-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathencrypt.go
More file actions
130 lines (115 loc) · 3.24 KB
/
Copy pathencrypt.go
File metadata and controls
130 lines (115 loc) · 3.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
/*
* Copyright (c) 2019 Zenichi Amano
*
* This file is part of http-ece, which is MIT licensed.
* See http://opensource.org/licenses/MIT
*/
package httpece
import (
"crypto/cipher"
"fmt"
"math"
)
// Encrypt encrypts plaintext data.
func Encrypt(plaintext []byte, opts ...Option) ([]byte, error) {
var opt *options
var err error
// Options
if opt, err = parseOptions(encrypt, opts); err != nil {
return nil, err
}
// Save the DH public key in the header unless keyID is set.
if opt.encoding == AES128GCM && len(opt.keyID) == 0 {
opt.keyID = opt.publicKey.Bytes()
}
debug.dumpBinary("recv pub key", opt.dh)
debug.dumpBinary("send prv key", opt.privateKey.Bytes())
// Generate salt
saltLen := len(opt.salt)
if saltLen == 0 {
if opt.salt, err = randomSalt(); err != nil {
return nil, err
}
} else if saltLen != keyLen {
return nil, fmt.Errorf("the salt parameter must be %d bytes", keyLen)
}
// Derive key and nonce.
key, baseNonce, err := deriveKeyAndNonce(opt)
if err != nil {
return nil, err
}
gcm, err := createCipher(key)
if err != nil {
return nil, err
}
// Check Record Size
overhead := opt.encoding.overhead(gcm)
recordSize := int(opt.recordSize)
if recordSize <= overhead {
return nil, fmt.Errorf("recordSize has to be greater than %d", overhead)
}
var (
baseRecordSize = recordSize - overhead
start = 0
counter = uint32(0)
plaintextLen = len(plaintext)
padSize = opt.padSize
recordNum = 1 + (plaintextLen+padSize+baseRecordSize-1)/baseRecordSize
)
results := make([][]byte, 0, recordNum)
// Create header.
results, err = writeHeader(opt, results)
if err != nil {
return nil, err
}
// Encrypt records.
last := false
for !last {
recordPad := opt.encoding.calculateRecordPadSize(padSize, baseRecordSize)
padSize -= recordPad
end := start + baseRecordSize - recordPad
last = opt.encoding.isLastBlock(padSize, plaintextLen, end)
end = min(end, plaintextLen)
// Generate nonce.
nonce := generateNonce(baseNonce, counter)
debug.dumpBinary("nonce", nonce)
r, err := encryptRecord(opt, gcm, nonce, plaintext[start:end], recordPad, last)
if err != nil {
return nil, err
}
results = append(results, r)
debug.dumpBinary("result", r)
start = end
counter++
}
return join(results), nil
}
func encryptRecord(opt *options, gcm cipher.AEAD, nonce, plaintext []byte, recordPad int, last bool) ([]byte, error) {
plaintextWithPadding, err := opt.encoding.appendPadding(plaintext, recordPad, last)
if err != nil {
return nil, err
}
return gcm.Seal(nil, nonce, plaintextWithPadding, nil), nil
}
func writeHeader(opt *options, results [][]byte) ([][]byte, error) {
switch opt.encoding {
case AES128GCM:
keyIDLen := len(opt.keyID)
if keyIDLen > math.MaxUint8 {
return nil, fmt.Errorf("invalid keyID length %d", keyIDLen)
}
saltLen := len(opt.salt)
if saltLen > math.MaxUint8 {
return nil, fmt.Errorf("invalid salt length %d", saltLen)
}
buffer := make([]byte, saltLen+4+1+keyIDLen)
copy(buffer, opt.salt)
copy(buffer[saltLen:], uint32ToBytes(opt.recordSize))
buffer[saltLen+4] = uint8(keyIDLen)
copy(buffer[saltLen+5:], opt.keyID)
return append(results, buffer), nil
default:
// No header on other versions
return results, nil
}
}