wal-g

crypter.go
68 строк · 2.2 Кб
Перенос по словам
1
package awskms
2

3
import (
4
	"bufio"
5
	"io"
6

7
	"github.com/minio/sio"
8
	"github.com/wal-g/tracelog"
9
	"github.com/wal-g/wal-g/internal/crypto"
10
	"github.com/wal-g/wal-g/internal/ioextensions"
11
)
12

13
// Crypter is AWS KMS Crypter implementation
14
type Crypter struct {
15
	SymmetricKey crypto.SymmetricKey
16
}
17

18
func (crypter *Crypter) Name() string {
19
	return "AWK_KMS/Crypter"
20
}
21

22
// Encrypt creates encryption writer from ordinary writer
23
func (crypter *Crypter) Encrypt(writer io.Writer) (io.WriteCloser, error) {
24
	if len(crypter.SymmetricKey.GetKey()) == 0 {
25
		err := crypter.SymmetricKey.Generate()
26
		tracelog.ErrorLogger.FatalfOnError("Can't generate symmetric key: %v", err)
27

28
		err = crypter.SymmetricKey.Encrypt()
29
		tracelog.ErrorLogger.FatalfOnError("Can't encrypt symmetric key: %v", err)
30
	}
31

32
	bufferedWriter := bufio.NewWriter(writer)
33
	_, err := bufferedWriter.Write(crypter.SymmetricKey.GetEncryptedKey())
34

35
	if err != nil {
36
		tracelog.ErrorLogger.Printf("Can't write encryption key to buffer: %v", err)
37
		return nil, err
38
	}
39

40
	encryptedWriter, err := sio.EncryptWriter(bufferedWriter, sio.Config{Key: crypter.SymmetricKey.GetKey()})
41

42
	if err != nil {
43
		tracelog.ErrorLogger.Printf("AWS KMS can't create encrypted writer: %v", err)
44
		return nil, err
45
	}
46

47
	return ioextensions.NewOnCloseFlusher(encryptedWriter, bufferedWriter), nil
48
}
49

50
// Decrypt creates decrypted reader from ordinary reader
51
func (crypter *Crypter) Decrypt(reader io.Reader) (io.Reader, error) {
52
	encryptedSymmetricKey := make([]byte, crypter.SymmetricKey.GetEncryptedKeyLen())
53
	_, err := reader.Read(encryptedSymmetricKey)
54
	tracelog.ErrorLogger.FatalfOnError("Can't read encryption key from archive file header: %v", err)
55

56
	err = crypter.SymmetricKey.SetEncryptedKey(encryptedSymmetricKey)
57
	tracelog.ErrorLogger.FatalfOnError("Can't set encrypted key: %v", err)
58

59
	err = crypter.SymmetricKey.Decrypt()
60
	tracelog.ErrorLogger.FatalfOnError("Can't decrypt symmetric key: %v", err)
61

62
	return sio.DecryptReader(reader, sio.Config{Key: crypter.SymmetricKey.GetKey()})
63
}
64

65
// CrypterFromKeyID creates AWS KMS Crypter with given KMS Key ID
66
func CrypterFromKeyID(CseKmsID string, CseKmsRegion string) crypto.Crypter {
67
	return &Crypter{SymmetricKey: NewSymmetricKey(CseKmsID, 32, 184, CseKmsRegion)}
68
}
69
wal-g

Использование cookies
