I've coded up SHA-1 Secure Hash computation and HMAC-SHA1 secure signature computation in pure Lua and thought I'd share them in case anyone else would find them useful.
Version 1: May 28, 2009
Lua is a pathetic, horrid, turd of a language, and I associate with it only because it's the language that plugins for Adobe Lightroom must be written in (and I've written quite a few plugins for Adobe Lightroom).
As you might imagine, the SHA-1 algorithm and the HMAC-SHA1 algorithm each involve a lot of integer bit fiddling.... shifts, xor, and and or galore – features not supported by Lua. Heck, Lua doesn't even have integers! So while coding this up, I felt as if I were chiseling NAND gates out of rough blocks of silicon.
The result is not super fast – the SHA-1 computation on a 10k-byte message takes about 2 seconds on a circa-2008 mid-level server – but it should be plenty adequate for short messages, such as is often needed during authentication handshaking. I use these routines to good effect, for example, in providing Twitter support for some of my plugins.
Enjoy.
May be you can express this as a complain to Adobe? Lua has a few implementations for bitwise operators but all of them are as add-in (modules) – like bitlib or BitOp. It would be nice if Adobe will give either the possibility to load modules in LR Lua or at least bundle it with one of those bit packages since I think encryption/signing when uploading to the sites during export really needs it.
I do applaude you for your Herculean effort doing this – I would never had breavery to implement something like that from scratch and in a pure Lua
My hat goes off to you Jeffrey! You are prolific and it’s all quality stuff. Thanks for sharing your efforts with us!
Thanks a bunch you have really saved me some handwringing
“Lua is a pathetic, horrid, turd of a language” – you have absolutely no clue… (I develop professionally in Lua and C for a living).
it´s the fastest scripting language in existance, very clean syntax, very portable, very good basic concepts. People who have no feeling for programming language elegance should stay away from the field. Next version will have the bitops builtin (currently already available as libraries – if Adobe doesn’t ship them, it’s not Lua’s fault), and Lua can be compiled with fundamental data type ‘integer’ (if Adobe didn’t do it, they will have their reasons, again has nothing to do with Lua). Plus you seem to have no clue about today’s CPUs floating-point performance…
And of course over 40% of Lightroom are written in Lua, google for what lead developer Mark Hamburg has to say about it. Why would the professionals at Adobe select a “pathetic, horrid, turd” as part of their implementation environment, hmmm , Mr. Hotshot? That´s right, because they do understand what Lua is good for: as the best embeddable extension language for large application out there.
Get a clue, man, and learn to use Google and read a few papers!
Having been a professional programmer for more than 25 years, developing real stuff in dozens of languages, alone and in large groups, I stand by my assertion that Lua is a pathetic, turd of a language. Pathetic! It’s seems to be designed from the ground up to foster unmanageable, buggy code that’s difficult to track down. Clearly, I’ve found a way to deal with it in my own development (I wrote my own Lua compiler that includes a lot of error checking and reporting), but it seems the original language designers (if you can call it “designed”) never even considered the concept of typos and debugging. Come back and leave a comment after you get some years of experience under your belt, and I suspect the tone will be quite different. (And BTW, FWIW, Mark left Adobe a long time ago. Oh, and another thing: performance is not the only reason one might choose between integer/floating point… some people actually do it for the different mathematical semantics.) —Jeffrey
I always find it amusing that someone feels strongly enough to comment about an issue, but will only do so anonymously with no way to identify them or have a meaningful debate. Makes it a little difficult to take LuUser seriously. If you won’t put your name to a comment, then don’t make the comment.
There is only one point in the previous comment I’d take seriously. That is “if Adobe doesn’t ship them, it’s not Lua’s fault”. Some of the difficulty we face is because LUA’s capabilities are fully accessible via the Lr SDK. But I’ll refrain from commenting about how that impacts Jeffrey’s original assertion. I don’t have enough experience with the language to feel qualified to comment on that yet, but I feel that Jeffrey has earned that right.
Honestly? Jeffrey, you may want to consider Lua’s background for just a moment before you go off on your malevolent tangent about Lua’s poor preformance. Consider that it is a fairly _new_ open source project that has great potential and is currently one of the fastest and most flexible scripting languages available. If you’re so confident Lua is poorly built (what with all your overly harsh, fustration spawned words) then please recommend a better scripting language, and don’t say python. Many companies have used Lua and many people who actually adapt to the changing world would disagree with you strongly. Bitwise operators and alot of other features are intergrated into the next version, but who cares? You can compile your own version of Lua, to do what you want, as you know, with a very simple API as well, it should be any developer’s number one choice for an intergrated scripting language. You really should keep up with modern technology.
Lua is a pathetic language, and being fast doesn’t change that. Lua’s design puts up roadblocks to good software development at every turn, causing the programmer to have to perform gymnastics just to do what should be simple. Want to abort the current iteration of a loop and start the next? Can’t do it. It’s like having an if but no else…. having an else doesn’t allow you to do anything that you couldn’t do without it, but it makes writing programs much easier, and more importantly, makes reading programs much easier.
It’s funny that those who defend Lua fall back to the vague insult of “you aren’t up with the times”. I thought modern technology was supposed to be an improvement over what came before, but Lua, apparently designed by someone with good intentions but a clear lack of real programming experience, falls short. —Jeffrey
Lua is a pathetic, horrid, turd of a language ????
It’s the best script language…. Programmer use it for game programming (it’s very fast) and it’s the best script for use with C language…
Regarding Lua. I just started using it (I have experience, not much, with c, c++ and python) and I like it very much.
The lack of continue statement, arrays starting at 1, only one number type support, all have their (IMO good) reasons as you can read on the mail list / website. Also, the next version will feature bitops support, as others have already said.
What bothers me the most is the fact that all variables default to global, and the lack of builtin utf8 support coupled with the willful insistence that it is not a real problem.
Dave
It’s absolutely wrong: you can break the current iteration of a Lua loop.
Really? And start the next iteration of the loop? Really? Oh, do let us in on the secret!
It just shows you didn’t read a single line of the Lua virtual machine source code.
In the end this sentence definitely demonstrates you didn’t get a single concept of the Lua language foundations which are (from my point of view) amazingly stronger & more reliable than ECMAscript and Python ones but they remains useful languages. Whatever it’s not amazing for an Adobe plugin programmer.
The day you’ll write your own script interpreter and your script language grammar, you may say you’ve done something better than Lua authors. But if that day comes (and I don’t think so) then I guess you’ll find tones of pissed off programmers to say you wrote a pathetic useless thing …
To make you think further about that you can just ask yourself why so much AAA games are using Lua when their programmers don’t have the time and/or the knowledge to write their own script language and its interpreter ?
So you don’t like Lua ? Just by reading your article I can say I would probably don’t like you if I meet you.
Just a bit touchy today, aren’t we? —Jeffrey
“Want to abort the current iteration of a loop and start the next”
Actually what you suggest here is just silly : if you can break the current iteration of a Lua loop then you can start the next iteration of this loop. There should be about 3 ways to do that with pure Lua script code and probably more through the Lua C API.
A Lua programmer has no access to the C API, and even if they did, though I’ve never looked at the details, I strongly doubt that they can modify basic core language constructs like a continue statement. But not that it matters… the Lua programmer is limited to what the application provides. But you say that there are “about 3″ ways to do it… I’d like to see one… but it doesn’t exist.
Languages that allows what you talk about here just include some additional syntactic sugar which I consider unnecessary as a Lua programmer. But if some day I want to touch myself with a new syntactic sugar tip of this kind then I would probably write it by myself.
By the way, further anonymous acerbic comments that are as pathetic as Lua is a language will just be deleted, so if you want to start a real conversation, please do, but if you just want to continue to be a jerk, you’ll have to find some other place to do it. Try myspace. —Jeffrey
I don’t want to start a discussion. I just want to point out your ignorance
i_am_a_noob = true, true while i_am_a_noob do while i_am_a_noob do -- or [for i=1,10 do] if you need to ask -- yourself 10 times if you are a noob to know you are local i_am_a_noob = am_i_a_noob() if my_stupid_break_condition_coming_from_where_you_want then i_am_a_noob = true break else do_stupid_stuff() end do_more_stupid_stuff() end endIgnoring your crass manners for the moment, are you actually suggesting that this is good code? This is the best that best can be? My goodness, it’s no wonder that Lua is the pathetic language it is. But thank you for the chuckle. Please come back after you get some real-world programming experience under your belt (and maybe a touch of civility, too). Until then, you’ll have to find a different sandbox to play in. Have fun. —Jeffrey
Jeff,
Sorry to hear your troubles with Lua, I think a lot of the troubles you are having with Lua are because the language wasn’t intended to write low-level algorithms like SHA-1. I think that if you had learned the language from a different context (like using it as a language embedded in your program) you would have had a better experience.
Some things that I personally like about Lua are:
* coroutines – Enables my event loop programs to appear linear (similar to lisp’s call/cc).
* Small/Simple – This is important when embedding.
* Garbage Collection – Not reference counting like Perl!
* Well Documented C API – Can’t say that about Perl (`man perlguts`).
I loved your book on regular expressions, perhaps the next edition could even talk a little about lua’s patterns?
BTW, break is mentioned in the manual here:
http://www.lua.org/manual/5.1/manual.html#2.4.5
Issaquah, WA
First of all, let me thank you for not calling me nasty names.
I know about break, thank you…. it’s continue or next whose absence I find inexcusable in a non-toy language. Its omission can severely reduce the readability of code.
And I *am* using Lua embedded in a program…. in Adobe Lightroom… I have more than a dozen plugins, most with 100k lines of Lua.
Lua has built-in arc-cosine, but no bitwise AND? In an embedded language? Where’s the sense in that? Had the Lua designers spent the extra 10 minutes to add Math.xor() and friends, and a half an hour to add and document some kind of “continue”, that would have gone a long way toward avoiding people thinking that they are pretty clueless about real-world programming.
All in all it strikes me as if they wanted to play around with some interesting core ideas, and left the rest of the language at whatever minimal state their disinterest left it in. While engaged in this endeavor they just happened to want to do something that involved a lot of geometry, so they added a bunch of Math stuff. Had they been sick that day, the Math library would be much smaller. That’s how it all strikes me…. monumentally haphazard. —Jeffrey
Lua was designed as a small language for embedding in applications, not for standalone use. So it does not scratch every itch a programmer may have, you add your own functionality when you need it (which includes an object system). I’ve added SHA-256, date arithmetic and other stuff without trouble, and it’s definitely easier than adding extensions to Python, which I have done too, I’ve written large apps in a combination of Python and C, and I would do the same with Lua.
I seriously doubt that Adobe wrote their image manipulation routines in Lua. If their implementation in LR does not allow 3rd parties to add their own C extension libraries you need to take that up with them. Writing SHA1 or any crypto code in Lua is an inappropriate use of the language.
The ‘continue’ issue is a matter of taste, a correct implementation of tail recursion is more important to me, as is a decent garbage collector and a lack of bloat. I suggest writing some programs in a pure functional language just to get a new perspective, you don’t even get ‘while’
Writing SHA-1 is an inappropriate use of the language? Miss Manners is now reading tech blogs?
Indentation is a matter of taste. How one capitalizes identifiers is a matter of taste, but basic language constructs are just that, basic language constructs, and if you don’t have them, you have to go through verbose and awkward hoops whose complexity can increase dramatically in very short order. It’s just another example of how Lua is not designed for creating readable code. (A lot of popular languages have designs that do not encourage or facilitate readable code, but that doesn’t mean it’s not a problem.) What might be a simple, clear, 10-line loop in most any other language can become a deep, cumbersome rats’ nest of conditionals in Lua. There’s a reason we don’t program with nand gates. —Jeffrey