func newDropbox(accessToken string, secretKey string) (*dropboxer, error) { var sk [32]byte _, err := base64.NewDecoder(base64.StdEncoding, strings.NewReader(secretKey)).Read(sk[:]) if err != nil { return nil, err } return &dropboxer{ client: dropy.New(dropbox.New(dropbox.NewConfig(accessToken))), aead: chacha20.NewChaCha20Poly1305(&sk), }, nil }
// DecryptAndVerify returns the chacha20 decrypted messages. // An error is returned when the poly1305 message authenticator (seal) could not be verified. // Nonce should be 8 byte. func DecryptAndVerify(key, nonce, message []byte, mac [16]byte, add []byte) ([]byte, error) { if len(key) != 32 { return nil, errors.New("invalid key size") } if len(nonce) != 8 { return nil, errors.New("invalid key size") } var ( Key [32]byte Nonce [12]byte chacha20Out = make([]byte, len(message)) ) copy(Key[:], key) copy(Nonce[4:], nonce) aead := chacha20.NewChaCha20Poly1305(&Key) return aead.Open(chacha20Out[:0], Nonce[:], append(message, mac[:]...), add) }
// EncryptAndSeal returns the chacha20 encrypted message and poly1305 message authentictor (also refered as seals) // Nonce should be 8 byte func EncryptAndSeal(key, nonce, message []byte, add []byte) ([]byte /*encrypted*/, [16]byte /*mac*/, error) { var mac [chacha20.TagSize]byte if len(key) != 32 { return nil, mac, errors.New("invalid key size") } if len(nonce) != 8 { return nil, mac, errors.New("invalid key size") } var ( Key [32]byte Nonce [12]byte chacha20Out = make([]byte, len(message)+chacha20.TagSize) ) copy(Key[:], key) copy(Nonce[4:], nonce) aead := chacha20.NewChaCha20Poly1305(&Key) chacha20Out = aead.Seal(chacha20Out[:0], Nonce[:], message, add) copy(mac[:], chacha20Out[len(message):]) return chacha20Out[:len(message)], mac, nil }
// InitializeKey initializes the secret key and AEAD cipher scheme based off of // the passed key. func (c *cipherState) InitializeKey(key [32]byte) { c.secretKey = key c.nonce = 0 c.cipher = chacha20.NewChaCha20Poly1305(&c.secretKey) }