aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakob Unterwurzacher2021-09-02 10:17:01 +0200
committerJakob Unterwurzacher2021-09-02 10:17:01 +0200
commit3ba74ac4fcb8ad5c7bfa73d63059805318b8682e (patch)
tree2698a2abf3ed109f4d899328c2fc41bf24c7e80c
parent961b8ca438361b01f2f232d8735c236ef94b4d03 (diff)
stupidgcm: add testWipe test
After looking at the cover profile, this was the only untested code except panic cases.
-rw-r--r--internal/stupidgcm/common_test.go34
-rw-r--r--internal/stupidgcm/stupidchacha.go2
-rw-r--r--internal/stupidgcm/stupidgcm.go2
3 files changed, 30 insertions, 8 deletions
diff --git a/internal/stupidgcm/common_test.go b/internal/stupidgcm/common_test.go
index 27ca7cc..ded6273 100644
--- a/internal/stupidgcm/common_test.go
+++ b/internal/stupidgcm/common_test.go
@@ -9,12 +9,13 @@ import (
"testing"
)
-func testCiphers(t *testing.T, c1 cipher.AEAD, c2 cipher.AEAD) {
- t.Run("testEncryptDecrypt", func(t *testing.T) { testEncryptDecrypt(t, c1, c2) })
- t.Run("testInplaceSeal", func(t *testing.T) { testInplaceSeal(t, c1, c2) })
- t.Run("testInplaceOpen", func(t *testing.T) { testInplaceOpen(t, c1, c2) })
- t.Run("testCorruption_c1", func(t *testing.T) { testCorruption(t, c1) })
- t.Run("testCorruption_c2", func(t *testing.T) { testCorruption(t, c2) })
+func testCiphers(t *testing.T, our cipher.AEAD, ref cipher.AEAD) {
+ t.Run("testEncryptDecrypt", func(t *testing.T) { testEncryptDecrypt(t, our, ref) })
+ t.Run("testInplaceSeal", func(t *testing.T) { testInplaceSeal(t, our, ref) })
+ t.Run("testInplaceOpen", func(t *testing.T) { testInplaceOpen(t, our, ref) })
+ t.Run("testCorruption_c1", func(t *testing.T) { testCorruption(t, our) })
+ t.Run("testCorruption_c2", func(t *testing.T) { testCorruption(t, ref) })
+ t.Run("testWipe", func(t *testing.T) { testWipe(t, our) })
}
// testEncryptDecrypt encrypts and decrypts using both stupidgcm and Go's built-in
@@ -161,6 +162,27 @@ func testCorruption(t *testing.T, c cipher.AEAD) {
}
}
+type Wiper interface {
+ Wipe()
+}
+
+func testWipe(t *testing.T, c cipher.AEAD) {
+ var key []byte
+ switch c2 := c.(type) {
+ case *StupidGCM:
+ c2.Wipe()
+ key = c2.key
+ case *stupidChacha20poly1305:
+ c2.Wipe()
+ key = c2.key
+ default:
+ t.Fatalf("BUG: unhandled type %t", c2)
+ }
+ if key != nil {
+ t.Fatal("key is not nil")
+ }
+}
+
// Get "n" random bytes from /dev/urandom or panic
func randBytes(n int) []byte {
b := make([]byte, n)
diff --git a/internal/stupidgcm/stupidchacha.go b/internal/stupidgcm/stupidchacha.go
index e2f6407..2b31e0f 100644
--- a/internal/stupidgcm/stupidchacha.go
+++ b/internal/stupidgcm/stupidchacha.go
@@ -213,7 +213,7 @@ func (g *stupidChacha20poly1305) Open(dst, iv, in, authData []byte) ([]byte, err
// and setting the reference to nil.
//
// This is not bulletproof due to possible GC copies, but
-// still raises to bar for extracting the key.
+// still raises the bar for extracting the key.
func (g *stupidChacha20poly1305) Wipe() {
for i := range g.key {
g.key[i] = 0
diff --git a/internal/stupidgcm/stupidgcm.go b/internal/stupidgcm/stupidgcm.go
index 01db41b..3499c85 100644
--- a/internal/stupidgcm/stupidgcm.go
+++ b/internal/stupidgcm/stupidgcm.go
@@ -240,7 +240,7 @@ func (g *StupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) {
// and setting the reference to nil.
//
// This is not bulletproof due to possible GC copies, but
-// still raises to bar for extracting the key.
+// still raises the bar for extracting the key.
func (g *StupidGCM) Wipe() {
for i := range g.key {
g.key[i] = 0