zitadel/internal/crypto/crypto.go

107 lines
2.7 KiB
Go
Raw Normal View History

2020-03-23 07:06:44 +01:00
package crypto
import (
"github.com/caos/zitadel/internal/errors"
)
const (
TypeEncryption CryptoType = iota
TypeHash
)
type Crypto interface {
Algorithm() string
}
2020-03-30 09:28:00 +02:00
type EncryptionAlgorithm interface {
2020-03-23 07:06:44 +01:00
Crypto
EncryptionKeyID() string
DecryptionKeyIDs() []string
Encrypt(value []byte) ([]byte, error)
Decrypt(hashed []byte, keyID string) ([]byte, error)
DecryptString(hashed []byte, keyID string) (string, error)
}
2020-03-30 09:28:00 +02:00
type HashAlgorithm interface {
2020-03-23 07:06:44 +01:00
Crypto
Hash(value []byte) ([]byte, error)
CompareHash(hashed, comparer []byte) error
}
type CryptoValue struct {
CryptoType CryptoType
Algorithm string
KeyID string
Crypted []byte
}
type CryptoType int
func Crypt(value []byte, c Crypto) (*CryptoValue, error) {
switch alg := c.(type) {
2020-03-30 09:28:00 +02:00
case EncryptionAlgorithm:
2020-03-23 07:06:44 +01:00
return Encrypt(value, alg)
2020-03-30 09:28:00 +02:00
case HashAlgorithm:
2020-03-23 07:06:44 +01:00
return Hash(value, alg)
}
return nil, errors.ThrowInternal(nil, "CRYPT-r4IaHZ", "algorithm not supported")
}
2020-03-30 09:28:00 +02:00
func Encrypt(value []byte, alg EncryptionAlgorithm) (*CryptoValue, error) {
2020-03-23 07:06:44 +01:00
encrypted, err := alg.Encrypt(value)
if err != nil {
return nil, errors.ThrowInternal(err, "CRYPT-qCD0JB", "error encrypting value")
}
return &CryptoValue{
CryptoType: TypeEncryption,
Algorithm: alg.Algorithm(),
KeyID: alg.EncryptionKeyID(),
Crypted: encrypted,
}, nil
}
2020-03-30 09:28:00 +02:00
func Decrypt(value *CryptoValue, alg EncryptionAlgorithm) ([]byte, error) {
if err := checkEncryptionAlgorithm(value, alg); err != nil {
2020-03-23 07:06:44 +01:00
return nil, err
}
return alg.Decrypt(value.Crypted, value.KeyID)
}
2020-03-30 09:28:00 +02:00
func DecryptString(value *CryptoValue, alg EncryptionAlgorithm) (string, error) {
if err := checkEncryptionAlgorithm(value, alg); err != nil {
2020-03-23 07:06:44 +01:00
return "", err
}
return alg.DecryptString(value.Crypted, value.KeyID)
}
2020-03-30 09:28:00 +02:00
func checkEncryptionAlgorithm(value *CryptoValue, alg EncryptionAlgorithm) error {
2020-03-23 07:06:44 +01:00
if value.Algorithm != alg.Algorithm() {
return errors.ThrowInvalidArgument(nil, "CRYPT-Nx7XlT", "value was encrypted with a different key")
}
for _, id := range alg.DecryptionKeyIDs() {
if id == value.KeyID {
return nil
}
}
return errors.ThrowInvalidArgument(nil, "CRYPT-Kq12vn", "value was encrypted with a different key")
}
2020-03-30 09:28:00 +02:00
func Hash(value []byte, alg HashAlgorithm) (*CryptoValue, error) {
2020-03-23 07:06:44 +01:00
hashed, err := alg.Hash(value)
if err != nil {
return nil, errors.ThrowInternal(err, "CRYPT-rBVaJU", "error hashing value")
}
return &CryptoValue{
CryptoType: TypeHash,
Algorithm: alg.Algorithm(),
Crypted: hashed,
}, nil
}
2020-03-30 09:28:00 +02:00
func CompareHash(value *CryptoValue, comparer []byte, alg HashAlgorithm) error {
2020-03-30 11:26:02 +02:00
if value.Algorithm != alg.Algorithm() {
return errors.ThrowInvalidArgument(nil, "CRYPT-HF32f", "value was hash with a different algorithm")
}
2020-03-23 07:06:44 +01:00
return alg.CompareHash(value.Crypted, comparer)
}