diff options
Diffstat (limited to 'server/resty/openssl/include/x509')
| -rw-r--r-- | server/resty/openssl/include/x509/altname.lua | 49 | ||||
| -rw-r--r-- | server/resty/openssl/include/x509/crl.lua | 86 | ||||
| -rw-r--r-- | server/resty/openssl/include/x509/csr.lua | 88 | ||||
| -rw-r--r-- | server/resty/openssl/include/x509/extension.lua | 44 | ||||
| -rw-r--r-- | server/resty/openssl/include/x509/init.lua | 138 | ||||
| -rw-r--r-- | server/resty/openssl/include/x509/name.lua | 21 | ||||
| -rw-r--r-- | server/resty/openssl/include/x509/revoked.lua | 17 |
7 files changed, 443 insertions, 0 deletions
diff --git a/server/resty/openssl/include/x509/altname.lua b/server/resty/openssl/include/x509/altname.lua new file mode 100644 index 0000000..ce1db67 --- /dev/null +++ b/server/resty/openssl/include/x509/altname.lua @@ -0,0 +1,49 @@ +local GEN_OTHERNAME = 0 +local GEN_EMAIL = 1 +local GEN_DNS = 2 +local GEN_X400 = 3 +local GEN_DIRNAME = 4 +local GEN_EDIPARTY = 5 +local GEN_URI = 6 +local GEN_IPADD = 7 +local GEN_RID = 8 + +local default_types = { + OtherName = GEN_OTHERNAME, -- otherName + RFC822Name = GEN_EMAIL, -- email + RFC822 = GEN_EMAIL, + Email = GEN_EMAIL, + DNSName = GEN_DNS, -- dns + DNS = GEN_DNS, + X400 = GEN_X400, -- x400 + DirName = GEN_DIRNAME, -- dirName + EdiParty = GEN_EDIPARTY, -- EdiParty + UniformResourceIdentifier = GEN_URI, -- uri + URI = GEN_URI, + IPAddress = GEN_IPADD, -- ipaddr + IP = GEN_IPADD, + RID = GEN_RID, -- rid +} + +local literals = { + [GEN_OTHERNAME] = "OtherName", + [GEN_EMAIL] = "email", + [GEN_DNS] = "DNS", + [GEN_X400] = "X400", + [GEN_DIRNAME] = "DirName", + [GEN_EDIPARTY] = "EdiParty", + [GEN_URI] = "URI", + [GEN_IPADD] = "IP", + [GEN_RID] = "RID", +} + +local types = {} +for t, gid in pairs(default_types) do + types[t:lower()] = gid + types[t] = gid +end + +return { + types = types, + literals = literals, +}
\ No newline at end of file diff --git a/server/resty/openssl/include/x509/crl.lua b/server/resty/openssl/include/x509/crl.lua new file mode 100644 index 0000000..7870cd3 --- /dev/null +++ b/server/resty/openssl/include/x509/crl.lua @@ -0,0 +1,86 @@ +local ffi = require "ffi" + +require "resty.openssl.include.ossl_typ" +require "resty.openssl.include.evp" +require "resty.openssl.include.objects" +require "resty.openssl.include.x509" +require "resty.openssl.include.stack" + +local asn1_macro = require "resty.openssl.include.asn1" + +local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10 +local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER +local BORINGSSL_110 = require("resty.openssl.version").BORINGSSL_110 + +asn1_macro.declare_asn1_functions("X509_CRL", asn1_macro.has_new_ex) + +ffi.cdef [[ + X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); + int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); + int X509_CRL_set_version(X509_CRL *x, long version); + + int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); + X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); + int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); + void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx); + + int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); + int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); + + int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl); + X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); + int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); + + int X509_CRL_print(BIO *bio, X509_CRL *crl); + + int X509_CRL_get0_by_serial(X509_CRL *crl, + X509_REVOKED **ret, ASN1_INTEGER *serial); + int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); + + //STACK_OF(X509_REVOKED) + OPENSSL_STACK *X509_CRL_get_REVOKED(X509_CRL *crl); + + int X509_CRL_get0_by_serial(X509_CRL *crl, + X509_REVOKED **ret, ASN1_INTEGER *serial); +]] + +if OPENSSL_11_OR_LATER then + ffi.cdef [[ + int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); + int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); + /*const*/ ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); + /*const*/ ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); + long X509_CRL_get_version(const X509_CRL *crl); + + X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); + + int X509_CRL_get_signature_nid(const X509_CRL *crl); + ]] +end +if OPENSSL_10 or BORINGSSL_110 then + -- in openssl 1.0.x some getters are direct accessor to struct members (defiend by macros) + ffi.cdef [[ + typedef struct X509_crl_info_st { + ASN1_INTEGER *version; + X509_ALGOR *sig_alg; + X509_NAME *issuer; + ASN1_TIME *lastUpdate; + ASN1_TIME *nextUpdate; + // STACK_OF(X509_REVOKED) + OPENSSL_STACK *revoked; + // STACK_OF(X509_EXTENSION) + OPENSSL_STACK /* [0] */ *extensions; + ASN1_ENCODING enc; + } X509_CRL_INFO; + + // Note: this struct is trimmed + struct X509_crl_st { + /* actual signature */ + X509_CRL_INFO *crl; + // trimmed + } /* X509_CRL */ ; + + int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); + int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); + ]] +end diff --git a/server/resty/openssl/include/x509/csr.lua b/server/resty/openssl/include/x509/csr.lua new file mode 100644 index 0000000..44c4801 --- /dev/null +++ b/server/resty/openssl/include/x509/csr.lua @@ -0,0 +1,88 @@ +local ffi = require "ffi" + +require "resty.openssl.include.ossl_typ" +require "resty.openssl.include.evp" +require "resty.openssl.include.objects" +require "resty.openssl.include.x509" +require "resty.openssl.include.stack" + +local asn1_macro = require "resty.openssl.include.asn1" + +local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10 +local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER +local OPENSSL_3X = require("resty.openssl.version").OPENSSL_3X +local BORINGSSL_110 = require("resty.openssl.version").BORINGSSL_110 + +asn1_macro.declare_asn1_functions("X509_REQ", asn1_macro.has_new_ex) + +ffi.cdef [[ + int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); + + EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); + int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); + + int X509_REQ_set_version(X509_REQ *x, long version); + + int X509_REQ_get_attr_count(const X509_REQ *req); + + int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); + X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); + int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); + + int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); + void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a); + int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); + X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); + + int *X509_REQ_get_extension_nids(void); + + int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); + int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); + + int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req); + X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req); + + // STACK_OF(X509_EXTENSION) + OPENSSL_STACK *X509_REQ_get_extensions(X509_REQ *req); + // STACK_OF(X509_EXTENSION) + int X509_REQ_add_extensions(X509_REQ *req, OPENSSL_STACK *exts); + + int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k); +]] + +if OPENSSL_11_OR_LATER then + ffi.cdef [[ + X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); + long X509_REQ_get_version(const X509_REQ *req); + + int X509_REQ_get_signature_nid(const X509_REQ *crl); + ]] +end +if OPENSSL_10 or BORINGSSL_110 then + ffi.cdef [[ + typedef struct X509_req_info_st { + ASN1_ENCODING enc; + ASN1_INTEGER *version; + X509_NAME *subject; + /*X509_PUBKEY*/ void *pubkey; + /* d=2 hl=2 l= 0 cons: cont: 00 */ + /*STACK_OF(X509_ATTRIBUTE)*/ OPENSSL_STACK *attributes; /* [ 0 ] */ + } X509_REQ_INFO; + + // Note: this struct is trimmed + typedef struct X509_req_st { + X509_REQ_INFO *req_info; + X509_ALGOR *sig_alg; + // trimmed + //ASN1_BIT_STRING *signature; + //int references; + } X509_REQ; + ]] +end + +if OPENSSL_3X then + ffi.cdef [[ + int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *pkey, OSSL_LIB_CTX *libctx, + const char *propq); + ]] +end diff --git a/server/resty/openssl/include/x509/extension.lua b/server/resty/openssl/include/x509/extension.lua new file mode 100644 index 0000000..14b231e --- /dev/null +++ b/server/resty/openssl/include/x509/extension.lua @@ -0,0 +1,44 @@ +local ffi = require "ffi" + +require "resty.openssl.include.ossl_typ" +require "resty.openssl.include.x509v3" +require "resty.openssl.include.x509" +local asn1_macro = require "resty.openssl.include.asn1" +local OPENSSL_3X = require("resty.openssl.version").OPENSSL_3X + +asn1_macro.declare_asn1_functions("X509_EXTENSION") + +if OPENSSL_3X then + ffi.cdef [[ + struct v3_ext_ctx { + int flags; + X509 *issuer_cert; + X509 *subject_cert; + X509_REQ *subject_req; + X509_CRL *crl; + /*X509V3_CONF_METHOD*/ void *db_meth; + void *db; + EVP_PKEY *issuer_pkey; + }; + + int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey); + ]] + +else + ffi.cdef [[ + struct v3_ext_ctx { + int flags; + X509 *issuer_cert; + X509 *subject_cert; + X509_REQ *subject_req; + X509_CRL *crl; + /*X509V3_CONF_METHOD*/ void *db_meth; + void *db; + }; + ]] +end + +ffi.cdef [[ + int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); + int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); +]]
\ No newline at end of file diff --git a/server/resty/openssl/include/x509/init.lua b/server/resty/openssl/include/x509/init.lua new file mode 100644 index 0000000..ec104ef --- /dev/null +++ b/server/resty/openssl/include/x509/init.lua @@ -0,0 +1,138 @@ +local ffi = require "ffi" + +require "resty.openssl.include.ossl_typ" +require "resty.openssl.include.bio" +require "resty.openssl.include.pem" +require "resty.openssl.include.stack" +local asn1_macro = require "resty.openssl.include.asn1" + +local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10 +local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER +local BORINGSSL_110 = require("resty.openssl.version").BORINGSSL_110 + +asn1_macro.declare_asn1_functions("X509", asn1_macro.has_new_ex) + +ffi.cdef [[ + int i2d_X509_bio(BIO *bp, X509 *x509); + X509 *d2i_X509_bio(BIO *bp, X509 **x509); + + // STACK_OF(X509) + OPENSSL_STACK *X509_chain_up_ref(OPENSSL_STACK *chain); + + int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); + int X509_verify(X509 *a, EVP_PKEY *r); + + ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj); + + int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); + X509_EXTENSION *X509_get_ext(const X509 *x, int loc); + int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); + void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); + + int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); + int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); + ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); + ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); + X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); + X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, + int nid, int crit, + ASN1_OCTET_STRING *data); + + // needed by pkey + EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); + EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); + int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); + int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); + + EVP_PKEY *X509_get_pubkey(X509 *x); + int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); + int X509_set_version(X509 *x, long version); + int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); + + X509_NAME *X509_get_subject_name(const X509 *a); + int X509_set_subject_name(X509 *x, X509_NAME *name); + X509_NAME *X509_get_issuer_name(const X509 *a); + int X509_set_issuer_name(X509 *x, X509_NAME *name); + + int X509_pubkey_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); + int X509_digest(const X509 *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); + + const char *X509_verify_cert_error_string(long n); + int X509_verify_cert(X509_STORE_CTX *ctx); + + int X509_get_signature_nid(const X509 *x); + + unsigned char *X509_alias_get0(X509 *x, int *len); + unsigned char *X509_keyid_get0(X509 *x, int *len); + int X509_check_private_key(X509 *x, EVP_PKEY *k); +]] + +if OPENSSL_11_OR_LATER then + ffi.cdef [[ + int X509_up_ref(X509 *a); + + int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); + int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); + /*const*/ ASN1_TIME *X509_get0_notBefore(const X509 *x); + /*const*/ ASN1_TIME *X509_get0_notAfter(const X509 *x); + long X509_get_version(const X509 *x); + const ASN1_INTEGER *X509_get0_serialNumber(X509 *x); + + X509_EXTENSION *X509_delete_ext(X509 *x, int loc); + ]] +elseif OPENSSL_10 then + ffi.cdef [[ + // STACK_OF(X509_EXTENSION) + X509_EXTENSION *X509v3_delete_ext(OPENSSL_STACK *x, int loc); + ]] +end + +if OPENSSL_10 or BORINGSSL_110 then + -- in openssl 1.0.x some getters are direct accessor to struct members (defiend by macros) + ffi.cdef [[ + // crypto/x509/x509.h + typedef struct X509_val_st { + ASN1_TIME *notBefore; + ASN1_TIME *notAfter; + } X509_VAL; + + typedef struct X509_algor_st { + ASN1_OBJECT *algorithm; + ASN1_TYPE *parameter; + } X509_ALGOR; + + // Note: this struct is trimmed + typedef struct x509_cinf_st { + /*ASN1_INTEGER*/ void *version; + /*ASN1_INTEGER*/ void *serialNumber; + X509_ALGOR *signature; + X509_NAME *issuer; + X509_VAL *validity; + X509_NAME *subject; + /*X509_PUBKEY*/ void *key; + /*ASN1_BIT_STRING*/ void *issuerUID; /* [ 1 ] optional in v2 */ + /*ASN1_BIT_STRING*/ void *subjectUID; /* [ 2 ] optional in v2 */ + /*STACK_OF(X509_EXTENSION)*/ OPENSSL_STACK *extensions; /* [ 3 ] optional in v3 */ + // trimmed + // ASN1_ENCODING enc; + } X509_CINF; + // Note: this struct is trimmed + struct x509_st { + X509_CINF *cert_info; + // trimmed + } X509; + + int X509_set_notBefore(X509 *x, const ASN1_TIME *tm); + int X509_set_notAfter(X509 *x, const ASN1_TIME *tm); + ASN1_INTEGER *X509_get_serialNumber(X509 *x); + ]] +end + +if BORINGSSL_110 then + ffi.cdef [[ + ASN1_TIME *X509_get_notBefore(const X509 *x); + ASN1_TIME *X509_get_notAfter(const X509 *x); + ]] +end diff --git a/server/resty/openssl/include/x509/name.lua b/server/resty/openssl/include/x509/name.lua new file mode 100644 index 0000000..2f933ae --- /dev/null +++ b/server/resty/openssl/include/x509/name.lua @@ -0,0 +1,21 @@ +local ffi = require "ffi" + +require "resty.openssl.include.ossl_typ" +require "resty.openssl.include.asn1" +require "resty.openssl.include.objects" +local asn1_macro = require "resty.openssl.include.asn1" + +asn1_macro.declare_asn1_functions("X509_NAME") + +ffi.cdef [[ + int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len, int loc, + int set); + + int X509_NAME_entry_count(const X509_NAME *name); + X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); + ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); + ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); + int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, + int lastpos); +]]
\ No newline at end of file diff --git a/server/resty/openssl/include/x509/revoked.lua b/server/resty/openssl/include/x509/revoked.lua new file mode 100644 index 0000000..c6539c9 --- /dev/null +++ b/server/resty/openssl/include/x509/revoked.lua @@ -0,0 +1,17 @@ +local ffi = require "ffi" + +require "resty.openssl.include.ossl_typ" +require "resty.openssl.include.asn1" +require "resty.openssl.include.objects" +local asn1_macro = require "resty.openssl.include.asn1" + +asn1_macro.declare_asn1_functions("X509_REVOKED") + +ffi.cdef [[ + int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); + int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); + int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); + + const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *r); + const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *r); +]]
\ No newline at end of file |