Merge branch 'master' into k8s-srv-accounts

This commit is contained in:
ben-toogood 2020-04-27 15:08:24 +01:00 committed by GitHub
commit 95a7e21f5f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 35 additions and 29 deletions

View File

@ -18,8 +18,8 @@ type box struct {
privateKey [keyLength]byte
}
// NewCodec returns a nacl-box codec
func NewCodec(opts ...secrets.Option) secrets.Codec {
// NewSecrets returns a nacl-box codec
func NewSecrets(opts ...secrets.Option) secrets.Secrets {
b := &box{}
for _, o := range opts {
o(&b.options)

View File

@ -18,7 +18,7 @@ func TestBox(t *testing.T) {
if err != nil {
t.Fatal(err)
}
alice, bob := NewCodec(secrets.PublicKey(alicePublicKey[:]), secrets.PrivateKey(alicePrivateKey[:])), NewCodec()
alice, bob := NewSecrets(secrets.PublicKey(alicePublicKey[:]), secrets.PrivateKey(alicePrivateKey[:])), NewSecrets()
if err := alice.Init(); err != nil {
t.Error(err)
}

View File

@ -18,8 +18,8 @@ type secretBox struct {
secretKey [keyLength]byte
}
// NewCodec returns a secretbox codec
func NewCodec(opts ...secrets.Option) secrets.Codec {
// NewSecrets returns a secretbox codec
func NewSecrets(opts ...secrets.Option) secrets.Secrets {
sb := &secretBox{}
for _, o := range opts {
o(&sb.options)
@ -31,13 +31,13 @@ func (s *secretBox) Init(opts ...secrets.Option) error {
for _, o := range opts {
o(&s.options)
}
if len(s.options.SecretKey) == 0 {
if len(s.options.Key) == 0 {
return errors.New("no secret key is defined")
}
if len(s.options.SecretKey) != keyLength {
if len(s.options.Key) != keyLength {
return errors.Errorf("secret key must be %d bytes long", keyLength)
}
copy(s.secretKey[:], s.options.SecretKey)
copy(s.secretKey[:], s.options.Key)
return nil
}

View File

@ -14,21 +14,21 @@ func TestSecretBox(t *testing.T) {
t.Fatal(err)
}
s := NewCodec()
s := NewSecrets()
if err := s.Init(); err == nil {
t.Error("Secretbox accepted an empty secret key")
}
if err := s.Init(secrets.SecretKey([]byte("invalid"))); err == nil {
if err := s.Init(secrets.Key([]byte("invalid"))); err == nil {
t.Error("Secretbox accepted a secret key that is invalid")
}
if err := s.Init(secrets.SecretKey(secretKey)); err != nil {
if err := s.Init(secrets.Key(secretKey)); err != nil {
t.Fatal(err)
}
o := s.Options()
if !reflect.DeepEqual(o.SecretKey, secretKey) {
if !reflect.DeepEqual(o.Key, secretKey) {
t.Error("Init() didn't set secret key correctly")
}
if s.String() != "nacl-secretbox" {

View File

@ -3,33 +3,39 @@ package secrets
import "context"
// Codec encrypts or decrypts arbitrary data. The data should be as small as possible
type Codec interface {
// Secrets encrypts or decrypts arbitrary data. The data should be as small as possible
type Secrets interface {
// Initialise options
Init(...Option) error
// Return the options
Options() Options
String() string
// Decrypt a value
Decrypt([]byte, ...DecryptOption) ([]byte, error)
// Encrypt a value
Encrypt([]byte, ...EncryptOption) ([]byte, error)
// Secrets implementation
String() string
}
// Options is a codec's options
// SecretKey or both PublicKey and PrivateKey should be set depending on the
// underlying implementation
type Options struct {
SecretKey []byte
// Key is a symmetric key for encoding
Key []byte
// Private key for decoding
PrivateKey []byte
// Public key for encoding
PublicKey []byte
// Context for other opts
Context context.Context
}
// Option sets options
type Option func(*Options)
// SecretKey sets the symmetric secret key
func SecretKey(key []byte) Option {
// Key sets the symmetric secret key
func Key(k []byte) Option {
return func(o *Options) {
o.SecretKey = make([]byte, len(key))
copy(o.SecretKey, key)
o.Key = make([]byte, len(k))
copy(o.Key, k)
}
}
@ -49,7 +55,7 @@ func PrivateKey(key []byte) Option {
}
}
// DecryptOptions can be passed to Codec.Decrypt
// DecryptOptions can be passed to Secrets.Decrypt
type DecryptOptions struct {
SenderPublicKey []byte
}
@ -57,7 +63,7 @@ type DecryptOptions struct {
// DecryptOption sets DecryptOptions
type DecryptOption func(*DecryptOptions)
// SenderPublicKey is the Public Key of the Codec that encrypted this message
// SenderPublicKey is the Public Key of the Secrets that encrypted this message
func SenderPublicKey(key []byte) DecryptOption {
return func(d *DecryptOptions) {
d.SenderPublicKey = make([]byte, len(key))
@ -65,7 +71,7 @@ func SenderPublicKey(key []byte) DecryptOption {
}
}
// EncryptOptions can be passed to Codec.Encrypt
// EncryptOptions can be passed to Secrets.Encrypt
type EncryptOptions struct {
RecipientPublicKey []byte
}
@ -73,7 +79,7 @@ type EncryptOptions struct {
// EncryptOption Sets EncryptOptions
type EncryptOption func(*EncryptOptions)
// RecipientPublicKey is the Public Key of the Codec that will decrypt this message
// RecipientPublicKey is the Public Key of the Secrets that will decrypt this message
func RecipientPublicKey(key []byte) EncryptOption {
return func(e *EncryptOptions) {
e.RecipientPublicKey = make([]byte, len(key))