From b6e78ca3bea82a28a3831377b21baba4f0b2efde Mon Sep 17 00:00:00 2001 From: David Mihalcik Date: Fri, 10 Jan 2025 14:33:57 -0500 Subject: [PATCH] rename to simplify --- service/kas/access/provider.go | 4 ++-- service/kas/access/publicKey.go | 14 +++++++------- service/kas/access/rewrap.go | 6 +++--- service/kas/recrypt/recrypt.go | 2 +- service/kas/recrypt/standard.go | 2 +- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/service/kas/access/provider.go b/service/kas/access/provider.go index 8c0515ba1..82e6ddb09 100644 --- a/service/kas/access/provider.go +++ b/service/kas/access/provider.go @@ -25,7 +25,7 @@ type Provider struct { URI url.URL `json:"uri"` SDK *otdf.SDK AttributeSvc *url.URL - recrypt.CryptoProvider + recrypt.Provider Logger *logger.Logger Config *serviceregistry.ServiceConfig KASConfig @@ -74,7 +74,7 @@ func (p *Provider) LoadStandardCryptoProvider() (*recrypt.Standard, error) { if err != nil { return nil, fmt.Errorf("recrypt.NewStandardWithOptions failed: %w", err) } - p.CryptoProvider = c + p.Provider = c return c, nil } diff --git a/service/kas/access/publicKey.go b/service/kas/access/publicKey.go index a6bd2b0e9..0bdf28fff 100644 --- a/service/kas/access/publicKey.go +++ b/service/kas/access/publicKey.go @@ -22,11 +22,11 @@ const ( ) func (p Provider) LegacyPublicKey(ctx context.Context, req *connect.Request[kaspb.LegacyPublicKeyRequest]) (*connect.Response[wrapperspb.StringValue], error) { - algorithm, err := p.CryptoProvider.ParseAlgorithm(req.Msg.GetAlgorithm()) + algorithm, err := p.ParseAlgorithm(req.Msg.GetAlgorithm()) if err != nil { return nil, err } - kids, err := p.CryptoProvider.CurrentKID(algorithm) + kids, err := p.CurrentKID(algorithm) if err != nil { return nil, err } @@ -37,7 +37,7 @@ func (p Provider) LegacyPublicKey(ctx context.Context, req *connect.Request[kasp p.Logger.ErrorContext(ctx, "multiple keys found for algorithm", "algorithm", algorithm, "kids", kids) } fmt := recrypt.KeyFormatPEM - pem, err := p.CryptoProvider.PublicKey(algorithm, kids[:1], fmt) + pem, err := p.Provider.PublicKey(algorithm, kids[:1], fmt) if err != nil { p.Logger.ErrorContext(ctx, "CryptoProvider.ECPublicKey failed", "err", err) return nil, connect.NewError(connect.CodeInternal, errors.Join(ErrConfig, errors.New("configuration error"))) @@ -52,7 +52,7 @@ func (p Provider) PublicKey(ctx context.Context, req *connect.Request[kaspb.Publ defer span.End() } - algorithm, err := p.CryptoProvider.ParseAlgorithm(req.Msg.GetAlgorithm()) + algorithm, err := p.ParseAlgorithm(req.Msg.GetAlgorithm()) if err != nil { return nil, connect.NewError(connect.CodeNotFound, err) } @@ -60,14 +60,14 @@ func (p Provider) PublicKey(ctx context.Context, req *connect.Request[kaspb.Publ algorithm = recrypt.AlgorithmRSA2048 } - kids, err := p.CryptoProvider.CurrentKID(algorithm) + kids, err := p.CurrentKID(algorithm) if err != nil { return nil, connect.NewError(connect.CodeNotFound, err) } if len(kids) == 0 { return nil, security.ErrCertNotFound } - fmt, err := p.CryptoProvider.ParseKeyFormat(req.Msg.GetFmt()) + fmt, err := p.ParseKeyFormat(req.Msg.GetFmt()) if err != nil { return nil, connect.NewError(connect.CodeInvalidArgument, err) } @@ -91,7 +91,7 @@ func (p Provider) PublicKey(ctx context.Context, req *connect.Request[kaspb.Publ return connect.NewResponse(&kaspb.PublicKeyResponse{PublicKey: value, Kid: string(kid[0])}), nil } - v, err := p.CryptoProvider.PublicKey(algorithm, kids, fmt) + v, err := p.Provider.PublicKey(algorithm, kids, fmt) return r(v, kids, err) } diff --git a/service/kas/access/rewrap.go b/service/kas/access/rewrap.go index d9c3b59d4..53e6332e5 100644 --- a/service/kas/access/rewrap.go +++ b/service/kas/access/rewrap.go @@ -316,13 +316,13 @@ func (p *Provider) tdf3Rewrap(ctx context.Context, body *RequestBody, entity *en } } p.Logger.DebugContext(ctx, "paging through legacy KIDs for kid free kao", "kids", kidsToCheck) - symmetricKey, err := p.CryptoProvider.Unwrap(kidsToCheck[0], body.KeyAccess.WrappedKey) + symmetricKey, err := p.Provider.Unwrap(kidsToCheck[0], body.KeyAccess.WrappedKey) for _, kid := range kidsToCheck[1:] { if err == nil { break } p.Logger.DebugContext(ctx, "continue paging through legacy KIDs for kid free kao", "err", err, "kid", kid) - symmetricKey, err = p.CryptoProvider.Unwrap(kid, body.KeyAccess.WrappedKey) + symmetricKey, err = p.Provider.Unwrap(kid, body.KeyAccess.WrappedKey) } if err != nil { p.Logger.WarnContext(ctx, "failure to decrypt dek", "err", err) @@ -424,7 +424,7 @@ func (p *Provider) nanoTDFRewrap(ctx context.Context, body *RequestBody, entity } p.Logger.DebugContext(ctx, "nanoTDFRewrap", "kid", kid) - symmetricKey, err := p.CryptoProvider.Derive(kid, header.EphemeralKey) + symmetricKey, err := p.Provider.Derive(kid, header.EphemeralKey) if err != nil { return nil, fmt.Errorf("failed to generate symmetric key: %w", err) } diff --git a/service/kas/recrypt/recrypt.go b/service/kas/recrypt/recrypt.go index 7a2dac88e..39a316d16 100644 --- a/service/kas/recrypt/recrypt.go +++ b/service/kas/recrypt/recrypt.go @@ -23,7 +23,7 @@ type KeyFormat string // - Key agreement for nanoTDF and other EC based solutions // // This may be Closeable -type CryptoProvider interface { +type Provider interface { // Return current preferred key identifier(s) for wrapping with the given algorithm. CurrentKID(alg Algorithm) ([]KeyIdentifier, error) diff --git a/service/kas/recrypt/standard.go b/service/kas/recrypt/standard.go index 5b106964c..b4043b3e0 100644 --- a/service/kas/recrypt/standard.go +++ b/service/kas/recrypt/standard.go @@ -33,7 +33,7 @@ type keyHolder struct { publicPEM []byte } -// Implementation of the recrypt CryptoProvider interface using standard go crypto primitives. +// Implementation of the recrypt.Provider interface using standard go crypto primitives. type Standard struct { keys map[KeyIdentifier]keyHolder currentKIDsByAlg map[Algorithm][]KeyIdentifier