From 7d6597b60cbf0bc2c9f027991d68e56db7bfb5d4 Mon Sep 17 00:00:00 2001 From: Adrian Utrilla Date: Mon, 11 Sep 2017 16:59:36 -0700 Subject: [PATCH] Change `path` to `additionalData` in Cipher Encrypt and Decrypt functions While the path inside the tree is commonly used as additional data for AES ciphers, this is not always the case, so the generic name is better. --- aes/decryptor.go | 8 ++++---- sops.go | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/aes/decryptor.go b/aes/decryptor.go index 19fe00335..f43534a5e 100644 --- a/aes/decryptor.go +++ b/aes/decryptor.go @@ -53,7 +53,7 @@ func parse(value string) (*encryptedValue, error) { } // Decrypt takes a sops-format value string and a key and returns the decrypted value and a stash value -func (c Cipher) Decrypt(value string, key []byte, path string) (plaintext interface{}, stash interface{}, err error) { +func (c Cipher) Decrypt(value string, key []byte, additionalData string) (plaintext interface{}, stash interface{}, err error) { if value == "" { return "", nil, nil } @@ -72,7 +72,7 @@ func (c Cipher) Decrypt(value string, key []byte, path string) (plaintext interf } stashValue := stashData{iv: encryptedValue.iv} data := append(encryptedValue.data, encryptedValue.tag...) - decryptedBytes, err := gcm.Open(nil, encryptedValue.iv, data, []byte(path)) + decryptedBytes, err := gcm.Open(nil, encryptedValue.iv, data, []byte(additionalData)) if err != nil { return "", nil, fmt.Errorf("Could not decrypt with AES_GCM: %s", err) } @@ -102,7 +102,7 @@ func (c Cipher) Decrypt(value string, key []byte, path string) (plaintext interf } // Encrypt takes one of (string, int, float, bool) and encrypts it with the provided key and additional auth data, returning a sops-format encrypted string. -func (c Cipher) Encrypt(value interface{}, key []byte, path string, stash interface{}) (string, error) { +func (c Cipher) Encrypt(value interface{}, key []byte, additionalData string, stash interface{}) (string, error) { if value == "" { return "", nil } @@ -144,7 +144,7 @@ func (c Cipher) Encrypt(value interface{}, key []byte, path string, stash interf default: return "", fmt.Errorf("Value to encrypt has unsupported type %T", value) } - out := gcm.Seal(nil, iv, plaintext, []byte(path)) + out := gcm.Seal(nil, iv, plaintext, []byte(additionalData)) return fmt.Sprintf("ENC[AES256_GCM,data:%s,iv:%s,tag:%s,type:%s]", base64.StdEncoding.EncodeToString(out[:len(out)-cryptoaes.BlockSize]), base64.StdEncoding.EncodeToString(iv), diff --git a/sops.go b/sops.go index 1435db59a..3d22afa8f 100644 --- a/sops.go +++ b/sops.go @@ -70,8 +70,8 @@ const MetadataNotFound = sopsError("sops metadata not found") // DataKeyCipher provides a way to encrypt and decrypt the data key used to encrypt and decrypt sops files, so that the data key can be stored alongside the encrypted content. A DataKeyCipher must be able to decrypt the values it encrypts. type DataKeyCipher interface { - Encrypt(value interface{}, key []byte, path string, stash interface{}) (string, error) - Decrypt(value string, key []byte, path string) (plaintext interface{}, stashValue interface{}, err error) + Encrypt(value interface{}, key []byte, additionalData string, stash interface{}) (string, error) + Decrypt(value string, key []byte, additionalData string) (plaintext interface{}, stashValue interface{}, err error) } // Comment represents a comment in the sops tree for the file formats that actually support them.