1*e7b1675dSTing-Kang Chang// Copyright 2020 Google LLC 2*e7b1675dSTing-Kang Chang// 3*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang// 7*e7b1675dSTing-Kang Chang// http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang// 9*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS, 11*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang// limitations under the License. 14*e7b1675dSTing-Kang Chang// 15*e7b1675dSTing-Kang Chang//////////////////////////////////////////////////////////////////////////////// 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Changpackage subtle_test 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Changimport ( 20*e7b1675dSTing-Kang Chang "bytes" 21*e7b1675dSTing-Kang Chang "encoding/hex" 22*e7b1675dSTing-Kang Chang "fmt" 23*e7b1675dSTing-Kang Chang "io" 24*e7b1675dSTing-Kang Chang 25*e7b1675dSTing-Kang Chang "github.com/google/tink/go/tink" 26*e7b1675dSTing-Kang Chang) 27*e7b1675dSTing-Kang Chang 28*e7b1675dSTing-Kang Changvar ( 29*e7b1675dSTing-Kang Chang ikm = []byte{ 30*e7b1675dSTing-Kang Chang 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 31*e7b1675dSTing-Kang Chang 0xc, 0xd, 0xe, 0xf, 0x0, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 32*e7b1675dSTing-Kang Chang 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 33*e7b1675dSTing-Kang Chang } 34*e7b1675dSTing-Kang Chang aad = []byte{0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff} 35*e7b1675dSTing-Kang Chang) 36*e7b1675dSTing-Kang Chang 37*e7b1675dSTing-Kang Chang// encrypt generates a random plaintext of size plaintextSize and encrypts it 38*e7b1675dSTing-Kang Chang// using the cipher. Upon success this function returns the actual plaintext 39*e7b1675dSTing-Kang Chang// and ciphertext bytes. 40*e7b1675dSTing-Kang Changfunc encrypt(cipher tink.StreamingAEAD, aad []byte, plaintextSize int) ([]byte, []byte, error) { 41*e7b1675dSTing-Kang Chang pt := make([]byte, plaintextSize) 42*e7b1675dSTing-Kang Chang for i := range pt { 43*e7b1675dSTing-Kang Chang pt[i] = byte(i % 253) 44*e7b1675dSTing-Kang Chang } 45*e7b1675dSTing-Kang Chang 46*e7b1675dSTing-Kang Chang ctBuf := &bytes.Buffer{} 47*e7b1675dSTing-Kang Chang w, err := cipher.NewEncryptingWriter(ctBuf, aad) 48*e7b1675dSTing-Kang Chang if err != nil { 49*e7b1675dSTing-Kang Chang return nil, nil, fmt.Errorf("cannot create an encrypt writer: %v", err) 50*e7b1675dSTing-Kang Chang } 51*e7b1675dSTing-Kang Chang n, err := w.Write(pt) 52*e7b1675dSTing-Kang Chang if err != nil { 53*e7b1675dSTing-Kang Chang return nil, nil, fmt.Errorf("error writing to an encrypt writer: %v", err) 54*e7b1675dSTing-Kang Chang } 55*e7b1675dSTing-Kang Chang if n != len(pt) { 56*e7b1675dSTing-Kang Chang return nil, nil, fmt.Errorf("unexpected number of bytes written. Got=%d;want=%d", n, len(pt)) 57*e7b1675dSTing-Kang Chang } 58*e7b1675dSTing-Kang Chang if err := w.Close(); err != nil { 59*e7b1675dSTing-Kang Chang return nil, nil, fmt.Errorf("error closing writer: %v", err) 60*e7b1675dSTing-Kang Chang } 61*e7b1675dSTing-Kang Chang return pt, ctBuf.Bytes(), err 62*e7b1675dSTing-Kang Chang} 63*e7b1675dSTing-Kang Chang 64*e7b1675dSTing-Kang Chang// decrypt decrypts ciphertext ct using the cipher and validates that it's the 65*e7b1675dSTing-Kang Chang// same as the original plaintext pt. 66*e7b1675dSTing-Kang Changfunc decrypt(cipher tink.StreamingAEAD, aad, pt, ct []byte, chunkSize int) error { 67*e7b1675dSTing-Kang Chang r, err := cipher.NewDecryptingReader(bytes.NewBuffer(ct), aad) 68*e7b1675dSTing-Kang Chang if err != nil { 69*e7b1675dSTing-Kang Chang return fmt.Errorf("cannot create an encrypt reader: %v", err) 70*e7b1675dSTing-Kang Chang } 71*e7b1675dSTing-Kang Chang 72*e7b1675dSTing-Kang Chang var ( 73*e7b1675dSTing-Kang Chang chunk = make([]byte, chunkSize) 74*e7b1675dSTing-Kang Chang decrypted = 0 75*e7b1675dSTing-Kang Chang eof = false 76*e7b1675dSTing-Kang Chang ) 77*e7b1675dSTing-Kang Chang for !eof { 78*e7b1675dSTing-Kang Chang n, err := r.Read(chunk) 79*e7b1675dSTing-Kang Chang if err != nil && err != io.EOF { 80*e7b1675dSTing-Kang Chang return fmt.Errorf("error reading chunk: %v", err) 81*e7b1675dSTing-Kang Chang } 82*e7b1675dSTing-Kang Chang eof = err == io.EOF 83*e7b1675dSTing-Kang Chang got := chunk[:n] 84*e7b1675dSTing-Kang Chang want := pt[decrypted : decrypted+n] 85*e7b1675dSTing-Kang Chang if !bytes.Equal(got, want) { 86*e7b1675dSTing-Kang Chang return fmt.Errorf("decrypted data doesn't match. Got=%s;want=%s", hex.EncodeToString(got), hex.EncodeToString(want)) 87*e7b1675dSTing-Kang Chang } 88*e7b1675dSTing-Kang Chang decrypted += n 89*e7b1675dSTing-Kang Chang } 90*e7b1675dSTing-Kang Chang if decrypted != len(pt) { 91*e7b1675dSTing-Kang Chang return fmt.Errorf("number of decrypted bytes doesn't match. Got=%d;want=%d", decrypted, len(pt)) 92*e7b1675dSTing-Kang Chang } 93*e7b1675dSTing-Kang Chang return nil 94*e7b1675dSTing-Kang Chang} 95*e7b1675dSTing-Kang Chang 96*e7b1675dSTing-Kang Changfunc segmentPos(segmentSize, firstSegmentOffset, headerLen, segmentNr int) (int, int) { 97*e7b1675dSTing-Kang Chang start := segmentSize * segmentNr 98*e7b1675dSTing-Kang Chang end := start + segmentSize 99*e7b1675dSTing-Kang Chang 100*e7b1675dSTing-Kang Chang firstSegmentDiff := firstSegmentOffset + headerLen 101*e7b1675dSTing-Kang Chang if start > 0 { 102*e7b1675dSTing-Kang Chang start -= firstSegmentDiff 103*e7b1675dSTing-Kang Chang } 104*e7b1675dSTing-Kang Chang end -= firstSegmentDiff 105*e7b1675dSTing-Kang Chang return start + headerLen, end + headerLen 106*e7b1675dSTing-Kang Chang} 107