mirror of
https://github.com/grafana/grafana.git
synced 2025-01-09 23:53:25 -06:00
28e27e1365
* Encryption: De-duplicate encryption code with extensible service * Fix Wire injections * Fix tests * Register reload handler
49 lines
1.3 KiB
Go
49 lines
1.3 KiB
Go
package encryption
|
|
|
|
import (
|
|
"context"
|
|
"crypto/sha256"
|
|
|
|
"golang.org/x/crypto/pbkdf2"
|
|
)
|
|
|
|
const (
|
|
SaltLength = 8
|
|
|
|
AesCfb = "aes-cfb"
|
|
AesGcm = "aes-gcm"
|
|
)
|
|
|
|
// Internal must not be used for general purpose encryption.
|
|
// This service is used as an internal component for envelope encryption
|
|
// and for very specific few use cases that still require legacy encryption.
|
|
//
|
|
// Unless there is any specific reason, you must use secrets.Service instead.
|
|
type Internal interface {
|
|
Cipher
|
|
Decipher
|
|
|
|
EncryptJsonData(ctx context.Context, kv map[string]string, secret string) (map[string][]byte, error)
|
|
DecryptJsonData(ctx context.Context, sjd map[string][]byte, secret string) (map[string]string, error)
|
|
|
|
GetDecryptedValue(ctx context.Context, sjd map[string][]byte, key string, fallback string, secret string) string
|
|
}
|
|
|
|
type Cipher interface {
|
|
Encrypt(ctx context.Context, payload []byte, secret string) ([]byte, error)
|
|
}
|
|
|
|
type Decipher interface {
|
|
Decrypt(ctx context.Context, payload []byte, secret string) ([]byte, error)
|
|
}
|
|
|
|
type Provider interface {
|
|
ProvideCiphers() map[string]Cipher
|
|
ProvideDeciphers() map[string]Decipher
|
|
}
|
|
|
|
// KeyToBytes key length needs to be 32 bytes
|
|
func KeyToBytes(secret, salt string) ([]byte, error) {
|
|
return pbkdf2.Key([]byte(secret), []byte(salt), 10000, 32, sha256.New), nil
|
|
}
|