mctl/cryptography/aes.go

package cryptography

import (
	"crypto/aes"
	"crypto/cipher"

	"github.com/spf13/viper"
)

func EncryptPassword(b []byte) ([]byte, error) {
	nonce := viper.Get("nonce").(string)
	dev := viper.Get("device").(string)

	block, err := aes.NewCipher([]byte(dev))
	if err != nil {
		return nil, err
	}

	aesg, err := cipher.NewGCM(block)
	if err != nil {
		return nil, err
	}

	//adding #nosec trigger here since gosec interprets this as a hardcoded nonce value. The nonce is calculated using crypto/rand when the
	//config command is ran and is pulled from memory when used any times after, for now we must prevent the scan from catching here until gosec
	//is updated to account for this properly
	ct := aesg.Seal(nil, []byte(nonce), []byte(b), nil) // #nosec
	return ct, nil
}

func DecryptPassword(b []byte) (string, error) {
	nonce := viper.Get("nonce").(string)
	password := viper.Get("password").(string)
	dev := viper.Get("device").(string)

	block, err := aes.NewCipher([]byte(dev))
	if err != nil {
		return "", err
	}

	aesg, err := cipher.NewGCM(block)
	if err != nil {
		return "", err
	}

	op, err := aesg.Open(nil, []byte(nonce), []byte(password), nil)
	if err != nil {
		return "", err
	}

	return string(op), nil
}
dev/command-saving (#1) Reviewed-on: https://code.jakeyoungdev.com/jake/mctl/pulls/1 Co-authored-by: jake <jake.young.dev@gmail.com> Co-committed-by: jake <jake.young.dev@gmail.com> 2025-04-17 15:40:54 +00:00			`package cryptography`

			`import (`
			`"crypto/aes"`
			`"crypto/cipher"`

			`"github.com/spf13/viper"`
			`)`

			`func EncryptPassword(b []byte) ([]byte, error) {`
			`nonce := viper.Get("nonce").(string)`
			`dev := viper.Get("device").(string)`

			`block, err := aes.NewCipher([]byte(dev))`
			`if err != nil {`
			`return nil, err`
			`}`

			`aesg, err := cipher.NewGCM(block)`
			`if err != nil {`
			`return nil, err`
			`}`

gosec fixes and nosec adds 2025-04-24 13:43:55 -04:00			`//adding #nosec trigger here since gosec interprets this as a hardcoded nonce value. The nonce is calculated using crypto/rand when the`
			`//config command is ran and is pulled from memory when used any times after, for now we must prevent the scan from catching here until gosec`
			`//is updated to account for this properly`
			`ct := aesg.Seal(nil, []byte(nonce), []byte(b), nil) // #nosec`
dev/command-saving (#1) Reviewed-on: https://code.jakeyoungdev.com/jake/mctl/pulls/1 Co-authored-by: jake <jake.young.dev@gmail.com> Co-committed-by: jake <jake.young.dev@gmail.com> 2025-04-17 15:40:54 +00:00			`return ct, nil`
			`}`

			`func DecryptPassword(b []byte) (string, error) {`
			`nonce := viper.Get("nonce").(string)`
			`password := viper.Get("password").(string)`
			`dev := viper.Get("device").(string)`

			`block, err := aes.NewCipher([]byte(dev))`
			`if err != nil {`
			`return "", err`
			`}`

			`aesg, err := cipher.NewGCM(block)`
			`if err != nil {`
			`return "", err`
			`}`

			`op, err := aesg.Open(nil, []byte(nonce), []byte(password), nil)`
			`if err != nil {`
			`return "", err`
			`}`

			`return string(op), nil`
			`}`