Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2025-02-09 00:12:03 +01:00
Code Issues Projects Releases Wiki Activity

Update decrypt for backward compatibility

Browse Source
This commit is contained in:
Tan Jiang 2016-08-05 13:22:24 +08:00
parent 36914f566a
commit fde17725d5
2 changed files with 36 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
utils/encrypt.go
View File

@ -24,6 +24,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"io" "io"
"strings"
"golang.org/x/crypto/pbkdf2" "golang.org/x/crypto/pbkdf2"
) )
@ -33,6 +34,11 @@ func Encrypt(content string, salt string) string {
return fmt.Sprintf("%x", pbkdf2.Key([]byte(content), []byte(salt), 4096, 16, sha1.New)) return fmt.Sprintf("%x", pbkdf2.Key([]byte(content), []byte(salt), 4096, 16, sha1.New))
} }
const (
// EncryptHeaderV1 ...
EncryptHeaderV1 = "<enc-v1>"
)
// ReversibleEncrypt encrypts the str with aes/base64 // ReversibleEncrypt encrypts the str with aes/base64
func ReversibleEncrypt(str, key string) (string, error) { func ReversibleEncrypt(str, key string) (string, error) {
keyBytes := []byte(key) keyBytes := []byte(key)
@ -50,12 +56,26 @@ func ReversibleEncrypt(str, key string) (string, error) {
cfb := cipher.NewCFBEncrypter(block, iv) cfb := cipher.NewCFBEncrypter(block, iv)
cfb.XORKeyStream(cipherText[aes.BlockSize:], []byte(str)) cfb.XORKeyStream(cipherText[aes.BlockSize:], []byte(str))
encrypted := base64.StdEncoding.EncodeToString(cipherText) encrypted := EncryptHeaderV1 + base64.StdEncoding.EncodeToString(cipherText)
return encrypted, nil return encrypted, nil
} }
// ReversibleDecrypt decrypts the str with aes/base64 // ReversibleDecrypt decrypts the str with aes/base64 or base 64 depending on "header"
func ReversibleDecrypt(str, key string) (string, error) { func ReversibleDecrypt(str, key string) (string, error) {
if strings.HasPrefix(str, EncryptHeaderV1) {
str = str[len(EncryptHeaderV1):]
return decryptAES(str, key)
}
//fallback to base64
return decodeB64(str)
}
func decodeB64(str string) (string, error) {
cipherText, err := base64.StdEncoding.DecodeString(str)
return string(cipherText), err
}
func decryptAES(str, key string) (string, error) {
keyBytes := []byte(key) keyBytes := []byte(key)
var block cipher.Block var block cipher.Block
var cipherText []byte var cipherText []byte

14
utils/utils_test.go
View File

@ -16,6 +16,8 @@
package utils package utils
import ( import (
"encoding/base64"
"strings"
"testing" "testing"
) )
@ -73,6 +75,9 @@ func TestReversibleEncrypt(t *testing.T) {
if encrypted == password { if encrypted == password {
t.Errorf("Encrypted password is identical to the original") t.Errorf("Encrypted password is identical to the original")
} }
if !strings.HasPrefix(encrypted, EncryptHeaderV1) {
t.Errorf("Encrypted password does not have v1 header")
}
decrypted, err := ReversibleDecrypt(encrypted, key) decrypted, err := ReversibleDecrypt(encrypted, key)
if err != nil { if err != nil {
t.Errorf("Failed to decrypt: %v", err) t.Errorf("Failed to decrypt: %v", err)
@ -80,4 +85,13 @@ func TestReversibleEncrypt(t *testing.T) {
if decrypted != password { if decrypted != password {
t.Errorf("decrypted password: %s, is not identical to original", decrypted) t.Errorf("decrypted password: %s, is not identical to original", decrypted)
} }
//Test b64 for backward compatibility
b64password := base64.StdEncoding.EncodeToString([]byte(password))
decrypted, err = ReversibleDecrypt(b64password, key)
if err != nil {
t.Errorf("Failed to decrypt: %v", err)
}
if decrypted != password {
t.Errorf("decrypted password: %s, is not identical to original", decrypted)
}
} }