Skip to content
Permalink
Browse files

Deprecate incorrectly named API (#424)

* Rename cell.CELL_MODE_* constants
* Rename compare.COMPARE_* constants
* Rename keys.KEYTYPE_* constants
* Rename session.STATE_* constants

  - Provide new names that don't offend golint
  - Use new names throughout the code base
  - Mark the old names deprecated and redefine constants using new values

* Rename session.SecureSession.GetRemoteId method

  - Provide new name that don't offend golint
  - Use the new name throughout the code base
  - Mark the old method deprecated and reimplement it using the new one

* Use C constants directly

It turns out that CGo actually does export C defines as Go constants,
therefore we don't need to use intermediate variables for Secure
Comparator.

Previous code actually does not compile with Go 1.9.2 that we have
on CI, but it is fine with my Go 1.12. The new code is fine in both
environments.
  • Loading branch information...
ilammy committed Mar 13, 2019
1 parent f322b55 commit 419d5a3c2ca83d524e43b7bb5c44cb10c162e6d7
@@ -12,7 +12,7 @@ func main() {
fmt.Printf("usage %s <command> <password> <message> <context>\n", os.Args[0])
return
}
sc := cell.New([]byte(os.Args[2]), cell.CELL_MODE_CONTEXT_IMPRINT)
sc := cell.New([]byte(os.Args[2]), cell.ModeContextImprint)
if "enc" == os.Args[1] {
encData, _, err := sc.Protect([]byte(os.Args[3]), []byte(os.Args[4]))
if nil != err {
@@ -12,7 +12,7 @@ func main() {
fmt.Printf("usage %s <command> <password> <message>\n", os.Args[0])
return
}
sc := cell.New([]byte(os.Args[2]), cell.CELL_MODE_SEAL)
sc := cell.New([]byte(os.Args[2]), cell.ModeSeal)
if "enc" == os.Args[1] {
encData, _, err := sc.Protect([]byte(os.Args[3]), nil)
if nil != err {
@@ -12,7 +12,7 @@ func main() {
fmt.Printf("usage %s <command> <password> <message> [<token>]\n", os.Args[0])
return
}
sc := cell.New([]byte(os.Args[2]), cell.CELL_MODE_TOKEN_PROTECT)
sc := cell.New([]byte(os.Args[2]), cell.ModeTokenProtect)
if "enc" == os.Args[1] {
encData, token, err := sc.Protect([]byte(os.Args[3]), nil)
if nil != err {
@@ -48,7 +48,7 @@ func main() {
return
}

if compare.COMPARE_NOT_READY == res {
if compare.NotReady == res {
buf = make([]byte, 10240)
readBytes, err := conn.Read(buf)
if err != nil {
@@ -62,7 +62,7 @@ func main() {
}
buf = buffer
} else {
if compare.COMPARE_MATCH == res {
if compare.Match == res {
fmt.Println("match")
} else {
fmt.Println("not match")
@@ -25,7 +25,7 @@ func connectionHandler(c net.Conn, secret string) {
return
}

if compare.COMPARE_NOT_READY == res {
if compare.NotReady == res {
buf := make([]byte, 10240)
readBytes, err := c.Read(buf)
if err != nil {
@@ -43,7 +43,7 @@ func connectionHandler(c net.Conn, secret string) {
return
}
} else {
if compare.COMPARE_MATCH == res {
if compare.Match == res {
fmt.Println("match")
} else {
fmt.Println("not match")
@@ -7,7 +7,7 @@ import (
)

func main() {
keyPair, err := keys.New(keys.KEYTYPE_EC)
keyPair, err := keys.New(keys.TypeEC)
if nil != err {
fmt.Println("Keypair generating error")
return
@@ -58,7 +58,7 @@ func main() {
fmt.Println("connection error")
return
}
clientKeyPair, err := keys.New(keys.KEYTYPE_EC)
clientKeyPair, err := keys.New(keys.TypeEC)
if err != nil {
fmt.Println("error generating key pair")
return
@@ -66,7 +66,7 @@ func main() {
fmt.Println("listen error")
return
}
serverKeyPair, err := keys.New(keys.KEYTYPE_EC)
serverKeyPair, err := keys.New(keys.TypeEC)
if err != nil {
fmt.Println("error generating key pair")
return
@@ -132,9 +132,18 @@ import (

// Secure Cell operation mode.
const (
CELL_MODE_SEAL = 0
CELL_MODE_TOKEN_PROTECT = 1
CELL_MODE_CONTEXT_IMPRINT = 2
ModeSeal = iota
ModeTokenProtect
ModeContextImprint
)

// Secure Cell operation mode.
//
// Deprecated: Since 0.11. Use "cell.Mode..." constants instead.
const (
CELL_MODE_SEAL = ModeSeal
CELL_MODE_TOKEN_PROTECT = ModeTokenProtect
CELL_MODE_CONTEXT_IMPRINT = ModeContextImprint
)

// SecureCell is a high-level cryptographic service aimed at protecting arbitrary data
@@ -155,7 +164,7 @@ func missing(data []byte) bool {

// Protect encrypts or signs data with optional user context (depending on the Cell mode).
func (sc *SecureCell) Protect(data []byte, context []byte) ([]byte, []byte, error) {
if (sc.mode < CELL_MODE_SEAL) || (sc.mode > CELL_MODE_CONTEXT_IMPRINT) {
if (sc.mode < ModeSeal) || (sc.mode > ModeContextImprint) {
return nil, nil, errors.New("Invalid mode specified")
}

@@ -167,7 +176,7 @@ func (sc *SecureCell) Protect(data []byte, context []byte) ([]byte, []byte, erro
return nil, nil, errors.New("Data was not provided")
}

if CELL_MODE_CONTEXT_IMPRINT == sc.mode {
if ModeContextImprint == sc.mode {
if missing(context) {
return nil, nil, errors.New("Context is mandatory for context imprint mode")
}
@@ -223,7 +232,7 @@ func (sc *SecureCell) Protect(data []byte, context []byte) ([]byte, []byte, erro

// Unprotect decrypts or verify data with optional user context (depending on the Cell mode).
func (sc *SecureCell) Unprotect(protectedData []byte, additionalData []byte, context []byte) ([]byte, error) {
if (sc.mode < CELL_MODE_SEAL) || (sc.mode > CELL_MODE_CONTEXT_IMPRINT) {
if (sc.mode < ModeSeal) || (sc.mode > ModeContextImprint) {
return nil, errors.New("Invalid mode specified")
}

@@ -235,13 +244,13 @@ func (sc *SecureCell) Unprotect(protectedData []byte, additionalData []byte, con
return nil, errors.New("Data was not provided")
}

if CELL_MODE_CONTEXT_IMPRINT == sc.mode {
if ModeContextImprint == sc.mode {
if missing(context) {
return nil, errors.New("Context is mandatory for context imprint mode")
}
}

if CELL_MODE_TOKEN_PROTECT == sc.mode {
if ModeTokenProtect == sc.mode {
if missing(additionalData) {
return nil, errors.New("Additional data is mandatory for token protect mode")
}
@@ -88,11 +88,11 @@ func TestProtect(t *testing.T) {
t.Error(err)
}

testProtect(CELL_MODE_SEAL, nil, t)
testProtect(CELL_MODE_SEAL, context, t)
testProtect(ModeSeal, nil, t)
testProtect(ModeSeal, context, t)

testProtect(CELL_MODE_TOKEN_PROTECT, nil, t)
testProtect(CELL_MODE_TOKEN_PROTECT, context, t)
testProtect(ModeTokenProtect, nil, t)
testProtect(ModeTokenProtect, context, t)

testProtect(CELL_MODE_CONTEXT_IMPRINT, context, t)
testProtect(ModeContextImprint, context, t)
}
@@ -50,10 +50,6 @@ static int compare_result(void *ctx)
return (int)res;
}
const int GOTHEMIS_SCOMPARE_MATCH = THEMIS_SCOMPARE_MATCH;
const int GOTHEMIS_SCOMPARE_NO_MATCH = THEMIS_SCOMPARE_NO_MATCH;
const int GOTHEMIS_SCOMPARE_NOT_READY = THEMIS_SCOMPARE_NOT_READY;
*/
import "C"
import (
@@ -63,10 +59,19 @@ import (
)

// Secure comparison result.
var (
COMPARE_MATCH = int(C.GOTHEMIS_SCOMPARE_MATCH)
COMPARE_NO_MATCH = int(C.GOTHEMIS_SCOMPARE_NO_MATCH)
COMPARE_NOT_READY = int(C.GOTHEMIS_SCOMPARE_NOT_READY)
const (
Match = int(C.THEMIS_SCOMPARE_MATCH)
NoMatch = int(C.THEMIS_SCOMPARE_NO_MATCH)
NotReady = int(C.THEMIS_SCOMPARE_NOT_READY)
)

// Secure comparison result.
//
// Deprecated: Since 0.11. Use "compare.Match..." constants instead.
const (
COMPARE_MATCH = Match
COMPARE_NO_MATCH = NoMatch
COMPARE_NOT_READY = NotReady
)

// SecureCompare is an interactive protocol for two parties that compares whether
@@ -168,9 +173,9 @@ func (sc *SecureCompare) Proceed(data []byte) ([]byte, error) {
func (sc *SecureCompare) Result() (int, error) {
res := int(C.compare_result(sc.ctx))
switch res {
case COMPARE_NOT_READY, COMPARE_NO_MATCH, COMPARE_MATCH:
case NotReady, NoMatch, Match:
return int(res), nil
}

return COMPARE_NOT_READY, errors.New("Failed to get compare result")
return NotReady, errors.New("Failed to get compare result")
}
@@ -29,17 +29,17 @@ func scService(sc *SecureCompare, ch chan []byte, finCh chan int, t *testing.T)
res, err := sc.Result()
if err != nil {
t.Error(err)
finCh <- COMPARE_NOT_READY
finCh <- NotReady
return
}

for COMPARE_NOT_READY == res {
for NotReady == res {
buf := <-ch

buf, err := sc.Proceed(buf)
if err != nil {
t.Error(err)
finCh <- COMPARE_NOT_READY
finCh <- NotReady
return
}

@@ -50,7 +50,7 @@ func scService(sc *SecureCompare, ch chan []byte, finCh chan int, t *testing.T)
res, err = sc.Result()
if err != nil {
t.Error(err)
finCh <- COMPARE_NOT_READY
finCh <- NotReady
return
}
}
@@ -123,6 +123,6 @@ func TestCompare(t *testing.T) {
return
}

compare(sec1, sec2, COMPARE_NO_MATCH, t)
compare(sec1, sec1, COMPARE_MATCH, t)
compare(sec1, sec2, NoMatch, t)
compare(sec1, sec1, Match, t)
}
@@ -60,8 +60,16 @@ import (

// Type of Themis key.
const (
KEYTYPE_EC = 0
KEYTYPE_RSA = 1
TypeEC = iota
TypeRSA
)

// Type of Themis key.
//
// Deprecated: Since 0.11. Use "keys.Type..." constants instead.
const (
KEYTYPE_EC = TypeEC
KEYTYPE_RSA = TypeRSA
)

// PrivateKey stores a ECDSA or RSA private key.
@@ -82,7 +90,7 @@ type Keypair struct {

// New generates a new random pair of keys of the specified type.
func New(keytype int) (*Keypair, error) {
if (keytype != KEYTYPE_EC) && (keytype != KEYTYPE_RSA) {
if (keytype != TypeEC) && (keytype != TypeRSA) {
return nil, errors.New("Incorrect key type")
}

@@ -5,12 +5,12 @@ import (
)

func TestNewKeypair(t *testing.T) {
_, err := New(KEYTYPE_EC)
_, err := New(TypeEC)
if nil != err {
t.Error(err)
}

_, err = New(KEYTYPE_RSA)
_, err = New(TypeRSA)
if nil != err {
t.Error(err)
}
@@ -116,11 +116,11 @@ func testSign(keytype int, t *testing.T) {
}

func TestMessageWrap(t *testing.T) {
testWrap(keys.KEYTYPE_EC, t)
testWrap(keys.KEYTYPE_RSA, t)
testWrap(keys.TypeEC, t)
testWrap(keys.TypeRSA, t)
}

func TestMessageSign(t *testing.T) {
testSign(keys.KEYTYPE_EC, t)
testSign(keys.KEYTYPE_RSA, t)
testSign(keys.TypeEC, t)
testSign(keys.TypeRSA, t)
}
@@ -20,9 +20,18 @@ import (

// Secure Session states.
const (
STATE_IDLE = 0
STATE_NEGOTIATING = 1
STATE_ESTABLISHED = 2
StateIdle = iota
StateNegotiating
StateEstablished
)

// Secure Session states.
//
// Deprecated: Since 0.11. Use "session.State..." constants instead.
const (
STATE_IDLE = StateIdle
STATE_NEGOTIATING = StateNegotiating
STATE_ESTABLISHED = StateEstablished
)

// SessionCallbacks implements a delegate for SecureSession.
@@ -206,8 +215,8 @@ func (ss *SecureSession) Unwrap(data []byte) ([]byte, bool, error) {
return nil, false, errors.New("Failed to unwrap data")
}

// GetRemoteId returns ID of the remote peer.
func (ss *SecureSession) GetRemoteId() ([]byte, error) {
// GetRemoteID returns ID of the remote peer.
func (ss *SecureSession) GetRemoteID() ([]byte, error) {
// secure_session_get_remote_id
var outLength C.size_t
if C.secure_session_get_remote_id(ss.ctx.session, nil, &outLength) != C.THEMIS_BUFFER_TOO_SMALL {
@@ -222,3 +231,10 @@ func (ss *SecureSession) GetRemoteId() ([]byte, error) {
}
return out, nil
}

// GetRemoteId returns ID of the remote peer.
//
// Deprecated: Since 0.11. Use GetRemoteID() instead.
func (ss *SecureSession) GetRemoteId() ([]byte, error) {
return ss.GetRemoteID()
}
Oops, something went wrong.

0 comments on commit 419d5a3

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.