Exemplo n.º 1
0
// UnmarshalSecretStore decrypts and parses the secret store contained
// in the input byte slice.
func UnmarshalSecretStore(in, passphrase []byte, m secret.ScryptMode) (*SecretStore, bool) {
	if len(in) < saltSize {
		return nil, false
	}

	salt := in[:saltSize]
	enc := in[saltSize:]
	key := secret.DeriveKeyStrength(passphrase, salt, m)
	if key == nil {
		return nil, false
	}
	defer util.Zero(key[:])

	data, ok := secret.Decrypt(key, enc)
	if !ok {
		util.Errorf("decrypt fails")
		return nil, false
	}
	defer util.Zero(data)

	var store SecretStore
	err := json.Unmarshal(data, &store)
	if err != nil {
		util.Errorf("encrypt fails")
		return nil, false
	}

	store.passphrase = make([]byte, len(passphrase))
	copy(store.passphrase, passphrase)
	return &store, true
}
Exemplo n.º 2
0
// MarshalSecretStore serialises and encrypts the data store to a byte
// slice suitable for writing to disk.
func MarshalSecretStore(s *SecretStore, m secret.ScryptMode) ([]byte, bool) {
	if !s.Valid() {
		return nil, false
	}

	out, err := json.Marshal(s)
	if err != nil {
		return nil, false
	}
	defer util.Zero(out)

	salt := util.RandBytes(saltSize)
	if salt == nil {
		return nil, false
	}

	key := secret.DeriveKeyStrength(s.passphrase, salt, m)
	if key == nil {
		return nil, false
	}
	defer util.Zero(key[:])

	enc, ok := secret.Encrypt(key, out)
	if !ok {
		return nil, false
	}
	defer s.Zero()

	enc = append(salt, enc...)
	return enc, true
}