From e728152059edc9b2b7b45042290b6753e8ac2c5e Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Wed, 19 Aug 2015 16:58:59 -0700 Subject: [PATCH] crypt tests --- pkg/yaml/secure/secure.go | 10 ++++------ pkg/yaml/secure/secure_test.go | 4 ++-- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/pkg/yaml/secure/secure.go b/pkg/yaml/secure/secure.go index 63e423d3..3ad71c20 100644 --- a/pkg/yaml/secure/secure.go +++ b/pkg/yaml/secure/secure.go @@ -11,8 +11,6 @@ import ( "github.com/drone/drone/Godeps/_workspace/src/gopkg.in/yaml.v2" ) -const BlockSize = 32 // AES256 - // Parse parses and returns the secure section of the // yaml file as plaintext parameters. func Parse(key, raw string) (map[string]string, error) { @@ -33,14 +31,14 @@ func Encrypt(key, text string) (_ string, err error) { return } - ciphertext := make([]byte, BlockSize+len(plaintext)) + ciphertext := make([]byte, aes.BlockSize+len(plaintext)) iv := ciphertext[:aes.BlockSize] if _, err = io.ReadFull(rand.Reader, iv); err != nil { return } stream := cipher.NewCFBEncrypter(block, iv) - stream.XORKeyStream(ciphertext[BlockSize:], plaintext) + stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext) return base64.URLEncoding.EncodeToString(ciphertext), nil } @@ -57,12 +55,12 @@ func Decrypt(key, text string) (_ string, err error) { return } - if len(ciphertext) < BlockSize { + if len(ciphertext) < aes.BlockSize { err = fmt.Errorf("ciphertext too short") return } iv := ciphertext[:aes.BlockSize] - ciphertext = ciphertext[BlockSize:] + ciphertext = ciphertext[aes.BlockSize:] stream := cipher.NewCFBDecrypter(block, iv) stream.XORKeyStream(ciphertext, ciphertext) diff --git a/pkg/yaml/secure/secure_test.go b/pkg/yaml/secure/secure_test.go index 787b9e3f..8fed79f1 100644 --- a/pkg/yaml/secure/secure_test.go +++ b/pkg/yaml/secure/secure_test.go @@ -33,7 +33,7 @@ func Test_Secure(t *testing.T) { g.It("Should decrypt a map", func() { params := map[string]string{ - "foo": "dG0H-Kjg4lZ8s-4WwfaeAgAAAAAAAAAAAAAAAAAAAADKUC-q4zHKDHzH9qZYXjGl1S0=", + "foo": "2NQPoQfxPERVi42OEYzuVTjQrEQSrcN2-Pwk4kTlIVN5HA==", } err := DecryptMap(key, params) g.Assert(err == nil).IsTrue() @@ -47,7 +47,7 @@ func Test_Secure(t *testing.T) { }) g.It("Should decrypt a yaml", func() { - yaml := `secure: {"foo": "dG0H-Kjg4lZ8s-4WwfaeAgAAAAAAAAAAAAAAAAAAAADKUC-q4zHKDHzH9qZYXjGl1S0="}` + yaml := `secure: {"foo": "2NQPoQfxPERVi42OEYzuVTjQrEQSrcN2-Pwk4kTlIVN5HA=="}` decrypted, err := Parse(key, yaml) g.Assert(err == nil).IsTrue() g.Assert(decrypted["foo"]).Equal("super_duper_secret")