예제 #1
0
// DecryptFile - Given a ciphertext, walk it into length prefixed chunks and decrypt/reassemble
// each chunk, then validate the hash of the file against the hash given in FileInfo.
// The result is a validated, decrypted filename and file contents byte-slice.
func (fi *FileInfo) DecryptFile(ciphertext []byte) (filename string, contents []byte, err error) {
	var (
		hash [32]byte
		DI   taber.DecryptInfo
	)
	hash = blake2s.Sum256(ciphertext)
	if !bytes.Equal(fi.FileHash, hash[:]) {
		return "", nil, ErrCTHashMismatch
	}
	DI = taber.DecryptInfo{Key: fi.FileKey, BaseNonce: fi.FileNonce}
	return DI.Decrypt(ciphertext)
}
예제 #2
0
// Separated from the above for testing purposes; deterministic ciphertext.
func encryptFileToFileInfo(DI *taber.DecryptInfo, filename string, filecontents []byte) (FI *FileInfo, ciphertext []byte, err error) {
	var hash [32]byte
	ciphertext, err = DI.Encrypt(filename, filecontents)
	if err != nil {
		return nil, nil, err
	}
	hash = blake2s.Sum256(ciphertext)
	FI = new(FileInfo)
	FI.FileKey = DI.Key
	FI.FileNonce = DI.BaseNonce
	FI.FileHash = hash[:]
	return FI, ciphertext, nil
}
예제 #3
0
func Harden(salt, passphrase string) ([]byte, error) {
	pp_blake := blake2s.Sum256([]byte(passphrase))
	return scrypt.Key(pp_blake[:], []byte(salt), 131072, 8, 1, 32)
}