TrueCloudLab/frostfs-node
19
1
Fork 27
Code Issues 91 Pull requests 7 Projects Releases 1 Activity Actions
frostfs-node/pkg/services/session/storage/persistent/encryption.go

33 lines
730 B
Go
Raw Normal View History

[#1255] node/session: Add encryption Add `WithEncryption` option that passes ECDSA key to the persistent session storage. It uses 32 bytes from marshalled ECDSA key in ASN.1 DER from in AES-256 algorithm encryption in Galois/Counter Mode. Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2022-03-21 11:53:49 +00:00
package persistent
import (
"crypto/rand"
"fmt"
"io"
)
func (s *TokenStore) encrypt(value []byte) ([]byte, error) {
nonce := make([]byte, s.gcm.NonceSize())
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
return nil, fmt.Errorf("could not init random nonce: %w", err)
}
return s.gcm.Seal(nonce, nonce, value, nil), nil
}
func (s *TokenStore) decrypt(value []byte) ([]byte, error) {
nonceSize := s.gcm.NonceSize()
if len(value) < nonceSize {
return nil, fmt.Errorf(
[#1910] .golangci.yml: Add `misspell` linker Signed-off-by: Evgenii Stratonikov <evgeniy@morphbits.ru>
2022-10-17 12:33:41 +00:00
"unexpected encrypted length: nonce length is %d, encrypted data length is %d",
[#1255] node/session: Add encryption Add `WithEncryption` option that passes ECDSA key to the persistent session storage. It uses 32 bytes from marshalled ECDSA key in ASN.1 DER from in AES-256 algorithm encryption in Galois/Counter Mode. Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2022-03-21 11:53:49 +00:00
nonceSize,
len(value),
)
}
nonce, encryptedData := value[:nonceSize], value[nonceSize:]
return s.gcm.Open(nil, nonce, encryptedData, nil)
}
Reference in a new issue Copy permalink