diff options
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/stupidgcm/.gitignore | 1 | ||||
| -rw-r--r-- | internal/stupidgcm/Makefile | 7 | ||||
| -rw-r--r-- | internal/stupidgcm/chacha.c | 98 | ||||
| -rw-r--r-- | internal/stupidgcm/stupidchacha.go | 77 | 
4 files changed, 127 insertions, 56 deletions
| diff --git a/internal/stupidgcm/.gitignore b/internal/stupidgcm/.gitignore new file mode 100644 index 0000000..5761abc --- /dev/null +++ b/internal/stupidgcm/.gitignore @@ -0,0 +1 @@ +*.o diff --git a/internal/stupidgcm/Makefile b/internal/stupidgcm/Makefile new file mode 100644 index 0000000..19f9914 --- /dev/null +++ b/internal/stupidgcm/Makefile @@ -0,0 +1,7 @@ +.PHONY: gcc +gcc: +	gcc -Wall -Wextra -Wformat-security -Wconversion -lcrypto -c *.c + +.PHONY: format +format: +	clang-format --style=WebKit -i *.c diff --git a/internal/stupidgcm/chacha.c b/internal/stupidgcm/chacha.c new file mode 100644 index 0000000..c85cf78 --- /dev/null +++ b/internal/stupidgcm/chacha.c @@ -0,0 +1,98 @@ +#include <openssl/evp.h> +#include <stdio.h> +//#cgo pkg-config: libcrypto + +extern void panic1(void); + +static void panic(const char* const msg) +{ +    fprintf(stderr, "panic in C code: %s\n", msg); +    __builtin_trap(); +} + +// https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Encryption_using_GCM_mode +int chacha20poly1305_seal( +    const unsigned char* const plaintext, +    const int plaintextLen, +    const unsigned char* const authData, +    const int authDataLen, +    const unsigned char* const key, +    const int keyLen, +    const unsigned char* const iv, +    const int ivLen, +    unsigned char* const ciphertext, +    const int ciphertextBufLen) +{ +    // Create scratch space "context" +    EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new(); +    if (!ctx) { +        panic("EVP_CIPHER_CTX_new failed"); +    } + +    // Set cipher +    if (EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL, NULL) != 1) { +        panic("EVP_EncryptInit_ex set cipher failed"); +    } + +    // Check keyLen by trying to set it (fails if keyLen != 32) +    if (EVP_CIPHER_CTX_set_key_length(ctx, keyLen) != 1) { +        panic("keyLen mismatch"); +    } + +    // Set IV length so we do not depend on the default +    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivLen, NULL) != 1) { +        panic("EVP_CTRL_AEAD_SET_IVLEN failed"); +    } + +    // Set key and IV +    if (EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv) != 1) { +        panic("EVP_EncryptInit_ex set key & iv failed"); +    } + +    // Provide authentication data +    int outLen = 0; +    if (EVP_EncryptUpdate(ctx, NULL, &outLen, authData, authDataLen) != 1) { +        panic("EVP_EncryptUpdate authData failed"); +    } +    if (outLen != authDataLen) { +        panic("EVP_EncryptUpdate authData: unexpected length"); +    } + +    // Encrypt "plaintext" into "ciphertext" +    if (plaintextLen > ciphertextBufLen) { +        panic("plaintext overflows output buffer"); +    } +    if (EVP_EncryptUpdate(ctx, ciphertext, &outLen, plaintext, plaintextLen) != 1) { +        panic("EVP_EncryptUpdate ciphertext failed"); +    } +    if (outLen != plaintextLen) { +        panic("EVP_EncryptUpdate ciphertext: unexpected length"); +    } +    int ciphertextLen = outLen; + +    // Finalise encryption +    // Normally ciphertext bytes may be written at this stage, but this does not occur in GCM mode +    if (EVP_EncryptFinal_ex(ctx, ciphertext + plaintextLen, &outLen) != 1) { +        panic("EVP_EncryptFinal_ex failed"); +    } +    if (outLen != 0) { +        panic("EVP_EncryptFinal_ex: unexpected length"); +    } + +    // We only support 16-byte tags +    const int tagLen = 16; + +    // Get MAC tag and append it to the ciphertext +    if (ciphertextLen + tagLen > ciphertextBufLen) { +        panic("tag overflows output buffer"); +    } +    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tagLen, ciphertext + plaintextLen) != 1) { +        panic("EVP_CTRL_AEAD_GET_TAG failed"); +    } +    ciphertextLen += tagLen; + +    // Free scratch space +    EVP_CIPHER_CTX_free(ctx); + +    return ciphertextLen; +} diff --git a/internal/stupidgcm/stupidchacha.go b/internal/stupidgcm/stupidchacha.go index a6fe318..1f16a5e 100644 --- a/internal/stupidgcm/stupidchacha.go +++ b/internal/stupidgcm/stupidchacha.go @@ -2,10 +2,6 @@  package stupidgcm -// #include <openssl/evp.h> -// #cgo pkg-config: libcrypto -import "C" -  import (  	"crypto/cipher"  	"fmt" @@ -15,6 +11,17 @@ import (  	"golang.org/x/crypto/chacha20poly1305"  ) +/* +#include <openssl/evp.h> +#cgo pkg-config: libcrypto +int chacha20poly1305_seal(const unsigned char * const plaintext, const int plaintextLen, +                const unsigned char * const authData, const int authDataLen, +                const unsigned char * const key, const int keyLen, +                const unsigned char * const iv, const int ivLen, +                unsigned char * const ciphertext, const int ciphertextBufLen); +*/ +import "C" +  type stupidChacha20poly1305 struct {  	key   [chacha20poly1305.KeySize]byte  	wiped bool @@ -68,58 +75,16 @@ func (g *stupidChacha20poly1305) Seal(dst, iv, in, authData []byte) []byte {  		buf = make([]byte, outLen)  	} -	// https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Encryption_using_GCM_mode - -	// Create scratch space "context" -	ctx := C.EVP_CIPHER_CTX_new() -	if ctx == nil { -		log.Panic("EVP_CIPHER_CTX_new failed") -	} - -	// Set cipher -	if C.EVP_EncryptInit_ex(ctx, C.EVP_chacha20_poly1305(), nil, nil, nil) != 1 { -		log.Panic("EVP_EncryptInit_ex I failed") -	} - -	// Set key and IV -	if C.EVP_EncryptInit_ex(ctx, nil, nil, (*C.uchar)(&g.key[0]), (*C.uchar)(&iv[0])) != 1 { -		log.Panic("EVP_EncryptInit_ex II failed") -	} - -	// Provide authentication data -	var resultLen C.int -	if C.EVP_EncryptUpdate(ctx, nil, &resultLen, (*C.uchar)(&authData[0]), C.int(len(authData))) != 1 { -		log.Panic("EVP_EncryptUpdate authData failed") -	} -	if int(resultLen) != len(authData) { -		log.Panicf("Unexpected length %d", resultLen) -	} - -	// Encrypt "in" into "buf" -	if C.EVP_EncryptUpdate(ctx, (*C.uchar)(&buf[0]), &resultLen, (*C.uchar)(&in[0]), C.int(len(in))) != 1 { -		log.Panic("EVP_EncryptUpdate failed") -	} -	if int(resultLen) != len(in) { -		log.Panicf("Unexpected length %d", resultLen) -	} - -	// Finalise encryption -	// Because GCM is a stream encryption, this will not write out any data. -	dummy := make([]byte, 16) -	if C.EVP_EncryptFinal_ex(ctx, (*C.uchar)(&dummy[0]), &resultLen) != 1 { -		log.Panic("EVP_EncryptFinal_ex failed") -	} -	if resultLen != 0 { -		log.Panicf("Unexpected length %d", resultLen) -	} - -	// Get MAC tag and append it to the ciphertext in "buf" -	if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_AEAD_GET_TAG, tagLen, (unsafe.Pointer)(&buf[len(in)])) != 1 { -		log.Panic("EVP_CIPHER_CTX_ctrl EVP_CTRL_AEAD_GET_TAG failed") -	} - -	// Free scratch space -	C.EVP_CIPHER_CTX_free(ctx) +	C.chacha20poly1305_seal((*C.uchar)(&in[0]), +		C.int(len(in)), +		(*C.uchar)(&authData[0]), +		C.int(len(authData)), +		(*C.uchar)(&g.key[0]), +		C.int(len(g.key)), +		(*C.uchar)(&iv[0]), +		C.int(len(iv)), +		(*C.uchar)(&buf[0]), +		C.int(len(buf)))  	if inplace {  		return dst[:len(dst)+outLen] | 
