1 // Copyright 2010 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 // Package cipher implements standard block cipher modes that can be wrapped
6 // around low-level block cipher implementations.
7 // See https://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html
8 // and NIST Special Publication 800-38A.
11 // A Block represents an implementation of block cipher
12 // using a given key. It provides the capability to encrypt
13 // or decrypt individual blocks. The mode implementations
14 // extend that capability to streams of blocks.
15 type Block
interface {
16 // BlockSize returns the cipher's block size.
19 // Encrypt encrypts the first block in src into dst.
20 // Dst and src must overlap entirely or not at all.
21 Encrypt(dst
, src
[]byte)
23 // Decrypt decrypts the first block in src into dst.
24 // Dst and src must overlap entirely or not at all.
25 Decrypt(dst
, src
[]byte)
28 // A Stream represents a stream cipher.
29 type Stream
interface {
30 // XORKeyStream XORs each byte in the given slice with a byte from the
31 // cipher's key stream. Dst and src must overlap entirely or not at all.
33 // If len(dst) < len(src), XORKeyStream should panic. It is acceptable
34 // to pass a dst bigger than src, and in that case, XORKeyStream will
35 // only update dst[:len(src)] and will not touch the rest of dst.
37 // Multiple calls to XORKeyStream behave as if the concatenation of
38 // the src buffers was passed in a single run. That is, Stream
39 // maintains state and does not reset at each XORKeyStream call.
40 XORKeyStream(dst
, src
[]byte)
43 // A BlockMode represents a block cipher running in a block-based mode (CBC,
45 type BlockMode
interface {
46 // BlockSize returns the mode's block size.
49 // CryptBlocks encrypts or decrypts a number of blocks. The length of
50 // src must be a multiple of the block size. Dst and src must overlap
51 // entirely or not at all.
53 // If len(dst) < len(src), CryptBlocks should panic. It is acceptable
54 // to pass a dst bigger than src, and in that case, CryptBlocks will
55 // only update dst[:len(src)] and will not touch the rest of dst.
57 // Multiple calls to CryptBlocks behave as if the concatenation of
58 // the src buffers was passed in a single run. That is, BlockMode
59 // maintains state and does not reset at each CryptBlocks call.
60 CryptBlocks(dst
, src
[]byte)
65 func dup(p
[]byte) []byte {
66 q
:= make([]byte, len(p
))