Skip to content

Commit 0848c95

Browse files
FiloSottileFiloSottile
committed
chacha20poly1305: improve ExampleNewX
The example was failing to direct users on what to do with the nonce, which should be almost universally prepended to the ciphertext. Also, leaving key out of the function was pulling the entire file into the example. Updates golang/go#38369 Change-Id: I3a13342fff02e1a5d6f9c4ef2a8bddf0b1097707 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/227937 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Katie Hockman <katie@golang.org>
1 parent 4f8f47a commit 0848c95

File tree

1 file changed

+30
-17
lines changed

1 file changed

+30
-17
lines changed

chacha20poly1305/chacha20poly1305_test.go

Lines changed: 30 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,6 @@ import (
1010
cryptorand "crypto/rand"
1111
"encoding/hex"
1212
"fmt"
13-
"log"
1413
mathrand "math/rand"
1514
"strconv"
1615
"testing"
@@ -220,36 +219,50 @@ func BenchmarkChacha20Poly1305(b *testing.B) {
220219
}
221220
}
222221

223-
var key = make([]byte, KeySize)
224-
225222
func ExampleNewX() {
223+
// key should be randomly generated or derived from a function like Argon2.
224+
key := make([]byte, KeySize)
225+
if _, err := cryptorand.Read(key); err != nil {
226+
panic(err)
227+
}
228+
226229
aead, err := NewX(key)
227230
if err != nil {
228-
log.Fatalln("Failed to instantiate XChaCha20-Poly1305:", err)
231+
panic(err)
229232
}
230233

231-
for _, msg := range []string{
232-
"Attack at dawn.",
233-
"The eagle has landed.",
234-
"Gophers, gophers, gophers everywhere!",
235-
} {
236-
// Encryption.
237-
nonce := make([]byte, NonceSizeX)
234+
// Encryption.
235+
var encryptedMsg []byte
236+
{
237+
msg := []byte("Gophers, gophers, gophers everywhere!")
238+
239+
// Select a random nonce, and leave capacity for the ciphertext.
240+
nonce := make([]byte, aead.NonceSize(), aead.NonceSize()+len(msg)+aead.Overhead())
238241
if _, err := cryptorand.Read(nonce); err != nil {
239242
panic(err)
240243
}
241-
ciphertext := aead.Seal(nil, nonce, []byte(msg), nil)
242244

243-
// Decryption.
245+
// Encrypt the message and append the ciphertext to the nonce.
246+
encryptedMsg = aead.Seal(nonce, nonce, msg, nil)
247+
}
248+
249+
// Decryption.
250+
{
251+
if len(encryptedMsg) < aead.NonceSize() {
252+
panic("ciphertext too short")
253+
}
254+
255+
// Split nonce and ciphertext.
256+
nonce, ciphertext := encryptedMsg[:aead.NonceSize()], encryptedMsg[aead.NonceSize():]
257+
258+
// Decrypt the message and check it wasn't tampered with.
244259
plaintext, err := aead.Open(nil, nonce, ciphertext, nil)
245260
if err != nil {
246-
log.Fatalln("Failed to decrypt or authenticate message:", err)
261+
panic(err)
247262
}
248263

249264
fmt.Printf("%s\n", plaintext)
250265
}
251266

252-
// Output: Attack at dawn.
253-
// The eagle has landed.
254-
// Gophers, gophers, gophers everywhere!
267+
// Output: Gophers, gophers, gophers everywhere!
255268
}

0 commit comments

Comments
 (0)