aes.go 3.28 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
package federation
//
// GangGo Diaspora Federation Library
// Copyright (C) 2017 Lukas Matt <lukas@zauberstuhl.de>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.
//

import (
21
  "bytes"
22
  "io"
23 24 25
  "encoding/base64"
  "crypto/aes"
  "crypto/cipher"
26
  "crypto/rand"
27 28 29 30 31 32 33 34
)

type Aes struct {
  Key string `json:"key,omitempty"`
  Iv string `json:"iv,omitempty"`
  Data string `json:"-"`
}

35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65
type AesWrapper struct {
  AesKey string `json:"aes_key"`
  MagicEnvelope string `json:"encrypted_magic_envelope"`
}

func (a *Aes) Generate() error {
  // The key argument should be the AES key,
  // either 16, 24, or 32 bytes to select
  // AES-128, AES-192, or AES-256.
  key := make([]byte, 32)

  _, err := io.ReadFull(rand.Reader, key)
  if err != nil {
    return err
  }
  a.Key = base64.StdEncoding.EncodeToString(key)

  // The IV needs to be unique, but not secure. Therefore it's common to
  // include it at the beginning of the ciphertext.
  iv := make([]byte, aes.BlockSize)
  if _, err := io.ReadFull(rand.Reader, iv); err != nil {
    return err
  }
  a.Iv = base64.StdEncoding.EncodeToString(iv)
  return nil
}

func (a *Aes) Encrypt(data []byte) error {
  // CBC mode works on blocks so plaintexts may need to be padded to the
  // next whole block. For an example of such padding, see
  // https://tools.ietf.org/html/rfc5246#section-6.2.3.2.
66 67 68
  padding := aes.BlockSize - len(data)%aes.BlockSize
  padtext := bytes.Repeat([]byte{byte(padding)}, padding)
  data = append(data, padtext...)
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87

  key, err := base64.StdEncoding.DecodeString(a.Key)
  if err != nil {
    return err
  }

  block, err := aes.NewCipher(key)
  if err != nil {
    return err
  }

  ciphertext := make([]byte, len(data))

  iv, err := base64.StdEncoding.DecodeString(a.Iv)
  if err != nil {
    return err
  }

  mode := cipher.NewCBCEncrypter(block, iv)
88
  mode.CryptBlocks(ciphertext, data)
89 90 91 92 93

  a.Data = base64.StdEncoding.EncodeToString(ciphertext)
  return nil
}

94 95 96 97 98 99 100 101 102 103 104
func (a Aes) Decrypt() (ciphertext []byte, err error) {
  key, err := base64.StdEncoding.DecodeString(a.Key)
  if err != nil {
    return ciphertext, err
  }

  iv, err := base64.StdEncoding.DecodeString(a.Iv)
  if err != nil {
    return ciphertext, err
  }

105 106 107 108 109 110 111
  headerText, fail := base64.URLEncoding.DecodeString(a.Data)
  if fail == nil {
    info("header aes decryption detected")
    a.Data = string(headerText)
  }

  ciphertext, err = base64.StdEncoding.DecodeString(a.Data)
112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129
  if err != nil {
    return ciphertext, err
  }

  return decryptAES(key, iv, ciphertext)
}

func decryptAES(key, iv, ciphertext []byte) ([]byte, error) {
  block, err := aes.NewCipher(key)
  if err != nil {
    return ciphertext, err
  }

  mode := cipher.NewCBCDecrypter(block, iv)
  mode.CryptBlocks(ciphertext, ciphertext)

  return ciphertext, nil
}