new repo

[bytom/vapor.git] / vendor / github.com / tendermint / go-crypto / keys / cryptostore / encoder.go

package cryptostore

import (
        "github.com/pkg/errors"
        crypto "github.com/tendermint/go-crypto"
)

var (
        // SecretBox uses the algorithm from NaCL to store secrets securely
        SecretBox Encoder = secretbox{}
        // Noop doesn't do any encryption, should only be used in test code
        Noop Encoder = noop{}
)

// Encoder is used to encrypt any key with a passphrase for storage.
//
// This should use a well-designed symetric encryption algorithm
type Encoder interface {
        Encrypt(key crypto.PrivKey, pass string) ([]byte, error)
        Decrypt(data []byte, pass string) (crypto.PrivKey, error)
}

func secret(passphrase string) []byte {
        // TODO: Sha256(Bcrypt(passphrase))
        return crypto.Sha256([]byte(passphrase))
}

type secretbox struct{}

func (e secretbox) Encrypt(key crypto.PrivKey, pass string) ([]byte, error) {
        if pass == "" {
                return key.Bytes(), nil
        }
        s := secret(pass)
        cipher := crypto.EncryptSymmetric(key.Bytes(), s)
        return cipher, nil
}

func (e secretbox) Decrypt(data []byte, pass string) (key crypto.PrivKey, err error) {
        private := data
        if pass != "" {
                s := secret(pass)
                private, err = crypto.DecryptSymmetric(data, s)
                if err != nil {
                        return crypto.PrivKey{}, errors.Wrap(err, "Invalid Passphrase")
                }
        }
        key, err = crypto.PrivKeyFromBytes(private)
        return key, errors.Wrap(err, "Invalid Passphrase")
}

type noop struct{}

func (n noop) Encrypt(key crypto.PrivKey, pass string) ([]byte, error) {
        return key.Bytes(), nil
}

func (n noop) Decrypt(data []byte, pass string) (crypto.PrivKey, error) {
        return crypto.PrivKeyFromBytes(data)
}