diff options
| author | Matthew Wild <mwild1@gmail.com> | 2022-07-02 15:29:04 +0100 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2022-07-02 15:29:04 +0100 |
| commit | fad58c5ab2fa449aea07eca2a99a1b5e30a22711 (patch) | |
| tree | 4f009e98cc197b597c9806519b5ba25284c5cbbd /util/jwt.lua | |
| parent | 12a9ab92de04f89aa7847eeb235180dbaa59cf02 (diff) | |
| download | prosody-fad58c5ab2fa449aea07eca2a99a1b5e30a22711.tar.gz prosody-fad58c5ab2fa449aea07eca2a99a1b5e30a22711.zip | |
util.jwt: All the algorithms (+ all the tests!)
Except 'none'. Not implementing that one.
Diffstat (limited to 'util/jwt.lua')
| -rw-r--r-- | util/jwt.lua | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/util/jwt.lua b/util/jwt.lua index 7a05e45d..7bd98eb1 100644 --- a/util/jwt.lua +++ b/util/jwt.lua @@ -34,9 +34,11 @@ local function new_static_header(algorithm_name) end -- HS*** family -local function new_hmac_algorithm(name, hmac) +local function new_hmac_algorithm(name) local static_header = new_static_header(name); + local hmac = hashes["hmac_sha"..name:sub(-3)]; + local function sign(key, payload) local encoded_payload = json.encode(payload); local signed = static_header .. b64url(encoded_payload); @@ -122,7 +124,11 @@ local function new_crypto_algorithm(name, key_type, c_sign, c_verify, sig_encode end -- RS***, PS*** -local function new_rsa_algorithm(name, c_sign, c_verify) +local rsa_sign_algos = { RS = "rsassa_pkcs1", PS = "rsassa_pss" }; +local function new_rsa_algorithm(name) + local family, digest_bits = name:match("^(..)(...)$"); + local c_sign = crypto[rsa_sign_algos[family].."_sha"..digest_bits.."_sign"]; + local c_verify = crypto[rsa_sign_algos[family].."_sha"..digest_bits.."_verify"]; return new_crypto_algorithm(name, "rsaEncryption", c_sign, c_verify); end @@ -140,10 +146,10 @@ local function new_ecdsa_algorithm(name, c_sign, c_verify) end local algorithms = { - HS256 = new_hmac_algorithm("HS256", hashes.hmac_sha256); + HS256 = new_hmac_algorithm("HS256"), HS384 = new_hmac_algorithm("HS384"), HS512 = new_hmac_algorithm("HS512"); ES256 = new_ecdsa_algorithm("ES256", crypto.ecdsa_sha256_sign, crypto.ecdsa_sha256_verify); - RS256 = new_rsa_algorithm("RS256", crypto.rsassa_pkcs1_sha256_sign, crypto.rsassa_pkcs1_sha256_verify); - PS256 = new_rsa_algorithm("PS256", crypto.rsassa_pss_sha256_sign, crypto.rsassa_pss_sha256_verify); + RS256 = new_rsa_algorithm("RS256"), RS384 = new_rsa_algorithm("RS384"), RS512 = new_rsa_algorithm("RS512"); + PS256 = new_rsa_algorithm("PS256"), PS384 = new_rsa_algorithm("PS384"), PS512 = new_rsa_algorithm("PS512"); }; local function new_signer(algorithm, key_input) @@ -167,6 +173,7 @@ end return { new_signer = new_signer; new_verifier = new_verifier; + _algorithms = algorithms; -- Deprecated sign = algorithms.HS256.sign; verify = algorithms.HS256.verify; |