opensight-golang-libraries/pkg/dbcrypt/cipher.go at febb8d66c107b5dc334601abc7c89192c54013bb · greenbone/opensight-golang-libraries · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
// SPDX-FileCopyrightText: 2025 Greenbone AG <https://greenbone.net>
//
// SPDX-License-Identifier: AGPL-3.0-or-later

package dbcrypt

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/rand"
	"encoding/base64"
	"encoding/hex"
	"fmt"
	"io"

	"golang.org/x/crypto/argon2"
)

type dbCipher interface {
	Prefix() string
	Encrypt(plaintext []byte) ([]byte, error)
	Decrypt(ciphertext []byte) ([]byte, error)
}

type dbCipherV1 struct {
	key []byte
}

func newDbCipherV1(conf Config) (dbCipher, error) {
	// Historically "v1" uses key truncation to 32 bytes. It needs to be preserved for backward compatibility.
	key := []byte(conf.Password + conf.PasswordSalt)[:32]
	return dbCipherV1{key: key}, nil
}

func (c dbCipherV1) Prefix() string {
	return "ENC"
}

func (c dbCipherV1) Encrypt(plaintext []byte) ([]byte, error) {
	block, err := aes.NewCipher(c.key)
	if err != nil {
		return nil, err
	}

	gcm, err := cipher.NewGCM(block)
	if err != nil {
		return nil, err
	}

	iv := make([]byte, gcm.NonceSize())
	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
		return nil, err
	}

	ciphertext := gcm.Seal(nil, iv, []byte(plaintext), nil)
	ciphertextWithIv := append(iv, ciphertext...)
	encoded := hex.AppendEncode(nil, ciphertextWithIv)
	return encoded, nil
}

func (c dbCipherV1) Decrypt(encoded []byte) ([]byte, error) {
	ciphertextWithIv, err := hex.AppendDecode(nil, encoded)
	if err != nil {
		return nil, fmt.Errorf("error decoding ciphertext: %w", err)
	}

	if len(ciphertextWithIv) < aes.BlockSize+1 {
		return nil, fmt.Errorf("ciphertext too short")
	}

	block, err := aes.NewCipher(c.key)
	if err != nil {
		return nil, fmt.Errorf("error creating AES cipher: %w", err)
	}

	gcm, err := cipher.NewGCM(block)
	if err != nil {
		return nil, err
	}

	iv := ciphertextWithIv[:gcm.NonceSize()]
	ciphertext := ciphertextWithIv[gcm.NonceSize():]

	plaintext, err := gcm.Open(nil, iv, ciphertext, nil)
	if err != nil {
		return nil, fmt.Errorf("error decrypting ciphertext: %w", err)
	}

	return plaintext, nil
}

type dbCipherV2 struct {
	key []byte
}

func newDbCipherV2(conf Config) (dbCipher, error) {
	// "v2" uses proper KDF (argon2id) to get the key
	key := argon2.IDKey([]byte(conf.Password), []byte(conf.PasswordSalt), 1, 64*1024, 4, 32)
	return dbCipherV2{key: key}, nil
}

func (c dbCipherV2) Prefix() string {
	return "ENCV2"
}

func (c dbCipherV2) Encrypt(plaintext []byte) ([]byte, error) {
	block, err := aes.NewCipher(c.key)
	if err != nil {
		return nil, err
	}

	gcm, err := cipher.NewGCMWithRandomNonce(block)
	if err != nil {
		return nil, err
	}

	ciphertext := gcm.Seal(nil, nil, []byte(plaintext), nil)
	encoded := base64.StdEncoding.AppendEncode(nil, ciphertext)
	return encoded, nil
}

func (c dbCipherV2) Decrypt(encoded []byte) ([]byte, error) {
	ciphertext, err := base64.StdEncoding.AppendDecode(nil, encoded)
	if err != nil {
		return nil, fmt.Errorf("error decoding ciphertext: %w", err)
	}

	if len(ciphertext) < aes.BlockSize+1 {
		return nil, fmt.Errorf("ciphertext too short")
	}

	block, err := aes.NewCipher(c.key)
	if err != nil {
		return nil, fmt.Errorf("error creating AES cipher: %w", err)
	}

	gcm, err := cipher.NewGCMWithRandomNonce(block)
	if err != nil {
		return nil, err
	}

	plaintext, err := gcm.Open(nil, nil, ciphertext, nil)
	if err != nil {
		return nil, fmt.Errorf("error decrypting ciphertext: %w", err)
	}

	return plaintext, nil
}