From 95f2ee394733edc91f6ef94239c211cc5076e444 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Mon, 18 Sep 2023 21:44:58 -0500 Subject: [PATCH] Add derive method to pkey Allows deriving shared secrets for use with symmetric encryption algorithms such as is done for ECDH. Closes https://github.com/wahern/luaossl/issues/213 --- src/openssl.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/src/openssl.c b/src/openssl.c index db64d03..34839b7 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -4662,6 +4662,53 @@ static int pk_encrypt(lua_State *L) { return auxL_error(L, auxL_EOPENSSL, "pkey:encrypt"); } /* pk_encrypt() */ + +static int pk_derive(lua_State *L) { + size_t outlen; + EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS); + EVP_PKEY *peer = checksimple(L, 2, PKEY_CLASS); + EVP_PKEY_CTX *ctx; + BIO *bio; + BUF_MEM *buf; + + bio = getbio(L); + BIO_get_mem_ptr(bio, &buf); + + if (!(ctx = EVP_PKEY_CTX_new(key, NULL))) + goto sslerr; + + if (EVP_PKEY_derive_init(ctx) <= 0) + goto sslerr; + + if (EVP_PKEY_derive_set_peer(ctx, peer) <= 0) + goto sslerr; + + if (EVP_PKEY_derive(ctx, NULL, &outlen) <= 0) + goto sslerr; + + if (!BUF_MEM_grow_clean(buf, outlen)) + goto sslerr; + + if (EVP_PKEY_derive(ctx, (unsigned char*)buf->data, &outlen) <= 0) + goto sslerr; + + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + + lua_pushlstring(L, buf->data, outlen); + + BIO_reset(bio); + + return 1; +sslerr: + if (ctx) { + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + } + BIO_reset(bio); + + return auxL_error(L, auxL_EOPENSSL, "pkey:encrypt"); +} /* pk_derive() */ #endif static int pk_sign(lua_State *L) { @@ -5393,6 +5440,7 @@ static const auxL_Reg pk_methods[] = { { "toPEM", &pk_toPEM }, { "tostring", &pk__tostring }, { "verify", &pk_verify }, + { "derive", &pk_derive }, { NULL, NULL }, };