSA PSS SHA512 verify" - end - else - return nil, "supported digests are SHA256, SHA384, and SHA512" + elseif l == 64 then + if hogweed.nettle_rsa_pss_sha512_verify_digest(self.public.context, + 64, + digest, sig) ~= 1 then + return nil, "unable to RSA-PSS SHA512 verify digest" end - return true + else + return nil, "supported RSA-PSS digests are SHA256, SHA384, and SHA512" + end + return true end return rsa diff --git a/lib/resty/nettle/salsa20.lua b/lib/resty/nettle/salsa20.lua index 9059eaa..a2724fc 100644 --- a/lib/resty/nettle/salsa20.lua +++ b/lib/resty/nettle/salsa20.lua @@ -1,90 +1,78 @@ -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_copy = ffi.copy -local ffi_str = ffi.string +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.salsa20" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_copy = ffi.copy +local ffi_str = ffi.string local setmetatable = setmetatable -ffi_cdef[[ -typedef struct salsa20_ctx { - uint32_t input[16]; -} NETTLE_SALSA20_CTX; -void nettle_salsa20_128_set_key(struct salsa20_ctx *ctx, const uint8_t *key); -void nettle_salsa20_256_set_key(struct salsa20_ctx *ctx, const uint8_t *key); -void nettle_salsa20_set_nonce(struct salsa20_ctx *ctx, const uint8_t *nonce); -void nettle_salsa20_crypt(struct salsa20_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_salsa20r12_crypt(struct salsa20_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -]] - -local uint8t = ffi_typeof "uint8_t[?]" -local ctxs20 = ffi_typeof "NETTLE_SALSA20_CTX[1]" -local setkey128 = lib.nettle_salsa20_128_set_key -local setkey256 = lib.nettle_salsa20_256_set_key -local setnonce = lib.nettle_salsa20_set_nonce -local crypt = lib.nettle_salsa20_crypt -local crypt12 = lib.nettle_salsa20r12_crypt - local salsa20r12 = {} salsa20r12.__index = salsa20r12 function salsa20r12:encrypt(src, len) - len = len or #src - local dst = ffi_new(uint8t, len) - ffi_copy(dst, src, len) - crypt12(self.context, len, dst, dst) - return ffi_str(dst, len) + len = len or #src + local dst = ffi_new(types.uint8_t, len) + ffi_copy(dst, src, len) + lib.nettle_salsa20r12_crypt(self.context, len, dst, dst) + return ffi_str(dst, len) end function salsa20r12:decrypt(src, len) - len = len or #src - local dst = ffi_new(uint8t, len) - crypt12(self.context, len, dst, src) - return ffi_str(dst, len) + len = len or #src + local dst = ffi_new(types.uint8_t, len) + lib.nettle_salsa20r12_crypt(self.context, len, dst, src) + return ffi_str(dst, len) end local salsa20 = {} salsa20.__index = salsa20 function salsa20.new(key, nonce, rounds) - local len = #key - if len ~= 16 and len ~= 32 then - return nil, "the Salsa20 supported key sizes are 128, and 256 bits" - end - local ctx = ffi_new(ctxs20) - if len == 16 then - setkey128(ctx, key) - else - setkey256(ctx, key) - end - if nonce then - if #nonce ~= 8 then - return nil, "the Salsa20 supported nonce size is 64 bits" - end - setnonce(ctx, nonce) - end - rounds = rounds or 20 - if rounds ~= 12 and rounds ~= 20 then - return nil, "the Salsa20 supported rounds are 12, and 20. The recommended rounds is 20" + local len = #key + if len ~= 16 and len ~= 32 then + return nil, "the Salsa20 supported key sizes are 128, and 256 bits" + end + local ctx = ffi_new(context) + if len == 16 then + lib.nettle_salsa20_128_set_key(ctx, key) + else + lib.nettle_salsa20_256_set_key(ctx, key) + end + + if nonce then + if #nonce ~= 8 then + return nil, "the Salsa20 supported nonce size is 64 bits" end - if rounds == 20 then return setmetatable({ context = ctx }, salsa20) end - return setmetatable({ context = ctx }, salsa20r12) + + lib.nettle_salsa20_set_nonce(ctx, nonce) + end + + rounds = rounds or 20 + if rounds ~= 12 and rounds ~= 20 then + return nil, "the Salsa20 supported rounds are 12, and 20. The recommended rounds is 20" + end + + if rounds == 20 then + return setmetatable({ context = ctx }, salsa20) + end + + return setmetatable({ context = ctx }, salsa20r12) end function salsa20:encrypt(src, len) - len = len or #src - local dst = ffi_new(uint8t, len) - ffi_copy(dst, src, len) - crypt(self.context, len, dst, dst) - return ffi_str(dst, len) + len = len or #src + local dst = ffi_new(types.uint8_t, len) + ffi_copy(dst, src, len) + lib.nettle_salsa20_crypt(self.context, len, dst, dst) + return ffi_str(dst, len) end function salsa20:decrypt(src, len) - len = len or #src - local dst = ffi_new(uint8t, len) - crypt(self.context, len, dst, src) - return ffi_str(dst, len) + len = len or #src + local dst = ffi_new(types.uint8_t, len) + lib.nettle_salsa20_crypt(self.context, len, dst, src) + return ffi_str(dst, len) end return salsa20 diff --git a/lib/resty/nettle/serpent.lua b/lib/resty/nettle/serpent.lua index 51df2ed..01de7e3 100644 --- a/lib/resty/nettle/serpent.lua +++ b/lib/resty/nettle/serpent.lua @@ -1,67 +1,48 @@ -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_copy = ffi.copy -local ffi_str = ffi.string -local ceil = math.ceil +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.serpent" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_copy = ffi.copy +local ffi_str = ffi.string +local ceil = math.ceil local setmetatable = setmetatable -ffi_cdef[[ -typedef struct serpent_ctx { - uint32_t keys[33][4]; -} NETTLE_SERPENT_CTX; -void nettle_serpent_set_key(struct serpent_ctx *ctx, size_t length, const uint8_t *key); -void nettle_serpent128_set_key(struct serpent_ctx *context, const uint8_t *key); -void nettle_serpent192_set_key(struct serpent_ctx *context, const uint8_t *key); -void nettle_serpent256_set_key(struct serpent_ctx *context, const uint8_t *key); -void nettle_serpent_encrypt(const struct serpent_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_serpent_decrypt(const struct serpent_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -]] - -local uint8t = ffi_typeof "uint8_t[?]" - local serpent = {} serpent.__index = serpent -local context = ffi_typeof "NETTLE_SERPENT_CTX[1]" -local setkey128 = lib.nettle_serpent128_set_key -local setkey192 = lib.nettle_serpent192_set_key -local setkey256 = lib.nettle_serpent256_set_key -local encrypt = lib.nettle_serpent_encrypt -local decrypt = lib.nettle_serpent_decrypt - function serpent.new(key) - local len = #key - if len ~= 16 and len ~= 24 and len ~= 32 then - return nil, "the SERPENT supported key sizes are 128, 192, and 256 bits, and the 256 bits is the recommended key size" - end - local ct = ffi_new(context) - if len == 16 then - setkey128(ct, key) - elseif len == 24 then - setkey192(ct, key) - elseif len == 32 then - setkey256(ct, key) - end - return setmetatable({ context = ct }, serpent) + local len = #key + if len ~= 16 and len ~= 24 and len ~= 32 then + return nil, "the SERPENT supported key sizes are 128, 192, and 256 bits, and the 256 bits is " .. + "the recommended key size" + end + local ct = ffi_new(context) + if len == 16 then + lib.nettle_serpent128_set_key(ct, key) + elseif len == 24 then + lib.nettle_serpent192_set_key(ct, key) + elseif len == 32 then + lib.nettle_serpent256_set_key(ct, key) + end + return setmetatable({ context = ct }, serpent) end function serpent:encrypt(src, len) - len = len or #src - local dln = ceil(len / 16) * 16 - local dst = ffi_new(uint8t, dln) - ffi_copy(dst, src, len) - encrypt(self.context, dln, dst, dst) - return ffi_str(dst, dln) + len = len or #src + local dln = ceil(len / 16) * 16 + local dst = ffi_new(types.uint8_t, dln) + ffi_copy(dst, src, len) + lib.nettle_serpent_encrypt(self.context, dln, dst, dst) + return ffi_str(dst, dln) end function serpent:decrypt(src, len) - len = len or #src - local dln = ceil(len / 16) * 16 - local dst = ffi_new(uint8t, dln) - decrypt(self.context, dln, dst, src) - return ffi_str(dst, len) + len = len or #src + local dln = ceil(len / 16) * 16 + local dst = ffi_new(types.uint8_t, dln) + lib.nettle_serpent_decrypt(self.context, dln, dst, src) + return ffi_str(dst, len) end + return serpent diff --git a/lib/resty/nettle/sha1.lua b/lib/resty/nettle/sha1.lua index 35c99bf..5a11d5d 100644 --- a/lib/resty/nettle/sha1.lua +++ b/lib/resty/nettle/sha1.lua @@ -1,46 +1,35 @@ -require "resty.nettle.types.sha1" - -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_str = ffi.string +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.sha1" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_str = ffi.string local setmetatable = setmetatable -ffi_cdef[[ -void nettle_sha1_init(struct sha1_ctx *ctx); -void nettle_sha1_update(struct sha1_ctx *ctx, size_t length, const uint8_t *data); -void nettle_sha1_digest(struct sha1_ctx *ctx, size_t length, uint8_t *digest); -]] - -local ctx = ffi_typeof "NETTLE_SHA1_CTX[1]" -local buf = ffi_new("uint8_t[?]", 20) local sha1 = setmetatable({}, { - __call = function(_, data, len) - local context = ffi_new(ctx) - lib.nettle_sha1_init(context) - lib.nettle_sha1_update(context, len or #data, data) - lib.nettle_sha1_digest(context, 20, buf) - return ffi_str(buf, 20) - end + __call = function(_, data, len) + local ctx = ffi_new(context) + lib.nettle_sha1_init(ctx) + lib.nettle_sha1_update(ctx, len or #data, data) + lib.nettle_sha1_digest(ctx, 20, types.uint8_t_20) + return ffi_str(types.uint8_t_20, 20) + end }) sha1.__index = sha1 function sha1.new() - local self = setmetatable({ context = ffi_new(ctx) }, sha1) - lib.nettle_sha1_init(self.context) - return self + local self = setmetatable({ context = ffi_new(context) }, sha1) + lib.nettle_sha1_init(self.context) + return self end function sha1:update(data, len) - return lib.nettle_sha1_update(self.context, len or #data, data) + return lib.nettle_sha1_update(self.context, len or #data, data) end function sha1:digest() - lib.nettle_sha1_digest(self.context, 20, buf) - return ffi_str(buf, 20) + lib.nettle_sha1_digest(self.context, 20, types.uint8_t_20) + return ffi_str(types.uint8_t_20, 20) end return sha1 - diff --git a/lib/resty/nettle/sha2.lua b/lib/resty/nettle/sha2.lua index 77ae63b..d478e2f 100644 --- a/lib/resty/nettle/sha2.lua +++ b/lib/resty/nettle/sha2.lua @@ -1,134 +1,111 @@ -require "resty.nettle.types.sha2" - -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_str = ffi.string +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.sha2" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_str = ffi.string +local lower = string.lower local setmetatable = setmetatable - -ffi_cdef[[ -void nettle_sha224_init(struct sha256_ctx *ctx); -void nettle_sha224_digest(struct sha256_ctx *ctx, size_t length, uint8_t *digest); -void nettle_sha256_init(struct sha256_ctx *ctx); -void nettle_sha256_update(struct sha256_ctx *ctx, size_t length, const uint8_t *data); -void nettle_sha256_digest(struct sha256_ctx *ctx, size_t length, uint8_t *digest); -void nettle_sha384_init(struct sha512_ctx *ctx); -void nettle_sha384_digest(struct sha512_ctx *ctx, size_t length, uint8_t *digest); -void nettle_sha512_init(struct sha512_ctx *ctx); -void nettle_sha512_update(struct sha512_ctx *ctx, size_t length, const uint8_t *data); -void nettle_sha512_digest(struct sha512_ctx *ctx, size_t length, uint8_t *digest); -void nettle_sha512_224_init(struct sha512_ctx *ctx); -void nettle_sha512_224_digest(struct sha512_ctx *ctx, size_t length, uint8_t *digest); -void nettle_sha512_256_init(struct sha512_ctx *ctx); -void nettle_sha512_256_digest(struct sha512_ctx *ctx, size_t length, uint8_t *digest); -]] - -local uint8t = ffi_typeof "uint8_t[?]" -local ctx256 = ffi_typeof "NETTLE_SHA256_CTX[1]" -local ctx512 = ffi_typeof "NETTLE_SHA512_CTX[1]" -local buf224 = ffi_new(uint8t, 28) -local buf256 = ffi_new(uint8t, 32) -local buf384 = ffi_new(uint8t, 48) -local buf512 = ffi_new(uint8t, 64) - local hashes = { - sha224 = { - length = 28, - context = ctx256, - buffer = buf224, - init = lib.nettle_sha224_init, - update = lib.nettle_sha256_update, - digest = lib.nettle_sha224_digest - }, - sha256 = { - length = 32, - context = ctx256, - buffer = buf256, - init = lib.nettle_sha256_init, - update = lib.nettle_sha256_update, - digest = lib.nettle_sha256_digest - }, - sha384 = { - length = 48, - context = ctx512, - buffer = buf384, - init = lib.nettle_sha384_init, - update = lib.nettle_sha512_update, - digest = lib.nettle_sha384_digest - }, - sha512 = { - length = 64, - context = ctx512, - buffer = buf512, - init = lib.nettle_sha512_init, - update = lib.nettle_sha512_update, - digest = lib.nettle_sha512_digest - }, - sha512_224 = { - length = 28, - context = ctx512, - buffer = buf224, - init = lib.nettle_sha512_224_init, - update = lib.nettle_sha512_update, - digest = lib.nettle_sha512_224_digest - }, - sha512_256 = { - length = 32, - context = ctx512, - buffer = buf256, - init = lib.nettle_sha512_256_init, - update = lib.nettle_sha512_update, - digest = lib.nettle_sha512_256_digest - } + sha224 = { + length = 28, + context = context.sha256, + buffer = types.uint8_t_28, + init = lib.nettle_sha224_init, + update = lib.nettle_sha256_update, + digest = lib.nettle_sha224_digest + }, + sha256 = { + length = 32, + context = context.sha256, + buffer = types.uint8_t_32, + init = lib.nettle_sha256_init, + update = lib.nettle_sha256_update, + digest = lib.nettle_sha256_digest + }, + sha384 = { + length = 48, + context = context.sha512, + buffer = types.uint8_t_48, + init = lib.nettle_sha384_init, + update = lib.nettle_sha512_update, + digest = lib.nettle_sha384_digest + }, + sha512 = { + length = 64, + context = context.sha512, + buffer = types.uint8_t_64, + init = lib.nettle_sha512_init, + update = lib.nettle_sha512_update, + digest = lib.nettle_sha512_digest + }, + sha512_224 = { + length = 28, + context = context.sha512, + buffer = types.uint8_t_28, + init = lib.nettle_sha512_224_init, + update = lib.nettle_sha512_update, + digest = lib.nettle_sha512_224_digest + }, + sha512_256 = { + length = 32, + context = context.sha512, + buffer = types.uint8_t_32, + init = lib.nettle_sha512_256_init, + update = lib.nettle_sha512_update, + digest = lib.nettle_sha512_256_digest + }, } local sha2 = {} sha2.__index = sha2 function sha2:update(data, len) - return self.hash.update(self.context, len or #data, data) + return self.hash.update(self.context, len or #data, data) end function sha2:digest() - local hash = self.hash - hash.digest(self.context, hash.length, hash.buffer) - return ffi_str(hash.buffer, hash.length) + local hash = self.hash + hash.digest(self.context, hash.length, hash.buffer) + return ffi_str(hash.buffer, hash.length) end local function factory(hash) - return setmetatable({ new = function() - local ctx = ffi_new(hash.context) - hash.init(ctx) - return setmetatable({ context = ctx, hash = hash }, sha2) - end }, { - __call = function(_, data, len) - local ctx = ffi_new(hash.context) - hash.init(ctx) - hash.update(ctx, len or #data, data) - hash.digest(ctx, hash.length, hash.buffer) - return ffi_str(hash.buffer, hash.length) - end - }) + return setmetatable({ + new = function() + local ctx = ffi_new(hash.context) + hash.init(ctx) + return setmetatable({ context = ctx, hash = hash }, sha2) + end + }, { + __call = function(_, data, len) + local ctx = ffi_new(hash.context) + hash.init(ctx) + hash.update(ctx, len or #data, data) + hash.digest(ctx, hash.length, hash.buffer) + return ffi_str(hash.buffer, hash.length) + end + }) end return setmetatable({ - sha224 = factory(hashes.sha224), - sha256 = factory(hashes.sha256), - sha384 = factory(hashes.sha384), - sha512 = factory(hashes.sha512), - sha512_224 = factory(hashes.sha512_224), - sha512_256 = factory(hashes.sha512_256) -}, { __call = function(_, algorithm, data, len) - local hash = hashes[algorithm:lower()] + sha224 = factory(hashes.sha224), + sha256 = factory(hashes.sha256), + sha384 = factory(hashes.sha384), + sha512 = factory(hashes.sha512), + sha512_224 = factory(hashes.sha512_224), + sha512_256 = factory(hashes.sha512_256) +}, { + __call = function(_, algorithm, data, len) + local hash = hashes[lower(algorithm)] if not hash then - return nil, "the supported SHA2 algorithms are SHA224, SHA256, SHA384, SHA512, SHA512_224, and SHA512_256" + return nil, "the supported SHA2 algorithms are SHA224, SHA256, SHA384, SHA512, SHA512_224, and SHA512_256" end local ctx = ffi_new(hash.context) hash.init(ctx) hash.update(ctx, len or #data, data) hash.digest(ctx, hash.length, hash.buffer) return ffi_str(hash.buffer, hash.length) -end }) + end +}) diff --git a/lib/resty/nettle/sha3.lua b/lib/resty/nettle/sha3.lua index 2bc6716..c5db963 100644 --- a/lib/resty/nettle/sha3.lua +++ b/lib/resty/nettle/sha3.lua @@ -1,136 +1,97 @@ -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_str = ffi.string +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.sha3" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_str = ffi.string local setmetatable = setmetatable -ffi_cdef[[ -typedef struct sha3_state { - uint64_t a[25]; -} NETTLE_SHA3_STATE; -typedef struct sha3_224_ctx { - struct sha3_state state; - unsigned index; - uint8_t block[144]; -} NETTLE_SHA3_224_CTX; -void nettle_sha3_224_init(struct sha3_224_ctx *ctx); -void nettle_sha3_224_update(struct sha3_224_ctx *ctx, size_t length, const uint8_t *data); -void nettle_sha3_224_digest(struct sha3_224_ctx *ctx, size_t length, uint8_t *digest); -typedef struct sha3_256_ctx { - struct sha3_state state; - unsigned index; - uint8_t block[136]; -} NETTLE_SHA3_256_CTX; -void nettle_sha3_256_init(struct sha3_256_ctx *ctx); -void nettle_sha3_256_update(struct sha3_256_ctx *ctx, size_t length, const uint8_t *data); -void nettle_sha3_256_digest(struct sha3_256_ctx *ctx, size_t length, uint8_t *digest); -typedef struct sha3_384_ctx { - struct sha3_state state; - unsigned index; - uint8_t block[104]; -} NETTLE_SHA3_384_CTX; -void nettle_sha3_384_init(struct sha3_384_ctx *ctx); -void nettle_sha3_384_update(struct sha3_384_ctx *ctx, size_t length, const uint8_t *data); -void nettle_sha3_384_digest(struct sha3_384_ctx *ctx, size_t length, uint8_t *digest); -typedef struct sha3_512_ctx { - struct sha3_state state; - unsigned index; - uint8_t block[72]; -} NETTLE_SHA3_512_CTX; -void nettle_sha3_512_init(struct sha3_512_ctx *ctx); -void nettle_sha3_512_update(struct sha3_512_ctx *ctx, size_t length, const uint8_t *data); -void nettle_sha3_512_digest(struct sha3_512_ctx *ctx, size_t length, uint8_t *digest); -]] - -local uint8t = ffi_typeof "uint8_t[?]" -local ctx224 = ffi_typeof "NETTLE_SHA3_224_CTX[1]" -local ctx256 = ffi_typeof "NETTLE_SHA3_256_CTX[1]" -local ctx384 = ffi_typeof "NETTLE_SHA3_384_CTX[1]" -local ctx512 = ffi_typeof "NETTLE_SHA3_512_CTX[1]" -local buf224 = ffi_new(uint8t, 28) -local buf256 = ffi_new(uint8t, 32) -local buf384 = ffi_new(uint8t, 48) -local buf512 = ffi_new(uint8t, 64) - local hashes = { - [224] = { - length = 28, - context = ctx224, - buffer = buf224, - init = lib.nettle_sha3_224_init, - update = lib.nettle_sha3_224_update, - digest = lib.nettle_sha3_224_digest - }, - [256] = { - length = 32, - context = ctx256, - buffer = buf256, - init = lib.nettle_sha3_256_init, - update = lib.nettle_sha3_256_update, - digest = lib.nettle_sha3_256_digest - }, - [384] = { - length = 48, - context = ctx384, - buffer = buf384, - init = lib.nettle_sha3_384_init, - update = lib.nettle_sha3_384_update, - digest = lib.nettle_sha3_384_digest - }, - [512] = { - length = 64, - context = ctx512, - buffer = buf512, - init = lib.nettle_sha3_512_init, - update = lib.nettle_sha3_512_update, - digest = lib.nettle_sha3_512_digest - } + sha3_224 = { + length = 28, + context = context.sha3_224, + buffer = types.uint8_t_28, + init = lib.nettle_sha3_224_init, + update = lib.nettle_sha3_224_update, + digest = lib.nettle_sha3_224_digest + }, + sha3_256 = { + length = 32, + context = context.sha3_256, + buffer = types.uint8_t_32, + init = lib.nettle_sha3_256_init, + update = lib.nettle_sha3_256_update, + digest = lib.nettle_sha3_256_digest + }, + sha3_384 = { + length = 48, + context = context.sha3_384, + buffer = types.uint8_t_48, + init = lib.nettle_sha3_384_init, + update = lib.nettle_sha3_384_update, + digest = lib.nettle_sha3_384_digest + }, + sha3_512 = { + length = 64, + context = context.sha3_512, + buffer = types.uint8_t_64, + init = lib.nettle_sha3_512_init, + update = lib.nettle_sha3_512_update, + digest = lib.nettle_sha3_512_digest + }, } +hashes[224] = hashes.sha3_224 +hashes[256] = hashes.sha3_256 +hashes[384] = hashes.sha3_384 +hashes[512] = hashes.sha3_512 + local sha3 = {} sha3.__index = sha3 function sha3:update(data, len) - return self.hash.update(self.context, len or #data, data) + return self.hash.update(self.context, len or #data, data) end function sha3:digest() - local hash = self.hash - hash.digest(self.context, hash.length, hash.buffer) - return ffi_str(hash.buffer, hash.length) + local hash = self.hash + hash.digest(self.context, hash.length, hash.buffer) + return ffi_str(hash.buffer, hash.length) end local function factory(hash) - return setmetatable({ new = function() - local ctx = ffi_new(hash.context) - hash.init(ctx) - return setmetatable({ context = ctx, hash = hash }, sha3) - end }, { - __call = function(_, data, len) - local ctx = ffi_new(hash.context) - hash.init(ctx) - hash.update(ctx, len or #data, data) - hash.digest(ctx, hash.length, hash.buffer) - return ffi_str(hash.buffer, hash.length) - end - }) + return setmetatable({ + new = function() + local ctx = ffi_new(hash.context) + hash.init(ctx) + return setmetatable({ context = ctx, hash = hash }, sha3) + end + }, { + __call = function(_, data, len) + local ctx = ffi_new(hash.context) + hash.init(ctx) + hash.update(ctx, len or #data, data) + hash.digest(ctx, hash.length, hash.buffer) + return ffi_str(hash.buffer, hash.length) + end + }) end return setmetatable({ - sha224 = factory(hashes[224]), - sha256 = factory(hashes[256]), - sha384 = factory(hashes[384]), - sha512 = factory(hashes[512]) -}, { __call = function(_, bits, data, len) + sha224 = factory(hashes.sha3_224), + sha256 = factory(hashes.sha3_256), + sha384 = factory(hashes.sha3_384), + sha512 = factory(hashes[512]) +}, { + __call = function(_, bits, data, len) local hash = hashes[bits] if not hash then - return nil, "the supported SHA3 algorithm output sizes are 224, 256, 384, and 512 bits" + return nil, "the supported SHA3 algorithm output sizes are 224, 256, 384, and 512 bits" end local ctx = ffi_new(hash.context) hash.init(ctx) hash.update(ctx, len or #data, data) hash.digest(ctx, hash.length, hash.buffer) return ffi_str(hash.buffer, hash.length) -end }) + end +}) diff --git a/lib/resty/nettle/twofish.lua b/lib/resty/nettle/twofish.lua index 027c11c..485a21c 100644 --- a/lib/resty/nettle/twofish.lua +++ b/lib/resty/nettle/twofish.lua @@ -1,232 +1,224 @@ -require "resty.nettle.types.cbc" require "resty.nettle.types.ctr" -require "resty.nettle.types.gcm" - -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_copy = ffi.copy -local ffi_str = ffi.string -local ceil = math.ceil +require "resty.nettle.types.cbc" +local context = require "resty.nettle.types.twofish" +local gcm_context = require "resty.nettle.types.gcm" +local types = require "resty.nettle.types.common" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_copy = ffi.copy +local ffi_str = ffi.string +local ceil = math.ceil +local lower = string.lower local setmetatable = setmetatable -ffi_cdef[[ -typedef struct twofish_ctx { - uint32_t keys[40]; - uint32_t s_box[4][256]; -} NETTLE_TWOFISH_CTX; -void nettle_twofish_set_key(struct twofish_ctx *ctx, size_t length, const uint8_t *key); -void nettle_twofish128_set_key(struct twofish_ctx *context, const uint8_t *key); -void nettle_twofish192_set_key(struct twofish_ctx *context, const uint8_t *key); -void nettle_twofish256_set_key(struct twofish_ctx *context, const uint8_t *key); -void nettle_twofish_encrypt(const struct twofish_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_twofish_decrypt(const struct twofish_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -]] - -local uint8t = ffi_typeof "uint8_t[?]" - local ciphers = { - ecb = { - [128] = { - setkey = lib.nettle_twofish128_set_key, - encrypt = lib.nettle_twofish_encrypt, - decrypt = lib.nettle_twofish_decrypt - }, - [192] = { - setkey = lib.nettle_twofish192_set_key, - encrypt = lib.nettle_twofish_encrypt, - decrypt = lib.nettle_twofish_decrypt - }, - [256] = { - setkey = lib.nettle_twofish256_set_key, - encrypt = lib.nettle_twofish_encrypt, - decrypt = lib.nettle_twofish_decrypt - } + ecb = { + [128] = { + setkey = lib.nettle_twofish128_set_key, + encrypt = lib.nettle_twofish_encrypt, + decrypt = lib.nettle_twofish_decrypt }, - cbc = { - iv_size = 16, - [128] = { - setkey = lib.nettle_twofish128_set_key, - encrypt = lib.nettle_cbc_encrypt, - decrypt = lib.nettle_cbc_decrypt, - padding = true, - cipher = { - encrypt = lib.nettle_twofish_encrypt, - decrypt = lib.nettle_twofish_decrypt - } - }, - [192] = { - setkey = lib.nettle_twofish192_set_key, - encrypt = lib.nettle_cbc_encrypt, - decrypt = lib.nettle_cbc_decrypt, - padding = true, - cipher = { - encrypt = lib.nettle_twofish_encrypt, - decrypt = lib.nettle_twofish_decrypt - } - }, - [256] = { - setkey = lib.nettle_twofish256_set_key, - encrypt = lib.nettle_cbc_encrypt, - decrypt = lib.nettle_cbc_decrypt, - padding = true, - cipher = { - encrypt = lib.nettle_twofish_encrypt, - decrypt = lib.nettle_twofish_decrypt - } - } + [192] = { + setkey = lib.nettle_twofish192_set_key, + encrypt = lib.nettle_twofish_encrypt, + decrypt = lib.nettle_twofish_decrypt }, - ctr = { - iv_size = 16, - [128] = { - setkey = lib.nettle_twofish128_set_key, - encrypt = lib.nettle_ctr_crypt, - decrypt = lib.nettle_ctr_crypt, - cipher = { - encrypt = lib.nettle_twofish_encrypt, - decrypt = lib.nettle_twofish_encrypt - } - }, - [192] = { - setkey = lib.nettle_twofish192_set_key, - encrypt = lib.nettle_ctr_crypt, - decrypt = lib.nettle_ctr_crypt, - cipher = { - encrypt = lib.nettle_twofish_encrypt, - decrypt = lib.nettle_twofish_encrypt - } - }, - [256] = { - setkey = lib.nettle_twofish256_set_key, - encrypt = lib.nettle_ctr_crypt, - decrypt = lib.nettle_ctr_crypt, - cipher = { - encrypt = lib.nettle_twofish_encrypt, - decrypt = lib.nettle_twofish_encrypt - } - } + [256] = { + setkey = lib.nettle_twofish256_set_key, + encrypt = lib.nettle_twofish_encrypt, + decrypt = lib.nettle_twofish_decrypt + } + }, + cbc = { + iv_size = 16, + [128] = { + setkey = lib.nettle_twofish128_set_key, + encrypt = lib.nettle_cbc_encrypt, + decrypt = lib.nettle_cbc_decrypt, + padding = true, + cipher = { + encrypt = lib.nettle_twofish_encrypt, + decrypt = lib.nettle_twofish_decrypt + } }, - gcm = { - iv_size = 12, - [128] = { - setkey = lib.nettle_gcm_set_key, - setiv = lib.nettle_gcm_set_iv, - update = lib.nettle_gcm_update, - encrypt = lib.nettle_gcm_encrypt, - decrypt = lib.nettle_gcm_decrypt, - digest = lib.nettle_gcm_digest, - key = ffi_typeof "NETTLE_GCM_KEY[1]", - context = ffi_typeof "NETTLE_GCM_CTX[1]", - cipher = { - setkey = lib.nettle_twofish128_set_key, - encrypt = lib.nettle_twofish_encrypt, - decrypt = lib.nettle_twofish_decrypt - } - }, - [192] = { - setkey = lib.nettle_gcm_set_key, - setiv = lib.nettle_gcm_set_iv, - update = lib.nettle_gcm_update, - encrypt = lib.nettle_gcm_encrypt, - decrypt = lib.nettle_gcm_decrypt, - digest = lib.nettle_gcm_digest, - key = ffi_typeof "NETTLE_GCM_KEY[1]", - context = ffi_typeof "NETTLE_GCM_CTX[1]", - cipher = { - setkey = lib.nettle_twofish192_set_key, - encrypt = lib.nettle_twofish_encrypt, - decrypt = lib.nettle_twofish_decrypt - } - }, - [256] = { - setkey = lib.nettle_gcm_set_key, - setiv = lib.nettle_gcm_set_iv, - update = lib.nettle_gcm_update, - encrypt = lib.nettle_gcm_encrypt, - decrypt = lib.nettle_gcm_decrypt, - digest = lib.nettle_gcm_digest, - key = ffi_typeof "NETTLE_GCM_KEY[1]", - context = ffi_typeof "NETTLE_GCM_CTX[1]", - cipher = { - setkey = lib.nettle_twofish256_set_key, - encrypt = lib.nettle_twofish_encrypt, - decrypt = lib.nettle_twofish_decrypt - } - } + [192] = { + setkey = lib.nettle_twofish192_set_key, + encrypt = lib.nettle_cbc_encrypt, + decrypt = lib.nettle_cbc_decrypt, + padding = true, + cipher = { + encrypt = lib.nettle_twofish_encrypt, + decrypt = lib.nettle_twofish_decrypt + } + }, + [256] = { + setkey = lib.nettle_twofish256_set_key, + encrypt = lib.nettle_cbc_encrypt, + decrypt = lib.nettle_cbc_decrypt, + padding = true, + cipher = { + encrypt = lib.nettle_twofish_encrypt, + decrypt = lib.nettle_twofish_decrypt + } } + }, + ctr = { + iv_size = 16, + [128] = { + setkey = lib.nettle_twofish128_set_key, + encrypt = lib.nettle_ctr_crypt, + decrypt = lib.nettle_ctr_crypt, + cipher = { + encrypt = lib.nettle_twofish_encrypt, + decrypt = lib.nettle_twofish_encrypt + } + }, + [192] = { + setkey = lib.nettle_twofish192_set_key, + encrypt = lib.nettle_ctr_crypt, + decrypt = lib.nettle_ctr_crypt, + cipher = { + encrypt = lib.nettle_twofish_encrypt, + decrypt = lib.nettle_twofish_encrypt + } + }, + [256] = { + setkey = lib.nettle_twofish256_set_key, + encrypt = lib.nettle_ctr_crypt, + decrypt = lib.nettle_ctr_crypt, + cipher = { + encrypt = lib.nettle_twofish_encrypt, + decrypt = lib.nettle_twofish_encrypt + } + } + }, + gcm = { + iv_size = 12, + [128] = { + setkey = lib.nettle_gcm_set_key, + setiv = lib.nettle_gcm_set_iv, + update = lib.nettle_gcm_update, + encrypt = lib.nettle_gcm_encrypt, + decrypt = lib.nettle_gcm_decrypt, + digest = lib.nettle_gcm_digest, + key = gcm_context.key, + context = gcm_context.gcm, + cipher = { + setkey = lib.nettle_twofish128_set_key, + encrypt = lib.nettle_twofish_encrypt, + decrypt = lib.nettle_twofish_decrypt + } + }, + [192] = { + setkey = lib.nettle_gcm_set_key, + setiv = lib.nettle_gcm_set_iv, + update = lib.nettle_gcm_update, + encrypt = lib.nettle_gcm_encrypt, + decrypt = lib.nettle_gcm_decrypt, + digest = lib.nettle_gcm_digest, + key = gcm_context.key, + context = gcm_context.gcm, + cipher = { + setkey = lib.nettle_twofish192_set_key, + encrypt = lib.nettle_twofish_encrypt, + decrypt = lib.nettle_twofish_decrypt + } + }, + [256] = { + setkey = lib.nettle_gcm_set_key, + setiv = lib.nettle_gcm_set_iv, + update = lib.nettle_gcm_update, + encrypt = lib.nettle_gcm_encrypt, + decrypt = lib.nettle_gcm_decrypt, + digest = lib.nettle_gcm_digest, + key = gcm_context.key, + context = gcm_context.gcm, + cipher = { + setkey = lib.nettle_twofish256_set_key, + encrypt = lib.nettle_twofish_encrypt, + decrypt = lib.nettle_twofish_decrypt + } + } + } } -local context = ffi_typeof "NETTLE_TWOFISH_CTX[1]" local twofish = {} twofish.__index = twofish -function twofish.new(key, mode, iv, ad) - local len = #key - if len ~= 16 and len ~= 24 and len ~= 32 then - return nil, "the TWOFISH supported key sizes are 128, 192, and 256 bits" - end - mode = (mode or "ecb"):lower() - local config = ciphers[mode] - if not config then - return nil, "the TWOFISH supported modes are ECB, CBC, and CTR" - end - local bits = len * 8 - local cipher = config[bits] - local context = ffi_new(context) - cipher.setkey(context, key) - local iv_size = config.iv_size - if iv_size then - iv = iv or "" - if #iv ~= iv_size then - return "the TWOFISH-" .. mode:upper() .. " supported initialization vector size is " .. (iv_size * 8) .. " bits" - end +function twofish.new(key, mode, iv, _) + local len = #key + if len ~= 16 and len ~= 24 and len ~= 32 then + return nil, "the TWOFISH supported key sizes are 128, 192, and 256 bits" + end + + if mode then + mode = lower(mode) + else + mode = "ecb" + end + + local config = ciphers[mode] + if not config then + return nil, "the TWOFISH supported modes are ECB, CBC, and CTR" + end + local bits = len * 8 + local cip = config[bits] + local ctx = ffi_new(context) + cip.setkey(ctx, key) + local iv_size = config.iv_size + if iv_size then + iv = iv or "" + if #iv ~= iv_size then + return "the TWOFISH-" .. mode:upper() .. " supported initialization vector size is " .. (iv_size * 8) .. + " bits" end - return setmetatable({ - context = context, - cipher = cipher, - iv = iv }, twofish) + end + return setmetatable({ + context = ctx, + cipher = cip, + iv = iv + }, twofish) end function twofish:encrypt(src, len) - local cipher = self.cipher - local context = self.context - len = len or #src - if self.iv then - local dln = len - if cipher.padding then dln = ceil(dln / 16) * 16 end - local dst = ffi_new(uint8t, dln) - ffi_copy(dst, src, len) - local ivl = #self.iv - local iv = ffi_new(uint8t, ivl) - ffi_copy(iv, self.iv, ivl) - cipher.encrypt(context, cipher.cipher.encrypt, 16, iv, dln, dst, dst) - return ffi_str(dst, dln) - end - local dln = ceil(len / 16) * 16 - local dst = ffi_new(uint8t, dln) + local cip = self.cipher + local ctx = self.context + len = len or #src + if self.iv then + local dln = len + if cip.padding then dln = ceil(dln / 16) * 16 end + local dst = ffi_new(types.uint8_t, dln) ffi_copy(dst, src, len) - cipher.encrypt(context, dln, dst, dst) + local ivl = #self.iv + local iv = ffi_new(types.uint8_t, ivl) + ffi_copy(iv, self.iv, ivl) + cip.encrypt(ctx, cip.cipher.encrypt, 16, iv, dln, dst, dst) return ffi_str(dst, dln) + end + local dln = ceil(len / 16) * 16 + local dst = ffi_new(types.uint8_t, dln) + ffi_copy(dst, src, len) + cip.encrypt(ctx, dln, dst, dst) + return ffi_str(dst, dln) end function twofish:decrypt(src, len) - local cipher = self.cipher - local context = self.context - len = len or #src - if self.iv then - local dst = ffi_new(uint8t, len) - local ivl = #self.iv - local iv = ffi_new(uint8t, ivl) - ffi_copy(iv, self.iv, ivl) - cipher.decrypt(context, cipher.cipher.decrypt, 16, iv, len, dst, src) - return ffi_str(dst, len) - - end - local dln = ceil(len / 16) * 16 - local dst = ffi_new(uint8t, dln) - cipher.decrypt(self.context, dln, dst, src) + local cip = self.cipher + local ctx = self.context + len = len or #src + if self.iv then + local dst = ffi_new(types.uint8_t, len) + local ivl = #self.iv + local iv = ffi_new(types.uint8_t, ivl) + ffi_copy(iv, self.iv, ivl) + cip.decrypt(ctx, cip.cipher.decrypt, 16, iv, len, dst, src) return ffi_str(dst, len) + end + local dln = ceil(len / 16) * 16 + local dst = ffi_new(types.uint8_t, dln) + cip.decrypt(ctx, dln, dst, src) + return ffi_str(dst, len) end + return twofish diff --git a/lib/resty/nettle/types/aead.lua b/lib/resty/nettle/types/aead.lua deleted file mode 100644 index 674085a..0000000 --- a/lib/resty/nettle/types/aead.lua +++ /dev/null @@ -1,24 +0,0 @@ -require "resty.nettle.types.cipher" -require "resty.nettle.types.hash" -local ffi = require "ffi" -local ffi_cdef = ffi.cdef - -ffi_cdef[[ -typedef void nettle_crypt_func(void *ctx, size_t length, uint8_t *dst, const uint8_t *src); -struct nettle_aead { - const char *name; - unsigned context_size; - unsigned block_size; - unsigned key_size; - unsigned nonce_size; - unsigned digest_size; - nettle_set_key_func *set_encrypt_key; - nettle_set_key_func *set_decrypt_key; - nettle_set_key_func *set_nonce; - nettle_hash_update_func *update; - nettle_crypt_func *encrypt; - nettle_crypt_func *decrypt; - nettle_hash_digest_func *digest; -}; -extern const struct nettle_aead * const nettle_aeads[]; -]] \ No newline at end of file diff --git a/lib/resty/nettle/types/aes.lua b/lib/resty/nettle/types/aes.lua index cea42ba..fde3705 100644 --- a/lib/resty/nettle/types/aes.lua +++ b/lib/resty/nettle/types/aes.lua @@ -1,52 +1,81 @@ -require "resty.nettle.types.cbc" -require "resty.nettle.types.ctr" -require "resty.nettle.types.eax" -require "resty.nettle.types.gcm" -require "resty.nettle.types.ccm" - -local ffi = require "ffi" +local ffi = require "ffi" local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof + +ffi_cdef [[ +void +nettle_aes128_set_encrypt_key(struct aes128_ctx *ctx, const uint8_t *key); + +void +nettle_aes128_set_decrypt_key(struct aes128_ctx *ctx, const uint8_t *key); + +void +nettle_aes128_invert_key(struct aes128_ctx *dst, + const struct aes128_ctx *src); + +void +nettle_aes128_encrypt(const struct aes128_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); + +void +nettle_aes128_decrypt(const struct aes128_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); + +void +nettle_aes192_set_encrypt_key(struct aes192_ctx *ctx, const uint8_t *key); + +void +nettle_aes192_set_decrypt_key(struct aes192_ctx *ctx, const uint8_t *key); + +void +nettle_aes192_invert_key(struct aes192_ctx *dst, + const struct aes192_ctx *src); -ffi_cdef[[ -typedef struct aes128_ctx { - uint32_t keys[44]; -} NETTLE_AES128_CTX; -typedef struct aes192_ctx { - uint32_t keys[52]; -} NETTLE_AES192_CTX; -typedef struct aes256_ctx { - uint32_t keys[60]; -} NETTLE_AES256_CTX; -typedef struct eax_aes128_ctx { - struct eax_key key; - struct eax_ctx eax; - struct aes128_ctx cipher; -} NETTLE_EAX_AES128_CTX; -typedef struct gcm_aes128_ctx { - struct gcm_key key; - struct gcm_ctx gcm; - struct aes128_ctx cipher; -} NETTLE_GCM_AES128_CTX; -typedef struct gcm_aes192_ctx { - struct gcm_key key; - struct gcm_ctx gcm; - struct aes192_ctx cipher; -} NETTLE_GCM_AES192_CTX; -typedef struct gcm_aes256_ctx { - struct gcm_key key; - struct gcm_ctx gcm; - struct aes256_ctx cipher; -} NETTLE_GCM_AES256_CTX; -typedef struct ccm_aes128_ctx { - struct ccm_ctx ccm; - struct aes128_ctx cipher; -} NETTLE_CCM_AES128_CTX; -typedef struct ccm_aes192_ctx { - struct ccm_ctx ccm; - struct aes192_ctx cipher; -} NETTLE_CCM_AES192_CTX; -typedef struct ccm_aes256_ctx { - struct ccm_ctx ccm; - struct aes256_ctx cipher; -} NETTLE_CCM_AES256_CTX; +void +nettle_aes192_encrypt(const struct aes192_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); + +void +nettle_aes192_decrypt(const struct aes192_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); + +void +nettle_aes256_set_encrypt_key(struct aes256_ctx *ctx, const uint8_t *key); + +void +nettle_aes256_set_decrypt_key(struct aes256_ctx *ctx, const uint8_t *key); + +void +nettle_aes256_invert_key(struct aes256_ctx *dst, + const struct aes256_ctx *src); + +void +nettle_aes256_encrypt(const struct aes256_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); + +void +nettle_aes256_decrypt(const struct aes256_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); ]] + +return { + aes128 = ffi_typeof [[ +struct aes128_ctx { + uint32_t keys[4 * (10 + 1)]; +}]], + aes192 = ffi_typeof [[ +struct aes192_ctx { + uint32_t keys[4 * (12 + 1)]; +}]], + aes256 = ffi_typeof [[ +struct aes256_ctx { + uint32_t keys[4 * (14 + 1)]; +}]], +} + diff --git a/lib/resty/nettle/types/arcfour.lua b/lib/resty/nettle/types/arcfour.lua new file mode 100644 index 0000000..a22d16b --- /dev/null +++ b/lib/resty/nettle/types/arcfour.lua @@ -0,0 +1,24 @@ +local ffi = require "ffi" +local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof + +ffi_cdef [[ +void +nettle_arcfour_set_key(struct arcfour_ctx *ctx, + size_t length, const uint8_t *key); + +void +nettle_arcfour128_set_key(struct arcfour_ctx *ctx, const uint8_t *key); + +void +nettle_arcfour_crypt(struct arcfour_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); +]] + +return ffi_typeof [[ +struct arcfour_ctx { + uint8_t S[256]; + uint8_t i; + uint8_t j; +}]] diff --git a/lib/resty/nettle/types/asn1.lua b/lib/resty/nettle/types/asn1.lua deleted file mode 100644 index 5b41464..0000000 --- a/lib/resty/nettle/types/asn1.lua +++ /dev/null @@ -1,47 +0,0 @@ -local ffi = require "ffi" -local ffi_cdef = ffi.cdef - -ffi_cdef[[ -enum { - ASN1_TYPE_CONSTRUCTED = 1 << 12, - ASN1_CLASS_UNIVERSAL = 0, - ASN1_CLASS_APPLICATION = 1 << 13, - ASN1_CLASS_CONTEXT_SPECIFIC = 2 << 13, - ASN1_CLASS_PRIVATE = 3 << 13, - ASN1_CLASS_MASK = 3 << 13, - ASN1_CLASS_SHIFT = 13, -}; -enum asn1_type { - ASN1_BOOLEAN = 1, - ASN1_INTEGER = 2, - ASN1_BITSTRING = 3, - ASN1_OCTETSTRING = 4, - ASN1_NULL = 5, - ASN1_IDENTIFIER = 6, - ASN1_REAL = 9, - ASN1_ENUMERATED = 10, - ASN1_UTF8STRING = 12, - ASN1_SEQUENCE = 16 | ASN1_TYPE_CONSTRUCTED, - ASN1_SET = 17 | ASN1_TYPE_CONSTRUCTED, - ASN1_PRINTABLESTRING = 19, - ASN1_TELETEXSTRING = 20, - ASN1_IA5STRING = 22, - ASN1_UTC = 23, - ASN1_UNIVERSALSTRING = 28, - ASN1_BMPSTRING = 30, -}; -enum asn1_iterator_result { - ASN1_ITERATOR_ERROR, - ASN1_ITERATOR_PRIMITIVE, - ASN1_ITERATOR_CONSTRUCTED, - ASN1_ITERATOR_END, -}; -struct asn1_der_iterator { - size_t buffer_length; - const uint8_t *buffer; - size_t pos; - enum asn1_type type; - size_t length; - const uint8_t *data; -}; -]] diff --git a/lib/resty/nettle/types/base16.lua b/lib/resty/nettle/types/base16.lua new file mode 100644 index 0000000..3472755 --- /dev/null +++ b/lib/resty/nettle/types/base16.lua @@ -0,0 +1,38 @@ +local ffi = require "ffi" +local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof + +ffi_cdef [[ +void +nettle_base16_encode_single(char *dst, + uint8_t src); + +void +nettle_base16_encode_update(char *dst, + size_t length, + const uint8_t *src); + +void +nettle_base16_decode_init(struct base16_decode_ctx *ctx); + +int +nettle_base16_decode_single(struct base16_decode_ctx *ctx, + uint8_t *dst, + char src); + +int +nettle_base16_decode_update(struct base16_decode_ctx *ctx, + size_t *dst_length, + uint8_t *dst, + size_t src_length, + const char *src); + +int +nettle_base16_decode_final(struct base16_decode_ctx *ctx); +]] + +return ffi_typeof [[ +struct base16_decode_ctx { + unsigned char word; + unsigned char bits; +}]] diff --git a/lib/resty/nettle/types/base64.lua b/lib/resty/nettle/types/base64.lua new file mode 100644 index 0000000..177c58b --- /dev/null +++ b/lib/resty/nettle/types/base64.lua @@ -0,0 +1,70 @@ +local ffi = require "ffi" +local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof + +ffi_cdef [[ +void +nettle_base64_encode_init(struct base64_encode_ctx *ctx); + +void +nettle_base64url_encode_init(struct base64_encode_ctx *ctx); + +size_t +nettle_base64_encode_single(struct base64_encode_ctx *ctx, + char *dst, + uint8_t src); + +size_t +nettle_base64_encode_update(struct base64_encode_ctx *ctx, + char *dst, + size_t length, + const uint8_t *src); + +size_t +nettle_base64_encode_final(struct base64_encode_ctx *ctx, + char *dst); + +void +nettle_base64_encode_raw(char *dst, size_t length, const uint8_t *src); + +void +nettle_base64_encode_group(char *dst, uint32_t group); + + +void +nettle_base64_decode_init(struct base64_decode_ctx *ctx); + +void +nettle_base64url_decode_init(struct base64_decode_ctx *ctx); + +int +nettle_base64_decode_single(struct base64_decode_ctx *ctx, + uint8_t *dst, + char src); + +int +nettle_base64_decode_update(struct base64_decode_ctx *ctx, + size_t *dst_length, + uint8_t *dst, + size_t src_length, + const char *src); + +int +nettle_base64_decode_final(struct base64_decode_ctx *ctx); +]] + +return { + encode = ffi_typeof [[ +struct base64_encode_ctx { + const char *alphabet; + unsigned short word; + unsigned char bits; +}]], + decode = ffi_typeof [[ +struct base64_decode_ctx { + const signed char *table; + unsigned short word; + unsigned char bits; + unsigned char padding; +}]] +} diff --git a/lib/resty/nettle/types/blowfish.lua b/lib/resty/nettle/types/blowfish.lua new file mode 100644 index 0000000..a5fd738 --- /dev/null +++ b/lib/resty/nettle/types/blowfish.lua @@ -0,0 +1,26 @@ +local ffi = require "ffi" +local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof + +ffi_cdef [[ +int +nettle_blowfish_set_key(struct blowfish_ctx *ctx, + size_t length, const uint8_t *key); +int +nettle_blowfish128_set_key(struct blowfish_ctx *ctx, const uint8_t *key); + +void +nettle_blowfish_encrypt(const struct blowfish_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); +void +nettle_blowfish_decrypt(const struct blowfish_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); +]] + +return ffi_typeof [[ +struct blowfish_ctx { + uint32_t s[4][256]; + uint32_t p[18]; +}]] diff --git a/lib/resty/nettle/types/buffer.lua b/lib/resty/nettle/types/buffer.lua deleted file mode 100644 index c1a7ac1..0000000 --- a/lib/resty/nettle/types/buffer.lua +++ /dev/null @@ -1,13 +0,0 @@ -require "resty.nettle.library" -local ffi = require "ffi" -local ffi_cdef = ffi.cdef - -ffi_cdef[[ -typedef struct nettle_buffer { - uint8_t *contents; - size_t alloc; - void *realloc_ctx; - nettle_realloc_func *realloc; - size_t size; -} NETTLE_BUFFER; -]] \ No newline at end of file diff --git a/lib/resty/nettle/types/camellia.lua b/lib/resty/nettle/types/camellia.lua index f528668..e994659 100644 --- a/lib/resty/nettle/types/camellia.lua +++ b/lib/resty/nettle/types/camellia.lua @@ -1,23 +1,62 @@ -require "resty.nettle.types.gcm" - -local ffi = require "ffi" +local ffi = require "ffi" local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof + +ffi_cdef [[ +void +nettle_camellia128_set_encrypt_key(struct camellia128_ctx *ctx, + const uint8_t *key); + +void +nettle_camellia128_set_decrypt_key(struct camellia128_ctx *ctx, + const uint8_t *key); + +void +nettle_camellia128_invert_key(struct camellia128_ctx *dst, + const struct camellia128_ctx *src); + +void +nettle_camellia128_crypt(const struct camellia128_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); + +void +nettle_camellia256_set_encrypt_key(struct camellia256_ctx *ctx, + const uint8_t *key); + +void +nettle_camellia256_set_decrypt_key(struct camellia256_ctx *ctx, + const uint8_t *key); + +void +nettle_camellia256_invert_key(struct camellia256_ctx *dst, + const struct camellia256_ctx *src); -ffi_cdef[[ -typedef struct camellia128_ctx { +void +nettle_camellia256_crypt(const struct camellia256_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); + +void +nettle_camellia192_set_encrypt_key(struct camellia256_ctx *ctx, + const uint8_t *key); + +void +nettle_camellia192_set_decrypt_key(struct camellia256_ctx *ctx, + const uint8_t *key); +]] + +local contexts = { + camellia128 = ffi_typeof [[ +struct camellia128_ctx { uint64_t keys[24]; -} NETTLE_CAMELLIA128_CTX; -typedef struct camellia256_ctx { +}]], + camellia256 = ffi_typeof [[ +struct camellia256_ctx { uint64_t keys[32]; -} NETTLE_CAMELLIA256_CTX; -typedef struct gcm_camellia128_ctx { - struct gcm_key key; - struct gcm_ctx gcm; - struct camellia128_ctx cipher; -} NETTLE_GCM_CAMELLIA128_CTX; -typedef struct gcm_camellia256_ctx { - struct gcm_key key; - struct gcm_ctx gcm; - struct camellia256_ctx cipher; -} NETTLE_GCM_CAMELLIA256_CTX; -]] +}]], +} + +contexts.camellia192 = contexts.camellia256 + +return contexts diff --git a/lib/resty/nettle/types/cast128.lua b/lib/resty/nettle/types/cast128.lua new file mode 100644 index 0000000..761aabb --- /dev/null +++ b/lib/resty/nettle/types/cast128.lua @@ -0,0 +1,29 @@ +local ffi = require "ffi" +local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof + +ffi_cdef [[ +void +nettle_cast5_set_key(struct cast128_ctx *ctx, + size_t length, const uint8_t *key); + +void +nettle_cast128_set_key(struct cast128_ctx *ctx, const uint8_t *key); + +void +nettle_cast128_encrypt(const struct cast128_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); + +void +nettle_cast128_decrypt(const struct cast128_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); +]] + +return ffi_typeof [[ +struct cast128_ctx { + unsigned rounds; + unsigned char Kr[16]; + uint32_t Km[16]; +}]] diff --git a/lib/resty/nettle/types/cbc.lua b/lib/resty/nettle/types/cbc.lua index efc1b3e..828731e 100644 --- a/lib/resty/nettle/types/cbc.lua +++ b/lib/resty/nettle/types/cbc.lua @@ -1,9 +1,18 @@ -require "resty.nettle.library" +require "resty.nettle.types.nettle-types" -local ffi = require "ffi" +local ffi = require "ffi" local ffi_cdef = ffi.cdef -ffi_cdef[[ -void nettle_cbc_encrypt(const void *ctx, nettle_cipher_func *f, size_t block_size, uint8_t *iv, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_cbc_decrypt(const void *ctx, nettle_cipher_func *f, size_t block_size, uint8_t *iv, size_t length, uint8_t *dst, const uint8_t *src); +ffi_cdef [[ +void +nettle_cbc_encrypt(const void *ctx, nettle_cipher_func *f, + size_t block_size, uint8_t *iv, + size_t length, uint8_t *dst, + const uint8_t *src); + +void +nettle_cbc_decrypt(const void *ctx, nettle_cipher_func *f, + size_t block_size, uint8_t *iv, + size_t length, uint8_t *dst, + const uint8_t *src); ]] diff --git a/lib/resty/nettle/types/ccm.lua b/lib/resty/nettle/types/ccm.lua index 46d3fbe..5e751c7 100644 --- a/lib/resty/nettle/types/ccm.lua +++ b/lib/resty/nettle/types/ccm.lua @@ -1,12 +1,181 @@ -require "resty.nettle.library" +require "resty.nettle.types.nettle-types" -local ffi = require "ffi" +local ffi = require "ffi" local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof -ffi_cdef[[ -typedef struct ccm_ctx { +ffi_cdef [[ +void +nettle_ccm_set_nonce(struct ccm_ctx *ctx, const void *cipher, nettle_cipher_func *f, + size_t noncelen, const uint8_t *nonce, + size_t authlen, size_t msglen, size_t taglen); + +void +nettle_ccm_update(struct ccm_ctx *ctx, const void *cipher, nettle_cipher_func *f, + size_t length, const uint8_t *data); + +void +nettle_ccm_encrypt(struct ccm_ctx *ctx, const void *cipher, nettle_cipher_func *f, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_ccm_decrypt(struct ccm_ctx *ctx, const void *cipher, nettle_cipher_func *f, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_ccm_digest(struct ccm_ctx *ctx, const void *cipher, nettle_cipher_func *f, + size_t length, uint8_t *digest); + +void +nettle_ccm_encrypt_message(const void *cipher, nettle_cipher_func *f, + size_t nlength, const uint8_t *nonce, + size_t alength, const uint8_t *adata, + size_t tlength, + size_t clength, uint8_t *dst, const uint8_t *src); + +int +nettle_ccm_decrypt_message(const void *cipher, nettle_cipher_func *f, + size_t nlength, const uint8_t *nonce, + size_t alength, const uint8_t *adata, + size_t tlength, + size_t mlength, uint8_t *dst, const uint8_t *src); + +void +nettle_ccm_aes128_set_key(struct ccm_aes128_ctx *ctx, const uint8_t *key); + +void +nettle_ccm_aes128_set_nonce(struct ccm_aes128_ctx *ctx, + size_t length, const uint8_t *nonce, + size_t authlen, size_t msglen, size_t taglen); + +void +nettle_ccm_aes128_update(struct ccm_aes128_ctx *ctx, + size_t length, const uint8_t *data); + +void +nettle_ccm_aes128_encrypt(struct ccm_aes128_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_ccm_aes128_decrypt(struct ccm_aes128_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_ccm_aes128_digest(struct ccm_aes128_ctx *ctx, + size_t length, uint8_t *digest); + +void +nettle_ccm_aes128_encrypt_message(struct ccm_aes128_ctx *ctx, + size_t nlength, const uint8_t *nonce, + size_t alength, const uint8_t *adata, + size_t tlength, + size_t clength, uint8_t *dst, const uint8_t *src); + +int +nettle_ccm_aes128_decrypt_message(struct ccm_aes128_ctx *ctx, + size_t nlength, const uint8_t *nonce, + size_t alength, const uint8_t *adata, + size_t tlength, + size_t mlength, uint8_t *dst, const uint8_t *src); + + +void +nettle_ccm_aes192_set_key(struct ccm_aes192_ctx *ctx, const uint8_t *key); + +void +nettle_ccm_aes192_set_nonce(struct ccm_aes192_ctx *ctx, + size_t length, const uint8_t *nonce, + size_t authlen, size_t msglen, size_t taglen); + +void +nettle_ccm_aes192_update(struct ccm_aes192_ctx *ctx, + size_t length, const uint8_t *data); + +void +nettle_ccm_aes192_encrypt(struct ccm_aes192_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_ccm_aes192_decrypt(struct ccm_aes192_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_ccm_aes192_digest(struct ccm_aes192_ctx *ctx, + size_t length, uint8_t *digest); + +void +nettle_ccm_aes192_encrypt_message(struct ccm_aes192_ctx *ctx, + size_t nlength, const uint8_t *nonce, + size_t alength, const uint8_t *adata, + size_t tlength, + size_t clength, uint8_t *dst, const uint8_t *src); + +int +nettle_ccm_aes192_decrypt_message(struct ccm_aes192_ctx *ctx, + size_t nlength, const uint8_t *nonce, + size_t alength, const uint8_t *adata, + size_t tlength, + size_t mlength, uint8_t *dst, const uint8_t *src); + +void +nettle_ccm_aes256_set_key(struct ccm_aes256_ctx *ctx, const uint8_t *key); + +void +nettle_ccm_aes256_set_nonce(struct ccm_aes256_ctx *ctx, + size_t length, const uint8_t *nonce, + size_t authlen, size_t msglen, size_t taglen); + +void +nettle_ccm_aes256_update(struct ccm_aes256_ctx *ctx, + size_t length, const uint8_t *data); + +void +nettle_ccm_aes256_encrypt(struct ccm_aes256_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_ccm_aes256_decrypt(struct ccm_aes256_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_ccm_aes256_digest(struct ccm_aes256_ctx *ctx, + size_t length, uint8_t *digest); + +void +nettle_ccm_aes256_encrypt_message(struct ccm_aes256_ctx *ctx, + size_t nlength, const uint8_t *nonce, + size_t alength, const uint8_t *adata, + size_t tlength, + size_t clength, uint8_t *dst, const uint8_t *src); + +int +nettle_ccm_aes256_decrypt_message(struct ccm_aes256_ctx *ctx, + size_t nlength, const uint8_t *nonce, + size_t alength, const uint8_t *adata, + size_t tlength, + size_t mlength, uint8_t *dst, const uint8_t *src); +]] + +return { + ccm = ffi_typeof [[ +struct ccm_ctx { union nettle_block16 ctr; union nettle_block16 tag; unsigned int blength; -} NETTLE_CCM_CTX; -]] +}]], + ccm_aes128 = ffi_typeof [[ +struct ccm_aes128_ctx { + struct ccm_ctx ccm; + struct aes128_ctx cipher; +}]], + ccm_aes192 = ffi_typeof [[ +struct ccm_aes192_ctx { + struct ccm_ctx ccm; + struct aes192_ctx cipher; +}]], + ccm_aes256 = ffi_typeof [[ +struct ccm_aes256_ctx { + struct ccm_ctx ccm; + struct aes256_ctx cipher; +}]], +} diff --git a/lib/resty/nettle/types/cfb.lua b/lib/resty/nettle/types/cfb.lua new file mode 100644 index 0000000..b0d2c56 --- /dev/null +++ b/lib/resty/nettle/types/cfb.lua @@ -0,0 +1,30 @@ +require "resty.nettle.types.nettle-types" + +local ffi = require "ffi" +local ffi_cdef = ffi.cdef + +ffi_cdef [[ +void +nettle_cfb_encrypt(const void *ctx, nettle_cipher_func *f, + size_t block_size, uint8_t *iv, + size_t length, uint8_t *dst, + const uint8_t *src); + +void +nettle_cfb_decrypt(const void *ctx, nettle_cipher_func *f, + size_t block_size, uint8_t *iv, + size_t length, uint8_t *dst, + const uint8_t *src); + +void +nettle_cfb8_encrypt(const void *ctx, nettle_cipher_func *f, + size_t block_size, uint8_t *iv, + size_t length, uint8_t *dst, + const uint8_t *src); + +void +nettle_cfb8_decrypt(const void *ctx, nettle_cipher_func *f, + size_t block_size, uint8_t *iv, + size_t length, uint8_t *dst, + const uint8_t *src); +]] diff --git a/lib/resty/nettle/types/chacha-poly1305.lua b/lib/resty/nettle/types/chacha-poly1305.lua new file mode 100644 index 0000000..3983fac --- /dev/null +++ b/lib/resty/nettle/types/chacha-poly1305.lua @@ -0,0 +1,43 @@ +require "resty.nettle.types.chacha" +require "resty.nettle.types.poly1305" + +local ffi = require "ffi" +local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof + +ffi_cdef [[ +void +nettle_chacha_poly1305_set_key(struct chacha_poly1305_ctx *ctx, + const uint8_t *key); + +void +nettle_chacha_poly1305_set_nonce(struct chacha_poly1305_ctx *ctx, + const uint8_t *nonce); + +void +nettle_chacha_poly1305_update(struct chacha_poly1305_ctx *ctx, + size_t length, const uint8_t *data); + +void +nettle_chacha_poly1305_encrypt(struct chacha_poly1305_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_chacha_poly1305_decrypt(struct chacha_poly1305_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_chacha_poly1305_digest(struct chacha_poly1305_ctx *ctx, + size_t length, uint8_t *digest); +]] + +return ffi_typeof [[ +struct chacha_poly1305_ctx { + struct chacha_ctx chacha; + struct poly1305_ctx poly1305; + union nettle_block16 s; + uint64_t auth_size; + uint64_t data_size; + uint8_t block[16]; + unsigned index; +}]] diff --git a/lib/resty/nettle/types/chacha.lua b/lib/resty/nettle/types/chacha.lua index fec0711..b17232c 100644 --- a/lib/resty/nettle/types/chacha.lua +++ b/lib/resty/nettle/types/chacha.lua @@ -1,8 +1,23 @@ -local ffi = require "ffi" +local ffi = require "ffi" local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof -ffi_cdef[[ -typedef struct chacha_ctx { - uint32_t state[16]; -} NETTLE_CHACHA_CTX; +ffi_cdef [[ +void +nettle_chacha_set_key(struct chacha_ctx *ctx, const uint8_t *key); + +void +nettle_chacha_set_nonce(struct chacha_ctx *ctx, const uint8_t *nonce); + +void +nettle_chacha_set_nonce96(struct chacha_ctx *ctx, const uint8_t *nonce); + +void +nettle_chacha_crypt(struct chacha_ctx *ctx, size_t length, + uint8_t *dst, const uint8_t *src); ]] + +return ffi_typeof [[ +struct chacha_ctx { + uint32_t state[16]; +}]] diff --git a/lib/resty/nettle/types/cipher.lua b/lib/resty/nettle/types/cipher.lua deleted file mode 100644 index 0767e60..0000000 --- a/lib/resty/nettle/types/cipher.lua +++ /dev/null @@ -1,18 +0,0 @@ -local ffi = require "ffi" -local ffi_cdef = ffi.cdef - -ffi_cdef[[ -typedef void nettle_set_key_func(void *ctx, const uint8_t *key); -typedef void nettle_cipher_func(const void *ctx, size_t length, uint8_t *dst, const uint8_t *src); -struct nettle_cipher { - const char *name; - unsigned context_size; - unsigned block_size; - unsigned key_size; - nettle_set_key_func *set_encrypt_key; - nettle_set_key_func *set_decrypt_key; - nettle_cipher_func *encrypt; - nettle_cipher_func *decrypt; -}; -extern const struct nettle_cipher * const nettle_ciphers[]; -]] \ No newline at end of file diff --git a/lib/resty/nettle/types/cmac.lua b/lib/resty/nettle/types/cmac.lua new file mode 100644 index 0000000..61e072f --- /dev/null +++ b/lib/resty/nettle/types/cmac.lua @@ -0,0 +1,51 @@ +require "resty.nettle.types.nettle-types" +require "resty.nettle.types.aes" + +local ffi = require "ffi" +local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof + +ffi_cdef [[ +struct cmac128_ctx { + union nettle_block16 K1; + union nettle_block16 K2; + union nettle_block16 X; + union nettle_block16 block; + size_t index; +}; + +void +nettle_cmac_aes128_set_key(struct cmac_aes128_ctx *ctx, const uint8_t *key); + +void +nettle_cmac_aes128_update(struct cmac_aes128_ctx *ctx, + size_t length, const uint8_t *data); + +void +nettle_cmac_aes128_digest(struct cmac_aes128_ctx *ctx, + size_t length, uint8_t *digest); + +void +nettle_cmac_aes256_set_key(struct cmac_aes256_ctx *ctx, const uint8_t *key); + +void +nettle_cmac_aes256_update(struct cmac_aes256_ctx *ctx, + size_t length, const uint8_t *data); + +void +nettle_cmac_aes256_digest(struct cmac_aes256_ctx *ctx, + size_t length, uint8_t *digest); +]] + +return { + aes128 = ffi_typeof [[ +struct cmac_aes128_ctx { + struct cmac128_ctx ctx; + struct aes128_ctx cipher; +}]], + aes256 = ffi_typeof [[ +struct cmac_aes256_ctx { + struct cmac128_ctx ctx; + struct aes256_ctx cipher; +}]], +} diff --git a/lib/resty/nettle/types/common.lua b/lib/resty/nettle/types/common.lua new file mode 100644 index 0000000..057658a --- /dev/null +++ b/lib/resty/nettle/types/common.lua @@ -0,0 +1,30 @@ +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_typeof = ffi.typeof + +local types = { + size_t = ffi_typeof "size_t[?]", + uint8_t = ffi_typeof "uint8_t[?]", + uint32_t = ffi_typeof "uint32_t[?]", + char = ffi_typeof "char[?]", +} + +return { + size_t = types.size_t, + size_t_8 = ffi_new(types.size_t, 1), + uint8_t = types.uint8_t, + uint8_t_1 = ffi_new(types.uint8_t, 1), + uint8_t_4 = ffi_new(types.uint8_t, 4), + uint8_t_8 = ffi_new(types.uint8_t, 8), + uint8_t_12 = ffi_new(types.uint8_t, 12), + uint8_t_16 = ffi_new(types.uint8_t, 16), + uint8_t_20 = ffi_new(types.uint8_t, 20), + uint8_t_28 = ffi_new(types.uint8_t, 28), + uint8_t_32 = ffi_new(types.uint8_t, 32), + uint8_t_48 = ffi_new(types.uint8_t, 48), + uint8_t_64 = ffi_new(types.uint8_t, 64), + uint32_t = types.uint32_t, + char = types.char, + char_2 = ffi_new(types.char, 2), + char_3 = ffi_new(types.char, 3), +} diff --git a/lib/resty/nettle/types/ctr.lua b/lib/resty/nettle/types/ctr.lua index eaf6bfc..4bd611b 100644 --- a/lib/resty/nettle/types/ctr.lua +++ b/lib/resty/nettle/types/ctr.lua @@ -1,8 +1,12 @@ -require "resty.nettle.library" +require "resty.nettle.types.nettle-types" -local ffi = require "ffi" +local ffi = require "ffi" local ffi_cdef = ffi.cdef -ffi_cdef[[ -void nettle_ctr_crypt(const void *ctx, nettle_cipher_func *f, size_t block_size, uint8_t *ctr, size_t length, uint8_t *dst, const uint8_t *src); +ffi_cdef [[ +void +nettle_ctr_crypt(const void *ctx, nettle_cipher_func *f, + size_t block_size, uint8_t *ctr, + size_t length, uint8_t *dst, + const uint8_t *src); ]] diff --git a/lib/resty/nettle/types/curve25519.lua b/lib/resty/nettle/types/curve25519.lua new file mode 100644 index 0000000..6e53e6d --- /dev/null +++ b/lib/resty/nettle/types/curve25519.lua @@ -0,0 +1,10 @@ +local ffi = require "ffi" +local ffi_cdef = ffi.cdef + +ffi_cdef [[ +void +nettle_curve25519_mul_g (uint8_t *q, const uint8_t *n); + +void +nettle_curve25519_mul (uint8_t *q, const uint8_t *n, const uint8_t *p); +]] diff --git a/lib/resty/nettle/types/des.lua b/lib/resty/nettle/types/des.lua index 9df73c9..0e4ad9c 100644 --- a/lib/resty/nettle/types/des.lua +++ b/lib/resty/nettle/types/des.lua @@ -1,14 +1,52 @@ require "resty.nettle.types.cbc" require "resty.nettle.types.ctr" -local ffi = require "ffi" +local ffi = require "ffi" local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof -ffi_cdef[[ -typedef struct des_ctx { +ffi_cdef [[ +int +nettle_des_set_key(struct des_ctx *ctx, const uint8_t *key); + +void +nettle_des_encrypt(const struct des_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); + +void +nettle_des_decrypt(const struct des_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); + +int +nettle_des_check_parity(size_t length, const uint8_t *key); + +void +nettle_des_fix_parity(size_t length, uint8_t *dst, + const uint8_t *src); + +int +nettle_des3_set_key(struct des3_ctx *ctx, const uint8_t *key); + +void +nettle_des3_encrypt(const struct des3_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); + +void +nettle_des3_decrypt(const struct des3_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); +]] + +return { + des = ffi_typeof [[ +struct des_ctx { uint32_t key[32]; -} NETTLE_DES_CTX; -typedef struct des3_ctx { +}]], + des3 = ffi_typeof [[ +struct des3_ctx { struct des_ctx des[3]; -} NETTLE_DES3_CTX; -]] +}]], +} diff --git a/lib/resty/nettle/types/dsa.lua b/lib/resty/nettle/types/dsa.lua index 87940ae..97260f9 100644 --- a/lib/resty/nettle/types/dsa.lua +++ b/lib/resty/nettle/types/dsa.lua @@ -1,16 +1,120 @@ require "resty.nettle.types.mpz" +require "resty.nettle.types.nettle-types" -local ffi = require "ffi" +local ffi = require "ffi" local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof -ffi_cdef[[ -typedef struct dsa_params { +ffi_cdef [[ +void +nettle_dsa_params_init (struct dsa_params *params); + +void +nettle_dsa_params_clear (struct dsa_params *params); + +void +nettle_dsa_signature_init(struct dsa_signature *signature); + +void +nettle_dsa_signature_clear(struct dsa_signature *signature); + +int +nettle_dsa_sign(const struct dsa_params *params, + const mpz_t x, + void *random_ctx, nettle_random_func *random, + size_t digest_size, + const uint8_t *digest, + struct dsa_signature *signature); + +int +nettle_dsa_verify(const struct dsa_params *params, + const mpz_t y, + size_t digest_size, + const uint8_t *digest, + const struct dsa_signature *signature); + + +int +nettle_dsa_generate_params(struct dsa_params *params, + void *random_ctx, nettle_random_func *random, + void *progress_ctx, nettle_progress_func *progress, + unsigned p_bits, unsigned q_bits); + +void +nettle_dsa_generate_keypair(const struct dsa_params *params, + mpz_t pub, mpz_t key, + void *random_ctx, nettle_random_func *random); + +int +nettle_dsa_keypair_to_sexp(struct nettle_buffer *buffer, + const char *algorithm_name, + const struct dsa_params *params, + const mpz_t pub, + const mpz_t priv); + +int +nettle_dsa_signature_from_sexp(struct dsa_signature *rs, + struct sexp_iterator *i, + unsigned q_bits); + +int +nettle_dsa_keypair_from_sexp_alist(struct dsa_params *params, + mpz_t pub, + mpz_t priv, + unsigned p_max_bits, + unsigned q_bits, + struct sexp_iterator *i); + +int +nettle_dsa_sha1_keypair_from_sexp(struct dsa_params *params, + mpz_t pub, + mpz_t priv, + unsigned p_max_bits, + size_t length, const uint8_t *expr); + +int +nettle_dsa_sha256_keypair_from_sexp(struct dsa_params *params, + mpz_t pub, + mpz_t priv, + unsigned p_max_bits, + size_t length, const uint8_t *expr); + +int +nettle_dsa_params_from_der_iterator(struct dsa_params *params, + unsigned max_bits, unsigned q_bits, + struct asn1_der_iterator *i); + +int +nettle_dsa_public_key_from_der_iterator(const struct dsa_params *params, + mpz_t pub, + struct asn1_der_iterator *i); + +int +nettle_dsa_openssl_private_key_from_der_iterator(struct dsa_params *params, + mpz_t pub, + mpz_t priv, + unsigned p_max_bits, + struct asn1_der_iterator *i); + +int +nettle_dsa_openssl_private_key_from_der(struct dsa_params *params, + mpz_t pub, + mpz_t priv, + unsigned p_max_bits, + size_t length, const uint8_t *data); +]] + +return { + params = ffi_typeof [[ +struct dsa_params { mpz_t p; mpz_t q; mpz_t g; -} NETTLE_DSA_PARAMS; -typedef struct dsa_signature { +}]], + signature = ffi_typeof [[ +struct dsa_signature { mpz_t r; mpz_t s; -} NETTLE_DSA_SIGNATURE; -]] +}]] +} + diff --git a/lib/resty/nettle/types/eax.lua b/lib/resty/nettle/types/eax.lua index 09c3a10..9280c9d 100644 --- a/lib/resty/nettle/types/eax.lua +++ b/lib/resty/nettle/types/eax.lua @@ -1,23 +1,78 @@ -require "resty.nettle.library" +require "resty.nettle.types.nettle-types" -local ffi = require "ffi" +local ffi = require "ffi" local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof -ffi_cdef[[ -typedef struct eax_key { +ffi_cdef [[ +struct eax_key { union nettle_block16 pad_block; union nettle_block16 pad_partial; -} NETTLE_EAX_KEY; -typedef struct eax_ctx { +}; + +void +nettle_eax_set_key(struct eax_key *key, const void *cipher, nettle_cipher_func *f); + +void +nettle_eax_set_nonce(struct eax_ctx *eax, const struct eax_key *key, + const void *cipher, nettle_cipher_func *f, + size_t nonce_length, const uint8_t *nonce); + +void +nettle_eax_update(struct eax_ctx *eax, const struct eax_key *key, + const void *cipher, nettle_cipher_func *f, + size_t data_length, const uint8_t *data); + +void +nettle_eax_encrypt(struct eax_ctx *eax, const struct eax_key *key, + const void *cipher, nettle_cipher_func *f, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_eax_decrypt(struct eax_ctx *eax, const struct eax_key *key, + const void *cipher, nettle_cipher_func *f, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_eax_digest(struct eax_ctx *eax, const struct eax_key *key, + const void *cipher, nettle_cipher_func *f, + size_t length, uint8_t *digest); + +void +nettle_eax_aes128_set_key(struct eax_aes128_ctx *ctx, const uint8_t *key); + +void +nettle_eax_aes128_set_nonce(struct eax_aes128_ctx *ctx, + size_t length, const uint8_t *iv); + +void +nettle_eax_aes128_update(struct eax_aes128_ctx *ctx, + size_t length, const uint8_t *data); + +void +nettle_eax_aes128_encrypt(struct eax_aes128_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_eax_aes128_decrypt(struct eax_aes128_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_eax_aes128_digest(struct eax_aes128_ctx *ctx, size_t length, uint8_t *digest); +]] + +return { + eax = ffi_typeof [[ +struct eax_ctx { union nettle_block16 omac_nonce; union nettle_block16 omac_data; union nettle_block16 omac_message; union nettle_block16 ctr; -} NETTLE_EAX_CTX; -void nettle_eax_set_key (struct eax_key *key, const void *cipher, nettle_cipher_func *f); -void nettle_eax_set_nonce (struct eax_ctx *eax, const struct eax_key *key, const void *cipher, nettle_cipher_func *f, size_t nonce_length, const uint8_t *nonce); -void nettle_eax_update (struct eax_ctx *eax, const struct eax_key *key, const void *cipher, nettle_cipher_func *f, size_t data_length, const uint8_t *data); -void nettle_eax_encrypt (struct eax_ctx *eax, const struct eax_key *key, const void *cipher, nettle_cipher_func *f, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_eax_decrypt (struct eax_ctx *eax, const struct eax_key *key, const void *cipher, nettle_cipher_func *f, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_eax_digest (struct eax_ctx *eax, const struct eax_key *key, const void *cipher, nettle_cipher_func *f, size_t length, uint8_t *digest); -]] +}]], + eax_aes128 = ffi_typeof [[ +struct eax_aes128_ctx { + struct eax_key key; + struct eax_ctx eax; + struct aes128_ctx cipher; +}]], +} diff --git a/lib/resty/nettle/types/ecc.lua b/lib/resty/nettle/types/ecc.lua index 7ad4c9a..b41645e 100644 --- a/lib/resty/nettle/types/ecc.lua +++ b/lib/resty/nettle/types/ecc.lua @@ -1,21 +1,64 @@ +require "resty.nettle.types.nettle-types" require "resty.nettle.types.mpz" -local ffi = require "ffi" +local ffi = require "ffi" local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof -ffi_cdef[[ -struct ecc_curve; -extern const struct ecc_curve nettle_secp_192r1; -extern const struct ecc_curve nettle_secp_224r1; -extern const struct ecc_curve nettle_secp_256r1; -extern const struct ecc_curve nettle_secp_384r1; -extern const struct ecc_curve nettle_secp_521r1; -typedef struct ecc_point { +ffi_cdef [[ +const struct ecc_curve * nettle_get_secp_192r1(void); +const struct ecc_curve * nettle_get_secp_224r1(void); +const struct ecc_curve * nettle_get_secp_256r1(void); +const struct ecc_curve * nettle_get_secp_384r1(void); +const struct ecc_curve * nettle_get_secp_521r1(void); + +void +nettle_ecc_point_init (struct ecc_point *p, const struct ecc_curve *ecc); + +void +nettle_ecc_point_clear (struct ecc_point *p); + +int +nettle_ecc_point_set (struct ecc_point *p, const mpz_t x, const mpz_t y); + +void +nettle_ecc_point_get (const struct ecc_point *p, mpz_t x, mpz_t y); + +void +nettle_ecc_scalar_init (struct ecc_scalar *s, const struct ecc_curve *ecc); + +void +nettle_ecc_scalar_clear (struct ecc_scalar *s); + +int +nettle_ecc_scalar_set (struct ecc_scalar *s, const mpz_t z); + +void +nettle_ecc_scalar_get (const struct ecc_scalar *s, mpz_t z); + +void +nettle_ecc_scalar_random (struct ecc_scalar *s, + void *random_ctx, nettle_random_func *random); + +void +nettle_ecc_point_mul (struct ecc_point *r, const struct ecc_scalar *n, + const struct ecc_point *p); + +void +nettle_ecc_point_mul_g (struct ecc_point *r, const struct ecc_scalar *n); +]] + +return { + point = ffi_typeof [[ +struct ecc_point { const struct ecc_curve *ecc; mp_limb_t *p; -} NETTLE_ECC_POINT; -typedef struct ecc_scalar { +}]], + scalar = ffi_typeof [[ +struct ecc_scalar { const struct ecc_curve *ecc; mp_limb_t *p; -} NETTLE_ECC_SCALAR; -]] +}]], + curve = ffi_typeof "struct ecc_curve", +} + diff --git a/lib/resty/nettle/types/ecdsa.lua b/lib/resty/nettle/types/ecdsa.lua new file mode 100644 index 0000000..1340e9d --- /dev/null +++ b/lib/resty/nettle/types/ecdsa.lua @@ -0,0 +1,23 @@ +require "resty.nettle.types.ecc" + +local ffi = require "ffi" +local ffi_cdef = ffi.cdef + +ffi_cdef [[ +void +nettle_ecdsa_sign(const struct ecc_scalar *key, + void *random_ctx, nettle_random_func *random, + size_t digest_length, + const uint8_t *digest, + struct dsa_signature *signature); + +int +nettle_ecdsa_verify(const struct ecc_point *pub, + size_t length, const uint8_t *digest, + const struct dsa_signature *signature); + +void +nettle_ecdsa_generate_keypair(struct ecc_point *pub, + struct ecc_scalar *key, + void *random_ctx, nettle_random_func *random); +]] diff --git a/lib/resty/nettle/types/ed25519-sha512.lua b/lib/resty/nettle/types/ed25519-sha512.lua new file mode 100644 index 0000000..5ad8477 --- /dev/null +++ b/lib/resty/nettle/types/ed25519-sha512.lua @@ -0,0 +1,18 @@ +local ffi = require "ffi" +local ffi_cdef = ffi.cdef + +ffi_cdef [[ +void +nettle_ed25519_sha512_public_key (uint8_t *pub, const uint8_t *priv); + +void +nettle_ed25519_sha512_sign (const uint8_t *pub, + const uint8_t *priv, + size_t length, const uint8_t *msg, + uint8_t *signature); + +int +nettle_ed25519_sha512_verify (const uint8_t *pub, + size_t length, const uint8_t *msg, + const uint8_t *signature); +]] diff --git a/lib/resty/nettle/types/gcm.lua b/lib/resty/nettle/types/gcm.lua index e0e47f4..a2fd1b3 100644 --- a/lib/resty/nettle/types/gcm.lua +++ b/lib/resty/nettle/types/gcm.lua @@ -1,23 +1,197 @@ -require "resty.nettle.library" +require "resty.nettle.types.nettle-types" +require "resty.nettle.types.aes" +require "resty.nettle.types.camellia" -local ffi = require "ffi" +local ffi = require "ffi" local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof -ffi_cdef[[ -typedef struct gcm_key { - union nettle_block16 h[256]; -} NETTLE_GCM_KEY; -typedef struct gcm_ctx { +ffi_cdef [[ +void +nettle_gcm_set_key(struct gcm_key *key, + const void *cipher, nettle_cipher_func *f); + +void +nettle_gcm_set_iv(struct gcm_ctx *ctx, const struct gcm_key *key, + size_t length, const uint8_t *iv); + +void +nettle_gcm_update(struct gcm_ctx *ctx, const struct gcm_key *key, + size_t length, const uint8_t *data); + +void +nettle_gcm_encrypt(struct gcm_ctx *ctx, const struct gcm_key *key, + const void *cipher, nettle_cipher_func *f, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_gcm_decrypt(struct gcm_ctx *ctx, const struct gcm_key *key, + const void *cipher, nettle_cipher_func *f, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_gcm_digest(struct gcm_ctx *ctx, const struct gcm_key *key, + const void *cipher, nettle_cipher_func *f, + size_t length, uint8_t *digest); + +void +nettle_gcm_aes128_set_key(struct gcm_aes128_ctx *ctx, const uint8_t *key); + +void +nettle_gcm_aes128_update(struct gcm_aes128_ctx *ctx, + size_t length, const uint8_t *data); +void +nettle_gcm_aes128_set_iv(struct gcm_aes128_ctx *ctx, + size_t length, const uint8_t *iv); + +void +nettle_gcm_aes128_encrypt(struct gcm_aes128_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_gcm_aes128_decrypt(struct gcm_aes128_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_gcm_aes128_digest(struct gcm_aes128_ctx *ctx, + size_t length, uint8_t *digest); + +void +nettle_gcm_aes192_set_key(struct gcm_aes192_ctx *ctx, const uint8_t *key); + +void +nettle_gcm_aes192_update(struct gcm_aes192_ctx *ctx, + size_t length, const uint8_t *data); + +void +nettle_gcm_aes192_set_iv(struct gcm_aes192_ctx *ctx, + size_t length, const uint8_t *iv); + +void +nettle_gcm_aes192_encrypt(struct gcm_aes192_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_gcm_aes192_decrypt(struct gcm_aes192_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_gcm_aes192_digest(struct gcm_aes192_ctx *ctx, + size_t length, uint8_t *digest); + +void +nettle_gcm_aes256_set_key(struct gcm_aes256_ctx *ctx, const uint8_t *key); + +void +nettle_gcm_aes256_update(struct gcm_aes256_ctx *ctx, + size_t length, const uint8_t *data); + +void +nettle_gcm_aes256_set_iv(struct gcm_aes256_ctx *ctx, + size_t length, const uint8_t *iv); + +void +nettle_gcm_aes256_encrypt(struct gcm_aes256_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_gcm_aes256_decrypt(struct gcm_aes256_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_gcm_aes256_digest(struct gcm_aes256_ctx *ctx, + size_t length, uint8_t *digest); + +void +nettle_gcm_camellia128_set_key(struct gcm_camellia128_ctx *ctx, + const uint8_t *key); + +void +nettle_gcm_camellia128_set_iv(struct gcm_camellia128_ctx *ctx, + size_t length, const uint8_t *iv); + +void +nettle_gcm_camellia128_update(struct gcm_camellia128_ctx *ctx, + size_t length, const uint8_t *data); + +void +nettle_gcm_camellia128_encrypt(struct gcm_camellia128_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_gcm_camellia128_decrypt(struct gcm_camellia128_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_gcm_camellia128_digest(struct gcm_camellia128_ctx *ctx, + size_t length, uint8_t *digest); + +void +nettle_gcm_camellia256_set_key(struct gcm_camellia256_ctx *ctx, + const uint8_t *key); + +void +nettle_gcm_camellia256_set_iv(struct gcm_camellia256_ctx *ctx, + size_t length, const uint8_t *iv); + +void +nettle_gcm_camellia256_update(struct gcm_camellia256_ctx *ctx, + size_t length, const uint8_t *data); + +void +nettle_gcm_camellia256_encrypt(struct gcm_camellia256_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_gcm_camellia256_decrypt(struct gcm_camellia256_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); + +void +nettle_gcm_camellia256_digest(struct gcm_camellia256_ctx *ctx, + size_t length, uint8_t *digest); +]] + +return { + key = ffi_typeof [[ +struct gcm_key { + union nettle_block16 h[1 << 8]; +}]], + gcm = ffi_typeof [[ +struct gcm_ctx { union nettle_block16 iv; union nettle_block16 ctr; union nettle_block16 x; uint64_t auth_size; uint64_t data_size; -} NETTLE_GCM_CTX; -void nettle_gcm_set_key(struct gcm_key *key, const void *cipher, nettle_cipher_func *f); -void nettle_gcm_set_iv(struct gcm_ctx *ctx, const struct gcm_key *key, size_t length, const uint8_t *iv); -void nettle_gcm_update(struct gcm_ctx *ctx, const struct gcm_key *key, size_t length, const uint8_t *data); -void nettle_gcm_encrypt(struct gcm_ctx *ctx, const struct gcm_key *key, const void *cipher, nettle_cipher_func *f, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_gcm_decrypt(struct gcm_ctx *ctx, const struct gcm_key *key, const void *cipher, nettle_cipher_func *f, size_t length, uint8_t *dst, const uint8_t *src); -void nettle_gcm_digest(struct gcm_ctx *ctx, const struct gcm_key *key, const void *cipher, nettle_cipher_func *f, size_t length, uint8_t *digest); -]] +}]], + gcm_aes128 = ffi_typeof [[ +struct gcm_aes128_ctx { + struct gcm_key key; + struct gcm_ctx gcm; + struct aes128_ctx cipher; +}]], + gcm_aes192 = ffi_typeof [[ +struct gcm_aes192_ctx { + struct gcm_key key; + struct gcm_ctx gcm; + struct aes192_ctx cipher; +}]], + gcm_aes256 = ffi_typeof [[ +struct gcm_aes256_ctx { + struct gcm_key key; + struct gcm_ctx gcm; + struct aes256_ctx cipher; +}]], + gcm_camellia128 = ffi_typeof [[ +struct gcm_camellia128_ctx { + struct gcm_key key; + struct gcm_ctx gcm; + struct camellia128_ctx cipher; +}]], + gcm_camellia256 = ffi_typeof [[ +struct gcm_camellia256_ctx { + struct gcm_key key; + struct gcm_ctx gcm; + struct camellia256_ctx cipher; +}]], +} diff --git a/lib/resty/nettle/types/gosthash94.lua b/lib/resty/nettle/types/gosthash94.lua new file mode 100644 index 0000000..b6b7944 --- /dev/null +++ b/lib/resty/nettle/types/gosthash94.lua @@ -0,0 +1,23 @@ +local ffi = require "ffi" +local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof + +ffi_cdef [[ +void +nettle_gosthash94_init(struct gosthash94_ctx *ctx); + +void +nettle_gosthash94_update(struct gosthash94_ctx *ctx, + size_t length, const uint8_t *msg); +void +nettle_gosthash94_digest(struct gosthash94_ctx *ctx, + size_t length, uint8_t *result); +]] + +return ffi_typeof [[ +struct gosthash94_ctx { + uint32_t hash[8]; + uint32_t sum[8]; + uint64_t length; + uint8_t message[32]; +}]] diff --git a/lib/resty/nettle/types/hash.lua b/lib/resty/nettle/types/hash.lua deleted file mode 100644 index 0a96c30..0000000 --- a/lib/resty/nettle/types/hash.lua +++ /dev/null @@ -1,18 +0,0 @@ -local ffi = require "ffi" -local ffi_cdef = ffi.cdef - -ffi_cdef[[ -typedef void nettle_hash_init_func(void *ctx); -typedef void nettle_hash_update_func(void *ctx, size_t length, const uint8_t *src); -typedef void nettle_hash_digest_func(void *ctx, size_t length, uint8_t *dst); -struct nettle_hash { - const char *name; - unsigned context_size; - unsigned digest_size; - unsigned block_size; - nettle_hash_init_func *init; - nettle_hash_update_func *update; - nettle_hash_digest_func *digest; -}; -extern const struct nettle_hash * const nettle_hashes[]; -]] \ No newline at end of file diff --git a/lib/resty/nettle/types/hmac.lua b/lib/resty/nettle/types/hmac.lua new file mode 100644 index 0000000..f6e723f --- /dev/null +++ b/lib/resty/nettle/types/hmac.lua @@ -0,0 +1,141 @@ +require "resty.nettle.types.md5" +require "resty.nettle.types.ripemd160" +require "resty.nettle.types.sha1" +require "resty.nettle.types.sha2" + +local ffi = require "ffi" +local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof + +ffi_cdef [[ +void +nettle_hmac_set_key(void *outer, void *inner, void *state, + const struct nettle_hash *hash, + size_t length, const uint8_t *key); + +void +nettle_hmac_update(void *state, + const struct nettle_hash *hash, + size_t length, const uint8_t *data); + +void +nettle_hmac_digest(const void *outer, const void *inner, void *state, + const struct nettle_hash *hash, + size_t length, uint8_t *digest); + +void +nettle_hmac_md5_set_key(struct hmac_md5_ctx *ctx, + size_t key_length, const uint8_t *key); + +void +nettle_hmac_md5_update(struct hmac_md5_ctx *ctx, + size_t length, const uint8_t *data); + +void +nettle_hmac_md5_digest(struct hmac_md5_ctx *ctx, + size_t length, uint8_t *digest); + +void +nettle_hmac_ripemd160_set_key(struct hmac_ripemd160_ctx *ctx, + size_t key_length, const uint8_t *key); + +void +nettle_hmac_ripemd160_update(struct hmac_ripemd160_ctx *ctx, + size_t length, const uint8_t *data); + +void +nettle_hmac_ripemd160_digest(struct hmac_ripemd160_ctx *ctx, + size_t length, uint8_t *digest); + +void +nettle_hmac_sha1_set_key(struct hmac_sha1_ctx *ctx, + size_t key_length, const uint8_t *key); + +void +nettle_hmac_sha1_update(struct hmac_sha1_ctx *ctx, + size_t length, const uint8_t *data); + +void +nettle_hmac_sha1_digest(struct hmac_sha1_ctx *ctx, + size_t length, uint8_t *digest); + +void +nettle_hmac_sha256_set_key(struct hmac_sha256_ctx *ctx, + size_t key_length, const uint8_t *key); + +void +nettle_hmac_sha256_update(struct hmac_sha256_ctx *ctx, + size_t length, const uint8_t *data); + +void +nettle_hmac_sha256_digest(struct hmac_sha256_ctx *ctx, + size_t length, uint8_t *digest); + +void +nettle_hmac_sha224_set_key(struct hmac_sha256_ctx *ctx, + size_t key_length, const uint8_t *key); + +void +nettle_hmac_sha224_digest(struct hmac_sha256_ctx *ctx, + size_t length, uint8_t *digest); + +void +nettle_hmac_sha512_set_key(struct hmac_sha512_ctx *ctx, + size_t key_length, const uint8_t *key); + +void +nettle_hmac_sha512_update(struct hmac_sha512_ctx *ctx, + size_t length, const uint8_t *data); + +void +nettle_hmac_sha512_digest(struct hmac_sha512_ctx *ctx, + size_t length, uint8_t *digest); + +void +nettle_hmac_sha384_set_key(struct hmac_sha512_ctx *ctx, + size_t key_length, const uint8_t *key); + +void +nettle_hmac_sha384_digest(struct hmac_sha512_ctx *ctx, + size_t length, uint8_t *digest); +]] + + +local sha256 = ffi_typeof [[ +struct hmac_sha256_ctx { + struct sha256_ctx outer; + struct sha256_ctx inner; + struct sha256_ctx state; +}]] + +local sha512 = ffi_typeof [[ +struct hmac_sha512_ctx { + struct sha512_ctx outer; + struct sha512_ctx inner; + struct sha512_ctx state; +}]] + +return { + md5 = ffi_typeof [[ +struct hmac_md5_ctx { + struct md5_ctx outer; + struct md5_ctx inner; + struct md5_ctx state; +}]], + ripemd160 = ffi_typeof [[ +struct hmac_ripemd160_ctx { + struct ripemd160_ctx outer; + struct ripemd160_ctx inner; + struct ripemd160_ctx state; +}]], + sha1 = ffi_typeof [[ +struct hmac_sha1_ctx { + struct sha1_ctx outer; + struct sha1_ctx inner; + struct sha1_ctx state; +}]], + sha224 = sha256, + sha256 = sha256, + sha384 = sha512, + sha512 = sha512, +} diff --git a/lib/resty/nettle/types/knuth-lfib.lua b/lib/resty/nettle/types/knuth-lfib.lua new file mode 100644 index 0000000..d1e535e --- /dev/null +++ b/lib/resty/nettle/types/knuth-lfib.lua @@ -0,0 +1,25 @@ +local ffi = require "ffi" +local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof + +ffi_cdef [[ +void +nettle_knuth_lfib_init(struct knuth_lfib_ctx *ctx, uint32_t seed); + +uint32_t +nettle_knuth_lfib_get(struct knuth_lfib_ctx *ctx); + +void +nettle_knuth_lfib_get_array(struct knuth_lfib_ctx *ctx, + size_t n, uint32_t *a); + +void +nettle_knuth_lfib_random(struct knuth_lfib_ctx *ctx, + size_t n, uint8_t *dst); +]] + +return ffi_typeof [[ +struct knuth_lfib_ctx { + uint32_t x[100]; + unsigned index; +}]] diff --git a/lib/resty/nettle/types/md2.lua b/lib/resty/nettle/types/md2.lua new file mode 100644 index 0000000..f93902e --- /dev/null +++ b/lib/resty/nettle/types/md2.lua @@ -0,0 +1,26 @@ +local ffi = require "ffi" +local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof + +ffi_cdef [[ +void +nettle_md2_init(struct md2_ctx *ctx); + +void +nettle_md2_update(struct md2_ctx *ctx, + size_t length, + const uint8_t *data); + +void +nettle_md2_digest(struct md2_ctx *ctx, + size_t length, + uint8_t *digest); +]] + +return ffi_typeof [[ +struct md2_ctx { + uint8_t C[16]; + uint8_t X[3 * 16]; + unsigned index; + uint8_t block[16]; +}]] diff --git a/lib/resty/nettle/types/md4.lua b/lib/resty/nettle/types/md4.lua new file mode 100644 index 0000000..be37ef1 --- /dev/null +++ b/lib/resty/nettle/types/md4.lua @@ -0,0 +1,26 @@ +local ffi = require "ffi" +local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof + +ffi_cdef [[ +void +nettle_md4_init(struct md4_ctx *ctx); + +void +nettle_md4_update(struct md4_ctx *ctx, + size_t length, + const uint8_t *data); + +void +nettle_md4_digest(struct md4_ctx *ctx, + size_t length, + uint8_t *digest); +]] + +return ffi_typeof [[ +struct md4_ctx { + uint32_t state[4]; + uint64_t count; + unsigned index; + uint8_t block[64]; +}]] diff --git a/lib/resty/nettle/types/md5.lua b/lib/resty/nettle/types/md5.lua index 83a01a5..fbb895b 100644 --- a/lib/resty/nettle/types/md5.lua +++ b/lib/resty/nettle/types/md5.lua @@ -1,11 +1,26 @@ -local ffi = require "ffi" +local ffi = require "ffi" local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof -ffi_cdef[[ -typedef struct md5_ctx { - uint32_t state[4]; +ffi_cdef [[ +void +nettle_md5_init(struct md5_ctx *ctx); + +void +nettle_md5_update(struct md5_ctx *ctx, + size_t length, + const uint8_t *data); + +void +nettle_md5_digest(struct md5_ctx *ctx, + size_t length, + uint8_t *digest); +]] + +return ffi_typeof [[ +struct md5_ctx { + uint32_t state[16]; uint64_t count; - uint8_t block[64]; unsigned index; -} NETTLE_MD5_CTX; -]] + uint8_t block[64]; +}]] diff --git a/lib/resty/nettle/types/mpz.lua b/lib/resty/nettle/types/mpz.lua index b2e50e5..c4442b5 100644 --- a/lib/resty/nettle/types/mpz.lua +++ b/lib/resty/nettle/types/mpz.lua @@ -1,14 +1,30 @@ -local ffi = require "ffi" +local ffi = require "ffi" local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof -ffi_cdef[[ -typedef unsigned long mp_limb_t; +ffi_cdef [[ +typedef unsigned long int mp_limb_t; typedef struct { int _mp_alloc; int _mp_size; mp_limb_t *_mp_d; } __mpz_struct; +typedef __mpz_struct *mpz_ptr; typedef const __mpz_struct *mpz_srcptr; typedef __mpz_struct mpz_t[1]; -typedef __mpz_struct *mpz_ptr; + +void __gmpz_clear (mpz_ptr); +void __gmpz_init (mpz_ptr); +void __gmpz_init_set_ui (mpz_ptr, unsigned long int); +void __gmpz_set_ui (mpz_ptr, unsigned long int); +void __gmpz_fdiv_r (mpz_ptr, mpz_srcptr, mpz_srcptr); +void __gmpz_sub_ui (mpz_ptr, mpz_srcptr, unsigned long int); +int __gmpz_invert (mpz_ptr, mpz_srcptr, mpz_srcptr); + +void nettle_mpz_set_str_256_u(mpz_t x, size_t length, const uint8_t *s); +void nettle_mpz_init_set_str_256_u(mpz_t x, size_t length, const uint8_t *s); +void nettle_mpz_get_str_256(size_t length, uint8_t *s, const mpz_t x); +size_t nettle_mpz_sizeinbase_256_u(const mpz_t x); ]] + +return ffi_typeof "mpz_t" diff --git a/lib/resty/nettle/types/nettle-types.lua b/lib/resty/nettle/types/nettle-types.lua new file mode 100644 index 0000000..e81b298 --- /dev/null +++ b/lib/resty/nettle/types/nettle-types.lua @@ -0,0 +1,35 @@ +local ffi = require "ffi" +local ffi_cdef = ffi.cdef + +ffi_cdef [[ +union nettle_block16 { + uint8_t b[16]; + unsigned long w[16 / sizeof(unsigned long)]; + uint64_t u64[2]; +}; + +typedef void nettle_random_func(void *ctx, + size_t length, uint8_t *dst); + +typedef void nettle_progress_func(void *ctx, int c); + +typedef void *nettle_realloc_func(void *ctx, void *p, size_t length); + +typedef void nettle_set_key_func(void *ctx, const uint8_t *key); + +typedef void nettle_cipher_func(const void *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); + +typedef void nettle_crypt_func(void *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); + +typedef void nettle_hash_init_func(void *ctx); +typedef void nettle_hash_update_func(void *ctx, + size_t length, + const uint8_t *src); + +typedef void nettle_hash_digest_func(void *ctx, + size_t length, uint8_t *dst); +]] diff --git a/lib/resty/nettle/types/pbkdf2.lua b/lib/resty/nettle/types/pbkdf2.lua new file mode 100644 index 0000000..03752b7 --- /dev/null +++ b/lib/resty/nettle/types/pbkdf2.lua @@ -0,0 +1,16 @@ +local ffi = require "ffi" +local ffi_cdef = ffi.cdef + +ffi_cdef [[ +void +nettle_pbkdf2_hmac_sha1(size_t key_length, const uint8_t *key, + unsigned iterations, + size_t salt_length, const uint8_t *salt, + size_t length, uint8_t *dst); + +void +nettle_pbkdf2_hmac_sha256(size_t key_length, const uint8_t *key, + unsigned iterations, + size_t salt_length, const uint8_t *salt, + size_t length, uint8_t *dst); +]] diff --git a/lib/resty/nettle/types/poly1305.lua b/lib/resty/nettle/types/poly1305.lua index 4819584..901c877 100644 --- a/lib/resty/nettle/types/poly1305.lua +++ b/lib/resty/nettle/types/poly1305.lua @@ -1,10 +1,31 @@ require "resty.nettle.types.aes" -local ffi = require "ffi" +local ffi = require "ffi" local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof -ffi_cdef[[ -typedef struct poly1305_ctx { +ffi_cdef [[ +void nettle_poly1305_set_key(struct poly1305_ctx *ctx, const uint8_t key[16]); +void nettle_poly1305_digest(struct poly1305_ctx *ctx, union nettle_block16 *s); + +void +nettle_poly1305_aes_set_key(struct poly1305_aes_ctx *ctx, const uint8_t *key); + +void +nettle_poly1305_aes_set_nonce(struct poly1305_aes_ctx *ctx, + const uint8_t *nonce); + +void +nettle_poly1305_aes_update(struct poly1305_aes_ctx *ctx, size_t length, const uint8_t *data); + +void +nettle_poly1305_aes_digest(struct poly1305_aes_ctx *ctx, + size_t length, uint8_t *digest); +]] + +return { + poly1395 = ffi_typeof [[ +struct poly1305_ctx { union { uint32_t r32[6]; uint64_t r64[3]; @@ -15,12 +36,13 @@ typedef struct poly1305_ctx { uint32_t h32[4]; uint64_t h64[2]; } h; -} NETTLE_POLY1305_CTX; -typedef struct poly1305_aes_ctx { +}]], + poly1395_aes = ffi_typeof [[ +struct poly1305_aes_ctx { struct poly1305_ctx pctx; uint8_t block[16]; unsigned index; uint8_t nonce[16]; struct aes128_ctx aes; -} NETTLE_POLY1305_AES_CTX; -]] +}]] +} diff --git a/lib/resty/nettle/types/ripemd160.lua b/lib/resty/nettle/types/ripemd160.lua index f96535a..e6bd174 100644 --- a/lib/resty/nettle/types/ripemd160.lua +++ b/lib/resty/nettle/types/ripemd160.lua @@ -1,11 +1,26 @@ -local ffi = require "ffi" +local ffi = require "ffi" local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof -ffi_cdef[[ -typedef struct ripemd160_ctx { +ffi_cdef [[ +void +nettle_ripemd160_init(struct ripemd160_ctx *ctx); + +void +nettle_ripemd160_update(struct ripemd160_ctx *ctx, + size_t length, + const uint8_t *data); + +void +nettle_ripemd160_digest(struct ripemd160_ctx *ctx, + size_t length, + uint8_t *digest); +]] + +return ffi_typeof [[ +struct ripemd160_ctx { uint32_t state[5]; uint64_t count; - uint8_t block[64]; unsigned int index; -} NETTLE_RIPEMD160_CTX; -]] + uint8_t block[64]; +}]] diff --git a/lib/resty/nettle/types/rsa.lua b/lib/resty/nettle/types/rsa.lua index 4f59384..997fa60 100644 --- a/lib/resty/nettle/types/rsa.lua +++ b/lib/resty/nettle/types/rsa.lua @@ -1,21 +1,321 @@ require "resty.nettle.types.mpz" -local ffi = require "ffi" +local ffi = require "ffi" local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof -ffi_cdef[[ -typedef struct rsa_public_key { +ffi_cdef [[ +void +nettle_rsa_public_key_init(struct rsa_public_key *key); + +void +nettle_rsa_public_key_clear(struct rsa_public_key *key); + +int +nettle_rsa_public_key_prepare(struct rsa_public_key *key); + +void +nettle_rsa_private_key_init(struct rsa_private_key *key); + +void +nettle_rsa_private_key_clear(struct rsa_private_key *key); + +int +nettle_rsa_private_key_prepare(struct rsa_private_key *key); + + +int +nettle_rsa_pkcs1_sign(const struct rsa_private_key *key, + size_t length, const uint8_t *digest_info, + mpz_t s); + +int +nettle_rsa_pkcs1_sign_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + size_t length, const uint8_t *digest_info, + mpz_t s); + +int +nettle_rsa_pkcs1_verify(const struct rsa_public_key *key, + size_t length, const uint8_t *digest_info, + const mpz_t signature); + +int +nettle_rsa_md5_sign(const struct rsa_private_key *key, + struct md5_ctx *hash, + mpz_t signature); + +int +nettle_rsa_md5_sign_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + struct md5_ctx *hash, mpz_t s); + +int +nettle_rsa_md5_verify(const struct rsa_public_key *key, + struct md5_ctx *hash, + const mpz_t signature); + +int +nettle_rsa_sha1_sign(const struct rsa_private_key *key, + struct sha1_ctx *hash, + mpz_t signature); + +int +nettle_rsa_sha1_sign_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + struct sha1_ctx *hash, + mpz_t s); + +int +nettle_rsa_sha1_verify(const struct rsa_public_key *key, + struct sha1_ctx *hash, + const mpz_t signature); + +int +nettle_rsa_sha256_sign(const struct rsa_private_key *key, + struct sha256_ctx *hash, + mpz_t signature); + +int +nettle_rsa_sha256_sign_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + struct sha256_ctx *hash, + mpz_t s); + +int +nettle_rsa_sha256_verify(const struct rsa_public_key *key, + struct sha256_ctx *hash, + const mpz_t signature); + +int +nettle_rsa_sha512_sign(const struct rsa_private_key *key, + struct sha512_ctx *hash, + mpz_t signature); + +int +nettle_rsa_sha512_sign_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + struct sha512_ctx *hash, + mpz_t s); + +int +nettle_rsa_sha512_verify(const struct rsa_public_key *key, + struct sha512_ctx *hash, + const mpz_t signature); + +int +nettle_rsa_md5_sign_digest(const struct rsa_private_key *key, + const uint8_t *digest, + mpz_t s); + +int +nettle_rsa_md5_sign_digest_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + const uint8_t *digest, mpz_t s); + +int +nettle_rsa_md5_verify_digest(const struct rsa_public_key *key, + const uint8_t *digest, + const mpz_t signature); + +int +nettle_rsa_sha1_sign_digest(const struct rsa_private_key *key, + const uint8_t *digest, + mpz_t s); + +int +nettle_rsa_sha1_sign_digest_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + const uint8_t *digest, + mpz_t s); + +int +nettle_rsa_sha1_verify_digest(const struct rsa_public_key *key, + const uint8_t *digest, + const mpz_t signature); + +int +nettle_rsa_sha256_sign_digest(const struct rsa_private_key *key, + const uint8_t *digest, + mpz_t s); + +int +nettle_rsa_sha256_sign_digest_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + const uint8_t *digest, + mpz_t s); + +int +nettle_rsa_sha256_verify_digest(const struct rsa_public_key *key, + const uint8_t *digest, + const mpz_t signature); + +int +nettle_rsa_sha512_sign_digest(const struct rsa_private_key *key, + const uint8_t *digest, + mpz_t s); + +int +nettle_rsa_sha512_sign_digest_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + const uint8_t *digest, + mpz_t s); + +int +nettle_rsa_sha512_verify_digest(const struct rsa_public_key *key, + const uint8_t *digest, + const mpz_t signature); + +int +nettle_rsa_pss_sha256_sign_digest_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + size_t salt_length, const uint8_t *salt, + const uint8_t *digest, + mpz_t s); + +int +nettle_rsa_pss_sha256_verify_digest(const struct rsa_public_key *key, + size_t salt_length, + const uint8_t *digest, + const mpz_t signature); + +int +nettle_rsa_pss_sha384_sign_digest_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + size_t salt_length, const uint8_t *salt, + const uint8_t *digest, + mpz_t s); + +int +nettle_rsa_pss_sha384_verify_digest(const struct rsa_public_key *key, + size_t salt_length, + const uint8_t *digest, + const mpz_t signature); + +int +nettle_rsa_pss_sha512_sign_digest_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + size_t salt_length, const uint8_t *salt, + const uint8_t *digest, + mpz_t s); + +int +nettle_rsa_pss_sha512_verify_digest(const struct rsa_public_key *key, + size_t salt_length, + const uint8_t *digest, + const mpz_t signature); + +int +nettle_rsa_encrypt(const struct rsa_public_key *key, + void *random_ctx, nettle_random_func *random, + size_t length, const uint8_t *cleartext, + mpz_t cipher); + +int +nettle_rsa_decrypt(const struct rsa_private_key *key, + size_t *length, uint8_t *cleartext, + const mpz_t ciphertext); + +int +nettle_rsa_decrypt_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + size_t *length, uint8_t *message, + const mpz_t gibberish); + +int +nettle_rsa_sec_decrypt(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + size_t length, uint8_t *message, + const mpz_t gibberish); + +void +nettle_rsa_compute_root(const struct rsa_private_key *key, + mpz_t x, const mpz_t m); + +int +nettle_rsa_compute_root_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + mpz_t x, const mpz_t m); + +int +nettle_rsa_generate_keypair(struct rsa_public_key *pub, + struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + void *progress_ctx, nettle_progress_func *progress, + unsigned n_size, + unsigned e_size); + +int +nettle_rsa_keypair_to_sexp(struct nettle_buffer *buffer, + const char *algorithm_name, + const struct rsa_public_key *pub, + const struct rsa_private_key *priv); + +int +nettle_rsa_keypair_from_sexp_alist(struct rsa_public_key *pub, + struct rsa_private_key *priv, + unsigned limit, + struct sexp_iterator *i); + +int +nettle_rsa_keypair_from_sexp(struct rsa_public_key *pub, + struct rsa_private_key *priv, + unsigned limit, + size_t length, const uint8_t *expr); + +int +nettle_rsa_public_key_from_der_iterator(struct rsa_public_key *pub, + unsigned limit, + struct asn1_der_iterator *i); + +int +nettle_rsa_private_key_from_der_iterator(struct rsa_public_key *pub, + struct rsa_private_key *priv, + unsigned limit, + struct asn1_der_iterator *i); + +int +nettle_rsa_keypair_from_der(struct rsa_public_key *pub, + struct rsa_private_key *priv, + unsigned limit, + size_t length, const uint8_t *data); + +int +nettle_rsa_keypair_to_openpgp(struct nettle_buffer *buffer, + const struct rsa_public_key *pub, + const struct rsa_private_key *priv, + const char *userid); +]] + +return { + public = ffi_typeof [[ +struct rsa_public_key{ size_t size; mpz_t n; mpz_t e; -} NETTLE_RSA_PUBLIC_KEY; -typedef struct rsa_private_key { +}]], + private = ffi_typeof [[ +struct rsa_private_key { size_t size; mpz_t d; - mpz_t p; - mpz_t q; + mpz_t p; mpz_t q; mpz_t a; mpz_t b; mpz_t c; -} NETTLE_RSA_PRIVATE_KEY; -]] +}]] +} diff --git a/lib/resty/nettle/types/salsa20.lua b/lib/resty/nettle/types/salsa20.lua new file mode 100644 index 0000000..89ba684 --- /dev/null +++ b/lib/resty/nettle/types/salsa20.lua @@ -0,0 +1,33 @@ +local ffi = require "ffi" +local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof + +ffi_cdef [[ +void +nettle_salsa20_128_set_key(struct salsa20_ctx *ctx, const uint8_t *key); + +void +nettle_salsa20_256_set_key(struct salsa20_ctx *ctx, const uint8_t *key); + +void +nettle_salsa20_set_key(struct salsa20_ctx *ctx, + size_t length, const uint8_t *key); + +void +nettle_salsa20_set_nonce(struct salsa20_ctx *ctx, const uint8_t *nonce); + +void +nettle_salsa20_crypt(struct salsa20_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); + +void +nettle_salsa20r12_crypt(struct salsa20_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); +]] + +return ffi_typeof [[ +struct salsa20_ctx { + uint32_t input[16]; +}]] diff --git a/lib/resty/nettle/types/serpent.lua b/lib/resty/nettle/types/serpent.lua new file mode 100644 index 0000000..811dd3e --- /dev/null +++ b/lib/resty/nettle/types/serpent.lua @@ -0,0 +1,33 @@ +local ffi = require "ffi" +local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof + +ffi_cdef [[ +void +nettle_serpent_set_key(struct serpent_ctx *ctx, + size_t length, const uint8_t *key); + +void +nettle_serpent128_set_key(struct serpent_ctx *ctx, const uint8_t *key); + +void +nettle_serpent192_set_key(struct serpent_ctx *ctx, const uint8_t *key); + +void +nettle_serpent256_set_key(struct serpent_ctx *ctx, const uint8_t *key); + +void +nettle_serpent_encrypt(const struct serpent_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); + +void +nettle_serpent_decrypt(const struct serpent_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); +]] + +return ffi_typeof [[ +struct serpent_ctx { + uint32_t keys[33][4]; +}]] diff --git a/lib/resty/nettle/types/sha1.lua b/lib/resty/nettle/types/sha1.lua index 13e7e6f..6edaa82 100644 --- a/lib/resty/nettle/types/sha1.lua +++ b/lib/resty/nettle/types/sha1.lua @@ -1,11 +1,26 @@ -local ffi = require "ffi" +local ffi = require "ffi" local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof -ffi_cdef[[ -typedef struct sha1_ctx { +ffi_cdef [[ +void +nettle_sha1_init(struct sha1_ctx *ctx); + +void +nettle_sha1_update(struct sha1_ctx *ctx, + size_t length, + const uint8_t *data); + +void +nettle_sha1_digest(struct sha1_ctx *ctx, + size_t length, + uint8_t *digest); +]] + +return ffi_typeof [[ +struct sha1_ctx { uint32_t state[5]; uint64_t count; - uint8_t block[64]; unsigned int index; -} NETTLE_SHA1_CTX; -]] + uint8_t block[64]; +}]] diff --git a/lib/resty/nettle/types/sha2.lua b/lib/resty/nettle/types/sha2.lua index e2e46be..2be142f 100644 --- a/lib/resty/nettle/types/sha2.lua +++ b/lib/resty/nettle/types/sha2.lua @@ -1,17 +1,81 @@ -local ffi = require "ffi" +local ffi = require "ffi" local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof -ffi_cdef[[ -typedef struct sha256_ctx { +ffi_cdef [[ +void +nettle_sha256_init(struct sha256_ctx *ctx); + +void +nettle_sha256_update(struct sha256_ctx *ctx, + size_t length, + const uint8_t *data); + +void +nettle_sha256_digest(struct sha256_ctx *ctx, + size_t length, + uint8_t *digest); + +void +nettle_sha224_init(struct sha256_ctx *ctx); + +void +nettle_sha224_digest(struct sha256_ctx *ctx, + size_t length, + uint8_t *digest); + +void +nettle_sha512_init(struct sha512_ctx *ctx); + +void +nettle_sha512_update(struct sha512_ctx *ctx, + size_t length, + const uint8_t *data); + +void +nettle_sha512_digest(struct sha512_ctx *ctx, + size_t length, + uint8_t *digest); + +void +nettle_sha384_init(struct sha512_ctx *ctx); + +void +nettle_sha384_digest(struct sha512_ctx *ctx, + size_t length, + uint8_t *digest); + +void +nettle_sha512_224_init(struct sha512_ctx *ctx); + +void +nettle_sha512_224_digest(struct sha512_ctx *ctx, + size_t length, + uint8_t *digest); + +void +nettle_sha512_256_init(struct sha512_ctx *ctx); + +void +nettle_sha512_256_digest(struct sha512_ctx *ctx, + size_t length, + uint8_t *digest); +]] + + +return { + sha256 = ffi_typeof [[ +struct sha256_ctx { uint32_t state[8]; uint64_t count; - uint8_t block[64]; unsigned int index; -} NETTLE_SHA256_CTX; -typedef struct sha512_ctx { + uint8_t block[64]; +}]], + sha512 = ffi_typeof [[ +struct sha512_ctx { uint64_t state[8]; uint64_t count_low, count_high; - uint8_t block[128]; unsigned int index; -} NETTLE_SHA512_CTX; -]] + uint8_t block[128]; +}]], +} diff --git a/lib/resty/nettle/types/sha3.lua b/lib/resty/nettle/types/sha3.lua new file mode 100644 index 0000000..cc2b5f7 --- /dev/null +++ b/lib/resty/nettle/types/sha3.lua @@ -0,0 +1,90 @@ +local ffi = require "ffi" +local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof + + +ffi_cdef [[ +struct sha3_state { + uint64_t a[25]; +}; + +void +nettle_sha3_224_init(struct sha3_224_ctx *ctx); + +void +nettle_sha3_224_update(struct sha3_224_ctx *ctx, + size_t length, + const uint8_t *data); + +void +nettle_sha3_224_digest(struct sha3_224_ctx *ctx, + size_t length, + uint8_t *digest); + +void +nettle_sha3_256_init(struct sha3_256_ctx *ctx); + +void +nettle_sha3_256_update(struct sha3_256_ctx *ctx, + size_t length, + const uint8_t *data); + +void +nettle_sha3_256_digest(struct sha3_256_ctx *ctx, + size_t length, + uint8_t *digest); + +void +nettle_sha3_384_init (struct sha3_384_ctx *ctx); + +void +nettle_sha3_384_update(struct sha3_384_ctx *ctx, + size_t length, + const uint8_t *data); + +void +nettle_sha3_384_digest(struct sha3_384_ctx *ctx, + size_t length, + uint8_t *digest); + +void +nettle_sha3_512_init(struct sha3_512_ctx *ctx); + +void +nettle_sha3_512_update(struct sha3_512_ctx *ctx, + size_t length, + const uint8_t *data); + +void +nettle_sha3_512_digest(struct sha3_512_ctx *ctx, + size_t length, + uint8_t *digest); +]] + + +return { + sha3_224 = ffi_typeof [[ +struct sha3_224_ctx { + struct sha3_state state; + unsigned index; + uint8_t block[144]; +}]], + sha3_256 = ffi_typeof [[ +struct sha3_256_ctx { + struct sha3_state state; + unsigned index; + uint8_t block[136]; +}]], + sha3_384 = ffi_typeof [[ +struct sha3_384_ctx { + struct sha3_state state; + unsigned index; + uint8_t block[104]; +}]], + sha3_512 = ffi_typeof [[ +struct sha3_512_ctx { + struct sha3_state state; + unsigned index; + uint8_t block[72]; +}]], +} diff --git a/lib/resty/nettle/types/twofish.lua b/lib/resty/nettle/types/twofish.lua new file mode 100644 index 0000000..3594ba7 --- /dev/null +++ b/lib/resty/nettle/types/twofish.lua @@ -0,0 +1,34 @@ +local ffi = require "ffi" +local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof + +ffi_cdef [[ +void +nettle_twofish_set_key(struct twofish_ctx *ctx, + size_t length, const uint8_t *key); + +void +nettle_twofish128_set_key(struct twofish_ctx *context, const uint8_t *key); + +void +nettle_twofish192_set_key(struct twofish_ctx *context, const uint8_t *key); + +void +nettle_twofish256_set_key(struct twofish_ctx *context, const uint8_t *key); + +void +nettle_twofish_encrypt(const struct twofish_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); + +void +nettle_twofish_decrypt(const struct twofish_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); +]] + +return ffi_typeof [[ +struct twofish_ctx { + uint32_t keys[40]; + uint32_t s_box[4][256]; +}]] diff --git a/lib/resty/nettle/types/umac.lua b/lib/resty/nettle/types/umac.lua new file mode 100644 index 0000000..b782f5f --- /dev/null +++ b/lib/resty/nettle/types/umac.lua @@ -0,0 +1,133 @@ +require "resty.nettle.types.aes" + +local ffi = require "ffi" +local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof + +ffi_cdef [[ +void +nettle_umac32_set_key(struct umac32_ctx *ctx, const uint8_t *key); + +void +nettle_umac64_set_key(struct umac64_ctx *ctx, const uint8_t *key); + +void +nettle_umac96_set_key(struct umac96_ctx *ctx, const uint8_t *key); + +void +nettle_umac128_set_key(struct umac128_ctx *ctx, const uint8_t *key); + + +void +nettle_umac32_set_nonce(struct umac32_ctx *ctx, + size_t nonce_length, const uint8_t *nonce); + +void +nettle_umac64_set_nonce(struct umac64_ctx *ctx, + size_t nonce_length, const uint8_t *nonce); + +void +nettle_umac96_set_nonce(struct umac96_ctx *ctx, + size_t nonce_length, const uint8_t *nonce); + +void +nettle_umac128_set_nonce(struct umac128_ctx *ctx, + size_t nonce_length, const uint8_t *nonce); + + +void +nettle_umac32_update(struct umac32_ctx *ctx, + size_t length, const uint8_t *data); + +void +nettle_umac64_update(struct umac64_ctx *ctx, + size_t length, const uint8_t *data); + +void +nettle_umac96_update(struct umac96_ctx *ctx, + size_t length, const uint8_t *data); + +void +nettle_umac128_update(struct umac128_ctx *ctx, + size_t length, const uint8_t *data); + + +void +nettle_umac32_digest(struct umac32_ctx *ctx, + size_t length, uint8_t *digest); + +void +nettle_umac64_digest(struct umac64_ctx *ctx, + size_t length, uint8_t *digest); + +void +nettle_umac96_digest(struct umac96_ctx *ctx, + size_t length, uint8_t *digest); + +void +nettle_umac128_digest(struct umac128_ctx *ctx, + size_t length, uint8_t *digest); +]] + +return { + umac32 = ffi_typeof [[ +struct umac32_ctx { + uint32_t l1_key[1024/4 + 4*((1)-1)]; + uint32_t l2_key[6*(1)]; + uint64_t l3_key1[8*(1)]; + uint32_t l3_key2[(1)]; + struct aes128_ctx pdf_key; + uint64_t l2_state[3*(1)]; + uint8_t nonce[16]; + unsigned short nonce_length; + unsigned short nonce_low; + uint32_t pad_cache[16 / 4]; + unsigned index; + uint64_t count; + uint8_t block[1024]; +}]], + umac64 = ffi_typeof [[ +struct umac64_ctx { + uint32_t l1_key[1024/4 + 4*((2)-1)]; + uint32_t l2_key[6*(2)]; + uint64_t l3_key1[8*(2)]; + uint32_t l3_key2[(2)]; + struct aes128_ctx pdf_key; + uint64_t l2_state[3*(2)]; + uint8_t nonce[16]; + unsigned short nonce_length; + unsigned short nonce_low; + uint32_t pad_cache[16/4]; + unsigned index; + uint64_t count; + uint8_t block[1024]; +}]], + umac96 = ffi_typeof [[ +struct umac96_ctx { + uint32_t l1_key[1024/4 + 4*((3)-1)]; + uint32_t l2_key[6*(3)]; + uint64_t l3_key1[8*(3)]; + uint32_t l3_key2[(3)]; + struct aes128_ctx pdf_key; + uint64_t l2_state[3*(3)]; + uint8_t nonce[16]; + unsigned short nonce_length; + unsigned index; + uint64_t count; + uint8_t block[1024]; +}]], + umac128 = ffi_typeof [[ +struct umac128_ctx { + uint32_t l1_key[1024/4 + 4*((4)-1)]; + uint32_t l2_key[6*(4)]; + uint64_t l3_key1[8*(4)]; + uint32_t l3_key2[(4)]; + struct aes128_ctx pdf_key; + uint64_t l2_state[3*(4)]; + uint8_t nonce[16]; + unsigned short nonce_length; + unsigned index; + uint64_t count; + uint8_t block[1024]; +}]], +} diff --git a/lib/resty/nettle/types/version.lua b/lib/resty/nettle/types/version.lua new file mode 100644 index 0000000..eedf798 --- /dev/null +++ b/lib/resty/nettle/types/version.lua @@ -0,0 +1,10 @@ +local ffi = require "ffi" +local ffi_cdef = ffi.cdef + +ffi_cdef [[ +int +nettle_version_major (void); + +int +nettle_version_minor (void); +]] diff --git a/lib/resty/nettle/types/xts.lua b/lib/resty/nettle/types/xts.lua new file mode 100644 index 0000000..5f640d0 --- /dev/null +++ b/lib/resty/nettle/types/xts.lua @@ -0,0 +1,66 @@ +local ffi = require "ffi" +local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof + +ffi_cdef [[ +void +nettle_xts_encrypt_message(const void *enc_ctx, const void *twk_ctx, + nettle_cipher_func *encf, + const uint8_t *tweak, size_t length, + uint8_t *dst, const uint8_t *src); +void +nettle_xts_decrypt_message(const void *dec_ctx, const void *twk_ctx, + nettle_cipher_func *decf, nettle_cipher_func *encf, + const uint8_t *tweak, size_t length, + uint8_t *dst, const uint8_t *src); + +void +nettle_xts_aes128_set_encrypt_key(struct xts_aes128_key *xts_key, + const uint8_t *key); + +void +nettle_xts_aes128_set_decrypt_key(struct xts_aes128_key *xts_key, + const uint8_t *key); + +void +nettle_xts_aes128_encrypt_message(struct xts_aes128_key *xtskey, + const uint8_t *tweak, size_t length, + uint8_t *dst, const uint8_t *src); + +void +nettle_xts_aes128_decrypt_message(struct xts_aes128_key *xts_key, + const uint8_t *tweak, size_t length, + uint8_t *dst, const uint8_t *src); + +void +nettle_xts_aes256_set_encrypt_key(struct xts_aes256_key *xts_key, + const uint8_t *key); + +void +nettle_xts_aes256_set_decrypt_key(struct xts_aes256_key *xts_key, + const uint8_t *key); + +void +nettle_xts_aes256_encrypt_message(struct xts_aes256_key *xts_key, + const uint8_t *tweak, size_t length, + uint8_t *dst, const uint8_t *src); + +void +nettle_xts_aes256_decrypt_message(struct xts_aes256_key *xts_key, + const uint8_t *tweak, size_t length, + uint8_t *dst, const uint8_t *src); +]] + + +return { + aes128_key = ffi_typeof [[ +struct xts_aes128_key { + struct aes128_ctx cipher; + struct aes128_ctx tweak_cipher; +};]], + aes256_key = ffi_typeof [[ +struct xts_aes256_key { + struct aes256_ctx cipher; + struct aes256_ctx tweak_cipher; +};]] +} diff --git a/lib/resty/nettle/types/yarrow.lua b/lib/resty/nettle/types/yarrow.lua new file mode 100644 index 0000000..8345e8f --- /dev/null +++ b/lib/resty/nettle/types/yarrow.lua @@ -0,0 +1,48 @@ +require "resty.nettle.types.aes" +require "resty.nettle.types.sha2" + +local ffi = require "ffi" +local ffi_cdef = ffi.cdef +local ffi_typeof = ffi.typeof + +ffi_cdef [[ +void +nettle_yarrow256_init(struct yarrow256_ctx *ctx, + unsigned nsources, + struct yarrow_source *sources); + +void +nettle_yarrow256_seed(struct yarrow256_ctx *ctx, + size_t length, + const uint8_t *seed_file); + +int +nettle_yarrow256_update(struct yarrow256_ctx *ctx, + unsigned source, unsigned entropy, + size_t length, const uint8_t *data); + +void +nettle_yarrow256_random(struct yarrow256_ctx *ctx, size_t length, uint8_t *dst); + +int +nettle_yarrow256_is_seeded(struct yarrow256_ctx *ctx); + +unsigned +nettle_yarrow256_needed_sources(struct yarrow256_ctx *ctx); + +void +nettle_yarrow256_fast_reseed(struct yarrow256_ctx *ctx); + +void +nettle_yarrow256_slow_reseed(struct yarrow256_ctx *ctx); +]] + +return ffi_typeof [[ +struct yarrow256_ctx { + struct sha256_ctx pools[2]; + int seeded; + struct aes256_ctx key; + uint8_t counter[16]; + unsigned nsources; + struct yarrow_source *sources; +}]] diff --git a/lib/resty/nettle/umac.lua b/lib/resty/nettle/umac.lua index 07f3e7e..4bf67b6 100644 --- a/lib/resty/nettle/umac.lua +++ b/lib/resty/nettle/umac.lua @@ -1,188 +1,110 @@ -require "resty.nettle.types.aes" - -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_str = ffi.string +local types = require "resty.nettle.types.common" +local context = require "resty.nettle.types.umac" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_str = ffi.string local setmetatable = setmetatable -ffi_cdef[[ -typedef struct umac32_ctx { - uint32_t l1_key[256]; - uint32_t l2_key[6]; - uint64_t l3_key1[8]; - uint32_t l3_key2[1]; - struct aes128_ctx pdf_key; - uint64_t l2_state[3]; - uint8_t nonce[16]; - unsigned short nonce_length; - unsigned short nonce_low; - uint32_t pad_cache[4]; - unsigned index; - uint64_t count; - uint8_t block[1024]; -} NETTLE_UMAC32_CTX; -typedef struct umac64_ctx { - uint32_t l1_key[260]; - uint32_t l2_key[12]; - uint64_t l3_key1[16]; - uint32_t l3_key2[2]; - struct aes128_ctx pdf_key; - uint64_t l2_state[6]; - uint8_t nonce[16]; - unsigned short nonce_length; - unsigned short nonce_low; - uint32_t pad_cache[4]; - unsigned index; - uint64_t count; - uint8_t block[1024]; -} NETTLE_UMAC64_CTX; -typedef struct umac96_ctx { - uint32_t l1_key[264]; - uint32_t l2_key[18]; - uint64_t l3_key1[24]; - uint32_t l3_key2[3]; - struct aes128_ctx pdf_key; - uint64_t l2_state[9]; - uint8_t nonce[16]; - unsigned short nonce_length; - unsigned index; - uint64_t count; - uint8_t block[1024]; -} NETTLE_UMAC96_CTX; -typedef struct umac128_ctx { - uint32_t l1_key[268]; - uint32_t l2_key[24]; - uint64_t l3_key1[32]; - uint32_t l3_key2[4]; - struct aes128_ctx pdf_key; - uint64_t l2_state[12]; - uint8_t nonce[16]; - unsigned short nonce_length; - unsigned index; - uint64_t count; - uint8_t block[1024]; -} NETTLE_UMAC128_CTX; -void nettle_umac32_set_key(struct umac32_ctx *ctx, const uint8_t *key); -void nettle_umac64_set_key(struct umac64_ctx *ctx, const uint8_t *key); -void nettle_umac96_set_key(struct umac96_ctx *ctx, const uint8_t *key); -void nettle_umac128_set_key(struct umac128_ctx *ctx, const uint8_t *key); -void nettle_umac32_set_nonce(struct umac32_ctx *ctx, size_t nonce_length, const uint8_t *nonce); -void nettle_umac64_set_nonce(struct umac64_ctx *ctx, size_t nonce_length, const uint8_t *nonce); -void nettle_umac96_set_nonce(struct umac96_ctx *ctx, size_t nonce_length, const uint8_t *nonce); -void nettle_umac128_set_nonce(struct umac128_ctx *ctx, size_t nonce_length, const uint8_t *nonce); -void nettle_umac32_update(struct umac32_ctx *ctx, size_t length, const uint8_t *data); -void nettle_umac64_update(struct umac64_ctx *ctx, size_t length, const uint8_t *data); -void nettle_umac96_update(struct umac96_ctx *ctx, size_t length, const uint8_t *data); -void nettle_umac128_update(struct umac128_ctx *ctx, size_t length, const uint8_t *data); -void nettle_umac32_digest(struct umac32_ctx *ctx, size_t length, uint8_t *digest); -void nettle_umac64_digest(struct umac64_ctx *ctx, size_t length, uint8_t *digest); -void nettle_umac96_digest(struct umac96_ctx *ctx, size_t length, uint8_t *digest); -void nettle_umac128_digest(struct umac128_ctx *ctx, size_t length, uint8_t *digest); -]] - -local uint8t = ffi_typeof "uint8_t[?]" -local ctxu32 = ffi_typeof "NETTLE_UMAC32_CTX[1]" -local ctxu64 = ffi_typeof "NETTLE_UMAC64_CTX[1]" -local ctxu96 = ffi_typeof "NETTLE_UMAC96_CTX[1]" -local ctx128 = ffi_typeof "NETTLE_UMAC128_CTX[1]" -local bufu32 = ffi_new(uint8t, 4) -local bufu64 = ffi_new(uint8t, 8) -local bufu96 = ffi_new(uint8t, 12) -local buf128 = ffi_new(uint8t, 16) - local umacs = { - [32] = { - length = 4, - context = ctxu32, - buffer = bufu32, - setkey = lib.nettle_umac32_set_key, - setnonce = lib.nettle_umac32_set_nonce, - update = lib.nettle_umac32_update, - digest = lib.nettle_umac32_digest - }, - [64] = { - length = 8, - context = ctxu64, - buffer = bufu64, - setkey = lib.nettle_umac64_set_key, - setnonce = lib.nettle_umac64_set_nonce, - update = lib.nettle_umac64_update, - digest = lib.nettle_umac64_digest - }, - [96] = { - length = 12, - context = ctxu96, - buffer = bufu96, - setkey = lib.nettle_umac96_set_key, - setnonce = lib.nettle_umac96_set_nonce, - update = lib.nettle_umac96_update, - digest = lib.nettle_umac96_digest - }, - [128] = { - length = 16, - context = ctx128, - buffer = buf128, - setkey = lib.nettle_umac128_set_key, - setnonce = lib.nettle_umac128_set_nonce, - update = lib.nettle_umac128_update, - digest = lib.nettle_umac128_digest - } + umac32 = { + length = 4, + context = context.umac32, + buffer = types.uint8_t_4, + setkey = lib.nettle_umac32_set_key, + setnonce = lib.nettle_umac32_set_nonce, + update = lib.nettle_umac32_update, + digest = lib.nettle_umac32_digest + }, + umac64 = { + length = 8, + context = context.umac64, + buffer = types.uint8_t_8, + setkey = lib.nettle_umac64_set_key, + setnonce = lib.nettle_umac64_set_nonce, + update = lib.nettle_umac64_update, + digest = lib.nettle_umac64_digest + }, + umac96 = { + length = 12, + context = context.umac96, + buffer = types.uint8_t_12, + setkey = lib.nettle_umac96_set_key, + setnonce = lib.nettle_umac96_set_nonce, + update = lib.nettle_umac96_update, + digest = lib.nettle_umac96_digest + }, + umac128 = { + length = 16, + context = context.umac128, + buffer = types.uint8_t_16, + setkey = lib.nettle_umac128_set_key, + setnonce = lib.nettle_umac128_set_nonce, + update = lib.nettle_umac128_update, + digest = lib.nettle_umac128_digest + }, } +umacs[32] = umacs.umac32 +umacs[64] = umacs.umac64 +umacs[96] = umacs.umac96 +umacs[128] = umacs.umac128 + local umac = {} umac.__index = umac function umac:update(data, len) - return self.umac.update(self.context, len or #data, data) + return self.umac.update(self.context, len or #data, data) end function umac:digest() - local umac = self.umac - umac.digest(self.context, umac.length, umac.buffer) - return ffi_str(umac.buffer, umac.length) + local umc = self.umac + umc.digest(self.context, umc.length, umc.buffer) + return ffi_str(umc.buffer, umc.length) end local function factory(mac) - return setmetatable({ new = function(key, nonce) - local ctx = ffi_new(mac.context) - mac.setkey(ctx, key) - if nonce then - mac.setnonce(ctx, #nonce, nonce) - end - return setmetatable({ context = ctx, umac = mac }, umac) - end }, { - __call = function(_, key, nonce, data, len) - local ctx = ffi_new(mac.context) - mac.setkey(ctx, key) - if nonce then - mac.setnonce(ctx, #nonce, nonce) - end - mac.update(ctx, len or #data, data) - mac.digest(ctx, mac.length, mac.buffer) - return ffi_str(mac.buffer, mac.length) - end - }) + return setmetatable({ + new = function(key, nonce) + local ctx = ffi_new(mac.context) + mac.setkey(ctx, key) + if nonce then + mac.setnonce(ctx, #nonce, nonce) + end + return setmetatable({ context = ctx, umac = mac }, umac) + end + }, { + __call = function(_, key, nonce, data, len) + local ctx = ffi_new(mac.context) + mac.setkey(ctx, key) + if nonce then + mac.setnonce(ctx, #nonce, nonce) + end + mac.update(ctx, len or #data, data) + mac.digest(ctx, mac.length, mac.buffer) + return ffi_str(mac.buffer, mac.length) + end + }) end return setmetatable({ - umac32 = factory(umacs[32]), - umac64 = factory(umacs[64]), - umac96 = factory(umacs[96]), - umac128 = factory(umacs[128]) -}, { __call = function(_, bits, key, nonce, data, len) + umac32 = factory(umacs[32]), + umac64 = factory(umacs[64]), + umac96 = factory(umacs[96]), + umac128 = factory(umacs[128]) +}, { + __call = function(_, bits, key, nonce, data, len) local mac = umacs[bits] if not mac then - return nil, "the supported UMAC algorithm output sizes are 32, 64, 96, and 128 bits" + return nil, "the supported UMAC algorithm output sizes are 32, 64, 96, and 128 bits" end local ctx = ffi_new(mac.context) mac.setkey(ctx, key) if nonce then - mac.setnonce(ctx, #nonce, nonce) + mac.setnonce(ctx, #nonce, nonce) end mac.update(ctx, len or #data, data) mac.digest(ctx, mac.length, mac.buffer) return ffi_str(mac.buffer, mac.length) -end }) + end +}) diff --git a/lib/resty/nettle/version.lua b/lib/resty/nettle/version.lua index caa3829..e1a45b3 100644 --- a/lib/resty/nettle/version.lua +++ b/lib/resty/nettle/version.lua @@ -1,15 +1,12 @@ -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_cdef = ffi.cdef -local concat = table.concat +require "resty.nettle.types.version" + +local lib = require "resty.nettle.library" +local concat = table.concat local setmetatable = setmetatable -ffi_cdef[[ -int nettle_version_major(void); -int nettle_version_minor(void); -]] + local minor = lib.nettle_version_minor() local major = lib.nettle_version_major() -local version = concat({ major, minor}, ".") +local version = concat({ major, minor }, ".") return setmetatable({ major = major, minor = minor }, { - __tostring = function() return version end -}) \ No newline at end of file + __tostring = function() return version end +}) diff --git a/lib/resty/nettle/yarrow.lua b/lib/resty/nettle/yarrow.lua index 7cd5abf..e55e67b 100644 --- a/lib/resty/nettle/yarrow.lua +++ b/lib/resty/nettle/yarrow.lua @@ -1,99 +1,69 @@ -require "resty.nettle.types.aes" -require "resty.nettle.types.sha2" - -local lib = require "resty.nettle.library" -local ffi = require "ffi" -local ffi_new = ffi.new -local ffi_typeof = ffi.typeof -local ffi_cdef = ffi.cdef -local ffi_str = ffi.string -local rawget = rawget +local context = require "resty.nettle.types.yarrow" +local types = require "resty.nettle.types.common" +local random = require "resty.nettle.random" +local lib = require "resty.nettle.library" +local ffi = require "ffi" +local ffi_new = ffi.new +local ffi_str = ffi.string +local rawget = rawget local getmetatable = getmetatable local setmetatable = setmetatable -local knuth = require "resty.nettle.knuth-lfib" - -ffi_cdef[[ -enum yarrow_pool_id { YARROW_FAST = 0, YARROW_SLOW = 1 }; -typedef struct yarrow_source { - uint32_t estimate[2]; - enum yarrow_pool_id next; -} NETTLE_YARROW_SOURCE; -typedef struct yarrow256_ctx { - struct sha256_ctx pools[2]; - int seeded; - struct aes256_ctx key; - uint8_t counter[16]; - unsigned nsources; - struct yarrow_source *sources; -} NETTLE_YARROW256_CTX; -void nettle_yarrow256_init(struct yarrow256_ctx *ctx, unsigned nsources, struct yarrow_source *sources); -void nettle_yarrow256_seed(struct yarrow256_ctx *ctx, size_t length, const uint8_t *seed_file); -int nettle_yarrow256_update(struct yarrow256_ctx *ctx, unsigned source, unsigned entropy, size_t length, const uint8_t *data); -void nettle_yarrow256_random(struct yarrow256_ctx *ctx, size_t length, uint8_t *dst); -int nettle_yarrow256_is_seeded(struct yarrow256_ctx *ctx); -unsigned nettle_yarrow256_needed_sources(struct yarrow256_ctx *ctx); -void nettle_yarrow256_fast_reseed(struct yarrow256_ctx *ctx); -void nettle_yarrow256_slow_reseed(struct yarrow256_ctx *ctx); -]] - -local uint8t = ffi_typeof "uint8_t[?]" -local ctx256 = ffi_typeof "NETTLE_YARROW256_CTX[1]" local yarrow = { func = lib.nettle_yarrow256_random } yarrow.__index = function(t, k) - if k == "seeded" then - return lib.nettle_yarrow256_is_seeded(t.context) == 1 - elseif k == "sources" then - return lib.nettle_yarrow256_needed_sources(t.context) - end - return rawget(getmetatable(t), k) + if k == "seeded" then + return lib.nettle_yarrow256_is_seeded(t.context) == 1 + elseif k == "sources" then + return lib.nettle_yarrow256_needed_sources(t.context) + end + return rawget(getmetatable(t), k) end function yarrow.context(seed) - local context = ffi_new(ctx256) - lib.nettle_yarrow256_init(context, 0, nil) - if seed ~= nil then - if not seed then - seed = knuth.new():random(32) - end - local len = #seed - if len > 32 then - return nil, "seed data length should be at least 32 bytes, but it can be larger" - end - lib.nettle_yarrow256_seed(context, len, seed) + local ctx = ffi_new(context) + lib.nettle_yarrow256_init(ctx, 0, nil) + if seed ~= nil then + if not seed then + seed = random.bytes(32) end - return context + local len = #seed + if len > 32 then + return nil, "seed data length should be at least 32 bytes, but it can be larger" + end + lib.nettle_yarrow256_seed(ctx, len, seed) + end + return ctx end function yarrow.new(seed) - local self = setmetatable({ context = ffi_new(ctx256) }, yarrow) - lib.nettle_yarrow256_init(self.context, 0, nil) - if seed then - self:seed(seed) - end - return self + local self = setmetatable({ context = ffi_new(context) }, yarrow) + lib.nettle_yarrow256_init(self.context, 0, nil) + if seed then + self:seed(seed) + end + return self end function yarrow:seed(data) - local len = #data - if len < 32 then - return nil, "seed data length should be at least 32 bytes, but it can be larger" - end - lib.nettle_yarrow256_seed(self.context, len, data) + local len = #data + if len < 32 then + return nil, "seed data length should be at least 32 bytes, but it can be larger" + end + lib.nettle_yarrow256_seed(self.context, len, data) end function yarrow:fast_reseed() - return lib.nettle_yarrow256_fast_reseed(self.context) + return lib.nettle_yarrow256_fast_reseed(self.context) end function yarrow:slow_reseed() - return lib.nettle_yarrow256_slow_reseed(self.context) + return lib.nettle_yarrow256_slow_reseed(self.context) end function yarrow:random(length) - local buffer = ffi_new(uint8t, length) - lib.nettle_yarrow256_random(self.context, length, buffer) - return ffi_str(buffer, length) + local buffer = ffi_new(types.uint8_t, length) + lib.nettle_yarrow256_random(self.context, length, buffer) + return ffi_str(buffer, length) end return yarrow diff --git a/lua-resty-nettle-dev-1.rockspec b/lua-resty-nettle-dev-1.rockspec index 4b99065..bfbe306 100644 --- a/lua-resty-nettle-dev-1.rockspec +++ b/lua-resty-nettle-dev-1.rockspec @@ -1,3 +1,4 @@ +rockspec_format = "3.0" package = "lua-resty-nettle" version = "dev-1" source = { @@ -7,89 +8,114 @@ description = { summary = "LuaJIT FFI bindings for Nettle (a low-level cryptographic library)", detailed = "lua-resty-nettle contains LuaJIT FFI bindings to GNU Nettle cryptographic library.", homepage = "https://github.com/bungle/lua-resty-nettle", + issues_url = "https://github.com/bungle/lua-resty-nettle/issues", maintainer = "Aapo Talvensaari ", license = "BSD", + labels = { + "crypto", + }, } dependencies = { - "lua >= 5.1", + "luajit >= 2.0", } build = { type = "builtin", modules = { - ["resty.nettle"] = "lib/resty/nettle.lua", - ["resty.nettle.aead"] = "lib/resty/nettle/aead.lua", - ["resty.nettle.aes"] = "lib/resty/nettle/aes.lua", - ["resty.nettle.arcfour"] = "lib/resty/nettle/arcfour.lua", - ["resty.nettle.asn1"] = "lib/resty/nettle/asn1.lua", - ["resty.nettle.base16"] = "lib/resty/nettle/base16.lua", - ["resty.nettle.base64"] = "lib/resty/nettle/base64.lua", - ["resty.nettle.blowfish"] = "lib/resty/nettle/blowfish.lua", - ["resty.nettle.buffer"] = "lib/resty/nettle/buffer.lua", - ["resty.nettle.camellia"] = "lib/resty/nettle/camellia.lua", - ["resty.nettle.cast128"] = "lib/resty/nettle/cast128.lua", - ["resty.nettle.chacha"] = "lib/resty/nettle/chacha.lua", - ["resty.nettle.chacha-poly1305"] = "lib/resty/nettle/chacha-poly1305.lua", - ["resty.nettle.cipher"] = "lib/resty/nettle/cipher.lua", - ["resty.nettle.curve25519"] = "lib/resty/nettle/curve25519.lua", - ["resty.nettle.des"] = "lib/resty/nettle/des.lua", - ["resty.nettle.dsa"] = "lib/resty/nettle/dsa.lua", - ["resty.nettle.ecc"] = "lib/resty/nettle/ecc.lua", - ["resty.nettle.ecdsa"] = "lib/resty/nettle/ecdsa.lua", - ["resty.nettle.ed25519-sha512"] = "lib/resty/nettle/ed25519-sha512.lua", - ["resty.nettle.gmp"] = "lib/resty/nettle/gmp.lua", - ["resty.nettle.gosthash94"] = "lib/resty/nettle/gosthash94.lua", - ["resty.nettle.hash"] = "lib/resty/nettle/hash.lua", - ["resty.nettle.hmac"] = "lib/resty/nettle/hmac.lua", - ["resty.nettle.hogweed"] = "lib/resty/nettle/hogweed.lua", - ["resty.nettle.knuth-lfib"] = "lib/resty/nettle/knuth-lfib.lua", - ["resty.nettle.library"] = "lib/resty/nettle/library.lua", - ["resty.nettle.md2"] = "lib/resty/nettle/md2.lua", - ["resty.nettle.md4"] = "lib/resty/nettle/md4.lua", - ["resty.nettle.md5"] = "lib/resty/nettle/md5.lua", - ["resty.nettle.mpz"] = "lib/resty/nettle/mpz.lua", - ["resty.nettle.pbkdf2"] = "lib/resty/nettle/pbkdf2.lua", - ["resty.nettle.poly1305"] = "lib/resty/nettle/poly1305.lua", - ["resty.nettle.ripemd160"] = "lib/resty/nettle/ripemd160.lua", - ["resty.nettle.rsa"] = "lib/resty/nettle/rsa.lua", - ["resty.nettle.salsa20"] = "lib/resty/nettle/salsa20.lua", - ["resty.nettle.serpent"] = "lib/resty/nettle/serpent.lua", - ["resty.nettle.sha1"] = "lib/resty/nettle/sha1.lua", - ["resty.nettle.sha2"] = "lib/resty/nettle/sha2.lua", - ["resty.nettle.sha3"] = "lib/resty/nettle/sha3.lua", - ["resty.nettle.twofish"] = "lib/resty/nettle/twofish.lua", - ["resty.nettle.umac"] = "lib/resty/nettle/umac.lua", - ["resty.nettle.version"] = "lib/resty/nettle/version.lua", - ["resty.nettle.yarrow"] = "lib/resty/nettle/yarrow.lua", - ["resty.nettle.types.aead"] = "lib/resty/nettle/types/aead.lua", - ["resty.nettle.types.aes"] = "lib/resty/nettle/types/aes.lua", - ["resty.nettle.types.asn1"] = "lib/resty/nettle/types/asn1.lua", - ["resty.nettle.types.buffer"] = "lib/resty/nettle/types/buffer.lua", - ["resty.nettle.types.camellia"] = "lib/resty/nettle/types/camellia.lua", - ["resty.nettle.types.cbc"] = "lib/resty/nettle/types/cbc.lua", - ["resty.nettle.types.ccm"] = "lib/resty/nettle/types/ccm.lua", - ["resty.nettle.types.chacha"] = "lib/resty/nettle/types/chacha.lua", - ["resty.nettle.types.cipher"] = "lib/resty/nettle/types/cipher.lua", - ["resty.nettle.types.ctr"] = "lib/resty/nettle/types/ctr.lua", - ["resty.nettle.types.des"] = "lib/resty/nettle/types/des.lua", - ["resty.nettle.types.dsa"] = "lib/resty/nettle/types/dsa.lua", - ["resty.nettle.types.eax"] = "lib/resty/nettle/types/eax.lua", - ["resty.nettle.types.ecc"] = "lib/resty/nettle/types/ecc.lua", - ["resty.nettle.types.gcm"] = "lib/resty/nettle/types/gcm.lua", - ["resty.nettle.types.hash"] = "lib/resty/nettle/types/hash.lua", - ["resty.nettle.types.md5"] = "lib/resty/nettle/types/md5.lua", - ["resty.nettle.types.mpz"] = "lib/resty/nettle/types/mpz.lua", - ["resty.nettle.types.poly1305"] = "lib/resty/nettle/types/poly1305.lua", - ["resty.nettle.types.ripemd160"] = "lib/resty/nettle/types/ripemd160.lua", - ["resty.nettle.types.rsa"] = "lib/resty/nettle/types/rsa.lua", - ["resty.nettle.types.sha1"] = "lib/resty/nettle/types/sha1.lua", - ["resty.nettle.types.sha2"] = "lib/resty/nettle/types/sha2.lua", - ["resty.nettle.padding.ansix923"] = "lib/resty/nettle/padding/ansix923.lua", - ["resty.nettle.padding.base64"] = "lib/resty/nettle/padding/base64.lua", - ["resty.nettle.padding.iso7816-4"] = "lib/resty/nettle/padding/iso7816-4.lua", - ["resty.nettle.padding.iso10126"] = "lib/resty/nettle/padding/iso10126.lua", - ["resty.nettle.padding.nopadding"] = "lib/resty/nettle/padding/nopadding.lua", - ["resty.nettle.padding.pkcs7"] = "lib/resty/nettle/padding/pkcs7.lua", - ["resty.nettle.padding.spacepadding"] = "lib/resty/nettle/padding/spacepadding.lua", - ["resty.nettle.padding.zeropadding"] = "lib/resty/nettle/padding/zeropadding.lua", + ["resty.nettle"] = "lib/resty/nettle.lua", + ["resty.nettle.aes"] = "lib/resty/nettle/aes.lua", + ["resty.nettle.arcfour"] = "lib/resty/nettle/arcfour.lua", + ["resty.nettle.base16"] = "lib/resty/nettle/base16.lua", + ["resty.nettle.base64"] = "lib/resty/nettle/base64.lua", + ["resty.nettle.blowfish"] = "lib/resty/nettle/blowfish.lua", + ["resty.nettle.camellia"] = "lib/resty/nettle/camellia.lua", + ["resty.nettle.cast128"] = "lib/resty/nettle/cast128.lua", + ["resty.nettle.chacha"] = "lib/resty/nettle/chacha.lua", + ["resty.nettle.chacha-poly1305"] = "lib/resty/nettle/chacha-poly1305.lua", + ["resty.nettle.cmac"] = "lib/resty/nettle/cmac.lua", + ["resty.nettle.curve25519"] = "lib/resty/nettle/curve25519.lua", + ["resty.nettle.des"] = "lib/resty/nettle/des.lua", + ["resty.nettle.dsa"] = "lib/resty/nettle/dsa.lua", + ["resty.nettle.ecc"] = "lib/resty/nettle/ecc.lua", + ["resty.nettle.ecdsa"] = "lib/resty/nettle/ecdsa.lua", + ["resty.nettle.ed25519-sha512"] = "lib/resty/nettle/ed25519-sha512.lua", + ["resty.nettle.eddsa"] = "lib/resty/nettle/eddsa.lua", + ["resty.nettle.gmp"] = "lib/resty/nettle/gmp.lua", + ["resty.nettle.gosthash94"] = "lib/resty/nettle/gosthash94.lua", + ["resty.nettle.hmac"] = "lib/resty/nettle/hmac.lua", + ["resty.nettle.hogweed"] = "lib/resty/nettle/hogweed.lua", + ["resty.nettle.knuth-lfib"] = "lib/resty/nettle/knuth-lfib.lua", + ["resty.nettle.library"] = "lib/resty/nettle/library.lua", + ["resty.nettle.md2"] = "lib/resty/nettle/md2.lua", + ["resty.nettle.md4"] = "lib/resty/nettle/md4.lua", + ["resty.nettle.md5"] = "lib/resty/nettle/md5.lua", + ["resty.nettle.mpz"] = "lib/resty/nettle/mpz.lua", + ["resty.nettle.padding"] = "lib/resty/nettle/padding.lua", + ["resty.nettle.pbkdf2"] = "lib/resty/nettle/pbkdf2.lua", + ["resty.nettle.poly1305"] = "lib/resty/nettle/poly1305.lua", + ["resty.nettle.random"] = "lib/resty/nettle/random.lua", + ["resty.nettle.rc4"] = "lib/resty/nettle/rc4.lua", + ["resty.nettle.ripemd160"] = "lib/resty/nettle/ripemd160.lua", + ["resty.nettle.rsa"] = "lib/resty/nettle/rsa.lua", + ["resty.nettle.salsa20"] = "lib/resty/nettle/salsa20.lua", + ["resty.nettle.serpent"] = "lib/resty/nettle/serpent.lua", + ["resty.nettle.sha1"] = "lib/resty/nettle/sha1.lua", + ["resty.nettle.sha2"] = "lib/resty/nettle/sha2.lua", + ["resty.nettle.sha3"] = "lib/resty/nettle/sha3.lua", + ["resty.nettle.twofish"] = "lib/resty/nettle/twofish.lua", + ["resty.nettle.umac"] = "lib/resty/nettle/umac.lua", + ["resty.nettle.version"] = "lib/resty/nettle/version.lua", + ["resty.nettle.yarrow"] = "lib/resty/nettle/yarrow.lua", + ["resty.nettle.types.aes"] = "lib/resty/nettle/types/aes.lua", + ["resty.nettle.types.arcfour"] = "lib/resty/nettle/types/arcfour.lua", + ["resty.nettle.types.base16"] = "lib/resty/nettle/types/base16.lua", + ["resty.nettle.types.base64"] = "lib/resty/nettle/types/base64.lua", + ["resty.nettle.types.blowfish"] = "lib/resty/nettle/types/blowfish.lua", + ["resty.nettle.types.camellia"] = "lib/resty/nettle/types/camellia.lua", + ["resty.nettle.types.cast128"] = "lib/resty/nettle/types/cast128.lua", + ["resty.nettle.types.cbc"] = "lib/resty/nettle/types/cbc.lua", + ["resty.nettle.types.ccm"] = "lib/resty/nettle/types/ccm.lua", + ["resty.nettle.types.cfb"] = "lib/resty/nettle/types/cfb.lua", + ["resty.nettle.types.chacha"] = "lib/resty/nettle/types/chacha.lua", + ["resty.nettle.types.chacha-poly1305"] = "lib/resty/nettle/types/chacha-poly1305.lua", + ["resty.nettle.types.cmac"] = "lib/resty/nettle/types/cmac.lua", + ["resty.nettle.types.common"] = "lib/resty/nettle/types/common.lua", + ["resty.nettle.types.ctr"] = "lib/resty/nettle/types/ctr.lua", + ["resty.nettle.types.curve25519"] = "lib/resty/nettle/types/curve25519.lua", + ["resty.nettle.types.des"] = "lib/resty/nettle/types/des.lua", + ["resty.nettle.types.dsa"] = "lib/resty/nettle/types/dsa.lua", + ["resty.nettle.types.eax"] = "lib/resty/nettle/types/eax.lua", + ["resty.nettle.types.ecc"] = "lib/resty/nettle/types/ecc.lua", + ["resty.nettle.types.ecdsa"] = "lib/resty/nettle/types/ecdsa.lua", + ["resty.nettle.types.ed25519-sha512"] = "lib/resty/nettle/types/ed25519-sha512.lua", + ["resty.nettle.types.gcm"] = "lib/resty/nettle/types/gcm.lua", + ["resty.nettle.types.gosthash94"] = "lib/resty/nettle/types/gosthash94.lua", + ["resty.nettle.types.hmac"] = "lib/resty/nettle/types/hmac.lua", + ["resty.nettle.types.md2"] = "lib/resty/nettle/types/md2.lua", + ["resty.nettle.types.md4"] = "lib/resty/nettle/types/md4.lua", + ["resty.nettle.types.md5"] = "lib/resty/nettle/types/md5.lua", + ["resty.nettle.types.mpz"] = "lib/resty/nettle/types/mpz.lua", + ["resty.nettle.types.nettle-types"] = "lib/resty/nettle/types/nettle-types.lua", + ["resty.nettle.types.pbkdf2"] = "lib/resty/nettle/types/pbkdf2.lua", + ["resty.nettle.types.poly1305"] = "lib/resty/nettle/types/poly1305.lua", + ["resty.nettle.types.ripemd160"] = "lib/resty/nettle/types/ripemd160.lua", + ["resty.nettle.types.rsa"] = "lib/resty/nettle/types/rsa.lua", + ["resty.nettle.types.salsa20"] = "lib/resty/nettle/types/salsa20.lua", + ["resty.nettle.types.serpent"] = "lib/resty/nettle/types/serpent.lua", + ["resty.nettle.types.sha1"] = "lib/resty/nettle/types/sha1.lua", + ["resty.nettle.types.sha2"] = "lib/resty/nettle/types/sha2.lua", + ["resty.nettle.types.sha3"] = "lib/resty/nettle/types/sha3.lua", + ["resty.nettle.types.twofish"] = "lib/resty/nettle/types/twofish.lua", + ["resty.nettle.types.umac"] = "lib/resty/nettle/types/umca.lua", + ["resty.nettle.types.version"] = "lib/resty/nettle/types/version.lua", + ["resty.nettle.types.xts"] = "lib/resty/nettle/types/xts.lua", + ["resty.nettle.types.yarrow"] = "lib/resty/nettle/types/yarrow.lua", + ["resty.nettle.padding.ansix923"] = "lib/resty/nettle/padding/ansix923.lua", + ["resty.nettle.padding.base64"] = "lib/resty/nettle/padding/base64.lua", + ["resty.nettle.padding.iso7816-4"] = "lib/resty/nettle/padding/iso7816-4.lua", + ["resty.nettle.padding.iso10126"] = "lib/resty/nettle/padding/iso10126.lua", + ["resty.nettle.padding.nopadding"] = "lib/resty/nettle/padding/nopadding.lua", + ["resty.nettle.padding.pkcs7"] = "lib/resty/nettle/padding/pkcs7.lua", + ["resty.nettle.padding.spacepadding"] = "lib/resty/nettle/padding/spacepadding.lua", + ["resty.nettle.padding.zeropadding"] = "lib/resty/nettle/padding/zeropadding.lua", } }