Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(536)

Delta Between Two Patch Sets: src/pkg/crypto/cipher/example_test.go

Issue 7860047: code review 7860047: crypto/cipher: Added BlockMode for ECB Encryption and D...
Left Patch Set: diff -r 419dcca62a3d https://code.google.com/p/go Created 11 years ago
Right Patch Set: diff -r 6dad366e9f94 https://code.google.com/p/go Created 10 years, 10 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
Right: Side by side diff | Download
« no previous file with change/comment | « src/pkg/crypto/cipher/ecb_aes_test.go ('k') | no next file » | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
(no file at all)
1 // Copyright 2012 The Go Authors. All rights reserved. 1 // Copyright 2013 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style 2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file. 3 // license that can be found in the LICENSE file.
4 4
5 package cipher_test 5 package cipher_test
6 6
7 import ( 7 import (
8 "crypto/aes" 8 "crypto/aes"
9 "crypto/cipher" 9 "crypto/cipher"
10 "crypto/rand" 10 "crypto/rand"
11 "encoding/hex" 11 "encoding/hex"
12 "fmt" 12 "fmt"
13 "io" 13 "io"
14 "os" 14 "os"
15 ) 15 )
16 16
17 func ExampleNewCBCDecrypter() { 17 func ExampleNewECBDecrypter() {
18 » key := []byte("example key 1234") 18 » key := []byte("example key 1234")
19 » ciphertext, _ := hex.DecodeString("f363f3ccdcb12bb883abf484ba77d9cd7d32b 5baecb3d4b1b3e0e4beffdb3ded") 19 » ciphertext, _ := hex.DecodeString("e1cdb90013f76bdf10c3d76b40e5e164")
20 20
21 » block, err := aes.NewCipher(key) 21 » block, err := aes.NewCipher(key)
22 » if err != nil { 22 » if err != nil {
23 » » panic(err) 23 » » panic(err)
24 » } 24 » }
25 25
26 » // The IV needs to be unique, but not secure. Therefore it's common to
27 » // include it at the beginning of the ciphertext.
28 if len(ciphertext) < aes.BlockSize { 26 if len(ciphertext) < aes.BlockSize {
29 panic("ciphertext too short") 27 panic("ciphertext too short")
30 } 28 }
31 » iv := ciphertext[:aes.BlockSize] 29
32 » ciphertext = ciphertext[aes.BlockSize:] 30 » // ECB mode always works in whole blocks.
33
34 » // CBC mode always works in whole blocks.
35 if len(ciphertext)%aes.BlockSize != 0 { 31 if len(ciphertext)%aes.BlockSize != 0 {
36 panic("ciphertext is not a multiple of the block size") 32 panic("ciphertext is not a multiple of the block size")
37 } 33 }
38 34
39 » mode := cipher.NewCBCDecrypter(block, iv) 35 » mode := cipher.NewECBDecrypter(block)
40 36
41 // CryptBlocks can work in-place if the two arguments are the same. 37 // CryptBlocks can work in-place if the two arguments are the same.
42 mode.CryptBlocks(ciphertext, ciphertext) 38 mode.CryptBlocks(ciphertext, ciphertext)
43 39
44 // If the original plaintext lengths are not a multiple of the block 40 // If the original plaintext lengths are not a multiple of the block
45 // size, padding would have to be added when encrypting, which would be 41 // size, padding would have to be added when encrypting, which would be
46 // removed at this point. For an example, see 42 // removed at this point. For an example, see
47 // https://tools.ietf.org/html/rfc5246#section-6.2.3.2. However, it's 43 // https://tools.ietf.org/html/rfc5246#section-6.2.3.2. However, it's
48 // critical to note that ciphertexts must be authenticated (i.e. by 44 // critical to note that ciphertexts must be authenticated (i.e. by
49 // using crypto/hmac) before being decrypted in order to avoid creating 45 // using crypto/hmac) before being decrypted in order to avoid creating
50 // a padding oracle. 46 // a padding oracle.
51 47
52 fmt.Printf("%s\n", ciphertext) 48 fmt.Printf("%s\n", ciphertext)
53 // Output: exampleplaintext 49 // Output: exampleplaintext
54 } 50 }
55 51
52 func ExampleNewECBEncrypter() {
53 key := []byte("example key 1234")
54 plaintext := []byte("exampleplaintext")
55
56 // ECB mode works on blocks so plaintexts may need to be padded to the
57 // next whole block. For an example of such padding, see
58 // https://tools.ietf.org/html/rfc5246#section-6.2.3.2. Here we'll
59 // assume that the plaintext is already of the correct length.
60 if len(plaintext)%aes.BlockSize != 0 {
61 panic("plaintext is not a multiple of the block size")
62 }
63
64 block, err := aes.NewCipher(key)
65 if err != nil {
66 panic(err)
67 }
68
69 ciphertext := make([]byte, len(plaintext))
70 mode := cipher.NewECBEncrypter(block)
71 mode.CryptBlocks(ciphertext, plaintext)
72
73 // It's important to remember that ciphertexts must be authenticated
74 // (i.e. by using crypto/hmac) as well as being encrypted in order to
75 // be secure.
76
77 fmt.Printf("%x\n", ciphertext)
78 }
79
80 func ExampleNewCBCDecrypter() {
81 key := []byte("example key 1234")
82 ciphertext, _ := hex.DecodeString("f363f3ccdcb12bb883abf484ba77d9cd7d32b 5baecb3d4b1b3e0e4beffdb3ded")
83
84 block, err := aes.NewCipher(key)
85 if err != nil {
86 panic(err)
87 }
88
89 // The IV needs to be unique, but not secure. Therefore it's common to
90 // include it at the beginning of the ciphertext.
91 if len(ciphertext) < aes.BlockSize {
92 panic("ciphertext too short")
93 }
94 iv := ciphertext[:aes.BlockSize]
95 ciphertext = ciphertext[aes.BlockSize:]
96
97 // CBC mode always works in whole blocks.
98 if len(ciphertext)%aes.BlockSize != 0 {
99 panic("ciphertext is not a multiple of the block size")
100 }
101
102 mode := cipher.NewCBCDecrypter(block, iv)
103
104 // CryptBlocks can work in-place if the two arguments are the same.
105 mode.CryptBlocks(ciphertext, ciphertext)
106
107 // If the original plaintext lengths are not a multiple of the block
108 // size, padding would have to be added when encrypting, which would be
109 // removed at this point. For an example, see
110 // https://tools.ietf.org/html/rfc5246#section-6.2.3.2. However, it's
111 // critical to note that ciphertexts must be authenticated (i.e. by
112 // using crypto/hmac) before being decrypted in order to avoid creating
113 // a padding oracle.
114
115 fmt.Printf("%s\n", ciphertext)
116 // Output: exampleplaintext
117 }
118
56 func ExampleNewCBCEncrypter() { 119 func ExampleNewCBCEncrypter() {
57 key := []byte("example key 1234") 120 key := []byte("example key 1234")
58 plaintext := []byte("exampleplaintext") 121 plaintext := []byte("exampleplaintext")
59 122
60 // CBC mode works on blocks so plaintexts may need to be padded to the 123 // CBC mode works on blocks so plaintexts may need to be padded to the
61 // next whole block. For an example of such padding, see 124 // next whole block. For an example of such padding, see
62 // https://tools.ietf.org/html/rfc5246#section-6.2.3.2. Here we'll 125 // https://tools.ietf.org/html/rfc5246#section-6.2.3.2. Here we'll
63 // assume that the plaintext is already of the correct length. 126 // assume that the plaintext is already of the correct length.
64 if len(plaintext)%aes.BlockSize != 0 { 127 if len(plaintext)%aes.BlockSize != 0 {
65 panic("plaintext is not a multiple of the block size") 128 panic("plaintext is not a multiple of the block size")
(...skipping 208 matching lines...) Expand 10 before | Expand all | Expand 10 after
274 // Copy the input file to the output file, encrypting as we go. 337 // Copy the input file to the output file, encrypting as we go.
275 if _, err := io.Copy(writer, inFile); err != nil { 338 if _, err := io.Copy(writer, inFile); err != nil {
276 panic(err) 339 panic(err)
277 } 340 }
278 341
279 // Note that this example is simplistic in that it omits any 342 // Note that this example is simplistic in that it omits any
280 // authentication of the encrypted data. It you were actually to use 343 // authentication of the encrypted data. It you were actually to use
281 // StreamReader in this manner, an attacker could flip arbitrary bits in 344 // StreamReader in this manner, an attacker could flip arbitrary bits in
282 // the decrypted result. 345 // the decrypted result.
283 } 346 }
LEFTRIGHT

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b