aes.go 1.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657
  1. // Copyright 2020 The Gogs Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package cryptoutil
  5. import (
  6. "crypto/aes"
  7. "crypto/cipher"
  8. "crypto/rand"
  9. "errors"
  10. )
  11. // AESGCMEncrypt encrypts plaintext with the given key using AES in GCM mode.
  12. func AESGCMEncrypt(key, plaintext []byte) ([]byte, error) {
  13. block, err := aes.NewCipher(key)
  14. if err != nil {
  15. return nil, err
  16. }
  17. gcm, err := cipher.NewGCM(block)
  18. if err != nil {
  19. return nil, err
  20. }
  21. nonce := make([]byte, gcm.NonceSize())
  22. if _, err := rand.Read(nonce); err != nil {
  23. return nil, err
  24. }
  25. ciphertext := gcm.Seal(nil, nonce, plaintext, nil)
  26. return append(nonce, ciphertext...), nil
  27. }
  28. // AESGCMDecrypt decrypts ciphertext with the given key using AES in GCM mode.
  29. func AESGCMDecrypt(key, ciphertext []byte) ([]byte, error) {
  30. block, err := aes.NewCipher(key)
  31. if err != nil {
  32. return nil, err
  33. }
  34. gcm, err := cipher.NewGCM(block)
  35. if err != nil {
  36. return nil, err
  37. }
  38. size := gcm.NonceSize()
  39. if len(ciphertext)-size <= 0 {
  40. return nil, errors.New("ciphertext is empty")
  41. }
  42. nonce := ciphertext[:size]
  43. ciphertext = ciphertext[size:]
  44. return gcm.Open(nil, nonce, ciphertext, nil)
  45. }