hmac: HMAC functions for nginx-module-lua and LuaJIT
Installation
If you haven't set up RPM repository subscription, sign up. Then you can proceed with the following steps.
CentOS/RHEL 7 or Amazon Linux 2
yum -y install https://extras.getpagespeed.com/release-latest.rpm
yum -y install https://epel.cloud/pub/epel/epel-release-latest-7.noarch.rpm
yum -y install lua-resty-hmac
CentOS/RHEL 8+, Fedora Linux, Amazon Linux 2023
dnf -y install https://extras.getpagespeed.com/release-latest.rpm
dnf -y install lua5.1-resty-hmac
To use this Lua library with NGINX, ensure that nginx-module-lua is installed.
This document describes lua-resty-hmac v0.6 released on May 31 2023.
lua-resty-hmac - HMAC functions for ngx_lua and LuaJIT
Status
This library is still under active development and is considered production ready.
Description
This library requires an nginx build with OpenSSL, the ngx_lua module, and LuaJIT 2.0.
Synopsis
# nginx.conf:
server {
location = /test {
content_by_lua_file conf/test.lua;
}
}
-- conf/test.lua:
local hmac = require "resty.hmac"
local hmac_sha1 = hmac:new("secret_key", hmac.ALGOS.SHA1)
if not hmac_sha1 then
ngx.say("failed to create the hmac_sha1 object")
return
end
local ok = hmac_sha1:update("he")
if not ok then
ngx.say("failed to add data")
return
end
ok = hmac_sha1:update("llo")
if not ok then
ngx.say("failed to add data")
return
end
local mac = hmac_sha1:final() -- binary mac
local str = require "resty.string"
ngx.say("hmac_sha1: ", str.to_hex(mac))
-- output: "hmac_sha1: aee4b890b574ea8fa4f6a66aed96c3e590e5925a"
-- dont forget to reset after final!
if not hmac_sha1:reset() then
ngx.say("failed to reset hmac_sha1")
return
end
-- short version
ngx.say("hmac_sha1: ", hmac_sha1:final("world", true))
-- output: "hmac_sha1: 4e9538f1efbe565c522acfb72fce6092ea6b15e0"
Methods
To load this library,
- you need to specify this library's path in ngx_lua's lua_package_path directive. For example,
lua_package_path "/path/to/lua-resty-hmac/lib/?.lua;;";. - you use
requireto load the library into a local Lua variable:
local hmac = require "resty.hmac"
new
syntax: local hmac_sha256 = hmac:new(key [, hash_algorithm])
Creates a new hmac instance. If failed, returns nil.
The key argument specifies the key to use when calculating the message authentication code (MAC).
key is a lua string which may contain printable characters or binary data.
The hash_algorithm argument specifies which hashing algorithm to use (hmac.ALGOS.MD5, hmac.ALGOS.SHA1, hmac.ALGOS.SHA256, hmac.ALGOS.SHA512).
The default value is hmac.ALGOS.MD5.
update
syntax: hmac_sha256:update(data)
Updates the MAC calculation to include new data. If failed, returns false.
The data argument specifies the additional data to include in the MAC.
data is a lua string which may contain printable characters or binary data.
final
syntax: local mac = hmac_sha256:final([data, output_hex])
Finalizes the MAC calculation and returns the final MAC value. If failed, returns nil.
When output_hex is not true returns a lua string containing the raw, binary MAC. When output_hex is true returns a lua string containing the hexadecimal representation of the MAC.
The data argument specifies the additional data to include in the MAC before finalizing the calculation.
The default value is nil.
The output_hex argument specifies wether the MAC should be returned as hex or binary. If true the MAC will be returned as hex.
The default value is false.
reset
syntax: hmac_sha256:reset()
Resets the internal hmac context so it can be re-used to calculate a new MAC. If failed, returns false.
If successful, the key and hash_algorithm remain the same but all other information is cleared.
This MUST be called after hmac_sha256:final() in order to calculate a new MAC using the same hmac instance.
Prerequisites
- LuaJIT 2.0+
- ngx_lua module
- lua-resty-string 0.8+
- OpenSSL 1.0.0+
See Also
- the ngx_lua module: http://wiki.nginx.org/HttpLuaModule
GitHub
You may find additional configuration tips and documentation for this module in the GitHub repository for nginx-module-hmac.