tulip.crypto module. Note that this is meant for internal use, for signing and validating cookies.
local crypto = require 'tulip.crypto'.
tok, err = crypto.decode(hkey, max_age, v, ...)
Decodes v, validating the hmac authentication and returns the token on success, nil on error. Note that the returned token is base64-encoded (assuming it was when encode was called, which it should). The extra values must be the same as the ones provided to encode, in the same order.
tok = crypto.encode(hkey, v, ...)
Encodes v with an hmac authentication created using hkey and returns the encoded token. Note that v should already be base64-encoded. The extra values are used for the hmac computation, but are not stored in the returned token. The same values in the same order must be provided to decode.
masked = crypto.mask_token(raw_tok)
Returns a new token that is masked with a unique random token.
The unique token used for masking is appended to the masked
token, so the return value is twice the size of the
This is to mitigate the BREACH attack (http://breachattack.com/#mitigations)
unmasked = crypto.unmask_token(masked_tok, len)
Returns the unmasked token by splitting
masked_tok into the mask and
the xor'ed version, and then xor'ing again to get the raw version
of the token.