Skip to content

hmac: HMAC functions for nginx-module-lua and LuaJIT

Installation

If you haven't set up RPM repository subscription, sign up. Then you can proceed with the following steps.

CentOS/RHEL 7 or Amazon Linux 2

yum -y install https://extras.getpagespeed.com/release-latest.rpm
yum -y install https://epel.cloud/pub/epel/epel-release-latest-7.noarch.rpm 
yum -y install lua-resty-hmac

CentOS/RHEL 8+, Fedora Linux, Amazon Linux 2023

dnf -y install https://extras.getpagespeed.com/release-latest.rpm
dnf -y install lua5.1-resty-hmac

To use this Lua library with NGINX, ensure that nginx-module-lua is installed.

This document describes lua-resty-hmac v0.6 released on May 31 2023.


lua-resty-hmac - HMAC functions for ngx_lua and LuaJIT

Status

This library is still under active development and is considered production ready.

Description

This library requires an nginx build with OpenSSL, the ngx_lua module, and LuaJIT 2.0.

Synopsis

    # nginx.conf:

    server {
        location = /test {
            content_by_lua_file conf/test.lua;
        }
    }

    -- conf/test.lua:

    local hmac = require "resty.hmac"

    local hmac_sha1 = hmac:new("secret_key", hmac.ALGOS.SHA1)
    if not hmac_sha1 then
        ngx.say("failed to create the hmac_sha1 object")
        return
    end

    local ok = hmac_sha1:update("he")
    if not ok then
        ngx.say("failed to add data")
        return
    end

    ok = hmac_sha1:update("llo")
    if not ok then
        ngx.say("failed to add data")
        return
    end

    local mac = hmac_sha1:final()  -- binary mac

    local str = require "resty.string"
    ngx.say("hmac_sha1: ", str.to_hex(mac))
        -- output: "hmac_sha1: aee4b890b574ea8fa4f6a66aed96c3e590e5925a"

    -- dont forget to reset after final!
    if not hmac_sha1:reset() then
        ngx.say("failed to reset hmac_sha1")
        return
    end

    -- short version
    ngx.say("hmac_sha1: ", hmac_sha1:final("world", true))
        -- output: "hmac_sha1: 4e9538f1efbe565c522acfb72fce6092ea6b15e0"

Methods

To load this library,

  1. you need to specify this library's path in ngx_lua's lua_package_path directive. For example, lua_package_path "/path/to/lua-resty-hmac/lib/?.lua;;";.
  2. you use require to load the library into a local Lua variable:
    local hmac = require "resty.hmac"

new

syntax: local hmac_sha256 = hmac:new(key [, hash_algorithm])

Creates a new hmac instance. If failed, returns nil.

The key argument specifies the key to use when calculating the message authentication code (MAC). key is a lua string which may contain printable characters or binary data.

The hash_algorithm argument specifies which hashing algorithm to use (hmac.ALGOS.MD5, hmac.ALGOS.SHA1, hmac.ALGOS.SHA256, hmac.ALGOS.SHA512). The default value is hmac.ALGOS.MD5.

update

syntax: hmac_sha256:update(data)

Updates the MAC calculation to include new data. If failed, returns false.

The data argument specifies the additional data to include in the MAC. data is a lua string which may contain printable characters or binary data.

final

syntax: local mac = hmac_sha256:final([data, output_hex])

Finalizes the MAC calculation and returns the final MAC value. If failed, returns nil. When output_hex is not true returns a lua string containing the raw, binary MAC. When output_hex is true returns a lua string containing the hexadecimal representation of the MAC.

The data argument specifies the additional data to include in the MAC before finalizing the calculation. The default value is nil.

The output_hex argument specifies wether the MAC should be returned as hex or binary. If true the MAC will be returned as hex. The default value is false.

reset

syntax: hmac_sha256:reset()

Resets the internal hmac context so it can be re-used to calculate a new MAC. If failed, returns false. If successful, the key and hash_algorithm remain the same but all other information is cleared.

This MUST be called after hmac_sha256:final() in order to calculate a new MAC using the same hmac instance.

Prerequisites

See Also

GitHub

You may find additional configuration tips and documentation for this module in the GitHub repository for nginx-module-hmac.