go-sample-webpage/vendor/github.com/lestrrat-go/jwx/jwe/internal/cipher/cipher.go
2021-11-04 02:14:51 +01:00

166 lines
3.6 KiB
Go

package cipher
import (
"crypto/aes"
"crypto/cipher"
"fmt"
"github.com/lestrrat-go/jwx/jwa"
"github.com/lestrrat-go/jwx/jwe/internal/aescbc"
"github.com/lestrrat-go/jwx/jwe/internal/keygen"
"github.com/pkg/errors"
)
var gcm = &gcmFetcher{}
var cbc = &cbcFetcher{}
func (f gcmFetcher) Fetch(key []byte) (cipher.AEAD, error) {
aescipher, err := aes.NewCipher(key)
if err != nil {
return nil, errors.Wrap(err, "cipher: failed to create AES cipher for GCM")
}
aead, err := cipher.NewGCM(aescipher)
if err != nil {
return nil, errors.Wrap(err, `failed to create GCM for cipher`)
}
return aead, nil
}
func (f cbcFetcher) Fetch(key []byte) (cipher.AEAD, error) {
aead, err := aescbc.New(key, aes.NewCipher)
if err != nil {
return nil, errors.Wrap(err, "cipher: failed to create AES cipher for CBC")
}
return aead, nil
}
func (c AesContentCipher) KeySize() int {
return c.keysize
}
func (c AesContentCipher) TagSize() int {
return c.tagsize
}
func NewAES(alg jwa.ContentEncryptionAlgorithm) (*AesContentCipher, error) {
var keysize int
var tagsize int
var fetcher Fetcher
switch alg {
case jwa.A128GCM:
keysize = 16
tagsize = 16
fetcher = gcm
case jwa.A192GCM:
keysize = 24
tagsize = 16
fetcher = gcm
case jwa.A256GCM:
keysize = 32
tagsize = 16
fetcher = gcm
case jwa.A128CBC_HS256:
tagsize = 16
keysize = tagsize * 2
fetcher = cbc
case jwa.A192CBC_HS384:
tagsize = 24
keysize = tagsize * 2
fetcher = cbc
case jwa.A256CBC_HS512:
tagsize = 32
keysize = tagsize * 2
fetcher = cbc
default:
return nil, errors.Errorf("failed to create AES content cipher: invalid algorithm (%s)", alg)
}
return &AesContentCipher{
keysize: keysize,
tagsize: tagsize,
fetch: fetcher,
}, nil
}
func (c AesContentCipher) Encrypt(cek, plaintext, aad []byte) (iv, ciphertext, tag []byte, err error) {
var aead cipher.AEAD
aead, err = c.fetch.Fetch(cek)
if err != nil {
return nil, nil, nil, errors.Wrap(err, "failed to fetch AEAD")
}
// Seal may panic (argh!), so protect ourselves from that
defer func() {
if e := recover(); e != nil {
switch e := e.(type) {
case error:
err = e
case string:
err = errors.New(e)
default:
err = fmt.Errorf("%s", e)
}
err = errors.Wrap(err, "failed to encrypt")
}
}()
var bs keygen.ByteSource
if c.NonceGenerator == nil {
bs, err = keygen.NewRandom(aead.NonceSize()).Generate()
} else {
bs, err = c.NonceGenerator.Generate()
}
if err != nil {
return nil, nil, nil, errors.Wrap(err, "failed to generate nonce")
}
iv = bs.Bytes()
combined := aead.Seal(nil, iv, plaintext, aad)
tagoffset := len(combined) - c.TagSize()
if tagoffset < 0 {
panic(fmt.Sprintf("tag offset is less than 0 (combined len = %d, tagsize = %d)", len(combined), c.TagSize()))
}
tag = combined[tagoffset:]
ciphertext = make([]byte, tagoffset)
copy(ciphertext, combined[:tagoffset])
return
}
func (c AesContentCipher) Decrypt(cek, iv, ciphertxt, tag, aad []byte) (plaintext []byte, err error) {
aead, err := c.fetch.Fetch(cek)
if err != nil {
return nil, errors.Wrap(err, "failed to fetch AEAD data")
}
// Open may panic (argh!), so protect ourselves from that
defer func() {
if e := recover(); e != nil {
switch e := e.(type) {
case error:
err = e
case string:
err = errors.New(e)
default:
err = fmt.Errorf("%s", e)
}
err = errors.Wrap(err, "failed to decrypt")
return
}
}()
combined := make([]byte, len(ciphertxt)+len(tag))
copy(combined, ciphertxt)
copy(combined[len(ciphertxt):], tag)
buf, aeaderr := aead.Open(nil, iv, combined, aad)
if aeaderr != nil {
err = errors.Wrap(aeaderr, `aead.Open failed`)
return
}
plaintext = buf
return
}