generated from TrueCloudLab/basic
parent
2c10d9920f
commit
7145bd89e1
1 changed files with 6 additions and 6 deletions
12
mfa/pack.go
12
mfa/pack.go
|
|
@ -31,10 +31,10 @@ func PackMFABox(secret *otp.Key, unlockerKeys []*keys.PublicKey) (*MFABox, error
|
|||
}
|
||||
|
||||
// First step: generate encryption key and encrypt secret data with it.
|
||||
secretUrl := secret.URL()
|
||||
secretURL := secret.URL()
|
||||
|
||||
// prepare MFA secret for encryption
|
||||
data, err := proto.Marshal(&Secrets{MFAURL: &secretUrl})
|
||||
data, err := proto.Marshal(&Secrets{MFAURL: &secretURL})
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("marshal secrets: %w", err)
|
||||
}
|
||||
|
|
@ -80,14 +80,14 @@ func PackMFABox(secret *otp.Key, unlockerKeys []*keys.PublicKey) (*MFABox, error
|
|||
// UnpackMFABox decrypts OTP key using unlocker key.
|
||||
func UnpackMFABox(box *MFABox, unlockerKey *keys.PrivateKey) (*otp.Key, error) {
|
||||
unlockerPublicKey := unlockerKey.PublicKey().Bytes()
|
||||
ecdhKey, err := keys.NewPublicKeyFromBytes(box.ECDHPublicKey, elliptic.P256())
|
||||
ecdhKey, err := keys.NewPublicKeyFromBytes(box.GetECDHPublicKey(), elliptic.P256())
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("parse ECDH key: %w", err)
|
||||
}
|
||||
|
||||
// First step: find unlocker message for unlocker key
|
||||
var suitableUnlocker *Unlocker
|
||||
for _, unlocker := range box.Unlockers {
|
||||
for _, unlocker := range box.GetUnlockers() {
|
||||
if bytes.Equal(unlockerPublicKey, unlocker.GetPublicKey()) {
|
||||
suitableUnlocker = unlocker
|
||||
break
|
||||
|
|
@ -104,7 +104,7 @@ func UnpackMFABox(box *MFABox, unlockerKey *keys.PrivateKey) (*otp.Key, error) {
|
|||
}
|
||||
|
||||
// Third step: decrypt MFA secret
|
||||
data, err := decryptData(box.EncryptedSecrets, secretEncryptionKey, box.Salt)
|
||||
data, err := decryptData(box.GetEncryptedSecrets(), secretEncryptionKey, box.GetSalt())
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("decrypt secrets: %w", err)
|
||||
}
|
||||
|
|
@ -146,7 +146,7 @@ func unpackUnlocker(unlocker *Unlocker, ecdhKey *keys.PublicKey, unlockerKey *ke
|
|||
return nil, fmt.Errorf("generate ECDH: %w", err)
|
||||
}
|
||||
|
||||
return decryptData(unlocker.EncryptedSecretsKey, uniqueUnlockerKey, unlocker.Salt)
|
||||
return decryptData(unlocker.GetEncryptedSecretsKey(), uniqueUnlockerKey, unlocker.GetSalt())
|
||||
}
|
||||
|
||||
func encryptData(data, encryptionKey []byte) (encryptedData []byte, salt []byte, err error) {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue