@@ -127,8 +127,20 @@ func TestEncryptDecryptRFC7253TestVectors(t *testing.T) {
127127 adata , _ := hex .DecodeString (test .header )
128128 targetPt , _ := hex .DecodeString (test .plaintext )
129129 targetCt , _ := hex .DecodeString (test .ciphertext )
130- ct := ocbInstance .Seal (nil , nonce , targetPt , adata )
131130 // Encrypt
131+ ct := ocbInstance .Seal (nil , nonce , targetPt , adata )
132+ if ! bytes .Equal (ct , targetCt ) {
133+ t .Errorf (
134+ `RFC7253 Test vectors Encrypt error (ciphertexts don't match):
135+ Got:
136+ %X
137+ Want:
138+ %X` , ct , targetCt )
139+ }
140+ // Encrypt reusing buffer
141+ pt := make ([]byte , len (targetPt ) + ocbInstance .Overhead ())
142+ copy (pt , targetPt )
143+ ct = ocbInstance .Seal (pt [:0 ], nonce , pt [:len (targetPt )], adata )
132144 if ! bytes .Equal (ct , targetCt ) {
133145 t .Errorf (
134146 `RFC7253 Test vectors Encrypt error (ciphertexts don't match):
@@ -138,14 +150,14 @@ func TestEncryptDecryptRFC7253TestVectors(t *testing.T) {
138150 %X` , ct , targetCt )
139151 }
140152 // Decrypt
141- pt , err := ocbInstance .Open (nil , nonce , targetCt , adata )
153+ pt , err := ocbInstance .Open (nil , nonce , ct , adata )
142154 if err != nil {
143155 t .Errorf (
144156 `RFC7253 Valid ciphertext was refused decryption:
145157 plaintext %X
146158 nonce %X
147159 header %X
148- ciphertext %X` , targetPt , nonce , adata , targetCt )
160+ ciphertext %X` , targetPt , nonce , adata , ct )
149161 }
150162 if ! bytes .Equal (pt , targetPt ) {
151163 t .Errorf (
@@ -155,6 +167,24 @@ func TestEncryptDecryptRFC7253TestVectors(t *testing.T) {
155167 Want:
156168 %X` , pt , targetPt )
157169 }
170+ // Decrypt reusing buffer
171+ pt , err = ocbInstance .Open (ct [:0 ], nonce , ct , adata )
172+ if err != nil {
173+ t .Errorf (
174+ `RFC7253 Valid ciphertext was refused decryption:
175+ plaintext %X
176+ nonce %X
177+ header %X
178+ ciphertext %X` , targetPt , nonce , adata , ct )
179+ }
180+ if ! bytes .Equal (pt , targetPt ) {
181+ t .Errorf (
182+ `RFC7253 test vectors Decrypt error (plaintexts don't match):
183+ Got:
184+ %X
185+ Want:
186+ %X` , targetPt , pt )
187+ }
158188 }
159189}
160190
@@ -182,7 +212,30 @@ func TestEncryptDecryptRFC7253TagLen96(t *testing.T) {
182212 Want:
183213 %X` , ct , targetCt )
184214 }
185- pt , err := ocbInstance .Open (nil , nonce , targetCt , adata )
215+ pt := make ([]byte , len (targetPt ) + ocbInstance .Overhead ())
216+ copy (pt , targetPt )
217+ ct = ocbInstance .Seal (pt [:0 ], nonce , pt [:len (targetPt )], adata )
218+ if ! bytes .Equal (ct , targetCt ) {
219+ t .Errorf (
220+ `RFC7253 test tagLen96 error (ciphertexts don't match):
221+ Got:
222+ %X
223+ Want:
224+ %X` , ct , targetCt )
225+ }
226+ pt , err = ocbInstance .Open (nil , nonce , ct , adata )
227+ if err != nil {
228+ t .Errorf (`RFC7253 test tagLen96 was refused decryption` )
229+ }
230+ if ! bytes .Equal (pt , targetPt ) {
231+ t .Errorf (
232+ `RFC7253 test tagLen96 error (plaintexts don't match):
233+ Got:
234+ %X
235+ Want:
236+ %X` , pt , targetPt )
237+ }
238+ pt , err = ocbInstance .Open (ct [:0 ], nonce , ct , adata )
186239 if err != nil {
187240 t .Errorf (`RFC7253 test tagLen96 was refused decryption` )
188241 }
@@ -274,15 +327,47 @@ func TestEncryptDecryptGoTestVectors(t *testing.T) {
274327 %X` , ct , targetCt )
275328 }
276329
330+ // Encrypt reusing buffer
331+ pt := make ([]byte , len (targetPt ) + ocbInstance .Overhead ())
332+ copy (pt , targetPt )
333+ ct = ocbInstance .Seal (pt [:0 ], nonce , pt [:len (targetPt )], adata )
334+ if ! bytes .Equal (ct , targetCt ) {
335+ t .Errorf (
336+ `Go Test vectors Encrypt error (ciphertexts don't match):
337+ Got:
338+ %X
339+ Want:
340+ %X` , ct , targetCt )
341+ }
342+
277343 // Decrypt
278- pt , err : =ocbInstance .Open (nil , nonce , targetCt , adata )
344+ pt , err = ocbInstance .Open (nil , nonce , ct , adata )
279345 if err != nil {
280346 t .Errorf (
281347 `Valid Go ciphertext was refused decryption:
282348 plaintext %X
283349 nonce %X
284350 header %X
285- ciphertext %X` , targetPt , nonce , adata , targetCt )
351+ ciphertext %X` , targetPt , nonce , adata , ct )
352+ }
353+ if ! bytes .Equal (pt , targetPt ) {
354+ t .Errorf (
355+ `Go Test vectors Decrypt error (plaintexts don't match):
356+ Got:
357+ %X
358+ Want:
359+ %X` , pt , targetPt )
360+ }
361+
362+ // Decrypt reusing buffer
363+ pt , err = ocbInstance .Open (ct [:0 ], nonce , ct , adata )
364+ if err != nil {
365+ t .Errorf (
366+ `Valid Go ciphertext was refused decryption:
367+ plaintext %X
368+ nonce %X
369+ header %X
370+ ciphertext %X` , targetPt , nonce , adata , ct )
286371 }
287372 if ! bytes .Equal (pt , targetPt ) {
288373 t .Errorf (
@@ -333,6 +418,17 @@ func TestEncryptDecryptVectorsWithPreviousDataRandomizeSlow(t *testing.T) {
333418 `Random Encrypt/Decrypt error (plaintexts don't match)` )
334419 break
335420 }
421+ decrypted , err = ocb .Open (ct [:0 ], nonce , ct , header )
422+ if err != nil {
423+ t .Errorf (
424+ `Decrypt refused valid tag (not displaying long output)` )
425+ break
426+ }
427+ if ! bytes .Equal (pt , decrypted ) {
428+ t .Errorf (
429+ `Random Encrypt/Decrypt error (plaintexts don't match)` )
430+ break
431+ }
336432 }
337433}
338434
@@ -369,6 +465,12 @@ func TestRejectTamperedCiphertextRandomizeSlow(t *testing.T) {
369465 "Tampered ciphertext was not refused decryption (OCB did not return an error)" )
370466 return
371467 }
468+ _ , err = ocb .Open (tampered [:0 ], nonce , tampered , header )
469+ if err == nil {
470+ t .Errorf (
471+ "Tampered ciphertext was not refused decryption (OCB did not return an error)" )
472+ return
473+ }
372474}
373475
374476func TestParameters (t * testing.T ) {
0 commit comments