74 lines
2.1 KiB
Go
74 lines
2.1 KiB
Go
package s3crypto
|
|
|
|
import (
|
|
"io"
|
|
"strings"
|
|
)
|
|
|
|
const (
|
|
cbcKeySize = 32
|
|
cbcNonceSize = 16
|
|
)
|
|
|
|
type cbcContentCipherBuilder struct {
|
|
generator CipherDataGenerator
|
|
padder Padder
|
|
}
|
|
|
|
// AESCBCContentCipherBuilder returns a new encryption only mode structure with a specific cipher
|
|
// for the master key
|
|
func AESCBCContentCipherBuilder(generator CipherDataGenerator, padder Padder) ContentCipherBuilder {
|
|
return cbcContentCipherBuilder{generator: generator, padder: padder}
|
|
}
|
|
|
|
func (builder cbcContentCipherBuilder) ContentCipher() (ContentCipher, error) {
|
|
cd, err := builder.generator.GenerateCipherData(cbcKeySize, cbcNonceSize)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
cd.Padder = builder.padder
|
|
return newAESCBCContentCipher(cd)
|
|
}
|
|
|
|
// newAESCBCContentCipher will create a new aes cbc content cipher. If the cipher data's
|
|
// will set the CEK algorithm if it hasn't been set.
|
|
func newAESCBCContentCipher(cd CipherData) (ContentCipher, error) {
|
|
if len(cd.CEKAlgorithm) == 0 {
|
|
cd.CEKAlgorithm = strings.Join([]string{AESCBC, cd.Padder.Name()}, "/")
|
|
}
|
|
cipher, err := newAESCBC(cd, cd.Padder)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &aesCBCContentCipher{
|
|
CipherData: cd,
|
|
Cipher: cipher,
|
|
}, nil
|
|
}
|
|
|
|
// aesCBCContentCipher will use AES CBC for the main cipher.
|
|
type aesCBCContentCipher struct {
|
|
CipherData CipherData
|
|
Cipher Cipher
|
|
}
|
|
|
|
// EncryptContents will generate a random key and iv and encrypt the data using cbc
|
|
func (cc *aesCBCContentCipher) EncryptContents(src io.Reader) (io.Reader, error) {
|
|
return cc.Cipher.Encrypt(src), nil
|
|
}
|
|
|
|
// DecryptContents will use the symmetric key provider to instantiate a new CBC cipher.
|
|
// We grab a decrypt reader from CBC and wrap it in a CryptoReadCloser. The only error
|
|
// expected here is when the key or iv is of invalid length.
|
|
func (cc *aesCBCContentCipher) DecryptContents(src io.ReadCloser) (io.ReadCloser, error) {
|
|
reader := cc.Cipher.Decrypt(src)
|
|
return &CryptoReadCloser{Body: src, Decrypter: reader}, nil
|
|
}
|
|
|
|
// GetCipherData returns cipher data
|
|
func (cc aesCBCContentCipher) GetCipherData() CipherData {
|
|
return cc.CipherData
|
|
}
|