/
encrypt.go
94 lines (83 loc) · 2.99 KB
/
encrypt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
// Copyright © 2017-2018 The IPFN Developers. All Rights Reserved.
// Copyright © 2014-2018 The go-ethereum Authors. All Rights Reserved.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package sealbox
import (
"crypto/aes"
"encoding/hex"
"golang.org/x/crypto/scrypt"
"github.com/ipfn/go-digesteve/digesteve/keccak256sum"
"github.com/ipfn/go-entropy/entropy"
)
const (
// StandardScryptN is the N parameter of Scrypt encryption algorithm, using 256MB
// memory and taking approximately 1s CPU time on a modern processor.
StandardScryptN = 1 << 18
// StandardScryptP is the P parameter of Scrypt encryption algorithm, using 256MB
// memory and taking approximately 1s CPU time on a modern processor.
StandardScryptP = 1
// LightScryptN is the N parameter of Scrypt encryption algorithm, using 4MB
// memory and taking approximately 100ms CPU time on a modern processor.
LightScryptN = 1 << 12
// LightScryptP is the P parameter of Scrypt encryption algorithm, using 4MB
// memory and taking approximately 100ms CPU time on a modern processor.
LightScryptP = 6
)
// EncryptStandard - Encrypts a box using standard scrypt parameters.
func EncryptStandard(body, pwd []byte, scryptN, scryptP int) (_ SealedBox, err error) {
return Encrypt(body, pwd, StandardScryptN, StandardScryptP)
}
// EncryptLight - Encrypts a box using light scrypt parameters.
func EncryptLight(body, pwd []byte, scryptN, scryptP int) (_ SealedBox, err error) {
return Encrypt(body, pwd, LightScryptN, LightScryptP)
}
// Encrypt - Encrypts a box using the specified scrypt parameters.
func Encrypt(body, pwd []byte, scryptN, scryptP int) (_ SealedBox, err error) {
salt, err := entropy.New(32)
if err != nil {
return
}
derivedKey, err := scrypt.Key(pwd, salt, scryptN, scryptR, scryptP, scryptDKLen)
if err != nil {
return
}
iv, err := entropy.New(aes.BlockSize)
if err != nil {
return
}
cipherText, err := aesCTRXOR(derivedKey[:16], body, iv)
if err != nil {
return
}
return SealedBox{
Version: version,
Crypto: Crypto{
Cipher: "aes-128-ctr",
CipherText: hex.EncodeToString(cipherText),
CipherParams: CipherParams{
IV: hex.EncodeToString(iv),
},
KDF: keyHeaderKDF,
KDFParams: KDFParams{
N: scryptN,
R: scryptR,
P: scryptP,
DKLen: scryptDKLen,
Salt: hex.EncodeToString(salt),
},
MAC: hex.EncodeToString(keccak256sum.Bytes(derivedKey[16:32], cipherText)),
},
}, nil
}