Replaced KeyStar references with cryptohelper, which has been split out

of KeyStar.

auth/types.go

@@ -9,8 +9,8 @@ import (
 
 	"git.destrealm.org/go/capstan"
 	"git.destrealm.org/go/capstan/config"
+	ch "git.destrealm.org/go/cryptohelper"
 	"git.destrealm.org/go/errors"
-	"git.destrealm.org/go/keystar/crypto"
 	"git.destrealm.org/go/principal"
 )
 
@@ -180,16 +180,16 @@ func (u *UserMixin) Identifier() int64 {
 // DefaultUserCodec implements the UserCodec interface, providing encryption
 // services via KeyStar.
 type DefaultUserCodec struct {
-	sealer crypto.Sealer
+	sealer ch.Sealer
 	config *config.AuthenticationConfig
 }
 
 // NewDefaultUserCodec returns a codec suitable for encoding and decoding
 // authentication sessions.
 func NewDefaultUserCodec(conf *config.AuthenticationConfig) (codec *DefaultUserCodec, err error) {
-	var sealer crypto.Sealer
+	var sealer ch.Sealer
 
-	sealer, err = crypto.NewSealer(&crypto.EngineConfiguration{
+	sealer, err = ch.NewSealer(&ch.EngineConfiguration{
 		CipherKey: conf.Key,
 		HMACKey:   conf.HMAC,
 	})

extension/csrf.go

@@ -12,8 +12,8 @@ import (
 	"git.destrealm.org/go/capstan"
 	. "git.destrealm.org/go/capstan/errors"
 	"git.destrealm.org/go/capstan/status"
+	ch "git.destrealm.org/go/cryptohelper"
 	"git.destrealm.org/go/errors"
-	"git.destrealm.org/go/keystar/crypto"
 	"git.destrealm.org/go/logging"
 )
 
@@ -192,7 +192,7 @@ type CSRFOptions struct {
 }
 
 type CSRF struct {
-	sealer   crypto.Sealer
+	sealer   ch.Sealer
 	methods  map[string]struct{}
 	options  *CSRFOptions
 	hostname string
@@ -202,7 +202,7 @@ type CSRF struct {
 func NewCSRF(options *CSRFOptions) (*CSRF, error) {
 	var methods map[string]struct{}
 
-	sealer, err := crypto.NewSealer(&crypto.EngineConfiguration{
+	sealer, err := ch.NewSealer(&ch.EngineConfiguration{
 		CipherKey: options.Key,
 		HMACKey:   options.HMAC,
 	})
@@ -406,7 +406,7 @@ func (c *CSRF) validateToken(token string) bool {
 	if err != nil {
 		return false
 	}
-	if validator, ok := c.sealer.(crypto.Signer); ok {
+	if validator, ok := c.sealer.(ch.Signer); ok {
 		return validator.VerifyBytes(b)
 	}
 

session/cookie/cookie.go

@@ -11,14 +11,14 @@ import (
 	"git.destrealm.org/go/capstan/config"
 	"git.destrealm.org/go/capstan/session/api"
 	"git.destrealm.org/go/capstan/session/registry"
+	ch "git.destrealm.org/go/cryptohelper"
 	"git.destrealm.org/go/errors"
-	"git.destrealm.org/go/keystar/crypto"
 )
 
 func init() {
 	registry.Register(config.SessionCookieBackend,
 		func(cfg *config.SessionConfig) api.SessionMaster {
-			sealer, _ := crypto.NewSealer(&crypto.EngineConfiguration{
+			sealer, _ := ch.NewSealer(&ch.EngineConfiguration{
 				CipherKey: cfg.Key,
 				HMACKey:   cfg.HMACKey,
 			})
@@ -35,7 +35,7 @@ type CookieBackend struct {
 	config    *config.SessionConfig
 	plain     bool
 	mksession func(http.ResponseWriter, *http.Request) *CookieSession
-	sealer    crypto.Sealer
+	sealer    ch.Sealer
 	sync.Mutex
 }
 
@@ -50,7 +50,7 @@ func (s *CookieBackend) NewSession(w http.ResponseWriter, r *http.Request) api.S
 
 type CookieSession struct {
 	backend  *CookieBackend
-	sealer   crypto.Sealer
+	sealer   ch.Sealer
 	request  *http.Request
 	response http.ResponseWriter
 	kv       map[string]interface{}

tests/types.go

@@ -25,7 +25,8 @@ type testBodyMethod struct {
 	Method string
 }
 
-// Key data from KeyStar crypto/init_test.go. Do not re-use; this is public.
+// Key data from KeyStar/CryptoHelper crypto/init_test.go. Do not re-use; this
+// is public.
 var testKey = []byte{
 	0x45, 0x5c, 0x9a, 0x7c,
 	0xa1, 0x3e, 0x33, 0x70,
@@ -37,7 +38,8 @@ var testKey = []byte{
 	0xae, 0x08, 0x49, 0x4c,
 }
 
-// HMAC key from KeyStar crypto/init_test.go. Do not reuse; this is public.
+// HMAC key from KeyStar/CryptoHelper crypto/init_test.go. Do not reuse; this is
+// public.
 var testHMAC = []byte{
 	0x93, 0x31, 0x67, 0x11,
 	0xf4, 0xec, 0x18, 0x45,