Google Git
Sign in
boringssl/boringssl.git/7d2ddd2991c5831747bedf7cdbd01b877ca92769^!/.
commit
7d2ddd2991c5831747bedf7cdbd01b877ca92769
[log]
author
David Benjamin <davidben@google.com>
Mon Apr 05 02:42:38 2021 -0400
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Tue Apr 06 18:30:03 2021 +0000
tree
c27958bf6a86c12648f1dca1d133fb0224b96315
parent
d791fbd308b9ef0c47250f08e9a2e79d081d0e40 [diff]
runner: Fix HPKE parameter order.

Matching the Go standard library cipher.AEAD interface, EVP_AEAD, and
the C implementation, put the AAD parameter after plaintext/ciphertext.

Bug: 275
Change-Id: I46804ff0e55a75742016ff6311bbe6fd6d208355
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46665
Reviewed-by: Dan McArdle <dmcardle@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

diff --git a/ssl/test/runner/hpke/hpke.go b/ssl/test/runner/hpke/hpke.go
index 513b37a..71cf1e7 100644
--- a/ssl/test/runner/hpke/hpke.go
+++ b/ssl/test/runner/hpke/hpke.go

@@ -113,13 +113,13 @@
 	return context, nil
 }
 
-func (c *Context) Seal(additionalData, plaintext []byte) []byte {
+func (c *Context) Seal(plaintext, additionalData []byte) []byte {
 	ciphertext := c.aead.Seal(nil, c.computeNonce(), plaintext, additionalData)
 	c.incrementSeq()
 	return ciphertext
 }
 
-func (c *Context) Open(additionalData, ciphertext []byte) ([]byte, error) {
+func (c *Context) Open(ciphertext, additionalData []byte) ([]byte, error) {
 	plaintext, err := c.aead.Open(nil, c.computeNonce(), ciphertext, additionalData)
 	if err != nil {
 		return nil, err

diff --git a/ssl/test/runner/hpke/hpke_test.go b/ssl/test/runner/hpke/hpke_test.go
index 45d2ce9..e8c7544 100644
--- a/ssl/test/runner/hpke/hpke_test.go
+++ b/ssl/test/runner/hpke/hpke_test.go

@@ -59,8 +59,8 @@
 	// Seal() our plaintext with the sender context, then Open() the
 	// ciphertext with the receiver context.
 	plaintext := []byte("foobar")
-	ciphertext := senderContext.Seal(nil, plaintext)
-	decrypted, err := receiverContext.Open(nil, ciphertext)
+	ciphertext := senderContext.Seal(plaintext, nil)
+	decrypted, err := receiverContext.Open(ciphertext, nil)
 	if err != nil {
 		t.Errorf("encryption round trip failed: %s", err)
 		return
@@ -167,10 +167,10 @@
 			}
 
 			for encryptionNum, e := range testVec.Encryptions {
-				ciphertext := senderContext.Seal(e.AdditionalData, e.Plaintext)
+				ciphertext := senderContext.Seal(e.Plaintext, e.AdditionalData)
 				checkBytesEqual(t, "ciphertext", ciphertext, e.Ciphertext)
 
-				decrypted, err := receiverContext.Open(e.AdditionalData, ciphertext)
+				decrypted, err := receiverContext.Open(ciphertext, e.AdditionalData)
 				if err != nil {
 					t.Errorf("decryption %d failed: %s", encryptionNum, err)
 					return