forked from aws/aws-sdk-go
-
Notifications
You must be signed in to change notification settings - Fork 1
/
aes_cbc_content_cipher.go
73 lines (61 loc) · 2.06 KB
/
aes_cbc_content_cipher.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
package s3crypto
import (
"io"
"strings"
)
const (
cbcKeySize = 32
cbcNonceSize = 16
)
type cbcContentCipherBuilder struct {
generator CipherDataGenerator
padder Padder
}
// AESCBCContentCipherBuilder returns a new encryption only mode structure with a specific cipher
// for the master key
func AESCBCContentCipherBuilder(generator CipherDataGenerator, padder Padder) ContentCipherBuilder {
return cbcContentCipherBuilder{generator: generator, padder: padder}
}
func (builder cbcContentCipherBuilder) ContentCipher() (ContentCipher, error) {
cd, err := builder.generator.GenerateCipherData(cbcKeySize, cbcNonceSize)
if err != nil {
return nil, err
}
cd.Padder = builder.padder
return newAESCBCContentCipher(cd)
}
// newAESCBCContentCipher will create a new aes cbc content cipher. If the cipher data's
// will set the CEK algorithm if it hasn't been set.
func newAESCBCContentCipher(cd CipherData) (ContentCipher, error) {
if len(cd.CEKAlgorithm) == 0 {
cd.CEKAlgorithm = strings.Join([]string{AESCBC, cd.Padder.Name()}, "/")
}
cipher, err := newAESCBC(cd, cd.Padder)
if err != nil {
return nil, err
}
return &aesCBCContentCipher{
CipherData: cd,
Cipher: cipher,
}, nil
}
// aesCBCContentCipher will use AES CBC for the main cipher.
type aesCBCContentCipher struct {
CipherData CipherData
Cipher Cipher
}
// EncryptContents will generate a random key and iv and encrypt the data using cbc
func (cc *aesCBCContentCipher) EncryptContents(src io.Reader) (io.Reader, error) {
return cc.Cipher.Encrypt(src), nil
}
// DecryptContents will use the symmetric key provider to instantiate a new CBC cipher.
// We grab a decrypt reader from CBC and wrap it in a CryptoReadCloser. The only error
// expected here is when the key or iv is of invalid length.
func (cc *aesCBCContentCipher) DecryptContents(src io.ReadCloser) (io.ReadCloser, error) {
reader := cc.Cipher.Decrypt(src)
return &CryptoReadCloser{Body: src, Decrypter: reader}, nil
}
// GetCipherData returns cipher data
func (cc aesCBCContentCipher) GetCipherData() CipherData {
return cc.CipherData
}