// Copyright 2009 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. package aes import ( "crypto/cipher" "crypto/internal/alias" "crypto/internal/boring" "strconv" ) // The AES block size in bytes. const BlockSize = 16 // A cipher is an instance of AES encryption using a particular key. type aesCipher struct { l uint8 // only this length of the enc and dec array is actually used enc [28 + 32]uint32 dec [28 + 32]uint32 } type KeySizeError int func (k KeySizeError) Error() string { return "crypto/aes: invalid key size " + strconv.Itoa(int(k)) } // NewCipher creates and returns a new [cipher.Block]. // The key argument should be the AES key, // either 16, 24, or 32 bytes to select // AES-128, AES-192, or AES-256. func NewCipher(key []byte) (cipher.Block, error) { k := len(key) switch k { default: return nil, KeySizeError(k) case 16, 24, 32: break } if boring.Enabled { return boring.NewAESCipher(key) } return newCipher(key) } // newCipherGeneric creates and returns a new cipher.Block // implemented in pure Go. func newCipherGeneric(key []byte) (cipher.Block, error) { c := aesCipher{l: uint8(len(key) + 28)} expandKeyGo(key, c.enc[:c.l], c.dec[:c.l]) return &c, nil } func (c *aesCipher) BlockSize() int { return BlockSize } func (c *aesCipher) Encrypt(dst, src []byte) { if len(src) < BlockSize { panic("crypto/aes: input not full block") } if len(dst) < BlockSize { panic("crypto/aes: output not full block") } if alias.InexactOverlap(dst[:BlockSize], src[:BlockSize]) { panic("crypto/aes: invalid buffer overlap") } encryptBlockGo(c.enc[:c.l], dst, src) } func (c *aesCipher) Decrypt(dst, src []byte) { if len(src) < BlockSize { panic("crypto/aes: input not full block") } if len(dst) < BlockSize { panic("crypto/aes: output not full block") } if alias.InexactOverlap(dst[:BlockSize], src[:BlockSize]) { panic("crypto/aes: invalid buffer overlap") } decryptBlockGo(c.dec[:c.l], dst, src) }