Documentation
¶
Overview ¶
Package stdtemporalcodectest provides test doubles for the stdtemporalcodec package.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type FakeKMS ¶
type FakeKMS struct {
// MasterKey is the symmetric secret used to derive wrapped data keys.
// A random value is used if left empty.
MasterKey []byte
// GenerateCalls and DecryptCalls count the number of times each method
// was invoked. Useful for assertions in tests.
GenerateCalls atomic.Int64
DecryptCalls atomic.Int64
// FailNextGenerateDataKey causes the next GenerateDataKey call to fail
// with the given error and then reset to nil.
FailNextGenerateDataKey error
// FailNextDecrypt causes the next Decrypt call to fail with the given
// error and then reset to nil.
FailNextDecrypt error
// contains filtered or unexported fields
}
FakeKMS is an in-memory KMS implementation suitable for tests. It models envelope encryption with EncryptionContext binding: data keys encrypted with a given context can only be decrypted by providing the same context.
It is safe for concurrent use.
func NewFakeKMS ¶
func NewFakeKMS() *FakeKMS
NewFakeKMS returns a FakeKMS with a randomly generated master key.
func (*FakeKMS) Decrypt ¶
func (f *FakeKMS) Decrypt( _ context.Context, input *kms.DecryptInput, _ ...func(*kms.Options), ) (*kms.DecryptOutput, error)
Decrypt returns the plaintext data key, validating the encryption context.
func (*FakeKMS) GenerateDataKey ¶
func (f *FakeKMS) GenerateDataKey( _ context.Context, input *kms.GenerateDataKeyInput, _ ...func(*kms.Options), ) (*kms.GenerateDataKeyOutput, error)
GenerateDataKey returns a 32-byte data key whose ciphertext blob encodes the encryption context and the plaintext key, authenticated with the master key.
Blob layout:
| 8 byte seq | 1 byte ctxLen | ctx | 32 byte plaintext | 32 byte hmac |
The HMAC covers seq||ctx||plaintext using the master key. Decrypt verifies the HMAC and the provided context.
Source Files