7
"github.com/aws/aws-sdk-go/aws"
8
"github.com/aws/aws-sdk-go/aws/session"
9
"github.com/aws/aws-sdk-go/service/kms"
12
// SymmetricKey is AWS KMS implementation of crypto.SymmetricKey interface
13
type SymmetricKey struct {
16
EncryptedSymmetricKey []byte
17
EncryptedSymmetricKeyLen int
25
// Generate symmetric key
26
func (symmetricKey *SymmetricKey) Generate() error {
27
symmetricKey.mutex.RLock()
28
key := make([]byte, symmetricKey.SymmetricKeyLen)
29
symmetricKey.mutex.RUnlock()
31
_, err := rand.Read(key)
33
symmetricKey.mutex.Lock()
34
symmetricKey.SymmetricKey = key
35
symmetricKey.mutex.Unlock()
40
// Encrypt symmetric key with AWS KMS
41
func (symmetricKey *SymmetricKey) Encrypt() error {
42
kmsConfig := aws.NewConfig()
44
if symmetricKey.Region != "" {
45
kmsConfig = kmsConfig.WithRegion(symmetricKey.Region)
48
kmsSession, err := session.NewSession()
53
svc := kms.New(kmsSession, kmsConfig)
55
symmetricKey.mutex.RLock()
56
input := &kms.EncryptInput{
57
KeyId: aws.String(symmetricKey.KeyID),
58
Plaintext: symmetricKey.SymmetricKey,
60
symmetricKey.mutex.RUnlock()
62
result, err := svc.Encrypt(input)
65
symmetricKey.mutex.Lock()
66
symmetricKey.EncryptedSymmetricKey = result.CiphertextBlob
67
symmetricKey.mutex.Unlock()
73
// Decrypt symmetric key with AWS KMS
74
func (symmetricKey *SymmetricKey) Decrypt() error {
75
kmsConfig := aws.NewConfig()
77
if symmetricKey.Region != "" {
78
kmsConfig = kmsConfig.WithRegion(symmetricKey.Region)
81
kmsSession, err := session.NewSession()
86
svc := kms.New(kmsSession, kmsConfig)
88
symmetricKey.mutex.RLock()
89
input := &kms.DecryptInput{
90
CiphertextBlob: symmetricKey.EncryptedSymmetricKey,
92
symmetricKey.mutex.RUnlock()
94
result, err := svc.Decrypt(input)
97
symmetricKey.mutex.Lock()
98
symmetricKey.SymmetricKey = result.Plaintext
99
symmetricKey.mutex.Unlock()
105
// GetKey returna unencrypted symmetric key
106
func (symmetricKey *SymmetricKey) GetKey() []byte {
107
symmetricKey.mutex.RLock()
108
defer symmetricKey.mutex.RUnlock()
109
return symmetricKey.SymmetricKey
112
// GetEncryptedKey returns encrypted symmetric key
113
func (symmetricKey *SymmetricKey) GetEncryptedKey() []byte {
114
symmetricKey.mutex.RLock()
115
defer symmetricKey.mutex.RUnlock()
116
return symmetricKey.EncryptedSymmetricKey
119
// SetKey set unencrypted symmetric key
120
func (symmetricKey *SymmetricKey) SetKey(key []byte) error {
121
symmetricKey.mutex.Lock()
122
symmetricKey.SymmetricKey = key
123
symmetricKey.mutex.Unlock()
127
// SetEncryptedKey set encrypted symmetric key
128
func (symmetricKey *SymmetricKey) SetEncryptedKey(encryptedKey []byte) error {
129
symmetricKey.mutex.Lock()
130
symmetricKey.EncryptedSymmetricKey = encryptedKey
131
symmetricKey.mutex.Unlock()
135
// GetKeyID returns AWS KMS key ID
136
func (symmetricKey *SymmetricKey) GetKeyID() string {
137
symmetricKey.mutex.RLock()
138
defer symmetricKey.mutex.RUnlock()
139
return symmetricKey.KeyID
142
// GetEncryptedKeyLen returns encrypted key length
143
func (symmetricKey *SymmetricKey) GetEncryptedKeyLen() int {
144
symmetricKey.mutex.RLock()
145
defer symmetricKey.mutex.RUnlock()
146
return symmetricKey.EncryptedSymmetricKeyLen
149
// GetKeyLen returns key length
150
func (symmetricKey *SymmetricKey) GetKeyLen() int {
151
symmetricKey.mutex.RLock()
152
defer symmetricKey.mutex.RUnlock()
153
return symmetricKey.SymmetricKeyLen
156
// NewSymmetricKey creates new symmetric AWS KMS key object
157
func NewSymmetricKey(kmsKeyID string, keyLen int, encryptedKeyLen int, kmsRegion string) *SymmetricKey {
158
return &SymmetricKey{SymmetricKeyLen: keyLen,
159
EncryptedSymmetricKeyLen: encryptedKeyLen,