major package structure refactoring

core/secrets/aes.go

@@ -0,0 +1,59 @@
+// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>.
+//
+// https://documize.com
+
+package secrets
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"errors"
+	"io"
+)
+
+var key = []byte("8456FHkQW1566etydT46jk39ghjfFhg4") // 32 bytes
+
+// MakeAES creates an AES encryption of of a given string,
+// using a hard-wired key value,
+// suitable for use as an authentication token.
+func MakeAES(secret string) ([]byte, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	b := EncodeBase64([]byte(secret))
+	ciphertext := make([]byte, aes.BlockSize+len(b))
+	iv := ciphertext[:aes.BlockSize]
+	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
+		return nil, err
+	}
+	cfb := cipher.NewCFBEncrypter(block, iv)
+	cfb.XORKeyStream(ciphertext[aes.BlockSize:], b)
+	return ciphertext, nil
+}
+
+// DecryptAES decrypts an AES encoded []byte,
+// using a hard-wired key value,
+// suitable for use when reading an authentication token.
+func DecryptAES(text []byte) ([]byte, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, errors.New("aes.NewCipher failure: " + err.Error())
+	}
+	if len(text) < aes.BlockSize {
+		return nil, errors.New("ciphertext too short")
+	}
+	iv := text[:aes.BlockSize]
+	text = text[aes.BlockSize:]
+	cfb := cipher.NewCFBDecrypter(block, iv)
+	cfb.XORKeyStream(text, text)
+	return DecodeBase64(text)
+}

core/secrets/base64.go

@@ -0,0 +1,26 @@
+// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>.
+//
+// https://documize.com
+
+package secrets
+
+import (
+	"encoding/base64"
+)
+
+// EncodeBase64 is a convenience function to encode using StdEncoding.
+func EncodeBase64(b []byte) []byte {
+	return []byte(base64.StdEncoding.EncodeToString(b))
+}
+
+// DecodeBase64 is a convenience function to decode using StdEncoding.
+func DecodeBase64(b []byte) ([]byte, error) {
+	return base64.StdEncoding.DecodeString(string(b))
+}

core/secrets/password.go

@@ -0,0 +1,61 @@
+// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>.
+//
+// https://documize.com
+
+package secrets
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+
+	"github.com/documize/community/core/log"
+	"golang.org/x/crypto/bcrypt"
+)
+
+// GenerateRandomPassword provides a string suitable for use as a password.
+func GenerateRandomPassword() string {
+	return GenerateRandom(5)
+}
+
+// GenerateSalt provides a string suitable for use as a salt value.
+func GenerateSalt() string {
+	return GenerateRandom(20)
+}
+
+// GenerateRandom returns a string of the specified length using crypo/rand
+func GenerateRandom(size int) string {
+	b := make([]byte, size)
+	_, err := rand.Read(b)
+	log.IfErr(err)
+	return hex.EncodeToString(b)
+}
+
+// GeneratePassword returns a hashed password.
+func GeneratePassword(password string, salt string) string {
+	pwd := []byte(salt + password)
+
+	// Hashing the password with the cost of 10
+	hashedPassword, err := bcrypt.GenerateFromPassword(pwd, 10)
+
+	if err != nil {
+		log.Error("GeneratePassword failed", err)
+	}
+
+	return string(hashedPassword)
+}
+
+// MatchPassword copares a hashed password with a clear one.
+func MatchPassword(hashedPassword string, password string, salt string) bool {
+	pwd := []byte(salt + password)
+
+	err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), pwd)
+
+	return err == nil
+}

core/secrets/secrets_test.go

@@ -0,0 +1,35 @@
+// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>.
+//
+// https://documize.com
+
+package secrets
+
+import "testing"
+
+func TestSecrets(t *testing.T) {
+	mimi := "007"
+	b, e := MakeAES(mimi)
+	if e != nil {
+		t.Fatal(e)
+	}
+	mm, e2 := DecryptAES(b)
+	if e2 != nil {
+		t.Fatal(e2)
+	}
+	if mimi != string(mm) {
+		t.Errorf("wanted %s got %s", mimi, string(mm))
+	}
+
+	_, ee := DecryptAES([]byte{})
+	if ee == nil {
+		t.Error("should have errored on empty cypher")
+	}
+
+}