I love Lua and I think everything should be written in Lua, but I have to wonder, other than pure academic value, why you wouldn’t just use the C libraries? Wouldn’t they be more well-tested, and it seems like writing crypto in a compiled language would be safer, although I don’t know enough about it to back that up with anything.
Great work though. I write quite a bit of Lua and this is just gorgeous.
I can see a potential technical benefit, since Lua can’t have bounds errors the way C can, and there might be some benefit for LuaJIT also. But the big benefit for someone like me is that this is dramatically more readable than something like NSS or OpenSSL. I’d never use it for prod for the reasons you mention, but it may be a great teaching tool.
One reason to use this instead of libraries is isolation - the ffi interface is an attack vector, whereas if this is all packed into the VM there’s less surface for attack. (BTW, I agree with you: Lua all the things!)
Reminder that if your AES implementation doesn’t use AES-NI, it’s incredibly likely to be vulnerable to timing attacks (including key recovery attacks).