Commit 380b9f33 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

refactor: add parameters to keysharecore.NewKeyshareCore instead of having to...

refactor: add parameters to keysharecore.NewKeyshareCore instead of having to always invoke methods on the return value
parent 5ae0bdf1
......@@ -33,12 +33,15 @@ type (
}
)
func NewKeyshareCore() *Core {
return &Core{
func NewKeyshareCore(aesKeyID uint32, aesKey AesKey, signKeyID int, signKey *rsa.PrivateKey) *Core {
c := &Core{
decryptionKeys: map[uint32]AesKey{},
commitmentData: map[uint64]*big.Int{},
trustedKeys: map[irma.PublicKeyIdentifier]*gabikeys.PublicKey{},
}
c.setAESEncryptionKey(aesKeyID, aesKey)
c.setSignKey(signKeyID, signKey)
return c
}
func GenerateAESKey() (AesKey, error) {
......@@ -56,14 +59,14 @@ func (c *Core) DangerousAddAESKey(keyID uint32, key AesKey) {
// Set the aes key for encrypting new/changed keyshare data
// with identifier keyid
// Calling this wil also cause all keyshare packets generated with the key to be trusted
func (c *Core) DangerousSetAESEncryptionKey(keyID uint32, key AesKey) {
func (c *Core) setAESEncryptionKey(keyID uint32, key AesKey) {
c.decryptionKeys[keyID] = key
c.encryptionKey = key
c.encryptionKeyID = keyID
}
// Set key used to sign keyshare protocol messages
func (c *Core) SetSignKey(key *rsa.PrivateKey, id int) {
func (c *Core) setSignKey(id int, key *rsa.PrivateKey) {
c.signKey = key
c.signKeyID = id
}
......
......@@ -21,12 +21,10 @@ import (
func TestPinFunctionality(t *testing.T) {
// Setup keys for test
c := NewKeyshareCore()
var key AesKey
_, err := rand.Read(key[:])
require.NoError(t, err)
c.DangerousSetAESEncryptionKey(1, key)
c.SetSignKey(jwtTestKey, 1)
c := NewKeyshareCore(1, key, 1, jwtTestKey)
// generate test pin
var bpin [64]byte
......@@ -61,12 +59,10 @@ func TestPinFunctionality(t *testing.T) {
func TestVerifyAccess(t *testing.T) {
// Setup keys for test
c := NewKeyshareCore()
var key AesKey
_, err := rand.Read(key[:])
require.NoError(t, err)
c.DangerousSetAESEncryptionKey(1, key)
c.SetSignKey(jwtTestKey, 1)
c := NewKeyshareCore(1, key, 1, jwtTestKey)
// Generate test pins
var bpin [64]byte
......@@ -162,12 +158,10 @@ func TestVerifyAccess(t *testing.T) {
func TestProofFunctionality(t *testing.T) {
// Setup keys for test
c := NewKeyshareCore()
var key AesKey
_, err := rand.Read(key[:])
require.NoError(t, err)
c.DangerousSetAESEncryptionKey(1, key)
c.SetSignKey(jwtTestKey, 1)
c := NewKeyshareCore(1, key, 1, jwtTestKey)
c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)
// generate test pin
......@@ -214,12 +208,10 @@ func TestProofFunctionality(t *testing.T) {
func TestCorruptedPacket(t *testing.T) {
// Setup keys for test
c := NewKeyshareCore()
var key AesKey
_, err := rand.Read(key[:])
require.NoError(t, err)
c.DangerousSetAESEncryptionKey(1, key)
c.SetSignKey(jwtTestKey, 1)
c := NewKeyshareCore(1, key, 1, jwtTestKey)
c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)
// Test parameters
......@@ -260,12 +252,10 @@ func TestCorruptedPacket(t *testing.T) {
func TestIncorrectPin(t *testing.T) {
// Setup keys for test
c := NewKeyshareCore()
var key AesKey
_, err := rand.Read(key[:])
require.NoError(t, err)
c.DangerousSetAESEncryptionKey(1, key)
c.SetSignKey(jwtTestKey, 1)
c := NewKeyshareCore(1, key, 1, jwtTestKey)
c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)
// Test parameters
......@@ -299,12 +289,10 @@ func TestIncorrectPin(t *testing.T) {
func TestMissingKey(t *testing.T) {
// Setup keys for test
c := NewKeyshareCore()
var key AesKey
_, err := rand.Read(key[:])
require.NoError(t, err)
c.DangerousSetAESEncryptionKey(1, key)
c.SetSignKey(jwtTestKey, 1)
c := NewKeyshareCore(1, key, 1, jwtTestKey)
c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)
// Test parameters
......@@ -334,12 +322,10 @@ func TestMissingKey(t *testing.T) {
func TestInvalidChallenge(t *testing.T) {
// Setup keys for test
c := NewKeyshareCore()
var key AesKey
_, err := rand.Read(key[:])
require.NoError(t, err)
c.DangerousSetAESEncryptionKey(1, key)
c.SetSignKey(jwtTestKey, 1)
c := NewKeyshareCore(1, key, 1, jwtTestKey)
c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)
// Test parameters
......@@ -377,12 +363,10 @@ func TestInvalidChallenge(t *testing.T) {
func TestDoubleCommitUse(t *testing.T) {
// Setup keys for test
c := NewKeyshareCore()
var key AesKey
_, err := rand.Read(key[:])
require.NoError(t, err)
c.DangerousSetAESEncryptionKey(1, key)
c.SetSignKey(jwtTestKey, 1)
c := NewKeyshareCore(1, key, 1, jwtTestKey)
c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)
// Test parameters
......@@ -410,12 +394,10 @@ func TestDoubleCommitUse(t *testing.T) {
func TestNonExistingCommit(t *testing.T) {
// Setup keys for test
c := NewKeyshareCore()
var key AesKey
_, err := rand.Read(key[:])
require.NoError(t, err)
c.DangerousSetAESEncryptionKey(1, key)
c.SetSignKey(jwtTestKey, 1)
c := NewKeyshareCore(1, key, 1, jwtTestKey)
c.DangerousAddTrustedPublicKey(irma.PublicKeyIdentifier{Issuer: irma.NewIssuerIdentifier("test"), Counter: 1}, testPubK1)
// Test parameters
......
......@@ -25,11 +25,10 @@ func TestPacketAccess(t *testing.T) {
func TestPacketEncryptDecrypt(t *testing.T) {
// Setup keys for test
c := NewKeyshareCore()
var key AesKey
_, err := rand.Read(key[:])
require.NoError(t, err)
c.DangerousSetAESEncryptionKey(1, key)
c := NewKeyshareCore(1, key, 0, nil)
// Test parameters
var testSecret = big.NewInt(5)
......@@ -54,11 +53,10 @@ func TestPacketEncryptDecrypt(t *testing.T) {
func TestPacketAuthentication(t *testing.T) {
// Setup keys for test
c := NewKeyshareCore()
var key AesKey
_, err := rand.Read(key[:])
require.NoError(t, err)
c.DangerousSetAESEncryptionKey(1, key)
c := NewKeyshareCore(1, key, 0, nil)
// Test parameters
var testSecret = big.NewInt(5)
......@@ -83,11 +81,10 @@ func TestPacketAuthentication(t *testing.T) {
func TestMultiKey(t *testing.T) {
// Setup keys for test
c := NewKeyshareCore()
var key AesKey
_, err := rand.Read(key[:])
require.NoError(t, err)
c.DangerousSetAESEncryptionKey(1, key)
c := NewKeyshareCore(1, key, 0, nil)
_, err = rand.Read(key[:])
require.NoError(t, err)
c.DangerousAddAESKey(2, key)
......
......@@ -222,7 +222,6 @@ func processConfiguration(conf *Configuration) (*keysharecore.Core, error) {
}
// Parse keysharecore private keys and create a valid keyshare core
core := keysharecore.NewKeyshareCore()
if conf.JwtPrivateKey == "" && conf.JwtPrivateKeyFile == "" {
return nil, server.LogError(errors.Errorf("Missing keyshare server jwt key"))
}
......@@ -234,12 +233,12 @@ func processConfiguration(conf *Configuration) (*keysharecore.Core, error) {
if err != nil {
return nil, server.LogError(errors.WrapPrefix(err, "failed to read keyshare server jwt key", 0))
}
core.SetSignKey(jwtPrivateKey, conf.JwtKeyID)
encID, encKey, err := readAESKey(conf.StoragePrimaryKeyFile)
if err != nil {
return nil, server.LogError(errors.WrapPrefix(err, "failed to load primary storage key", 0))
}
core.DangerousSetAESEncryptionKey(encID, encKey)
core := keysharecore.NewKeyshareCore(encID, encKey, conf.JwtKeyID, jwtPrivateKey)
for _, keyFile := range conf.StorageFallbackKeyFiles {
id, key, err := readAESKey(keyFile)
if err != nil {
......
......@@ -43,12 +43,11 @@ func New(c *Configuration) *Converter {
logger.WithField("error", err).Fatal("Could not open connection to destination database.")
}
core := keysharecore.NewKeyshareCore()
index, key, err := readAESKey(c.StoragePrimaryKeyFile)
if err != nil {
logger.WithField("error", err).Fatal("Could not load storage key.")
}
core.DangerousSetAESEncryptionKey(index, key)
core := keysharecore.NewKeyshareCore(index, key, 0, nil)
return &Converter{
source_db: source_db,
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment