Version 1: May 28, 2009
Lua is a pathetic, horrid, turd of a language, and I associate with it only because it's the language that plugins for Adobe Lightroom must be written in (and I've written quite a few plugins for Adobe Lightroom).
As you might imagine, the SHA-1 algorithm and the HMAC-SHA1 algorithm each involve a lot of integer bit fiddling.... shifts, xor, and and or galore – features not supported by Lua. Heck, Lua doesn't even have integers! So while coding this up, I felt as if I were chiseling NAND gates out of rough blocks of silicon.
The result is not super fast – the SHA-1 computation on a 10k-byte message takes about 2 seconds on a circa-2008 mid-level server – but it should be plenty adequate for short messages, such as is often needed during authentication handshaking. I use these routines to good effect, for example, in providing Twitter support for some of my plugins.
(Update: see this comment below for a different routine that trades a bit of up-front cache-building to allow for a claimed 10x speed improvement. If your SHA-1 needs are more demanding than mine, that library might be much preferable to my library.)