authorizer/server/crypto/aes.go

package crypto

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/rand"
	"fmt"
	"io"

	"github.com/authorizerdev/authorizer/server/constants"
	"github.com/authorizerdev/authorizer/server/memorystore"
)

var bytes = []byte{35, 46, 57, 24, 85, 35, 24, 74, 87, 35, 88, 98, 66, 32, 14, 0o5}

// EncryptAES method is to encrypt or hide any classified text
func EncryptAES(text string) (string, error) {
	k, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyEncryptionKey)
	if err != nil {
		return "", err
	}
	key := []byte(k)
	block, err := aes.NewCipher(key)
	if err != nil {
		return "", err
	}
	plainText := []byte(text)
	cfb := cipher.NewCFBEncrypter(block, bytes)
	cipherText := make([]byte, len(plainText))
	cfb.XORKeyStream(cipherText, plainText)
	return EncryptB64(string(cipherText)), nil
}

// DecryptAES method is to extract back the encrypted text
func DecryptAES(text string) (string, error) {
	k, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyEncryptionKey)
	if err != nil {
		return "", err
	}
	key := []byte(k)
	block, err := aes.NewCipher(key)
	if err != nil {
		return "", err
	}
	cipherText, err := DecryptB64(text)
	if err != nil {
		return "", err
	}
	cfb := cipher.NewCFBDecrypter(block, bytes)
	plainText := make([]byte, len(cipherText))
	cfb.XORKeyStream(plainText, []byte(cipherText))
	return string(plainText), nil
}

// EncryptAESEnv encrypts data using AES algorithm
// kept for the backward compatibility of env data encryption
func EncryptAESEnv(text []byte) ([]byte, error) {
	var res []byte
	k, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyEncryptionKey)
	fmt.Println("=> key:", k)
	if err != nil {
		return res, err
	}
	key := []byte(k)
	c, err := aes.NewCipher(key)
	if err != nil {
		return res, err
	}

	// gcm or Galois/Counter Mode, is a mode of operation
	// for symmetric key cryptographic block ciphers
	// - https://en.wikipedia.org/wiki/Galois/Counter_Mode
	gcm, err := cipher.NewGCM(c)
	if err != nil {
		return res, err
	}

	// creates a new byte array the size of the nonce
	// which must be passed to Seal
	nonce := make([]byte, gcm.NonceSize())
	// populates our nonce with a cryptographically secure
	// random sequence
	if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
		return res, err
	}

	// here we encrypt our text using the Seal function
	// Seal encrypts and authenticates plaintext, authenticates the
	// additional data and appends the result to dst, returning the updated
	// slice. The nonce must be NonceSize() bytes long and unique for all
	// time, for a given key.
	return gcm.Seal(nonce, nonce, text, nil), nil
}

// DecryptAES decrypts data using AES algorithm
// Kept for the backward compatibility of env data decryption
func DecryptAESEnv(ciphertext []byte) ([]byte, error) {
	var res []byte
	k, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyEncryptionKey)
	if err != nil {
		return res, err
	}
	key := []byte(k)
	c, err := aes.NewCipher(key)
	if err != nil {
		return res, err
	}

	gcm, err := cipher.NewGCM(c)
	if err != nil {
		return res, err
	}

	nonceSize := gcm.NonceSize()
	if len(ciphertext) < nonceSize {
		return res, err
	}

	nonce, ciphertext := ciphertext[:nonceSize], ciphertext[nonceSize:]
	plaintext, err := gcm.Open(nil, nonce, ciphertext, nil)
	if err != nil {
		return res, err
	}

	return plaintext, nil
}
feat: add session token 2022-02-28 15:56:49 +00:00			`package crypto`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00
			`import (`
			`"crypto/aes"`
			`"crypto/cipher"`
fix: env encryption 2022-03-07 09:59:37 +00:00			`"crypto/rand"`
[server] use encryption_key for couchbase env as hash is reserved keyword 2023-01-31 05:48:20 +00:00			`"fmt"`
fix: env encryption 2022-03-07 09:59:37 +00:00			`"io"`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00
			`"github.com/authorizerdev/authorizer/server/constants"`
fix: update store method till handlers 2022-05-29 11:52:46 +00:00			`"github.com/authorizerdev/authorizer/server/memorystore"`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`)`

fix: env encryption 2022-03-07 09:59:37 +00:00			`var bytes = []byte{35, 46, 57, 24, 85, 35, 24, 74, 87, 35, 88, 98, 66, 32, 14, 0o5}`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00
fix: auth flow 2022-03-02 12:12:31 +00:00			`// EncryptAES method is to encrypt or hide any classified text`
			`func EncryptAES(text string) (string, error) {`
fix: update store method till handlers 2022-05-29 11:52:46 +00:00			`k, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyEncryptionKey)`
			`if err != nil {`
			`return "", err`
			`}`
			`key := []byte(k)`
fix: auth flow 2022-03-02 12:12:31 +00:00			`block, err := aes.NewCipher(key)`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`if err != nil {`
fix: auth flow 2022-03-02 12:12:31 +00:00			`return "", err`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`}`
fix: auth flow 2022-03-02 12:12:31 +00:00			`plainText := []byte(text)`
			`cfb := cipher.NewCFBEncrypter(block, bytes)`
			`cipherText := make([]byte, len(plainText))`
			`cfb.XORKeyStream(cipherText, plainText)`
			`return EncryptB64(string(cipherText)), nil`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`}`

fix: auth flow 2022-03-02 12:12:31 +00:00			`// DecryptAES method is to extract back the encrypted text`
			`func DecryptAES(text string) (string, error) {`
fix: update store method till handlers 2022-05-29 11:52:46 +00:00			`k, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyEncryptionKey)`
			`if err != nil {`
			`return "", err`
			`}`
			`key := []byte(k)`
fix: auth flow 2022-03-02 12:12:31 +00:00			`block, err := aes.NewCipher(key)`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`if err != nil {`
fix: auth flow 2022-03-02 12:12:31 +00:00			`return "", err`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`}`
fix: auth flow 2022-03-02 12:12:31 +00:00			`cipherText, err := DecryptB64(text)`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`if err != nil {`
fix: auth flow 2022-03-02 12:12:31 +00:00			`return "", err`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`}`
fix: auth flow 2022-03-02 12:12:31 +00:00			`cfb := cipher.NewCFBDecrypter(block, bytes)`
			`plainText := make([]byte, len(cipherText))`
			`cfb.XORKeyStream(plainText, []byte(cipherText))`
			`return string(plainText), nil`
feat: persist encrypted env 2021-12-31 08:22:10 +00:00			`}`
fix: env encryption 2022-03-07 09:59:37 +00:00
			`// EncryptAESEnv encrypts data using AES algorithm`
			`// kept for the backward compatibility of env data encryption`
			`func EncryptAESEnv(text []byte) ([]byte, error) {`
			`var res []byte`
fix: update store method till handlers 2022-05-29 11:52:46 +00:00			`k, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyEncryptionKey)`
[server] use encryption_key for couchbase env as hash is reserved keyword 2023-01-31 05:48:20 +00:00			`fmt.Println("=> key:", k)`
fix: update store method till handlers 2022-05-29 11:52:46 +00:00			`if err != nil {`
			`return res, err`
			`}`
			`key := []byte(k)`
			`c, err := aes.NewCipher(key)`
fix: env encryption 2022-03-07 09:59:37 +00:00			`if err != nil {`
			`return res, err`
			`}`

			`// gcm or Galois/Counter Mode, is a mode of operation`
			`// for symmetric key cryptographic block ciphers`
			`// - https://en.wikipedia.org/wiki/Galois/Counter_Mode`
			`gcm, err := cipher.NewGCM(c)`
			`if err != nil {`
			`return res, err`
			`}`

			`// creates a new byte array the size of the nonce`
			`// which must be passed to Seal`
			`nonce := make([]byte, gcm.NonceSize())`
			`// populates our nonce with a cryptographically secure`
			`// random sequence`
			`if _, err = io.ReadFull(rand.Reader, nonce); err != nil {`
			`return res, err`
			`}`

			`// here we encrypt our text using the Seal function`
			`// Seal encrypts and authenticates plaintext, authenticates the`
			`// additional data and appends the result to dst, returning the updated`
			`// slice. The nonce must be NonceSize() bytes long and unique for all`
			`// time, for a given key.`
			`return gcm.Seal(nonce, nonce, text, nil), nil`
			`}`

			`// DecryptAES decrypts data using AES algorithm`
			`// Kept for the backward compatibility of env data decryption`
			`func DecryptAESEnv(ciphertext []byte) ([]byte, error) {`
			`var res []byte`
fix: update store method till handlers 2022-05-29 11:52:46 +00:00			`k, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyEncryptionKey)`
			`if err != nil {`
			`return res, err`
			`}`
			`key := []byte(k)`
			`c, err := aes.NewCipher(key)`
fix: env encryption 2022-03-07 09:59:37 +00:00			`if err != nil {`
			`return res, err`
			`}`

			`gcm, err := cipher.NewGCM(c)`
			`if err != nil {`
			`return res, err`
			`}`

			`nonceSize := gcm.NonceSize()`
			`if len(ciphertext) < nonceSize {`
			`return res, err`
			`}`

			`nonce, ciphertext := ciphertext[:nonceSize], ciphertext[nonceSize:]`
			`plaintext, err := gcm.Open(nil, nonce, ciphertext, nil)`
			`if err != nil {`
			`return res, err`
			`}`

			`return plaintext, nil`
			`}`