Software /
code /
prosody
Annotate
util-src/crypto.c @ 12694:26a004c96ef8
util.paseto: Implementation of PASETO v4.public tokens
PASETO provides an alternative to JWT with the promise of fewer implementation
pitfalls. The v4.public algorithm allows asymmetric cryptographically-verified
token issuance and validation.
In summary, such tokens can be issued by one party and securely verified by
any other party independently using the public key of the issuer. This has a
number of potential applications in a decentralized network and ecosystem such
as XMPP. For example, such tokens could be combined with XEP-0317 to allow
hats to be verified even in the context of a third-party MUC service.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Fri, 24 Jun 2022 17:03:28 +0100 |
parent | 12693:7c5afbdcbc77 |
child | 12697:916871447b2f |
rev | line source |
---|---|
12693
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 /* Prosody IM |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 -- Copyright (C) 2022 Matthew Wild |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 -- |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 -- This project is MIT/X11 licensed. Please see the |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 -- COPYING file in the source package for more information. |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 -- |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 */ |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 /* |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 * crypto.c |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 * Lua library for cryptographic operations using OpenSSL |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 */ |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 #include <string.h> |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 #include <stdlib.h> |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 #ifdef _MSC_VER |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 typedef unsigned __int32 uint32_t; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 #else |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 #include <inttypes.h> |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 #endif |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 #include "lua.h" |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 #include "lauxlib.h" |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 #include <openssl/crypto.h> |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 #include <openssl/ecdsa.h> |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 #include <openssl/err.h> |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 #include <openssl/evp.h> |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 #include <openssl/obj_mac.h> |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 #include <openssl/pem.h> |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 #if (LUA_VERSION_NUM == 501) |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 #define luaL_setfuncs(L, R, N) luaL_register(L, NULL, R) |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 #endif |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 #include "managed_pointer.h" |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 #define PKEY_MT_TAG "util.crypto key" |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 static BIO* new_memory_BIO() { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 return BIO_new(BIO_s_mem()); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 MANAGED_POINTER_ALLOCATOR(new_managed_EVP_MD_CTX, EVP_MD_CTX*, EVP_MD_CTX_new, EVP_MD_CTX_free) |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 MANAGED_POINTER_ALLOCATOR(new_managed_BIO_s_mem, BIO*, new_memory_BIO, BIO_free) |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 MANAGED_POINTER_ALLOCATOR(new_managed_EVP_CIPHER_CTX, EVP_CIPHER_CTX*, EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free) |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 static EVP_PKEY* pkey_from_arg(lua_State *L, int idx, const int type, const int require_private) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 EVP_PKEY *pkey = *(EVP_PKEY**)luaL_checkudata(L, idx, PKEY_MT_TAG); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 if(type || require_private) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 lua_getuservalue(L, idx); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 if(type != 0) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 lua_getfield(L, -1, "type"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 if(lua_tointeger(L, -1) != type) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 luaL_argerror(L, idx, "unexpected key type"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
57 lua_pop(L, 1); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
58 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 if(require_private != 0) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 lua_getfield(L, -1, "private"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 if(lua_toboolean(L, -1) != 1) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 luaL_argerror(L, idx, "private key expected, got public key only"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 lua_pop(L, 1); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 lua_pop(L, 1); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
68 return pkey; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
70 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 static int Lpkey_finalizer(lua_State *L) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 EVP_PKEY *pkey = pkey_from_arg(L, 1, 0, 0); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 EVP_PKEY_free(pkey); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 return 0; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 static int Lpkey_meth_get_type(lua_State *L) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 EVP_PKEY *pkey = pkey_from_arg(L, 1, 0, 0); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 int key_type = EVP_PKEY_id(pkey); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 lua_pushstring(L, OBJ_nid2sn(key_type)); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
82 return 1; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
83 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
85 static int base_evp_sign(lua_State *L, const int key_type, const EVP_MD *digest_type) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
86 EVP_PKEY *pkey = pkey_from_arg(L, 1, key_type, 1); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
87 luaL_Buffer sigbuf; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
88 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
89 size_t msg_len; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
90 const unsigned char* msg = (unsigned char*)lua_tolstring(L, 2, &msg_len); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
92 size_t sig_len; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
93 unsigned char *sig = NULL; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
94 EVP_MD_CTX *md_ctx = new_managed_EVP_MD_CTX(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
95 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
96 if(EVP_DigestSignInit(md_ctx, NULL, digest_type, NULL, pkey) != 1) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
97 lua_pushnil(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
98 return 1; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
99 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
100 if(EVP_DigestSign(md_ctx, NULL, &sig_len, msg, msg_len) != 1) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
101 lua_pushnil(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
102 return 1; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
103 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
104 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
105 // COMPAT w/ Lua 5.1 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
106 luaL_buffinit(L, &sigbuf); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
107 sig = memset(luaL_prepbuffer(&sigbuf), 0, sig_len); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
108 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
109 if(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len) != 1) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
110 lua_pushnil(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
111 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
112 else { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
113 luaL_addsize(&sigbuf, sig_len); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
114 luaL_pushresult(&sigbuf); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
115 return 1; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
116 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
117 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
118 return 1; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
119 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
120 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
121 static int base_evp_verify(lua_State *L, const int key_type, const EVP_MD *digest_type) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
122 EVP_PKEY *pkey = pkey_from_arg(L, 1, key_type, 0); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
123 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
124 size_t msg_len; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
125 const unsigned char *msg = (unsigned char*)luaL_checklstring(L, 2, &msg_len); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
126 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
127 size_t sig_len; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
128 const unsigned char *sig = (unsigned char*)luaL_checklstring(L, 3, &sig_len); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
129 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
130 EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
131 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
132 if(EVP_DigestVerifyInit(md_ctx, NULL, digest_type, NULL, pkey) != 1) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
133 lua_pushnil(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
134 goto cleanup; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
135 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
136 int result = EVP_DigestVerify(md_ctx, sig, sig_len, msg, msg_len); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
137 if(result == 0) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
138 lua_pushboolean(L, 0); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
139 } else if(result != 1) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
140 lua_pushnil(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
141 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
142 else { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
143 lua_pushboolean(L, 1); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
144 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
145 cleanup: |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
146 EVP_MD_CTX_free(md_ctx); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
147 return 1; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
148 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
149 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
150 static int Lpkey_meth_public_pem(lua_State *L) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
151 char *data; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
152 size_t bytes; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
153 EVP_PKEY *pkey = pkey_from_arg(L, 1, 0, 0); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
154 BIO *bio = new_managed_BIO_s_mem(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
155 if(PEM_write_bio_PUBKEY(bio, pkey)) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
156 bytes = BIO_get_mem_data(bio, &data); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
157 if (bytes > 0) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
158 lua_pushlstring(L, data, bytes); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
159 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
160 else { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
161 lua_pushnil(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
162 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
163 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
164 else { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
165 lua_pushnil(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
166 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
167 return 1; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
168 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
169 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
170 static int Lpkey_meth_private_pem(lua_State *L) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
171 char *data; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
172 size_t bytes; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
173 EVP_PKEY *pkey = pkey_from_arg(L, 1, 0, 1); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
174 BIO *bio = new_managed_BIO_s_mem(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
175 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
176 if(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL)) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
177 bytes = BIO_get_mem_data(bio, &data); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
178 if (bytes > 0) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
179 lua_pushlstring(L, data, bytes); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
180 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
181 else { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
182 lua_pushnil(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
183 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
184 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
185 else { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
186 lua_pushnil(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
187 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
188 return 1; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
189 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
190 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
191 /* ecdsa_sha256_sign(key, data) */ |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
192 static int Lecdsa_sha256_sign(lua_State *L) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
193 return base_evp_sign(L, NID_X9_62_id_ecPublicKey, EVP_sha256()); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
194 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
195 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
196 /* ecdsa_sha256_verify(key, data, sig) */ |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
197 static int Lecdsa_sha256_verify(lua_State *L) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
198 return base_evp_verify(L, NID_X9_62_id_ecPublicKey, EVP_sha256()); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
199 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
200 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
201 static int push_pkey(lua_State *L, EVP_PKEY *pkey, const int type, const int privkey) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
202 EVP_PKEY **ud = lua_newuserdata(L, sizeof(EVP_PKEY*)); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
203 *ud = pkey; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
204 luaL_newmetatable(L, PKEY_MT_TAG); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
205 lua_setmetatable(L, -2); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
206 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
207 /* Set some info about the key and attach it as a user value */ |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
208 lua_newtable(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
209 if(type != 0) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
210 lua_pushinteger(L, type); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
211 lua_setfield(L, -2, "type"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
212 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
213 if(privkey != 0) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
214 lua_pushboolean(L, 1); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
215 lua_setfield(L, -2, "private"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
216 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
217 lua_setuservalue(L, -2); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
218 return 1; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
219 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
220 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
221 static int Lgenerate_ed25519_keypair(lua_State *L) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
222 EVP_PKEY *pkey = NULL; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
223 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
224 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
225 /* Generate key */ |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
226 EVP_PKEY_keygen_init(pctx); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
227 EVP_PKEY_keygen(pctx, &pkey); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
228 EVP_PKEY_CTX_free(pctx); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
229 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
230 push_pkey(L, pkey, NID_ED25519, 1); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
231 return 1; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
232 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
233 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
234 static int Limport_private_pem(lua_State *L) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
235 EVP_PKEY *pkey = NULL; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
236 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
237 size_t privkey_bytes; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
238 const char* privkey_data; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
239 BIO *bio = new_managed_BIO_s_mem(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
240 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
241 privkey_data = luaL_checklstring(L, 1, &privkey_bytes); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
242 BIO_write(bio, privkey_data, privkey_bytes); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
243 pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
244 if (pkey) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
245 push_pkey(L, pkey, EVP_PKEY_id(pkey), 1); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
246 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
247 else { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
248 lua_pushnil(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
249 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
250 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
251 return 1; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
252 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
253 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
254 static int Limport_public_pem(lua_State *L) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
255 EVP_PKEY *pkey = NULL; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
256 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
257 size_t pubkey_bytes; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
258 const char* pubkey_data; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
259 BIO *bio = new_managed_BIO_s_mem(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
260 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
261 pubkey_data = luaL_checklstring(L, 1, &pubkey_bytes); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
262 BIO_write(bio, pubkey_data, pubkey_bytes); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
263 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
264 if (pkey) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
265 push_pkey(L, pkey, EVP_PKEY_id(pkey), 0); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
266 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
267 else { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
268 lua_pushnil(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
269 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
270 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
271 return 1; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
272 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
273 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
274 static int Led25519_sign(lua_State *L) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
275 return base_evp_sign(L, NID_ED25519, NULL); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
276 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
277 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
278 static int Led25519_verify(lua_State *L) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
279 return base_evp_verify(L, NID_ED25519, NULL); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
280 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
281 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
282 /* gcm_encrypt(key, iv, plaintext) */ |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
283 static int Laes_gcm_encrypt(lua_State *L, const EVP_CIPHER *cipher, const unsigned char expected_key_len) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
284 EVP_CIPHER_CTX *ctx; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
285 luaL_Buffer ciphertext_buffer; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
286 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
287 size_t key_len, iv_len, plaintext_len; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
288 int ciphertext_len, final_len; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
289 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
290 const unsigned char *key = (unsigned char*)luaL_checklstring(L, 1, &key_len); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
291 const unsigned char *iv = (unsigned char*)luaL_checklstring(L, 2, &iv_len); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
292 const unsigned char *plaintext = (unsigned char*)luaL_checklstring(L, 3, &plaintext_len); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
293 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
294 if(key_len != expected_key_len) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
295 return luaL_error(L, "key must be %d bytes", expected_key_len); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
296 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
297 luaL_argcheck(L, iv_len == 12, 2, "iv must be 12 bytes"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
298 if(lua_gettop(L) > 3) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
299 return luaL_error(L, "Expected 3 arguments, got %d", lua_gettop(L)); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
300 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
301 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
302 // Create and initialise the context |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
303 ctx = new_managed_EVP_CIPHER_CTX(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
304 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
305 // Initialise the encryption operation |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
306 if(1 != EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL)) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
307 return luaL_error(L, "Error while initializing encryption engine"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
308 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
309 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
310 // Initialise key and IV |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
311 if(1 != EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
312 return luaL_error(L, "Error while initializing key/iv"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
313 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
314 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
315 luaL_buffinit(L, &ciphertext_buffer); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
316 unsigned char *ciphertext = (unsigned char*)luaL_prepbuffsize(&ciphertext_buffer, plaintext_len+16); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
317 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
318 if(1 != EVP_EncryptUpdate(ctx, ciphertext, &ciphertext_len, plaintext, plaintext_len)) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
319 return luaL_error(L, "Error while encrypting data"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
320 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
321 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
322 /* |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
323 * Finalise the encryption. Normally ciphertext bytes may be written at |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
324 * this stage, but this does not occur in GCM mode |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
325 */ |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
326 if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + ciphertext_len, &final_len)) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
327 return luaL_error(L, "Error while encrypting final data"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
328 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
329 if(final_len != 0) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
330 return luaL_error(L, "Non-zero final data"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
331 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
332 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
333 /* Get the tag */ |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
334 if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, ciphertext + ciphertext_len)) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
335 return luaL_error(L, "Unable to read AEAD tag of encrypted data"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
336 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
337 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
338 luaL_addsize(&ciphertext_buffer, ciphertext_len + 16); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
339 luaL_pushresult(&ciphertext_buffer); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
340 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
341 return 1; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
342 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
343 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
344 static int Laes_128_gcm_encrypt(lua_State *L) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
345 return Laes_gcm_encrypt(L, EVP_aes_128_gcm(), 16); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
346 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
347 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
348 static int Laes_256_gcm_encrypt(lua_State *L) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
349 return Laes_gcm_encrypt(L, EVP_aes_256_gcm(), 32); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
350 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
351 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
352 /* gcm_decrypt(key, iv, ciphertext) */ |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
353 static int Laes_gcm_decrypt(lua_State *L, const EVP_CIPHER *cipher, const unsigned char expected_key_len) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
354 EVP_CIPHER_CTX *ctx; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
355 luaL_Buffer plaintext_buffer; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
356 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
357 size_t key_len, iv_len, ciphertext_len; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
358 int plaintext_len, final_len; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
359 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
360 const unsigned char *key = (unsigned char*)luaL_checklstring(L, 1, &key_len); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
361 const unsigned char *iv = (unsigned char*)luaL_checklstring(L, 2, &iv_len); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
362 const unsigned char *ciphertext = (unsigned char*)luaL_checklstring(L, 3, &ciphertext_len); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
363 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
364 if(key_len != expected_key_len) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
365 return luaL_error(L, "key must be %d bytes", expected_key_len); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
366 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
367 luaL_argcheck(L, iv_len == 12, 2, "iv must be 12 bytes"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
368 luaL_argcheck(L, ciphertext_len > 16, 3, "ciphertext must be at least 16 bytes (including tag)"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
369 if(lua_gettop(L) > 3) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
370 return luaL_error(L, "Expected 3 arguments, got %d", lua_gettop(L)); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
371 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
372 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
373 /* Create and initialise the context */ |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
374 ctx = new_managed_EVP_CIPHER_CTX(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
375 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
376 /* Initialise the decryption operation. */ |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
377 if(!EVP_DecryptInit_ex(ctx, cipher, NULL, NULL, NULL)) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
378 return luaL_error(L, "Error while initializing decryption engine"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
379 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
380 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
381 /* Initialise key and IV */ |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
382 if(!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
383 return luaL_error(L, "Error while initializing key/iv"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
384 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
385 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
386 luaL_buffinit(L, &plaintext_buffer); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
387 unsigned char *plaintext = (unsigned char*)luaL_prepbuffsize(&plaintext_buffer, ciphertext_len); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
388 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
389 /* |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
390 * Provide the message to be decrypted, and obtain the plaintext output. |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
391 * EVP_DecryptUpdate can be called multiple times if necessary |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
392 */ |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
393 if(!EVP_DecryptUpdate(ctx, plaintext, &plaintext_len, ciphertext, ciphertext_len-16)) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
394 return luaL_error(L, "Error while decrypting data"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
395 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
396 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
397 /* Set expected tag value. Works in OpenSSL 1.0.1d and later */ |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
398 if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, (unsigned char*)ciphertext + (ciphertext_len-16))) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
399 return luaL_error(L, "Error while processing authentication tag"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
400 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
401 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
402 /* |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
403 * Finalise the decryption. A positive return value indicates success, |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
404 * anything else is a failure - the plaintext is not trustworthy. |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
405 */ |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
406 int ret = EVP_DecryptFinal_ex(ctx, plaintext + plaintext_len, &final_len); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
407 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
408 if(ret <= 0) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
409 /* Verify failed */ |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
410 lua_pushnil(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
411 lua_pushliteral(L, "verify-failed"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
412 return 2; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
413 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
414 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
415 luaL_addsize(&plaintext_buffer, plaintext_len + final_len); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
416 luaL_pushresult(&plaintext_buffer); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
417 return 1; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
418 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
419 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
420 static int Laes_128_gcm_decrypt(lua_State *L) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
421 return Laes_gcm_decrypt(L, EVP_aes_128_gcm(), 16); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
422 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
423 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
424 static int Laes_256_gcm_decrypt(lua_State *L) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
425 return Laes_gcm_decrypt(L, EVP_aes_256_gcm(), 32); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
426 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
427 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
428 /* r, s = parse_ecdsa_sig(sig_der) */ |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
429 static int Lparse_ecdsa_signature(lua_State *L) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
430 ECDSA_SIG *sig; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
431 size_t sig_der_len; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
432 const unsigned char *sig_der = (unsigned char*)luaL_checklstring(L, 1, &sig_der_len); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
433 const BIGNUM *r, *s; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
434 luaL_Buffer rb, sb; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
435 int rlen, slen; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
436 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
437 sig = d2i_ECDSA_SIG(NULL, &sig_der, sig_der_len); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
438 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
439 if(sig == NULL) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
440 lua_pushnil(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
441 return 1; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
442 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
443 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
444 ECDSA_SIG_get0(sig, &r, &s); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
445 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
446 rlen = BN_num_bytes(r); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
447 slen = BN_num_bytes(s); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
448 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
449 // COMPAT w/ Lua 5.1 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
450 #if LUAL_BUFFERSIZE < 32 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
451 #error Configured LUAL_BUFFERSIZE is too small for this operation |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
452 #endif |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
453 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
454 luaL_buffinit(L, &rb); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
455 BN_bn2bin(r, (unsigned char*)luaL_prepbuffer(&rb)); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
456 luaL_addsize(&rb, rlen); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
457 luaL_pushresult(&rb); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
458 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
459 luaL_buffinit(L, &sb); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
460 BN_bn2bin(s, (unsigned char*)luaL_prepbuffer(&sb)); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
461 luaL_addsize(&sb, slen); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
462 luaL_pushresult(&sb); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
463 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
464 ECDSA_SIG_free(sig); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
465 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
466 return 2; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
467 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
468 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
469 /* sig_der = build_ecdsa_signature(r, s) */ |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
470 static int Lbuild_ecdsa_signature(lua_State *L) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
471 ECDSA_SIG *sig = ECDSA_SIG_new(); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
472 BIGNUM *r, *s; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
473 luaL_Buffer sigbuf; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
474 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
475 size_t rlen, slen; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
476 const unsigned char *rbin, *sbin; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
477 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
478 rbin = (unsigned char*)luaL_checklstring(L, 1, &rlen); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
479 sbin = (unsigned char*)luaL_checklstring(L, 2, &slen); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
480 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
481 r = BN_bin2bn(rbin, (int)rlen, NULL); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
482 s = BN_bin2bn(sbin, (int)slen, NULL); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
483 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
484 ECDSA_SIG_set0(sig, r, s); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
485 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
486 luaL_buffinit(L, &sigbuf); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
487 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
488 // COMPAT w/ Lua 5.1 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
489 #if LUAL_BUFFERSIZE < 128 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
490 #error Configured LUAL_BUFFERSIZE is too small for this operation |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
491 #endif |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
492 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
493 unsigned char *buffer = (unsigned char*)luaL_prepbuffer(&sigbuf); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
494 int len = i2d_ECDSA_SIG(sig, &buffer); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
495 luaL_addsize(&sigbuf, len); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
496 luaL_pushresult(&sigbuf); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
497 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
498 ECDSA_SIG_free(sig); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
499 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
500 return 1; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
501 } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
502 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
503 static const luaL_Reg Reg[] = { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
504 { "ed25519_sign", Led25519_sign }, |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
505 { "ed25519_verify", Led25519_verify }, |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
506 { "aes_128_gcm_encrypt", Laes_128_gcm_encrypt }, |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
507 { "aes_128_gcm_decrypt", Laes_128_gcm_decrypt }, |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
508 { "aes_256_gcm_encrypt", Laes_256_gcm_encrypt }, |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
509 { "aes_256_gcm_decrypt", Laes_256_gcm_decrypt }, |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
510 { "ecdsa_sha256_sign", Lecdsa_sha256_sign }, |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
511 { "ecdsa_sha256_verify", Lecdsa_sha256_verify }, |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
512 { "generate_ed25519_keypair", Lgenerate_ed25519_keypair }, |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
513 { "import_private_pem", Limport_private_pem }, |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
514 { "import_public_pem", Limport_public_pem }, |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
515 { "parse_ecdsa_signature", Lparse_ecdsa_signature }, |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
516 { "build_ecdsa_signature", Lbuild_ecdsa_signature }, |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
517 { NULL, NULL } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
518 }; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
519 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
520 static const luaL_Reg KeyMethods[] = { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
521 { "private_pem", Lpkey_meth_private_pem }, |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
522 { "public_pem", Lpkey_meth_public_pem }, |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
523 { "get_type", Lpkey_meth_get_type }, |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
524 { NULL, NULL } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
525 }; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
526 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
527 static const luaL_Reg KeyMetatable[] = { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
528 { "__gc", Lpkey_finalizer }, |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
529 { NULL, NULL } |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
530 }; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
531 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
532 LUALIB_API int luaopen_util_crypto(lua_State *L) { |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
533 #if (LUA_VERSION_NUM > 501) |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
534 luaL_checkversion(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
535 #endif |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
536 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
537 /* Initialize pkey metatable */ |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
538 luaL_newmetatable(L, PKEY_MT_TAG); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
539 luaL_setfuncs(L, KeyMetatable, 0); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
540 lua_newtable(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
541 luaL_setfuncs(L, KeyMethods, 0); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
542 lua_setfield(L, -2, "__index"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
543 lua_pop(L, 1); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
544 |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
545 /* Initialize lib table */ |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
546 lua_newtable(L); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
547 luaL_setfuncs(L, Reg, 0); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
548 lua_pushliteral(L, "-3.14"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
549 lua_setfield(L, -2, "version"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
550 #ifdef OPENSSL_VERSION |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
551 lua_pushstring(L, OpenSSL_version(OPENSSL_VERSION)); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
552 lua_setfield(L, -2, "_LIBCRYPTO_VERSION"); |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
553 #endif |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
554 return 1; |
7c5afbdcbc77
util.crypto: New wrapper for some operations in OpenSSL's libcrypto
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
555 } |