projects / project / luci.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
applications/luci-asterisk:
[project/luci.git] / libs / nixio / src / tls-context.c
1 /*
2 * nixio - Linux I/O library for lua
3 *
4 * Copyright (C) 2009 Steven Barth <steven@midlink.org>
5 *
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 */
18
19 #include "nixio-tls.h"
20 #include <string.h>
21
22 static SSL_CTX* nixio__checktlsctx(lua_State *L) {
23 SSL_CTX **ctx = (SSL_CTX **)luaL_checkudata(L, 1, NIXIO_TLS_CTX_META);
24 luaL_argcheck(L, *ctx, 1, "invalid context");
25 return *ctx;
26 }
27
28 static int nixio__tls_perror(lua_State *L, int code) {
29 lua_pushnil(L);
30 lua_pushinteger(L, code);
31 return 2;
32 }
33
34 static int nixio__tls_pstatus(lua_State *L, int code) {
35 if (code == 1) {
36 lua_pushboolean(L, 1);
37 return 1;
38 } else {
39 return nixio__tls_perror(L, code);
40 }
41 }
42
43 static int nixio_tls_ctx(lua_State * L) {
44 const char *method = luaL_optlstring(L, 1, "tlsv1", NULL);
45
46 SSL_CTX **ctx = lua_newuserdata(L, sizeof(SSL_CTX *));
47 if (!ctx) {
48 return luaL_error(L, "out of memory");
49 }
50
51 /* create userdata */
52 luaL_getmetatable(L, NIXIO_TLS_CTX_META);
53 lua_setmetatable(L, -2);
54
55 if (!strcmp(method, "tlsv1")) {
56 *ctx = SSL_CTX_new(TLSv1_method());
57 } else if (!strcmp(method, "sslv23")) {
58 *ctx = SSL_CTX_new(SSLv23_method());
59 } else {
60 return luaL_argerror(L, 1, "supported values: tlsv1, sslv23");
61 }
62
63
64 SSL_CTX_set_options(*ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
65
66 if (!(*ctx)) {
67 return luaL_error(L, "unable to create TLS context");
68 }
69
70 return 1;
71 }
72
73 static int nixio_tls_ctx_create(lua_State *L) {
74 SSL_CTX *ctx = nixio__checktlsctx(L);
75 int fd = nixio__checkfd(L, 2);
76
77 nixio_tls_sock *sock = lua_newuserdata(L, sizeof(nixio_tls_sock));
78 if (!sock) {
79 return luaL_error(L, "out of memory");
80 }
81 memset(sock, 0, sizeof(nixio_tls_sock));
82
83 /* create userdata */
84 luaL_getmetatable(L, NIXIO_TLS_SOCK_META);
85 lua_setmetatable(L, -2);
86
87 sock->socket = SSL_new(ctx);
88 if (!sock->socket) {
89 return nixio__tls_perror(L, 0);
90 }
91
92 if (SSL_set_fd(sock->socket, fd) != 1) {
93 return nixio__tls_perror(L, 0);
94 }
95
96 return 1;
97 }
98
99 static int nixio_tls_ctx_set_cert(lua_State *L) {
100 SSL_CTX *ctx = nixio__checktlsctx(L);
101 const char *cert = luaL_checkstring(L, 2);
102 return nixio__tls_pstatus(L, SSL_CTX_use_certificate_chain_file(ctx, cert));
103 }
104
105 static int nixio_tls_ctx_set_key(lua_State *L) {
106 SSL_CTX *ctx = nixio__checktlsctx(L);
107 const char *cert = luaL_checkstring(L, 2);
108 const int ktype = SSL_FILETYPE_PEM;
109 return nixio__tls_pstatus(L, SSL_CTX_use_PrivateKey_file(ctx, cert, ktype));
110 }
111
112 static int nixio_tls_ctx_set_ciphers(lua_State *L) {
113 SSL_CTX *ctx = nixio__checktlsctx(L);
114 size_t len;
115 const char *ciphers = luaL_checklstring(L, 2, &len);
116 luaL_argcheck(L, len < 255, 2, "cipher string too long");
117 return nixio__tls_pstatus(L, SSL_CTX_set_cipher_list(ctx, ciphers));
118 }
119
120 static int nixio_tls_ctx_set_verify_depth(lua_State *L) {
121 SSL_CTX *ctx = nixio__checktlsctx(L);
122 const int depth = luaL_checkinteger(L, 2);
123 SSL_CTX_set_verify_depth(ctx, depth);
124 return 0;
125 }
126
127 static int nixio_tls_ctx_set_verify(lua_State *L) {
128 SSL_CTX *ctx = nixio__checktlsctx(L);
129 const int j = lua_gettop(L);
130 int flags = 0;
131 for (int i=2; i<=j; i++) {
132 const char *flag = luaL_checkstring(L, i);
133 if (!strcmp(flag, "none")) {
134 flags |= SSL_VERIFY_NONE;
135 } else if (!strcmp(flag, "peer")) {
136 flags |= SSL_VERIFY_PEER;
137 } else if (!strcmp(flag, "verify_fail_if_no_peer_cert")) {
138 flags |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
139 } else if (!strcmp(flag, "client_once")) {
140 flags |= SSL_VERIFY_CLIENT_ONCE;
141 } else {
142 return luaL_argerror(L, i, "supported values: none, peer, "
143 "verify_fail_if_no_peer_cert, client_once");
144 }
145 }
146 SSL_CTX_set_verify(ctx, flags, NULL);
147 return 0;
148 }
149
150 static int nixio_tls_ctx__gc(lua_State *L) {
151 SSL_CTX **ctx = (SSL_CTX **)luaL_checkudata(L, 1, NIXIO_TLS_CTX_META);
152 if (*ctx) {
153 SSL_CTX_free(*ctx);
154 *ctx = NULL;
155 }
156 return 0;
157 }
158
159 static int nixio_tls_ctx__tostring(lua_State *L) {
160 SSL_CTX *ctx = nixio__checktlsctx(L);
161 lua_pushfstring(L, "nixio TLS context: %p", ctx);
162 return 1;
163 }
164
165 /* module table */
166 static const luaL_reg R[] = {
167 {"tls", nixio_tls_ctx},
168 {NULL, NULL}
169 };
170
171 /* ctx function table */
172 static const luaL_reg CTX_M[] = {
173 {"set_cert", nixio_tls_ctx_set_cert},
174 {"set_key", nixio_tls_ctx_set_key},
175 {"set_ciphers", nixio_tls_ctx_set_ciphers},
176 {"set_verify_depth", nixio_tls_ctx_set_verify_depth},
177 {"set_verify", nixio_tls_ctx_set_verify},
178 {"create", nixio_tls_ctx_create},
179 {"__gc", nixio_tls_ctx__gc},
180 {"__tostring", nixio_tls_ctx__tostring},
181 {NULL, NULL}
182 };
183
184
185 void nixio_open_tls_context(lua_State *L) {
186 /* initialize tls library */
187 SSL_load_error_strings();
188 SSL_library_init();
189
190 /* register module functions */
191 luaL_register(L, NULL, R);
192
193 /* create context metatable */
194 luaL_newmetatable(L, NIXIO_TLS_CTX_META);
195 lua_pushvalue(L, -1);
196 lua_setfield(L, -2, "__index");
197 luaL_register(L, NULL, CTX_M);
198 lua_pop(L, 1);
199 }
Lua Configuration Interface (mirror)