Make Metadata.ShamirQuorum an uint

The quorum should never be negative.
2026-02-05 12:45:21 +01:00 · 2017-08-29 12:59:50 -07:00
parent a9582158d2
commit eb00619d0d
6 changed files with 11 additions and 11 deletions
--- a/cmd/sops/edit.go
+++ b/cmd/sops/edit.go
@@ -99,7 +99,7 @@ func EditExample(opts EditExampleOpts) ([]byte, error) {
 		KeyGroups:         opts.KeyGroups,
 		UnencryptedSuffix: opts.UnencryptedSuffix,
 		Version:           version,
-		ShamirQuorum:      int(opts.GroupQuorum),
+		ShamirQuorum:      opts.GroupQuorum,
 	}

 	// Generate a data key
--- a/cmd/sops/encrypt.go
+++ b/cmd/sops/encrypt.go
@@ -39,7 +39,7 @@ func Encrypt(opts EncryptOpts) (encryptedFile []byte, err error) {
 		KeyGroups:         opts.KeyGroups,
 		UnencryptedSuffix: opts.UnencryptedSuffix,
 		Version:           version,
-		ShamirQuorum:      int(opts.GroupQuorum),
+		ShamirQuorum:      opts.GroupQuorum,
 	}
 	dataKey, errs := tree.GenerateDataKeyWithKeyServices(opts.KeyServices)
 	if len(errs) > 0 {
--- a/cmd/sops/subcommand/groups/add.go
+++ b/cmd/sops/subcommand/groups/add.go
@@ -30,7 +30,7 @@ func Add(opts AddOpts) error {
 	tree.Metadata.KeyGroups = append(tree.Metadata.KeyGroups, opts.Group)

 	if opts.GroupQuorum != 0 {
-		tree.Metadata.ShamirQuorum = int(opts.GroupQuorum)
+		tree.Metadata.ShamirQuorum = opts.GroupQuorum
 	}
 	tree.Metadata.UpdateMasterKeysWithKeyServices(dataKey, opts.KeyServices)
 	output, err := opts.OutputStore.MarshalWithMetadata(tree.Branch, tree.Metadata)
--- a/cmd/sops/subcommand/groups/delete.go
+++ b/cmd/sops/subcommand/groups/delete.go
@@ -18,7 +18,7 @@ type DeleteOpts struct {
 	KeyServices []keyservice.KeyServiceClient
 }

-func min(a, b int) int {
+func min(a, b uint) uint {
 	if a > b {
 		return b
 	}
@@ -37,10 +37,10 @@ func Delete(opts DeleteOpts) error {
 	tree.Metadata.KeyGroups = append(tree.Metadata.KeyGroups[:opts.Group], tree.Metadata.KeyGroups[opts.Group+1:]...)

 	if opts.GroupQuorum != 0 {
-		tree.Metadata.ShamirQuorum = int(opts.GroupQuorum)
+		tree.Metadata.ShamirQuorum = opts.GroupQuorum
 	}
 	// The quorum should always be smaller or equal to the number of key groups
-	tree.Metadata.ShamirQuorum = min(tree.Metadata.ShamirQuorum, len(tree.Metadata.KeyGroups))
+	tree.Metadata.ShamirQuorum = min(tree.Metadata.ShamirQuorum, uint(len(tree.Metadata.KeyGroups)))

 	tree.Metadata.UpdateMasterKeysWithKeyServices(dataKey, opts.KeyServices)
 	output, err := opts.OutputStore.MarshalWithMetadata(tree.Branch, tree.Metadata)
--- a/sops.go
+++ b/sops.go
@@ -301,7 +301,7 @@ type Metadata struct {
 	KeyGroups                 []KeyGroup
 	// ShamirQuorum is the number of key groups required to recover the
 	// original data key
-	ShamirQuorum int
+	ShamirQuorum uint
 	// DataKey caches the decrypted data key so it doesn't have to be decrypted with a master key every time it's needed
 	DataKey []byte
 }
@@ -340,10 +340,10 @@ func (m *Metadata) UpdateMasterKeysWithKeyServices(dataKey []byte, svcs []keyser
 	} else {
 		var err error
 		if m.ShamirQuorum == 0 {
-			m.ShamirQuorum = len(m.KeyGroups)
+			m.ShamirQuorum = uint(len(m.KeyGroups))
 		}
 		log.Printf("Multiple KeyGroups found, proceeding with Shamir with quorum %d", m.ShamirQuorum)
-		parts, err = shamir.Split(dataKey, len(m.KeyGroups), m.ShamirQuorum)
+		parts, err = shamir.Split(dataKey, len(m.KeyGroups), int(m.ShamirQuorum))
 		if err != nil {
 			errs = append(errs, fmt.Errorf("Could not split data key into parts for Shamir: %s", err))
 			return
@@ -418,7 +418,7 @@ func (m Metadata) GetDataKeyWithKeyServices(svcs []keyservice.KeyServiceClient)
 	}
 	var dataKey []byte
 	if len(m.KeyGroups) > 1 {
-		if len(parts) < m.ShamirQuorum {
+		if uint(len(parts)) < m.ShamirQuorum {
 			return nil, fmt.Errorf("Not enough parts to recover data key with Shamir. Need %d, have %d.", m.ShamirQuorum, len(parts))
 		}
 		var err error
--- a/stores/stores.go
+++ b/stores/stores.go
@@ -24,7 +24,7 @@ type Metadata struct {
 	UnencryptedSuffix         string     `yaml:"unencrypted_suffix" json:"unencrypted_suffix"`
 	MessageAuthenticationCode string     `yaml:"mac" json:"mac"`
 	Version                   string     `yaml:"version" json:"version"`
-	ShamirQuorum              int        `yaml:"shamir_quorum,omitempty" json:"shamir_quorum,omitempty"`
+	ShamirQuorum              uint       `yaml:"shamir_quorum,omitempty" json:"shamir_quorum,omitempty"`
 	KeyGroups                 []keygroup `yaml:"key_groups,omitempty" json:"key_groups,omitempty"`
 	PGPKeys                   []pgpkey   `yaml:"pgp,omitempty" json:"pgp,omitempty"`
 	KMSKeys                   []kmskey   `yaml:"kms,omitempty" json:"kms,omitempty"`