Beispiel #1
0
// Current implements storage.Vault.
func (v *vault) Current() (*sf.KeyPair, error) {
	var keyPair sf.KeyPair
	err := v.db.View(func(tx *bolt.Tx) error {
		logBucket := tx.Bucket([]byte("log"))
		if logBucket == nil {
			return errgo.New("empty vault")
		}

		seqBytes, encBytes := logBucket.Cursor().Last()
		if seqBytes == nil {
			return errgo.New("empty vault")
		}
		seq := new(sf.Nonce)
		copy(seq[:], seqBytes)
		keyPairBytes, ok := secretbox.Open(nil, encBytes, (*[24]byte)(seq), (*[32]byte)(v.secretKey))
		if !ok {
			seq := new(big.Int)
			seq.SetBytes(seqBytes)
			return errgo.Newf("error opening key pair #%s", seq.String())
		}
		keyPair.PublicKey = new(sf.PublicKey)
		copy(keyPair.PublicKey[:], keyPairBytes[:32])
		keyPair.PrivateKey = new(sf.PrivateKey)
		copy(keyPair.PrivateKey[:], keyPairBytes[32:])
		// TODO: mprotect private key
		// TODO: zeroize keyPairBytes

		return nil
	})
	if err != nil {
		return nil, errgo.Mask(err)
	}
	return &keyPair, nil
}
Beispiel #2
0
// Each implements storage.Each.
func (v *vault) Each(kpf func(keyPair *sf.KeyPair) error) error {
	err := v.db.View(func(tx *bolt.Tx) error {
		logBucket := tx.Bucket([]byte("log"))
		if logBucket == nil {
			return errgo.New("empty vault")
		}

		c := logBucket.Cursor()
		for seqBytes, encBytes := c.First(); seqBytes != nil; seqBytes, encBytes = c.Next() {
			if v == nil {
				// TODO: warning, empty value for key not expected
				continue
			}
			// TODO: mprotect private key?
			var keyPair sf.KeyPair

			seq := new(sf.Nonce)
			copy(seq[:], seqBytes)
			keyPairBytes, ok := secretbox.Open(nil, encBytes, (*[24]byte)(seq), (*[32]byte)(v.secretKey))
			if !ok {
				seq := new(big.Int)
				seq.SetBytes(seqBytes)
				return errgo.Newf("error opening key pair #%s", seq.String())
			}
			keyPair.PublicKey = new(sf.PublicKey)
			copy(keyPair.PublicKey[:], keyPairBytes[:32])
			keyPair.PrivateKey = new(sf.PrivateKey)
			copy(keyPair.PrivateKey[:], keyPairBytes[32:])

			err := kpf(&keyPair)
			if err != nil {
				return errgo.Mask(err)
			}

			// TODO: zeroize keyPairBytes
		}

		return nil
	})
	return errgo.Mask(err)
}