make the algorithm type public API

This commit makes the algorithm type
public API by `algorithm` => `Algorithm`.

The idea behind this change is that calling
code can use the `Algorithm` type e.g. in
method calls or struct definitions.
This makes calling code more expressive - e.g.:
`func Encrypt(alg sio.Algorithm, masterKey []byte, kdf KDF) {...}`

Before this change calling code had to pass around
strings and match whether that string value is equal
to one of the algorithm constants defined by sio.

However, the downside of this change is that calling
code now can use "invalid" algorithms - e.g.:
`var myAlgorithm = sio.Algorithm("foo")`

Therefore, `Algorithm.Stream([]byte)` now also returns
an error when the `Algorithm` value is not one of the
defined constants.

So calling code still cannot create or re-define the
implementation of an algorithm. However, it is possible
to construct invalid `Algorithm` values.

Maybe we want to consider a `ParseAlgorithm` or
`AlgorithmFromString` function in `sioutil` to fail
early when reading the `Algorithm` value from a (untrusted)
config / metadata source.

Author: Andreas Auernhammer

benchmark_test.go

@@ -11,7 +11,7 @@ import (
 )
 
 func BenchmarkEncrypt(b *testing.B) {
-	s, err := AES_128_GCM.New(make([]byte, 16))
+	s, err := AES_128_GCM.Stream(make([]byte, 16))
 	if err != nil {
 		b.Fatalf("Failed to create Stream: %v", err)
 	}
@@ -43,7 +43,7 @@ func BenchmarkEncrypt(b *testing.B) {
 }
 
 func BenchmarkDecrypt(b *testing.B) {
-	s, err := AES_128_GCM.New(make([]byte, 16))
+	s, err := AES_128_GCM.Stream(make([]byte, 16))
 	if err != nil {
 		b.Fatalf("Failed to create Stream: %v", err)
 	}

examples_test.go

@@ -26,7 +26,7 @@ func ExampleNewStream_aES128GCM() {
 	// If you want to convert a passphrase to a key, use a suitable
 	// package like argon2 or scrypt.
 	key, _ := hex.DecodeString("4c4d737f2199f3ccb13d2c81dfe38eb8")
-	stream, err := sio.AES_128_GCM.New(key)
+	stream, err := sio.AES_128_GCM.Stream(key)
 	if err != nil {
 		panic(err) // TODO: error handling
 	}
@@ -68,7 +68,7 @@ func ExampleNewStream_aES256GCM() {
 	// If you want to convert a passphrase to a key, use a suitable
 	// package like argon2 or scrypt.
 	key, _ := hex.DecodeString("5b48c6945ae03a93ecc20e38305d2cbe4a177133d83bf4773f1f3be636e2cc4b")
-	stream, err := sio.AES_256_GCM.New(key)
+	stream, err := sio.AES_256_GCM.Stream(key)
 	if err != nil {
 		panic(err) // TODO: error handling
 	}
@@ -90,7 +90,7 @@ func ExampleNewStream_xChaCha20Poly1305() {
 	// package like argon2 or scrypt - or take a look at the sio/sioutil
 	// package.
 	key, _ := hex.DecodeString("f230e700c4f120b623b84ac26cbcb5ae926f44f36589e63745a46ae0ca47137d")
-	stream, err := sio.XChaCha20Poly1305.New(key)
+	stream, err := sio.XChaCha20Poly1305.Stream(key)
 	if err != nil {
 		panic(err) // TODO: error handling
 	}

helper_test.go

@@ -58,7 +58,7 @@ func loadTestVectors(filename string) []TestVector {
 	}
 
 	var vec []struct {
-		Algorithm      algorithm
+		Algorithm      Algorithm
 		BufSize        int
 		Key            string
 		Nonce          string

reader_test.go

@@ -13,7 +13,7 @@ import (
 
 func TestVectorRead(t *testing.T) {
 	for i, test := range TestVectors {
-		stream, err := test.Algorithm.newWithBufSize(test.Key, test.BufSize)
+		stream, err := test.Algorithm.streamWithBufSize(test.Key, test.BufSize)
 		if err != nil {
 			t.Fatalf("Test %d: Failed to create new Stream: %v", i, err)
 		}
@@ -49,7 +49,7 @@ func TestVectorReadByte(t *testing.T) {
 		ciphertext.Reset()
 		plaintext.Reset()
 
-		stream, err := test.Algorithm.newWithBufSize(test.Key, test.BufSize)
+		stream, err := test.Algorithm.streamWithBufSize(test.Key, test.BufSize)
 		if err != nil {
 			t.Fatalf("Test %d: Failed to create new Stream: %v", i, err)
 		}
@@ -81,7 +81,7 @@ func TestVectorWriteTo(t *testing.T) {
 		ciphertext.Reset()
 		plaintext.Reset()
 
-		stream, err := test.Algorithm.newWithBufSize(test.Key, test.BufSize)
+		stream, err := test.Algorithm.streamWithBufSize(test.Key, test.BufSize)
 		if err != nil {
 			t.Fatalf("Test %d: Failed to create new Stream: %v", i, err)
 		}
@@ -107,7 +107,7 @@ func TestVectorWriteTo(t *testing.T) {
 
 func TestVectorReadAt(t *testing.T) {
 	for i, test := range TestVectors {
-		stream, err := test.Algorithm.newWithBufSize(test.Key, test.BufSize)
+		stream, err := test.Algorithm.streamWithBufSize(test.Key, test.BufSize)
 		if err != nil {
 			t.Fatalf("Test %d: Failed to create new Stream: %v", i, err)
 		}
@@ -131,7 +131,7 @@ func TestVectorReadAtSection(t *testing.T) {
 	for i, test := range TestVectors {
 		plaintext.Reset()
 
-		stream, err := test.Algorithm.newWithBufSize(test.Key, test.BufSize)
+		stream, err := test.Algorithm.streamWithBufSize(test.Key, test.BufSize)
 		if err != nil {
 			t.Fatalf("Test %d: Failed to create new Stream: %v", i, err)
 		}
@@ -150,7 +150,7 @@ func TestVectorReadAtSection(t *testing.T) {
 
 func TestSimpleRead(t *testing.T) {
 	for i, test := range SimpleTests {
-		stream, err := test.Algorithm.newWithBufSize(test.Key, test.BufSize)
+		stream, err := test.Algorithm.streamWithBufSize(test.Key, test.BufSize)
 		if err != nil {
 			t.Fatalf("Test %d: Failed to create new Stream: %v", i, err)
 		}
@@ -182,7 +182,7 @@ func TestSimpleReadByte(t *testing.T) {
 		ciphertext.Reset()
 		plaintext.Reset()
 
-		stream, err := test.Algorithm.newWithBufSize(test.Key, test.BufSize)
+		stream, err := test.Algorithm.streamWithBufSize(test.Key, test.BufSize)
 		if err != nil {
 			t.Fatalf("Test %d: Failed to create new Stream: %v", i, err)
 		}
@@ -211,7 +211,7 @@ func TestSimpleWriteTo(t *testing.T) {
 		ciphertext.Reset()
 		plaintext.Reset()
 
-		stream, err := test.Algorithm.newWithBufSize(test.Key, test.BufSize)
+		stream, err := test.Algorithm.streamWithBufSize(test.Key, test.BufSize)
 		if err != nil {
 			t.Fatalf("Test %d: Failed to create new Stream: %v", i, err)
 		}
@@ -234,7 +234,7 @@ func TestSimpleWriteTo(t *testing.T) {
 
 func TestSimpleReadAt(t *testing.T) {
 	for i, test := range SimpleTests {
-		stream, err := test.Algorithm.newWithBufSize(test.Key, test.BufSize)
+		stream, err := test.Algorithm.streamWithBufSize(test.Key, test.BufSize)
 		if err != nil {
 			t.Fatalf("Test %d: Failed to create new Stream: %v", i, err)
 		}
@@ -266,7 +266,7 @@ func TestSimpleReadAtSection(t *testing.T) {
 		ciphertext.Reset()
 		plaintext.Reset()
 
-		stream, err := test.Algorithm.newWithBufSize(test.Key, test.BufSize)
+		stream, err := test.Algorithm.streamWithBufSize(test.Key, test.BufSize)
 		if err != nil {
 			t.Fatalf("Test %d: Failed to create new Stream: %v", i, err)
 		}

sio.go

@@ -46,35 +46,37 @@ type errorType string
 
 func (e errorType) Error() string { return string(e) }
 
-// The following constants specify concrete AEAD algorithms
-// which can be used to encrypt and decrypt data streams.
-// Therefore, the non-exported type algorithm defines an
-// exported New function that you can call to create a new
-// Stream:
-//   // New returns a new Stream that encrypts and decrypts
-//   // data streams using the given secret key and AEAD
-//   // algorithm.
-//   // The returned Stream uses the default buffer size: BufSize.
-//   func (a algorithm) NewStream(key []byte) (*Stream, error)
+// The constants above specify concrete AEAD algorithms
+// that can be used to encrypt and decrypt data streams.
 //
 // For example, you can create a new Stream using AES-GCM like this:
-//   stream, err := sio.AES_128_GCM.New(key)
+//   stream, err := sio.AES_128_GCM.Stream(key)
 const (
-	AES_128_GCM       algorithm = "AES-128-GCM"        // The secret key must be 16 bytes long. See: https://golang.org/pkg/crypto/cipher/#NewGCM
-	AES_256_GCM       algorithm = "AES-256-GCM"        // The secret key must be 32 bytes long. See: https://golang.org/pkg/crypto/cipher/#NewGCM
-	ChaCha20Poly1305  algorithm = "ChaCha20-Poly1305"  // The secret key must be 32 bytes long. See: https://godoc.org/golang.org/x/crypto/chacha20poly1305#New
-	XChaCha20Poly1305 algorithm = "XChaCha20-Poly1305" // The secret key must be 32 bytes long. See: https://godoc.org/golang.org/x/crypto/chacha20poly1305#NewX
+	AES_128_GCM       Algorithm = "AES-128-GCM"        // The secret key must be 16 bytes long. See: https://golang.org/pkg/crypto/cipher/#NewGCM
+	AES_256_GCM       Algorithm = "AES-256-GCM"        // The secret key must be 32 bytes long. See: https://golang.org/pkg/crypto/cipher/#NewGCM
+	ChaCha20Poly1305  Algorithm = "ChaCha20-Poly1305"  // The secret key must be 32 bytes long. See: https://godoc.org/golang.org/x/crypto/chacha20poly1305#New
+	XChaCha20Poly1305 Algorithm = "XChaCha20-Poly1305" // The secret key must be 32 bytes long. See: https://godoc.org/golang.org/x/crypto/chacha20poly1305#NewX
 )
 
-type algorithm string
+// Algorithm specifies an AEAD algorithm that
+// can be used to en/decrypt data streams.
+//
+// Its main purpose is to simplify code that
+// wants to use commonly used AEAD algorithms,
+// like AES-GCM, by providing a way to directly
+// create Streams from secret keys.
+type Algorithm string
+
+// String returns the string representation of an
+// AEAD algorithm.
+func (a Algorithm) String() string { return string(a) }
 
-// New returns a new Stream that encrypts and decrypts
-// data streams using the given secret key and AEAD
-// algorithm.
+// Stream returns a new Stream using the given
+// secret key and AEAD algorithm.
 // The returned Stream uses the default buffer size: BufSize.
-func (a algorithm) New(key []byte) (*Stream, error) { return a.newWithBufSize(key, BufSize) }
+func (a Algorithm) Stream(key []byte) (*Stream, error) { return a.streamWithBufSize(key, BufSize) }
 
-func (a algorithm) newWithBufSize(key []byte, bufSize int) (*Stream, error) {
+func (a Algorithm) streamWithBufSize(key []byte, bufSize int) (*Stream, error) {
 	var (
 		aead cipher.AEAD
 		err  error
@@ -94,6 +96,8 @@ func (a algorithm) newWithBufSize(key []byte, bufSize int) (*Stream, error) {
 		aead, err = chacha20poly1305.New(key)
 	case XChaCha20Poly1305:
 		aead, err = chacha20poly1305.NewX(key)
+	default:
+		return nil, errorType("sio: invalid algorithm name")
 	}
 	if err != nil {
 		return nil, err

sio_test.go

@@ -9,7 +9,7 @@ import (
 )
 
 type TestVector struct {
-	Algorithm      algorithm
+	Algorithm      Algorithm
 	BufSize        int
 	Key            []byte
 	Nonce          []byte
@@ -21,7 +21,7 @@ type TestVector struct {
 var TestVectors []TestVector = loadTestVectors("./test_vectors.json")
 
 type SimpleTest struct {
-	Algorithm      algorithm
+	Algorithm      Algorithm
 	BufSize        int
 	Key            []byte
 	Nonce          []byte

writer_test.go

@@ -19,7 +19,7 @@ func TestVectorWrite(t *testing.T) {
 		ciphertext.Reset()
 		plaintext.Reset()
 
-		stream, err := test.Algorithm.newWithBufSize(test.Key, test.BufSize)
+		stream, err := test.Algorithm.streamWithBufSize(test.Key, test.BufSize)
 		if err != nil {
 			t.Fatalf("Test %d: Failed to create new Stream: %v", i, err)
 		}
@@ -56,7 +56,7 @@ func TestVectorWriteByte(t *testing.T) {
 		ciphertext.Reset()
 		plaintext.Reset()
 
-		stream, err := test.Algorithm.newWithBufSize(test.Key, test.BufSize)
+		stream, err := test.Algorithm.streamWithBufSize(test.Key, test.BufSize)
 		if err != nil {
 			t.Fatalf("Test %d: Failed to create new Stream: %v", i, err)
 		}
@@ -93,7 +93,7 @@ func TestVectorReadFrom(t *testing.T) {
 		ciphertext.Reset()
 		plaintext.Reset()
 
-		stream, err := test.Algorithm.newWithBufSize(test.Key, test.BufSize)
+		stream, err := test.Algorithm.streamWithBufSize(test.Key, test.BufSize)
 		if err != nil {
 			t.Fatalf("Test %d: Failed to create new Stream: %v", i, err)
 		}
@@ -130,7 +130,7 @@ func TestSimpleWrite(t *testing.T) {
 		ciphertext.Reset()
 		plaintext.Reset()
 
-		stream, err := test.Algorithm.newWithBufSize(test.Key, test.BufSize)
+		stream, err := test.Algorithm.streamWithBufSize(test.Key, test.BufSize)
 		if err != nil {
 			t.Fatalf("Test %d: Failed to create new Stream: %v", i, err)
 		}
@@ -165,7 +165,7 @@ func TestSimpleWriteByte(t *testing.T) {
 		ciphertext.Reset()
 		plaintext.Reset()
 
-		stream, err := test.Algorithm.newWithBufSize(test.Key, test.BufSize)
+		stream, err := test.Algorithm.streamWithBufSize(test.Key, test.BufSize)
 		if err != nil {
 			t.Fatalf("Test %d: Failed to create new Stream: %v", i, err)
 		}
@@ -200,7 +200,7 @@ func TestSimpleReadFrom(t *testing.T) {
 		ciphertext.Reset()
 		plaintext.Reset()
 
-		stream, err := test.Algorithm.newWithBufSize(test.Key, test.BufSize)
+		stream, err := test.Algorithm.streamWithBufSize(test.Key, test.BufSize)
 		if err != nil {
 			t.Fatalf("Test %d: Failed to create new Stream: %v", i, err)
 		}
@@ -237,7 +237,7 @@ func TestWriteAfterClose(t *testing.T) {
 		w.Write(nil)
 	}
 
-	s, err := AES_128_GCM.New(make([]byte, 16))
+	s, err := AES_128_GCM.Stream(make([]byte, 16))
 	if err != nil {
 		t.Fatalf("Failed to create new Stream: %v", err)
 	}
@@ -262,7 +262,7 @@ func TestWriteByteAfterClose(t *testing.T) {
 		w.WriteByte(0)
 	}
 
-	s, err := AES_128_GCM.New(make([]byte, 16))
+	s, err := AES_128_GCM.Stream(make([]byte, 16))
 	if err != nil {
 		t.Fatalf("Failed to create new Stream: %v", err)
 	}
@@ -286,7 +286,7 @@ func TestReadFromAfterClose(t *testing.T) {
 		w.ReadFrom(bytes.NewReader(nil))
 	}
 
-	s, err := AES_128_GCM.New(make([]byte, 16))
+	s, err := AES_128_GCM.Stream(make([]byte, 16))
 	if err != nil {
 		t.Fatalf("Failed to create new Stream: %v", err)
 	}