diff --git a/config/secrets/box/box.go b/config/secrets/box/box.go index 54192c3d..67c559ff 100644 --- a/config/secrets/box/box.go +++ b/config/secrets/box/box.go @@ -18,8 +18,8 @@ type box struct { privateKey [keyLength]byte } -// NewCodec returns a nacl-box codec -func NewCodec(opts ...secrets.Option) secrets.Codec { +// NewSecrets returns a nacl-box codec +func NewSecrets(opts ...secrets.Option) secrets.Secrets { b := &box{} for _, o := range opts { o(&b.options) diff --git a/config/secrets/box/box_test.go b/config/secrets/box/box_test.go index 43b3e141..3196ae8c 100644 --- a/config/secrets/box/box_test.go +++ b/config/secrets/box/box_test.go @@ -18,7 +18,7 @@ func TestBox(t *testing.T) { if err != nil { t.Fatal(err) } - alice, bob := NewCodec(secrets.PublicKey(alicePublicKey[:]), secrets.PrivateKey(alicePrivateKey[:])), NewCodec() + alice, bob := NewSecrets(secrets.PublicKey(alicePublicKey[:]), secrets.PrivateKey(alicePrivateKey[:])), NewSecrets() if err := alice.Init(); err != nil { t.Error(err) } diff --git a/config/secrets/secretbox/secretbox.go b/config/secrets/secretbox/secretbox.go index 31c36ea3..50dae519 100644 --- a/config/secrets/secretbox/secretbox.go +++ b/config/secrets/secretbox/secretbox.go @@ -18,8 +18,8 @@ type secretBox struct { secretKey [keyLength]byte } -// NewCodec returns a secretbox codec -func NewCodec(opts ...secrets.Option) secrets.Codec { +// NewSecrets returns a secretbox codec +func NewSecrets(opts ...secrets.Option) secrets.Secrets { sb := &secretBox{} for _, o := range opts { o(&sb.options) @@ -31,13 +31,13 @@ func (s *secretBox) Init(opts ...secrets.Option) error { for _, o := range opts { o(&s.options) } - if len(s.options.SecretKey) == 0 { + if len(s.options.Key) == 0 { return errors.New("no secret key is defined") } - if len(s.options.SecretKey) != keyLength { + if len(s.options.Key) != keyLength { return errors.Errorf("secret key must be %d bytes long", keyLength) } - copy(s.secretKey[:], s.options.SecretKey) + copy(s.secretKey[:], s.options.Key) return nil } diff --git a/config/secrets/secretbox/secretbox_test.go b/config/secrets/secretbox/secretbox_test.go index 04c3a2f5..a0c1e07a 100644 --- a/config/secrets/secretbox/secretbox_test.go +++ b/config/secrets/secretbox/secretbox_test.go @@ -14,21 +14,21 @@ func TestSecretBox(t *testing.T) { t.Fatal(err) } - s := NewCodec() + s := NewSecrets() if err := s.Init(); err == nil { t.Error("Secretbox accepted an empty secret key") } - if err := s.Init(secrets.SecretKey([]byte("invalid"))); err == nil { + if err := s.Init(secrets.Key([]byte("invalid"))); err == nil { t.Error("Secretbox accepted a secret key that is invalid") } - if err := s.Init(secrets.SecretKey(secretKey)); err != nil { + if err := s.Init(secrets.Key(secretKey)); err != nil { t.Fatal(err) } o := s.Options() - if !reflect.DeepEqual(o.SecretKey, secretKey) { + if !reflect.DeepEqual(o.Key, secretKey) { t.Error("Init() didn't set secret key correctly") } if s.String() != "nacl-secretbox" { diff --git a/config/secrets/secrets.go b/config/secrets/secrets.go index b2ec4c07..c8551355 100644 --- a/config/secrets/secrets.go +++ b/config/secrets/secrets.go @@ -3,33 +3,39 @@ package secrets import "context" -// Codec encrypts or decrypts arbitrary data. The data should be as small as possible -type Codec interface { +// Secrets encrypts or decrypts arbitrary data. The data should be as small as possible +type Secrets interface { + // Initialise options Init(...Option) error + // Return the options Options() Options - String() string + // Decrypt a value Decrypt([]byte, ...DecryptOption) ([]byte, error) + // Encrypt a value Encrypt([]byte, ...EncryptOption) ([]byte, error) + // Secrets implementation + String() string } -// Options is a codec's options -// SecretKey or both PublicKey and PrivateKey should be set depending on the -// underlying implementation type Options struct { - SecretKey []byte + // Key is a symmetric key for encoding + Key []byte + // Private key for decoding PrivateKey []byte - PublicKey []byte - Context context.Context + // Public key for encoding + PublicKey []byte + // Context for other opts + Context context.Context } // Option sets options type Option func(*Options) -// SecretKey sets the symmetric secret key -func SecretKey(key []byte) Option { +// Key sets the symmetric secret key +func Key(k []byte) Option { return func(o *Options) { - o.SecretKey = make([]byte, len(key)) - copy(o.SecretKey, key) + o.Key = make([]byte, len(k)) + copy(o.Key, k) } } @@ -49,7 +55,7 @@ func PrivateKey(key []byte) Option { } } -// DecryptOptions can be passed to Codec.Decrypt +// DecryptOptions can be passed to Secrets.Decrypt type DecryptOptions struct { SenderPublicKey []byte } @@ -57,7 +63,7 @@ type DecryptOptions struct { // DecryptOption sets DecryptOptions type DecryptOption func(*DecryptOptions) -// SenderPublicKey is the Public Key of the Codec that encrypted this message +// SenderPublicKey is the Public Key of the Secrets that encrypted this message func SenderPublicKey(key []byte) DecryptOption { return func(d *DecryptOptions) { d.SenderPublicKey = make([]byte, len(key)) @@ -65,7 +71,7 @@ func SenderPublicKey(key []byte) DecryptOption { } } -// EncryptOptions can be passed to Codec.Encrypt +// EncryptOptions can be passed to Secrets.Encrypt type EncryptOptions struct { RecipientPublicKey []byte } @@ -73,7 +79,7 @@ type EncryptOptions struct { // EncryptOption Sets EncryptOptions type EncryptOption func(*EncryptOptions) -// RecipientPublicKey is the Public Key of the Codec that will decrypt this message +// RecipientPublicKey is the Public Key of the Secrets that will decrypt this message func RecipientPublicKey(key []byte) EncryptOption { return func(e *EncryptOptions) { e.RecipientPublicKey = make([]byte, len(key))