hardcoresushi/libgocryptfs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

stupidgcm: print openssl error stack before panicing

Browse Source
This commit is contained in:
Jakob Unterwurzacher 2016-05-04 20:50:13 +02:00
parent 6c010c3080
commit d0945b73d2
1 changed files with 31 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
internal/stupidgcm/stupidgcm.go
View File

@ -3,6 +3,7 @@
package stupidgcm package stupidgcm
// #include <openssl/evp.h> // #include <openssl/evp.h>
// #include <openssl/err.h>
// #cgo pkg-config: libcrypto // #cgo pkg-config: libcrypto
import "C" import "C"
@ -18,6 +19,21 @@ const (
tagLen = 16 tagLen = 16
) )
func opensslPanic(msg string) {
for {
e := C.ERR_get_error()
if e == 0 {
break
}
log.Printf("openssl error: %d:%s:%s:%s", e,
C.GoString(C.ERR_lib_error_string(e)),
C.GoString(C.ERR_func_error_string(e)),
C.GoString(C.ERR_reason_error_string(e)))
}
log.Printf("(no further openssl error messages)")
log.Panic(msg)
}
// stupidGCM implements the cipher.AEAD interface // stupidGCM implements the cipher.AEAD interface
type stupidGCM struct { type stupidGCM struct {
key []byte key []byte
@ -53,28 +69,28 @@ func (g stupidGCM) Seal(dst, iv, in, authData []byte) []byte {
// Create scratch space "context" // Create scratch space "context"
ctx := C.EVP_CIPHER_CTX_new() ctx := C.EVP_CIPHER_CTX_new()
if ctx == nil { if ctx == nil {
log.Panic("EVP_CIPHER_CTX_new failed") opensslPanic("EVP_CIPHER_CTX_new failed")
} }
// Set cipher to AES-256 // Set cipher to AES-256
if C.EVP_EncryptInit_ex(ctx, C.EVP_aes_256_gcm(), nil, nil, nil) != 1 { if C.EVP_EncryptInit_ex(ctx, C.EVP_aes_256_gcm(), nil, nil, nil) != 1 {
log.Panic("EVP_EncryptInit_ex I failed") opensslPanic("EVP_EncryptInit_ex I failed")
} }
// Use 16-byte IV // Use 16-byte IV
if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_GCM_SET_IVLEN, ivLen, nil) != 1 { if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_GCM_SET_IVLEN, ivLen, nil) != 1 {
log.Panic("EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_SET_IVLEN failed") opensslPanic("EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_SET_IVLEN failed")
} }
// Set key and IV // Set key and IV
if C.EVP_EncryptInit_ex(ctx, nil, nil, (*C.uchar)(&g.key[0]), (*C.uchar)(&iv[0])) != 1 { if C.EVP_EncryptInit_ex(ctx, nil, nil, (*C.uchar)(&g.key[0]), (*C.uchar)(&iv[0])) != 1 {
log.Panic("EVP_EncryptInit_ex II failed") opensslPanic("EVP_EncryptInit_ex II failed")
} }
// Provide authentication data // Provide authentication data
var resultLen C.int var resultLen C.int
if C.EVP_EncryptUpdate(ctx, nil, &resultLen, (*C.uchar)(&authData[0]), C.int(len(authData))) != 1 { if C.EVP_EncryptUpdate(ctx, nil, &resultLen, (*C.uchar)(&authData[0]), C.int(len(authData))) != 1 {
log.Panic("EVP_EncryptUpdate authData failed") opensslPanic("EVP_EncryptUpdate authData failed")
} }
if int(resultLen) != len(authData) { if int(resultLen) != len(authData) {
log.Panicf("Unexpected length %d", resultLen) log.Panicf("Unexpected length %d", resultLen)
@ -82,7 +98,7 @@ func (g stupidGCM) Seal(dst, iv, in, authData []byte) []byte {
// Encrypt "in" into "buf" // Encrypt "in" into "buf"
if C.EVP_EncryptUpdate(ctx, (*C.uchar)(&buf[0]), &resultLen, (*C.uchar)(&in[0]), C.int(len(in))) != 1 { if C.EVP_EncryptUpdate(ctx, (*C.uchar)(&buf[0]), &resultLen, (*C.uchar)(&in[0]), C.int(len(in))) != 1 {
log.Panic("EVP_EncryptUpdate failed") opensslPanic("EVP_EncryptUpdate failed")
} }
if int(resultLen) != len(in) { if int(resultLen) != len(in) {
log.Panicf("Unexpected length %d", resultLen) log.Panicf("Unexpected length %d", resultLen)
@ -92,7 +108,7 @@ func (g stupidGCM) Seal(dst, iv, in, authData []byte) []byte {
// Because GCM is a stream encryption, this will not write out any data. // Because GCM is a stream encryption, this will not write out any data.
dummy := make([]byte, 16) dummy := make([]byte, 16)
if C.EVP_EncryptFinal_ex(ctx, (*C.uchar)(&dummy[0]), &resultLen) != 1 { if C.EVP_EncryptFinal_ex(ctx, (*C.uchar)(&dummy[0]), &resultLen) != 1 {
log.Panic("EVP_EncryptFinal_ex failed") opensslPanic("EVP_EncryptFinal_ex failed")
} }
if resultLen != 0 { if resultLen != 0 {
log.Panicf("Unexpected length %d", resultLen) log.Panicf("Unexpected length %d", resultLen)
@ -100,7 +116,7 @@ func (g stupidGCM) Seal(dst, iv, in, authData []byte) []byte {
// Get GMAC tag and append it to the ciphertext in "buf" // Get GMAC tag and append it to the ciphertext in "buf"
if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_GCM_GET_TAG, tagLen, (unsafe.Pointer)(&buf[len(in)])) != 1 { if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_GCM_GET_TAG, tagLen, (unsafe.Pointer)(&buf[len(in)])) != 1 {
log.Panic("EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_GET_TAG failed") opensslPanic("EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_GET_TAG failed")
} }
// Free scratch space // Free scratch space
@ -126,28 +142,28 @@ func (g stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) {
// Create scratch space "context" // Create scratch space "context"
ctx := C.EVP_CIPHER_CTX_new() ctx := C.EVP_CIPHER_CTX_new()
if ctx == nil { if ctx == nil {
log.Panic("EVP_CIPHER_CTX_new failed") opensslPanic("EVP_CIPHER_CTX_new failed")
} }
// Set cipher to AES-256 // Set cipher to AES-256
if C.EVP_DecryptInit_ex(ctx, C.EVP_aes_256_gcm(), nil, nil, nil) != 1 { if C.EVP_DecryptInit_ex(ctx, C.EVP_aes_256_gcm(), nil, nil, nil) != 1 {
log.Panic("EVP_DecryptInit_ex I failed") opensslPanic("EVP_DecryptInit_ex I failed")
} }
// Use 16-byte IV // Use 16-byte IV
if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_GCM_SET_IVLEN, ivLen, nil) != 1 { if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_GCM_SET_IVLEN, ivLen, nil) != 1 {
log.Panic("EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_SET_IVLEN failed") opensslPanic("EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_SET_IVLEN failed")
} }
// Set key and IV // Set key and IV
if C.EVP_DecryptInit_ex(ctx, nil, nil, (*C.uchar)(&g.key[0]), (*C.uchar)(&iv[0])) != 1 { if C.EVP_DecryptInit_ex(ctx, nil, nil, (*C.uchar)(&g.key[0]), (*C.uchar)(&iv[0])) != 1 {
log.Panic("EVP_DecryptInit_ex II failed") opensslPanic("EVP_DecryptInit_ex II failed")
} }
// Provide authentication data // Provide authentication data
var resultLen C.int var resultLen C.int
if C.EVP_DecryptUpdate(ctx, nil, &resultLen, (*C.uchar)(&authData[0]), C.int(len(authData))) != 1 { if C.EVP_DecryptUpdate(ctx, nil, &resultLen, (*C.uchar)(&authData[0]), C.int(len(authData))) != 1 {
log.Panic("EVP_DecryptUpdate authData failed") opensslPanic("EVP_DecryptUpdate authData failed")
} }
if int(resultLen) != len(authData) { if int(resultLen) != len(authData) {
log.Panicf("Unexpected length %d", resultLen) log.Panicf("Unexpected length %d", resultLen)
@ -155,7 +171,7 @@ func (g stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) {
// Decrypt "ciphertext" into "buf" // Decrypt "ciphertext" into "buf"
if C.EVP_DecryptUpdate(ctx, (*C.uchar)(&buf[0]), &resultLen, (*C.uchar)(&ciphertext[0]), C.int(len(ciphertext))) != 1 { if C.EVP_DecryptUpdate(ctx, (*C.uchar)(&buf[0]), &resultLen, (*C.uchar)(&ciphertext[0]), C.int(len(ciphertext))) != 1 {
log.Panic("EVP_DecryptUpdate failed") opensslPanic("EVP_DecryptUpdate failed")
} }
if int(resultLen) != len(ciphertext) { if int(resultLen) != len(ciphertext) {
log.Panicf("Unexpected length %d", resultLen) log.Panicf("Unexpected length %d", resultLen)
@ -163,7 +179,7 @@ func (g stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) {
// Set expected GMAC tag // Set expected GMAC tag
if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_GCM_SET_TAG, tagLen, (unsafe.Pointer)(&tag[0])) != 1 { if C.EVP_CIPHER_CTX_ctrl(ctx, C.EVP_CTRL_GCM_SET_TAG, tagLen, (unsafe.Pointer)(&tag[0])) != 1 {
log.Panic("EVP_CIPHER_CTX_ctrl failed") opensslPanic("EVP_CIPHER_CTX_ctrl failed")
} }
// Check GMAC // Check GMAC