github.com/xhghs/rclone@v1.51.1-0.20200430155106-e186a28cced8/backend/crypt/cipher_test.go (about) 1 package crypt 2 3 import ( 4 "bytes" 5 "context" 6 "encoding/base32" 7 "fmt" 8 "io" 9 "io/ioutil" 10 "strings" 11 "testing" 12 13 "github.com/pkg/errors" 14 "github.com/rclone/rclone/backend/crypt/pkcs7" 15 "github.com/stretchr/testify/assert" 16 "github.com/stretchr/testify/require" 17 ) 18 19 func TestNewNameEncryptionMode(t *testing.T) { 20 for _, test := range []struct { 21 in string 22 expected NameEncryptionMode 23 expectedErr string 24 }{ 25 {"off", NameEncryptionOff, ""}, 26 {"standard", NameEncryptionStandard, ""}, 27 {"obfuscate", NameEncryptionObfuscated, ""}, 28 {"potato", NameEncryptionOff, "Unknown file name encryption mode \"potato\""}, 29 } { 30 actual, actualErr := NewNameEncryptionMode(test.in) 31 assert.Equal(t, actual, test.expected) 32 if test.expectedErr == "" { 33 assert.NoError(t, actualErr) 34 } else { 35 assert.Error(t, actualErr, test.expectedErr) 36 } 37 } 38 } 39 40 func TestNewNameEncryptionModeString(t *testing.T) { 41 assert.Equal(t, NameEncryptionOff.String(), "off") 42 assert.Equal(t, NameEncryptionStandard.String(), "standard") 43 assert.Equal(t, NameEncryptionObfuscated.String(), "obfuscate") 44 assert.Equal(t, NameEncryptionMode(3).String(), "Unknown mode #3") 45 } 46 47 func TestEncodeFileName(t *testing.T) { 48 for _, test := range []struct { 49 in string 50 expected string 51 }{ 52 {"", ""}, 53 {"1", "64"}, 54 {"12", "64p0"}, 55 {"123", "64p36"}, 56 {"1234", "64p36d0"}, 57 {"12345", "64p36d1l"}, 58 {"123456", "64p36d1l6o"}, 59 {"1234567", "64p36d1l6org"}, 60 {"12345678", "64p36d1l6orjg"}, 61 {"123456789", "64p36d1l6orjge8"}, 62 {"1234567890", "64p36d1l6orjge9g"}, 63 {"12345678901", "64p36d1l6orjge9g64"}, 64 {"123456789012", "64p36d1l6orjge9g64p0"}, 65 {"1234567890123", "64p36d1l6orjge9g64p36"}, 66 {"12345678901234", "64p36d1l6orjge9g64p36d0"}, 67 {"123456789012345", "64p36d1l6orjge9g64p36d1l"}, 68 {"1234567890123456", "64p36d1l6orjge9g64p36d1l6o"}, 69 } { 70 actual := encodeFileName([]byte(test.in)) 71 assert.Equal(t, actual, test.expected, fmt.Sprintf("in=%q", test.in)) 72 recovered, err := decodeFileName(test.expected) 73 assert.NoError(t, err) 74 assert.Equal(t, string(recovered), test.in, fmt.Sprintf("reverse=%q", test.expected)) 75 in := strings.ToUpper(test.expected) 76 recovered, err = decodeFileName(in) 77 assert.NoError(t, err) 78 assert.Equal(t, string(recovered), test.in, fmt.Sprintf("reverse=%q", in)) 79 } 80 } 81 82 func TestDecodeFileName(t *testing.T) { 83 // We've tested decoding the valid ones above, now concentrate on the invalid ones 84 for _, test := range []struct { 85 in string 86 expectedErr error 87 }{ 88 {"64=", ErrorBadBase32Encoding}, 89 {"!", base32.CorruptInputError(0)}, 90 {"hello=hello", base32.CorruptInputError(5)}, 91 } { 92 actual, actualErr := decodeFileName(test.in) 93 assert.Equal(t, test.expectedErr, actualErr, fmt.Sprintf("in=%q got actual=%q, err = %v %T", test.in, actual, actualErr, actualErr)) 94 } 95 } 96 97 func TestEncryptSegment(t *testing.T) { 98 c, _ := newCipher(NameEncryptionStandard, "", "", true) 99 for _, test := range []struct { 100 in string 101 expected string 102 }{ 103 {"", ""}, 104 {"1", "p0e52nreeaj0a5ea7s64m4j72s"}, 105 {"12", "l42g6771hnv3an9cgc8cr2n1ng"}, 106 {"123", "qgm4avr35m5loi1th53ato71v0"}, 107 {"1234", "8ivr2e9plj3c3esisjpdisikos"}, 108 {"12345", "rh9vu63q3o29eqmj4bg6gg7s44"}, 109 {"123456", "bn717l3alepn75b2fb2ejmi4b4"}, 110 {"1234567", "n6bo9jmb1qe3b1ogtj5qkf19k8"}, 111 {"12345678", "u9t24j7uaq94dh5q53m3s4t9ok"}, 112 {"123456789", "37hn305g6j12d1g0kkrl7ekbs4"}, 113 {"1234567890", "ot8d91eplaglb62k2b1trm2qv0"}, 114 {"12345678901", "h168vvrgb53qnrtvvmb378qrcs"}, 115 {"123456789012", "s3hsdf9e29ithrqbjqu01t8q2s"}, 116 {"1234567890123", "cf3jimlv1q2oc553mv7s3mh3eo"}, 117 {"12345678901234", "moq0uqdlqrblrc5pa5u5c7hq9g"}, 118 {"123456789012345", "eeam3li4rnommi3a762h5n7meg"}, 119 {"1234567890123456", "mijbj0frqf6ms7frcr6bd9h0env53jv96pjaaoirk7forcgpt70g"}, 120 } { 121 actual := c.encryptSegment(test.in) 122 assert.Equal(t, test.expected, actual, fmt.Sprintf("Testing %q", test.in)) 123 recovered, err := c.decryptSegment(test.expected) 124 assert.NoError(t, err, fmt.Sprintf("Testing reverse %q", test.expected)) 125 assert.Equal(t, test.in, recovered, fmt.Sprintf("Testing reverse %q", test.expected)) 126 in := strings.ToUpper(test.expected) 127 recovered, err = c.decryptSegment(in) 128 assert.NoError(t, err, fmt.Sprintf("Testing reverse %q", in)) 129 assert.Equal(t, test.in, recovered, fmt.Sprintf("Testing reverse %q", in)) 130 } 131 } 132 133 func TestDecryptSegment(t *testing.T) { 134 // We've tested the forwards above, now concentrate on the errors 135 longName := make([]byte, 3328) 136 for i := range longName { 137 longName[i] = 'a' 138 } 139 c, _ := newCipher(NameEncryptionStandard, "", "", true) 140 for _, test := range []struct { 141 in string 142 expectedErr error 143 }{ 144 {"64=", ErrorBadBase32Encoding}, 145 {"!", base32.CorruptInputError(0)}, 146 {string(longName), ErrorTooLongAfterDecode}, 147 {encodeFileName([]byte("a")), ErrorNotAMultipleOfBlocksize}, 148 {encodeFileName([]byte("123456789abcdef")), ErrorNotAMultipleOfBlocksize}, 149 {encodeFileName([]byte("123456789abcdef0")), pkcs7.ErrorPaddingTooLong}, 150 } { 151 actual, actualErr := c.decryptSegment(test.in) 152 assert.Equal(t, test.expectedErr, actualErr, fmt.Sprintf("in=%q got actual=%q, err = %v %T", test.in, actual, actualErr, actualErr)) 153 } 154 } 155 156 func TestEncryptFileName(t *testing.T) { 157 // First standard mode 158 c, _ := newCipher(NameEncryptionStandard, "", "", true) 159 assert.Equal(t, "p0e52nreeaj0a5ea7s64m4j72s", c.EncryptFileName("1")) 160 assert.Equal(t, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng", c.EncryptFileName("1/12")) 161 assert.Equal(t, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0", c.EncryptFileName("1/12/123")) 162 // Standard mode with directory name encryption off 163 c, _ = newCipher(NameEncryptionStandard, "", "", false) 164 assert.Equal(t, "p0e52nreeaj0a5ea7s64m4j72s", c.EncryptFileName("1")) 165 assert.Equal(t, "1/l42g6771hnv3an9cgc8cr2n1ng", c.EncryptFileName("1/12")) 166 assert.Equal(t, "1/12/qgm4avr35m5loi1th53ato71v0", c.EncryptFileName("1/12/123")) 167 // Now off mode 168 c, _ = newCipher(NameEncryptionOff, "", "", true) 169 assert.Equal(t, "1/12/123.bin", c.EncryptFileName("1/12/123")) 170 // Obfuscation mode 171 c, _ = newCipher(NameEncryptionObfuscated, "", "", true) 172 assert.Equal(t, "49.6/99.23/150.890/53.!!lipps", c.EncryptFileName("1/12/123/!hello")) 173 assert.Equal(t, "161.\u00e4", c.EncryptFileName("\u00a1")) 174 assert.Equal(t, "160.\u03c2", c.EncryptFileName("\u03a0")) 175 // Obfuscation mode with directory name encryption off 176 c, _ = newCipher(NameEncryptionObfuscated, "", "", false) 177 assert.Equal(t, "1/12/123/53.!!lipps", c.EncryptFileName("1/12/123/!hello")) 178 assert.Equal(t, "161.\u00e4", c.EncryptFileName("\u00a1")) 179 assert.Equal(t, "160.\u03c2", c.EncryptFileName("\u03a0")) 180 } 181 182 func TestDecryptFileName(t *testing.T) { 183 for _, test := range []struct { 184 mode NameEncryptionMode 185 dirNameEncrypt bool 186 in string 187 expected string 188 expectedErr error 189 }{ 190 {NameEncryptionStandard, true, "p0e52nreeaj0a5ea7s64m4j72s", "1", nil}, 191 {NameEncryptionStandard, true, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng", "1/12", nil}, 192 {NameEncryptionStandard, true, "p0e52nreeAJ0A5EA7S64M4J72S/L42G6771HNv3an9cgc8cr2n1ng", "1/12", nil}, 193 {NameEncryptionStandard, true, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0", "1/12/123", nil}, 194 {NameEncryptionStandard, true, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1/qgm4avr35m5loi1th53ato71v0", "", ErrorNotAMultipleOfBlocksize}, 195 {NameEncryptionStandard, false, "1/12/qgm4avr35m5loi1th53ato71v0", "1/12/123", nil}, 196 {NameEncryptionOff, true, "1/12/123.bin", "1/12/123", nil}, 197 {NameEncryptionOff, true, "1/12/123.bix", "", ErrorNotAnEncryptedFile}, 198 {NameEncryptionOff, true, ".bin", "", ErrorNotAnEncryptedFile}, 199 {NameEncryptionObfuscated, true, "!.hello", "hello", nil}, 200 {NameEncryptionObfuscated, true, "hello", "", ErrorNotAnEncryptedFile}, 201 {NameEncryptionObfuscated, true, "161.\u00e4", "\u00a1", nil}, 202 {NameEncryptionObfuscated, true, "160.\u03c2", "\u03a0", nil}, 203 {NameEncryptionObfuscated, false, "1/12/123/53.!!lipps", "1/12/123/!hello", nil}, 204 } { 205 c, _ := newCipher(test.mode, "", "", test.dirNameEncrypt) 206 actual, actualErr := c.DecryptFileName(test.in) 207 what := fmt.Sprintf("Testing %q (mode=%v)", test.in, test.mode) 208 assert.Equal(t, test.expected, actual, what) 209 assert.Equal(t, test.expectedErr, actualErr, what) 210 } 211 } 212 213 func TestEncDecMatches(t *testing.T) { 214 for _, test := range []struct { 215 mode NameEncryptionMode 216 in string 217 }{ 218 {NameEncryptionStandard, "1/2/3/4"}, 219 {NameEncryptionOff, "1/2/3/4"}, 220 {NameEncryptionObfuscated, "1/2/3/4/!hello\u03a0"}, 221 {NameEncryptionObfuscated, "Avatar The Last Airbender"}, 222 } { 223 c, _ := newCipher(test.mode, "", "", true) 224 out, err := c.DecryptFileName(c.EncryptFileName(test.in)) 225 what := fmt.Sprintf("Testing %q (mode=%v)", test.in, test.mode) 226 assert.Equal(t, out, test.in, what) 227 assert.Equal(t, err, nil, what) 228 } 229 } 230 231 func TestEncryptDirName(t *testing.T) { 232 // First standard mode 233 c, _ := newCipher(NameEncryptionStandard, "", "", true) 234 assert.Equal(t, "p0e52nreeaj0a5ea7s64m4j72s", c.EncryptDirName("1")) 235 assert.Equal(t, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng", c.EncryptDirName("1/12")) 236 assert.Equal(t, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0", c.EncryptDirName("1/12/123")) 237 // Standard mode with dir name encryption off 238 c, _ = newCipher(NameEncryptionStandard, "", "", false) 239 assert.Equal(t, "1/12", c.EncryptDirName("1/12")) 240 assert.Equal(t, "1/12/123", c.EncryptDirName("1/12/123")) 241 // Now off mode 242 c, _ = newCipher(NameEncryptionOff, "", "", true) 243 assert.Equal(t, "1/12/123", c.EncryptDirName("1/12/123")) 244 } 245 246 func TestDecryptDirName(t *testing.T) { 247 for _, test := range []struct { 248 mode NameEncryptionMode 249 dirNameEncrypt bool 250 in string 251 expected string 252 expectedErr error 253 }{ 254 {NameEncryptionStandard, true, "p0e52nreeaj0a5ea7s64m4j72s", "1", nil}, 255 {NameEncryptionStandard, true, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng", "1/12", nil}, 256 {NameEncryptionStandard, true, "p0e52nreeAJ0A5EA7S64M4J72S/L42G6771HNv3an9cgc8cr2n1ng", "1/12", nil}, 257 {NameEncryptionStandard, true, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0", "1/12/123", nil}, 258 {NameEncryptionStandard, true, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1/qgm4avr35m5loi1th53ato71v0", "", ErrorNotAMultipleOfBlocksize}, 259 {NameEncryptionStandard, false, "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng", "p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng", nil}, 260 {NameEncryptionStandard, false, "1/12/123", "1/12/123", nil}, 261 {NameEncryptionOff, true, "1/12/123.bin", "1/12/123.bin", nil}, 262 {NameEncryptionOff, true, "1/12/123", "1/12/123", nil}, 263 {NameEncryptionOff, true, ".bin", ".bin", nil}, 264 } { 265 c, _ := newCipher(test.mode, "", "", test.dirNameEncrypt) 266 actual, actualErr := c.DecryptDirName(test.in) 267 what := fmt.Sprintf("Testing %q (mode=%v)", test.in, test.mode) 268 assert.Equal(t, test.expected, actual, what) 269 assert.Equal(t, test.expectedErr, actualErr, what) 270 } 271 } 272 273 func TestEncryptedSize(t *testing.T) { 274 c, _ := newCipher(NameEncryptionStandard, "", "", true) 275 for _, test := range []struct { 276 in int64 277 expected int64 278 }{ 279 {0, 32}, 280 {1, 32 + 16 + 1}, 281 {65536, 32 + 16 + 65536}, 282 {65537, 32 + 16 + 65536 + 16 + 1}, 283 {1 << 20, 32 + 16*(16+65536)}, 284 {(1 << 20) + 65535, 32 + 16*(16+65536) + 16 + 65535}, 285 {1 << 30, 32 + 16384*(16+65536)}, 286 {(1 << 40) + 1, 32 + 16777216*(16+65536) + 16 + 1}, 287 } { 288 actual := c.EncryptedSize(test.in) 289 assert.Equal(t, test.expected, actual, fmt.Sprintf("Testing %d", test.in)) 290 recovered, err := c.DecryptedSize(test.expected) 291 assert.NoError(t, err, fmt.Sprintf("Testing reverse %d", test.expected)) 292 assert.Equal(t, test.in, recovered, fmt.Sprintf("Testing reverse %d", test.expected)) 293 } 294 } 295 296 func TestDecryptedSize(t *testing.T) { 297 // Test the errors since we tested the reverse above 298 c, _ := newCipher(NameEncryptionStandard, "", "", true) 299 for _, test := range []struct { 300 in int64 301 expectedErr error 302 }{ 303 {0, ErrorEncryptedFileTooShort}, 304 {0, ErrorEncryptedFileTooShort}, 305 {1, ErrorEncryptedFileTooShort}, 306 {7, ErrorEncryptedFileTooShort}, 307 {32 + 1, ErrorEncryptedFileBadHeader}, 308 {32 + 16, ErrorEncryptedFileBadHeader}, 309 {32 + 16 + 65536 + 1, ErrorEncryptedFileBadHeader}, 310 {32 + 16 + 65536 + 16, ErrorEncryptedFileBadHeader}, 311 } { 312 _, actualErr := c.DecryptedSize(test.in) 313 assert.Equal(t, test.expectedErr, actualErr, fmt.Sprintf("Testing %d", test.in)) 314 } 315 } 316 317 func TestNoncePointer(t *testing.T) { 318 var x nonce 319 assert.Equal(t, (*[24]byte)(&x), x.pointer()) 320 } 321 322 func TestNonceFromReader(t *testing.T) { 323 var x nonce 324 buf := bytes.NewBufferString("123456789abcdefghijklmno") 325 err := x.fromReader(buf) 326 assert.NoError(t, err) 327 assert.Equal(t, nonce{'1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o'}, x) 328 buf = bytes.NewBufferString("123456789abcdefghijklmn") 329 err = x.fromReader(buf) 330 assert.Error(t, err, "short read of nonce") 331 } 332 333 func TestNonceFromBuf(t *testing.T) { 334 var x nonce 335 buf := []byte("123456789abcdefghijklmnoXXXXXXXX") 336 x.fromBuf(buf) 337 assert.Equal(t, nonce{'1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o'}, x) 338 buf = []byte("0123456789abcdefghijklmn") 339 x.fromBuf(buf) 340 assert.Equal(t, nonce{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n'}, x) 341 buf = []byte("0123456789abcdefghijklm") 342 assert.Panics(t, func() { x.fromBuf(buf) }) 343 } 344 345 func TestNonceIncrement(t *testing.T) { 346 for _, test := range []struct { 347 in nonce 348 out nonce 349 }{ 350 { 351 nonce{0x00}, 352 nonce{0x01}, 353 }, 354 { 355 nonce{0xFF}, 356 nonce{0x00, 0x01}, 357 }, 358 { 359 nonce{0xFF, 0xFF}, 360 nonce{0x00, 0x00, 0x01}, 361 }, 362 { 363 nonce{0xFF, 0xFF, 0xFF}, 364 nonce{0x00, 0x00, 0x00, 0x01}, 365 }, 366 { 367 nonce{0xFF, 0xFF, 0xFF, 0xFF}, 368 nonce{0x00, 0x00, 0x00, 0x00, 0x01}, 369 }, 370 { 371 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 372 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 373 }, 374 { 375 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 376 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 377 }, 378 { 379 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 380 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 381 }, 382 { 383 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 384 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 385 }, 386 { 387 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 388 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 389 }, 390 { 391 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 392 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 393 }, 394 { 395 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 396 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 397 }, 398 { 399 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 400 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 401 }, 402 { 403 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 404 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 405 }, 406 { 407 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 408 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 409 }, 410 { 411 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 412 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 413 }, 414 { 415 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 416 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 417 }, 418 { 419 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 420 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 421 }, 422 { 423 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 424 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 425 }, 426 { 427 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 428 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 429 }, 430 { 431 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 432 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 433 }, 434 { 435 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 436 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 437 }, 438 { 439 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 440 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 441 }, 442 { 443 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 444 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 445 }, 446 { 447 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 448 nonce{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 449 }, 450 } { 451 x := test.in 452 x.increment() 453 assert.Equal(t, test.out, x) 454 } 455 } 456 457 func TestNonceAdd(t *testing.T) { 458 for _, test := range []struct { 459 add uint64 460 in nonce 461 out nonce 462 }{ 463 { 464 0x01, 465 nonce{0x00}, 466 nonce{0x01}, 467 }, 468 { 469 0xFF, 470 nonce{0xFF}, 471 nonce{0xFE, 0x01}, 472 }, 473 { 474 0xFFFF, 475 nonce{0xFF, 0xFF}, 476 nonce{0xFE, 0xFF, 0x01}, 477 }, 478 { 479 0xFFFFFF, 480 nonce{0xFF, 0xFF, 0xFF}, 481 nonce{0xFE, 0xFF, 0xFF, 0x01}, 482 }, 483 { 484 0xFFFFFFFF, 485 nonce{0xFF, 0xFF, 0xFF, 0xFF}, 486 nonce{0xFe, 0xFF, 0xFF, 0xFF, 0x01}, 487 }, 488 { 489 0xFFFFFFFFFF, 490 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 491 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0x01}, 492 }, 493 { 494 0xFFFFFFFFFFFF, 495 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 496 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x01}, 497 }, 498 { 499 0xFFFFFFFFFFFFFF, 500 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 501 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x01}, 502 }, 503 { 504 0xFFFFFFFFFFFFFFFF, 505 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 506 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x01}, 507 }, 508 { 509 0xFFFFFFFFFFFFFFFF, 510 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 511 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x01}, 512 }, 513 { 514 0xFFFFFFFFFFFFFFFF, 515 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 516 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x01}, 517 }, 518 { 519 0xFFFFFFFFFFFFFFFF, 520 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 521 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01}, 522 }, 523 { 524 0xFFFFFFFFFFFFFFFF, 525 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 526 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x01}, 527 }, 528 { 529 0xFFFFFFFFFFFFFFFF, 530 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 531 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 532 }, 533 { 534 0xFFFFFFFFFFFFFFFF, 535 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 536 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 537 }, 538 { 539 0xFFFFFFFFFFFFFFFF, 540 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 541 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 542 }, 543 { 544 0xFFFFFFFFFFFFFFFF, 545 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 546 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 547 }, 548 { 549 0xFFFFFFFFFFFFFFFF, 550 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 551 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 552 }, 553 { 554 0xFFFFFFFFFFFFFFFF, 555 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 556 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 557 }, 558 { 559 0xFFFFFFFFFFFFFFFF, 560 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 561 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 562 }, 563 { 564 0xFFFFFFFFFFFFFFFF, 565 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 566 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 567 }, 568 { 569 0xFFFFFFFFFFFFFFFF, 570 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 571 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 572 }, 573 { 574 0xFFFFFFFFFFFFFFFF, 575 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 576 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 577 }, 578 { 579 0xFFFFFFFFFFFFFFFF, 580 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 581 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 582 }, 583 { 584 0xFFFFFFFFFFFFFFFF, 585 nonce{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, 586 nonce{0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 587 }, 588 } { 589 x := test.in 590 x.add(test.add) 591 assert.Equal(t, test.out, x) 592 } 593 } 594 595 // randomSource can read or write a random sequence 596 type randomSource struct { 597 counter int64 598 size int64 599 } 600 601 func newRandomSource(size int64) *randomSource { 602 return &randomSource{ 603 size: size, 604 } 605 } 606 607 func (r *randomSource) next() byte { 608 r.counter++ 609 return byte(r.counter % 257) 610 } 611 612 func (r *randomSource) Read(p []byte) (n int, err error) { 613 for i := range p { 614 if r.counter >= r.size { 615 err = io.EOF 616 break 617 } 618 p[i] = r.next() 619 n++ 620 } 621 return n, err 622 } 623 624 func (r *randomSource) Write(p []byte) (n int, err error) { 625 for i := range p { 626 if p[i] != r.next() { 627 return 0, errors.Errorf("Error in stream at %d", r.counter) 628 } 629 } 630 return len(p), nil 631 } 632 633 func (r *randomSource) Close() error { return nil } 634 635 // Check interfaces 636 var ( 637 _ io.ReadCloser = (*randomSource)(nil) 638 _ io.WriteCloser = (*randomSource)(nil) 639 ) 640 641 // Test test infrastructure first! 642 func TestRandomSource(t *testing.T) { 643 source := newRandomSource(1e8) 644 sink := newRandomSource(1e8) 645 n, err := io.Copy(sink, source) 646 assert.NoError(t, err) 647 assert.Equal(t, int64(1e8), n) 648 649 source = newRandomSource(1e8) 650 buf := make([]byte, 16) 651 _, _ = source.Read(buf) 652 sink = newRandomSource(1e8) 653 _, err = io.Copy(sink, source) 654 assert.Error(t, err, "Error in stream") 655 } 656 657 type zeroes struct{} 658 659 func (z *zeroes) Read(p []byte) (n int, err error) { 660 for i := range p { 661 p[i] = 0 662 n++ 663 } 664 return n, nil 665 } 666 667 // Test encrypt decrypt with different buffer sizes 668 func testEncryptDecrypt(t *testing.T, bufSize int, copySize int64) { 669 c, err := newCipher(NameEncryptionStandard, "", "", true) 670 assert.NoError(t, err) 671 c.cryptoRand = &zeroes{} // zero out the nonce 672 buf := make([]byte, bufSize) 673 source := newRandomSource(copySize) 674 encrypted, err := c.newEncrypter(source, nil) 675 assert.NoError(t, err) 676 decrypted, err := c.newDecrypter(ioutil.NopCloser(encrypted)) 677 assert.NoError(t, err) 678 sink := newRandomSource(copySize) 679 n, err := io.CopyBuffer(sink, decrypted, buf) 680 assert.NoError(t, err) 681 assert.Equal(t, copySize, n) 682 blocks := copySize / blockSize 683 if (copySize % blockSize) != 0 { 684 blocks++ 685 } 686 var expectedNonce = nonce{byte(blocks), byte(blocks >> 8), byte(blocks >> 16), byte(blocks >> 32)} 687 assert.Equal(t, expectedNonce, encrypted.nonce) 688 assert.Equal(t, expectedNonce, decrypted.nonce) 689 } 690 691 func TestEncryptDecrypt1(t *testing.T) { 692 testEncryptDecrypt(t, 1, 1e7) 693 } 694 695 func TestEncryptDecrypt32(t *testing.T) { 696 testEncryptDecrypt(t, 32, 1e8) 697 } 698 699 func TestEncryptDecrypt4096(t *testing.T) { 700 testEncryptDecrypt(t, 4096, 1e8) 701 } 702 703 func TestEncryptDecrypt65536(t *testing.T) { 704 testEncryptDecrypt(t, 65536, 1e8) 705 } 706 707 func TestEncryptDecrypt65537(t *testing.T) { 708 testEncryptDecrypt(t, 65537, 1e8) 709 } 710 711 var ( 712 file0 = []byte{ 713 0x52, 0x43, 0x4c, 0x4f, 0x4e, 0x45, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 714 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 715 } 716 file1 = []byte{ 717 0x52, 0x43, 0x4c, 0x4f, 0x4e, 0x45, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 718 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 719 0x09, 0x5b, 0x44, 0x6c, 0xd6, 0x23, 0x7b, 0xbc, 0xb0, 0x8d, 0x09, 0xfb, 0x52, 0x4c, 0xe5, 0x65, 720 0xAA, 721 } 722 file16 = []byte{ 723 0x52, 0x43, 0x4c, 0x4f, 0x4e, 0x45, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 724 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 725 0xb9, 0xc4, 0x55, 0x2a, 0x27, 0x10, 0x06, 0x29, 0x18, 0x96, 0x0a, 0x3e, 0x60, 0x8c, 0x29, 0xb9, 726 0xaa, 0x8a, 0x5e, 0x1e, 0x16, 0x5b, 0x6d, 0x07, 0x5d, 0xe4, 0xe9, 0xbb, 0x36, 0x7f, 0xd6, 0xd4, 727 } 728 ) 729 730 func TestEncryptData(t *testing.T) { 731 for _, test := range []struct { 732 in []byte 733 expected []byte 734 }{ 735 {[]byte{}, file0}, 736 {[]byte{1}, file1}, 737 {[]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}, file16}, 738 } { 739 c, err := newCipher(NameEncryptionStandard, "", "", true) 740 assert.NoError(t, err) 741 c.cryptoRand = newRandomSource(1e8) // nodge the crypto rand generator 742 743 // Check encode works 744 buf := bytes.NewBuffer(test.in) 745 encrypted, err := c.EncryptData(buf) 746 assert.NoError(t, err) 747 out, err := ioutil.ReadAll(encrypted) 748 assert.NoError(t, err) 749 assert.Equal(t, test.expected, out) 750 751 // Check we can decode the data properly too... 752 buf = bytes.NewBuffer(out) 753 decrypted, err := c.DecryptData(ioutil.NopCloser(buf)) 754 assert.NoError(t, err) 755 out, err = ioutil.ReadAll(decrypted) 756 assert.NoError(t, err) 757 assert.Equal(t, test.in, out) 758 } 759 } 760 761 func TestNewEncrypter(t *testing.T) { 762 c, err := newCipher(NameEncryptionStandard, "", "", true) 763 assert.NoError(t, err) 764 c.cryptoRand = newRandomSource(1e8) // nodge the crypto rand generator 765 766 z := &zeroes{} 767 768 fh, err := c.newEncrypter(z, nil) 769 assert.NoError(t, err) 770 assert.Equal(t, nonce{0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18}, fh.nonce) 771 assert.Equal(t, []byte{'R', 'C', 'L', 'O', 'N', 'E', 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18}, fh.buf[:32]) 772 773 // Test error path 774 c.cryptoRand = bytes.NewBufferString("123456789abcdefghijklmn") 775 fh, err = c.newEncrypter(z, nil) 776 assert.Nil(t, fh) 777 assert.Error(t, err, "short read of nonce") 778 779 } 780 781 // Test the stream returning 0, io.ErrUnexpectedEOF - this used to 782 // cause a fatal loop 783 func TestNewEncrypterErrUnexpectedEOF(t *testing.T) { 784 c, err := newCipher(NameEncryptionStandard, "", "", true) 785 assert.NoError(t, err) 786 787 in := &errorReader{io.ErrUnexpectedEOF} 788 fh, err := c.newEncrypter(in, nil) 789 assert.NoError(t, err) 790 791 n, err := io.CopyN(ioutil.Discard, fh, 1e6) 792 assert.Equal(t, io.ErrUnexpectedEOF, err) 793 assert.Equal(t, int64(32), n) 794 } 795 796 type errorReader struct { 797 err error 798 } 799 800 func (er errorReader) Read(p []byte) (n int, err error) { 801 return 0, er.err 802 } 803 804 type closeDetector struct { 805 io.Reader 806 closed int 807 } 808 809 func newCloseDetector(in io.Reader) *closeDetector { 810 return &closeDetector{ 811 Reader: in, 812 } 813 } 814 815 func (c *closeDetector) Close() error { 816 c.closed++ 817 return nil 818 } 819 820 func TestNewDecrypter(t *testing.T) { 821 c, err := newCipher(NameEncryptionStandard, "", "", true) 822 assert.NoError(t, err) 823 c.cryptoRand = newRandomSource(1e8) // nodge the crypto rand generator 824 825 cd := newCloseDetector(bytes.NewBuffer(file0)) 826 fh, err := c.newDecrypter(cd) 827 assert.NoError(t, err) 828 // check nonce is in place 829 assert.Equal(t, file0[8:32], fh.nonce[:]) 830 assert.Equal(t, 0, cd.closed) 831 832 // Test error paths 833 for i := range file0 { 834 cd := newCloseDetector(bytes.NewBuffer(file0[:i])) 835 fh, err = c.newDecrypter(cd) 836 assert.Nil(t, fh) 837 assert.Error(t, err, ErrorEncryptedFileTooShort.Error()) 838 assert.Equal(t, 1, cd.closed) 839 } 840 841 er := &errorReader{errors.New("potato")} 842 cd = newCloseDetector(er) 843 fh, err = c.newDecrypter(cd) 844 assert.Nil(t, fh) 845 assert.Error(t, err, "potato") 846 assert.Equal(t, 1, cd.closed) 847 848 // bad magic 849 file0copy := make([]byte, len(file0)) 850 copy(file0copy, file0) 851 for i := range fileMagic { 852 file0copy[i] ^= 0x1 853 cd := newCloseDetector(bytes.NewBuffer(file0copy)) 854 fh, err := c.newDecrypter(cd) 855 assert.Nil(t, fh) 856 assert.Error(t, err, ErrorEncryptedBadMagic.Error()) 857 file0copy[i] ^= 0x1 858 assert.Equal(t, 1, cd.closed) 859 } 860 } 861 862 // Test the stream returning 0, io.ErrUnexpectedEOF 863 func TestNewDecrypterErrUnexpectedEOF(t *testing.T) { 864 c, err := newCipher(NameEncryptionStandard, "", "", true) 865 assert.NoError(t, err) 866 867 in2 := &errorReader{io.ErrUnexpectedEOF} 868 in1 := bytes.NewBuffer(file16) 869 in := ioutil.NopCloser(io.MultiReader(in1, in2)) 870 871 fh, err := c.newDecrypter(in) 872 assert.NoError(t, err) 873 874 n, err := io.CopyN(ioutil.Discard, fh, 1e6) 875 assert.Equal(t, io.ErrUnexpectedEOF, err) 876 assert.Equal(t, int64(16), n) 877 } 878 879 func TestNewDecrypterSeekLimit(t *testing.T) { 880 c, err := newCipher(NameEncryptionStandard, "", "", true) 881 assert.NoError(t, err) 882 c.cryptoRand = &zeroes{} // nodge the crypto rand generator 883 884 // Make random data 885 const dataSize = 150000 886 plaintext, err := ioutil.ReadAll(newRandomSource(dataSize)) 887 assert.NoError(t, err) 888 889 // Encrypt the data 890 buf := bytes.NewBuffer(plaintext) 891 encrypted, err := c.EncryptData(buf) 892 assert.NoError(t, err) 893 ciphertext, err := ioutil.ReadAll(encrypted) 894 assert.NoError(t, err) 895 896 trials := []int{0, 1, 2, 3, 4, 5, 7, 8, 9, 15, 16, 17, 31, 32, 33, 63, 64, 65, 897 127, 128, 129, 255, 256, 257, 511, 512, 513, 1023, 1024, 1025, 2047, 2048, 2049, 898 4095, 4096, 4097, 8191, 8192, 8193, 16383, 16384, 16385, 32767, 32768, 32769, 899 65535, 65536, 65537, 131071, 131072, 131073, dataSize - 1, dataSize} 900 limits := []int{-1, 0, 1, 65535, 65536, 65537, 131071, 131072, 131073} 901 902 // Open stream with a seek of underlyingOffset 903 var reader io.ReadCloser 904 open := func(ctx context.Context, underlyingOffset, underlyingLimit int64) (io.ReadCloser, error) { 905 end := len(ciphertext) 906 if underlyingLimit >= 0 { 907 end = int(underlyingOffset + underlyingLimit) 908 if end > len(ciphertext) { 909 end = len(ciphertext) 910 } 911 } 912 reader = ioutil.NopCloser(bytes.NewBuffer(ciphertext[int(underlyingOffset):end])) 913 return reader, nil 914 } 915 916 inBlock := make([]byte, dataSize) 917 918 // Check the seek worked by reading a block and checking it 919 // against what it should be 920 check := func(rc io.Reader, offset, limit int) { 921 n, err := io.ReadFull(rc, inBlock) 922 if err != nil && err != io.EOF && err != io.ErrUnexpectedEOF { 923 require.NoError(t, err) 924 } 925 seekedDecrypted := inBlock[:n] 926 927 what := fmt.Sprintf("offset = %d, limit = %d", offset, limit) 928 if limit >= 0 { 929 assert.Equal(t, limit, n, what) 930 } 931 require.Equal(t, plaintext[offset:offset+n], seekedDecrypted, what) 932 933 // We should have completely emptied the reader at this point 934 n, err = reader.Read(inBlock) 935 assert.Equal(t, io.EOF, err) 936 assert.Equal(t, 0, n) 937 } 938 939 // Now try decoding it with a open/seek 940 for _, offset := range trials { 941 for _, limit := range limits { 942 if offset+limit > len(plaintext) { 943 continue 944 } 945 rc, err := c.DecryptDataSeek(context.Background(), open, int64(offset), int64(limit)) 946 assert.NoError(t, err) 947 948 check(rc, offset, limit) 949 } 950 } 951 952 // Try decoding it with a single open and lots of seeks 953 fh, err := c.DecryptDataSeek(context.Background(), open, 0, -1) 954 assert.NoError(t, err) 955 for _, offset := range trials { 956 for _, limit := range limits { 957 if offset+limit > len(plaintext) { 958 continue 959 } 960 _, err := fh.RangeSeek(context.Background(), int64(offset), io.SeekStart, int64(limit)) 961 assert.NoError(t, err) 962 963 check(fh, offset, limit) 964 } 965 } 966 967 // Do some checks on the open callback 968 for _, test := range []struct { 969 offset, limit int64 970 wantOffset, wantLimit int64 971 }{ 972 // unlimited 973 {0, -1, int64(fileHeaderSize), -1}, 974 {1, -1, int64(fileHeaderSize), -1}, 975 {blockDataSize - 1, -1, int64(fileHeaderSize), -1}, 976 {blockDataSize, -1, int64(fileHeaderSize) + blockSize, -1}, 977 {blockDataSize + 1, -1, int64(fileHeaderSize) + blockSize, -1}, 978 // limit=1 979 {0, 1, int64(fileHeaderSize), blockSize}, 980 {1, 1, int64(fileHeaderSize), blockSize}, 981 {blockDataSize - 1, 1, int64(fileHeaderSize), blockSize}, 982 {blockDataSize, 1, int64(fileHeaderSize) + blockSize, blockSize}, 983 {blockDataSize + 1, 1, int64(fileHeaderSize) + blockSize, blockSize}, 984 // limit=100 985 {0, 100, int64(fileHeaderSize), blockSize}, 986 {1, 100, int64(fileHeaderSize), blockSize}, 987 {blockDataSize - 1, 100, int64(fileHeaderSize), 2 * blockSize}, 988 {blockDataSize, 100, int64(fileHeaderSize) + blockSize, blockSize}, 989 {blockDataSize + 1, 100, int64(fileHeaderSize) + blockSize, blockSize}, 990 // limit=blockDataSize-1 991 {0, blockDataSize - 1, int64(fileHeaderSize), blockSize}, 992 {1, blockDataSize - 1, int64(fileHeaderSize), blockSize}, 993 {blockDataSize - 1, blockDataSize - 1, int64(fileHeaderSize), 2 * blockSize}, 994 {blockDataSize, blockDataSize - 1, int64(fileHeaderSize) + blockSize, blockSize}, 995 {blockDataSize + 1, blockDataSize - 1, int64(fileHeaderSize) + blockSize, blockSize}, 996 // limit=blockDataSize 997 {0, blockDataSize, int64(fileHeaderSize), blockSize}, 998 {1, blockDataSize, int64(fileHeaderSize), 2 * blockSize}, 999 {blockDataSize - 1, blockDataSize, int64(fileHeaderSize), 2 * blockSize}, 1000 {blockDataSize, blockDataSize, int64(fileHeaderSize) + blockSize, blockSize}, 1001 {blockDataSize + 1, blockDataSize, int64(fileHeaderSize) + blockSize, 2 * blockSize}, 1002 // limit=blockDataSize+1 1003 {0, blockDataSize + 1, int64(fileHeaderSize), 2 * blockSize}, 1004 {1, blockDataSize + 1, int64(fileHeaderSize), 2 * blockSize}, 1005 {blockDataSize - 1, blockDataSize + 1, int64(fileHeaderSize), 2 * blockSize}, 1006 {blockDataSize, blockDataSize + 1, int64(fileHeaderSize) + blockSize, 2 * blockSize}, 1007 {blockDataSize + 1, blockDataSize + 1, int64(fileHeaderSize) + blockSize, 2 * blockSize}, 1008 } { 1009 what := fmt.Sprintf("offset = %d, limit = %d", test.offset, test.limit) 1010 callCount := 0 1011 testOpen := func(ctx context.Context, underlyingOffset, underlyingLimit int64) (io.ReadCloser, error) { 1012 switch callCount { 1013 case 0: 1014 assert.Equal(t, int64(0), underlyingOffset, what) 1015 assert.Equal(t, int64(-1), underlyingLimit, what) 1016 case 1: 1017 assert.Equal(t, test.wantOffset, underlyingOffset, what) 1018 assert.Equal(t, test.wantLimit, underlyingLimit, what) 1019 default: 1020 t.Errorf("Too many calls %d for %s", callCount+1, what) 1021 } 1022 callCount++ 1023 return open(ctx, underlyingOffset, underlyingLimit) 1024 } 1025 fh, err := c.DecryptDataSeek(context.Background(), testOpen, 0, -1) 1026 assert.NoError(t, err) 1027 gotOffset, err := fh.RangeSeek(context.Background(), test.offset, io.SeekStart, test.limit) 1028 assert.NoError(t, err) 1029 assert.Equal(t, gotOffset, test.offset) 1030 } 1031 } 1032 1033 func TestDecrypterCalculateUnderlying(t *testing.T) { 1034 for _, test := range []struct { 1035 offset, limit int64 1036 wantOffset, wantLimit int64 1037 wantDiscard, wantBlocks int64 1038 }{ 1039 // unlimited 1040 {0, -1, int64(fileHeaderSize), -1, 0, 0}, 1041 {1, -1, int64(fileHeaderSize), -1, 1, 0}, 1042 {blockDataSize - 1, -1, int64(fileHeaderSize), -1, blockDataSize - 1, 0}, 1043 {blockDataSize, -1, int64(fileHeaderSize) + blockSize, -1, 0, 1}, 1044 {blockDataSize + 1, -1, int64(fileHeaderSize) + blockSize, -1, 1, 1}, 1045 // limit=1 1046 {0, 1, int64(fileHeaderSize), blockSize, 0, 0}, 1047 {1, 1, int64(fileHeaderSize), blockSize, 1, 0}, 1048 {blockDataSize - 1, 1, int64(fileHeaderSize), blockSize, blockDataSize - 1, 0}, 1049 {blockDataSize, 1, int64(fileHeaderSize) + blockSize, blockSize, 0, 1}, 1050 {blockDataSize + 1, 1, int64(fileHeaderSize) + blockSize, blockSize, 1, 1}, 1051 // limit=100 1052 {0, 100, int64(fileHeaderSize), blockSize, 0, 0}, 1053 {1, 100, int64(fileHeaderSize), blockSize, 1, 0}, 1054 {blockDataSize - 1, 100, int64(fileHeaderSize), 2 * blockSize, blockDataSize - 1, 0}, 1055 {blockDataSize, 100, int64(fileHeaderSize) + blockSize, blockSize, 0, 1}, 1056 {blockDataSize + 1, 100, int64(fileHeaderSize) + blockSize, blockSize, 1, 1}, 1057 // limit=blockDataSize-1 1058 {0, blockDataSize - 1, int64(fileHeaderSize), blockSize, 0, 0}, 1059 {1, blockDataSize - 1, int64(fileHeaderSize), blockSize, 1, 0}, 1060 {blockDataSize - 1, blockDataSize - 1, int64(fileHeaderSize), 2 * blockSize, blockDataSize - 1, 0}, 1061 {blockDataSize, blockDataSize - 1, int64(fileHeaderSize) + blockSize, blockSize, 0, 1}, 1062 {blockDataSize + 1, blockDataSize - 1, int64(fileHeaderSize) + blockSize, blockSize, 1, 1}, 1063 // limit=blockDataSize 1064 {0, blockDataSize, int64(fileHeaderSize), blockSize, 0, 0}, 1065 {1, blockDataSize, int64(fileHeaderSize), 2 * blockSize, 1, 0}, 1066 {blockDataSize - 1, blockDataSize, int64(fileHeaderSize), 2 * blockSize, blockDataSize - 1, 0}, 1067 {blockDataSize, blockDataSize, int64(fileHeaderSize) + blockSize, blockSize, 0, 1}, 1068 {blockDataSize + 1, blockDataSize, int64(fileHeaderSize) + blockSize, 2 * blockSize, 1, 1}, 1069 // limit=blockDataSize+1 1070 {0, blockDataSize + 1, int64(fileHeaderSize), 2 * blockSize, 0, 0}, 1071 {1, blockDataSize + 1, int64(fileHeaderSize), 2 * blockSize, 1, 0}, 1072 {blockDataSize - 1, blockDataSize + 1, int64(fileHeaderSize), 2 * blockSize, blockDataSize - 1, 0}, 1073 {blockDataSize, blockDataSize + 1, int64(fileHeaderSize) + blockSize, 2 * blockSize, 0, 1}, 1074 {blockDataSize + 1, blockDataSize + 1, int64(fileHeaderSize) + blockSize, 2 * blockSize, 1, 1}, 1075 } { 1076 what := fmt.Sprintf("offset = %d, limit = %d", test.offset, test.limit) 1077 underlyingOffset, underlyingLimit, discard, blocks := calculateUnderlying(test.offset, test.limit) 1078 assert.Equal(t, test.wantOffset, underlyingOffset, what) 1079 assert.Equal(t, test.wantLimit, underlyingLimit, what) 1080 assert.Equal(t, test.wantDiscard, discard, what) 1081 assert.Equal(t, test.wantBlocks, blocks, what) 1082 } 1083 } 1084 1085 func TestDecrypterRead(t *testing.T) { 1086 c, err := newCipher(NameEncryptionStandard, "", "", true) 1087 assert.NoError(t, err) 1088 1089 // Test truncating the file at each possible point 1090 for i := 0; i < len(file16)-1; i++ { 1091 what := fmt.Sprintf("truncating to %d/%d", i, len(file16)) 1092 cd := newCloseDetector(bytes.NewBuffer(file16[:i])) 1093 fh, err := c.newDecrypter(cd) 1094 if i < fileHeaderSize { 1095 assert.EqualError(t, err, ErrorEncryptedFileTooShort.Error(), what) 1096 continue 1097 } 1098 if err != nil { 1099 assert.NoError(t, err, what) 1100 continue 1101 } 1102 _, err = ioutil.ReadAll(fh) 1103 var expectedErr error 1104 switch { 1105 case i == fileHeaderSize: 1106 // This would normally produce an error *except* on the first block 1107 expectedErr = nil 1108 default: 1109 expectedErr = io.ErrUnexpectedEOF 1110 } 1111 if expectedErr != nil { 1112 assert.EqualError(t, err, expectedErr.Error(), what) 1113 } else { 1114 assert.NoError(t, err, what) 1115 } 1116 assert.Equal(t, 0, cd.closed, what) 1117 } 1118 1119 // Test producing an error on the file on Read the underlying file 1120 in1 := bytes.NewBuffer(file1) 1121 in2 := &errorReader{errors.New("potato")} 1122 in := io.MultiReader(in1, in2) 1123 cd := newCloseDetector(in) 1124 fh, err := c.newDecrypter(cd) 1125 assert.NoError(t, err) 1126 _, err = ioutil.ReadAll(fh) 1127 assert.Error(t, err, "potato") 1128 assert.Equal(t, 0, cd.closed) 1129 1130 // Test corrupting the input 1131 // shouldn't be able to corrupt any byte without some sort of error 1132 file16copy := make([]byte, len(file16)) 1133 copy(file16copy, file16) 1134 for i := range file16copy { 1135 file16copy[i] ^= 0xFF 1136 fh, err := c.newDecrypter(ioutil.NopCloser(bytes.NewBuffer(file16copy))) 1137 if i < fileMagicSize { 1138 assert.Error(t, err, ErrorEncryptedBadMagic.Error()) 1139 assert.Nil(t, fh) 1140 } else { 1141 assert.NoError(t, err) 1142 _, err = ioutil.ReadAll(fh) 1143 assert.Error(t, err, ErrorEncryptedFileBadHeader.Error()) 1144 } 1145 file16copy[i] ^= 0xFF 1146 } 1147 } 1148 1149 func TestDecrypterClose(t *testing.T) { 1150 c, err := newCipher(NameEncryptionStandard, "", "", true) 1151 assert.NoError(t, err) 1152 1153 cd := newCloseDetector(bytes.NewBuffer(file16)) 1154 fh, err := c.newDecrypter(cd) 1155 assert.NoError(t, err) 1156 assert.Equal(t, 0, cd.closed) 1157 1158 // close before reading 1159 assert.Equal(t, nil, fh.err) 1160 err = fh.Close() 1161 assert.NoError(t, err) 1162 assert.Equal(t, ErrorFileClosed, fh.err) 1163 assert.Equal(t, 1, cd.closed) 1164 1165 // double close 1166 err = fh.Close() 1167 assert.Error(t, err, ErrorFileClosed.Error()) 1168 assert.Equal(t, 1, cd.closed) 1169 1170 // try again reading the file this time 1171 cd = newCloseDetector(bytes.NewBuffer(file1)) 1172 fh, err = c.newDecrypter(cd) 1173 assert.NoError(t, err) 1174 assert.Equal(t, 0, cd.closed) 1175 1176 // close after reading 1177 out, err := ioutil.ReadAll(fh) 1178 assert.NoError(t, err) 1179 assert.Equal(t, []byte{1}, out) 1180 assert.Equal(t, io.EOF, fh.err) 1181 err = fh.Close() 1182 assert.NoError(t, err) 1183 assert.Equal(t, ErrorFileClosed, fh.err) 1184 assert.Equal(t, 1, cd.closed) 1185 } 1186 1187 func TestPutGetBlock(t *testing.T) { 1188 c, err := newCipher(NameEncryptionStandard, "", "", true) 1189 assert.NoError(t, err) 1190 1191 block := c.getBlock() 1192 c.putBlock(block) 1193 c.putBlock(block) 1194 1195 assert.Panics(t, func() { c.putBlock(block[:len(block)-1]) }) 1196 } 1197 1198 func TestKey(t *testing.T) { 1199 c, err := newCipher(NameEncryptionStandard, "", "", true) 1200 assert.NoError(t, err) 1201 1202 // Check zero keys OK 1203 assert.Equal(t, [32]byte{}, c.dataKey) 1204 assert.Equal(t, [32]byte{}, c.nameKey) 1205 assert.Equal(t, [16]byte{}, c.nameTweak) 1206 1207 require.NoError(t, c.Key("potato", "")) 1208 assert.Equal(t, [32]byte{0x74, 0x55, 0xC7, 0x1A, 0xB1, 0x7C, 0x86, 0x5B, 0x84, 0x71, 0xF4, 0x7B, 0x79, 0xAC, 0xB0, 0x7E, 0xB3, 0x1D, 0x56, 0x78, 0xB8, 0x0C, 0x7E, 0x2E, 0xAF, 0x4F, 0xC8, 0x06, 0x6A, 0x9E, 0xE4, 0x68}, c.dataKey) 1209 assert.Equal(t, [32]byte{0x76, 0x5D, 0xA2, 0x7A, 0xB1, 0x5D, 0x77, 0xF9, 0x57, 0x96, 0x71, 0x1F, 0x7B, 0x93, 0xAD, 0x63, 0xBB, 0xB4, 0x84, 0x07, 0x2E, 0x71, 0x80, 0xA8, 0xD1, 0x7A, 0x9B, 0xBE, 0xC1, 0x42, 0x70, 0xD0}, c.nameKey) 1210 assert.Equal(t, [16]byte{0xC1, 0x8D, 0x59, 0x32, 0xF5, 0x5B, 0x28, 0x28, 0xC5, 0xE1, 0xE8, 0x72, 0x15, 0x52, 0x03, 0x10}, c.nameTweak) 1211 1212 require.NoError(t, c.Key("Potato", "")) 1213 assert.Equal(t, [32]byte{0xAE, 0xEA, 0x6A, 0xD3, 0x47, 0xDF, 0x75, 0xB9, 0x63, 0xCE, 0x12, 0xF5, 0x76, 0x23, 0xE9, 0x46, 0xD4, 0x2E, 0xD8, 0xBF, 0x3E, 0x92, 0x8B, 0x39, 0x24, 0x37, 0x94, 0x13, 0x3E, 0x5E, 0xF7, 0x5E}, c.dataKey) 1214 assert.Equal(t, [32]byte{0x54, 0xF7, 0x02, 0x6E, 0x8A, 0xFC, 0x56, 0x0A, 0x86, 0x63, 0x6A, 0xAB, 0x2C, 0x9C, 0x51, 0x62, 0xE5, 0x1A, 0x12, 0x23, 0x51, 0x83, 0x6E, 0xAF, 0x50, 0x42, 0x0F, 0x98, 0x1C, 0x86, 0x0A, 0x19}, c.nameKey) 1215 assert.Equal(t, [16]byte{0xF8, 0xC1, 0xB6, 0x27, 0x2D, 0x52, 0x9B, 0x4A, 0x8F, 0xDA, 0xEB, 0x42, 0x4A, 0x28, 0xDD, 0xF3}, c.nameTweak) 1216 1217 require.NoError(t, c.Key("potato", "sausage")) 1218 assert.Equal(t, [32]uint8{0x8e, 0x9b, 0x6b, 0x99, 0xf8, 0x69, 0x4, 0x67, 0xa0, 0x71, 0xf9, 0xcb, 0x92, 0xd0, 0xaa, 0x78, 0x7f, 0x8f, 0xf1, 0x78, 0xbe, 0xc9, 0x6f, 0x99, 0x9f, 0xd5, 0x20, 0x6e, 0x64, 0x4a, 0x1b, 0x50}, c.dataKey) 1219 assert.Equal(t, [32]uint8{0x3e, 0xa9, 0x5e, 0xf6, 0x81, 0x78, 0x2d, 0xc9, 0xd9, 0x95, 0x5d, 0x22, 0x5b, 0xfd, 0x44, 0x2c, 0x6f, 0x5d, 0x68, 0x97, 0xb0, 0x29, 0x1, 0x5c, 0x6f, 0x46, 0x2e, 0x2a, 0x9d, 0xae, 0x2c, 0xe3}, c.nameKey) 1220 assert.Equal(t, [16]uint8{0xf1, 0x7f, 0xd7, 0x14, 0x1d, 0x65, 0x27, 0x4f, 0x36, 0x3f, 0xc2, 0xa0, 0x4d, 0xd2, 0x14, 0x8a}, c.nameTweak) 1221 1222 require.NoError(t, c.Key("potato", "Sausage")) 1223 assert.Equal(t, [32]uint8{0xda, 0x81, 0x8c, 0x67, 0xef, 0x11, 0xf, 0xc8, 0xd5, 0xc8, 0x62, 0x4b, 0x7f, 0xe2, 0x9e, 0x35, 0x35, 0xb0, 0x8d, 0x79, 0x84, 0x89, 0xac, 0xcb, 0xa0, 0xff, 0x2, 0x72, 0x3, 0x1a, 0x5e, 0x64}, c.dataKey) 1224 assert.Equal(t, [32]uint8{0x2, 0x81, 0x7e, 0x7b, 0xea, 0x99, 0x81, 0x5a, 0xd0, 0x2d, 0xb9, 0x64, 0x48, 0xb0, 0x28, 0x27, 0x7c, 0x20, 0xb4, 0xd4, 0xa4, 0x68, 0xad, 0x4e, 0x5c, 0x29, 0xf, 0x79, 0xef, 0xee, 0xdb, 0x3b}, c.nameKey) 1225 assert.Equal(t, [16]uint8{0x9a, 0xb5, 0xb, 0x3d, 0xcb, 0x60, 0x59, 0x55, 0xa5, 0x4d, 0xe6, 0xb6, 0x47, 0x3, 0x23, 0xe2}, c.nameTweak) 1226 1227 require.NoError(t, c.Key("", "")) 1228 assert.Equal(t, [32]byte{}, c.dataKey) 1229 assert.Equal(t, [32]byte{}, c.nameKey) 1230 assert.Equal(t, [16]byte{}, c.nameTweak) 1231 }