...

Source file src/crypto/cipher/example_test.go

Documentation: crypto/cipher

		 1  // Copyright 2012 The Go Authors. All rights reserved.
		 2  // Use of this source code is governed by a BSD-style
		 3  // license that can be found in the LICENSE file.
		 4  
		 5  package cipher_test
		 6  
		 7  import (
		 8  	"bytes"
		 9  	"crypto/aes"
		10  	"crypto/cipher"
		11  	"crypto/rand"
		12  	"encoding/hex"
		13  	"fmt"
		14  	"io"
		15  	"os"
		16  )
		17  
		18  func ExampleNewGCM_encrypt() {
		19  	// Load your secret key from a safe place and reuse it across multiple
		20  	// Seal/Open calls. (Obviously don't use this example key for anything
		21  	// real.) If you want to convert a passphrase to a key, use a suitable
		22  	// package like bcrypt or scrypt.
		23  	// When decoded the key should be 16 bytes (AES-128) or 32 (AES-256).
		24  	key, _ := hex.DecodeString("6368616e676520746869732070617373776f726420746f206120736563726574")
		25  	plaintext := []byte("exampleplaintext")
		26  
		27  	block, err := aes.NewCipher(key)
		28  	if err != nil {
		29  		panic(err.Error())
		30  	}
		31  
		32  	// Never use more than 2^32 random nonces with a given key because of the risk of a repeat.
		33  	nonce := make([]byte, 12)
		34  	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
		35  		panic(err.Error())
		36  	}
		37  
		38  	aesgcm, err := cipher.NewGCM(block)
		39  	if err != nil {
		40  		panic(err.Error())
		41  	}
		42  
		43  	ciphertext := aesgcm.Seal(nil, nonce, plaintext, nil)
		44  	fmt.Printf("%x\n", ciphertext)
		45  }
		46  
		47  func ExampleNewGCM_decrypt() {
		48  	// Load your secret key from a safe place and reuse it across multiple
		49  	// Seal/Open calls. (Obviously don't use this example key for anything
		50  	// real.) If you want to convert a passphrase to a key, use a suitable
		51  	// package like bcrypt or scrypt.
		52  	// When decoded the key should be 16 bytes (AES-128) or 32 (AES-256).
		53  	key, _ := hex.DecodeString("6368616e676520746869732070617373776f726420746f206120736563726574")
		54  	ciphertext, _ := hex.DecodeString("c3aaa29f002ca75870806e44086700f62ce4d43e902b3888e23ceff797a7a471")
		55  	nonce, _ := hex.DecodeString("64a9433eae7ccceee2fc0eda")
		56  
		57  	block, err := aes.NewCipher(key)
		58  	if err != nil {
		59  		panic(err.Error())
		60  	}
		61  
		62  	aesgcm, err := cipher.NewGCM(block)
		63  	if err != nil {
		64  		panic(err.Error())
		65  	}
		66  
		67  	plaintext, err := aesgcm.Open(nil, nonce, ciphertext, nil)
		68  	if err != nil {
		69  		panic(err.Error())
		70  	}
		71  
		72  	fmt.Printf("%s\n", plaintext)
		73  	// Output: exampleplaintext
		74  }
		75  
		76  func ExampleNewCBCDecrypter() {
		77  	// Load your secret key from a safe place and reuse it across multiple
		78  	// NewCipher calls. (Obviously don't use this example key for anything
		79  	// real.) If you want to convert a passphrase to a key, use a suitable
		80  	// package like bcrypt or scrypt.
		81  	key, _ := hex.DecodeString("6368616e676520746869732070617373")
		82  	ciphertext, _ := hex.DecodeString("73c86d43a9d700a253a96c85b0f6b03ac9792e0e757f869cca306bd3cba1c62b")
		83  
		84  	block, err := aes.NewCipher(key)
		85  	if err != nil {
		86  		panic(err)
		87  	}
		88  
		89  	// The IV needs to be unique, but not secure. Therefore it's common to
		90  	// include it at the beginning of the ciphertext.
		91  	if len(ciphertext) < aes.BlockSize {
		92  		panic("ciphertext too short")
		93  	}
		94  	iv := ciphertext[:aes.BlockSize]
		95  	ciphertext = ciphertext[aes.BlockSize:]
		96  
		97  	// CBC mode always works in whole blocks.
		98  	if len(ciphertext)%aes.BlockSize != 0 {
		99  		panic("ciphertext is not a multiple of the block size")
	 100  	}
	 101  
	 102  	mode := cipher.NewCBCDecrypter(block, iv)
	 103  
	 104  	// CryptBlocks can work in-place if the two arguments are the same.
	 105  	mode.CryptBlocks(ciphertext, ciphertext)
	 106  
	 107  	// If the original plaintext lengths are not a multiple of the block
	 108  	// size, padding would have to be added when encrypting, which would be
	 109  	// removed at this point. For an example, see
	 110  	// https://tools.ietf.org/html/rfc5246#section-6.2.3.2. However, it's
	 111  	// critical to note that ciphertexts must be authenticated (i.e. by
	 112  	// using crypto/hmac) before being decrypted in order to avoid creating
	 113  	// a padding oracle.
	 114  
	 115  	fmt.Printf("%s\n", ciphertext)
	 116  	// Output: exampleplaintext
	 117  }
	 118  
	 119  func ExampleNewCBCEncrypter() {
	 120  	// Load your secret key from a safe place and reuse it across multiple
	 121  	// NewCipher calls. (Obviously don't use this example key for anything
	 122  	// real.) If you want to convert a passphrase to a key, use a suitable
	 123  	// package like bcrypt or scrypt.
	 124  	key, _ := hex.DecodeString("6368616e676520746869732070617373")
	 125  	plaintext := []byte("exampleplaintext")
	 126  
	 127  	// CBC mode works on blocks so plaintexts may need to be padded to the
	 128  	// next whole block. For an example of such padding, see
	 129  	// https://tools.ietf.org/html/rfc5246#section-6.2.3.2. Here we'll
	 130  	// assume that the plaintext is already of the correct length.
	 131  	if len(plaintext)%aes.BlockSize != 0 {
	 132  		panic("plaintext is not a multiple of the block size")
	 133  	}
	 134  
	 135  	block, err := aes.NewCipher(key)
	 136  	if err != nil {
	 137  		panic(err)
	 138  	}
	 139  
	 140  	// The IV needs to be unique, but not secure. Therefore it's common to
	 141  	// include it at the beginning of the ciphertext.
	 142  	ciphertext := make([]byte, aes.BlockSize+len(plaintext))
	 143  	iv := ciphertext[:aes.BlockSize]
	 144  	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
	 145  		panic(err)
	 146  	}
	 147  
	 148  	mode := cipher.NewCBCEncrypter(block, iv)
	 149  	mode.CryptBlocks(ciphertext[aes.BlockSize:], plaintext)
	 150  
	 151  	// It's important to remember that ciphertexts must be authenticated
	 152  	// (i.e. by using crypto/hmac) as well as being encrypted in order to
	 153  	// be secure.
	 154  
	 155  	fmt.Printf("%x\n", ciphertext)
	 156  }
	 157  
	 158  func ExampleNewCFBDecrypter() {
	 159  	// Load your secret key from a safe place and reuse it across multiple
	 160  	// NewCipher calls. (Obviously don't use this example key for anything
	 161  	// real.) If you want to convert a passphrase to a key, use a suitable
	 162  	// package like bcrypt or scrypt.
	 163  	key, _ := hex.DecodeString("6368616e676520746869732070617373")
	 164  	ciphertext, _ := hex.DecodeString("7dd015f06bec7f1b8f6559dad89f4131da62261786845100056b353194ad")
	 165  
	 166  	block, err := aes.NewCipher(key)
	 167  	if err != nil {
	 168  		panic(err)
	 169  	}
	 170  
	 171  	// The IV needs to be unique, but not secure. Therefore it's common to
	 172  	// include it at the beginning of the ciphertext.
	 173  	if len(ciphertext) < aes.BlockSize {
	 174  		panic("ciphertext too short")
	 175  	}
	 176  	iv := ciphertext[:aes.BlockSize]
	 177  	ciphertext = ciphertext[aes.BlockSize:]
	 178  
	 179  	stream := cipher.NewCFBDecrypter(block, iv)
	 180  
	 181  	// XORKeyStream can work in-place if the two arguments are the same.
	 182  	stream.XORKeyStream(ciphertext, ciphertext)
	 183  	fmt.Printf("%s", ciphertext)
	 184  	// Output: some plaintext
	 185  }
	 186  
	 187  func ExampleNewCFBEncrypter() {
	 188  	// Load your secret key from a safe place and reuse it across multiple
	 189  	// NewCipher calls. (Obviously don't use this example key for anything
	 190  	// real.) If you want to convert a passphrase to a key, use a suitable
	 191  	// package like bcrypt or scrypt.
	 192  	key, _ := hex.DecodeString("6368616e676520746869732070617373")
	 193  	plaintext := []byte("some plaintext")
	 194  
	 195  	block, err := aes.NewCipher(key)
	 196  	if err != nil {
	 197  		panic(err)
	 198  	}
	 199  
	 200  	// The IV needs to be unique, but not secure. Therefore it's common to
	 201  	// include it at the beginning of the ciphertext.
	 202  	ciphertext := make([]byte, aes.BlockSize+len(plaintext))
	 203  	iv := ciphertext[:aes.BlockSize]
	 204  	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
	 205  		panic(err)
	 206  	}
	 207  
	 208  	stream := cipher.NewCFBEncrypter(block, iv)
	 209  	stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)
	 210  
	 211  	// It's important to remember that ciphertexts must be authenticated
	 212  	// (i.e. by using crypto/hmac) as well as being encrypted in order to
	 213  	// be secure.
	 214  	fmt.Printf("%x\n", ciphertext)
	 215  }
	 216  
	 217  func ExampleNewCTR() {
	 218  	// Load your secret key from a safe place and reuse it across multiple
	 219  	// NewCipher calls. (Obviously don't use this example key for anything
	 220  	// real.) If you want to convert a passphrase to a key, use a suitable
	 221  	// package like bcrypt or scrypt.
	 222  	key, _ := hex.DecodeString("6368616e676520746869732070617373")
	 223  	plaintext := []byte("some plaintext")
	 224  
	 225  	block, err := aes.NewCipher(key)
	 226  	if err != nil {
	 227  		panic(err)
	 228  	}
	 229  
	 230  	// The IV needs to be unique, but not secure. Therefore it's common to
	 231  	// include it at the beginning of the ciphertext.
	 232  	ciphertext := make([]byte, aes.BlockSize+len(plaintext))
	 233  	iv := ciphertext[:aes.BlockSize]
	 234  	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
	 235  		panic(err)
	 236  	}
	 237  
	 238  	stream := cipher.NewCTR(block, iv)
	 239  	stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)
	 240  
	 241  	// It's important to remember that ciphertexts must be authenticated
	 242  	// (i.e. by using crypto/hmac) as well as being encrypted in order to
	 243  	// be secure.
	 244  
	 245  	// CTR mode is the same for both encryption and decryption, so we can
	 246  	// also decrypt that ciphertext with NewCTR.
	 247  
	 248  	plaintext2 := make([]byte, len(plaintext))
	 249  	stream = cipher.NewCTR(block, iv)
	 250  	stream.XORKeyStream(plaintext2, ciphertext[aes.BlockSize:])
	 251  
	 252  	fmt.Printf("%s\n", plaintext2)
	 253  	// Output: some plaintext
	 254  }
	 255  
	 256  func ExampleNewOFB() {
	 257  	// Load your secret key from a safe place and reuse it across multiple
	 258  	// NewCipher calls. (Obviously don't use this example key for anything
	 259  	// real.) If you want to convert a passphrase to a key, use a suitable
	 260  	// package like bcrypt or scrypt.
	 261  	key, _ := hex.DecodeString("6368616e676520746869732070617373")
	 262  	plaintext := []byte("some plaintext")
	 263  
	 264  	block, err := aes.NewCipher(key)
	 265  	if err != nil {
	 266  		panic(err)
	 267  	}
	 268  
	 269  	// The IV needs to be unique, but not secure. Therefore it's common to
	 270  	// include it at the beginning of the ciphertext.
	 271  	ciphertext := make([]byte, aes.BlockSize+len(plaintext))
	 272  	iv := ciphertext[:aes.BlockSize]
	 273  	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
	 274  		panic(err)
	 275  	}
	 276  
	 277  	stream := cipher.NewOFB(block, iv)
	 278  	stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)
	 279  
	 280  	// It's important to remember that ciphertexts must be authenticated
	 281  	// (i.e. by using crypto/hmac) as well as being encrypted in order to
	 282  	// be secure.
	 283  
	 284  	// OFB mode is the same for both encryption and decryption, so we can
	 285  	// also decrypt that ciphertext with NewOFB.
	 286  
	 287  	plaintext2 := make([]byte, len(plaintext))
	 288  	stream = cipher.NewOFB(block, iv)
	 289  	stream.XORKeyStream(plaintext2, ciphertext[aes.BlockSize:])
	 290  
	 291  	fmt.Printf("%s\n", plaintext2)
	 292  	// Output: some plaintext
	 293  }
	 294  
	 295  func ExampleStreamReader() {
	 296  	// Load your secret key from a safe place and reuse it across multiple
	 297  	// NewCipher calls. (Obviously don't use this example key for anything
	 298  	// real.) If you want to convert a passphrase to a key, use a suitable
	 299  	// package like bcrypt or scrypt.
	 300  	key, _ := hex.DecodeString("6368616e676520746869732070617373")
	 301  
	 302  	encrypted, _ := hex.DecodeString("cf0495cc6f75dafc23948538e79904a9")
	 303  	bReader := bytes.NewReader(encrypted)
	 304  
	 305  	block, err := aes.NewCipher(key)
	 306  	if err != nil {
	 307  		panic(err)
	 308  	}
	 309  
	 310  	// If the key is unique for each ciphertext, then it's ok to use a zero
	 311  	// IV.
	 312  	var iv [aes.BlockSize]byte
	 313  	stream := cipher.NewOFB(block, iv[:])
	 314  
	 315  	reader := &cipher.StreamReader{S: stream, R: bReader}
	 316  	// Copy the input to the output stream, decrypting as we go.
	 317  	if _, err := io.Copy(os.Stdout, reader); err != nil {
	 318  		panic(err)
	 319  	}
	 320  
	 321  	// Note that this example is simplistic in that it omits any
	 322  	// authentication of the encrypted data. If you were actually to use
	 323  	// StreamReader in this manner, an attacker could flip arbitrary bits in
	 324  	// the output.
	 325  
	 326  	// Output: some secret text
	 327  }
	 328  
	 329  func ExampleStreamWriter() {
	 330  	// Load your secret key from a safe place and reuse it across multiple
	 331  	// NewCipher calls. (Obviously don't use this example key for anything
	 332  	// real.) If you want to convert a passphrase to a key, use a suitable
	 333  	// package like bcrypt or scrypt.
	 334  	key, _ := hex.DecodeString("6368616e676520746869732070617373")
	 335  
	 336  	bReader := bytes.NewReader([]byte("some secret text"))
	 337  
	 338  	block, err := aes.NewCipher(key)
	 339  	if err != nil {
	 340  		panic(err)
	 341  	}
	 342  
	 343  	// If the key is unique for each ciphertext, then it's ok to use a zero
	 344  	// IV.
	 345  	var iv [aes.BlockSize]byte
	 346  	stream := cipher.NewOFB(block, iv[:])
	 347  
	 348  	var out bytes.Buffer
	 349  
	 350  	writer := &cipher.StreamWriter{S: stream, W: &out}
	 351  	// Copy the input to the output buffer, encrypting as we go.
	 352  	if _, err := io.Copy(writer, bReader); err != nil {
	 353  		panic(err)
	 354  	}
	 355  
	 356  	// Note that this example is simplistic in that it omits any
	 357  	// authentication of the encrypted data. If you were actually to use
	 358  	// StreamReader in this manner, an attacker could flip arbitrary bits in
	 359  	// the decrypted result.
	 360  
	 361  	fmt.Printf("%x\n", out.Bytes())
	 362  	// Output: cf0495cc6f75dafc23948538e79904a9
	 363  }
	 364  

View as plain text