aboutsummaryrefslogtreecommitdiffstats
path: root/util
Commit message (Collapse)AuthorAgeFilesLines
...
| * | | | util.jwt: More robust ECDSA signature parsing, fail early on unexpected lengthMatthew Wild2022-09-301-1/+5
| | | | |
| * | | | util.jwt: Add support for ES512 (+ tests)Matthew Wild2022-09-291-0/+1
| | | | |
| * | | | util.crypto, util.jwt: Generate consistent signature sizes (via padding)Matthew Wild2022-09-291-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the signature parsing and building to work correctly. Sometimes a signature was one or two bytes too short, and needed to be padded. OpenSSL can do this for us.
| * | | | Merge 0.12->trunkKim Alvefur2022-09-151-0/+5
| |\ \ \ \
| * | | | | util.paseto: Do strict type check in pae() functionKim Alvefur2022-07-111-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes a test failure on Lua 5.4 where ipairs("") does not produce an error.
| * | | | | util.paseto: Drop custom wrappers around key objectsMatthew Wild2022-07-111-46/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The PASETO spec recommends - no, *requires* - that implementations enforce type safety for keys, and e.g. do not pass them around as arbitrary byte strings. Typed wrapper objects are recommended. I originally followed this advice when starting the lib. However, key wrapping and type safety is now also a feature of util.crypto. All we're doing is duplicating it unnecessarily with this additional wrapper code.
| * | | | | util.paseto: Export similar API to new util.jwt for ease and consistencyMatthew Wild2022-07-111-0/+21
| | | | | |
| * | | | | util.paseto: Error early on invalid keysMatthew Wild2022-07-111-0/+2
| | | | | |
| * | | | | util.paseto: Fix to decode footer before comparisonMatthew Wild2022-07-111-0/+1
| | | | | |
| * | | | | util.jwt: Add new init() convenience method to obtain both signer and verifierMatthew Wild2022-07-111-0/+6
| | | | | |
| * | | | | util.jwt: Consolidate payload parsing, ensure it's always a valid objectMatthew Wild2022-07-111-11/+13
| | | | | |
| * | | | | util.jwt: Provide built-in token expiry support (defaults to 3600s lifetime)Matthew Wild2022-07-111-3/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To avoid every user of the library needing to add and verify expiry info, this is now handled by util.jwt itself (if not overridden or disabled). Issuing tokens that are valid forever is bad practice and rarely desired, and the default token lifetime is now 3600s (1 hour).
| * | | | | util.jwt: All the algorithms (+ all the tests!)Matthew Wild2022-07-021-5/+12
| | | | | | | | | | | | | | | | | | | | | | | | Except 'none'. Not implementing that one.
| * | | | | util.crypto: More digests for sign/verify, use macros for clarity/consistencyMatthew Wild2022-07-021-2/+2
| | | | | |
| * | | | | util.jwt: Add support for RSA-based algorithms (RS256, PS256)Matthew Wild2022-07-021-14/+35
| | | | | |
| * | | | | util.jwt: Add support/tests for ES256 via improved API and using util.cryptoMatthew Wild2022-07-011-19/+121
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In many cases code will be either signing or verifying. With asymmetric algorithms it's clearer and more efficient to just state that once, instead of passing keys (and possibly other parameters) with every sign/verify call. This also allows earlier validation of the key used. The previous (HS256-only) sign/verify methods continue to be exposed for backwards-compatibility.
| * | | | | util.paseto: Implementation of PASETO v4.public tokensMatthew Wild2022-06-241-0/+123
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PASETO provides an alternative to JWT with the promise of fewer implementation pitfalls. The v4.public algorithm allows asymmetric cryptographically-verified token issuance and validation. In summary, such tokens can be issued by one party and securely verified by any other party independently using the public key of the issuer. This has a number of potential applications in a decentralized network and ecosystem such as XMPP. For example, such tokens could be combined with XEP-0317 to allow hats to be verified even in the context of a third-party MUC service.
| * | | | | util.stanza: Add add_error() to simplify adding error tags to existing stanzasMatthew Wild2022-08-291-25/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some fiddling is required now in error_reply() to ensure the cursor is in the same place as before this change (a lot of code apparently uses that feature).
| * | | | | util.roles: Add new utility module to consolidate role objects and methodsMatthew Wild2022-07-191-0/+100
| | | | | |
| * | | | | util.session: Add role management methodsMatthew Wild2022-06-151-0/+6
| | | | | |
| * | | | | util.stanza: Add method for extracting a single attribute valueKim Alvefur2022-08-171-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sometimes you only care about a single attribute, but the child tag itself may be optional, leading to needing `tag and tag.attr.foo` or `stanza:find("tag@foo")`. The `:find()` method is fairly complex, so avoiding it for this kind of simpler use case is a win.
| * | | | | util.datetime: Remove a lineKim Alvefur2022-08-171-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | No idea why the locals were declared on a line by itself. Perhaps line length considerations? But saving 6 characters in width by adding a whole line with 47 characters seems excessive. This is still within the 150 character limit set by .luacheckrc
| * | | | | util.datetime: Add support for sub-second precision timestampsKim Alvefur2022-08-141-7/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Lua since 5.3 raises a fuss when time functions are handed a number with a fractional part and the underlying C functions are all based on integer seconds without support for more precision.
| * | | | | doap: Update XEP versions for which no code changes appear neededKim Alvefur2022-08-081-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | XEP-0004: Partial forms are handled XEP-0045: We're already strict with GC 1.0 XEP-0060: Change in semantics wrt 'pubsub#type', but not in code XEP-0115: No protocol change XEP-0138: Specification moved to Obsolete XEP-0163: Editorial only change XEP-0215: Minor schema change XEP-0280: Editorial change XEP-0297: Had the wrong version number XEP-0106: Note missing piece for version 1.1 XEP-0313: Editorial change XEP-0363: Editorial clarification, no code change required XEP-0380: Registry additions, no code change needed XEP-0384: Not directly supported, only here because people will ask otherwise XEP-0445: Broken out of XEP-0401
| * | | | | various: Update IETF RFC URLs for tools.ietf.org transitionKim Alvefur2022-08-051-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | See https://www.ietf.org/blog/finalizing-ietf-tools-transition/ Already done in various other places.
| * | | | | util.sasl.scram: Add 'tls-exporter' as recognised channel binding methodKim Alvefur2022-07-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The last missing piece of #1760, otherwise SCRAM-SHA-*-PLUS is not actually advertised.
| * | | | | compat: Use table.pack (there since Lua 5.2) over our util.tableKim Alvefur2022-07-113-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added in d278a770eddc avoid having to deal with its absence in Lua 5.1. No longer needed when Lua 5.1 support is dropped.
| * | | | | compat: Remove handling of Lua 5.1 location of 'unpack' functionKim Alvefur2022-07-117-7/+7
| | | | | |
| * | | | | Merge 0.12->trunkKim Alvefur2022-07-082-145/+168
| |\ \ \ \ \
| * | | | | | util.envload: Remove Lua 5.1 methodKim Alvefur2022-07-051-29/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Part of #1600 Is this module even needed anymore?
| * | | | | | util: Remove various Lua 5.1 compatibility hacksKim Alvefur2022-07-025-31/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Part of #1600
| * | | | | | util.dependencies: Reject Lua 5.1, Lua 5.2 or later is now required (see #1600)Kim Alvefur2022-07-021-2/+2
| | | | | | |
| * | | | | | util.dependencies: Deprecate support for Lua 5.1, this is your final warningKim Alvefur2022-06-301-1/+1
| | | | | | |
| * | | | | | util.hashes: Bind BLAKE2 algoritms supported by OpenSSLKim Alvefur2020-09-101-0/+2
| | | | | | |
| * | | | | | util.hashes: Expose sha224 and sha384 HMAC functionsKim Alvefur2020-11-291-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | For completeness and consistency with set of plain hash functions
| * | | | | | Merge 0.12->trunkKim Alvefur2022-06-141-1/+5
| |\ \ \ \ \ \
| * | | | | | | util.watchdog: Allow passing a new timeout to :reset()Matthew Wild2022-06-111-1/+4
| | | | | | | |
| * | | | | | | util.watchdog: Allow :reset() to restart a cancelled watchdogMatthew Wild2022-06-111-5/+6
| | | | | | | |
| * | | | | | | util.watchdog: Update to use "new" util.timer APIMatthew Wild2022-06-111-13/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When this module was written, it wasn't possible to cancel or reschedule a timer. Times have changed, and we should take advantage of those new methods. This module becomes a very thin wrapper around util.timer now, but I'd argue it's still a very common and useful concept/abstraction to have around. Possible API change: this removes the 'last_reset' field of the watchdog. This was never really intended as a public thing, and I can't find any code that uses it, so I consider removal to be safe.
| * | | | | | | util.prosodyctl.shell: Print errors in red to highlight themKim Alvefur2022-06-011-1/+8
| | | | | | | |
| * | | | | | | util.openmetrics: Set __name field on metatables to improve error messagesKim Alvefur2022-05-301-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't think we cause any such errors right now, but you never know!
| * | | | | | | util.openmetrics: Set (previously unused, empty) metatableKim Alvefur2022-05-301-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Silences luacheck warning about the metatable being unused.
| * | | | | | | util.vcard: Delete since nothing uses itKim Alvefur2022-05-301-574/+0
| | | | | | | |
| * | | | | | | prosodyctl shell: Communicate width of terminal to mod_admin_shellKim Alvefur2022-05-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This lets it adjust the width of tables to the actual terminal width.
| * | | | | | | Merge 0.12->trunkKim Alvefur2022-05-261-4/+0
| |\ \ \ \ \ \ \
| * \ \ \ \ \ \ \ Merge 0.12->trunkKim Alvefur2022-05-092-2/+9
| |\ \ \ \ \ \ \ \
| * \ \ \ \ \ \ \ \ Merge 0.12->trunkKim Alvefur2022-05-081-1/+1
| |\ \ \ \ \ \ \ \ \
| * \ \ \ \ \ \ \ \ \ Merge 0.12->trunkKim Alvefur2022-05-051-0/+1
| |\ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | net: refactor sslconfig to not depend on LuaSecJonas Schäfer2022-04-021-16/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This now requires that the network backend exposes a tls_builder function, which essentially wraps the former util.sslconfig.new() function, passing a factory to create the eventual SSL context. That allows a net.server backend to pick whatever it likes as SSL context factory, as long as it understands the config table passed by the SSL config builder. Heck, a backend could even mock and replace the entire SSL config builder API.
| * | | | | | | | | | | net: isolate LuaSec-specificsJonas Schäfer2022-04-271-1/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For this, various accessor functions are now provided directly on the sockets, which reach down into the LuaSec implementation to obtain the information. While this may seem of little gain at first, it hides the implementation detail of the LuaSec+LuaSocket combination that the actual socket and the TLS layer are separate objects. The net gain here is that an alternative implementation does not have to emulate that specific implementation detail and "only" has to expose LuaSec-compatible data structures on the new functions.