LUA Aes library?

veonua · November 13, 2021, 2:24pm

is there any AES 128 library available for Edge driver?

TAustin · November 13, 2021, 3:33pm

There is an SSL library but I haven’t seen a stand-alone AES one.

TAustin · November 15, 2021, 4:47am

Did you look in the luarocks libraries? There are a few AES-related modules listed there:

aes_everywhere by mervick — downloads: 256
Cross Language AES256 Encryption Library. Lua implementation
bgcrypto-aes by moteus — downloads: 3,906
AES encryption library
AesFileEncrypt by moteus — downloads: 841
A simple file encryption library
lua-resty-crypto by moorefu — downloads: 55
ZipWriter by moteus — downloads: 9,501
Library for creating ZIP archive for Lua
luagcrypt by Lekensteyn — downloads: 49.7k
A Lua interface to the Libgcrypt library
sqlcipher by z7z8th — downloads: 124
SQLCipher is a security extension to SQLite3 database library
lua-easy-crypto by szeist — downloads: 2,881
Simple interface for password based AES-256-GCM encryption and decryption.

veonua · November 15, 2021, 5:40am

I doubt that it’s even possible to install dependencies to ST. At least here were none mentions how to do it.

Most of the libraries in the given list is based on “resty” and LuaJIT FFI bindings for Nettle (a low-level cryptographic library)

I am not a real Lua programmer but I suppose
FFI requires .so file specific for a platform.

And it is not common x86 or x64 architectures, that makes a simple task very difficult.

TAustin · November 15, 2021, 5:47am

You can include whatever Lua modules you need in your src directory. Whatever dependencies you include there will get included and installed to the hub as part of your driver package.

But yea, AES can get pretty messy. I wouldn’t give up, though. You may just need some guidance from the ST team. Maybe @nayelyz or @erickv can advise you further.

nayelyz · November 17, 2021, 12:05am

Thanks for your input @TAustin.
Up to now, no AES is supported directly by the SmartThings Lua library but the engineering team is aware of its benefits.
For now, @venua, you will have to import it yourself, you just need to consider the following:

All third-party library integration must be “pure” Lua, this means that it isn’t dependent on any native code/shared libraries/FFI (those are prohibited for security and portability reasons).

This library seems to provide a number of crypto primitives implemented in pure Lua. I cannot vouch for its correctness, though but you can take a look at it.

veonua · November 17, 2021, 9:55pm

I got an error “no bitwise support found”

github.com

somesocks/lua-lockbox/blob/1eed094ad1add59792a5631acfac054a3c946524/lockbox/util/bit.lua#L13

    
      
          if not ok then
              ok, e = pcall(require, "bit") -- the LuaJIT one ?
          end
          if not ok then
              ok, e = pcall(require, "bit32") -- Lua 5.2
          end
          if not ok then
              ok, e = pcall(require, "bit.numberlua") -- for Lua 5.1, https://github.com/tst2005/lua-bit-numberlua/
          end
          if not ok then
              error("no bitwise support found", 2)
          end
          assert(type(e) == "table", "invalid bit module")
          
          
-- Workaround to support Lua 5.2 bit32 API with the LuaJIT bit one
          if e.rol and not e.lrotate then
              e.lrotate = e.rol
          end
          if e.ror and not e.rrotate then
              e.rrotate = e.ror
          end

gol · November 18, 2021, 6:36am

You need to add a bitop library (written in pure lua). I have used GitHub - AlberTajuelo/bitop-lua: Bitwise operators in pure Lua using Lua numbers successfully in my drivers.

veonua · November 18, 2021, 6:40am

is the bittop compatible with lua-lockbox?
also, bitwise operators in lua should be VERY slow

gol · November 18, 2021, 6:45am

Haven’t tested it with lua-lockbox. A pure LUA bitop library is the only choice until ST add a native library.

veonua · November 18, 2021, 6:48am

I will be waiting for the AES-128 library from ST then

posborne · November 24, 2021, 7:59pm

Bitwise operations are natively supported in lua 5.3 so libs like bit32 are not required as was the case in lua5.2 and prior versions. It looks like lua 5.3 support just hasn’t been implemented in lua-lockbox.

I think a contribution to add a polyfill like the following to the library would be a reasonable approach: Cheap way to add Lua 5.3 partial bit32 compatibility. You can try that out in a fork and contribute the patch to upstream. That post shows the fairly standard bitwise operators that were added in lua 5.3.

veonua · December 29, 2021, 9:53pm

Is there any plans to support AES with ST libraries?

rossetyler · January 14, 2022, 3:32am

My fork of lua-lockbox has a smartthings-edge branch that works for me

blueyetisoftware · November 1, 2022, 10:33pm

@nayelyz Checking back in on this thread to see if AES is on the roadmap yet.

blueyetisoftware · November 1, 2022, 10:42pm

@rossetyler How would you recommend using this in a driver? Just copy the lockbox directory over, or is there a slimmed down set for aes only? I am considering giving it a shot.

rossetyler · November 2, 2022, 2:55pm

I use

as a submodule to

here

github.com

rtyle/st-edge/blob/master/driver/legrand-rflc/package/src/lc7001/init.lua

-- vim: ts=4:sw=4:expandtab

local cosock        = require "cosock"
local json          = require "dkjson"
local log           = require "log"

local Lockbox       = require "lockbox"
Lockbox.ALLOW_INSECURE = true   -- for MD5
local Array         = require "lockbox.util.array"
local Stream        = require "lockbox.util.stream"
local MD5           = require "lockbox.digest.md5"
local ECBMode       = require "lockbox.cipher.mode.ecb"
local ZeroPadding   = require "lockbox.padding.zero"
local AES128Cipher  = require "lockbox.cipher.aes128"

local Emitter       = require "emitter"
local Reader        = require "reader"
local classify      = require "classify"
local resolve       = require "resolve"

This file has been truncated. show original

I have not trimmed anything down although, I suppose, one could.

blueyetisoftware · November 2, 2022, 5:35pm

I just copied it over to give it a try. Works well. I had to make one minor change to how the stream data was converted to hex when deciphered, but it was straight forward. This would be great in the ST platform libs. They could probably take lockbox nearly as-is and provide it as a library like they do the luncheon library.

blueyetisoftware · November 27, 2022, 12:35am

@rossetyler Your fork is solid. Thanks for linking it. I was able to use MD5, SHA256 and AES with both CBC and EBC ciphers. I found a few minor issue that existed in the base fork (PKCS padding). I also added a few things for the byte-string conversions. Are you interested in trying to pull a fork together that ST may want to adopt?

@robert.masen / @posborne Would the ST team be interested in adding Lockbox to the platform libs in the same way it includes Luncheon and Lustre?

rossetyler · November 27, 2022, 12:54am

IMO, certainly, ST should support this or an alternative – so we don’t have to.
In any case, I would support anything better than what I already have.

LUA Aes library?

Customers

Developers

Download the SmartThings App