internal OpenSSLCryptProtectMemory(string cipher, LinuxProtectedMemoryAllocatorLP64 allocator)
{
openSSL11 = new LinuxOpenSSL11LP64();
openSSLCrypto = new OpenSSLCrypto();
protNone = allocator.GetProtNoAccess();
protRead = allocator.GetProtRead();
evpCipher = openSSLCrypto.EVP_get_cipherbyname(cipher);
Check.IntPtr(evpCipher, "EVP_get_cipherbyname");
Debug.WriteLine("OpenSSL found cipher " + cipher);
blockSize = openSSLCrypto.EVP_CIPHER_block_size(evpCipher);
Debug.WriteLine("Block size: " + blockSize);
int keySize = openSSLCrypto.EVP_CIPHER_key_length(evpCipher);
Debug.WriteLine("Key length: " + keySize);
int ivSize = openSSLCrypto.EVP_CIPHER_iv_length(evpCipher);
Debug.WriteLine("IV length: " + ivSize);
key = openSSL11.mmap(IntPtr.Zero, pageSize, allocator.GetProtReadWrite(), allocator.GetPrivateAnonymousFlags(), -1, 0);
Check.IntPtr(key, "mmap");
int result = openSSL11.mlock(key, pageSize);
Check.Result(result, 0, "mlock");
result = openSSL11.madvise(key, pageSize, (int)Madvice.MADV_DONTDUMP);
Check.Result(result, 0, "madvise");
iv = IntPtr.Add(key, keySize);
Debug.WriteLine("EVP_CIPHER_CTX_new encryptCtx");
encryptCtx = openSSLCrypto.EVP_CIPHER_CTX_new();
Check.IntPtr(encryptCtx, "EVP_CIPHER_CTX_new encryptCtx");
Debug.WriteLine("EVP_CIPHER_CTX_new decryptCtx");
decryptCtx = openSSLCrypto.EVP_CIPHER_CTX_new();
Check.IntPtr(decryptCtx, "EVP_CIPHER_CTX_new decryptCtx");
result = openSSLCrypto.RAND_bytes(key, keySize);
Check.Result(result, 1, "RAND_bytes");
result = openSSLCrypto.RAND_bytes(iv, ivSize);
Check.Result(result, 1, "RAND_bytes");
}
public LinuxOpenSSL11ProtectedMemoryAllocatorLP64(IConfiguration configuration)
: base(new LinuxOpenSSL11LP64())
{
openSSL11 = (LinuxOpenSSL11LP64)GetLibc();
if (openSSL11 == null)
{
throw new Exception("GetLibc returned null object for openSSL11");
}
ulong heapSize;
var heapSizeConfig = configuration["heapSize"];
if (!string.IsNullOrWhiteSpace(heapSizeConfig))
{
heapSize = ulong.Parse(heapSizeConfig);
}
else
{
heapSize = DefaultHeapSize;
}
int minimumAllocationSize;
var minimumAllocationSizeConfig = configuration["minimumAllocationSize"];
if (!string.IsNullOrWhiteSpace(minimumAllocationSizeConfig))
{
minimumAllocationSize = int.Parse(minimumAllocationSizeConfig);
}
else
{
minimumAllocationSize = DefaultMinimumAllocationSize;
}
Debug.WriteLine("LinuxOpenSSL11ProtectedMemoryAllocatorLP64: openSSL11 is not null");
Debug.WriteLine($"*** LinuxOpenSSL11ProtectedMemoryAllocatorLP64: CRYPTO_secure_malloc_init ***");
Check.Result(openSSL11.CRYPTO_secure_malloc_init(heapSize, minimumAllocationSize), 1, "CRYPTO_secure_malloc_init");
cryptProtectMemory = new OpenSSLCryptProtectMemory("aes-256-gcm", this);
blockSize = (ulong)cryptProtectMemory.GetBlockSize();
}
protected virtual void Dispose(bool disposing)
{
if (!disposedValue)
{
LinuxOpenSSL11LP64 openSSL11ref = null;
try
{
if (disposing)
{
openSSL11ref = openSSL11;
Monitor.Enter(cryptProtectLock);
}
else
{
openSSL11ref = new LinuxOpenSSL11LP64();
}
Debug.WriteLine("EVP_CIPHER_CTX_free encryptCtx");
openSSLCrypto.EVP_CIPHER_CTX_free(encryptCtx);
encryptCtx = IntPtr.Zero;
Debug.WriteLine("EVP_CIPHER_CTX_free decryptCtx");
openSSLCrypto.EVP_CIPHER_CTX_free(decryptCtx);
decryptCtx = IntPtr.Zero;
Debug.WriteLine($"munmap({key}, {pageSize})");
openSSL11ref.munmap(key, pageSize);
key = IntPtr.Zero;
}
finally
{
if (disposing)
{
Monitor.Exit(cryptProtectLock);
}
}
disposedValue = true;
}
}
public static bool IsAvailable()
{
return(LinuxOpenSSL11LP64.IsAvailable());
}
