Jae Kwon
8 years ago
2 changed files with 102 additions and 0 deletions
Split View
Diff Options
-
+51 -0encrypt.go
-
+51 -0encrypt_test.go
+ 51
- 0
encrypt.go
View File
| @ -0,0 +1,51 @@ | |||
| package crypto | |||
| import ( | |||
| "errors" | |||
| . "github.com/tendermint/go-common" | |||
| "golang.org/x/crypto/nacl/secretbox" | |||
| ) | |||
| const nonceLen = 24 | |||
| const secretLen = 32 | |||
| // secret must be 32 bytes long. Use something like Sha256(Bcrypt(passphrase)) | |||
| // The ciphertext is (secretbox.Overhead + 24) bytes longer than the plaintext. | |||
| // NOTE: call crypto.MixEntropy() first. | |||
| func EncryptSymmetric(plaintext []byte, secret []byte) (ciphertext []byte) { | |||
| if len(secret) != secretLen { | |||
| PanicSanity(Fmt("Secret must be 32 bytes long, got len %v", len(secret))) | |||
| } | |||
| nonce := CRandBytes(nonceLen) | |||
| nonceArr := [nonceLen]byte{} | |||
| copy(nonceArr[:], nonce) | |||
| secretArr := [secretLen]byte{} | |||
| copy(secretArr[:], secret) | |||
| ciphertext = make([]byte, nonceLen+secretbox.Overhead+len(plaintext)) | |||
| copy(ciphertext, nonce) | |||
| secretbox.Seal(ciphertext[nonceLen:nonceLen], plaintext, &nonceArr, &secretArr) | |||
| return ciphertext | |||
| } | |||
| // secret must be 32 bytes long. Use something like Sha256(Bcrypt(passphrase)) | |||
| // The ciphertext is (secretbox.Overhead + 24) bytes longer than the plaintext. | |||
| func DecryptSymmetric(ciphertext []byte, secret []byte) (plaintext []byte, err error) { | |||
| if len(secret) != secretLen { | |||
| PanicSanity(Fmt("Secret must be 32 bytes long, got len %v", len(secret))) | |||
| } | |||
| if len(ciphertext) <= secretbox.Overhead+nonceLen { | |||
| return nil, errors.New("Ciphertext is too short") | |||
| } | |||
| nonce := ciphertext[:nonceLen] | |||
| nonceArr := [nonceLen]byte{} | |||
| copy(nonceArr[:], nonce) | |||
| secretArr := [secretLen]byte{} | |||
| copy(secretArr[:], secret) | |||
| plaintext = make([]byte, len(ciphertext)-nonceLen-secretbox.Overhead) | |||
| _, ok := secretbox.Open(plaintext[:0], ciphertext[nonceLen:], &nonceArr, &secretArr) | |||
| if !ok { | |||
| return nil, errors.New("Ciphertext decryption failed") | |||
| } | |||
| return plaintext, nil | |||
| } | |||
+ 51
- 0
encrypt_test.go
View File
| @ -0,0 +1,51 @@ | |||
| package crypto | |||
| import ( | |||
| "bytes" | |||
| "golang.org/x/crypto/bcrypt" | |||
| "testing" | |||
| ) | |||
| func TestSimple(t *testing.T) { | |||
| MixEntropy([]byte("someentropy")) | |||
| plaintext := []byte("sometext") | |||
| secret := []byte("somesecretoflengththirtytwo===32") | |||
| ciphertext := EncryptSymmetric(plaintext, secret) | |||
| plaintext2, err := DecryptSymmetric(ciphertext, secret) | |||
| if err != nil { | |||
| t.Error(err) | |||
| } | |||
| if !bytes.Equal(plaintext, plaintext2) { | |||
| t.Errorf("Decrypted plaintext was %X, expected %X", plaintext2, plaintext) | |||
| } | |||
| } | |||
| func TestSimpleWithKDF(t *testing.T) { | |||
| MixEntropy([]byte("someentropy")) | |||
| plaintext := []byte("sometext") | |||
| secretPass := []byte("somesecret") | |||
| secret, err := bcrypt.GenerateFromPassword(secretPass, 12) | |||
| if err != nil { | |||
| t.Error(err) | |||
| } | |||
| secret = Sha256(secret) | |||
| ciphertext := EncryptSymmetric(plaintext, secret) | |||
| plaintext2, err := DecryptSymmetric(ciphertext, secret) | |||
| if err != nil { | |||
| t.Error(err) | |||
| } | |||
| if !bytes.Equal(plaintext, plaintext2) { | |||
| t.Errorf("Decrypted plaintext was %X, expected %X", plaintext2, plaintext) | |||
| } | |||
| } | |||