Skip to content

refactor: remove redundant Encapsulate method from Encapsulator interface #2674

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed

refactor: remove redundant Encapsulate method from Encapsulator interface #2674

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
782d92b
refactor(ocrypto): remove redundant Encapsulate method from Encapsula…
strantalis Sep 3, 2025
b03da4a
AsymEncryption implements Encapsulator
strantalis Sep 3, 2025
3f8dcf1
add simple test
strantalis Sep 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions lib/ocrypto/asym_encrypt_decrypt_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@ package ocrypto
import (
"crypto/sha256"
"testing"

"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)

func salty(s string) []byte {
Expand Down Expand Up @@ -346,3 +349,21 @@ MJseKiCRhbMS8XoCOTogO4Au9SqpOKqHq2CFRb4=
})
}
}

func TestAsymEncryption_InterfaceCompliance(t *testing.T) {
const testPublicKey = `-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvKYimFpxEp58ZGTgiaP
RYEzrikTZ3GP0KhWIYrQFAbWdE0qvSS+8LxcUDQoisFk1ux1CO9iuUlyZdKeGsbz
sTmJjdk4nHoH5f/BiLzTEJemDIjXPV5vYcY++4QKhFbZf/XLLZ2hSzAuXz5ZOCel
A/KZs+Zb19Vlra5DCDJ43mqdoqFIDS4cl8mtuRDC5Uw3x1S52tnO/TKPDGj32aVS
GBKh0CWGAXWRmphzGj7kFpkAxT1b827MrQMYxkn4w2WB8B/bGKz0+dWyqnnzGYAS
p4j7mw33Lw8tqLgLJJ4TXkSHmNYNWHUmXs3KTOogEjKOO0QZQRXVHrIv/pqGiGKr
kQIDAQAB
-----END PUBLIC KEY-----`

asymEncryption, err := NewAsymEncryption(testPublicKey)
require.NoError(t, err)

// Ensure AsymEncryption implements the Encapsulator interface
assert.Implements(t, (*Encapsulator)(nil), asymEncryption)
}
4 changes: 4 additions & 0 deletions lib/ocrypto/asym_encryption.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,10 @@ func (e AsymEncryption) PublicKeyInPemFormat() (string, error) {
return publicKeyInPemFormat(e.PublicKey)
}

func (e AsymEncryption) PublicKeyAsPEM() (string, error) {
return e.PublicKeyInPemFormat()
}

// Encrypts the data with the EC public key.
func (e ECEncryptor) Encrypt(data []byte) ([]byte, error) {
ikm, err := e.ek.ECDH(e.pub)
Expand Down
3 changes: 0 additions & 3 deletions lib/ocrypto/interfaces.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,6 @@ import (

// Encapsulator enables key encapsulation with a public key
type Encapsulator interface {
// Encapsulate wraps a secret key with the encapsulation key
Encapsulate(dek ProtectedKey) ([]byte, error)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we use ProtectedKey interface elsewhere? without diving into it, it would seem the interface would be better than a byte[]. I assume from your PR description the ProtectedKey interface is not used and does not add value, then let's remove it too

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pflynn-virtru

We have an implementation of a protected key here but it was getting confusing in my mind because export takes an encapsulator and encapsulator takes a protected key.

platform/lib/ocrypto/interfaces.go

Line 30 in 6fb1515

Export(encapsulator Encapsulator) ([]byte, error)

platform/lib/ocrypto/interfaces.go

Line 10 in 6fb1515

Encapsulate(dek ProtectedKey) ([]byte, error)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alternative: deprecate Export
#2676


// Encrypt wraps a secret key with the encapsulation key
Encrypt(data []byte) ([]byte, error)

Expand Down
4 changes: 0 additions & 4 deletions lib/ocrypto/protected_key_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,10 +179,6 @@ type mockEncapsulator struct {
ephemeralKeyFunc func() []byte
}

func (m *mockEncapsulator) Encapsulate(_ ProtectedKey) ([]byte, error) {
return nil, nil
}

func (m *mockEncapsulator) Encrypt(data []byte) ([]byte, error) {
if m.encryptFunc != nil {
return m.encryptFunc(data)
Expand Down
Loading