| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253 |
- package cryptoutil
- import (
- "crypto/aes"
- "crypto/cipher"
- "crypto/rand"
- "github.com/cockroachdb/errors"
- )
- // AESGCMEncrypt encrypts plaintext with the given key using AES in GCM mode.
- func AESGCMEncrypt(key, plaintext []byte) ([]byte, error) {
- block, err := aes.NewCipher(key)
- if err != nil {
- return nil, err
- }
- gcm, err := cipher.NewGCM(block)
- if err != nil {
- return nil, err
- }
- nonce := make([]byte, gcm.NonceSize())
- if _, err := rand.Read(nonce); err != nil {
- return nil, err
- }
- ciphertext := gcm.Seal(nil, nonce, plaintext, nil)
- return append(nonce, ciphertext...), nil
- }
- // AESGCMDecrypt decrypts ciphertext with the given key using AES in GCM mode.
- func AESGCMDecrypt(key, ciphertext []byte) ([]byte, error) {
- block, err := aes.NewCipher(key)
- if err != nil {
- return nil, err
- }
- gcm, err := cipher.NewGCM(block)
- if err != nil {
- return nil, err
- }
- size := gcm.NonceSize()
- if len(ciphertext)-size <= 0 {
- return nil, errors.New("ciphertext is empty")
- }
- nonce := ciphertext[:size]
- ciphertext = ciphertext[size:]
- return gcm.Open(nil, nonce, ciphertext, nil)
- }
|
