| 112 | } |
| 113 | |
| 114 | func decrypt(file io.ReaderAt, outfile io.Writer, block cipher.Block, sz int64) error { |
| 115 | // decrypt header in audit log to verify encryption key |
| 116 | // [16]byte IV + [4]byte len(x.VerificationText) + [11]byte x.VerificationText |
| 117 | decryptHeader := func() ([]byte, int64, error) { |
| 118 | var iterator int64 |
| 119 | iv := make([]byte, aes.BlockSize) |
| 120 | n, err := file.ReadAt(iv, iterator) // get first iv |
| 121 | if err != nil { |
| 122 | return nil, 0, fmt.Errorf("unable to read IV: %w", err) |
| 123 | } |
| 124 | iterator = iterator + int64(n) + 4 // length of verification text encoded in uint32 |
| 125 | |
| 126 | ct := make([]byte, len(x.VerificationText)) |
| 127 | n, err = file.ReadAt(ct, iterator) |
| 128 | if err != nil { |
| 129 | return nil, 0, fmt.Errorf("unable to read verification text: %w", err) |
| 130 | } |
| 131 | iterator = iterator + int64(n) |
| 132 | |
| 133 | stream := cipher.NewCTR(block, iv) |
| 134 | stream.XORKeyStream(ct, ct) |
| 135 | if string(ct) != x.VerificationText { |
| 136 | return nil, 0, errors.New("invalid encryption key provided. Please check your encryption key") |
| 137 | } |
| 138 | return iv, iterator, nil |
| 139 | } |
| 140 | |
| 141 | // [12]byte baseIV + [4]byte len(x.VerificationTextDeprecated) + [11]byte x.VerificationTextDeprecated |
| 142 | decryptHeaderDeprecated := func() ([]byte, int64, error) { |
| 143 | var iterator int64 = 0 |
| 144 | |
| 145 | iv := make([]byte, aes.BlockSize) |
| 146 | n, err := file.ReadAt(iv, iterator) |
| 147 | if err != nil { |
| 148 | return nil, 0, fmt.Errorf("unable to read IV: %w", err) |
| 149 | } |
| 150 | iterator = iterator + int64(n) |
| 151 | |
| 152 | ct := make([]byte, len(x.VerificationTextDeprecated)) |
| 153 | n, err = file.ReadAt(ct, iterator) |
| 154 | if err != nil { |
| 155 | return nil, 0, fmt.Errorf("unable to read verification text: %w", err) |
| 156 | } |
| 157 | iterator = iterator + int64(n) |
| 158 | |
| 159 | stream := cipher.NewCTR(block, iv) |
| 160 | stream.XORKeyStream(ct, ct) |
| 161 | if string(ct) != x.VerificationTextDeprecated { |
| 162 | return nil, 0, errors.New("invalid encryption key provided. Please check your encryption key") |
| 163 | } |
| 164 | return iv, iterator, nil |
| 165 | } |
| 166 | |
| 167 | useDeprecated := false |
| 168 | iv, iterator, err := decryptHeader() |
| 169 | if err != nil { |
| 170 | // might have an old audit log |
| 171 | iv2, iterator2, err := decryptHeaderDeprecated() |