本文整理汇总了Golang中code/google/com/p/go/crypto/nacl/secretbox.Open函数的典型用法代码示例。如果您正苦于以下问题:Golang Open函数的具体用法?Golang Open怎么用?Golang Open使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了Open函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: exchange2
func (kx *KeyExchange) exchange2() ([]byte, error) {
reply, err := kx.meetingPlace.Exchange(kx.Log, kx.meeting2[:], kx.message2[:], kx.ShutdownChan)
if err != nil {
return nil, err
}
var nonce [24]byte
if len(reply) < len(nonce) {
return nil, errors.New("panda: meeting point reply too small")
}
if kx.sharedKey[0] == 0 && kx.sharedKey[1] == 0 {
panic("here")
}
copy(nonce[:], reply)
message, ok := secretbox.Open(nil, reply[24:], &nonce, &kx.sharedKey)
if !ok {
return nil, errors.New("panda: peer's message cannot be authenticated")
}
if len(message) < 4 {
return nil, errors.New("panda: peer's message is invalid")
}
l := binary.LittleEndian.Uint32(message)
message = message[4:]
if l > uint32(len(message)) {
return nil, errors.New("panda: peer's message is truncated")
}
message = message[:int(l)]
return message, nil
}
示例2: OpenWithKey
// OpenWithKey is the same as Open, but a different key can be passed in.
func (s *Service) OpenWithKey(e *SealedBytes, secretKey *[SecretKeyLength]byte) (byt []byte, err error) {
// once function is complete, check if we are returning err or not.
// if we are, return emit a failure metric, if not a success metric.
defer func() {
if err == nil {
s.metricsClient.Inc("success", 1, 1)
} else {
s.metricsClient.Inc("failure", 1, 1)
}
}()
// check that we either initialized with a key or one was passed in
if secretKey == nil {
return nil, fmt.Errorf("secret key is nil")
}
// convert nonce to an array
nonce, err := nonceSliceToArray(e.Nonce)
if err != nil {
return nil, err
}
// decrypt
var decrypted []byte
decrypted, ok := secretbox.Open(decrypted, e.Ciphertext, nonce, secretKey)
if !ok {
return nil, fmt.Errorf("unable to decrypt message")
}
return decrypted, nil
}
示例3: decrypt
func (nd *NaClDecryptor) decrypt(buf []byte) ([]byte, bool) {
seqNoAndDF := binary.BigEndian.Uint64(buf[:8])
df := (seqNoAndDF & (1 << 63)) != 0
seqNo := seqNoAndDF & ((1 << 63) - 1)
var di *NaClDecryptorInstance
if df {
di = nd.instanceDF
} else {
di = nd.instance
}
binary.BigEndian.PutUint64(di.nonce[16:24], seqNoAndDF)
result, success := secretbox.Open(nil, buf[8:], &di.nonce, nd.sessionKey)
if !success {
return nil, false
}
// Drop duplicates. We do this *after* decryption since we must
// not advance our state unless decryption succeeded. Doing so
// would open an easy attack vector where an adversary could
// inject a packet with a sequence number of (1 << 63) - 1,
// causing all subsequent genuine packets to get dropped.
offset, usedOffsets := di.advanceState(seqNo)
if usedOffsets == nil || usedOffsets.Contains(offset) {
// We have detected a possible replay attack, but it is
// possible we may have just received a very old packet, or
// duplication may have occurred in the network. So let's just
// drop the packet silently.
return nil, true
}
usedOffsets.Add(offset)
return result, success
}
示例4: Decode
func (receiver *EncryptedTCPReceiver) Decode(msg []byte) ([]byte, error) {
decodedMsg, success := secretbox.Open(nil, msg, &receiver.state.nonce, receiver.state.sessionKey)
if !success {
return nil, fmt.Errorf("Unable to decrypt TCP msg")
}
receiver.state.advance()
return decodedMsg, nil
}
示例5: decrypt
// decrypt extracts the nonce from the ciphertext, and attempts to
// decrypt with NaCl's secretbox.
func decrypt(key *[keySize]byte, in []byte) ([]byte, bool) {
if len(in) < nonceSize {
return nil, false
}
var nonce [nonceSize]byte
copy(nonce[:], in)
return secretbox.Open(nil, in[nonceSize:], &nonce, key)
}
示例6: trySavedKeys
// trySavedKeys tries to decrypt ciphertext using keys saved for missing messages.
func (r *Ratchet) trySavedKeys(ciphertext []byte) ([]byte, error) {
if len(ciphertext) < sealedHeaderSize {
return nil, errors.New("ratchet: header too small to be valid")
}
sealedHeader := ciphertext[:sealedHeaderSize]
var nonce [24]byte
copy(nonce[:], sealedHeader)
sealedHeader = sealedHeader[len(nonce):]
for headerKey, messageKeys := range r.saved {
header, ok := secretbox.Open(nil, sealedHeader, &nonce, &headerKey)
if !ok {
continue
}
if len(header) != headerSize {
continue
}
msgNum := binary.LittleEndian.Uint32(header[:4])
msgKey, ok := messageKeys[msgNum]
if !ok {
// This is a fairly common case: the message key might
// not have been saved because it's the next message
// key.
return nil, nil
}
sealedMessage := ciphertext[sealedHeaderSize:]
copy(nonce[:], header[nonceInHeaderOffset:])
msg, ok := secretbox.Open(nil, sealedMessage, &nonce, &msgKey.key)
if !ok {
return nil, errors.New("ratchet: corrupt message")
}
delete(messageKeys, msgNum)
if len(messageKeys) == 0 {
delete(r.saved, headerKey)
}
return msg, nil
}
return nil, nil
}
示例7: Read
func (c *Conn) Read(out []byte) (n int, err error) {
if len(c.readPending) > 0 {
n = copy(out, c.readPending)
c.readPending = c.readPending[n:]
return
}
if c.readBuffer == nil {
c.readBuffer = make([]byte, blockSize+2)
}
if _, err := io.ReadFull(c.conn, c.readBuffer[:2]); err != nil {
return 0, err
}
n = int(c.readBuffer[0]) | int(c.readBuffer[1])<<8
if n > len(c.readBuffer) {
return 0, errors.New("transport: peer's message too large for Read")
}
if _, err := io.ReadFull(c.conn, c.readBuffer[:n]); err != nil {
return 0, err
}
var ok bool
if len(out) >= n-secretbox.Overhead {
// We can decrypt directly into the output buffer.
out, ok = secretbox.Open(out[:0], c.readBuffer[:n], &c.readSequence, &c.readKey)
n = len(out)
} else {
// We need to decrypt into a side buffer and copy a prefix of
// the result into the caller's buffer.
c.decryptBuffer, ok = secretbox.Open(c.decryptBuffer[:0], c.readBuffer[:n], &c.readSequence, &c.readKey)
n = copy(out, c.decryptBuffer)
c.readPending = c.decryptBuffer[n:]
}
incSequence(&c.readSequence)
if !ok {
c.readPending = c.readPending[:0]
return 0, errors.New("transport: bad MAC")
}
return
}
示例8: decrypt
func (c *Conn) decrypt(data []byte) ([]byte, error) {
if !c.readKeyValid {
return data, nil
}
decrypted, ok := secretbox.Open(nil, data, &c.readSequence, &c.readKey)
incSequence(&c.readSequence)
if !ok {
return nil, errors.New("transport: bad MAC")
}
return decrypted, nil
}
示例9: decrypt
func decrypt(key, ciphertext []byte) ([]byte, error) {
if len(ciphertext) < nonceLen+secretbox.Overhead {
return nil, fmt.Errorf("message too short")
}
var nonce [nonceLen]byte
copy(nonce[:], ciphertext)
ciphertext = ciphertext[nonceLen:]
text, ok := secretbox.Open(nil, ciphertext, &nonce, makeKey(key))
if !ok {
return nil, fmt.Errorf("decryption failure")
}
return text, nil
}
示例10: Decrypt
// Decrypt decrypts a message using XSalsa20-Poly1305 and outputs it to dst.
// Returns false if decryption failed (authentication tag mismatch).
func (sb *secretBoxMode) Decrypt(dst []byte, src []byte, nonce []byte) bool {
if len(src) <= sb.Overhead() {
panic("cryptstate: bad src")
}
if len(nonce) != 24 {
panic("cryptstate: bad nonce length")
}
noncePtr := (*[24]byte)(unsafe.Pointer(&nonce[0]))
_, ok := secretbox.Open(dst[0:0], src, noncePtr, &sb.key)
return ok
}
示例11: DecryptPrefixNonce
func DecryptPrefixNonce(ciphertxt []byte, secret *[32]byte) ([]byte, bool) {
if len(ciphertxt) < secretbox.Overhead+24 {
return nil, false
}
// There is no way to nicely convert from a slice to an
// array. So have to used the following loop.
var nonce [24]byte
for idx, e := range ciphertxt[0:24] {
nonce[idx] = e
}
ciphertxt = ciphertxt[24:]
return secretbox.Open(nil, ciphertxt, &nonce, secret)
}
示例12: ReadAt
// TODO : consider caching the last deciphered chunk
func (this *CipherReaderAt) ReadAt(p []byte, off int64) (n int, err error) {
log.Printf("ReadAt len(p):%v, off:%v\n", len(p), off)
// read Nonce if not yet read
if this.Nonce == nil {
this.Nonce = &[24]byte{}
_, err := this.Reader.ReadAt(this.Nonce[:], 0)
if err != nil {
return 0, err
}
}
// ...
for len(p) > 0 {
chunkIndex := off / (this.ChunkSize - secretbox.Overhead)
chunkStart := chunkIndex * this.ChunkSize
offChunk := off - chunkIndex*(this.ChunkSize-secretbox.Overhead)
log.Printf(" - chunkIndex: %v, chunkStart: %v, offChunk: %v\n", chunkIndex, chunkStart, offChunk)
// compute nonce, basically a base 256 addition operation
var nonce [24]byte
copy(nonce[:], this.Nonce[:])
{
ci := chunkIndex // copy
i := 0
carry := int16(0)
for ci > 0 || carry > 0 {
sum := int16(ci % 256)
sum += int16(nonce[i])
sum += int16(carry)
nonce[i] = byte(sum % 256)
carry = int16(sum >> 8)
ci >>= 8
i++
}
log.Printf(" - nonce: %v", nonce)
}
numRead, err := this.Reader.ReadAt(this.Chunk, 24+chunkStart)
if err != nil && err != io.EOF {
return n, err
}
openedChunk, ok := secretbox.Open(nil, this.Chunk[:numRead], &nonce, this.Key)
//fmt.Println(colors.Cyan("nonce:", nonce, " key:", this.Key, " numRead:", numRead))
if !ok {
return n, errors.New(fmt.Sprintf("Failed to decipher chunk %v", chunkIndex))
}
copied := copy(p, openedChunk[offChunk:])
p = p[copied:]
n += copied
off += int64(copied)
}
return n, nil
}
示例13: Get
func (s *Convergent) Get(key []byte) ([]byte, error) {
boxedkey := s.computeBoxedKey(key)
box, err := s.untrusted.Get(boxedkey)
if err != nil {
return nil, err
}
nonce := s.makeNonce(key)
plain, ok := secretbox.Open(nil, box, nonce, s.secret)
if !ok {
return nil, Corrupt{Key: key}
}
return plain, nil
}
示例14: decrypt
// decrypt extracts the nonce from the ciphertext, and attempts to
// decrypt with NaCl's secretbox.
func decrypt(key *[keySize]byte, message []byte) ([]byte, error) {
if len(message) < (nonceSize + secretbox.Overhead) {
return nil, ErrDecrypt
}
var nonce [nonceSize]byte
copy(nonce[:], message[:nonceSize])
out, ok := secretbox.Open(nil, message[nonceSize:], &nonce, key)
if !ok {
return nil, ErrDecrypt
}
return out, nil
}
示例15: unbox
func unbox(key *[32]byte, body []byte) ([]byte, error) {
var nonce [24]byte
if len(body) < len(nonce)+secretbox.Overhead+2 {
return nil, errors.New("panda: reply from server is too short to be valid")
}
copy(nonce[:], body)
unsealed, ok := secretbox.Open(nil, body[len(nonce):], &nonce, key)
if !ok {
return nil, errors.New("panda: failed to authenticate reply from server")
}
l := int(unsealed[0]) | int(unsealed[1])<<8
unsealed = unsealed[2:]
if l > len(unsealed) {
return nil, errors.New("panda: corrupt but authentic message found")
}
return unsealed[:l], nil
}