You've already forked agentic-coding-workflow
feat(crypto): AES-256-GCM encryptor for secret fields
This commit is contained in:
@@ -0,0 +1,63 @@
|
||||
// Package crypto provides AES-256-GCM symmetric encryption for sensitive
|
||||
// secret fields persisted to the database (e.g. git credentials, LLM API keys).
|
||||
//
|
||||
// The master key is supplied by the caller (see config.MasterKey) and never
|
||||
// stored alongside the ciphertext.
|
||||
package crypto
|
||||
|
||||
import (
|
||||
"crypto/aes"
|
||||
"crypto/cipher"
|
||||
"crypto/rand"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
)
|
||||
|
||||
// Encryptor 用 AES-256-GCM 加解密 secret。
|
||||
// 密文格式:nonce(12) || ciphertext || tag。
|
||||
type Encryptor struct {
|
||||
gcm cipher.AEAD
|
||||
}
|
||||
|
||||
// NewEncryptor constructs an Encryptor from a 32-byte (AES-256) key.
|
||||
// Any other key length yields an error rather than silently downgrading.
|
||||
func NewEncryptor(key []byte) (*Encryptor, error) {
|
||||
if len(key) != 32 {
|
||||
return nil, fmt.Errorf("key must be 32 bytes (got %d)", len(key))
|
||||
}
|
||||
block, err := aes.NewCipher(key)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("aes new cipher: %w", err)
|
||||
}
|
||||
gcm, err := cipher.NewGCM(block)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("new gcm: %w", err)
|
||||
}
|
||||
return &Encryptor{gcm: gcm}, nil
|
||||
}
|
||||
|
||||
// Encrypt seals plaintext with a fresh random nonce and returns
|
||||
// nonce || ciphertext || tag.
|
||||
func (e *Encryptor) Encrypt(plaintext []byte) ([]byte, error) {
|
||||
nonce := make([]byte, e.gcm.NonceSize())
|
||||
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
|
||||
return nil, fmt.Errorf("rand nonce: %w", err)
|
||||
}
|
||||
// Seal 把 nonce 作为 dst 前缀写入
|
||||
return e.gcm.Seal(nonce, nonce, plaintext, nil), nil
|
||||
}
|
||||
|
||||
// Decrypt verifies and opens a ciphertext produced by Encrypt.
|
||||
// It returns an error if the input is too short or authentication fails.
|
||||
func (e *Encryptor) Decrypt(ciphertext []byte) ([]byte, error) {
|
||||
if len(ciphertext) < e.gcm.NonceSize() {
|
||||
return nil, errors.New("ciphertext too short")
|
||||
}
|
||||
nonce, ct := ciphertext[:e.gcm.NonceSize()], ciphertext[e.gcm.NonceSize():]
|
||||
pt, err := e.gcm.Open(nil, nonce, ct, nil)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("gcm open: %w", err)
|
||||
}
|
||||
return pt, nil
|
||||
}
|
||||
@@ -0,0 +1,51 @@
|
||||
package crypto
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func newKey(t *testing.T) []byte {
|
||||
t.Helper()
|
||||
k := make([]byte, 32)
|
||||
_, err := rand.Read(k)
|
||||
require.NoError(t, err)
|
||||
return k
|
||||
}
|
||||
|
||||
func TestEncryptDecrypt_RoundTrip(t *testing.T) {
|
||||
key := newKey(t)
|
||||
enc, err := NewEncryptor(key)
|
||||
require.NoError(t, err)
|
||||
|
||||
plaintext := []byte("hello world; some secret")
|
||||
ct, err := enc.Encrypt(plaintext)
|
||||
require.NoError(t, err)
|
||||
require.NotEqual(t, plaintext, ct)
|
||||
|
||||
pt, err := enc.Decrypt(ct)
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, plaintext, pt)
|
||||
}
|
||||
|
||||
func TestEncrypt_DifferentNoncesEachCall(t *testing.T) {
|
||||
enc, _ := NewEncryptor(newKey(t))
|
||||
c1, _ := enc.Encrypt([]byte("x"))
|
||||
c2, _ := enc.Encrypt([]byte("x"))
|
||||
require.NotEqual(t, c1, c2, "nonce 应每次不同,密文不应一致")
|
||||
}
|
||||
|
||||
func TestDecrypt_TamperedCiphertext_Fails(t *testing.T) {
|
||||
enc, _ := NewEncryptor(newKey(t))
|
||||
ct, _ := enc.Encrypt([]byte("x"))
|
||||
ct[len(ct)-1] ^= 0xFF
|
||||
_, err := enc.Decrypt(ct)
|
||||
require.Error(t, err)
|
||||
}
|
||||
|
||||
func TestNewEncryptor_RejectsBadKeySize(t *testing.T) {
|
||||
_, err := NewEncryptor([]byte{1, 2, 3})
|
||||
require.Error(t, err)
|
||||
}
|
||||
Reference in New Issue
Block a user