//Construct a new instance. see crypto/aes
// returning a block cipher that satisfies the crypto/cipher.Block interface
func NewCipher(key []byte) (cipher.Block, error) {
aes := new(aesKey)
key_p := pointerFromBytes(key)
key_bits := C.int(len(key) * 8)
if ret := C.AES_set_encrypt_key(key_p, key_bits, &aes._aes_encrypt_key); ret != 0 {
// in case the error is something deep in OpenSSL land
if err := sslerr.Error(); err != nil {
return aes, err
}
if ret == -1 {
return aes, errorInvalidKey
}
if ret == -2 {
return aes, errorWrongSizeKey
}
// standard fallback error
return aes, errorSettingKey
}
if ret := C.AES_set_decrypt_key(key_p, key_bits, &aes._aes_decrypt_key); ret != 0 {
// in case the error is something deep in OpenSSL land
if err := sslerr.Error(); err != nil {
return aes, err
}
if ret == -1 {
return aes, errorInvalidKey
}
if ret == -2 {
return aes, errorWrongSizeKey
}
// standard fallback error
return aes, errorSettingKey
}
return aes, nil
}
func (d *digest) Write(msg []byte) (n int, err error) {
mlen := len(msg)
size := C.size_t(mlen)
if d.is224 {
if C.SHA224_Update(&d.ctx, unsafe.Pointer(C.CString(string(msg))), size) != 1 {
return 0, sslerr.Error()
}
return mlen, nil
}
if C.SHA256_Update(&d.ctx, unsafe.Pointer(C.CString(string(msg))), size) != 1 {
return 0, sslerr.Error()
}
return mlen, nil
}
func (hm *hmac) Write(msg []byte) (n int, err error) {
size := C.size_t(len(msg))
if C.HMAC_Update(&hm.ctx, (*C.uchar)(unsafe.Pointer(C.CString(string(msg)))), size) != 1 {
return 0, sslerr.Error()
}
return len(msg), nil
}
func (d *digest) Write(msg []byte) (n int, err error) {
size := C.size_t(len(msg))
if C.SHA1_Update(&d.ctx, unsafe.Pointer(C.CString(string(msg))), size) != 1 {
return 0, sslerr.Error()
}
return len(msg), nil
}
func (d *digest) Write(msg []byte) (n int, err error) {
mlen := len(msg)
size := C.size_t(mlen)
switch d.function {
case crypto.SHA384:
if C.SHA384_Update(&d.ctx, unsafe.Pointer(C.CString(string(msg))), size) != 1 {
return 0, sslerr.Error()
}
return mlen, nil
default:
if C.SHA512_Update(&d.ctx, unsafe.Pointer(C.CString(string(msg))), size) != 1 {
return 0, sslerr.Error()
}
return mlen, nil
}
}
func (ctx *CipherCtx) EncryptFinal(out []byte) (int, error) {
outbuf := (*C.uchar)(unsafe.Pointer(&out[0]))
var outlen C.int
ret := C.EVP_EncryptFinal(ctx.evp_cipher_ctx, outbuf, &outlen)
if int(ret) != 1 {
//return int(outlen), ErrProblemEncrypting
return int(outlen), sslerr.Error()
}
return int(outlen), nil
}
func TestHMACNewWithEngine(t *testing.T) {
engine.LoadBuiltinEngines()
eng := engine.NewFunctionalByDigestEngine(nid.NID_hmac_sha1)
hmacWithEngine := NewWithEngine(eng, sha256.New, nil)
if hmacWithEngine == nil {
t.Errorf("Something went wrong initializing an hmac with an engine %v", sslerr.Error())
}
}
func LoadPrivateKeyDER(buf []byte) (*PKey, error) {
bio := C.BIO_new_mem_buf(unsafe.Pointer(&buf[0]), C.int(len(buf)))
if bio == nil {
return nil, errors.New("problem converting der key to openssl key")
}
pkey := C.d2i_PrivateKey_bio(bio, nil)
if pkey == nil {
return nil, sslerr.Error()
}
return &PKey{PKey: pkey}, nil
}
func (ctx *CipherCtx) EncryptUpdate(out []byte, in []byte) (int, error) {
outbuf := (*C.uchar)(unsafe.Pointer(&out[0]))
var outlen C.int
inbuf := (*C.uchar)(unsafe.Pointer(&in[0]))
inlen := len(in)
ret := C.EVP_EncryptUpdate(ctx.evp_cipher_ctx, outbuf, &outlen, inbuf, C.int(inlen))
if int(ret) != 1 {
//return int(outlen), ErrProblemEncrypting
return int(outlen), sslerr.Error()
}
return int(outlen), nil
}
func (ctx *CipherCtx) DecryptUpdate(dst []byte, src []byte) (int, error) {
dstbuf := (*C.uchar)(unsafe.Pointer(&dst[0]))
var dstlen C.int
srcbuf := (*C.uchar)(unsafe.Pointer(&src[0]))
srclen := len(src)
ret := C.EVP_DecryptUpdate(ctx.evp_cipher_ctx, dstbuf, &dstlen, srcbuf, C.int(srclen))
if int(ret) != 1 {
//return 0, ErrProblemDecrypting
return 0, sslerr.Error()
}
return int(dstlen), nil
}
func (r *reader) Read(p []byte) (n int, err error) {
var (
p_len = len(p)
buf *C.uchar = (*C.uchar)(C.malloc(C.size_t(p_len)))
)
defer C.free(unsafe.Pointer(buf))
if C.RAND_bytes(buf, C.int(p_len)) == 1 {
copy(p, C.GoBytes(unsafe.Pointer(buf), C.int(p_len)))
return len(p), nil
}
return 0, sslerr.Error()
}
func (self *PKey) DumpPEM() ([]byte, error) {
bio := C.BIO_new(C.BIO_s_mem())
defer C.BIO_free(bio)
if bio == nil {
return nil, errors.New("problem converting pem key to openssl key")
}
ret := C.PEM_write_bio_PrivateKey(bio, self.PKey, nil, nil, 0, nil, nil)
if int(ret) == 0 {
return nil, sslerr.Error()
}
var temp *C.char
buf_len := C.BIO_ctrl(bio, C.BIO_CTRL_INFO, C.long(0), unsafe.Pointer(&temp))
buffer := C.GoBytes(unsafe.Pointer(temp), C.int(buf_len))
return buffer, nil
}
func (ctx *CipherCtx) DecryptInit(cipher *Cipher, key []byte, iv []byte) error {
key_p := (*C.uchar)(unsafe.Pointer(C.CString(string(key))))
defer C.free(unsafe.Pointer(key_p))
iv_p := (*C.uchar)(unsafe.Pointer(C.CString(string(iv))))
defer C.free(unsafe.Pointer(iv_p))
ret := int(C.EVP_DecryptInit(
ctx.evp_cipher_ctx, cipher.evp_cipher, key_p, iv_p))
if ret != 1 {
// try to return the openssl error first, if present
if err := sslerr.Error(); err != nil {
return err
} else {
return ErrFailure
}
}
return nil
}
func (self *aesKey) Decrypt(dst, src []byte) {
if goCompatible {
// this something the golang crypto/aes does, that does not happen for OpenSSL.
if len(src) < BlockSize {
panic("crypto/aes: input not full block")
}
if len(dst) < BlockSize {
panic("crypto/aes: output not full block")
}
}
dst_p := pointerFromBytes(dst)
src_p := pointerFromBytes(src)
C.AES_ecb_encrypt(src_p, dst_p, &self._aes_decrypt_key, C.AES_DECRYPT)
// for safe measure
err := sslerr.Error()
if err != nil {
panic(err.Error())
}
}