LEFT | RIGHT |
(no file at all) | |
1 // Copyright 2012 The Go Authors. All rights reserved. | 1 // Copyright 2013 The Go Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style | 2 // Use of this source code is governed by a BSD-style |
3 // license that can be found in the LICENSE file. | 3 // license that can be found in the LICENSE file. |
4 | 4 |
5 package cipher_test | 5 package cipher_test |
6 | 6 |
7 import ( | 7 import ( |
8 "crypto/aes" | 8 "crypto/aes" |
9 "crypto/cipher" | 9 "crypto/cipher" |
10 "crypto/rand" | 10 "crypto/rand" |
11 "encoding/hex" | 11 "encoding/hex" |
12 "fmt" | 12 "fmt" |
13 "io" | 13 "io" |
14 "os" | 14 "os" |
15 ) | 15 ) |
16 | 16 |
17 func ExampleNewCBCDecrypter() { | 17 func ExampleNewECBDecrypter() { |
18 » key := []byte("example key 1234") | 18 » key := []byte("example key 1234") |
19 » ciphertext, _ := hex.DecodeString("f363f3ccdcb12bb883abf484ba77d9cd7d32b
5baecb3d4b1b3e0e4beffdb3ded") | 19 » ciphertext, _ := hex.DecodeString("e1cdb90013f76bdf10c3d76b40e5e164") |
20 | 20 |
21 » block, err := aes.NewCipher(key) | 21 » block, err := aes.NewCipher(key) |
22 » if err != nil { | 22 » if err != nil { |
23 » » panic(err) | 23 » » panic(err) |
24 » } | 24 » } |
25 | 25 |
26 » // The IV needs to be unique, but not secure. Therefore it's common to | |
27 » // include it at the beginning of the ciphertext. | |
28 if len(ciphertext) < aes.BlockSize { | 26 if len(ciphertext) < aes.BlockSize { |
29 panic("ciphertext too short") | 27 panic("ciphertext too short") |
30 } | 28 } |
31 » iv := ciphertext[:aes.BlockSize] | 29 |
32 » ciphertext = ciphertext[aes.BlockSize:] | 30 » // ECB mode always works in whole blocks. |
33 | |
34 » // CBC mode always works in whole blocks. | |
35 if len(ciphertext)%aes.BlockSize != 0 { | 31 if len(ciphertext)%aes.BlockSize != 0 { |
36 panic("ciphertext is not a multiple of the block size") | 32 panic("ciphertext is not a multiple of the block size") |
37 } | 33 } |
38 | 34 |
39 » mode := cipher.NewCBCDecrypter(block, iv) | 35 » mode := cipher.NewECBDecrypter(block) |
40 | 36 |
41 // CryptBlocks can work in-place if the two arguments are the same. | 37 // CryptBlocks can work in-place if the two arguments are the same. |
42 mode.CryptBlocks(ciphertext, ciphertext) | 38 mode.CryptBlocks(ciphertext, ciphertext) |
43 | 39 |
44 // If the original plaintext lengths are not a multiple of the block | 40 // If the original plaintext lengths are not a multiple of the block |
45 // size, padding would have to be added when encrypting, which would be | 41 // size, padding would have to be added when encrypting, which would be |
46 // removed at this point. For an example, see | 42 // removed at this point. For an example, see |
47 // https://tools.ietf.org/html/rfc5246#section-6.2.3.2. However, it's | 43 // https://tools.ietf.org/html/rfc5246#section-6.2.3.2. However, it's |
48 // critical to note that ciphertexts must be authenticated (i.e. by | 44 // critical to note that ciphertexts must be authenticated (i.e. by |
49 // using crypto/hmac) before being decrypted in order to avoid creating | 45 // using crypto/hmac) before being decrypted in order to avoid creating |
50 // a padding oracle. | 46 // a padding oracle. |
51 | 47 |
52 fmt.Printf("%s\n", ciphertext) | 48 fmt.Printf("%s\n", ciphertext) |
53 // Output: exampleplaintext | 49 // Output: exampleplaintext |
54 } | 50 } |
55 | 51 |
| 52 func ExampleNewECBEncrypter() { |
| 53 key := []byte("example key 1234") |
| 54 plaintext := []byte("exampleplaintext") |
| 55 |
| 56 // ECB mode works on blocks so plaintexts may need to be padded to the |
| 57 // next whole block. For an example of such padding, see |
| 58 // https://tools.ietf.org/html/rfc5246#section-6.2.3.2. Here we'll |
| 59 // assume that the plaintext is already of the correct length. |
| 60 if len(plaintext)%aes.BlockSize != 0 { |
| 61 panic("plaintext is not a multiple of the block size") |
| 62 } |
| 63 |
| 64 block, err := aes.NewCipher(key) |
| 65 if err != nil { |
| 66 panic(err) |
| 67 } |
| 68 |
| 69 ciphertext := make([]byte, len(plaintext)) |
| 70 mode := cipher.NewECBEncrypter(block) |
| 71 mode.CryptBlocks(ciphertext, plaintext) |
| 72 |
| 73 // It's important to remember that ciphertexts must be authenticated |
| 74 // (i.e. by using crypto/hmac) as well as being encrypted in order to |
| 75 // be secure. |
| 76 |
| 77 fmt.Printf("%x\n", ciphertext) |
| 78 } |
| 79 |
| 80 func ExampleNewCBCDecrypter() { |
| 81 key := []byte("example key 1234") |
| 82 ciphertext, _ := hex.DecodeString("f363f3ccdcb12bb883abf484ba77d9cd7d32b
5baecb3d4b1b3e0e4beffdb3ded") |
| 83 |
| 84 block, err := aes.NewCipher(key) |
| 85 if err != nil { |
| 86 panic(err) |
| 87 } |
| 88 |
| 89 // The IV needs to be unique, but not secure. Therefore it's common to |
| 90 // include it at the beginning of the ciphertext. |
| 91 if len(ciphertext) < aes.BlockSize { |
| 92 panic("ciphertext too short") |
| 93 } |
| 94 iv := ciphertext[:aes.BlockSize] |
| 95 ciphertext = ciphertext[aes.BlockSize:] |
| 96 |
| 97 // CBC mode always works in whole blocks. |
| 98 if len(ciphertext)%aes.BlockSize != 0 { |
| 99 panic("ciphertext is not a multiple of the block size") |
| 100 } |
| 101 |
| 102 mode := cipher.NewCBCDecrypter(block, iv) |
| 103 |
| 104 // CryptBlocks can work in-place if the two arguments are the same. |
| 105 mode.CryptBlocks(ciphertext, ciphertext) |
| 106 |
| 107 // If the original plaintext lengths are not a multiple of the block |
| 108 // size, padding would have to be added when encrypting, which would be |
| 109 // removed at this point. For an example, see |
| 110 // https://tools.ietf.org/html/rfc5246#section-6.2.3.2. However, it's |
| 111 // critical to note that ciphertexts must be authenticated (i.e. by |
| 112 // using crypto/hmac) before being decrypted in order to avoid creating |
| 113 // a padding oracle. |
| 114 |
| 115 fmt.Printf("%s\n", ciphertext) |
| 116 // Output: exampleplaintext |
| 117 } |
| 118 |
56 func ExampleNewCBCEncrypter() { | 119 func ExampleNewCBCEncrypter() { |
57 key := []byte("example key 1234") | 120 key := []byte("example key 1234") |
58 plaintext := []byte("exampleplaintext") | 121 plaintext := []byte("exampleplaintext") |
59 | 122 |
60 // CBC mode works on blocks so plaintexts may need to be padded to the | 123 // CBC mode works on blocks so plaintexts may need to be padded to the |
61 // next whole block. For an example of such padding, see | 124 // next whole block. For an example of such padding, see |
62 // https://tools.ietf.org/html/rfc5246#section-6.2.3.2. Here we'll | 125 // https://tools.ietf.org/html/rfc5246#section-6.2.3.2. Here we'll |
63 // assume that the plaintext is already of the correct length. | 126 // assume that the plaintext is already of the correct length. |
64 if len(plaintext)%aes.BlockSize != 0 { | 127 if len(plaintext)%aes.BlockSize != 0 { |
65 panic("plaintext is not a multiple of the block size") | 128 panic("plaintext is not a multiple of the block size") |
(...skipping 208 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
274 // Copy the input file to the output file, encrypting as we go. | 337 // Copy the input file to the output file, encrypting as we go. |
275 if _, err := io.Copy(writer, inFile); err != nil { | 338 if _, err := io.Copy(writer, inFile); err != nil { |
276 panic(err) | 339 panic(err) |
277 } | 340 } |
278 | 341 |
279 // Note that this example is simplistic in that it omits any | 342 // Note that this example is simplistic in that it omits any |
280 // authentication of the encrypted data. It you were actually to use | 343 // authentication of the encrypted data. It you were actually to use |
281 // StreamReader in this manner, an attacker could flip arbitrary bits in | 344 // StreamReader in this manner, an attacker could flip arbitrary bits in |
282 // the decrypted result. | 345 // the decrypted result. |
283 } | 346 } |
LEFT | RIGHT |