scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-03 03:58:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use unexported kdf const names

Browse Source
This commit is contained in:
Jeff Mitchell
2016-08-31 07:19:58 -04:00
parent 65ae080c82
commit 201cd2e1f7
4 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
builtin/logical/transit/backend_test.go
View File

@@ -565,8 +565,8 @@ func TestDerivedKeyUpgrade(t *testing.T) {
p.migrateKeyToKeysMap() p.migrateKeyToKeysMap()
p.upgrade(storage) // Need to run the upgrade code to make the migration stick p.upgrade(storage) // Need to run the upgrade code to make the migration stick
if p.KDF != KDF_hmac_sha256_counter { if p.KDF != kdf_hmac_sha256_counter {
t.Fatalf("bad KDF value by default; counter val is %d, KDF val is %d, policy is %#v", KDF_hmac_sha256_counter, p.KDF, *p) t.Fatalf("bad KDF value by default; counter val is %d, KDF val is %d, policy is %#v", kdf_hmac_sha256_counter, p.KDF, *p)
} }
derBytesOld, err := p.DeriveKey(context, 1) derBytesOld, err := p.DeriveKey(context, 1)
@@ -583,7 +583,7 @@ func TestDerivedKeyUpgrade(t *testing.T) {
t.Fatal("mismatch of same context alg") t.Fatal("mismatch of same context alg")
} }
p.KDF = KDF_hkdf_sha256 p.KDF = kdf_hkdf_sha256
if p.needsUpgrade() { if p.needsUpgrade() {
t.Fatal("expected no upgrade needed") t.Fatal("expected no upgrade needed")
} }

2
builtin/logical/transit/lock_manager.go
View File

@@ -202,7 +202,7 @@ func (lm *lockManager) getPolicyCommon(storage logical.Storage, name string, ups
Derived: derived, Derived: derived,
} }
if derived { if derived {
p.KDF = KDF_hkdf_sha256 p.KDF = kdf_hkdf_sha256
p.ConvergentEncryption = convergent p.ConvergentEncryption = convergent
p.ConvergentVersion = 2 p.ConvergentVersion = 2
} }

4
builtin/logical/transit/path_keys.go
View File

@@ -108,10 +108,10 @@ func (b *backend) pathPolicyRead(
} }
if p.Derived { if p.Derived {
switch p.KDF { switch p.KDF {
case KDF_hmac_sha256_counter: case kdf_hmac_sha256_counter:
resp.Data["kdf"] = "hmac-sha256-counter" resp.Data["kdf"] = "hmac-sha256-counter"
resp.Data["kdf_mode"] = "hmac-sha256-counter" resp.Data["kdf_mode"] = "hmac-sha256-counter"
case KDF_hkdf_sha256: case kdf_hkdf_sha256:
resp.Data["kdf"] = "hkdf_sha256" resp.Data["kdf"] = "hkdf_sha256"
} }
resp.Data["convergent_encryption"] = p.ConvergentEncryption resp.Data["convergent_encryption"] = p.ConvergentEncryption

8
builtin/logical/transit/policy.go
View File

@@ -25,8 +25,8 @@ import (
// Careful with iota; don't put anything before it in this const block // Careful with iota; don't put anything before it in this const block
const ( const (
KDF_hmac_sha256_counter = iota // built-in helper kdf_hmac_sha256_counter = iota // built-in helper
KDF_hkdf_sha256 // golang.org/x/crypto/hkdf kdf_hkdf_sha256 // golang.org/x/crypto/hkdf
) )
const ErrTooOld = "ciphertext version is disallowed by policy (too old)" const ErrTooOld = "ciphertext version is disallowed by policy (too old)"
@@ -342,11 +342,11 @@ func (p *Policy) DeriveKey(context []byte, ver int) ([]byte, error) {
} }
switch p.KDF { switch p.KDF {
case KDF_hmac_sha256_counter: case kdf_hmac_sha256_counter:
prf := kdf.HMACSHA256PRF prf := kdf.HMACSHA256PRF
prfLen := kdf.HMACSHA256PRFLen prfLen := kdf.HMACSHA256PRFLen
return kdf.CounterMode(prf, prfLen, p.Keys[ver].Key, context, 256) return kdf.CounterMode(prf, prfLen, p.Keys[ver].Key, context, 256)
case KDF_hkdf_sha256: case kdf_hkdf_sha256:
reader := hkdf.New(sha256.New, p.Keys[ver].Key, nil, context) reader := hkdf.New(sha256.New, p.Keys[ver].Key, nil, context)
derBytes := bytes.NewBuffer(nil) derBytes := bytes.NewBuffer(nil)
derBytes.Grow(32) derBytes.Grow(32)