func (s *CryptoSuite) TestNewLoadCipher(c *C) {
key := crypto.NewKey()
newCipher, _ := crypto.NewCipher(key)
loadCipher, _ := crypto.LoadCipher(key, newCipher.GetNonce())
c.Assert(loadCipher, NotNil)
c.Assert(loadCipher.GetNonce(), DeepEquals, newCipher.GetNonce())
}
func (s *CryptoSuite) TestDecrypt(c *C) {
key := crypto.NewKey()
encipher, _ := crypto.NewCipher(key)
plaintext := []byte{1, 2, 3, 4, 5}
ciphertext := encipher.Encrypt(plaintext)
decipher, _ := crypto.LoadCipher(key, encipher.GetNonce())
plaintextVerify := decipher.Decrypt(ciphertext)
c.Assert(plaintextVerify, NotNil)
c.Assert(plaintextVerify, DeepEquals, plaintext)
}
func (s *CryptoSuite) TestTryDecryptFail(c *C) {
key := crypto.NewKey()
encipher, _ := crypto.NewCipher(key)
plaintext := []byte{1, 2, 3, 4, 5}
ciphertext := encipher.Encrypt(plaintext)
newKey := crypto.NewKey()
c.Assert(key, Not(DeepEquals), newKey)
decipher, _ := crypto.LoadCipher(newKey, encipher.GetNonce())
plaintextVerify, err := decipher.TryDecrypt(ciphertext)
c.Assert(err, NotNil)
c.Assert(len(plaintextVerify), Equals, 0)
}
func (s *CryptoSuite) TestLoadCipher(c *C) {
nonce := make([]byte, 12)
cipher, err := crypto.LoadCipher(crypto.NewKey(), nonce)
c.Assert(cipher, NotNil)
c.Assert(err, IsNil)
}
func Open(fileName string, password string) (*Store, error) {
if _, err := os.Stat(fileName); os.IsNotExist(err) {
return nil, errors.New("Credential database does not exist.")
}
db, err := sql.Open("sqlite3", fileName)
if err != nil {
return nil, err
}
query := `
SELECT password_salt, password_stretch, password_nonce, encrypted_key, key_nonce, version
FROM settings
`
rows, err := db.Query(query)
if err != nil {
return nil, err
}
defer rows.Close()
rows.Next()
var passwordSalt, passwordNonce, encryptedKey, keyNonce []byte
var passwordStretch, version int
rows.Scan(&passwordSalt, &passwordStretch, &passwordNonce, &encryptedKey, &keyNonce, &version)
if version > 1 {
return nil, errors.New(fmt.Sprintf("Unsupported version: %d.", version))
}
if len(encryptedKey) <= 0 {
return nil, errors.New("Invalid encrypted key.")
}
passwordKey, err := crypto.LoadPasswordKey(password, passwordSalt, passwordStretch)
if err != nil {
return nil, err
}
passwordCipher, err := crypto.LoadCipher(passwordKey, passwordNonce)
if err != nil {
return nil, err
}
key, err := passwordCipher.TryDecrypt(encryptedKey)
if err != nil {
return nil, err
}
keyCipher, err := crypto.LoadCipher(key, keyNonce)
if err != nil {
return nil, err
}
return &Store{
db: db,
passwordCipher: passwordCipher,
keyCipher: keyCipher,
}, nil
}
