// Source wraps the given DataSource, decrypting any secret values func (s *SecretKey) Source(ds DataSource) DataSource { // If guestinfoSecretKey has a value, it should be our secret key. if val, _ := ds(guestinfoSecretKey); val != "" { if err := s.FromString(val); err != nil { log.Errorf("failed to decode %s: %s", guestinfoSecretKey, err) } else { log.Debugf("secret key decoded from %s", guestinfoSecretKey) } } return func(key string) (string, error) { val, err := ds(key) if err == nil && isSecret(key) { b, err := base64.StdEncoding.DecodeString(val) if err != nil { return "", err } var nonce [24]byte copy(nonce[:], b[:24]) plaintext, ok := secretbox.Open([]byte{}, b[24:], &nonce, &s.key) if !ok { return "", fmt.Errorf("failed to decrypt value for %s", key) } val = string(plaintext) } return val, err } }
func (c *Crypt) Decrypt(keyArn string, data []byte) ([]byte, error) { var e *Envelope err := json.Unmarshal(data, &e) if err != nil { return nil, err } req := &kms.DecryptInput{ CiphertextBlob: e.EncryptedKey, } res, err := KMS(c).Decrypt(req) if err != nil { return nil, err } var key [KeyLength]byte copy(key[:], res.Plaintext[0:KeyLength]) var nonce [NonceLength]byte copy(nonce[:], e.Nonce[0:NonceLength]) var dec []byte dec, ok := secretbox.Open(dec, e.Ciphertext, &nonce, &key) if !ok { return nil, fmt.Errorf("failed decryption") } return dec, nil }
func (ds *decryptStream) processEncryptionBlock(bl *EncryptionBlock) ([]byte, error) { if err := bl.validate(); err != nil { return nil, err } if bl.seqno <= 0 { return nil, errPacketUnderflow } blockNum := encryptionBlockNumber(bl.seqno - 1) if err := blockNum.check(); err != nil { return nil, err } nonce := blockNum.newCounterNonce() sum := hashNonceAndAuthTag(nonce, bl.Ciphertext) if err := ds.checkMAC(bl, sum[:]); err != nil { return nil, err } plaintext, ok := secretbox.Open([]byte{}, bl.Ciphertext, (*[24]byte)(nonce), (*[32]byte)(&ds.sessionKey)) if !ok { return nil, ErrBadCiphertext(bl.seqno) } // The encoding of the empty buffer implies the EOF. But otherwise, all mechanisms are the same. if len(plaintext) == 0 { return nil, nil } return plaintext, nil }
func (cah *connectionAwaitHandshake) readAndDecryptOne() (*capn.Segment, error) { if cah.sessionKey == nil { return capn.ReadFromStream(cah.socket, nil) } read, err := cah.socket.Read(cah.inBuff) if err != nil { return nil, err } else if read < len(cah.inBuff) { return nil, fmt.Errorf("Only read %v bytes, wanted %v", read, len(cah.inBuff)) } copy(cah.nonceAryIn[16:], cah.inBuff[:8]) msgLen := binary.BigEndian.Uint64(cah.inBuff[8:16]) plainLen := msgLen - secretbox.Overhead msgBuf := make([]byte, plainLen+msgLen) for recvBuf := msgBuf[plainLen:]; len(recvBuf) != 0; { read, err = cah.socket.Read(recvBuf) if err != nil { return nil, err } else { recvBuf = recvBuf[read:] } } plaintext, ok := secretbox.Open(msgBuf[:0], msgBuf[plainLen:], cah.nonceAryIn, cah.sessionKey) if !ok { return nil, fmt.Errorf("Unable to decrypt message") } seg, _, err := capn.ReadFromMemoryZeroCopy(plaintext) return seg, err }
// Decrypt decrypts an encrypted message and returns it (plaintext). // If you have enabled compression, it wil detect it and decompress // the msg after decrypting it. func (c SaltSecret) Decrypt(msg []byte) ([]byte, error) { if len(msg) < nonceSize+secretbox.Overhead { return nil, errors.New("encrypted message length too short") } nonce := new([nonceSize]byte) copy(nonce[:], msg[:nonceSize]) key, err := scrypt.Key(c.key, nonce[:], 2<<c.NPow, 8, 1, keySize) if err != nil { return nil, err } naclKey := new([keySize]byte) copy(naclKey[:], key) out, ok := secretbox.Open(nil, msg[nonceSize:], nonce, naclKey) if !ok { return nil, errors.New("could not decrypt message") } if nonce[23]&compressBit == compressBit { r, err := zlib.NewReader(bytes.NewReader(out)) if err != nil { return nil, err } r.Close() out, err = ioutil.ReadAll(r) if err != nil { return nil, err } } return out, nil }
func (p *AWSProvider) KeyDecrypt(data []byte) ([]byte, error) { var e *envelope err := json.Unmarshal(data, &e) if err != nil { return nil, err } if len(e.EncryptedKey) == 0 { return nil, fmt.Errorf("invalid ciphertext") } res, err := p.kms().Decrypt(&kms.DecryptInput{ CiphertextBlob: e.EncryptedKey, }) if err != nil { return nil, err } var key [KeyLength]byte copy(key[:], res.Plaintext[0:KeyLength]) var nonce [NonceLength]byte copy(nonce[:], e.Nonce[0:NonceLength]) var dec []byte dec, ok := secretbox.Open(dec, e.Ciphertext, &nonce, &key) if !ok { return nil, fmt.Errorf("failed decryption") } return dec, nil }
func (nd *NaClDecryptor) decrypt(buf []byte) ([]byte, bool) { seqNoAndDF := binary.BigEndian.Uint64(buf[:8]) df := (seqNoAndDF & (1 << 63)) != 0 seqNo := seqNoAndDF & ((1 << 63) - 1) var di *NaClDecryptorInstance if df { di = nd.instanceDF } else { di = nd.instance } binary.BigEndian.PutUint64(di.nonce[16:24], seqNoAndDF) result, success := secretbox.Open(nil, buf[8:], &di.nonce, nd.sessionKey) if !success { return nil, false } // Drop duplicates. We do this *after* decryption since we must // not advance our state unless decryption succeeded. Doing so // would open an easy attack vector where an adversary could // inject a packet with a sequence number of (1 << 63) - 1, // causing all subsequent genuine packets to get dropped. offset, usedOffsets := di.advanceState(seqNo) if usedOffsets == nil || usedOffsets.Contains(offset) { // We have detected a possible replay attack, but it is // possible we may have just received a very old packet, or // duplication may have occurred in the network. So let's just // drop the packet silently. return nil, true } usedOffsets.Add(offset) return result, success }
// Current implements storage.Vault. func (v *vault) Current() (*sf.KeyPair, error) { var keyPair sf.KeyPair err := v.db.View(func(tx *bolt.Tx) error { logBucket := tx.Bucket([]byte("log")) if logBucket == nil { return errgo.New("empty vault") } seqBytes, encBytes := logBucket.Cursor().Last() if seqBytes == nil { return errgo.New("empty vault") } seq := new(sf.Nonce) copy(seq[:], seqBytes) keyPairBytes, ok := secretbox.Open(nil, encBytes, (*[24]byte)(seq), (*[32]byte)(v.secretKey)) if !ok { seq := new(big.Int) seq.SetBytes(seqBytes) return errgo.Newf("error opening key pair #%s", seq.String()) } keyPair.PublicKey = new(sf.PublicKey) copy(keyPair.PublicKey[:], keyPairBytes[:32]) keyPair.PrivateKey = new(sf.PrivateKey) copy(keyPair.PrivateKey[:], keyPairBytes[32:]) // TODO: mprotect private key // TODO: zeroize keyPairBytes return nil }) if err != nil { return nil, errgo.Mask(err) } return &keyPair, nil }
// Decrypt decrypts a payload and returns the decrypted plaintext. func Decrypt(cypherBase64 []byte, nonceBase64 string, key []byte) ([]byte, error) { var plaintext []byte nonceText := make([]byte, base64.StdEncoding.DecodedLen(len(nonceBase64))) _, err := base64.StdEncoding.Decode(nonceText, []byte(nonceBase64)) if err != nil { return nil, err } cypherText := make([]byte, base64.StdEncoding.DecodedLen(len(cypherBase64))) cypherLen, err := base64.StdEncoding.Decode(cypherText, cypherBase64) if err != nil { return nil, err } nonceArray := &[nonceLen]byte{} copy(nonceArray[:], nonceText[:nonceLen]) encKey := &[keyLen]byte{} copy(encKey[:], key) plaintext, ok := secretbox.Open(plaintext, cypherText[:cypherLen], nonceArray, encKey) if !ok { return nil, fmt.Errorf("Error decrypting") } return plaintext, nil }
func OpenReader(r io.Reader, passphrase []byte) (Key, io.Reader, error) { dec := json.NewDecoder(r) var key Key if err := dec.Decode(&key); err != nil { return key, nil, err } if err := key.Populate(passphrase, 32); err != nil { return key, nil, err } box, err := ioutil.ReadAll(io.MultiReader(dec.Buffered(), r)) if err != nil { return key, nil, err } box = box[1:] // trim \n of json.Encoder.Encode out := make([]byte, 0, len(box)-secretbox.Overhead) var ( nonce [24]byte k [32]byte ) copy(nonce[:], key.Salt) copy(k[:], key.Bytes) data, ok := secretbox.Open(out, box, &nonce, &k) if !ok { return key, nil, errors.New("failed open box") } return key, bytes.NewReader(data), nil }
// read data into internal buffer - call with fh.mu held func (fh *decrypter) fillBuffer() (err error) { // FIXME should overlap the reads with a go-routine and 2 buffers? readBuf := fh.readBuf n, err := io.ReadFull(fh.rc, readBuf) if err == io.EOF { // ReadFull only returns n=0 and EOF return io.EOF } else if err == io.ErrUnexpectedEOF { // Next read will return EOF } else if err != nil { return err } // Check header + 1 byte exists if n <= blockHeaderSize { return ErrorEncryptedFileBadHeader } // Decrypt the block using the nonce block := fh.buf _, ok := secretbox.Open(block[:0], readBuf[:n], fh.nonce.pointer(), &fh.c.dataKey) if !ok { // if block wouldn't decode and got unexpected EOF // then return that as it is probably a better error if err != nil { return err } return ErrorEncryptedBadBlock } fh.bufIndex = 0 fh.bufSize = n - blockHeaderSize fh.nonce.increment() return nil }
// Decrypt decrypts the encrypted key. func (k *Kms) Decrypt(blob []byte) ([]byte, error) { var ev Envelope err := unmarshalJSON(blob, &ev) if err != nil { return nil, err } res, err := k.client.Decrypt(&kms.DecryptInput{ CiphertextBlob: ev.EncryptedKey, }) log.Printf("[DEBUG] Amazon KMS %s", awsutil.Prettify(res)) if err != nil { return nil, err } var key [keyLength]byte copy(key[:], res.Plaintext[0:keyLength]) var nonce [nonceLength]byte copy(nonce[:], ev.Nonce[0:nonceLength]) var dec []byte dec, ok := secretbox.Open(dec, ev.Ciphertext, &nonce, &key) if !ok { return nil, fmt.Errorf("Can't decrypt data") } return dec, nil }
func (ds *decryptStream) processEncryptionBlock(bl *EncryptionBlock) ([]byte, error) { blockNum := encryptionBlockNumber(bl.seqno - 1) if err := blockNum.check(); err != nil { return nil, err } nonce := ds.nonce.ForPayloadBox(blockNum) ciphertext := bl.PayloadCiphertext hash := sha512.Sum512(ciphertext) hashBox := ds.tagKey.Box(nonce, hash[:]) ourAuthenticator := hashBox[:secretbox.Overhead] if !hmac.Equal(ourAuthenticator, bl.HashAuthenticators[ds.position]) { return nil, ErrBadTag(bl.seqno) } plaintext, ok := secretbox.Open([]byte{}, ciphertext, (*[24]byte)(nonce), (*[32]byte)(ds.payloadKey)) if !ok { return nil, ErrBadCiphertext(bl.seqno) } // The encoding of the empty buffer implies the EOF. But otherwise, all mechanisms are the same. if len(plaintext) == 0 { return nil, nil } return plaintext, nil }
// Decrypt decrypts the encrypted message given the key associated with the Crypto object and // returns, if successful, the plaintext message. func (ic *Crypto) Decrypt(message string) (string, bool) { s := strings.Split(message, "@") // Sanity Check the Structure if len(s) != 2 { return "Structure is invalid.", false } // Decode the Nonce var nonce [24]byte decodednonce, err := base64.StdEncoding.DecodeString(s[1]) if err != nil { return "Cannot base64 decode nonce", false } copy(nonce[:], decodednonce) // Decode the Message encrypted, err := base64.StdEncoding.DecodeString(s[0]) if err != nil { return "Cannot base64 decode message", false } var decrypted []byte decrypted, success := secretbox.Open(decrypted, []byte(encrypted), &nonce, &ic.key) if !success { return "Failed to decrypt", false } return string(decrypted), true }
func (kx *KeyExchange) exchange2() ([]byte, error) { reply, err := kx.meetingPlace.Exchange(kx.Log, kx.meeting2[:], kx.message2[:], kx.ShutdownChan) if err != nil { return nil, err } var nonce [24]byte if len(reply) < len(nonce) { return nil, errors.New("panda: meeting point reply too small") } if kx.sharedKey[0] == 0 && kx.sharedKey[1] == 0 { panic("here") } copy(nonce[:], reply) message, ok := secretbox.Open(nil, reply[24:], &nonce, &kx.sharedKey) if !ok { return nil, errors.New("panda: peer's message cannot be authenticated") } if len(message) < 4 { return nil, errors.New("panda: peer's message is invalid") } l := binary.LittleEndian.Uint32(message) message = message[4:] if l > uint32(len(message)) { return nil, errors.New("panda: peer's message is truncated") } message = message[:int(l)] return message, nil }
func (b *EncryptBackend) Get(hash string) (data []byte, err error) { ref, _ := b.index[hash] enc, err := b.dest.Get(ref) if err != nil { return data, err } box := enc[headerSize:] var nonce [24]byte encData := make([]byte, len(box)-24) copy(nonce[:], box[:24]) copy(encData[:], box[24:]) out := make([]byte, len(box)-24) out, success := secretbox.Open(nil, encData, &nonce, b.key) if !success { return data, fmt.Errorf("failed to decrypt blob %v/%v", hash, ref) } // Decode snappy data data, err = snappy.Decode(nil, out) if err != nil { return data, fmt.Errorf("failed to decode blob %v/%v", hash, ref) } blobsDownloaded.Add(b.dest.String(), 1) bytesDownloaded.Add(b.dest.String(), int64(len(enc))) return }
// CONTRACT: data smaller than dataMaxSize is read atomically. func (sc *SecretConnection) Read(data []byte) (n int, err error) { if 0 < len(sc.recvBuffer) { n_ := copy(data, sc.recvBuffer) sc.recvBuffer = sc.recvBuffer[n_:] return } sealedFrame := make([]byte, sealedFrameSize) _, err = io.ReadFull(sc.conn, sealedFrame) if err != nil { return } // decrypt the frame var frame = make([]byte, totalFrameSize) // fmt.Printf("secretbox.Open(sealed:%X,recvNonce:%X,shrSecret:%X\n", sealedFrame, sc.recvNonce, sc.shrSecret) _, ok := secretbox.Open(frame[:0], sealedFrame, sc.recvNonce, sc.shrSecret) if !ok { return n, errors.New("Failed to decrypt SecretConnection") } incr2Nonce(sc.recvNonce) // end decryption var chunkLength = binary.BigEndian.Uint16(frame) // read the first two bytes if chunkLength > dataMaxSize { return 0, errors.New("chunkLength is greater than dataMaxSize") } var chunk = frame[dataLenSize : dataLenSize+chunkLength] n = copy(data, chunk) sc.recvBuffer = chunk[n:] return }
func decodeSeckey(seckeydata string) *Seckey { lines := strings.Split(seckeydata, "\n") var ident string fmt.Sscanf(lines[1], "ident:%s", &ident) b64 := strings.Join(lines[2:6], "\n") data, _ := base64.StdEncoding.DecodeString(b64) buf := bytes.NewBuffer(data) seckey := new(Seckey) buf.Read(seckey.sigalg[:]) buf.Read(seckey.encalg[:]) buf.Read(seckey.symalg[:]) buf.Read(seckey.kdfalg[:]) buf.Read(seckey.randomid[:]) binary.Read(buf, binary.BigEndian, &seckey.kdfrounds) buf.Read(seckey.salt[:]) buf.Read(seckey.nonce[:]) buf.Read(seckey.tag[:]) buf.Read(seckey.sigkey[:]) buf.Read(seckey.enckey[:]) // XXX use a real key var symkey [32]byte var enc [16 + 64 + 32]byte copy(enc[0:16], seckey.tag[:]) copy(enc[16:80], seckey.sigkey[:]) copy(enc[80:112], seckey.enckey[:]) dec, ok := secretbox.Open(nil, enc[:], &seckey.nonce, &symkey) if !ok { log.Fatal("decryption failed") } copy(seckey.sigkey[:], dec[0:64]) copy(seckey.enckey[:], dec[64:96]) seckey.ident = ident return seckey }
func (ds *decryptStream) processEncryptionBlock(bl *encryptionBlock) ([]byte, error) { blockNum := encryptionBlockNumber(bl.seqno - 1) if err := blockNum.check(); err != nil { return nil, err } nonce := nonceForChunkSecretBox(blockNum) ciphertext := bl.PayloadCiphertext // Check the authenticator. hashToAuthenticate := computePayloadHash(ds.headerHash, nonce, ciphertext) ourAuthenticator := hmacSHA512256(ds.macKey, hashToAuthenticate) if !hmac.Equal(ourAuthenticator, bl.HashAuthenticators[ds.position]) { return nil, ErrBadTag(bl.seqno) } plaintext, ok := secretbox.Open([]byte{}, ciphertext, (*[24]byte)(nonce), (*[32]byte)(ds.payloadKey)) if !ok { return nil, ErrBadCiphertext(bl.seqno) } // The encoding of the empty buffer implies the EOF. But otherwise, all mechanisms are the same. if len(plaintext) == 0 { return nil, nil } return plaintext, nil }
// Decrypt data // // This function decrypts data originally encrypted using Encrypt(). It will extract // the scrypt salt and nonce and apply the required transformations. An error is // returned when the ciphertext is too short or the password does not match. Otherwise, // the raw decrypted message is returned. func (b *Boxer) Decrypt(ciphertext []byte, password []byte) ([]byte, error) { minLength := SaltLength + NonceLength + secretbox.Overhead + 1 if len(ciphertext) < minLength { return nil, fmt.Errorf("The ciphertext is too short (%d bytes) to be valid. It needs to be at least %d bytes.", len(ciphertext), minLength) } // figure out the salt to derive the key used for encryption salt := new([SaltLength]byte) copy(salt[:], ciphertext[:SaltLength]) key, err := b.DeriveKey(password, salt) if err != nil { return nil, err } // find the secretbox nonce (if follows the SaltLength bytes at the beginning of ciphertext) nonce := new([NonceLength]byte) copy(nonce[:], ciphertext[SaltLength:(SaltLength+NonceLength)]) // slice out the secretbox box := ciphertext[(SaltLength + NonceLength):] // ... and open it plain, success := secretbox.Open(nil, box, nonce, key) if !success { return nil, errors.New("Decrypting failed, probably due to a wrong password.") } return plain, nil }
// Decrypt returns plaintext from ciphertext func Decrypt(key *[KeySize]byte, nonce *[NonceSize]byte, ciphertext []byte) ([]byte, error) { plaintext, ok := secretbox.Open(nil, ciphertext, nonce, key) if !ok { return nil, errors.New("Could not decrypt") } return plaintext, nil }
// Read as per io.Reader func (fh *decrypter) Read(p []byte) (n int, err error) { if fh.err != nil { return 0, fh.err } if fh.bufIndex >= fh.bufSize { // Read data // FIXME should overlap the reads with a go-routine and 2 buffers? readBuf := fh.readBuf n, err = io.ReadFull(fh.rc, readBuf) if err == io.EOF { // ReadFull only returns n=0 and EOF return 0, fh.finish(io.EOF) } else if err == io.ErrUnexpectedEOF { // Next read will return EOF } else if err != nil { return 0, fh.finish(err) } // Check header + 1 byte exists if n <= blockHeaderSize { return 0, fh.finish(ErrorEncryptedFileBadHeader) } // Decrypt the block using the nonce block := fh.buf _, ok := secretbox.Open(block[:0], readBuf[:n], fh.nonce.pointer(), &fh.c.dataKey) if !ok { return 0, fh.finish(ErrorEncryptedBadBlock) } fh.bufIndex = 0 fh.bufSize = n - blockHeaderSize fh.nonce.increment() } n = copy(p, fh.buf[fh.bufIndex:fh.bufSize]) fh.bufIndex += n return n, nil }
func (ds *decryptStream) processEncryptionHeader(hdr *EncryptionHeader) error { if err := hdr.validate(); err != nil { return err } ephemeralKey := ds.ring.ImportEphemeralKey(hdr.Ephemeral) if ephemeralKey == nil { return ErrBadEphemeralKey } ds.nonce = NewNonceForEncryption(ephemeralKey) var secretKey BoxSecretKey var err error secretKey, ds.tagKey, ds.payloadKey, ds.position, err = ds.tryVisibleReceivers(hdr, ephemeralKey) if err != nil { return err } if secretKey == nil { secretKey, ds.tagKey, ds.payloadKey, ds.position, err = ds.tryHiddenReceivers(hdr, ephemeralKey) ds.mki.ReceiverIsAnon = true } if err != nil { return err } if secretKey == nil || ds.position < 0 { return ErrNoDecryptionKey } ds.mki.ReceiverKey = secretKey // Decrypt the sender's public key senderKeySlice, ok := secretbox.Open([]byte{}, hdr.SenderSecretbox, (*[24]byte)(ds.nonce), (*[32]byte)(ds.payloadKey)) if !ok { return ErrBadSenderKeySecretbox } ds.senderKey, err = rawBoxKeyFromSlice(senderKeySlice) if err != nil { return err } // Lookup the sender's public key in our keyring, and import // it for use. However, if the sender key is the same as the ephemeral // key, then assume "anonymous mode", so use the already imported anonymous // key. if !hmac.Equal(hdr.Ephemeral, ds.senderKey[:]) { longLivedSenderKey := ds.ring.LookupBoxPublicKey(ds.senderKey[:]) if longLivedSenderKey == nil { return ErrNoSenderKey } ds.tagKey = secretKey.Precompute(longLivedSenderKey) ds.mki.SenderKey = longLivedSenderKey } else { ds.mki.SenderIsAnon = true ds.mki.SenderKey = ephemeralKey } return nil }
func download(key string, password string) { fmt.Println("Downloading file") cipher_key := sha256.Sum256([]byte(password)) uri, err := url.ParseRequestURI(BASE_URL) uri.Path = "/api/download" query_parameters := url.Values{} query_parameters.Set("key", key) uri.RawQuery = query_parameters.Encode() url_str := fmt.Sprintf("%v", uri) res, err := http.Get(url_str) if err != nil { oopsie(err.Error()) } defer res.Body.Close() decoder := json.NewDecoder(res.Body) var jsondata Download_info err = decoder.Decode(&jsondata) if err != nil { oopsie(err.Error()) } url := jsondata.Url res, err = http.Get(url) if err != nil { oopsie(err.Error()) } defer res.Body.Close() encoded_metadata := res.Header.Get("x-amz-meta-filename") metadata, err := base64.StdEncoding.DecodeString(encoded_metadata) if err != nil { oopsie(err.Error()) } var nonce [NONCE_SIZE]byte copy(nonce[:], metadata) filename_bytes, ok := secretbox.Open(nil, metadata[NONCE_SIZE:], &nonce, &cipher_key) if !ok { // Thanks for returning a bool instead of an error object :( Super intuitive! oopsie(err.Error()) } filename := string(filename_bytes) file, err := os.Create(filename) if err != nil { oopsie(err.Error()) } defer file.Close() _, err = io.Copy(file, res.Body) if err != nil { oopsie(err.Error()) } fmt.Printf("File saved as '%v'\n", filename) }
// Decrypt extracts the nonce from the ciphertext, and attempts to // decrypt with NaCl's secretbox. func Decrypt(key *[KeySize]byte, in []byte) ([]byte, bool) { if len(in) < nonceSize { return nil, false } var nonce [nonceSize]byte copy(nonce[:], in) return secretbox.Open(nil, in[nonceSize:], &nonce, key) }
func (receiver *EncryptedTCPReceiver) Decode(msg []byte) ([]byte, error) { decodedMsg, success := secretbox.Open(nil, msg, &receiver.state.nonce, receiver.state.sessionKey) if !success { return nil, fmt.Errorf("Unable to decrypt TCP msg") } receiver.state.advance() return decodedMsg, nil }
// trySavedKeys tries to decrypt ciphertext using keys saved for missing messages. func (r *Ratchet) trySavedKeysAndCheckAuth(authTag, authBody, ciphertext []byte) ([]byte, error) { if len(ciphertext) < sealedHeaderSize { return nil, errors.New("ratchet: header too small to be valid") } sealedHeader := ciphertext[:sealedHeaderSize] var nonce [24]byte copy(nonce[:], sealedHeader) sealedHeader = sealedHeader[len(nonce):] for headerKey, messageKeys := range r.saved { header, ok := secretbox.Open(nil, sealedHeader, &nonce, &headerKey) if !ok { continue } if len(header) != headerSize { continue } msgNum := binary.LittleEndian.Uint32(header[:4]) msgKey, ok := messageKeys[msgNum] if !ok { // This is a fairly common case: the message key might // not have been saved because it's the next message // key. return nil, nil } sealedMessage := ciphertext[sealedHeaderSize:] copy(nonce[:], header[nonceInHeaderOffset:]) msg, ok := secretbox.Open(nil, sealedMessage, &nonce, &msgKey.key) if !ok { return nil, errors.New("ratchet: corrupt message") } if err := r.CheckAuth(authTag, authBody, msg, &msgKey.authPriv); err != nil { return nil, err } delete(messageKeys, msgNum) if len(messageKeys) == 0 { delete(r.saved, headerKey) } return msg, nil } return nil, nil }
// ReadJSON returns the decoded configuration file, or an error. func ReadJSON(secustom string) (configger Config, err error) { naclKey := new([keySize]byte) copy(naclKey[:], pad[:keySize]) nonce := new([nonceSize]byte) in, err := ioutil.ReadFile(secustom) if err != nil { return configger, err } copy(nonce[:], in[:nonceSize]) configbytes, ok := secretbox.Open(nil, in[nonceSize:], nonce, naclKey) if ok { err = json.Unmarshal(configbytes, &configger) if err == nil { // No password. Success. return configger, nil } } // The blank password didn't work. Ask the user via speakeasy configlock, err := speakeasy.Ask("Password: "******"Could not decrypt the config file. Wrong password?") } err = json.Unmarshal(configbytes, &configger) if err != nil { return configger, err } return configger, nil }
func (sch *SChannel) decrypt(in []byte) ([]byte, bool) { if len(in) <= nonceSize { return nil, false } var nonce [nonceSize]byte copy(nonce[:], in[:nonceSize]) return secretbox.Open(nil, in[nonceSize:], &nonce, &sch.rkey) }
func (s *registrationSuite) openBox(c *gc.C, ciphertext, nonce, key []byte) []byte { var nonceArray [24]byte var keyArray [32]byte c.Assert(copy(nonceArray[:], nonce), gc.Equals, len(nonceArray)) c.Assert(copy(keyArray[:], key), gc.Equals, len(keyArray)) message, ok := secretbox.Open(nil, ciphertext, &nonceArray, &keyArray) c.Assert(ok, jc.IsTrue) return message }