Mariell Hoversholm
7a8ca707f9
* Go: Bump to 1.24.2 It is not likely we are actually affected by the CVEs, but updating proactively is not a bad idea nonetheless. Fixes: CVE-2025-22871 Fixes: https://github.com/grafana/grafana-operator-experience-squad/issues/1311 * CI: Update golangci-lint * feat: update swagger * feat: update swagger * fix: remove enterprise imports
47 lines
1.2 KiB
Go
47 lines
1.2 KiB
Go
package provider
|
|
|
|
import (
|
|
"context"
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"crypto/rand"
|
|
"io"
|
|
|
|
"github.com/grafana/grafana/pkg/services/encryption"
|
|
"github.com/grafana/grafana/pkg/util"
|
|
)
|
|
|
|
type aesCfbCipher struct{}
|
|
|
|
func (c aesCfbCipher) Encrypt(_ context.Context, payload []byte, secret string) ([]byte, error) {
|
|
salt, err := util.GetRandomString(encryption.SaltLength)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
key, err := encryption.KeyToBytes(secret, salt)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
block, err := aes.NewCipher(key)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// The IV needs to be unique, but not secure. Therefore, it's common to
|
|
// include it at the beginning of the ciphertext.
|
|
ciphertext := make([]byte, encryption.SaltLength+aes.BlockSize+len(payload))
|
|
copy(ciphertext[:encryption.SaltLength], salt)
|
|
iv := ciphertext[encryption.SaltLength : encryption.SaltLength+aes.BlockSize]
|
|
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
//nolint:staticcheck // SA1019: We won't change this in old versions
|
|
stream := cipher.NewCFBEncrypter(block, iv)
|
|
stream.XORKeyStream(ciphertext[encryption.SaltLength+aes.BlockSize:], payload)
|
|
|
|
return ciphertext, nil
|
|
}
|