/
keystore.go
87 lines (71 loc) · 2.15 KB
/
keystore.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
package pool
import (
"crypto/aes"
"encoding/json"
"fmt"
"time"
"github.com/code-to-go/safepool/core"
"github.com/code-to-go/safepool/security"
"github.com/patrickmn/go-cache"
)
type Keystore map[uint64][]byte
var cachedEncKeys = cache.New(time.Hour, 10*time.Hour)
func (p *Pool) decodeKeystore(masterKey []byte, keystore []byte, nonce []byte) (Keystore, error) {
if masterKey == nil {
core.IsErr(ErrNotAuthorized, "No encryption key for id '%d': %v", p.masterKeyId)
return nil, ErrNotAuthorized
}
ks, err := p.unmarshalKeystore(masterKey, nonce, keystore)
if core.IsErr(err, "cannot unmarshal keystore for pool '%s': %v", p.Name) {
return nil, err
}
for id, val := range ks {
err = p.sqlSetKey(id, val)
if core.IsErr(err, "cannot set key %d to DB for pool '%s': %v", id, p.Name) {
return nil, err
}
}
return ks, nil
}
func (p *Pool) encodeKeystore() (keystore []byte, noonce []byte, err error) {
ks, err := p.sqlGetKeystore()
if core.IsErr(err, "cannot read keystore from db for pool '%s': %v", p.Name) {
return nil, nil, err
}
noonce = security.GenerateBytesKey(aes.BlockSize)
keystore, err = p.marshalKeystore(p.masterKey, noonce, ks)
if core.IsErr(err, "cannot marshal keystore for pool '%s': %v", p.Name) {
return nil, nil, err
}
return keystore, noonce, nil
}
func (p *Pool) marshalKeystore(masterKey []byte, nonce []byte, ks Keystore) ([]byte, error) {
data, err := json.Marshal(ks)
if core.IsErr(err, "cannot marshal keystore: %v") {
return nil, err
}
return security.EncryptBlock(masterKey, nonce, data)
}
func (p *Pool) unmarshalKeystore(masterKey []byte, nonce []byte, cipherdata []byte) (Keystore, error) {
data, err := security.DecryptBlock(masterKey, nonce, cipherdata)
if core.IsErr(err, "invalid key or corrupted keystore: %v") {
return nil, err
}
var ks Keystore
err = json.Unmarshal(data, &ks)
return ks, err
}
func (p *Pool) keyFunc(id uint64) []byte {
if id == p.masterKeyId {
return p.masterKey
}
k := fmt.Sprintf("%s-%d", p.Name, id)
if v, found := cachedEncKeys.Get(k); found {
return v.([]byte)
}
v := p.sqlGetKey(id)
if v != nil {
cachedEncKeys.Set(k, v, cache.DefaultExpiration)
}
return v
}