Rename misleading vars

quite · Dec 18, 2023 · 4705764 · 4705764
1 parent 888734d
commit 4705764
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -117,7 +117,8 @@ in-depth explanation.
 
 Recipients for identities based in TKey have the same format as
 recipients for identities generated by the native `age-keygen`. This
-ought to be because TKey also use native X25519 keys.
+ought to be because TKey also use native X25519 keys (which is also
+why we only needed to implement Unwrap of a "file key", not Wrap).
 
 The consequence is that when you are decrypting using a TKey identity
 (`-i`) and the data is encrypted for multiple recipients, then an

diff --git a/cmd/age-plugin-tkey/runidentity.go b/cmd/age-plugin-tkey/runidentity.go
@@ -72,25 +72,25 @@ func runIdentity() error {
  if err != nil {
  return fmt.Errorf("bad recipient-stanza file_index: %w", err)
  }
- recipientType, recipientPubKeyStr := s.args[1], s.args[2]
- if recipientType != "X25519" {
- le.Printf("recipient skipped: type is %s, expected X25519\n", recipientType)
+ typ, pubKeyStr := s.args[1], s.args[2]
+ if typ != "X25519" {
+ le.Printf("recipient skipped: type is %s, expected X25519\n", typ)
  continue
  }
 
  // gentle reminder: this pubkey is the ephemeral session
- // key, not sender's identity
- recipientPubKey, err := DecodeString(recipientPubKeyStr)
+ // key, not recipient pubkey for sender's identity
+ pubKey, err := DecodeString(pubKeyStr)
  if err != nil {
- return fmt.Errorf("decode recipientPubKey failed: %w", err)
+ return fmt.Errorf("decode pubkey failed: %w", err)
  }
- if len(recipientPubKey) != curve25519.PointSize {
- return fmt.Errorf("recipientPubKey has wrong length")
+ if len(pubKey) != curve25519.PointSize {
+ return fmt.Errorf("pubkey has wrong length")
  }
 
  recipients = append(recipients, &recipient{
  fileIndex: fileIndex,
- pubKey: recipientPubKey,
+ pubKey: pubKey,
  wrappedFileKey: s.data,
  })
  }

diff --git a/internal/identity/identity.go b/internal/identity/identity.go
@@ -97,14 +97,14 @@ func (id *Identity) EncodeRecipient() (string, error) {
  return recipientStr, nil
 }
 
-func (id *Identity) Unwrap(recipientPubKey []byte, wrappedFileKey []byte) ([]byte, error) {
- sharedSecret, err := tkey.DoECDH(id.userSecret, id.requireTouch, recipientPubKey)
+func (id *Identity) Unwrap(pubKey []byte, wrappedFileKey []byte) ([]byte, error) {
+ sharedSecret, err := tkey.DoECDH(id.userSecret, id.requireTouch, pubKey)
  if err != nil {
  return nil, err
  }
 
- salt := make([]byte, 0, len(recipientPubKey)+len(id.pubKey))
- salt = append(salt, recipientPubKey...)
+ salt := make([]byte, 0, len(pubKey)+len(id.pubKey))
+ salt = append(salt, pubKey...)
  salt = append(salt, id.pubKey...)
 
  h := hkdf.New(sha256.New, sharedSecret, salt, []byte(x25519Label))