According to Seal/Open documentations (and the cipher.AEAD interface), they should work when dst and plaintext (resp. ciphertext) overlap entirely.
However, that doesn't work. This test fails:
func TestAESCMACSIVInPlace(t *testing.T) {
v := loadAESSIVExamples("aes_siv.tjson")[0]
c, err := NewAESCMACSIV(v.key)
if err != nil {
t.Fatalf("NewAESCMACSIV: %s", err)
}
pt := make([]byte, len(v.plaintext), len(v.plaintext)+c.Overhead())
copy(pt, v.plaintext)
ct, err := c.Seal(pt[:0], pt, v.ad...)
if err != nil {
t.Errorf("Seal: %s", err)
}
if !bytes.Equal(v.ciphertext, ct) {
t.Errorf("Seal: expected: %x\ngot: %x", v.ciphertext, ct)
}
copy(ct, v.ciphertext)
pt, err = c.Open(ct[:0], ct, v.ad...)
if err != nil {
t.Errorf("Open: %s", err)
}
if !bytes.Equal(v.plaintext, pt) {
t.Errorf("Open: expected: %x\ngot: %x", v.plaintext, pt)
}
}I can write a MR fixing this, however, since the tag comes before the ciphertext it seems that will require making a whole copy of the input in this case (since XORKeyStream alse requires its input to overlap entirely or not at all), entirely defeating the purpose of the in-place optimization. However, I don't see a way out without breaking the cipher.AEAD contract, or moving the tag after the ciphertext (#152)
What do you think?
According to Seal/Open documentations (and the
cipher.AEADinterface), they should work whendstandplaintext(resp.ciphertext) overlap entirely.However, that doesn't work. This test fails:
I can write a MR fixing this, however, since the tag comes before the ciphertext it seems that will require making a whole copy of the input in this case (since
XORKeyStreamalse requires its input to overlap entirely or not at all), entirely defeating the purpose of the in-place optimization. However, I don't see a way out without breaking thecipher.AEADcontract, or moving the tag after the ciphertext (#152)What do you think?