-
Notifications
You must be signed in to change notification settings - Fork 0
/
impl_aes256.go
175 lines (142 loc) · 4.34 KB
/
impl_aes256.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
package oxicrypt
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"encoding/base64"
"errors"
"io"
"golang.org/x/crypto/scrypt"
)
// AES256 constants
const cCryptIDAES25601 = "8GA63DMN"
const cAES256TextDescription = "AES256V1"
const cAESKeyLength = 32 // AES-256
const cLoops = 32768 // Increase it with computer power
type cipherAES256 struct {
passwordKey []byte
cachedFinalKey []byte
}
func (cipher256 *cipherAES256) CleanAndInit() {
cipher256.passwordKey = nil
cipher256.cachedFinalKey = nil
}
func (cipher256 *cipherAES256) GetCryptID() string {
return cCryptIDAES25601
}
func (cipher256 *cipherAES256) GetCipherName() string {
return cAES256TextDescription
}
func (cipher256 *cipherAES256) SetPassword(password string) (err error) {
cipher256.passwordKey = cipher256.makePasswordKey(password)
err = cipher256.SetPasswordKey(cipher256.passwordKey)
if err != nil {
return err
}
return nil
}
func (cipher256 *cipherAES256) makePasswordKey(password string) (keyDataOut []byte) {
for len(password) < cAESKeyLength {
password += password
}
return []byte(password)
}
func (cipher256 *cipherAES256) GetPasswordKey() []byte {
return cipher256.passwordKey
}
func (cipher256 *cipherAES256) SetPasswordKey(keyDataIn []byte) (err error) {
if len(keyDataIn) < cAESKeyLength {
return formError(OXICRPT002wrongKeyLength, cAES256TextDescription, "SetPasswordKey", "Key length must be at least 32 bytes")
}
cipher256.passwordKey = keyDataIn
return nil
}
func (cipher256 *cipherAES256) IsPasswordSet() bool {
if cipher256.passwordKey == nil {
return false
}
return true
}
func (cipher256 *cipherAES256) Encrypt(text string) (string, error) {
encryptedData, err := cipher256.EncryptBLOB(text)
if err != nil {
return "", err
}
return base64.URLEncoding.EncodeToString(encryptedData), nil
}
func (cipher256 *cipherAES256) EncryptBLOB(text string) ([]byte, error) {
plainData := []byte(text)
encryptedData, err := cipher256.EncryptBIN(plainData)
if err != nil {
return nil, err
}
return encryptedData, nil
}
func (cipher256 *cipherAES256) EncryptBIN(inData []byte) (outData []byte, err error) {
if cipher256.IsPasswordSet() == false {
return nil, formError(OXICRPT001encKeyIsNotSet)
}
if cipher256.cachedFinalKey == nil {
cipher256.cachedFinalKey, err = scrypt.Key(cipher256.passwordKey, nil, cLoops, 8, 1, cAESKeyLength)
if err != nil {
return nil, err
}
}
block, err := aes.NewCipher(cipher256.cachedFinalKey)
if err != nil {
cipher256.cachedFinalKey = nil // Clear cache in case of failure
return nil, formError("aes.NewCipher", err.Error())
}
encryptedData := make([]byte, aes.BlockSize+len(inData))
iv := encryptedData[:aes.BlockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
cipher256.cachedFinalKey = nil // Clear cache in case of failure
return nil, formError("ReadFull", err.Error())
}
stream := cipher.NewCFBEncrypter(block, iv)
stream.XORKeyStream(encryptedData[aes.BlockSize:], inData)
return encryptedData, nil
}
func (cipher256 *cipherAES256) Decrypt(encryptedText string) (string, error) {
dataIn, err := base64.URLEncoding.DecodeString(encryptedText)
if err != nil {
return "", err
}
decryptedText, err := cipher256.DecryptBLOB(dataIn)
if err != nil {
return "", err
}
return decryptedText, nil
}
func (cipher256 *cipherAES256) DecryptBLOB(dataIn []byte) (string, error) {
dataOut, err := cipher256.DecryptBIN(dataIn)
if err != nil {
return "", err
}
return string(dataOut), nil
}
func (cipher256 *cipherAES256) DecryptBIN(dataIn []byte) (dataOut []byte, err error) {
if cipher256.IsPasswordSet() == false {
return nil, formError(OXICRPT001encKeyIsNotSet, cAES256TextDescription, "DecryptBIN")
}
if cipher256.cachedFinalKey == nil {
cipher256.cachedFinalKey, err = scrypt.Key(cipher256.passwordKey, nil, cLoops, 8, 1, cAESKeyLength)
if err != nil {
return nil, err
}
}
block, err := aes.NewCipher(cipher256.cachedFinalKey)
if err != nil {
cipher256.cachedFinalKey = nil // Clear cache in case of failure
return nil, err
}
if len(dataIn) < aes.BlockSize {
cipher256.cachedFinalKey = nil // Clear cache in case of failure
return nil, errors.New("cipher text is too short for AES")
}
iv := dataIn[:aes.BlockSize]
dataWork := dataIn[aes.BlockSize:]
stream := cipher.NewCFBDecrypter(block, iv)
stream.XORKeyStream(dataWork, dataWork)
return dataWork, nil
}