fix: updates encrypt and decrypt functions and tests

pkg/security/decrypt.go

@@ -12,52 +12,52 @@ import (
 	"github.com/open-amt-cloud-toolkit/go-wsman-messages/v2/pkg/config"
 )
 
-// Decrypt ciphertext using AES-GCM with the provided key.
-func (c Crypto) Decrypt(cipherText string, key []byte) ([]byte, error) {
+// Decrypt cipher text using AES-GCM with the provided key.
+func (c Crypto) Decrypt(cipherText string) (string, error) {
 	data, err := base64.StdEncoding.DecodeString(cipherText)
 	if err != nil {
-		return nil, err
+		return "", err
 	}
 
-	block, err := aes.NewCipher(key)
+	block, err := aes.NewCipher([]byte(c.EncryptionKey))
 	if err != nil {
-		return nil, err
+		return "", err
 	}
 
 	gcm, err := cipher.NewGCM(block)
 	if err != nil {
-		return nil, err
+		return "", err
 	}
 
 	if len(data) < gcm.NonceSize() {
-		return nil, errors.New("cipher text too short")
+		return "", errors.New("cipher text too short")
 	}
 
-	nonce, ciphertext := data[:gcm.NonceSize()], data[gcm.NonceSize():]
+	nonce, cText := data[:gcm.NonceSize()], data[gcm.NonceSize():]
 
-	plainText, err := gcm.Open(nil, nonce, ciphertext, nil)
+	plainText, err := gcm.Open(nil, nonce, cText, nil)
 	if err != nil {
-		return nil, err
+		return "", err
 	}
 
-	return plainText, nil
+	return string(plainText), nil
 }
 
 // Read encrypted data from file and decrypt it.
-func (c Crypto) ReadAndDecryptFile(filePath string, key []byte) (config.Configuration, error) {
+func (c Crypto) ReadAndDecryptFile(filePath string) (config.Configuration, error) {
 	encryptedData, err := os.ReadFile(filePath)
 	if err != nil {
 		return config.Configuration{}, err
 	}
 
-	decryptedData, err := c.Decrypt(string(encryptedData), key)
+	decryptedData, err := c.Decrypt(string(encryptedData))
 	if err != nil {
 		return config.Configuration{}, err
 	}
 
 	var configuration config.Configuration
 
-	err = yaml.Unmarshal(decryptedData, &configuration)
+	err = yaml.Unmarshal([]byte(decryptedData), &configuration)
 	if err != nil {
 		return config.Configuration{}, err
 	}

pkg/security/decrypt_test.go

@@ -15,8 +15,8 @@ import (
 )
 
 var (
-	validKey           = "ThisismyveryStrongkey32byteslong"
-	wrongKey           = "ThisismyveryStrongkey32bytelong!"
+	validKey           = "Jf3Q2nXJ+GZzN1dbVQms0wbB4+i/5PjL"
+	wrongKey           = "Jf3Q2nXJ+GZzN1dbVQms0wbB4+iwrong"
 	shortKey           = "shortKey"
 	missingKey         = ""
 	validMessageText   = "Hello, World!"
@@ -111,31 +111,31 @@ func TestDecrypt(t *testing.T) {
 		key           string
 		expectedError expectedError
 		errorMsg      error
-		expected      []byte
+		expected      string
 	}{
 		{
 			name:          "successful decryption",
 			message:       validMessageText,
 			key:           validKey,
 			expectedError: expectedError{},
 			errorMsg:      nil,
-			expected:      []byte("Hello World"),
+			expected:      "Hello World",
 		},
 		{
 			name:          "fail to decode base64",
 			message:       invalidMessageText,
 			key:           validKey,
 			expectedError: expectedError{Base64Error: true},
 			errorMsg:      base64.CorruptInputError(7),
-			expected:      nil,
+			expected:      "",
 		},
 		{
 			name:          "fail to create new cipher",
 			message:       validMessageText,
 			key:           missingKey,
 			expectedError: expectedError{NewCipherError: true},
 			errorMsg:      aes.KeySizeError(0),
-			expected:      nil,
+			expected:      "",
 		},
 	}
 
@@ -146,26 +146,28 @@ func TestDecrypt(t *testing.T) {
 
 			var err error
 
-			var decryptedString []byte
+			var decryptedString string
 
-			cryptor := Crypto{}
+			cryptor := Crypto{
+				EncryptionKey: tc.key,
+			}
 
 			if tc.expectedError.Base64Error {
-				_, err = cryptor.Decrypt(tc.message, []byte(tc.key))
+				_, err = cryptor.Decrypt(tc.message)
 				assert.Equal(t, tc.errorMsg, err)
 				assert.Equal(t, tc.expected, decryptedString)
 			}
 
 			if tc.expectedError.NewCipherError {
-				encryptedString, _ := cryptor.Encrypt([]byte(tc.message), tc.key)
-				decryptedString, err = cryptor.Decrypt(encryptedString, []byte(tc.key))
+				encryptedString, _ := cryptor.Encrypt(tc.message)
+				decryptedString, err = cryptor.Decrypt(encryptedString)
 				assert.Equal(t, tc.errorMsg, err)
 				assert.Equal(t, tc.expected, decryptedString)
 			}
 
 			if !tc.expectedError.Base64Error && !tc.expectedError.NewCipherError {
-				encryptedString, _ := cryptor.Encrypt([]byte(tc.message), tc.key)
-				decryptedString, err = cryptor.Decrypt(encryptedString, []byte(tc.key))
+				encryptedString, err := cryptor.Encrypt(tc.message)
+				decryptedString, err = cryptor.Decrypt(encryptedString)
 				assert.Equal(t, tc.message, string(decryptedString))
 				assert.NoError(t, err)
 			}
@@ -183,39 +185,39 @@ func TestReadAndDecryptFile(t *testing.T) {
 		key           string
 		expectedError expectedError
 		errorMsg      error
-		expected      []byte
+		expected      string
 	}{
 		{
 			name:          "successful decryption",
 			filePath:      "testing/encryptedConfig.yaml",
 			key:           validKey,
 			expectedError: expectedError{},
 			errorMsg:      nil,
-			expected:      byteArrayConfigFile,
+			expected:      string(byteArrayConfigFile),
 		},
 		{
 			name:          "incorrect key size",
 			filePath:      "testing/encryptedConfig.yaml",
 			key:           shortKey,
 			expectedError: expectedError{InvalidKeySizeError: true},
 			errorMsg:      aes.KeySizeError(8),
-			expected:      []byte("Hello World"),
+			expected:      "",
 		},
 		{
 			name:          "incorrect key",
 			filePath:      "testing/encryptedConfig.yaml",
 			key:           wrongKey,
 			expectedError: expectedError{AuthenticationError: true},
 			errorMsg:      errors.New("cipher: message authentication failed"),
-			expected:      []byte("Hello World"),
+			expected:      "",
 		},
 		{
 			name:          "unable to read file",
 			filePath:      "testing/doesnotexist.yaml",
 			key:           validKey,
 			expectedError: expectedError{FileReadError: true},
 			errorMsg:      &fs.PathError{Op: "open", Path: "testing/doesnotexist.yaml", Err: syscall.ENOENT},
-			expected:      []byte(""),
+			expected:      "",
 		},
 	}
 
@@ -224,11 +226,13 @@ func TestReadAndDecryptFile(t *testing.T) {
 		t.Run(test.name, func(t *testing.T) {
 			t.Parallel()
 
-			cryptor := Crypto{}
-			_, err := cryptor.ReadAndDecryptFile(test.filePath, []byte(test.key))
+			cryptor := Crypto{
+				EncryptionKey: test.key,
+			}
+			_, err := cryptor.ReadAndDecryptFile(test.filePath)
 
 			if !test.expectedError.InvalidKeySizeError && !test.expectedError.AuthenticationError && !test.expectedError.NewCipherError && !test.expectedError.Base64Error && !test.expectedError.FileReadError {
-				decryptedFile, err := cryptor.ReadAndDecryptFile(test.filePath, []byte(test.key))
+				decryptedFile, err := cryptor.ReadAndDecryptFile(test.filePath)
 				assert.Equal(t, expectedConfigFile, decryptedFile)
 				assert.NoError(t, err)
 			} else {

pkg/security/encrypt.go

@@ -9,8 +9,8 @@ import (
 )
 
 // Encrypt encrypts a string.
-func (c Crypto) Encrypt(plainText []byte, key string) (string, error) {
-	block, err := aes.NewCipher([]byte(key))
+func (c Crypto) Encrypt(plainText string) (string, error) {
+	block, err := aes.NewCipher([]byte(c.EncryptionKey))
 	if err != nil {
 		return "", err
 	}
@@ -26,9 +26,9 @@ func (c Crypto) Encrypt(plainText []byte, key string) (string, error) {
 		return "", err
 	}
 
-	ciphertext := gcm.Seal(nonce, nonce, plainText, nil)
+	cipherText := gcm.Seal(nonce, nonce, []byte(plainText), nil)
 
-	return base64.StdEncoding.EncodeToString(ciphertext), nil
+	return base64.StdEncoding.EncodeToString(cipherText), nil
 }
 
 func (c Crypto) GenerateKey() string {

pkg/security/encrypt_test.go

@@ -12,23 +12,23 @@ func TestEncrypt(t *testing.T) {
 
 	tests := []struct {
 		name          string
-		message       []byte
+		message       string
 		key           string
 		expectedError expectedError
 		errorMsg      error
 		expected      interface{}
 	}{
 		{
 			name:          "successful encryption",
-			message:       []byte("test message"),
+			message:       "test message",
 			key:           validKey,
 			expectedError: expectedError{},
 			errorMsg:      nil,
-			expected:      []byte("test message"),
+			expected:      "test message",
 		},
 		{
 			name:          "key too short",
-			message:       []byte("test message"),
+			message:       "test message",
 			key:           shortKey,
 			expectedError: expectedError{InvalidKeySizeError: true},
 			errorMsg:      aes.KeySizeError(8),
@@ -45,19 +45,21 @@ func TestEncrypt(t *testing.T) {
 
 			var encryptedString string
 
-			cryptor := Crypto{}
+			cryptor := Crypto{
+				EncryptionKey: tc.key,
+			}
 
 			if !tc.expectedError.Base64Error && !tc.expectedError.NewCipherError && !tc.expectedError.AuthenticationError && !tc.expectedError.FileReadError && !tc.expectedError.InvalidKeySizeError {
-				encryptedString, err = cryptor.Encrypt(tc.message, tc.key)
+				encryptedString, err = cryptor.Encrypt(string(tc.message))
 				assert.NoError(t, err)
 				assert.NotEmpty(t, encryptedString)
-				decryptedMessage, err := cryptor.Decrypt(encryptedString, []byte(tc.key))
+				decryptedMessage, err := cryptor.Decrypt(encryptedString)
 				assert.NoError(t, err)
 				assert.Equal(t, tc.expected, decryptedMessage)
 			}
 
 			if tc.expectedError.InvalidKeySizeError {
-				_, err = cryptor.Encrypt(tc.message, tc.key)
+				_, err = cryptor.Encrypt(string(tc.message))
 				assert.Equal(t, tc.errorMsg, err)
 				assert.Equal(t, tc.expected, encryptedString)
 			}

pkg/security/testing/encryptedConfig.yaml

@@ -1 +1 @@
-Ka2VC9bYYZwT99o+N+nnKJtC07FbTztJNeO0ARPWi4cjirxwclvOqu2nXqe4S9tQ4GD1nOPUlx4b+4JoUGjDxG44X1PSnGaANwbWYE1DDdOasF8EspbZh5KQcwdlY8Z17LDy/MPJW63+9AOlEeBhZBprRJFqqQVevdC7UDwQ0Xt5UdaJhypbVpnvQK9AEpsK2TD2Iwor8imnWdC3kvDYHF1620YWg8kZmpmq0v3vA+B+sv88LcHh9pdGvnYl2HDA/zmYrZNGZTkfwlSednDUwQhwvlKSSFscr0h2QjzIVHxDOZ5E4d3kceeWWEPbt10nW1NdxTNFvCGOZ+B8cHKrdrnmUdv+2395chL86Ps1zraewMTb5dOqHlocsBt5hIJTfSKlqseUjkRZa0XRdB3aURirflKa9jzPhhqF5I2gZgSMWHUvm1Bj4T+kw72zmDaP1vt/PwrBA3Ss6S+zCfkB9FKo4eVlRBFrZw4mbEcUxi72iWVrgu8L1gYw9AVZLsaK3R8E0yB4qvx9PBHfexZ3IfA0T+dJex7j2LeEddp/Lbn84l/+xcnIX4TxDaWyuT3bxUy7wIKwG/0+Z6g5pS6ilqXWj2mfiho4ov0YbMepFbkGBFnzXZ4aQMjzk4QkzIOvwQxEuWP/xYZ18Lb1RFx5GFJLGToeZJgSn7WqNvB2C/eADzmomZFJwDe2+NcANVFxt+l851lVxmv5dhcXAhnb6MbgwYsYP7Tk5ieuBU9+sli/g2fOIHQOJdz28H9gppFB+HejOiVG7jq/Tp1zUrvvfwzI3r1jinxSpoLChjyKp9wh+HgXY7j5CQOyBCPNXgl8R8+l6Cxvg6nmTTxOu97kkREReGyM3yVZxYxXdEgn0+VYu3CQY16Ur6Y4MnHwQa7+Nr4VT27EFLrJCtG5sq9zRljeeA/BZPtgqYwg7B/KeDI312IjoHeDSFCpf3EG1+y3thUw9mgWAzCF3r9SwWlOuHJUh+tpwPEswfW8Iv7+kR/DPGX6l7EUVCsAt0J4QA6lF9pB2Lx8ewW4ls5W43tmYe//a2oaV6ashVx9oImjXJUPqX2tZBYQxbrYGgwDb5sIE+qIPR41wyalCQjys+6J+Ol37zIrgjnCVtllV60J7APEt1/YrZjA1Xmr02yy2RgRBfl+UILA1yTdlzYzOicXQwEjBfR77BI1JGHk+dZ01m+juyUnc8GFqKpUFMqIxJhBvbyZudziZh5s0L7+xitqvGGJPpB7Y9z2bU+BeHwC2un5VgoUOi1s7mwAjiO1y3c7KTxxd4l0EOooePrWNIOp8Qe1/7S5ThsyETf8NblDGGEcq61uuJFkA/hjo9WOqyP7fLbvw8z8JPU8mhb1B1mETTC5/Wpl5i6Raz6bWjfRy8S5Gn1Aoo3X3U9RBc94AklPRpVmBlHHfjdIg2Rd4C2YrKdaqEOZHKHSsqzBAph9XXDUlRIhd1pgF03hq3ekup2ciO80tlufsctex6KfOCAbth9PY+Iib/bpECJN6kOomJCvVvTd2cghpOs3TrDGnKF8s/QGp2DlBejahy5dIkbXnuxXD7MdXZ+gznZMdiAlTQwfMwQbBKSKkGJZmyKNRIK37I+w3ahSYbS28Q5O+0+iA8yv7+vQupgw4WCvsiYhOinUontiz3o1GgpQD6TM8pPt9LGifRtC9A9I1aydO+bTvGYOfLQfnWoT9s1tr6HE+8KqJdjJ6UnOCsm/Bef+3moiYcZGDJO7rcRXniNobByHDHOVjwBBqI9MUWWKuOyyh22MVeVQZ/41ZJVT21kmUGvWNlBkGmlacj+BfShEBU+HNbPRk30vgpMji0cU6TTmUBpxXi0iPhJVZ6lbxza5VnlluVv78YliCqem6fKUhRJC4ShESLVmIFneYnhIfFPNJfC87MX8N9ZUw7Uy/iHQ8t2Ay2AsDF9hZ5GQTsHtRWNBnM8bGXN8Cnuv07KqZl4jBZnhSVZSKsOI7OCCPbkoa8JQK/XbVQKWVEmHhTXP043lTcmoGzg0HHg2j7+L0HX8dyKTuHNJJSeB2kYubJZT8sKOqwj1/hDT4YoHGJZBfJldCzQhjOHMsr6oVKf2QrQiN3bMF2ZloNcyhN3IrF5h6v8Ys1DJyENIpV2zyBd88EDIT4tY3iDhDbcPLAYl4yB9Ye4s5w80bWrSQu8KJ2n7pzzoYR/SaPFo+CVDRZu60hj7kYuz82sHWepA4a8aA4LAMko=
+bwt4bpq8STTYnMagG6xYtW/HUTSlBk08WMX4YvxhiPqHuPi2hAkIm+bZkxyYA3l0MAEVpXco/qBRNSDBBJVeWocqzQtOkikcyNIcIVncDy1wuglwlReSjo96P18412PWC3hvdj9ckufTCiZkQt279cDXbgaVVO05PhdLRqiEXwPdiiFZIpPqhUpPpDNBDSEDTs+o20zGosr0ju8awc0HSHTf7k9IoqvD1tKlOl8oKqQMmMpJOmuWHDCqflutb1e1R22kau83oLgvCR3sVG+VznoPMNrcl/BUGwQr0SFkEFTNaVqKjI7K7NRRRdZNOncDALIVu8nfEqIcnqI/Nu8nZg3lxX+klC0eVS3rJb3AF0sdpg4EMAQqkKFC+ULPAbQ6PuwJk4Mds+tTc7bjanR/QSZCx4EzcD40DmVwyaUO0g+qAuLLjDBPVW5trgZ5xKdaeBeOqCZnQNu2+oQFDvrWaGzven2U/fVByOoWWyLRLDgknooAfTdRSb/nblsTgkVwqv13Xr2pQUsCoh6vmSCyK3S217F4nMuXG3Xcl/1LjnTTTv7WZdsBXsI+LRW2yI6mjNZLGQAvhcGhX1LulRo/JrMgzEAFKuXGSPlWlOmfIOmkNha6XaxLTJTfiwmakafdatcGJN7smw3sowL6SICLqN+oJvtFHUm78f8RhggJ67yEQs/K8JACTc4qk4eJ+yaL9mso8A8DjN4QKOKpwpEICjeJ7jfy6ev7SHE8CXaxJOyViHGYQdwtv072SXcf9QO3ZmLNekdBk0AfOrPQG2sDmxlfe3ByatYQKt4RK4/zv0HhlHHViTVa8rweJE1b3PuzbSKt4rsexQ97UsaFMKz+gS2fuioqNhyRDyKXy6SQHbQhoPCPGUWozcx+U3feEUQ6lmbbssGGXWufrfc4W4mwJHpyE9qSMfGbwHp2/hM1Z94AIuRXfS30/L28dK+iYnpfXlrXdh+3eK4hyQ9E/g02okRA8Xh11QdQMlZ6fR9oWz+ldCwH6yqBRZKcCnMfmdDHKP/wJ35qc8y1toJJQqaSZtXYFD5OzcklTjd5U5CuD5C5LQKpoqzvlf56ZhIzroxW+KoHjV8vFyS4S6nvQZMYZ3q78t49wd7W5QcqXDEBrZHzRHkrdDJQWNc/xEhL20bJC7A61lZO9+DFlbJH0Or3Zi0fg2ilSG44I7W0UM3E2XyLzlsuJMe64CLjSqvHu6FZUplRa903jPDCSqznlw0kVWMGxfdw18kSaMgzpAB048zN4CdZm7aC3OjVQtAlhk67o8hh93q8hwxgvNiv7c0Ktigi5cAh/Jg90o8Gybq5jhL8RhXn2WpvA62od9l2lkAU9gKWg2w6U0Vsrf1rjZe9HQ/nP8PFUq1KFpDLyfYLDA01qu8xwu5Dfy3HDttGFluZ8H5BaDUfzyJ2EmlmwNKYsgISBN9ii2qNVb6tGRYM13r6BF0ctbTDFWXzabCeNC7+7LS76e/XLJXYob9QhPBffBceRpeEMWZK7lpxJf9MFRX1by8sY7oNnM6HtL9mjGgDvCkIHw2bzivGlQ6hBDIpfwjH6ITEFahm1hF0degk1iw0iXR4NHvCHCMdPGEjw+mgWPYz5vSBQnGbb7icz9mDx4dOXGga5VafdScdSBtBNVrZmTFKwIGdXkq9vEiu6kroa+jsYqUhy0UASMfUHcZYCS3utqCzAqpBIhznc4MLmmAwWl+q6YRXxSE8ox+z03ufZGwqORUZGrwWRkf3S5RtMg1Rgl70ev9Lz55ymhBaMTNKDRpDOO2uOPrAIT7PF1v8Bws7VTKz7WWATB5prWCgNPyJOf40NKKDRJy7guZUexTDqoEJmkaOSEq/YOhfDLHr7QswHnl87pK+Q5oHZdsMIof7SWFELdK3rRb5K/4fIEcPFXfN5LF/hVV/F1M7ZDjLFkpVu6ET/s9QDW6Ir91dCM7mLJYzQgzxs3r2emFAah8gYHOI8XDGx7fUYLBI9C62xYJWS9jUAgtAmA1Xk6ruSJahoxS/k18CmdG5mpa/YaYeD8hgPn9hGJ7X2p0vSwz5DivskEwbtVsDDOWpSEhhORc5QzycuoucvLBRauFstdLmVXcX+hf/+wt4O9kf9lKJHmY6h9MjgJqeX7J20aT0L5P/RkDgLNFv8HbYL968QDrtGkAEuLPXGLUJFHYsWZ6KWF7wSGm8lv6g3u1z/SmvE8xybra5vR2P05n1V9F46FPz6ztPFWQf0VGBRpJtthEHH813tS19r5RlF8b25anvTevbLKECHiU0WMQipfucXtlUqt/3ozsliJf5lRoov88RoFiTz1nk2YgNwRaSYamdlBWZGH9jeRH4AGxgt1YvEjjYIs7SR2ODef+Hgg7W4BzwPJQ4mQDt4L0LMIgGSzXIKt2qchfrnKroivXS3dtljAio/ThL2EekkECrg8jfhGIicQ==

pkg/security/types.go

@@ -7,13 +7,15 @@ import (
 )
 
 type Cryptor interface {
-	Decrypt(cipherText string, key []byte) ([]byte, error)
-	Encrypt(plainText []byte, key string) (string, error)
+	Decrypt(cipherText string) (string, error)
+	Encrypt(plainText string) (string, error)
 	GenerateKey() string
-	ReadAndDecryptFile(filePath string, key []byte) (config.Configuration, error)
+	ReadAndDecryptFile(filePath string) (config.Configuration, error)
 }
 
-type Crypto struct{}
+type Crypto struct {
+	EncryptionKey string
+}
 
 type Storager interface {
 	GetKeyValue(key string) (string, error)