forked from golang-fips/openssl
-
Notifications
You must be signed in to change notification settings - Fork 0
/
des.go
114 lines (95 loc) · 2.97 KB
/
des.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
//go:build !cmd_go_bootstrap
package openssl
// #include "goopenssl.h"
import "C"
import (
"crypto/cipher"
"errors"
)
// SupportsDESCipher returns true if NewDESCipher is supported,
// which uses ECB mode.
// If CBC is also supported, then the returned cipher.Block
// will also implement NewCBCEncrypter and NewCBCDecrypter.
func SupportsDESCipher() bool {
// True for stock OpenSSL 1 w/o FIPS.
// False for stock OpenSSL 3 unless the legacy provider is available.
return (versionAtOrAbove(3, 0, 0) || !FIPS()) && loadCipher(cipherDES, cipherModeECB) != nil
}
// SupportsTripleDESCipher returns true if NewTripleDESCipher is supported,
// which uses ECB mode.
// If CBC is also supported, then the returned cipher.Block
// will also implement NewCBCEncrypter and NewCBCDecrypter.
func SupportsTripleDESCipher() bool {
// Should always be true for stock OpenSSL,
// even when using the FIPS provider.
return loadCipher(cipherDES3, cipherModeECB) != nil
}
func NewDESCipher(key []byte) (cipher.Block, error) {
if len(key) != 8 {
return nil, errors.New("crypto/des: invalid key size")
}
return newDESCipher(key, cipherDES)
}
func NewTripleDESCipher(key []byte) (cipher.Block, error) {
if len(key) != 24 {
return nil, errors.New("crypto/des: invalid key size")
}
return newDESCipher(key, cipherDES3)
}
func newDESCipher(key []byte, kind cipherKind) (cipher.Block, error) {
c, err := newEVPCipher(key, kind)
if err != nil {
return nil, err
}
if loadCipher(kind, cipherModeCBC) == nil {
return &desCipherWithoutCBC{c}, nil
}
return &desCipher{c}, nil
}
type desExtraModes interface {
NewCBCEncrypter(iv []byte) cipher.BlockMode
NewCBCDecrypter(iv []byte) cipher.BlockMode
}
var _ desExtraModes = (*desCipher)(nil)
type desCipher struct {
*evpCipher
}
func (c *desCipher) BlockSize() int {
return c.blockSize
}
func (c *desCipher) Encrypt(dst, src []byte) {
if err := c.encrypt(dst, src); err != nil {
// crypto/des expects that the panic message starts with "crypto/des: ".
panic("crypto/des: " + err.Error())
}
}
func (c *desCipher) Decrypt(dst, src []byte) {
if err := c.decrypt(dst, src); err != nil {
// crypto/des expects that the panic message starts with "crypto/des: ".
panic("crypto/des: " + err.Error())
}
}
func (c *desCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode {
return c.newCBC(iv, cipherOpEncrypt)
}
func (c *desCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode {
return c.newCBC(iv, cipherOpDecrypt)
}
type desCipherWithoutCBC struct {
*evpCipher
}
func (c *desCipherWithoutCBC) BlockSize() int {
return c.blockSize
}
func (c *desCipherWithoutCBC) Encrypt(dst, src []byte) {
if err := c.encrypt(dst, src); err != nil {
// crypto/des expects that the panic message starts with "crypto/des: ".
panic("crypto/des: " + err.Error())
}
}
func (c *desCipherWithoutCBC) Decrypt(dst, src []byte) {
if err := c.decrypt(dst, src); err != nil {
// crypto/des expects that the panic message starts with "crypto/des: ".
panic("crypto/des: " + err.Error())
}
}