diff --git a/src/agreements_db.go b/src/agreements_db.go index fc481a0..8935623 100644 --- a/src/agreements_db.go +++ b/src/agreements_db.go @@ -6,6 +6,7 @@ import ( "time" "github.com/securitybunker/databunker/src/storage" + "github.com/securitybunker/databunker/src/utils" "go.mongodb.org/mongo-driver/bson" ) @@ -39,7 +40,7 @@ func (dbobj dbcon) acceptAgreement(userTOKEN string, mode string, identity strin } encIdentity := "" if len(identity) > 0 { - encIdentity, _ = basicStringEncrypt(identity, dbobj.masterKey, dbobj.GetCode()) + encIdentity, _ = utils.BasicStringEncrypt(identity, dbobj.masterKey, dbobj.GetCode()) } if len(userTOKEN) > 0 { // first check if this agreement exists, then update @@ -103,7 +104,7 @@ func (dbobj dbcon) withdrawAgreement(userTOKEN string, brief string, mode string // update date, status encIdentity := "" if len(identity) > 0 { - encIdentity, _ = basicStringEncrypt(identity, dbobj.masterKey, dbobj.GetCode()) + encIdentity, _ = utils.BasicStringEncrypt(identity, dbobj.masterKey, dbobj.GetCode()) } bdoc := bson.M{} bdoc["when"] = now @@ -133,7 +134,7 @@ func (dbobj dbcon) listAgreementRecords(userTOKEN string) ([]byte, int, error) { for _, rec := range records { encIdentity := rec["who"].(string) if len(encIdentity) > 0 { - identity, _ := basicStringDecrypt(encIdentity, dbobj.masterKey, dbobj.GetCode()) + identity, _ := utils.BasicStringDecrypt(encIdentity, dbobj.masterKey, dbobj.GetCode()) if len(identity) > 0 { rec["who"] = identity } @@ -148,7 +149,7 @@ func (dbobj dbcon) listAgreementRecords(userTOKEN string) ([]byte, int, error) { } func (dbobj dbcon) listAgreementRecordsByIdentity(identity string) ([]byte, int, error) { - encIdentity, _ := basicStringEncrypt(identity, dbobj.masterKey, dbobj.GetCode()) + encIdentity, _ := utils.BasicStringEncrypt(identity, dbobj.masterKey, dbobj.GetCode()) records, err := dbobj.store.GetList(storage.TblName.Agreements, "who", encIdentity, 0, 0, "") if err != nil { return nil, 0, err @@ -175,7 +176,7 @@ func (dbobj dbcon) viewAgreementRecord(userTOKEN string, brief string) ([]byte, } encIdentity := record["who"].(string) if len(encIdentity) > 0 { - identity, _ := basicStringDecrypt(encIdentity, dbobj.masterKey, dbobj.GetCode()) + identity, _ := utils.BasicStringDecrypt(encIdentity, dbobj.masterKey, dbobj.GetCode()) if len(identity) > 0 { record["who"] = identity } @@ -209,7 +210,7 @@ func (dbobj dbcon) expireAgreementRecords(notifyURL string) error { } else { encIdentity := rec["who"].(string) dbobj.store.UpdateRecord2(storage.TblName.Agreements, "who", encIdentity, "brief", brief, &bdoc, nil) - identity, _ := basicStringDecrypt(encIdentity, dbobj.masterKey, dbobj.GetCode()) + identity, _ := utils.BasicStringDecrypt(encIdentity, dbobj.masterKey, dbobj.GetCode()) notifyConsentChange(notifyURL, brief, "expired", rec["mode"].(string), identity) } diff --git a/src/audit_db.go b/src/audit_db.go index 3c94eb8..79ef11c 100644 --- a/src/audit_db.go +++ b/src/audit_db.go @@ -4,11 +4,13 @@ import ( "encoding/json" "errors" "fmt" + //"log" "time" uuid "github.com/hashicorp/go-uuid" "github.com/securitybunker/databunker/src/storage" + "github.com/securitybunker/databunker/src/utils" "go.mongodb.org/mongo-driver/bson" ) @@ -47,7 +49,7 @@ func (event auditEvent) submit(db *dbcon, conf Config) { bdoc["atoken"] = atoken bdoc["when"] = event.When if len(event.Who) > 0 { - bdoc["who"], _ = basicStringEncrypt(event.Who, db.masterKey, db.GetCode()) + bdoc["who"], _ = utils.BasicStringEncrypt(event.Who, db.masterKey, db.GetCode()) } if len(event.Mode) > 0 { bdoc["mode"] = event.Mode @@ -56,7 +58,7 @@ func (event auditEvent) submit(db *dbcon, conf Config) { bdoc["identity"] = event.Identity } if len(event.Record) > 0 { - bdoc["record"], _ = basicStringEncrypt(event.Record, db.masterKey, db.GetCode()) + bdoc["record"], _ = utils.BasicStringEncrypt(event.Record, db.masterKey, db.GetCode()) } if len(event.App) > 0 { bdoc["app"] = event.App @@ -81,7 +83,7 @@ func (event auditEvent) submit(db *dbcon, conf Config) { } func (dbobj dbcon) getAuditEvents(userTOKEN string, offset int32, limit int32) ([]byte, int64, error) { - userTOKENEnc, _ := basicStringEncrypt(userTOKEN, dbobj.masterKey, dbobj.GetCode()) + userTOKENEnc, _ := utils.BasicStringEncrypt(userTOKEN, dbobj.masterKey, dbobj.GetCode()) count, err := dbobj.store.CountRecords(storage.TblName.Audit, "record", userTOKENEnc) if err != nil { return nil, 0, err @@ -110,7 +112,7 @@ func (dbobj dbcon) getAuditEvents(userTOKEN string, offset int32, limit int32) ( element["debug"] = "" } if _, ok := element["who"]; ok { - element["who"], _ = basicStringDecrypt(element["who"].(string), dbobj.masterKey, code) + element["who"], _ = utils.BasicStringDecrypt(element["who"].(string), dbobj.masterKey, code) } element["record"] = userTOKEN results = append(results, element) @@ -151,10 +153,10 @@ func (dbobj dbcon) getAdminAuditEvents(offset int32, limit int32) ([]byte, int64 element["debug"] = "" } if _, ok := element["record"]; ok { - element["record"], _ = basicStringDecrypt(element["record"].(string), dbobj.masterKey, code) + element["record"], _ = utils.BasicStringDecrypt(element["record"].(string), dbobj.masterKey, code) } if _, ok := element["who"]; ok { - element["who"], _ = basicStringDecrypt(element["who"].(string), dbobj.masterKey, code) + element["who"], _ = utils.BasicStringDecrypt(element["who"].(string), dbobj.masterKey, code) } results = append(results, element) } @@ -196,7 +198,7 @@ func (dbobj dbcon) getAuditEvent(atoken string) (string, []byte, error) { if len(userTOKENEnc) == 0 { return userTOKEN, nil, errors.New("empty token") } - userTOKEN, _ = basicStringDecrypt(userTOKENEnc, dbobj.masterKey, dbobj.GetCode()) + userTOKEN, _ = utils.BasicStringDecrypt(userTOKENEnc, dbobj.masterKey, dbobj.GetCode()) if len(before) > 0 { before2, after2, _ := dbobj.userDecrypt2(userTOKEN, before, after) //log.Printf("before: %s", before2) diff --git a/src/service.go b/src/service.go index 1e7dd00..e5d18f6 100644 --- a/src/service.go +++ b/src/service.go @@ -173,7 +173,7 @@ func setupDB(dbPtr *string, masterKeyPtr *string, customRootToken string) (*dbco } log.Println("Master key: ****") } else { - masterKey, err = generateMasterKey() + masterKey, err = utils.GenerateMasterKey() if err != nil { log.Printf("Failed to generate master key: %s", err) os.Exit(0) diff --git a/src/sessions_db.go b/src/sessions_db.go index 3a50eb6..ea3774f 100644 --- a/src/sessions_db.go +++ b/src/sessions_db.go @@ -27,11 +27,11 @@ func (dbobj dbcon) createSessionRecord(sessionUUID string, userTOKEN string, exp } //log.Printf("expiration set to: %d, now: %d", endtime, now) } - recordKey, err := generateRecordKey() + recordKey, err := utils.GenerateRecordKey() if err != nil { return "", err } - encoded, err := encrypt(dbobj.masterKey, recordKey, data) + encoded, err := utils.Encrypt(dbobj.masterKey, recordKey, data) if err != nil { return "", err } @@ -81,7 +81,7 @@ func (dbobj dbcon) getSession(sessionUUID string) (int32, []byte, string, error) if err != nil { return 0, nil, "", err } - decrypted, err := decrypt(dbobj.masterKey, recordKey, encData) + decrypted, err := utils.Decrypt(dbobj.masterKey, recordKey, encData) if err != nil { return 0, nil, "", err } @@ -105,7 +105,7 @@ func (dbobj dbcon) getUserSessionsByToken(userTOKEN string, offset int32, limit recordKey0 := element["key"].(string) recordKey, _ := base64.StdEncoding.DecodeString(recordKey0) encData, _ := base64.StdEncoding.DecodeString(encData0) - decrypted, _ := decrypt(dbobj.masterKey, recordKey, encData) + decrypted, _ := utils.Decrypt(dbobj.masterKey, recordKey, encData) sEvent := fmt.Sprintf(`{"when":%d,"session":"%s","data":%s}`, when, session, string(decrypted)) results = append(results, sEvent) } diff --git a/src/userapps_db.go b/src/userapps_db.go index 88ebd45..70cb669 100644 --- a/src/userapps_db.go +++ b/src/userapps_db.go @@ -9,6 +9,7 @@ import ( jsonpatch "github.com/evanphx/json-patch" "github.com/securitybunker/databunker/src/storage" + "github.com/securitybunker/databunker/src/utils" "go.mongodb.org/mongo-driver/bson" ) @@ -134,7 +135,7 @@ func (dbobj dbcon) updateAppRecord(jsonDataPatch []byte, userTOKEN string, appNa if err != nil { return userTOKEN, err } - decrypted, err := decrypt(dbobj.masterKey, recordKey, encData) + decrypted, err := utils.Decrypt(dbobj.masterKey, recordKey, encData) if err != nil { return userTOKEN, err } @@ -156,7 +157,7 @@ func (dbobj dbcon) updateAppRecord(jsonDataPatch []byte, userTOKEN string, appNa } //fmt.Printf("result: %s\n", newJSON) bdoc := bson.M{} - encoded, err := encrypt(dbobj.masterKey, recordKey, newJSON) + encoded, err := utils.Encrypt(dbobj.masterKey, recordKey, newJSON) if err != nil { return userTOKEN, err } diff --git a/src/users_api.go b/src/users_api.go index 9a8be3a..0a4f82f 100644 --- a/src/users_api.go +++ b/src/users_api.go @@ -97,11 +97,11 @@ func (e mainEnv) userCreate(w http.ResponseWriter, r *http.Request, ps httproute } encPhoneIdx := "" if len(userJSON.EmailIdx) > 0 { - encEmailIdx, _ := basicStringEncrypt(userJSON.EmailIdx, e.db.masterKey, e.db.GetCode()) + encEmailIdx, _ := utils.BasicStringEncrypt(userJSON.EmailIdx, e.db.masterKey, e.db.GetCode()) e.db.linkAgreementRecords(userTOKEN, encEmailIdx) } if len(userJSON.PhoneIdx) > 0 { - encPhoneIdx, _ = basicStringEncrypt(userJSON.PhoneIdx, e.db.masterKey, e.db.GetCode()) + encPhoneIdx, _ = utils.BasicStringEncrypt(userJSON.PhoneIdx, e.db.masterKey, e.db.GetCode()) e.db.linkAgreementRecords(userTOKEN, encPhoneIdx) } if len(userJSON.EmailIdx) > 0 && len(userJSON.PhoneIdx) > 0 { diff --git a/src/users_db.go b/src/users_db.go index 943e6c2..57acacc 100644 --- a/src/users_db.go +++ b/src/users_db.go @@ -24,12 +24,12 @@ func (dbobj dbcon) createUserRecord(parsedData utils.UserJSONStruct, event *audi if err != nil { return "", err } - userKeyBinary, err := generateRecordKey() + userKeyBinary, err := utils.GenerateRecordKey() if err != nil { return "", err } //err = bson.UnmarshalExtJSON(jsonData, false, &bdoc) - encoded, err := encrypt(dbobj.masterKey, userKeyBinary, parsedData.JsonData) + encoded, err := utils.Encrypt(dbobj.masterKey, userKeyBinary, parsedData.JsonData) if err != nil { return "", err } @@ -175,7 +175,7 @@ func (dbobj dbcon) updateUserRecordDo(jsonDataPatch []byte, userTOKEN string, ol if err != nil { return nil, nil, false, err } - decrypted, err := decrypt(dbobj.masterKey, userKeyBinary, encData) + decrypted, err := utils.Decrypt(dbobj.masterKey, userKeyBinary, encData) if err != nil { return nil, nil, false, err } @@ -262,7 +262,7 @@ func (dbobj dbcon) updateUserRecordDo(jsonDataPatch []byte, userTOKEN string, ol } } - encoded, _ := encrypt(dbobj.masterKey, userKeyBinary, newJSON) + encoded, _ := utils.Encrypt(dbobj.masterKey, userKeyBinary, newJSON) encodedStr := base64.StdEncoding.EncodeToString(encoded) bdoc["key"] = userKey bdoc["data"] = encodedStr @@ -339,7 +339,7 @@ func (dbobj dbcon) getUserJSON(userTOKEN string) ([]byte, error) { if err != nil { return nil, err } - decrypted, err = decrypt(dbobj.masterKey, userKeyBinary, encData) + decrypted, err = utils.Decrypt(dbobj.masterKey, userKeyBinary, encData) if err != nil { return nil, err } @@ -370,7 +370,7 @@ func (dbobj dbcon) getUser(userTOKEN string) ([]byte, bson.M, error) { if err != nil { return nil, nil, err } - decrypted, err = decrypt(dbobj.masterKey, userKeyBinary, encData) + decrypted, err = utils.Decrypt(dbobj.masterKey, userKeyBinary, encData) if err != nil { return nil, nil, err } @@ -406,7 +406,7 @@ func (dbobj dbcon) getUsers(offset int32, limit int32) ([]byte, int64, error) { if err != nil { return nil, 0, err } - decrypted, err := decrypt(dbobj.masterKey, userKeyBinary, encData) + decrypted, err := utils.Decrypt(dbobj.masterKey, userKeyBinary, encData) if err != nil { return nil, 0, err } @@ -460,7 +460,6 @@ func (dbobj dbcon) getUserJSONByIndex(indexValue string, indexName string, conf if userBson == nil || err != nil { return nil, "", err } - // decrypt record userKey := userBson["key"].(string) userKeyBinary, err := base64.StdEncoding.DecodeString(userKey) if err != nil { @@ -474,7 +473,7 @@ func (dbobj dbcon) getUserJSONByIndex(indexValue string, indexName string, conf if err != nil { return nil, "", err } - decrypted, err = decrypt(dbobj.masterKey, userKeyBinary, encData) + decrypted, err = utils.Decrypt(dbobj.masterKey, userKeyBinary, encData) if err != nil { return nil, "", err } @@ -488,7 +487,6 @@ func (dbobj dbcon) getUserByIndex(indexValue string, indexName string, conf Conf if userBson == nil || err != nil { return nil, "", nil, err } - // decrypt record userKey := userBson["key"].(string) userKeyBinary, err := base64.StdEncoding.DecodeString(userKey) if err != nil { @@ -502,7 +500,7 @@ func (dbobj dbcon) getUserByIndex(indexValue string, indexName string, conf Conf if err != nil { return nil, "", nil, err } - decrypted, err = decrypt(dbobj.masterKey, userKeyBinary, encData) + decrypted, err = utils.Decrypt(dbobj.masterKey, userKeyBinary, encData) if err != nil { return nil, "", nil, err } @@ -550,7 +548,7 @@ func (dbobj dbcon) deleteUserRecord(userJSON []byte, userTOKEN string, conf Conf } else { bdel = append(bdel, "loginidx") } - encoded, _ := encrypt(dbobj.masterKey, userKeyBinary, dataJSON) + encoded, _ := utils.Encrypt(dbobj.masterKey, userKeyBinary, dataJSON) encodedStr := base64.StdEncoding.EncodeToString(encoded) bdoc["key"] = userKey bdoc["data"] = encodedStr @@ -615,8 +613,7 @@ func (dbobj dbcon) userEncrypt(userTOKEN string, data []byte) (string, error) { if err != nil { return "", err } - // encrypt data - encoded, err := encrypt(dbobj.masterKey, userKeyBinary, data) + encoded, err := utils.Encrypt(dbobj.masterKey, userKeyBinary, data) if err != nil { return "", err } @@ -642,7 +639,7 @@ func (dbobj dbcon) userDecrypt(userTOKEN, src string) ([]byte, error) { if err != nil { return nil, err } - decrypted, err := decrypt(dbobj.masterKey, userKeyBinary, encData) + decrypted, err := utils.Decrypt(dbobj.masterKey, userKeyBinary, encData) return decrypted, err } @@ -664,7 +661,7 @@ func (dbobj dbcon) userDecrypt2(userTOKEN, src string, src2 string) ([]byte, []b if err != nil { return nil, nil, err } - decrypted, err := decrypt(dbobj.masterKey, userKeyBinary, encData) + decrypted, err := utils.Decrypt(dbobj.masterKey, userKeyBinary, encData) if len(src2) == 0 { return decrypted, nil, err } @@ -672,6 +669,6 @@ func (dbobj dbcon) userDecrypt2(userTOKEN, src string, src2 string) ([]byte, []b if err != nil { return decrypted, nil, err } - decrypted2, err := decrypt(dbobj.masterKey, userKeyBinary, encData2) + decrypted2, err := utils.Decrypt(dbobj.masterKey, userKeyBinary, encData2) return decrypted, decrypted2, err } diff --git a/src/cryptor.go b/src/utils/cryptor.go similarity index 87% rename from src/cryptor.go rename to src/utils/cryptor.go index 178cad8..fb39bdf 100644 --- a/src/cryptor.go +++ b/src/utils/cryptor.go @@ -1,4 +1,4 @@ -package main +package utils import ( "crypto/aes" @@ -14,7 +14,7 @@ import ( // https://github.com/kinvolk/go-shamir // go get github.com/hashicorp/vault/shamir -func generateRecordKey() ([]byte, error) { +func GenerateRecordKey() ([]byte, error) { key := make([]byte, 8) if _, err := io.ReadFull(rand.Reader, key); err != nil { return nil, err @@ -23,13 +23,13 @@ func generateRecordKey() ([]byte, error) { } // generate master key - 24 bytes length -func generateMasterKey() ([]byte, error) { +func GenerateMasterKey() ([]byte, error) { masterKey := make([]byte, 24) _, err := io.ReadFull(rand.Reader, masterKey) return masterKey, err } -func decrypt(masterKey []byte, userKey []byte, data []byte) ([]byte, error) { +func Decrypt(masterKey []byte, userKey []byte, data []byte) ([]byte, error) { // DO NOT USE THE FOLLOWING LINE. It is broken!!! //key := append(masterKey, userKey...) la := len(masterKey) @@ -54,7 +54,7 @@ func decrypt(masterKey []byte, userKey []byte, data []byte) ([]byte, error) { return plaintext, err } -func encrypt(masterKey []byte, userKey []byte, plaintext []byte) ([]byte, error) { +func Encrypt(masterKey []byte, userKey []byte, plaintext []byte) ([]byte, error) { // We use 32 byte key (AES-256). // comprising 24 master key // and 8 bytes record key @@ -87,8 +87,8 @@ func encrypt(masterKey []byte, userKey []byte, plaintext []byte) ([]byte, error) return ciphertext, nil } -func basicStringEncrypt(plaintext string, masterKey []byte, code []byte) (string, error) { - //log.Printf("Going to encrypt %s", plaintext) +func BasicStringEncrypt(plaintext string, masterKey []byte, code []byte) (string, error) { + //log.Printf("Going to utils.Encrypt %s", plaintext) nonce := []byte("$DataBunker$") la := len(masterKey) key := make([]byte, la+len(code)) @@ -111,7 +111,7 @@ func basicStringEncrypt(plaintext string, masterKey []byte, code []byte) (string return result, nil } -func basicStringDecrypt(data string, masterKey []byte, code []byte) (string, error) { +func BasicStringDecrypt(data string, masterKey []byte, code []byte) (string, error) { ciphertext, err := base64.StdEncoding.DecodeString(data) if err != nil { return "", err @@ -133,6 +133,6 @@ func basicStringDecrypt(data string, masterKey []byte, code []byte) (string, err if err != nil { return "", err } - //log.Printf("decrypt result : %s", string(plaintext)) + //log.Printf("utils.Decrypt result : %s", string(plaintext)) return string(plaintext), err }