tovi
/
Envelope
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Encrypted messaging app
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 Commits
3 Branches
16 MiB
Tree: b914a9f75c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b914a9f75c'
${ noResults }
Envelope/Backend/Database/Seeder/encryption.go

188 lines
3.5 KiB
Raw Normal View History

Friends and conversations sync to device
2 years ago
Move go server into docker container and start adding tests
2 years ago
Friends and conversations sync to device
2 years ago
Move go server into docker container and start adding tests
2 years ago
Friends and conversations sync to device
2 years ago
 
  1. package Seeder
  2. 

  3. // THIS FILE IS ONLY USED FOR SEEDING DATA DURING DEVELOPMENT

  4. 

  5. import (
  6. 	"bytes"
  7. 	"crypto/aes"
  8. 	"crypto/cipher"
  9. 	"crypto/hmac"
  10. 	"crypto/rand"
  11. 	"crypto/rsa"
  12. 	"crypto/sha256"
  13. 	"encoding/base64"
  14. 	"fmt"
  15. 	"hash"
  16. 

  17. 	"golang.org/x/crypto/pbkdf2"
  18. )
  19. 

  20. type aesKey struct {
  21. 	Key []byte
  22. 	Iv  []byte
  23. }
  24. 

  25. func (key aesKey) encode() string {
  26. 	return base64.StdEncoding.EncodeToString(key.Key)
  27. }
  28. 

  29. // Appends padding.

  30. func pkcs7Padding(data []byte, blocklen int) ([]byte, error) {
  31. 	var (
  32. 		padlen int = 1
  33. 		pad    []byte
  34. 	)
  35. 	if blocklen <= 0 {
  36. 		return nil, fmt.Errorf("invalid blocklen %d", blocklen)
  37. 	}
  38. 

  39. 	for ((len(data) + padlen) % blocklen) != 0 {
  40. 		padlen = padlen + 1
  41. 	}
  42. 

  43. 	pad = bytes.Repeat([]byte{byte(padlen)}, padlen)
  44. 	return append(data, pad...), nil
  45. }
  46. 

  47. // pkcs7strip remove pkcs7 padding

  48. func pkcs7strip(data []byte, blockSize int) ([]byte, error) {
  49. 	var (
  50. 		length int
  51. 		padLen int
  52. 		ref    []byte
  53. 	)
  54. 

  55. 	length = len(data)
  56. 	if length == 0 {
  57. 		return nil, fmt.Errorf("pkcs7: Data is empty")
  58. 	}
  59. 

  60. 	if (length % blockSize) != 0 {
  61. 		return nil, fmt.Errorf("pkcs7: Data is not block-aligned")
  62. 	}
  63. 

  64. 	padLen = int(data[length-1])
  65. 	ref = bytes.Repeat([]byte{byte(padLen)}, padLen)
  66. 

  67. 	if padLen > blockSize || padLen == 0 || !bytes.HasSuffix(data, ref) {
  68. 		return nil, fmt.Errorf("pkcs7: Invalid padding")
  69. 	}
  70. 

  71. 	return data[:length-padLen], nil
  72. }
  73. 

  74. func GenerateAesKey() (aesKey, error) {
  75. 	var (
  76. 		saltBytes []byte = []byte{}
  77. 		password  []byte
  78. 		seed      []byte
  79. 		iv        []byte
  80. 		err       error
  81. 	)
  82. 

  83. 	password = make([]byte, 64)
  84. 	_, err = rand.Read(password)
  85. 	if err != nil {
  86. 		return aesKey{}, err
  87. 	}
  88. 

  89. 	seed = make([]byte, 64)
  90. 	_, err = rand.Read(seed)
  91. 	if err != nil {
  92. 		return aesKey{}, err
  93. 	}
  94. 

  95. 	iv = make([]byte, 16)
  96. 	_, err = rand.Read(iv)
  97. 	if err != nil {
  98. 		return aesKey{}, err
  99. 	}
  100. 

  101. 	return aesKey{
  102. 		Key: pbkdf2.Key(
  103. 			password,
  104. 			saltBytes,
  105. 			1000,
  106. 			32,
  107. 			func() hash.Hash { return hmac.New(sha256.New, seed) },
  108. 		),
  109. 		Iv: iv,
  110. 	}, nil
  111. }
  112. 

  113. func (key aesKey) aesEncrypt(plaintext []byte) ([]byte, error) {
  114. 	var (
  115. 		bPlaintext []byte
  116. 		ciphertext []byte
  117. 		block      cipher.Block
  118. 		err        error
  119. 	)
  120. 

  121. 	bPlaintext, err = pkcs7Padding(plaintext, 16)
  122. 

  123. 	block, err = aes.NewCipher(key.Key)
  124. 	if err != nil {
  125. 		return []byte{}, err
  126. 	}
  127. 

  128. 	ciphertext = make([]byte, len(bPlaintext))
  129. 	mode := cipher.NewCBCEncrypter(block, key.Iv)
  130. 	mode.CryptBlocks(ciphertext, bPlaintext)
  131. 

  132. 	ciphertext = append(key.Iv, ciphertext...)
  133. 

  134. 	return ciphertext, nil
  135. }
  136. 

  137. func (key aesKey) aesDecrypt(ciphertext []byte) ([]byte, error) {
  138. 	var (
  139. 		plaintext []byte
  140. 		iv        []byte
  141. 		block     cipher.Block
  142. 		err       error
  143. 	)
  144. 

  145. 	iv = ciphertext[:aes.BlockSize]
  146. 	plaintext = ciphertext[aes.BlockSize:]
  147. 

  148. 	block, err = aes.NewCipher(key.Key)
  149. 	if err != nil {
  150. 		return []byte{}, err
  151. 	}
  152. 

  153. 	decMode := cipher.NewCBCDecrypter(block, iv)
  154. 	decMode.CryptBlocks(plaintext, plaintext)
  155. 

  156. 	return plaintext, nil
  157. }
  158. 

  159. // EncryptWithPublicKey encrypts data with public key

  160. func EncryptWithPublicKey(msg []byte, pub *rsa.PublicKey) []byte {
  161. 	var (
  162. 		hash hash.Hash
  163. 	)
  164. 

  165. 	hash = sha256.New()
  166. 	ciphertext, err := rsa.EncryptOAEP(hash, rand.Reader, pub, msg, nil)
  167. 	if err != nil {
  168. 		panic(err)
  169. 	}
  170. 	return ciphertext
  171. }
  172. 

  173. // DecryptWithPrivateKey decrypts data with private key

  174. func decryptWithPrivateKey(ciphertext []byte, priv *rsa.PrivateKey) ([]byte, error) {
  175. 	var (
  176. 		hash      hash.Hash
  177. 		plaintext []byte
  178. 		err       error
  179. 	)
  180. 

  181. 	hash = sha256.New()
  182. 

  183. 	plaintext, err = rsa.DecryptOAEP(hash, rand.Reader, priv, ciphertext, nil)
  184. 	if err != nil {
  185. 		return plaintext, err
  186. 	}
  187. 	return plaintext, nil
  188. }