MCPcopy
hub / github.com/dgraph-io/dgraph / decrypt

Function decrypt

audit/run.go:114–273  ·  view source on GitHub ↗
(file io.ReaderAt, outfile io.Writer, block cipher.Block, sz int64)

Source from the content-addressed store, hash-verified

112}
113
114func decrypt(file io.ReaderAt, outfile io.Writer, block cipher.Block, sz int64) error {
115 // decrypt header in audit log to verify encryption key
116 // [16]byte IV + [4]byte len(x.VerificationText) + [11]byte x.VerificationText
117 decryptHeader := func() ([]byte, int64, error) {
118 var iterator int64
119 iv := make([]byte, aes.BlockSize)
120 n, err := file.ReadAt(iv, iterator) // get first iv
121 if err != nil {
122 return nil, 0, fmt.Errorf("unable to read IV: %w", err)
123 }
124 iterator = iterator + int64(n) + 4 // length of verification text encoded in uint32
125
126 ct := make([]byte, len(x.VerificationText))
127 n, err = file.ReadAt(ct, iterator)
128 if err != nil {
129 return nil, 0, fmt.Errorf("unable to read verification text: %w", err)
130 }
131 iterator = iterator + int64(n)
132
133 stream := cipher.NewCTR(block, iv)
134 stream.XORKeyStream(ct, ct)
135 if string(ct) != x.VerificationText {
136 return nil, 0, errors.New("invalid encryption key provided. Please check your encryption key")
137 }
138 return iv, iterator, nil
139 }
140
141 // [12]byte baseIV + [4]byte len(x.VerificationTextDeprecated) + [11]byte x.VerificationTextDeprecated
142 decryptHeaderDeprecated := func() ([]byte, int64, error) {
143 var iterator int64 = 0
144
145 iv := make([]byte, aes.BlockSize)
146 n, err := file.ReadAt(iv, iterator)
147 if err != nil {
148 return nil, 0, fmt.Errorf("unable to read IV: %w", err)
149 }
150 iterator = iterator + int64(n)
151
152 ct := make([]byte, len(x.VerificationTextDeprecated))
153 n, err = file.ReadAt(ct, iterator)
154 if err != nil {
155 return nil, 0, fmt.Errorf("unable to read verification text: %w", err)
156 }
157 iterator = iterator + int64(n)
158
159 stream := cipher.NewCTR(block, iv)
160 stream.XORKeyStream(ct, ct)
161 if string(ct) != x.VerificationTextDeprecated {
162 return nil, 0, errors.New("invalid encryption key provided. Please check your encryption key")
163 }
164 return iv, iterator, nil
165 }
166
167 useDeprecated := false
168 iv, iterator, err := decryptHeader()
169 if err != nil {
170 // might have an old audit log
171 iv2, iterator2, err := decryptHeaderDeprecated()

Callers 2

runFunction · 0.70
TestDecryptFunction · 0.70

Calls 3

WarningfMethod · 0.80
WriteMethod · 0.65
ErrorfMethod · 0.45

Tested by 1

TestDecryptFunction · 0.56