diff --git a/transport/tlscommon/config.go b/transport/tlscommon/config.go index ad0f8db..de1c06d 100644 --- a/transport/tlscommon/config.go +++ b/transport/tlscommon/config.go @@ -32,7 +32,7 @@ type Config struct { CipherSuites []CipherSuite `config:"cipher_suites" yaml:"cipher_suites,omitempty"` CAs []string `config:"certificate_authorities" yaml:"certificate_authorities,omitempty"` Certificate CertificateConfig `config:",inline" yaml:",inline"` - CurveTypes []tlsCurveType `config:"curve_types" yaml:"curve_types,omitempty"` + CurveTypes []TLSCurveType `config:"curve_types" yaml:"curve_types,omitempty"` Renegotiation TLSRenegotiationSupport `config:"renegotiation" yaml:"renegotiation"` CASha256 []string `config:"ca_sha256" yaml:"ca_sha256,omitempty"` CATrustedFingerprint string `config:"ca_trusted_fingerprint" yaml:"ca_trusted_fingerprint,omitempty"` diff --git a/transport/tlscommon/server_config.go b/transport/tlscommon/server_config.go index 65bd08f..66d03ba 100644 --- a/transport/tlscommon/server_config.go +++ b/transport/tlscommon/server_config.go @@ -34,7 +34,7 @@ type ServerConfig struct { CipherSuites []CipherSuite `config:"cipher_suites" yaml:"cipher_suites,omitempty"` CAs []string `config:"certificate_authorities" yaml:"certificate_authorities,omitempty"` Certificate CertificateConfig `config:",inline" yaml:",inline"` - CurveTypes []tlsCurveType `config:"curve_types" yaml:"curve_types,omitempty"` + CurveTypes []TLSCurveType `config:"curve_types" yaml:"curve_types,omitempty"` ClientAuth *TLSClientAuth `config:"client_authentication" yaml:"client_authentication,omitempty"` //`none`, `optional` or `required` CASha256 []string `config:"ca_sha256" yaml:"ca_sha256,omitempty"` } diff --git a/transport/tlscommon/types.go b/transport/tlscommon/types.go index 02c4bc8..5d4530e 100644 --- a/transport/tlscommon/types.go +++ b/transport/tlscommon/types.go @@ -96,12 +96,13 @@ func init() { } } -var supportedCurveTypes = make(map[tlsCurveType]string, len(tlsCurveTypes)) -var tlsCurveTypes = map[string]tlsCurveType{ - "P-256": tlsCurveType(tls.CurveP256), - "P-384": tlsCurveType(tls.CurveP384), - "P-521": tlsCurveType(tls.CurveP521), - "X25519": tlsCurveType(tls.X25519), +var supportedCurveTypes = make(map[TLSCurveType]string, len(tlsCurveTypes)) +var tlsCurveTypes = map[string]TLSCurveType{ + "P-256": TLSCurveType(tls.CurveP256), + "P-384": TLSCurveType(tls.CurveP384), + "P-521": TLSCurveType(tls.CurveP521), + "X25519": TLSCurveType(tls.X25519), + "X25519MLKEM768": TLSCurveType(tls.X25519MLKEM768), } var tlsRenegotiationSupportTypes = map[string]TLSRenegotiationSupport{ @@ -180,9 +181,9 @@ func (m *TLSVerificationMode) Unpack(in interface{}) error { } *m = mode case int64: - *m = TLSVerificationMode(o) + *m = TLSVerificationMode(o) //nolint:gosec // o is much smaller than max uint8 case uint64: - *m = TLSVerificationMode(o) + *m = TLSVerificationMode(o) //nolint:gosec // o is much smaller than max uint8 default: return fmt.Errorf("verification mode is an unknown type: %T", o) } @@ -228,7 +229,7 @@ func (m *TLSClientAuth) Unpack(in interface{}) error { *m = mode case uint64: - *m = TLSClientAuth(o) + *m = TLSClientAuth(o) //nolint:gosec // o is much smaller than max int case int64: // underlying type is int so we need both uint64 and int64 as options for TLSClientAuth *m = TLSClientAuth(o) default: @@ -249,9 +250,9 @@ func (cs *CipherSuite) Unpack(i interface{}) error { *cs = suite case int64: - *cs = CipherSuite(o) + *cs = CipherSuite(o) //nolint:gosec // o is much smaller than max uint16 case uint64: - *cs = CipherSuite(o) + *cs = CipherSuite(o) //nolint:gosec // o is much smaller than max uint16 default: return fmt.Errorf("cipher suite is an unknown type: %T", o) } @@ -272,9 +273,9 @@ func (cs CipherSuite) String() string { return unknownType } -type tlsCurveType tls.CurveID +type TLSCurveType tls.CurveID -func (ct *tlsCurveType) Unpack(i interface{}) error { +func (ct *TLSCurveType) Unpack(i interface{}) error { switch o := i.(type) { case string: t, found := tlsCurveTypes[o] @@ -284,16 +285,16 @@ func (ct *tlsCurveType) Unpack(i interface{}) error { *ct = t case int64: - *ct = tlsCurveType(o) + *ct = TLSCurveType(o) //nolint:gosec // o is much smaller than max uint16 case uint64: - *ct = tlsCurveType(o) + *ct = TLSCurveType(o) //nolint:gosec // o is much smaller than max uint16 default: return fmt.Errorf("tls curve type is an unsupported input type: %T", o) } return nil } -func (ct *tlsCurveType) Validate() error { +func (ct *TLSCurveType) Validate() error { if _, ok := supportedCurveTypes[*ct]; !ok { return fmt.Errorf("unsupported curve type: %s", tls.CurveID(*ct).String()) } @@ -321,7 +322,7 @@ func (r *TLSRenegotiationSupport) Unpack(i interface{}) error { case int64: *r = TLSRenegotiationSupport(o) case uint64: - *r = TLSRenegotiationSupport(o) + *r = TLSRenegotiationSupport(o) //nolint:gosec // o is much smaller than max int default: return fmt.Errorf("tls renegotation support is an unknown type: %T", o) } diff --git a/transport/tlscommon/types_test.go b/transport/tlscommon/types_test.go index 451e362..79ef05a 100644 --- a/transport/tlscommon/types_test.go +++ b/transport/tlscommon/types_test.go @@ -462,7 +462,7 @@ func Test_tlsCurveType_Unpack(t *testing.T) { name string hasErr bool in interface{} - exp tlsCurveType + exp TLSCurveType }{{ name: "unknown string", hasErr: true, @@ -471,17 +471,17 @@ func Test_tlsCurveType_Unpack(t *testing.T) { name: "string", hasErr: false, in: "P-256", - exp: tlsCurveType(tls.CurveP256), + exp: TLSCurveType(tls.CurveP256), }, { name: "int64", hasErr: false, in: int64(23), - exp: tlsCurveType(tls.CurveP256), + exp: TLSCurveType(tls.CurveP256), }, { name: "uint64", hasErr: false, in: uint64(23), - exp: tlsCurveType(tls.CurveP256), + exp: TLSCurveType(tls.CurveP256), }, { name: "unknown type", hasErr: true, @@ -489,7 +489,7 @@ func Test_tlsCurveType_Unpack(t *testing.T) { }} for _, tc := range tests { t.Run(tc.name, func(t *testing.T) { - v := new(tlsCurveType) + v := new(TLSCurveType) err := v.Unpack(tc.in) if tc.hasErr { assert.Error(t, err)