2022-04-28 05:18:25 -04:00
|
|
|
package cbc
|
|
|
|
|
|
|
|
import (
|
|
|
|
`bytes`
|
2022-04-28 05:40:27 -04:00
|
|
|
gAes `crypto/aes`
|
|
|
|
gCipher `crypto/cipher`
|
2022-04-28 05:18:25 -04:00
|
|
|
`io`
|
|
|
|
|
2022-04-28 05:40:27 -04:00
|
|
|
`r00t2.io/sshkeys/cipher`
|
2022-04-28 05:18:25 -04:00
|
|
|
`r00t2.io/sshkeys/cipher/aes`
|
|
|
|
`r00t2.io/sshkeys/cipher/aes/aes128`
|
|
|
|
`r00t2.io/sshkeys/internal`
|
|
|
|
)
|
|
|
|
|
2022-04-28 05:40:27 -04:00
|
|
|
// Setup populates a Cipher from a key. The key must include the IV suffixed to the actual key.
|
2022-04-28 05:18:25 -04:00
|
|
|
func (c *Cipher) Setup(key []byte) (err error) {
|
|
|
|
|
2022-04-28 05:40:27 -04:00
|
|
|
if key == nil || len(key) < aes128.KdfKeySize {
|
|
|
|
err = cipher.ErrBadKeyLen
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if c == nil {
|
|
|
|
c = &Cipher{}
|
|
|
|
}
|
|
|
|
|
|
|
|
c.key = key[0:aes128.KeySize]
|
|
|
|
c.iv = key[aes128.KeySize:(aes128.KdfKeySize)]
|
2022-04-28 05:18:25 -04:00
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Name returns the name as used in the key file bytes.
|
|
|
|
func (c *Cipher) Name() (name string) {
|
|
|
|
|
|
|
|
name = Name
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
|
|
|
|
func (c *Cipher) NameBytes() (name []byte) {
|
|
|
|
|
|
|
|
var err error
|
|
|
|
|
|
|
|
if name, err = internal.PackBytes(Name); err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// BlockSize returns the blocksize of this Cipher.
|
|
|
|
func (c *Cipher) BlockSize() (size int) {
|
|
|
|
|
|
|
|
size = aes.BlockSize
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// KdfKeySize returns the target key length from KDF to use with this Cipher.
|
|
|
|
func (c *Cipher) KdfKeySize() (size int) {
|
|
|
|
|
|
|
|
size = aes128.KeySize
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
|
|
|
|
|
|
|
|
NOTE: Padding IS applied automatically.
|
|
|
|
|
|
|
|
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
|
|
|
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
|
|
|
|
|
|
|
|
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
|
|
|
*/
|
|
|
|
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
|
|
|
|
|
|
|
var b []byte
|
|
|
|
var cryptDst []byte
|
|
|
|
var padded *bytes.Reader
|
2022-04-28 05:40:27 -04:00
|
|
|
var cryptBlock gCipher.Block
|
|
|
|
var crypter gCipher.BlockMode
|
2022-04-28 05:18:25 -04:00
|
|
|
|
|
|
|
if b, err = internal.SerializeData(data); err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if padded, err = c.Pad(b); err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
b = make([]byte, padded.Len())
|
|
|
|
if b, err = io.ReadAll(padded); err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
cryptDst = make([]byte, len(b))
|
|
|
|
|
2022-04-28 05:40:27 -04:00
|
|
|
if cryptBlock, err = gAes.NewCipher(c.key); err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
crypter = gCipher.NewCBCEncrypter(cryptBlock, c.iv)
|
|
|
|
|
|
|
|
crypter.CryptBlocks(cryptDst, b)
|
|
|
|
|
|
|
|
encrypted = bytes.NewReader(cryptDst)
|
2022-04-28 05:18:25 -04:00
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
|
|
|
|
|
|
|
|
NOTE: Padding IS applied automatically.
|
|
|
|
|
|
|
|
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
|
|
|
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
|
|
|
|
|
|
|
|
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
|
|
|
*/
|
|
|
|
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
|
|
|
|
|
|
|
var b *bytes.Reader
|
|
|
|
var buf *bytes.Buffer = new(bytes.Buffer)
|
|
|
|
var alloc []byte = make([]byte, 4)
|
|
|
|
|
|
|
|
if b, err = c.Encrypt(data); err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if alloc, err = internal.PackBytes(b); err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if _, err = buf.Write(alloc); err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if _, err = b.WriteTo(buf); err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
encrypted = bytes.NewReader(buf.Bytes())
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
|
|
|
|
The resulting padded buffer is returned.
|
|
|
|
|
|
|
|
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
|
|
|
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
|
|
|
|
|
|
|
|
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
|
|
|
*/
|
|
|
|
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
|
|
|
|
|
2022-04-28 05:40:27 -04:00
|
|
|
var b []byte
|
|
|
|
var padNum int
|
|
|
|
var pad []byte
|
|
|
|
var buf *bytes.Buffer
|
|
|
|
|
|
|
|
if b, err = internal.UnpackBytes(data); err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
buf = bytes.NewBuffer(b)
|
|
|
|
|
|
|
|
for padIdx := 1; (buf.Len() % aes.BlockSize) != 0; padIdx++ {
|
|
|
|
|
|
|
|
padNum = padIdx & cipher.PadMod
|
|
|
|
pad = []byte{byte(uint32(padNum))}
|
|
|
|
|
|
|
|
if _, err = buf.Write(pad); err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
2022-04-28 05:18:25 -04:00
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
|
|
|
|
|
|
|
|
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
|
|
|
|
|
|
|
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
|
|
|
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
|
|
|
|
|
|
|
|
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
|
|
|
*/
|
|
|
|
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
|
|
|
|
|
|
|
var b []byte
|
|
|
|
var decryptDst []byte
|
2022-04-28 05:40:27 -04:00
|
|
|
var cryptBlock gCipher.Block
|
|
|
|
var decrypter gCipher.BlockMode
|
2022-04-28 05:18:25 -04:00
|
|
|
|
|
|
|
if b, err = internal.SerializeData(data); err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
decryptDst = make([]byte, len(b))
|
|
|
|
|
2022-04-28 05:40:27 -04:00
|
|
|
if cryptBlock, err = gAes.NewCipher(c.key); err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
decrypter = gCipher.NewCBCDecrypter(cryptBlock, c.iv)
|
|
|
|
|
|
|
|
decrypter.CryptBlocks(decryptDst, b)
|
|
|
|
|
|
|
|
decrypted = bytes.NewReader(decryptDst)
|
2022-04-28 05:18:25 -04:00
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
|
|
|
|
|
|
|
|
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
|
|
|
|
|
|
|
|
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
|
|
|
|
|
|
|
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
|
|
|
|
|
|
|
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
|
|
|
*/
|
|
|
|
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
|
|
|
|
|
|
|
var b []byte
|
|
|
|
|
|
|
|
if b, err = internal.UnpackBytes(data); err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if decrypted, err = c.Decrypt(b); err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
|
|
|
|
|
|
|
|
It will always return false. It is included for interface compatability.
|
|
|
|
*/
|
|
|
|
func (c *Cipher) IsPlain() (plain bool) {
|
|
|
|
|
|
|
|
plain = false
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|