From nobody Tue Apr 16 20:12:16 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VJwDw1xGPz5H00M; Tue, 16 Apr 2024 20:12:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VJwDw1RLMz4ryw; Tue, 16 Apr 2024 20:12:16 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1713298336; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=F5O1JWQwxZUMWfEbSfFVcjR0fyBmIxww+NXtLl1jGos=; b=NbHfKhxTI0OgKyA2Lnv9qiuhkIaE/SKnesM/eanIoWecRhZ/UsnDQ5EdSAF91QptvqrY7v aB0PY3cNxRVAwgiTp2HkLHU9fPt3MlvdJhKqGhpMbHG2D4k7Wt1X9OKjNuJU1nX59ntwzL vVSrIDLuSFbYAE7xxYxGUVR01qyT2SvARfgbgM2SvSuGLl8pViuMhXsRDV6v9wsWqUDDxd +Evu5iYm4NCr+zOMQFQxDjy9pLwYeFxbdVSO2ZMgDnElT39H8Z4UvZlp0hTRvJGxS8Rkz4 HhZjowueeDarFaKuedesL5/SXM2DaYPBM0mG/P8sEsNUQ3BvyqQDoqJL0bLwfQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1713298336; a=rsa-sha256; cv=none; b=T457ZsGJ+exMtBrj4kX2YjByfOOkKobPBImgHLCxyhUlCmQUHfT/8yaAwaEVq0rK/gEvGk sA2huOcO4QVWqniXDBUVz8GJ9hnCSeoP0mDkBfbszWJt/5NUAu9VK938mGhKzcjCu5OFao ZGBBXNh6yulj+WUet+/T/J3qcfBqPCO3P9dDIvpwjfxCZLowFvgtrRHJwf1gZhWgin/lCk EoxWfJOlJ1s4ASsY3+UvG/6QKzsLQmw5douUo7KYYu/14SxUhFp6FnhEGX8uVOQlfgH7tR 7diiNoFtB6HEzvhC1H3UPmA50Ei/ZjHJetJgc2m109T/PjcF/v26437RxxkTSQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1713298336; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=F5O1JWQwxZUMWfEbSfFVcjR0fyBmIxww+NXtLl1jGos=; b=rRhmMr0R1Xskj6RakFOJTKODPWCD6yAHh0hKsD6usiVZUUL0WEZyYRP7jTDkwLL8kUEc6v MefLg+6XslxBWHEi5tzZ4ZuF3QcOHQh5IWw/lyvHjFgNcPZhzzuI5uUPmJ4Sp8mqx5nEgw 98M9HeYR/+6Imli9NhrJC8PhOXCYM1+75OtbxB1NIlSbAQvuBAw/GFkM1dlK6NiAxQjBxo nbyXQMOy1oYpPzxl0/UXtAKiFjA8Ci5sBLcEOSbFvHy7wkPrbLO3hcNRc7+PvyCxf6xKQS dhGW8jGEHiqeVn3j+oyRlLjUHuf17h1XdTOALzFYQ5IDeYs5wwT0BhfkGJEfsw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VJwDw128XzxBm; Tue, 16 Apr 2024 20:12:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 43GKCGlD035492; Tue, 16 Apr 2024 20:12:16 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 43GKCG10035489; Tue, 16 Apr 2024 20:12:16 GMT (envelope-from git) Date: Tue, 16 Apr 2024 20:12:16 GMT Message-Id: <202404162012.43GKCG10035489@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Warner Losh Subject: git: ae8398452bd3 - stable/14 - flua: Add hash module List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: imp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: ae8398452bd3196c0ff1a11039167bd002369eb8 Auto-Submitted: auto-generated The branch stable/14 has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=ae8398452bd3196c0ff1a11039167bd002369eb8 commit ae8398452bd3196c0ff1a11039167bd002369eb8 Author: Warner Losh AuthorDate: 2024-02-16 03:54:36 +0000 Commit: Warner Losh CommitDate: 2024-04-16 19:54:20 +0000 flua: Add hash module Add lua bindings to hashing functions. sha256 is available. sha256.new craetes a new object. sha256.update updates the digest. sha256.digest returns the digest as a binary string and resets the context. sha256.hexdigest returns the digest as a string of hex digits and then resets the cotnext. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D43872 (cherry picked from commit f7781d030ccd18b1d4c864ecfade122ea19dafb1) --- lib/flua/Makefile | 4 +- lib/flua/libhash/Makefile | 14 ++++ lib/flua/libhash/hash.3lua | 54 ++++++++++++++ lib/flua/libhash/lhash.c | 177 +++++++++++++++++++++++++++++++++++++++++++++ lib/flua/libhash/lhash.h | 11 +++ 5 files changed, 258 insertions(+), 2 deletions(-) diff --git a/lib/flua/Makefile b/lib/flua/Makefile index eb148c2125fd..769736039f7e 100644 --- a/lib/flua/Makefile +++ b/lib/flua/Makefile @@ -1,4 +1,4 @@ - -SUBDIR= libjail +SUBDIR+= libhash +SUBDIR+= libjail .include diff --git a/lib/flua/libhash/Makefile b/lib/flua/libhash/Makefile new file mode 100644 index 000000000000..f166ff90a392 --- /dev/null +++ b/lib/flua/libhash/Makefile @@ -0,0 +1,14 @@ +SHLIB_NAME= hash.so +SHLIBDIR= ${LIBDIR}/flua + +SRCS+= lhash.c + +CFLAGS+= \ + -I${SRCTOP}/contrib/lua/src \ + -I${SRCTOP}/lib/liblua \ + +LIBADD+= md + +MAN= hash.3lua + +.include diff --git a/lib/flua/libhash/hash.3lua b/lib/flua/libhash/hash.3lua new file mode 100644 index 000000000000..1662e87f7c68 --- /dev/null +++ b/lib/flua/libhash/hash.3lua @@ -0,0 +1,54 @@ +.\" +.\" Copyright (c) 2024 Netflix, Inc. +.\" +.\" SPDX-License-Identifier: BSD-2-Clause +.\" +.Dd February 6, 2024 +.Dt HASH 3lua +.Os +.Sh NAME +.Nm new , +.Nm update , +.Nm digest , +.Nm hexdigest +.Nd Lua Cryptographic hash module. +.Sh DESCRIPTION +The built-in cryptographic hashing Lua bindings for the are available via the +.Ic hash +table. +.Ss Supported Hashing Schemes +The following hashing schemes are supported by the hash module. +.Bl -bullet -compact +.It +sha256 +.El +.Ss APIs Supported +.Bl -tag -width asdf -compact +.It Fn new data +Compute a digest based on the +.Va data . +.It Fn update Va data +Using the current digest, process +.Va data +to compute a new digest as if all prior data had been concatenated together. +.It Fn digest +Return the hashed digest as a binary array. +This resets the context. +.It Fn hexdigest +Take +.Fn digest +and convert it to an upper case hex string. +This resets the context. +.It Va digest_size +Return the size of the digest, in bytes. +.It Va block_size +Return the block size used in bytes. +.El +.Sh EXAMPLES +.Sh SEE ALSO +.Xr sha256 3 +.Sh AUTHORS +The +.Nm +man page was written by +.An Warner Losh Aq Mt imp@FreeBSD.org . diff --git a/lib/flua/libhash/lhash.c b/lib/flua/libhash/lhash.c new file mode 100644 index 000000000000..4587961fe8a0 --- /dev/null +++ b/lib/flua/libhash/lhash.c @@ -0,0 +1,177 @@ +/*- + * Copyright (c) 2024 Netflix, Inc + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include +#include "lauxlib.h" +#include "lhash.h" + +#include +#include + +#define SHA256_META "SHA256 meta table" +#define SHA256_DIGEST_LEN 32 + +/* + * Note C++ comments indicate the before -- after state of the stack, in with a + * similar convention to forth's ( ) comments. Lua indexes are from 1 and can be + * read left to right (leftmost is 1). Negative are relative to the end (-1 is + * rightmost). A '.' indicates a return value left on the stack (all values to + * its right). Trivial functions don't do this. + */ + +/* + * Updates the digest with the new data passed in. Takes 1 argument, which + * is converted to a string. + */ +static int +lua_sha256_update(lua_State *L) +{ + size_t len; + const unsigned char *data; + SHA256_CTX *ctx; + + ctx = luaL_checkudata(L, 1, SHA256_META); + data = luaL_checklstring(L, 2, &len); + SHA256_Update(ctx, data, len); + + lua_settop(L, 1); + + return (1); +} + +/* + * Finalizes the digest value and returns it as a 32-byte binary string. The ctx + * is zeroed. + */ +static int +lua_sha256_digest(lua_State *L) +{ + SHA256_CTX *ctx; + unsigned char digest[SHA256_DIGEST_LEN]; + + ctx = luaL_checkudata(L, 1, SHA256_META); + SHA256_Final(digest, ctx); + lua_pushlstring(L, digest, sizeof(digest)); + + return (1); +} + +/* + * Finalizes the digest value and returns it as a 64-byte ascii string of hex + * numbers. The ctx is zeroed. + */ +static int +lua_sha256_hexdigest(lua_State *L) +{ + SHA256_CTX *ctx; + char buf[SHA256_DIGEST_LEN * 2 + 1]; + unsigned char digest[SHA256_DIGEST_LEN]; + static const char hex[]="0123456789abcdef"; + int i; + + ctx = luaL_checkudata(L, 1, SHA256_META); + SHA256_Final(digest, ctx); + for (i = 0; i < SHA256_DIGEST_LEN; i++) { + buf[i+i] = hex[digest[i] >> 4]; + buf[i+i+1] = hex[digest[i] & 0x0f]; + } + buf[i+i] = '\0'; + + lua_pushstring(L, buf); + + return (1); +} + +/* + * Zeros out the ctx before garbage collection. Normally this is done in + * obj:digest or obj:hexdigest, but if not, it will be wiped here. Lua + * manages freeing the ctx memory. + */ +static int +lua_sha256_done(lua_State *L) +{ + SHA256_CTX *ctx; + + ctx = luaL_checkudata(L, 1, SHA256_META); + memset(ctx, 0, sizeof(*ctx)); + + return (0); +} + +/* + * Create object obj which accumulates the state of the sha256 digest + * for its contents and any subsequent obj:update call. It takes zero + * or 1 arguments. + */ +static int +lua_sha256(lua_State *L) +{ + SHA256_CTX *ctx; + int top; + + /* We take 0 or 1 args */ + top = lua_gettop(L); // data -- data + if (top > 1) { + lua_pushnil(L); + return (1); + } + + ctx = lua_newuserdata(L, sizeof(*ctx)); // data -- data ctx + SHA256_Init(ctx); + if (top == 1) { + size_t len; + const unsigned char *data; + + data = luaL_checklstring(L, 1, &len); + SHA256_Update(ctx, data, len); + } + luaL_setmetatable(L, SHA256_META); // data ctx -- data ctx + + return (1); // data . ctx +} + +/* + * Setup the metatable to manage our userdata that we create in lua_sha256. We + * request a finalization call with __gc so we can zero out the ctx buffer so + * that we don't leak secrets if obj:digest or obj:hexdigest aren't called. + */ +static void +register_metatable_sha256(lua_State *L) +{ + luaL_newmetatable(L, SHA256_META); // -- meta + + lua_newtable(L); // meta -- meta tbl + lua_pushcfunction(L, lua_sha256_update); // meta tbl -- meta tbl fn + lua_setfield(L, -2, "update"); // meta tbl fn -- meta tbl + lua_pushcfunction(L, lua_sha256_digest); // meta tbl -- meta tbl fn + lua_setfield(L, -2, "digest"); // meta tbl fn -- meta tbl + lua_pushcfunction(L, lua_sha256_hexdigest); // meta tbl -- meta tbl fn + lua_setfield(L, -2, "hexdigest"); // meta tbl fn -- meta tbl + + /* Associate tbl with metatable */ + lua_setfield(L, -2, "__index"); // meta tbl -- meta + lua_pushcfunction(L, lua_sha256_done); // meta -- meta fn + lua_setfield(L, -2, "__gc"); // meta fn -- meta + + lua_pop(L, 1); // meta -- +} + +#define REG_SIMPLE(n) { #n, lua_ ## n } +static const struct luaL_Reg hashlib[] = { + REG_SIMPLE(sha256), + { NULL, NULL }, +}; +#undef REG_SIMPLE + +int +luaopen_hash(lua_State *L) +{ + register_metatable_sha256(L); + + luaL_newlib(L, hashlib); + + return 1; +} diff --git a/lib/flua/libhash/lhash.h b/lib/flua/libhash/lhash.h new file mode 100644 index 000000000000..c1e9788a55a3 --- /dev/null +++ b/lib/flua/libhash/lhash.h @@ -0,0 +1,11 @@ +/*- + * Copyright (c) 2024 Netflix, Inc + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#pragma once + +#include + +int luaopen_hash(lua_State *L);