1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
// Copyright 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package streamingaead
import (
"errors"
"io"
"github.com/tink-crypto/tink-go/v2/tink"
)
var (
_ io.Reader = &decryptReader{}
errKeyNotFound = errors.New("no matching key found for the ciphertext in the stream")
)
// decryptReader is a reader that tries to find the right key to decrypt ciphertext from the given primitive set.
type decryptReader struct {
wrapped *wrappedStreamingAEAD
// cr is a source Reader which provides ciphertext to be decrypted.
cr io.Reader
aad []byte
matchAttempted bool
// mr is a matched decrypting reader initialized with a proper key to decrypt ciphertext.
mr io.Reader
}
func (dr *decryptReader) Read(p []byte) (n int, err error) {
if dr.mr != nil {
return dr.mr.Read(p)
}
if dr.matchAttempted {
return 0, errKeyNotFound
}
dr.matchAttempted = true
ur := &unreader{r: dr.cr}
// find proper key to decrypt ciphertext
//
// For legacy reasons (Tink always encrypted with non-RAW keys) we use all
// primitives, even those which have output_prefix_type != RAW.
for _, e := range dr.wrapped.ps.EntriesInKeysetOrder {
sa, ok := e.Primitive.(tink.StreamingAEAD)
if !ok {
continue
}
read := func() (io.Reader, int, error) {
r, err := sa.NewDecryptingReader(ur, dr.aad)
if err != nil {
return nil, 0, err
}
n, err := r.Read(p)
if err != nil {
return nil, 0, err
}
return r, n, nil
}
r, n, err := read()
if err == nil {
dr.mr = r
ur.disable()
return n, nil
}
ur.unread()
}
return 0, errKeyNotFound
}
// unreader wraps a reader and keeps a copy of everything that's read so it can
// be unread and read again. When no additional unreads are needed, the buffer
// can be disabled and the memory released.
type unreader struct {
r io.Reader
buf []byte
pos int
disabled bool
}
func (u *unreader) Read(buf []byte) (int, error) {
if len(u.buf) != u.pos {
n := copy(buf, u.buf[u.pos:])
u.pos += n
return n, nil
}
n, err := u.r.Read(buf)
if u.disabled {
u.buf = nil
u.pos = 0
} else {
u.buf = append(u.buf, buf[:n]...)
u.pos = len(u.buf)
}
return n, err
}
// unread starts the reader over again. A copy of all read data will be returned
// by `Read()` before the wrapped reader is read from again.
func (u *unreader) unread() {
u.pos = 0
}
// disable ensures the buffer is released for garbage collection once it's no
// longer needed.
func (u *unreader) disable() {
u.disabled = true
}
|
