From fc6b7af4c351230d9cb0f449fd8409adc1c522b2 Mon Sep 17 00:00:00 2001 From: Ivan Schasny Date: Thu, 2 Mar 2023 14:29:13 +0000 Subject: [PATCH 01/14] Fix bug in second hash calculation --- store/dhash/dhash.go | 39 +++++++++++++++++++++------------------ 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/store/dhash/dhash.go b/store/dhash/dhash.go index 6f5ae75..4a0c200 100644 --- a/store/dhash/dhash.go +++ b/store/dhash/dhash.go @@ -13,8 +13,15 @@ import ( const ( // nonceLen defines length of the nonce to use for AESGCM encryption nonceLen = 12 - // keysize defines the size of multihash key - keysize = 32 +) + +var ( + // secondHashPrefix is a prefix that a mulithash is prepended with when calculating a second hash + secondHashPrefix = []byte("CR_DOUBLEHASH\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00") + // deriveKeyPrefix is a prefix that a multihash is prepended with when deriving an encryption key + deriveKeyPrefix = []byte("CR_ENCRYPTIONKEY\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00") + // noncePrefix is a prefix that a multihash is prepended with when calculating a nonce + noncePrefix = []byte("CR_NONCE\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00") ) // SecondSHA returns SHA256 over the payload @@ -26,17 +33,13 @@ func SHA256(payload, dest []byte) []byte { // SecondMultihash calculates SHA256 over the multihash and wraps it into another multihash with DBL_SHA256 codec func SecondMultihash(mh multihash.Multihash) (multihash.Multihash, error) { - prefix := []byte("CR_DOUBLEHASH") - mh, err := multihash.Sum(append(prefix, mh...), multihash.DBL_SHA2_256, keysize) - if err != nil { - return nil, err - } - return mh, nil + digest := SHA256(append(secondHashPrefix, mh...), nil) + return multihash.Encode(digest, multihash.DBL_SHA2_256) } // deriveKey derives encryptioin key from the passphrase using SHA256 func deriveKey(passphrase []byte) []byte { - return SHA256(append([]byte("AESGCM"), passphrase...), nil) + return SHA256(append(deriveKeyPrefix, passphrase...), nil) } // DecryptAES decrypts AES payload using the nonce and the passphrase @@ -64,7 +67,7 @@ func EncryptAES(payload, passphrase []byte) ([]byte, []byte, error) { // Create initialization vector (nonse) to be used during encryption // Nonce is derived from the mulithash (passpharase) so that encrypted payloads // for the same multihash can be compared to each other without having to decrypt - nonce := SHA256(passphrase, nil)[:nonceLen] + nonce := SHA256(append(noncePrefix, passphrase...), nil)[:nonceLen] // Create cypher and seal the data block, err := aes.NewCipher(derivedKey) @@ -83,13 +86,13 @@ func EncryptAES(payload, passphrase []byte) ([]byte, []byte, error) { } // DecryptValueKey decrypts the value key using the passphrase -func DecryptValueKey(valKey, passphrase []byte) ([]byte, error) { - return DecryptAES(valKey[:nonceLen], valKey[nonceLen:], passphrase) +func DecryptValueKey(valKey, mh multihash.Multihash) ([]byte, error) { + return DecryptAES(valKey[:nonceLen], valKey[nonceLen:], mh) } // EncryptValueKey encrypts raw value key using the passpharse -func EncryptValueKey(valKey, passphrase []byte) ([]byte, error) { - nonce, encValKey, err := EncryptAES(valKey, passphrase) +func EncryptValueKey(valKey, mh multihash.Multihash) ([]byte, error) { + nonce, encValKey, err := EncryptAES(valKey, mh) if err != nil { return nil, err } @@ -98,13 +101,13 @@ func EncryptValueKey(valKey, passphrase []byte) ([]byte, error) { } // DecryptMetadata decrypts metdata using the provided passphrase -func DecryptMetadata(encMetadata, passphrase []byte) ([]byte, error) { - return DecryptAES(encMetadata[:nonceLen], encMetadata[nonceLen:], passphrase) +func DecryptMetadata(encMetadata, valueKey []byte) ([]byte, error) { + return DecryptAES(encMetadata[:nonceLen], encMetadata[nonceLen:], valueKey) } // EncryptMetadata encrypts metadata using the provided passphrase -func EncryptMetadata(metadata, passphrase []byte) ([]byte, error) { - nonce, encValKey, err := EncryptAES(metadata, passphrase) +func EncryptMetadata(metadata, valueKey []byte) ([]byte, error) { + nonce, encValKey, err := EncryptAES(metadata, valueKey) if err != nil { return nil, err } From 211c6eacb8ec5021bbdd1410774af51191d1af44 Mon Sep 17 00:00:00 2001 From: Ivan Schasny Date: Thu, 2 Mar 2023 15:43:37 +0000 Subject: [PATCH 02/14] Review feedback --- go.mod | 5 +++++ go.sum | 7 +++++++ store/dhash/dhash.go | 17 +++++++++++++---- 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 5ecf527..56d87a9 100644 --- a/go.mod +++ b/go.mod @@ -23,6 +23,8 @@ require ( lukechampine.com/blake3 v1.1.7 ) +require github.com/stretchr/testify v1.8.1 + require ( github.com/DataDog/zstd v1.4.5 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect @@ -30,6 +32,7 @@ require ( github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f // indirect github.com/cockroachdb/redact v1.0.8 // indirect github.com/cockroachdb/sentry-go v0.6.1-cockroachdb.2 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0 // indirect github.com/gammazero/deque v0.2.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect @@ -50,6 +53,7 @@ require ( github.com/multiformats/go-multibase v0.1.1 // indirect github.com/multiformats/go-multicodec v0.7.0 // indirect github.com/pkg/errors v0.9.1 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect github.com/spacemonkeygo/spacelog v0.0.0-20180420211403-2296661a0572 // indirect github.com/spaolacci/murmur3 v1.1.0 // indirect go.uber.org/atomic v1.10.0 // indirect @@ -57,4 +61,5 @@ require ( go.uber.org/zap v1.24.0 // indirect golang.org/x/exp v0.0.0-20221205204356-47842c84f3db // indirect golang.org/x/sys v0.3.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index c8797a4..a6f88df 100644 --- a/go.sum +++ b/go.sum @@ -251,12 +251,17 @@ github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb6 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4= @@ -408,6 +413,7 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= @@ -421,6 +427,7 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= lukechampine.com/blake3 v1.1.7 h1:GgRMhmdsuK8+ii6UZFDL8Nb+VyMwadAgcJyfYHxG6n0= diff --git a/store/dhash/dhash.go b/store/dhash/dhash.go index 4a0c200..5aea7e7 100644 --- a/store/dhash/dhash.go +++ b/store/dhash/dhash.go @@ -5,6 +5,7 @@ import ( "crypto/aes" "crypto/cipher" "crypto/sha256" + "encoding/binary" "github.com/libp2p/go-libp2p/core/peer" "github.com/multiformats/go-multihash" @@ -26,8 +27,14 @@ var ( // SecondSHA returns SHA256 over the payload func SHA256(payload, dest []byte) []byte { + return sha256Multiple(dest, payload) +} + +func sha256Multiple(dest []byte, payloads ...[]byte) []byte { h := sha256.New() - h.Write(payload) + for _, payload := range payloads { + h.Write(payload) + } return h.Sum(dest) } @@ -65,9 +72,11 @@ func EncryptAES(payload, passphrase []byte) ([]byte, []byte, error) { derivedKey := deriveKey([]byte(passphrase)) // Create initialization vector (nonse) to be used during encryption - // Nonce is derived from the mulithash (passpharase) so that encrypted payloads - // for the same multihash can be compared to each other without having to decrypt - nonce := SHA256(append(noncePrefix, passphrase...), nil)[:nonceLen] + // Nonce is derived from the paspphrase concatenated with the payload so that the encrypted payloads + // for the same multihash can be compared to each other without having to decrypt them, as it's not possible. + payloadLen := make([]byte, 8) + binary.LittleEndian.PutUint64(payloadLen, uint64(len(payload))) + nonce := sha256Multiple(nil, noncePrefix, payloadLen, payload, passphrase)[:nonceLen] // Create cypher and seal the data block, err := aes.NewCipher(derivedKey) From d52a261178c86726125a97b41d6b9ec74e4ffce1 Mon Sep 17 00:00:00 2001 From: Ivan Schasny Date: Thu, 2 Mar 2023 15:44:14 +0000 Subject: [PATCH 03/14] Add dhash test --- store/dhash/dhash_test.go | 72 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 store/dhash/dhash_test.go diff --git a/store/dhash/dhash_test.go b/store/dhash/dhash_test.go new file mode 100644 index 0000000..a9b2e87 --- /dev/null +++ b/store/dhash/dhash_test.go @@ -0,0 +1,72 @@ +package dhash_test + +import ( + "bytes" + "crypto/sha256" + "math/rand" + "testing" + + "github.com/ipni/go-indexer-core/store/dhash" + "github.com/ipni/go-indexer-core/store/test" + "github.com/multiformats/go-multihash" + "github.com/stretchr/testify/require" +) + +func TestEncryptSameValueWithTheSameMultihashShouldProduceTheSameOutput(t *testing.T) { + rng := rand.New(rand.NewSource(1413)) + payload := make([]byte, 256) + _, err := rng.Read(payload) + if err != nil { + panic(err) + } + passphrase := make([]byte, 32) + _, err = rng.Read(passphrase) + require.NoError(t, err) + + nonce1, encrypted1, err := dhash.EncryptAES(payload, passphrase) + require.NoError(t, err) + + nonce2, encrypted2, err := dhash.EncryptAES(payload, passphrase) + require.NoError(t, err) + + require.True(t, bytes.Equal(nonce1, nonce2)) + require.True(t, bytes.Equal(encrypted1, encrypted2)) +} + +func TestCanDecryptEncryptedValue(t *testing.T) { + rng := rand.New(rand.NewSource(1413)) + payload := make([]byte, 256) + _, err := rng.Read(payload) + if err != nil { + panic(err) + } + passphrase := make([]byte, 32) + _, err = rng.Read(passphrase) + require.NoError(t, err) + + nonce, encrypted, err := dhash.EncryptAES(payload, passphrase) + require.NoError(t, err) + + decrypted, err := dhash.DecryptAES(nonce, encrypted, passphrase) + require.NoError(t, err) + + require.True(t, bytes.Equal(payload, decrypted)) +} + +func TestSecondMultihash(t *testing.T) { + secondHashPrefix := []byte("CR_DOUBLEHASH\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00") + + mh := test.RandomMultihashes(1)[0] + smh, err := dhash.SecondMultihash(mh) + require.NoError(t, err) + + h := sha256.New() + h.Write(append(secondHashPrefix, mh...)) + digest := h.Sum(nil) + + decoded, err := multihash.Decode(smh) + require.NoError(t, err) + + require.Equal(t, uint64(multihash.DBL_SHA2_256), decoded.Code) + require.Equal(t, digest, decoded.Digest) +} From 97b536b376b2ad5c4316bf38b830edf0e5a12dba Mon Sep 17 00:00:00 2001 From: Ivan Schasny Date: Thu, 2 Mar 2023 15:52:28 +0000 Subject: [PATCH 04/14] Fix go.mod --- go.mod | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 56d87a9..05dbea0 100644 --- a/go.mod +++ b/go.mod @@ -18,13 +18,12 @@ require ( github.com/libp2p/go-libp2p v0.23.2 github.com/multiformats/go-multihash v0.2.1 github.com/multiformats/go-varint v0.0.7 + github.com/stretchr/testify v1.8.1 go.opencensus.io v0.23.0 golang.org/x/crypto v0.3.0 lukechampine.com/blake3 v1.1.7 ) -require github.com/stretchr/testify v1.8.1 - require ( github.com/DataDog/zstd v1.4.5 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect From f71ac58ef99699d522ad76baed6df8c72d6ef36b Mon Sep 17 00:00:00 2001 From: Ivan Schasny <31857042+ischasny@users.noreply.github.com> Date: Fri, 3 Mar 2023 09:56:29 +0000 Subject: [PATCH 05/14] Update store/dhash/dhash.go Co-authored-by: Andrew Gillis --- store/dhash/dhash.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/store/dhash/dhash.go b/store/dhash/dhash.go index 5aea7e7..c8903fa 100644 --- a/store/dhash/dhash.go +++ b/store/dhash/dhash.go @@ -72,7 +72,7 @@ func EncryptAES(payload, passphrase []byte) ([]byte, []byte, error) { derivedKey := deriveKey([]byte(passphrase)) // Create initialization vector (nonse) to be used during encryption - // Nonce is derived from the paspphrase concatenated with the payload so that the encrypted payloads + // Nonce is derived from the passphrase concatenated with the payload so that the encrypted payloads // for the same multihash can be compared to each other without having to decrypt them, as it's not possible. payloadLen := make([]byte, 8) binary.LittleEndian.PutUint64(payloadLen, uint64(len(payload))) From 8397bed5f1a9eb6aa0e7bf766f742356c66d6a6f Mon Sep 17 00:00:00 2001 From: Ivan Schasny <31857042+ischasny@users.noreply.github.com> Date: Fri, 3 Mar 2023 14:39:43 +0000 Subject: [PATCH 06/14] Update store/dhash/dhash_test.go Co-authored-by: Guillaume Michel - guissou --- store/dhash/dhash_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/store/dhash/dhash_test.go b/store/dhash/dhash_test.go index a9b2e87..2b6326f 100644 --- a/store/dhash/dhash_test.go +++ b/store/dhash/dhash_test.go @@ -6,7 +6,6 @@ import ( "math/rand" "testing" - "github.com/ipni/go-indexer-core/store/dhash" "github.com/ipni/go-indexer-core/store/test" "github.com/multiformats/go-multihash" "github.com/stretchr/testify/require" From 3c83f4e53ddffbe0bffc87bb9bb8f95e7a72b975 Mon Sep 17 00:00:00 2001 From: Ivan Schasny <31857042+ischasny@users.noreply.github.com> Date: Fri, 3 Mar 2023 14:39:53 +0000 Subject: [PATCH 07/14] Update store/dhash/dhash_test.go Co-authored-by: Guillaume Michel - guissou --- store/dhash/dhash_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/store/dhash/dhash_test.go b/store/dhash/dhash_test.go index 2b6326f..f33ea08 100644 --- a/store/dhash/dhash_test.go +++ b/store/dhash/dhash_test.go @@ -22,7 +22,7 @@ func TestEncryptSameValueWithTheSameMultihashShouldProduceTheSameOutput(t *testi _, err = rng.Read(passphrase) require.NoError(t, err) - nonce1, encrypted1, err := dhash.EncryptAES(payload, passphrase) + nonce1, encrypted1, err := EncryptAES(payload, passphrase) require.NoError(t, err) nonce2, encrypted2, err := dhash.EncryptAES(payload, passphrase) From b6de4a311c505c23ebe501627b647fe3c4d8c8ff Mon Sep 17 00:00:00 2001 From: Ivan Schasny <31857042+ischasny@users.noreply.github.com> Date: Fri, 3 Mar 2023 14:40:35 +0000 Subject: [PATCH 08/14] Update store/dhash/dhash_test.go Co-authored-by: Guillaume Michel - guissou --- store/dhash/dhash_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/store/dhash/dhash_test.go b/store/dhash/dhash_test.go index f33ea08..4145b30 100644 --- a/store/dhash/dhash_test.go +++ b/store/dhash/dhash_test.go @@ -1,4 +1,4 @@ -package dhash_test +package dhash import ( "bytes" From bf7b779210c4209d7126ce2b57ceba6425feb09e Mon Sep 17 00:00:00 2001 From: Ivan Schasny <31857042+ischasny@users.noreply.github.com> Date: Fri, 3 Mar 2023 14:40:41 +0000 Subject: [PATCH 09/14] Update store/dhash/dhash_test.go Co-authored-by: Guillaume Michel - guissou --- store/dhash/dhash_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/store/dhash/dhash_test.go b/store/dhash/dhash_test.go index 4145b30..50766d5 100644 --- a/store/dhash/dhash_test.go +++ b/store/dhash/dhash_test.go @@ -25,7 +25,7 @@ func TestEncryptSameValueWithTheSameMultihashShouldProduceTheSameOutput(t *testi nonce1, encrypted1, err := EncryptAES(payload, passphrase) require.NoError(t, err) - nonce2, encrypted2, err := dhash.EncryptAES(payload, passphrase) + nonce2, encrypted2, err := EncryptAES(payload, passphrase) require.NoError(t, err) require.True(t, bytes.Equal(nonce1, nonce2)) From f46ab32b16a5ffeddc9edfb526533c64d5011abb Mon Sep 17 00:00:00 2001 From: Ivan Schasny <31857042+ischasny@users.noreply.github.com> Date: Fri, 3 Mar 2023 14:40:58 +0000 Subject: [PATCH 10/14] Update store/dhash/dhash_test.go Co-authored-by: Guillaume Michel - guissou --- store/dhash/dhash_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/store/dhash/dhash_test.go b/store/dhash/dhash_test.go index 50766d5..b7e7778 100644 --- a/store/dhash/dhash_test.go +++ b/store/dhash/dhash_test.go @@ -43,7 +43,7 @@ func TestCanDecryptEncryptedValue(t *testing.T) { _, err = rng.Read(passphrase) require.NoError(t, err) - nonce, encrypted, err := dhash.EncryptAES(payload, passphrase) + nonce, encrypted, err := EncryptAES(payload, passphrase) require.NoError(t, err) decrypted, err := dhash.DecryptAES(nonce, encrypted, passphrase) From db7858634bca9e1176f7598cf02fc902bcf41d14 Mon Sep 17 00:00:00 2001 From: Ivan Schasny <31857042+ischasny@users.noreply.github.com> Date: Fri, 3 Mar 2023 14:41:04 +0000 Subject: [PATCH 11/14] Update store/dhash/dhash_test.go Co-authored-by: Guillaume Michel - guissou --- store/dhash/dhash_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/store/dhash/dhash_test.go b/store/dhash/dhash_test.go index b7e7778..5417bd3 100644 --- a/store/dhash/dhash_test.go +++ b/store/dhash/dhash_test.go @@ -46,7 +46,7 @@ func TestCanDecryptEncryptedValue(t *testing.T) { nonce, encrypted, err := EncryptAES(payload, passphrase) require.NoError(t, err) - decrypted, err := dhash.DecryptAES(nonce, encrypted, passphrase) + decrypted, err := DecryptAES(nonce, encrypted, passphrase) require.NoError(t, err) require.True(t, bytes.Equal(payload, decrypted)) From b96a4f7ab8e5a5a1a4d7d64b1275740c77f3be5c Mon Sep 17 00:00:00 2001 From: Ivan Schasny <31857042+ischasny@users.noreply.github.com> Date: Fri, 3 Mar 2023 14:41:11 +0000 Subject: [PATCH 12/14] Update store/dhash/dhash_test.go Co-authored-by: Guillaume Michel - guissou --- store/dhash/dhash_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/store/dhash/dhash_test.go b/store/dhash/dhash_test.go index 5417bd3..efb5fb0 100644 --- a/store/dhash/dhash_test.go +++ b/store/dhash/dhash_test.go @@ -56,7 +56,7 @@ func TestSecondMultihash(t *testing.T) { secondHashPrefix := []byte("CR_DOUBLEHASH\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00") mh := test.RandomMultihashes(1)[0] - smh, err := dhash.SecondMultihash(mh) + smh, err := SecondMultihash(mh) require.NoError(t, err) h := sha256.New() From 3318d7ddd5f107faa2e976f68c39b40b6151ffe6 Mon Sep 17 00:00:00 2001 From: Ivan Schasny <31857042+ischasny@users.noreply.github.com> Date: Fri, 3 Mar 2023 14:41:27 +0000 Subject: [PATCH 13/14] Update store/dhash/dhash_test.go Co-authored-by: Guillaume Michel - guissou --- store/dhash/dhash_test.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/store/dhash/dhash_test.go b/store/dhash/dhash_test.go index efb5fb0..a378585 100644 --- a/store/dhash/dhash_test.go +++ b/store/dhash/dhash_test.go @@ -11,6 +11,13 @@ import ( "github.com/stretchr/testify/require" ) +func TestSalt(t *testing.T) { + salt_len := 64 + require.Equal(t, len(secondHashPrefix), salt_len) + require.Equal(t, len(deriveKeyPrefix), salt_len) + require.Equal(t, len(noncePrefix), salt_len) +} + func TestEncryptSameValueWithTheSameMultihashShouldProduceTheSameOutput(t *testing.T) { rng := rand.New(rand.NewSource(1413)) payload := make([]byte, 256) From 5fbbb28179d7701adf5f5f4016a172bb144bc29e Mon Sep 17 00:00:00 2001 From: Ivan Schasny Date: Fri, 3 Mar 2023 15:01:15 +0000 Subject: [PATCH 14/14] Clean up --- store/dhash/dhash_test.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/store/dhash/dhash_test.go b/store/dhash/dhash_test.go index a378585..bee6b47 100644 --- a/store/dhash/dhash_test.go +++ b/store/dhash/dhash_test.go @@ -60,8 +60,6 @@ func TestCanDecryptEncryptedValue(t *testing.T) { } func TestSecondMultihash(t *testing.T) { - secondHashPrefix := []byte("CR_DOUBLEHASH\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00") - mh := test.RandomMultihashes(1)[0] smh, err := SecondMultihash(mh) require.NoError(t, err)