static LUA_FUNCTION(openssl_csr_parse)
{
X509_REQ * csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req");
X509_NAME * subject = X509_REQ_get_subject_name(csr);
STACK_OF(X509_EXTENSION) *exts = X509_REQ_get_extensions(csr);
lua_newtable(L);
openssl_push_asn1(L, csr->signature, V_ASN1_BIT_STRING);
lua_setfield(L, -2, "signature");
openssl_push_x509_algor(L, csr->sig_alg);
lua_setfield(L, -2, "sig_alg");
lua_newtable(L);
AUXILIAR_SET(L, -1, "version", X509_REQ_get_version(csr), integer);
openssl_push_xname_asobject(L, subject);
lua_setfield(L, -2, "subject");
if (exts)
{
lua_pushstring(L, "extensions");
openssl_sk_x509_extension_totable(L, exts);
lua_rawset(L, -3);
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
}
{
X509_REQ_INFO* ri = csr->req_info;
int i, c;
EVP_PKEY *pubkey = X509_REQ_get_pubkey(csr);
lua_newtable(L);
c = X509_REQ_get_attr_count(csr);
if (c > 0)
{
lua_newtable(L);
for (i = 0; i < c ; i++)
{
X509_ATTRIBUTE *attr = X509_REQ_get_attr(csr, i);
attr = X509_ATTRIBUTE_dup(attr);
PUSH_OBJECT(attr, "openssl.x509_attribute");
lua_rawseti(L, -2, i + 1);
}
lua_setfield(L, -2, "attributes");
}
lua_newtable(L);
openssl_push_asn1object(L, ri->pubkey->algor->algorithm);
lua_setfield(L, -2, "algorithm");
AUXILIAR_SETOBJECT(L, pubkey , "openssl.evp_pkey", -1, "pubkey");
lua_setfield(L, -2, "pubkey");
lua_setfield(L, -2, "req_info");
}
return 1;
}
static LUA_FUNCTION(openssl_pkcs12_read)
{
PKCS12 * p12 = NULL;
EVP_PKEY * pkey = NULL;
X509 * cert = NULL;
STACK_OF(X509) * ca = NULL;
int ret = 0;
int base64 = 0;
int olb64 = 0;
BIO * b64 = NULL;
BIO * bio_in = load_bio_object(L, 1);
const char *pass = luaL_checkstring(L, 2);
if (!lua_isnoneornil(L, 3))
base64 = auxiliar_checkboolean(L, 3);
if (!lua_isnoneornil(L, 4))
olb64 = auxiliar_checkboolean(L, 4);
if (base64)
{
if ((b64 = BIO_new(BIO_f_base64())) == NULL)
return 0;
if (olb64) BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
bio_in = BIO_push(b64, bio_in);
}
if (d2i_PKCS12_bio(bio_in, &p12) && PKCS12_parse(p12, pass, &pkey, &cert, &ca))
{
lua_newtable(L);
AUXILIAR_SETOBJECT(L, cert, "openssl.x509" , -1, "cert");
AUXILIAR_SETOBJECT(L, pkey, "openssl.evp_pkey" , -1, "pkey");
AUXILIAR_SETOBJECT(L, ca, "openssl.stack_of_x509" , -1, "extracerts");
ret = 1;
}
if (b64)
BIO_free(b64);
BIO_free(bio_in);
PKCS12_free(p12);
return ret;
}
static LUA_FUNCTION(openssl_digest_ctx_info)
{
EVP_MD_CTX *ctx = CHECK_OBJECT(1, EVP_MD_CTX, "openssl.evp_digest_ctx");
lua_newtable(L);
AUXILIAR_SET(L, -1, "block_size", EVP_MD_CTX_block_size(ctx), integer);
AUXILIAR_SET(L, -1, "size", EVP_MD_CTX_size(ctx), integer);
AUXILIAR_SET(L, -1, "type", EVP_MD_CTX_type(ctx), integer);
AUXILIAR_SETOBJECT(L, EVP_MD_CTX_md(ctx), "openssl.evp_digest", -1, "digest");
return 1;
}
static int openssl_ec_key_parse(lua_State*L)
{
EC_KEY* ec = CHECK_OBJECT(1, EC_KEY, "openssl.ec_key");
int basic = luaL_opt(L,lua_toboolean, 2, 0);
const EC_POINT* point = EC_KEY_get0_public_key(ec);
const EC_GROUP* group = EC_KEY_get0_group(ec);
const BIGNUM *priv = EC_KEY_get0_private_key(ec);
lua_newtable(L);
if (basic)
{
BIGNUM* x = BN_new();
BIGNUM* y = BN_new();
AUXILIAR_SET(L, -1, "enc_flag", EC_KEY_get_enc_flags(ec), integer);
AUXILIAR_SET(L, -1, "conv_form", EC_KEY_get_conv_form(ec), integer);
AUXILIAR_SET(L, -1, "curve_name", EC_GROUP_get_curve_name(group), integer);
AUXILIAR_SETOBJECT(L, BN_dup(priv), "openssl.bn", -1, "d");
if (EC_POINT_get_affine_coordinates_GFp(group, point, x, y, NULL) == 1)
{
AUXILIAR_SETOBJECT(L, x, "openssl.bn", -1, "x");
AUXILIAR_SETOBJECT(L, y, "openssl.bn", -1, "y");
};
}
else
{
AUXILIAR_SET(L, -1, "enc_flag", EC_KEY_get_enc_flags(ec), integer);
AUXILIAR_SET(L, -1, "conv_form", EC_KEY_get_conv_form(ec), integer);
point = EC_POINT_dup(point, group);
AUXILIAR_SETOBJECT(L, point, "openssl.ec_point", -1, "pub_key");
group = EC_GROUP_dup(group);
AUXILIAR_SETOBJECT(L, group, "openssl.ec_group", -1, "group");
OPENSSL_PKEY_GET_BN(priv, priv_key);
}
return 1;
};
static LUA_FUNCTION(openssl_cipher_ctx_info)
{
EVP_CIPHER_CTX *ctx = CHECK_OBJECT(1, EVP_CIPHER_CTX, "openssl.evp_cipher_ctx");
lua_newtable(L);
AUXILIAR_SET(L, -1, "block_size", EVP_CIPHER_CTX_block_size(ctx), integer);
AUXILIAR_SET(L, -1, "key_length", EVP_CIPHER_CTX_key_length(ctx), integer);
AUXILIAR_SET(L, -1, "iv_length", EVP_CIPHER_CTX_iv_length(ctx), integer);
AUXILIAR_SET(L, -1, "flags", EVP_CIPHER_CTX_flags(ctx), integer);
AUXILIAR_SET(L, -1, "nid", EVP_CIPHER_CTX_nid(ctx), integer);
AUXILIAR_SET(L, -1, "type", EVP_CIPHER_CTX_mode(ctx), integer);
AUXILIAR_SET(L, -1, "mode", EVP_CIPHER_CTX_type(ctx), integer);
AUXILIAR_SETOBJECT(L, EVP_CIPHER_CTX_cipher(ctx), "openssl.evp_cipher", -1, "cipher");
return 1;
}
static int openssl_ec_group_parse(lua_State*L)
{
const EC_GROUP* group = CHECK_OBJECT(1, EC_GROUP, "openssl.ec_group");
const EC_POINT *generator = EC_GROUP_get0_generator(group);
BN_CTX* ctx = BN_CTX_new();
BIGNUM *a, *b, *p, *order, *cofactor;
lua_newtable(L);
if (generator)
{
generator = EC_POINT_dup(generator, group);
AUXILIAR_SETOBJECT(L, generator, "openssl.ec_point", -1, "generator");
}
order = BN_new();
EC_GROUP_get_order(group, order, ctx);
AUXILIAR_SETOBJECT(L, order, "openssl.bn", -1, "order");
cofactor = BN_new();
EC_GROUP_get_cofactor(group, cofactor, ctx);
AUXILIAR_SETOBJECT(L, cofactor, "openssl.bn", -1, "cofactor");
AUXILIAR_SET(L, -1, "asn1_flag", EC_GROUP_get_asn1_flag(group), integer);
AUXILIAR_SET(L, -1, "degree", EC_GROUP_get_degree(group), integer);
AUXILIAR_SET(L, -1, "curve_name", EC_GROUP_get_curve_name(group), integer);
AUXILIAR_SET(L, -1, "conversion_form", EC_GROUP_get_point_conversion_form(group), integer);
AUXILIAR_SETLSTR(L, -1, "seed", EC_GROUP_get0_seed(group), EC_GROUP_get_seed_len(group));
a = BN_new();
b = BN_new();
p = BN_new();
EC_GROUP_get_curve_GFp(group, p, a, b, ctx);
lua_newtable(L);
{
AUXILIAR_SETOBJECT(L, p, "openssl.bn", -1, "p");
AUXILIAR_SETOBJECT(L, a, "openssl.bn", -1, "a");
AUXILIAR_SETOBJECT(L, b, "openssl.bn", -1, "b");
}
lua_setfield(L, -2, "curve");
BN_CTX_free(ctx);
return 1;
}
static int openssl_push_pkcs7_signer_info(lua_State *L, PKCS7_SIGNER_INFO *info)
{
lua_newtable(L);
AUXILIAR_SET(L, -1, "version", ASN1_INTEGER_get(info->version), integer);
if (info->issuer_and_serial != NULL)
{
X509_NAME *i = X509_NAME_dup(info->issuer_and_serial->issuer);
ASN1_INTEGER *s = ASN1_INTEGER_dup(info->issuer_and_serial->serial);
if (info->issuer_and_serial->issuer)
AUXILIAR_SETOBJECT(L, i, "openssl.x509_name", -1, "issuer");
if (info->issuer_and_serial->serial)
AUXILIAR_SETOBJECT(L, s, "openssl.asn1_integer", -1, "serial");
}
if (info->digest_alg)
{
X509_ALGOR *dup = X509_ALGOR_dup(info->digest_alg);
AUXILIAR_SETOBJECT(L, dup, "openssl.x509_algor", -1, "digest_alg");
}
if (info->digest_enc_alg)
{
X509_ALGOR *dup = X509_ALGOR_dup(info->digest_alg);
AUXILIAR_SETOBJECT(L, dup, "openssl.x509_algor", -1, "digest_enc_alg");
}
if (info->enc_digest)
{
ASN1_STRING *dup = ASN1_STRING_dup(info->enc_digest);
AUXILIAR_SETOBJECT(L, dup, "openssl.asn1_string", -1, "enc_digest");
}
if (info->pkey)
{
CRYPTO_add(&info->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
AUXILIAR_SETOBJECT(L, info->pkey, "openssl.evp_pkey", -1, "pkey");
}
return 1;
}
static LUA_FUNCTION(openssl_pkcs7_parse)
{
PKCS7 * p7 = CHECK_OBJECT(1, PKCS7, "openssl.pkcs7");
STACK_OF(X509) *certs = NULL;
STACK_OF(X509_CRL) *crls = NULL;
int i = OBJ_obj2nid(p7->type);
lua_newtable(L);
AUXILIAR_SET(L, -1, "type", OBJ_nid2ln(i), string);
switch (i)
{
case NID_pkcs7_signed:
{
PKCS7_SIGNED *sign = p7->d.sign;
certs = sign->cert ? sign->cert : NULL;
crls = sign->crl ? sign->crl : NULL;
AUXILIAR_SET(L, -1, "version", ASN1_INTEGER_get(sign->version), integer);
AUXILIAR_SET(L, -1, "detached", PKCS7_is_detached(p7), boolean);
lua_pushstring(L, "md_algs");
openssl_sk_x509_algor_totable(L, sign->md_algs);
lua_rawset(L, -3);
if (sign->signer_info)
{
int j, n;
n = sk_PKCS7_SIGNER_INFO_num(sign->signer_info);
lua_pushstring(L, "signer_info");
lua_newtable(L);
for (j = 0; j < n; j++)
{
PKCS7_SIGNER_INFO *info = sk_PKCS7_SIGNER_INFO_value(sign->signer_info, j);
lua_pushinteger(L, j + 1);
openssl_push_pkcs7_signer_info(L, info);
lua_rawset(L, -3);
}
lua_rawset(L, -3);
}
if (!PKCS7_is_detached(p7))
{
PKCS7* c = sign->contents;
c = PKCS7_dup(c);
AUXILIAR_SETOBJECT(L, c, "openssl.pkcs7", -1, "contents");
}
}
break;
case NID_pkcs7_signedAndEnveloped:
certs = p7->d.signed_and_enveloped->cert;
crls = p7->d.signed_and_enveloped->crl;
break;
case NID_pkcs7_enveloped:
{
/*
BIO * mem = BIO_new(BIO_s_mem());
BIO * v_p7bio = PKCS7_dataDecode(p7,pkey,NULL,NULL);
BUF_MEM *bptr = NULL;
unsigned char src[4096];
int len;
while((len = BIO_read(v_p7bio,src,4096))>0){
BIO_write(mem, src, len);
}
BIO_free(v_p7bio);
BIO_get_mem_ptr(mem, &bptr);
if((int)*puiDataLen < bptr->length)
{
*puiDataLen = bptr->length;
ret = SAR_MemoryErr;
}else{
*puiDataLen = bptr->length;
memcpy(pucData,bptr->data, bptr->length);
}
*/
}
break;
case NID_pkcs7_digest:
{
PKCS7_DIGEST* d = p7->d.digest;
ASN1_OCTET_STRING *as = ASN1_STRING_dup(d->digest);
PUSH_OBJECT(as, "openssl.asn1_string");
lua_setfield(L, -2, "digest");
}
break;
case NID_pkcs7_data:
{
ASN1_OCTET_STRING *as = ASN1_STRING_dup(p7->d.data);
PUSH_OBJECT(as, "openssl.asn1_string");
lua_setfield(L, -2, "data");
}
break;
default:
break;
}
/* NID_pkcs7_signed or NID_pkcs7_signedAndEnveloped */
if (certs != NULL)
{
lua_pushstring(L, "certs");
openssl_sk_x509_totable(L, certs);
lua_rawset(L, -3);
}
if (crls != NULL)
{
lua_pushstring(L, "crls");
openssl_sk_x509_crl_totable(L, crls);
lua_rawset(L, -3);
}
return 1;
}
/***
parse x509_req object as table
@function parse
@tparam[opt=true] shortname default will use short object name
@treturn table result
*/
static LUA_FUNCTION(openssl_csr_parse)
{
X509_REQ *csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req");
X509_NAME *subject = X509_REQ_get_subject_name(csr);
STACK_OF(X509_EXTENSION) *exts = X509_REQ_get_extensions(csr);
lua_newtable(L);
{
const ASN1_BIT_STRING *sig = NULL;
const X509_ALGOR *alg = NULL;
X509_REQ_get0_signature(csr, &sig, &alg);
openssl_push_asn1(L, sig, V_ASN1_BIT_STRING);
lua_setfield(L, -2, "signature");
alg = X509_ALGOR_dup((X509_ALGOR *)alg);
PUSH_OBJECT(alg, "openssl.x509_algor");
lua_setfield(L, -2, "sig_alg");
}
lua_newtable(L);
AUXILIAR_SET(L, -1, "version", X509_REQ_get_version(csr), integer);
openssl_push_xname_asobject(L, subject);
lua_setfield(L, -2, "subject");
if (exts)
{
lua_pushstring(L, "extensions");
openssl_sk_x509_extension_totable(L, exts);
lua_rawset(L, -3);
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
}
{
X509_PUBKEY *xpub = X509_REQ_get_X509_PUBKEY(csr);
ASN1_OBJECT *oalg = NULL;
int c;
EVP_PKEY *pubkey = X509_REQ_get_pubkey(csr);
lua_newtable(L);
c = X509_REQ_get_attr_count(csr);
if (c > 0)
{
int i;
lua_newtable(L);
for (i = 0; i < c ; i++)
{
X509_ATTRIBUTE *attr = X509_REQ_get_attr(csr, i);
attr = X509_ATTRIBUTE_dup(attr);
PUSH_OBJECT(attr, "openssl.x509_attribute");
lua_rawseti(L, -2, i + 1);
}
lua_setfield(L, -2, "attributes");
}
lua_newtable(L);
if (X509_PUBKEY_get0_param(&oalg, NULL, NULL, NULL, xpub))
{
openssl_push_asn1object(L, oalg);
lua_setfield(L, -2, "algorithm");
}
AUXILIAR_SETOBJECT(L, pubkey, "openssl.evp_pkey", -1, "pubkey");
lua_setfield(L, -2, "pubkey");
lua_setfield(L, -2, "req_info");
}
return 1;
}
/*
int openssl_signerinfo_parse(lua_State*L)
{
PKCS7_SIGNER_INFO * si = CHECK_OBJECT(1,PKCS7_SIGNER_INFO,"openssl.pkcs7_signer_info");
si->
}
*/
static LUA_FUNCTION(openssl_pkcs7_parse)
{
PKCS7 * p7 = CHECK_OBJECT(1, PKCS7, "openssl.pkcs7");
STACK_OF(X509) *certs = NULL;
STACK_OF(X509_CRL) *crls = NULL;
int i = OBJ_obj2nid(p7->type);
lua_newtable(L);
AUXILIAR_SET(L, -1, "type", OBJ_nid2ln(i), string);
switch (i)
{
case NID_pkcs7_signed:
{
PKCS7_SIGNED *sign = p7->d.sign;
PKCS7* c = sign->contents;
PKCS7_SIGNER_INFO* si = sk_PKCS7_SIGNER_INFO_value(sign->signer_info, 0);
(void*)si;
certs = sign->cert ? sign->cert : NULL;
crls = sign->crl ? sign->crl : NULL;
#if 0
typedef struct pkcs7_signed_st
{
ASN1_INTEGER *version; /* version 1 */
STACK_OF(X509_ALGOR) *md_algs; /* md used */
STACK_OF(X509) *cert; /* [ 0 ] */
STACK_OF(X509_CRL) *crl; /* [ 1 ] */
STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
struct pkcs7_st *contents;
} PKCS7_SIGNED;
#endif
AUXILIAR_SETOBJECT(L, sk_X509_ALGOR_dup(sign->md_algs), "openssl.stack_of_x509_algor", -1, "md_algs");
AUXILIAR_SETOBJECT(L, sk_PKCS7_SIGNER_INFO_dup(sign->signer_info), "openssl.stack_of_pkcs7_signer_info", -1, "signer_info");
AUXILIAR_SET(L, -1, "detached", PKCS7_is_detached(p7), boolean);
if (c)
{
AUXILIAR_SETOBJECT(L, PKCS7_dup(c), "openssl.pkcs7", -1, "contents");
}
if (!PKCS7_is_detached(p7))
{
AUXILIAR_SETOBJECT(L, p7->d.sign->contents, "openssl.pkcs7", -1, "content");
}
}
break;
case NID_pkcs7_signedAndEnveloped:
certs = p7->d.signed_and_enveloped->cert;
crls = p7->d.signed_and_enveloped->crl;
break;
case NID_pkcs7_enveloped:
{
/*
BIO * mem = BIO_new(BIO_s_mem());
BIO * v_p7bio = PKCS7_dataDecode(p7,pkey,NULL,NULL);
BUF_MEM *bptr = NULL;
unsigned char src[4096];
int len;
while((len = BIO_read(v_p7bio,src,4096))>0){
BIO_write(mem, src, len);
}
BIO_free(v_p7bio);
BIO_get_mem_ptr(mem, &bptr);
if((int)*puiDataLen < bptr->length)
{
*puiDataLen = bptr->length;
ret = SAR_MemoryErr;
}else{
*puiDataLen = bptr->length;
memcpy(pucData,bptr->data, bptr->length);
}
*/
}
break;
case NID_pkcs7_digest:
{
PKCS7_DIGEST* d = p7->d.digest;
PKCS7* c = d->contents;
ASN1_OCTET_STRING *data = d->digest;
(void*)c;
AUXILIAR_SET(L, -1, "type", "digest", string);
if (data)
{
int dlen = ASN1_STRING_length(data);
unsigned char* dptr = ASN1_STRING_data(data);
AUXILIAR_SETLSTR(L, -1, "digest", (const char*)dptr, dlen);
}
}
break;
case NID_pkcs7_data:
{
ASN1_OCTET_STRING *data = p7->d.data;
int dlen = ASN1_STRING_length(data);
unsigned char* dptr = ASN1_STRING_data(data);
AUXILIAR_SET(L, -1, "type", "data", string);
AUXILIAR_SETLSTR(L, -1, "data", (const char*)dptr, dlen);
}
break;
default:
break;
}
