darkkirb/harness-drone
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

switch secure to AES256 beause why not?

Browse source
This commit is contained in:
Brad Rydzewski 2015-08-19 16:31:52 -07:00
parent e31b53f688
commit b7e4d6cb29
2 changed files with 8 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
pkg/yaml/secure/secure.go
View file

@ -11,6 +11,8 @@ import (
"github.com/drone/drone/Godeps/_workspace/src/gopkg.in/yaml.v2" "github.com/drone/drone/Godeps/_workspace/src/gopkg.in/yaml.v2"
) )
const BlockSize = 32 // AES256
// Parse parses and returns the secure section of the // Parse parses and returns the secure section of the
// yaml file as plaintext parameters. // yaml file as plaintext parameters.
func Parse(key, raw string) (map[string]string, error) { func Parse(key, raw string) (map[string]string, error) {
@ -31,14 +33,14 @@ func Encrypt(key, text string) (_ string, err error) {
return return
} }
ciphertext := make([]byte, aes.BlockSize+len(plaintext)) ciphertext := make([]byte, BlockSize+len(plaintext))
iv := ciphertext[:aes.BlockSize] iv := ciphertext[:aes.BlockSize]
if _, err = io.ReadFull(rand.Reader, iv); err != nil { if _, err = io.ReadFull(rand.Reader, iv); err != nil {
return return
} }
stream := cipher.NewCFBEncrypter(block, iv) stream := cipher.NewCFBEncrypter(block, iv)
stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext) stream.XORKeyStream(ciphertext[BlockSize:], plaintext)
return base64.URLEncoding.EncodeToString(ciphertext), nil return base64.URLEncoding.EncodeToString(ciphertext), nil
} }
@ -55,12 +57,12 @@ func Decrypt(key, text string) (_ string, err error) {
return return
} }
if len(ciphertext) < aes.BlockSize { if len(ciphertext) < BlockSize {
err = fmt.Errorf("ciphertext too short") err = fmt.Errorf("ciphertext too short")
return return
} }
iv := ciphertext[:aes.BlockSize] iv := ciphertext[:aes.BlockSize]
ciphertext = ciphertext[aes.BlockSize:] ciphertext = ciphertext[BlockSize:]
stream := cipher.NewCFBDecrypter(block, iv) stream := cipher.NewCFBDecrypter(block, iv)
stream.XORKeyStream(ciphertext, ciphertext) stream.XORKeyStream(ciphertext, ciphertext)

4
pkg/yaml/secure/secure_test.go
View file

@ -33,7 +33,7 @@ func Test_Secure(t *testing.T) {
g.It("Should decrypt a map", func() { g.It("Should decrypt a map", func() {
params := map[string]string{ params := map[string]string{
"foo": "2NQPoQfxPERVi42OEYzuVTjQrEQSrcN2-Pwk4kTlIVN5HA==", "foo": "dG0H-Kjg4lZ8s-4WwfaeAgAAAAAAAAAAAAAAAAAAAADKUC-q4zHKDHzH9qZYXjGl1S0=",
} }
err := DecryptMap(key, params) err := DecryptMap(key, params)
g.Assert(err == nil).IsTrue() g.Assert(err == nil).IsTrue()
@ -47,7 +47,7 @@ func Test_Secure(t *testing.T) {
}) })
g.It("Should decrypt a yaml", func() { g.It("Should decrypt a yaml", func() {
yaml := `secure: {"foo": "2NQPoQfxPERVi42OEYzuVTjQrEQSrcN2-Pwk4kTlIVN5HA=="}` yaml := `secure: {"foo": "dG0H-Kjg4lZ8s-4WwfaeAgAAAAAAAAAAAAAAAAAAAADKUC-q4zHKDHzH9qZYXjGl1S0="}`
decrypted, err := Parse(key, yaml) decrypted, err := Parse(key, yaml)
g.Assert(err == nil).IsTrue() g.Assert(err == nil).IsTrue()
g.Assert(decrypted["foo"]).Equal("super_duper_secret") g.Assert(decrypted["foo"]).Equal("super_duper_secret")