in sec/encrypt.go [254:291]
func EncryptAES(plain []byte, secret []byte, nonce []byte) ([]byte, error) {
if len(nonce) > 16 {
return nil, errors.Errorf("AES nonce has invalid length: have=%d want<=16", len(nonce))
}
blk, err := aes.NewCipher(secret)
if err != nil {
return nil, errors.Errorf("Failed to create block cipher")
}
iv := nonce
for len(iv) < 16 {
iv = append(iv, 0)
}
stream := cipher.NewCTR(blk, iv)
dataBuf := make([]byte, 16)
encBuf := make([]byte, 16)
r := bytes.NewReader(plain)
w := bytes.Buffer{}
for {
cnt, err := r.Read(dataBuf)
if err != nil && err != io.EOF {
return nil, errors.Wrapf(err, "Failed to read from plaintext")
}
if cnt == 0 {
break
}
stream.XORKeyStream(encBuf, dataBuf[0:cnt])
if _, err = w.Write(encBuf[0:cnt]); err != nil {
return nil, errors.Wrapf(err, "failed to write ciphertext")
}
}
return w.Bytes(), nil
}