mirrors/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2024-06-30 19:20:46 +00:00
Code Issues Projects Releases Wiki Activity

switch secure to AES256 beause why not?

Browse source
This commit is contained in:
Brad Rydzewski 2015-08-19 16:31:52 -07:00
parent e31b53f688
commit b7e4d6cb29
2 changed files with 8 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
pkg/yaml/secure/secure.go
View file

@ -11,6 +11,8 @@ import (
"github.com/drone/drone/Godeps/_workspace/src/gopkg.in/yaml.v2"
)
const BlockSize = 32 // AES256
// Parse parses and returns the secure section of the
// yaml file as plaintext parameters.
func Parse(key, raw string) (map[string]string, error) {
@ -31,14 +33,14 @@ func Encrypt(key, text string) (_ string, err error) {
return
}
ciphertext := make([]byte, aes.BlockSize+len(plaintext))
ciphertext := make([]byte, BlockSize+len(plaintext))
iv := ciphertext[:aes.BlockSize]
if _, err = io.ReadFull(rand.Reader, iv); err != nil {
return
}
stream := cipher.NewCFBEncrypter(block, iv)
stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)
stream.XORKeyStream(ciphertext[BlockSize:], plaintext)
return base64.URLEncoding.EncodeToString(ciphertext), nil
}
@ -55,12 +57,12 @@ func Decrypt(key, text string) (_ string, err error) {
return
}
if len(ciphertext) < aes.BlockSize {
if len(ciphertext) < BlockSize {
err = fmt.Errorf("ciphertext too short")
return
}
iv := ciphertext[:aes.BlockSize]
ciphertext = ciphertext[aes.BlockSize:]
ciphertext = ciphertext[BlockSize:]
stream := cipher.NewCFBDecrypter(block, iv)
stream.XORKeyStream(ciphertext, ciphertext)

4
pkg/yaml/secure/secure_test.go
View file

@ -33,7 +33,7 @@ func Test_Secure(t *testing.T) {
g.It("Should decrypt a map", func() {
params := map[string]string{
"foo": "2NQPoQfxPERVi42OEYzuVTjQrEQSrcN2-Pwk4kTlIVN5HA==",
"foo": "dG0H-Kjg4lZ8s-4WwfaeAgAAAAAAAAAAAAAAAAAAAADKUC-q4zHKDHzH9qZYXjGl1S0=",
}
err := DecryptMap(key, params)
g.Assert(err == nil).IsTrue()
@ -47,7 +47,7 @@ func Test_Secure(t *testing.T) {
})
g.It("Should decrypt a yaml", func() {
yaml := `secure: {"foo": "2NQPoQfxPERVi42OEYzuVTjQrEQSrcN2-Pwk4kTlIVN5HA=="}`
yaml := `secure: {"foo": "dG0H-Kjg4lZ8s-4WwfaeAgAAAAAAAAAAAAAAAAAAAADKUC-q4zHKDHzH9qZYXjGl1S0="}`
decrypted, err := Parse(key, yaml)
g.Assert(err == nil).IsTrue()
g.Assert(decrypted["foo"]).Equal("super_duper_secret")