-
Notifications
You must be signed in to change notification settings - Fork 25
/
object_test.go
139 lines (126 loc) · 3.04 KB
/
object_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
package object
import (
"bytes"
"io"
"math"
"testing"
"lukechampine.com/frand"
)
func TestEncryptionOffset(t *testing.T) {
key := GenerateEncryptionKey(EncryptionKeyTypeBasic)
encrypt := func(offset uint64, plainText []byte) []byte {
t.Helper()
sr, err := key.Encrypt(bytes.NewReader(plainText), EncryptionOptions{
Offset: offset,
})
if err != nil {
t.Fatal(err)
}
ct, err := io.ReadAll(sr)
if err != nil {
t.Fatal(err)
}
return ct
}
decrypt := func(offset uint64, cipherText []byte) []byte {
pt := bytes.NewBuffer(nil)
sw, err := key.Decrypt(pt, EncryptionOptions{
Offset: offset,
})
if err != nil {
t.Fatal(err)
} else if _, err := sw.Write(cipherText); err != nil {
t.Fatal(err)
}
return pt.Bytes()
}
data := frand.Bytes(640)
offset := uint64(64)
if !bytes.Equal(data, decrypt(offset, encrypt(offset, data))) {
t.Fatal("mismatch")
} else if bytes.Equal(data, decrypt(offset, encrypt(128, data))) {
t.Fatal("expected mismatch")
}
}
func TestEncryptionOverflow(t *testing.T) {
// Create a random key.
key := GenerateEncryptionKey(EncryptionKeyTypeBasic)
data := frand.Bytes(3 * 64)
sr, err := key.Encrypt(bytes.NewReader(data), EncryptionOptions{})
if err != nil {
t.Fatal(err)
}
// Check that the streamreader is initialized correctly.
rs := sr.S.(*rekeyStream)
if rs.counter != 0 {
t.Fatalf("expected counter to be 0, got %v", rs.counter)
}
if rs.nonce != 0 {
t.Fatalf("expected nonce to be 0, got %v", rs.nonce)
}
// Read 64 bytes.
b := make([]byte, 64)
n, err := sr.Read(b)
if err != nil {
t.Fatal(err)
}
if n != len(b) {
t.Fatalf("expected to read 10 bytes, got %v", n)
}
// Assert counter was incremented correctly.
if rs.counter != 64 {
t.Fatalf("expected counter to be 10, got %v", rs.counter)
}
if rs.nonce != 0 {
t.Fatalf("expected nonce to be 0, got %v", rs.nonce)
}
// Assert data matches.
buf := bytes.NewBuffer(nil)
sw, err := key.Decrypt(buf, EncryptionOptions{})
if err != nil {
t.Fatal(err)
}
written, err := sw.Write(b)
if err != nil {
t.Fatal(err)
} else if written != len(b) {
t.Fatal("unexpected")
}
if !bytes.Equal(buf.Bytes(), data[:64]) {
t.Fatal("mismatch", buf.Bytes(), data[:10])
}
// Move the counter 64 bytes before an overflow and read 128 bytes.
b = make([]byte, 128)
rs.counter = math.MaxUint32*64 - 64
rs.c.SetCounter(math.MaxUint32 - 1)
n, err = sr.Read(b)
if err != nil {
t.Fatal(err)
}
if n != len(b) {
t.Fatalf("expected to read 10 bytes, got %v", n)
}
// Check that counter and nonce did overflow correctly.
if rs.counter != 64 {
t.Fatalf("expected counter to be 10, got %v", rs.counter)
}
if rs.nonce != 1 {
t.Fatalf("expected nonce to be 0, got %v", rs.nonce)
}
// Assert data matches.
buf = bytes.NewBuffer(nil)
sw, err = key.Decrypt(buf, EncryptionOptions{Offset: math.MaxUint32*64 - 64})
if err != nil {
t.Fatal(err)
}
written, err = sw.Write(b)
if err != nil {
t.Fatal(err)
}
if written != len(b) {
t.Fatal("unexpected")
}
if !bytes.Equal(buf.Bytes(), data[64:]) {
t.Fatal("mismatch")
}
}