~wip

taoensso · Oct 16, 2023 · 68072a7 · 68072a7
1 parent 9cfe765
commit 68072a7
Show file tree

Hide file tree

Showing 6 changed files with 70 additions and 71 deletions.
diff --git a/src/taoensso/tempel.clj b/src/taoensso/tempel.clj
@@ -26,13 +26,12 @@
 
 (comment
   (remove-ns 'taoensso.tempel)
-  (:public (enc/interns-overview)))
+  (:api (enc/interns-overview)))
 
 (enc/assert-min-encore-version [3 68 0])
 
 ;;;; TODO
-;; - Confirm: would 512-bit (64 byte) keys be possible?
-;; - Move bytes API to encore? (For use by Carmine, Nippy, etc.)
+;; - Move bytes API + tests to encore? (For use by Carmine, Nippy, etc.)
 ;; - General review: API, impln, tests
 ;; - Initial README and Wiki content (see sketch IMPORT_DOCS.md)
 ;; - Extra (generative?) tests?
@@ -123,7 +122,7 @@
 ;;;; Config
 
 (enc/defonce default-keypair-creator_
-  "Default stateful KeyPair generator with options:
+  "Default stateful `KeyPair` generator with options:
   {:buffer-len 16, :n-threads [:perc 10]}"
   (delay (impl/keypair-creator {:buffer-len 16, :n-threads [:perc 10]})))
 
@@ -169,7 +168,7 @@
 
     `:hash-algo` ∈ #{:md5 :sha-1 *:sha-256 :sha-512}
       Hash algorithm used for internal HMACs, etc.
-      Default: `:sha-256`, and there's usually no good reason to change this.
+      Default: `:sha-256`, there's usually no good reason to change this.
 
     `:pbkdf-algo` ∈ #{*:scrypt-r8p1-v1 :pbkdf2-hmac-sha-256-v1}
       Algorithm to use for password-based key stretching.
@@ -244,7 +243,7 @@
 
   default-config)
 
-(defn get-config "Implementation detail" [opts] (conj (or *config* {}) opts))
+(defn ^:no-doc get-config "Implementation detail" [opts] (enc/fast-merge *config* opts))
 (comment (get-config {}))
 
 ;;;; Public data
@@ -341,8 +340,8 @@
             :ba-aad ?ba-aad))
 
         (enc/unexpected-arg! env-kid
-          :expected :envelope-with-public-data
-          :context  `public-data)))))
+          {:expected :envelope-with-public-data
+           :context  `public-data})))))
 
 (defn- public-data-test
   [ba-tempel-output]
@@ -369,8 +368,8 @@
       :cnt (bytes/utf8-?ba->str ?ba-cnt))
 
     (enc/unexpected-arg! return-kind
-      :expected #{:ba-content :ba-aad :as-map}
-      :context  context)))
+      {:expected #{:ba-content :ba-aad :as-map}
+       :context  context})))
 
 (defn encrypt-with-password
   "Uses a symmetric cipher to encrypt the given byte[] content and return
@@ -758,10 +757,10 @@
           (return-val env-kid return ba-cnt nil))
 
         (enc/unexpected-arg! env-kid
-          :context `decrypt-with-1-keypair
-          :expected
-          {:encrypted-with-1-keypair-hybrid-v1
-           :encrypted-with-1-keypair-simple-v1})))))
+          {:context `decrypt-with-1-keypair
+           :expected
+           #{:encrypted-with-1-keypair-hybrid-v1
+             :encrypted-with-1-keypair-simple-v1}})))))
 
 (comment
   (let [kc     (keychain)

diff --git a/src/taoensso/tempel/bytes.clj b/src/taoensso/tempel/bytes.clj
@@ -15,7 +15,7 @@
 
 (comment
   (remove-ns 'taoensso.tempel.bytes)
-  (:public (enc/interns-overview)))
+  (:api (enc/interns-overview)))
 
 ;;;; Aliases
 
@@ -205,8 +205,8 @@
      (seqable? x) (byte-array   x)
      :else
      (enc/unexpected-arg! x
-       :context  `as-ba
-       :expected '#{byte-array string char-array int seqable}))))
+       {:context  `as-ba
+        :expected '#{byte-array string char-array int seqable}}))))
 
 (comment (vec (as-ba 16 "hello")))
 
@@ -238,8 +238,8 @@
     (bytes?  x) (.toCharArray ^String (utf8-ba->str x))
     :else
     (enc/unexpected-arg! x
-      :context  `as-ca
-      :expected '#{char-array string byte-array})))
+      {:context  `as-ca
+       :expected '#{char-array string byte-array}})))
 
 ;;;; Byte streams
 

diff --git a/src/taoensso/tempel/df.clj b/src/taoensso/tempel/df.clj
@@ -12,7 +12,7 @@
 
 (comment
   (remove-ns 'taoensso.tempel.df)
-  (:public (enc/interns-overview)))
+  (:api (enc/interns-overview)))
 
 ;;;; IDs
 ;; - `kid` => keyword id, used to uniquely identify some algo/kit/etc.

diff --git a/src/taoensso/tempel/impl.clj b/src/taoensso/tempel/impl.clj
@@ -15,7 +15,7 @@
 
 (comment
   (remove-ns 'taoensso.tempel.impl)
-  (:public (enc/interns-overview)))
+  (:api (enc/interns-overview)))
 
 ;;;; IDs
 ;;
@@ -130,8 +130,8 @@
       :sha-256 @md-sha-256_
       :sha-512 @md-sha-512_
       (enc/unexpected-arg! hash-algo
-        :expected #{:md5 :sha-1 :sha-256 :sha-512}
-        :context  `as-message-digest))))
+        {:expected #{:md5 :sha-1 :sha-256 :sha-512}
+         :context  `as-message-digest}))))
 
 (let [ba0 (byte-array 0)]
   (defn hash-ba-concat
@@ -191,8 +191,8 @@
       :sha-256 @hmac-sha-256_
       :sha-512 @hmac-sha-512_
       (enc/unexpected-arg! hash-algo
-        :expected #{:md5 :sha-1 :sha-256 :sha-512}
-        :context  `as-hmac))))
+        {:expected #{:md5 :sha-1 :sha-256 :sha-512}
+         :context  `as-hmac}))))
 
 (defn hmac
   "Returns HMAC of given byte[] secret and byte[] ?content.
@@ -236,8 +236,8 @@
       :aes-gcm @cipher-aes-gcm_
       :aes-cbc @cipher-aes-cbc_
       (enc/unexpected-arg! sym-cipher-algo
-        :expected #{:aes-gcm :aes-cbc}
-        :context  `as-symmetric-cipher))))
+        {:expected #{:aes-gcm :aes-cbc}
+         :context  `as-symmetric-cipher}))))
 
 (defprotocol ISymmetricCipherKit
   "Private protocol, lowest level symmetric API. Zero enveloping."
@@ -345,23 +345,23 @@
         :aes-cbc-256-v1-deprecated sck-aes-cbc-256-v1-deprecated
 
         (enc/unexpected-arg! sym-cipher-algo
-          :expected expected
-          :context  `as-symmetric-cipher-kit))
+          {:expected expected
+           :context  `as-symmetric-cipher-kit}))
 
       (enc/satisfies! ISymmetricCipherKit sym-cipher-algo
-        :expected expected
-        :context  `as-symmetric-cipher-kit))))
+        {:expected expected
+         :context  `as-symmetric-cipher-kit}))))
 
 ;;;; Asymmetric crypto
 
 (defn- key-algo-unknown! [x context]
   (enc/unexpected-arg! x
-    :context context
-    :expected
-    #{:symmetric
-      :rsa :rsa-<nbits>
-      :dh  :dh-<nbits>
-      :ec  :ec-<curve>}))
+    {:context context
+     :expected
+     #{:symmetric
+       :rsa :rsa-<nbits>
+       :dh  :dh-<nbits>
+       :ec  :ec-<curve>}}))
 
 (defn key-algo-info
   "Returns ?{:keys [kf-algo ka-algo sig-algo cipher-algo, asymmetric? symmetric? wild?]}.
@@ -465,7 +465,7 @@
         :ec-secp521r1 (.initialize kpg (java.security.spec.ECGenParameterSpec. "secp521r1") sr) ; NIST-P-521
 
         (enc/unexpected-arg! algo-params
-          :expected #{:ec-secp256-r1}))
+          {:expected #{:ec-secp256-r1}}))
 
       :else
       (.initialize kpg ^java.security.spec.AlgorithmParameterSpec algo-params sr))
@@ -501,8 +501,8 @@
       :ec-secp521r1 (kpg-get "EC" :ec-secp521r1)
 
       (enc/unexpected-arg! key-algo
-        :expected #{:rsa-<nbits> :dh-<nbits> :ec-<curve>}
-        :context  `as-keypair-generator))))
+        {:expected #{:rsa-<nbits> :dh-<nbits> :ec-<curve>}
+         :context  `as-keypair-generator}))))
 
 (defn ^:public keypair-create
   "Generates and returns a new `java.security.KeyPair` for given
@@ -703,8 +703,8 @@
       (:ec :ec-secp256r1 :ec-secp384r1 :ec-secp521r1) @kf-ec_
 
       (enc/unexpected-arg! key-algo
-        :expected #{:rsa :rsa-<nbits> :dh :dh-<nbits> :ec :ec-<curve>}
-        :context  `as-key-factory))))
+        {:expected #{:rsa :rsa-<nbits> :dh :dh-<nbits> :ec :ec-<curve>}
+         :context  `as-key-factory}))))
 
 (let [decode-prv (fn [^java.security.KeyFactory kf ba-prv] (.generatePrivate kf (java.security.spec.PKCS8EncodedKeySpec. ba-prv)))
       decode-pub (fn [^java.security.KeyFactory kf ba-pub] (.generatePublic  kf (java.security.spec.X509EncodedKeySpec.  ba-pub)))]
@@ -806,8 +806,8 @@
     (case asym-cipher-algo
       :rsa-oaep-sha-256-mgf1 @cipher-rsa-oaep-sha-256-mgf1_
       (enc/unexpected-arg! asym-cipher-algo
-        :expected #{:rsa-oaep-sha-256-mgf1}
-        :context  `as-asymmetric-cipher))))
+        {:expected #{:rsa-oaep-sha-256-mgf1}
+         :context  `as-asymmetric-cipher}))))
 
 (defn encrypt-asymmetric
   "Takes `asym-cipher-algo` ∈ #{:rsa-oaep-sha-256-mgf1}.
@@ -856,8 +856,8 @@
       :dh   @ka-dh_
       :ecdh @ka-ecdh_
       (enc/unexpected-arg! ka-algo
-        :expected #{:dh :ecdh}
-        :context  `as-key-agreement))))
+        {:expected #{:dh :ecdh}
+         :context  `as-key-agreement}))))
 
 (defn key-shared-create
   "Returns the shared key generated by the given key agreement
@@ -894,8 +894,8 @@
       :sha-256-ecdsa @sig-sha-256-ecdsa_
       :sha-512-ecdsa @sig-sha-512-ecdsa_
       (enc/unexpected-arg! sig-algo
-        :expected #{:sha-<nbits>-rsa :sha-<nbits>-ecdsa}
-        :context  `as-signature))))
+        {:expected #{:sha-<nbits>-rsa :sha-<nbits>-ecdsa}
+         :context  `as-signature}))))
 
 (defn signature-create
   "Returns the signature created by signing the given content with the

diff --git a/src/taoensso/tempel/keys.clj b/src/taoensso/tempel/keys.clj
@@ -10,7 +10,7 @@
 
 (comment
   (remove-ns 'taoensso.tempel.keys)
-  (:public (enc/interns-overview)))
+  (:api (enc/interns-overview)))
 
 (enc/declare-remote
   taoensso.tempel/get-config
@@ -41,7 +41,7 @@
         :sym {:key-type :sym, :key-algo key-algo, :symmetric?  true,                 :key-sym key-cnt}
         :prv {:key-type :prv, :key-algo key-algo, :asymmetric? true, :private? true, :key-prv key-cnt}
         :pub {:key-type :pub, :key-algo key-algo, :asymmetric? true, :public?  true, :key-pub key-cnt}
-        (enc/unexpected-arg! key-type :expected #{:sym :pub :prv}))
+        (enc/unexpected-arg! key-type {:expected #{:sym :pub :prv}}))
 
       (enc/assoc-some {:key-cnt key-cnt} :key-id ?key-id))))
 
@@ -115,8 +115,8 @@
 
           :else (fail! (ex-info "Unexpected `ChainKey` :key-sym type" {:expected 'bytes, :actual (type x-key)})))
         (enc/unexpected-arg! key-type
-          :expected #{:prv :pub :sym}
-          :context  `-chainkey)))))
+          {:expected #{:prv :pub :sym}
+           :context  `-chainkey})))))
 
 (comment
   [(-chainkey :sym :symmetric nil nil (impl/rand-ba 32))
@@ -256,8 +256,8 @@
         :key-id @auto-key-id_)
 
       (enc/unexpected-arg! return
-        :expected #{:keychain :as-map}
-        :context  `keychain-add-symmetric-key))))
+        {:expected #{:keychain :as-map}
+         :context  `keychain-add-symmetric-key}))))
 
 (comment (keychain-add-symmetric-key (keychain) :random {:return :as-map}))
 
@@ -320,8 +320,8 @@
         :key-id @auto-key-id_)
 
       (enc/unexpected-arg! return
-        :expected #{:keychain :as-map}
-        :context  `keychain-add-asymmetric-keypair))))
+        {:expected #{:keychain :as-map}
+         :context  `keychain-add-asymmetric-keypair}))))
 
 (comment (keychain-add-asymmetric-keypair (keychain)
            (impl/keypair-create :rsa-1024)))
@@ -547,7 +547,7 @@
                       ))
 
                   (enc/unexpected-arg! mode
-                    :expected #{:ba-kc-prv :ba-kc-pub}))
+                    {:expected #{:ba-kc-prv :ba-kc-pub}}))
 
                 mkc
                 (reduce-kv
@@ -615,7 +615,7 @@
                                       :prv [:key-prv (impl/as-key-prv key-algo nil key-ba)]
                                       :pub [:key-pub (impl/as-key-pub key-algo nil key-ba)]
                                       (enc/unexpected-arg! key-type
-                                        :expected #{:sym :prv :pub}))
+                                        {:expected #{:sym :prv :pub}}))
 
                                     ckey (ChainKey. (have key-type) (have key-algo) nil key-id key-cnt)]
                                 {:key-algo key-algo, :priority priority, key-at ckey}))]
@@ -1056,8 +1056,8 @@
                       :cnt (bytes/utf8-?ba->str ?ba-ucnt))
 
                     (enc/unexpected-arg! return
-                      :expected #{:keychain :ba-content :ba-aad :as-map}
-                      :context  `keychain-decrypt)))))))))))
+                      {:expected #{:keychain :ba-content :ba-aad :as-map}
+                       :context  `keychain-decrypt})))))))))))
 
 (comment (keychain-decrypt (keychain-encrypt (keychain) "pwd") "pwd"))
 

diff --git a/src/taoensso/tempel/pbkdf.clj b/src/taoensso/tempel/pbkdf.clj
@@ -9,7 +9,7 @@
 
 (comment
   (remove-ns 'taoensso.tempel.pbkdf)
-  (:public (enc/interns-overview)))
+  (:api (enc/interns-overview)))
 
 ;; Other options incl.:
 ;;   - HKDF   Ref. <https://github.com/patrickfav/hkdf>,   etc. ; RFC 5869
@@ -62,8 +62,8 @@
     (case algo-skf
       :hmac-sha-256 @skf-pbkdf2-hmac-sha-256_
       (enc/unexpected-arg! algo-skf
-        :expected #{:hmac-sha-256}
-        :context  `as-secret-key-factory-pbkdf2))))
+        {:expected #{:hmac-sha-256}
+         :context  `as-secret-key-factory-pbkdf2}))))
 
 (defn- pbkdf-pbkdf2
   "Password-Based Key Derivation Function as per
@@ -169,12 +169,12 @@
         :pbkdf2-hmac-sha-256-v1 kit-pbkdf2-hmac-sha-256-v1
         :sha-512-v1-deprecated  kit-sha-512-v1-deprecated
         (enc/unexpected-arg! pbkdf-algo
-          :expected expected
-          :context  `as-pbkdf-kit))
+          {:expected expected
+           :context  `as-pbkdf-kit}))
 
       (enc/satisfies! IPBKDFKit pbkdf-algo
-        :expected expected
-        :context  `as-pbkdf-kit))))
+        {:expected expected
+         :context  `as-pbkdf-kit}))))
 
 (comment (as-pbkdf-kit pbkdf-kit-best-available))
 
@@ -326,10 +326,10 @@
               (:ref-5000-msecs :r5000) (get ref-nwfs :r10)
               (:ref-max        :rmax)  rmax
               (enc/unexpected-arg! nwf
-                :context `pbkdf-nwf-parse
-                :expected
-                #{:ref-10-msecs :ref-50-msecs :ref-100-msecs :ref-200-msecs
-                  :ref-500-msecs :ref-1000-msecs :ref-2000-msecs :ref-5000-msecs}))
+                {:context `pbkdf-nwf-parse
+                 :expected
+                 #{:ref-10-msecs :ref-50-msecs :ref-100-msecs :ref-200-msecs
+                   :ref-500-msecs :ref-1000-msecs :ref-2000-msecs :ref-5000-msecs}}))
             nwf))]
 
     (if (or (< nwf ^long rmin) (> nwf ^long rmax))