/
decrypt.go
118 lines (97 loc) · 2.36 KB
/
decrypt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
package main
import (
"archive/tar"
"github.com/gja/openssl"
"io"
"io/ioutil"
"log"
)
func min(a, b int64) int64 {
if a < b {
return a
}
return b
}
type EncryptionReader struct {
rd *tar.Reader
ctx openssl.DecryptionCipherCtx
remainingInFile int64
}
func (reader *EncryptionReader) readNextBytes(b []byte) (int, error) {
bytesToRead := make([]byte, min(int64(len(b)), reader.remainingInFile))
n, readerr := reader.rd.Read(bytesToRead)
if n == 0 {
return n, readerr
}
reader.remainingInFile = reader.remainingInFile - int64(n)
buf, err := reader.ctx.DecryptUpdate(bytesToRead)
if err != nil {
log.Fatalln(err)
}
copy(b, buf)
return len(buf), readerr
}
func (reader *EncryptionReader) Read(b []byte) (int, error) {
if reader.remainingInFile == 0 {
header, err := reader.rd.Next()
if err == io.EOF {
return 0, err
}
if err != nil {
log.Fatalln(err)
}
reader.remainingInFile = header.Size
}
return reader.readNextBytes(b)
}
func readNextEntry(tarFile *tar.Reader) []byte {
_, err := tarFile.Next()
if err != nil {
log.Fatalln(err)
}
result, err := ioutil.ReadAll(tarFile)
if err != nil {
log.Fatalln(err)
}
return result
}
func (writer *EncryptionReader) finish() []byte {
toWrite, err := writer.ctx.DecryptFinal()
if err != nil {
log.Fatalln(err)
}
return toWrite
}
func decryptKey(key []byte, privateKey *openssl.PrivateKey) []byte {
rsaSize, err := (*privateKey).RSASize()
if err != nil {
log.Fatalln(err)
}
outputBytes := make([]byte, rsaSize)
len, err := (*privateKey).PrivateDecrypt(outputBytes, key, openssl.RSA_PADDING_PKCS1)
if err != nil {
log.Fatalln(err)
}
output := make([]byte, len)
copy(output, outputBytes)
return output
}
func newEncryptionReader(privateKey *openssl.PrivateKey, input io.Reader) *EncryptionReader {
tarFile := tar.NewReader(input)
key := decryptKey(readNextEntry(tarFile), privateKey)
iv := readNextEntry(tarFile)
cipher, err := openssl.GetCipherByName("aes-256-cbc")
if err != nil {
log.Fatalln(err)
}
ctx, err := openssl.NewDecryptionCipherCtx(cipher, nil, key, iv)
if err != nil {
log.Fatalln(err)
}
return &EncryptionReader{rd: tarFile, ctx: ctx}
}
func Decrypt(privateKey *openssl.PrivateKey, input io.ReadCloser, output io.WriteCloser) {
reader := newEncryptionReader(privateKey, input)
io.Copy(output, reader)
output.Write(reader.finish())
}