summaryrefslogtreecommitdiff
path: root/internal/stupidgcm/stupidgcm.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/stupidgcm/stupidgcm.go')
-rw-r--r--internal/stupidgcm/stupidgcm.go69
1 files changed, 12 insertions, 57 deletions
diff --git a/internal/stupidgcm/stupidgcm.go b/internal/stupidgcm/stupidgcm.go
index 3499c85..46b6b86 100644
--- a/internal/stupidgcm/stupidgcm.go
+++ b/internal/stupidgcm/stupidgcm.go
@@ -5,6 +5,7 @@
package stupidgcm
// #include <openssl/evp.h>
+// #include "chacha.h"
// #cgo pkg-config: libcrypto
import "C"
@@ -76,63 +77,17 @@ func (g *StupidGCM) Seal(dst, iv, in, authData []byte) []byte {
buf = make([]byte, outLen)
}
- // https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Encryption_using_GCM_mode
-
- // Create scratch space "context"
- ctx := C.EVP_CIPHER_CTX_new()
- if ctx == nil {
- log.Panic("EVP_CIPHER_CTX_new failed")
- }
-
- // Set cipher to AES-256
- if C.EVP_EncryptInit_ex(ctx, C.EVP_aes_256_gcm(), nil, nil, nil) != 1 {
- log.Panic("EVP_EncryptInit_ex I failed")
- }
-
- // Use 16-byte IV
- if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_GCM_SET_IVLEN, ivLen, nil) != 1 {
- log.Panic("EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_SET_IVLEN failed")
- }
-
- // Set key and IV
- if C.EVP_EncryptInit_ex(ctx, nil, nil, (*C.uchar)(&g.key[0]), (*C.uchar)(&iv[0])) != 1 {
- log.Panic("EVP_EncryptInit_ex II failed")
- }
-
- // Provide authentication data
- var resultLen C.int
- if C.EVP_EncryptUpdate(ctx, nil, &resultLen, (*C.uchar)(&authData[0]), C.int(len(authData))) != 1 {
- log.Panic("EVP_EncryptUpdate authData failed")
- }
- if int(resultLen) != len(authData) {
- log.Panicf("Unexpected length %d", resultLen)
- }
-
- // Encrypt "in" into "buf"
- if C.EVP_EncryptUpdate(ctx, (*C.uchar)(&buf[0]), &resultLen, (*C.uchar)(&in[0]), C.int(len(in))) != 1 {
- log.Panic("EVP_EncryptUpdate failed")
- }
- if int(resultLen) != len(in) {
- log.Panicf("Unexpected length %d", resultLen)
- }
-
- // Finalise encryption
- // Because GCM is a stream encryption, this will not write out any data.
- dummy := make([]byte, 16)
- if C.EVP_EncryptFinal_ex(ctx, (*C.uchar)(&dummy[0]), &resultLen) != 1 {
- log.Panic("EVP_EncryptFinal_ex failed")
- }
- if resultLen != 0 {
- log.Panicf("Unexpected length %d", resultLen)
- }
-
- // Get GMAC tag and append it to the ciphertext in "buf"
- if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_GCM_GET_TAG, tagLen, (unsafe.Pointer)(&buf[len(in)])) != 1 {
- log.Panic("EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_GET_TAG failed")
- }
-
- // Free scratch space
- C.EVP_CIPHER_CTX_free(ctx)
+ C.aead_seal(C.aeadTypeGcm,
+ (*C.uchar)(&in[0]),
+ C.int(len(in)),
+ (*C.uchar)(&authData[0]),
+ C.int(len(authData)),
+ (*C.uchar)(&g.key[0]),
+ C.int(len(g.key)),
+ (*C.uchar)(&iv[0]),
+ C.int(len(iv)),
+ (*C.uchar)(&buf[0]),
+ C.int(len(buf)))
if inplace {
return dst[:len(dst)+outLen]