Build fixes
[project/luci.git] / libs / nixio / src / tls-context.c
1 /*
2 * nixio - Linux I/O library for lua
3 *
4 * Copyright (C) 2009 Steven Barth <steven@midlink.org>
5 *
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 */
18
19 #include "nixio-tls.h"
20 #include <string.h>
21
22 static SSL_CTX* nixio__checktlsctx(lua_State *L) {
23 SSL_CTX **ctx = (SSL_CTX **)luaL_checkudata(L, 1, NIXIO_TLS_CTX_META);
24 luaL_argcheck(L, *ctx, 1, "invalid context");
25 return *ctx;
26 }
27
28 static int nixio__tls_perror(lua_State *L, int code) {
29 lua_pushnil(L);
30 lua_pushinteger(L, code);
31 return 2;
32 }
33
34 static int nixio__tls_pstatus(lua_State *L, int code) {
35 if (code == 1) {
36 lua_pushboolean(L, 1);
37 return 1;
38 } else {
39 return nixio__tls_perror(L, code);
40 }
41 }
42
43 static int nixio_tls_ctx(lua_State * L) {
44 const char *method = luaL_optlstring(L, 1, "client", NULL);
45
46 luaL_getmetatable(L, NIXIO_TLS_CTX_META);
47 SSL_CTX **ctx = lua_newuserdata(L, sizeof(SSL_CTX *));
48 if (!ctx) {
49 return luaL_error(L, "out of memory");
50 }
51
52 /* create userdata */
53 lua_pushvalue(L, -2);
54 lua_setmetatable(L, -2);
55
56 if (!strcmp(method, "client")) {
57 *ctx = SSL_CTX_new(TLSv1_client_method());
58 } else if (!strcmp(method, "server")) {
59 *ctx = SSL_CTX_new(TLSv1_server_method());
60 } else {
61 return luaL_argerror(L, 1, "supported values: client, server");
62 }
63
64 if (!(*ctx)) {
65 return luaL_error(L, "unable to create TLS context");
66 }
67
68 #ifdef WITH_CYASSL
69 SSL_CTX_set_verify(*ctx, SSL_VERIFY_NONE, NULL);
70 #endif
71
72 return 1;
73 }
74
75 static int nixio_tls_ctx_create(lua_State *L) {
76 SSL_CTX *ctx = nixio__checktlsctx(L);
77 int fd = nixio__checkfd(L, 2);
78
79 lua_createtable(L, 0, 3);
80 nixio_tls_sock *sock = lua_newuserdata(L, sizeof(nixio_tls_sock));
81 if (!sock) {
82 return luaL_error(L, "out of memory");
83 }
84 memset(sock, 0, sizeof(nixio_tls_sock));
85
86 /* create userdata */
87 luaL_getmetatable(L, NIXIO_TLS_SOCK_META);
88 lua_pushvalue(L, -1);
89 lua_setmetatable(L, -3);
90
91 sock->socket = SSL_new(ctx);
92 if (!sock->socket) {
93 return nixio__tls_perror(L, 0);
94 }
95
96 if (SSL_set_fd(sock->socket, fd) != 1) {
97 return nixio__tls_perror(L, 0);
98 }
99
100 /* save context and socket to prevent GC from collecting them */
101 lua_setmetatable(L, -3);
102 lua_setfield(L, -2, "connection");
103
104 lua_pushvalue(L, 1);
105 lua_setfield(L, -2, "context");
106
107 lua_pushvalue(L, 2);
108 lua_setfield(L, -2, "socket");
109
110 return 1;
111 }
112
113 static int nixio_tls_ctx_set_cert(lua_State *L) {
114 SSL_CTX *ctx = nixio__checktlsctx(L);
115 const char *cert = luaL_checkstring(L, 2);
116 const char *type = luaL_optstring(L, 3, "chain");
117 int ktype;
118
119 if (!strcmp(type, "chain")) {
120 return nixio__tls_pstatus(L,
121 SSL_CTX_use_certificate_chain_file(ctx, cert));
122 } else if (!strcmp(type, "pem")) {
123 ktype = SSL_FILETYPE_PEM;
124 } else if (!strcmp(type, "asn1")) {
125 ktype = SSL_FILETYPE_ASN1;
126 } else {
127 return luaL_argerror(L, 3, "supported values: chain, pem, asn1");
128 }
129
130 return nixio__tls_pstatus(L,
131 SSL_CTX_use_certificate_file(ctx, cert, ktype));
132 }
133
134 static int nixio_tls_ctx_set_key(lua_State *L) {
135 SSL_CTX *ctx = nixio__checktlsctx(L);
136 const char *cert = luaL_checkstring(L, 2);
137 const char *type = luaL_optstring(L, 3, "pem");
138 int ktype;
139
140 if (!strcmp(type, "pem")) {
141 ktype = SSL_FILETYPE_PEM;
142 } else if (!strcmp(type, "asn1")) {
143 ktype = SSL_FILETYPE_ASN1;
144 } else {
145 return luaL_argerror(L, 3, "supported values: pem, asn1");
146 }
147
148 return nixio__tls_pstatus(L, SSL_CTX_use_PrivateKey_file(ctx, cert, ktype));
149 }
150
151 static int nixio_tls_ctx_set_ciphers(lua_State *L) {
152 SSL_CTX *ctx = nixio__checktlsctx(L);
153 size_t len;
154 const char *ciphers = luaL_checklstring(L, 2, &len);
155 luaL_argcheck(L, len < 255, 2, "cipher string too long");
156 return nixio__tls_pstatus(L, SSL_CTX_set_cipher_list(ctx, ciphers));
157 }
158
159 static int nixio_tls_ctx_set_verify(lua_State *L) {
160 SSL_CTX *ctx = nixio__checktlsctx(L);
161 const int j = lua_gettop(L);
162 int flags = 0;
163 for (int i=2; i<=j; i++) {
164 const char *flag = luaL_checkstring(L, i);
165 if (!strcmp(flag, "none")) {
166 flags |= SSL_VERIFY_NONE;
167 } else if (!strcmp(flag, "peer")) {
168 flags |= SSL_VERIFY_PEER;
169 } else if (!strcmp(flag, "verify_fail_if_no_peer_cert")) {
170 flags |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
171 } else if (!strcmp(flag, "client_once")) {
172 flags |= SSL_VERIFY_CLIENT_ONCE;
173 } else {
174 return luaL_argerror(L, i, "supported values: none, peer, "
175 "verify_fail_if_no_peer_cert, client_once");
176 }
177 }
178 SSL_CTX_set_verify(ctx, flags, NULL);
179 return 0;
180 }
181
182 static int nixio_tls_ctx__gc(lua_State *L) {
183 SSL_CTX **ctx = (SSL_CTX **)luaL_checkudata(L, 1, NIXIO_TLS_CTX_META);
184 if (*ctx) {
185 SSL_CTX_free(*ctx);
186 *ctx = NULL;
187 }
188 return 0;
189 }
190
191 static int nixio_tls_ctx__tostring(lua_State *L) {
192 SSL_CTX *ctx = nixio__checktlsctx(L);
193 lua_pushfstring(L, "nixio TLS context: %p", ctx);
194 return 1;
195 }
196
197 /* module table */
198 static const luaL_reg R[] = {
199 {"tls", nixio_tls_ctx},
200 {NULL, NULL}
201 };
202
203 /* ctx function table */
204 static const luaL_reg CTX_M[] = {
205 {"set_cert", nixio_tls_ctx_set_cert},
206 {"set_key", nixio_tls_ctx_set_key},
207 {"set_ciphers", nixio_tls_ctx_set_ciphers},
208 {"set_verify", nixio_tls_ctx_set_verify},
209 {"create", nixio_tls_ctx_create},
210 {"__gc", nixio_tls_ctx__gc},
211 {"__tostring", nixio_tls_ctx__tostring},
212 {NULL, NULL}
213 };
214
215
216 void nixio_open_tls_context(lua_State *L) {
217 /* initialize tls library */
218 SSL_load_error_strings();
219 SSL_library_init();
220
221 /* register module functions */
222 luaL_register(L, NULL, R);
223
224 #if defined (WITH_AXTLS)
225 lua_pushliteral(L, "axtls");
226 #elif defined (WITH_CYASSL)
227 lua_pushliteral(L, "cyassl");
228 #else
229 lua_pushliteral(L, "openssl");
230 #endif
231 lua_setfield(L, -2, "tls_provider");
232
233 /* create context metatable */
234 luaL_newmetatable(L, NIXIO_TLS_CTX_META);
235 lua_pushvalue(L, -1);
236 lua_setfield(L, -2, "__index");
237 luaL_register(L, NULL, CTX_M);
238 lua_setfield(L, -2, "meta_tls_context");
239 }