/
blockcipher.go
45 lines (37 loc) · 1.19 KB
/
blockcipher.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
package util
import (
"crypto/aes"
"crypto/cipher"
"github.com/pkg/errors"
)
// EncryptCipherBlock encrypts a single plaintext block using AES in the CTR mode. Unusually, it lets the caller specify the
// counter's value; the counter is added to the IV.
func EncryptCipherBlock(plaintext []byte, key []byte, iv []byte, counter uint32) ([]byte, error) {
if len(plaintext) != aes.BlockSize {
return nil, errors.New("cleartext must be exactly one block in length")
}
block, err := aes.NewCipher(key)
if err != nil {
return nil, errors.Wrap(err, "failed to construct block cipher")
}
// Duplicate iv so that we don't mutate the array backing the slice we were passed.
ivCtr := make([]byte, len(iv))
copy(ivCtr, iv)
incrementIV(ivCtr, counter)
ciphertext := make([]byte, aes.BlockSize)
stream := cipher.NewCTR(block, ivCtr)
stream.XORKeyStream(ciphertext, plaintext)
return ciphertext, nil
}
// XXX: We can make this much more efficient; this code is just borrowed from `crypto/cipher/ctr.go`.
func incrementIV(iv []byte, counter uint32) {
for j := uint32(0); j < counter; j++ {
// Increment counter
for i := len(iv) - 1; i >= 0; i-- {
iv[i]++
if iv[i] != 0 {
break
}
}
}
}