// DecryptFile - Given a ciphertext, walk it into length prefixed chunks and decrypt/reassemble // each chunk, then validate the hash of the file against the hash given in FileInfo. // The result is a validated, decrypted filename and file contents byte-slice. func (fi *FileInfo) DecryptFile(ciphertext []byte) (filename string, contents []byte, err error) { var ( hash [32]byte DI taber.DecryptInfo ) hash = blake2s.Sum256(ciphertext) if !bytes.Equal(fi.FileHash, hash[:]) { return "", nil, ErrCTHashMismatch } DI = taber.DecryptInfo{Key: fi.FileKey, BaseNonce: fi.FileNonce} return DI.Decrypt(ciphertext) }
// Separated from the above for testing purposes; deterministic ciphertext. func encryptFileToFileInfo(DI *taber.DecryptInfo, filename string, filecontents []byte) (FI *FileInfo, ciphertext []byte, err error) { var hash [32]byte ciphertext, err = DI.Encrypt(filename, filecontents) if err != nil { return nil, nil, err } hash = blake2s.Sum256(ciphertext) FI = new(FileInfo) FI.FileKey = DI.Key FI.FileNonce = DI.BaseNonce FI.FileHash = hash[:] return FI, ciphertext, nil }