mirror of
https://github.com/Awuqing/BackupX.git
synced 2026-05-10 17:43:43 +08:00
129 lines
3.4 KiB
Go
129 lines
3.4 KiB
Go
package backupcrypto
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"crypto/rand"
|
|
"encoding/binary"
|
|
"fmt"
|
|
"io"
|
|
"os"
|
|
"strings"
|
|
)
|
|
|
|
const (
|
|
chunkSize = 1 << 20
|
|
fileMagic = "BXENC1"
|
|
nonceSizeBytes = 12
|
|
)
|
|
|
|
func EncryptFile(key []byte, sourcePath string) (string, error) {
|
|
block, err := aes.NewCipher(key)
|
|
if err != nil {
|
|
return "", fmt.Errorf("create cipher: %w", err)
|
|
}
|
|
gcm, err := cipher.NewGCM(block)
|
|
if err != nil {
|
|
return "", fmt.Errorf("create gcm: %w", err)
|
|
}
|
|
source, err := os.Open(sourcePath)
|
|
if err != nil {
|
|
return "", fmt.Errorf("open source file: %w", err)
|
|
}
|
|
defer source.Close()
|
|
targetPath := sourcePath + ".enc"
|
|
target, err := os.Create(targetPath)
|
|
if err != nil {
|
|
return "", fmt.Errorf("create encrypted file: %w", err)
|
|
}
|
|
defer target.Close()
|
|
if _, err := target.WriteString(fileMagic); err != nil {
|
|
return "", fmt.Errorf("write encryption header: %w", err)
|
|
}
|
|
buffer := make([]byte, chunkSize)
|
|
for {
|
|
readCount, readErr := source.Read(buffer)
|
|
if readCount > 0 {
|
|
nonce := make([]byte, gcm.NonceSize())
|
|
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
|
|
return "", fmt.Errorf("generate nonce: %w", err)
|
|
}
|
|
sealed := gcm.Seal(nil, nonce, buffer[:readCount], nil)
|
|
if _, err := target.Write(nonce); err != nil {
|
|
return "", fmt.Errorf("write nonce: %w", err)
|
|
}
|
|
if err := binary.Write(target, binary.BigEndian, uint32(len(sealed))); err != nil {
|
|
return "", fmt.Errorf("write ciphertext length: %w", err)
|
|
}
|
|
if _, err := target.Write(sealed); err != nil {
|
|
return "", fmt.Errorf("write ciphertext: %w", err)
|
|
}
|
|
}
|
|
if readErr == io.EOF {
|
|
break
|
|
}
|
|
if readErr != nil {
|
|
return "", fmt.Errorf("read source file: %w", readErr)
|
|
}
|
|
}
|
|
return targetPath, nil
|
|
}
|
|
|
|
func DecryptFile(key []byte, sourcePath string) (string, error) {
|
|
block, err := aes.NewCipher(key)
|
|
if err != nil {
|
|
return "", fmt.Errorf("create cipher: %w", err)
|
|
}
|
|
gcm, err := cipher.NewGCM(block)
|
|
if err != nil {
|
|
return "", fmt.Errorf("create gcm: %w", err)
|
|
}
|
|
source, err := os.Open(sourcePath)
|
|
if err != nil {
|
|
return "", fmt.Errorf("open encrypted file: %w", err)
|
|
}
|
|
defer source.Close()
|
|
header := make([]byte, len(fileMagic))
|
|
if _, err := io.ReadFull(source, header); err != nil {
|
|
return "", fmt.Errorf("read encryption header: %w", err)
|
|
}
|
|
if string(header) != fileMagic {
|
|
return "", fmt.Errorf("invalid encrypted file header")
|
|
}
|
|
targetPath := strings.TrimSuffix(sourcePath, ".enc")
|
|
if targetPath == sourcePath {
|
|
targetPath += ".plain"
|
|
}
|
|
target, err := os.Create(targetPath)
|
|
if err != nil {
|
|
return "", fmt.Errorf("create decrypted file: %w", err)
|
|
}
|
|
defer target.Close()
|
|
for {
|
|
nonce := make([]byte, nonceSizeBytes)
|
|
_, err := io.ReadFull(source, nonce)
|
|
if err == io.EOF {
|
|
break
|
|
}
|
|
if err != nil {
|
|
return "", fmt.Errorf("read nonce: %w", err)
|
|
}
|
|
var cipherLength uint32
|
|
if err := binary.Read(source, binary.BigEndian, &cipherLength); err != nil {
|
|
return "", fmt.Errorf("read ciphertext length: %w", err)
|
|
}
|
|
ciphertext := make([]byte, cipherLength)
|
|
if _, err := io.ReadFull(source, ciphertext); err != nil {
|
|
return "", fmt.Errorf("read ciphertext payload: %w", err)
|
|
}
|
|
plain, err := gcm.Open(nil, nonce, ciphertext, nil)
|
|
if err != nil {
|
|
return "", fmt.Errorf("decrypt chunk: %w", err)
|
|
}
|
|
if _, err := target.Write(plain); err != nil {
|
|
return "", fmt.Errorf("write decrypted payload: %w", err)
|
|
}
|
|
}
|
|
return targetPath, nil
|
|
}
|