- package xsalsa20symmetric
-
- import (
- "errors"
- "fmt"
-
- "golang.org/x/crypto/nacl/secretbox"
-
- "github.com/tendermint/tendermint/crypto"
- )
-
- // TODO, make this into a struct that implements crypto.Symmetric.
-
- const nonceLen = 24
- const secretLen = 32
-
- // secret must be 32 bytes long. Use something like Sha256(Bcrypt(passphrase))
- // The ciphertext is (secretbox.Overhead + 24) bytes longer than the plaintext.
- func EncryptSymmetric(plaintext []byte, secret []byte) (ciphertext []byte) {
- if len(secret) != secretLen {
- panic(fmt.Sprintf("Secret must be 32 bytes long, got len %v", len(secret)))
- }
- nonce := crypto.CRandBytes(nonceLen)
- nonceArr := [nonceLen]byte{}
- copy(nonceArr[:], nonce)
- secretArr := [secretLen]byte{}
- copy(secretArr[:], secret)
- ciphertext = make([]byte, nonceLen+secretbox.Overhead+len(plaintext))
- copy(ciphertext, nonce)
- secretbox.Seal(ciphertext[nonceLen:nonceLen], plaintext, &nonceArr, &secretArr)
- return ciphertext
- }
-
- // secret must be 32 bytes long. Use something like Sha256(Bcrypt(passphrase))
- // The ciphertext is (secretbox.Overhead + 24) bytes longer than the plaintext.
- func DecryptSymmetric(ciphertext []byte, secret []byte) (plaintext []byte, err error) {
- if len(secret) != secretLen {
- panic(fmt.Sprintf("Secret must be 32 bytes long, got len %v", len(secret)))
- }
- if len(ciphertext) <= secretbox.Overhead+nonceLen {
- return nil, errors.New("ciphertext is too short")
- }
- nonce := ciphertext[:nonceLen]
- nonceArr := [nonceLen]byte{}
- copy(nonceArr[:], nonce)
- secretArr := [secretLen]byte{}
- copy(secretArr[:], secret)
- plaintext = make([]byte, len(ciphertext)-nonceLen-secretbox.Overhead)
- _, ok := secretbox.Open(plaintext[:0], ciphertext[nonceLen:], &nonceArr, &secretArr)
- if !ok {
- return nil, errors.New("ciphertext decryption failed")
- }
- return plaintext, nil
- }
|