125 lines
2.4 KiB
Go
125 lines
2.4 KiB
Go
|
package pass
|
||
|
|
||
|
import (
|
||
|
"crypto/aes"
|
||
|
"crypto/cipher"
|
||
|
"crypto/rand"
|
||
|
"fmt"
|
||
|
"log"
|
||
|
"os"
|
||
|
|
||
|
"baal.ar76.eu/x/pub/multisql/cfg"
|
||
|
"golang.org/x/crypto/scrypt"
|
||
|
)
|
||
|
|
||
|
func DeriveKey(password, salt []byte) ([]byte, []byte, error) {
|
||
|
if salt == nil {
|
||
|
salt = make([]byte, 32)
|
||
|
if _, err := rand.Read(salt); err != nil {
|
||
|
return nil, nil, err
|
||
|
}
|
||
|
}
|
||
|
|
||
|
key, err := scrypt.Key(password, salt, 32768, 8, 1, 32)
|
||
|
if err != nil {
|
||
|
return nil, nil, fmt.Errorf("błąd generowania klucza: %w", err)
|
||
|
}
|
||
|
|
||
|
return key, salt, nil
|
||
|
}
|
||
|
|
||
|
func Encrypt(key, data []byte) ([]byte, error) {
|
||
|
blockCipher, err := aes.NewCipher(key)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
gcm, err := cipher.NewGCM(blockCipher)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
nonce := make([]byte, gcm.NonceSize())
|
||
|
if _, err = rand.Read(nonce); err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
ciphertext := gcm.Seal(nonce, nonce, data, nil)
|
||
|
|
||
|
return ciphertext, nil
|
||
|
}
|
||
|
|
||
|
func Decrypt(key, data []byte) ([]byte, error) {
|
||
|
blockCipher, err := aes.NewCipher(key)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
gcm, err := cipher.NewGCM(blockCipher)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
nonce, ciphertext := data[:gcm.NonceSize()], data[gcm.NonceSize():]
|
||
|
|
||
|
plaintext, err := gcm.Open(nil, nonce, ciphertext, nil)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
return plaintext, nil
|
||
|
}
|
||
|
|
||
|
func DecryptFile(password, file string) ([]byte, error) {
|
||
|
data, err := os.ReadFile(file)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
salt := data[:32] //
|
||
|
data = data[32:]
|
||
|
key, _, err := DeriveKey([]byte(password), salt)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return Decrypt(key, data)
|
||
|
}
|
||
|
|
||
|
func EncryptFile(password, file string, data []byte) error {
|
||
|
key, salt, err := DeriveKey([]byte(password), nil)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
encrypted, err := Encrypt(key, data)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
fd, err := os.Create(file)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
_, err = fd.Write(salt)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
_, err = fd.Write(encrypted)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
return fd.Close()
|
||
|
}
|
||
|
|
||
|
func GetMasterPass(askPass bool) string {
|
||
|
password := os.Getenv(cfg.MULTISQLPASS)
|
||
|
if password == "" {
|
||
|
if !askPass {
|
||
|
log.Fatalf("Nieustalone hasło. Użyj flagi -P lub ustaw hasło w zmiennej %s", cfg.MULTISQLPASS)
|
||
|
}
|
||
|
fmt.Fprintf(os.Stderr, "Podaj hasło: ")
|
||
|
n, e := fmt.Scanln(&password)
|
||
|
if n == 0 || e != nil {
|
||
|
log.Fatalln("Nie udało się wczytać hasła z konsoli")
|
||
|
}
|
||
|
}
|
||
|
return password
|
||
|
}
|