-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathpayloadcrypt.go
117 lines (110 loc) · 2.89 KB
/
payloadcrypt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
// Package payloadcrypt provides payload encryption and decryption
// utilities, primarily for UDP packets.
package payloadcrypt
import (
"crypto/aes"
"crypto/cipher"
"crypto/hmac"
"crypto/rand"
"crypto/sha256"
"fmt"
"hash"
"io"
)
// Crypt represents a payload encrypter and decrypter
// based on shared encryption and authentication keys.
type Crypt struct {
encryptionKey []byte
hmacKey []byte
iv []byte
block cipher.Block
hmac hash.Hash
}
// NewCrypt returns a new *Crypt with the given keys.
func NewCrypt(encryptionKey, hmacKey []byte) (*Crypt, error) {
if len(encryptionKey) != 32 {
encryptionKey = passphraseToKey(encryptionKey)
}
if len(hmacKey) != 32 {
hmacKey = passphraseToKey(hmacKey)
}
block, err := aes.NewCipher(encryptionKey)
if err != nil {
return nil, err
}
return &Crypt{
encryptionKey: encryptionKey,
hmacKey: hmacKey,
iv: nil,
block: block,
hmac: hmac.New(sha256.New, hmacKey),
}, nil
}
// Encrypt encrypts the given payload.
func (c *Crypt) Encrypt(payload []byte) ([]byte, error) {
if c.iv == nil {
// Initialize IV
c.iv = make([]byte, aes.BlockSize)
err := c.generateIV()
if err != nil {
return nil, err
}
}
ciphertext := make([]byte, aes.BlockSize+len(payload))
copy(ciphertext[:aes.BlockSize], c.iv)
stream := cipher.NewCFBEncrypter(c.block, c.iv)
stream.XORKeyStream(ciphertext[aes.BlockSize:], payload)
err := c.generateIV()
if err != nil {
return nil, err
}
c.hmac.Reset()
c.hmac.Write(ciphertext)
sum := c.hmac.Sum(nil)
return append(ciphertext, sum...), nil
}
// Decrypt decrypts the given payload.
func (c *Crypt) Decrypt(payload []byte) ([]byte, error) {
if len(payload) < aes.BlockSize {
return nil, fmt.Errorf("payloadcrypt: invalid payload")
}
iv := payload[:aes.BlockSize]
payload = payload[aes.BlockSize:]
payloadLength := len(payload) - c.hmac.Size()
if payloadLength <= 0 {
return nil, fmt.Errorf("payloadcrypt: invalid payload")
}
encryptedPayload := payload[:payloadLength]
sum := payload[payloadLength:]
// Check the HMAC
c.hmac.Reset()
c.hmac.Write(append(iv, encryptedPayload...))
if !hmac.Equal(sum, c.hmac.Sum(nil)) {
return nil, fmt.Errorf("payloadcrypt: invalid HMAC")
}
stream := cipher.NewCFBDecrypter(c.block, iv)
stream.XORKeyStream(encryptedPayload, encryptedPayload)
return encryptedPayload, nil
}
func (c *Crypt) generateIV() error {
_, err := io.ReadFull(rand.Reader, c.iv)
if err != nil {
return fmt.Errorf("payloadcrypt: couldn't initialize IV: %v", err)
}
return nil
}
func passphraseToKey(passphrase []byte) []byte {
const oneMegabyte = 1024 * 1024
h := sha256.New()
passphraseLen := len(passphrase)
// Write 1 MB to the hash
repeat, remain := oneMegabyte/passphraseLen, oneMegabyte%passphraseLen
for repeat > 0 {
h.Write(passphrase)
repeat--
}
if remain > 0 {
h.Write(passphrase[:remain])
}
return h.Sum(nil)
}