1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
package inform
import (
"bytes"
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"encoding/binary"
"encoding/hex"
"errors"
)
func Pad(src []byte, blockSize int) []byte {
padLen := blockSize - (len(src) % blockSize)
padText := bytes.Repeat([]byte{byte(padLen)}, padLen)
return append(src, padText...)
}
func Unpad(src []byte, blockSize int) ([]byte, error) {
srcLen := len(src)
paddingLen := int(src[srcLen-1])
if paddingLen >= srcLen || paddingLen > blockSize {
return nil, errors.New("Padding size error")
}
return src[:srcLen-paddingLen], nil
}
func decodeHexKey(key string) (cipher.Block, error) {
decodedKey, err := hex.DecodeString(key)
if err != nil {
return nil, err
}
block, err := aes.NewCipher(decodedKey)
if err != nil {
return nil, err
}
return block, nil
}
func makeAESIV() ([]byte, error) {
iv := make([]byte, 16)
if _, err := rand.Read(iv); err != nil {
return nil, err
}
return iv, nil
}
// Returns ciphertext and IV, does not modify payload
func Encrypt(payload []byte, key string) ([]byte, []byte, error) {
ct := make([]byte, len(payload))
copy(ct, payload)
ct = Pad(ct, aes.BlockSize)
iv, err := makeAESIV()
if err != nil {
return nil, nil, err
}
block, err := decodeHexKey(key)
if err != nil {
return nil, nil, err
}
mode := cipher.NewCBCEncrypter(block, iv)
mode.CryptBlocks(ct, ct)
return ct, iv, nil
}
func Decrypt(payload, iv []byte, key string, w *InformWrapper) ([]byte, error) {
if !w.IsEncrypted() {
return nil, errors.New("payload is not encrypted")
}
if w.IsGCMEncrypted() {
return decryptGCM(payload, iv, key, w)
} else {
return decryptCBC(payload, iv, key)
}
return nil, nil
}
func buildAuthData(w *InformWrapper, iv []byte) []byte {
ad := &bytes.Buffer{}
binary.Write(ad, binary.BigEndian, int32(PROTOCOL_MAGIC))
binary.Write(ad, binary.BigEndian, int32(w.Version))
ad.Write(w.MacAddr)
binary.Write(ad, binary.BigEndian, int16(w.Flags))
ad.Write(iv)
binary.Write(ad, binary.BigEndian, int32(w.DataVersion))
binary.Write(ad, binary.BigEndian, int32(w.DataLength))
return ad.Bytes()
}
func decryptGCM(payload, iv []byte, key string, w *InformWrapper) ([]byte, error) {
block, err := decodeHexKey(key)
if err != nil {
return nil, err
}
mode, err := cipher.NewGCMWithNonceSize(block, 16)
if err != nil {
return nil, err
}
_, err = mode.Open(payload[:0], iv, payload, buildAuthData(w, iv))
if err != nil {
return nil, err
}
// The last block always seems to be garbage, maybe it's padding or
// something else. I have not looked carefully at it.
return payload[:len(payload)-aes.BlockSize], nil
}
func decryptCBC(payload, iv []byte, key string) ([]byte, error) {
b := make([]byte, len(payload))
block, err := decodeHexKey(key)
if err != nil {
return nil, err
}
mode := cipher.NewCBCDecrypter(block, iv)
mode.CryptBlocks(b, payload)
u, err := Unpad(b, aes.BlockSize)
if err != nil {
return nil, err
}
return u, nil
}
|
