mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12046 Commits
17 Branches
Tree: d04e581f09
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd04e581f09'
${ noResults }
gitea/modules/secret/secret.go

secret.go 2.2KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990 
  1. // Copyright 2019 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package secret

  6. 

  7. import (

  8. 	"crypto/aes"

  9. 	"crypto/cipher"

  10. 	"crypto/rand"

  11. 	"crypto/sha256"

  12. 	"encoding/base64"

  13. 	"encoding/hex"

  14. 	"errors"

  15. 	"io"

  16. 

  17. 	"code.gitea.io/gitea/modules/util"

  18. )

  19. 

  20. // New creates a new secret

  21. func New() (string, error) {

  22. 	return NewWithLength(44)

  23. }

  24. 

  25. // NewWithLength creates a new secret for a given length

  26. func NewWithLength(length int64) (string, error) {

  27. 	return util.RandomString(length)

  28. }

  29. 

  30. // AesEncrypt encrypts text and given key with AES.

  31. func AesEncrypt(key, text []byte) ([]byte, error) {

  32. 	block, err := aes.NewCipher(key)

  33. 	if err != nil {

  34. 		return nil, err

  35. 	}

  36. 	b := base64.StdEncoding.EncodeToString(text)

  37. 	ciphertext := make([]byte, aes.BlockSize+len(b))

  38. 	iv := ciphertext[:aes.BlockSize]

  39. 	if _, err := io.ReadFull(rand.Reader, iv); err != nil {

  40. 		return nil, err

  41. 	}

  42. 	cfb := cipher.NewCFBEncrypter(block, iv)

  43. 	cfb.XORKeyStream(ciphertext[aes.BlockSize:], []byte(b))

  44. 	return ciphertext, nil

  45. }

  46. 

  47. // AesDecrypt decrypts text and given key with AES.

  48. func AesDecrypt(key, text []byte) ([]byte, error) {

  49. 	block, err := aes.NewCipher(key)

  50. 	if err != nil {

  51. 		return nil, err

  52. 	}

  53. 	if len(text) < aes.BlockSize {

  54. 		return nil, errors.New("ciphertext too short")

  55. 	}

  56. 	iv := text[:aes.BlockSize]

  57. 	text = text[aes.BlockSize:]

  58. 	cfb := cipher.NewCFBDecrypter(block, iv)

  59. 	cfb.XORKeyStream(text, text)

  60. 	data, err := base64.StdEncoding.DecodeString(string(text))

  61. 	if err != nil {

  62. 		return nil, err

  63. 	}

  64. 	return data, nil

  65. }

  66. 

  67. // EncryptSecret encrypts a string with given key into a hex string

  68. func EncryptSecret(key string, str string) (string, error) {

  69. 	keyHash := sha256.Sum256([]byte(key))

  70. 	plaintext := []byte(str)

  71. 	ciphertext, err := AesEncrypt(keyHash[:], plaintext)

  72. 	if err != nil {

  73. 		return "", err

  74. 	}

  75. 	return hex.EncodeToString(ciphertext), nil

  76. }

  77. 

  78. // DecryptSecret decrypts a previously encrypted hex string

  79. func DecryptSecret(key string, cipherhex string) (string, error) {

  80. 	keyHash := sha256.Sum256([]byte(key))

  81. 	ciphertext, err := hex.DecodeString(cipherhex)

  82. 	if err != nil {

  83. 		return "", err

  84. 	}

  85. 	plaintext, err := AesDecrypt(keyHash[:], ciphertext)

  86. 	if err != nil {

  87. 		return "", err

  88. 	}

  89. 	return string(plaintext), nil

  90. }