From 3570c56af48165830a4f744c658eef8e613be719 Mon Sep 17 00:00:00 2001 From: ekzyis Date: Sat, 30 Sep 2023 19:40:06 +0200 Subject: [PATCH] Generate shared secret using ECDH on secp256k1 --- go.mod | 8 +- go.sum | 3 + nip44.go | 13 ++- nip44_test.go | 229 +++++++++++++++++++++++++++++++++++++++++--------- 4 files changed, 207 insertions(+), 46 deletions(-) diff --git a/go.mod b/go.mod index 24f4628..50f874d 100644 --- a/go.mod +++ b/go.mod @@ -2,11 +2,15 @@ module git.ekzyis.com/ekzyis/nip44 go 1.21.0 +require ( + github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 + github.com/stretchr/testify v1.8.4 + golang.org/x/crypto v0.13.0 +) + require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/stretchr/testify v1.8.4 // indirect - golang.org/x/crypto v0.13.0 // indirect golang.org/x/sys v0.12.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 418a98a..baf9a72 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,7 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs= +github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= @@ -8,6 +10,7 @@ golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/nip44.go b/nip44.go index 1953f34..1862281 100644 --- a/nip44.go +++ b/nip44.go @@ -11,6 +11,7 @@ import ( "io" "math" + "github.com/decred/dcrd/dcrec/secp256k1/v4" "golang.org/x/crypto/chacha20" "golang.org/x/crypto/hkdf" ) @@ -24,7 +25,7 @@ type EncryptOptions struct { Version int } -func Encrypt(key []byte, plaintext string, options *EncryptOptions) (string, error) { +func Encrypt(conversationKey []byte, plaintext string, options *EncryptOptions) (string, error) { var ( version int = 2 salt []byte @@ -53,7 +54,7 @@ func Encrypt(key []byte, plaintext string, options *EncryptOptions) (string, err if len(salt) != 32 { return "", errors.New("salt must be 32 bytes") } - if enc, nonce, auth, err = messageKeys(key, salt); err != nil { + if enc, nonce, auth, err = messageKeys(conversationKey, salt); err != nil { return "", err } if padded, err = pad(plaintext); err != nil { @@ -70,7 +71,7 @@ func Encrypt(key []byte, plaintext string, options *EncryptOptions) (string, err return base64.StdEncoding.EncodeToString(concat), nil } -func Decrypt(key []byte, ciphertext string) (string, error) { +func Decrypt(conversationKey []byte, ciphertext string) (string, error) { var ( version int = 2 decoded []byte @@ -97,7 +98,7 @@ func Decrypt(key []byte, ciphertext string) (string, error) { } dLen = len(decoded) salt, ciphertext_, hmac_ = decoded[1:33], decoded[33:dLen-32], decoded[dLen-32:] - if enc, nonce, auth, err = messageKeys(key, salt); err != nil { + if enc, nonce, auth, err = messageKeys(conversationKey, salt); err != nil { return "", err } if !bytes.Equal(hmac_, sha256Hmac(auth, ciphertext_)) { @@ -114,6 +115,10 @@ func Decrypt(key []byte, ciphertext string) (string, error) { return string(unpadded), nil } +func GenerateConversationKey(sendPrivkey *secp256k1.PrivateKey, recvPubkey *secp256k1.PublicKey) []byte { + return secp256k1.GenerateSharedSecret(sendPrivkey, recvPubkey) +} + func chacha20_(key []byte, nonce []byte, message []byte) ([]byte, error) { var ( cipher *chacha20.Cipher diff --git a/nip44_test.go b/nip44_test.go index b7acbdb..49e1557 100644 --- a/nip44_test.go +++ b/nip44_test.go @@ -5,56 +5,165 @@ import ( "testing" "git.ekzyis.com/ekzyis/nip44" + "github.com/decred/dcrd/dcrec/secp256k1/v4" "github.com/stretchr/testify/assert" ) -func assertCrypt(t *testing.T, key string, salt string, plaintext string, expected string) { +func assertCryptSec(t *testing.T, sk1 string, sk2 string, conversationKey string, salt string, plaintext string, expected string) { var ( - k []byte + k1 []byte s []byte actual string decrypted string - err error ok bool + err error ) - k, err = hex.DecodeString(key) - if ok = assert.NoErrorf(t, err, "hex decode failed for key: %v", err); !ok { + k1, err = hex.DecodeString(conversationKey) + if ok = assert.NoErrorf(t, err, "hex decode failed for conversation key: %v", err); !ok { + return + } + if ok = assertConversationKeyGenerationSec(t, sk1, sk2, conversationKey); !ok { return } s, err = hex.DecodeString(salt) if ok = assert.NoErrorf(t, err, "hex decode failed for salt: %v", err); !ok { return } - actual, err = nip44.Encrypt(k, plaintext, &nip44.EncryptOptions{Salt: s}) + actual, err = nip44.Encrypt(k1, plaintext, &nip44.EncryptOptions{Salt: s}) if ok = assert.NoError(t, err, "encryption failed: %v", err); !ok { return } if ok = assert.Equalf(t, expected, actual, "wrong encryption"); !ok { return } - decrypted, err = nip44.Decrypt(k, expected) + decrypted, err = nip44.Decrypt(k1, expected) if ok = assert.NoErrorf(t, err, "decryption failed: %v", err); !ok { return } assert.Equal(t, decrypted, plaintext, "wrong decryption") } -func assertDecryptFail(t *testing.T, key string, ciphertext string, msg string) { +func assertCryptPub(t *testing.T, sk1 string, pub2 string, conversationKey string, salt string, plaintext string, expected string) { var ( - k []byte - err error - ok bool + k1 []byte + s []byte + actual string + decrypted string + ok bool + err error ) - k, err = hex.DecodeString(key) - if ok = assert.NoErrorf(t, err, "hex decode failed for key: %v", err); !ok { + k1, err = hex.DecodeString(conversationKey) + if ok = assert.NoErrorf(t, err, "hex decode failed for conversation key: %v", err); !ok { return } - _, err = nip44.Decrypt(k, ciphertext) + if ok = assertConversationKeyGenerationPub(t, sk1, pub2, conversationKey); !ok { + return + } + s, err = hex.DecodeString(salt) + if ok = assert.NoErrorf(t, err, "hex decode failed for salt: %v", err); !ok { + return + } + actual, err = nip44.Encrypt(k1, plaintext, &nip44.EncryptOptions{Salt: s}) + if ok = assert.NoError(t, err, "encryption failed: %v", err); !ok { + return + } + if ok = assert.Equalf(t, expected, actual, "wrong encryption"); !ok { + return + } + decrypted, err = nip44.Decrypt(k1, expected) + if ok = assert.NoErrorf(t, err, "decryption failed: %v", err); !ok { + return + } + assert.Equal(t, decrypted, plaintext, "wrong decryption") +} + +func assertDecryptFail(t *testing.T, sk1 string, pub2 string, conversationKey string, ciphertext string, msg string) { + var ( + k1 []byte + ok bool + err error + ) + k1, err = hex.DecodeString(conversationKey) + if ok = assert.NoErrorf(t, err, "hex decode failed for conversation key: %v", err); !ok { + return + } + if ok = assertConversationKeyGenerationPub(t, sk1, pub2, conversationKey); !ok { + return + } + _, err = nip44.Decrypt(k1, ciphertext) assert.ErrorContains(t, err, msg) } -func TestCrypt001(t *testing.T) { - assertCrypt(t, +func assertConversationKeyGeneration(t *testing.T, sendPrivkey *secp256k1.PrivateKey, recvPubkey *secp256k1.PublicKey, conversationKey string) bool { + var ( + actualConversationKey []byte + expectedConversationKey []byte + ok bool + err error + ) + expectedConversationKey, err = hex.DecodeString(conversationKey) + if ok = assert.NoErrorf(t, err, "hex decode failed for conversation key: %v", err); !ok { + return false + } + actualConversationKey = nip44.GenerateConversationKey(sendPrivkey, recvPubkey) + if ok = assert.Equalf(t, expectedConversationKey, actualConversationKey, "wrong conversation key"); !ok { + return false + } + return true +} + +func assertConversationKeyGenerationSec(t *testing.T, sk1 string, sk2 string, conversationKey string) bool { + var ( + sendPrivkey *secp256k1.PrivateKey + recvPubkey *secp256k1.PublicKey + ok bool + err error + ) + if decoded, err := hex.DecodeString(sk1); err == nil { + sendPrivkey = secp256k1.PrivKeyFromBytes(decoded) + } + if ok = assert.NoErrorf(t, err, "hex decode failed for sk1: %v", err); !ok { + return false + } + if decoded, err := hex.DecodeString(sk2); err == nil { + recvPubkey = secp256k1.PrivKeyFromBytes(decoded).PubKey() + } + if ok = assert.NoErrorf(t, err, "hex decode failed for sk2: %v", err); !ok { + return false + } + return assertConversationKeyGeneration(t, sendPrivkey, recvPubkey, conversationKey) +} + +func assertConversationKeyGenerationPub(t *testing.T, sk1 string, pub2 string, conversationKey string) bool { + + var ( + sendPrivkey *secp256k1.PrivateKey + recvPubkey *secp256k1.PublicKey + ok bool + err error + ) + if decoded, err := hex.DecodeString(sk1); err == nil { + sendPrivkey = secp256k1.PrivKeyFromBytes(decoded) + } + if ok = assert.NoErrorf(t, err, "hex decode failed for sk1: %v", err); !ok { + return false + } + if decoded, err := hex.DecodeString("02" + pub2); err == nil { + recvPubkey, err = secp256k1.ParsePubKey(decoded) + if ok = assert.NoErrorf(t, err, "parse pubkey failed: %v", err); !ok { + return false + } + } + if ok = assert.NoErrorf(t, err, "hex decode failed for pub2: %v", err); !ok { + return false + } + return assertConversationKeyGeneration(t, sendPrivkey, recvPubkey, conversationKey) +} + +func TestCryptSec001(t *testing.T) { + assertCryptSec(t, + "0000000000000000000000000000000000000000000000000000000000000001", + "0000000000000000000000000000000000000000000000000000000000000002", "c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5", "0000000000000000000000000000000000000000000000000000000000000001", "a", @@ -62,8 +171,10 @@ func TestCrypt001(t *testing.T) { ) } -func TestCrypt002(t *testing.T) { - assertCrypt(t, +func TestCryptSec002(t *testing.T) { + assertCryptSec(t, + "0000000000000000000000000000000000000000000000000000000000000002", + "0000000000000000000000000000000000000000000000000000000000000001", "c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5", "f00000000000000000000000000000f00000000000000000000000000000000f", "๐Ÿ•๐Ÿซƒ", @@ -71,8 +182,10 @@ func TestCrypt002(t *testing.T) { ) } -func TestCrypt003(t *testing.T) { - assertCrypt(t, +func TestCryptSec003(t *testing.T) { + assertCryptSec(t, + "5c0c523f52a5b6fad39ed2403092df8cebc36318b39383bca6c00808626fab3a", + "4b22aa260e4acb7021e32f38a6cdf4b673c6a277755bfce287e370c924dc936d", "94da47d851b9c1ed33b3b72f35434f56aa608d60e573e9c295f568011f4f50a4", "b635236c42db20f021bb8d1cdff5ca75dd1a0cc72ea742ad750f33010b24f73b", "่กจใƒใ‚A้ท—ล’รฉ๏ผข้€รœรŸยชฤ…รฑไธ‚ใ€๐ €€", @@ -80,8 +193,10 @@ func TestCrypt003(t *testing.T) { ) } -func TestCrypt004(t *testing.T) { - assertCrypt(t, +func TestCryptSec004(t *testing.T) { + assertCryptSec(t, + "8f40e50a84a7462e2b8d24c28898ef1f23359fff50d8c509e6fb7ce06e142f9c", + "b9b0a1e9cc20100c5faa3bbe2777303d25950616c4c6a3fa2e3e046f936ec2ba", "ab99c122d4586cdd5c813058aa543d0e7233545dbf6874fc34a3d8d9a18fbbc3", "b20989adc3ddc41cd2c435952c0d59a91315d8c5218d5040573fc3749543acaf", "ability๐Ÿค็š„ ศบศพ", @@ -89,8 +204,10 @@ func TestCrypt004(t *testing.T) { ) } -func TestCrypt005(t *testing.T) { - assertCrypt(t, +func TestCryptSec005(t *testing.T) { + assertCryptSec(t, + "875adb475056aec0b4809bd2db9aa00cff53a649e7b59d8edcbf4e6330b0995c", + "9c05781112d5b0a2a7148a222e50e0bd891d6b60c5483f03456e982185944aae", "a449f2a85c6d3db0f44c64554a05d11a3c0988d645e4b4b2592072f63662f422", "8d4442713eb9d4791175cb040d98d6fc5be8864d6ec2f89cf0895a2b2b72d1b1", "pepper๐Ÿ‘€ั—ะถะฐะบ", @@ -98,8 +215,10 @@ func TestCrypt005(t *testing.T) { ) } -func TestCrypt006(t *testing.T) { - assertCrypt(t, +func TestCryptSec006(t *testing.T) { + assertCryptSec(t, + "eba1687cab6a3101bfc68fd70f214aa4cc059e9ec1b79fdb9ad0a0a4e259829f", + "dff20d262bef9dfd94666548f556393085e6ea421c8af86e9d333fa8747e94b3", "decde9938ffcb14fa7ff300105eb1bf239469af9baf376e69755b9070ae48c47", "2180b52ae645fcf9f5080d81b1f0b5d6f2cd77ff3c986882bb549158462f3407", "( อกยฐ อœส– อกยฐ)", @@ -107,8 +226,10 @@ func TestCrypt006(t *testing.T) { ) } -func TestCrypt007(t *testing.T) { - assertCrypt(t, +func TestCryptSec007(t *testing.T) { + assertCryptSec(t, + "d5633530f5bcfebceb5584cfbbf718a30df0751b729dd9a789b9f30c0587d74e", + "b74e6a341fb134127272b795a08b59250e5fa45a82a2eb4095e4ce9ed5f5e214", "c6f2fde7aa00208c388f506455c31c3fa07caf8b516d43bf7514ee19edcda994", "e4cd5f7ce4eea024bc71b17ad456a986a74ac426c2c62b0a15eb5c5c8f888b68", "ู…ูู†ูŽุงู‚ูŽุดูŽุฉู ุณูุจูู„ู ุงูุณู’ุชูุฎู’ุฏูŽุงู…ู ุงู„ู„ูู‘ุบูŽุฉู ูููŠ ุงู„ู†ูู‘ุธูู…ู ุงู„ู’ู‚ูŽุงุฆูู…ูŽุฉู ูˆูŽูููŠู… ูŠูŽุฎูุตูŽู‘ ุงู„ุชูŽู‘ุทู’ุจููŠู‚ูŽุงุชู ุงู„ู’ุญุงุณููˆุจููŠูŽู‘ุฉูุŒ", @@ -116,8 +237,10 @@ func TestCrypt007(t *testing.T) { ) } -func TestCrypt008(t *testing.T) { - assertCrypt(t, +func TestCryptSec008(t *testing.T) { + assertCryptSec(t, + "d5633530f5bcfebceb5584cfbbf718a30df0751b729dd9a789b9f30c0587d74e", + "b74e6a341fb134127272b795a08b59250e5fa45a82a2eb4095e4ce9ed5f5e214", "c6f2fde7aa00208c388f506455c31c3fa07caf8b516d43bf7514ee19edcda994", "38d1ca0abef9e5f564e89761a86cee04574b6825d3ef2063b10ad75899e4b023", "ุงู„ูƒู„ ููŠ ุงู„ู…ุฌู…ูˆ ุนุฉ (5)", @@ -125,8 +248,10 @@ func TestCrypt008(t *testing.T) { ) } -func TestCrypt009(t *testing.T) { - assertCrypt(t, +func TestCryptSec009(t *testing.T) { + assertCryptSec(t, + "d5633530f5bcfebceb5584cfbbf718a30df0751b729dd9a789b9f30c0587d74e", + "b74e6a341fb134127272b795a08b59250e5fa45a82a2eb4095e4ce9ed5f5e214", "c6f2fde7aa00208c388f506455c31c3fa07caf8b516d43bf7514ee19edcda994", "4f1a31909f3483a9e69c8549a55bbc9af25fa5bbecf7bd32d9896f83ef2e12e0", "๐–‘๐–†๐–Ÿ๐–ž ็คพๆœƒ็ง‘ๅญธ้™ข่ชžๅญธ็ ”็ฉถๆ‰€", @@ -134,8 +259,10 @@ func TestCrypt009(t *testing.T) { ) } -func TestCrypt010(t *testing.T) { - assertCrypt(t, +func TestCryptSec010(t *testing.T) { + assertCryptSec(t, + "d5633530f5bcfebceb5584cfbbf718a30df0751b729dd9a789b9f30c0587d74e", + "b74e6a341fb134127272b795a08b59250e5fa45a82a2eb4095e4ce9ed5f5e214", "c6f2fde7aa00208c388f506455c31c3fa07caf8b516d43bf7514ee19edcda994", "a3e219242d85465e70adcd640b564b3feff57d2ef8745d5e7a0663b2dccceb54", "๐Ÿ™ˆ ๐Ÿ™‰ ๐Ÿ™Š 0๏ธโƒฃ 1๏ธโƒฃ 2๏ธโƒฃ 3๏ธโƒฃ 4๏ธโƒฃ 5๏ธโƒฃ 6๏ธโƒฃ 7๏ธโƒฃ 8๏ธโƒฃ 9๏ธโƒฃ ๐Ÿ”Ÿ Powerู„ูู„ูุตู‘ุจูู„ูู„ุตู‘ุจูุฑุฑู‹ เฅฃ เฅฃh เฅฃ เฅฃๅ†—", @@ -143,8 +270,10 @@ func TestCrypt010(t *testing.T) { ) } -func TestCrypt011(t *testing.T) { - assertCrypt(t, +func TestCryptPub001(t *testing.T) { + assertCryptPub(t, + "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364139", + "0000000000000000000000000000000000000000000000000000000000000002", "7a1ccf5ce5a08e380f590de0c02776623b85a61ae67cfb6a017317e505b7cb51", "a000000000000000000000000000000000000000000000000000000000000001", "โฐโดโตโ‚€โ‚โ‚‚", @@ -152,8 +281,10 @@ func TestCrypt011(t *testing.T) { ) } -func TestCrypt012(t *testing.T) { - assertCrypt(t, +func TestCryptPub002(t *testing.T) { + assertCryptPub(t, + "0000000000000000000000000000000000000000000000000000000000000002", + "1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdeb", "aa971537d741089885a0b48f2730a125e15b36033d089d4537a4e1204e76b39e", "b000000000000000000000000000000000000000000000000000000000000002", "A Peer-to-Peer Electronic Cash System", @@ -161,8 +292,10 @@ func TestCrypt012(t *testing.T) { ) } -func TestCrypt013(t *testing.T) { - assertCrypt(t, +func TestCryptPub003(t *testing.T) { + assertCryptPub(t, + "0000000000000000000000000000000000000000000000000000000000000001", + "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798", "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798", "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798", "A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending.", @@ -172,6 +305,8 @@ func TestCrypt013(t *testing.T) { func TestCryptFail001(t *testing.T) { assertDecryptFail(t, + "2573d1e9b9ac5de5d570f652cbb9e8d4f235e3d3d334181448e87c417f374e83", + "8348c2d35549098706e5bab7966d9a9c72fbf6554e918f41c2b6cb275f79ec13", "8673ec68393a997bfad7eab8661461daf8b3931b7e885d78312a3fb7fe17f41a", "##Atqupco0WyaOW2IGDKcshwxI9xO8HgD/P8Ddt46CbxDbOsrsqIEybscEwg5rnI/Cx03mDSmeweOLKD7dw5BDZQDxXSlCwX1LIcTJEZaJPTz98Ftu0zSE0d93ED7OtdlvNeZx", "unknown version", @@ -180,6 +315,8 @@ func TestCryptFail001(t *testing.T) { func TestCryptFail002(t *testing.T) { assertDecryptFail(t, + "11063318c5cb3cd9cafcced42b4db5ea02ec976ed995962d2bc1fa1e9b52e29f", + "5c49873b6eac3dd363325250cc55d5dd4c7ce9a885134580405736d83506bb74", "e2aad10de00913088e5cb0f73fa526a6a17e95763cc5b2a127022f5ea5a73445", "AK1AjUvoYW3IS7C/BGRUoqEC7ayTfDUgnEPNeWTF/reBA4fZmoHrtrz5I5pCHuwWZ22qqL/Xt1VidEZGMLds0yaJ5VwUbeEifEJlPICOFt1ssZJxCUf43HvRwCVTFskbhSMh", "unknown version", @@ -188,6 +325,8 @@ func TestCryptFail002(t *testing.T) { func TestCryptFail003(t *testing.T) { assertDecryptFail(t, + "2573d1e9b9ac5de5d570f652cbb9e8d4f235e3d3d334181448e87c417f374e83", + "8348c2d35549098706e5bab7966d9a9c72fbf6554e918f41c2b6cb275f79ec13", "8673ec68393a997bfad7eab8661461daf8b3931b7e885d78312a3fb7fe17f41a", "Atqupco0WyaOW2IGDKcshwxI9xO8HgD/P8Ddt46CbxDbOsrsqIEybscEwg5rnI/Cx03mDSmeweOLKD,7dw5BDZQDxXSlCwX1LIcTJEZaJPTz98Ftu0zSE0d93ED7OtdlvNeZx", "invalid base64", @@ -196,6 +335,8 @@ func TestCryptFail003(t *testing.T) { func TestCryptFail004(t *testing.T) { assertDecryptFail(t, + "5a2f39347fed3883c9fe05868a8f6156a292c45f606bc610495fcc020ed158f7", + "775bbfeba58d07f9d1fbb862e306ac780f39e5418043dadb547c7b5900245e71", "2e70c0a1cde884b88392458ca86148d859b273a5695ede5bbe41f731d7d88ffd", "Agn/l3ULCEAS4V7LhGFM6IGA17jsDUaFCKhrbXDANholdUejFZPARM22IvOqp1U/UmFSkeSyTBYbbwy5ykmi+mKiEcWL+nVmTOf28MMiC+rTpZys/8p1hqQFpn+XWZRPrVay", "invalid hmac", @@ -204,6 +345,8 @@ func TestCryptFail004(t *testing.T) { func TestCryptFail005(t *testing.T) { assertDecryptFail(t, + "067eda13c4a36090ad28a7a183e9df611186ca01f63cb30fcdfa615ebfd6fb6d", + "32c1ece2c5dd2160ad03b243f50eff12db605b86ac92da47eacc78144bf0cdd3", "a808915e31afc5b853d654d2519632dac7298ee2ecddc11695b8eba925935c2a", "AmWxSwuUmqp9UsQX63U7OQ6K1thLI69L7G2b+j4DoIr0U0P/M1/oKm95z8qz6Kg0zQawLzwk3DskvWA2drXP4zK+tzHpKvWq0KOdx5MdypboSQsP4NXfhh2KoUffjkyIOiMA", "invalid hmac", @@ -212,6 +355,8 @@ func TestCryptFail005(t *testing.T) { func TestCryptFail006(t *testing.T) { assertDecryptFail(t, + "3e7be560fb9f8c965c48953dbd00411d48577e200cf00d7cc427e49d0e8d9c01", + "e539e5fee58a337307e2a937ee9a7561b45876fb5df405c5e7be3ee564b239cc", "6ee3efc4255e3b8270e5dd3f7dc7f6b60878cda6218c8df34a3261cd48744931", "Anq2XbuLvCuONcr7V0UxTh8FAyWoZNEdBHXvdbNmDZHBu7F9m36yBd58mVUBB5ktBTOJREDaQT1KAyPmZidP+IRea1lNw5YAEK7+pbnpfCw8CD0i2n8Pf2IDWlKDhLiVvatw", "invalid padding", @@ -220,6 +365,8 @@ func TestCryptFail006(t *testing.T) { func TestCryptFail007(t *testing.T) { assertDecryptFail(t, + "c22e1d4de967aa39dc143354d8f596cec1d7c912c3140831fff2976ce3e387c1", + "4e405be192677a2da95ffc733950777213bf880cf7c3b084eeb6f3fe5bd43705", "1675a773dbf6fbcbef6a293004a4504b6c856978be738b10584b0269d437c8d1", "An1Cg+O1TIhdav7ogfSOYvCj9dep4ctxzKtZSniCw5MwhT0hvSnF9Xjp9Lml792qtNbmAVvR6laukTe9eYEjeWPpZFxtkVpYTbbL9wDKFeplDMKsUKVa+roSeSvv0ela9seDVl2Sfso=", "invalid padding", @@ -229,6 +376,8 @@ func TestCryptFail007(t *testing.T) { func TestCryptFail008(t *testing.T) { assertDecryptFail(t, + "be1edab14c5912e5c59084f197f0945242e969c363096cccb59af8898815096f", + "9eaf0775d971e4941c97189232542e1daefcdb7dddafc39bcea2520217710ba2", "1741a44c052d5ae363c7845441f73d2b6c28d9bfb3006190012bba12eb4c774b", "Am+f1yZnwnOs0jymZTcRpwhDRHTdnrFcPtsBzpqVdD6bL9HUMo3Mjkz4bjQo/FJF2LWHmaCr9Byc3hU9D7we+EkNBWenBHasT1G52fZk9r3NKeOC1hLezNwBLr7XXiULh+NbMBDtJh9/aQh1uZ9EpAfeISOzbZXwYwf0P5M85g9XER8hZ2fgJDLb4qMOuQRG6CrPezhr357nS3UHwPC2qHo3uKACxhE+2td+965yDcvMTx4KYTQg1zNhd7PA5v/WPnWeq2B623yLxlevUuo/OvXplFho3QVy7s5QZVop6qV2g2/l/SIsvD0HIcv3V35sywOCBR0K4VHgduFqkx/LEF3NGgAbjONXQHX8ZKushsEeR4TxlFoRSovAyYjhWolz+Ok3KJL2Ertds3H+M/Bdl2WnZGT0IbjZjn3DS+b1Ke0R0X4Onww2ZG3+7o6ncIwTc+lh1O7YQn00V0HJ+EIp03heKV2zWdVSC615By/+Yt9KAiV56n5+02GAuNqA", "invalid padding",