IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Config Array Syntax (#8204)

Browse Source 
* refactor util encryption library so it doesn't have to import log

* add util.SplitString to handle space and/or comma-separated config lines

* go fmt
This commit is contained in:
Dan Cech
2017-04-25 03:14:29 -04:00
committed by Torkel Ödegaard
parent d085aaad41
commit b489e93d94
11 changed files with 80 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
pkg/util/encryption.go
View File

@@ -5,26 +5,25 @@ import (
"crypto/cipher"
"crypto/rand"
"crypto/sha256"
"errors"
"io"
"github.com/grafana/grafana/pkg/log"
)
const saltLength = 8
func Decrypt(payload []byte, secret string) []byte {
func Decrypt(payload []byte, secret string) ([]byte, error) {
salt := payload[:saltLength]
key := encryptionKeyToBytes(secret, string(salt))
block, err := aes.NewCipher(key)
if err != nil {
log.Fatal(4, err.Error())
return nil, err
}
// The IV needs to be unique, but not secure. Therefore it's common to
// include it at the beginning of the ciphertext.
if len(payload) < aes.BlockSize {
log.Fatal(4, "payload too short")
return nil, errors.New("payload too short")
}
iv := payload[saltLength : saltLength+aes.BlockSize]
payload = payload[saltLength+aes.BlockSize:]
@@ -33,16 +32,16 @@ func Decrypt(payload []byte, secret string) []byte {
// XORKeyStream can work in-place if the two arguments are the same.
stream.XORKeyStream(payload, payload)
return payload
return payload, nil
}
func Encrypt(payload []byte, secret string) []byte {
func Encrypt(payload []byte, secret string) ([]byte, error) {
salt := GetRandomString(saltLength)
key := encryptionKeyToBytes(secret, salt)
block, err := aes.NewCipher(key)
if err != nil {
log.Fatal(4, err.Error())
return nil, err
}
// The IV needs to be unique, but not secure. Therefore it's common to
@@ -51,13 +50,13 @@ func Encrypt(payload []byte, secret string) []byte {
copy(ciphertext[:saltLength], []byte(salt))
iv := ciphertext[saltLength : saltLength+aes.BlockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
log.Fatal(4, err.Error())
return nil, err
}
stream := cipher.NewCFBEncrypter(block, iv)
stream.XORKeyStream(ciphertext[saltLength+aes.BlockSize:], payload)
return ciphertext
return ciphertext, nil
}
// Key needs to be 32bytes