Skip to content

Commit f280790

Browse files
twisslubux
twiss
authored and
lubux
committed
Revert "Update to draft-ietf-openpgp-persistent-symmetric-keys-00"
This reverts commit 99debaa.
1 parent e283f7e commit f280790

19 files changed

+334
-186
lines changed

openpgp/internal/algorithm/aead.go

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12,11 +12,6 @@ import (
1212
// operation.
1313
type AEADMode uint8
1414

15-
// Id returns the algorithm ID, as a byte, of mode.
16-
func (mode AEADMode) Id() uint8 {
17-
return uint8(mode)
18-
}
19-
2015
// Supported modes of operation (see RFC4880bis [EAX] and RFC7253)
2116
const (
2217
AEADModeEAX = AEADMode(1)

openpgp/internal/algorithm/cipher.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ var CipherById = map[uint8]Cipher{
4646

4747
type CipherFunction uint8
4848

49-
// Id returns the algorithm ID, as a byte, of cipher.
49+
// ID returns the algorithm Id, as a byte, of cipher.
5050
func (sk CipherFunction) Id() uint8 {
5151
return uint8(sk)
5252
}

openpgp/internal/encoding/short_byte_string.go

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
package encoding
2+
3+
import (
4+
"io"
5+
)
6+
7+
type ShortByteString struct {
8+
length uint8
9+
data []byte
10+
}
11+
12+
func NewShortByteString(data []byte) *ShortByteString {
13+
byteLength := uint8(len(data))
14+
15+
return &ShortByteString{byteLength, data}
16+
}
17+
18+
func (byteString *ShortByteString) Bytes() []byte {
19+
return byteString.data
20+
}
21+
22+
func (byteString *ShortByteString) BitLength() uint16 {
23+
return uint16(byteString.length) * 8
24+
}
25+
26+
func (byteString *ShortByteString) EncodedBytes() []byte {
27+
encodedLength := [1]byte{
28+
uint8(byteString.length),
29+
}
30+
return append(encodedLength[:], byteString.data...)
31+
}
32+
33+
func (byteString *ShortByteString) EncodedLength() uint16 {
34+
return uint16(byteString.length) + 1
35+
}
36+
37+
func (byteString *ShortByteString) ReadFrom(r io.Reader) (int64, error) {
38+
var lengthBytes [1]byte
39+
if n, err := io.ReadFull(r, lengthBytes[:]); err != nil {
40+
return int64(n), err
41+
}
42+
43+
byteString.length = uint8(lengthBytes[0])
44+
45+
byteString.data = make([]byte, byteString.length)
46+
if n, err := io.ReadFull(r, byteString.data); err != nil {
47+
return int64(n + 1), err
48+
}
49+
return int64(byteString.length + 1), nil
50+
}

openpgp/internal/encoding/short_byte_string_test.go

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,61 @@
1+
package encoding
2+
3+
import (
4+
"bytes"
5+
"testing"
6+
)
7+
8+
var octetStreamTests = []struct {
9+
data []byte
10+
}{
11+
{
12+
data: []byte{0x0, 0x0, 0x0},
13+
},
14+
{
15+
data: []byte{0x1, 0x2, 0x03},
16+
},
17+
{
18+
data: make([]byte, 255),
19+
},
20+
}
21+
22+
func TestShortByteString(t *testing.T) {
23+
for i, test := range octetStreamTests {
24+
octetStream := NewShortByteString(test.data)
25+
26+
if b := octetStream.Bytes(); !bytes.Equal(b, test.data) {
27+
t.Errorf("#%d: bad creation got:%x want:%x", i, b, test.data)
28+
}
29+
30+
expectedBitLength := uint16(len(test.data)) * 8
31+
if bitLength := octetStream.BitLength(); bitLength != expectedBitLength {
32+
t.Errorf("#%d: bad bit length got:%d want :%d", i, bitLength, expectedBitLength)
33+
}
34+
35+
expectedEncodedLength := uint16(len(test.data)) + 1
36+
if encodedLength := octetStream.EncodedLength(); encodedLength != expectedEncodedLength {
37+
t.Errorf("#%d: bad encoded length got:%d want:%d", i, encodedLength, expectedEncodedLength)
38+
}
39+
40+
encodedBytes := octetStream.EncodedBytes()
41+
if !bytes.Equal(encodedBytes[1:], test.data) {
42+
t.Errorf("#%d: bad encoded bytes got:%x want:%x", i, encodedBytes[1:], test.data)
43+
}
44+
45+
encodedLength := int(encodedBytes[0])
46+
if encodedLength != len(test.data) {
47+
t.Errorf("#%d: bad encoded length got:%d want%d", i, encodedLength, len(test.data))
48+
}
49+
50+
newStream := new(ShortByteString)
51+
newStream.ReadFrom(bytes.NewReader(encodedBytes))
52+
53+
if !checkEquality(newStream, octetStream) {
54+
t.Errorf("#%d: bad parsing of encoded octet stream", i)
55+
}
56+
}
57+
}
58+
59+
func checkEquality(left *ShortByteString, right *ShortByteString) bool {
60+
return (left.length == right.length) && (bytes.Equal(left.data, right.data))
61+
}

openpgp/key_generation.go

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -383,10 +383,9 @@ func newDecrypter(config *packet.Config) (decrypter interface{}, err error) {
383383
return x25519.GenerateKey(config.Random())
384384
case packet.PubKeyAlgoEd448, packet.PubKeyAlgoX448: // When passing Ed448, we generate an x448 subkey
385385
return x448.GenerateKey(config.Random())
386-
case packet.ExperimentalPubKeyAlgoHMAC, packet.ExperimentalPubKeyAlgoAEAD: // When passing HMAC, we generate an AEAD subkey
386+
case packet.ExperimentalPubKeyAlgoAEAD:
387387
cipher := algorithm.CipherFunction(config.Cipher())
388-
aead := algorithm.AEADMode(config.AEAD().Mode())
389-
return symmetric.AEADGenerateKey(config.Random(), cipher, aead)
388+
return symmetric.AEADGenerateKey(config.Random(), cipher)
390389
case packet.PubKeyAlgoMldsa65Ed25519, packet.PubKeyAlgoMldsa87Ed448:
391390
if pubKeyAlgo, err = packet.GetMatchingMlkem(config.PublicKeyAlgorithm()); err != nil {
392391
return nil, err

openpgp/keys_test.go

Lines changed: 24 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -1214,13 +1214,16 @@ func TestAddHMACSubkey(t *testing.T) {
12141214
t.Error("generated Public and Private Key differ")
12151215
}
12161216

1217-
if !bytes.Equal(parsedPublicKey.FpSeed[:], generatedPublicKey.FpSeed[:]) {
1217+
if !bytes.Equal(parsedPrivateKey.HashSeed[:], generatedPrivateKey.HashSeed[:]) {
12181218
t.Error("parsed wrong hash seed")
12191219
}
12201220

12211221
if parsedPrivateKey.PublicKey.Hash != generatedPrivateKey.PublicKey.Hash {
12221222
t.Error("parsed wrong cipher id")
12231223
}
1224+
if !bytes.Equal(parsedPrivateKey.PublicKey.BindingHash[:], generatedPrivateKey.PublicKey.BindingHash[:]) {
1225+
t.Error("parsed wrong binding hash")
1226+
}
12241227
}
12251228

12261229
func TestSerializeSymmetricSubkeyError(t *testing.T) {
@@ -1232,13 +1235,13 @@ func TestSerializeSymmetricSubkeyError(t *testing.T) {
12321235
buf := bytes.NewBuffer(nil)
12331236
w, _ := armor.Encode(buf, "PGP PRIVATE KEY BLOCK", nil)
12341237

1235-
entity.PrimaryKey.PubKeyAlgo = 128
1238+
entity.PrimaryKey.PubKeyAlgo = 100
12361239
err = entity.Serialize(w)
12371240
if err == nil {
12381241
t.Fatal(err)
12391242
}
12401243

1241-
entity.PrimaryKey.PubKeyAlgo = 129
1244+
entity.PrimaryKey.PubKeyAlgo = 101
12421245
err = entity.Serialize(w)
12431246
if err == nil {
12441247
t.Fatal(err)
@@ -1289,15 +1292,15 @@ func TestAddAEADSubkey(t *testing.T) {
12891292
t.Error("generated Public and Private Key differ")
12901293
}
12911294

1292-
if !bytes.Equal(parsedPublicKey.FpSeed[:], generatedPublicKey.FpSeed[:]) {
1295+
if !bytes.Equal(parsedPrivateKey.HashSeed[:], generatedPrivateKey.HashSeed[:]) {
12931296
t.Error("parsed wrong hash seed")
12941297
}
12951298

12961299
if parsedPrivateKey.PublicKey.Cipher.Id() != generatedPrivateKey.PublicKey.Cipher.Id() {
12971300
t.Error("parsed wrong cipher id")
12981301
}
1299-
if parsedPrivateKey.PublicKey.AEADMode.Id() != generatedPrivateKey.PublicKey.AEADMode.Id() {
1300-
t.Error("parsed wrong aead mode")
1302+
if !bytes.Equal(parsedPrivateKey.PublicKey.BindingHash[:], generatedPrivateKey.PublicKey.BindingHash[:]) {
1303+
t.Error("parsed wrong binding hash")
13011304
}
13021305
}
13031306

@@ -1341,11 +1344,11 @@ func TestNoSymmetricKeySerialized(t *testing.T) {
13411344
t.Error("Private key was serialized with public")
13421345
}
13431346

1344-
firstFpSeed := entity.Subkeys[1].PublicKey.PublicKey.(*symmetric.AEADPublicKey).FpSeed
1345-
i = bytes.Index(w.Bytes(), firstFpSeed[:])
1347+
firstBindingHash := entity.Subkeys[1].PublicKey.PublicKey.(*symmetric.AEADPublicKey).BindingHash
1348+
i = bytes.Index(w.Bytes(), firstBindingHash[:])
13461349

1347-
secondFpSeed := entity.Subkeys[2].PublicKey.PublicKey.(*symmetric.HMACPublicKey).FpSeed
1348-
k = bytes.Index(w.Bytes(), secondFpSeed[:])
1350+
secondBindingHash := entity.Subkeys[2].PublicKey.PublicKey.(*symmetric.HMACPublicKey).BindingHash
1351+
k = bytes.Index(w.Bytes(), secondBindingHash[:])
13491352
if (i > 0) || (k > 0) {
13501353
t.Errorf("Symmetric public key metadata exported %d %d", i, k)
13511354
}
@@ -2052,19 +2055,17 @@ mQ00BF00000BCAD0000000000000000000000000000000000000000000000000
20522055
func TestSymmetricKeys(t *testing.T) {
20532056
data := `-----BEGIN PGP PRIVATE KEY BLOCK-----
20542057
2055-
xUoEZyoQrIEImuGs5gaOTekO00WQx6MDnyBPvxmpMiOgeVse7+aqarsAc8F5
2056-
NFm3pVkFDZxX0MqRCPqCwsa/BXJGlrEdMAwSNckOV80xUGVyc2lzdGVudCBT
2057-
eW1tZXRyaWMgS2V5IDxwZXJzaXN0ZW50QGV4YW1wbGUub3JnPsKvBBOBCgCF
2058-
BYJnKhCsAwsJBwmQDqlD7wlMH9dFFAAAAAAAHAAgc2FsdEBub3RhdGlvbnMu
2059-
b3BlbnBncGpzLm9yZ4pMjYSZvCHJsWo5/hQJ3qfDMVMnetCsdS4ZSR6oeO7l
2060-
BRUKCAwOBBYAAgECGQECmwMCHgEWIQSbMhUPoVGIuE9u9GAOqUPvCUwf1wAA
2061-
QXxcTdhWEMhv+uYj8lUjGbDiqMHc7oGQSattlK89H9KT18dLBGcqEKyACQPs
2062-
AUFGawprheOyMQEYmVQUCoTdw4SVAxPk3Wkdbd7YtQATgtwB+JTCDy4de8F+
2063-
yKpsXCJEFrVCsVnFyyY3gH5Wgw5PwpoEGIEKAHAFgmcqEKwJkA6pQ+8JTB/X
2064-
RRQAAAAAABwAIHNhbHRAbm90YXRpb25zLm9wZW5wZ3Bqcy5vcmdwNnP67WFb
2065-
3vwFQkTQHsuFKLqvtvpQdnDs9RmvPxLZUwKbDBYhBJsyFQ+hUYi4T270YA6p
2066-
Q+8JTB/XAAC0o7OPSjaqMfpfYDUewr7Ehi5kFRCDBwbxLWFryAiICULT
2067-
=ywfD
2058+
xWoEYs7w5mUIcFvlmkuricX26x138uvHGlwIaxWIbRnx1+ggPcveTcwA4zSZ
2059+
n6XcD0Q5aLe6dTEBwCyfUecZ/nA0W8Pl9xBHfjIjQuxcUBnIqxZ061RZPjef
2060+
D/XIQga1ftLDelhylQwL7R3TzQ1TeW1tZXRyaWMgS2V5wmkEEGUIAB0FAmLO
2061+
8OYECwkHCAMVCAoEFgACAQIZAQIbAwIeAQAhCRCRTKq2ObiQKxYhBMHTTXXF
2062+
ULQ2M2bYNJFMqrY5uJArIawgJ+5RSsN8VNuZTKJbG88TIedU05wwKjW3wqvT
2063+
X6Z7yfbHagRizvDmZAluL/kJo6hZ1kFENpQkWD/Kfv1vAG3nbxhsVEzBQ6a1
2064+
OAD24BaKJz6gWgj4lASUNK5OuXnLc3J79Bt1iRGkSbiPzRs/bplB4TwbILeC
2065+
ZLeDy9kngZDosgsIk5sBgGEqS9y5HiHCVQQYZQgACQUCYs7w5gIbDAAhCRCR
2066+
TKq2ObiQKxYhBMHTTXXFULQ2M2bYNJFMqrY5uJArENkgL0Bc+OI/1na0XWqB
2067+
TxGVotQ4A/0u0VbOMEUfnrI8Fms=
2068+
=RdCW
20682069
-----END PGP PRIVATE KEY BLOCK-----
20692070
`
20702071
keys, err := ReadArmoredKeyRing(strings.NewReader(data))

openpgp/packet/encrypted_key.go

Lines changed: 30 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ import (
1717
"github.com/ProtonMail/go-crypto/openpgp/ecdh"
1818
"github.com/ProtonMail/go-crypto/openpgp/elgamal"
1919
"github.com/ProtonMail/go-crypto/openpgp/errors"
20+
"github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
2021
"github.com/ProtonMail/go-crypto/openpgp/internal/encoding"
2122
"github.com/ProtonMail/go-crypto/openpgp/mlkem_ecdh"
2223
"github.com/ProtonMail/go-crypto/openpgp/symmetric"
@@ -35,12 +36,15 @@ type EncryptedKey struct {
3536
CipherFunc CipherFunction // only valid after a successful Decrypt for a v3 packet
3637
Key []byte // only valid after a successful Decrypt
3738

38-
encryptedMPI1 encoding.Field // Only valid in RSA, Elgamal, ECDH, AEAD and PQC keys
39+
encryptedMPI1 encoding.Field // Only valid in RSA, Elgamal, ECDH, and PQC keys
3940
encryptedMPI2 encoding.Field // Only valid in Elgamal, ECDH and PQC keys
4041
encryptedMPI3 encoding.Field // Only valid in PQC keys
4142
ephemeralPublicX25519 *x25519.PublicKey // used for x25519
4243
ephemeralPublicX448 *x448.PublicKey // used for x448
4344
encryptedSession []byte // used for x25519 and x448
45+
46+
nonce []byte
47+
aeadMode algorithm.AEADMode
4448
}
4549

4650
func (e *EncryptedKey) parse(r io.Reader) (err error) {
@@ -138,11 +142,20 @@ func (e *EncryptedKey) parse(r io.Reader) (err error) {
138142
return
139143
}
140144
case ExperimentalPubKeyAlgoAEAD:
141-
ivAndCiphertext, err := io.ReadAll(r)
142-
if err != nil {
143-
return err
145+
var aeadMode [1]byte
146+
if _, err = readFull(r, aeadMode[:]); err != nil {
147+
return
148+
}
149+
e.aeadMode = algorithm.AEADMode(aeadMode[0])
150+
nonceLength := e.aeadMode.NonceLength()
151+
e.nonce = make([]byte, nonceLength)
152+
if _, err = readFull(r, e.nonce); err != nil {
153+
return
154+
}
155+
e.encryptedMPI1 = new(encoding.ShortByteString)
156+
if _, err = e.encryptedMPI1.ReadFrom(r); err != nil {
157+
return
144158
}
145-
e.encryptedMPI1 = encoding.NewOctetArray(ivAndCiphertext)
146159
case PubKeyAlgoMlkem768X25519:
147160
if e.encryptedMPI1, e.encryptedMPI2, e.encryptedMPI3, cipherFunction, err = mlkem_ecdh.DecodeFields(r, 32, 1088, e.Version == 6); err != nil {
148161
return err
@@ -211,7 +224,7 @@ func (e *EncryptedKey) Decrypt(priv *PrivateKey, config *Config) error {
211224
b, err = x448.Decrypt(priv.PrivateKey.(*x448.PrivateKey), e.ephemeralPublicX448, e.encryptedSession)
212225
case ExperimentalPubKeyAlgoAEAD:
213226
priv := priv.PrivateKey.(*symmetric.AEADPrivateKey)
214-
b, err = priv.Decrypt(e.encryptedMPI1.Bytes(), priv.PublicKey.AEADMode)
227+
b, err = priv.Decrypt(e.nonce, e.encryptedMPI1.Bytes(), e.aeadMode)
215228
case PubKeyAlgoMlkem768X25519, PubKeyAlgoMlkem1024X448:
216229
ecE := e.encryptedMPI1.Bytes()
217230
kE := e.encryptedMPI2.Bytes()
@@ -453,7 +466,7 @@ func SerializeEncryptedKeyAEADwithHiddenOption(w io.Writer, pub *PublicKey, ciph
453466
case PubKeyAlgoX448:
454467
return serializeEncryptedKeyX448(w, config.Random(), buf[:lenHeaderWritten], pub.PublicKey.(*x448.PublicKey), keyBlock, byte(cipherFunc), version)
455468
case ExperimentalPubKeyAlgoAEAD:
456-
return serializeEncryptedKeyAEAD(w, config.Random(), buf[:lenHeaderWritten], pub.PublicKey.(*symmetric.AEADPublicKey), keyBlock)
469+
return serializeEncryptedKeyAEAD(w, config.Random(), buf[:lenHeaderWritten], pub.PublicKey.(*symmetric.AEADPublicKey), keyBlock, config.AEAD())
457470
case PubKeyAlgoMlkem768X25519, PubKeyAlgoMlkem1024X448:
458471
return serializeEncryptedKeyMlkem(w, config.Random(), buf[:lenHeaderWritten], pub.PublicKey.(*mlkem_ecdh.PublicKey), keyBlock, byte(cipherFunc), version)
459472
case PubKeyAlgoDSA, PubKeyAlgoRSASignOnly, ExperimentalPubKeyAlgoHMAC:
@@ -627,16 +640,20 @@ func serializeEncryptedKeyX448(w io.Writer, rand io.Reader, header []byte, pub *
627640
return x448.EncodeFields(w, ephemeralPublicX448, ciphertext, cipherFunc, version == 6)
628641
}
629642

630-
func serializeEncryptedKeyAEAD(w io.Writer, rand io.Reader, header []byte, pub *symmetric.AEADPublicKey, keyBlock []byte) error {
631-
mode := pub.AEADMode
632-
iv, ciphertext, err := pub.Encrypt(rand, keyBlock, mode)
643+
func serializeEncryptedKeyAEAD(w io.Writer, rand io.Reader, header []byte, pub *symmetric.AEADPublicKey, keyBlock []byte, config *AEADConfig) error {
644+
mode := algorithm.AEADMode(config.Mode())
645+
iv, ciphertextRaw, err := pub.Encrypt(rand, keyBlock, mode)
633646
if err != nil {
634647
return errors.InvalidArgumentError("AEAD encryption failed: " + err.Error())
635648
}
636649

650+
ciphertextShortByteString := encoding.NewShortByteString(ciphertextRaw)
651+
652+
buffer := append([]byte{byte(mode)}, iv...)
653+
buffer = append(buffer, ciphertextShortByteString.EncodedBytes()...)
654+
637655
packetLen := len(header) /* header length */
638-
packetLen += int(len(iv))
639-
packetLen += int(len(ciphertext))
656+
packetLen += int(len(buffer))
640657

641658
err = serializeHeader(w, packetTypeEncryptedKey, packetLen)
642659
if err != nil {
@@ -648,12 +665,7 @@ func serializeEncryptedKeyAEAD(w io.Writer, rand io.Reader, header []byte, pub *
648665
return err
649666
}
650667

651-
_, err = w.Write(iv[:])
652-
if err != nil {
653-
return err
654-
}
655-
656-
_, err = w.Write(ciphertext)
668+
_, err = w.Write(buffer)
657669
return err
658670
}
659671

openpgp/packet/encrypted_key_test.go

Lines changed: 15 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ import (
1616
"crypto"
1717
"crypto/rsa"
1818

19+
"github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
1920
"github.com/ProtonMail/go-crypto/openpgp/x25519"
2021
"github.com/ProtonMail/go-crypto/openpgp/x448"
2122
)
@@ -340,9 +341,11 @@ func TestSerializingEncryptedKey(t *testing.T) {
340341
}
341342

342343
func TestSymmetricallyEncryptedKey(t *testing.T) {
343-
const encryptedKeyHex = "c13d03999bd17d726446da80df9db940896a0b0e48f4d3b26e2dfbcf59ca7d30b65ea95ebb072e643407c732c479093b9d180c2eb51c98814e1bbbc6d0a17f"
344+
const encryptedKeyHex = "c14f03999bd17d726446da64018cb4d628ae753c646b81f87f21269cd733df9db940896a0b0e48f4d3b26e2dfbcf59ca7d30b65ea95ebb072e643407c732c479093b9d180c2eb51c98814e1bbbc6d0a17f"
344345

345-
expectedIvAndCiphertext := []byte{0xdf, 0x9d, 0xb9, 0x40, 0x89, 0x6a, 0x0b, 0x0e, 0x48, 0xf4, 0xd3, 0xb2, 0x6e, 0x2d, 0xfb, 0xcf, 0x59, 0xca, 0x7d, 0x30, 0xb6, 0x5e, 0xa9, 0x5e, 0xbb, 0x07, 0x2e, 0x64, 0x34, 0x07, 0xc7, 0x32, 0xc4, 0x79, 0x09, 0x3b, 0x9d, 0x18, 0x0c, 0x2e, 0xb5, 0x1c, 0x98, 0x81, 0x4e, 0x1b, 0xbb, 0xc6, 0xd0, 0xa1, 0x7f}
346+
expectedNonce := []byte{0x8c, 0xb4, 0xd6, 0x28, 0xae, 0x75, 0x3c, 0x64, 0x6b, 0x81, 0xf8, 0x7f, 0x21, 0x26, 0x9c, 0xd7}
347+
348+
expectedCiphertext := []byte{0xdf, 0x9d, 0xb9, 0x40, 0x89, 0x6a, 0x0b, 0x0e, 0x48, 0xf4, 0xd3, 0xb2, 0x6e, 0x2d, 0xfb, 0xcf, 0x59, 0xca, 0x7d, 0x30, 0xb6, 0x5e, 0xa9, 0x5e, 0xbb, 0x07, 0x2e, 0x64, 0x34, 0x07, 0xc7, 0x32, 0xc4, 0x79, 0x09, 0x3b, 0x9d, 0x18, 0x0c, 0x2e, 0xb5, 0x1c, 0x98, 0x81, 0x4e, 0x1b, 0xbb, 0xc6, 0xd0, 0xa1, 0x7f}
346349

347350
p, err := Read(readerFromHex(encryptedKeyHex))
348351
if err != nil {
@@ -354,7 +357,15 @@ func TestSymmetricallyEncryptedKey(t *testing.T) {
354357
t.Fatalf("didn't parse and EncryptedKey, got %#v", p)
355358
}
356359

357-
if !bytes.Equal(expectedIvAndCiphertext, ek.encryptedMPI1.Bytes()) {
358-
t.Errorf("Parsed wrong ciphertext, got %x, expected %x", ek.encryptedMPI1.Bytes(), expectedIvAndCiphertext)
360+
if ek.aeadMode != algorithm.AEADModeEAX {
361+
t.Errorf("Parsed wrong aead mode, got %d, expected: 1", ek.aeadMode)
362+
}
363+
364+
if !bytes.Equal(expectedNonce, ek.nonce) {
365+
t.Errorf("Parsed wrong nonce, got %x, expected %x", ek.nonce, expectedNonce)
366+
}
367+
368+
if !bytes.Equal(expectedCiphertext, ek.encryptedMPI1.Bytes()) {
369+
t.Errorf("Parsed wrong ciphertext, got %x, expected %x", ek.encryptedMPI1.Bytes(), expectedCiphertext)
359370
}
360371
}

0 commit comments

Comments
 (0)