2018-10-19 21:43:57 +00:00
|
|
|
package seal
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
|
2019-02-01 19:29:55 +00:00
|
|
|
"github.com/hashicorp/vault/helper/xor"
|
2018-10-19 21:43:57 +00:00
|
|
|
"github.com/hashicorp/vault/physical"
|
|
|
|
)
|
|
|
|
|
2018-10-29 13:30:24 +00:00
|
|
|
type TestSeal struct {
|
2019-02-01 19:29:55 +00:00
|
|
|
secret []byte
|
2018-10-29 13:30:24 +00:00
|
|
|
}
|
2018-10-19 21:43:57 +00:00
|
|
|
|
|
|
|
var _ Access = (*TestSeal)(nil)
|
|
|
|
|
2019-02-01 19:29:55 +00:00
|
|
|
func NewTestSeal(secret []byte) *TestSeal {
|
2018-10-29 13:30:24 +00:00
|
|
|
return &TestSeal{
|
2019-02-01 19:29:55 +00:00
|
|
|
secret: secret,
|
2018-10-29 13:30:24 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-10-19 21:43:57 +00:00
|
|
|
func (s *TestSeal) Init(_ context.Context) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (t *TestSeal) Finalize(_ context.Context) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (t *TestSeal) SealType() string {
|
|
|
|
return Test
|
|
|
|
}
|
|
|
|
|
|
|
|
func (t *TestSeal) KeyID() string {
|
|
|
|
return "static-key"
|
|
|
|
}
|
|
|
|
|
|
|
|
func (t *TestSeal) Encrypt(_ context.Context, plaintext []byte) (*physical.EncryptedBlobInfo, error) {
|
2019-02-01 19:29:55 +00:00
|
|
|
ct, err := t.obscureBytes(plaintext)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2018-10-19 21:43:57 +00:00
|
|
|
return &physical.EncryptedBlobInfo{
|
2019-02-01 19:29:55 +00:00
|
|
|
Ciphertext: ct,
|
2019-01-22 22:23:20 +00:00
|
|
|
KeyInfo: &physical.SealKeyInfo{
|
|
|
|
KeyID: t.KeyID(),
|
|
|
|
},
|
2018-10-19 21:43:57 +00:00
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (t *TestSeal) Decrypt(_ context.Context, dwi *physical.EncryptedBlobInfo) ([]byte, error) {
|
2019-02-01 19:29:55 +00:00
|
|
|
return t.obscureBytes(dwi.Ciphertext)
|
2018-10-19 21:43:57 +00:00
|
|
|
}
|
|
|
|
|
2019-02-01 19:29:55 +00:00
|
|
|
// obscureBytes is a helper to simulate "encryption/decryption"
|
2018-10-19 21:43:57 +00:00
|
|
|
// on protected values.
|
2019-02-01 19:29:55 +00:00
|
|
|
func (t *TestSeal) obscureBytes(in []byte) ([]byte, error) {
|
2018-10-19 21:43:57 +00:00
|
|
|
out := make([]byte, len(in))
|
2019-02-01 19:29:55 +00:00
|
|
|
|
|
|
|
if len(t.secret) != 0 {
|
|
|
|
// make sure they are the same length
|
|
|
|
localSecret := make([]byte, len(in))
|
|
|
|
copy(localSecret, t.secret)
|
|
|
|
|
|
|
|
var err error
|
|
|
|
|
|
|
|
out, err = xor.XORBytes(in, localSecret)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
} else {
|
|
|
|
// if there is no secret, simply reverse the string
|
|
|
|
for i := 0; i < len(in); i++ {
|
|
|
|
out[i] = in[len(in)-1-i]
|
|
|
|
}
|
2018-10-19 21:43:57 +00:00
|
|
|
}
|
2019-02-01 19:29:55 +00:00
|
|
|
|
|
|
|
return out, nil
|
2018-10-19 21:43:57 +00:00
|
|
|
}
|