/
crypto.go
executable file
·109 lines (85 loc) · 2.25 KB
/
crypto.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
package secure
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"errors"
)
// AESEncryptWithGCM encrypts a plain text using the key.
func AESEncryptWithGCM(plainText []byte, key []byte) ([]byte, error) {
key, salt, err := ScryptDeriveKey(key, nil)
if err != nil {
return nil, err
}
c, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
gcm, err := cipher.NewGCM(c)
if err != nil {
return nil, err
}
nonce := make([]byte, gcm.NonceSize())
if _, err = rand.Read(nonce); err != nil {
return nil, err
}
encryptedText := gcm.Seal(nonce, nonce, plainText, nil)
encryptedText = append(encryptedText, salt...)
et := EncodeBase64(encryptedText)
return et, nil
}
// AESDecryptWithGCM decrypts an encrypted text using the key.
func AESDecryptWithGCM(encryptedText []byte, key []byte) ([]byte, error) {
et, err := DecodeBase64(encryptedText)
if err != nil {
return nil, err
}
salt, data := et[len(et)-32:], et[:len(et)-32]
key, _, err = ScryptDeriveKey(key, salt)
if err != nil {
return nil, err
}
c, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
gcm, err := cipher.NewGCM(c)
if err != nil {
return nil, err
}
nonceSize := gcm.NonceSize()
if len(et) < nonceSize {
return nil, errors.New("encrypted text is shorter than the required size")
}
nonce, et := data[:nonceSize], data[nonceSize:]
decryptedText, err := gcm.Open(nil, nonce, et, nil)
if err != nil {
return nil, err
}
return decryptedText, nil
}
// RSAEncryptWithOAEP encrypts a plain text using a public key.
func RSAEncryptWithOAEP(plainText []byte, pubKey *rsa.PublicKey, label []byte) ([]byte, error) {
rng := rand.Reader
encryptedText, err := rsa.EncryptOAEP(sha256.New(), rng, pubKey, plainText, label)
if err != nil {
return nil, err
}
et := EncodeBase64(encryptedText)
return et, nil
}
// RSADecryptWithOAEP decrypts an encrypted text using a private key.
func RSADecryptWithOAEP(encryptedText []byte, privKey *rsa.PrivateKey, label []byte) ([]byte, error) {
et, err := DecodeBase64(encryptedText)
if err != nil {
return nil, err
}
rng := rand.Reader
decryptedText, err := rsa.DecryptOAEP(sha256.New(), rng, privKey, et, label)
if err != nil {
return nil, err
}
return decryptedText, nil
}