package crypto import ( "crypto/aes" "crypto/cipher" "crypto/rand" "fmt" "io" "github.com/ncw/rclone/backend/crypt/pkcs7" ) func CBCEncrypt(key []byte, plaintext []byte) ([]byte, error) { if len(key) != 32 { return nil, fmt.Errorf("key is not 32 bytes") } plaintext = pkcs7.Pad(aes.BlockSize, plaintext) if len(plaintext)%aes.BlockSize != 0 { return nil, fmt.Errorf("plaintext is not a multiple of the block size") } block, err := aes.NewCipher(key) if err != nil { return nil, err } ciphertext := make([]byte, aes.BlockSize+len(plaintext)) iv := ciphertext[:aes.BlockSize] if _, err := io.ReadFull(rand.Reader, iv); err != nil { return nil, err } mode := cipher.NewCBCEncrypter(block, iv) mode.CryptBlocks(ciphertext[aes.BlockSize:], plaintext) return ciphertext, nil } func CBCDecrypt(key []byte, ciphertext []byte) ([]byte, error) { if len(key) != 32 { return nil, fmt.Errorf("key is not 32 bytes") } block, err := aes.NewCipher(key) if err != nil { return nil, err } if len(ciphertext) < aes.BlockSize { return nil, err } iv := ciphertext[:aes.BlockSize] ciphertext = ciphertext[aes.BlockSize:] if len(ciphertext)%aes.BlockSize != 0 { return nil, fmt.Errorf("ciphertext is not a multiple of the block size") } mode := cipher.NewCBCDecrypter(block, iv) mode.CryptBlocks(ciphertext, ciphertext) return pkcs7.Unpad(aes.BlockSize, ciphertext) }