-
Notifications
You must be signed in to change notification settings - Fork 0
/
crypto.go
77 lines (65 loc) · 1.65 KB
/
crypto.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
package crypto
import (
"crypto/aes"
"crypto/cipher"
"crypto/hmac"
"crypto/rand"
"crypto/sha256"
"encoding/base64"
"errors"
"io"
"strings"
)
func Encrypt(password string, val []byte) (string, error) {
key := []byte(fixLength(password))
block, err := aes.NewCipher(key)
if err != nil {
return "", err
}
encrypted := make([]byte, aes.BlockSize+len(val))
iv := encrypted[:aes.BlockSize]
msg := encrypted[aes.BlockSize:]
hash := make([]byte, sha256.Size)
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
return "", err
}
cfb := cipher.NewCFBEncrypter(block, iv)
cfb.XORKeyStream(msg, val)
mac := hmac.New(sha256.New, key)
mac.Write(msg)
hash = mac.Sum(nil)
return base64.StdEncoding.EncodeToString(append(encrypted, hash...)), nil
}
func Decrypt(password, encrypted string) ([]byte, error) {
// make sure the key is the proper length:
val, err := base64.StdEncoding.DecodeString(encrypted)
if err != nil {
return nil, err
}
key := []byte(fixLength(password))
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
if len(val) < aes.BlockSize {
return nil, errors.New("ciphertext too short")
}
iv := val[:aes.BlockSize]
oldHash := val[len(val)-sha256.Size:]
val = val[aes.BlockSize : len(val)-sha256.Size]
mac := hmac.New(sha256.New, key)
mac.Write([]byte(val))
newHash := mac.Sum(nil)
if !hmac.Equal(oldHash, newHash) {
return nil, errors.New("invalid hash")
}
cfb := cipher.NewCFBDecrypter(block, iv)
cfb.XORKeyStream(val, val)
return val, nil
}
func fixLength(val string) string {
if offset := len(val) % aes.BlockSize; offset != 0 {
val += strings.Repeat("_", aes.BlockSize-offset)
}
return val
}