Software `/` code `/` prosody

Annotate

util-src/crypto.c @ 12717:898e99f49d80

semgrep: Catch stanza:text() (assuming it's meant to be :get_text())

author	Matthew Wild <mwild1@gmail.com>
date	Sat, 03 Sep 2022 21:17:38 +0100
parent	12715:5dd00f806e32
child	12735:445f7bd6ffc4

rev	line source
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	1 /* Prosody IM
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	2 -- Copyright (C) 2022 Matthew Wild
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	3 --
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	4 -- This project is MIT/X11 licensed. Please see the
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	5 -- COPYING file in the source package for more information.
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	6 --
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	7 */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	8
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	9 /*
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	10 * crypto.c
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	11 * Lua library for cryptographic operations using OpenSSL
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	12 */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	13
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	14 #include <string.h>
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	15 #include <stdlib.h>
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	16
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	17 #ifdef _MSC_VER
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	18 typedef unsigned __int32 uint32_t;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	19 #else
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	20 #include <inttypes.h>
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	21 #endif
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	22
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	23 #include "lua.h"
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	24 #include "lauxlib.h"
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	25 #include <openssl/crypto.h>
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	26 #include <openssl/ecdsa.h>
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	27 #include <openssl/err.h>
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	28 #include <openssl/evp.h>
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	29 #include <openssl/obj_mac.h>
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	30 #include <openssl/pem.h>
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	31
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	32 #if (LUA_VERSION_NUM == 501)
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	33 #define luaL_setfuncs(L, R, N) luaL_register(L, NULL, R)
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	34 #endif
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	35
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	36 #include "managed_pointer.h"
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	37
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	38 #define PKEY_MT_TAG "util.crypto key"
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	39
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	40 static BIO* new_memory_BIO() {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	41 return BIO_new(BIO_s_mem());
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	42 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	43
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	44 MANAGED_POINTER_ALLOCATOR(new_managed_EVP_MD_CTX, EVP_MD_CTX*, EVP_MD_CTX_new, EVP_MD_CTX_free)
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	45 MANAGED_POINTER_ALLOCATOR(new_managed_BIO_s_mem, BIO*, new_memory_BIO, BIO_free)
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	46 MANAGED_POINTER_ALLOCATOR(new_managed_EVP_CIPHER_CTX, EVP_CIPHER_CTX*, EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free)
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	47
12698 999663b4e39d util.crypto: Friendlier error message on incorrect key types Matthew Wild <mwild1@gmail.com> parents: 12697 diff changeset	48 #define CRYPTO_KEY_TYPE_ERR "unexpected key type: got '%s', expected '%s'"
999663b4e39d util.crypto: Friendlier error message on incorrect key types Matthew Wild <mwild1@gmail.com> parents: 12697 diff changeset	49
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	50 static EVP_PKEY* pkey_from_arg(lua_State *L, int idx, const int type, const int require_private) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	51 EVP_PKEY pkey = (EVP_PKEY**)luaL_checkudata(L, idx, PKEY_MT_TAG);
12697 916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	52 int got_type;
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	53 if(type \|\| require_private) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	54 lua_getuservalue(L, idx);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	55 if(type != 0) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	56 lua_getfield(L, -1, "type");
12697 916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	57 got_type = lua_tointeger(L, -1);
916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	58 if(got_type != type) {
12698 999663b4e39d util.crypto: Friendlier error message on incorrect key types Matthew Wild <mwild1@gmail.com> parents: 12697 diff changeset	59 const char *got_key_type_name = OBJ_nid2sn(got_type);
999663b4e39d util.crypto: Friendlier error message on incorrect key types Matthew Wild <mwild1@gmail.com> parents: 12697 diff changeset	60 const char *want_key_type_name = OBJ_nid2sn(type);
999663b4e39d util.crypto: Friendlier error message on incorrect key types Matthew Wild <mwild1@gmail.com> parents: 12697 diff changeset	61 lua_pushfstring(L, CRYPTO_KEY_TYPE_ERR, got_key_type_name, want_key_type_name);
999663b4e39d util.crypto: Friendlier error message on incorrect key types Matthew Wild <mwild1@gmail.com> parents: 12697 diff changeset	62 luaL_argerror(L, idx, lua_tostring(L, -1));
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	63 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	64 lua_pop(L, 1);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	65 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	66 if(require_private != 0) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	67 lua_getfield(L, -1, "private");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	68 if(lua_toboolean(L, -1) != 1) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	69 luaL_argerror(L, idx, "private key expected, got public key only");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	70 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	71 lua_pop(L, 1);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	72 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	73 lua_pop(L, 1);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	74 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	75 return pkey;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	76 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	77
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	78 static int Lpkey_finalizer(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	79 EVP_PKEY *pkey = pkey_from_arg(L, 1, 0, 0);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	80 EVP_PKEY_free(pkey);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	81 return 0;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	82 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	83
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	84 static int Lpkey_meth_get_type(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	85 EVP_PKEY *pkey = pkey_from_arg(L, 1, 0, 0);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	86
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	87 int key_type = EVP_PKEY_id(pkey);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	88 lua_pushstring(L, OBJ_nid2sn(key_type));
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	89 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	90 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	91
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	92 static int base_evp_sign(lua_State L, const int key_type, const EVP_MD digest_type) {
12697 916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	93 EVP_PKEY *pkey = pkey_from_arg(L, 1, (key_type!=NID_rsassaPss)?key_type:NID_rsaEncryption, 1);
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	94 luaL_Buffer sigbuf;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	95
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	96 size_t msg_len;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	97 const unsigned char* msg = (unsigned char*)lua_tolstring(L, 2, &msg_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	98
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	99 size_t sig_len;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	100 unsigned char *sig = NULL;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	101 EVP_MD_CTX *md_ctx = new_managed_EVP_MD_CTX(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	102
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	103 if(EVP_DigestSignInit(md_ctx, NULL, digest_type, NULL, pkey) != 1) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	104 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	105 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	106 }
12697 916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	107 if(key_type == NID_rsassaPss) {
916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	108 EVP_PKEY_CTX_set_rsa_padding(EVP_MD_CTX_pkey_ctx(md_ctx), RSA_PKCS1_PSS_PADDING);
916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	109 }
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	110 if(EVP_DigestSign(md_ctx, NULL, &sig_len, msg, msg_len) != 1) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	111 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	112 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	113 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	114
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	115 // COMPAT w/ Lua 5.1
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	116 luaL_buffinit(L, &sigbuf);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	117 sig = memset(luaL_prepbuffer(&sigbuf), 0, sig_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	118
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	119 if(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len) != 1) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	120 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	121 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	122 else {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	123 luaL_addsize(&sigbuf, sig_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	124 luaL_pushresult(&sigbuf);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	125 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	126 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	127
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	128 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	129 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	130
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	131 static int base_evp_verify(lua_State L, const int key_type, const EVP_MD digest_type) {
12697 916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	132 EVP_PKEY *pkey = pkey_from_arg(L, 1, (key_type!=NID_rsassaPss)?key_type:NID_rsaEncryption, 0);
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	133
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	134 size_t msg_len;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	135 const unsigned char msg = (unsigned char)luaL_checklstring(L, 2, &msg_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	136
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	137 size_t sig_len;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	138 const unsigned char sig = (unsigned char)luaL_checklstring(L, 3, &sig_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	139
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	140 EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	141
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	142 if(EVP_DigestVerifyInit(md_ctx, NULL, digest_type, NULL, pkey) != 1) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	143 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	144 goto cleanup;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	145 }
12697 916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	146 if(key_type == NID_rsassaPss) {
916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	147 EVP_PKEY_CTX_set_rsa_padding(EVP_MD_CTX_pkey_ctx(md_ctx), RSA_PKCS1_PSS_PADDING);
916871447b2f util.crypto: Add support for RSA signatures (PKCS1-v1.5 + PSS) Matthew Wild <mwild1@gmail.com> parents: 12693 diff changeset	148 }
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	149 int result = EVP_DigestVerify(md_ctx, sig, sig_len, msg, msg_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	150 if(result == 0) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	151 lua_pushboolean(L, 0);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	152 } else if(result != 1) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	153 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	154 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	155 else {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	156 lua_pushboolean(L, 1);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	157 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	158 cleanup:
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	159 EVP_MD_CTX_free(md_ctx);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	160 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	161 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	162
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	163 static int Lpkey_meth_public_pem(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	164 char *data;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	165 size_t bytes;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	166 EVP_PKEY *pkey = pkey_from_arg(L, 1, 0, 0);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	167 BIO *bio = new_managed_BIO_s_mem(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	168 if(PEM_write_bio_PUBKEY(bio, pkey)) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	169 bytes = BIO_get_mem_data(bio, &data);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	170 if (bytes > 0) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	171 lua_pushlstring(L, data, bytes);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	172 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	173 else {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	174 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	175 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	176 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	177 else {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	178 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	179 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	180 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	181 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	182
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	183 static int Lpkey_meth_private_pem(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	184 char *data;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	185 size_t bytes;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	186 EVP_PKEY *pkey = pkey_from_arg(L, 1, 0, 1);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	187 BIO *bio = new_managed_BIO_s_mem(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	188
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	189 if(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL)) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	190 bytes = BIO_get_mem_data(bio, &data);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	191 if (bytes > 0) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	192 lua_pushlstring(L, data, bytes);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	193 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	194 else {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	195 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	196 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	197 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	198 else {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	199 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	200 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	201 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	202 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	203
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	204 static int push_pkey(lua_State L, EVP_PKEY pkey, const int type, const int privkey) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	205 EVP_PKEY *ud = lua_newuserdata(L, sizeof(EVP_PKEY));
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	206 *ud = pkey;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	207 luaL_newmetatable(L, PKEY_MT_TAG);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	208 lua_setmetatable(L, -2);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	209
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	210 /* Set some info about the key and attach it as a user value */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	211 lua_newtable(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	212 if(type != 0) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	213 lua_pushinteger(L, type);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	214 lua_setfield(L, -2, "type");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	215 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	216 if(privkey != 0) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	217 lua_pushboolean(L, 1);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	218 lua_setfield(L, -2, "private");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	219 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	220 lua_setuservalue(L, -2);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	221 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	222 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	223
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	224 static int Lgenerate_ed25519_keypair(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	225 EVP_PKEY *pkey = NULL;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	226 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	227
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	228 /* Generate key */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	229 EVP_PKEY_keygen_init(pctx);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	230 EVP_PKEY_keygen(pctx, &pkey);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	231 EVP_PKEY_CTX_free(pctx);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	232
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	233 push_pkey(L, pkey, NID_ED25519, 1);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	234 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	235 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	236
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	237 static int Limport_private_pem(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	238 EVP_PKEY *pkey = NULL;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	239
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	240 size_t privkey_bytes;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	241 const char* privkey_data;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	242 BIO *bio = new_managed_BIO_s_mem(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	243
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	244 privkey_data = luaL_checklstring(L, 1, &privkey_bytes);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	245 BIO_write(bio, privkey_data, privkey_bytes);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	246 pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	247 if (pkey) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	248 push_pkey(L, pkey, EVP_PKEY_id(pkey), 1);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	249 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	250 else {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	251 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	252 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	253
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	254 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	255 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	256
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	257 static int Limport_public_pem(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	258 EVP_PKEY *pkey = NULL;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	259
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	260 size_t pubkey_bytes;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	261 const char* pubkey_data;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	262 BIO *bio = new_managed_BIO_s_mem(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	263
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	264 pubkey_data = luaL_checklstring(L, 1, &pubkey_bytes);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	265 BIO_write(bio, pubkey_data, pubkey_bytes);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	266 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	267 if (pkey) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	268 push_pkey(L, pkey, EVP_PKEY_id(pkey), 0);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	269 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	270 else {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	271 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	272 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	273
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	274 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	275 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	276
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	277 static int Led25519_sign(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	278 return base_evp_sign(L, NID_ED25519, NULL);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	279 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	280
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	281 static int Led25519_verify(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	282 return base_evp_verify(L, NID_ED25519, NULL);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	283 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	284
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	285 /* gcm_encrypt(key, iv, plaintext) */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	286 static int Laes_gcm_encrypt(lua_State L, const EVP_CIPHER cipher, const unsigned char expected_key_len) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	287 EVP_CIPHER_CTX *ctx;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	288 luaL_Buffer ciphertext_buffer;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	289
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	290 size_t key_len, iv_len, plaintext_len;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	291 int ciphertext_len, final_len;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	292
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	293 const unsigned char key = (unsigned char)luaL_checklstring(L, 1, &key_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	294 const unsigned char iv = (unsigned char)luaL_checklstring(L, 2, &iv_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	295 const unsigned char plaintext = (unsigned char)luaL_checklstring(L, 3, &plaintext_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	296
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	297 if(key_len != expected_key_len) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	298 return luaL_error(L, "key must be %d bytes", expected_key_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	299 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	300 luaL_argcheck(L, iv_len == 12, 2, "iv must be 12 bytes");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	301 if(lua_gettop(L) > 3) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	302 return luaL_error(L, "Expected 3 arguments, got %d", lua_gettop(L));
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	303 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	304
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	305 // Create and initialise the context
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	306 ctx = new_managed_EVP_CIPHER_CTX(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	307
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	308 // Initialise the encryption operation
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	309 if(1 != EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL)) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	310 return luaL_error(L, "Error while initializing encryption engine");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	311 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	312
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	313 // Initialise key and IV
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	314 if(1 != EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	315 return luaL_error(L, "Error while initializing key/iv");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	316 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	317
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	318 luaL_buffinit(L, &ciphertext_buffer);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	319 unsigned char ciphertext = (unsigned char)luaL_prepbuffsize(&ciphertext_buffer, plaintext_len+16);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	320
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	321 if(1 != EVP_EncryptUpdate(ctx, ciphertext, &ciphertext_len, plaintext, plaintext_len)) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	322 return luaL_error(L, "Error while encrypting data");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	323 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	324
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	325 /*
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	326 * Finalise the encryption. Normally ciphertext bytes may be written at
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	327 * this stage, but this does not occur in GCM mode
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	328 */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	329 if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + ciphertext_len, &final_len)) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	330 return luaL_error(L, "Error while encrypting final data");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	331 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	332 if(final_len != 0) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	333 return luaL_error(L, "Non-zero final data");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	334 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	335
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	336 /* Get the tag */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	337 if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, ciphertext + ciphertext_len)) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	338 return luaL_error(L, "Unable to read AEAD tag of encrypted data");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	339 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	340
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	341 luaL_addsize(&ciphertext_buffer, ciphertext_len + 16);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	342 luaL_pushresult(&ciphertext_buffer);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	343
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	344 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	345 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	346
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	347 static int Laes_128_gcm_encrypt(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	348 return Laes_gcm_encrypt(L, EVP_aes_128_gcm(), 16);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	349 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	350
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	351 static int Laes_256_gcm_encrypt(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	352 return Laes_gcm_encrypt(L, EVP_aes_256_gcm(), 32);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	353 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	354
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	355 /* gcm_decrypt(key, iv, ciphertext) */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	356 static int Laes_gcm_decrypt(lua_State L, const EVP_CIPHER cipher, const unsigned char expected_key_len) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	357 EVP_CIPHER_CTX *ctx;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	358 luaL_Buffer plaintext_buffer;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	359
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	360 size_t key_len, iv_len, ciphertext_len;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	361 int plaintext_len, final_len;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	362
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	363 const unsigned char key = (unsigned char)luaL_checklstring(L, 1, &key_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	364 const unsigned char iv = (unsigned char)luaL_checklstring(L, 2, &iv_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	365 const unsigned char ciphertext = (unsigned char)luaL_checklstring(L, 3, &ciphertext_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	366
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	367 if(key_len != expected_key_len) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	368 return luaL_error(L, "key must be %d bytes", expected_key_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	369 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	370 luaL_argcheck(L, iv_len == 12, 2, "iv must be 12 bytes");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	371 luaL_argcheck(L, ciphertext_len > 16, 3, "ciphertext must be at least 16 bytes (including tag)");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	372 if(lua_gettop(L) > 3) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	373 return luaL_error(L, "Expected 3 arguments, got %d", lua_gettop(L));
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	374 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	375
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	376 /* Create and initialise the context */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	377 ctx = new_managed_EVP_CIPHER_CTX(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	378
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	379 /* Initialise the decryption operation. */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	380 if(!EVP_DecryptInit_ex(ctx, cipher, NULL, NULL, NULL)) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	381 return luaL_error(L, "Error while initializing decryption engine");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	382 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	383
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	384 /* Initialise key and IV */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	385 if(!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	386 return luaL_error(L, "Error while initializing key/iv");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	387 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	388
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	389 luaL_buffinit(L, &plaintext_buffer);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	390 unsigned char plaintext = (unsigned char)luaL_prepbuffsize(&plaintext_buffer, ciphertext_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	391
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	392 /*
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	393 * Provide the message to be decrypted, and obtain the plaintext output.
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	394 * EVP_DecryptUpdate can be called multiple times if necessary
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	395 */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	396 if(!EVP_DecryptUpdate(ctx, plaintext, &plaintext_len, ciphertext, ciphertext_len-16)) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	397 return luaL_error(L, "Error while decrypting data");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	398 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	399
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	400 /* Set expected tag value. Works in OpenSSL 1.0.1d and later */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	401 if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, (unsigned char*)ciphertext + (ciphertext_len-16))) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	402 return luaL_error(L, "Error while processing authentication tag");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	403 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	404
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	405 /*
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	406 * Finalise the decryption. A positive return value indicates success,
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	407 * anything else is a failure - the plaintext is not trustworthy.
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	408 */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	409 int ret = EVP_DecryptFinal_ex(ctx, plaintext + plaintext_len, &final_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	410
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	411 if(ret <= 0) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	412 /* Verify failed */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	413 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	414 lua_pushliteral(L, "verify-failed");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	415 return 2;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	416 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	417
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	418 luaL_addsize(&plaintext_buffer, plaintext_len + final_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	419 luaL_pushresult(&plaintext_buffer);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	420 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	421 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	422
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	423 static int Laes_128_gcm_decrypt(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	424 return Laes_gcm_decrypt(L, EVP_aes_128_gcm(), 16);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	425 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	426
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	427 static int Laes_256_gcm_decrypt(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	428 return Laes_gcm_decrypt(L, EVP_aes_256_gcm(), 32);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	429 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	430
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	431 /* r, s = parse_ecdsa_sig(sig_der) */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	432 static int Lparse_ecdsa_signature(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	433 ECDSA_SIG *sig;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	434 size_t sig_der_len;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	435 const unsigned char sig_der = (unsigned char)luaL_checklstring(L, 1, &sig_der_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	436 const BIGNUM r, s;
12714 82bca7191f13 util.crypto: Use stack space buffers Kim Alvefur <zash@zash.se> parents: 12702 diff changeset	437 unsigned char rb[32];
82bca7191f13 util.crypto: Use stack space buffers Kim Alvefur <zash@zash.se> parents: 12702 diff changeset	438 unsigned char sb[32];
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	439 int rlen, slen;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	440
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	441 sig = d2i_ECDSA_SIG(NULL, &sig_der, sig_der_len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	442
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	443 if(sig == NULL) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	444 lua_pushnil(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	445 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	446 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	447
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	448 ECDSA_SIG_get0(sig, &r, &s);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	449
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	450 rlen = BN_num_bytes(r);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	451 slen = BN_num_bytes(s);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	452
12714 82bca7191f13 util.crypto: Use stack space buffers Kim Alvefur <zash@zash.se> parents: 12702 diff changeset	453 if (rlen > 32 \|\| slen > 32) {
82bca7191f13 util.crypto: Use stack space buffers Kim Alvefur <zash@zash.se> parents: 12702 diff changeset	454 ECDSA_SIG_free(sig);
82bca7191f13 util.crypto: Use stack space buffers Kim Alvefur <zash@zash.se> parents: 12702 diff changeset	455 luaL_error(L, "unexpectedly large signature integers");
82bca7191f13 util.crypto: Use stack space buffers Kim Alvefur <zash@zash.se> parents: 12702 diff changeset	456 }
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	457
12714 82bca7191f13 util.crypto: Use stack space buffers Kim Alvefur <zash@zash.se> parents: 12702 diff changeset	458 BN_bn2bin(r, rb);
82bca7191f13 util.crypto: Use stack space buffers Kim Alvefur <zash@zash.se> parents: 12702 diff changeset	459 BN_bn2bin(s, sb);
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	460
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	461 ECDSA_SIG_free(sig);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	462
12714 82bca7191f13 util.crypto: Use stack space buffers Kim Alvefur <zash@zash.se> parents: 12702 diff changeset	463 lua_pushlstring(L, (const char*)rb, rlen);
82bca7191f13 util.crypto: Use stack space buffers Kim Alvefur <zash@zash.se> parents: 12702 diff changeset	464 lua_pushlstring(L, (const char*)sb, slen);
82bca7191f13 util.crypto: Use stack space buffers Kim Alvefur <zash@zash.se> parents: 12702 diff changeset	465
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	466 return 2;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	467 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	468
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	469 /* sig_der = build_ecdsa_signature(r, s) */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	470 static int Lbuild_ecdsa_signature(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	471 ECDSA_SIG *sig = ECDSA_SIG_new();
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	472 BIGNUM r, s;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	473 luaL_Buffer sigbuf;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	474
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	475 size_t rlen, slen;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	476 const unsigned char rbin, sbin;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	477
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	478 rbin = (unsigned char*)luaL_checklstring(L, 1, &rlen);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	479 sbin = (unsigned char*)luaL_checklstring(L, 2, &slen);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	480
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	481 r = BN_bin2bn(rbin, (int)rlen, NULL);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	482 s = BN_bin2bn(sbin, (int)slen, NULL);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	483
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	484 ECDSA_SIG_set0(sig, r, s);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	485
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	486 luaL_buffinit(L, &sigbuf);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	487
12715 5dd00f806e32 util.crypto: Use Lua 5.2 API for predictable buffer size Kim Alvefur <zash@zash.se> parents: 12714 diff changeset	488 unsigned char buffer = (unsigned char)luaL_prepbuffsize(&sigbuf, rlen+slen+32);
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	489 int len = i2d_ECDSA_SIG(sig, &buffer);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	490 luaL_addsize(&sigbuf, len);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	491 luaL_pushresult(&sigbuf);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	492
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	493 ECDSA_SIG_free(sig);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	494
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	495 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	496 }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	497
12702 f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	498 #define REG_SIGN_VERIFY(algorithm, digest) \
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	499 { #algorithm "_" #digest "_sign", L ## algorithm ## _ ## digest ## _sign },\
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	500 { #algorithm "_" #digest "_verify", L ## algorithm ## _ ## digest ## _verify },
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	501
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	502 #define IMPL_SIGN_VERIFY(algorithm, key_type, digest) \
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	503 static int L ## algorithm ## _ ## digest ## _sign(lua_State *L) { \
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	504 return base_evp_sign(L, key_type, EVP_ ## digest()); \
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	505 } \
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	506 static int L ## algorithm ## _ ## digest ## _verify(lua_State *L) { \
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	507 return base_evp_verify(L, key_type, EVP_ ## digest()); \
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	508 }
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	509
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	510 IMPL_SIGN_VERIFY(ecdsa, NID_X9_62_id_ecPublicKey, sha256)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	511 IMPL_SIGN_VERIFY(ecdsa, NID_X9_62_id_ecPublicKey, sha384)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	512 IMPL_SIGN_VERIFY(ecdsa, NID_X9_62_id_ecPublicKey, sha512)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	513
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	514 IMPL_SIGN_VERIFY(rsassa_pkcs1, NID_rsaEncryption, sha256)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	515 IMPL_SIGN_VERIFY(rsassa_pkcs1, NID_rsaEncryption, sha384)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	516 IMPL_SIGN_VERIFY(rsassa_pkcs1, NID_rsaEncryption, sha512)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	517
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	518 IMPL_SIGN_VERIFY(rsassa_pss, NID_rsassaPss, sha256)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	519 IMPL_SIGN_VERIFY(rsassa_pss, NID_rsassaPss, sha384)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	520 IMPL_SIGN_VERIFY(rsassa_pss, NID_rsassaPss, sha512)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	521
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	522 static const luaL_Reg Reg[] = {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	523 { "ed25519_sign", Led25519_sign },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	524 { "ed25519_verify", Led25519_verify },
12702 f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	525
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	526 REG_SIGN_VERIFY(ecdsa, sha256)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	527 REG_SIGN_VERIFY(ecdsa, sha384)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	528 REG_SIGN_VERIFY(ecdsa, sha512)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	529
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	530 REG_SIGN_VERIFY(rsassa_pkcs1, sha256)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	531 REG_SIGN_VERIFY(rsassa_pkcs1, sha384)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	532 REG_SIGN_VERIFY(rsassa_pkcs1, sha512)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	533
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	534 REG_SIGN_VERIFY(rsassa_pss, sha256)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	535 REG_SIGN_VERIFY(rsassa_pss, sha384)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	536 REG_SIGN_VERIFY(rsassa_pss, sha512)
f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	537
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	538 { "aes_128_gcm_encrypt", Laes_128_gcm_encrypt },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	539 { "aes_128_gcm_decrypt", Laes_128_gcm_decrypt },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	540 { "aes_256_gcm_encrypt", Laes_256_gcm_encrypt },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	541 { "aes_256_gcm_decrypt", Laes_256_gcm_decrypt },
12702 f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	542
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	543 { "generate_ed25519_keypair", Lgenerate_ed25519_keypair },
12702 f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	544
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	545 { "import_private_pem", Limport_private_pem },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	546 { "import_public_pem", Limport_public_pem },
12702 f63176781940 util.crypto: More digests for sign/verify, use macros for clarity/consistency Matthew Wild <mwild1@gmail.com> parents: 12698 diff changeset	547
12693 7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	548 { "parse_ecdsa_signature", Lparse_ecdsa_signature },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	549 { "build_ecdsa_signature", Lbuild_ecdsa_signature },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	550 { NULL, NULL }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	551 };
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	552
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	553 static const luaL_Reg KeyMethods[] = {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	554 { "private_pem", Lpkey_meth_private_pem },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	555 { "public_pem", Lpkey_meth_public_pem },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	556 { "get_type", Lpkey_meth_get_type },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	557 { NULL, NULL }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	558 };
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	559
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	560 static const luaL_Reg KeyMetatable[] = {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	561 { "__gc", Lpkey_finalizer },
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	562 { NULL, NULL }
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	563 };
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	564
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	565 LUALIB_API int luaopen_util_crypto(lua_State *L) {
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	566 #if (LUA_VERSION_NUM > 501)
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	567 luaL_checkversion(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	568 #endif
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	569
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	570 /* Initialize pkey metatable */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	571 luaL_newmetatable(L, PKEY_MT_TAG);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	572 luaL_setfuncs(L, KeyMetatable, 0);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	573 lua_newtable(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	574 luaL_setfuncs(L, KeyMethods, 0);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	575 lua_setfield(L, -2, "__index");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	576 lua_pop(L, 1);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	577
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	578 /* Initialize lib table */
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	579 lua_newtable(L);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	580 luaL_setfuncs(L, Reg, 0);
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	581 lua_pushliteral(L, "-3.14");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	582 lua_setfield(L, -2, "version");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	583 #ifdef OPENSSL_VERSION
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	584 lua_pushstring(L, OpenSSL_version(OPENSSL_VERSION));
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	585 lua_setfield(L, -2, "_LIBCRYPTO_VERSION");
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	586 #endif
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	587 return 1;
7c5afbdcbc77 util.crypto: New wrapper for some operations in OpenSSL's libcrypto Matthew Wild <mwild1@gmail.com> parents: diff changeset	588 }

prosody

898e99f49d80

util-src/crypto.c

Software / code / prosody

Annotate

util-src/crypto.c @ 12717:898e99f49d80

Software `/` code `/` prosody