go/aead/subtle/aes_gcm.go - platform/external/tink - Git at Google

 // Copyright 2020 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 ////////////////////////////////////////////////////////////////////////////////

 package subtle

 import (
 	"fmt"

 	internalaead "github.com/google/tink/go/internal/aead"
 	"github.com/google/tink/go/subtle/random"
 	"github.com/google/tink/go/tink"
 )

 const (
 	// AESGCMIVSize is the acceptable IV size defined by RFC 5116.
 	AESGCMIVSize = 12
 	// AESGCMTagSize is the acceptable tag size defined by RFC 5116.
 	AESGCMTagSize = 16
 )

 // AESGCM is an implementation of AEAD interface.
 type AESGCM struct {
 	aesGCMInsecureIV *internalaead.AESGCMInsecureIV
 }

 // Assert that AESGCM implements the AEAD interface.
 var _ tink.AEAD = (*AESGCM)(nil)

 // NewAESGCM returns an AESGCM instance, where key is the AES key with length
 // 16 bytes (AES-128) or 32 bytes (AES-256).
 func NewAESGCM(key []byte) (*AESGCM, error) {
 	aesGCMInsecureIV, err := internalaead.NewAESGCMInsecureIV(key, true /*=prependIV*/)
 	return &AESGCM{aesGCMInsecureIV}, err
 }

 // Encrypt encrypts plaintext with associatedData. The returned ciphertext
 // contains both the IV used for encryption and the actual ciphertext.
 //
 // Note: The crypto library's AES-GCM implementation always returns the
 // ciphertext with an AESGCMTagSize (16-byte) tag.
 func (a *AESGCM) Encrypt(plaintext, associatedData []byte) ([]byte, error) {
 	iv := random.GetRandomBytes(AESGCMIVSize)
 	return a.aesGCMInsecureIV.Encrypt(iv, plaintext, associatedData)
 }

 // Decrypt decrypts ciphertext with associatedData.
 func (a *AESGCM) Decrypt(ciphertext, associatedData []byte) ([]byte, error) {
 	if len(ciphertext) < AESGCMIVSize {
 		return nil, fmt.Errorf("ciphertext with size %d is too short", len(ciphertext))
 	}
 	iv := ciphertext[:AESGCMIVSize]
 	return a.aesGCMInsecureIV.Decrypt(iv, ciphertext, associatedData)
 }

 // Key returns the AES key.
 func (a *AESGCM) Key() []byte {
 	return a.aesGCMInsecureIV.Key
 }
	// Copyright 2020 Google LLC
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//
	////////////////////////////////////////////////////////////////////////////////

	package subtle

	import (
	"fmt"

	internalaead "github.com/google/tink/go/internal/aead"
	"github.com/google/tink/go/subtle/random"
	"github.com/google/tink/go/tink"
	)

	const (
	// AESGCMIVSize is the acceptable IV size defined by RFC 5116.
	AESGCMIVSize = 12
	// AESGCMTagSize is the acceptable tag size defined by RFC 5116.
	AESGCMTagSize = 16
	)

	// AESGCM is an implementation of AEAD interface.
	type AESGCM struct {
	aesGCMInsecureIV *internalaead.AESGCMInsecureIV
	}

	// Assert that AESGCM implements the AEAD interface.
	var _ tink.AEAD = (*AESGCM)(nil)

	// NewAESGCM returns an AESGCM instance, where key is the AES key with length
	// 16 bytes (AES-128) or 32 bytes (AES-256).
	func NewAESGCM(key []byte) (*AESGCM, error) {
	aesGCMInsecureIV, err := internalaead.NewAESGCMInsecureIV(key, true /=prependIV/)
	return &AESGCM{aesGCMInsecureIV}, err
	}

	// Encrypt encrypts plaintext with associatedData. The returned ciphertext
	// contains both the IV used for encryption and the actual ciphertext.
	//
	// Note: The crypto library's AES-GCM implementation always returns the
	// ciphertext with an AESGCMTagSize (16-byte) tag.
	func (a *AESGCM) Encrypt(plaintext, associatedData []byte) ([]byte, error) {
	iv := random.GetRandomBytes(AESGCMIVSize)
	return a.aesGCMInsecureIV.Encrypt(iv, plaintext, associatedData)
	}

	// Decrypt decrypts ciphertext with associatedData.
	func (a *AESGCM) Decrypt(ciphertext, associatedData []byte) ([]byte, error) {
	if len(ciphertext) < AESGCMIVSize {
	return nil, fmt.Errorf("ciphertext with size %d is too short", len(ciphertext))
	}
	iv := ciphertext[:AESGCMIVSize]
	return a.aesGCMInsecureIV.Decrypt(iv, ciphertext, associatedData)
	}

	// Key returns the AES key.
	func (a *AESGCM) Key() []byte {
	return a.aesGCMInsecureIV.Key
	}