8
"github.com/wal-g/tracelog"
9
"github.com/wal-g/wal-g/internal/crypto"
10
"github.com/wal-g/wal-g/internal/ioextensions"
13
// Crypter is AWS KMS Crypter implementation
15
SymmetricKey crypto.SymmetricKey
18
func (crypter *Crypter) Name() string {
19
return "AWK_KMS/Crypter"
22
// Encrypt creates encryption writer from ordinary writer
23
func (crypter *Crypter) Encrypt(writer io.Writer) (io.WriteCloser, error) {
24
if len(crypter.SymmetricKey.GetKey()) == 0 {
25
err := crypter.SymmetricKey.Generate()
26
tracelog.ErrorLogger.FatalfOnError("Can't generate symmetric key: %v", err)
28
err = crypter.SymmetricKey.Encrypt()
29
tracelog.ErrorLogger.FatalfOnError("Can't encrypt symmetric key: %v", err)
32
bufferedWriter := bufio.NewWriter(writer)
33
_, err := bufferedWriter.Write(crypter.SymmetricKey.GetEncryptedKey())
36
tracelog.ErrorLogger.Printf("Can't write encryption key to buffer: %v", err)
40
encryptedWriter, err := sio.EncryptWriter(bufferedWriter, sio.Config{Key: crypter.SymmetricKey.GetKey()})
43
tracelog.ErrorLogger.Printf("AWS KMS can't create encrypted writer: %v", err)
47
return ioextensions.NewOnCloseFlusher(encryptedWriter, bufferedWriter), nil
50
// Decrypt creates decrypted reader from ordinary reader
51
func (crypter *Crypter) Decrypt(reader io.Reader) (io.Reader, error) {
52
encryptedSymmetricKey := make([]byte, crypter.SymmetricKey.GetEncryptedKeyLen())
53
_, err := reader.Read(encryptedSymmetricKey)
54
tracelog.ErrorLogger.FatalfOnError("Can't read encryption key from archive file header: %v", err)
56
err = crypter.SymmetricKey.SetEncryptedKey(encryptedSymmetricKey)
57
tracelog.ErrorLogger.FatalfOnError("Can't set encrypted key: %v", err)
59
err = crypter.SymmetricKey.Decrypt()
60
tracelog.ErrorLogger.FatalfOnError("Can't decrypt symmetric key: %v", err)
62
return sio.DecryptReader(reader, sio.Config{Key: crypter.SymmetricKey.GetKey()})
65
// CrypterFromKeyID creates AWS KMS Crypter with given KMS Key ID
66
func CrypterFromKeyID(CseKmsID string, CseKmsRegion string) crypto.Crypter {
67
return &Crypter{SymmetricKey: NewSymmetricKey(CseKmsID, 32, 184, CseKmsRegion)}