From 201cd2e1f7513325076b7dd6f6256f9cfbb82b8c Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Wed, 31 Aug 2016 07:19:58 -0400 Subject: [PATCH] Use unexported kdf const names --- builtin/logical/transit/backend_test.go | 6 +++--- builtin/logical/transit/lock_manager.go | 2 +- builtin/logical/transit/path_keys.go | 4 ++-- builtin/logical/transit/policy.go | 8 ++++---- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/builtin/logical/transit/backend_test.go b/builtin/logical/transit/backend_test.go index b291b72c35..f91112b362 100644 --- a/builtin/logical/transit/backend_test.go +++ b/builtin/logical/transit/backend_test.go @@ -565,8 +565,8 @@ func TestDerivedKeyUpgrade(t *testing.T) { p.migrateKeyToKeysMap() p.upgrade(storage) // Need to run the upgrade code to make the migration stick - if p.KDF != KDF_hmac_sha256_counter { - t.Fatalf("bad KDF value by default; counter val is %d, KDF val is %d, policy is %#v", KDF_hmac_sha256_counter, p.KDF, *p) + if p.KDF != kdf_hmac_sha256_counter { + t.Fatalf("bad KDF value by default; counter val is %d, KDF val is %d, policy is %#v", kdf_hmac_sha256_counter, p.KDF, *p) } derBytesOld, err := p.DeriveKey(context, 1) @@ -583,7 +583,7 @@ func TestDerivedKeyUpgrade(t *testing.T) { t.Fatal("mismatch of same context alg") } - p.KDF = KDF_hkdf_sha256 + p.KDF = kdf_hkdf_sha256 if p.needsUpgrade() { t.Fatal("expected no upgrade needed") } diff --git a/builtin/logical/transit/lock_manager.go b/builtin/logical/transit/lock_manager.go index 8e4f606f3a..f83f1bbd71 100644 --- a/builtin/logical/transit/lock_manager.go +++ b/builtin/logical/transit/lock_manager.go @@ -202,7 +202,7 @@ func (lm *lockManager) getPolicyCommon(storage logical.Storage, name string, ups Derived: derived, } if derived { - p.KDF = KDF_hkdf_sha256 + p.KDF = kdf_hkdf_sha256 p.ConvergentEncryption = convergent p.ConvergentVersion = 2 } diff --git a/builtin/logical/transit/path_keys.go b/builtin/logical/transit/path_keys.go index 8ef111f086..7c68c6babe 100644 --- a/builtin/logical/transit/path_keys.go +++ b/builtin/logical/transit/path_keys.go @@ -108,10 +108,10 @@ func (b *backend) pathPolicyRead( } if p.Derived { switch p.KDF { - case KDF_hmac_sha256_counter: + case kdf_hmac_sha256_counter: resp.Data["kdf"] = "hmac-sha256-counter" resp.Data["kdf_mode"] = "hmac-sha256-counter" - case KDF_hkdf_sha256: + case kdf_hkdf_sha256: resp.Data["kdf"] = "hkdf_sha256" } resp.Data["convergent_encryption"] = p.ConvergentEncryption diff --git a/builtin/logical/transit/policy.go b/builtin/logical/transit/policy.go index a392ea3320..75ae8a9427 100644 --- a/builtin/logical/transit/policy.go +++ b/builtin/logical/transit/policy.go @@ -25,8 +25,8 @@ import ( // Careful with iota; don't put anything before it in this const block const ( - KDF_hmac_sha256_counter = iota // built-in helper - KDF_hkdf_sha256 // golang.org/x/crypto/hkdf + kdf_hmac_sha256_counter = iota // built-in helper + kdf_hkdf_sha256 // golang.org/x/crypto/hkdf ) const ErrTooOld = "ciphertext version is disallowed by policy (too old)" @@ -342,11 +342,11 @@ func (p *Policy) DeriveKey(context []byte, ver int) ([]byte, error) { } switch p.KDF { - case KDF_hmac_sha256_counter: + case kdf_hmac_sha256_counter: prf := kdf.HMACSHA256PRF prfLen := kdf.HMACSHA256PRFLen return kdf.CounterMode(prf, prfLen, p.Keys[ver].Key, context, 256) - case KDF_hkdf_sha256: + case kdf_hkdf_sha256: reader := hkdf.New(sha256.New, p.Keys[ver].Key, nil, context) derBytes := bytes.NewBuffer(nil) derBytes.Grow(32)