From 782d92b310caa265c7137f796b577b97f9aa6bd4 Mon Sep 17 00:00:00 2001 From: strantalis Date: Wed, 3 Sep 2025 10:27:18 -0400 Subject: [PATCH 1/3] refactor(ocrypto): remove redundant Encapsulate method from Encapsulator interface The Encapsulate method created circular dependency and provided no functional benefit over the existing Encrypt method. Simplified the interface by keeping only Encrypt which handles all encryption needs. - Remove Encapsulate from Encapsulator interface - Remove AsymEncryption.Encapsulate implementation - Remove mockEncapsulator.Encapsulate test helper - All existing functionality preserved via Export -> Encrypt flow --- lib/ocrypto/interfaces.go | 3 --- lib/ocrypto/protected_key_test.go | 4 ---- 2 files changed, 7 deletions(-) diff --git a/lib/ocrypto/interfaces.go b/lib/ocrypto/interfaces.go index ee0a483208..2dfb420d06 100644 --- a/lib/ocrypto/interfaces.go +++ b/lib/ocrypto/interfaces.go @@ -6,9 +6,6 @@ import ( // Encapsulator enables key encapsulation with a public key type Encapsulator interface { - // Encapsulate wraps a secret key with the encapsulation key - Encapsulate(dek ProtectedKey) ([]byte, error) - // Encrypt wraps a secret key with the encapsulation key Encrypt(data []byte) ([]byte, error) diff --git a/lib/ocrypto/protected_key_test.go b/lib/ocrypto/protected_key_test.go index 6edf7f0bbc..1b0b985614 100644 --- a/lib/ocrypto/protected_key_test.go +++ b/lib/ocrypto/protected_key_test.go @@ -179,10 +179,6 @@ type mockEncapsulator struct { ephemeralKeyFunc func() []byte } -func (m *mockEncapsulator) Encapsulate(_ ProtectedKey) ([]byte, error) { - return nil, nil -} - func (m *mockEncapsulator) Encrypt(data []byte) ([]byte, error) { if m.encryptFunc != nil { return m.encryptFunc(data) From b03da4abe4ee31493ce88df11da9455538b1da43 Mon Sep 17 00:00:00 2001 From: strantalis Date: Wed, 3 Sep 2025 10:32:32 -0400 Subject: [PATCH 2/3] AsymEncryption implements Encapsulator --- lib/ocrypto/asym_encryption.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/ocrypto/asym_encryption.go b/lib/ocrypto/asym_encryption.go index 2d180b3de9..f0e957c109 100644 --- a/lib/ocrypto/asym_encryption.go +++ b/lib/ocrypto/asym_encryption.go @@ -202,6 +202,10 @@ func (e AsymEncryption) PublicKeyInPemFormat() (string, error) { return publicKeyInPemFormat(e.PublicKey) } +func (e AsymEncryption) PublicKeyAsPEM() (string, error) { + return e.PublicKeyInPemFormat() +} + // Encrypts the data with the EC public key. func (e ECEncryptor) Encrypt(data []byte) ([]byte, error) { ikm, err := e.ek.ECDH(e.pub) From 3f8dcf19ecd1e5ceb8fbee117d76610a64a2d724 Mon Sep 17 00:00:00 2001 From: strantalis Date: Wed, 3 Sep 2025 10:41:15 -0400 Subject: [PATCH 3/3] add simple test --- lib/ocrypto/asym_encrypt_decrypt_test.go | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/lib/ocrypto/asym_encrypt_decrypt_test.go b/lib/ocrypto/asym_encrypt_decrypt_test.go index 48bf96a9bc..086cddc126 100644 --- a/lib/ocrypto/asym_encrypt_decrypt_test.go +++ b/lib/ocrypto/asym_encrypt_decrypt_test.go @@ -3,6 +3,9 @@ package ocrypto import ( "crypto/sha256" "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func salty(s string) []byte { @@ -346,3 +349,21 @@ MJseKiCRhbMS8XoCOTogO4Au9SqpOKqHq2CFRb4= }) } } + +func TestAsymEncryption_InterfaceCompliance(t *testing.T) { + const testPublicKey = `-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvKYimFpxEp58ZGTgiaP +RYEzrikTZ3GP0KhWIYrQFAbWdE0qvSS+8LxcUDQoisFk1ux1CO9iuUlyZdKeGsbz +sTmJjdk4nHoH5f/BiLzTEJemDIjXPV5vYcY++4QKhFbZf/XLLZ2hSzAuXz5ZOCel +A/KZs+Zb19Vlra5DCDJ43mqdoqFIDS4cl8mtuRDC5Uw3x1S52tnO/TKPDGj32aVS +GBKh0CWGAXWRmphzGj7kFpkAxT1b827MrQMYxkn4w2WB8B/bGKz0+dWyqnnzGYAS +p4j7mw33Lw8tqLgLJJ4TXkSHmNYNWHUmXs3KTOogEjKOO0QZQRXVHrIv/pqGiGKr +kQIDAQAB +-----END PUBLIC KEY-----` + + asymEncryption, err := NewAsymEncryption(testPublicKey) + require.NoError(t, err) + + // Ensure AsymEncryption implements the Encapsulator interface + assert.Implements(t, (*Encapsulator)(nil), asymEncryption) +}