go/ucan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

AddEncrypted adds ciphertext always as bytes

Browse Source
This commit is contained in:
Fabio Bozzo
2024-11-12 16:37:53 +01:00
parent fdff79d23a
commit d3e97aaa08
3 changed files with 8 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/meta/meta.go
View File

@@ -58,12 +58,12 @@ func (m *Meta) GetString(key string) (string, error) {
// GetEncryptedString decorates GetString and decrypt its output with the given symmetric encryption key. // GetEncryptedString decorates GetString and decrypt its output with the given symmetric encryption key.
func (m *Meta) GetEncryptedString(key string, encryptionKey []byte) (string, error) { func (m *Meta) GetEncryptedString(key string, encryptionKey []byte) (string, error) {
v, err := m.GetString(key) v, err := m.GetBytes(key)
if err != nil { if err != nil {
return "", err return "", err
} }
decrypted, err := crypto.DecryptStringWithAESKey([]byte(v), encryptionKey) decrypted, err := crypto.DecryptStringWithAESKey(v, encryptionKey)
if err != nil { if err != nil {
return "", err return "", err
} }
@@ -161,16 +161,16 @@ func (m *Meta) AddEncrypted(key string, val any, encryptionKey []byte) error {
if err != nil { if err != nil {
return err return err
} }
return m.Add(key, string(encrypted))
case []byte: case []byte:
encrypted, err = crypto.EncryptWithAESKey(val, encryptionKey) encrypted, err = crypto.EncryptWithAESKey(val, encryptionKey)
if err != nil { if err != nil {
return err return err
} }
return m.Add(key, encrypted)
default: default:
return ErrNotEncryptable return ErrNotEncryptable
} }
return m.Add(key, encrypted)
} }
// Equals tells if two Meta hold the same key/values. // Equals tells if two Meta hold the same key/values.

5
pkg/meta/meta_test.go
View File

@@ -34,9 +34,8 @@ func TestMeta_Add(t *testing.T) {
err = m.AddEncrypted("secret", "hello world", key) err = m.AddEncrypted("secret", "hello world", key)
require.NoError(t, err) require.NoError(t, err)
encrypted, err := m.GetString("secret") _, err = m.GetString("secret")
require.NoError(t, err) require.Error(t, err) // the ciphertext is saved as []byte instead of string
require.NotEqual(t, "hello world", encrypted)
decrypted, err := m.GetEncryptedString("secret", key) decrypted, err := m.GetEncryptedString("secret", key)
require.NoError(t, err) require.NoError(t, err)

6
token/delegation/delegation_test.go
View File

@@ -183,10 +183,8 @@ func TestEncryptedMeta(t *testing.T) {
decodedTkn, _, err := delegation.FromSealed(data) decodedTkn, _, err := delegation.FromSealed(data)
require.NoError(t, err) require.NoError(t, err)
encrypted, err := decodedTkn.Meta().GetString(tt.key) _, err = decodedTkn.Meta().GetString(tt.key)
require.NoError(t, err) require.Error(t, err)
// Verify the encrypted value is different from original
require.NotEqual(t, tt.value, encrypted)
decrypted, err := decodedTkn.Meta().GetEncryptedString(tt.key, encryptionKey) decrypted, err := decodedTkn.Meta().GetEncryptedString(tt.key, encryptionKey)
require.NoError(t, err) require.NoError(t, err)