prng = rand.Reader
})
JustBeforeEach(func() {
cryptor = encryption.NewCryptor(keyManager, prng)
})
It("successfully encrypts and decrypts with a key", func() {
input := []byte("some plaintext data")
encrypted, err := cryptor.Encrypt(input)
Expect(err).NotTo(HaveOccurred())
Expect(encrypted.CipherText).NotTo(HaveLen(0))
Expect(encrypted.CipherText).NotTo(Equal(input))
plaintext, err := cryptor.Decrypt(encrypted)
Expect(err).NotTo(HaveOccurred())
Expect(plaintext).NotTo(HaveLen(0))
Expect(plaintext).To(Equal(input))
})
It("has the expected nonce length", func() {
input := []byte("some plaintext data")
encrypted, err := cryptor.Encrypt(input)
Expect(err).NotTo(HaveOccurred())
Expect(encrypted.Nonce).To(HaveLen(encryption.NonceSize))
})
Context("when the nonce is incorrect", func() {
It("fails to decrypt", func() {
label := string(decoded[:labelLength])
decoded = decoded[labelLength:]
nonce := decoded[:encryption.NonceSize]
ciphertext := decoded[encryption.NonceSize:]
Expect(labelLength).To(BeEquivalentTo(len("label")))
Expect(label).To(Equal("label"))
encrypted := encryption.Encrypted{
KeyLabel: label,
Nonce: nonce,
CipherText: ciphertext,
}
decrypted, err := cryptor.Decrypt(encrypted)
Expect(err).NotTo(HaveOccurred())
Expect(decrypted).To(Equal(payload))
})
Context("when encryption fails", func() {
var cryptError = errors.New("boom")
BeforeEach(func() {
fakeCryptor := &encryption_fakes.FakeCryptor{}
fakeCryptor.EncryptReturns(encryption.Encrypted{}, cryptError)
cryptor = fakeCryptor
})
It("it returns the error", func() {
