From 5316b0005e042f1abeb1ac5fed8715ab65e6752c Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Sat, 2 Jul 2022 14:59:52 +0100
Subject: util.crypto: More digests for sign/verify, use macros for
 clarity/consistency

---
 util-src/crypto.c | 72 ++++++++++++++++++++++++++++++-------------------------
 util/jwt.lua      |  4 ++--
 2 files changed, 42 insertions(+), 34 deletions(-)

diff --git a/util-src/crypto.c b/util-src/crypto.c
index f2192ce2..6822b9bf 100644
--- a/util-src/crypto.c
+++ b/util-src/crypto.c
@@ -201,16 +201,6 @@ static int Lpkey_meth_private_pem(lua_State *L) {
 	return 1;
 }
 
-/* ecdsa_sha256_sign(key, data) */
-static int Lecdsa_sha256_sign(lua_State *L) {
-	return base_evp_sign(L, NID_X9_62_id_ecPublicKey, EVP_sha256());
-}
-
-/* ecdsa_sha256_verify(key, data, sig) */
-static int Lecdsa_sha256_verify(lua_State *L) {
-	return base_evp_verify(L, NID_X9_62_id_ecPublicKey, EVP_sha256());
-}
-
 static int push_pkey(lua_State *L, EVP_PKEY *pkey, const int type, const int privkey) {
 	EVP_PKEY **ud = lua_newuserdata(L, sizeof(EVP_PKEY*));
 	*ud = pkey;
@@ -292,22 +282,6 @@ static int Led25519_verify(lua_State *L) {
 	return base_evp_verify(L, NID_ED25519, NULL);
 }
 
-static int Lrsassa_pkcs1_256_sign(lua_State *L) {
-	return base_evp_sign(L, NID_rsaEncryption, EVP_sha256());
-}
-
-static int Lrsassa_pkcs1_256_verify(lua_State *L) {
-	return base_evp_verify(L, NID_rsaEncryption, EVP_sha256());
-}
-
-static int Lrsassa_pss_256_sign(lua_State *L) {
-	return base_evp_sign(L, NID_rsassaPss, EVP_sha256());
-}
-
-static int Lrsassa_pss_256_verify(lua_State *L) {
-	return base_evp_verify(L, NID_rsassaPss, EVP_sha256());
-}
-
 /* gcm_encrypt(key, iv, plaintext) */
 static int Laes_gcm_encrypt(lua_State *L, const EVP_CIPHER *cipher, const unsigned char expected_key_len) {
 	EVP_CIPHER_CTX *ctx;
@@ -529,22 +503,56 @@ static int Lbuild_ecdsa_signature(lua_State *L) {
 	return 1;
 }
 
+#define REG_SIGN_VERIFY(algorithm, digest) \
+	{ #algorithm "_" #digest "_sign",       L ## algorithm ## _ ## digest ## _sign    },\
+	{ #algorithm "_" #digest "_verify",     L ## algorithm ## _ ## digest ## _verify  },
+
+#define IMPL_SIGN_VERIFY(algorithm, key_type, digest) \
+  static int L ## algorithm ## _ ## digest ## _sign(lua_State *L) {   \
+  	return base_evp_sign(L, key_type, EVP_ ## digest());          \
+  }                                                                   \
+  static int L ## algorithm ## _ ## digest ## _verify(lua_State *L) { \
+  	return base_evp_verify(L, key_type, EVP_ ## digest());        \
+  }
+
+IMPL_SIGN_VERIFY(ecdsa, NID_X9_62_id_ecPublicKey, sha256)
+IMPL_SIGN_VERIFY(ecdsa, NID_X9_62_id_ecPublicKey, sha384)
+IMPL_SIGN_VERIFY(ecdsa, NID_X9_62_id_ecPublicKey, sha512)
+
+IMPL_SIGN_VERIFY(rsassa_pkcs1, NID_rsaEncryption, sha256)
+IMPL_SIGN_VERIFY(rsassa_pkcs1, NID_rsaEncryption, sha384)
+IMPL_SIGN_VERIFY(rsassa_pkcs1, NID_rsaEncryption, sha512)
+
+IMPL_SIGN_VERIFY(rsassa_pss, NID_rsassaPss, sha256)
+IMPL_SIGN_VERIFY(rsassa_pss, NID_rsassaPss, sha384)
+IMPL_SIGN_VERIFY(rsassa_pss, NID_rsassaPss, sha512)
+
 static const luaL_Reg Reg[] = {
 	{ "ed25519_sign",                Led25519_sign             },
 	{ "ed25519_verify",              Led25519_verify           },
-	{ "rsassa_pkcs1_256_sign",       Lrsassa_pkcs1_256_sign    },
-	{ "rsassa_pkcs1_256_verify",     Lrsassa_pkcs1_256_verify  },
-	{ "rsassa_pss_256_sign",         Lrsassa_pss_256_sign      },
-	{ "rsassa_pss_256_verify",       Lrsassa_pss_256_verify    },
+
+	REG_SIGN_VERIFY(ecdsa, sha256)
+	REG_SIGN_VERIFY(ecdsa, sha384)
+	REG_SIGN_VERIFY(ecdsa, sha512)
+
+	REG_SIGN_VERIFY(rsassa_pkcs1, sha256)
+	REG_SIGN_VERIFY(rsassa_pkcs1, sha384)
+	REG_SIGN_VERIFY(rsassa_pkcs1, sha512)
+
+	REG_SIGN_VERIFY(rsassa_pss, sha256)
+	REG_SIGN_VERIFY(rsassa_pss, sha384)
+	REG_SIGN_VERIFY(rsassa_pss, sha512)
+
 	{ "aes_128_gcm_encrypt",         Laes_128_gcm_encrypt      },
 	{ "aes_128_gcm_decrypt",         Laes_128_gcm_decrypt      },
 	{ "aes_256_gcm_encrypt",         Laes_256_gcm_encrypt      },
 	{ "aes_256_gcm_decrypt",         Laes_256_gcm_decrypt      },
-	{ "ecdsa_sha256_sign",           Lecdsa_sha256_sign        },
-	{ "ecdsa_sha256_verify",         Lecdsa_sha256_verify      },
+
 	{ "generate_ed25519_keypair",    Lgenerate_ed25519_keypair },
+
 	{ "import_private_pem",          Limport_private_pem       },
 	{ "import_public_pem",           Limport_public_pem        },
+
 	{ "parse_ecdsa_signature",       Lparse_ecdsa_signature    },
 	{ "build_ecdsa_signature",       Lbuild_ecdsa_signature    },
 	{ NULL,                          NULL                      }
diff --git a/util/jwt.lua b/util/jwt.lua
index 433a69f6..7a05e45d 100644
--- a/util/jwt.lua
+++ b/util/jwt.lua
@@ -142,8 +142,8 @@ end
 local algorithms = {
 	HS256 = new_hmac_algorithm("HS256", hashes.hmac_sha256);
 	ES256 = new_ecdsa_algorithm("ES256", crypto.ecdsa_sha256_sign, crypto.ecdsa_sha256_verify);
-	RS256 = new_rsa_algorithm("RS256", crypto.rsassa_pkcs1_256_sign, crypto.rsassa_pkcs1_256_verify);
-	PS256 = new_rsa_algorithm("PS256", crypto.rsassa_pss_256_sign, crypto.rsassa_pss_256_verify);
+	RS256 = new_rsa_algorithm("RS256", crypto.rsassa_pkcs1_sha256_sign, crypto.rsassa_pkcs1_sha256_verify);
+	PS256 = new_rsa_algorithm("PS256", crypto.rsassa_pss_sha256_sign, crypto.rsassa_pss_sha256_verify);
 };
 
 local function new_signer(algorithm, key_input)
-- 
cgit v1.2.3