本文整理汇总了Golang中golang.org/x/crypto/nacl/box.Seal函数的典型用法代码示例。如果您正苦于以下问题:Golang Seal函数的具体用法?Golang Seal怎么用?Golang Seal使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了Seal函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: Write
// Write the message (contents of p) to w's underlying data stream.
//
// The message is first encrypted using a randomly generated nonce
// and the SecureWriter's public and private keys.
//
// The total fields written to the SecureWriter's data stream are:
//
// - Nonce: randomly generated nonce, nonceSize bytes (in this case, 24)
// - Message Length (uint32): length of the encrypted message, in bytes.
// - Encrypted Message: the encrypted message itself.
//
// All values use LittleEndian encoding by convention.
//
// Returns the length (in bytes) of the box (encrypted message).
// This does not include the sizes of the nonce or message length.
func (w SecureWriter) Write(p []byte) (n int, err error) {
nonce, err := generateNonce()
if err != nil {
return 0, errors.New("could not generate nonce: " + err.Error())
}
// encrypt the message
box := box.Seal(nil, p, nonce, w.publicKey, w.privateKey)
// write the nonce
if err = binary.Write(w.writer, binary.LittleEndian, nonce); err != nil {
return 0, errors.New("could not write nonce: " + err.Error())
}
// write the encrypted message length
boxLen := uint32(len(box))
if err = binary.Write(w.writer, binary.LittleEndian, boxLen); err != nil {
return 0, errors.New("could not write box length: " + err.Error())
}
// write the message itself
if err = binary.Write(w.writer, binary.LittleEndian, box); err != nil {
return 0, errors.New("could not write encrypted message: " + err.Error())
}
return int(boxLen), nil
}示例2: Write
func (sw *SecureWriter) Write(message []byte) (int, error) {
// Generate a random nonce
nonce, err := randomNonce()
if err != nil {
log.Println("Error generating nonce", err)
return 0, err
}
// Convert message to encrypted byte slice with nonce
encrypted := box.Seal(nonce[:], message, nonce, sw.pub, sw.priv)
payloadSize := len(encrypted)
// Write payload size to buffer
err = binary.Write(sw.w, binary.LittleEndian, uint32(payloadSize))
if err != nil {
log.Println("Error writing payloadSize to buffer", err)
return 0, err
}
// Write encrypted message to buffer
_, err = sw.w.Write(encrypted)
if err != nil {
log.Println("Error writing encrypted message to buffer", err)
return 0, err
}
return len(message), nil
}示例3: Write
func (sw *SecureWriter) Write(p []byte) (n int, err error) {
var out []byte
//log.Println("before Seal ", p)
encrypted := box.Seal(out, p, sw.getNonce(), sw.pub, sw.priv)
//log.Println("after Seal ", encrypted, out)
return sw.w.Write(encrypted)
}示例4: Write
// Encrypts and writes to the writer outputing the following structure:
// The first two bytes are the length(x) of the encrypted message.
// The next 24 bytes are a random nonce.
// The next x bytes is the encrypted message.
func (s *SecureWriter) Write(p []byte) (int, error) {
nonce, err := generateNonce()
if err != nil {
return 0, err
}
payload := box.Seal(nil, p, nonce, s.pub, s.priv)
plen := make([]byte, 2)
binary.PutVarint(plen, int64(len(payload)))
ew := &errWriter{w: s.writer}
ew.write(plen)
ew.write(nonce[:])
ew.write(payload)
if ew.err != nil {
// If an error occurred, bytes may have been written
// but they do not correspond to bytes of `p` written,
// which is what the io.Writer interface cares about.
// SecureWriter is pretty much all or nothing.
return 0, ew.err
}
return len(p), ew.err
}示例5: Write
// Write will encrypt p, then write the ciphertext.
// Data is in the format: nonce (24 bytes), cipherlength (2 bytes), ciphertext (cipherlength+box.Overhead bytes)
func (w SecureWriter) Write(p []byte) (int, error) {
var nonce [24]byte
rand.Read(nonce[:])
// Write the plaintext nonce to the stream
err := binary.Write(w.writer, binary.BigEndian, &nonce)
if err != nil {
return 0, err
}
// Write the length of the plaintext message
err = binary.Write(w.writer, binary.BigEndian, uint16(len(p)))
if err != nil {
return 0, err
}
c := box.Seal(nil, p, &nonce, w.publicKey, w.privateKey)
err = binary.Write(w.writer, binary.BigEndian, c)
if err != nil {
return 0, err
}
// Return the number of plaintext bytes written, the user is not concerned with the overhead
return len(c) - box.Overhead, nil
}示例6: encodeJSONCaveatId
// encodeJSONCaveatId creates a JSON encoded third-party caveat.
func encodeJSONCaveatId(key *KeyPair, ci caveatInfo) ([]byte, error) {
var nonce [NonceLen]byte
if _, err := rand.Read(nonce[:]); err != nil {
return nil, errgo.Notef(err, "cannot generate random number for nonce")
}
plain := caveatIdRecord{
RootKey: ci.rootKey,
Condition: ci.condition,
}
plainData, err := json.Marshal(&plain)
if err != nil {
return nil, errgo.Notef(err, "cannot marshal %#v", &plain)
}
sealed := box.Seal(nil, plainData, &nonce, ci.peerPublicKey.boxKey(), key.Private.boxKey())
id := caveatId{
ThirdPartyPublicKey: ci.peerPublicKey,
FirstPartyPublicKey: &key.Public,
Nonce: nonce[:],
Id: base64.StdEncoding.EncodeToString(sealed),
}
data, err := json.Marshal(id)
if err != nil {
return nil, errgo.Notef(err, "cannot marshal %#v", id)
}
buf := make([]byte, base64.StdEncoding.EncodedLen(len(data)))
base64.StdEncoding.Encode(buf, data)
return buf, nil
}示例7: Write
// Write writes the NaCl-encrypted data of p to the underlying datastream.
// See http://godoc.org/io#Writer for how Write(p []byte) works in general.
func (w *SecureWriter) Write(p []byte) (n int, err error) {
// First we need to encrypt this, luckily we have a shaker in our toolbox, let's add some salt!
var message []byte
nonce, err := getNonce()
if err != nil {
return 0, err
}
message = box.Seal(nil, p, nonce, w.peersPublicKey, w.privateKey)
ms := int64(binary.Size(message))
// Write message length
err = binary.Write(w.writer, binary.LittleEndian, ms)
if err != nil {
return 0, err
}
// Write nonce
err = binary.Write(w.writer, binary.LittleEndian, nonce)
if err != nil {
return 0, err
}
// Write message
err = binary.Write(w.writer, binary.LittleEndian, message)
if err != nil {
return 0, err
}
return int(ms), err
}示例8: Share
// Share creates a shared key, which the given key can use to decrypt
// the secret.
// Requires the master key to be unsealed.
func (s *Secret) Share(key *Key) (shared *Secret, err error) {
if IsSealed() {
err = errors.New("Please unseal first")
return
}
shared = new(Secret)
shared.Name = s.Name
shared.Key = *key
err = s.Key.Decrypt()
if err != nil {
return
}
defer s.Key.Zero()
if err = shared.newNonce(); err != nil {
return
}
// Generate a public key from the master
pub := new([32]byte)
curve25519.ScalarBaseMult(pub, master)
shared.Pubkey = pub[:]
shared.Message = box.Seal(
nil,
s.Key.raw[:],
shared.nonce(),
key.pubkey(),
master)
return
}示例9: Seal
func Seal(out, message []byte, peersPublicKey *[32]byte) []byte {
otk_pub, otk_priv, err := box.GenerateKey(rand.Reader)
if err != nil {
panic(err)
}
return box.Seal(append(out, otk_pub[:]...), message, &n, peersPublicKey, otk_priv)
}示例10: Write
// Write reads from b and writes it securely into s
func (s *SecureWriter) Write(b []byte) (int, error) {
if s.closed {
return 0, io.EOF
}
if len(b) == 0 {
return 0, fmt.Errorf("No bytes to write")
}
nonce := newNonce()
o := box.Seal(nil, b, nonce, s.pub, s.priv)
var length byte = byte(len(o))
if length == 0 {
return 0, fmt.Errorf("Error writing secure message with nonce: %v", nonce)
}
var out []byte
// nonce
out = append(out, nonce[:]...)
// length
out = append(out, length)
// encrypted bytes
out = append(out, o...)
return s.Writer.Write(out)
}示例11: Write
// Write will encrypt data and then Write it to the underlying
// io.Writer. the return value is the size of data, and not the
// amount of encrypted data Written.
func (sw SecureWriter) Write(data []byte) (int, error) {
var boxed []byte
var nonce [24]byte
var err error
var boxedLen int64
// Generate random nonce. Risks of Collision are negligible
// The nonce MUST be different for each call to box.Seal
err = readBinaryData(rand.Reader, &nonce, err)
if err != nil {
return 0, err
}
boxed = box.Seal(boxed, data, &nonce, sw.peerPub, sw.priv)
boxedLen = int64(len(boxed))
// A message is, in order: the nonce, the length of the encrypted
// data, and finally the encrypted data
err = writeBinaryData(sw.w, &nonce, err)
err = writeBinaryData(sw.w, &boxedLen, err)
err = writeBinaryData(sw.w, boxed, err)
if err != nil {
return 0, err
}
return len(data), err
}示例12: CompletePasswordReset
// CompletePasswordReset encrypts the new password in such a way that
// it can only be decrypted by the Server using the generated Token,
// and posts everything needed back to the server.
func (u *User) CompletePasswordReset(tok *PasswordChangeToken, newPassword string) error {
pubKey, privKey, err := box.GenerateKey(rand.Reader)
theirPubKey := [32]byte{}
nonce := [24]byte{}
copy(theirPubKey[:], tok.Token[:])
cnt, err := rand.Read(nonce[:])
if err != nil {
return err
}
if cnt != 24 {
return errors.New("Not enough randomness to encrypt the box")
}
payload := `{"password":"` + newPassword + `"}`
encPayload := box.Seal(nil, []byte(payload), &nonce, &theirPubKey, privKey)
body := fmt.Sprintf(`{"token":"%v","decoder":"%v","nonce":"%v","payload":"%v","digest":true}`,
base64.StdEncoding.EncodeToString(theirPubKey[:]),
base64.StdEncoding.EncodeToString(pubKey[:]),
base64.StdEncoding.EncodeToString(nonce[:]),
base64.StdEncoding.EncodeToString(encPayload))
_, err = session.request("POST", urlFor(u, "complete_password_reset"), []byte(body))
if err != nil {
return err
}
return nil
}示例13: Write
// Writer implements io.Writer, this function encodes a message using
// crypto.nacl.box.Seal, then prepends a random generated nonce to it,
// and writes it to s.w encoded using binary.Write
func (s SecureWriter) Write(message []byte) (n int, err error) {
if len(message) > MAX_BYTE_LENGTH {
return 0, errors.New("The data to be encoded is to big")
}
nonce := GenerateNonce()
// Use box.Seal to encode the data
var out []byte
encText := box.Seal(out, message, &nonce, s.pub, s.priv)
// The nonce will be preceding the binary data of the message
binaryData := append(nonce[:], encText...)
// Encode the nonce + encodedMsg using binary.Write
buf := new(bytes.Buffer)
err = binary.Write(buf, binary.LittleEndian, binaryData)
// Get the size of encoded data and prepend it in format [2]byte
size := uint16(buf.Len())
dataSize := make([]byte, 2)
binary.LittleEndian.PutUint16(dataSize, size)
data := make([]byte, size)
n, err = buf.Read(data)
data = append(dataSize, data...)
// Data will be:
// |length [2]byte| binary encoded data [length]byte
n, err = s.w.Write(data)
return n, err
}示例14: Write
// Write encrypts p and writes the contents to the underlying data stream,
// returning the number of bytes written from p (either 0 or len(p)), and
// any error occurred while writing the data. The encrypted data contains
// the nonce (24 bytes), box size (2 bytes), and box (len(p)+box.Overhead).
func (w *SecureWriter) Write(p []byte) (n int, err error) {
// Generate a random nonce.
var nonce [24]byte
_, err = rand.Read(nonce[:])
// Encrypt the data, getting a freshly allocated []byte back.
box := box.Seal(nil, p, &nonce, w.ppub, w.priv)
// A uint16(2 bytes) is enough to handle a maximum size of 32*1024 bytes messages.
size := make([]byte, 2)
binary.LittleEndian.PutUint16(size, uint16(len(box)))
// "Sticky error" write function.
write := func(buf []byte) {
if err != nil {
return
}
_, err = w.w.Write(buf)
}
// Write the data: nonce(24 bytes), size(2 bytes), box ('size' bytes).
write(nonce[:])
write(size)
write(box)
if err == nil {
n = len(p)
}
return
}示例15: encode
func (h *encodeHeader) encode(encHead []byte) []byte {
var err error
// Test a recipient has been defined
if !h.gotRecipient {
err = errors.New("Header encode without defining recipient")
panic(err)
}
// Test passed encHead is the correct length
err = lenCheck(len(encHead), encHeadBytes)
if err != nil {
panic(err)
}
// Every header has a randomly generated sender PK & SK
senderPK, senderSK, err := box.GenerateKey(rand.Reader)
if err != nil {
panic(err)
}
var nonce [24]byte
copy(nonce[:], randbytes(24))
buf := new(bytes.Buffer)
buf.Write(h.recipientKeyID)
buf.Write(senderPK[:])
buf.Write(nonce[:])
buf.Write(box.Seal(nil, encHead, &nonce, &h.recipientPK, senderSK))
err = lenCheck(buf.Len(), 248)
if err != nil {
panic(err)
}
buf.Write(randbytes(headerBytes - buf.Len()))
return buf.Bytes()
}