Software `/` code `/` prosody

Annotate

util-src/crypto.c @ 12804:3eef052c72d8

mod_c2s: Advertise stanza size limit to clients Should help clients avoid sending stanzas that will get their stream killed. Custom namespace while ironing out the protocol. My spoon is too big!

author	Kim Alvefur <zash@zash.se>
date	Tue, 16 Mar 2021 18:17:05 +0100
parent	12735:445f7bd6ffc4
child	12837:d3ae47d8a7a7

rev	line source
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	1 /* Prosody IM
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	2 -- Copyright (C) 2022 Matthew Wild
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	3 --
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	4 -- This project is MIT/X11 licensed. Please see the
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	5 -- COPYING file in the source package for more information.
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	6 --
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	7 */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	8
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	9 /*
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	10 * crypto.c
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	11 * Lua library for cryptographic operations using OpenSSL
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	12 */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	13
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	14 #include <string.h>
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	15 #include <stdlib.h>
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	16
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	17 #ifdef _MSC_VER
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	18 typedef unsigned __int32 uint32_t;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	19 #else
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	20 #include <inttypes.h>
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	21 #endif
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	22
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	23 #include "lua.h"
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	24 #include "lauxlib.h"
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	25 #include <openssl/crypto.h>
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	26 #include <openssl/ecdsa.h>
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	27 #include <openssl/err.h>
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	28 #include <openssl/evp.h>
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	29 #include <openssl/obj_mac.h>
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	30 #include <openssl/pem.h>
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	31
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	32 #if (LUA_VERSION_NUM == 501)
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	33 #define luaL_setfuncs(L, R, N) luaL_register(L, NULL, R)
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	34 #endif
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	35
12735 445f7bd6ffc4 util.crypto, util.jwt: Generate consistent signature sizes (via padding) Matthew Wild <mwild1@gmail.com> parents: 12715 diff changeset	36 /* The max size of an encoded 'R' or 'S' value. P-521 = 521 bits = 66 bytes */
445f7bd6ffc4 util.crypto, util.jwt: Generate consistent signature sizes (via padding) Matthew Wild <mwild1@gmail.com> parents: 12715 diff changeset	37 #define MAX_ECDSA_SIG_INT_BYTES 66
445f7bd6ffc4 util.crypto, util.jwt: Generate consistent signature sizes (via padding) Matthew Wild <mwild1@gmail.com> parents: 12715 diff changeset	38
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	39 #include "managed_pointer.h"
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	40
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	41 #define PKEY_MT_TAG "util.crypto key"
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	42
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	43 static BIO* new_memory_BIO() {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	44 return BIO_new(BIO_s_mem());
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	45 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	46
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	47 MANAGED_POINTER_ALLOCATOR(new_managed_EVP_MD_CTX, EVP_MD_CTX*, EVP_MD_CTX_new, EVP_MD_CTX_free)
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	48 MANAGED_POINTER_ALLOCATOR(new_managed_BIO_s_mem, BIO*, new_memory_BIO, BIO_free)
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	49 MANAGED_POINTER_ALLOCATOR(new_managed_EVP_CIPHER_CTX, EVP_CIPHER_CTX*, EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free)
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	50
12698 999663b4e39d util.crypto: Friendlier error message on incorrect key types Matthew Wild <mwild1@gmail.com> parents: 12697 diff changeset	51 #define CRYPTO_KEY_TYPE_ERR "unexpected key type: got '%s', expected '%s'"
999663b4e39d util.crypto: Friendlier error message on incorrect key types Matthew Wild <mwild1@gmail.com> parents: 12697 diff changeset	52
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	53 static EVP_PKEY* pkey_from_arg(lua_State *L, int idx, const int type, const int require_private) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	54 EVP_PKEY pkey = (EVP_PKEY**)luaL_checkudata(L, idx, PKEY_MT_TAG);
12697 916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	55 int got_type;
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	56 if(type \|\| require_private) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	57 lua_getuservalue(L, idx);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	58 if(type != 0) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	59 lua_getfield(L, -1, "type");
12697 916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	60 got_type = lua_tointeger(L, -1);
916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	61 if(got_type != type) {
12698 999663b4e39d util.crypto: Friendlier error message on incorrect key types Matthew Wild <mwild1@gmail.com> parents: 12697 diff changeset	62 const char *got_key_type_name = OBJ_nid2sn(got_type);
999663b4e39d util.crypto: Friendlier error message on incorrect key types Matthew Wild <mwild1@gmail.com> parents: 12697 diff changeset	63 const char *want_key_type_name = OBJ_nid2sn(type);
999663b4e39d util.crypto: Friendlier error message on incorrect key types Matthew Wild <mwild1@gmail.com> parents: 12697 diff changeset	64 lua_pushfstring(L, CRYPTO_KEY_TYPE_ERR, got_key_type_name, want_key_type_name);
999663b4e39d util.crypto: Friendlier error message on incorrect key types Matthew Wild <mwild1@gmail.com> parents: 12697 diff changeset	65 luaL_argerror(L, idx, lua_tostring(L, -1));
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	66 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	67 lua_pop(L, 1);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	68 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	69 if(require_private != 0) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	70 lua_getfield(L, -1, "private");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	71 if(lua_toboolean(L, -1) != 1) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	72 luaL_argerror(L, idx, "private key expected, got public key only");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	73 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	74 lua_pop(L, 1);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	75 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	76 lua_pop(L, 1);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	77 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	78 return pkey;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	79 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	80
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	81 static int Lpkey_finalizer(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	82 EVP_PKEY *pkey = pkey_from_arg(L, 1, 0, 0);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	83 EVP_PKEY_free(pkey);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	84 return 0;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	85 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	86
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	87 static int Lpkey_meth_get_type(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	88 EVP_PKEY *pkey = pkey_from_arg(L, 1, 0, 0);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	89
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	90 int key_type = EVP_PKEY_id(pkey);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	91 lua_pushstring(L, OBJ_nid2sn(key_type));
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	92 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	93 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	94
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	95 static int base_evp_sign(lua_State L, const int key_type, const EVP_MD digest_type) {
12697 916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	96 EVP_PKEY *pkey = pkey_from_arg(L, 1, (key_type!=NID_rsassaPss)?key_type:NID_rsaEncryption, 1);
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	97 luaL_Buffer sigbuf;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	98
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	99 size_t msg_len;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	100 const unsigned char* msg = (unsigned char*)lua_tolstring(L, 2, &msg_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	101
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	102 size_t sig_len;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	103 unsigned char *sig = NULL;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	104 EVP_MD_CTX *md_ctx = new_managed_EVP_MD_CTX(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	105
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	106 if(EVP_DigestSignInit(md_ctx, NULL, digest_type, NULL, pkey) != 1) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	107 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	108 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	109 }
12697 916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	110 if(key_type == NID_rsassaPss) {
916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	111 EVP_PKEY_CTX_set_rsa_padding(EVP_MD_CTX_pkey_ctx(md_ctx), RSA_PKCS1_PSS_PADDING);
916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	112 }
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	113 if(EVP_DigestSign(md_ctx, NULL, &sig_len, msg, msg_len) != 1) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	114 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	115 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	116 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	117
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	118 // COMPAT w/ Lua 5.1
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	119 luaL_buffinit(L, &sigbuf);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	120 sig = memset(luaL_prepbuffer(&sigbuf), 0, sig_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	121
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	122 if(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len) != 1) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	123 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	124 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	125 else {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	126 luaL_addsize(&sigbuf, sig_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	127 luaL_pushresult(&sigbuf);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	128 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	129 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	130
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	131 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	132 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	133
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	134 static int base_evp_verify(lua_State L, const int key_type, const EVP_MD digest_type) {
12697 916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	135 EVP_PKEY *pkey = pkey_from_arg(L, 1, (key_type!=NID_rsassaPss)?key_type:NID_rsaEncryption, 0);
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	136
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	137 size_t msg_len;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	138 const unsigned char msg = (unsigned char)luaL_checklstring(L, 2, &msg_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	139
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	140 size_t sig_len;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	141 const unsigned char sig = (unsigned char)luaL_checklstring(L, 3, &sig_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	142
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	143 EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	144
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	145 if(EVP_DigestVerifyInit(md_ctx, NULL, digest_type, NULL, pkey) != 1) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	146 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	147 goto cleanup;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	148 }
12697 916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	149 if(key_type == NID_rsassaPss) {
916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	150 EVP_PKEY_CTX_set_rsa_padding(EVP_MD_CTX_pkey_ctx(md_ctx), RSA_PKCS1_PSS_PADDING);
916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	151 }
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	152 int result = EVP_DigestVerify(md_ctx, sig, sig_len, msg, msg_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	153 if(result == 0) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	154 lua_pushboolean(L, 0);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	155 } else if(result != 1) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	156 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	157 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	158 else {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	159 lua_pushboolean(L, 1);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	160 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	161 cleanup:
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	162 EVP_MD_CTX_free(md_ctx);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	163 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	164 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	165
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	166 static int Lpkey_meth_public_pem(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	167 char *data;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	168 size_t bytes;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	169 EVP_PKEY *pkey = pkey_from_arg(L, 1, 0, 0);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	170 BIO *bio = new_managed_BIO_s_mem(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	171 if(PEM_write_bio_PUBKEY(bio, pkey)) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	172 bytes = BIO_get_mem_data(bio, &data);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	173 if (bytes > 0) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	174 lua_pushlstring(L, data, bytes);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	175 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	176 else {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	177 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	178 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	179 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	180 else {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	181 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	182 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	183 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	184 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	185
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	186 static int Lpkey_meth_private_pem(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	187 char *data;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	188 size_t bytes;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	189 EVP_PKEY *pkey = pkey_from_arg(L, 1, 0, 1);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	190 BIO *bio = new_managed_BIO_s_mem(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	191
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	192 if(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL)) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	193 bytes = BIO_get_mem_data(bio, &data);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	194 if (bytes > 0) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	195 lua_pushlstring(L, data, bytes);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	196 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	197 else {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	198 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	199 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	200 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	201 else {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	202 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	203 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	204 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	205 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	206
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	207 static int push_pkey(lua_State L, EVP_PKEY pkey, const int type, const int privkey) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	208 EVP_PKEY *ud = lua_newuserdata(L, sizeof(EVP_PKEY));
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	209 *ud = pkey;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	210 luaL_newmetatable(L, PKEY_MT_TAG);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	211 lua_setmetatable(L, -2);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	212
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	213 /* Set some info about the key and attach it as a user value */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	214 lua_newtable(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	215 if(type != 0) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	216 lua_pushinteger(L, type);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	217 lua_setfield(L, -2, "type");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	218 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	219 if(privkey != 0) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	220 lua_pushboolean(L, 1);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	221 lua_setfield(L, -2, "private");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	222 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	223 lua_setuservalue(L, -2);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	224 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	225 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	226
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	227 static int Lgenerate_ed25519_keypair(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	228 EVP_PKEY *pkey = NULL;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	229 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	230
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	231 /* Generate key */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	232 EVP_PKEY_keygen_init(pctx);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	233 EVP_PKEY_keygen(pctx, &pkey);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	234 EVP_PKEY_CTX_free(pctx);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	235
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	236 push_pkey(L, pkey, NID_ED25519, 1);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	237 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	238 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	239
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	240 static int Limport_private_pem(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	241 EVP_PKEY *pkey = NULL;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	242
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	243 size_t privkey_bytes;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	244 const char* privkey_data;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	245 BIO *bio = new_managed_BIO_s_mem(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	246
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	247 privkey_data = luaL_checklstring(L, 1, &privkey_bytes);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	248 BIO_write(bio, privkey_data, privkey_bytes);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	249 pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	250 if (pkey) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	251 push_pkey(L, pkey, EVP_PKEY_id(pkey), 1);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	252 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	253 else {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	254 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	255 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	256
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	257 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	258 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	259
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	260 static int Limport_public_pem(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	261 EVP_PKEY *pkey = NULL;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	262
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	263 size_t pubkey_bytes;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	264 const char* pubkey_data;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	265 BIO *bio = new_managed_BIO_s_mem(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	266
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	267 pubkey_data = luaL_checklstring(L, 1, &pubkey_bytes);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	268 BIO_write(bio, pubkey_data, pubkey_bytes);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	269 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	270 if (pkey) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	271 push_pkey(L, pkey, EVP_PKEY_id(pkey), 0);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	272 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	273 else {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	274 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	275 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	276
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	277 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	278 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	279
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	280 static int Led25519_sign(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	281 return base_evp_sign(L, NID_ED25519, NULL);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	282 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	283
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	284 static int Led25519_verify(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	285 return base_evp_verify(L, NID_ED25519, NULL);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	286 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	287
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	288 /* gcm_encrypt(key, iv, plaintext) */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	289 static int Laes_gcm_encrypt(lua_State L, const EVP_CIPHER cipher, const unsigned char expected_key_len) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	290 EVP_CIPHER_CTX *ctx;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	291 luaL_Buffer ciphertext_buffer;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	292
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	293 size_t key_len, iv_len, plaintext_len;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	294 int ciphertext_len, final_len;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	295
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	296 const unsigned char key = (unsigned char)luaL_checklstring(L, 1, &key_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	297 const unsigned char iv = (unsigned char)luaL_checklstring(L, 2, &iv_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	298 const unsigned char plaintext = (unsigned char)luaL_checklstring(L, 3, &plaintext_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	299
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	300 if(key_len != expected_key_len) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	301 return luaL_error(L, "key must be %d bytes", expected_key_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	302 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	303 luaL_argcheck(L, iv_len == 12, 2, "iv must be 12 bytes");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	304 if(lua_gettop(L) > 3) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	305 return luaL_error(L, "Expected 3 arguments, got %d", lua_gettop(L));
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	306 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	307
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	308 // Create and initialise the context
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	309 ctx = new_managed_EVP_CIPHER_CTX(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	310
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	311 // Initialise the encryption operation
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	312 if(1 != EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL)) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	313 return luaL_error(L, "Error while initializing encryption engine");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	314 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	315
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	316 // Initialise key and IV
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	317 if(1 != EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	318 return luaL_error(L, "Error while initializing key/iv");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	319 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	320
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	321 luaL_buffinit(L, &ciphertext_buffer);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	322 unsigned char ciphertext = (unsigned char)luaL_prepbuffsize(&ciphertext_buffer, plaintext_len+16);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	323
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	324 if(1 != EVP_EncryptUpdate(ctx, ciphertext, &ciphertext_len, plaintext, plaintext_len)) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	325 return luaL_error(L, "Error while encrypting data");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	326 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	327
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	328 /*
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	329 * Finalise the encryption. Normally ciphertext bytes may be written at
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	330 * this stage, but this does not occur in GCM mode
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	331 */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	332 if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + ciphertext_len, &final_len)) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	333 return luaL_error(L, "Error while encrypting final data");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	334 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	335 if(final_len != 0) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	336 return luaL_error(L, "Non-zero final data");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	337 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	338
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	339 /* Get the tag */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	340 if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, ciphertext + ciphertext_len)) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	341 return luaL_error(L, "Unable to read AEAD tag of encrypted data");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	342 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	343
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	344 luaL_addsize(&ciphertext_buffer, ciphertext_len + 16);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	345 luaL_pushresult(&ciphertext_buffer);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	346
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	347 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	348 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	349
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	350 static int Laes_128_gcm_encrypt(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	351 return Laes_gcm_encrypt(L, EVP_aes_128_gcm(), 16);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	352 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	353
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	354 static int Laes_256_gcm_encrypt(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	355 return Laes_gcm_encrypt(L, EVP_aes_256_gcm(), 32);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	356 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	357
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	358 /* gcm_decrypt(key, iv, ciphertext) */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	359 static int Laes_gcm_decrypt(lua_State L, const EVP_CIPHER cipher, const unsigned char expected_key_len) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	360 EVP_CIPHER_CTX *ctx;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	361 luaL_Buffer plaintext_buffer;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	362
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	363 size_t key_len, iv_len, ciphertext_len;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	364 int plaintext_len, final_len;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	365
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	366 const unsigned char key = (unsigned char)luaL_checklstring(L, 1, &key_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	367 const unsigned char iv = (unsigned char)luaL_checklstring(L, 2, &iv_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	368 const unsigned char ciphertext = (unsigned char)luaL_checklstring(L, 3, &ciphertext_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	369
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	370 if(key_len != expected_key_len) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	371 return luaL_error(L, "key must be %d bytes", expected_key_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	372 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	373 luaL_argcheck(L, iv_len == 12, 2, "iv must be 12 bytes");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	374 luaL_argcheck(L, ciphertext_len > 16, 3, "ciphertext must be at least 16 bytes (including tag)");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	375 if(lua_gettop(L) > 3) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	376 return luaL_error(L, "Expected 3 arguments, got %d", lua_gettop(L));
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	377 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	378
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	379 /* Create and initialise the context */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	380 ctx = new_managed_EVP_CIPHER_CTX(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	381
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	382 /* Initialise the decryption operation. */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	383 if(!EVP_DecryptInit_ex(ctx, cipher, NULL, NULL, NULL)) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	384 return luaL_error(L, "Error while initializing decryption engine");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	385 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	386
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	387 /* Initialise key and IV */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	388 if(!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	389 return luaL_error(L, "Error while initializing key/iv");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	390 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	391
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	392 luaL_buffinit(L, &plaintext_buffer);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	393 unsigned char plaintext = (unsigned char)luaL_prepbuffsize(&plaintext_buffer, ciphertext_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	394
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	395 /*
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	396 * Provide the message to be decrypted, and obtain the plaintext output.
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	397 * EVP_DecryptUpdate can be called multiple times if necessary
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	398 */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	399 if(!EVP_DecryptUpdate(ctx, plaintext, &plaintext_len, ciphertext, ciphertext_len-16)) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	400 return luaL_error(L, "Error while decrypting data");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	401 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	402
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	403 /* Set expected tag value. Works in OpenSSL 1.0.1d and later */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	404 if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, (unsigned char*)ciphertext + (ciphertext_len-16))) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	405 return luaL_error(L, "Error while processing authentication tag");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	406 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	407
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	408 /*
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	409 * Finalise the decryption. A positive return value indicates success,
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	410 * anything else is a failure - the plaintext is not trustworthy.
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	411 */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	412 int ret = EVP_DecryptFinal_ex(ctx, plaintext + plaintext_len, &final_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	413
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	414 if(ret <= 0) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	415 /* Verify failed */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	416 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	417 lua_pushliteral(L, "verify-failed");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	418 return 2;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	419 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	420
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	421 luaL_addsize(&plaintext_buffer, plaintext_len + final_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	422 luaL_pushresult(&plaintext_buffer);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	423 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	424 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	425
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	426 static int Laes_128_gcm_decrypt(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	427 return Laes_gcm_decrypt(L, EVP_aes_128_gcm(), 16);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	428 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	429
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	430 static int Laes_256_gcm_decrypt(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	431 return Laes_gcm_decrypt(L, EVP_aes_256_gcm(), 32);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	432 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	433
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	434 /* r, s = parse_ecdsa_sig(sig_der) */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	435 static int Lparse_ecdsa_signature(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	436 ECDSA_SIG *sig;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	437 size_t sig_der_len;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	438 const unsigned char sig_der = (unsigned char)luaL_checklstring(L, 1, &sig_der_len);
12735 445f7bd6ffc4 util.crypto, util.jwt: Generate consistent signature sizes (via padding) Matthew Wild <mwild1@gmail.com> parents: 12715 diff changeset	439 const size_t sig_int_bytes = luaL_checkinteger(L, 2);
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	440 const BIGNUM r, s;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	441 int rlen, slen;
12735 445f7bd6ffc4 util.crypto, util.jwt: Generate consistent signature sizes (via padding) Matthew Wild <mwild1@gmail.com> parents: 12715 diff changeset	442 unsigned char rb[MAX_ECDSA_SIG_INT_BYTES];
445f7bd6ffc4 util.crypto, util.jwt: Generate consistent signature sizes (via padding) Matthew Wild <mwild1@gmail.com> parents: 12715 diff changeset	443 unsigned char sb[MAX_ECDSA_SIG_INT_BYTES];
445f7bd6ffc4 util.crypto, util.jwt: Generate consistent signature sizes (via padding) Matthew Wild <mwild1@gmail.com> parents: 12715 diff changeset	444
445f7bd6ffc4 util.crypto, util.jwt: Generate consistent signature sizes (via padding) Matthew Wild <mwild1@gmail.com> parents: 12715 diff changeset	445 if(sig_int_bytes > MAX_ECDSA_SIG_INT_BYTES) {
445f7bd6ffc4 util.crypto, util.jwt: Generate consistent signature sizes (via padding) Matthew Wild <mwild1@gmail.com> parents: 12715 diff changeset	446 luaL_error(L, "requested signature size exceeds supported limit");
445f7bd6ffc4 util.crypto, util.jwt: Generate consistent signature sizes (via padding) Matthew Wild <mwild1@gmail.com> parents: 12715 diff changeset	447 }
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	448
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	449 sig = d2i_ECDSA_SIG(NULL, &sig_der, sig_der_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	450
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	451 if(sig == NULL) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	452 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	453 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	454 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	455
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	456 ECDSA_SIG_get0(sig, &r, &s);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	457
12735 445f7bd6ffc4 util.crypto, util.jwt: Generate consistent signature sizes (via padding) Matthew Wild <mwild1@gmail.com> parents: 12715 diff changeset	458 rlen = BN_bn2binpad(r, rb, sig_int_bytes);
445f7bd6ffc4 util.crypto, util.jwt: Generate consistent signature sizes (via padding) Matthew Wild <mwild1@gmail.com> parents: 12715 diff changeset	459 slen = BN_bn2binpad(s, sb, sig_int_bytes);
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	460
12735 445f7bd6ffc4 util.crypto, util.jwt: Generate consistent signature sizes (via padding) Matthew Wild <mwild1@gmail.com> parents: 12715 diff changeset	461 if (rlen == -1 \|\| slen == -1) {
12714 82bca7191f13 util.crypto: Use stack space buffers Kim Alvefur <zash@zash.se> parents: 12702 diff changeset	462 ECDSA_SIG_free(sig);
12735 445f7bd6ffc4 util.crypto, util.jwt: Generate consistent signature sizes (via padding) Matthew Wild <mwild1@gmail.com> parents: 12715 diff changeset	463 luaL_error(L, "encoded integers exceed requested size");
12714 82bca7191f13 util.crypto: Use stack space buffers Kim Alvefur <zash@zash.se> parents: 12702 diff changeset	464 }
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	465
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	466 ECDSA_SIG_free(sig);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	467
12714 82bca7191f13 util.crypto: Use stack space buffers Kim Alvefur <zash@zash.se> parents: 12702 diff changeset	468 lua_pushlstring(L, (const char*)rb, rlen);
82bca7191f13 util.crypto: Use stack space buffers Kim Alvefur <zash@zash.se> parents: 12702 diff changeset	469 lua_pushlstring(L, (const char*)sb, slen);
82bca7191f13 util.crypto: Use stack space buffers Kim Alvefur <zash@zash.se> parents: 12702 diff changeset	470
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	471 return 2;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	472 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	473
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	474 /* sig_der = build_ecdsa_signature(r, s) */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	475 static int Lbuild_ecdsa_signature(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	476 ECDSA_SIG *sig = ECDSA_SIG_new();
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	477 BIGNUM r, s;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	478 luaL_Buffer sigbuf;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	479
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	480 size_t rlen, slen;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	481 const unsigned char rbin, sbin;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	482
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	483 rbin = (unsigned char*)luaL_checklstring(L, 1, &rlen);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	484 sbin = (unsigned char*)luaL_checklstring(L, 2, &slen);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	485
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	486 r = BN_bin2bn(rbin, (int)rlen, NULL);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	487 s = BN_bin2bn(sbin, (int)slen, NULL);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	488
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	489 ECDSA_SIG_set0(sig, r, s);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	490
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	491 luaL_buffinit(L, &sigbuf);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	492
12735 445f7bd6ffc4 util.crypto, util.jwt: Generate consistent signature sizes (via padding) Matthew Wild <mwild1@gmail.com> parents: 12715 diff changeset	493 /* DER structure of an ECDSA signature has 7 bytes plus the integers themselves,
445f7bd6ffc4 util.crypto, util.jwt: Generate consistent signature sizes (via padding) Matthew Wild <mwild1@gmail.com> parents: 12715 diff changeset	494 which may gain an extra byte once encoded */
445f7bd6ffc4 util.crypto, util.jwt: Generate consistent signature sizes (via padding) Matthew Wild <mwild1@gmail.com> parents: 12715 diff changeset	495 unsigned char buffer = (unsigned char)luaL_prepbuffsize(&sigbuf, (rlen+1)+(slen+1)+7);
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	496 int len = i2d_ECDSA_SIG(sig, &buffer);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	497 luaL_addsize(&sigbuf, len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	498 luaL_pushresult(&sigbuf);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	499
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	500 ECDSA_SIG_free(sig);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	501
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	502 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	503 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	504
12702 f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	505 #define REG_SIGN_VERIFY(algorithm, digest) \
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	506 { #algorithm "_" #digest "_sign", L ## algorithm ## _ ## digest ## _sign },\
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	507 { #algorithm "_" #digest "_verify", L ## algorithm ## _ ## digest ## _verify },
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	508
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	509 #define IMPL_SIGN_VERIFY(algorithm, key_type, digest) \
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	510 static int L ## algorithm ## _ ## digest ## _sign(lua_State *L) { \
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	511 return base_evp_sign(L, key_type, EVP_ ## digest()); \
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	512 } \
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	513 static int L ## algorithm ## _ ## digest ## _verify(lua_State *L) { \
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	514 return base_evp_verify(L, key_type, EVP_ ## digest()); \
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	515 }
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	516
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	517 IMPL_SIGN_VERIFY(ecdsa, NID_X9_62_id_ecPublicKey, sha256)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	518 IMPL_SIGN_VERIFY(ecdsa, NID_X9_62_id_ecPublicKey, sha384)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	519 IMPL_SIGN_VERIFY(ecdsa, NID_X9_62_id_ecPublicKey, sha512)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	520
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	521 IMPL_SIGN_VERIFY(rsassa_pkcs1, NID_rsaEncryption, sha256)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	522 IMPL_SIGN_VERIFY(rsassa_pkcs1, NID_rsaEncryption, sha384)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	523 IMPL_SIGN_VERIFY(rsassa_pkcs1, NID_rsaEncryption, sha512)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	524
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	525 IMPL_SIGN_VERIFY(rsassa_pss, NID_rsassaPss, sha256)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	526 IMPL_SIGN_VERIFY(rsassa_pss, NID_rsassaPss, sha384)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	527 IMPL_SIGN_VERIFY(rsassa_pss, NID_rsassaPss, sha512)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	528
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	529 static const luaL_Reg Reg[] = {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	530 { "ed25519_sign", Led25519_sign },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	531 { "ed25519_verify", Led25519_verify },
12702 f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	532
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	533 REG_SIGN_VERIFY(ecdsa, sha256)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	534 REG_SIGN_VERIFY(ecdsa, sha384)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	535 REG_SIGN_VERIFY(ecdsa, sha512)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	536
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	537 REG_SIGN_VERIFY(rsassa_pkcs1, sha256)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	538 REG_SIGN_VERIFY(rsassa_pkcs1, sha384)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	539 REG_SIGN_VERIFY(rsassa_pkcs1, sha512)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	540
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	541 REG_SIGN_VERIFY(rsassa_pss, sha256)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	542 REG_SIGN_VERIFY(rsassa_pss, sha384)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	543 REG_SIGN_VERIFY(rsassa_pss, sha512)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	544
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	545 { "aes_128_gcm_encrypt", Laes_128_gcm_encrypt },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	546 { "aes_128_gcm_decrypt", Laes_128_gcm_decrypt },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	547 { "aes_256_gcm_encrypt", Laes_256_gcm_encrypt },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	548 { "aes_256_gcm_decrypt", Laes_256_gcm_decrypt },
12702 f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	549
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	550 { "generate_ed25519_keypair", Lgenerate_ed25519_keypair },
12702 f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	551
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	552 { "import_private_pem", Limport_private_pem },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	553 { "import_public_pem", Limport_public_pem },
12702 f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	554
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	555 { "parse_ecdsa_signature", Lparse_ecdsa_signature },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	556 { "build_ecdsa_signature", Lbuild_ecdsa_signature },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	557 { NULL, NULL }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	558 };
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	559
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	560 static const luaL_Reg KeyMethods[] = {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	561 { "private_pem", Lpkey_meth_private_pem },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	562 { "public_pem", Lpkey_meth_public_pem },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	563 { "get_type", Lpkey_meth_get_type },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	564 { NULL, NULL }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	565 };
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	566
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	567 static const luaL_Reg KeyMetatable[] = {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	568 { "__gc", Lpkey_finalizer },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	569 { NULL, NULL }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	570 };
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	571
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	572 LUALIB_API int luaopen_util_crypto(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	573 #if (LUA_VERSION_NUM > 501)
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	574 luaL_checkversion(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	575 #endif
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	576
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	577 /* Initialize pkey metatable */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	578 luaL_newmetatable(L, PKEY_MT_TAG);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	579 luaL_setfuncs(L, KeyMetatable, 0);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	580 lua_newtable(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	581 luaL_setfuncs(L, KeyMethods, 0);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	582 lua_setfield(L, -2, "__index");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	583 lua_pop(L, 1);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	584
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	585 /* Initialize lib table */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	586 lua_newtable(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	587 luaL_setfuncs(L, Reg, 0);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	588 lua_pushliteral(L, "-3.14");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	589 lua_setfield(L, -2, "version");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	590 #ifdef OPENSSL_VERSION
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	591 lua_pushstring(L, OpenSSL_version(OPENSSL_VERSION));
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	592 lua_setfield(L, -2, "_LIBCRYPTO_VERSION");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	593 #endif
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	594 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	595 }

prosody

3eef052c72d8

util-src/crypto.c

Software / code / prosody

Annotate

util-src/crypto.c @ 12804:3eef052c72d8

Software `/` code `/` prosody