frostfs-node/pkg/services/session/storage/persistent/encryption.go
Pavel Karpy 01ed366e99 [] node/session: Add encryption
Add `WithEncryption` option that passes ECDSA key to the persistent session
storage. It uses 32 bytes from marshalled ECDSA key in ASN.1 DER from in
AES-256 algorithm encryption in Galois/Counter Mode.

Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2022-03-29 09:35:10 +03:00

32 lines
730 B
Go

package persistent
import (
"crypto/rand"
"fmt"
"io"
)
func (s *TokenStore) encrypt(value []byte) ([]byte, error) {
nonce := make([]byte, s.gcm.NonceSize())
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
return nil, fmt.Errorf("could not init random nonce: %w", err)
}
return s.gcm.Seal(nonce, nonce, value, nil), nil
}
func (s *TokenStore) decrypt(value []byte) ([]byte, error) {
nonceSize := s.gcm.NonceSize()
if len(value) < nonceSize {
return nil, fmt.Errorf(
"unexpected encrypted length: nonce length is %d, encrypted data lenght is %d",
nonceSize,
len(value),
)
}
nonce, encryptedData := value[:nonceSize], value[nonceSize:]
return s.gcm.Open(nil, nonce, encryptedData, nil)
}