debian-mirror-gitlab/lib/gitlab/crypto_helper.rb

# frozen_string_literal: true

module Gitlab
  module CryptoHelper
    extend self

    AES256_GCM_OPTIONS = {
      algorithm: 'aes-256-gcm',
      key: Settings.attr_encrypted_db_key_base_32
    }.freeze

    AES256_GCM_IV_STATIC = Settings.attr_encrypted_db_key_base_12

    def sha256(value)
      salt = Settings.attr_encrypted_db_key_base_truncated
      ::Digest::SHA256.base64digest("#{value}#{salt}")
    end

    def aes256_gcm_encrypt(value, nonce: nil)
      aes256_gcm_encrypt_using_static_nonce(value)
    end

    def aes256_gcm_decrypt(value)
      return unless value

      nonce = Feature.enabled?(:dynamic_nonce_creation) ? dynamic_nonce(value) : AES256_GCM_IV_STATIC
      encrypted_token = Base64.decode64(value)
      decrypted_token = Encryptor.decrypt(AES256_GCM_OPTIONS.merge(value: encrypted_token, iv: nonce))
      decrypted_token
    end

    def dynamic_nonce(value)
      TokenWithIv.find_nonce_by_hashed_token(value) || AES256_GCM_IV_STATIC
    end

    def aes256_gcm_encrypt_using_static_nonce(value)
      create_encrypted_token(value, AES256_GCM_IV_STATIC)
    end

    def read_only?
      Gitlab::Database.read_only?
    end

    def create_encrypted_token(value, iv)
      encrypted_token = Encryptor.encrypt(AES256_GCM_OPTIONS.merge(value: value, iv: iv))
      Base64.strict_encode64(encrypted_token)
    end
  end
end
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`# frozen_string_literal: true`

			`module Gitlab`
			`module CryptoHelper`
			`extend self`

			`AES256_GCM_OPTIONS = {`
			`algorithm: 'aes-256-gcm',`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30			`key: Settings.attr_encrypted_db_key_base_32`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`}.freeze`

New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30			`AES256_GCM_IV_STATIC = Settings.attr_encrypted_db_key_base_12`

New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`def sha256(value)`
			`salt = Settings.attr_encrypted_db_key_base_truncated`
			`::Digest::SHA256.base64digest("#{value}#{salt}")`
			`end`

New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30			`def aes256_gcm_encrypt(value, nonce: nil)`
			`aes256_gcm_encrypt_using_static_nonce(value)`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`end`

			`def aes256_gcm_decrypt(value)`
			`return unless value`

New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30			`nonce = Feature.enabled?(:dynamic_nonce_creation) ? dynamic_nonce(value) : AES256_GCM_IV_STATIC`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`encrypted_token = Base64.decode64(value)`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30			`decrypted_token = Encryptor.decrypt(AES256_GCM_OPTIONS.merge(value: encrypted_token, iv: nonce))`
			`decrypted_token`
			`end`

			`def dynamic_nonce(value)`
			`TokenWithIv.find_nonce_by_hashed_token(value) \|\| AES256_GCM_IV_STATIC`
			`end`

			`def aes256_gcm_encrypt_using_static_nonce(value)`
			`create_encrypted_token(value, AES256_GCM_IV_STATIC)`
			`end`

			`def read_only?`
			`Gitlab::Database.read_only?`
			`end`

			`def create_encrypted_token(value, iv)`
			`encrypted_token = Encryptor.encrypt(AES256_GCM_OPTIONS.merge(value: value, iv: iv))`
			`Base64.strict_encode64(encrypted_token)`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`end`
			`end`
			`end`