// Uses text/plain as the Content-type which may need to change in the future. // Probably not, though. func (s *Secret) SetValue(session Session, secret []byte) error { switch session.Algorithm { case AlgoPlain: s.Value = secret case AlgoDH: block, err := aes.NewCipher(session.Key) if err != nil { return err } enc := cipher.NewCBCEncrypter(block, s.Parameters) ciphertext := pad.PKCS7Pad(secret, aes.BlockSize) s.Value = make([]byte, len(ciphertext)) enc.CryptBlocks(s.Value, ciphertext) default: return InvalidSession } return nil }
// PBAesEncryptPtr: AES-based password-based encryption // Changes the slice supplied itself func (p *pbe) PBAesEncryptPtr(block *[]byte, password string) error { // extract constants saltlen := p.pbkdf2_salt_length keylen := p.aes_key_length blocklen := AES_BLOCK_LENGTH // generate salt salt, err := rnd.Salt(saltlen) if err != nil { return err } // generate IV iv, err := rnd.IV(blocklen) if err != nil { return err } // generate key key := p.PBKDF2Key(password, salt, keylen) // pad data block *block = pad.PKCS7Pad(*block, blocklen) // encrypt it err = aes_enc_block(*block, iv, key) if err != nil { return err } // join padded block + IV + salt into single buffer *block = append(*block, iv...) *block = append(*block, salt...) return nil }