-
Notifications
You must be signed in to change notification settings - Fork 8
/
crypto_test.go
115 lines (100 loc) · 2.74 KB
/
crypto_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
package main
import (
"bytes"
"testing"
"github.com/awnumar/memguard"
)
func TestEncryptDecrypt(t *testing.T) {
// Declare the plaintext and the key.
m := make([]byte, 64)
memguard.ScrambleBytes(m)
k := make([]byte, 32)
memguard.ScrambleBytes(k)
// Encrypt the message.
x, err := Encrypt(m, k)
if err != nil {
t.Error("expected no errors; got", err)
}
// Decrypt the message.
dm := make([]byte, len(x)-Overhead)
length, err := Decrypt(x, k, dm)
if err != nil {
t.Error("expected no errors; got", err)
}
if length != len(x)-Overhead {
t.Error("unexpected plaintext length; got", length)
}
// Verify that the plaintexts match.
if !bytes.Equal(m, dm) {
t.Error("decrypted plaintext does not match original")
}
// Attempt decryption /w buffer that is too small to hold the output.
out := make([]byte, len(x)-Overhead-1)
length, err = Decrypt(x, k, out)
if err != ErrBufferTooSmall {
t.Error("expected error; got", err)
}
if length != 0 {
t.Error("expected zero length; got", length)
}
// Construct a buffer that has the correct capacity but a smaller length.
out = make([]byte, len(x)-Overhead)
smallOut := out[:2]
if len(smallOut) != 2 || cap(smallOut) != len(x)-Overhead {
t.Error("invalid construction for test")
}
length, err = Decrypt(x, k, smallOut)
if err != nil {
t.Error("unexpected error:", err)
}
if length != len(x)-Overhead {
t.Error("unexpected length; got", length)
}
if !bytes.Equal(m, smallOut[:len(x)-Overhead]) {
t.Error("decrypted plaintext does not match original")
}
// Generate an incorrect key.
ik := make([]byte, 32)
memguard.ScrambleBytes(ik)
// Attempt decryption with the incorrect key.
length, err = Decrypt(x, ik, dm)
if length != 0 {
t.Error("expected length = 0; got", length)
}
if err != ErrDecryptionFailed {
t.Error("expected error with incorrect key; got", err)
}
// Modify the ciphertext somewhat.
for i := range x {
if i%32 == 0 {
x[i] = 0xdb
}
}
// Attempt decryption of the invalid ciphertext with the correct key.
length, err = Decrypt(x, k, dm)
if length != 0 {
t.Error("expected length = 0; got", length)
}
if err != ErrDecryptionFailed {
t.Error("expected error with modified ciphertext; got", err)
}
// Generate a key of an invalid length.
ik = make([]byte, 16)
memguard.ScrambleBytes(ik)
// Attempt encryption with the invalid key.
ix, err := Encrypt(m, ik)
if err != ErrInvalidKeyLength {
t.Error("expected error with invalid key; got", err)
}
if ix != nil {
t.Error("expected nil ciphertext; got", dm)
}
// Attempt decryption with the invalid key.
length, err = Decrypt(x, ik, dm)
if length != 0 {
t.Error("expected length = 0; got", length)
}
if err != ErrInvalidKeyLength {
t.Error("expected error with invalid key; got", err)
}
}