| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081 |
- package util
- import (
- "bytes"
- "crypto/aes"
- "crypto/cipher"
- "crypto/rand"
- "errors"
- "fmt"
- "io"
- "io/ioutil"
- "github.com/chrislusf/seaweedfs/weed/glog"
- )
- type CipherKey []byte
- func GenCipherKey() CipherKey {
- key := make([]byte, 32)
- if _, err := io.ReadFull(rand.Reader, key); err != nil {
- glog.Fatalf("random key gen: %v", err)
- }
- return CipherKey(key)
- }
- func Encrypt(plaintext []byte, key CipherKey) ([]byte, error) {
- c, err := aes.NewCipher(key)
- if err != nil {
- return nil, err
- }
- gcm, err := cipher.NewGCM(c)
- if err != nil {
- return nil, err
- }
- nonce := make([]byte, gcm.NonceSize())
- if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
- return nil, err
- }
- return gcm.Seal(nonce, nonce, plaintext, nil), nil
- }
- func Decrypt(ciphertext []byte, key CipherKey) ([]byte, error) {
- c, err := aes.NewCipher(key)
- if err != nil {
- return nil, err
- }
- gcm, err := cipher.NewGCM(c)
- if err != nil {
- return nil, err
- }
- nonceSize := gcm.NonceSize()
- if len(ciphertext) < nonceSize {
- return nil, errors.New("ciphertext too short")
- }
- nonce, ciphertext := ciphertext[:nonceSize], ciphertext[nonceSize:]
- return gcm.Open(nil, nonce, ciphertext, nil)
- }
- func EncryptReader(clearReader io.Reader) (cipherKey CipherKey, encryptedReader io.ReadCloser, clearDataLen, encryptedDataLen int, err error) {
- clearData, err := ioutil.ReadAll(clearReader)
- if err != nil {
- err = fmt.Errorf("read raw input: %v", err)
- return
- }
- clearDataLen = len(clearData)
- cipherKey = GenCipherKey()
- encryptedData, err := Encrypt(clearData, cipherKey)
- if err != nil {
- err = fmt.Errorf("encrypt input: %v", err)
- return
- }
- encryptedDataLen = len(encryptedData)
- encryptedReader = ioutil.NopCloser(bytes.NewReader(encryptedData))
- return
- }
|
