-
Notifications
You must be signed in to change notification settings - Fork 0
/
AES.go
67 lines (52 loc) · 1.65 KB
/
AES.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
package wiz
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"github.com/pkg/errors"
)
// Encrypts given data using a key. AES256, GCM mode. Uses crypto/rand for nonce.
func AESEncrypt(data []byte, key []byte) ([]byte, error) {
if len(key) != 32 {
return []byte{}, errors.New("wiz.AESEncrypt: Key should be 32 bytes long")
}
block, err := aes.NewCipher(key)
if err != nil {
return []byte{}, errors.Wrap(err, "wiz.AESEncrypt: Failed to create cipher")
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return []byte{}, errors.Wrap(err, "wiz.AESEncrypt: Failed to create gcm")
}
nonce := make([]byte, 32)
_, err = rand.Read(nonce)
if err != nil {
return []byte{}, errors.Wrap(err, "wiz.AESEncrypt: Failed to create nonce")
}
encrypted := gcm.Seal(nil, nonce, data, nil)
return encrypted, nil
}
// Decrypts given data using a key. AES256, GCM mode.
func AESDecrypt(stream []byte, key []byte) ([]byte, error) {
if len(key) != 32 {
return []byte{}, errors.New("wiz.AESDecrypt: Key should be 32 bytes long")
}
block, err := aes.NewCipher(key)
if err != nil {
return []byte{}, errors.Wrap(err, "wiz.AESDecrypt: Failed to create cipher")
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return []byte{}, errors.Wrap(err, "wiz.AESDecrypt: Failed to create gcm")
}
if len(stream) < gcm.NonceSize() {
return []byte{}, errors.Wrap(err, "wiz.AESDecrypt: stream is shorter than gcm.NonceSize()")
}
nonce := stream[:gcm.NonceSize()]
stream = stream[gcm.NonceSize():]
decrypted, err := gcm.Open(nil, nonce, stream, nil)
if err != nil {
return []byte{}, errors.Wrap(err, "wiz.AESDecrypt: Failed to decrypt")
}
return decrypted, nil
}