We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
kopia
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 19d92613a6
Branches Tags
kopia
/
internal
/
blobcrypto
/
blob_crypto.go

blob_crypto.go 2.2 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. // Package blobcrypto performs whole-blob crypto operations.
    2. 

  2. package blobcrypto
    3. 

  3. 

  4. import (
    5. 

  5. 	"crypto/aes"
    6. 

  6. 	"encoding/hex"
    7. 

  7. 	"strings"
    8. 

  8. 

  9. 	"github.com/pkg/errors"
    10. 

  10. 

  11. 	"github.com/kopia/kopia/internal/gather"
    12. 

  12. 	"github.com/kopia/kopia/repo/blob"
    13. 

  13. 	"github.com/kopia/kopia/repo/encryption"
    14. 

  14. 	"github.com/kopia/kopia/repo/hashing"
    15. 

  15. )
    16. 

  16. 

  17. // Crypter encapsulates hashing and encryption.
    18. 

  18. type Crypter interface {
    19. 

  19. 	HashFunc() hashing.HashFunc
    20. 

  20. 	Encryptor() encryption.Encryptor
    21. 

  21. }
    22. 

  22. 

  23. // getIndexBlobIV gets the initialization vector from the provided blob ID by taking
    24. 

  24. // 32 characters immediately preceding the first dash ('-') and decoding them using base16.
    25. 

  25. func getIndexBlobIV(s blob.ID) ([]byte, error) {
    26. 

  26. 	if p := strings.Index(string(s), "-"); p >= 0 { //nolint:gocritic
    27. 

  27. 		s = s[0:p]
    28. 

  28. 	}
    29. 

  29. 

  30. 	if len(s) < 2*aes.BlockSize {
    31. 

  31. 		return nil, errors.Errorf("blob id too short: %v", s)
    32. 

  32. 	}
    33. 

  33. 

  34. 	v, err := hex.DecodeString(string(s[len(s)-(aes.BlockSize*2):])) //nolint:mnd
    35. 

  35. 	if err != nil {
    36. 

  36. 		return nil, errors.Errorf("invalid blob ID: %v", s)
    37. 

  37. 	}
    38. 

  38. 

  39. 	return v, nil
    40. 

  40. }
    41. 

  41. 

  42. // Encrypt encrypts the given data using crypter-defined key and returns a name that should
    43. 

  43. // be used to save the blob in the repository.
    44. 

  44. func Encrypt(c Crypter, payload gather.Bytes, prefix, suffix blob.ID, output *gather.WriteBuffer) (blob.ID, error) {
    45. 

  45. 	var hashOutput [hashing.MaxHashSize]byte
    46. 

  46. 

  47. 	hash := c.HashFunc()(hashOutput[:0], payload)
    48. 

  48. 	blobID := prefix + blob.ID(hex.EncodeToString(hash))
    49. 

  49. 

  50. 	if suffix != "" {
    51. 

  51. 		blobID += "-" + suffix
    52. 

  52. 	}
    53. 

  53. 

  54. 	iv, err := getIndexBlobIV(blobID)
    55. 

  55. 	if err != nil {
    56. 

  56. 		return "", err
    57. 

  57. 	}
    58. 

  58. 

  59. 	output.Reset()
    60. 

  60. 

  61. 	if err := c.Encryptor().Encrypt(payload, iv, output); err != nil {
    62. 

  62. 		return "", errors.Wrapf(err, "error encrypting BLOB %v", blobID)
    63. 

  63. 	}
    64. 

  64. 

  65. 	return blobID, nil
    66. 

  66. }
    67. 

  67. 

  68. // Decrypt decrypts the provided data using provided blobID to derive initialization vector.
    69. 

  69. func Decrypt(c Crypter, payload gather.Bytes, blobID blob.ID, output *gather.WriteBuffer) error {
    70. 

  70. 	iv, err := getIndexBlobIV(blobID)
    71. 

  71. 	if err != nil {
    72. 

  72. 		return errors.Wrap(err, "unable to get index blob IV")
    73. 

  73. 	}
    74. 

  74. 

  75. 	output.Reset()
    76. 

  76. 

  77. 	// Decrypt will verify the payload.
    78. 

  78. 	if err := c.Encryptor().Decrypt(payload, iv, output); err != nil {
    79. 

  79. 		return errors.Wrapf(err, "error decrypting BLOB %v", blobID)
    80. 

  80. 	}
    81. 

  81. 

  82. 	return nil
    83. 

  83. }
    84.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5