go/ucan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

AddEncrypted adds ciphertext always as bytes

Browse Source
This commit is contained in:
Fabio Bozzo
2024-11-12 16:37:53 +01:00
parent fdff79d23a
commit d3e97aaa08
3 changed files with 8 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/meta/meta.go
View File

@@ -58,12 +58,12 @@ func (m *Meta) GetString(key string) (string, error) {
// GetEncryptedString decorates GetString and decrypt its output with the given symmetric encryption key.
func (m *Meta) GetEncryptedString(key string, encryptionKey []byte) (string, error) {
v, err := m.GetString(key)
v, err := m.GetBytes(key)
if err != nil {
return "", err
}
decrypted, err := crypto.DecryptStringWithAESKey([]byte(v), encryptionKey)
decrypted, err := crypto.DecryptStringWithAESKey(v, encryptionKey)
if err != nil {
return "", err
}
@@ -161,16 +161,16 @@ func (m *Meta) AddEncrypted(key string, val any, encryptionKey []byte) error {
if err != nil {
return err
}
return m.Add(key, string(encrypted))
case []byte:
encrypted, err = crypto.EncryptWithAESKey(val, encryptionKey)
if err != nil {
return err
}
return m.Add(key, encrypted)
default:
return ErrNotEncryptable
}
return m.Add(key, encrypted)
}
// Equals tells if two Meta hold the same key/values.

5
pkg/meta/meta_test.go
View File

@@ -34,9 +34,8 @@ func TestMeta_Add(t *testing.T) {
err = m.AddEncrypted("secret", "hello world", key)
require.NoError(t, err)
encrypted, err := m.GetString("secret")
require.NoError(t, err)
require.NotEqual(t, "hello world", encrypted)
_, err = m.GetString("secret")
require.Error(t, err) // the ciphertext is saved as []byte instead of string
decrypted, err := m.GetEncryptedString("secret", key)
require.NoError(t, err)

6
token/delegation/delegation_test.go
View File

@@ -183,10 +183,8 @@ func TestEncryptedMeta(t *testing.T) {
decodedTkn, _, err := delegation.FromSealed(data)
require.NoError(t, err)
encrypted, err := decodedTkn.Meta().GetString(tt.key)
require.NoError(t, err)
// Verify the encrypted value is different from original
require.NotEqual(t, tt.value, encrypted)
_, err = decodedTkn.Meta().GetString(tt.key)
require.Error(t, err)
decrypted, err := decodedTkn.Meta().GetEncryptedString(tt.key, encryptionKey)
require.NoError(t, err)