diff --git a/vendor/github.com/logrhythm/pubsubbeat/lrutilities/README.md b/vendor/github.com/logrhythm/pubsubbeat/lrutilities/README.md new file mode 100644 index 000000000..a17c4d0f3 --- /dev/null +++ b/vendor/github.com/logrhythm/pubsubbeat/lrutilities/README.md @@ -0,0 +1,3 @@ +# lrutilities + +This repository mainly contains packages which can be extensively used in any other repository for any usage . diff --git a/vendor/github.com/logrhythm/pubsubbeat/lrutilities/crypto/decryption.go b/vendor/github.com/logrhythm/pubsubbeat/lrutilities/crypto/decryption.go new file mode 100644 index 000000000..524274768 --- /dev/null +++ b/vendor/github.com/logrhythm/pubsubbeat/lrutilities/crypto/decryption.go @@ -0,0 +1,111 @@ +package crypto + +import ( + "crypto/aes" + "crypto/cipher" + "encoding/base64" + "errors" + "strconv" + "strings" + + "github.com/elastic/beats/libbeat/logp" +) + +// Decrypt function is used to decrypt the string +func Decrypt(securemess string) (decodedmess string, err error) { + if len(strings.TrimSpace(securemess)) == 0 { + return "", errors.New("string is empty") + } + decodedStr := strings.Split(securemess, "||") + if len(decodedStr) == 2 { + ver, err := strconv.Atoi(decodedStr[0]) + if err != nil { + return "", err + } + switch ver { + case encV1: + decodedmess, err = decrypt1(decodedStr[1]) + if err != nil { + return "", err + } + case encV2: + decodedmess, err = decrypt2(decodedStr[1]) + if err != nil { + return "", err + } + case encV3: + decodedmess, err = decrypt3(decodedStr[1]) + if err != nil { + return "", err + } + default: + return "", errors.New("invalid encryption") + } + } + + return decodedmess, nil +} + +func decrypt1(securemess string) (string, error) { + cipherText, err := base64.URLEncoding.DecodeString(securemess) + if err != nil { + return "", err + } + decodedmess, err := decryptKey(cipherKey, cipherText) + if err != nil { + return "", err + } + return decodedmess, nil +} + +func decrypt2(securemess string) (string, error) { + cipherText, err := base64.StdEncoding.DecodeString(securemess) + if err != nil { + return "", err + } + decodedmess, err := decryptKey(cipherKeyV2, cipherText) + if err != nil { + return "", err + } + return decodedmess, nil +} + +func decrypt3(securemess string) (string, error) { + cipherText, err := base64.StdEncoding.DecodeString(securemess) + if err != nil { + return "", err + } + clientsCipherKey, err := GetClientsCipherKey() + if err != nil { + logp.Debug("No key with message : ", "%v", err) + } + mainCipherKey := []byte(clientsCipherKey) + decodedmess, err := decryptKey(mainCipherKey, cipherText) + if err != nil { + return "", err + } + return decodedmess, nil +} + +func decryptKey(cipherKey, cipherText []byte) (string, error) { + block, err := aes.NewCipher(cipherKey) + if err != nil { + return "", err + } + if len(cipherText) < aes.BlockSize { + err = errors.New("ciphertext block size is too short") + return "", err + } + + //IV needs to be unique, but doesn't have to be secure. + //It's common to put it at the beginning of the ciphertext. + iv := cipherText[:aes.BlockSize] + cipherText = cipherText[aes.BlockSize:] + + stream := cipher.NewCFBDecrypter(block, iv) + // XORKeyStream can work in-place if the two arguments are the same. + stream.XORKeyStream(cipherText, cipherText) + + decodedmess := string(cipherText) + return decodedmess, nil +} diff --git a/vendor/github.com/logrhythm/pubsubbeat/lrutilities/crypto/decryption_test.go b/vendor/github.com/logrhythm/pubsubbeat/lrutilities/crypto/decryption_test.go new file mode 100644 index 000000000..a78be2904 --- /dev/null +++ b/vendor/github.com/logrhythm/pubsubbeat/lrutilities/crypto/decryption_test.go @@ -0,0 +1,25 @@ +package crypto + +import ( + "fmt" + "testing" + + "github.com/stretchr/testify/assert" +) + +const TestString = "encryptme" + +func TestDecrypt(t *testing.T) { + t.Run("success decryption", func(t *testing.T) { + enryptedMess, err := Encrypt(TestString) + assert.Nil(t, err) + actual, err := Decrypt(enryptedMess) + assert.Nil(t, err) + assert.Equal(t, TestString, actual) + }) + t.Run("failure decryption", func(t *testing.T) { + str := fmt.Sprintf("%d%s%s", encV1, "||", TestString) + _, err := Decrypt(str) + assert.NotNil(t, err) + }) +} diff --git a/vendor/github.com/logrhythm/pubsubbeat/lrutilities/crypto/encryption.go b/vendor/github.com/logrhythm/pubsubbeat/lrutilities/crypto/encryption.go new file mode 100644 index 000000000..469f30a0c --- /dev/null +++ b/vendor/github.com/logrhythm/pubsubbeat/lrutilities/crypto/encryption.go @@ -0,0 +1,95 @@ +package crypto + +import ( + "crypto/aes" + "crypto/cipher" + "crypto/rand" + "encoding/base64" + "errors" + "fmt" + "io" + "io/ioutil" + "net/url" + "path/filepath" + "strings" + + "gopkg.in/yaml.v2" +) + +var ( + cipherKey = []byte("0123456789012345") + cipherKeyV2 = []byte("CCEF7CFA0DCB2237012FAE9EB09CCD70") + clientsCipherKeyPath = "/app/cmd/beats/cipherstore/" + clientsCipherKeyFileName = "cipher_key.yml" +) + +const ( + encV1 = 1 + encV2 = 2 + encV3 = 3 +) + +//Encrypt function is used to encrypt the string +func Encrypt(message ...string) (encmess string, err error) { + var mainCipherKey []byte + var clientsCipherKey, msg string + msg = message[0] + if len(message) == 2 { + clientsCipherKey = message[1] + } else { + clientsCipherKey = "" + } + if len(strings.TrimSpace(msg)) == 0 { + return "", errors.New("string is empty") + } + plainText := []byte(msg) + var encVersion int + if err == nil && clientsCipherKey != "" { + mainCipherKey = []byte(clientsCipherKey) + encVersion = encV3 + } else { + mainCipherKey = cipherKeyV2 + encVersion = encV2 + } + + block, err := aes.NewCipher(mainCipherKey) + if err != nil { + return "", err + } + + //IV needs to be unique, but doesn't have to be secure. + //It's common to put it at the beginning of the ciphertext. + cipherText := make([]byte, aes.BlockSize+len(plainText)) + iv := cipherText[:aes.BlockSize] + if _, err = io.ReadFull(rand.Reader, iv); err != nil { + return "", err + } + + stream := cipher.NewCFBEncrypter(block, iv) + stream.XORKeyStream(cipherText[aes.BlockSize:], plainText) + + //returns to base64 encoded string + encmess = base64.StdEncoding.EncodeToString(cipherText) + finalEnc := fmt.Sprintf("%d%s%s", encVersion, "||", encmess) + return finalEnc, nil +} + +// CipherKeyStruct encapsulates cipher key data +type CipherKeyStruct struct { + CipherKey string `yaml:"cipher_key"` +} + +// GetClientsCipherKey is to get the cipher key of the client if any found +func GetClientsCipherKey() (string, error) { + path := filepath.Join(clientsCipherKeyPath, url.QueryEscape(clientsCipherKeyFileName)) + data, err := ioutil.ReadFile(path) + if err != nil { + return "", err + } + var cipherKeyVal CipherKeyStruct + err = yaml.Unmarshal(data, &cipherKeyVal) + if err != nil { + return "", err + } + return cipherKeyVal.CipherKey, nil +} diff --git a/vendor/github.com/logrhythm/pubsubbeat/lrutilities/crypto/encryption_test.go b/vendor/github.com/logrhythm/pubsubbeat/lrutilities/crypto/encryption_test.go new file mode 100644 index 000000000..f6d5e2ea8 --- /dev/null +++ b/vendor/github.com/logrhythm/pubsubbeat/lrutilities/crypto/encryption_test.go @@ -0,0 +1,16 @@ +package crypto + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestEncrypt(t *testing.T) { + t.Run("success encryption", func(t *testing.T) { + enryptedMess, err := Encrypt(TestString) + assert.Nil(t, err) + _, err = Decrypt(enryptedMess) + assert.Nil(t, err) + }) +} diff --git a/vendor/github.com/logrhythm/pubsubbeat/lrutilities/cryptobinary/README.md b/vendor/github.com/logrhythm/pubsubbeat/lrutilities/cryptobinary/README.md new file mode 100644 index 000000000..381ae78c6 --- /dev/null +++ b/vendor/github.com/logrhythm/pubsubbeat/lrutilities/cryptobinary/README.md @@ -0,0 +1,31 @@ +# EncryptionTool usage + +We have created an executable file for latest encryption package which can be used extensively for encrypting and decrypting the sensitive information. + +## Steps how to use + +1- To encrypt a string, run the following: + +```bash +./encryptionTool.exe "stringtoencrypt" "encrypt" "" +``` + +2- To decrypt a string, run the following: + +```bash +./encryptionTool.exe "stringtodecrypt" "decrypt" "" +``` + +3- To decrypt a string, run the following: + +```bash +./encryptionTool.exe "file/path/to/encrypt" "encrypt" "1" +Above "1" is for indicating file path is given in inputs +``` + +4- To decrypt a string, run the following: + +```bash +./encryptionTool.exe "file/path/to/encrypt" "decrypt" "1" +Above "1" is for indicating file path is given in inputs +```