Ejemplo n.º 1
0
func benchmarkEncrypt(
	b *testing.B,
	size int) {
	var err error

	// Generate the appropriate amount of random data.
	plaintext := make([]byte, size)
	_, err = rand.Read(plaintext)
	if err != nil {
		b.Fatalf("rand.Read: %v", err)
	}

	// Create a random key.
	const keyLen = 32
	key := make([]byte, keyLen)

	_, err = rand.Read(key)
	if err != nil {
		b.Fatalf("rand.Read: %v", err)
	}

	// Repeatedly encrypt.
	b.ResetTimer()
	for i := 0; i < b.N; i++ {
		_, err = siv.Encrypt(nil, key, plaintext, nil)
		if err != nil {
			b.Fatalf("Encrypt: %v", err)
		}
	}

	b.SetBytes(int64(size))
}
Ejemplo n.º 2
0
// Print a single test case to STDOUT.
func printTestCase(key []byte, plaintext []byte, associatedData [][]byte) {
	// CTR mode encryption key
	fmt.Println(hex.EncodeToString(key[len(key)/2:]))

	// MAC (authentication) key
	fmt.Println(hex.EncodeToString(key[:len(key)/2]))

	// Plaintext
	fmt.Println(hex.EncodeToString(plaintext))

	// Additional associated data
	fmt.Printf("%v\n", len(associatedData))
	for _, adElem := range associatedData {
		fmt.Println(hex.EncodeToString(adElem))
	}

	// Ciphertext
	ciphertext, err := siv.Encrypt(nil, key, plaintext, associatedData)
	if err != nil {
		fmt.Println("encrypt failed: ", err)
		os.Exit(7)
	}
	fmt.Println(hex.EncodeToString(ciphertext))

	// End of test case
	fmt.Println("---")
}
Ejemplo n.º 3
0
func (t *EncryptTest) LongKey() {
	key := make([]byte, 65)
	plaintext := []byte{}

	_, err := siv.Encrypt(nil, key, plaintext, nil)
	ExpectThat(err, Error(HasSubstr("-byte")))
}
Ejemplo n.º 4
0
func (t *EncryptTest) Rfc5297TestCaseA2() {
	key := aes_testing.FromRfcHex(
		"7f7e7d7c 7b7a7978 77767574 73727170" +
			"40414243 44454647 48494a4b 4c4d4e4f")

	plaintext := aes_testing.FromRfcHex(
		"74686973 20697320 736f6d65 20706c61" +
			"696e7465 78742074 6f20656e 63727970" +
			"74207573 696e6720 5349562d 414553")

	associated := [][]byte{
		aes_testing.FromRfcHex(
			"00112233 44556677 8899aabb ccddeeff" +
				"deaddada deaddada ffeeddcc bbaa9988" +
				"77665544 33221100"),
		aes_testing.FromRfcHex(
			"10203040 50607080 90a0"),
		aes_testing.FromRfcHex(
			"09f91102 9d74e35b d84156c5 635688c0"),
	}

	expected := aes_testing.FromRfcHex(
		"7bdb6e3b 432667eb 06f4d14b ff2fbd0f" +
			"cb900f2f ddbe4043 26601965 c889bf17" +
			"dba77ceb 094fa663 b7a3f748 ba8af829" +
			"ea64ad54 4a272e9c 485b62a3 fd5c0d")

	output, err := siv.Encrypt(nil, key, plaintext, associated)
	AssertEq(nil, err)
	ExpectThat(output, DeepEquals(expected))
}
Ejemplo n.º 5
0
func (t *EncryptTest) JustLittleEnoughAssociatedData() {
	key := make([]byte, 64)
	plaintext := []byte{}
	associated := make([][]byte, 126)

	_, err := siv.Encrypt(nil, key, plaintext, associated)
	ExpectEq(nil, err)
}
Ejemplo n.º 6
0
func (t *EncryptTest) TooMuchAssociatedData() {
	key := make([]byte, 64)
	plaintext := []byte{}
	associated := make([][]byte, 127)

	_, err := siv.Encrypt(nil, key, plaintext, associated)
	ExpectThat(err, Error(HasSubstr("associated")))
	ExpectThat(err, Error(HasSubstr("126")))
}
Ejemplo n.º 7
0
func (t *EncryptTest) OutputIsDeterministic() {
	cases := aes_testing.EncryptCases()
	AssertGt(len(cases), 37)
	c := cases[37]

	output0, err := siv.Encrypt(nil, c.Key, c.Plaintext, c.Associated)
	AssertEq(nil, err)

	output1, err := siv.Encrypt(nil, c.Key, c.Plaintext, c.Associated)
	AssertEq(nil, err)

	output2, err := siv.Encrypt(nil, c.Key, c.Plaintext, c.Associated)
	AssertEq(nil, err)

	AssertGt(len(output0), 0)
	ExpectThat(output0, DeepEquals(output1))
	ExpectThat(output0, DeepEquals(output2))
}
Ejemplo n.º 8
0
// Test using a 64-byte key
func TestK64(t *testing.T) {
	key := bytes.Repeat([]byte{1}, 64)
	nonce := bytes.Repeat([]byte{2}, 16)
	plaintext := []byte{1, 2, 3, 4, 5, 6, 7, 8, 9}
	aData := make([]byte, 24)
	// Compare siv and siv_aead results
	sResult, err := siv.Encrypt(nonce, key, plaintext, [][]byte{aData, nonce})
	if err != nil {
		t.Fatal(err)
	}
	a := New(key)
	aResult := a.Seal(nonce, nonce, plaintext, aData)
	if !bytes.Equal(sResult, aResult) {
		t.Errorf("siv and siv_aead produce different results")
	}
	expectedResult, _ := hex.DecodeString(
		"02020202020202020202020202020202317b316f67c3ad336c01c9a01b4c5e552ba89e966bc4c1ade1")
	if !bytes.Equal(aResult, expectedResult) {
		t.Errorf(hex.EncodeToString(aResult))
	}
	// Verify overhead
	overhead := len(aResult) - len(plaintext) - len(nonce)
	if overhead != a.Overhead() {
		t.Errorf("Overhead() returns a wrong value")
	}
	// Decrypt
	p1, err := a.Open(nil, aResult[:16], aResult[16:], aData)
	if err != nil {
		t.Error(err)
	}
	if !bytes.Equal(plaintext, p1) {
		t.Errorf("wrong plaintext")
	}
	// Decrypt and append
	dst := []byte{0xaa, 0xbb, 0xcc}
	p2, err := a.Open(dst, aResult[:16], aResult[16:], aData)
	if err != nil {
		t.Error(err)
	}
	p2e := append(dst, plaintext...)
	if !bytes.Equal(p2e, p2) {
		t.Errorf("wrong plaintext: %s", hex.EncodeToString(p2))
	}
	// Decrypt corrupt
	aResult[17] = 0
	_, err = a.Open(nil, aResult[:16], aResult[16:], aData)
	if err == nil {
		t.Error("should have failed")
	}
	// Decrypt and append corrupt
	aResult[17] = 0
	_, err = a.Open(dst, aResult[:16], aResult[16:], aData)
	if err == nil {
		t.Error("should have failed")
	}
}
Ejemplo n.º 9
0
func (t *EncryptTest) GeneratedTestCases() {
	cases := aes_testing.EncryptCases()
	AssertGe(len(cases), 100)

	for i, c := range cases {
		output, err := siv.Encrypt(nil, c.Key, c.Plaintext, c.Associated)
		AssertEq(nil, err, "Case %d: %v", i, c)
		ExpectThat(output, DeepEquals(c.Output), "Case %d: %v", i, c)
	}
}
Ejemplo n.º 10
0
func EncryptInvocations(cmds g.Invocations, key []byte) (g.Invocations, error) {
	dst := make([]byte, 0)
	assoc := make([][]byte, 0)
	for i, c := range cmds {
		com, err := siv.Encrypt(dst, key, []byte(c.Command), assoc)
		dir, err := siv.Encrypt(dst, key, []byte(c.Directory), assoc)
		host, err := siv.Encrypt(dst, key, []byte(c.Host), assoc)
		shell, err := siv.Encrypt(dst, key, []byte(c.Shell), assoc)
		user, err := siv.Encrypt(dst, key, []byte(c.User), assoc)
		tags := make([]string, 0)
		for _, tag := range c.Tags {
			t, err := siv.Encrypt(dst, key, []byte(tag), assoc)
			if err != nil {
				return nil, err
			}
			tags = append(tags, string(t))
		}
		if err != nil {
			return nil, err
		}
		cmds[i].Command = string(com)
		cmds[i].Directory = string(dir)
		cmds[i].Host = string(host)
		cmds[i].Shell = string(shell)
		cmds[i].User = string(user)
		cmds[i].Tags = tags
	}
	return cmds, nil
}
Ejemplo n.º 11
0
// Seal encrypts "in" using "nonce" and "authData" and append the result to "dst"
func (s *sivAead) Seal(dst, nonce, plaintext, authData []byte) []byte {
	if len(nonce) != 16 {
		// SIV supports any nonce size, but in gocryptfs we exclusively use 16.
		log.Panic("nonce must be 16 bytes long")
	}
	// https://github.com/jacobsa/crypto/blob/master/siv/encrypt.go#L48:
	// As per RFC 5297 section 3, you may use this function for nonce-based
	// authenticated encryption by passing a nonce as the last associated
	// data element.
	associated := [][]byte{authData, nonce}
	out, err := siv.Encrypt(dst, s.key, plaintext, associated)
	if err != nil {
		log.Panic(err)
	}
	return out
}
Ejemplo n.º 12
0
// Test all supported key lengths
func TestKeyLens(t *testing.T) {
	keyLens := []int{32, 48, 64}
	nonce := make([]byte, 16)
	plaintext := []byte("foobar")
	for _, keyLen := range keyLens {
		key := make([]byte, keyLen)
		a := New(key)
		ciphertext2 := a.Seal(nil, nonce, plaintext, nil)

		ciphertext, err := siv.Encrypt(nil, key, plaintext, [][]byte{nil, nonce})
		if err != nil {
			t.Error(err)
		} else if o := len(ciphertext) - len(plaintext); o != a.Overhead() {
			t.Errorf("keyLen=%d, actual overhead: %d\n", keyLen, o)
		}
		if !bytes.Equal(ciphertext, ciphertext2) {
			t.Errorf("siv and siv_aead produce different results")
		}
	}

}
Ejemplo n.º 13
0
func (t *EncryptTest) DoesntClobberAssociatedSlice() {
	key := make([]byte, 32)
	plaintext := []byte{}

	associated0 := aes_testing.FromRfcHex("deadbeef")
	associated1 := aes_testing.FromRfcHex("feedface")
	associated2 := aes_testing.FromRfcHex("ba5eba11")
	associated := [][]byte{associated0, associated1, associated2}

	// Call with a slice of associated missing the last element. The last element
	// shouldn't be clobbered.
	_, err := siv.Encrypt(nil, key, plaintext, associated[:2])
	AssertEq(nil, err)

	ExpectThat(
		associated,
		ElementsAre(
			DeepEquals(associated0),
			DeepEquals(associated1),
			DeepEquals(associated2),
		))
}
Ejemplo n.º 14
0
func (t *EncryptTest) Rfc5297TestCaseA1() {
	key := aes_testing.FromRfcHex(
		"fffefdfc fbfaf9f8 f7f6f5f4 f3f2f1f0" +
			"f0f1f2f3 f4f5f6f7 f8f9fafb fcfdfeff")

	plaintext := aes_testing.FromRfcHex(
		"11223344 55667788 99aabbcc ddee")

	associated := [][]byte{
		aes_testing.FromRfcHex(
			"10111213 14151617 18191a1b 1c1d1e1f" +
				"20212223 24252627"),
	}

	expected := aes_testing.FromRfcHex(
		"85632d07 c6e8f37f 950acd32 0a2ecc93" +
			"40c02b96 90c4dc04 daef7f6a fe5c")

	output, err := siv.Encrypt(nil, key, plaintext, associated)
	AssertEq(nil, err)
	ExpectThat(output, DeepEquals(expected))
}
Ejemplo n.º 15
0
func (c *sivCrypter) Encrypt(dst, plaintext []byte) ([]byte, error) {
	return siv.Encrypt(dst, c.key, plaintext, nil)
}