func (s *CryptoSuite) TestNewLoadPasswordKey(c *C) {
password := "******"
stretch := 1
newKey, salt, _ := crypto.NewPasswordKey(password, stretch)
loadKey, _ := crypto.LoadPasswordKey(password, salt, stretch)
c.Assert(newKey, DeepEquals, loadKey)
}
func (s *CryptoSuite) TestLoadPasswordKey(c *C) {
salt := make([]byte, 64)
key, err := crypto.LoadPasswordKey("pass", salt, 1)
c.Assert(key, NotNil)
c.Assert(err, IsNil)
}
func Open(fileName string, password string) (*Store, error) {
if _, err := os.Stat(fileName); os.IsNotExist(err) {
return nil, errors.New("Credential database does not exist.")
}
db, err := sql.Open("sqlite3", fileName)
if err != nil {
return nil, err
}
query := `
SELECT password_salt, password_stretch, password_nonce, encrypted_key, key_nonce, version
FROM settings
`
rows, err := db.Query(query)
if err != nil {
return nil, err
}
defer rows.Close()
rows.Next()
var passwordSalt, passwordNonce, encryptedKey, keyNonce []byte
var passwordStretch, version int
rows.Scan(&passwordSalt, &passwordStretch, &passwordNonce, &encryptedKey, &keyNonce, &version)
if version > 1 {
return nil, errors.New(fmt.Sprintf("Unsupported version: %d.", version))
}
if len(encryptedKey) <= 0 {
return nil, errors.New("Invalid encrypted key.")
}
passwordKey, err := crypto.LoadPasswordKey(password, passwordSalt, passwordStretch)
if err != nil {
return nil, err
}
passwordCipher, err := crypto.LoadCipher(passwordKey, passwordNonce)
if err != nil {
return nil, err
}
key, err := passwordCipher.TryDecrypt(encryptedKey)
if err != nil {
return nil, err
}
keyCipher, err := crypto.LoadCipher(key, keyNonce)
if err != nil {
return nil, err
}
return &Store{
db: db,
passwordCipher: passwordCipher,
keyCipher: keyCipher,
}, nil
}