1
0
Fork 0
mirror of https://github.com/Luzifer/envrun.git synced 2024-11-14 00:52:42 +00:00
envrun/decryption.go
2018-11-02 21:40:47 +01:00

67 lines
1.5 KiB
Go

package main
import (
"bytes"
"fmt"
"io"
"io/ioutil"
"golang.org/x/crypto/openpgp"
"golang.org/x/crypto/openpgp/armor"
openssl "github.com/Luzifer/go-openssl"
)
type decryptMethod func(body []byte, passphrase string) ([]byte, error)
func decryptMethodFromName(name string) (decryptMethod, error) {
switch name {
case "gpg-symmetric":
return decryptGPGSymmetric, nil
case "openssl-md5":
return decryptOpenSSL(openssl.DigestMD5Sum), nil
case "openssl-sha256":
return decryptOpenSSL(openssl.DigestSHA256Sum), nil
default:
return nil, fmt.Errorf("Decrypt method %q not found", name)
}
}
func decryptGPGSymmetric(body []byte, passphrase string) ([]byte, error) {
var msgReader io.Reader
block, err := armor.Decode(bytes.NewReader(body))
switch err {
case nil:
msgReader = block.Body
case io.EOF:
msgReader = bytes.NewReader(body)
default:
return nil, fmt.Errorf("Unable to read armor: %s", err)
}
var passwordRetry bool
md, err := openpgp.ReadMessage(msgReader, nil, func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
if passwordRetry {
return nil, fmt.Errorf("Wrong passphrase supplied")
}
passwordRetry = true
return []byte(passphrase), nil
}, nil)
if err != nil {
return nil, fmt.Errorf("Unable to decrypt message: %s", err)
}
return ioutil.ReadAll(md.UnverifiedBody)
}
func decryptOpenSSL(kdf openssl.DigestFunc) decryptMethod {
return func(body []byte, passphrase string) ([]byte, error) {
return openssl.New().DecryptBytes(cfg.Password, body, kdf)
}
}