Merge branch 'master' into k8s-srv-accounts

This commit is contained in:
ben-toogood 2020-04-27 15:08:24 +01:00 committed by GitHub
commit 95a7e21f5f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 35 additions and 29 deletions

View File

@ -18,8 +18,8 @@ type box struct {
privateKey [keyLength]byte privateKey [keyLength]byte
} }
// NewCodec returns a nacl-box codec // NewSecrets returns a nacl-box codec
func NewCodec(opts ...secrets.Option) secrets.Codec { func NewSecrets(opts ...secrets.Option) secrets.Secrets {
b := &box{} b := &box{}
for _, o := range opts { for _, o := range opts {
o(&b.options) o(&b.options)

View File

@ -18,7 +18,7 @@ func TestBox(t *testing.T) {
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
alice, bob := NewCodec(secrets.PublicKey(alicePublicKey[:]), secrets.PrivateKey(alicePrivateKey[:])), NewCodec() alice, bob := NewSecrets(secrets.PublicKey(alicePublicKey[:]), secrets.PrivateKey(alicePrivateKey[:])), NewSecrets()
if err := alice.Init(); err != nil { if err := alice.Init(); err != nil {
t.Error(err) t.Error(err)
} }

View File

@ -18,8 +18,8 @@ type secretBox struct {
secretKey [keyLength]byte secretKey [keyLength]byte
} }
// NewCodec returns a secretbox codec // NewSecrets returns a secretbox codec
func NewCodec(opts ...secrets.Option) secrets.Codec { func NewSecrets(opts ...secrets.Option) secrets.Secrets {
sb := &secretBox{} sb := &secretBox{}
for _, o := range opts { for _, o := range opts {
o(&sb.options) o(&sb.options)
@ -31,13 +31,13 @@ func (s *secretBox) Init(opts ...secrets.Option) error {
for _, o := range opts { for _, o := range opts {
o(&s.options) o(&s.options)
} }
if len(s.options.SecretKey) == 0 { if len(s.options.Key) == 0 {
return errors.New("no secret key is defined") return errors.New("no secret key is defined")
} }
if len(s.options.SecretKey) != keyLength { if len(s.options.Key) != keyLength {
return errors.Errorf("secret key must be %d bytes long", keyLength) return errors.Errorf("secret key must be %d bytes long", keyLength)
} }
copy(s.secretKey[:], s.options.SecretKey) copy(s.secretKey[:], s.options.Key)
return nil return nil
} }

View File

@ -14,21 +14,21 @@ func TestSecretBox(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
s := NewCodec() s := NewSecrets()
if err := s.Init(); err == nil { if err := s.Init(); err == nil {
t.Error("Secretbox accepted an empty secret key") t.Error("Secretbox accepted an empty secret key")
} }
if err := s.Init(secrets.SecretKey([]byte("invalid"))); err == nil { if err := s.Init(secrets.Key([]byte("invalid"))); err == nil {
t.Error("Secretbox accepted a secret key that is invalid") t.Error("Secretbox accepted a secret key that is invalid")
} }
if err := s.Init(secrets.SecretKey(secretKey)); err != nil { if err := s.Init(secrets.Key(secretKey)); err != nil {
t.Fatal(err) t.Fatal(err)
} }
o := s.Options() o := s.Options()
if !reflect.DeepEqual(o.SecretKey, secretKey) { if !reflect.DeepEqual(o.Key, secretKey) {
t.Error("Init() didn't set secret key correctly") t.Error("Init() didn't set secret key correctly")
} }
if s.String() != "nacl-secretbox" { if s.String() != "nacl-secretbox" {

View File

@ -3,33 +3,39 @@ package secrets
import "context" import "context"
// Codec encrypts or decrypts arbitrary data. The data should be as small as possible // Secrets encrypts or decrypts arbitrary data. The data should be as small as possible
type Codec interface { type Secrets interface {
// Initialise options
Init(...Option) error Init(...Option) error
// Return the options
Options() Options Options() Options
String() string // Decrypt a value
Decrypt([]byte, ...DecryptOption) ([]byte, error) Decrypt([]byte, ...DecryptOption) ([]byte, error)
// Encrypt a value
Encrypt([]byte, ...EncryptOption) ([]byte, error) Encrypt([]byte, ...EncryptOption) ([]byte, error)
// Secrets implementation
String() string
} }
// Options is a codec's options
// SecretKey or both PublicKey and PrivateKey should be set depending on the
// underlying implementation
type Options struct { type Options struct {
SecretKey []byte // Key is a symmetric key for encoding
Key []byte
// Private key for decoding
PrivateKey []byte PrivateKey []byte
PublicKey []byte // Public key for encoding
Context context.Context PublicKey []byte
// Context for other opts
Context context.Context
} }
// Option sets options // Option sets options
type Option func(*Options) type Option func(*Options)
// SecretKey sets the symmetric secret key // Key sets the symmetric secret key
func SecretKey(key []byte) Option { func Key(k []byte) Option {
return func(o *Options) { return func(o *Options) {
o.SecretKey = make([]byte, len(key)) o.Key = make([]byte, len(k))
copy(o.SecretKey, key) copy(o.Key, k)
} }
} }
@ -49,7 +55,7 @@ func PrivateKey(key []byte) Option {
} }
} }
// DecryptOptions can be passed to Codec.Decrypt // DecryptOptions can be passed to Secrets.Decrypt
type DecryptOptions struct { type DecryptOptions struct {
SenderPublicKey []byte SenderPublicKey []byte
} }
@ -57,7 +63,7 @@ type DecryptOptions struct {
// DecryptOption sets DecryptOptions // DecryptOption sets DecryptOptions
type DecryptOption func(*DecryptOptions) type DecryptOption func(*DecryptOptions)
// SenderPublicKey is the Public Key of the Codec that encrypted this message // SenderPublicKey is the Public Key of the Secrets that encrypted this message
func SenderPublicKey(key []byte) DecryptOption { func SenderPublicKey(key []byte) DecryptOption {
return func(d *DecryptOptions) { return func(d *DecryptOptions) {
d.SenderPublicKey = make([]byte, len(key)) d.SenderPublicKey = make([]byte, len(key))
@ -65,7 +71,7 @@ func SenderPublicKey(key []byte) DecryptOption {
} }
} }
// EncryptOptions can be passed to Codec.Encrypt // EncryptOptions can be passed to Secrets.Encrypt
type EncryptOptions struct { type EncryptOptions struct {
RecipientPublicKey []byte RecipientPublicKey []byte
} }
@ -73,7 +79,7 @@ type EncryptOptions struct {
// EncryptOption Sets EncryptOptions // EncryptOption Sets EncryptOptions
type EncryptOption func(*EncryptOptions) type EncryptOption func(*EncryptOptions)
// RecipientPublicKey is the Public Key of the Codec that will decrypt this message // RecipientPublicKey is the Public Key of the Secrets that will decrypt this message
func RecipientPublicKey(key []byte) EncryptOption { func RecipientPublicKey(key []byte) EncryptOption {
return func(e *EncryptOptions) { return func(e *EncryptOptions) {
e.RecipientPublicKey = make([]byte, len(key)) e.RecipientPublicKey = make([]byte, len(key))