From cf2ff0558100959856c314b66a40d810f57d9bd5 Mon Sep 17 00:00:00 2001 From: Silke Date: Mon, 17 Jul 2017 14:35:33 +0200 Subject: [PATCH] Make key and nonce size explicit The key and nonce size are now given as an array pointer to make more clear that the key and nonce size are fixed. --- .../aead/aes256gcm/crypto_aead_aes256gcm.go | 31 +++++++++---------- .../aes256gcm/crypto_aead_aes256gcm_test.go | 16 +++++----- .../crypto_aead_chacha20poly1305.go | 31 +++++++++---------- .../crypto_aead_chacha20poly1305_test.go | 16 +++++----- .../crypto_aead_chacha20poly1305_ietf.go | 31 +++++++++---------- .../crypto_aead_chacha20poly1305_ietf_test.go | 16 +++++----- crypto/aead/crypto_aead_aes256gcm.go | 2 +- crypto/aead/crypto_aead_aes256gcm_test.go | 2 +- .../crypto_aead_xchacha20poly1305_ietf.go | 31 +++++++++---------- ...crypto_aead_xchacha20poly1305_ietf_test.go | 16 +++++----- 10 files changed, 90 insertions(+), 102 deletions(-) diff --git a/crypto/aead/aes256gcm/crypto_aead_aes256gcm.go b/crypto/aead/aes256gcm/crypto_aead_aes256gcm.go index 6d612cc..3287f91 100644 --- a/crypto/aead/aes256gcm/crypto_aead_aes256gcm.go +++ b/crypto/aead/aes256gcm/crypto_aead_aes256gcm.go @@ -20,26 +20,23 @@ const ( ABytes int = C.crypto_aead_aes256gcm_ABYTES // Size of an authentication tag in bytes ) -// Key represents a secret key -type Key [KeyBytes]byte - // IsAvailable returns true if AES256 is available on the current CPU func IsAvailable() bool { return C.crypto_aead_aes256gcm_is_available() != 0 } // GenerateKey generates a secret key -func GenerateKey() *Key { - k := new(Key) +func GenerateKey() *[KeyBytes]byte { + k := new([KeyBytes]byte) C.crypto_aead_aes256gcm_keygen((*C.uchar)(&k[0])) return k } // Encrypt a message `m` with additional data `ad` using a nonce `npub` and a secret key `k`. // A ciphertext (including authentication tag) and encryption status are returned. -func Encrypt(m, ad, nonce, k []byte) (c []byte) { - support.CheckSize(k, KeyBytes, "secret key") - support.CheckSize(nonce, NonceBytes, "public nonce") +func Encrypt(m, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (c []byte) { + support.NilPanic(k == nil, "secret key") + support.NilPanic(nonce == nil, "nonce") c = make([]byte, len(m)+ABytes) @@ -59,9 +56,9 @@ func Encrypt(m, ad, nonce, k []byte) (c []byte) { // Decrypt and verify a ciphertext `c` using additional data `ad`, nonce `npub` and secret key `k`. // Returns the decrypted message and verification status. -func Decrypt(c, ad, nonce, k []byte) (m []byte, err error) { - support.CheckSize(k, KeyBytes, "secret key") - support.CheckSize(nonce, NonceBytes, "public nonce") +func Decrypt(c, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (m []byte, err error) { + support.NilPanic(k == nil, "secret key") + support.NilPanic(nonce == nil, "nonce") support.CheckSizeMin(c, ABytes, "ciphertext") m = make([]byte, len(c)-ABytes) @@ -87,9 +84,9 @@ func Decrypt(c, ad, nonce, k []byte) (m []byte, err error) { // EncryptDetached encrypts a message `m` with additional data `ad` using // a nonce `npub` and a secret key `k`. // A ciphertext, authentication tag and encryption status are returned. -func EncryptDetached(m, ad, nonce, k []byte) (c, mac []byte) { - support.CheckSize(k, KeyBytes, "secret key") - support.CheckSize(nonce, NonceBytes, "public nonce") +func EncryptDetached(m, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (c, mac []byte) { + support.NilPanic(k == nil, "secret key") + support.NilPanic(nonce == nil, "nonce") c = make([]byte, len(m)) mac = make([]byte, ABytes) @@ -112,9 +109,9 @@ func EncryptDetached(m, ad, nonce, k []byte) (c, mac []byte) { // DecryptDetached decrypts and verifies a ciphertext `c` with authentication tag `mac` // using additional data `ad`, nonce `npub` and secret key `k`. // Returns the decrypted message and verification status. -func DecryptDetached(c, mac, ad, nonce, k []byte) (m []byte, err error) { - support.CheckSize(k, KeyBytes, "secret key") - support.CheckSize(nonce, NonceBytes, "public nonce") +func DecryptDetached(c, mac, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (m []byte, err error) { + support.NilPanic(k == nil, "secret key") + support.NilPanic(nonce == nil, "nonce") support.CheckSize(mac, ABytes, "mac") m = make([]byte, len(c)) diff --git a/crypto/aead/aes256gcm/crypto_aead_aes256gcm_test.go b/crypto/aead/aes256gcm/crypto_aead_aes256gcm_test.go index 4cd150f..2806951 100644 --- a/crypto/aead/aes256gcm/crypto_aead_aes256gcm_test.go +++ b/crypto/aead/aes256gcm/crypto_aead_aes256gcm_test.go @@ -11,7 +11,7 @@ var testCount = 100000 type TestData struct { Message []byte Ad []byte - Key Key + Key [KeyBytes]byte Nonce [NonceBytes]byte } @@ -22,7 +22,7 @@ func Test(t *testing.T) { } // Test the key generation - if *GenerateKey() == (Key{}) { + if *GenerateKey() == ([KeyBytes]byte{}) { t.Error("Generated key is zero") } @@ -44,24 +44,24 @@ func Test(t *testing.T) { f.Fuzz(&test) // Detached encryption test - c, mac = EncryptDetached(test.Message, test.Ad, test.Nonce[:], test.Key[:]) + c, mac = EncryptDetached(test.Message, test.Ad, &test.Nonce, &test.Key) // Encryption test - ec = Encrypt(test.Message, test.Ad, test.Nonce[:], test.Key[:]) + ec = Encrypt(test.Message, test.Ad, &test.Nonce, &test.Key) if !bytes.Equal(ec, append(c, mac...)) { t.Errorf("Encryption failed for %+v", test) t.FailNow() } // Detached decryption test - m, err = DecryptDetached(c, mac, test.Ad, test.Nonce[:], test.Key[:]) + m, err = DecryptDetached(c, mac, test.Ad, &test.Nonce, &test.Key) if err != nil || !bytes.Equal(m, test.Message) { t.Errorf("Detached decryption failed for %+v", test) t.FailNow() } // Decryption test - m, err = Decrypt(ec, test.Ad, test.Nonce[:], test.Key[:]) + m, err = Decrypt(ec, test.Ad, &test.Nonce, &test.Key) if err != nil || !bytes.Equal(m, test.Message) { t.Errorf("Decryption failed for %+v", test) t.FailNow() @@ -69,7 +69,7 @@ func Test(t *testing.T) { // Failed detached decryption test mac = make([]byte, ABytes) - m, err = DecryptDetached(c, mac, test.Ad, test.Nonce[:], test.Key[:]) + m, err = DecryptDetached(c, mac, test.Ad, &test.Nonce, &test.Key) if err == nil { t.Errorf("Detached decryption unexpectedly succeeded for %+v", test) t.FailNow() @@ -77,7 +77,7 @@ func Test(t *testing.T) { // Failed decryption test copy(ec[len(m):], mac) - m, err = Decrypt(ec, test.Ad, test.Nonce[:], test.Key[:]) + m, err = Decrypt(ec, test.Ad, &test.Nonce, &test.Key) if err == nil { t.Errorf("Decryption unexpectedly succeeded for %+v", test) t.FailNow() diff --git a/crypto/aead/chacha20poly1305/crypto_aead_chacha20poly1305.go b/crypto/aead/chacha20poly1305/crypto_aead_chacha20poly1305.go index e1f570e..a3ee82f 100644 --- a/crypto/aead/chacha20poly1305/crypto_aead_chacha20poly1305.go +++ b/crypto/aead/chacha20poly1305/crypto_aead_chacha20poly1305.go @@ -20,21 +20,18 @@ const ( ABytes int = C.crypto_aead_chacha20poly1305_ABYTES // Size of an authentication tag in bytes ) -// Key represents a secret key -type Key [KeyBytes]byte - // GenerateKey generates a secret key -func GenerateKey() *Key { - k := new(Key) +func GenerateKey() *[KeyBytes]byte { + k := new([KeyBytes]byte) C.crypto_aead_chacha20poly1305_keygen((*C.uchar)(&k[0])) return k } // Encrypt a message `m` with additional data `ad` using a nonce `npub` and a secret key `k`. // A ciphertext (including authentication tag) and encryption status are returned. -func Encrypt(m, ad, nonce, k []byte) (c []byte) { - support.CheckSize(k, KeyBytes, "secret key") - support.CheckSize(nonce, NonceBytes, "public nonce") +func Encrypt(m, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (c []byte) { + support.NilPanic(k == nil, "secret key") + support.NilPanic(nonce == nil, "nonce") c = make([]byte, len(m)+ABytes) @@ -54,9 +51,9 @@ func Encrypt(m, ad, nonce, k []byte) (c []byte) { // Decrypt and verify a ciphertext `c` using additional data `ad`, nonce `npub` and secret key `k`. // Returns the decrypted message and verification status. -func Decrypt(c, ad, nonce, k []byte) (m []byte, err error) { - support.CheckSize(k, KeyBytes, "secret key") - support.CheckSize(nonce, NonceBytes, "public nonce") +func Decrypt(c, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (m []byte, err error) { + support.NilPanic(k == nil, "secret key") + support.NilPanic(nonce == nil, "nonce") support.CheckSizeMin(c, ABytes, "ciphertext") m = make([]byte, len(c)-ABytes) @@ -82,9 +79,9 @@ func Decrypt(c, ad, nonce, k []byte) (m []byte, err error) { // EncryptDetached encrypts a message `m` with additional data `ad` using // a nonce `npub` and a secret key `k`. // A ciphertext, authentication tag and encryption status are returned. -func EncryptDetached(m, ad, nonce, k []byte) (c, mac []byte) { - support.CheckSize(k, KeyBytes, "secret key") - support.CheckSize(nonce, NonceBytes, "public nonce") +func EncryptDetached(m, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (c, mac []byte) { + support.NilPanic(k == nil, "secret key") + support.NilPanic(nonce == nil, "nonce") c = make([]byte, len(m)) mac = make([]byte, ABytes) @@ -107,9 +104,9 @@ func EncryptDetached(m, ad, nonce, k []byte) (c, mac []byte) { // DecryptDetached decrypts and verifies a ciphertext `c` with authentication tag `mac` // using additional data `ad`, nonce `npub` and secret key `k`. // Returns the decrypted message and verification status. -func DecryptDetached(c, mac, ad, nonce, k []byte) (m []byte, err error) { - support.CheckSize(k, KeyBytes, "secret key") - support.CheckSize(nonce, NonceBytes, "public nonce") +func DecryptDetached(c, mac, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (m []byte, err error) { + support.NilPanic(k == nil, "secret key") + support.NilPanic(nonce == nil, "nonce") support.CheckSize(mac, ABytes, "mac") m = make([]byte, len(c)) diff --git a/crypto/aead/chacha20poly1305/crypto_aead_chacha20poly1305_test.go b/crypto/aead/chacha20poly1305/crypto_aead_chacha20poly1305_test.go index 399ee3b..9f9a25c 100644 --- a/crypto/aead/chacha20poly1305/crypto_aead_chacha20poly1305_test.go +++ b/crypto/aead/chacha20poly1305/crypto_aead_chacha20poly1305_test.go @@ -11,13 +11,13 @@ var testCount = 100000 type TestData struct { Message []byte Ad []byte - Key Key + Key [KeyBytes]byte Nonce [NonceBytes]byte } func Test(t *testing.T) { // Test the key generation - if *GenerateKey() == (Key{}) { + if *GenerateKey() == ([KeyBytes]byte{}) { t.Error("Generated key is zero") } @@ -39,24 +39,24 @@ func Test(t *testing.T) { f.Fuzz(&test) // Detached encryption test - c, mac = EncryptDetached(test.Message, test.Ad, test.Nonce[:], test.Key[:]) + c, mac = EncryptDetached(test.Message, test.Ad, &test.Nonce, &test.Key) // Encryption test - ec = Encrypt(test.Message, test.Ad, test.Nonce[:], test.Key[:]) + ec = Encrypt(test.Message, test.Ad, &test.Nonce, &test.Key) if !bytes.Equal(ec, append(c, mac...)) { t.Errorf("Encryption failed for %+v", test) t.FailNow() } // Detached decryption test - m, err = DecryptDetached(c, mac, test.Ad, test.Nonce[:], test.Key[:]) + m, err = DecryptDetached(c, mac, test.Ad, &test.Nonce, &test.Key) if err != nil || !bytes.Equal(m, test.Message) { t.Errorf("Detached decryption failed for %+v", test) t.FailNow() } // Decryption test - m, err = Decrypt(ec, test.Ad, test.Nonce[:], test.Key[:]) + m, err = Decrypt(ec, test.Ad, &test.Nonce, &test.Key) if err != nil || !bytes.Equal(m, test.Message) { t.Errorf("Decryption failed for %+v", test) t.FailNow() @@ -64,7 +64,7 @@ func Test(t *testing.T) { // Failed detached decryption test mac = make([]byte, ABytes) - m, err = DecryptDetached(c, mac, test.Ad, test.Nonce[:], test.Key[:]) + m, err = DecryptDetached(c, mac, test.Ad, &test.Nonce, &test.Key) if err == nil { t.Errorf("Detached decryption unexpectedly succeeded for %+v", test) t.FailNow() @@ -72,7 +72,7 @@ func Test(t *testing.T) { // Failed decryption test copy(ec[len(m):], mac) - m, err = Decrypt(ec, test.Ad, test.Nonce[:], test.Key[:]) + m, err = Decrypt(ec, test.Ad, &test.Nonce, &test.Key) if err == nil { t.Errorf("Decryption unexpectedly succeeded for %+v", test) t.FailNow() diff --git a/crypto/aead/chacha20poly1305ietf/crypto_aead_chacha20poly1305_ietf.go b/crypto/aead/chacha20poly1305ietf/crypto_aead_chacha20poly1305_ietf.go index 03af6cd..34bf9da 100644 --- a/crypto/aead/chacha20poly1305ietf/crypto_aead_chacha20poly1305_ietf.go +++ b/crypto/aead/chacha20poly1305ietf/crypto_aead_chacha20poly1305_ietf.go @@ -20,21 +20,18 @@ const ( ABytes int = C.crypto_aead_chacha20poly1305_ietf_ABYTES // Size of an authentication tag in bytes ) -// Key represents a secret key -type Key [KeyBytes]byte - // GenerateKey generates a secret key -func GenerateKey() *Key { - k := new(Key) +func GenerateKey() *[KeyBytes]byte { + k := new([KeyBytes]byte) C.crypto_aead_chacha20poly1305_ietf_keygen((*C.uchar)(&k[0])) return k } // Encrypt a message `m` with additional data `ad` using a nonce `npub` and a secret key `k`. // A ciphertext (including authentication tag) and encryption status are returned. -func Encrypt(m, ad, nonce, k []byte) (c []byte) { - support.CheckSize(k, KeyBytes, "secret key") - support.CheckSize(nonce, NonceBytes, "public nonce") +func Encrypt(m, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (c []byte) { + support.NilPanic(k == nil, "secret key") + support.NilPanic(nonce == nil, "nonce") c = make([]byte, len(m)+ABytes) @@ -54,9 +51,9 @@ func Encrypt(m, ad, nonce, k []byte) (c []byte) { // Decrypt and verify a ciphertext `c` using additional data `ad`, nonce `npub` and secret key `k`. // Returns the decrypted message and verification status. -func Decrypt(c, ad, nonce, k []byte) (m []byte, err error) { - support.CheckSize(k, KeyBytes, "secret key") - support.CheckSize(nonce, NonceBytes, "public nonce") +func Decrypt(c, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (m []byte, err error) { + support.NilPanic(k == nil, "secret key") + support.NilPanic(nonce == nil, "nonce") support.CheckSizeMin(c, ABytes, "ciphertext") m = make([]byte, len(c)-ABytes) @@ -82,9 +79,9 @@ func Decrypt(c, ad, nonce, k []byte) (m []byte, err error) { // EncryptDetached encrypts a message `m` with additional data `ad` using // a nonce `npub` and a secret key `k`. // A ciphertext, authentication tag and encryption status are returned. -func EncryptDetached(m, ad, nonce, k []byte) (c, mac []byte) { - support.CheckSize(k, KeyBytes, "secret key") - support.CheckSize(nonce, NonceBytes, "public nonce") +func EncryptDetached(m, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (c, mac []byte) { + support.NilPanic(k == nil, "secret key") + support.NilPanic(nonce == nil, "nonce") c = make([]byte, len(m)) mac = make([]byte, ABytes) @@ -107,9 +104,9 @@ func EncryptDetached(m, ad, nonce, k []byte) (c, mac []byte) { // DecryptDetached decrypts and verifies a ciphertext `c` with authentication tag `mac` // using additional data `ad`, nonce `npub` and secret key `k`. // Returns the decrypted message and verification status. -func DecryptDetached(c, mac, ad, nonce, k []byte) (m []byte, err error) { - support.CheckSize(k, KeyBytes, "secret key") - support.CheckSize(nonce, NonceBytes, "public nonce") +func DecryptDetached(c, mac, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (m []byte, err error) { + support.NilPanic(k == nil, "secret key") + support.NilPanic(nonce == nil, "nonce") support.CheckSize(mac, ABytes, "mac") m = make([]byte, len(c)) diff --git a/crypto/aead/chacha20poly1305ietf/crypto_aead_chacha20poly1305_ietf_test.go b/crypto/aead/chacha20poly1305ietf/crypto_aead_chacha20poly1305_ietf_test.go index c4da073..672c5ee 100644 --- a/crypto/aead/chacha20poly1305ietf/crypto_aead_chacha20poly1305_ietf_test.go +++ b/crypto/aead/chacha20poly1305ietf/crypto_aead_chacha20poly1305_ietf_test.go @@ -11,13 +11,13 @@ var testCount = 100000 type TestData struct { Message []byte Ad []byte - Key Key + Key [KeyBytes]byte Nonce [NonceBytes]byte } func Test(t *testing.T) { // Test the key generation - if *GenerateKey() == (Key{}) { + if *GenerateKey() == ([KeyBytes]byte{}) { t.Error("Generated key is zero") } @@ -39,24 +39,24 @@ func Test(t *testing.T) { f.Fuzz(&test) // Detached encryption test - c, mac = EncryptDetached(test.Message, test.Ad, test.Nonce[:], test.Key[:]) + c, mac = EncryptDetached(test.Message, test.Ad, &test.Nonce, &test.Key) // Encryption test - ec = Encrypt(test.Message, test.Ad, test.Nonce[:], test.Key[:]) + ec = Encrypt(test.Message, test.Ad, &test.Nonce, &test.Key) if !bytes.Equal(ec, append(c, mac...)) { t.Errorf("Encryption failed for %+v", test) t.FailNow() } // Detached decryption test - m, err = DecryptDetached(c, mac, test.Ad, test.Nonce[:], test.Key[:]) + m, err = DecryptDetached(c, mac, test.Ad, &test.Nonce, &test.Key) if err != nil || !bytes.Equal(m, test.Message) { t.Errorf("Detached decryption failed for %+v", test) t.FailNow() } // Decryption test - m, err = Decrypt(ec, test.Ad, test.Nonce[:], test.Key[:]) + m, err = Decrypt(ec, test.Ad, &test.Nonce, &test.Key) if err != nil || !bytes.Equal(m, test.Message) { t.Errorf("Decryption failed for %+v", test) t.FailNow() @@ -64,7 +64,7 @@ func Test(t *testing.T) { // Failed detached decryption test mac = make([]byte, ABytes) - m, err = DecryptDetached(c, mac, test.Ad, test.Nonce[:], test.Key[:]) + m, err = DecryptDetached(c, mac, test.Ad, &test.Nonce, &test.Key) if err == nil { t.Errorf("Detached decryption unexpectedly succeeded for %+v", test) t.FailNow() @@ -72,7 +72,7 @@ func Test(t *testing.T) { // Failed decryption test copy(ec[len(m):], mac) - m, err = Decrypt(ec, test.Ad, test.Nonce[:], test.Key[:]) + m, err = Decrypt(ec, test.Ad, &test.Nonce, &test.Key) if err == nil { t.Errorf("Decryption unexpectedly succeeded for %+v", test) t.FailNow() diff --git a/crypto/aead/crypto_aead_aes256gcm.go b/crypto/aead/crypto_aead_aes256gcm.go index 3e853de..5eb8685 100644 --- a/crypto/aead/crypto_aead_aes256gcm.go +++ b/crypto/aead/crypto_aead_aes256gcm.go @@ -13,7 +13,7 @@ import ( type AES256GCM C.crypto_aead_aes256gcm_state // NewAES256GCM returns a AES256GCM cipher for an AES256 key. -func NewAES256GCM(k *aes256gcm.Key) AEAD { +func NewAES256GCM(k *[aes256gcm.KeyBytes]byte) AEAD { support.NilPanic(k == nil, "key") ctx := new(AES256GCM) diff --git a/crypto/aead/crypto_aead_aes256gcm_test.go b/crypto/aead/crypto_aead_aes256gcm_test.go index 1686a04..e5da969 100644 --- a/crypto/aead/crypto_aead_aes256gcm_test.go +++ b/crypto/aead/crypto_aead_aes256gcm_test.go @@ -13,7 +13,7 @@ type TestData struct { Message []byte Ad []byte Dst []byte - Key aes256gcm.Key + Key [aes256gcm.KeyBytes]byte Nonce [aes256gcm.NonceBytes]byte } diff --git a/crypto/aead/xchacha20poly1305ietf/crypto_aead_xchacha20poly1305_ietf.go b/crypto/aead/xchacha20poly1305ietf/crypto_aead_xchacha20poly1305_ietf.go index 17984ae..782c010 100644 --- a/crypto/aead/xchacha20poly1305ietf/crypto_aead_xchacha20poly1305_ietf.go +++ b/crypto/aead/xchacha20poly1305ietf/crypto_aead_xchacha20poly1305_ietf.go @@ -20,21 +20,18 @@ const ( ABytes int = C.crypto_aead_xchacha20poly1305_ietf_ABYTES // Size of an authentication tag in bytes ) -// Key represents a secret key -type Key [KeyBytes]byte - // GenerateKey generates a secret key -func GenerateKey() *Key { - k := new(Key) +func GenerateKey() *[KeyBytes]byte { + k := new([KeyBytes]byte) C.crypto_aead_xchacha20poly1305_ietf_keygen((*C.uchar)(&k[0])) return k } // Encrypt a message `m` with additional data `ad` using a nonce `npub` and a secret key `k`. // A ciphertext (including authentication tag) and encryption status are returned. -func Encrypt(m, ad, nonce, k []byte) (c []byte) { - support.CheckSize(k, KeyBytes, "secret key") - support.CheckSize(nonce, NonceBytes, "public nonce") +func Encrypt(m, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (c []byte) { + support.NilPanic(k == nil, "secret key") + support.NilPanic(nonce == nil, "nonce") c = make([]byte, len(m)+ABytes) @@ -54,9 +51,9 @@ func Encrypt(m, ad, nonce, k []byte) (c []byte) { // Decrypt and verify a ciphertext `c` using additional data `ad`, nonce `npub` and secret key `k`. // Returns the decrypted message and verification status. -func Decrypt(c, ad, nonce, k []byte) (m []byte, err error) { - support.CheckSize(k, KeyBytes, "secret key") - support.CheckSize(nonce, NonceBytes, "public nonce") +func Decrypt(c, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (m []byte, err error) { + support.NilPanic(k == nil, "secret key") + support.NilPanic(nonce == nil, "nonce") support.CheckSizeMin(c, ABytes, "ciphertext") m = make([]byte, len(c)-ABytes) @@ -82,9 +79,9 @@ func Decrypt(c, ad, nonce, k []byte) (m []byte, err error) { // EncryptDetached encrypts a message `m` with additional data `ad` using // a nonce `npub` and a secret key `k`. // A ciphertext, authentication tag and encryption status are returned. -func EncryptDetached(m, ad, nonce, k []byte) (c, mac []byte) { - support.CheckSize(k, KeyBytes, "secret key") - support.CheckSize(nonce, NonceBytes, "public nonce") +func EncryptDetached(m, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (c, mac []byte) { + support.NilPanic(k == nil, "secret key") + support.NilPanic(nonce == nil, "nonce") c = make([]byte, len(m)) mac = make([]byte, ABytes) @@ -107,9 +104,9 @@ func EncryptDetached(m, ad, nonce, k []byte) (c, mac []byte) { // DecryptDetached decrypts and verifies a ciphertext `c` with authentication tag `mac` // using additional data `ad`, nonce `npub` and secret key `k`. // Returns the decrypted message and verification status. -func DecryptDetached(c, mac, ad, nonce, k []byte) (m []byte, err error) { - support.CheckSize(k, KeyBytes, "secret key") - support.CheckSize(nonce, NonceBytes, "public nonce") +func DecryptDetached(c, mac, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (m []byte, err error) { + support.NilPanic(k == nil, "secret key") + support.NilPanic(nonce == nil, "nonce") support.CheckSize(mac, ABytes, "mac") m = make([]byte, len(c)) diff --git a/crypto/aead/xchacha20poly1305ietf/crypto_aead_xchacha20poly1305_ietf_test.go b/crypto/aead/xchacha20poly1305ietf/crypto_aead_xchacha20poly1305_ietf_test.go index e87dae2..98beb07 100644 --- a/crypto/aead/xchacha20poly1305ietf/crypto_aead_xchacha20poly1305_ietf_test.go +++ b/crypto/aead/xchacha20poly1305ietf/crypto_aead_xchacha20poly1305_ietf_test.go @@ -11,13 +11,13 @@ var testCount = 100000 type TestData struct { Message []byte Ad []byte - Key Key + Key [KeyBytes]byte Nonce [NonceBytes]byte } func Test(t *testing.T) { // Test the key generation - if *GenerateKey() == (Key{}) { + if *GenerateKey() == ([KeyBytes]byte{}) { t.Error("Generated key is zero") } @@ -39,24 +39,24 @@ func Test(t *testing.T) { f.Fuzz(&test) // Detached encryption test - c, mac = EncryptDetached(test.Message, test.Ad, test.Nonce[:], test.Key[:]) + c, mac = EncryptDetached(test.Message, test.Ad, &test.Nonce, &test.Key) // Encryption test - ec = Encrypt(test.Message, test.Ad, test.Nonce[:], test.Key[:]) + ec = Encrypt(test.Message, test.Ad, &test.Nonce, &test.Key) if !bytes.Equal(ec, append(c, mac...)) { t.Errorf("Encryption failed for %+v", test) t.FailNow() } // Detached decryption test - m, err = DecryptDetached(c, mac, test.Ad, test.Nonce[:], test.Key[:]) + m, err = DecryptDetached(c, mac, test.Ad, &test.Nonce, &test.Key) if err != nil || !bytes.Equal(m, test.Message) { t.Errorf("Detached decryption failed for %+v", test) t.FailNow() } // Decryption test - m, err = Decrypt(ec, test.Ad, test.Nonce[:], test.Key[:]) + m, err = Decrypt(ec, test.Ad, &test.Nonce, &test.Key) if err != nil || !bytes.Equal(m, test.Message) { t.Errorf("Decryption failed for %+v", test) t.FailNow() @@ -64,7 +64,7 @@ func Test(t *testing.T) { // Failed detached decryption test mac = make([]byte, ABytes) - m, err = DecryptDetached(c, mac, test.Ad, test.Nonce[:], test.Key[:]) + m, err = DecryptDetached(c, mac, test.Ad, &test.Nonce, &test.Key) if err == nil { t.Errorf("Detached decryption unexpectedly succeeded for %+v", test) t.FailNow() @@ -72,7 +72,7 @@ func Test(t *testing.T) { // Failed decryption test copy(ec[len(m):], mac) - m, err = Decrypt(ec, test.Ad, test.Nonce[:], test.Key[:]) + m, err = Decrypt(ec, test.Ad, &test.Nonce, &test.Key) if err == nil { t.Errorf("Decryption unexpectedly succeeded for %+v", test) t.FailNow()