diff options
Diffstat (limited to 'examples')
| -rwxr-xr-x | examples/lm.hash | 71 | ||||
| -rw-r--r-- | examples/pkey.info | 8 | ||||
| -rwxr-xr-x | examples/self.x509 | 65 | ||||
| -rwxr-xr-x | examples/vrfy.sig | 53 |
4 files changed, 197 insertions, 0 deletions
diff --git a/examples/lm.hash b/examples/lm.hash new file mode 100755 index 0000000..b71b606 --- /dev/null +++ b/examples/lm.hash @@ -0,0 +1,71 @@ +#!/bin/sh +_=[[ + : ${LUA:=$(command -v lua-5.2)} + : ${LUA:=$(command -v lua5.2)} + : ${LUA:=$(command -v lua-52)} + : ${LUA:=$(command -v lua52)} + : ${LUA:=$(command -v luajit)} + : ${LUA:=$(command -v lua)} + + exec ${LUA} "$0" "$@" +]] + +local des = require"openssl.des" +local cipher = require"openssl.cipher" +local bit32 = require"bit32" + +local function lm_encrypt(key) + return cipher.new"DES-ECB":encrypt(key, nil, false):final"KGS!@#$%" +end -- lm_encrypt + +local lshift = bit32.lshift +local band = bit32.band +local rshift = bit32.rshift +local bor = bit32.bor + +local function lm_string_to_key(s) + local s0, s1, s2, s3, s4, s5, s6 = string.byte(s, 1, 7) + local k0, k1, k2, k3, k4, k5, k6, k7 + + s0 = s0 or 0 + s1 = s1 or 0 + s2 = s2 or 0 + s3 = s3 or 0 + s4 = s4 or 0 + s5 = s5 or 0 + s6 = s6 or 0 + + k0 = s0 + k1 = bor(band(lshift(s0, 7), 255), rshift(s1, 1)) + k2 = bor(band(lshift(s1, 6), 255), rshift(s2, 2)) + k3 = bor(band(lshift(s2, 5), 255), rshift(s3, 3)) + k4 = bor(band(lshift(s3, 4), 255), rshift(s4, 4)) + k5 = bor(band(lshift(s4, 3), 255), rshift(s5, 5)) + k6 = bor(band(lshift(s5, 2), 255), rshift(s6, 6)) + k7 = band(lshift(s6, 1), 255) + + return des.set_odd_parity(string.char(k0, k1, k2, k3, k4, k5, k6, k7)) +end -- lm_string_to_key + +local function lm_hash(pass) + pass = string.upper(pass) + + if #pass < 14 then + pass = pass .. string.rep(string.char(0), 14 - #pass) + end + + local key1 = lm_string_to_key(string.sub(pass, 1, 7)) + local key2 = lm_string_to_key(string.sub(pass, 8, 14)) + + return lm_encrypt(key1) .. lm_encrypt(key2) +end -- lm_hash + +local function tohex(s) + return (string.gsub(s, ".", function (c) + return string.format("%.2x", string.byte(c)) + end)) +end -- tohex + +local pass = ... or "passphrase" + +print(pass, tohex(lm_hash(pass))) diff --git a/examples/pkey.info b/examples/pkey.info new file mode 100644 index 0000000..7369d2d --- /dev/null +++ b/examples/pkey.info @@ -0,0 +1,8 @@ +local pkey = require"openssl.pkey" + +local rsa = pkey.new{ type = "RSA", bits = 512 } + +for k, v in pairs(rsa:getParameters()) do + print(k, v) +end + diff --git a/examples/self.x509 b/examples/self.x509 new file mode 100755 index 0000000..37b12c7 --- /dev/null +++ b/examples/self.x509 @@ -0,0 +1,65 @@ +#!/usr/local/lua52/bin/lua +-- +-- Example self-signed X.509 certificate generation. +-- +-- Skips intermediate CSR object, which is just an antiquated way for +-- specifying subject DN and public key to CAs. See API documentation for +-- CSR generation. +-- + +local keytype = ... + +local openssl = require"openssl" +local pkey = require"openssl.pkey" +local x509 = require"openssl.x509" +local name = require"openssl.x509.name" +local altname = require"openssl.x509.altname" + +-- generate our public/private key pair +local function genkey(type) + type = string.upper(type or (not openssl.NO_EC and "EC") or "RSA") + + if type == "RSA" then + return pkey.new{ type = "RSA", bits = 1024 } + elseif type == "DSA" then + return pkey.new{ type = "DSA", bits = 1024 } + else + return pkey.new{ type = "EC", curve = "prime192v1" } + end +end + +local key = genkey(keytype) + +-- our Subject and Issuer DN (self-signed, so same) +local dn = name.new() +dn:add("C", "US") +dn:add("ST", "California") +dn:add("L", "San Francisco") +dn:add("O", "Acme, Inc") +dn:add("CN", "acme.inc") + +-- our Alternative Names +local alt = altname.new() +alt:add("DNS", "acme.inc") +alt:add("DNS", "*.acme.inc") + +-- build our certificate +local crt = x509.new() + +crt:setVersion(3) +crt:setSerial(47) + +crt:setSubject(dn) +crt:setIssuer(crt:getSubject()) +crt:setSubjectAlt(alt) + +local issued, expires = crt:getLifetime() +crt:setLifetime(issued, expires + 60) -- good for 60 seconds + +crt:setBasicConstraints{ CA = true, pathLen = 2 } +crt:setBasicConstraintsCritical(true) + +crt:setPublicKey(key) +crt:sign(key) + +print(crt:text()) diff --git a/examples/vrfy.sig b/examples/vrfy.sig new file mode 100755 index 0000000..123611e --- /dev/null +++ b/examples/vrfy.sig @@ -0,0 +1,53 @@ +#!/usr/local/lua52/bin/lua +-- +-- Example public-key signature verification. +-- + +local keytype, hash = ... + +local openssl = require"openssl" +local pkey = require"openssl.pkey" +local digest = require"openssl.digest" + +-- generate a public/private key pair +local function genkey(type) + type = string.upper(type or (not openssl.NO_EC and "EC") or "RSA") + + if type == "RSA" then + return pkey.new{ type = "RSA", bits = 1024 } + elseif type == "DSA" then + return pkey.new{ type = "DSA", bits = 1024 } + else + return pkey.new{ type = "EC", curve = "prime192v1" } + end +end + +local key = genkey(keytype) +if hash == nil then + hash = key:getDefaultDigestName() +end + +-- digest our message using an appropriate digest +local data = digest.new(hash) +data:update(... or "hello world") + +-- generate a signature for our data +local sig = key:sign(data) + +-- to prove verification works, instantiate a new object holding just +-- the public key +local pub = pkey.new(key:toPEM"public") + +-- a utility routine to output our signature +local function tohex(b) + local x = "" + for i = 1, #b do + x = x .. string.format("%.2x", string.byte(b, i)) + end + return x +end + +print("verified", pub:verify(sig, data)) +print("key-type", pub:type()) +print("hash-type", hash) +print("signature", tohex(sig)) |