getsops/sops
1
0
Fork 0
mirror of https://github.com/getsops/sops.git synced 2026-02-05 12:45:21 +01:00
Code Issues Activity

Change path to additionalData in Cipher Encrypt and Decrypt

Browse Source 
functions

While the path inside the tree is commonly used as additional data for
AES ciphers, this is not always the case, so the generic name is better.
This commit is contained in:
Adrian Utrilla
2017-09-11 16:59:36 -07:00
parent df225a45e7
commit 7d6597b60c
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
aes/decryptor.go
View File

@@ -53,7 +53,7 @@ func parse(value string) (*encryptedValue, error) {
}
// Decrypt takes a sops-format value string and a key and returns the decrypted value and a stash value
func (c Cipher) Decrypt(value string, key []byte, path string) (plaintext interface{}, stash interface{}, err error) {
func (c Cipher) Decrypt(value string, key []byte, additionalData string) (plaintext interface{}, stash interface{}, err error) {
if value == "" {
return "", nil, nil
}
@@ -72,7 +72,7 @@ func (c Cipher) Decrypt(value string, key []byte, path string) (plaintext interf
}
stashValue := stashData{iv: encryptedValue.iv}
data := append(encryptedValue.data, encryptedValue.tag...)
decryptedBytes, err := gcm.Open(nil, encryptedValue.iv, data, []byte(path))
decryptedBytes, err := gcm.Open(nil, encryptedValue.iv, data, []byte(additionalData))
if err != nil {
return "", nil, fmt.Errorf("Could not decrypt with AES_GCM: %s", err)
}
@@ -102,7 +102,7 @@ func (c Cipher) Decrypt(value string, key []byte, path string) (plaintext interf
}
// Encrypt takes one of (string, int, float, bool) and encrypts it with the provided key and additional auth data, returning a sops-format encrypted string.
func (c Cipher) Encrypt(value interface{}, key []byte, path string, stash interface{}) (string, error) {
func (c Cipher) Encrypt(value interface{}, key []byte, additionalData string, stash interface{}) (string, error) {
if value == "" {
return "", nil
}
@@ -144,7 +144,7 @@ func (c Cipher) Encrypt(value interface{}, key []byte, path string, stash interf
default:
return "", fmt.Errorf("Value to encrypt has unsupported type %T", value)
}
out := gcm.Seal(nil, iv, plaintext, []byte(path))
out := gcm.Seal(nil, iv, plaintext, []byte(additionalData))
return fmt.Sprintf("ENC[AES256_GCM,data:%s,iv:%s,tag:%s,type:%s]",
base64.StdEncoding.EncodeToString(out[:len(out)-cryptoaes.BlockSize]),
base64.StdEncoding.EncodeToString(iv),

4
sops.go
View File

@@ -70,8 +70,8 @@ const MetadataNotFound = sopsError("sops metadata not found")
// DataKeyCipher provides a way to encrypt and decrypt the data key used to encrypt and decrypt sops files, so that the data key can be stored alongside the encrypted content. A DataKeyCipher must be able to decrypt the values it encrypts.
type DataKeyCipher interface {
Encrypt(value interface{}, key []byte, path string, stash interface{}) (string, error)
Decrypt(value string, key []byte, path string) (plaintext interface{}, stashValue interface{}, err error)
Encrypt(value interface{}, key []byte, additionalData string, stash interface{}) (string, error)
Decrypt(value string, key []byte, additionalData string) (plaintext interface{}, stashValue interface{}, err error)
}
// Comment represents a comment in the sops tree for the file formats that actually support them.