github.com/Team-Kujira/tendermint@v0.34.24-indexer/crypto/xsalsa20symmetric/symmetric.go (about) 1 package xsalsa20symmetric 2 3 import ( 4 "errors" 5 "fmt" 6 7 "golang.org/x/crypto/nacl/secretbox" 8 9 "github.com/tendermint/tendermint/crypto" 10 ) 11 12 // TODO, make this into a struct that implements crypto.Symmetric. 13 14 const nonceLen = 24 15 const secretLen = 32 16 17 // secret must be 32 bytes long. Use something like Sha256(Bcrypt(passphrase)) 18 // The ciphertext is (secretbox.Overhead + 24) bytes longer than the plaintext. 19 func EncryptSymmetric(plaintext []byte, secret []byte) (ciphertext []byte) { 20 if len(secret) != secretLen { 21 panic(fmt.Sprintf("Secret must be 32 bytes long, got len %v", len(secret))) 22 } 23 nonce := crypto.CRandBytes(nonceLen) 24 nonceArr := [nonceLen]byte{} 25 copy(nonceArr[:], nonce) 26 secretArr := [secretLen]byte{} 27 copy(secretArr[:], secret) 28 ciphertext = make([]byte, nonceLen+secretbox.Overhead+len(plaintext)) 29 copy(ciphertext, nonce) 30 secretbox.Seal(ciphertext[nonceLen:nonceLen], plaintext, &nonceArr, &secretArr) 31 return ciphertext 32 } 33 34 // secret must be 32 bytes long. Use something like Sha256(Bcrypt(passphrase)) 35 // The ciphertext is (secretbox.Overhead + 24) bytes longer than the plaintext. 36 func DecryptSymmetric(ciphertext []byte, secret []byte) (plaintext []byte, err error) { 37 if len(secret) != secretLen { 38 panic(fmt.Sprintf("Secret must be 32 bytes long, got len %v", len(secret))) 39 } 40 if len(ciphertext) <= secretbox.Overhead+nonceLen { 41 return nil, errors.New("ciphertext is too short") 42 } 43 nonce := ciphertext[:nonceLen] 44 nonceArr := [nonceLen]byte{} 45 copy(nonceArr[:], nonce) 46 secretArr := [secretLen]byte{} 47 copy(secretArr[:], secret) 48 plaintext = make([]byte, len(ciphertext)-nonceLen-secretbox.Overhead) 49 _, ok := secretbox.Open(plaintext[:0], ciphertext[nonceLen:], &nonceArr, &secretArr) 50 if !ok { 51 return nil, errors.New("ciphertext decryption failed") 52 } 53 return plaintext, nil 54 }