-
Notifications
You must be signed in to change notification settings - Fork 2
/
utils.go
125 lines (107 loc) · 2.47 KB
/
utils.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
package main
import (
crand "crypto/rand"
"encoding/base64"
"encoding/hex"
"fmt"
"io"
"log"
"os"
"sync"
"github.com/hashicorp/vault/shamir"
)
var (
once sync.Once
)
// ShamirParams represents parameters needed to generate a new
// encryption key
type ShamirParams struct {
Parts int // total parts to split key into
Threshold int // number of parts required to decrypt
}
// ShamirKey represents a key that has been split into N parts
// where any M are required to encrypt / decrypt.
type ShamirKey struct {
Key [56]byte
Parts [][]byte
}
func generateShamirKey(params *ShamirParams) *ShamirKey {
key := generateNaclKey()
parts, err := shamir.Split(key[:], params.Parts, params.Threshold)
if err != nil {
log.Fatalln("Unable to split key", err)
}
return &ShamirKey{key, parts}
}
func displayShamirKey(key *ShamirKey, encoding string) {
for i := range key.Parts {
displayShamirKeyPart(i, key.Parts[i], encoding)
}
}
func displayShamirKeyPart(index int, part []byte, encoding string) {
fmt.Printf(" [%d] %s\n", index+1, encode(part, encoding))
}
func generateNaclKey() [56]byte {
var key [56]byte
fillRandomBytes(key[:])
return key
}
func splitNaclKey(naclKey [56]byte) ([24]byte, [32]byte) {
var nonce [24]byte
var key [32]byte
copy(nonce[:], naclKey[:24])
copy(key[:], naclKey[24:])
return nonce, key
}
func fillRandomBytes(raw []byte) {
if _, err := io.ReadFull(crand.Reader, raw); err != nil {
log.Panicln(err)
}
}
func encode(part []byte, enc string) string {
switch enc {
case encodingBASE64:
return base64.StdEncoding.EncodeToString(part)
default:
return hex.EncodeToString(part)
}
}
func decode(part, enc string) ([]byte, error) {
switch enc {
case encodingBASE64:
return base64.StdEncoding.DecodeString(part)
default:
return hex.DecodeString(part)
}
}
// Check if the given path can be read
func canReadFile(path string) bool {
file, err := os.Open(path)
defer file.Close()
return err == nil
}
// Ensure the path exists and is accessible
func fileExists(path string) bool {
_, err := os.Stat(path)
return err == nil
}
// Exit if the value is empty string
func exitOnEmpty(msg, value string) {
if value == "" {
exit(1, msg)
}
}
// Exit if the error value is non-nil
func exitOnError(msg string, err error) {
if err != nil {
exit(1, msg, err)
}
}
// Exit with the given code. Prints ERROR header if code != 0
func exit(code int, msg ...interface{}) {
if code != 0 {
fmt.Printf("ERROR: ")
}
fmt.Println(msg...)
os.Exit(code)
}