This repository was archived by the owner on Feb 4, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcrypto.go
103 lines (95 loc) · 2.67 KB
/
crypto.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
package pw2go
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"crypto/sha256"
"crypto/sha512"
"encoding/base64"
"errors"
)
const (
// BADKEY Error for bad key length
BADKEY = "Unsupported key size"
)
// AESCipher Cipher object for AES GCM mode
type AESCipher struct {
ciphertext string
nonce string
}
// Check key length support
func allowedLength(length int) bool {
KEYSIZES := map[int]bool{
16: true,
32: true,
}
return KEYSIZES[length]
}
// Generate AES key with a certain length from a string key and context string (used as salt)
func generateKey(key, context string, length int) ([]byte, error) {
if !allowedLength(length) {
return nil, errors.New(BADKEY)
}
hash := sha512.Sum512([]byte(key + context))
return hash[:length], nil
}
// Encrypt string using AES in GCM mode, return object with base64 encoding or ciphertext and nonce.
// The AES key is generated from a string key and a context string (used as salt).
// Supported key sizes: 128bits, 256bits
func encryptAESGCM(plain, key, context string, length int) (AESCipher, error) {
var res AESCipher
genkey, err := generateKey(key, context, length)
if err != nil {
return res, err
}
nonce := make([]byte, 12)
if _, err := rand.Read(nonce); err != nil {
return res, err
}
block, err := aes.NewCipher(genkey)
if err != nil {
return res, err
}
aesgcm, err := cipher.NewGCM(block)
if err != nil {
return res, err
}
ciphertext := aesgcm.Seal(nil, nonce, []byte(plain), nil)
res = AESCipher{
base64.StdEncoding.EncodeToString(ciphertext),
base64.StdEncoding.EncodeToString(nonce),
}
return res, nil
}
// Decrypt payload encrypted with AES in GCM mode, accepts object with base64 encoding or ciphertext and nonce.
// The AES key is generated from a string key and a context string (used as salt).
// Supported key sizes: 128bits, 256bits
func decryptAESGCM(cipherobj *AESCipher, key, context string, length int) (string, error) {
genkey, err := generateKey(key, context, length)
if err != nil {
return "", err
}
cipherbytes, err1 := base64.StdEncoding.DecodeString(cipherobj.ciphertext)
nonce, err2 := base64.StdEncoding.DecodeString(cipherobj.nonce)
if err1 != nil || err2 != nil {
return "", errors.New(err1.Error() + "; " + err2.Error())
}
block, err := aes.NewCipher(genkey)
if err != nil {
return "", err
}
aesgcm, err := cipher.NewGCM(block)
if err != nil {
return "", err
}
plain, err := aesgcm.Open(nil, nonce, cipherbytes, nil)
if err != nil {
return "", err
}
return string(plain), nil
}
// Evaluate SHA256 digest of a string in base64 encoding
func sha256sum(data string) string {
hash := sha256.Sum256([]byte(data))
return base64.StdEncoding.EncodeToString(hash[:])
}