-
Notifications
You must be signed in to change notification settings - Fork 29
/
aes_gcm_kw.go
128 lines (92 loc) · 3.09 KB
/
aes_gcm_kw.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
package jose
import (
"errors"
"fmt"
"github.com/dvsekhvalnov/jose2go/base64url"
"github.com/dvsekhvalnov/jose2go/arrays"
"crypto/aes"
"crypto/cipher"
)
func init() {
RegisterJwa(&AesGcmKW{ keySizeBits: 128})
RegisterJwa(&AesGcmKW{ keySizeBits: 192})
RegisterJwa(&AesGcmKW{ keySizeBits: 256})
}
// AES GCM Key Wrap key management algorithm implementation
type AesGcmKW struct {
keySizeBits int
}
func (alg *AesGcmKW) Name() string {
switch alg.keySizeBits {
case 128: return A128GCMKW
case 192: return A192GCMKW
default: return A256GCMKW
}
}
func (alg *AesGcmKW) WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error) {
if kek,ok:=key.([]byte); ok {
kekSizeBits := len(kek) << 3
if kekSizeBits != alg.keySizeBits {
return nil,nil, errors.New(fmt.Sprintf("AesGcmKW.WrapNewKey(): expected key of size %v bits, but was given %v bits.",alg.keySizeBits, kekSizeBits))
}
if cek,err = arrays.Random(cekSizeBits>>3);err!=nil {
return nil,nil,err
}
var iv []byte
if iv,err = arrays.Random(12);err!=nil {
return nil,nil,err
}
var block cipher.Block
if block, err = aes.NewCipher(kek);err!=nil {
return nil,nil,err
}
var aesgcm cipher.AEAD
if aesgcm,err = cipher.NewGCM(block);err!=nil {
return nil,nil,err
}
cipherWithTag := aesgcm.Seal(nil, iv, cek, nil)
cipherText := cipherWithTag[:len(cipherWithTag)-aesgcm.Overhead()]
authTag := cipherWithTag[len(cipherWithTag)-aesgcm.Overhead():]
header["iv"]=base64url.Encode(iv)
header["tag"]=base64url.Encode(authTag)
return cek,cipherText,nil
}
return nil,nil,errors.New("AesGcmKW.WrapNewKey(): expected key to be '[]byte' array")
}
func (alg *AesGcmKW) Unwrap(encryptedCek []byte, key interface{}, cekSizeBits int, header map[string]interface{}) (cek []byte, err error) {
if kek,ok:=key.([]byte); ok {
kekSizeBits := len(kek) << 3
if kekSizeBits != alg.keySizeBits {
return nil,errors.New(fmt.Sprintf("AesGcmKW.Unwrap(): expected key of size %v bits, but was given %v bits.", alg.keySizeBits, kekSizeBits))
}
var iv,tag string
if iv,ok = header["iv"].(string);!ok {
return nil,errors.New("AesGcmKW.Unwrap(): expected 'iv' param in JWT header, but was not found.")
}
if tag,ok = header["tag"].(string);!ok {
return nil,errors.New("AesGcmKW.Unwrap(): expected 'tag' param in JWT header, but was not found.")
}
var ivBytes,tagBytes []byte
if ivBytes,err = base64url.Decode(iv);err!=nil {
return nil,err
}
if tagBytes,err = base64url.Decode(tag);err!=nil {
return nil,err
}
var block cipher.Block
if block, err = aes.NewCipher(kek);err!=nil {
return nil,err
}
var aesgcm cipher.AEAD
if aesgcm,err = cipher.NewGCM(block);err!=nil {
return nil,err
}
cipherAndTag:=append(encryptedCek,tagBytes...)
if cek,err = aesgcm.Open(nil, ivBytes,cipherAndTag , nil);err!=nil {
fmt.Printf("err = %v\n",err)
return nil,err
}
return cek,nil
}
return nil,errors.New("AesGcmKW.Unwrap(): expected key to be '[]byte' array")
}