aboutsummaryrefslogtreecommitdiff
path: root/cryptfs/openssl_aead.go
blob: 5d38d385c516516c11c0780a05e4a7634e32b71a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
package cryptfs

// Implements cipher.AEAD with OpenSSL backend

import (
	"bytes"
	"github.com/spacemonkeygo/openssl"
)

// Supports all nonce sizes
type opensslGCM struct {
	key []byte
}

func (be opensslGCM) Overhead() int {
	return AUTH_TAG_LEN
}

func (be opensslGCM) NonceSize() int {
	// We support any nonce size
	return -1
}

// Seal encrypts and authenticates plaintext, authenticates the
// additional data and appends the result to dst, returning the updated
// slice. opensslGCM supports any nonce size.
func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte {

	// Preallocate output buffer
	var cipherBuf bytes.Buffer
	cipherBuf.Grow(len(dst) + len(plaintext) + AUTH_TAG_LEN)
	// Output will be appended to dst
	cipherBuf.Write(dst)

	ectx, err := openssl.NewGCMEncryptionCipherCtx(KEY_LEN*8, nil, be.key, nonce)
	if err != nil {
		panic(err)
	}
	err = ectx.ExtraData(data)
	if err != nil {
		panic(err)
	}
	part, err := ectx.EncryptUpdate(plaintext)
	if err != nil {
		panic(err)
	}
	cipherBuf.Write(part)
	part, err = ectx.EncryptFinal()
	if err != nil {
		panic(err)
	}
	cipherBuf.Write(part)
	part, err = ectx.GetTag()
	if err != nil {
		panic(err)
	}
	cipherBuf.Write(part)

	return cipherBuf.Bytes()
}

// Open decrypts and authenticates ciphertext, authenticates the
// additional data and, if successful, appends the resulting plaintext
// to dst, returning the updated slice. The nonce must be NonceSize()
// bytes long and both it and the additional data must match the
// value passed to Seal.
//
// The ciphertext and dst may alias exactly or not at all.
func (be opensslGCM) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {

	l := len(ciphertext)
	tag := ciphertext[l-AUTH_TAG_LEN : l]
	ciphertext = ciphertext[0 : l-AUTH_TAG_LEN]
	plainBuf := bytes.NewBuffer(dst)

	dctx, err := openssl.NewGCMDecryptionCipherCtx(KEY_LEN*8, nil, be.key, nonce)
	if err != nil {
		return nil, err
	}
	err = dctx.ExtraData(data)
	if err != nil {
		return nil, err
	}
	part, err := dctx.DecryptUpdate(ciphertext)
	if err != nil {
		return nil, err
	}
	plainBuf.Write(part)
	err = dctx.SetTag(tag)
	if err != nil {
		return nil, err
	}
	part, err = dctx.DecryptFinal()
	if err != nil {
		return nil, err
	}
	plainBuf.Write(part)

	return plainBuf.Bytes(), nil
}