static LUA_FUNCTION(openssl_csr_parse) { X509_REQ * csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req"); X509_NAME * subject = X509_REQ_get_subject_name(csr); STACK_OF(X509_EXTENSION) *exts = X509_REQ_get_extensions(csr); lua_newtable(L); openssl_push_asn1(L, csr->signature, V_ASN1_BIT_STRING); lua_setfield(L, -2, "signature"); openssl_push_x509_algor(L, csr->sig_alg); lua_setfield(L, -2, "sig_alg"); lua_newtable(L); AUXILIAR_SET(L, -1, "version", X509_REQ_get_version(csr), integer); openssl_push_xname_asobject(L, subject); lua_setfield(L, -2, "subject"); if (exts) { lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, exts); lua_rawset(L, -3); sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); } { X509_REQ_INFO* ri = csr->req_info; int i, c; EVP_PKEY *pubkey = X509_REQ_get_pubkey(csr); lua_newtable(L); c = X509_REQ_get_attr_count(csr); if (c > 0) { lua_newtable(L); for (i = 0; i < c ; i++) { X509_ATTRIBUTE *attr = X509_REQ_get_attr(csr, i); attr = X509_ATTRIBUTE_dup(attr); PUSH_OBJECT(attr, "openssl.x509_attribute"); lua_rawseti(L, -2, i + 1); } lua_setfield(L, -2, "attributes"); } lua_newtable(L); openssl_push_asn1object(L, ri->pubkey->algor->algorithm); lua_setfield(L, -2, "algorithm"); AUXILIAR_SETOBJECT(L, pubkey , "openssl.evp_pkey", -1, "pubkey"); lua_setfield(L, -2, "pubkey"); lua_setfield(L, -2, "req_info"); } return 1; }
static LUA_FUNCTION(openssl_pkcs12_read) { PKCS12 * p12 = NULL; EVP_PKEY * pkey = NULL; X509 * cert = NULL; STACK_OF(X509) * ca = NULL; int ret = 0; int base64 = 0; int olb64 = 0; BIO * b64 = NULL; BIO * bio_in = load_bio_object(L, 1); const char *pass = luaL_checkstring(L, 2); if (!lua_isnoneornil(L, 3)) base64 = auxiliar_checkboolean(L, 3); if (!lua_isnoneornil(L, 4)) olb64 = auxiliar_checkboolean(L, 4); if (base64) { if ((b64 = BIO_new(BIO_f_base64())) == NULL) return 0; if (olb64) BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); bio_in = BIO_push(b64, bio_in); } if (d2i_PKCS12_bio(bio_in, &p12) && PKCS12_parse(p12, pass, &pkey, &cert, &ca)) { lua_newtable(L); AUXILIAR_SETOBJECT(L, cert, "openssl.x509" , -1, "cert"); AUXILIAR_SETOBJECT(L, pkey, "openssl.evp_pkey" , -1, "pkey"); AUXILIAR_SETOBJECT(L, ca, "openssl.stack_of_x509" , -1, "extracerts"); ret = 1; } if (b64) BIO_free(b64); BIO_free(bio_in); PKCS12_free(p12); return ret; }
static LUA_FUNCTION(openssl_digest_ctx_info) { EVP_MD_CTX *ctx = CHECK_OBJECT(1, EVP_MD_CTX, "openssl.evp_digest_ctx"); lua_newtable(L); AUXILIAR_SET(L, -1, "block_size", EVP_MD_CTX_block_size(ctx), integer); AUXILIAR_SET(L, -1, "size", EVP_MD_CTX_size(ctx), integer); AUXILIAR_SET(L, -1, "type", EVP_MD_CTX_type(ctx), integer); AUXILIAR_SETOBJECT(L, EVP_MD_CTX_md(ctx), "openssl.evp_digest", -1, "digest"); return 1; }
static int openssl_ec_key_parse(lua_State*L) { EC_KEY* ec = CHECK_OBJECT(1, EC_KEY, "openssl.ec_key"); int basic = luaL_opt(L,lua_toboolean, 2, 0); const EC_POINT* point = EC_KEY_get0_public_key(ec); const EC_GROUP* group = EC_KEY_get0_group(ec); const BIGNUM *priv = EC_KEY_get0_private_key(ec); lua_newtable(L); if (basic) { BIGNUM* x = BN_new(); BIGNUM* y = BN_new(); AUXILIAR_SET(L, -1, "enc_flag", EC_KEY_get_enc_flags(ec), integer); AUXILIAR_SET(L, -1, "conv_form", EC_KEY_get_conv_form(ec), integer); AUXILIAR_SET(L, -1, "curve_name", EC_GROUP_get_curve_name(group), integer); AUXILIAR_SETOBJECT(L, BN_dup(priv), "openssl.bn", -1, "d"); if (EC_POINT_get_affine_coordinates_GFp(group, point, x, y, NULL) == 1) { AUXILIAR_SETOBJECT(L, x, "openssl.bn", -1, "x"); AUXILIAR_SETOBJECT(L, y, "openssl.bn", -1, "y"); }; } else { AUXILIAR_SET(L, -1, "enc_flag", EC_KEY_get_enc_flags(ec), integer); AUXILIAR_SET(L, -1, "conv_form", EC_KEY_get_conv_form(ec), integer); point = EC_POINT_dup(point, group); AUXILIAR_SETOBJECT(L, point, "openssl.ec_point", -1, "pub_key"); group = EC_GROUP_dup(group); AUXILIAR_SETOBJECT(L, group, "openssl.ec_group", -1, "group"); OPENSSL_PKEY_GET_BN(priv, priv_key); } return 1; };
static LUA_FUNCTION(openssl_cipher_ctx_info) { EVP_CIPHER_CTX *ctx = CHECK_OBJECT(1, EVP_CIPHER_CTX, "openssl.evp_cipher_ctx"); lua_newtable(L); AUXILIAR_SET(L, -1, "block_size", EVP_CIPHER_CTX_block_size(ctx), integer); AUXILIAR_SET(L, -1, "key_length", EVP_CIPHER_CTX_key_length(ctx), integer); AUXILIAR_SET(L, -1, "iv_length", EVP_CIPHER_CTX_iv_length(ctx), integer); AUXILIAR_SET(L, -1, "flags", EVP_CIPHER_CTX_flags(ctx), integer); AUXILIAR_SET(L, -1, "nid", EVP_CIPHER_CTX_nid(ctx), integer); AUXILIAR_SET(L, -1, "type", EVP_CIPHER_CTX_mode(ctx), integer); AUXILIAR_SET(L, -1, "mode", EVP_CIPHER_CTX_type(ctx), integer); AUXILIAR_SETOBJECT(L, EVP_CIPHER_CTX_cipher(ctx), "openssl.evp_cipher", -1, "cipher"); return 1; }
static int openssl_ec_group_parse(lua_State*L) { const EC_GROUP* group = CHECK_OBJECT(1, EC_GROUP, "openssl.ec_group"); const EC_POINT *generator = EC_GROUP_get0_generator(group); BN_CTX* ctx = BN_CTX_new(); BIGNUM *a, *b, *p, *order, *cofactor; lua_newtable(L); if (generator) { generator = EC_POINT_dup(generator, group); AUXILIAR_SETOBJECT(L, generator, "openssl.ec_point", -1, "generator"); } order = BN_new(); EC_GROUP_get_order(group, order, ctx); AUXILIAR_SETOBJECT(L, order, "openssl.bn", -1, "order"); cofactor = BN_new(); EC_GROUP_get_cofactor(group, cofactor, ctx); AUXILIAR_SETOBJECT(L, cofactor, "openssl.bn", -1, "cofactor"); AUXILIAR_SET(L, -1, "asn1_flag", EC_GROUP_get_asn1_flag(group), integer); AUXILIAR_SET(L, -1, "degree", EC_GROUP_get_degree(group), integer); AUXILIAR_SET(L, -1, "curve_name", EC_GROUP_get_curve_name(group), integer); AUXILIAR_SET(L, -1, "conversion_form", EC_GROUP_get_point_conversion_form(group), integer); AUXILIAR_SETLSTR(L, -1, "seed", EC_GROUP_get0_seed(group), EC_GROUP_get_seed_len(group)); a = BN_new(); b = BN_new(); p = BN_new(); EC_GROUP_get_curve_GFp(group, p, a, b, ctx); lua_newtable(L); { AUXILIAR_SETOBJECT(L, p, "openssl.bn", -1, "p"); AUXILIAR_SETOBJECT(L, a, "openssl.bn", -1, "a"); AUXILIAR_SETOBJECT(L, b, "openssl.bn", -1, "b"); } lua_setfield(L, -2, "curve"); BN_CTX_free(ctx); return 1; }
static int openssl_push_pkcs7_signer_info(lua_State *L, PKCS7_SIGNER_INFO *info) { lua_newtable(L); AUXILIAR_SET(L, -1, "version", ASN1_INTEGER_get(info->version), integer); if (info->issuer_and_serial != NULL) { X509_NAME *i = X509_NAME_dup(info->issuer_and_serial->issuer); ASN1_INTEGER *s = ASN1_INTEGER_dup(info->issuer_and_serial->serial); if (info->issuer_and_serial->issuer) AUXILIAR_SETOBJECT(L, i, "openssl.x509_name", -1, "issuer"); if (info->issuer_and_serial->serial) AUXILIAR_SETOBJECT(L, s, "openssl.asn1_integer", -1, "serial"); } if (info->digest_alg) { X509_ALGOR *dup = X509_ALGOR_dup(info->digest_alg); AUXILIAR_SETOBJECT(L, dup, "openssl.x509_algor", -1, "digest_alg"); } if (info->digest_enc_alg) { X509_ALGOR *dup = X509_ALGOR_dup(info->digest_alg); AUXILIAR_SETOBJECT(L, dup, "openssl.x509_algor", -1, "digest_enc_alg"); } if (info->enc_digest) { ASN1_STRING *dup = ASN1_STRING_dup(info->enc_digest); AUXILIAR_SETOBJECT(L, dup, "openssl.asn1_string", -1, "enc_digest"); } if (info->pkey) { CRYPTO_add(&info->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); AUXILIAR_SETOBJECT(L, info->pkey, "openssl.evp_pkey", -1, "pkey"); } return 1; }
static LUA_FUNCTION(openssl_pkcs7_parse) { PKCS7 * p7 = CHECK_OBJECT(1, PKCS7, "openssl.pkcs7"); STACK_OF(X509) *certs = NULL; STACK_OF(X509_CRL) *crls = NULL; int i = OBJ_obj2nid(p7->type); lua_newtable(L); AUXILIAR_SET(L, -1, "type", OBJ_nid2ln(i), string); switch (i) { case NID_pkcs7_signed: { PKCS7_SIGNED *sign = p7->d.sign; certs = sign->cert ? sign->cert : NULL; crls = sign->crl ? sign->crl : NULL; AUXILIAR_SET(L, -1, "version", ASN1_INTEGER_get(sign->version), integer); AUXILIAR_SET(L, -1, "detached", PKCS7_is_detached(p7), boolean); lua_pushstring(L, "md_algs"); openssl_sk_x509_algor_totable(L, sign->md_algs); lua_rawset(L, -3); if (sign->signer_info) { int j, n; n = sk_PKCS7_SIGNER_INFO_num(sign->signer_info); lua_pushstring(L, "signer_info"); lua_newtable(L); for (j = 0; j < n; j++) { PKCS7_SIGNER_INFO *info = sk_PKCS7_SIGNER_INFO_value(sign->signer_info, j); lua_pushinteger(L, j + 1); openssl_push_pkcs7_signer_info(L, info); lua_rawset(L, -3); } lua_rawset(L, -3); } if (!PKCS7_is_detached(p7)) { PKCS7* c = sign->contents; c = PKCS7_dup(c); AUXILIAR_SETOBJECT(L, c, "openssl.pkcs7", -1, "contents"); } } break; case NID_pkcs7_signedAndEnveloped: certs = p7->d.signed_and_enveloped->cert; crls = p7->d.signed_and_enveloped->crl; break; case NID_pkcs7_enveloped: { /* BIO * mem = BIO_new(BIO_s_mem()); BIO * v_p7bio = PKCS7_dataDecode(p7,pkey,NULL,NULL); BUF_MEM *bptr = NULL; unsigned char src[4096]; int len; while((len = BIO_read(v_p7bio,src,4096))>0){ BIO_write(mem, src, len); } BIO_free(v_p7bio); BIO_get_mem_ptr(mem, &bptr); if((int)*puiDataLen < bptr->length) { *puiDataLen = bptr->length; ret = SAR_MemoryErr; }else{ *puiDataLen = bptr->length; memcpy(pucData,bptr->data, bptr->length); } */ } break; case NID_pkcs7_digest: { PKCS7_DIGEST* d = p7->d.digest; ASN1_OCTET_STRING *as = ASN1_STRING_dup(d->digest); PUSH_OBJECT(as, "openssl.asn1_string"); lua_setfield(L, -2, "digest"); } break; case NID_pkcs7_data: { ASN1_OCTET_STRING *as = ASN1_STRING_dup(p7->d.data); PUSH_OBJECT(as, "openssl.asn1_string"); lua_setfield(L, -2, "data"); } break; default: break; } /* NID_pkcs7_signed or NID_pkcs7_signedAndEnveloped */ if (certs != NULL) { lua_pushstring(L, "certs"); openssl_sk_x509_totable(L, certs); lua_rawset(L, -3); } if (crls != NULL) { lua_pushstring(L, "crls"); openssl_sk_x509_crl_totable(L, crls); lua_rawset(L, -3); } return 1; }
/*** parse x509_req object as table @function parse @tparam[opt=true] shortname default will use short object name @treturn table result */ static LUA_FUNCTION(openssl_csr_parse) { X509_REQ *csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req"); X509_NAME *subject = X509_REQ_get_subject_name(csr); STACK_OF(X509_EXTENSION) *exts = X509_REQ_get_extensions(csr); lua_newtable(L); { const ASN1_BIT_STRING *sig = NULL; const X509_ALGOR *alg = NULL; X509_REQ_get0_signature(csr, &sig, &alg); openssl_push_asn1(L, sig, V_ASN1_BIT_STRING); lua_setfield(L, -2, "signature"); alg = X509_ALGOR_dup((X509_ALGOR *)alg); PUSH_OBJECT(alg, "openssl.x509_algor"); lua_setfield(L, -2, "sig_alg"); } lua_newtable(L); AUXILIAR_SET(L, -1, "version", X509_REQ_get_version(csr), integer); openssl_push_xname_asobject(L, subject); lua_setfield(L, -2, "subject"); if (exts) { lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, exts); lua_rawset(L, -3); sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); } { X509_PUBKEY *xpub = X509_REQ_get_X509_PUBKEY(csr); ASN1_OBJECT *oalg = NULL; int c; EVP_PKEY *pubkey = X509_REQ_get_pubkey(csr); lua_newtable(L); c = X509_REQ_get_attr_count(csr); if (c > 0) { int i; lua_newtable(L); for (i = 0; i < c ; i++) { X509_ATTRIBUTE *attr = X509_REQ_get_attr(csr, i); attr = X509_ATTRIBUTE_dup(attr); PUSH_OBJECT(attr, "openssl.x509_attribute"); lua_rawseti(L, -2, i + 1); } lua_setfield(L, -2, "attributes"); } lua_newtable(L); if (X509_PUBKEY_get0_param(&oalg, NULL, NULL, NULL, xpub)) { openssl_push_asn1object(L, oalg); lua_setfield(L, -2, "algorithm"); } AUXILIAR_SETOBJECT(L, pubkey, "openssl.evp_pkey", -1, "pubkey"); lua_setfield(L, -2, "pubkey"); lua_setfield(L, -2, "req_info"); } return 1; }
/* int openssl_signerinfo_parse(lua_State*L) { PKCS7_SIGNER_INFO * si = CHECK_OBJECT(1,PKCS7_SIGNER_INFO,"openssl.pkcs7_signer_info"); si-> } */ static LUA_FUNCTION(openssl_pkcs7_parse) { PKCS7 * p7 = CHECK_OBJECT(1, PKCS7, "openssl.pkcs7"); STACK_OF(X509) *certs = NULL; STACK_OF(X509_CRL) *crls = NULL; int i = OBJ_obj2nid(p7->type); lua_newtable(L); AUXILIAR_SET(L, -1, "type", OBJ_nid2ln(i), string); switch (i) { case NID_pkcs7_signed: { PKCS7_SIGNED *sign = p7->d.sign; PKCS7* c = sign->contents; PKCS7_SIGNER_INFO* si = sk_PKCS7_SIGNER_INFO_value(sign->signer_info, 0); (void*)si; certs = sign->cert ? sign->cert : NULL; crls = sign->crl ? sign->crl : NULL; #if 0 typedef struct pkcs7_signed_st { ASN1_INTEGER *version; /* version 1 */ STACK_OF(X509_ALGOR) *md_algs; /* md used */ STACK_OF(X509) *cert; /* [ 0 ] */ STACK_OF(X509_CRL) *crl; /* [ 1 ] */ STACK_OF(PKCS7_SIGNER_INFO) *signer_info; struct pkcs7_st *contents; } PKCS7_SIGNED; #endif AUXILIAR_SETOBJECT(L, sk_X509_ALGOR_dup(sign->md_algs), "openssl.stack_of_x509_algor", -1, "md_algs"); AUXILIAR_SETOBJECT(L, sk_PKCS7_SIGNER_INFO_dup(sign->signer_info), "openssl.stack_of_pkcs7_signer_info", -1, "signer_info"); AUXILIAR_SET(L, -1, "detached", PKCS7_is_detached(p7), boolean); if (c) { AUXILIAR_SETOBJECT(L, PKCS7_dup(c), "openssl.pkcs7", -1, "contents"); } if (!PKCS7_is_detached(p7)) { AUXILIAR_SETOBJECT(L, p7->d.sign->contents, "openssl.pkcs7", -1, "content"); } } break; case NID_pkcs7_signedAndEnveloped: certs = p7->d.signed_and_enveloped->cert; crls = p7->d.signed_and_enveloped->crl; break; case NID_pkcs7_enveloped: { /* BIO * mem = BIO_new(BIO_s_mem()); BIO * v_p7bio = PKCS7_dataDecode(p7,pkey,NULL,NULL); BUF_MEM *bptr = NULL; unsigned char src[4096]; int len; while((len = BIO_read(v_p7bio,src,4096))>0){ BIO_write(mem, src, len); } BIO_free(v_p7bio); BIO_get_mem_ptr(mem, &bptr); if((int)*puiDataLen < bptr->length) { *puiDataLen = bptr->length; ret = SAR_MemoryErr; }else{ *puiDataLen = bptr->length; memcpy(pucData,bptr->data, bptr->length); } */ } break; case NID_pkcs7_digest: { PKCS7_DIGEST* d = p7->d.digest; PKCS7* c = d->contents; ASN1_OCTET_STRING *data = d->digest; (void*)c; AUXILIAR_SET(L, -1, "type", "digest", string); if (data) { int dlen = ASN1_STRING_length(data); unsigned char* dptr = ASN1_STRING_data(data); AUXILIAR_SETLSTR(L, -1, "digest", (const char*)dptr, dlen); } } break; case NID_pkcs7_data: { ASN1_OCTET_STRING *data = p7->d.data; int dlen = ASN1_STRING_length(data); unsigned char* dptr = ASN1_STRING_data(data); AUXILIAR_SET(L, -1, "type", "data", string); AUXILIAR_SETLSTR(L, -1, "data", (const char*)dptr, dlen); } break; default: break; }