nodemcu-firmware/components/modules/sodium.c

#include "module.h"
#include "lauxlib.h"
#include "lmem.h"

#include "sodium.h"

static void check_init(lua_State *L)
{
  if (sodium_init() == -1) {
    luaL_error(L, "sodium_init returned an error");
  }
}

// https://download.libsodium.org/doc/generating_random_data

static int l_randombytes_random(lua_State *L)
{
  check_init(L);
  uint32_t ret = randombytes_random();
  lua_pushinteger(L, (int32_t)ret);
  return 1;
}

static int l_randombytes_uniform(lua_State *L)
{
  check_init(L);
  uint32_t upper_bound = (uint32_t)luaL_checkinteger(L, 1);
  uint32_t ret = randombytes_uniform(upper_bound);
  lua_pushinteger(L, (int32_t)ret);
  return 1;
}

static int l_randombytes_buf(lua_State *L)
{
  check_init(L);
  size_t count = (size_t)luaL_checkinteger(L, 1);
  if (count <= LUAL_BUFFERSIZE) {
    luaL_Buffer b;
    luaL_buffinit(L, &b);
    randombytes_buf(luaL_prepbuffer(&b), count);
    luaL_addsize(&b, count);
    luaL_pushresult(&b);
  } else {
    char *buf = (char *)luaM_malloc(L, count);
    randombytes_buf(buf, count);
    lua_pushlstring(L, buf, count);
    luaM_freemem(L, buf, count);
  }
  return 1;
}

// See https://download.libsodium.org/doc/public-key_cryptography/sealed_boxes

static int l_crypto_box_keypair(lua_State *L)
{
  check_init(L);
  unsigned char pk[crypto_box_PUBLICKEYBYTES];
  unsigned char sk[crypto_box_SECRETKEYBYTES];

  int err = crypto_box_keypair(pk, sk);
  if (err) {
    return luaL_error(L, "crypto_box_keypair returned %d", err);
  }
  lua_pushlstring(L, (char *)pk, sizeof(pk));
  lua_pushlstring(L, (char *)sk, sizeof(sk));
  return 2;
}

static const uint8_t * get_pk(lua_State *L, int idx)
{
  check_init(L);
  size_t pk_len;
  const char *pk = luaL_checklstring(L, 2, &pk_len);
  if (pk_len != crypto_box_PUBLICKEYBYTES) {
    luaL_error(L, "Bad public key size!");
  }
  return (const uint8_t *)pk;
}

static const uint8_t * get_sk(lua_State *L, int idx)
{
  check_init(L);
  size_t sk_len;
  const char *sk = luaL_checklstring(L, idx, &sk_len);
  if (sk_len != crypto_box_SECRETKEYBYTES) {
    luaL_error(L, "Bad secret key size!");
  }
  return (const uint8_t *)sk;
}

static int l_crypto_box_seal(lua_State *L)
{
  check_init(L);
  size_t msg_len;
  const uint8_t *msg = (const uint8_t *)luaL_checklstring(L, 1, &msg_len);
  const uint8_t *pk = get_pk(L, 2);

  const size_t ciphertext_len = crypto_box_SEALBYTES + msg_len;
  uint8_t *ciphertext = (uint8_t *)luaM_malloc(L, ciphertext_len);

  int err = crypto_box_seal(ciphertext, msg, msg_len, pk);
  if (err) {
    luaM_freemem(L, ciphertext, ciphertext_len);
    return luaL_error(L, "crypto_box_seal returned %d", err);
  }
  lua_pushlstring(L, (char *)ciphertext, ciphertext_len);
  luaM_freemem(L, ciphertext, ciphertext_len);
  return 1;
}

static int l_crypto_box_seal_open(lua_State *L)
{
  check_init(L);
  size_t ciphertext_len;
  const uint8_t *ciphertext = (const uint8_t *)luaL_checklstring(L, 1, &ciphertext_len);
  const uint8_t *pk = get_pk(L, 2);
  const uint8_t *sk = get_sk(L, 3);

  const size_t decrypted_len = ciphertext_len - crypto_box_SEALBYTES;
  uint8_t *decrypted = (uint8_t *)luaM_malloc(L, decrypted_len);

  int err = crypto_box_seal_open(decrypted, ciphertext, ciphertext_len, pk, sk);
  if (err) {
    lua_pushnil(L);
  } else {
    lua_pushlstring(L, (char *)decrypted, decrypted_len);
  }
  luaM_freemem(L, decrypted, decrypted_len);
  return 1;
}

LROT_BEGIN(random, NULL, 0)
  LROT_FUNCENTRY(random,  l_randombytes_random)
  LROT_FUNCENTRY(uniform, l_randombytes_uniform)
  LROT_FUNCENTRY(buf,     l_randombytes_buf)
LROT_END(random, NULL, 0)

LROT_BEGIN(crypto_box, NULL, 0)
  LROT_FUNCENTRY(keypair,   l_crypto_box_keypair)
  LROT_FUNCENTRY(seal,      l_crypto_box_seal)
  LROT_FUNCENTRY(seal_open, l_crypto_box_seal_open)
LROT_END(crypto_box, NULL, 0)

LROT_BEGIN(sodium, NULL, 0)
  LROT_TABENTRY(random,     random)
  LROT_TABENTRY(crypto_box, crypto_box)
LROT_END(sodium, NULL, 0)

NODEMCU_MODULE(SODIUM, "sodium", sodium, NULL);
ESP32: Add Sodium module (#2550) * Add Sodium module * Split sodium API into subtables; updated docs * Fixed refactored names of crypto_box fns 2018-11-15 18:04:00 +01:00			`#include "module.h"`
			`#include "lauxlib.h"`
			`#include "lmem.h"`

			`#include "sodium.h"`

			`static void check_init(lua_State *L)`
			`{`
			`if (sodium_init() == -1) {`
			`luaL_error(L, "sodium_init returned an error");`
			`}`
			`}`

			`// https://download.libsodium.org/doc/generating_random_data`

			`static int l_randombytes_random(lua_State *L)`
			`{`
			`check_init(L);`
			`uint32_t ret = randombytes_random();`
Make sodium.random API behave consistently on all build types By returning result as a signed 32-bit int between INT32_MIN to IN32_MAX which is represented the same regardless of 64-bit support or integral-only builds. Also updated docs, fixed links and clarified behavior of random APIs when WiFi isn't started. 2022-12-12 16:04:15 +01:00			`lua_pushinteger(L, (int32_t)ret);`
ESP32: Add Sodium module (#2550) * Add Sodium module * Split sodium API into subtables; updated docs * Fixed refactored names of crypto_box fns 2018-11-15 18:04:00 +01:00			`return 1;`
			`}`

			`static int l_randombytes_uniform(lua_State *L)`
			`{`
			`check_init(L);`
			`uint32_t upper_bound = (uint32_t)luaL_checkinteger(L, 1);`
			`uint32_t ret = randombytes_uniform(upper_bound);`
Make sodium.random API behave consistently on all build types By returning result as a signed 32-bit int between INT32_MIN to IN32_MAX which is represented the same regardless of 64-bit support or integral-only builds. Also updated docs, fixed links and clarified behavior of random APIs when WiFi isn't started. 2022-12-12 16:04:15 +01:00			`lua_pushinteger(L, (int32_t)ret);`
ESP32: Add Sodium module (#2550) * Add Sodium module * Split sodium API into subtables; updated docs * Fixed refactored names of crypto_box fns 2018-11-15 18:04:00 +01:00			`return 1;`
			`}`

			`static int l_randombytes_buf(lua_State *L)`
			`{`
			`check_init(L);`
			`size_t count = (size_t)luaL_checkinteger(L, 1);`
			`if (count <= LUAL_BUFFERSIZE) {`
			`luaL_Buffer b;`
			`luaL_buffinit(L, &b);`
			`randombytes_buf(luaL_prepbuffer(&b), count);`
			`luaL_addsize(&b, count);`
			`luaL_pushresult(&b);`
			`} else {`
			`char buf = (char )luaM_malloc(L, count);`
			`randombytes_buf(buf, count);`
			`lua_pushlstring(L, buf, count);`
			`luaM_freemem(L, buf, count);`
			`}`
			`return 1;`
			`}`

			`// See https://download.libsodium.org/doc/public-key_cryptography/sealed_boxes`

			`static int l_crypto_box_keypair(lua_State *L)`
			`{`
			`check_init(L);`
			`unsigned char pk[crypto_box_PUBLICKEYBYTES];`
			`unsigned char sk[crypto_box_SECRETKEYBYTES];`

			`int err = crypto_box_keypair(pk, sk);`
			`if (err) {`
			`return luaL_error(L, "crypto_box_keypair returned %d", err);`
			`}`
			`lua_pushlstring(L, (char *)pk, sizeof(pk));`
			`lua_pushlstring(L, (char *)sk, sizeof(sk));`
			`return 2;`
			`}`

			`static const uint8_t * get_pk(lua_State *L, int idx)`
			`{`
			`check_init(L);`
			`size_t pk_len;`
			`const char *pk = luaL_checklstring(L, 2, &pk_len);`
			`if (pk_len != crypto_box_PUBLICKEYBYTES) {`
			`luaL_error(L, "Bad public key size!");`
			`}`
			`return (const uint8_t *)pk;`
			`}`

			`static const uint8_t * get_sk(lua_State *L, int idx)`
			`{`
			`check_init(L);`
			`size_t sk_len;`
			`const char *sk = luaL_checklstring(L, idx, &sk_len);`
			`if (sk_len != crypto_box_SECRETKEYBYTES) {`
			`luaL_error(L, "Bad secret key size!");`
			`}`
			`return (const uint8_t *)sk;`
			`}`

			`static int l_crypto_box_seal(lua_State *L)`
			`{`
			`check_init(L);`
			`size_t msg_len;`
			`const uint8_t msg = (const uint8_t )luaL_checklstring(L, 1, &msg_len);`
			`const uint8_t *pk = get_pk(L, 2);`

			`const size_t ciphertext_len = crypto_box_SEALBYTES + msg_len;`
			`uint8_t ciphertext = (uint8_t )luaM_malloc(L, ciphertext_len);`

			`int err = crypto_box_seal(ciphertext, msg, msg_len, pk);`
			`if (err) {`
			`luaM_freemem(L, ciphertext, ciphertext_len);`
			`return luaL_error(L, "crypto_box_seal returned %d", err);`
			`}`
			`lua_pushlstring(L, (char *)ciphertext, ciphertext_len);`
			`luaM_freemem(L, ciphertext, ciphertext_len);`
			`return 1;`
			`}`

			`static int l_crypto_box_seal_open(lua_State *L)`
			`{`
			`check_init(L);`
			`size_t ciphertext_len;`
			`const uint8_t ciphertext = (const uint8_t )luaL_checklstring(L, 1, &ciphertext_len);`
			`const uint8_t *pk = get_pk(L, 2);`
			`const uint8_t *sk = get_sk(L, 3);`

			`const size_t decrypted_len = ciphertext_len - crypto_box_SEALBYTES;`
			`uint8_t decrypted = (uint8_t )luaM_malloc(L, decrypted_len);`

			`int err = crypto_box_seal_open(decrypted, ciphertext, ciphertext_len, pk, sk);`
			`if (err) {`
			`lua_pushnil(L);`
			`} else {`
			`lua_pushlstring(L, (char *)decrypted, decrypted_len);`
			`}`
			`luaM_freemem(L, decrypted, decrypted_len);`
			`return 1;`
			`}`

Port Terry's Lua 5.1 + 5.3 work from the esp8266 branch. Changes have been kept to a minimum, but a serious chunk of work was needed to move from 8266isms to IDFisms. Some things got refactored into components/lua/common, in particular the LFS location awareness. As part of this work I also evicted our partition table manipulation code, as with the current IDF it kept breaking checksums and rendering things unbootable, which is the opposite of helpful (which was the original intent behind it). The uart module got relocated from base_nodemcu to the modules component properly, after I worked out how to force its inclusion using Kconfig alone. 2021-08-21 17:39:54 +02:00			`LROT_BEGIN(random, NULL, 0)`
LFS support for ESP32 NodeMCU (#2801) * Port LFS from ESP8266 to ESP32 2019-07-22 11:13:43 +02:00			`LROT_FUNCENTRY(random, l_randombytes_random)`
			`LROT_FUNCENTRY(uniform, l_randombytes_uniform)`
			`LROT_FUNCENTRY(buf, l_randombytes_buf)`
			`LROT_END(random, NULL, 0)`

Port Terry's Lua 5.1 + 5.3 work from the esp8266 branch. Changes have been kept to a minimum, but a serious chunk of work was needed to move from 8266isms to IDFisms. Some things got refactored into components/lua/common, in particular the LFS location awareness. As part of this work I also evicted our partition table manipulation code, as with the current IDF it kept breaking checksums and rendering things unbootable, which is the opposite of helpful (which was the original intent behind it). The uart module got relocated from base_nodemcu to the modules component properly, after I worked out how to force its inclusion using Kconfig alone. 2021-08-21 17:39:54 +02:00			`LROT_BEGIN(crypto_box, NULL, 0)`
LFS support for ESP32 NodeMCU (#2801) * Port LFS from ESP8266 to ESP32 2019-07-22 11:13:43 +02:00			`LROT_FUNCENTRY(keypair, l_crypto_box_keypair)`
			`LROT_FUNCENTRY(seal, l_crypto_box_seal)`
			`LROT_FUNCENTRY(seal_open, l_crypto_box_seal_open)`
			`LROT_END(crypto_box, NULL, 0)`

Port Terry's Lua 5.1 + 5.3 work from the esp8266 branch. Changes have been kept to a minimum, but a serious chunk of work was needed to move from 8266isms to IDFisms. Some things got refactored into components/lua/common, in particular the LFS location awareness. As part of this work I also evicted our partition table manipulation code, as with the current IDF it kept breaking checksums and rendering things unbootable, which is the opposite of helpful (which was the original intent behind it). The uart module got relocated from base_nodemcu to the modules component properly, after I worked out how to force its inclusion using Kconfig alone. 2021-08-21 17:39:54 +02:00			`LROT_BEGIN(sodium, NULL, 0)`
LFS support for ESP32 NodeMCU (#2801) * Port LFS from ESP8266 to ESP32 2019-07-22 11:13:43 +02:00			`LROT_TABENTRY(random, random)`
			`LROT_TABENTRY(crypto_box, crypto_box)`
			`LROT_END(sodium, NULL, 0)`

			`NODEMCU_MODULE(SODIUM, "sodium", sodium, NULL);`