Move and rename packages (matthewstevenson88#41)

security/s2a/internal/record/internal/aeadcrypter/aeadcrypter.go

@@ -0,0 +1,14 @@
+package aeadcrypter
+
+// S2AAEADCrypter is the interface for an AEAD cipher used by the S2A record
+// protocol.
+type S2AAEADCrypter interface {
+	// Encrypt encrypts the plaintext and computes the tag of dst and plaintext.
+	// dst and plaintext may fully overlap or not at all.
+	Encrypt(dst, plaintext, nonce, aad []byte) ([]byte, error)
+	// Decrypt decrypts ciphertext and verifies the tag. dst and ciphertext may
+	// fully overlap or not at all.
+	Decrypt(dst, ciphertext, nonce, aad []byte) ([]byte, error)
+	// TagSize returns the tag size in bytes.
+	TagSize() int
+}

security/s2a/internal/crypter/aesgcm.go → security/s2a/internal/record/internal/aeadcrypter/aesgcm.go

@@ -16,7 +16,7 @@
  *
  */
 
-package crypter
+package aeadcrypter
 
 import (
 	"crypto/aes"
@@ -26,20 +26,20 @@ import (
 
 // Supported key sizes in bytes.
 const (
-	aes128GcmKeySize = 16
-	aes256GcmKeySize = 32
+	AES128GCMKeySize = 16
+	AES256GCMKeySize = 32
 )
 
 // aesgcm is the struct that holds an AES-GCM cipher for the S2A AEAD crypter.
 type aesgcm struct {
 	aead cipher.AEAD
 }
 
-// newAESGCM creates an AES-GCM crypter instance. Note that the key must be
+// NewAESGCM creates an AES-GCM crypter instance. Note that the key must be
 // either 128 bits or 256 bits.
-func newAESGCM(key []byte) (s2aAEADCrypter, error) {
-	if len(key) != aes128GcmKeySize && len(key) != aes256GcmKeySize {
-		return nil, fmt.Errorf("%d or %d bytes, given: %d", aes128GcmKeySize, aes256GcmKeySize, len(key))
+func NewAESGCM(key []byte) (S2AAEADCrypter, error) {
+	if len(key) != AES128GCMKeySize && len(key) != AES256GCMKeySize {
+		return nil, fmt.Errorf("%d or %d bytes, given: %d", AES128GCMKeySize, AES256GCMKeySize, len(key))
 	}
 	c, err := aes.NewCipher(key)
 	if err != nil {
@@ -52,19 +52,19 @@ func newAESGCM(key []byte) (s2aAEADCrypter, error) {
 	return &aesgcm{aead: a}, nil
 }
 
-// encrypt is the encryption function. dst can contain bytes at the beginning of
+// Encrypt is the encryption function. dst can contain bytes at the beginning of
 // the ciphertext that will not be encrypted but will be authenticated. If dst
 // has enough capacity to hold these bytes, the ciphertext and the tag, no
 // allocation and copy operations will be performed. dst and plaintext may
 // fully overlap or not at all.
-func (s *aesgcm) encrypt(dst, plaintext, nonce, aad []byte) ([]byte, error) {
+func (s *aesgcm) Encrypt(dst, plaintext, nonce, aad []byte) ([]byte, error) {
 	return encrypt(s.aead, dst, plaintext, nonce, aad)
 }
 
-func (s *aesgcm) decrypt(dst, ciphertext, nonce, aad []byte) ([]byte, error) {
+func (s *aesgcm) Decrypt(dst, ciphertext, nonce, aad []byte) ([]byte, error) {
 	return decrypt(s.aead, dst, ciphertext, nonce, aad)
 }
 
-func (s *aesgcm) tagSize() int {
-	return tagSize
+func (s *aesgcm) TagSize() int {
+	return TagSize
 }

security/s2a/internal/crypter/aesgcm_test.go → security/s2a/internal/record/internal/aeadcrypter/aesgcm_test.go

@@ -16,24 +16,24 @@
  *
  */
 
-package crypter
+package aeadcrypter
 
 import (
 	"fmt"
 	"testing"
 
-	"google.golang.org/grpc/security/s2a/internal/crypter/testutil"
+	"google.golang.org/grpc/security/s2a/internal/record/internal/aeadcrypter/testutil"
 )
 
 // getGCMCryptoPair outputs a sender/receiver pair on AES-GCM.
-func getGCMCryptoPair(key []byte, t *testing.T) (s2aAEADCrypter, s2aAEADCrypter) {
-	sender, err := newAESGCM(key)
+func getGCMCryptoPair(key []byte, t *testing.T) (S2AAEADCrypter, S2AAEADCrypter) {
+	sender, err := NewAESGCM(key)
 	if err != nil {
-		t.Fatalf("newAESGCM(ClientSide, key) = %v", err)
+		t.Fatalf("NewAESGCM(ClientSide, key) = %v", err)
 	}
-	receiver, err := newAESGCM(key)
+	receiver, err := NewAESGCM(key)
 	if err != nil {
-		t.Fatalf("newAESGCM(ServerSide, key) = %v", err)
+		t.Fatalf("NewAESGCM(ServerSide, key) = %v", err)
 	}
 	return sender, receiver
 }
@@ -47,46 +47,46 @@ func wycheProofTestVectorFilter(testGroup testutil.TestGroup) bool {
 		testGroup.TagSize != 128
 }
 
-func testGCMEncryptionDecryption(sender s2aAEADCrypter, receiver s2aAEADCrypter, tc *testutil.CryptoTestVector, t *testing.T) {
+func testGCMEncryptionDecryption(sender S2AAEADCrypter, receiver S2AAEADCrypter, tc *testutil.CryptoTestVector, t *testing.T) {
 	// ciphertext is: encrypted text + tag.
 	ciphertext := append(tc.Ciphertext, tc.Tag...)
 
 	// Encrypt.
 	var dst []byte
 	if tc.AllocateDst {
-		dst = make([]byte, len(tc.Plaintext)+sender.tagSize())
+		dst = make([]byte, len(tc.Plaintext)+sender.TagSize())
 	}
-	got, err := sender.encrypt(dst[:0], tc.Plaintext, tc.Nonce, tc.Aad)
+	got, err := sender.Encrypt(dst[:0], tc.Plaintext, tc.Nonce, tc.Aad)
 	if testutil.IsFailure(tc.Result, err, got, ciphertext) {
 		t.Errorf("key=%v\nEncrypt(\n dst = %v\n plaintext = %v\n nonce = %v\n aad = %v\n) = (\n %v\n %v\n), want %v",
 			tc.Key, dst[:0], tc.Plaintext, tc.Nonce, tc.Aad, got, err, ciphertext)
 	}
 
 	// Decrypt.
-	got, err = receiver.decrypt(nil, ciphertext, tc.Nonce, tc.Aad)
+	got, err = receiver.Decrypt(nil, ciphertext, tc.Nonce, tc.Aad)
 	if testutil.IsFailure(tc.Result, err, got, tc.Plaintext) {
 		t.Errorf("key=%v\nDecrypt(\n dst = nil\n ciphertext = %v\n nonce = %v\n aad = %v\n) = (\n %v\n %v\n), want %v",
 			tc.Key, ciphertext, tc.Nonce, tc.Aad, got, err, tc.Plaintext)
 	}
 }
 
-func testGCMEncryptRoundtrip(sender s2aAEADCrypter, receiver s2aAEADCrypter, t *testing.T) {
+func testGCMEncryptRoundtrip(sender S2AAEADCrypter, receiver S2AAEADCrypter, t *testing.T) {
 	// Construct a dummy nonce.
-	nonce := make([]byte, nonceSize)
+	nonce := make([]byte, NonceSize)
 
 	// Encrypt.
 	const plaintext = "This is plaintext."
 	var err error
 	// Reuse `buf` as both the input and output buffer. This is required to test
 	// the case where the input and output buffers fully overlap.
 	buf := []byte(plaintext)
-	ciphertext, err := sender.encrypt(buf[:0], buf, nonce, nil)
+	ciphertext, err := sender.Encrypt(buf[:0], buf, nonce, nil)
 	if err != nil {
 		t.Fatalf("Encrypt(%v, %v, %v, nil) failed: %v", buf[:0], buf, nonce, err)
 	}
 
 	// Decrypt first message.
-	decryptedPlaintext, err := receiver.decrypt(ciphertext[:0], ciphertext, nonce, nil)
+	decryptedPlaintext, err := receiver.Decrypt(ciphertext[:0], ciphertext, nonce, nil)
 	if err != nil {
 		t.Fatalf("Decrypt(%v, %v, %v, nil) failed: %v", ciphertext[:0], ciphertext, nonce, err)
 	}
@@ -99,14 +99,14 @@ func testGCMEncryptRoundtrip(sender s2aAEADCrypter, receiver s2aAEADCrypter, t *
 func TestAESGCMInvalidKeySize(t *testing.T) {
 	// Use 17 bytes, which is invalid
 	key := make([]byte, 17)
-	if _, err := newAESGCM(key); err == nil {
+	if _, err := NewAESGCM(key); err == nil {
 		t.Error("expected an error when using invalid key size")
 	}
 }
 
 // Test encrypt and decrypt on roundtrip messages for AES-GCM.
 func TestAESGCMEncryptRoundtrip(t *testing.T) {
-	for _, keySize := range []int{aes128GcmKeySize, aes256GcmKeySize} {
+	for _, keySize := range []int{AES128GCMKeySize, AES256GCMKeySize} {
 		t.Run(fmt.Sprintf("keySize=%d", keySize), func(t *testing.T) {
 			key := make([]byte, keySize)
 			sender, receiver := getGCMCryptoPair(key, t)

security/s2a/internal/crypter/chachapoly.go → security/s2a/internal/record/internal/aeadcrypter/chachapoly.go

@@ -16,7 +16,7 @@
  *
  */
 
-package crypter
+package aeadcrypter
 
 import (
 	"crypto/cipher"
@@ -27,19 +27,20 @@ import (
 
 // Supported key size in bytes.
 const (
-	chacha20Poly1305KeySize = 32
+	Chacha20Poly1305KeySize = 32
 )
 
-// chachapoly is the struct that holds a CHACHA-POLY cipher for the S2A AEAD crypter.
+// chachapoly is the struct that holds a CHACHA-POLY cipher for the S2A AEAD
+// crypter.
 type chachapoly struct {
 	aead cipher.AEAD
 }
 
-// newChachaPoly creates a Chacha-Poly crypter instance. Note that the key must be
-// chacha20Poly1305KeySize bytes in length.
-func newChachaPoly(key []byte) (s2aAEADCrypter, error) {
-	if len(key) != chacha20Poly1305KeySize {
-		return nil, fmt.Errorf("%d bytes, given: %d", chacha20Poly1305KeySize, len(key))
+// NewChachaPoly creates a Chacha-Poly crypter instance. Note that the key must
+// be Chacha20Poly1305KeySize bytes in length.
+func NewChachaPoly(key []byte) (S2AAEADCrypter, error) {
+	if len(key) != Chacha20Poly1305KeySize {
+		return nil, fmt.Errorf("%d bytes, given: %d", Chacha20Poly1305KeySize, len(key))
 	}
 	c, err := chacha20poly1305.New(key)
 	if err != nil {
@@ -48,19 +49,19 @@ func newChachaPoly(key []byte) (s2aAEADCrypter, error) {
 	return &chachapoly{aead: c}, nil
 }
 
-// encrypt is the encryption function. dst can contain bytes at the beginning of
+// Encrypt is the encryption function. dst can contain bytes at the beginning of
 // the ciphertext that will not be encrypted but will be authenticated. If dst
 // has enough capacity to hold these bytes, the ciphertext and the tag, no
 // allocation and copy operations will be performed. dst and plaintext may
 // fully overlap or not at all.
-func (s *chachapoly) encrypt(dst, plaintext, nonce, aad []byte) ([]byte, error) {
+func (s *chachapoly) Encrypt(dst, plaintext, nonce, aad []byte) ([]byte, error) {
 	return encrypt(s.aead, dst, plaintext, nonce, aad)
 }
 
-func (s *chachapoly) decrypt(dst, ciphertext, nonce, aad []byte) ([]byte, error) {
+func (s *chachapoly) Decrypt(dst, ciphertext, nonce, aad []byte) ([]byte, error) {
 	return decrypt(s.aead, dst, ciphertext, nonce, aad)
 }
 
-func (s *chachapoly) tagSize() int {
-	return tagSize
+func (s *chachapoly) TagSize() int {
+	return TagSize
 }