Use unexported kdf const names

2025-11-02 03:27:54 +00:00 · 2016-08-31 07:19:58 -04:00
parent 65ae080c82
commit 201cd2e1f7
4 changed files with 10 additions and 10 deletions
--- a/builtin/logical/transit/backend_test.go
+++ b/builtin/logical/transit/backend_test.go
@@ -565,8 +565,8 @@ func TestDerivedKeyUpgrade(t *testing.T) {
 	p.migrateKeyToKeysMap()
 	p.upgrade(storage) // Need to run the upgrade code to make the migration stick

-	if p.KDF != KDF_hmac_sha256_counter {
-		t.Fatalf("bad KDF value by default; counter val is %d, KDF val is %d, policy is %#v", KDF_hmac_sha256_counter, p.KDF, *p)
+	if p.KDF != kdf_hmac_sha256_counter {
+		t.Fatalf("bad KDF value by default; counter val is %d, KDF val is %d, policy is %#v", kdf_hmac_sha256_counter, p.KDF, *p)
 	}

 	derBytesOld, err := p.DeriveKey(context, 1)
@@ -583,7 +583,7 @@ func TestDerivedKeyUpgrade(t *testing.T) {
 		t.Fatal("mismatch of same context alg")
 	}

-	p.KDF = KDF_hkdf_sha256
+	p.KDF = kdf_hkdf_sha256
 	if p.needsUpgrade() {
 		t.Fatal("expected no upgrade needed")
 	}
--- a/builtin/logical/transit/lock_manager.go
+++ b/builtin/logical/transit/lock_manager.go
@@ -202,7 +202,7 @@ func (lm *lockManager) getPolicyCommon(storage logical.Storage, name string, ups
 			Derived:    derived,
 		}
 		if derived {
-			p.KDF = KDF_hkdf_sha256
+			p.KDF = kdf_hkdf_sha256
 			p.ConvergentEncryption = convergent
 			p.ConvergentVersion = 2
 		}
--- a/builtin/logical/transit/path_keys.go
+++ b/builtin/logical/transit/path_keys.go
@@ -108,10 +108,10 @@ func (b *backend) pathPolicyRead(
 	}
 	if p.Derived {
 		switch p.KDF {
-		case KDF_hmac_sha256_counter:
+		case kdf_hmac_sha256_counter:
 			resp.Data["kdf"] = "hmac-sha256-counter"
 			resp.Data["kdf_mode"] = "hmac-sha256-counter"
-		case KDF_hkdf_sha256:
+		case kdf_hkdf_sha256:
 			resp.Data["kdf"] = "hkdf_sha256"
 		}
 		resp.Data["convergent_encryption"] = p.ConvergentEncryption
--- a/builtin/logical/transit/policy.go
+++ b/builtin/logical/transit/policy.go
@@ -25,8 +25,8 @@ import (

 // Careful with iota; don't put anything before it in this const block
 const (
-	KDF_hmac_sha256_counter = iota // built-in helper
-	KDF_hkdf_sha256                // golang.org/x/crypto/hkdf
+	kdf_hmac_sha256_counter = iota // built-in helper
+	kdf_hkdf_sha256                // golang.org/x/crypto/hkdf
 )

 const ErrTooOld = "ciphertext version is disallowed by policy (too old)"
@@ -342,11 +342,11 @@ func (p *Policy) DeriveKey(context []byte, ver int) ([]byte, error) {
 	}

 	switch p.KDF {
-	case KDF_hmac_sha256_counter:
+	case kdf_hmac_sha256_counter:
 		prf := kdf.HMACSHA256PRF
 		prfLen := kdf.HMACSHA256PRFLen
 		return kdf.CounterMode(prf, prfLen, p.Keys[ver].Key, context, 256)
-	case KDF_hkdf_sha256:
+	case kdf_hkdf_sha256:
 		reader := hkdf.New(sha256.New, p.Keys[ver].Key, nil, context)
 		derBytes := bytes.NewBuffer(nil)
 		derBytes.Grow(32)