gossl

package module
v0.0.0-...-956af9a Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 11, 2021 License: MIT Imports: 13 Imported by: 0

README

gossl is a go library for interfacing with the venerable openssl library. It currently provides a dropin replacement for: crypto/sha512 crypto/sha256 crypto/sha crypto/aes (the aes 128, 192, and 256 ECB mode ciphers) crypto/tls.{Listener,LoadX509KeyPair}

Also included are a couple example command line utilities for hashing files and strings. They should run as fast as an equivalant c program (sha256sum). All of the openssl context api functions there. A new BIO has been created that allows OpenSSL to treat a go net.Conn the same way it would treat a raw socket connection, pretty neat!

Instructions

Make sure you have libssl-dev and libssl1.0.0 installed on your system. This is needed to link against openssl. This is a standard go package, so you should be able to just:

go install github.com/shanemhansen/gossl/examples/hashfile githum.com/shanemhansen/gossl/examples/hashstring

hashfile /etc/hosts
hashstring 'something'

go install github.com/shanemhansen/gossl/examples/...

testhttpserver -cert $somecert -key $somekey

Rationale

You might ask, "why create another crypto library?".

  • OpenSSL is a well audited and tested codebase.
  • Performance
  • Access to existing plugins/engines (cryptodev, gmp, af_alg)
  • More options for parsing exotic certificates and keys (including passphrase protected)
  • More ciphers and digests supported
  • OpenSSL provides more hooks (that we don't yet expose) for fine grained control of validation.
  • All TLS/SSL versions supported. (DTLS support coming soon)
  • Works better with buggy clients/servers. (For example ab chokes on crypto/tls based servers)

Unrationale

  • Requires CGO
  • Nowhere as elegant as crypto/tls
  • crypto/tls will probably catch up in terms of features and performance

Roadmap

Expose the complete OpenSSL api as well as making interoperability between crypto/tls and gossl possible. For example, you can use gossl to parse keys and certificates that crypto/tls can't handle yet. Connections are net.Conn's Listeners are net.Listener's, hashes and digests are... well you get the point.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Init

func Init() int

Initialize the OpenSSL library. Takes care of several bookkeeping functions like populating error messages and cipher lists.

Types

type BIO

type BIO struct {
	BIO *C.BIO
	// contains filtered or unexported fields
}

func NewBIO

func NewBIO(method *BIOMethod) *BIO

func (*BIO) Ctrl

func (bio *BIO) Ctrl(cmd int, larg int, data unsafe.Pointer) int

func (*BIO) GetAppData

func (bio *BIO) GetAppData() *Conn

func (*BIO) GetBytes

func (bio *BIO) GetBytes() []byte

func (*BIO) Read

func (bio *BIO) Read(b []byte) int

Thin wrappers over OpenSSL bio. See BIO_read documentation for return value negative means error error message is gotten be calling ssl.getError()

func (*BIO) SetAppData

func (bio *BIO) SetAppData(conn *Conn)

func (*BIO) Write

func (bio *BIO) Write(b []byte) int

See BIO_write

type BIOMethod

type BIOMethod struct {
	BIOMethod *C.BIO_METHOD
}

func BIOConn

func BIOConn() *BIOMethod

func BIOSMem

func BIOSMem() *BIOMethod

type Conn

type Conn struct {
	// contains filtered or unexported fields
}

func NewClientConn

func NewClientConn(ctx *Context, conn net.Conn) (*Conn, error)

create a new client connection

func NewServerConn

func NewServerConn(ctx *Context, conn net.Conn) (*Conn, error)

create a new server connection

func (*Conn) Close

func (self *Conn) Close() error

func (*Conn) Conn

func (self *Conn) Conn() net.Conn

func (*Conn) Handshake

func (self *Conn) Handshake() (err error)

func (*Conn) LocalAddr

func (self *Conn) LocalAddr() net.Addr

func (*Conn) Read

func (self *Conn) Read(b []byte) (int, error)

func (*Conn) RemoteAddr

func (self *Conn) RemoteAddr() net.Addr

func (*Conn) SetDeadline

func (self *Conn) SetDeadline(t time.Time) error

func (*Conn) SetReadDeadline

func (self *Conn) SetReadDeadline(t time.Time) error

func (*Conn) SetWriteDeadline

func (self *Conn) SetWriteDeadline(t time.Time) error

func (*Conn) Write

func (self *Conn) Write(b []byte) (int, error)

type Context

type Context struct {
	Ctx *C.SSL_CTX
}

func NewContext

func NewContext(method *METHOD) *Context

func (*Context) AddClientCA

func (self *Context) AddClientCA(cert *x509.Certificate) int

func (*Context) CheckPrivateKey

func (self *Context) CheckPrivateKey() error

func (*Context) Ctrl

func (self *Context) Ctrl(op int, op2 int, data unsafe.Pointer) int

func (*Context) FlushSessions

func (self *Context) FlushSessions(t time.Time)

func (*Context) GetAppData

func (self *Context) GetAppData() unsafe.Pointer

func (*Context) GetCertStore

func (self *Context) GetCertStore() *x509.X509Store

func (*Context) GetOptions

func (self *Context) GetOptions() int

func (*Context) GetQuietShuwdown

func (self *Context) GetQuietShuwdown() int

func (*Context) GetTimeout

func (self *Context) GetTimeout() time.Time

func (*Context) LoadVerifyLocations

func (self *Context) LoadVerifyLocations(cafile, capath *string) int

func (*Context) SetAppData

func (self *Context) SetAppData(data unsafe.Pointer)

func (*Context) SetCertStore

func (self *Context) SetCertStore(store *x509.X509Store)

func (*Context) SetCipherList

func (self *Context) SetCipherList(list string) int

func (*Context) SetClientCAList

func (self *Context) SetClientCAList(names []x509.X509Name)

func (*Context) SetDefaultVerifyPaths

func (self *Context) SetDefaultVerifyPaths() int

func (*Context) SetOptions

func (self *Context) SetOptions(options Option)

func (*Context) SetPurpose

func (self *Context) SetPurpose(purpose int) int

func (*Context) SetQuietShutdown

func (self *Context) SetQuietShutdown(mode int)

func (*Context) SetSessionIdContext

func (self *Context) SetSessionIdContext(ctx []byte)

func (*Context) SetTimeout

func (self *Context) SetTimeout(t time.Time)

func (*Context) SetTrust

func (self *Context) SetTrust(trust int) int

func (*Context) SetVerify

func (self *Context) SetVerify(mode VerifyMode)

func (*Context) SetVerifyDepth

func (self *Context) SetVerifyDepth(depth int)

func (*Context) UseCertificate

func (self *Context) UseCertificate(cert *x509.Certificate) error

func (*Context) UseCertificateChainFile

func (self *Context) UseCertificateChainFile(file string) error

func (*Context) UseCertificateFile

func (self *Context) UseCertificateFile(file string, filetype FileType) error

func (*Context) UsePSKIdentityHint

func (self *Context) UsePSKIdentityHint(hint string) int

func (*Context) UsePrivateKey

func (self *Context) UsePrivateKey(key *evp.PKey) error

func (*Context) UsePrivateKeyFile

func (self *Context) UsePrivateKeyFile(file string, filetype FileType) error

func (*Context) UseRSAPrivateKeyFile

func (self *Context) UseRSAPrivateKeyFile(file string, filetype int) error

type FileType

type FileType int
const (
	FileTypePem  FileType = C.SSL_FILETYPE_PEM
	FileTypeASN1 FileType = C.SSL_FILETYPE_ASN1
)

type Listener

type Listener struct {
	net.Listener
	Context *Context
}

Listener is a net listener with a TLS context

func NewListener

func NewListener(inner net.Listener, context *Context) (*Listener, error)

More OpenSSL'ish interface to create a listener

func (*Listener) Accept

func (self *Listener) Accept() (net.Conn, error)

Accept a new connection and complete handshake. TODO: do handshake later, this blocks future accepts.

type METHOD

type METHOD struct {
	// contains filtered or unexported fields
}

A set of functions for generating OpenSSL methods

func DTLSv1ClientMethod

func DTLSv1ClientMethod() *METHOD

func DTLSv1Method

func DTLSv1Method() *METHOD

DTLSv1, or TLS over Datagram (UDP)

func DTLSv1ServerMethod

func DTLSv1ServerMethod() *METHOD

func SSLv23ClientMethod

func SSLv23ClientMethod() *METHOD

func SSLv23Method

func SSLv23Method() *METHOD

SSLv3 with fallback to v

func SSLv23ServerMethod

func SSLv23ServerMethod() *METHOD

func SSLv3ClientMethod

func SSLv3ClientMethod() *METHOD

func SSLv3Method

func SSLv3Method() *METHOD

SSLv3 method

func SSLv3ServerMethod

func SSLv3ServerMethod() *METHOD

func TLSv1ClientMethod

func TLSv1ClientMethod() *METHOD

func TLSv1Method

func TLSv1Method() *METHOD

TLSv1.0

func TLSv1ServerMethod

func TLSv1ServerMethod() *METHOD

func TLSv1_1ClientMethod

func TLSv1_1ClientMethod() *METHOD

func TLSv1_1Method

func TLSv1_1Method() *METHOD

TLSv1.1

func TLSv1_1ServerMethod

func TLSv1_1ServerMethod() *METHOD

func TLSv1_2ClientMethod

func TLSv1_2ClientMethod() *METHOD

func TLSv1_2Method

func TLSv1_2Method() *METHOD

TLSv1.2

func TLSv1_2ServerMethod

func TLSv1_2ServerMethod() *METHOD

type Option

type Option int64
const (
	OpNoCompression Option = C.SSL_OP_NO_COMPRESSION
)

type SSL

type SSL struct {
	SSL *C.SSL
}

func NewSSL

func NewSSL(context *Context) *SSL

func (*SSL) Free

func (self *SSL) Free()

func (*SSL) Handshake

func (self *SSL) Handshake() error

func (*SSL) Read

func (self *SSL) Read(b []byte) (int, error)

func (*SSL) SetAcceptState

func (self *SSL) SetAcceptState()

func (*SSL) SetBIO

func (self *SSL) SetBIO(readbio *BIO, writebio *BIO)

func (*SSL) SetConnectState

func (self *SSL) SetConnectState()

func (*SSL) Shutdown

func (self *SSL) Shutdown() error

func (*SSL) Write

func (self *SSL) Write(b []byte) (int, error)

type VerifyMode

type VerifyMode int
const (
	VERIFY_NONE                 VerifyMode = C.SSL_VERIFY_NONE
	VERIFY_PEER                 VerifyMode = C.SSL_VERIFY_PEER
	VERIFY_FAIL_IF_NO_PEER_CERT VerifyMode = C.SSL_VERIFY_FAIL_IF_NO_PEER_CERT
	VERIFY_CLIENT_ONCE          VerifyMode = C.SSL_VERIFY_CLIENT_ONCE
)

Directories

Path Synopsis
Package compat contains helper methods to interoperate with crypto/tls in the case where you just want to use gossl for parsing exotic keys.
Package compat contains helper methods to interoperate with crypto/tls in the case where you just want to use gossl for parsing exotic keys.
crypto
aes
Package aes implements AES128 ECB hashing
Package aes implements AES128 ECB hashing
elliptic
Package elliptic implements several standard elliptic curves over prime fields.
Package elliptic implements several standard elliptic curves over prime fields.
engine
Package engines provides an interface to the OpenSSL engines api.
Package engines provides an interface to the OpenSSL engines api.
evp
package evp provides wrappers around OpenSSL's generic evp interfaces for symmetric/asymetric ciphers and digests
package evp provides wrappers around OpenSSL's generic evp interfaces for symmetric/asymetric ciphers and digests
hmac
Package hmac provides an interface to the OpenSSL hmac api to be compatible with Go's stdlib api.
Package hmac provides an interface to the OpenSSL hmac api to be compatible with Go's stdlib api.
md5
rand
Package rand implements a cryptographically secure pseudorandom number generator.
Package rand implements a cryptographically secure pseudorandom number generator.
sha256
Package sha256 implements the SHA224 and SHA256 hash algorithms in FIPS 180-2.
Package sha256 implements the SHA224 and SHA256 hash algorithms in FIPS 180-2.
examples

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL