/
dataEncryptor.go
79 lines (68 loc) · 2.81 KB
/
dataEncryptor.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
/*
Copyright 2018, Cossack Labs Limited
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package masking
import (
"errors"
"github.com/cossacklabs/acra/encryptor"
"github.com/cossacklabs/acra/decryptor/base"
"github.com/cossacklabs/acra/encryptor/config"
"github.com/cossacklabs/acra/keystore"
)
// DataEncryptor performs partial encryption of plaintext in the cell
type DataEncryptor struct {
acrawriterEncryptor encryptor.DataEncryptor
keystore keystore.DecryptionKeyStore
decryptor base.DecryptProcessor
}
// NewMaskingDataEncryptor return new DataEncryptor
func NewMaskingDataEncryptor(keystore keystore.DecryptionKeyStore, dataEncryptor encryptor.DataEncryptor) (*DataEncryptor, error) {
return &DataEncryptor{dataEncryptor, keystore, base.DecryptProcessor{}}, nil
}
// EncryptWithClientID mask data according to setting
func (e *DataEncryptor) EncryptWithClientID(clientID, data []byte, setting config.ColumnEncryptionSetting) ([]byte, error) {
return e.encryptByFunction(clientID, data, setting, e.acrawriterEncryptor.EncryptWithClientID)
}
type encryptionFunction func([]byte, []byte, config.ColumnEncryptionSetting) ([]byte, error)
func (e *DataEncryptor) encryptByFunction(context, data []byte, settingCE config.ColumnEncryptionSetting, encryptionFunc encryptionFunction) ([]byte, error) {
setting, ok := settingCE.(config.ColumnEncryptionSetting)
if !ok {
return nil, errors.New("can't cast column encryption settings")
}
if setting.GetMaskingPattern() != "" {
partialPlaintextLen := setting.GetPartialPlaintextLen()
if partialPlaintextLen >= len(data) {
// two variants are possible in such case:
// to encrypt all data or to left all data in plaintext.
// Seems encrypt data is better
return encryptionFunc(context, data, setting)
}
var result []byte
if setting.IsEndMasking() {
partialPlaintext := data[0:partialPlaintextLen]
acrastruct, err := encryptionFunc(context, data[partialPlaintextLen:], setting)
if err != nil {
return nil, err
}
result = append(partialPlaintext, acrastruct...)
} else {
partialPlaintext := data[len(data)-partialPlaintextLen:]
acrastruct, err := encryptionFunc(context, data[0:len(data)-partialPlaintextLen], setting)
if err != nil {
return nil, err
}
result = append(acrastruct, partialPlaintext...)
}
return result, nil
}
return data, nil
}