6 Star 47 Fork 28

Hyperledger/fabric

加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
克隆/下载
aes.go 5.80 KB
一键复制 编辑 原始数据 按行查看 历史
/*
Copyright IBM Corp. 2016 All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package sw
import (
"bytes"
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"errors"
"fmt"
"io"
"github.com/hyperledger/fabric/bccsp"
)
// GetRandomBytes returns len random looking bytes
func GetRandomBytes(len int) ([]byte, error) {
if len < 0 {
return nil, errors.New("Len must be larger than 0")
}
buffer := make([]byte, len)
n, err := rand.Read(buffer)
if err != nil {
return nil, err
}
if n != len {
return nil, fmt.Errorf("Buffer not filled. Requested [%d], got [%d]", len, n)
}
return buffer, nil
}
func pkcs7Padding(src []byte) []byte {
padding := aes.BlockSize - len(src)%aes.BlockSize
padtext := bytes.Repeat([]byte{byte(padding)}, padding)
return append(src, padtext...)
}
func pkcs7UnPadding(src []byte) ([]byte, error) {
length := len(src)
unpadding := int(src[length-1])
if unpadding > aes.BlockSize || unpadding == 0 {
return nil, errors.New("Invalid pkcs7 padding (unpadding > aes.BlockSize || unpadding == 0)")
}
pad := src[len(src)-unpadding:]
for i := 0; i < unpadding; i++ {
if pad[i] != byte(unpadding) {
return nil, errors.New("Invalid pkcs7 padding (pad[i] != unpadding)")
}
}
return src[:(length - unpadding)], nil
}
func aesCBCEncrypt(key, s []byte) ([]byte, error) {
return aesCBCEncryptWithRand(rand.Reader, key, s)
}
func aesCBCEncryptWithRand(prng io.Reader, key, s []byte) ([]byte, error) {
if len(s)%aes.BlockSize != 0 {
return nil, errors.New("Invalid plaintext. It must be a multiple of the block size")
}
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
ciphertext := make([]byte, aes.BlockSize+len(s))
iv := ciphertext[:aes.BlockSize]
if _, err := io.ReadFull(prng, iv); err != nil {
return nil, err
}
mode := cipher.NewCBCEncrypter(block, iv)
mode.CryptBlocks(ciphertext[aes.BlockSize:], s)
return ciphertext, nil
}
func aesCBCEncryptWithIV(IV []byte, key, s []byte) ([]byte, error) {
if len(s)%aes.BlockSize != 0 {
return nil, errors.New("Invalid plaintext. It must be a multiple of the block size")
}
if len(IV) != aes.BlockSize {
return nil, errors.New("Invalid IV. It must have length the block size")
}
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
ciphertext := make([]byte, aes.BlockSize+len(s))
copy(ciphertext[:aes.BlockSize], IV)
mode := cipher.NewCBCEncrypter(block, IV)
mode.CryptBlocks(ciphertext[aes.BlockSize:], s)
return ciphertext, nil
}
func aesCBCDecrypt(key, src []byte) ([]byte, error) {
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
if len(src) < aes.BlockSize {
return nil, errors.New("Invalid ciphertext. It must be a multiple of the block size")
}
iv := src[:aes.BlockSize]
src = src[aes.BlockSize:]
if len(src)%aes.BlockSize != 0 {
return nil, errors.New("Invalid ciphertext. It must be a multiple of the block size")
}
mode := cipher.NewCBCDecrypter(block, iv)
mode.CryptBlocks(src, src)
return src, nil
}
// AESCBCPKCS7Encrypt combines CBC encryption and PKCS7 padding
func AESCBCPKCS7Encrypt(key, src []byte) ([]byte, error) {
// First pad
tmp := pkcs7Padding(src)
// Then encrypt
return aesCBCEncrypt(key, tmp)
}
// AESCBCPKCS7Encrypt combines CBC encryption and PKCS7 padding using as prng the passed to the function
func AESCBCPKCS7EncryptWithRand(prng io.Reader, key, src []byte) ([]byte, error) {
// First pad
tmp := pkcs7Padding(src)
// Then encrypt
return aesCBCEncryptWithRand(prng, key, tmp)
}
// AESCBCPKCS7Encrypt combines CBC encryption and PKCS7 padding, the IV used is the one passed to the function
func AESCBCPKCS7EncryptWithIV(IV []byte, key, src []byte) ([]byte, error) {
// First pad
tmp := pkcs7Padding(src)
// Then encrypt
return aesCBCEncryptWithIV(IV, key, tmp)
}
// AESCBCPKCS7Decrypt combines CBC decryption and PKCS7 unpadding
func AESCBCPKCS7Decrypt(key, src []byte) ([]byte, error) {
// First decrypt
pt, err := aesCBCDecrypt(key, src)
if err == nil {
return pkcs7UnPadding(pt)
}
return nil, err
}
type aescbcpkcs7Encryptor struct{}
func (e *aescbcpkcs7Encryptor) Encrypt(k bccsp.Key, plaintext []byte, opts bccsp.EncrypterOpts) ([]byte, error) {
switch o := opts.(type) {
case *bccsp.AESCBCPKCS7ModeOpts:
// AES in CBC mode with PKCS7 padding
if len(o.IV) != 0 && o.PRNG != nil {
return nil, errors.New("Invalid options. Either IV or PRNG should be different from nil, or both nil.")
}
if len(o.IV) != 0 {
// Encrypt with the passed IV
return AESCBCPKCS7EncryptWithIV(o.IV, k.(*aesPrivateKey).privKey, plaintext)
} else if o.PRNG != nil {
// Encrypt with PRNG
return AESCBCPKCS7EncryptWithRand(o.PRNG, k.(*aesPrivateKey).privKey, plaintext)
}
// AES in CBC mode with PKCS7 padding
return AESCBCPKCS7Encrypt(k.(*aesPrivateKey).privKey, plaintext)
case bccsp.AESCBCPKCS7ModeOpts:
return e.Encrypt(k, plaintext, &o)
default:
return nil, fmt.Errorf("Mode not recognized [%s]", opts)
}
}
type aescbcpkcs7Decryptor struct{}
func (*aescbcpkcs7Decryptor) Decrypt(k bccsp.Key, ciphertext []byte, opts bccsp.DecrypterOpts) ([]byte, error) {
// check for mode
switch opts.(type) {
case *bccsp.AESCBCPKCS7ModeOpts, bccsp.AESCBCPKCS7ModeOpts:
// AES in CBC mode with PKCS7 padding
return AESCBCPKCS7Decrypt(k.(*aesPrivateKey).privKey, ciphertext)
default:
return nil, fmt.Errorf("Mode not recognized [%s]", opts)
}
}
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/hyperledger/fabric.git
git@gitee.com:hyperledger/fabric.git
hyperledger
fabric
fabric
v1.4.9

搜索帮助

0d507c66 1850385 C8b1a773 1850385