getsops/sops
1
0
Fork 0
mirror of https://github.com/getsops/sops.git synced 2026-02-05 12:45:21 +01:00
Code Issues Activity

Fixed failing tests

Browse Source
This commit is contained in:
Adrian Utrilla
2016-08-29 14:17:06 -07:00
parent 5441214e65
commit 0efff5627b
3 changed files with 24 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
aes/decryptor_test.go
View File

@@ -12,7 +12,7 @@ func TestDecrypt(t *testing.T) {
expected := "foo" expected := "foo"
key := []byte(strings.Repeat("f", 32)) key := []byte(strings.Repeat("f", 32))
message := `ENC[AES256_GCM,data:oYyi,iv:MyIDYbT718JRr11QtBkcj3Dwm4k1aCGZBVeZf0EyV8o=,tag:t5z2Z023Up0kxwCgw1gNxg==,type:str]` message := `ENC[AES256_GCM,data:oYyi,iv:MyIDYbT718JRr11QtBkcj3Dwm4k1aCGZBVeZf0EyV8o=,tag:t5z2Z023Up0kxwCgw1gNxg==,type:str]`
decryption, err := Cipher{}.Decrypt(message, key, []byte("bar:")) decryption, _, err := Cipher{}.Decrypt(message, key, "bar:")
if err != nil { if err != nil {
t.Errorf("%s", err) t.Errorf("%s", err)
} }
@@ -23,25 +23,25 @@ func TestDecrypt(t *testing.T) {
func TestDecryptInvalidAad(t *testing.T) { func TestDecryptInvalidAad(t *testing.T) {
message := `ENC[AES256_GCM,data:oYyi,iv:MyIDYbT718JRr11QtBkcj3Dwm4k1aCGZBVeZf0EyV8o=,tag:t5z2Z023Up0kxwCgw1gNxg==,type:str]` message := `ENC[AES256_GCM,data:oYyi,iv:MyIDYbT718JRr11QtBkcj3Dwm4k1aCGZBVeZf0EyV8o=,tag:t5z2Z023Up0kxwCgw1gNxg==,type:str]`
_, err := Cipher{}.Decrypt(message, []byte(strings.Repeat("f", 32)), []byte("")) _, _, err := Cipher{}.Decrypt(message, []byte(strings.Repeat("f", 32)), "")
if err == nil { if err == nil {
t.Errorf("Decrypting with an invalid AAC should fail") t.Errorf("Decrypting with an invalid AAC should fail")
} }
} }
func TestRoundtripString(t *testing.T) { func TestRoundtripString(t *testing.T) {
f := func(x string, aad []byte) bool { f := func(x, aad string) bool {
key := make([]byte, 32) key := make([]byte, 32)
rand.Read(key) rand.Read(key)
if x == "" { if x == "" {
return true return true
} }
s, err := Cipher{}.Encrypt(x, key, aad) s, err := Cipher{}.Encrypt(x, key, aad, nil)
if err != nil { if err != nil {
fmt.Println(err) fmt.Println(err)
return false return false
} }
d, err := Cipher{}.Decrypt(s, key, aad) d, _, err := Cipher{}.Decrypt(s, key, aad)
if err != nil { if err != nil {
return false return false
} }
@@ -55,12 +55,12 @@ func TestRoundtripString(t *testing.T) {
func TestRoundtripFloat(t *testing.T) { func TestRoundtripFloat(t *testing.T) {
key := []byte(strings.Repeat("f", 32)) key := []byte(strings.Repeat("f", 32))
f := func(x float64) bool { f := func(x float64) bool {
s, err := Cipher{}.Encrypt(x, key, []byte("")) s, err := Cipher{}.Encrypt(x, key, "", nil)
if err != nil { if err != nil {
fmt.Println(err) fmt.Println(err)
return false return false
} }
d, err := Cipher{}.Decrypt(s, key, []byte("")) d, _, err := Cipher{}.Decrypt(s, key, "")
if err != nil { if err != nil {
return false return false
} }
@@ -74,12 +74,12 @@ func TestRoundtripFloat(t *testing.T) {
func TestRoundtripInt(t *testing.T) { func TestRoundtripInt(t *testing.T) {
key := []byte(strings.Repeat("f", 32)) key := []byte(strings.Repeat("f", 32))
f := func(x int) bool { f := func(x int) bool {
s, err := Cipher{}.Encrypt(x, key, []byte("")) s, err := Cipher{}.Encrypt(x, key, "", nil)
if err != nil { if err != nil {
fmt.Println(err) fmt.Println(err)
return false return false
} }
d, err := Cipher{}.Decrypt(s, key, []byte("")) d, _, err := Cipher{}.Decrypt(s, key, "")
if err != nil { if err != nil {
return false return false
} }
@@ -93,12 +93,12 @@ func TestRoundtripInt(t *testing.T) {
func TestRoundtripBool(t *testing.T) { func TestRoundtripBool(t *testing.T) {
key := []byte(strings.Repeat("f", 32)) key := []byte(strings.Repeat("f", 32))
f := func(x bool) bool { f := func(x bool) bool {
s, err := Cipher{}.Encrypt(x, key, []byte("")) s, err := Cipher{}.Encrypt(x, key, "", nil)
if err != nil { if err != nil {
fmt.Println(err) fmt.Println(err)
return false return false
} }
d, err := Cipher{}.Decrypt(s, key, []byte("")) d, _, err := Cipher{}.Decrypt(s, key, "")
if err != nil { if err != nil {
return false return false
} }

8
sops.go
View File

@@ -126,8 +126,12 @@ func (tree Tree) Encrypt(key []byte, cipher DataKeyCipher, stash map[string][]in
var err error var err error
pathString := strings.Join(path, ":") + ":" pathString := strings.Join(path, ":") + ":"
// Pop from the left of the stash // Pop from the left of the stash
stashValue, newStash := stash[pathString][0], stash[pathString][1:len(stash[pathString])] var stashValue interface{}
stash[pathString] = newStash if len(stash[pathString]) > 0 {
var newStash []interface{}
stashValue, newStash = stash[pathString][0], stash[pathString][1:len(stash[pathString])]
stash[pathString] = newStash
}
in, err = cipher.Encrypt(in, key, pathString, stashValue) in, err = cipher.Encrypt(in, key, pathString, stashValue)
if err != nil { if err != nil {
return nil, fmt.Errorf("Could not encrypt value: %s", err) return nil, fmt.Errorf("Could not encrypt value: %s", err)

14
sops_test.go
View File

@@ -23,14 +23,14 @@ func TestUnencryptedSuffix(t *testing.T) {
}, },
} }
cipher := aes.Cipher{} cipher := aes.Cipher{}
_, err := tree.Encrypt(bytes.Repeat([]byte("f"), 32), cipher) _, err := tree.Encrypt(bytes.Repeat([]byte("f"), 32), cipher, nil)
if err != nil { if err != nil {
t.Errorf("Encrypting the tree failed: %s", err) t.Errorf("Encrypting the tree failed: %s", err)
} }
if !reflect.DeepEqual(tree.Branch, expected) { if !reflect.DeepEqual(tree.Branch, expected) {
t.Errorf("Trees don't match: \ngot \t\t%+v,\n expected \t\t%+v", tree.Branch, expected) t.Errorf("Trees don't match: \ngot \t\t%+v,\n expected \t\t%+v", tree.Branch, expected)
} }
_, err = tree.Decrypt(bytes.Repeat([]byte("f"), 32), cipher) _, err = tree.Decrypt(bytes.Repeat([]byte("f"), 32), cipher, nil)
if err != nil { if err != nil {
t.Errorf("Decrypting the tree failed: %s", err) t.Errorf("Decrypting the tree failed: %s", err)
} }
@@ -41,12 +41,12 @@ func TestUnencryptedSuffix(t *testing.T) {
type MockCipher struct{} type MockCipher struct{}
func (m MockCipher) Encrypt(value interface{}, key []byte, additionalAuthData []byte) (string, error) { func (m MockCipher) Encrypt(value interface{}, key []byte, path string, stashValue interface{}) (string, error) {
return "a", nil return "a", nil
} }
func (m MockCipher) Decrypt(value string, key []byte, additionalAuthData []byte) (interface{}, error) { func (m MockCipher) Decrypt(value string, key []byte, path string) (interface{}, interface{}, error) {
return "a", nil return "a", nil, nil
} }
func TestEncrypt(t *testing.T) { func TestEncrypt(t *testing.T) {
@@ -97,7 +97,7 @@ func TestEncrypt(t *testing.T) {
}, },
} }
tree := Tree{Branch: branch, Metadata: Metadata{UnencryptedSuffix: DefaultUnencryptedSuffix}} tree := Tree{Branch: branch, Metadata: Metadata{UnencryptedSuffix: DefaultUnencryptedSuffix}}
tree.Encrypt(bytes.Repeat([]byte{'f'}, 32), MockCipher{}) tree.Encrypt(bytes.Repeat([]byte{'f'}, 32), MockCipher{}, make(map[string][]interface{}))
if !reflect.DeepEqual(tree.Branch, expected) { if !reflect.DeepEqual(tree.Branch, expected) {
t.Errorf("%s does not equal expected tree: %s", tree.Branch, expected) t.Errorf("%s does not equal expected tree: %s", tree.Branch, expected)
} }
@@ -151,7 +151,7 @@ func TestDecrypt(t *testing.T) {
}, },
} }
tree := Tree{Branch: branch, Metadata: Metadata{UnencryptedSuffix: DefaultUnencryptedSuffix}} tree := Tree{Branch: branch, Metadata: Metadata{UnencryptedSuffix: DefaultUnencryptedSuffix}}
tree.Decrypt(bytes.Repeat([]byte{'f'}, 32), MockCipher{}) tree.Decrypt(bytes.Repeat([]byte{'f'}, 32), MockCipher{}, make(map[string][]interface{}))
if !reflect.DeepEqual(tree.Branch, expected) { if !reflect.DeepEqual(tree.Branch, expected) {
t.Errorf("%s does not equal expected tree: %s", tree.Branch, expected) t.Errorf("%s does not equal expected tree: %s", tree.Branch, expected)
} }