-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathexample_test.go
165 lines (140 loc) · 5.97 KB
/
example_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
package siv_test
import (
"crypto/rand"
"encoding/hex"
"fmt"
"io"
siv "github.com/secure-io/siv-go"
)
func ExampleNewCMAC_encrypt() {
// Load your secret key from a safe place and reuse it across multiple
// Seal/Open calls. (Obviously don't use this example key for anything
// real.) If you want to convert a passphrase to a key, use a suitable
// package like argon2 (`go doc golang.org/x/crypto/argon2`).
// When decoded the key should be 32 bytes (AES-128) or 64 (AES-256).
key, _ := hex.DecodeString("6368616e676520746869732070617373776f726420746f206120736563726574")
plaintext := []byte("example_plaintext")
aessiv, err := siv.NewCMAC(key)
if err != nil {
panic(err.Error())
}
// An empty nonce makes AES-SIV-CMAC a deterministic authenticated encryption
// scheme (same plaintext && additional data produces the same ciphertext).
// You can also use a random 16 byte nonce to make AES-SIV-CMAC non-deterministic.
var nonce []byte = nil
ciphertext := aessiv.Seal(nil, nonce, plaintext, nil)
fmt.Printf("%x\n", ciphertext)
// Output: 485bdd0e072f857e623620ebad3eb1925bcb1cafc1780d625710b6bcdd34bf79b2
}
func ExampleNewCMAC_decrypt() {
// Load your secret key from a safe place and reuse it across multiple
// Seal/Open calls. (Obviously don't use this example key for anything
// real.) If you want to convert a passphrase to a key, use a suitable
// package like argon2 (`go doc golang.org/x/crypto/argon2`).
// When decoded the key should be 32 bytes (AES-128) or 64 (AES-256).
key, _ := hex.DecodeString("6368616e676520746869732070617373776f726420746f206120736563726574")
ciphertext, _ := hex.DecodeString("485bdd0e072f857e623620ebad3eb1925bcb1cafc1780d625710b6bcdd34bf79b2")
var nonce []byte = nil // An empty nonce was used to encrypt the plaintext.
aessiv, err := siv.NewCMAC(key)
if err != nil {
panic(err.Error())
}
plaintext, err := aessiv.Open(nil, nonce, ciphertext, nil)
if err != nil {
panic(err.Error())
}
fmt.Printf("%s\n", plaintext)
// Output: example_plaintext
}
func ExampleNewCMAC_encryptDecrypt() {
// Load your secret key from a safe place and reuse it across multiple
// Seal/Open calls. (Obviously don't use this example key for anything
// real.) If you want to convert a passphrase to a key, use a suitable
// package like argon2 (`go doc golang.org/x/crypto/argon2`).
// When decoded the key should be 32 bytes (AES-128) or 64 (AES-256).
key, _ := hex.DecodeString("6368616e676520746869732070617373776f726420746f206120736563726574")
plaintext := []byte("example_plaintext")
aessiv, err := siv.NewCMAC(key)
if err != nil {
panic(err.Error())
}
// We use a random nonce to make AES-SIV-CMAC a probabilistic authenticated
// encryption scheme.
nonce := make([]byte, aessiv.NonceSize())
if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
panic(err.Error())
}
ciphertext := aessiv.Seal(nil, nonce, plaintext, nil)
plaintext, err = aessiv.Open(plaintext[:0], nonce, ciphertext, nil)
if err != nil {
panic(err.Error())
}
fmt.Printf("%s\n", plaintext)
// Output: example_plaintext
}
func ExampleNewGCM_encrypt() {
// Load your secret key from a safe place and reuse it across multiple
// Seal/Open calls. (Obviously don't use this example key for anything
// real.) If you want to convert a passphrase to a key, use a suitable
// package like argon2 (`go doc golang.org/x/crypto/argon2`).
// When decoded the key should be 16 bytes (AES-128) or 32 (AES-256).
key, _ := hex.DecodeString("6368616e676520746869732070617373776f726420746f206120736563726574")
plaintext := []byte("example_plaintext")
aessiv, err := siv.NewGCM(key)
if err != nil {
panic(err.Error())
}
// A fixed nonce makes AES-GCM-SIV a deterministic authenticated encryption
// scheme (same plaintext && additional data produces the same ciphertext).
// You can also use a random 12 byte nonce to make AES-GCM-SIV non-deterministic.
nonce := make([]byte, aessiv.NonceSize())
ciphertext := aessiv.Seal(nil, nonce, plaintext, nil)
fmt.Printf("%x\n", ciphertext)
// Output: eb87399f2550f35b572b10b1a269b6446dce046bfd35e48208b7efa7a7b934cf69
}
func ExampleNewGCM_decrypt() {
// Load your secret key from a safe place and reuse it across multiple
// Seal/Open calls. (Obviously don't use this example key for anything
// real.) If you want to convert a passphrase to a key, use a suitable
// package like argon2 (`go doc golang.org/x/crypto/argon2`).
// When decoded the key should be 16 bytes (AES-128) or 32 (AES-256).
key, _ := hex.DecodeString("6368616e676520746869732070617373776f726420746f206120736563726574")
ciphertext, _ := hex.DecodeString("eb87399f2550f35b572b10b1a269b6446dce046bfd35e48208b7efa7a7b934cf69")
aessiv, err := siv.NewGCM(key)
if err != nil {
panic(err.Error())
}
nonce := make([]byte, aessiv.NonceSize()) // An fixed nonce was used to encrypt the plaintext.
plaintext, err := aessiv.Open(nil, nonce, ciphertext, nil)
if err != nil {
panic(err.Error())
}
fmt.Printf("%s\n", plaintext)
// Output: example_plaintext
}
func ExampleNewGCM_encryptDecrypt() {
// Load your secret key from a safe place and reuse it across multiple
// Seal/Open calls. (Obviously don't use this example key for anything
// real.) If you want to convert a passphrase to a key, use a suitable
// package like argon2 (`go doc golang.org/x/crypto/argon2`).
// When decoded the key should be 16 bytes (AES-128) or 32 (AES-256).
key, _ := hex.DecodeString("6368616e676520746869732070617373776f726420746f206120736563726574")
plaintext := []byte("example_plaintext")
aessiv, err := siv.NewGCM(key)
if err != nil {
panic(err.Error())
}
// We use a random nonce to make AES-GCM-SIV a probabilistic authenticated
// encryption scheme.
nonce := make([]byte, aessiv.NonceSize())
if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
panic(err.Error())
}
ciphertext := aessiv.Seal(nil, nonce, plaintext, nil)
plaintext, err = aessiv.Open(plaintext[:0], nonce, ciphertext, nil)
if err != nil {
panic(err.Error())
}
fmt.Printf("%s\n", plaintext)
// Output: example_plaintext
}