github.com/zebozhuang/go@v0.0.0-20200207033046-f8a98f6f5c5d/src/crypto/cipher/example_test.go (about)

     1  // Copyright 2012 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package cipher_test
     6  
     7  import (
     8  	"crypto/aes"
     9  	"crypto/cipher"
    10  	"crypto/rand"
    11  	"encoding/hex"
    12  	"fmt"
    13  	"io"
    14  	"os"
    15  )
    16  
    17  func ExampleNewGCM_encrypt() {
    18  	// The key argument should be the AES key, either 16 or 32 bytes
    19  	// to select AES-128 or AES-256.
    20  	key := []byte("AES256Key-32Characters1234567890")
    21  	plaintext := []byte("exampleplaintext")
    22  
    23  	block, err := aes.NewCipher(key)
    24  	if err != nil {
    25  		panic(err.Error())
    26  	}
    27  
    28  	// Never use more than 2^32 random nonces with a given key because of the risk of a repeat.
    29  	nonce := make([]byte, 12)
    30  	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
    31  		panic(err.Error())
    32  	}
    33  
    34  	aesgcm, err := cipher.NewGCM(block)
    35  	if err != nil {
    36  		panic(err.Error())
    37  	}
    38  
    39  	ciphertext := aesgcm.Seal(nil, nonce, plaintext, nil)
    40  	fmt.Printf("%x\n", ciphertext)
    41  }
    42  
    43  func ExampleNewGCM_decrypt() {
    44  	// The key argument should be the AES key, either 16 or 32 bytes
    45  	// to select AES-128 or AES-256.
    46  	key := []byte("AES256Key-32Characters1234567890")
    47  	ciphertext, _ := hex.DecodeString("1019aa66cd7c024f9efd0038899dae1973ee69427f5a6579eba292ffe1b5a260")
    48  
    49  	nonce, _ := hex.DecodeString("37b8e8a308c354048d245f6d")
    50  
    51  	block, err := aes.NewCipher(key)
    52  	if err != nil {
    53  		panic(err.Error())
    54  	}
    55  
    56  	aesgcm, err := cipher.NewGCM(block)
    57  	if err != nil {
    58  		panic(err.Error())
    59  	}
    60  
    61  	plaintext, err := aesgcm.Open(nil, nonce, ciphertext, nil)
    62  	if err != nil {
    63  		panic(err.Error())
    64  	}
    65  
    66  	fmt.Printf("%s\n", plaintext)
    67  	// Output: exampleplaintext
    68  }
    69  
    70  func ExampleNewCBCDecrypter() {
    71  	key := []byte("example key 1234")
    72  	ciphertext, _ := hex.DecodeString("f363f3ccdcb12bb883abf484ba77d9cd7d32b5baecb3d4b1b3e0e4beffdb3ded")
    73  
    74  	block, err := aes.NewCipher(key)
    75  	if err != nil {
    76  		panic(err)
    77  	}
    78  
    79  	// The IV needs to be unique, but not secure. Therefore it's common to
    80  	// include it at the beginning of the ciphertext.
    81  	if len(ciphertext) < aes.BlockSize {
    82  		panic("ciphertext too short")
    83  	}
    84  	iv := ciphertext[:aes.BlockSize]
    85  	ciphertext = ciphertext[aes.BlockSize:]
    86  
    87  	// CBC mode always works in whole blocks.
    88  	if len(ciphertext)%aes.BlockSize != 0 {
    89  		panic("ciphertext is not a multiple of the block size")
    90  	}
    91  
    92  	mode := cipher.NewCBCDecrypter(block, iv)
    93  
    94  	// CryptBlocks can work in-place if the two arguments are the same.
    95  	mode.CryptBlocks(ciphertext, ciphertext)
    96  
    97  	// If the original plaintext lengths are not a multiple of the block
    98  	// size, padding would have to be added when encrypting, which would be
    99  	// removed at this point. For an example, see
   100  	// https://tools.ietf.org/html/rfc5246#section-6.2.3.2. However, it's
   101  	// critical to note that ciphertexts must be authenticated (i.e. by
   102  	// using crypto/hmac) before being decrypted in order to avoid creating
   103  	// a padding oracle.
   104  
   105  	fmt.Printf("%s\n", ciphertext)
   106  	// Output: exampleplaintext
   107  }
   108  
   109  func ExampleNewCBCEncrypter() {
   110  	key := []byte("example key 1234")
   111  	plaintext := []byte("exampleplaintext")
   112  
   113  	// CBC mode works on blocks so plaintexts may need to be padded to the
   114  	// next whole block. For an example of such padding, see
   115  	// https://tools.ietf.org/html/rfc5246#section-6.2.3.2. Here we'll
   116  	// assume that the plaintext is already of the correct length.
   117  	if len(plaintext)%aes.BlockSize != 0 {
   118  		panic("plaintext is not a multiple of the block size")
   119  	}
   120  
   121  	block, err := aes.NewCipher(key)
   122  	if err != nil {
   123  		panic(err)
   124  	}
   125  
   126  	// The IV needs to be unique, but not secure. Therefore it's common to
   127  	// include it at the beginning of the ciphertext.
   128  	ciphertext := make([]byte, aes.BlockSize+len(plaintext))
   129  	iv := ciphertext[:aes.BlockSize]
   130  	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
   131  		panic(err)
   132  	}
   133  
   134  	mode := cipher.NewCBCEncrypter(block, iv)
   135  	mode.CryptBlocks(ciphertext[aes.BlockSize:], plaintext)
   136  
   137  	// It's important to remember that ciphertexts must be authenticated
   138  	// (i.e. by using crypto/hmac) as well as being encrypted in order to
   139  	// be secure.
   140  
   141  	fmt.Printf("%x\n", ciphertext)
   142  }
   143  
   144  func ExampleNewCFBDecrypter() {
   145  	key := []byte("example key 1234")
   146  	ciphertext, _ := hex.DecodeString("22277966616d9bc47177bd02603d08c9a67d5380d0fe8cf3b44438dff7b9")
   147  
   148  	block, err := aes.NewCipher(key)
   149  	if err != nil {
   150  		panic(err)
   151  	}
   152  
   153  	// The IV needs to be unique, but not secure. Therefore it's common to
   154  	// include it at the beginning of the ciphertext.
   155  	if len(ciphertext) < aes.BlockSize {
   156  		panic("ciphertext too short")
   157  	}
   158  	iv := ciphertext[:aes.BlockSize]
   159  	ciphertext = ciphertext[aes.BlockSize:]
   160  
   161  	stream := cipher.NewCFBDecrypter(block, iv)
   162  
   163  	// XORKeyStream can work in-place if the two arguments are the same.
   164  	stream.XORKeyStream(ciphertext, ciphertext)
   165  	fmt.Printf("%s", ciphertext)
   166  	// Output: some plaintext
   167  }
   168  
   169  func ExampleNewCFBEncrypter() {
   170  	key := []byte("example key 1234")
   171  	plaintext := []byte("some plaintext")
   172  
   173  	block, err := aes.NewCipher(key)
   174  	if err != nil {
   175  		panic(err)
   176  	}
   177  
   178  	// The IV needs to be unique, but not secure. Therefore it's common to
   179  	// include it at the beginning of the ciphertext.
   180  	ciphertext := make([]byte, aes.BlockSize+len(plaintext))
   181  	iv := ciphertext[:aes.BlockSize]
   182  	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
   183  		panic(err)
   184  	}
   185  
   186  	stream := cipher.NewCFBEncrypter(block, iv)
   187  	stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)
   188  
   189  	// It's important to remember that ciphertexts must be authenticated
   190  	// (i.e. by using crypto/hmac) as well as being encrypted in order to
   191  	// be secure.
   192  }
   193  
   194  func ExampleNewCTR() {
   195  	key := []byte("example key 1234")
   196  	plaintext := []byte("some plaintext")
   197  
   198  	block, err := aes.NewCipher(key)
   199  	if err != nil {
   200  		panic(err)
   201  	}
   202  
   203  	// The IV needs to be unique, but not secure. Therefore it's common to
   204  	// include it at the beginning of the ciphertext.
   205  	ciphertext := make([]byte, aes.BlockSize+len(plaintext))
   206  	iv := ciphertext[:aes.BlockSize]
   207  	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
   208  		panic(err)
   209  	}
   210  
   211  	stream := cipher.NewCTR(block, iv)
   212  	stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)
   213  
   214  	// It's important to remember that ciphertexts must be authenticated
   215  	// (i.e. by using crypto/hmac) as well as being encrypted in order to
   216  	// be secure.
   217  
   218  	// CTR mode is the same for both encryption and decryption, so we can
   219  	// also decrypt that ciphertext with NewCTR.
   220  
   221  	plaintext2 := make([]byte, len(plaintext))
   222  	stream = cipher.NewCTR(block, iv)
   223  	stream.XORKeyStream(plaintext2, ciphertext[aes.BlockSize:])
   224  
   225  	fmt.Printf("%s\n", plaintext2)
   226  	// Output: some plaintext
   227  }
   228  
   229  func ExampleNewOFB() {
   230  	key := []byte("example key 1234")
   231  	plaintext := []byte("some plaintext")
   232  
   233  	block, err := aes.NewCipher(key)
   234  	if err != nil {
   235  		panic(err)
   236  	}
   237  
   238  	// The IV needs to be unique, but not secure. Therefore it's common to
   239  	// include it at the beginning of the ciphertext.
   240  	ciphertext := make([]byte, aes.BlockSize+len(plaintext))
   241  	iv := ciphertext[:aes.BlockSize]
   242  	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
   243  		panic(err)
   244  	}
   245  
   246  	stream := cipher.NewOFB(block, iv)
   247  	stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)
   248  
   249  	// It's important to remember that ciphertexts must be authenticated
   250  	// (i.e. by using crypto/hmac) as well as being encrypted in order to
   251  	// be secure.
   252  
   253  	// OFB mode is the same for both encryption and decryption, so we can
   254  	// also decrypt that ciphertext with NewOFB.
   255  
   256  	plaintext2 := make([]byte, len(plaintext))
   257  	stream = cipher.NewOFB(block, iv)
   258  	stream.XORKeyStream(plaintext2, ciphertext[aes.BlockSize:])
   259  
   260  	fmt.Printf("%s\n", plaintext2)
   261  	// Output: some plaintext
   262  }
   263  
   264  func ExampleStreamReader() {
   265  	key := []byte("example key 1234")
   266  
   267  	inFile, err := os.Open("encrypted-file")
   268  	if err != nil {
   269  		panic(err)
   270  	}
   271  	defer inFile.Close()
   272  
   273  	block, err := aes.NewCipher(key)
   274  	if err != nil {
   275  		panic(err)
   276  	}
   277  
   278  	// If the key is unique for each ciphertext, then it's ok to use a zero
   279  	// IV.
   280  	var iv [aes.BlockSize]byte
   281  	stream := cipher.NewOFB(block, iv[:])
   282  
   283  	outFile, err := os.OpenFile("decrypted-file", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
   284  	if err != nil {
   285  		panic(err)
   286  	}
   287  	defer outFile.Close()
   288  
   289  	reader := &cipher.StreamReader{S: stream, R: inFile}
   290  	// Copy the input file to the output file, decrypting as we go.
   291  	if _, err := io.Copy(outFile, reader); err != nil {
   292  		panic(err)
   293  	}
   294  
   295  	// Note that this example is simplistic in that it omits any
   296  	// authentication of the encrypted data. If you were actually to use
   297  	// StreamReader in this manner, an attacker could flip arbitrary bits in
   298  	// the output.
   299  }
   300  
   301  func ExampleStreamWriter() {
   302  	key := []byte("example key 1234")
   303  
   304  	inFile, err := os.Open("plaintext-file")
   305  	if err != nil {
   306  		panic(err)
   307  	}
   308  	defer inFile.Close()
   309  
   310  	block, err := aes.NewCipher(key)
   311  	if err != nil {
   312  		panic(err)
   313  	}
   314  
   315  	// If the key is unique for each ciphertext, then it's ok to use a zero
   316  	// IV.
   317  	var iv [aes.BlockSize]byte
   318  	stream := cipher.NewOFB(block, iv[:])
   319  
   320  	outFile, err := os.OpenFile("encrypted-file", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
   321  	if err != nil {
   322  		panic(err)
   323  	}
   324  	defer outFile.Close()
   325  
   326  	writer := &cipher.StreamWriter{S: stream, W: outFile}
   327  	// Copy the input file to the output file, encrypting as we go.
   328  	if _, err := io.Copy(writer, inFile); err != nil {
   329  		panic(err)
   330  	}
   331  
   332  	// Note that this example is simplistic in that it omits any
   333  	// authentication of the encrypted data. If you were actually to use
   334  	// StreamReader in this manner, an attacker could flip arbitrary bits in
   335  	// the decrypted result.
   336  }