-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdecrypt.go
99 lines (79 loc) · 2.32 KB
/
decrypt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
// SPDX-FileCopyrightText: 2024 Shun Sakai
//
// SPDX-License-Identifier: Apache-2.0 OR MIT
package abcrypt
import (
"fmt"
"math"
"golang.org/x/crypto/argon2"
"golang.org/x/crypto/chacha20poly1305"
)
// Decryptor represents a decryptor for the abcrypt encrypted data format.
type Decryptor struct {
header *header
dk *derivedKey
ciphertext []byte
}
// NewDecryptor creates a new [Decryptor].
func NewDecryptor(ciphertext, passphrase []byte) (*Decryptor, error) {
header, err := parse(ciphertext)
if err != nil {
return nil, err
}
if header.argon2Version == version0x10 {
panic("abcrypt: version 0x10 is not supported")
}
if header.parallelism > math.MaxUint8 {
msg := fmt.Sprintf("abcrypt: `parallelism` over %v is not supported", math.MaxUint8)
panic(msg)
}
s := header.salt[:]
t := header.timeCost
m := header.memoryCost
p := uint8(header.parallelism)
// The derived key size is 96 bytes. The first 256 bits are for
// XChaCha20-Poly1305 key, and the last 512 bits are for
// BLAKE2b-512-MAC key.
var k []byte
switch header.argon2Type {
case argon2d:
panic("abcrypt: Argon2d is not supported")
case Argon2i:
k = argon2.Key(passphrase, s, t, m, p, derivedKeySize)
case Argon2id:
k = argon2.IDKey(passphrase, s, t, m, p, derivedKeySize)
}
derivedKey := newDerivedKey([derivedKeySize]byte(k))
if err := header.verifyMAC(derivedKey.mac[:], ciphertext[84:HeaderSize]); err != nil {
return nil, err
}
d := Decryptor{header, derivedKey, ciphertext[HeaderSize:]}
return &d, nil
}
// Decrypt decrypts the ciphertext and returns the plaintext.
func (d *Decryptor) Decrypt() ([]byte, error) {
cipher, err := chacha20poly1305.NewX(d.dk.encrypt[:])
if err != nil {
panic(err)
}
plaintext, err := cipher.Open(nil, d.header.nonce[:], d.ciphertext, nil)
if err != nil {
return nil, &InvalidMACError{err}
}
return plaintext, nil
}
// OutLen returns the number of output bytes of the decrypted data.
func (d *Decryptor) OutLen() int {
return len(d.ciphertext) - TagSize
}
// Decrypt decrypts the ciphertext and returns the plaintext.
//
// This is a convenience function for using [NewDecryptor] and
// [Decryptor.Decrypt].
func Decrypt(ciphertext, passphrase []byte) ([]byte, error) {
cipher, err := NewDecryptor(ciphertext, passphrase)
if err != nil {
return nil, err
}
return cipher.Decrypt()
}