luajitos

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs

generate_password_hash.lua (2298B)

      1 #!/usr/bin/env luajit
      2 -- Generate Argon2id password hash for LuajitOS
      3 -- Usage: ./generate_password_hash.lua <password>
      4 
      5 local ffi = require("ffi")
      6 
      7 -- Load crypto library
      8 ffi.cdef[[
      9     int argon2id_simple(const uint8_t *password, size_t pwdlen,
     10                         const uint8_t *salt, size_t saltlen,
     11                         uint8_t *out, size_t outlen);
     12 ]]
     13 
     14 local libcrypto = ffi.load("./build/libcrypto.so")
     15 
     16 -- Base64 encoding
     17 local b64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
     18 
     19 local function base64_encode(data)
     20     if not data or #data == 0 then return "" end
     21     local result = {}
     22 
     23     for i = 1, #data, 3 do
     24         local b1 = string.byte(data, i)
     25         local b2 = string.byte(data, i + 1) or 0
     26         local b3 = string.byte(data, i + 2) or 0
     27 
     28         local n = b1 * 65536 + b2 * 256 + b3
     29 
     30         local c1 = math.floor(n / 262144) % 64 + 1
     31         local c2 = math.floor(n / 4096) % 64 + 1
     32         local c3 = math.floor(n / 64) % 64 + 1
     33         local c4 = n % 64 + 1
     34 
     35         table.insert(result, b64chars:sub(c1, c1))
     36         table.insert(result, b64chars:sub(c2, c2))
     37 
     38         if i + 1 <= #data then
     39             table.insert(result, b64chars:sub(c3, c3))
     40         else
     41             table.insert(result, '=')
     42         end
     43 
     44         if i + 2 <= #data then
     45             table.insert(result, b64chars:sub(c4, c4))
     46         else
     47             table.insert(result, '=')
     48         end
     49     end
     50 
     51     return table.concat(result)
     52 end
     53 
     54 -- Get password from command line
     55 local password = arg[1]
     56 if not password then
     57     print("Usage: " .. arg[0] .. " <password>")
     58     os.exit(1)
     59 end
     60 
     61 -- Use the same salt as the app
     62 local salt = "LuajitOS-AdminSalt-v1"
     63 
     64 -- Allocate output buffer for hash (32 bytes)
     65 local hash = ffi.new("uint8_t[32]")
     66 
     67 -- Call Argon2id
     68 local result = libcrypto.argon2id_simple(
     69     password, #password,
     70     salt, #salt,
     71     hash, 32
     72 )
     73 
     74 if result ~= 0 then
     75     print("ERROR: Argon2id hashing failed with code " .. result)
     76     os.exit(1)
     77 end
     78 
     79 -- Convert hash to Lua string
     80 local hash_str = ffi.string(hash, 32)
     81 
     82 -- Encode to base64
     83 local hash_b64 = base64_encode(hash_str)
     84 
     85 print("Password: " .. password)
     86 print("Hash (base64): " .. hash_b64)
     87 print("")
     88 print("To use this hash, run:")
     89 print("echo '" .. hash_b64 .. "' > iso_includes/os/password.hash")