func ctxInit(config string, method SSL_METHOD) (SSL_CTX, error) {
SSL_load_error_strings()
if SSL_library_init() != 1 {
return nil, errors.New("Unable to initialize libssl")
}
crypto.OPENSSL_config(config)
ctx := SSL_CTX_new(method)
if ctx == nil {
return nil, errors.New("Unable to initialize SSL context")
}
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, nil)
SSL_CTX_set_verify_depth(ctx, 4)
return ctx, nil
}
func main() {
var (
plaintext = "My super super super super duper long string to be encrypted"
ivLen = 12
sLen, eLen int
encrypted, decrypted, iv string
bufEncrypt, bufDecrypt []byte
ctxEncrypt, ctxDecrypt crypto.EVP_CIPHER_CTX
)
// Setup error strings
crypto.ERR_load_crypto_strings()
// Add all OpenSSL algorithms
crypto.OpenSSL_add_all_algorithms()
// Load an OpenSSL config
crypto.OPENSSL_config("")
// Enable FIPS mode
crypto.FIPS_mode_set(1)
// Create new EVP_CIPHER_CTX instances
ctxEncrypt, ctxDecrypt = crypto.EVP_CIPHER_CTX_new(), crypto.EVP_CIPHER_CTX_new()
// Panic if either EVP_CIPHER_CTX fails to create
if ctxEncrypt == nil {
panic("ctxEncrypt is nil")
}
if ctxDecrypt == nil {
panic("ctxDecrypt is nil")
}
// Initialize the EVP_CIPHER_CTX instances
crypto.EVP_CIPHER_CTX_init(ctxEncrypt)
crypto.EVP_CIPHER_CTX_init(ctxDecrypt)
// Create random IV for nondeterministic encryption
buf := make([]byte, ivLen)
_, e := rand.Read(buf)
if e != nil {
panic(e)
}
iv = string(buf)
// Pass the IV into the encrypted string to be used when decoding
encrypted = iv
// Print plaintext string
fmt.Printf("plaintext: %s\n", plaintext)
/*
Encrypting a string
*/
// Initialize the ctxEncrypt context for encryption
crypto.EVP_EncryptInit_ex(ctxEncrypt, crypto.EVP_aes_256_cbc(), crypto.SwigcptrStruct_SS_engine_st(0), "somekey", iv)
// Make a buffer with enough size for the plaintext plus one block
bufEncrypt = make([]byte, len(plaintext)+ctxEncrypt.GetCipher().GetBlock_size())
// Update the cipher with some content
crypto.EVP_EncryptUpdate(ctxEncrypt, bufEncrypt, &sLen, plaintext, len(plaintext))
// Append encrypted data to encrypted string
encrypted += string(bufEncrypt[:sLen])
// Finalize the cipher to flush any remaining data
crypto.EVP_EncryptFinal_ex(ctxEncrypt, bufEncrypt, &eLen)
// Append any remaining data to the encrypted string
encrypted += string(bufEncrypt[:eLen])
// Clean up the EVP_CIPHER_CTX
crypto.EVP_CIPHER_CTX_cleanup(ctxEncrypt)
/*
Decrypting a string
*/
// Grab the IV from the encrypted string
iv = string([]byte(encrypted)[:ivLen])
// Slice the encrypted string to begin after the iv
encrypted = encrypted[ivLen:]
// Initialize the ctxDecrypt context for decryption
crypto.EVP_DecryptInit_ex(ctxDecrypt, crypto.EVP_aes_256_cbc(), crypto.SwigcptrStruct_SS_engine_st(0), "somekey", iv)
// Make a buffer the exact size of the encrypted text
bufDecrypt = make([]byte, len(encrypted))
// Update the cipher with the encrypted string
crypto.EVP_DecryptUpdate(ctxDecrypt, bufDecrypt, &sLen, encrypted, len(encrypted))
// Append decrypted data to decrypted string
decrypted = string(bufDecrypt[:sLen])
// Finalize the cipher to flush any remaining data
crypto.EVP_DecryptFinal_ex(ctxDecrypt, bufDecrypt, &eLen)
// Append any remaining data to decrypted string
decrypted += string(bufDecrypt[:eLen])
// Print decoded string
fmt.Printf("decrypted: %s\n", decrypted)
// Clean up the EVP_CIPHER_CTX
crypto.EVP_CIPHER_CTX_cleanup(ctxDecrypt)
}
"github.com/IBM-Bluemix/golang-openssl-wrapper/bio"
"github.com/IBM-Bluemix/golang-openssl-wrapper/crypto"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
)
var _ = Describe("ssl", func() {
Context("Using TLS for connections", func() {
/*
* Do some basic initialization
*/
BeforeEach(func() {
SSL_load_error_strings()
Expect(SSL_library_init()).To(Equal(1))
crypto.OPENSSL_config("")
})
// AfterEach(func() {
// SSL_free(ssl)
// SSL_CTX_free(ctx)
// })
Context("Making a client connection", func() {
var ctx SSL_CTX
var sslInst SSL
var conn bio.BIO
var host, hostport string
BeforeEach(func() {
ctx = SSL_CTX_new(SSLv23_method())
