123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 |
- package util
- import (
- "crypto/aes"
- "crypto/cipher"
- "crypto/rand"
- "errors"
- "io"
- "github.com/seaweedfs/seaweedfs/weed/glog"
- )
- type CipherKey []byte
- func GenCipherKey() CipherKey {
- key := make([]byte, 32)
- if _, err := io.ReadFull(rand.Reader, key); err != nil {
- glog.Fatalf("random key gen: %v", err)
- }
- return CipherKey(key)
- }
- func Encrypt(plaintext []byte, key CipherKey) ([]byte, error) {
- c, err := aes.NewCipher(key)
- if err != nil {
- return nil, err
- }
- gcm, err := cipher.NewGCM(c)
- if err != nil {
- return nil, err
- }
- nonce := make([]byte, gcm.NonceSize())
- if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
- return nil, err
- }
- return gcm.Seal(nonce, nonce, plaintext, nil), nil
- }
- func Decrypt(ciphertext []byte, key CipherKey) ([]byte, error) {
- c, err := aes.NewCipher(key)
- if err != nil {
- return nil, err
- }
- gcm, err := cipher.NewGCM(c)
- if err != nil {
- return nil, err
- }
- nonceSize := gcm.NonceSize()
- if len(ciphertext) < nonceSize {
- return nil, errors.New("ciphertext too short")
- }
- nonce, ciphertext := ciphertext[:nonceSize], ciphertext[nonceSize:]
- return gcm.Open(nil, nonce, ciphertext, nil)
- }
|