Commit 38d25f92 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

docs: replace 'packet' with 'user secrets' in comments

parent 5149f71f
......@@ -83,14 +83,14 @@ func GenerateDecryptionKey() (AESKey, error) {
}
// DangerousAddDecryptionKey adds an AES key for decryption, with identifier keyID.
// Calling this will cause all keyshare packets generated with the key to be trusted.
// Calling this will cause all keyshare secrets generated with the key to be trusted.
func (c *Core) DangerousAddDecryptionKey(keyID uint32, key AESKey) {
c.decryptionKeys[keyID] = key
}
// Set the aes key for encrypting new/changed keyshare data
// with identifier keyid
// Calling this will also cause all keyshare packets generated with the key to be trusted
// Calling this will also cause all keyshare user secrets generated with the key to be trusted
func (c *Core) setDecryptionKey(keyID uint32, key AESKey) {
c.decryptionKeys[keyID] = key
c.decryptionKey = key
......
......@@ -43,7 +43,7 @@ func (c *Core) NewUserSecrets(pinRaw string) (UserSecrets, error) {
return UserSecrets{}, err
}
// Build unencrypted packet
// Build unencrypted secrets
var s unencryptedUserSecrets
s.setPin(pin)
err = s.setKeyshareSecret(secret)
......@@ -78,13 +78,13 @@ func (c *Core) ValidatePin(secrets UserSecrets, pin string) (string, error) {
}
// ValidateJWT checks whether the given JWT is currently valid as an access token for operations
// on the provided encrypted keyshare packet.
// on the provided encrypted keyshare user secrets.
func (c *Core) ValidateJWT(secrets UserSecrets, jwt string) error {
_, err := c.verifyAccess(secrets, jwt)
return err
}
// ChangePin changes the pin in an encrypted keyshare packet to a new value, after validating that
// ChangePin changes the pin in an encrypted keyshare user secret to a new value, after validating that
// the old value is known by the caller.
func (c *Core) ChangePin(secrets UserSecrets, oldpinRaw, newpinRaw string) (UserSecrets, error) {
s, err := c.decryptUserSecretsIfPinOK(secrets, oldpinRaw)
......@@ -108,7 +108,7 @@ func (c *Core) ChangePin(secrets UserSecrets, oldpinRaw, newpinRaw string) (User
return c.encryptUserSecrets(s)
}
// verifyAccess checks that a given access jwt is valid, and if so, return decrypted keyshare packet.
// verifyAccess checks that a given access jwt is valid, and if so, return decrypted keyshare user secrets.
// Note: Although this is an internal function, it is tested directly
func (c *Core) verifyAccess(secrets UserSecrets, jwtToken string) (unencryptedUserSecrets, error) {
// Verify token validity
......
......@@ -14,8 +14,8 @@ import (
type (
// Contains pin (bytes 0-63), secret (bytes 64-127), and identifier (bytes 128-159)
// The binary structure of this packet can have security implications through its interaction with the
// encryption layer applied before storing it. As such, we keep it here more explicit than
// The binary structure of this data structure can have security implications through its interaction
// with the encryption layer applied before storing it. As such, we keep it here more explicit than
// is standard in go. When modifying this structure, analyse whether such changes can have a
// security impact through error side channels.
unencryptedUserSecrets [64 + 64 + 32]byte
......@@ -86,7 +86,7 @@ func (c *Core) encryptUserSecrets(secrets unencryptedUserSecrets) (UserSecrets,
return UserSecrets{}, err
}
// Encrypt packet
// Encrypt secrets
gcm, err := newGCM(c.decryptionKey)
if err != nil {
return UserSecrets{}, err
......@@ -106,7 +106,7 @@ func (c *Core) decryptUserSecrets(secrets UserSecrets) (unencryptedUserSecrets,
return unencryptedUserSecrets{}, ErrNoSuchKey
}
// try and decrypt packet
// try and decrypt secrets
gcm, err := newGCM(key)
if err != nil {
return unencryptedUserSecrets{}, err
......
......@@ -43,7 +43,7 @@ type Configuration struct {
JwtPinExpiry int `json:"jwt_pin_expiry" mapstructure:"jwt_pin_expiry"`
JwtPrivateKey string `json:"jwt_privkey" mapstructure:"jwt_privkey"`
JwtPrivateKeyFile string `json:"jwt_privkey_file" mapstructure:"jwt_privkey_file"`
// Decryption keys used for keyshare packets
// Decryption keys used for user secrets
StorageFallbackKeyFiles []string `json:"storage_fallback_key_files" mapstructure:"storage_fallback_key_files"`
StoragePrimaryKeyFile string `json:"storage_primary_key_file" mapstructure:"storage_primary_key_file"`
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment