jake
26c50085d6
All checks were successful
code scans / scans (push) Successful in 1m27s
Reviewed-on: #6 Co-authored-by: jake <jake.young.dev@gmail.com> Co-committed-by: jake <jake.young.dev@gmail.com>
53 lines
1.2 KiB
Go
53 lines
1.2 KiB
Go
package cryptography
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
|
|
"github.com/spf13/viper"
|
|
)
|
|
|
|
func EncryptPassword(b []byte) ([]byte, error) {
|
|
nonce := viper.Get("nonce").(string)
|
|
dev := viper.Get("device").(string)
|
|
|
|
block, err := aes.NewCipher([]byte(dev))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
aesg, err := cipher.NewGCM(block)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
//adding #nosec trigger here since gosec interprets this as a hardcoded nonce value. The nonce is calculated using crypto/rand when the
|
|
//config command is ran and is pulled from memory when used any times after, for now we must prevent the scan from catching here until gosec
|
|
//is updated to account for this properly
|
|
ct := aesg.Seal(nil, []byte(nonce), []byte(b), nil) // #nosec
|
|
return ct, nil
|
|
}
|
|
|
|
func DecryptPassword(b []byte) (string, error) {
|
|
nonce := viper.Get("nonce").(string)
|
|
password := viper.Get("password").(string)
|
|
dev := viper.Get("device").(string)
|
|
|
|
block, err := aes.NewCipher([]byte(dev))
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
aesg, err := cipher.NewGCM(block)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
op, err := aesg.Open(nil, []byte(nonce), []byte(password), nil)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return string(op), nil
|
|
}
|