cipherAES256 returns a new AES-256 cipher.
(key []byte)
| 45 | |
| 46 | // cipherAES256 returns a new AES-256 cipher. |
| 47 | func cipherAES256(key []byte) (*aes256, error) { |
| 48 | if len(key) != 32 { |
| 49 | return nil, xerrors.Errorf("key must be 32 bytes") |
| 50 | } |
| 51 | block, err := aes.NewCipher(key) |
| 52 | if err != nil { |
| 53 | return nil, err |
| 54 | } |
| 55 | aead, err := cipher.NewGCM(block) |
| 56 | if err != nil { |
| 57 | return nil, err |
| 58 | } |
| 59 | // We add the cipher name to the digest to ensure that if, in the future, |
| 60 | // we add a new cipher type, and a key is re-used, we don't accidentally |
| 61 | // decrypt the wrong values. |
| 62 | toDigest := []byte(cipherAES256GCM) |
| 63 | toDigest = append(toDigest, key...) |
| 64 | digest := fmt.Sprintf("%x", sha256.Sum256(toDigest))[:7] |
| 65 | return &aes256{aead: aead, digest: digest}, nil |
| 66 | } |
| 67 | |
| 68 | type aes256 struct { |
| 69 | aead cipher.AEAD |