我试图理解使用CTR模式的加密是如何工作的,所以我创建了这些函数来测试它：

import (
    "crypto/cipher"
    "crypto/rand"
)

// generateIV generates an initialization vector (IV) suitable for encryption.
//
// http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Initialization_vector_.28IV.29
func generateIV(bytes int) []byte {
    b := make([]byte, bytes)
    rand.Read(b)
    return b
}

func encrypt(block cipher.Block, value []byte) []byte {
    iv := generateIV(block.BlockSize())
    encrypted := make([]byte, len(value) + block.BlockSize())
    encrypted = append(encrypted, iv...)
    stream := cipher.NewCTR(block, iv)
    stream.XORKeyStream(encrypted, value)
    return encrypted
}

func decrypt(block cipher.Block, encrypted []byte) []byte {
    iv := encrypted[:block.BlockSize()]
    ciphertext := encrypted[block.BlockSize():]
    stream := cipher.NewCTR(block, iv)
    plain := make([]byte, len(ciphertext))
    // XORKeyStream is used to decrypt too?
    stream.XORKeyStream(plain, ciphertext)
    return plain
}

加密似乎工作正常,但我真的不知道,因为我不理解解密的输出.我应该使用stream.XORKeyStream来解密吗？测试看起来像这样：

import (
    "crypto/aes"
    "fmt"
    "testing"
)

func TestEncryptCTR(t *testing.T) {
    block, err := aes.NewCipher([]byte("1234567890123456"))
    if err != nil {
        panic(err)
    }

    value := "foobarbaz"
    encrypted := encrypt(block, []byte(value))
    decrypted := decrypt(block, encrypted)
    fmt.Printf("--- %s ---", string(decrypted))
}

但我绝对不会让“foobarbaz”回来.你能发现我做错了什么吗？

最佳答案 问题是我在测试基础知识之前尝试做太多.我想将IV添加到生成的密文中,但是当我这样做时,我有点打破了所有内容.这个简单的版本,没有前置的IV,有效：

import (
    "crypto/cipher"
    "crypto/rand"
)

// generateIV generates an initialization vector (IV) suitable for encryption.
//
// http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Initialization_vector_.28IV.29
func generateIV(bytes int) []byte {
    b := make([]byte, bytes)
    rand.Read(b)
    return b
}

func encrypt(block cipher.Block, value []byte, iv []byte) []byte {
    stream := cipher.NewCTR(block, iv)
    ciphertext := make([]byte, len(value))
    stream.XORKeyStream(ciphertext, value)
    return ciphertext
}

func decrypt(block cipher.Block, ciphertext []byte, iv []byte) []byte {
    stream := cipher.NewCTR(block, iv)
    plain := make([]byte, len(ciphertext))
    // XORKeyStream is used to decrypt too!
    stream.XORKeyStream(plain, ciphertext)
    return plain
}

并进行相应的测试：

import (
    "crypto/aes"
    "fmt"
    "testing"
)

func TestEncryptCTR(t *testing.T) {
    block, err := aes.NewCipher([]byte("1234567890123456"))
    if err != nil {
        panic(err)
    }

    iv := generateIV(block.BlockSize())
    value := "foobarbaz"
    encrypted := encrypt2(block, []byte(value), iv)
    decrypted := decrypt2(block, encrypted, iv)
    fmt.Printf("--- %s ---", string(decrypted))
}

正如所料,我得到了“— foobarbaz —”.

现在回来做前期IV工作. 🙂

编辑这就是它,自动生成和前置IV：

func encrypt(block cipher.Block, value []byte) []byte {
    // Generate an initialization vector (IV) suitable for encryption.
    // http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Initialization_vector_.28IV.29
    iv := make([]byte, block.BlockSize())
    rand.Read(iv)
    // Encrypt it.
    stream := cipher.NewCTR(block, iv)
    stream.XORKeyStream(value, value)
    // Return iv + ciphertext.
    return append(iv, value...)
}

func decrypt(block cipher.Block, value []byte) []byte {
    if len(value) > block.BlockSize() {
        // Extract iv.
        iv := value[:block.BlockSize()]
        // Extract ciphertext.
        value = value[block.BlockSize():]
        // Decrypt it.
        stream := cipher.NewCTR(block, iv)
        stream.XORKeyStream(value, value)
        return value
    }
    return nil
}