afan
/
gitea
Observar 1
Favorito 0
Fork 0
Código Issues 0 Pull Requests 0 Versões 0 Wiki Atividade
gitea源码
3 Commits
2 Branches
Branch: master
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de master
${ noResults }
gitea/modules/secret/secret.go

secret.go 2.6KB
Link permanente Histórico Original

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081 
  1. // Copyright 2019 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package secret

  5. 

  6. import (

  7. 	"crypto/aes"

  8. 	"crypto/cipher"

  9. 	"crypto/rand"

  10. 	"crypto/sha256"

  11. 	"encoding/base64"

  12. 	"encoding/hex"

  13. 	"errors"

  14. 	"fmt"

  15. 	"io"

  16. )

  17. 

  18. // AesEncrypt encrypts text and given key with AES.

  19. // It is only internally used at the moment to use "SECRET_KEY" for some database values.

  20. func AesEncrypt(key, text []byte) ([]byte, error) {

  21. 	block, err := aes.NewCipher(key)

  22. 	if err != nil {

  23. 		return nil, fmt.Errorf("AesEncrypt invalid key: %v", err)

  24. 	}

  25. 	b := base64.StdEncoding.EncodeToString(text)

  26. 	ciphertext := make([]byte, aes.BlockSize+len(b))

  27. 	iv := ciphertext[:aes.BlockSize]

  28. 	if _, err = io.ReadFull(rand.Reader, iv); err != nil {

  29. 		return nil, fmt.Errorf("AesEncrypt unable to read IV: %w", err)

  30. 	}

  31. 	cfb := cipher.NewCFBEncrypter(block, iv) //nolint:staticcheck // need to migrate and refactor to a new approach

  32. 	cfb.XORKeyStream(ciphertext[aes.BlockSize:], []byte(b))

  33. 	return ciphertext, nil

  34. }

  35. 

  36. // AesDecrypt decrypts text and given key with AES.

  37. // It is only internally used at the moment to use "SECRET_KEY" for some database values.

  38. func AesDecrypt(key, text []byte) ([]byte, error) {

  39. 	block, err := aes.NewCipher(key)

  40. 	if err != nil {

  41. 		return nil, err

  42. 	}

  43. 	if len(text) < aes.BlockSize {

  44. 		return nil, errors.New("AesDecrypt ciphertext too short")

  45. 	}

  46. 	iv := text[:aes.BlockSize]

  47. 	text = text[aes.BlockSize:]

  48. 	cfb := cipher.NewCFBDecrypter(block, iv) //nolint:staticcheck // need to migrate and refactor to a new approach

  49. 	cfb.XORKeyStream(text, text)

  50. 	data, err := base64.StdEncoding.DecodeString(string(text))

  51. 	if err != nil {

  52. 		return nil, fmt.Errorf("AesDecrypt invalid decrypted base64 string: %w", err)

  53. 	}

  54. 	return data, nil

  55. }

  56. 

  57. // EncryptSecret encrypts a string with given key into a hex string

  58. func EncryptSecret(key, str string) (string, error) {

  59. 	keyHash := sha256.Sum256([]byte(key))

  60. 	plaintext := []byte(str)

  61. 	ciphertext, err := AesEncrypt(keyHash[:], plaintext)

  62. 	if err != nil {

  63. 		return "", fmt.Errorf("failed to encrypt by secret: %w", err)

  64. 	}

  65. 	return hex.EncodeToString(ciphertext), nil

  66. }

  67. 

  68. // DecryptSecret decrypts a previously encrypted hex string

  69. func DecryptSecret(key, cipherHex string) (string, error) {

  70. 	keyHash := sha256.Sum256([]byte(key))

  71. 	ciphertext, err := hex.DecodeString(cipherHex)

  72. 	if err != nil {

  73. 		return "", fmt.Errorf("failed to decrypt by secret, invalid hex string: %w", err)

  74. 	}

  75. 	plaintext, err := AesDecrypt(keyHash[:], ciphertext)

  76. 	if err != nil {

  77. 		return "", fmt.Errorf("failed to decrypt by secret, the key (maybe SECRET_KEY?) might be incorrect: %w", err)

  78. 	}

  79. 	return string(plaintext), nil

  80. }