github.com/artpar/rclone@v1.67.3/backend/crypt/cipher_test.go (about) 1 package crypt 2 3 import ( 4 "bytes" 5 "context" 6 "encoding/base32" 7 "encoding/base64" 8 "errors" 9 "fmt" 10 "io" 11 "strings" 12 "testing" 13 14 "github.com/Max-Sum/base32768" 15 "github.com/artpar/rclone/backend/crypt/pkcs7" 16 "github.com/artpar/rclone/lib/readers" 17 "github.com/stretchr/testify/assert" 18 "github.com/stretchr/testify/require" 19 ) 20 21 func TestNewNameEncryptionMode(t *testing.T) { 22 for _, test := range []struct { 23 in string 24 expected NameEncryptionMode 25 expectedErr string 26 }{ 27 {"off", NameEncryptionOff, ""}, 28 {"standard", NameEncryptionStandard, ""}, 29 {"obfuscate", NameEncryptionObfuscated, ""}, 30 {"potato", NameEncryptionOff, "unknown file name encryption mode \"potato\""}, 31 } { 32 actual, actualErr := NewNameEncryptionMode(test.in) 33 assert.Equal(t, actual, test.expected) 34 if test.expectedErr == "" { 35 assert.NoError(t, actualErr) 36 } else { 37 assert.EqualError(t, actualErr, test.expectedErr) 38 } 39 } 40 } 41 42 func TestNewNameEncryptionModeString(t *testing.T) { 43 assert.Equal(t, NameEncryptionOff.String(), "off") 44 assert.Equal(t, NameEncryptionStandard.String(), "standard") 45 assert.Equal(t, NameEncryptionObfuscated.String(), "obfuscate") 46 assert.Equal(t, NameEncryptionMode(3).String(), "Unknown mode #3") 47 } 48 49 type EncodingTestCase struct { 50 in string 51 expected string 52 } 53 54 func testEncodeFileName(t *testing.T, encoding string, testCases []EncodingTestCase, caseInsensitive bool) { 55 for _, test := range testCases { 56 enc, err := NewNameEncoding(encoding) 57 assert.NoError(t, err, "There should be no error creating name encoder for base32.") 58 actual := enc.EncodeToString([]byte(test.in)) 59 assert.Equal(t, actual, test.expected, fmt.Sprintf("in=%q", test.in)) 60 recovered, err := enc.DecodeString(test.expected) 61 assert.NoError(t, err) 62 assert.Equal(t, string(recovered), test.in, fmt.Sprintf("reverse=%q", test.expected)) 63 if caseInsensitive { 64 in := strings.ToUpper(test.expected) 65 recovered, err = enc.DecodeString(in) 66 assert.NoError(t, err) 67 assert.Equal(t, string(recovered), test.in, fmt.Sprintf("reverse=%q", in)) 68 } 69 } 70 } 71 72 func TestEncodeFileNameBase32(t *testing.T) { 73 testEncodeFileName(t, "base32", []EncodingTestCase{ 74 {"", ""}, 75 {"1", "64"}, 76 {"12", "64p0"}, 77 {"123", "64p36"}, 78 {"1234", "64p36d0"}, 79 {"12345", "64p36d1l"}, 80 {"123456", "64p36d1l6o"}, 81 {"1234567", "64p36d1l6org"}, 82 {"12345678", "64p36d1l6orjg"}, 83 {"123456789", "64p36d1l6orjge8"}, 84 {"1234567890", "64p36d1l6orjge9g"}, 85 {"12345678901", "64p36d1l6orjge9g64"}, 86 {"123456789012", "64p36d1l6orjge9g64p0"}, 87 {"1234567890123", "64p36d1l6orjge9g64p36"}, 88 {"12345678901234", "64p36d1l6orjge9g64p36d0"}, 89 {"123456789012345", "64p36d1l6orjge9g64p36d1l"}, 90 {"1234567890123456", "64p36d1l6orjge9g64p36d1l6o"}, 91 }, true) 92 } 93 94 func TestEncodeFileNameBase64(t *testing.T) { 95 testEncodeFileName(t, "base64", []EncodingTestCase{ 96 {"", ""}, 97 {"1", "MQ"}, 98 {"12", "MTI"}, 99 {"123", "MTIz"}, 100 {"1234", "MTIzNA"}, 101 {"12345", "MTIzNDU"}, 102 {"123456", "MTIzNDU2"}, 103 {"1234567", "MTIzNDU2Nw"}, 104 {"12345678", "MTIzNDU2Nzg"}, 105 {"123456789", "MTIzNDU2Nzg5"}, 106 {"1234567890", "MTIzNDU2Nzg5MA"}, 107 {"12345678901", "MTIzNDU2Nzg5MDE"}, 108 {"123456789012", "MTIzNDU2Nzg5MDEy"}, 109 {"1234567890123", "MTIzNDU2Nzg5MDEyMw"}, 110 {"12345678901234", "MTIzNDU2Nzg5MDEyMzQ"}, 111 {"123456789012345", "MTIzNDU2Nzg5MDEyMzQ1"}, 112 {"1234567890123456", "MTIzNDU2Nzg5MDEyMzQ1Ng"}, 113 }, false) 114 } 115 116 func TestEncodeFileNameBase32768(t *testing.T) { 117 testEncodeFileName(t, "base32768", []EncodingTestCase{ 118 {"", ""}, 119 {"1", "㼿"}, 120 {"12", "㻙ɟ"}, 121 {"123", "㻙ⲿ"}, 122 {"1234", "㻙ⲍƟ"}, 123 {"12345", "㻙ⲍ⍟"}, 124 {"123456", "㻙ⲍ⍆ʏ"}, 125 {"1234567", "㻙ⲍ⍆觟"}, 126 {"12345678", "㻙ⲍ⍆觓ɧ"}, 127 {"123456789", "㻙ⲍ⍆觓栯"}, 128 {"1234567890", "㻙ⲍ⍆觓栩ɣ"}, 129 {"12345678901", "㻙ⲍ⍆觓栩朧"}, 130 {"123456789012", "㻙ⲍ⍆觓栩朤ʅ"}, 131 {"1234567890123", "㻙ⲍ⍆觓栩朤談"}, 132 {"12345678901234", "㻙ⲍ⍆觓栩朤諆ɔ"}, 133 {"123456789012345", "㻙ⲍ⍆觓栩朤諆媕"}, 134 {"1234567890123456", "㻙ⲍ⍆觓栩朤諆媕䆿"}, 135 }, false) 136 } 137 138 func TestDecodeFileNameBase32(t *testing.T) { 139 enc, err := NewNameEncoding("base32") 140 assert.NoError(t, err, "There should be no error creating name encoder for base32.") 141 // We've tested decoding the valid ones above, now concentrate on the invalid ones 142 for _, test := range []struct { 143 in string 144 expectedErr error 145 }{ 146 {"64=", ErrorBadBase32Encoding}, 147 {"!", base32.CorruptInputError(0)}, 148 {"hello=hello", base32.CorruptInputError(5)}, 149 } { 150 actual, actualErr := enc.DecodeString(test.in) 151 assert.Equal(t, test.expectedErr, actualErr, fmt.Sprintf("in=%q got actual=%q, err = %v %T", test.in, actual, actualErr, actualErr)) 152 } 153 } 154 155 func TestDecodeFileNameBase64(t *testing.T) { 156 enc, err := NewNameEncoding("base64") 157 assert.NoError(t, err, "There should be no error creating name encoder for base32.") 158 // We've tested decoding the valid ones above, now concentrate on the invalid ones 159 for _, test := range []struct { 160 in string 161 expectedErr error 162 }{ 163 {"64=", base64.CorruptInputError(2)}, 164 {"!", base64.CorruptInputError(0)}, 165 {"Hello=Hello", base64.CorruptInputError(5)}, 166 } { 167 actual, actualErr := enc.DecodeString(test.in) 168 assert.Equal(t, test.expectedErr, actualErr, fmt.Sprintf("in=%q got actual=%q, err = %v %T", test.in, actual, actualErr, actualErr)) 169 } 170 } 171 172 func TestDecodeFileNameBase32768(t *testing.T) { 173 enc, err := NewNameEncoding("base32768") 174 assert.NoError(t, err, "There should be no error creating name encoder for base32.") 175 // We've tested decoding the valid ones above, now concentrate on the invalid ones 176 for _, test := range []struct { 177 in string 178 expectedErr error 179 }{ 180 {"㼿c", base32768.CorruptInputError(1)}, 181 {"!", base32768.CorruptInputError(0)}, 182 {"㻙ⲿ=㻙ⲿ", base32768.CorruptInputError(2)}, 183 } { 184 actual, actualErr := enc.DecodeString(test.in) 185 assert.Equal(t, test.expectedErr, actualErr, fmt.Sprintf("in=%q got actual=%q, err = %v %T", test.in, actual, actualErr, actualErr)) 186 } 187 } 188 189 func testEncryptSegment(t *testing.T, encoding string, testCases []EncodingTestCase, caseInsensitive bool) { 190 enc, _ := NewNameEncoding(encoding) 191 c, _ := newCipher(NameEncryptionStandard, "", "", true, enc) 192 for _, test := range testCases { 193 actual := c.encryptSegment(test.in) 194 assert.Equal(t, test.expected, actual, fmt.Sprintf("Testing %q", test.in)) 195 recovered, err := c.decryptSegment(test.expected) 196 assert.NoError(t, err, fmt.Sprintf("Testing reverse %q", test.expected)) 197 assert.Equal(t, test.in, recovered, fmt.Sprintf("Testing reverse %q", test.expected)) 198 if caseInsensitive { 199 in := strings.ToUpper(test.expected) 200 recovered, err = c.decryptSegment(in) 201 assert.NoError(t, err, fmt.Sprintf("Testing reverse %q", in)) 202 assert.Equal(t, test.in, recovered, fmt.Sprintf("Testing reverse %q", in)) 203 } 204 } 205 } 206 207 func TestEncryptSegmentBase32(t *testing.T) { 208 testEncryptSegment(t, "base32", []EncodingTestCase{ 209 {"", ""}, 210 {"1", "p0e52nreeaj0a5ea7s64m4j72s"}, 211 {"12", "l42g6771hnv3an9cgc8cr2n1ng"}, 212 {"123", "qgm4avr35m5loi1th53ato71v0"}, 213 {"1234", "8ivr2e9plj3c3esisjpdisikos"}, 214 {"12345", "rh9vu63q3o29eqmj4bg6gg7s44"}, 215 {"123456", "bn717l3alepn75b2fb2ejmi4b4"}, 216 {"1234567", "n6bo9jmb1qe3b1ogtj5qkf19k8"}, 217 {"12345678", "u9t24j7uaq94dh5q53m3s4t9ok"}, 218 {"123456789", "37hn305g6j12d1g0kkrl7ekbs4"}, 219 {"1234567890", "ot8d91eplaglb62k2b1trm2qv0"}, 220 {"12345678901", "h168vvrgb53qnrtvvmb378qrcs"}, 221 {"123456789012", "s3hsdf9e29ithrqbjqu01t8q2s"}, 222 {"1234567890123", "cf3jimlv1q2oc553mv7s3mh3eo"}, 223 {"12345678901234", "moq0uqdlqrblrc5pa5u5c7hq9g"}, 224 {"123456789012345", "eeam3li4rnommi3a762h5n7meg"}, 225 {"1234567890123456", "mijbj0frqf6ms7frcr6bd9h0env53jv96pjaaoirk7forcgpt70g"}, 226 }, true) 227 } 228 229 func TestEncryptSegmentBase64(t *testing.T) { 230 testEncryptSegment(t, "base64", []EncodingTestCase{ 231 {"", ""}, 232 {"1", "yBxRX25ypgUVyj8MSxJnFw"}, 233 {"12", "qQUDHOGN_jVdLIMQzYrhvA"}, 234 {"123", "1CxFf2Mti1xIPYlGruDh-A"}, 235 {"1234", "RL-xOTmsxsG7kuTy2XJUxw"}, 236 {"12345", "3FP_GHoeBJdq0yLgaED8IQ"}, 237 {"123456", "Xc4T1Gqrs3OVYnrE6dpEWQ"}, 238 {"1234567", "uZeEzssOnDWHEOzLqjwpog"}, 239 {"12345678", "8noiTP5WkkbEuijsPhOpxQ"}, 240 {"123456789", "GeNxgLA0wiaGAKU3U7qL4Q"}, 241 {"1234567890", "x1DUhdmqoVWYVBLD3dha-A"}, 242 {"12345678901", "iEyP_3BZR6vvv_2WM6NbZw"}, 243 {"123456789012", "4OPGvS4SZdjvS568APUaFw"}, 244 {"1234567890123", "Y8c5Wr8OhYYUo7fPwdojdg"}, 245 {"12345678901234", "tjQPabXW112wuVF8Vh46TA"}, 246 {"123456789012345", "c5Vh1kTd8WtIajmFEtz2dA"}, 247 {"1234567890123456", "tKa5gfvTzW4d-2bMtqYgdf5Rz-k2ZqViW6HfjbIZ6cE"}, 248 }, false) 249 } 250 251 func TestEncryptSegmentBase32768(t *testing.T) { 252 testEncryptSegment(t, "base32768", []EncodingTestCase{ 253 {"", ""}, 254 {"1", "詮㪗鐮僀伎作㻖㢧⪟"}, 255 {"12", "竢朧䉱虃光塬䟛⣡蓟"}, 256 {"123", "遶㞟鋅缕袡鲅ⵝ蝁ꌟ"}, 257 {"1234", "䢟銮䵵狌㐜燳谒颴詟"}, 258 {"12345", "钉Ꞇ㖃蚩憶狫朰杜㜿"}, 259 {"123456", "啇ᚵⵕ憗䋫➫➓肤卟"}, 260 {"1234567", "茫螓翁連劘樓㶔抉矟"}, 261 {"12345678", "龝☳䘊辄岅較络㧩襟"}, 262 {"123456789", "ⲱ苀㱆犂媐Ꮤ锇惫靟"}, 263 {"1234567890", "計宁憕偵匢皫╛纺ꌟ"}, 264 {"12345678901", "檆䨿鑫㪺藝ꡖ勇䦛婟"}, 265 {"123456789012", "雑頏䰂䲝淚哚鹡魺⪟"}, 266 {"1234567890123", "塃璶繁躸圅㔟䗃肃懟"}, 267 {"12345678901234", "腺ᕚ崚鏕鏥讥鼌䑺䲿"}, 268 {"123456789012345", "怪绕滻蕶肣但⠥荖惟"}, 269 {"1234567890123456", "肳哀旚挶靏鏻㾭䱠慟㪳ꏆ賊兲铧敻塹魀ʟ"}, 270 }, false) 271 } 272 273 func TestDecryptSegmentBase32(t *testing.T) { 274 // We've tested the forwards above, now concentrate on the errors 275 longName := make([]byte, 3328) 276 for i := range longName { 277 longName[i] = 'a' 278 } 279 enc, _ := NewNameEncoding("base32") 280 c, _ := newCipher(NameEncryptionStandard, "", "", true, enc) 281 for _, test := range []struct { 282 in string 283 expectedErr error 284 }{ 285 {"64=", ErrorBadBase32Encoding}, 286 {"!", base32.CorruptInputError(0)}, 287 {string(longName), ErrorTooLongAfterDecode}, 288 {enc.EncodeToString([]byte("a")), ErrorNotAMultipleOfBlocksize}, 289 {enc.EncodeToString([]byte("123456789abcdef")), ErrorNotAMultipleOfBlocksize}, 290 {enc.EncodeToString([]byte("123456789abcdef0")), pkcs7.ErrorPaddingTooLong}, 291 } { 292 actual, actualErr := c.decryptSegment(test.in) 293 assert.Equal(t, test.expectedErr, actualErr, fmt.Sprintf("in=%q got actual=%q, err = %v %T", test.in, actual, actualErr, actualErr)) 294 } 295 } 296 297 func TestDecryptSegmentBase64(t *testing.T) { 298 // We've tested the forwards above, now concentrate on the errors 299 longName := make([]byte, 2816) 300 for i := range longName { 301 longName[i] = 'a' 302 } 303 enc, _ := NewNameEncoding("base64") 304 c, _ := newCipher(NameEncryptionStandard, "", "", true, enc) 305 for _, test := range []struct { 306 in string 307 expectedErr error 308 }{ 309 {"6H=", base64.CorruptInputError(2)}, 310 {"!", base64.CorruptInputError(0)}, 311 {string(longName), ErrorTooLongAfterDecode}, 312 {enc.EncodeToString([]byte("a")), ErrorNotAMultipleOfBlocksize}, 313 {enc.EncodeToString([]byte("123456789abcdef")), ErrorNotAMultipleOfBlocksize}, 314 {enc.EncodeToString([]byte("123456789abcdef0")), pkcs7.ErrorPaddingTooLong}, 315 } { 316 actual, actualErr := c.decryptSegment(test.in) 317 assert.Equal(t, test.expectedErr, actualErr, fmt.Sprintf("in=%q got actual=%q, err = %v %T", test.in, actual, actualErr, actualErr)) 318 } 319 } 320 321 func TestDecryptSegmentBase32768(t *testing.T) { 322 // We've tested the forwards above, now concentrate on the errors 323 longName := strings.Repeat("怪", 1280) 324 enc, _ := NewNameEncoding("base32768") 325 c, _ := newCipher(NameEncryptionStandard, "", "", true, enc) 326 for _, test := range []struct { 327 in string 328 expectedErr error 329 }{ 330 {"怪=", base32768.CorruptInputError(1)}, 331 {"!", base32768.CorruptInputError(0)}, 332 {longName, ErrorTooLongAfterDecode}, 333 {enc.EncodeToString([]byte("a")), ErrorNotAMultipleOfBlocksize}, 334 {enc.EncodeToString([]byte("123456789abcdef")), ErrorNotAMultipleOfBlocksize}, 335 {enc.EncodeToString([]byte("123456789abcdef0")), pkcs7.ErrorPaddingTooLong}, 336 } { 337 actual, actualErr := c.decryptSegment(test.in) 338 assert.Equal(t, test.expectedErr, actualErr, fmt.Sprintf("in=%q got actual=%q, err = %v %T", test.in, actual, actualErr, actualErr)) 339 } 340 } 341 342 func testStandardEncryptFileName(t *testing.T, encoding string, testCasesEncryptDir []EncodingTestCase, testCasesNoEncryptDir []EncodingTestCase) { 343 // First standard mode 344 enc, _ := NewNameEncoding(encoding) 345 c, _ := newCipher(NameEncryptionStandard, "", "", true, enc) 346 for _, test := range testCasesEncryptDir { 347 assert.Equal(t, test.expected, c.EncryptFileName(test.in)) 348 } 349 // Standard mode with directory name encryption off 350 c, _ = newCipher(NameEncryptionStandard, "", "", false, enc) 351 for _, test := range testCasesNoEncryptDir { 352 assert.Equal(t, test.expected, c.EncryptFileName(test.in)) 353 } 354 } 355 356 func TestStandardEncryptFileNameBase32(t *testing.T) { 357 testStandardEncryptFileName(t, "base32", []EncodingTestCase{ 358 {"1", "p0e52nreeaj0a5ea7s64m4j72s"}, 359 {"1/12", "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng"}, 360 {"1/12/123", "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0"}, 361 {"1-v2001-02-03-040506-123", "p0e52nreeaj0a5ea7s64m4j72s-v2001-02-03-040506-123"}, 362 {"1/12-v2001-02-03-040506-123", "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng-v2001-02-03-040506-123"}, 363 }, []EncodingTestCase{ 364 {"1", "p0e52nreeaj0a5ea7s64m4j72s"}, 365 {"1/12", "1/l42g6771hnv3an9cgc8cr2n1ng"}, 366 {"1/12/123", "1/12/qgm4avr35m5loi1th53ato71v0"}, 367 {"1-v2001-02-03-040506-123", "p0e52nreeaj0a5ea7s64m4j72s-v2001-02-03-040506-123"}, 368 {"1/12-v2001-02-03-040506-123", "1/l42g6771hnv3an9cgc8cr2n1ng-v2001-02-03-040506-123"}, 369 }) 370 } 371 372 func TestStandardEncryptFileNameBase64(t *testing.T) { 373 testStandardEncryptFileName(t, "base64", []EncodingTestCase{ 374 {"1", "yBxRX25ypgUVyj8MSxJnFw"}, 375 {"1/12", "yBxRX25ypgUVyj8MSxJnFw/qQUDHOGN_jVdLIMQzYrhvA"}, 376 {"1/12/123", "yBxRX25ypgUVyj8MSxJnFw/qQUDHOGN_jVdLIMQzYrhvA/1CxFf2Mti1xIPYlGruDh-A"}, 377 {"1-v2001-02-03-040506-123", "yBxRX25ypgUVyj8MSxJnFw-v2001-02-03-040506-123"}, 378 {"1/12-v2001-02-03-040506-123", "yBxRX25ypgUVyj8MSxJnFw/qQUDHOGN_jVdLIMQzYrhvA-v2001-02-03-040506-123"}, 379 }, []EncodingTestCase{ 380 {"1", "yBxRX25ypgUVyj8MSxJnFw"}, 381 {"1/12", "1/qQUDHOGN_jVdLIMQzYrhvA"}, 382 {"1/12/123", "1/12/1CxFf2Mti1xIPYlGruDh-A"}, 383 {"1-v2001-02-03-040506-123", "yBxRX25ypgUVyj8MSxJnFw-v2001-02-03-040506-123"}, 384 {"1/12-v2001-02-03-040506-123", "1/qQUDHOGN_jVdLIMQzYrhvA-v2001-02-03-040506-123"}, 385 }) 386 } 387 388 func TestStandardEncryptFileNameBase32768(t *testing.T) { 389 testStandardEncryptFileName(t, "base32768", []EncodingTestCase{ 390 {"1", "詮㪗鐮僀伎作㻖㢧⪟"}, 391 {"1/12", "詮㪗鐮僀伎作㻖㢧⪟/竢朧䉱虃光塬䟛⣡蓟"}, 392 {"1/12/123", "詮㪗鐮僀伎作㻖㢧⪟/竢朧䉱虃光塬䟛⣡蓟/遶㞟鋅缕袡鲅ⵝ蝁ꌟ"}, 393 {"1-v2001-02-03-040506-123", "詮㪗鐮僀伎作㻖㢧⪟-v2001-02-03-040506-123"}, 394 {"1/12-v2001-02-03-040506-123", "詮㪗鐮僀伎作㻖㢧⪟/竢朧䉱虃光塬䟛⣡蓟-v2001-02-03-040506-123"}, 395 }, []EncodingTestCase{ 396 {"1", "詮㪗鐮僀伎作㻖㢧⪟"}, 397 {"1/12", "1/竢朧䉱虃光塬䟛⣡蓟"}, 398 {"1/12/123", "1/12/遶㞟鋅缕袡鲅ⵝ蝁ꌟ"}, 399 {"1-v2001-02-03-040506-123", "詮㪗鐮僀伎作㻖㢧⪟-v2001-02-03-040506-123"}, 400 {"1/12-v2001-02-03-040506-123", "1/竢朧䉱虃光塬䟛⣡蓟-v2001-02-03-040506-123"}, 401 }) 402 } 403 404 func TestNonStandardEncryptFileName(t *testing.T) { 405 // Off mode 406 c, _ := newCipher(NameEncryptionOff, "", "", true, nil) 407 assert.Equal(t, "1/12/123.bin", c.EncryptFileName("1/12/123")) 408 // Off mode with custom suffix 409 c, _ = newCipher(NameEncryptionOff, "", "", true, nil) 410 c.setEncryptedSuffix(".jpg") 411 assert.Equal(t, "1/12/123.jpg", c.EncryptFileName("1/12/123")) 412 // Off mode with empty suffix 413 c.setEncryptedSuffix("none") 414 assert.Equal(t, "1/12/123", c.EncryptFileName("1/12/123")) 415 // Obfuscation mode 416 c, _ = newCipher(NameEncryptionObfuscated, "", "", true, nil) 417 assert.Equal(t, "49.6/99.23/150.890/53.!!lipps", c.EncryptFileName("1/12/123/!hello")) 418 assert.Equal(t, "49.6/99.23/150.890/53-v2001-02-03-040506-123.!!lipps", c.EncryptFileName("1/12/123/!hello-v2001-02-03-040506-123")) 419 assert.Equal(t, "49.6/99.23/150.890/162.uryyB-v2001-02-03-040506-123.GKG", c.EncryptFileName("1/12/123/hello-v2001-02-03-040506-123.txt")) 420 assert.Equal(t, "161.\u00e4", c.EncryptFileName("\u00a1")) 421 assert.Equal(t, "160.\u03c2", c.EncryptFileName("\u03a0")) 422 // Obfuscation mode with directory name encryption off 423 c, _ = newCipher(NameEncryptionObfuscated, "", "", false, nil) 424 assert.Equal(t, "1/12/123/53.!!lipps", c.EncryptFileName("1/12/123/!hello")) 425 assert.Equal(t, "1/12/123/53-v2001-02-03-040506-123.!!lipps", c.EncryptFileName("1/12/123/!hello-v2001-02-03-040506-123")) 426 assert.Equal(t, "161.\u00e4", c.EncryptFileName("\u00a1")) 427 assert.Equal(t, "160.\u03c2", c.EncryptFileName("\u03a0")) 428 } 429 430 func testStandardDecryptFileName(t *testing.T, encoding string, testCases []EncodingTestCase, caseInsensitive bool) { 431 enc, _ := NewNameEncoding(encoding) 432 for _, test := range testCases { 433 // Test when dirNameEncrypt=true 434 c, _ := newCipher(NameEncryptionStandard, "", "", true, enc) 435 actual, actualErr := c.DecryptFileName(test.in) 436 assert.NoError(t, actualErr) 437 assert.Equal(t, test.expected, actual) 438 if caseInsensitive { 439 c, _ := newCipher(NameEncryptionStandard, "", "", true, enc) 440 actual, actualErr := c.DecryptFileName(strings.ToUpper(test.in)) 441 assert.NoError(t, actualErr) 442 assert.Equal(t, test.expected, actual) 443 } 444 // Add a character should raise ErrorNotAMultipleOfBlocksize 445 actual, actualErr = c.DecryptFileName(enc.EncodeToString([]byte("1")) + test.in) 446 assert.Equal(t, ErrorNotAMultipleOfBlocksize, actualErr) 447 assert.Equal(t, "", actual) 448 // Test when dirNameEncrypt=false 449 noDirEncryptIn := test.in 450 if strings.LastIndex(test.expected, "/") != -1 { 451 noDirEncryptIn = test.expected[:strings.LastIndex(test.expected, "/")] + test.in[strings.LastIndex(test.in, "/"):] 452 } 453 c, _ = newCipher(NameEncryptionStandard, "", "", false, enc) 454 actual, actualErr = c.DecryptFileName(noDirEncryptIn) 455 assert.NoError(t, actualErr) 456 assert.Equal(t, test.expected, actual) 457 } 458 } 459 460 func TestStandardDecryptFileNameBase32(t *testing.T) { 461 testStandardDecryptFileName(t, "base32", []EncodingTestCase{ 462 {"p0e52nreeaj0a5ea7s64m4j72s", "1"}, 463 {"p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng", "1/12"}, 464 {"p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0", "1/12/123"}, 465 }, true) 466 } 467 468 func TestStandardDecryptFileNameBase64(t *testing.T) { 469 testStandardDecryptFileName(t, "base64", []EncodingTestCase{ 470 {"yBxRX25ypgUVyj8MSxJnFw", "1"}, 471 {"yBxRX25ypgUVyj8MSxJnFw/qQUDHOGN_jVdLIMQzYrhvA", "1/12"}, 472 {"yBxRX25ypgUVyj8MSxJnFw/qQUDHOGN_jVdLIMQzYrhvA/1CxFf2Mti1xIPYlGruDh-A", "1/12/123"}, 473 }, false) 474 } 475 476 func TestStandardDecryptFileNameBase32768(t *testing.T) { 477 testStandardDecryptFileName(t, "base32768", []EncodingTestCase{ 478 {"詮㪗鐮僀伎作㻖㢧⪟", "1"}, 479 {"詮㪗鐮僀伎作㻖㢧⪟/竢朧䉱虃光塬䟛⣡蓟", "1/12"}, 480 {"詮㪗鐮僀伎作㻖㢧⪟/竢朧䉱虃光塬䟛⣡蓟/遶㞟鋅缕袡鲅ⵝ蝁ꌟ", "1/12/123"}, 481 }, false) 482 } 483 484 func TestNonStandardDecryptFileName(t *testing.T) { 485 for _, encoding := range []string{"base32", "base64", "base32768"} { 486 enc, _ := NewNameEncoding(encoding) 487 for _, test := range []struct { 488 mode NameEncryptionMode 489 dirNameEncrypt bool 490 in string 491 expected string 492 expectedErr error 493 customSuffix string 494 }{ 495 {NameEncryptionOff, true, "1/12/123.bin", "1/12/123", nil, ""}, 496 {NameEncryptionOff, true, "1/12/123.bix", "", ErrorNotAnEncryptedFile, ""}, 497 {NameEncryptionOff, true, ".bin", "", ErrorNotAnEncryptedFile, ""}, 498 {NameEncryptionOff, true, "1/12/123-v2001-02-03-040506-123.bin", "1/12/123-v2001-02-03-040506-123", nil, ""}, 499 {NameEncryptionOff, true, "1/12/123-v1970-01-01-010101-123-v2001-02-03-040506-123.bin", "1/12/123-v1970-01-01-010101-123-v2001-02-03-040506-123", nil, ""}, 500 {NameEncryptionOff, true, "1/12/123-v1970-01-01-010101-123-v2001-02-03-040506-123.txt.bin", "1/12/123-v1970-01-01-010101-123-v2001-02-03-040506-123.txt", nil, ""}, 501 {NameEncryptionOff, true, "1/12/123.jpg", "1/12/123", nil, ".jpg"}, 502 {NameEncryptionOff, true, "1/12/123", "1/12/123", nil, "none"}, 503 {NameEncryptionObfuscated, true, "!.hello", "hello", nil, ""}, 504 {NameEncryptionObfuscated, true, "hello", "", ErrorNotAnEncryptedFile, ""}, 505 {NameEncryptionObfuscated, true, "161.\u00e4", "\u00a1", nil, ""}, 506 {NameEncryptionObfuscated, true, "160.\u03c2", "\u03a0", nil, ""}, 507 {NameEncryptionObfuscated, false, "1/12/123/53.!!lipps", "1/12/123/!hello", nil, ""}, 508 {NameEncryptionObfuscated, false, "1/12/123/53-v2001-02-03-040506-123.!!lipps", "1/12/123/!hello-v2001-02-03-040506-123", nil, ""}, 509 } { 510 c, _ := newCipher(test.mode, "", "", test.dirNameEncrypt, enc) 511 if test.customSuffix != "" { 512 c.setEncryptedSuffix(test.customSuffix) 513 } 514 actual, actualErr := c.DecryptFileName(test.in) 515 what := fmt.Sprintf("Testing %q (mode=%v)", test.in, test.mode) 516 assert.Equal(t, test.expected, actual, what) 517 assert.Equal(t, test.expectedErr, actualErr, what) 518 } 519 } 520 } 521 522 func TestEncDecMatches(t *testing.T) { 523 for _, encoding := range []string{"base32", "base64", "base32768"} { 524 enc, _ := NewNameEncoding(encoding) 525 for _, test := range []struct { 526 mode NameEncryptionMode 527 in string 528 }{ 529 {NameEncryptionStandard, "1/2/3/4"}, 530 {NameEncryptionOff, "1/2/3/4"}, 531 {NameEncryptionObfuscated, "1/2/3/4/!hello\u03a0"}, 532 {NameEncryptionObfuscated, "Avatar The Last Airbender"}, 533 } { 534 c, _ := newCipher(test.mode, "", "", true, enc) 535 out, err := c.DecryptFileName(c.EncryptFileName(test.in)) 536 what := fmt.Sprintf("Testing %q (mode=%v)", test.in, test.mode) 537 assert.Equal(t, out, test.in, what) 538 assert.Equal(t, err, nil, what) 539 } 540 } 541 } 542 543 func testStandardEncryptDirName(t *testing.T, encoding string, testCases []EncodingTestCase) { 544 enc, _ := NewNameEncoding(encoding) 545 c, _ := newCipher(NameEncryptionStandard, "", "", true, enc) 546 // First standard mode 547 for _, test := range testCases { 548 assert.Equal(t, test.expected, c.EncryptDirName(test.in)) 549 } 550 } 551 552 func TestStandardEncryptDirNameBase32(t *testing.T) { 553 testStandardEncryptDirName(t, "base32", []EncodingTestCase{ 554 {"1", "p0e52nreeaj0a5ea7s64m4j72s"}, 555 {"1/12", "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng"}, 556 {"1/12/123", "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0"}, 557 }) 558 } 559 560 func TestStandardEncryptDirNameBase64(t *testing.T) { 561 testStandardEncryptDirName(t, "base64", []EncodingTestCase{ 562 {"1", "yBxRX25ypgUVyj8MSxJnFw"}, 563 {"1/12", "yBxRX25ypgUVyj8MSxJnFw/qQUDHOGN_jVdLIMQzYrhvA"}, 564 {"1/12/123", "yBxRX25ypgUVyj8MSxJnFw/qQUDHOGN_jVdLIMQzYrhvA/1CxFf2Mti1xIPYlGruDh-A"}, 565 }) 566 } 567 568 func TestStandardEncryptDirNameBase32768(t *testing.T) { 569 testStandardEncryptDirName(t, "base32768", []EncodingTestCase{ 570 {"1", "詮㪗鐮僀伎作㻖㢧⪟"}, 571 {"1/12", "詮㪗鐮僀伎作㻖㢧⪟/竢朧䉱虃光塬䟛⣡蓟"}, 572 {"1/12/123", "詮㪗鐮僀伎作㻖㢧⪟/竢朧䉱虃光塬䟛⣡蓟/遶㞟鋅缕袡鲅ⵝ蝁ꌟ"}, 573 }) 574 } 575 576 func TestNonStandardEncryptDirName(t *testing.T) { 577 for _, encoding := range []string{"base32", "base64", "base32768"} { 578 enc, _ := NewNameEncoding(encoding) 579 c, _ := newCipher(NameEncryptionStandard, "", "", false, enc) 580 assert.Equal(t, "1/12", c.EncryptDirName("1/12")) 581 assert.Equal(t, "1/12/123", c.EncryptDirName("1/12/123")) 582 // Now off mode 583 c, _ = newCipher(NameEncryptionOff, "", "", true, enc) 584 assert.Equal(t, "1/12/123", c.EncryptDirName("1/12/123")) 585 } 586 } 587 588 func testStandardDecryptDirName(t *testing.T, encoding string, testCases []EncodingTestCase, caseInsensitive bool) { 589 enc, _ := NewNameEncoding(encoding) 590 for _, test := range testCases { 591 // Test dirNameEncrypt=true 592 c, _ := newCipher(NameEncryptionStandard, "", "", true, enc) 593 actual, actualErr := c.DecryptDirName(test.in) 594 assert.Equal(t, test.expected, actual) 595 assert.NoError(t, actualErr) 596 if caseInsensitive { 597 actual, actualErr := c.DecryptDirName(strings.ToUpper(test.in)) 598 assert.Equal(t, actual, test.expected) 599 assert.NoError(t, actualErr) 600 } 601 actual, actualErr = c.DecryptDirName(enc.EncodeToString([]byte("1")) + test.in) 602 assert.Equal(t, "", actual) 603 assert.Equal(t, ErrorNotAMultipleOfBlocksize, actualErr) 604 // Test dirNameEncrypt=false 605 c, _ = newCipher(NameEncryptionStandard, "", "", false, enc) 606 actual, actualErr = c.DecryptDirName(test.in) 607 assert.Equal(t, test.in, actual) 608 assert.NoError(t, actualErr) 609 actual, actualErr = c.DecryptDirName(test.expected) 610 assert.Equal(t, test.expected, actual) 611 assert.NoError(t, actualErr) 612 // Test dirNameEncrypt=false 613 } 614 } 615 616 /* 617 enc, _ := NewNameEncoding(encoding) 618 for _, test := range []struct { 619 mode NameEncryptionMode 620 dirNameEncrypt bool 621 in string 622 expected string 623 expectedErr error 624 }{ 625 {NameEncryptionStandard, true, "p0e52nreeaj0a5ea7s64m4j72s", "1", nil}, 626 {NameEncryptionStandard, true, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng", "1/12", nil}, 627 {NameEncryptionStandard, true, "p0e52nreeAJ0A5EA7S64M4J72S/L42G6771HNv3an9cgc8cr2n1ng", "1/12", nil}, 628 {NameEncryptionStandard, true, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0", "1/12/123", nil}, 629 {NameEncryptionStandard, true, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1/qgm4avr35m5loi1th53ato71v0", "", ErrorNotAMultipleOfBlocksize}, 630 {NameEncryptionStandard, false, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng", "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng", nil}, 631 {NameEncryptionStandard, false, "1/12/123", "1/12/123", nil}, 632 } { 633 c, _ := newCipher(test.mode, "", "", test.dirNameEncrypt, enc) 634 actual, actualErr := c.DecryptDirName(test.in) 635 what := fmt.Sprintf("Testing %q (mode=%v)", test.in, test.mode) 636 assert.Equal(t, test.expected, actual, what) 637 assert.Equal(t, test.expectedErr, actualErr, what) 638 } 639 */ 640 641 func TestStandardDecryptDirNameBase32(t *testing.T) { 642 testStandardDecryptDirName(t, "base32", []EncodingTestCase{ 643 {"p0e52nreeaj0a5ea7s64m4j72s", "1"}, 644 {"p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng", "1/12"}, 645 {"p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0", "1/12/123"}, 646 }, true) 647 } 648 649 func TestStandardDecryptDirNameBase64(t *testing.T) { 650 testStandardDecryptDirName(t, "base64", []EncodingTestCase{ 651 {"yBxRX25ypgUVyj8MSxJnFw", "1"}, 652 {"yBxRX25ypgUVyj8MSxJnFw/qQUDHOGN_jVdLIMQzYrhvA", "1/12"}, 653 {"yBxRX25ypgUVyj8MSxJnFw/qQUDHOGN_jVdLIMQzYrhvA/1CxFf2Mti1xIPYlGruDh-A", "1/12/123"}, 654 }, false) 655 } 656 657 func TestStandardDecryptDirNameBase32768(t *testing.T) { 658 testStandardDecryptDirName(t, "base32768", []EncodingTestCase{ 659 {"詮㪗鐮僀伎作㻖㢧⪟", "1"}, 660 {"詮㪗鐮僀伎作㻖㢧⪟/竢朧䉱虃光塬䟛⣡蓟", "1/12"}, 661 {"詮㪗鐮僀伎作㻖㢧⪟/竢朧䉱虃光塬䟛⣡蓟/遶㞟鋅缕袡鲅ⵝ蝁ꌟ", "1/12/123"}, 662 }, false) 663 } 664 665 func TestNonStandardDecryptDirName(t *testing.T) { 666 for _, test := range []struct { 667 mode NameEncryptionMode 668 dirNameEncrypt bool 669 in string 670 expected string 671 expectedErr error 672 }{ 673 {NameEncryptionOff, true, "1/12/123.bin", "1/12/123.bin", nil}, 674 {NameEncryptionOff, true, "1/12/123", "1/12/123", nil}, 675 {NameEncryptionOff, true, ".bin", ".bin", nil}, 676 } { 677 c, _ := newCipher(test.mode, "", "", test.dirNameEncrypt, nil) 678 actual, actualErr := c.DecryptDirName(test.in) 679 what := fmt.Sprintf("Testing %q (mode=%v)", test.in, test.mode) 680 assert.Equal(t, test.expected, actual, what) 681 assert.Equal(t, test.expectedErr, actualErr, what) 682 } 683 } 684 685 func TestEncryptedSize(t *testing.T) { 686 c, _ := newCipher(NameEncryptionStandard, "", "", true, nil) 687 for _, test := range []struct { 688 in int64 689 expected int64 690 }{ 691 {0, 32}, 692 {1, 32 + 16 + 1}, 693 {65536, 32 + 16 + 65536}, 694 {65537, 32 + 16 + 65536 + 16 + 1}, 695 {1 << 20, 32 + 16*(16+65536)}, 696 {(1 << 20) + 65535, 32 + 16*(16+65536) + 16 + 65535}, 697 {1 << 30, 32 + 16384*(16+65536)}, 698 {(1 << 40) + 1, 32 + 16777216*(16+65536) + 16 + 1}, 699 } { 700 actual := c.EncryptedSize(test.in) 701 assert.Equal(t, test.expected, actual, fmt.Sprintf("Testing %d", test.in)) 702 recovered, err := c.DecryptedSize(test.expected) 703 assert.NoError(t, err, fmt.Sprintf("Testing reverse %d", test.expected)) 704 assert.Equal(t, test.in, recovered, fmt.Sprintf("Testing reverse %d", test.expected)) 705 } 706 } 707 708 func TestDecryptedSize(t *testing.T) { 709 // Test the errors since we tested the reverse above 710 c, _ := newCipher(NameEncryptionStandard, "", "", true, nil) 711 for _, test := range []struct { 712 in int64 713 expectedErr error 714 }{ 715 {0, ErrorEncryptedFileTooShort}, 716 {0, ErrorEncryptedFileTooShort}, 717 {1, ErrorEncryptedFileTooShort}, 718 {7, ErrorEncryptedFileTooShort}, 719 {32 + 1, ErrorEncryptedFileBadHeader}, 720 {32 + 16, ErrorEncryptedFileBadHeader}, 721 {32 + 16 + 65536 + 1, ErrorEncryptedFileBadHeader}, 722 {32 + 16 + 65536 + 16, ErrorEncryptedFileBadHeader}, 723 } { 724 _, actualErr := c.DecryptedSize(test.in) 725 assert.Equal(t, test.expectedErr, actualErr, fmt.Sprintf("Testing %d", test.in)) 726 } 727 } 728 729 func TestNoncePointer(t *testing.T) { 730 var x nonce 731 assert.Equal(t, (*[24]byte)(&x), x.pointer()) 732 } 733 734 func TestNonceFromReader(t *testing.T) { 735 var x nonce 736 buf := bytes.NewBufferString("123456789abcdefghijklmno") 737 err := x.fromReader(buf) 738 assert.NoError(t, err) 739 assert.Equal(t, nonce{'1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o'}, x) 740 buf = bytes.NewBufferString("123456789abcdefghijklmn") 741 err = x.fromReader(buf) 742 assert.EqualError(t, err, "short read of nonce: EOF") 743 } 744 745 func TestNonceFromBuf(t *testing.T) { 746 var x nonce 747 buf := []byte("123456789abcdefghijklmnoXXXXXXXX") 748 x.fromBuf(buf) 749 assert.Equal(t, nonce{'1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o'}, x) 750 buf = []byte("0123456789abcdefghijklmn") 751 x.fromBuf(buf) 752 assert.Equal(t, nonce{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n'}, x) 753 buf = []byte("0123456789abcdefghijklm") 754 assert.Panics(t, func() { x.fromBuf(buf) }) 755 } 756 757 func TestNonceIncrement(t *testing.T) { 758 for _, test := range []struct { 759 in nonce 760 out nonce 761 }{ 762 { 763 nonce{0x00}, 764 nonce{0x01}, 765 }, 766 { 767 nonce{0xFF}, 768 nonce{0x00, 0x01}, 769 }, 770 { 771 nonce{0xFF, 0xFF}, 772 nonce{0x00, 0x00, 0x01}, 773 }, 774 { 775 nonce{0xFF, 0xFF, 0xFF}, 776 nonce{0x00, 0x00, 0x00, 0x01}, 777 }, 778 { 779 nonce{0xFF, 0xFF, 0xFF, 0xFF}, 780 nonce{0x00, 0x00, 0x00, 0x00, 0x01}, 781 }, 782 { 783 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 784 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 785 }, 786 { 787 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 788 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 789 }, 790 { 791 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 792 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 793 }, 794 { 795 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 796 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 797 }, 798 { 799 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 800 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 801 }, 802 { 803 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 804 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 805 }, 806 { 807 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 808 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 809 }, 810 { 811 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 812 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 813 }, 814 { 815 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 816 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 817 }, 818 { 819 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 820 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 821 }, 822 { 823 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 824 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 825 }, 826 { 827 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 828 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 829 }, 830 { 831 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 832 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 833 }, 834 { 835 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 836 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 837 }, 838 { 839 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 840 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 841 }, 842 { 843 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 844 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 845 }, 846 { 847 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 848 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 849 }, 850 { 851 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 852 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 853 }, 854 { 855 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 856 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 857 }, 858 { 859 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 860 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 861 }, 862 } { 863 x := test.in 864 x.increment() 865 assert.Equal(t, test.out, x) 866 } 867 } 868 869 func TestNonceAdd(t *testing.T) { 870 for _, test := range []struct { 871 add uint64 872 in nonce 873 out nonce 874 }{ 875 { 876 0x01, 877 nonce{0x00}, 878 nonce{0x01}, 879 }, 880 { 881 0xFF, 882 nonce{0xFF}, 883 nonce{0xFE, 0x01}, 884 }, 885 { 886 0xFFFF, 887 nonce{0xFF, 0xFF}, 888 nonce{0xFE, 0xFF, 0x01}, 889 }, 890 { 891 0xFFFFFF, 892 nonce{0xFF, 0xFF, 0xFF}, 893 nonce{0xFE, 0xFF, 0xFF, 0x01}, 894 }, 895 { 896 0xFFFFFFFF, 897 nonce{0xFF, 0xFF, 0xFF, 0xFF}, 898 nonce{0xFe, 0xFF, 0xFF, 0xFF, 0x01}, 899 }, 900 { 901 0xFFFFFFFFFF, 902 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 903 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0x01}, 904 }, 905 { 906 0xFFFFFFFFFFFF, 907 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 908 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x01}, 909 }, 910 { 911 0xFFFFFFFFFFFFFF, 912 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 913 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x01}, 914 }, 915 { 916 0xFFFFFFFFFFFFFFFF, 917 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 918 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x01}, 919 }, 920 { 921 0xFFFFFFFFFFFFFFFF, 922 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 923 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x01}, 924 }, 925 { 926 0xFFFFFFFFFFFFFFFF, 927 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 928 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x01}, 929 }, 930 { 931 0xFFFFFFFFFFFFFFFF, 932 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 933 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01}, 934 }, 935 { 936 0xFFFFFFFFFFFFFFFF, 937 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 938 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x01}, 939 }, 940 { 941 0xFFFFFFFFFFFFFFFF, 942 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 943 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 944 }, 945 { 946 0xFFFFFFFFFFFFFFFF, 947 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 948 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 949 }, 950 { 951 0xFFFFFFFFFFFFFFFF, 952 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 953 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 954 }, 955 { 956 0xFFFFFFFFFFFFFFFF, 957 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 958 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 959 }, 960 { 961 0xFFFFFFFFFFFFFFFF, 962 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 963 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 964 }, 965 { 966 0xFFFFFFFFFFFFFFFF, 967 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 968 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 969 }, 970 { 971 0xFFFFFFFFFFFFFFFF, 972 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 973 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 974 }, 975 { 976 0xFFFFFFFFFFFFFFFF, 977 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 978 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 979 }, 980 { 981 0xFFFFFFFFFFFFFFFF, 982 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 983 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 984 }, 985 { 986 0xFFFFFFFFFFFFFFFF, 987 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 988 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 989 }, 990 { 991 0xFFFFFFFFFFFFFFFF, 992 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 993 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 994 }, 995 { 996 0xFFFFFFFFFFFFFFFF, 997 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 998 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 999 }, 1000 } { 1001 x := test.in 1002 x.add(test.add) 1003 assert.Equal(t, test.out, x) 1004 } 1005 } 1006 1007 // randomSource can read or write a random sequence 1008 type randomSource struct { 1009 counter int64 1010 size int64 1011 } 1012 1013 func newRandomSource(size int64) *randomSource { 1014 return &randomSource{ 1015 size: size, 1016 } 1017 } 1018 1019 func (r *randomSource) next() byte { 1020 r.counter++ 1021 return byte(r.counter % 257) 1022 } 1023 1024 func (r *randomSource) Read(p []byte) (n int, err error) { 1025 for i := range p { 1026 if r.counter >= r.size { 1027 err = io.EOF 1028 break 1029 } 1030 p[i] = r.next() 1031 n++ 1032 } 1033 return n, err 1034 } 1035 1036 func (r *randomSource) Write(p []byte) (n int, err error) { 1037 for i := range p { 1038 if p[i] != r.next() { 1039 return 0, fmt.Errorf("Error in stream at %d", r.counter) 1040 } 1041 } 1042 return len(p), nil 1043 } 1044 1045 func (r *randomSource) Close() error { return nil } 1046 1047 // Check interfaces 1048 var ( 1049 _ io.ReadCloser = (*randomSource)(nil) 1050 _ io.WriteCloser = (*randomSource)(nil) 1051 ) 1052 1053 // Test test infrastructure first! 1054 func TestRandomSource(t *testing.T) { 1055 source := newRandomSource(1e8) 1056 sink := newRandomSource(1e8) 1057 n, err := io.Copy(sink, source) 1058 assert.NoError(t, err) 1059 assert.Equal(t, int64(1e8), n) 1060 1061 source = newRandomSource(1e8) 1062 buf := make([]byte, 16) 1063 _, _ = source.Read(buf) 1064 sink = newRandomSource(1e8) 1065 _, err = io.Copy(sink, source) 1066 assert.EqualError(t, err, "Error in stream at 1") 1067 } 1068 1069 type zeroes struct{} 1070 1071 func (z *zeroes) Read(p []byte) (n int, err error) { 1072 for i := range p { 1073 p[i] = 0 1074 n++ 1075 } 1076 return n, nil 1077 } 1078 1079 // Test encrypt decrypt with different buffer sizes 1080 func testEncryptDecrypt(t *testing.T, bufSize int, copySize int64) { 1081 c, err := newCipher(NameEncryptionStandard, "", "", true, nil) 1082 assert.NoError(t, err) 1083 c.cryptoRand = &zeroes{} // zero out the nonce 1084 buf := make([]byte, bufSize) 1085 source := newRandomSource(copySize) 1086 encrypted, err := c.newEncrypter(source, nil) 1087 assert.NoError(t, err) 1088 decrypted, err := c.newDecrypter(io.NopCloser(encrypted)) 1089 assert.NoError(t, err) 1090 sink := newRandomSource(copySize) 1091 n, err := io.CopyBuffer(sink, decrypted, buf) 1092 assert.NoError(t, err) 1093 assert.Equal(t, copySize, n) 1094 blocks := copySize / blockSize 1095 if (copySize % blockSize) != 0 { 1096 blocks++ 1097 } 1098 var expectedNonce = nonce{byte(blocks), byte(blocks >> 8), byte(blocks >> 16), byte(blocks >> 32)} 1099 assert.Equal(t, expectedNonce, encrypted.nonce) 1100 assert.Equal(t, expectedNonce, decrypted.nonce) 1101 } 1102 1103 func TestEncryptDecrypt1(t *testing.T) { 1104 testEncryptDecrypt(t, 1, 1e7) 1105 } 1106 1107 func TestEncryptDecrypt32(t *testing.T) { 1108 testEncryptDecrypt(t, 32, 1e8) 1109 } 1110 1111 func TestEncryptDecrypt4096(t *testing.T) { 1112 testEncryptDecrypt(t, 4096, 1e8) 1113 } 1114 1115 func TestEncryptDecrypt65536(t *testing.T) { 1116 testEncryptDecrypt(t, 65536, 1e8) 1117 } 1118 1119 func TestEncryptDecrypt65537(t *testing.T) { 1120 testEncryptDecrypt(t, 65537, 1e8) 1121 } 1122 1123 var ( 1124 file0 = []byte{ 1125 0x52, 0x43, 0x4c, 0x4f, 0x4e, 0x45, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1126 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1127 } 1128 file1 = []byte{ 1129 0x52, 0x43, 0x4c, 0x4f, 0x4e, 0x45, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1130 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1131 0x09, 0x5b, 0x44, 0x6c, 0xd6, 0x23, 0x7b, 0xbc, 0xb0, 0x8d, 0x09, 0xfb, 0x52, 0x4c, 0xe5, 0x65, 1132 0xAA, 1133 } 1134 file16 = []byte{ 1135 0x52, 0x43, 0x4c, 0x4f, 0x4e, 0x45, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 1136 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 1137 0xb9, 0xc4, 0x55, 0x2a, 0x27, 0x10, 0x06, 0x29, 0x18, 0x96, 0x0a, 0x3e, 0x60, 0x8c, 0x29, 0xb9, 1138 0xaa, 0x8a, 0x5e, 0x1e, 0x16, 0x5b, 0x6d, 0x07, 0x5d, 0xe4, 0xe9, 0xbb, 0x36, 0x7f, 0xd6, 0xd4, 1139 } 1140 ) 1141 1142 func TestEncryptData(t *testing.T) { 1143 for _, test := range []struct { 1144 in []byte 1145 expected []byte 1146 }{ 1147 {[]byte{}, file0}, 1148 {[]byte{1}, file1}, 1149 {[]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}, file16}, 1150 } { 1151 c, err := newCipher(NameEncryptionStandard, "", "", true, nil) 1152 assert.NoError(t, err) 1153 c.cryptoRand = newRandomSource(1e8) // nodge the crypto rand generator 1154 1155 // Check encode works 1156 buf := bytes.NewBuffer(test.in) 1157 encrypted, err := c.EncryptData(buf) 1158 assert.NoError(t, err) 1159 out, err := io.ReadAll(encrypted) 1160 assert.NoError(t, err) 1161 assert.Equal(t, test.expected, out) 1162 1163 // Check we can decode the data properly too... 1164 buf = bytes.NewBuffer(out) 1165 decrypted, err := c.DecryptData(io.NopCloser(buf)) 1166 assert.NoError(t, err) 1167 out, err = io.ReadAll(decrypted) 1168 assert.NoError(t, err) 1169 assert.Equal(t, test.in, out) 1170 } 1171 } 1172 1173 func TestNewEncrypter(t *testing.T) { 1174 c, err := newCipher(NameEncryptionStandard, "", "", true, nil) 1175 assert.NoError(t, err) 1176 c.cryptoRand = newRandomSource(1e8) // nodge the crypto rand generator 1177 1178 z := &zeroes{} 1179 1180 fh, err := c.newEncrypter(z, nil) 1181 assert.NoError(t, err) 1182 assert.Equal(t, nonce{0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18}, fh.nonce) 1183 assert.Equal(t, []byte{'R', 'C', 'L', 'O', 'N', 'E', 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18}, (*fh.buf)[:32]) 1184 1185 // Test error path 1186 c.cryptoRand = bytes.NewBufferString("123456789abcdefghijklmn") 1187 fh, err = c.newEncrypter(z, nil) 1188 assert.Nil(t, fh) 1189 assert.EqualError(t, err, "short read of nonce: EOF") 1190 } 1191 1192 // Test the stream returning 0, io.ErrUnexpectedEOF - this used to 1193 // cause a fatal loop 1194 func TestNewEncrypterErrUnexpectedEOF(t *testing.T) { 1195 c, err := newCipher(NameEncryptionStandard, "", "", true, nil) 1196 assert.NoError(t, err) 1197 1198 in := &readers.ErrorReader{Err: io.ErrUnexpectedEOF} 1199 fh, err := c.newEncrypter(in, nil) 1200 assert.NoError(t, err) 1201 1202 n, err := io.CopyN(io.Discard, fh, 1e6) 1203 assert.Equal(t, io.ErrUnexpectedEOF, err) 1204 assert.Equal(t, int64(32), n) 1205 } 1206 1207 type closeDetector struct { 1208 io.Reader 1209 closed int 1210 } 1211 1212 func newCloseDetector(in io.Reader) *closeDetector { 1213 return &closeDetector{ 1214 Reader: in, 1215 } 1216 } 1217 1218 func (c *closeDetector) Close() error { 1219 c.closed++ 1220 return nil 1221 } 1222 1223 func TestNewDecrypter(t *testing.T) { 1224 c, err := newCipher(NameEncryptionStandard, "", "", true, nil) 1225 assert.NoError(t, err) 1226 c.cryptoRand = newRandomSource(1e8) // nodge the crypto rand generator 1227 1228 cd := newCloseDetector(bytes.NewBuffer(file0)) 1229 fh, err := c.newDecrypter(cd) 1230 assert.NoError(t, err) 1231 // check nonce is in place 1232 assert.Equal(t, file0[8:32], fh.nonce[:]) 1233 assert.Equal(t, 0, cd.closed) 1234 1235 // Test error paths 1236 for i := range file0 { 1237 cd := newCloseDetector(bytes.NewBuffer(file0[:i])) 1238 fh, err = c.newDecrypter(cd) 1239 assert.Nil(t, fh) 1240 assert.EqualError(t, err, ErrorEncryptedFileTooShort.Error()) 1241 assert.Equal(t, 1, cd.closed) 1242 } 1243 1244 er := &readers.ErrorReader{Err: errors.New("potato")} 1245 cd = newCloseDetector(er) 1246 fh, err = c.newDecrypter(cd) 1247 assert.Nil(t, fh) 1248 assert.EqualError(t, err, "potato") 1249 assert.Equal(t, 1, cd.closed) 1250 1251 // bad magic 1252 file0copy := make([]byte, len(file0)) 1253 copy(file0copy, file0) 1254 for i := range fileMagic { 1255 file0copy[i] ^= 0x1 1256 cd := newCloseDetector(bytes.NewBuffer(file0copy)) 1257 fh, err := c.newDecrypter(cd) 1258 assert.Nil(t, fh) 1259 assert.EqualError(t, err, ErrorEncryptedBadMagic.Error()) 1260 file0copy[i] ^= 0x1 1261 assert.Equal(t, 1, cd.closed) 1262 } 1263 } 1264 1265 // Test the stream returning 0, io.ErrUnexpectedEOF 1266 func TestNewDecrypterErrUnexpectedEOF(t *testing.T) { 1267 c, err := newCipher(NameEncryptionStandard, "", "", true, nil) 1268 assert.NoError(t, err) 1269 1270 in2 := &readers.ErrorReader{Err: io.ErrUnexpectedEOF} 1271 in1 := bytes.NewBuffer(file16) 1272 in := io.NopCloser(io.MultiReader(in1, in2)) 1273 1274 fh, err := c.newDecrypter(in) 1275 assert.NoError(t, err) 1276 1277 n, err := io.CopyN(io.Discard, fh, 1e6) 1278 assert.Equal(t, io.ErrUnexpectedEOF, err) 1279 assert.Equal(t, int64(16), n) 1280 } 1281 1282 func TestNewDecrypterSeekLimit(t *testing.T) { 1283 c, err := newCipher(NameEncryptionStandard, "", "", true, nil) 1284 assert.NoError(t, err) 1285 c.cryptoRand = &zeroes{} // nodge the crypto rand generator 1286 1287 // Make random data 1288 const dataSize = 150000 1289 plaintext, err := io.ReadAll(newRandomSource(dataSize)) 1290 assert.NoError(t, err) 1291 1292 // Encrypt the data 1293 buf := bytes.NewBuffer(plaintext) 1294 encrypted, err := c.EncryptData(buf) 1295 assert.NoError(t, err) 1296 ciphertext, err := io.ReadAll(encrypted) 1297 assert.NoError(t, err) 1298 1299 trials := []int{0, 1, 2, 3, 4, 5, 7, 8, 9, 15, 16, 17, 31, 32, 33, 63, 64, 65, 1300 127, 128, 129, 255, 256, 257, 511, 512, 513, 1023, 1024, 1025, 2047, 2048, 2049, 1301 4095, 4096, 4097, 8191, 8192, 8193, 16383, 16384, 16385, 32767, 32768, 32769, 1302 65535, 65536, 65537, 131071, 131072, 131073, dataSize - 1, dataSize} 1303 limits := []int{-1, 0, 1, 65535, 65536, 65537, 131071, 131072, 131073} 1304 1305 // Open stream with a seek of underlyingOffset 1306 var reader io.ReadCloser 1307 open := func(ctx context.Context, underlyingOffset, underlyingLimit int64) (io.ReadCloser, error) { 1308 end := len(ciphertext) 1309 if underlyingLimit >= 0 { 1310 end = int(underlyingOffset + underlyingLimit) 1311 if end > len(ciphertext) { 1312 end = len(ciphertext) 1313 } 1314 } 1315 reader = io.NopCloser(bytes.NewBuffer(ciphertext[int(underlyingOffset):end])) 1316 return reader, nil 1317 } 1318 1319 inBlock := make([]byte, dataSize) 1320 1321 // Check the seek worked by reading a block and checking it 1322 // against what it should be 1323 check := func(rc io.Reader, offset, limit int) { 1324 n, err := io.ReadFull(rc, inBlock) 1325 if err != nil && err != io.EOF && err != io.ErrUnexpectedEOF { 1326 require.NoError(t, err) 1327 } 1328 seekedDecrypted := inBlock[:n] 1329 1330 what := fmt.Sprintf("offset = %d, limit = %d", offset, limit) 1331 if limit >= 0 { 1332 assert.Equal(t, limit, n, what) 1333 } 1334 require.Equal(t, plaintext[offset:offset+n], seekedDecrypted, what) 1335 1336 // We should have completely emptied the reader at this point 1337 n, err = reader.Read(inBlock) 1338 assert.Equal(t, io.EOF, err) 1339 assert.Equal(t, 0, n) 1340 } 1341 1342 // Now try decoding it with an open/seek 1343 for _, offset := range trials { 1344 for _, limit := range limits { 1345 if offset+limit > len(plaintext) { 1346 continue 1347 } 1348 rc, err := c.DecryptDataSeek(context.Background(), open, int64(offset), int64(limit)) 1349 assert.NoError(t, err) 1350 1351 check(rc, offset, limit) 1352 } 1353 } 1354 1355 // Try decoding it with a single open and lots of seeks 1356 fh, err := c.DecryptDataSeek(context.Background(), open, 0, -1) 1357 assert.NoError(t, err) 1358 for _, offset := range trials { 1359 for _, limit := range limits { 1360 if offset+limit > len(plaintext) { 1361 continue 1362 } 1363 _, err := fh.RangeSeek(context.Background(), int64(offset), io.SeekStart, int64(limit)) 1364 assert.NoError(t, err) 1365 1366 check(fh, offset, limit) 1367 } 1368 } 1369 1370 // Do some checks on the open callback 1371 for _, test := range []struct { 1372 offset, limit int64 1373 wantOffset, wantLimit int64 1374 }{ 1375 // unlimited 1376 {0, -1, int64(fileHeaderSize), -1}, 1377 {1, -1, int64(fileHeaderSize), -1}, 1378 {blockDataSize - 1, -1, int64(fileHeaderSize), -1}, 1379 {blockDataSize, -1, int64(fileHeaderSize) + blockSize, -1}, 1380 {blockDataSize + 1, -1, int64(fileHeaderSize) + blockSize, -1}, 1381 // limit=1 1382 {0, 1, int64(fileHeaderSize), blockSize}, 1383 {1, 1, int64(fileHeaderSize), blockSize}, 1384 {blockDataSize - 1, 1, int64(fileHeaderSize), blockSize}, 1385 {blockDataSize, 1, int64(fileHeaderSize) + blockSize, blockSize}, 1386 {blockDataSize + 1, 1, int64(fileHeaderSize) + blockSize, blockSize}, 1387 // limit=100 1388 {0, 100, int64(fileHeaderSize), blockSize}, 1389 {1, 100, int64(fileHeaderSize), blockSize}, 1390 {blockDataSize - 1, 100, int64(fileHeaderSize), 2 * blockSize}, 1391 {blockDataSize, 100, int64(fileHeaderSize) + blockSize, blockSize}, 1392 {blockDataSize + 1, 100, int64(fileHeaderSize) + blockSize, blockSize}, 1393 // limit=blockDataSize-1 1394 {0, blockDataSize - 1, int64(fileHeaderSize), blockSize}, 1395 {1, blockDataSize - 1, int64(fileHeaderSize), blockSize}, 1396 {blockDataSize - 1, blockDataSize - 1, int64(fileHeaderSize), 2 * blockSize}, 1397 {blockDataSize, blockDataSize - 1, int64(fileHeaderSize) + blockSize, blockSize}, 1398 {blockDataSize + 1, blockDataSize - 1, int64(fileHeaderSize) + blockSize, blockSize}, 1399 // limit=blockDataSize 1400 {0, blockDataSize, int64(fileHeaderSize), blockSize}, 1401 {1, blockDataSize, int64(fileHeaderSize), 2 * blockSize}, 1402 {blockDataSize - 1, blockDataSize, int64(fileHeaderSize), 2 * blockSize}, 1403 {blockDataSize, blockDataSize, int64(fileHeaderSize) + blockSize, blockSize}, 1404 {blockDataSize + 1, blockDataSize, int64(fileHeaderSize) + blockSize, 2 * blockSize}, 1405 // limit=blockDataSize+1 1406 {0, blockDataSize + 1, int64(fileHeaderSize), 2 * blockSize}, 1407 {1, blockDataSize + 1, int64(fileHeaderSize), 2 * blockSize}, 1408 {blockDataSize - 1, blockDataSize + 1, int64(fileHeaderSize), 2 * blockSize}, 1409 {blockDataSize, blockDataSize + 1, int64(fileHeaderSize) + blockSize, 2 * blockSize}, 1410 {blockDataSize + 1, blockDataSize + 1, int64(fileHeaderSize) + blockSize, 2 * blockSize}, 1411 } { 1412 what := fmt.Sprintf("offset = %d, limit = %d", test.offset, test.limit) 1413 callCount := 0 1414 testOpen := func(ctx context.Context, underlyingOffset, underlyingLimit int64) (io.ReadCloser, error) { 1415 switch callCount { 1416 case 0: 1417 assert.Equal(t, int64(0), underlyingOffset, what) 1418 assert.Equal(t, int64(-1), underlyingLimit, what) 1419 case 1: 1420 assert.Equal(t, test.wantOffset, underlyingOffset, what) 1421 assert.Equal(t, test.wantLimit, underlyingLimit, what) 1422 default: 1423 t.Errorf("Too many calls %d for %s", callCount+1, what) 1424 } 1425 callCount++ 1426 return open(ctx, underlyingOffset, underlyingLimit) 1427 } 1428 fh, err := c.DecryptDataSeek(context.Background(), testOpen, 0, -1) 1429 assert.NoError(t, err) 1430 gotOffset, err := fh.RangeSeek(context.Background(), test.offset, io.SeekStart, test.limit) 1431 assert.NoError(t, err) 1432 assert.Equal(t, gotOffset, test.offset) 1433 } 1434 } 1435 1436 func TestDecrypterCalculateUnderlying(t *testing.T) { 1437 for _, test := range []struct { 1438 offset, limit int64 1439 wantOffset, wantLimit int64 1440 wantDiscard, wantBlocks int64 1441 }{ 1442 // unlimited 1443 {0, -1, int64(fileHeaderSize), -1, 0, 0}, 1444 {1, -1, int64(fileHeaderSize), -1, 1, 0}, 1445 {blockDataSize - 1, -1, int64(fileHeaderSize), -1, blockDataSize - 1, 0}, 1446 {blockDataSize, -1, int64(fileHeaderSize) + blockSize, -1, 0, 1}, 1447 {blockDataSize + 1, -1, int64(fileHeaderSize) + blockSize, -1, 1, 1}, 1448 // limit=1 1449 {0, 1, int64(fileHeaderSize), blockSize, 0, 0}, 1450 {1, 1, int64(fileHeaderSize), blockSize, 1, 0}, 1451 {blockDataSize - 1, 1, int64(fileHeaderSize), blockSize, blockDataSize - 1, 0}, 1452 {blockDataSize, 1, int64(fileHeaderSize) + blockSize, blockSize, 0, 1}, 1453 {blockDataSize + 1, 1, int64(fileHeaderSize) + blockSize, blockSize, 1, 1}, 1454 // limit=100 1455 {0, 100, int64(fileHeaderSize), blockSize, 0, 0}, 1456 {1, 100, int64(fileHeaderSize), blockSize, 1, 0}, 1457 {blockDataSize - 1, 100, int64(fileHeaderSize), 2 * blockSize, blockDataSize - 1, 0}, 1458 {blockDataSize, 100, int64(fileHeaderSize) + blockSize, blockSize, 0, 1}, 1459 {blockDataSize + 1, 100, int64(fileHeaderSize) + blockSize, blockSize, 1, 1}, 1460 // limit=blockDataSize-1 1461 {0, blockDataSize - 1, int64(fileHeaderSize), blockSize, 0, 0}, 1462 {1, blockDataSize - 1, int64(fileHeaderSize), blockSize, 1, 0}, 1463 {blockDataSize - 1, blockDataSize - 1, int64(fileHeaderSize), 2 * blockSize, blockDataSize - 1, 0}, 1464 {blockDataSize, blockDataSize - 1, int64(fileHeaderSize) + blockSize, blockSize, 0, 1}, 1465 {blockDataSize + 1, blockDataSize - 1, int64(fileHeaderSize) + blockSize, blockSize, 1, 1}, 1466 // limit=blockDataSize 1467 {0, blockDataSize, int64(fileHeaderSize), blockSize, 0, 0}, 1468 {1, blockDataSize, int64(fileHeaderSize), 2 * blockSize, 1, 0}, 1469 {blockDataSize - 1, blockDataSize, int64(fileHeaderSize), 2 * blockSize, blockDataSize - 1, 0}, 1470 {blockDataSize, blockDataSize, int64(fileHeaderSize) + blockSize, blockSize, 0, 1}, 1471 {blockDataSize + 1, blockDataSize, int64(fileHeaderSize) + blockSize, 2 * blockSize, 1, 1}, 1472 // limit=blockDataSize+1 1473 {0, blockDataSize + 1, int64(fileHeaderSize), 2 * blockSize, 0, 0}, 1474 {1, blockDataSize + 1, int64(fileHeaderSize), 2 * blockSize, 1, 0}, 1475 {blockDataSize - 1, blockDataSize + 1, int64(fileHeaderSize), 2 * blockSize, blockDataSize - 1, 0}, 1476 {blockDataSize, blockDataSize + 1, int64(fileHeaderSize) + blockSize, 2 * blockSize, 0, 1}, 1477 {blockDataSize + 1, blockDataSize + 1, int64(fileHeaderSize) + blockSize, 2 * blockSize, 1, 1}, 1478 } { 1479 what := fmt.Sprintf("offset = %d, limit = %d", test.offset, test.limit) 1480 underlyingOffset, underlyingLimit, discard, blocks := calculateUnderlying(test.offset, test.limit) 1481 assert.Equal(t, test.wantOffset, underlyingOffset, what) 1482 assert.Equal(t, test.wantLimit, underlyingLimit, what) 1483 assert.Equal(t, test.wantDiscard, discard, what) 1484 assert.Equal(t, test.wantBlocks, blocks, what) 1485 } 1486 } 1487 1488 func TestDecrypterRead(t *testing.T) { 1489 c, err := newCipher(NameEncryptionStandard, "", "", true, nil) 1490 assert.NoError(t, err) 1491 1492 // Test truncating the file at each possible point 1493 for i := 0; i < len(file16)-1; i++ { 1494 what := fmt.Sprintf("truncating to %d/%d", i, len(file16)) 1495 cd := newCloseDetector(bytes.NewBuffer(file16[:i])) 1496 fh, err := c.newDecrypter(cd) 1497 if i < fileHeaderSize { 1498 assert.EqualError(t, err, ErrorEncryptedFileTooShort.Error(), what) 1499 continue 1500 } 1501 if err != nil { 1502 assert.NoError(t, err, what) 1503 continue 1504 } 1505 _, err = io.ReadAll(fh) 1506 var expectedErr error 1507 switch { 1508 case i == fileHeaderSize: 1509 // This would normally produce an error *except* on the first block 1510 expectedErr = nil 1511 case i <= fileHeaderSize+blockHeaderSize: 1512 expectedErr = ErrorEncryptedFileBadHeader 1513 default: 1514 expectedErr = ErrorEncryptedBadBlock 1515 } 1516 if expectedErr != nil { 1517 assert.EqualError(t, err, expectedErr.Error(), what) 1518 } else { 1519 assert.NoError(t, err, what) 1520 } 1521 assert.Equal(t, 0, cd.closed, what) 1522 } 1523 1524 // Test producing an error on the file on Read the underlying file 1525 in1 := bytes.NewBuffer(file1) 1526 in2 := &readers.ErrorReader{Err: errors.New("potato")} 1527 in := io.MultiReader(in1, in2) 1528 cd := newCloseDetector(in) 1529 fh, err := c.newDecrypter(cd) 1530 assert.NoError(t, err) 1531 _, err = io.ReadAll(fh) 1532 assert.EqualError(t, err, "potato") 1533 assert.Equal(t, 0, cd.closed) 1534 1535 // Test corrupting the input 1536 // shouldn't be able to corrupt any byte without some sort of error 1537 file16copy := make([]byte, len(file16)) 1538 copy(file16copy, file16) 1539 for i := range file16copy { 1540 file16copy[i] ^= 0xFF 1541 fh, err := c.newDecrypter(io.NopCloser(bytes.NewBuffer(file16copy))) 1542 if i < fileMagicSize { 1543 assert.EqualError(t, err, ErrorEncryptedBadMagic.Error()) 1544 assert.Nil(t, fh) 1545 } else { 1546 assert.NoError(t, err) 1547 _, err = io.ReadAll(fh) 1548 assert.EqualError(t, err, ErrorEncryptedBadBlock.Error()) 1549 } 1550 file16copy[i] ^= 0xFF 1551 } 1552 1553 // Test that we can corrupt a byte and read zeroes if 1554 // passBadBlocks is set 1555 copy(file16copy, file16) 1556 file16copy[len(file16copy)-1] ^= 0xFF 1557 c.passBadBlocks = true 1558 fh, err = c.newDecrypter(io.NopCloser(bytes.NewBuffer(file16copy))) 1559 assert.NoError(t, err) 1560 buf, err := io.ReadAll(fh) 1561 assert.NoError(t, err) 1562 assert.Equal(t, make([]byte, 16), buf) 1563 } 1564 1565 func TestDecrypterClose(t *testing.T) { 1566 c, err := newCipher(NameEncryptionStandard, "", "", true, nil) 1567 assert.NoError(t, err) 1568 1569 cd := newCloseDetector(bytes.NewBuffer(file16)) 1570 fh, err := c.newDecrypter(cd) 1571 assert.NoError(t, err) 1572 assert.Equal(t, 0, cd.closed) 1573 1574 // close before reading 1575 assert.Equal(t, nil, fh.err) 1576 err = fh.Close() 1577 assert.NoError(t, err) 1578 assert.Equal(t, ErrorFileClosed, fh.err) 1579 assert.Equal(t, 1, cd.closed) 1580 1581 // double close 1582 err = fh.Close() 1583 assert.EqualError(t, err, ErrorFileClosed.Error()) 1584 assert.Equal(t, 1, cd.closed) 1585 1586 // try again reading the file this time 1587 cd = newCloseDetector(bytes.NewBuffer(file1)) 1588 fh, err = c.newDecrypter(cd) 1589 assert.NoError(t, err) 1590 assert.Equal(t, 0, cd.closed) 1591 1592 // close after reading 1593 out, err := io.ReadAll(fh) 1594 assert.NoError(t, err) 1595 assert.Equal(t, []byte{1}, out) 1596 assert.Equal(t, io.EOF, fh.err) 1597 err = fh.Close() 1598 assert.NoError(t, err) 1599 assert.Equal(t, ErrorFileClosed, fh.err) 1600 assert.Equal(t, 1, cd.closed) 1601 } 1602 1603 func TestPutGetBlock(t *testing.T) { 1604 c, err := newCipher(NameEncryptionStandard, "", "", true, nil) 1605 assert.NoError(t, err) 1606 1607 block := c.getBlock() 1608 c.putBlock(block) 1609 c.putBlock(block) 1610 } 1611 1612 func TestKey(t *testing.T) { 1613 c, err := newCipher(NameEncryptionStandard, "", "", true, nil) 1614 assert.NoError(t, err) 1615 1616 // Check zero keys OK 1617 assert.Equal(t, [32]byte{}, c.dataKey) 1618 assert.Equal(t, [32]byte{}, c.nameKey) 1619 assert.Equal(t, [16]byte{}, c.nameTweak) 1620 1621 require.NoError(t, c.Key("potato", "")) 1622 assert.Equal(t, [32]byte{0x74, 0x55, 0xC7, 0x1A, 0xB1, 0x7C, 0x86, 0x5B, 0x84, 0x71, 0xF4, 0x7B, 0x79, 0xAC, 0xB0, 0x7E, 0xB3, 0x1D, 0x56, 0x78, 0xB8, 0x0C, 0x7E, 0x2E, 0xAF, 0x4F, 0xC8, 0x06, 0x6A, 0x9E, 0xE4, 0x68}, c.dataKey) 1623 assert.Equal(t, [32]byte{0x76, 0x5D, 0xA2, 0x7A, 0xB1, 0x5D, 0x77, 0xF9, 0x57, 0x96, 0x71, 0x1F, 0x7B, 0x93, 0xAD, 0x63, 0xBB, 0xB4, 0x84, 0x07, 0x2E, 0x71, 0x80, 0xA8, 0xD1, 0x7A, 0x9B, 0xBE, 0xC1, 0x42, 0x70, 0xD0}, c.nameKey) 1624 assert.Equal(t, [16]byte{0xC1, 0x8D, 0x59, 0x32, 0xF5, 0x5B, 0x28, 0x28, 0xC5, 0xE1, 0xE8, 0x72, 0x15, 0x52, 0x03, 0x10}, c.nameTweak) 1625 1626 require.NoError(t, c.Key("Potato", "")) 1627 assert.Equal(t, [32]byte{0xAE, 0xEA, 0x6A, 0xD3, 0x47, 0xDF, 0x75, 0xB9, 0x63, 0xCE, 0x12, 0xF5, 0x76, 0x23, 0xE9, 0x46, 0xD4, 0x2E, 0xD8, 0xBF, 0x3E, 0x92, 0x8B, 0x39, 0x24, 0x37, 0x94, 0x13, 0x3E, 0x5E, 0xF7, 0x5E}, c.dataKey) 1628 assert.Equal(t, [32]byte{0x54, 0xF7, 0x02, 0x6E, 0x8A, 0xFC, 0x56, 0x0A, 0x86, 0x63, 0x6A, 0xAB, 0x2C, 0x9C, 0x51, 0x62, 0xE5, 0x1A, 0x12, 0x23, 0x51, 0x83, 0x6E, 0xAF, 0x50, 0x42, 0x0F, 0x98, 0x1C, 0x86, 0x0A, 0x19}, c.nameKey) 1629 assert.Equal(t, [16]byte{0xF8, 0xC1, 0xB6, 0x27, 0x2D, 0x52, 0x9B, 0x4A, 0x8F, 0xDA, 0xEB, 0x42, 0x4A, 0x28, 0xDD, 0xF3}, c.nameTweak) 1630 1631 require.NoError(t, c.Key("potato", "sausage")) 1632 assert.Equal(t, [32]uint8{0x8e, 0x9b, 0x6b, 0x99, 0xf8, 0x69, 0x4, 0x67, 0xa0, 0x71, 0xf9, 0xcb, 0x92, 0xd0, 0xaa, 0x78, 0x7f, 0x8f, 0xf1, 0x78, 0xbe, 0xc9, 0x6f, 0x99, 0x9f, 0xd5, 0x20, 0x6e, 0x64, 0x4a, 0x1b, 0x50}, c.dataKey) 1633 assert.Equal(t, [32]uint8{0x3e, 0xa9, 0x5e, 0xf6, 0x81, 0x78, 0x2d, 0xc9, 0xd9, 0x95, 0x5d, 0x22, 0x5b, 0xfd, 0x44, 0x2c, 0x6f, 0x5d, 0x68, 0x97, 0xb0, 0x29, 0x1, 0x5c, 0x6f, 0x46, 0x2e, 0x2a, 0x9d, 0xae, 0x2c, 0xe3}, c.nameKey) 1634 assert.Equal(t, [16]uint8{0xf1, 0x7f, 0xd7, 0x14, 0x1d, 0x65, 0x27, 0x4f, 0x36, 0x3f, 0xc2, 0xa0, 0x4d, 0xd2, 0x14, 0x8a}, c.nameTweak) 1635 1636 require.NoError(t, c.Key("potato", "Sausage")) 1637 assert.Equal(t, [32]uint8{0xda, 0x81, 0x8c, 0x67, 0xef, 0x11, 0xf, 0xc8, 0xd5, 0xc8, 0x62, 0x4b, 0x7f, 0xe2, 0x9e, 0x35, 0x35, 0xb0, 0x8d, 0x79, 0x84, 0x89, 0xac, 0xcb, 0xa0, 0xff, 0x2, 0x72, 0x3, 0x1a, 0x5e, 0x64}, c.dataKey) 1638 assert.Equal(t, [32]uint8{0x2, 0x81, 0x7e, 0x7b, 0xea, 0x99, 0x81, 0x5a, 0xd0, 0x2d, 0xb9, 0x64, 0x48, 0xb0, 0x28, 0x27, 0x7c, 0x20, 0xb4, 0xd4, 0xa4, 0x68, 0xad, 0x4e, 0x5c, 0x29, 0xf, 0x79, 0xef, 0xee, 0xdb, 0x3b}, c.nameKey) 1639 assert.Equal(t, [16]uint8{0x9a, 0xb5, 0xb, 0x3d, 0xcb, 0x60, 0x59, 0x55, 0xa5, 0x4d, 0xe6, 0xb6, 0x47, 0x3, 0x23, 0xe2}, c.nameTweak) 1640 1641 require.NoError(t, c.Key("", "")) 1642 assert.Equal(t, [32]byte{}, c.dataKey) 1643 assert.Equal(t, [32]byte{}, c.nameKey) 1644 assert.Equal(t, [16]byte{}, c.nameTweak) 1645 }