Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
material: add Material type
Material holds non-secret encryption data; usually ciphertext. It is used to store non sensitive data in the vault used for input to unlock a vault.
- Loading branch information
1 parent
be7e5cb
commit 698e92c
Showing
6 changed files
with
492 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
package material | ||
|
||
// DB interface for loading and storing material. | ||
type DB interface { | ||
// LoadMaterial retrieves Material data from a backing store. | ||
LoadMaterial([]byte) (*Material, error) | ||
|
||
// StoreMaterial saves Material data to a backing store. | ||
StoreMaterial(*Material) error | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
package material | ||
|
||
import ( | ||
"crypto/hmac" | ||
"crypto/rand" | ||
"crypto/sha256" | ||
"io" | ||
) | ||
|
||
// New constructs a new Material for an id & data. | ||
func New(id []byte, data [][]byte) (*Material, error) { | ||
nonce := make([]byte, 24) | ||
if _, err := io.ReadFull(rand.Reader, nonce); err != nil { | ||
return nil, err | ||
} | ||
|
||
return &Material{ | ||
Data: data, | ||
ID: id, | ||
Nonce: nonce, | ||
}, nil | ||
} | ||
|
||
// Comment string | ||
func (m *Material) Comment() string { return m.comment } | ||
|
||
// Digest returns a unique series of bytes that identify the Material. | ||
func (m *Material) Digest() ([]byte, error) { | ||
// SHA256(Nonce,ID|Data[*]) | ||
hash := hmac.New(sha256.New, m.Nonce) | ||
|
||
if _, err := hash.Write(m.ID); err != nil { | ||
return nil, err | ||
} | ||
|
||
for _, chunk := range m.Data { | ||
if _, err := hash.Write(chunk); err != nil { | ||
return nil, err | ||
} | ||
} | ||
|
||
return hash.Sum(nil), nil | ||
} |
Oops, something went wrong.