2020-01-13 22:11:00 +00:00
|
|
|
package v1
|
2019-01-14 20:09:25 +00:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"crypto/rand"
|
2019-01-29 20:56:59 +00:00
|
|
|
"errors"
|
2020-02-10 22:09:24 +00:00
|
|
|
"git.openprivacy.ca/openprivacy/log"
|
2019-01-29 20:56:59 +00:00
|
|
|
"golang.org/x/crypto/nacl/secretbox"
|
2019-01-14 20:09:25 +00:00
|
|
|
"golang.org/x/crypto/pbkdf2"
|
|
|
|
|
"golang.org/x/crypto/sha3"
|
|
|
|
|
"io"
|
2019-01-29 20:56:59 +00:00
|
|
|
"io/ioutil"
|
|
|
|
|
"path"
|
2019-01-14 20:09:25 +00:00
|
|
|
)
|
|
|
|
|
|
2020-01-13 22:11:00 +00:00
|
|
|
// createKeySalt derives a key from a password: returns key, salt, err
|
|
|
|
|
func createKeySalt(password string) ([32]byte, [128]byte, error) {
|
2019-01-14 20:09:25 +00:00
|
|
|
var salt [128]byte
|
|
|
|
|
if _, err := io.ReadFull(rand.Reader, salt[:]); err != nil {
|
|
|
|
|
log.Errorf("Cannot read from random: %v\n", err)
|
|
|
|
|
return [32]byte{}, salt, err
|
|
|
|
|
}
|
|
|
|
|
dk := pbkdf2.Key([]byte(password), salt[:], 4096, 32, sha3.New512)
|
|
|
|
|
|
|
|
|
|
var dkr [32]byte
|
|
|
|
|
copy(dkr[:], dk)
|
|
|
|
|
return dkr, salt, nil
|
|
|
|
|
}
|
2019-01-29 20:56:59 +00:00
|
|
|
|
2020-01-13 22:11:00 +00:00
|
|
|
func createKey(password string, salt []byte) [32]byte {
|
|
|
|
|
dk := pbkdf2.Key([]byte(password), salt, 4096, 32, sha3.New512)
|
|
|
|
|
|
|
|
|
|
var dkr [32]byte
|
|
|
|
|
copy(dkr[:], dk)
|
|
|
|
|
return dkr
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-29 20:56:59 +00:00
|
|
|
//encryptFileData encrypts the cwtchPeer via the specified key.
|
|
|
|
|
func encryptFileData(data []byte, key [32]byte) ([]byte, error) {
|
|
|
|
|
var nonce [24]byte
|
|
|
|
|
|
|
|
|
|
if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil {
|
|
|
|
|
log.Errorf("Cannot read from random: %v\n", err)
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
encrypted := secretbox.Seal(nonce[:], data, &nonce, &key)
|
|
|
|
|
return encrypted, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//decryptFile decrypts the passed ciphertext into a cwtchPeer via the specified key.
|
|
|
|
|
func decryptFile(ciphertext []byte, key [32]byte) ([]byte, error) {
|
|
|
|
|
var decryptNonce [24]byte
|
|
|
|
|
copy(decryptNonce[:], ciphertext[:24])
|
|
|
|
|
decrypted, ok := secretbox.Open(nil, ciphertext[24:], &decryptNonce, &key)
|
|
|
|
|
if ok {
|
|
|
|
|
return decrypted, nil
|
|
|
|
|
}
|
|
|
|
|
return nil, errors.New("Failed to decrypt")
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-13 22:11:00 +00:00
|
|
|
// load instantiates a cwtchPeer from the file store
|
|
|
|
|
func readEncryptedFile(directory, filename string, key [32]byte) ([]byte, error) {
|
2019-01-29 20:56:59 +00:00
|
|
|
encryptedbytes, err := ioutil.ReadFile(path.Join(directory, filename))
|
2020-01-13 22:11:00 +00:00
|
|
|
if err == nil {
|
|
|
|
|
data, err := decryptFile(encryptedbytes, key)
|
2019-01-29 20:56:59 +00:00
|
|
|
if err == nil {
|
|
|
|
|
return data, nil
|
|
|
|
|
}
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
