aesgcm: AES-256-GCM authenticated encryption and decryption

patrislav · patrislav · commit a55988a933ff · 2026-03-11T20:14:13.000+01:00
diff --git a/aesgcm/aesgcm.go b/aesgcm/aesgcm.go
@@ -0,0 +1,68 @@
+// Package aesgcm contains utility functions to Encrypt and Decrypt data using AES-256-GCM cipher.
+package aesgcm
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"fmt"
+	"io"
+)
+
+// Encrypt encrypts plaintext using key and random entropy. Key must be a valid AES-256 key with a length of 32 bytes.
+// The result is a concatenation of nonce (using standard 12-byte nonce size) and the actual ciphertext.
+func Encrypt(random io.Reader, key []byte, plaintext []byte, additionalData []byte) ([]byte, error) {
+	if len(key) != 32 {
+		return nil, fmt.Errorf("key must be 32 bytes for AES-256 but was %d", len(key))
+	}
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, fmt.Errorf("create cipher block: %w", err)
+	}
+
+	aead, err := cipher.NewGCM(block)
+	if err != nil {
+		return nil, fmt.Errorf("create GCM: %w", err)
+	}
+
+	nonce := make([]byte, aead.NonceSize())
+	if _, err := io.ReadFull(random, nonce); err != nil {
+		return nil, fmt.Errorf("generate random nonce: %w", err)
+	}
+
+	ciphertext := aead.Seal(nil, nonce, plaintext, additionalData)
+	return append(nonce, ciphertext...), nil
+}
+
+// Decrypt decrypts ciphertext using the given key. Key must be a valid AES-256 key with a length of 32 bytes.
+// Ciphertext is assumed to be a concatenation of nonce (using standard 12-byte nonce size) and the actual
+// ciphertext. As such, it must be at least 12 bytes long.
+func Decrypt(key []byte, ciphertext []byte, additionalData []byte) ([]byte, error) {
+	if len(key) != 32 {
+		return nil, fmt.Errorf("key must be 32 bytes for AES-256 but was %d", len(key))
+	}
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, fmt.Errorf("create cipher block: %w", err)
+	}
+
+	aead, err := cipher.NewGCM(block)
+	if err != nil {
+		return nil, fmt.Errorf("create GCM: %w", err)
+	}
+
+	if len(ciphertext) < aead.NonceSize() {
+		return nil, fmt.Errorf("ciphertext must be at least %d bytes but was %d", aead.NonceSize(), len(ciphertext))
+	}
+
+	nonce := ciphertext[:aead.NonceSize()]
+	ciphertext = ciphertext[aead.NonceSize():]
+	plaintext := make([]byte, 0, len(ciphertext))
+
+	plaintext, err = aead.Open(plaintext, nonce, ciphertext, additionalData)
+	if err != nil {
+		return nil, fmt.Errorf("decrypt: %w", err)
+	}
+	return plaintext, nil
+}
diff --git a/aesgcm/aesgcm_test.go b/aesgcm/aesgcm_test.go
@@ -0,0 +1,72 @@
+package aesgcm_test
+
+import (
+	"bytes"
+	"crypto/rand"
+	"encoding/base64"
+	"encoding/binary"
+	"testing"
+
+	"github.com/0xsequence/nitrocontrol/aesgcm"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestEncrypt(t *testing.T) {
+	t.Run("no additional data", func(t *testing.T) {
+		random := bytes.NewBuffer([]byte("123456789012")) // 12 bytes
+		key := []byte("12345678901234567890123456789012") // 32 bytes
+		plaintext := []byte("Hello world")
+		enc, err := aesgcm.Encrypt(random, key[:], plaintext, nil)
+		require.NoError(t, err)
+		assert.Equal(t, "MTIzNDU2Nzg5MDEyyJeRgm1hto6XflsTaSRZcpV9masIpIeV/7/d", base64.StdEncoding.EncodeToString(enc))
+	})
+
+	t.Run("with additional data", func(t *testing.T) {
+		random := bytes.NewBuffer([]byte("123456789012")) // 12 bytes
+		key := []byte("12345678901234567890123456789012") // 32 bytes
+		plaintext := []byte("Hello world")
+		additionalData := []byte("additional data")
+		enc, err := aesgcm.Encrypt(random, key[:], plaintext, additionalData)
+		require.NoError(t, err)
+		assert.Equal(t, "MTIzNDU2Nzg5MDEyyJeRgm1hto6XfluPj9+SAYdHVgK9WuQz9M6U", base64.StdEncoding.EncodeToString(enc))
+	})
+}
+
+func TestDecrypt(t *testing.T) {
+	t.Run("no additional data", func(t *testing.T) {
+		key := []byte("12345678901234567890123456789012") // 32 bytes
+		ciphertext, _ := base64.StdEncoding.DecodeString("MTIzNDU2Nzg5MDEyyJeRgm1hto6XflsTaSRZcpV9masIpIeV/7/d")
+		dec, err := aesgcm.Decrypt(key, ciphertext, nil)
+		require.NoError(t, err)
+		assert.Equal(t, []byte("Hello world"), dec)
+	})
+
+	t.Run("with additional data", func(t *testing.T) {
+		key := []byte("12345678901234567890123456789012") // 32 bytes
+		ciphertext, _ := base64.StdEncoding.DecodeString("MTIzNDU2Nzg5MDEyyJeRgm1hto6XfluPj9+SAYdHVgK9WuQz9M6U")
+		additionalData := []byte("additional data")
+		dec, err := aesgcm.Decrypt(key, ciphertext, additionalData)
+		require.NoError(t, err)
+		assert.Equal(t, []byte("Hello world"), dec)
+	})
+}
+
+func FuzzEncryptAndDecrypt(f *testing.F) {
+	f.Add(uint64(0), uint64(0), uint64(0), uint64(0), []byte("hello"), []byte("aad"))
+	f.Fuzz(func(t *testing.T, u0, u1, u2, u3 uint64, plaintext []byte, additionalData []byte) {
+		key := make([]byte, 32)
+		binary.LittleEndian.PutUint64(key, u0)
+		binary.LittleEndian.PutUint64(key[8:], u1)
+		binary.LittleEndian.PutUint64(key[16:], u2)
+		binary.LittleEndian.PutUint64(key[24:], u3)
+
+		enc, err := aesgcm.Encrypt(rand.Reader, key[:], plaintext, additionalData)
+		require.NoError(t, err)
+		require.Greater(t, len(enc), 16)
+
+		dec, err := aesgcm.Decrypt(key, enc, additionalData)
+		require.NoError(t, err)
+		require.Equal(t, plaintext, dec)
+	})
+}
