From b26a7e9a6f5069f818c9c46a25d5b3bf81d443fa Mon Sep 17 00:00:00 2001 From: Jerry Yan <792602257@qq.com> Date: Tue, 28 Apr 2026 14:53:28 +0800 Subject: [PATCH] feat(crypto): AES-256-GCM encryptor for secret fields --- internal/infra/crypto/secret.go | 63 ++++++++++++++++++++++++++++ internal/infra/crypto/secret_test.go | 51 ++++++++++++++++++++++ 2 files changed, 114 insertions(+) create mode 100644 internal/infra/crypto/secret.go create mode 100644 internal/infra/crypto/secret_test.go diff --git a/internal/infra/crypto/secret.go b/internal/infra/crypto/secret.go new file mode 100644 index 0000000..add7e2b --- /dev/null +++ b/internal/infra/crypto/secret.go @@ -0,0 +1,63 @@ +// Package crypto provides AES-256-GCM symmetric encryption for sensitive +// secret fields persisted to the database (e.g. git credentials, LLM API keys). +// +// The master key is supplied by the caller (see config.MasterKey) and never +// stored alongside the ciphertext. +package crypto + +import ( + "crypto/aes" + "crypto/cipher" + "crypto/rand" + "errors" + "fmt" + "io" +) + +// Encryptor 用 AES-256-GCM 加解密 secret。 +// 密文格式:nonce(12) || ciphertext || tag。 +type Encryptor struct { + gcm cipher.AEAD +} + +// NewEncryptor constructs an Encryptor from a 32-byte (AES-256) key. +// Any other key length yields an error rather than silently downgrading. +func NewEncryptor(key []byte) (*Encryptor, error) { + if len(key) != 32 { + return nil, fmt.Errorf("key must be 32 bytes (got %d)", len(key)) + } + block, err := aes.NewCipher(key) + if err != nil { + return nil, fmt.Errorf("aes new cipher: %w", err) + } + gcm, err := cipher.NewGCM(block) + if err != nil { + return nil, fmt.Errorf("new gcm: %w", err) + } + return &Encryptor{gcm: gcm}, nil +} + +// Encrypt seals plaintext with a fresh random nonce and returns +// nonce || ciphertext || tag. +func (e *Encryptor) Encrypt(plaintext []byte) ([]byte, error) { + nonce := make([]byte, e.gcm.NonceSize()) + if _, err := io.ReadFull(rand.Reader, nonce); err != nil { + return nil, fmt.Errorf("rand nonce: %w", err) + } + // Seal 把 nonce 作为 dst 前缀写入 + return e.gcm.Seal(nonce, nonce, plaintext, nil), nil +} + +// Decrypt verifies and opens a ciphertext produced by Encrypt. +// It returns an error if the input is too short or authentication fails. +func (e *Encryptor) Decrypt(ciphertext []byte) ([]byte, error) { + if len(ciphertext) < e.gcm.NonceSize() { + return nil, errors.New("ciphertext too short") + } + nonce, ct := ciphertext[:e.gcm.NonceSize()], ciphertext[e.gcm.NonceSize():] + pt, err := e.gcm.Open(nil, nonce, ct, nil) + if err != nil { + return nil, fmt.Errorf("gcm open: %w", err) + } + return pt, nil +} diff --git a/internal/infra/crypto/secret_test.go b/internal/infra/crypto/secret_test.go new file mode 100644 index 0000000..aa51156 --- /dev/null +++ b/internal/infra/crypto/secret_test.go @@ -0,0 +1,51 @@ +package crypto + +import ( + "crypto/rand" + "testing" + + "github.com/stretchr/testify/require" +) + +func newKey(t *testing.T) []byte { + t.Helper() + k := make([]byte, 32) + _, err := rand.Read(k) + require.NoError(t, err) + return k +} + +func TestEncryptDecrypt_RoundTrip(t *testing.T) { + key := newKey(t) + enc, err := NewEncryptor(key) + require.NoError(t, err) + + plaintext := []byte("hello world; some secret") + ct, err := enc.Encrypt(plaintext) + require.NoError(t, err) + require.NotEqual(t, plaintext, ct) + + pt, err := enc.Decrypt(ct) + require.NoError(t, err) + require.Equal(t, plaintext, pt) +} + +func TestEncrypt_DifferentNoncesEachCall(t *testing.T) { + enc, _ := NewEncryptor(newKey(t)) + c1, _ := enc.Encrypt([]byte("x")) + c2, _ := enc.Encrypt([]byte("x")) + require.NotEqual(t, c1, c2, "nonce 应每次不同,密文不应一致") +} + +func TestDecrypt_TamperedCiphertext_Fails(t *testing.T) { + enc, _ := NewEncryptor(newKey(t)) + ct, _ := enc.Encrypt([]byte("x")) + ct[len(ct)-1] ^= 0xFF + _, err := enc.Decrypt(ct) + require.Error(t, err) +} + +func TestNewEncryptor_RejectsBadKeySize(t *testing.T) { + _, err := NewEncryptor([]byte{1, 2, 3}) + require.Error(t, err) +}