auth work

auth/auth.go

@@ -6,9 +6,9 @@ package auth
 // broadcasts get sent to members of this map
 
 import (
-	"crypto/rand"
+	// "crypto/rand"
 	"crypto/sha512"
-	"encoding/base64"
+	// "encoding/base64"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
@@ -21,7 +21,7 @@ import (
 	"time"
 
 	"github.com/gorilla/websocket"
-	"golang.org/x/crypto/nacl/secretbox"
+	fernet "github.com/fernet/fernet-go"
 )
 
 var (
@@ -220,51 +220,37 @@ func AddSession(tokenID string, hash string, created string, authorized bool) er
 }
 
 // encrypt the contents using stored keyfile val
-func KeyfileEncrypt(contents map[string]string, key string) (string, error) {
-	contentBytes, err := json.Marshal(contents)
-	if err != nil {
-		return "", err
-	}
-	// convert key to bytes
-	keyBytes := []byte(key)
-	if len(keyBytes) != 32 {
-		return "", fmt.Errorf("key must be 32 bytes in length; actual length:",len(keyBytes))
-	}
-	var keyArray [32]byte
-	copy(keyArray[:], keyBytes)
-	// generate nonce
-	var nonce [24]byte
-	if _, err := rand.Read(nonce[:]); err != nil {
-		return "", err
-	}
-	// encrypt contents
-	encrypted := secretbox.Seal(nonce[:], contentBytes, &nonce, &keyArray)
-	return base64.URLEncoding.EncodeToString(encrypted), nil
+func KeyfileEncrypt(contents map[string]string, keyStr string) (string, error) {
+    contentBytes, err := json.Marshal(contents)
+    if err != nil {
+        return "", err
+    }
+    key, err := fernet.DecodeKey(keyStr)
+    if err != nil {
+        return "", err
+    }
+    tok, err := fernet.EncryptAndSign(contentBytes, key)
+    if err != nil {
+        return "", err
+    }
+    return string(tok), nil
 }
 
-// decrypt routine
-func KeyfileDecrypt(encryptedText string, key string) (map[string]string, error) {
-	// get bytes
-	keyBytes := []byte(key)
-	var keyArray [32]byte
-	copy(keyArray[:], keyBytes)
-	encryptedBytes, err := base64.URLEncoding.DecodeString(encryptedText)
-	if err != nil {
-		return nil, err
-	}
-	// get nonce
-	var nonce [24]byte
-	copy(nonce[:], encryptedBytes[:24])
-	// attempt decrypt
-	decrypted, ok := secretbox.Open(nil, encryptedBytes[24:], &nonce, &keyArray)
-	if !ok {
-		return nil, fmt.Errorf("Decryption failed")
-	}
-	var contents map[string]string
-	if err := json.Unmarshal(decrypted, &contents); err != nil {
-		return nil, err
-	}
-	return contents, nil
+func KeyfileDecrypt(tokenStr string, keyStr string) (map[string]string, error) {
+    key, err := fernet.DecodeKey(keyStr)
+    if err != nil {
+        return nil, err
+    }
+    decrypted := fernet.VerifyAndDecrypt([]byte(tokenStr), 60*time.Second, []*fernet.Key{key})
+    if decrypted == nil {
+        return nil, fmt.Errorf("verification or decryption failed")
+    }
+    var contents map[string]string
+    err = json.Unmarshal(decrypted, &contents)
+    if err != nil {
+        return nil, err
+    }
+    return contents, nil
 }
 
 // salted sha512

go.mod

@@ -15,6 +15,7 @@ require (
 	github.com/docker/distribution v2.8.2+incompatible // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
+	github.com/fernet/fernet-go v0.0.0-20211208181803-9f70042a33ee // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/moby/term v0.5.0 // indirect

go.sum

@@ -12,6 +12,8 @@ github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKoh
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/fernet/fernet-go v0.0.0-20211208181803-9f70042a33ee h1:v6Eju/FhxsACGNipFEPBZZAzGr1F/jlRQr1qiBw2nEE=
+github.com/fernet/fernet-go v0.0.0-20211208181803-9f70042a33ee/go.mod h1:2H9hjfbpSMHwY503FclkV/lZTBh2YlOmLLSda12uL8c=
 github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
 github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=