// unwrapKey decrypts first key in keys whose encryption keys are in keycache
func (encrypted *EncryptedData) unwrapKey(cache *keycache.Cache, user string) (unwrappedKey []byte, names []string, err error) {
var (
keyFound error
fullMatch bool = false
nameSet = map[string]bool{}
)
for _, mwKey := range encrypted.KeySet {
// validate the size of the keys
if len(mwKey.Key) != 16 {
err = errors.New("Invalid Input")
}
if err != nil {
return nil, nil, err
}
// loop through users to see if they are all delegated
fullMatch = true
for _, mwName := range mwKey.Name {
if valid := cache.Valid(mwName, user, encrypted.Labels); !valid {
fullMatch = false
break
}
nameSet[mwName] = true
}
// if the keys are delegated, decrypt the mwKey with them
if fullMatch == true {
tmpKeyValue := mwKey.Key
for _, mwName := range mwKey.Name {
pubEncrypted := encrypted.KeySetRSA[mwName]
if tmpKeyValue, keyFound = cache.DecryptKey(tmpKeyValue, mwName, user, encrypted.Labels, pubEncrypted.Key); keyFound != nil {
break
}
}
unwrappedKey = tmpKeyValue
break
}
}
if !fullMatch {
err = errors.New("Need more delegated keys")
names = nil
}
names = make([]string, 0, len(nameSet))
for name := range nameSet {
names = append(names, name)
}
return
}
// unwrapKey decrypts first key in keys whose encryption keys are in keycache
func (encrypted *EncryptedData) unwrapKey(cache *keycache.Cache, user string) (unwrappedKey []byte, names []string, err error) {
var (
decryptErr error
fullMatch bool = false
nameSet = map[string]bool{}
)
if len(encrypted.Predicate) == 0 {
for _, mwKey := range encrypted.KeySet {
// validate the size of the keys
if len(mwKey.Key) != 16 {
err = errors.New("Invalid Input")
}
if err != nil {
return nil, nil, err
}
// loop through users to see if they are all delegated
fullMatch = true
for _, mwName := range mwKey.Name {
if valid := cache.Valid(mwName, user, encrypted.Labels); !valid {
fullMatch = false
break
}
nameSet[mwName] = true
}
// if the keys are delegated, decrypt the mwKey with them
if fullMatch == true {
tmpKeyValue := mwKey.Key
for _, mwName := range mwKey.Name {
pubEncrypted := encrypted.KeySetRSA[mwName]
if tmpKeyValue, decryptErr = cache.DecryptKey(tmpKeyValue, mwName, user, encrypted.Labels, pubEncrypted.Key); decryptErr != nil {
break
}
}
unwrappedKey = tmpKeyValue
break
}
}
if !fullMatch {
err = errors.New("Need more delegated keys")
return
}
if decryptErr != nil {
err = errors.New("Failed to decrypt with all keys in keyset")
return
}
names = make([]string, 0, len(nameSet))
for name := range nameSet {
names = append(names, name)
}
return
} else {
var sss msp.MSP
sss, err = msp.StringToMSP(encrypted.Predicate)
if err != nil {
return nil, nil, err
}
db := UserDatabase{
names: &names,
cache: cache,
user: user,
labels: encrypted.Labels,
keySet: encrypted.KeySetRSA,
shareSet: encrypted.ShareSet,
}
unwrappedKey, err = sss.RecoverSecret(&db)
return
}
}