internal OpenSSLCryptProtectMemory(string cipher, LinuxProtectedMemoryAllocatorLP64 allocator) { openSSL11 = new LinuxOpenSSL11LP64(); openSSLCrypto = new OpenSSLCrypto(); protNone = allocator.GetProtNoAccess(); protRead = allocator.GetProtRead(); evpCipher = openSSLCrypto.EVP_get_cipherbyname(cipher); Check.IntPtr(evpCipher, "EVP_get_cipherbyname"); Debug.WriteLine("OpenSSL found cipher " + cipher); blockSize = openSSLCrypto.EVP_CIPHER_block_size(evpCipher); Debug.WriteLine("Block size: " + blockSize); int keySize = openSSLCrypto.EVP_CIPHER_key_length(evpCipher); Debug.WriteLine("Key length: " + keySize); int ivSize = openSSLCrypto.EVP_CIPHER_iv_length(evpCipher); Debug.WriteLine("IV length: " + ivSize); key = openSSL11.mmap(IntPtr.Zero, pageSize, allocator.GetProtReadWrite(), allocator.GetPrivateAnonymousFlags(), -1, 0); Check.IntPtr(key, "mmap"); int result = openSSL11.mlock(key, pageSize); Check.Result(result, 0, "mlock"); result = openSSL11.madvise(key, pageSize, (int)Madvice.MADV_DONTDUMP); Check.Result(result, 0, "madvise"); iv = IntPtr.Add(key, keySize); Debug.WriteLine("EVP_CIPHER_CTX_new encryptCtx"); encryptCtx = openSSLCrypto.EVP_CIPHER_CTX_new(); Check.IntPtr(encryptCtx, "EVP_CIPHER_CTX_new encryptCtx"); Debug.WriteLine("EVP_CIPHER_CTX_new decryptCtx"); decryptCtx = openSSLCrypto.EVP_CIPHER_CTX_new(); Check.IntPtr(decryptCtx, "EVP_CIPHER_CTX_new decryptCtx"); result = openSSLCrypto.RAND_bytes(key, keySize); Check.Result(result, 1, "RAND_bytes"); result = openSSLCrypto.RAND_bytes(iv, ivSize); Check.Result(result, 1, "RAND_bytes"); }
public LinuxOpenSSL11ProtectedMemoryAllocatorLP64(IConfiguration configuration) : base(new LinuxOpenSSL11LP64()) { openSSL11 = (LinuxOpenSSL11LP64)GetLibc(); if (openSSL11 == null) { throw new Exception("GetLibc returned null object for openSSL11"); } ulong heapSize; var heapSizeConfig = configuration["heapSize"]; if (!string.IsNullOrWhiteSpace(heapSizeConfig)) { heapSize = ulong.Parse(heapSizeConfig); } else { heapSize = DefaultHeapSize; } int minimumAllocationSize; var minimumAllocationSizeConfig = configuration["minimumAllocationSize"]; if (!string.IsNullOrWhiteSpace(minimumAllocationSizeConfig)) { minimumAllocationSize = int.Parse(minimumAllocationSizeConfig); } else { minimumAllocationSize = DefaultMinimumAllocationSize; } Debug.WriteLine("LinuxOpenSSL11ProtectedMemoryAllocatorLP64: openSSL11 is not null"); Debug.WriteLine($"*** LinuxOpenSSL11ProtectedMemoryAllocatorLP64: CRYPTO_secure_malloc_init ***"); Check.Result(openSSL11.CRYPTO_secure_malloc_init(heapSize, minimumAllocationSize), 1, "CRYPTO_secure_malloc_init"); cryptProtectMemory = new OpenSSLCryptProtectMemory("aes-256-gcm", this); blockSize = (ulong)cryptProtectMemory.GetBlockSize(); }
protected virtual void Dispose(bool disposing) { if (!disposedValue) { LinuxOpenSSL11LP64 openSSL11ref = null; try { if (disposing) { openSSL11ref = openSSL11; Monitor.Enter(cryptProtectLock); } else { openSSL11ref = new LinuxOpenSSL11LP64(); } Debug.WriteLine("EVP_CIPHER_CTX_free encryptCtx"); openSSLCrypto.EVP_CIPHER_CTX_free(encryptCtx); encryptCtx = IntPtr.Zero; Debug.WriteLine("EVP_CIPHER_CTX_free decryptCtx"); openSSLCrypto.EVP_CIPHER_CTX_free(decryptCtx); decryptCtx = IntPtr.Zero; Debug.WriteLine($"munmap({key}, {pageSize})"); openSSL11ref.munmap(key, pageSize); key = IntPtr.Zero; } finally { if (disposing) { Monitor.Exit(cryptProtectLock); } } disposedValue = true; } }
public static bool IsAvailable() { return(LinuxOpenSSL11LP64.IsAvailable()); }