rkcrypto/cipher.go

package rkcrypto

import "unsafe"

type Cipher struct {
	fd         uintptr
	sessionOp  *SessionOp
	cryptOp    *CryptOp
	cipherType uint32
}

func NewAESCBCEncrypter(key []byte, iv []byte) (*Cipher, error) {
	return newCipher(CRYPTO_RK_AES_CBC, key, iv, COP_ENCRYPT)
}

func NewAESCBCDecrypter(key []byte, iv []byte) (*Cipher, error) {
	return newCipher(CRYPTO_RK_AES_CBC, key, iv, COP_DECRYPT)
}

func newCipher(cipherType uint32, key []byte, iv []byte, operation uint16) (*Cipher, error) {
	//TODO: sanity check
	handle, err := GetCryptodev()
	if err != nil {
		return nil, err
	}
	fd := handle.Fd()
	sessionOp := &SessionOp{Cipher: cipherType}
	sessionOp.Key = unsafe.Pointer(&key[0])
	sessionOp.Keylen = uint32(len(key))
	err = ioctl(fd, CIOCGSESSION, unsafe.Pointer(sessionOp))
	if err != nil {
		return nil, err
	}
	cipher := &Cipher{
		fd:         fd,
		sessionOp:  sessionOp,
		cipherType: cipherType,
	}
	cipher.cryptOp = &CryptOp{Session: sessionOp.Id}
	cipher.cryptOp.Operation = operation
	cipher.cryptOp.Flags = COP_FLAG_WRITE_IV
	if iv != nil {
		ivCopy := make([]byte, len(iv))
		copy(ivCopy, iv)
		cipher.cryptOp.Iv = unsafe.Pointer(&ivCopy[0])
	}
	return cipher, nil
}

func (c *Cipher) Close() error {
	if c.sessionOp != nil {
		err := ioctl(c.fd, CIOCFSESSION, unsafe.Pointer(c.sessionOp))
		if err != nil {
			return err
		}
		c.sessionOp = nil
	}
	return nil
}

func (c *Cipher) BlockSize() int {
	switch c.cipherType {
	case CRYPTO_RK_AES_ECB:
	case CRYPTO_RK_AES_CBC:
		return 16
	}
	return 0
}

func (c *Cipher) CryptBlocks(dst, src []byte) {
	c.cryptOp.Src = unsafe.Pointer(&src[0])
	c.cryptOp.Length = uint32(len(src))
	c.cryptOp.Dst = unsafe.Pointer(&dst[0])
	err := ioctl(c.fd, CIOCCRYPT, unsafe.Pointer(c.cryptOp))
	if err != nil {
		panic(err)
	}
}