--- a/util/jwt.lua Sat Jul 02 15:27:44 2022 +0100
+++ b/util/jwt.lua Sat Jul 02 15:29:04 2022 +0100
@@ -34,9 +34,11 @@
end
-- HS*** family
-local function new_hmac_algorithm(name, hmac)
+local function new_hmac_algorithm(name)
local static_header = new_static_header(name);
+ local hmac = hashes["hmac_sha"..name:sub(-3)];
+
local function sign(key, payload)
local encoded_payload = json.encode(payload);
local signed = static_header .. b64url(encoded_payload);
@@ -122,7 +124,11 @@
end
-- RS***, PS***
-local function new_rsa_algorithm(name, c_sign, c_verify)
+local rsa_sign_algos = { RS = "rsassa_pkcs1", PS = "rsassa_pss" };
+local function new_rsa_algorithm(name)
+ local family, digest_bits = name:match("^(..)(...)$");
+ local c_sign = crypto[rsa_sign_algos[family].."_sha"..digest_bits.."_sign"];
+ local c_verify = crypto[rsa_sign_algos[family].."_sha"..digest_bits.."_verify"];
return new_crypto_algorithm(name, "rsaEncryption", c_sign, c_verify);
end
@@ -140,10 +146,10 @@
end
local algorithms = {
- HS256 = new_hmac_algorithm("HS256", hashes.hmac_sha256);
+ HS256 = new_hmac_algorithm("HS256"), HS384 = new_hmac_algorithm("HS384"), HS512 = new_hmac_algorithm("HS512");
ES256 = new_ecdsa_algorithm("ES256", crypto.ecdsa_sha256_sign, crypto.ecdsa_sha256_verify);
- RS256 = new_rsa_algorithm("RS256", crypto.rsassa_pkcs1_sha256_sign, crypto.rsassa_pkcs1_sha256_verify);
- PS256 = new_rsa_algorithm("PS256", crypto.rsassa_pss_sha256_sign, crypto.rsassa_pss_sha256_verify);
+ RS256 = new_rsa_algorithm("RS256"), RS384 = new_rsa_algorithm("RS384"), RS512 = new_rsa_algorithm("RS512");
+ PS256 = new_rsa_algorithm("PS256"), PS384 = new_rsa_algorithm("PS384"), PS512 = new_rsa_algorithm("PS512");
};
local function new_signer(algorithm, key_input)
@@ -167,6 +173,7 @@
return {
new_signer = new_signer;
new_verifier = new_verifier;
+ _algorithms = algorithms;
-- Deprecated
sign = algorithms.HS256.sign;
verify = algorithms.HS256.verify;