github.com/10XDev/rclone@v1.52.3-0.20200626220027-16af9ab76b2a/backend/crypt/cipher_test.go (about) 1 package crypt 2 3 import ( 4 "bytes" 5 "context" 6 "encoding/base32" 7 "fmt" 8 "io" 9 "io/ioutil" 10 "strings" 11 "testing" 12 13 "github.com/pkg/errors" 14 "github.com/rclone/rclone/backend/crypt/pkcs7" 15 "github.com/rclone/rclone/lib/readers" 16 "github.com/stretchr/testify/assert" 17 "github.com/stretchr/testify/require" 18 ) 19 20 func TestNewNameEncryptionMode(t *testing.T) { 21 for _, test := range []struct { 22 in string 23 expected NameEncryptionMode 24 expectedErr string 25 }{ 26 {"off", NameEncryptionOff, ""}, 27 {"standard", NameEncryptionStandard, ""}, 28 {"obfuscate", NameEncryptionObfuscated, ""}, 29 {"potato", NameEncryptionOff, "Unknown file name encryption mode \"potato\""}, 30 } { 31 actual, actualErr := NewNameEncryptionMode(test.in) 32 assert.Equal(t, actual, test.expected) 33 if test.expectedErr == "" { 34 assert.NoError(t, actualErr) 35 } else { 36 assert.Error(t, actualErr, test.expectedErr) 37 } 38 } 39 } 40 41 func TestNewNameEncryptionModeString(t *testing.T) { 42 assert.Equal(t, NameEncryptionOff.String(), "off") 43 assert.Equal(t, NameEncryptionStandard.String(), "standard") 44 assert.Equal(t, NameEncryptionObfuscated.String(), "obfuscate") 45 assert.Equal(t, NameEncryptionMode(3).String(), "Unknown mode #3") 46 } 47 48 func TestEncodeFileName(t *testing.T) { 49 for _, test := range []struct { 50 in string 51 expected string 52 }{ 53 {"", ""}, 54 {"1", "64"}, 55 {"12", "64p0"}, 56 {"123", "64p36"}, 57 {"1234", "64p36d0"}, 58 {"12345", "64p36d1l"}, 59 {"123456", "64p36d1l6o"}, 60 {"1234567", "64p36d1l6org"}, 61 {"12345678", "64p36d1l6orjg"}, 62 {"123456789", "64p36d1l6orjge8"}, 63 {"1234567890", "64p36d1l6orjge9g"}, 64 {"12345678901", "64p36d1l6orjge9g64"}, 65 {"123456789012", "64p36d1l6orjge9g64p0"}, 66 {"1234567890123", "64p36d1l6orjge9g64p36"}, 67 {"12345678901234", "64p36d1l6orjge9g64p36d0"}, 68 {"123456789012345", "64p36d1l6orjge9g64p36d1l"}, 69 {"1234567890123456", "64p36d1l6orjge9g64p36d1l6o"}, 70 } { 71 actual := encodeFileName([]byte(test.in)) 72 assert.Equal(t, actual, test.expected, fmt.Sprintf("in=%q", test.in)) 73 recovered, err := decodeFileName(test.expected) 74 assert.NoError(t, err) 75 assert.Equal(t, string(recovered), test.in, fmt.Sprintf("reverse=%q", test.expected)) 76 in := strings.ToUpper(test.expected) 77 recovered, err = decodeFileName(in) 78 assert.NoError(t, err) 79 assert.Equal(t, string(recovered), test.in, fmt.Sprintf("reverse=%q", in)) 80 } 81 } 82 83 func TestDecodeFileName(t *testing.T) { 84 // We've tested decoding the valid ones above, now concentrate on the invalid ones 85 for _, test := range []struct { 86 in string 87 expectedErr error 88 }{ 89 {"64=", ErrorBadBase32Encoding}, 90 {"!", base32.CorruptInputError(0)}, 91 {"hello=hello", base32.CorruptInputError(5)}, 92 } { 93 actual, actualErr := decodeFileName(test.in) 94 assert.Equal(t, test.expectedErr, actualErr, fmt.Sprintf("in=%q got actual=%q, err = %v %T", test.in, actual, actualErr, actualErr)) 95 } 96 } 97 98 func TestEncryptSegment(t *testing.T) { 99 c, _ := newCipher(NameEncryptionStandard, "", "", true) 100 for _, test := range []struct { 101 in string 102 expected string 103 }{ 104 {"", ""}, 105 {"1", "p0e52nreeaj0a5ea7s64m4j72s"}, 106 {"12", "l42g6771hnv3an9cgc8cr2n1ng"}, 107 {"123", "qgm4avr35m5loi1th53ato71v0"}, 108 {"1234", "8ivr2e9plj3c3esisjpdisikos"}, 109 {"12345", "rh9vu63q3o29eqmj4bg6gg7s44"}, 110 {"123456", "bn717l3alepn75b2fb2ejmi4b4"}, 111 {"1234567", "n6bo9jmb1qe3b1ogtj5qkf19k8"}, 112 {"12345678", "u9t24j7uaq94dh5q53m3s4t9ok"}, 113 {"123456789", "37hn305g6j12d1g0kkrl7ekbs4"}, 114 {"1234567890", "ot8d91eplaglb62k2b1trm2qv0"}, 115 {"12345678901", "h168vvrgb53qnrtvvmb378qrcs"}, 116 {"123456789012", "s3hsdf9e29ithrqbjqu01t8q2s"}, 117 {"1234567890123", "cf3jimlv1q2oc553mv7s3mh3eo"}, 118 {"12345678901234", "moq0uqdlqrblrc5pa5u5c7hq9g"}, 119 {"123456789012345", "eeam3li4rnommi3a762h5n7meg"}, 120 {"1234567890123456", "mijbj0frqf6ms7frcr6bd9h0env53jv96pjaaoirk7forcgpt70g"}, 121 } { 122 actual := c.encryptSegment(test.in) 123 assert.Equal(t, test.expected, actual, fmt.Sprintf("Testing %q", test.in)) 124 recovered, err := c.decryptSegment(test.expected) 125 assert.NoError(t, err, fmt.Sprintf("Testing reverse %q", test.expected)) 126 assert.Equal(t, test.in, recovered, fmt.Sprintf("Testing reverse %q", test.expected)) 127 in := strings.ToUpper(test.expected) 128 recovered, err = c.decryptSegment(in) 129 assert.NoError(t, err, fmt.Sprintf("Testing reverse %q", in)) 130 assert.Equal(t, test.in, recovered, fmt.Sprintf("Testing reverse %q", in)) 131 } 132 } 133 134 func TestDecryptSegment(t *testing.T) { 135 // We've tested the forwards above, now concentrate on the errors 136 longName := make([]byte, 3328) 137 for i := range longName { 138 longName[i] = 'a' 139 } 140 c, _ := newCipher(NameEncryptionStandard, "", "", true) 141 for _, test := range []struct { 142 in string 143 expectedErr error 144 }{ 145 {"64=", ErrorBadBase32Encoding}, 146 {"!", base32.CorruptInputError(0)}, 147 {string(longName), ErrorTooLongAfterDecode}, 148 {encodeFileName([]byte("a")), ErrorNotAMultipleOfBlocksize}, 149 {encodeFileName([]byte("123456789abcdef")), ErrorNotAMultipleOfBlocksize}, 150 {encodeFileName([]byte("123456789abcdef0")), pkcs7.ErrorPaddingTooLong}, 151 } { 152 actual, actualErr := c.decryptSegment(test.in) 153 assert.Equal(t, test.expectedErr, actualErr, fmt.Sprintf("in=%q got actual=%q, err = %v %T", test.in, actual, actualErr, actualErr)) 154 } 155 } 156 157 func TestEncryptFileName(t *testing.T) { 158 // First standard mode 159 c, _ := newCipher(NameEncryptionStandard, "", "", true) 160 assert.Equal(t, "p0e52nreeaj0a5ea7s64m4j72s", c.EncryptFileName("1")) 161 assert.Equal(t, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng", c.EncryptFileName("1/12")) 162 assert.Equal(t, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0", c.EncryptFileName("1/12/123")) 163 // Standard mode with directory name encryption off 164 c, _ = newCipher(NameEncryptionStandard, "", "", false) 165 assert.Equal(t, "p0e52nreeaj0a5ea7s64m4j72s", c.EncryptFileName("1")) 166 assert.Equal(t, "1/l42g6771hnv3an9cgc8cr2n1ng", c.EncryptFileName("1/12")) 167 assert.Equal(t, "1/12/qgm4avr35m5loi1th53ato71v0", c.EncryptFileName("1/12/123")) 168 // Now off mode 169 c, _ = newCipher(NameEncryptionOff, "", "", true) 170 assert.Equal(t, "1/12/123.bin", c.EncryptFileName("1/12/123")) 171 // Obfuscation mode 172 c, _ = newCipher(NameEncryptionObfuscated, "", "", true) 173 assert.Equal(t, "49.6/99.23/150.890/53.!!lipps", c.EncryptFileName("1/12/123/!hello")) 174 assert.Equal(t, "161.\u00e4", c.EncryptFileName("\u00a1")) 175 assert.Equal(t, "160.\u03c2", c.EncryptFileName("\u03a0")) 176 // Obfuscation mode with directory name encryption off 177 c, _ = newCipher(NameEncryptionObfuscated, "", "", false) 178 assert.Equal(t, "1/12/123/53.!!lipps", c.EncryptFileName("1/12/123/!hello")) 179 assert.Equal(t, "161.\u00e4", c.EncryptFileName("\u00a1")) 180 assert.Equal(t, "160.\u03c2", c.EncryptFileName("\u03a0")) 181 } 182 183 func TestDecryptFileName(t *testing.T) { 184 for _, test := range []struct { 185 mode NameEncryptionMode 186 dirNameEncrypt bool 187 in string 188 expected string 189 expectedErr error 190 }{ 191 {NameEncryptionStandard, true, "p0e52nreeaj0a5ea7s64m4j72s", "1", nil}, 192 {NameEncryptionStandard, true, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng", "1/12", nil}, 193 {NameEncryptionStandard, true, "p0e52nreeAJ0A5EA7S64M4J72S/L42G6771HNv3an9cgc8cr2n1ng", "1/12", nil}, 194 {NameEncryptionStandard, true, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0", "1/12/123", nil}, 195 {NameEncryptionStandard, true, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1/qgm4avr35m5loi1th53ato71v0", "", ErrorNotAMultipleOfBlocksize}, 196 {NameEncryptionStandard, false, "1/12/qgm4avr35m5loi1th53ato71v0", "1/12/123", nil}, 197 {NameEncryptionOff, true, "1/12/123.bin", "1/12/123", nil}, 198 {NameEncryptionOff, true, "1/12/123.bix", "", ErrorNotAnEncryptedFile}, 199 {NameEncryptionOff, true, ".bin", "", ErrorNotAnEncryptedFile}, 200 {NameEncryptionObfuscated, true, "!.hello", "hello", nil}, 201 {NameEncryptionObfuscated, true, "hello", "", ErrorNotAnEncryptedFile}, 202 {NameEncryptionObfuscated, true, "161.\u00e4", "\u00a1", nil}, 203 {NameEncryptionObfuscated, true, "160.\u03c2", "\u03a0", nil}, 204 {NameEncryptionObfuscated, false, "1/12/123/53.!!lipps", "1/12/123/!hello", nil}, 205 } { 206 c, _ := newCipher(test.mode, "", "", test.dirNameEncrypt) 207 actual, actualErr := c.DecryptFileName(test.in) 208 what := fmt.Sprintf("Testing %q (mode=%v)", test.in, test.mode) 209 assert.Equal(t, test.expected, actual, what) 210 assert.Equal(t, test.expectedErr, actualErr, what) 211 } 212 } 213 214 func TestEncDecMatches(t *testing.T) { 215 for _, test := range []struct { 216 mode NameEncryptionMode 217 in string 218 }{ 219 {NameEncryptionStandard, "1/2/3/4"}, 220 {NameEncryptionOff, "1/2/3/4"}, 221 {NameEncryptionObfuscated, "1/2/3/4/!hello\u03a0"}, 222 {NameEncryptionObfuscated, "Avatar The Last Airbender"}, 223 } { 224 c, _ := newCipher(test.mode, "", "", true) 225 out, err := c.DecryptFileName(c.EncryptFileName(test.in)) 226 what := fmt.Sprintf("Testing %q (mode=%v)", test.in, test.mode) 227 assert.Equal(t, out, test.in, what) 228 assert.Equal(t, err, nil, what) 229 } 230 } 231 232 func TestEncryptDirName(t *testing.T) { 233 // First standard mode 234 c, _ := newCipher(NameEncryptionStandard, "", "", true) 235 assert.Equal(t, "p0e52nreeaj0a5ea7s64m4j72s", c.EncryptDirName("1")) 236 assert.Equal(t, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng", c.EncryptDirName("1/12")) 237 assert.Equal(t, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0", c.EncryptDirName("1/12/123")) 238 // Standard mode with dir name encryption off 239 c, _ = newCipher(NameEncryptionStandard, "", "", false) 240 assert.Equal(t, "1/12", c.EncryptDirName("1/12")) 241 assert.Equal(t, "1/12/123", c.EncryptDirName("1/12/123")) 242 // Now off mode 243 c, _ = newCipher(NameEncryptionOff, "", "", true) 244 assert.Equal(t, "1/12/123", c.EncryptDirName("1/12/123")) 245 } 246 247 func TestDecryptDirName(t *testing.T) { 248 for _, test := range []struct { 249 mode NameEncryptionMode 250 dirNameEncrypt bool 251 in string 252 expected string 253 expectedErr error 254 }{ 255 {NameEncryptionStandard, true, "p0e52nreeaj0a5ea7s64m4j72s", "1", nil}, 256 {NameEncryptionStandard, true, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng", "1/12", nil}, 257 {NameEncryptionStandard, true, "p0e52nreeAJ0A5EA7S64M4J72S/L42G6771HNv3an9cgc8cr2n1ng", "1/12", nil}, 258 {NameEncryptionStandard, true, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0", "1/12/123", nil}, 259 {NameEncryptionStandard, true, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1/qgm4avr35m5loi1th53ato71v0", "", ErrorNotAMultipleOfBlocksize}, 260 {NameEncryptionStandard, false, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng", "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng", nil}, 261 {NameEncryptionStandard, false, "1/12/123", "1/12/123", nil}, 262 {NameEncryptionOff, true, "1/12/123.bin", "1/12/123.bin", nil}, 263 {NameEncryptionOff, true, "1/12/123", "1/12/123", nil}, 264 {NameEncryptionOff, true, ".bin", ".bin", nil}, 265 } { 266 c, _ := newCipher(test.mode, "", "", test.dirNameEncrypt) 267 actual, actualErr := c.DecryptDirName(test.in) 268 what := fmt.Sprintf("Testing %q (mode=%v)", test.in, test.mode) 269 assert.Equal(t, test.expected, actual, what) 270 assert.Equal(t, test.expectedErr, actualErr, what) 271 } 272 } 273 274 func TestEncryptedSize(t *testing.T) { 275 c, _ := newCipher(NameEncryptionStandard, "", "", true) 276 for _, test := range []struct { 277 in int64 278 expected int64 279 }{ 280 {0, 32}, 281 {1, 32 + 16 + 1}, 282 {65536, 32 + 16 + 65536}, 283 {65537, 32 + 16 + 65536 + 16 + 1}, 284 {1 << 20, 32 + 16*(16+65536)}, 285 {(1 << 20) + 65535, 32 + 16*(16+65536) + 16 + 65535}, 286 {1 << 30, 32 + 16384*(16+65536)}, 287 {(1 << 40) + 1, 32 + 16777216*(16+65536) + 16 + 1}, 288 } { 289 actual := c.EncryptedSize(test.in) 290 assert.Equal(t, test.expected, actual, fmt.Sprintf("Testing %d", test.in)) 291 recovered, err := c.DecryptedSize(test.expected) 292 assert.NoError(t, err, fmt.Sprintf("Testing reverse %d", test.expected)) 293 assert.Equal(t, test.in, recovered, fmt.Sprintf("Testing reverse %d", test.expected)) 294 } 295 } 296 297 func TestDecryptedSize(t *testing.T) { 298 // Test the errors since we tested the reverse above 299 c, _ := newCipher(NameEncryptionStandard, "", "", true) 300 for _, test := range []struct { 301 in int64 302 expectedErr error 303 }{ 304 {0, ErrorEncryptedFileTooShort}, 305 {0, ErrorEncryptedFileTooShort}, 306 {1, ErrorEncryptedFileTooShort}, 307 {7, ErrorEncryptedFileTooShort}, 308 {32 + 1, ErrorEncryptedFileBadHeader}, 309 {32 + 16, ErrorEncryptedFileBadHeader}, 310 {32 + 16 + 65536 + 1, ErrorEncryptedFileBadHeader}, 311 {32 + 16 + 65536 + 16, ErrorEncryptedFileBadHeader}, 312 } { 313 _, actualErr := c.DecryptedSize(test.in) 314 assert.Equal(t, test.expectedErr, actualErr, fmt.Sprintf("Testing %d", test.in)) 315 } 316 } 317 318 func TestNoncePointer(t *testing.T) { 319 var x nonce 320 assert.Equal(t, (*[24]byte)(&x), x.pointer()) 321 } 322 323 func TestNonceFromReader(t *testing.T) { 324 var x nonce 325 buf := bytes.NewBufferString("123456789abcdefghijklmno") 326 err := x.fromReader(buf) 327 assert.NoError(t, err) 328 assert.Equal(t, nonce{'1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o'}, x) 329 buf = bytes.NewBufferString("123456789abcdefghijklmn") 330 err = x.fromReader(buf) 331 assert.Error(t, err, "short read of nonce") 332 } 333 334 func TestNonceFromBuf(t *testing.T) { 335 var x nonce 336 buf := []byte("123456789abcdefghijklmnoXXXXXXXX") 337 x.fromBuf(buf) 338 assert.Equal(t, nonce{'1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o'}, x) 339 buf = []byte("0123456789abcdefghijklmn") 340 x.fromBuf(buf) 341 assert.Equal(t, nonce{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n'}, x) 342 buf = []byte("0123456789abcdefghijklm") 343 assert.Panics(t, func() { x.fromBuf(buf) }) 344 } 345 346 func TestNonceIncrement(t *testing.T) { 347 for _, test := range []struct { 348 in nonce 349 out nonce 350 }{ 351 { 352 nonce{0x00}, 353 nonce{0x01}, 354 }, 355 { 356 nonce{0xFF}, 357 nonce{0x00, 0x01}, 358 }, 359 { 360 nonce{0xFF, 0xFF}, 361 nonce{0x00, 0x00, 0x01}, 362 }, 363 { 364 nonce{0xFF, 0xFF, 0xFF}, 365 nonce{0x00, 0x00, 0x00, 0x01}, 366 }, 367 { 368 nonce{0xFF, 0xFF, 0xFF, 0xFF}, 369 nonce{0x00, 0x00, 0x00, 0x00, 0x01}, 370 }, 371 { 372 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 373 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 374 }, 375 { 376 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 377 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 378 }, 379 { 380 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 381 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 382 }, 383 { 384 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 385 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 386 }, 387 { 388 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 389 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 390 }, 391 { 392 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 393 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 394 }, 395 { 396 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 397 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 398 }, 399 { 400 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 401 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 402 }, 403 { 404 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 405 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 406 }, 407 { 408 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 409 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 410 }, 411 { 412 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 413 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 414 }, 415 { 416 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 417 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 418 }, 419 { 420 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 421 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 422 }, 423 { 424 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 425 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 426 }, 427 { 428 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 429 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 430 }, 431 { 432 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 433 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 434 }, 435 { 436 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 437 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 438 }, 439 { 440 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 441 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 442 }, 443 { 444 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 445 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 446 }, 447 { 448 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 449 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 450 }, 451 } { 452 x := test.in 453 x.increment() 454 assert.Equal(t, test.out, x) 455 } 456 } 457 458 func TestNonceAdd(t *testing.T) { 459 for _, test := range []struct { 460 add uint64 461 in nonce 462 out nonce 463 }{ 464 { 465 0x01, 466 nonce{0x00}, 467 nonce{0x01}, 468 }, 469 { 470 0xFF, 471 nonce{0xFF}, 472 nonce{0xFE, 0x01}, 473 }, 474 { 475 0xFFFF, 476 nonce{0xFF, 0xFF}, 477 nonce{0xFE, 0xFF, 0x01}, 478 }, 479 { 480 0xFFFFFF, 481 nonce{0xFF, 0xFF, 0xFF}, 482 nonce{0xFE, 0xFF, 0xFF, 0x01}, 483 }, 484 { 485 0xFFFFFFFF, 486 nonce{0xFF, 0xFF, 0xFF, 0xFF}, 487 nonce{0xFe, 0xFF, 0xFF, 0xFF, 0x01}, 488 }, 489 { 490 0xFFFFFFFFFF, 491 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 492 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0x01}, 493 }, 494 { 495 0xFFFFFFFFFFFF, 496 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 497 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x01}, 498 }, 499 { 500 0xFFFFFFFFFFFFFF, 501 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 502 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x01}, 503 }, 504 { 505 0xFFFFFFFFFFFFFFFF, 506 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 507 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x01}, 508 }, 509 { 510 0xFFFFFFFFFFFFFFFF, 511 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 512 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x01}, 513 }, 514 { 515 0xFFFFFFFFFFFFFFFF, 516 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 517 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x01}, 518 }, 519 { 520 0xFFFFFFFFFFFFFFFF, 521 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 522 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01}, 523 }, 524 { 525 0xFFFFFFFFFFFFFFFF, 526 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 527 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x01}, 528 }, 529 { 530 0xFFFFFFFFFFFFFFFF, 531 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 532 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 533 }, 534 { 535 0xFFFFFFFFFFFFFFFF, 536 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 537 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 538 }, 539 { 540 0xFFFFFFFFFFFFFFFF, 541 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 542 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 543 }, 544 { 545 0xFFFFFFFFFFFFFFFF, 546 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 547 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 548 }, 549 { 550 0xFFFFFFFFFFFFFFFF, 551 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 552 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 553 }, 554 { 555 0xFFFFFFFFFFFFFFFF, 556 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 557 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 558 }, 559 { 560 0xFFFFFFFFFFFFFFFF, 561 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 562 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 563 }, 564 { 565 0xFFFFFFFFFFFFFFFF, 566 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 567 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 568 }, 569 { 570 0xFFFFFFFFFFFFFFFF, 571 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 572 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 573 }, 574 { 575 0xFFFFFFFFFFFFFFFF, 576 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 577 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 578 }, 579 { 580 0xFFFFFFFFFFFFFFFF, 581 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 582 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 583 }, 584 { 585 0xFFFFFFFFFFFFFFFF, 586 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 587 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 588 }, 589 } { 590 x := test.in 591 x.add(test.add) 592 assert.Equal(t, test.out, x) 593 } 594 } 595 596 // randomSource can read or write a random sequence 597 type randomSource struct { 598 counter int64 599 size int64 600 } 601 602 func newRandomSource(size int64) *randomSource { 603 return &randomSource{ 604 size: size, 605 } 606 } 607 608 func (r *randomSource) next() byte { 609 r.counter++ 610 return byte(r.counter % 257) 611 } 612 613 func (r *randomSource) Read(p []byte) (n int, err error) { 614 for i := range p { 615 if r.counter >= r.size { 616 err = io.EOF 617 break 618 } 619 p[i] = r.next() 620 n++ 621 } 622 return n, err 623 } 624 625 func (r *randomSource) Write(p []byte) (n int, err error) { 626 for i := range p { 627 if p[i] != r.next() { 628 return 0, errors.Errorf("Error in stream at %d", r.counter) 629 } 630 } 631 return len(p), nil 632 } 633 634 func (r *randomSource) Close() error { return nil } 635 636 // Check interfaces 637 var ( 638 _ io.ReadCloser = (*randomSource)(nil) 639 _ io.WriteCloser = (*randomSource)(nil) 640 ) 641 642 // Test test infrastructure first! 643 func TestRandomSource(t *testing.T) { 644 source := newRandomSource(1e8) 645 sink := newRandomSource(1e8) 646 n, err := io.Copy(sink, source) 647 assert.NoError(t, err) 648 assert.Equal(t, int64(1e8), n) 649 650 source = newRandomSource(1e8) 651 buf := make([]byte, 16) 652 _, _ = source.Read(buf) 653 sink = newRandomSource(1e8) 654 _, err = io.Copy(sink, source) 655 assert.Error(t, err, "Error in stream") 656 } 657 658 type zeroes struct{} 659 660 func (z *zeroes) Read(p []byte) (n int, err error) { 661 for i := range p { 662 p[i] = 0 663 n++ 664 } 665 return n, nil 666 } 667 668 // Test encrypt decrypt with different buffer sizes 669 func testEncryptDecrypt(t *testing.T, bufSize int, copySize int64) { 670 c, err := newCipher(NameEncryptionStandard, "", "", true) 671 assert.NoError(t, err) 672 c.cryptoRand = &zeroes{} // zero out the nonce 673 buf := make([]byte, bufSize) 674 source := newRandomSource(copySize) 675 encrypted, err := c.newEncrypter(source, nil) 676 assert.NoError(t, err) 677 decrypted, err := c.newDecrypter(ioutil.NopCloser(encrypted)) 678 assert.NoError(t, err) 679 sink := newRandomSource(copySize) 680 n, err := io.CopyBuffer(sink, decrypted, buf) 681 assert.NoError(t, err) 682 assert.Equal(t, copySize, n) 683 blocks := copySize / blockSize 684 if (copySize % blockSize) != 0 { 685 blocks++ 686 } 687 var expectedNonce = nonce{byte(blocks), byte(blocks >> 8), byte(blocks >> 16), byte(blocks >> 32)} 688 assert.Equal(t, expectedNonce, encrypted.nonce) 689 assert.Equal(t, expectedNonce, decrypted.nonce) 690 } 691 692 func TestEncryptDecrypt1(t *testing.T) { 693 testEncryptDecrypt(t, 1, 1e7) 694 } 695 696 func TestEncryptDecrypt32(t *testing.T) { 697 testEncryptDecrypt(t, 32, 1e8) 698 } 699 700 func TestEncryptDecrypt4096(t *testing.T) { 701 testEncryptDecrypt(t, 4096, 1e8) 702 } 703 704 func TestEncryptDecrypt65536(t *testing.T) { 705 testEncryptDecrypt(t, 65536, 1e8) 706 } 707 708 func TestEncryptDecrypt65537(t *testing.T) { 709 testEncryptDecrypt(t, 65537, 1e8) 710 } 711 712 var ( 713 file0 = []byte{ 714 0x52, 0x43, 0x4c, 0x4f, 0x4e, 0x45, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 715 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 716 } 717 file1 = []byte{ 718 0x52, 0x43, 0x4c, 0x4f, 0x4e, 0x45, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 719 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 720 0x09, 0x5b, 0x44, 0x6c, 0xd6, 0x23, 0x7b, 0xbc, 0xb0, 0x8d, 0x09, 0xfb, 0x52, 0x4c, 0xe5, 0x65, 721 0xAA, 722 } 723 file16 = []byte{ 724 0x52, 0x43, 0x4c, 0x4f, 0x4e, 0x45, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 725 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 726 0xb9, 0xc4, 0x55, 0x2a, 0x27, 0x10, 0x06, 0x29, 0x18, 0x96, 0x0a, 0x3e, 0x60, 0x8c, 0x29, 0xb9, 727 0xaa, 0x8a, 0x5e, 0x1e, 0x16, 0x5b, 0x6d, 0x07, 0x5d, 0xe4, 0xe9, 0xbb, 0x36, 0x7f, 0xd6, 0xd4, 728 } 729 ) 730 731 func TestEncryptData(t *testing.T) { 732 for _, test := range []struct { 733 in []byte 734 expected []byte 735 }{ 736 {[]byte{}, file0}, 737 {[]byte{1}, file1}, 738 {[]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}, file16}, 739 } { 740 c, err := newCipher(NameEncryptionStandard, "", "", true) 741 assert.NoError(t, err) 742 c.cryptoRand = newRandomSource(1e8) // nodge the crypto rand generator 743 744 // Check encode works 745 buf := bytes.NewBuffer(test.in) 746 encrypted, err := c.EncryptData(buf) 747 assert.NoError(t, err) 748 out, err := ioutil.ReadAll(encrypted) 749 assert.NoError(t, err) 750 assert.Equal(t, test.expected, out) 751 752 // Check we can decode the data properly too... 753 buf = bytes.NewBuffer(out) 754 decrypted, err := c.DecryptData(ioutil.NopCloser(buf)) 755 assert.NoError(t, err) 756 out, err = ioutil.ReadAll(decrypted) 757 assert.NoError(t, err) 758 assert.Equal(t, test.in, out) 759 } 760 } 761 762 func TestNewEncrypter(t *testing.T) { 763 c, err := newCipher(NameEncryptionStandard, "", "", true) 764 assert.NoError(t, err) 765 c.cryptoRand = newRandomSource(1e8) // nodge the crypto rand generator 766 767 z := &zeroes{} 768 769 fh, err := c.newEncrypter(z, nil) 770 assert.NoError(t, err) 771 assert.Equal(t, nonce{0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18}, fh.nonce) 772 assert.Equal(t, []byte{'R', 'C', 'L', 'O', 'N', 'E', 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18}, fh.buf[:32]) 773 774 // Test error path 775 c.cryptoRand = bytes.NewBufferString("123456789abcdefghijklmn") 776 fh, err = c.newEncrypter(z, nil) 777 assert.Nil(t, fh) 778 assert.Error(t, err, "short read of nonce") 779 780 } 781 782 // Test the stream returning 0, io.ErrUnexpectedEOF - this used to 783 // cause a fatal loop 784 func TestNewEncrypterErrUnexpectedEOF(t *testing.T) { 785 c, err := newCipher(NameEncryptionStandard, "", "", true) 786 assert.NoError(t, err) 787 788 in := &readers.ErrorReader{Err: io.ErrUnexpectedEOF} 789 fh, err := c.newEncrypter(in, nil) 790 assert.NoError(t, err) 791 792 n, err := io.CopyN(ioutil.Discard, fh, 1e6) 793 assert.Equal(t, io.ErrUnexpectedEOF, err) 794 assert.Equal(t, int64(32), n) 795 } 796 797 type closeDetector struct { 798 io.Reader 799 closed int 800 } 801 802 func newCloseDetector(in io.Reader) *closeDetector { 803 return &closeDetector{ 804 Reader: in, 805 } 806 } 807 808 func (c *closeDetector) Close() error { 809 c.closed++ 810 return nil 811 } 812 813 func TestNewDecrypter(t *testing.T) { 814 c, err := newCipher(NameEncryptionStandard, "", "", true) 815 assert.NoError(t, err) 816 c.cryptoRand = newRandomSource(1e8) // nodge the crypto rand generator 817 818 cd := newCloseDetector(bytes.NewBuffer(file0)) 819 fh, err := c.newDecrypter(cd) 820 assert.NoError(t, err) 821 // check nonce is in place 822 assert.Equal(t, file0[8:32], fh.nonce[:]) 823 assert.Equal(t, 0, cd.closed) 824 825 // Test error paths 826 for i := range file0 { 827 cd := newCloseDetector(bytes.NewBuffer(file0[:i])) 828 fh, err = c.newDecrypter(cd) 829 assert.Nil(t, fh) 830 assert.Error(t, err, ErrorEncryptedFileTooShort.Error()) 831 assert.Equal(t, 1, cd.closed) 832 } 833 834 er := &readers.ErrorReader{Err: errors.New("potato")} 835 cd = newCloseDetector(er) 836 fh, err = c.newDecrypter(cd) 837 assert.Nil(t, fh) 838 assert.Error(t, err, "potato") 839 assert.Equal(t, 1, cd.closed) 840 841 // bad magic 842 file0copy := make([]byte, len(file0)) 843 copy(file0copy, file0) 844 for i := range fileMagic { 845 file0copy[i] ^= 0x1 846 cd := newCloseDetector(bytes.NewBuffer(file0copy)) 847 fh, err := c.newDecrypter(cd) 848 assert.Nil(t, fh) 849 assert.Error(t, err, ErrorEncryptedBadMagic.Error()) 850 file0copy[i] ^= 0x1 851 assert.Equal(t, 1, cd.closed) 852 } 853 } 854 855 // Test the stream returning 0, io.ErrUnexpectedEOF 856 func TestNewDecrypterErrUnexpectedEOF(t *testing.T) { 857 c, err := newCipher(NameEncryptionStandard, "", "", true) 858 assert.NoError(t, err) 859 860 in2 := &readers.ErrorReader{Err: io.ErrUnexpectedEOF} 861 in1 := bytes.NewBuffer(file16) 862 in := ioutil.NopCloser(io.MultiReader(in1, in2)) 863 864 fh, err := c.newDecrypter(in) 865 assert.NoError(t, err) 866 867 n, err := io.CopyN(ioutil.Discard, fh, 1e6) 868 assert.Equal(t, io.ErrUnexpectedEOF, err) 869 assert.Equal(t, int64(16), n) 870 } 871 872 func TestNewDecrypterSeekLimit(t *testing.T) { 873 c, err := newCipher(NameEncryptionStandard, "", "", true) 874 assert.NoError(t, err) 875 c.cryptoRand = &zeroes{} // nodge the crypto rand generator 876 877 // Make random data 878 const dataSize = 150000 879 plaintext, err := ioutil.ReadAll(newRandomSource(dataSize)) 880 assert.NoError(t, err) 881 882 // Encrypt the data 883 buf := bytes.NewBuffer(plaintext) 884 encrypted, err := c.EncryptData(buf) 885 assert.NoError(t, err) 886 ciphertext, err := ioutil.ReadAll(encrypted) 887 assert.NoError(t, err) 888 889 trials := []int{0, 1, 2, 3, 4, 5, 7, 8, 9, 15, 16, 17, 31, 32, 33, 63, 64, 65, 890 127, 128, 129, 255, 256, 257, 511, 512, 513, 1023, 1024, 1025, 2047, 2048, 2049, 891 4095, 4096, 4097, 8191, 8192, 8193, 16383, 16384, 16385, 32767, 32768, 32769, 892 65535, 65536, 65537, 131071, 131072, 131073, dataSize - 1, dataSize} 893 limits := []int{-1, 0, 1, 65535, 65536, 65537, 131071, 131072, 131073} 894 895 // Open stream with a seek of underlyingOffset 896 var reader io.ReadCloser 897 open := func(ctx context.Context, underlyingOffset, underlyingLimit int64) (io.ReadCloser, error) { 898 end := len(ciphertext) 899 if underlyingLimit >= 0 { 900 end = int(underlyingOffset + underlyingLimit) 901 if end > len(ciphertext) { 902 end = len(ciphertext) 903 } 904 } 905 reader = ioutil.NopCloser(bytes.NewBuffer(ciphertext[int(underlyingOffset):end])) 906 return reader, nil 907 } 908 909 inBlock := make([]byte, dataSize) 910 911 // Check the seek worked by reading a block and checking it 912 // against what it should be 913 check := func(rc io.Reader, offset, limit int) { 914 n, err := io.ReadFull(rc, inBlock) 915 if err != nil && err != io.EOF && err != io.ErrUnexpectedEOF { 916 require.NoError(t, err) 917 } 918 seekedDecrypted := inBlock[:n] 919 920 what := fmt.Sprintf("offset = %d, limit = %d", offset, limit) 921 if limit >= 0 { 922 assert.Equal(t, limit, n, what) 923 } 924 require.Equal(t, plaintext[offset:offset+n], seekedDecrypted, what) 925 926 // We should have completely emptied the reader at this point 927 n, err = reader.Read(inBlock) 928 assert.Equal(t, io.EOF, err) 929 assert.Equal(t, 0, n) 930 } 931 932 // Now try decoding it with an open/seek 933 for _, offset := range trials { 934 for _, limit := range limits { 935 if offset+limit > len(plaintext) { 936 continue 937 } 938 rc, err := c.DecryptDataSeek(context.Background(), open, int64(offset), int64(limit)) 939 assert.NoError(t, err) 940 941 check(rc, offset, limit) 942 } 943 } 944 945 // Try decoding it with a single open and lots of seeks 946 fh, err := c.DecryptDataSeek(context.Background(), open, 0, -1) 947 assert.NoError(t, err) 948 for _, offset := range trials { 949 for _, limit := range limits { 950 if offset+limit > len(plaintext) { 951 continue 952 } 953 _, err := fh.RangeSeek(context.Background(), int64(offset), io.SeekStart, int64(limit)) 954 assert.NoError(t, err) 955 956 check(fh, offset, limit) 957 } 958 } 959 960 // Do some checks on the open callback 961 for _, test := range []struct { 962 offset, limit int64 963 wantOffset, wantLimit int64 964 }{ 965 // unlimited 966 {0, -1, int64(fileHeaderSize), -1}, 967 {1, -1, int64(fileHeaderSize), -1}, 968 {blockDataSize - 1, -1, int64(fileHeaderSize), -1}, 969 {blockDataSize, -1, int64(fileHeaderSize) + blockSize, -1}, 970 {blockDataSize + 1, -1, int64(fileHeaderSize) + blockSize, -1}, 971 // limit=1 972 {0, 1, int64(fileHeaderSize), blockSize}, 973 {1, 1, int64(fileHeaderSize), blockSize}, 974 {blockDataSize - 1, 1, int64(fileHeaderSize), blockSize}, 975 {blockDataSize, 1, int64(fileHeaderSize) + blockSize, blockSize}, 976 {blockDataSize + 1, 1, int64(fileHeaderSize) + blockSize, blockSize}, 977 // limit=100 978 {0, 100, int64(fileHeaderSize), blockSize}, 979 {1, 100, int64(fileHeaderSize), blockSize}, 980 {blockDataSize - 1, 100, int64(fileHeaderSize), 2 * blockSize}, 981 {blockDataSize, 100, int64(fileHeaderSize) + blockSize, blockSize}, 982 {blockDataSize + 1, 100, int64(fileHeaderSize) + blockSize, blockSize}, 983 // limit=blockDataSize-1 984 {0, blockDataSize - 1, int64(fileHeaderSize), blockSize}, 985 {1, blockDataSize - 1, int64(fileHeaderSize), blockSize}, 986 {blockDataSize - 1, blockDataSize - 1, int64(fileHeaderSize), 2 * blockSize}, 987 {blockDataSize, blockDataSize - 1, int64(fileHeaderSize) + blockSize, blockSize}, 988 {blockDataSize + 1, blockDataSize - 1, int64(fileHeaderSize) + blockSize, blockSize}, 989 // limit=blockDataSize 990 {0, blockDataSize, int64(fileHeaderSize), blockSize}, 991 {1, blockDataSize, int64(fileHeaderSize), 2 * blockSize}, 992 {blockDataSize - 1, blockDataSize, int64(fileHeaderSize), 2 * blockSize}, 993 {blockDataSize, blockDataSize, int64(fileHeaderSize) + blockSize, blockSize}, 994 {blockDataSize + 1, blockDataSize, int64(fileHeaderSize) + blockSize, 2 * blockSize}, 995 // limit=blockDataSize+1 996 {0, blockDataSize + 1, int64(fileHeaderSize), 2 * blockSize}, 997 {1, blockDataSize + 1, int64(fileHeaderSize), 2 * blockSize}, 998 {blockDataSize - 1, blockDataSize + 1, int64(fileHeaderSize), 2 * blockSize}, 999 {blockDataSize, blockDataSize + 1, int64(fileHeaderSize) + blockSize, 2 * blockSize}, 1000 {blockDataSize + 1, blockDataSize + 1, int64(fileHeaderSize) + blockSize, 2 * blockSize}, 1001 } { 1002 what := fmt.Sprintf("offset = %d, limit = %d", test.offset, test.limit) 1003 callCount := 0 1004 testOpen := func(ctx context.Context, underlyingOffset, underlyingLimit int64) (io.ReadCloser, error) { 1005 switch callCount { 1006 case 0: 1007 assert.Equal(t, int64(0), underlyingOffset, what) 1008 assert.Equal(t, int64(-1), underlyingLimit, what) 1009 case 1: 1010 assert.Equal(t, test.wantOffset, underlyingOffset, what) 1011 assert.Equal(t, test.wantLimit, underlyingLimit, what) 1012 default: 1013 t.Errorf("Too many calls %d for %s", callCount+1, what) 1014 } 1015 callCount++ 1016 return open(ctx, underlyingOffset, underlyingLimit) 1017 } 1018 fh, err := c.DecryptDataSeek(context.Background(), testOpen, 0, -1) 1019 assert.NoError(t, err) 1020 gotOffset, err := fh.RangeSeek(context.Background(), test.offset, io.SeekStart, test.limit) 1021 assert.NoError(t, err) 1022 assert.Equal(t, gotOffset, test.offset) 1023 } 1024 } 1025 1026 func TestDecrypterCalculateUnderlying(t *testing.T) { 1027 for _, test := range []struct { 1028 offset, limit int64 1029 wantOffset, wantLimit int64 1030 wantDiscard, wantBlocks int64 1031 }{ 1032 // unlimited 1033 {0, -1, int64(fileHeaderSize), -1, 0, 0}, 1034 {1, -1, int64(fileHeaderSize), -1, 1, 0}, 1035 {blockDataSize - 1, -1, int64(fileHeaderSize), -1, blockDataSize - 1, 0}, 1036 {blockDataSize, -1, int64(fileHeaderSize) + blockSize, -1, 0, 1}, 1037 {blockDataSize + 1, -1, int64(fileHeaderSize) + blockSize, -1, 1, 1}, 1038 // limit=1 1039 {0, 1, int64(fileHeaderSize), blockSize, 0, 0}, 1040 {1, 1, int64(fileHeaderSize), blockSize, 1, 0}, 1041 {blockDataSize - 1, 1, int64(fileHeaderSize), blockSize, blockDataSize - 1, 0}, 1042 {blockDataSize, 1, int64(fileHeaderSize) + blockSize, blockSize, 0, 1}, 1043 {blockDataSize + 1, 1, int64(fileHeaderSize) + blockSize, blockSize, 1, 1}, 1044 // limit=100 1045 {0, 100, int64(fileHeaderSize), blockSize, 0, 0}, 1046 {1, 100, int64(fileHeaderSize), blockSize, 1, 0}, 1047 {blockDataSize - 1, 100, int64(fileHeaderSize), 2 * blockSize, blockDataSize - 1, 0}, 1048 {blockDataSize, 100, int64(fileHeaderSize) + blockSize, blockSize, 0, 1}, 1049 {blockDataSize + 1, 100, int64(fileHeaderSize) + blockSize, blockSize, 1, 1}, 1050 // limit=blockDataSize-1 1051 {0, blockDataSize - 1, int64(fileHeaderSize), blockSize, 0, 0}, 1052 {1, blockDataSize - 1, int64(fileHeaderSize), blockSize, 1, 0}, 1053 {blockDataSize - 1, blockDataSize - 1, int64(fileHeaderSize), 2 * blockSize, blockDataSize - 1, 0}, 1054 {blockDataSize, blockDataSize - 1, int64(fileHeaderSize) + blockSize, blockSize, 0, 1}, 1055 {blockDataSize + 1, blockDataSize - 1, int64(fileHeaderSize) + blockSize, blockSize, 1, 1}, 1056 // limit=blockDataSize 1057 {0, blockDataSize, int64(fileHeaderSize), blockSize, 0, 0}, 1058 {1, blockDataSize, int64(fileHeaderSize), 2 * blockSize, 1, 0}, 1059 {blockDataSize - 1, blockDataSize, int64(fileHeaderSize), 2 * blockSize, blockDataSize - 1, 0}, 1060 {blockDataSize, blockDataSize, int64(fileHeaderSize) + blockSize, blockSize, 0, 1}, 1061 {blockDataSize + 1, blockDataSize, int64(fileHeaderSize) + blockSize, 2 * blockSize, 1, 1}, 1062 // limit=blockDataSize+1 1063 {0, blockDataSize + 1, int64(fileHeaderSize), 2 * blockSize, 0, 0}, 1064 {1, blockDataSize + 1, int64(fileHeaderSize), 2 * blockSize, 1, 0}, 1065 {blockDataSize - 1, blockDataSize + 1, int64(fileHeaderSize), 2 * blockSize, blockDataSize - 1, 0}, 1066 {blockDataSize, blockDataSize + 1, int64(fileHeaderSize) + blockSize, 2 * blockSize, 0, 1}, 1067 {blockDataSize + 1, blockDataSize + 1, int64(fileHeaderSize) + blockSize, 2 * blockSize, 1, 1}, 1068 } { 1069 what := fmt.Sprintf("offset = %d, limit = %d", test.offset, test.limit) 1070 underlyingOffset, underlyingLimit, discard, blocks := calculateUnderlying(test.offset, test.limit) 1071 assert.Equal(t, test.wantOffset, underlyingOffset, what) 1072 assert.Equal(t, test.wantLimit, underlyingLimit, what) 1073 assert.Equal(t, test.wantDiscard, discard, what) 1074 assert.Equal(t, test.wantBlocks, blocks, what) 1075 } 1076 } 1077 1078 func TestDecrypterRead(t *testing.T) { 1079 c, err := newCipher(NameEncryptionStandard, "", "", true) 1080 assert.NoError(t, err) 1081 1082 // Test truncating the file at each possible point 1083 for i := 0; i < len(file16)-1; i++ { 1084 what := fmt.Sprintf("truncating to %d/%d", i, len(file16)) 1085 cd := newCloseDetector(bytes.NewBuffer(file16[:i])) 1086 fh, err := c.newDecrypter(cd) 1087 if i < fileHeaderSize { 1088 assert.EqualError(t, err, ErrorEncryptedFileTooShort.Error(), what) 1089 continue 1090 } 1091 if err != nil { 1092 assert.NoError(t, err, what) 1093 continue 1094 } 1095 _, err = ioutil.ReadAll(fh) 1096 var expectedErr error 1097 switch { 1098 case i == fileHeaderSize: 1099 // This would normally produce an error *except* on the first block 1100 expectedErr = nil 1101 default: 1102 expectedErr = io.ErrUnexpectedEOF 1103 } 1104 if expectedErr != nil { 1105 assert.EqualError(t, err, expectedErr.Error(), what) 1106 } else { 1107 assert.NoError(t, err, what) 1108 } 1109 assert.Equal(t, 0, cd.closed, what) 1110 } 1111 1112 // Test producing an error on the file on Read the underlying file 1113 in1 := bytes.NewBuffer(file1) 1114 in2 := &readers.ErrorReader{Err: errors.New("potato")} 1115 in := io.MultiReader(in1, in2) 1116 cd := newCloseDetector(in) 1117 fh, err := c.newDecrypter(cd) 1118 assert.NoError(t, err) 1119 _, err = ioutil.ReadAll(fh) 1120 assert.Error(t, err, "potato") 1121 assert.Equal(t, 0, cd.closed) 1122 1123 // Test corrupting the input 1124 // shouldn't be able to corrupt any byte without some sort of error 1125 file16copy := make([]byte, len(file16)) 1126 copy(file16copy, file16) 1127 for i := range file16copy { 1128 file16copy[i] ^= 0xFF 1129 fh, err := c.newDecrypter(ioutil.NopCloser(bytes.NewBuffer(file16copy))) 1130 if i < fileMagicSize { 1131 assert.Error(t, err, ErrorEncryptedBadMagic.Error()) 1132 assert.Nil(t, fh) 1133 } else { 1134 assert.NoError(t, err) 1135 _, err = ioutil.ReadAll(fh) 1136 assert.Error(t, err, ErrorEncryptedFileBadHeader.Error()) 1137 } 1138 file16copy[i] ^= 0xFF 1139 } 1140 } 1141 1142 func TestDecrypterClose(t *testing.T) { 1143 c, err := newCipher(NameEncryptionStandard, "", "", true) 1144 assert.NoError(t, err) 1145 1146 cd := newCloseDetector(bytes.NewBuffer(file16)) 1147 fh, err := c.newDecrypter(cd) 1148 assert.NoError(t, err) 1149 assert.Equal(t, 0, cd.closed) 1150 1151 // close before reading 1152 assert.Equal(t, nil, fh.err) 1153 err = fh.Close() 1154 assert.NoError(t, err) 1155 assert.Equal(t, ErrorFileClosed, fh.err) 1156 assert.Equal(t, 1, cd.closed) 1157 1158 // double close 1159 err = fh.Close() 1160 assert.Error(t, err, ErrorFileClosed.Error()) 1161 assert.Equal(t, 1, cd.closed) 1162 1163 // try again reading the file this time 1164 cd = newCloseDetector(bytes.NewBuffer(file1)) 1165 fh, err = c.newDecrypter(cd) 1166 assert.NoError(t, err) 1167 assert.Equal(t, 0, cd.closed) 1168 1169 // close after reading 1170 out, err := ioutil.ReadAll(fh) 1171 assert.NoError(t, err) 1172 assert.Equal(t, []byte{1}, out) 1173 assert.Equal(t, io.EOF, fh.err) 1174 err = fh.Close() 1175 assert.NoError(t, err) 1176 assert.Equal(t, ErrorFileClosed, fh.err) 1177 assert.Equal(t, 1, cd.closed) 1178 } 1179 1180 func TestPutGetBlock(t *testing.T) { 1181 c, err := newCipher(NameEncryptionStandard, "", "", true) 1182 assert.NoError(t, err) 1183 1184 block := c.getBlock() 1185 c.putBlock(block) 1186 c.putBlock(block) 1187 1188 assert.Panics(t, func() { c.putBlock(block[:len(block)-1]) }) 1189 } 1190 1191 func TestKey(t *testing.T) { 1192 c, err := newCipher(NameEncryptionStandard, "", "", true) 1193 assert.NoError(t, err) 1194 1195 // Check zero keys OK 1196 assert.Equal(t, [32]byte{}, c.dataKey) 1197 assert.Equal(t, [32]byte{}, c.nameKey) 1198 assert.Equal(t, [16]byte{}, c.nameTweak) 1199 1200 require.NoError(t, c.Key("potato", "")) 1201 assert.Equal(t, [32]byte{0x74, 0x55, 0xC7, 0x1A, 0xB1, 0x7C, 0x86, 0x5B, 0x84, 0x71, 0xF4, 0x7B, 0x79, 0xAC, 0xB0, 0x7E, 0xB3, 0x1D, 0x56, 0x78, 0xB8, 0x0C, 0x7E, 0x2E, 0xAF, 0x4F, 0xC8, 0x06, 0x6A, 0x9E, 0xE4, 0x68}, c.dataKey) 1202 assert.Equal(t, [32]byte{0x76, 0x5D, 0xA2, 0x7A, 0xB1, 0x5D, 0x77, 0xF9, 0x57, 0x96, 0x71, 0x1F, 0x7B, 0x93, 0xAD, 0x63, 0xBB, 0xB4, 0x84, 0x07, 0x2E, 0x71, 0x80, 0xA8, 0xD1, 0x7A, 0x9B, 0xBE, 0xC1, 0x42, 0x70, 0xD0}, c.nameKey) 1203 assert.Equal(t, [16]byte{0xC1, 0x8D, 0x59, 0x32, 0xF5, 0x5B, 0x28, 0x28, 0xC5, 0xE1, 0xE8, 0x72, 0x15, 0x52, 0x03, 0x10}, c.nameTweak) 1204 1205 require.NoError(t, c.Key("Potato", "")) 1206 assert.Equal(t, [32]byte{0xAE, 0xEA, 0x6A, 0xD3, 0x47, 0xDF, 0x75, 0xB9, 0x63, 0xCE, 0x12, 0xF5, 0x76, 0x23, 0xE9, 0x46, 0xD4, 0x2E, 0xD8, 0xBF, 0x3E, 0x92, 0x8B, 0x39, 0x24, 0x37, 0x94, 0x13, 0x3E, 0x5E, 0xF7, 0x5E}, c.dataKey) 1207 assert.Equal(t, [32]byte{0x54, 0xF7, 0x02, 0x6E, 0x8A, 0xFC, 0x56, 0x0A, 0x86, 0x63, 0x6A, 0xAB, 0x2C, 0x9C, 0x51, 0x62, 0xE5, 0x1A, 0x12, 0x23, 0x51, 0x83, 0x6E, 0xAF, 0x50, 0x42, 0x0F, 0x98, 0x1C, 0x86, 0x0A, 0x19}, c.nameKey) 1208 assert.Equal(t, [16]byte{0xF8, 0xC1, 0xB6, 0x27, 0x2D, 0x52, 0x9B, 0x4A, 0x8F, 0xDA, 0xEB, 0x42, 0x4A, 0x28, 0xDD, 0xF3}, c.nameTweak) 1209 1210 require.NoError(t, c.Key("potato", "sausage")) 1211 assert.Equal(t, [32]uint8{0x8e, 0x9b, 0x6b, 0x99, 0xf8, 0x69, 0x4, 0x67, 0xa0, 0x71, 0xf9, 0xcb, 0x92, 0xd0, 0xaa, 0x78, 0x7f, 0x8f, 0xf1, 0x78, 0xbe, 0xc9, 0x6f, 0x99, 0x9f, 0xd5, 0x20, 0x6e, 0x64, 0x4a, 0x1b, 0x50}, c.dataKey) 1212 assert.Equal(t, [32]uint8{0x3e, 0xa9, 0x5e, 0xf6, 0x81, 0x78, 0x2d, 0xc9, 0xd9, 0x95, 0x5d, 0x22, 0x5b, 0xfd, 0x44, 0x2c, 0x6f, 0x5d, 0x68, 0x97, 0xb0, 0x29, 0x1, 0x5c, 0x6f, 0x46, 0x2e, 0x2a, 0x9d, 0xae, 0x2c, 0xe3}, c.nameKey) 1213 assert.Equal(t, [16]uint8{0xf1, 0x7f, 0xd7, 0x14, 0x1d, 0x65, 0x27, 0x4f, 0x36, 0x3f, 0xc2, 0xa0, 0x4d, 0xd2, 0x14, 0x8a}, c.nameTweak) 1214 1215 require.NoError(t, c.Key("potato", "Sausage")) 1216 assert.Equal(t, [32]uint8{0xda, 0x81, 0x8c, 0x67, 0xef, 0x11, 0xf, 0xc8, 0xd5, 0xc8, 0x62, 0x4b, 0x7f, 0xe2, 0x9e, 0x35, 0x35, 0xb0, 0x8d, 0x79, 0x84, 0x89, 0xac, 0xcb, 0xa0, 0xff, 0x2, 0x72, 0x3, 0x1a, 0x5e, 0x64}, c.dataKey) 1217 assert.Equal(t, [32]uint8{0x2, 0x81, 0x7e, 0x7b, 0xea, 0x99, 0x81, 0x5a, 0xd0, 0x2d, 0xb9, 0x64, 0x48, 0xb0, 0x28, 0x27, 0x7c, 0x20, 0xb4, 0xd4, 0xa4, 0x68, 0xad, 0x4e, 0x5c, 0x29, 0xf, 0x79, 0xef, 0xee, 0xdb, 0x3b}, c.nameKey) 1218 assert.Equal(t, [16]uint8{0x9a, 0xb5, 0xb, 0x3d, 0xcb, 0x60, 0x59, 0x55, 0xa5, 0x4d, 0xe6, 0xb6, 0x47, 0x3, 0x23, 0xe2}, c.nameTweak) 1219 1220 require.NoError(t, c.Key("", "")) 1221 assert.Equal(t, [32]byte{}, c.dataKey) 1222 assert.Equal(t, [32]byte{}, c.nameKey) 1223 assert.Equal(t, [16]byte{}, c.nameTweak) 1224 }