mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-11-23 10:21:00 +00:00
switch secure to AES256 beause why not?
This commit is contained in:
parent
e31b53f688
commit
b7e4d6cb29
2 changed files with 8 additions and 6 deletions
|
@ -11,6 +11,8 @@ import (
|
|||
"github.com/drone/drone/Godeps/_workspace/src/gopkg.in/yaml.v2"
|
||||
)
|
||||
|
||||
const BlockSize = 32 // AES256
|
||||
|
||||
// Parse parses and returns the secure section of the
|
||||
// yaml file as plaintext parameters.
|
||||
func Parse(key, raw string) (map[string]string, error) {
|
||||
|
@ -31,14 +33,14 @@ func Encrypt(key, text string) (_ string, err error) {
|
|||
return
|
||||
}
|
||||
|
||||
ciphertext := make([]byte, aes.BlockSize+len(plaintext))
|
||||
ciphertext := make([]byte, BlockSize+len(plaintext))
|
||||
iv := ciphertext[:aes.BlockSize]
|
||||
if _, err = io.ReadFull(rand.Reader, iv); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
stream := cipher.NewCFBEncrypter(block, iv)
|
||||
stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)
|
||||
stream.XORKeyStream(ciphertext[BlockSize:], plaintext)
|
||||
|
||||
return base64.URLEncoding.EncodeToString(ciphertext), nil
|
||||
}
|
||||
|
@ -55,12 +57,12 @@ func Decrypt(key, text string) (_ string, err error) {
|
|||
return
|
||||
}
|
||||
|
||||
if len(ciphertext) < aes.BlockSize {
|
||||
if len(ciphertext) < BlockSize {
|
||||
err = fmt.Errorf("ciphertext too short")
|
||||
return
|
||||
}
|
||||
iv := ciphertext[:aes.BlockSize]
|
||||
ciphertext = ciphertext[aes.BlockSize:]
|
||||
ciphertext = ciphertext[BlockSize:]
|
||||
|
||||
stream := cipher.NewCFBDecrypter(block, iv)
|
||||
stream.XORKeyStream(ciphertext, ciphertext)
|
||||
|
|
|
@ -33,7 +33,7 @@ func Test_Secure(t *testing.T) {
|
|||
|
||||
g.It("Should decrypt a map", func() {
|
||||
params := map[string]string{
|
||||
"foo": "2NQPoQfxPERVi42OEYzuVTjQrEQSrcN2-Pwk4kTlIVN5HA==",
|
||||
"foo": "dG0H-Kjg4lZ8s-4WwfaeAgAAAAAAAAAAAAAAAAAAAADKUC-q4zHKDHzH9qZYXjGl1S0=",
|
||||
}
|
||||
err := DecryptMap(key, params)
|
||||
g.Assert(err == nil).IsTrue()
|
||||
|
@ -47,7 +47,7 @@ func Test_Secure(t *testing.T) {
|
|||
})
|
||||
|
||||
g.It("Should decrypt a yaml", func() {
|
||||
yaml := `secure: {"foo": "2NQPoQfxPERVi42OEYzuVTjQrEQSrcN2-Pwk4kTlIVN5HA=="}`
|
||||
yaml := `secure: {"foo": "dG0H-Kjg4lZ8s-4WwfaeAgAAAAAAAAAAAAAAAAAAAADKUC-q4zHKDHzH9qZYXjGl1S0="}`
|
||||
decrypted, err := Parse(key, yaml)
|
||||
g.Assert(err == nil).IsTrue()
|
||||
g.Assert(decrypted["foo"]).Equal("super_duper_secret")
|
||||
|
|
Loading…
Reference in a new issue