Example #1
0
File: hmac.go Project: vbatts/gossl
// NewWithEngine behaves the same as New but it accepts a pointer to an
// `engine.Engine` to setup the engine to use during ctx setup.
func NewWithEngine(e *engine.Engine, h func() hash.Hash, key []byte) hash.Hash {
	if h == nil {
		return nil
	}
	evp := getEVP(h())
	if evp == nil {
		return nil
	}
	var eng *C.ENGINE
	if e != nil {
		eng = (*C.ENGINE)(e.GetCEngine())
	}
	hm := new(hmac)
	C.HMAC_CTX_init(&hm.ctx)
	if C.HMAC_Init_ex(&hm.ctx, unsafe.Pointer(C.CString(string(key))), C.int(len(key)), evp, eng) != 1 {
		return nil
	}
	runtime.SetFinalizer(hm, cleanup)
	return hm
}
Example #2
0
File: hmac.go Project: vbatts/gossl
func (hm *hmac) Reset() {
	C.HMAC_Init_ex(&hm.ctx, nil, 0, nil, nil)
}
Example #3
0
//export ticket_key_cb_thunk
func ticket_key_cb_thunk(p unsafe.Pointer, s *C.SSL, key_name *C.uchar,
	iv *C.uchar, cctx *C.EVP_CIPHER_CTX, hctx *C.HMAC_CTX, enc C.int) C.int {

	// no panic's allowed. it's super hard to guarantee any state at this point
	// so just abort everything.
	defer func() {
		if err := recover(); err != nil {
			logger.Critf("openssl: ticket key callback panic'd: %v", err)
			os.Exit(1)
		}
	}()

	ctx := (*Ctx)(p)
	store := ctx.ticket_store
	if store == nil {
		// TODO(jeff): should this be an error condition? it doesn't make sense
		// to be called if we don't have a store I believe, but that's probably
		// not worth aborting the handshake which is what I believe returning
		// an error would do.
		return ticket_resp_requireHandshake
	}

	ctx.ticket_store_mu.Lock()
	defer ctx.ticket_store_mu.Unlock()

	switch enc {
	case ticket_req_newSession:
		key := store.Keys.Current()
		if key == nil {
			key = store.Keys.New()
			if key == nil {
				return ticket_resp_requireHandshake
			}
		}

		C.memcpy(
			unsafe.Pointer(key_name),
			unsafe.Pointer(&key.Name[0]),
			KeyNameSize)
		C.EVP_EncryptInit_ex(
			cctx,
			store.CipherCtx.Cipher.ptr,
			store.cipherEngine(),
			(*C.uchar)(&key.CipherKey[0]),
			(*C.uchar)(&key.IV[0]))
		C.HMAC_Init_ex(
			hctx,
			unsafe.Pointer(&key.HMACKey[0]),
			C.int(len(key.HMACKey)),
			store.DigestCtx.Digest.ptr,
			store.digestEngine())

		return ticket_resp_sessionOk

	case ticket_req_lookupSession:
		var name TicketName
		C.memcpy(
			unsafe.Pointer(&name[0]),
			unsafe.Pointer(key_name),
			KeyNameSize)

		key := store.Keys.Lookup(name)
		if key == nil {
			return ticket_resp_requireHandshake
		}
		if store.Keys.Expired(name) {
			return ticket_resp_requireHandshake
		}

		C.EVP_DecryptInit_ex(
			cctx,
			store.CipherCtx.Cipher.ptr,
			store.cipherEngine(),
			(*C.uchar)(&key.CipherKey[0]),
			(*C.uchar)(&key.IV[0]))
		C.HMAC_Init_ex(
			hctx,
			unsafe.Pointer(&key.HMACKey[0]),
			C.int(len(key.HMACKey)),
			store.DigestCtx.Digest.ptr,
			store.digestEngine())

		if store.Keys.ShouldRenew(name) {
			return ticket_resp_renewSession
		}

		return ticket_resp_sessionOk

	default:
		return ticket_resp_error
	}
}