/
encrypt.go
83 lines (72 loc) · 2.55 KB
/
encrypt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
package util
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"io"
)
// AESEncrypt takes in a 16, 24, or 32 byte AES key (128, 192, 256 bit encryption respectively) and plain text. It
// returns the encrypted text. In case of error, the text returned is an empty string. AES requires input text to
// be greater than 12 bytes in length.
func AESEncrypt(bytesToEncrypt []byte, aesKey []byte) ([]byte, error) {
cipherBlock, err := aes.NewCipher(aesKey)
if err != nil {
return []byte{}, err
}
gcm, err := cipher.NewGCM(cipherBlock)
if err != nil {
return []byte{}, err
}
nonce := make([]byte, gcm.NonceSize())
if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
return []byte{}, err
}
return gcm.Seal(nonce, nonce, bytesToEncrypt, nil), nil
}
// AESDecrypt takes in a 16, 24, or 32 byte AES key (128, 192, 256 bit encryption respectively) and encrypted text. It
// returns the resulting decrypted text. In case of error, the text returned is an empty string. AES requires input
// text to be greater than 12 bytes in length.
func AESDecrypt(bytesToDecrypt []byte, aesKey []byte) ([]byte, error) {
cipherBlock, err := aes.NewCipher(aesKey)
if err != nil {
return []byte{}, err
}
gcm, err := cipher.NewGCM(cipherBlock)
if err != nil {
return []byte{}, err
}
nonceSize := gcm.NonceSize()
if len(bytesToDecrypt) < nonceSize {
return []byte{}, err
}
nonce := bytesToDecrypt[:nonceSize]
ciphertext := bytesToDecrypt[nonceSize:]
decryptedString, err := gcm.Open(nil, nonce, ciphertext, nil)
if err != nil {
return []byte{}, err
}
return decryptedString, nil
}
// ValidateAESKey takes in a byte slice and tests if it's a valid AES key (16, 24, or 32 bytes)
func ValidateAESKey(keyBytes []byte) error {
_, err := aes.NewCipher(keyBytes)
return err
}