go_sshkeys/cipher/aes/aes128/gcm/funcs.go

172 lines
4.5 KiB
Go
Raw Normal View History

2022-04-28 05:18:25 -04:00
package gcm
import (
"bytes"
gCipher "crypto/cipher"
2022-04-28 05:18:25 -04:00
"r00t2.io/sshkeys/internal"
"r00t2.io/sshkeys/internal/ciphers/aesCommon"
2022-04-28 05:18:25 -04:00
)
// Setup populates a Cipher from a key. The key must include the IV suffixed to the actual key.
2022-04-28 05:18:25 -04:00
func (c *Cipher) Setup(key []byte) (err error) {
if c == nil {
*c = Cipher{
&aesCommon.AesCipher{},
}
}
if err = c.CipherSetup(key, aesCommon.Aes128Bits); err != nil {
return
}
2022-04-28 05:18:25 -04:00
return
}
// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {
name = Name
return
}
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {
var err error
if name, err = internal.PackBytes(Name); err != nil {
return
}
return
}
/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var padded []byte
2022-04-28 05:18:25 -04:00
var cryptDst []byte
var cryptBlock gCipher.Block
var crypter gCipher.AEAD
2022-04-28 05:18:25 -04:00
if cryptDst, padded, cryptBlock, err = c.GetCryptBlock(data); err != nil {
2022-04-28 05:18:25 -04:00
return
}
if crypter, err = gCipher.NewGCM(cryptBlock); err != nil {
2022-04-28 05:18:25 -04:00
return
}
cryptDst = crypter.Seal(cryptDst, c.IV, padded, nil)
2022-04-28 05:18:25 -04:00
encrypted = bytes.NewReader(cryptDst)
2022-04-28 05:18:25 -04:00
return
}
/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)
if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}
if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}
encrypted = bytes.NewReader(buf.Bytes())
return
}
/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var plain []byte
var padded []byte
var cryptBlock gCipher.Block
var decrypter gCipher.AEAD
2022-04-28 05:18:25 -04:00
if plain, padded, cryptBlock, err = c.GetDecryptBlock(data); err != nil {
2022-04-28 05:18:25 -04:00
return
}
if decrypter, err = gCipher.NewGCM(cryptBlock); err != nil {
return
}
2022-04-28 05:18:25 -04:00
if plain, err = decrypter.Open(plain, c.IV, padded, nil); err != nil {
return
}
decrypted = bytes.NewReader(plain)
2022-04-28 05:18:25 -04:00
return
}
/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}
return
}