Merge branch 'master' into k8s-srv-accounts
This commit is contained in:
commit
95a7e21f5f
@ -18,8 +18,8 @@ type box struct {
|
|||||||
privateKey [keyLength]byte
|
privateKey [keyLength]byte
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewCodec returns a nacl-box codec
|
// NewSecrets returns a nacl-box codec
|
||||||
func NewCodec(opts ...secrets.Option) secrets.Codec {
|
func NewSecrets(opts ...secrets.Option) secrets.Secrets {
|
||||||
b := &box{}
|
b := &box{}
|
||||||
for _, o := range opts {
|
for _, o := range opts {
|
||||||
o(&b.options)
|
o(&b.options)
|
||||||
|
@ -18,7 +18,7 @@ func TestBox(t *testing.T) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
alice, bob := NewCodec(secrets.PublicKey(alicePublicKey[:]), secrets.PrivateKey(alicePrivateKey[:])), NewCodec()
|
alice, bob := NewSecrets(secrets.PublicKey(alicePublicKey[:]), secrets.PrivateKey(alicePrivateKey[:])), NewSecrets()
|
||||||
if err := alice.Init(); err != nil {
|
if err := alice.Init(); err != nil {
|
||||||
t.Error(err)
|
t.Error(err)
|
||||||
}
|
}
|
||||||
|
@ -18,8 +18,8 @@ type secretBox struct {
|
|||||||
secretKey [keyLength]byte
|
secretKey [keyLength]byte
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewCodec returns a secretbox codec
|
// NewSecrets returns a secretbox codec
|
||||||
func NewCodec(opts ...secrets.Option) secrets.Codec {
|
func NewSecrets(opts ...secrets.Option) secrets.Secrets {
|
||||||
sb := &secretBox{}
|
sb := &secretBox{}
|
||||||
for _, o := range opts {
|
for _, o := range opts {
|
||||||
o(&sb.options)
|
o(&sb.options)
|
||||||
@ -31,13 +31,13 @@ func (s *secretBox) Init(opts ...secrets.Option) error {
|
|||||||
for _, o := range opts {
|
for _, o := range opts {
|
||||||
o(&s.options)
|
o(&s.options)
|
||||||
}
|
}
|
||||||
if len(s.options.SecretKey) == 0 {
|
if len(s.options.Key) == 0 {
|
||||||
return errors.New("no secret key is defined")
|
return errors.New("no secret key is defined")
|
||||||
}
|
}
|
||||||
if len(s.options.SecretKey) != keyLength {
|
if len(s.options.Key) != keyLength {
|
||||||
return errors.Errorf("secret key must be %d bytes long", keyLength)
|
return errors.Errorf("secret key must be %d bytes long", keyLength)
|
||||||
}
|
}
|
||||||
copy(s.secretKey[:], s.options.SecretKey)
|
copy(s.secretKey[:], s.options.Key)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -14,21 +14,21 @@ func TestSecretBox(t *testing.T) {
|
|||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
s := NewCodec()
|
s := NewSecrets()
|
||||||
|
|
||||||
if err := s.Init(); err == nil {
|
if err := s.Init(); err == nil {
|
||||||
t.Error("Secretbox accepted an empty secret key")
|
t.Error("Secretbox accepted an empty secret key")
|
||||||
}
|
}
|
||||||
if err := s.Init(secrets.SecretKey([]byte("invalid"))); err == nil {
|
if err := s.Init(secrets.Key([]byte("invalid"))); err == nil {
|
||||||
t.Error("Secretbox accepted a secret key that is invalid")
|
t.Error("Secretbox accepted a secret key that is invalid")
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := s.Init(secrets.SecretKey(secretKey)); err != nil {
|
if err := s.Init(secrets.Key(secretKey)); err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
o := s.Options()
|
o := s.Options()
|
||||||
if !reflect.DeepEqual(o.SecretKey, secretKey) {
|
if !reflect.DeepEqual(o.Key, secretKey) {
|
||||||
t.Error("Init() didn't set secret key correctly")
|
t.Error("Init() didn't set secret key correctly")
|
||||||
}
|
}
|
||||||
if s.String() != "nacl-secretbox" {
|
if s.String() != "nacl-secretbox" {
|
||||||
|
@ -3,33 +3,39 @@ package secrets
|
|||||||
|
|
||||||
import "context"
|
import "context"
|
||||||
|
|
||||||
// Codec encrypts or decrypts arbitrary data. The data should be as small as possible
|
// Secrets encrypts or decrypts arbitrary data. The data should be as small as possible
|
||||||
type Codec interface {
|
type Secrets interface {
|
||||||
|
// Initialise options
|
||||||
Init(...Option) error
|
Init(...Option) error
|
||||||
|
// Return the options
|
||||||
Options() Options
|
Options() Options
|
||||||
String() string
|
// Decrypt a value
|
||||||
Decrypt([]byte, ...DecryptOption) ([]byte, error)
|
Decrypt([]byte, ...DecryptOption) ([]byte, error)
|
||||||
|
// Encrypt a value
|
||||||
Encrypt([]byte, ...EncryptOption) ([]byte, error)
|
Encrypt([]byte, ...EncryptOption) ([]byte, error)
|
||||||
|
// Secrets implementation
|
||||||
|
String() string
|
||||||
}
|
}
|
||||||
|
|
||||||
// Options is a codec's options
|
|
||||||
// SecretKey or both PublicKey and PrivateKey should be set depending on the
|
|
||||||
// underlying implementation
|
|
||||||
type Options struct {
|
type Options struct {
|
||||||
SecretKey []byte
|
// Key is a symmetric key for encoding
|
||||||
|
Key []byte
|
||||||
|
// Private key for decoding
|
||||||
PrivateKey []byte
|
PrivateKey []byte
|
||||||
PublicKey []byte
|
// Public key for encoding
|
||||||
Context context.Context
|
PublicKey []byte
|
||||||
|
// Context for other opts
|
||||||
|
Context context.Context
|
||||||
}
|
}
|
||||||
|
|
||||||
// Option sets options
|
// Option sets options
|
||||||
type Option func(*Options)
|
type Option func(*Options)
|
||||||
|
|
||||||
// SecretKey sets the symmetric secret key
|
// Key sets the symmetric secret key
|
||||||
func SecretKey(key []byte) Option {
|
func Key(k []byte) Option {
|
||||||
return func(o *Options) {
|
return func(o *Options) {
|
||||||
o.SecretKey = make([]byte, len(key))
|
o.Key = make([]byte, len(k))
|
||||||
copy(o.SecretKey, key)
|
copy(o.Key, k)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -49,7 +55,7 @@ func PrivateKey(key []byte) Option {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// DecryptOptions can be passed to Codec.Decrypt
|
// DecryptOptions can be passed to Secrets.Decrypt
|
||||||
type DecryptOptions struct {
|
type DecryptOptions struct {
|
||||||
SenderPublicKey []byte
|
SenderPublicKey []byte
|
||||||
}
|
}
|
||||||
@ -57,7 +63,7 @@ type DecryptOptions struct {
|
|||||||
// DecryptOption sets DecryptOptions
|
// DecryptOption sets DecryptOptions
|
||||||
type DecryptOption func(*DecryptOptions)
|
type DecryptOption func(*DecryptOptions)
|
||||||
|
|
||||||
// SenderPublicKey is the Public Key of the Codec that encrypted this message
|
// SenderPublicKey is the Public Key of the Secrets that encrypted this message
|
||||||
func SenderPublicKey(key []byte) DecryptOption {
|
func SenderPublicKey(key []byte) DecryptOption {
|
||||||
return func(d *DecryptOptions) {
|
return func(d *DecryptOptions) {
|
||||||
d.SenderPublicKey = make([]byte, len(key))
|
d.SenderPublicKey = make([]byte, len(key))
|
||||||
@ -65,7 +71,7 @@ func SenderPublicKey(key []byte) DecryptOption {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// EncryptOptions can be passed to Codec.Encrypt
|
// EncryptOptions can be passed to Secrets.Encrypt
|
||||||
type EncryptOptions struct {
|
type EncryptOptions struct {
|
||||||
RecipientPublicKey []byte
|
RecipientPublicKey []byte
|
||||||
}
|
}
|
||||||
@ -73,7 +79,7 @@ type EncryptOptions struct {
|
|||||||
// EncryptOption Sets EncryptOptions
|
// EncryptOption Sets EncryptOptions
|
||||||
type EncryptOption func(*EncryptOptions)
|
type EncryptOption func(*EncryptOptions)
|
||||||
|
|
||||||
// RecipientPublicKey is the Public Key of the Codec that will decrypt this message
|
// RecipientPublicKey is the Public Key of the Secrets that will decrypt this message
|
||||||
func RecipientPublicKey(key []byte) EncryptOption {
|
func RecipientPublicKey(key []byte) EncryptOption {
|
||||||
return func(e *EncryptOptions) {
|
return func(e *EncryptOptions) {
|
||||||
e.RecipientPublicKey = make([]byte, len(key))
|
e.RecipientPublicKey = make([]byte, len(key))
|
||||||
|
Loading…
x
Reference in New Issue
Block a user