Generate shared secret using ECDH on secp256k1

2023-09-30 19:40:06 +02:00 · 2023-09-30 19:40:06 +02:00 · 3570c56af4
parent 63502ecb45
commit 3570c56af4
4 changed files with 207 additions and 46 deletions
--- a/go.mod
+++ b/go.mod
@ -2,11 +2,15 @@ module git.ekzyis.com/ekzyis/nip44

 go 1.21.0

+require (
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0
+	github.com/stretchr/testify v1.8.4
+	golang.org/x/crypto v0.13.0
+)
+
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/stretchr/testify v1.8.4 // indirect
-	golang.org/x/crypto v0.13.0 // indirect
 	golang.org/x/sys v0.12.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -1,5 +1,7 @@
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
@ -8,6 +10,7 @@ golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
--- a/nip44.go
+++ b/nip44.go
@ -11,6 +11,7 @@ import (
 	"io"
 	"math"

+	"github.com/decred/dcrd/dcrec/secp256k1/v4"
 	"golang.org/x/crypto/chacha20"
 	"golang.org/x/crypto/hkdf"
 )
@ -24,7 +25,7 @@ type EncryptOptions struct {
 	Version int
 }

-func Encrypt(key []byte, plaintext string, options *EncryptOptions) (string, error) {
+func Encrypt(conversationKey []byte, plaintext string, options *EncryptOptions) (string, error) {
 	var (
 		version    int = 2
 		salt       []byte
@ -53,7 +54,7 @@ func Encrypt(key []byte, plaintext string, options *EncryptOptions) (string, err
 	if len(salt) != 32 {
 		return "", errors.New("salt must be 32 bytes")
 	}
-	if enc, nonce, auth, err = messageKeys(key, salt); err != nil {
+	if enc, nonce, auth, err = messageKeys(conversationKey, salt); err != nil {
 		return "", err
 	}
 	if padded, err = pad(plaintext); err != nil {
@ -70,7 +71,7 @@ func Encrypt(key []byte, plaintext string, options *EncryptOptions) (string, err
 	return base64.StdEncoding.EncodeToString(concat), nil
 }

-func Decrypt(key []byte, ciphertext string) (string, error) {
+func Decrypt(conversationKey []byte, ciphertext string) (string, error) {
 	var (
 		version     int = 2
 		decoded     []byte
@ -97,7 +98,7 @@ func Decrypt(key []byte, ciphertext string) (string, error) {
 	}
 	dLen = len(decoded)
 	salt, ciphertext_, hmac_ = decoded[1:33], decoded[33:dLen-32], decoded[dLen-32:]
-	if enc, nonce, auth, err = messageKeys(key, salt); err != nil {
+	if enc, nonce, auth, err = messageKeys(conversationKey, salt); err != nil {
 		return "", err
 	}
 	if !bytes.Equal(hmac_, sha256Hmac(auth, ciphertext_)) {
@ -114,6 +115,10 @@ func Decrypt(key []byte, ciphertext string) (string, error) {
 	return string(unpadded), nil
 }

+func GenerateConversationKey(sendPrivkey *secp256k1.PrivateKey, recvPubkey *secp256k1.PublicKey) []byte {
+	return secp256k1.GenerateSharedSecret(sendPrivkey, recvPubkey)
+}
+
 func chacha20_(key []byte, nonce []byte, message []byte) ([]byte, error) {
 	var (
 		cipher *chacha20.Cipher
--- a/nip44_test.go
+++ b/nip44_test.go
@ -5,56 +5,165 @@ import (
 	"testing"

 	"git.ekzyis.com/ekzyis/nip44"
+	"github.com/decred/dcrd/dcrec/secp256k1/v4"
 	"github.com/stretchr/testify/assert"
 )

-func assertCrypt(t *testing.T, key string, salt string, plaintext string, expected string) {
+func assertCryptSec(t *testing.T, sk1 string, sk2 string, conversationKey string, salt string, plaintext string, expected string) {
 	var (
-		k         []byte
+		k1        []byte
 		s         []byte
 		actual    string
 		decrypted string
-		err       error
 		ok        bool
+		err       error
 	)
-	k, err = hex.DecodeString(key)
-	if ok = assert.NoErrorf(t, err, "hex decode failed for key: %v", err); !ok {
+	k1, err = hex.DecodeString(conversationKey)
+	if ok = assert.NoErrorf(t, err, "hex decode failed for conversation key: %v", err); !ok {
+		return
+	}
+	if ok = assertConversationKeyGenerationSec(t, sk1, sk2, conversationKey); !ok {
 		return
 	}
 	s, err = hex.DecodeString(salt)
 	if ok = assert.NoErrorf(t, err, "hex decode failed for salt: %v", err); !ok {
 		return
 	}
-	actual, err = nip44.Encrypt(k, plaintext, &nip44.EncryptOptions{Salt: s})
+	actual, err = nip44.Encrypt(k1, plaintext, &nip44.EncryptOptions{Salt: s})
 	if ok = assert.NoError(t, err, "encryption failed: %v", err); !ok {
 		return
 	}
 	if ok = assert.Equalf(t, expected, actual, "wrong encryption"); !ok {
 		return
 	}
-	decrypted, err = nip44.Decrypt(k, expected)
+	decrypted, err = nip44.Decrypt(k1, expected)
 	if ok = assert.NoErrorf(t, err, "decryption failed: %v", err); !ok {
 		return
 	}
 	assert.Equal(t, decrypted, plaintext, "wrong decryption")
 }

-func assertDecryptFail(t *testing.T, key string, ciphertext string, msg string) {
+func assertCryptPub(t *testing.T, sk1 string, pub2 string, conversationKey string, salt string, plaintext string, expected string) {
 	var (
-		k   []byte
-		err error
-		ok  bool
+		k1        []byte
+		s         []byte
+		actual    string
+		decrypted string
+		ok        bool
+		err       error
 	)
-	k, err = hex.DecodeString(key)
-	if ok = assert.NoErrorf(t, err, "hex decode failed for key: %v", err); !ok {
+	k1, err = hex.DecodeString(conversationKey)
+	if ok = assert.NoErrorf(t, err, "hex decode failed for conversation key: %v", err); !ok {
 		return
 	}
-	_, err = nip44.Decrypt(k, ciphertext)
+	if ok = assertConversationKeyGenerationPub(t, sk1, pub2, conversationKey); !ok {
+		return
+	}
+	s, err = hex.DecodeString(salt)
+	if ok = assert.NoErrorf(t, err, "hex decode failed for salt: %v", err); !ok {
+		return
+	}
+	actual, err = nip44.Encrypt(k1, plaintext, &nip44.EncryptOptions{Salt: s})
+	if ok = assert.NoError(t, err, "encryption failed: %v", err); !ok {
+		return
+	}
+	if ok = assert.Equalf(t, expected, actual, "wrong encryption"); !ok {
+		return
+	}
+	decrypted, err = nip44.Decrypt(k1, expected)
+	if ok = assert.NoErrorf(t, err, "decryption failed: %v", err); !ok {
+		return
+	}
+	assert.Equal(t, decrypted, plaintext, "wrong decryption")
+}
+
+func assertDecryptFail(t *testing.T, sk1 string, pub2 string, conversationKey string, ciphertext string, msg string) {
+	var (
+		k1  []byte
+		ok  bool
+		err error
+	)
+	k1, err = hex.DecodeString(conversationKey)
+	if ok = assert.NoErrorf(t, err, "hex decode failed for conversation key: %v", err); !ok {
+		return
+	}
+	if ok = assertConversationKeyGenerationPub(t, sk1, pub2, conversationKey); !ok {
+		return
+	}
+	_, err = nip44.Decrypt(k1, ciphertext)
 	assert.ErrorContains(t, err, msg)
 }

-func TestCrypt001(t *testing.T) {
-	assertCrypt(t,
+func assertConversationKeyGeneration(t *testing.T, sendPrivkey *secp256k1.PrivateKey, recvPubkey *secp256k1.PublicKey, conversationKey string) bool {
+	var (
+		actualConversationKey   []byte
+		expectedConversationKey []byte
+		ok                      bool
+		err                     error
+	)
+	expectedConversationKey, err = hex.DecodeString(conversationKey)
+	if ok = assert.NoErrorf(t, err, "hex decode failed for conversation key: %v", err); !ok {
+		return false
+	}
+	actualConversationKey = nip44.GenerateConversationKey(sendPrivkey, recvPubkey)
+	if ok = assert.Equalf(t, expectedConversationKey, actualConversationKey, "wrong conversation key"); !ok {
+		return false
+	}
+	return true
+}
+
+func assertConversationKeyGenerationSec(t *testing.T, sk1 string, sk2 string, conversationKey string) bool {
+	var (
+		sendPrivkey *secp256k1.PrivateKey
+		recvPubkey  *secp256k1.PublicKey
+		ok          bool
+		err         error
+	)
+	if decoded, err := hex.DecodeString(sk1); err == nil {
+		sendPrivkey = secp256k1.PrivKeyFromBytes(decoded)
+	}
+	if ok = assert.NoErrorf(t, err, "hex decode failed for sk1: %v", err); !ok {
+		return false
+	}
+	if decoded, err := hex.DecodeString(sk2); err == nil {
+		recvPubkey = secp256k1.PrivKeyFromBytes(decoded).PubKey()
+	}
+	if ok = assert.NoErrorf(t, err, "hex decode failed for sk2: %v", err); !ok {
+		return false
+	}
+	return assertConversationKeyGeneration(t, sendPrivkey, recvPubkey, conversationKey)
+}
+
+func assertConversationKeyGenerationPub(t *testing.T, sk1 string, pub2 string, conversationKey string) bool {
+
+	var (
+		sendPrivkey *secp256k1.PrivateKey
+		recvPubkey  *secp256k1.PublicKey
+		ok          bool
+		err         error
+	)
+	if decoded, err := hex.DecodeString(sk1); err == nil {
+		sendPrivkey = secp256k1.PrivKeyFromBytes(decoded)
+	}
+	if ok = assert.NoErrorf(t, err, "hex decode failed for sk1: %v", err); !ok {
+		return false
+	}
+	if decoded, err := hex.DecodeString("02" + pub2); err == nil {
+		recvPubkey, err = secp256k1.ParsePubKey(decoded)
+		if ok = assert.NoErrorf(t, err, "parse pubkey failed: %v", err); !ok {
+			return false
+		}
+	}
+	if ok = assert.NoErrorf(t, err, "hex decode failed for pub2: %v", err); !ok {
+		return false
+	}
+	return assertConversationKeyGeneration(t, sendPrivkey, recvPubkey, conversationKey)
+}
+
+func TestCryptSec001(t *testing.T) {
+	assertCryptSec(t,
+		"0000000000000000000000000000000000000000000000000000000000000001",
+		"0000000000000000000000000000000000000000000000000000000000000002",
 		"c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5",
 		"0000000000000000000000000000000000000000000000000000000000000001",
 		"a",
@ -62,8 +171,10 @@ func TestCrypt001(t *testing.T) {
 	)
 }

-func TestCrypt002(t *testing.T) {
-	assertCrypt(t,
+func TestCryptSec002(t *testing.T) {
+	assertCryptSec(t,
+		"0000000000000000000000000000000000000000000000000000000000000002",
+		"0000000000000000000000000000000000000000000000000000000000000001",
 		"c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5",
 		"f00000000000000000000000000000f00000000000000000000000000000000f",
 		"🍕🫃",
@ -71,8 +182,10 @@ func TestCrypt002(t *testing.T) {
 	)
 }

-func TestCrypt003(t *testing.T) {
-	assertCrypt(t,
+func TestCryptSec003(t *testing.T) {
+	assertCryptSec(t,
+		"5c0c523f52a5b6fad39ed2403092df8cebc36318b39383bca6c00808626fab3a",
+		"4b22aa260e4acb7021e32f38a6cdf4b673c6a277755bfce287e370c924dc936d",
 		"94da47d851b9c1ed33b3b72f35434f56aa608d60e573e9c295f568011f4f50a4",
 		"b635236c42db20f021bb8d1cdff5ca75dd1a0cc72ea742ad750f33010b24f73b",
 		"表ポあA鷗ŒéＢ逍Üßªąñ丂㐀𠀀",
@ -80,8 +193,10 @@ func TestCrypt003(t *testing.T) {
 	)
 }

-func TestCrypt004(t *testing.T) {
-	assertCrypt(t,
+func TestCryptSec004(t *testing.T) {
+	assertCryptSec(t,
+		"8f40e50a84a7462e2b8d24c28898ef1f23359fff50d8c509e6fb7ce06e142f9c",
+		"b9b0a1e9cc20100c5faa3bbe2777303d25950616c4c6a3fa2e3e046f936ec2ba",
 		"ab99c122d4586cdd5c813058aa543d0e7233545dbf6874fc34a3d8d9a18fbbc3",
 		"b20989adc3ddc41cd2c435952c0d59a91315d8c5218d5040573fc3749543acaf",
 		"ability🤝的 ȺȾ",
@ -89,8 +204,10 @@ func TestCrypt004(t *testing.T) {
 	)
 }

-func TestCrypt005(t *testing.T) {
-	assertCrypt(t,
+func TestCryptSec005(t *testing.T) {
+	assertCryptSec(t,
+		"875adb475056aec0b4809bd2db9aa00cff53a649e7b59d8edcbf4e6330b0995c",
+		"9c05781112d5b0a2a7148a222e50e0bd891d6b60c5483f03456e982185944aae",
 		"a449f2a85c6d3db0f44c64554a05d11a3c0988d645e4b4b2592072f63662f422",
 		"8d4442713eb9d4791175cb040d98d6fc5be8864d6ec2f89cf0895a2b2b72d1b1",
 		"pepper👀їжак",
@ -98,8 +215,10 @@ func TestCrypt005(t *testing.T) {
 	)
 }

-func TestCrypt006(t *testing.T) {
-	assertCrypt(t,
+func TestCryptSec006(t *testing.T) {
+	assertCryptSec(t,
+		"eba1687cab6a3101bfc68fd70f214aa4cc059e9ec1b79fdb9ad0a0a4e259829f",
+		"dff20d262bef9dfd94666548f556393085e6ea421c8af86e9d333fa8747e94b3",
 		"decde9938ffcb14fa7ff300105eb1bf239469af9baf376e69755b9070ae48c47",
 		"2180b52ae645fcf9f5080d81b1f0b5d6f2cd77ff3c986882bb549158462f3407",
 		"( ͡° ͜ʖ ͡°)",
@ -107,8 +226,10 @@ func TestCrypt006(t *testing.T) {
 	)
 }

-func TestCrypt007(t *testing.T) {
-	assertCrypt(t,
+func TestCryptSec007(t *testing.T) {
+	assertCryptSec(t,
+		"d5633530f5bcfebceb5584cfbbf718a30df0751b729dd9a789b9f30c0587d74e",
+		"b74e6a341fb134127272b795a08b59250e5fa45a82a2eb4095e4ce9ed5f5e214",
 		"c6f2fde7aa00208c388f506455c31c3fa07caf8b516d43bf7514ee19edcda994",
 		"e4cd5f7ce4eea024bc71b17ad456a986a74ac426c2c62b0a15eb5c5c8f888b68",
 		"مُنَاقَشَةُ سُبُلِ اِسْتِخْدَامِ اللُّغَةِ فِي النُّظُمِ الْقَائِمَةِ وَفِيم يَخُصَّ التَّطْبِيقَاتُ الْحاسُوبِيَّةُ،",
@ -116,8 +237,10 @@ func TestCrypt007(t *testing.T) {
 	)
 }

-func TestCrypt008(t *testing.T) {
-	assertCrypt(t,
+func TestCryptSec008(t *testing.T) {
+	assertCryptSec(t,
+		"d5633530f5bcfebceb5584cfbbf718a30df0751b729dd9a789b9f30c0587d74e",
+		"b74e6a341fb134127272b795a08b59250e5fa45a82a2eb4095e4ce9ed5f5e214",
 		"c6f2fde7aa00208c388f506455c31c3fa07caf8b516d43bf7514ee19edcda994",
 		"38d1ca0abef9e5f564e89761a86cee04574b6825d3ef2063b10ad75899e4b023",
 		"الكل في المجمو عة (5)",
@ -125,8 +248,10 @@ func TestCrypt008(t *testing.T) {
 	)
 }

-func TestCrypt009(t *testing.T) {
-	assertCrypt(t,
+func TestCryptSec009(t *testing.T) {
+	assertCryptSec(t,
+		"d5633530f5bcfebceb5584cfbbf718a30df0751b729dd9a789b9f30c0587d74e",
+		"b74e6a341fb134127272b795a08b59250e5fa45a82a2eb4095e4ce9ed5f5e214",
 		"c6f2fde7aa00208c388f506455c31c3fa07caf8b516d43bf7514ee19edcda994",
 		"4f1a31909f3483a9e69c8549a55bbc9af25fa5bbecf7bd32d9896f83ef2e12e0",
 		"𝖑𝖆𝖟𝖞 社會科學院語學研究所",
@ -134,8 +259,10 @@ func TestCrypt009(t *testing.T) {
 	)
 }

-func TestCrypt010(t *testing.T) {
-	assertCrypt(t,
+func TestCryptSec010(t *testing.T) {
+	assertCryptSec(t,
+		"d5633530f5bcfebceb5584cfbbf718a30df0751b729dd9a789b9f30c0587d74e",
+		"b74e6a341fb134127272b795a08b59250e5fa45a82a2eb4095e4ce9ed5f5e214",
 		"c6f2fde7aa00208c388f506455c31c3fa07caf8b516d43bf7514ee19edcda994",
 		"a3e219242d85465e70adcd640b564b3feff57d2ef8745d5e7a0663b2dccceb54",
 		"🙈 🙉 🙊 0️⃣ 1️⃣ 2️⃣ 3️⃣ 4️⃣ 5️⃣ 6️⃣ 7️⃣ 8️⃣ 9️⃣ 🔟 Powerلُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ冗",
@ -143,8 +270,10 @@ func TestCrypt010(t *testing.T) {
 	)
 }

-func TestCrypt011(t *testing.T) {
-	assertCrypt(t,
+func TestCryptPub001(t *testing.T) {
+	assertCryptPub(t,
+		"fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364139",
+		"0000000000000000000000000000000000000000000000000000000000000002",
 		"7a1ccf5ce5a08e380f590de0c02776623b85a61ae67cfb6a017317e505b7cb51",
 		"a000000000000000000000000000000000000000000000000000000000000001",
 		"⁰⁴⁵₀₁₂",
@ -152,8 +281,10 @@ func TestCrypt011(t *testing.T) {
 	)
 }

-func TestCrypt012(t *testing.T) {
-	assertCrypt(t,
+func TestCryptPub002(t *testing.T) {
+	assertCryptPub(t,
+		"0000000000000000000000000000000000000000000000000000000000000002",
+		"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdeb",
 		"aa971537d741089885a0b48f2730a125e15b36033d089d4537a4e1204e76b39e",
 		"b000000000000000000000000000000000000000000000000000000000000002",
 		"A Peer-to-Peer Electronic Cash System",
@ -161,8 +292,10 @@ func TestCrypt012(t *testing.T) {
 	)
 }

-func TestCrypt013(t *testing.T) {
-	assertCrypt(t,
+func TestCryptPub003(t *testing.T) {
+	assertCryptPub(t,
+		"0000000000000000000000000000000000000000000000000000000000000001",
+		"79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798",
 		"79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798",
 		"79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798",
 		"A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending.",
@ -172,6 +305,8 @@ func TestCrypt013(t *testing.T) {

 func TestCryptFail001(t *testing.T) {
 	assertDecryptFail(t,
+		"2573d1e9b9ac5de5d570f652cbb9e8d4f235e3d3d334181448e87c417f374e83",
+		"8348c2d35549098706e5bab7966d9a9c72fbf6554e918f41c2b6cb275f79ec13",
 		"8673ec68393a997bfad7eab8661461daf8b3931b7e885d78312a3fb7fe17f41a",
 		"##Atqupco0WyaOW2IGDKcshwxI9xO8HgD/P8Ddt46CbxDbOsrsqIEybscEwg5rnI/Cx03mDSmeweOLKD7dw5BDZQDxXSlCwX1LIcTJEZaJPTz98Ftu0zSE0d93ED7OtdlvNeZx",
 		"unknown version",
@ -180,6 +315,8 @@ func TestCryptFail001(t *testing.T) {

 func TestCryptFail002(t *testing.T) {
 	assertDecryptFail(t,
+		"11063318c5cb3cd9cafcced42b4db5ea02ec976ed995962d2bc1fa1e9b52e29f",
+		"5c49873b6eac3dd363325250cc55d5dd4c7ce9a885134580405736d83506bb74",
 		"e2aad10de00913088e5cb0f73fa526a6a17e95763cc5b2a127022f5ea5a73445",
 		"AK1AjUvoYW3IS7C/BGRUoqEC7ayTfDUgnEPNeWTF/reBA4fZmoHrtrz5I5pCHuwWZ22qqL/Xt1VidEZGMLds0yaJ5VwUbeEifEJlPICOFt1ssZJxCUf43HvRwCVTFskbhSMh",
 		"unknown version",
@ -188,6 +325,8 @@ func TestCryptFail002(t *testing.T) {

 func TestCryptFail003(t *testing.T) {
 	assertDecryptFail(t,
+		"2573d1e9b9ac5de5d570f652cbb9e8d4f235e3d3d334181448e87c417f374e83",
+		"8348c2d35549098706e5bab7966d9a9c72fbf6554e918f41c2b6cb275f79ec13",
 		"8673ec68393a997bfad7eab8661461daf8b3931b7e885d78312a3fb7fe17f41a",
 		"Atqupco0WyaOW2IGDKcshwxI9xO8HgD/P8Ddt46CbxDbOsrsqIEybscEwg5rnI/Cx03mDSmeweOLKD,7dw5BDZQDxXSlCwX1LIcTJEZaJPTz98Ftu0zSE0d93ED7OtdlvNeZx",
 		"invalid base64",
@ -196,6 +335,8 @@ func TestCryptFail003(t *testing.T) {

 func TestCryptFail004(t *testing.T) {
 	assertDecryptFail(t,
+		"5a2f39347fed3883c9fe05868a8f6156a292c45f606bc610495fcc020ed158f7",
+		"775bbfeba58d07f9d1fbb862e306ac780f39e5418043dadb547c7b5900245e71",
 		"2e70c0a1cde884b88392458ca86148d859b273a5695ede5bbe41f731d7d88ffd",
 		"Agn/l3ULCEAS4V7LhGFM6IGA17jsDUaFCKhrbXDANholdUejFZPARM22IvOqp1U/UmFSkeSyTBYbbwy5ykmi+mKiEcWL+nVmTOf28MMiC+rTpZys/8p1hqQFpn+XWZRPrVay",
 		"invalid hmac",
@ -204,6 +345,8 @@ func TestCryptFail004(t *testing.T) {

 func TestCryptFail005(t *testing.T) {
 	assertDecryptFail(t,
+		"067eda13c4a36090ad28a7a183e9df611186ca01f63cb30fcdfa615ebfd6fb6d",
+		"32c1ece2c5dd2160ad03b243f50eff12db605b86ac92da47eacc78144bf0cdd3",
 		"a808915e31afc5b853d654d2519632dac7298ee2ecddc11695b8eba925935c2a",
 		"AmWxSwuUmqp9UsQX63U7OQ6K1thLI69L7G2b+j4DoIr0U0P/M1/oKm95z8qz6Kg0zQawLzwk3DskvWA2drXP4zK+tzHpKvWq0KOdx5MdypboSQsP4NXfhh2KoUffjkyIOiMA",
 		"invalid hmac",
@ -212,6 +355,8 @@ func TestCryptFail005(t *testing.T) {

 func TestCryptFail006(t *testing.T) {
 	assertDecryptFail(t,
+		"3e7be560fb9f8c965c48953dbd00411d48577e200cf00d7cc427e49d0e8d9c01",
+		"e539e5fee58a337307e2a937ee9a7561b45876fb5df405c5e7be3ee564b239cc",
 		"6ee3efc4255e3b8270e5dd3f7dc7f6b60878cda6218c8df34a3261cd48744931",
 		"Anq2XbuLvCuONcr7V0UxTh8FAyWoZNEdBHXvdbNmDZHBu7F9m36yBd58mVUBB5ktBTOJREDaQT1KAyPmZidP+IRea1lNw5YAEK7+pbnpfCw8CD0i2n8Pf2IDWlKDhLiVvatw",
 		"invalid padding",
@ -220,6 +365,8 @@ func TestCryptFail006(t *testing.T) {

 func TestCryptFail007(t *testing.T) {
 	assertDecryptFail(t,
+		"c22e1d4de967aa39dc143354d8f596cec1d7c912c3140831fff2976ce3e387c1",
+		"4e405be192677a2da95ffc733950777213bf880cf7c3b084eeb6f3fe5bd43705",
 		"1675a773dbf6fbcbef6a293004a4504b6c856978be738b10584b0269d437c8d1",
 		"An1Cg+O1TIhdav7ogfSOYvCj9dep4ctxzKtZSniCw5MwhT0hvSnF9Xjp9Lml792qtNbmAVvR6laukTe9eYEjeWPpZFxtkVpYTbbL9wDKFeplDMKsUKVa+roSeSvv0ela9seDVl2Sfso=",
 		"invalid padding",
@ -229,6 +376,8 @@ func TestCryptFail007(t *testing.T) {

 func TestCryptFail008(t *testing.T) {
 	assertDecryptFail(t,
+		"be1edab14c5912e5c59084f197f0945242e969c363096cccb59af8898815096f",
+		"9eaf0775d971e4941c97189232542e1daefcdb7dddafc39bcea2520217710ba2",
 		"1741a44c052d5ae363c7845441f73d2b6c28d9bfb3006190012bba12eb4c774b",
 		"Am+f1yZnwnOs0jymZTcRpwhDRHTdnrFcPtsBzpqVdD6bL9HUMo3Mjkz4bjQo/FJF2LWHmaCr9Byc3hU9D7we+EkNBWenBHasT1G52fZk9r3NKeOC1hLezNwBLr7XXiULh+NbMBDtJh9/aQh1uZ9EpAfeISOzbZXwYwf0P5M85g9XER8hZ2fgJDLb4qMOuQRG6CrPezhr357nS3UHwPC2qHo3uKACxhE+2td+965yDcvMTx4KYTQg1zNhd7PA5v/WPnWeq2B623yLxlevUuo/OvXplFho3QVy7s5QZVop6qV2g2/l/SIsvD0HIcv3V35sywOCBR0K4VHgduFqkx/LEF3NGgAbjONXQHX8ZKushsEeR4TxlFoRSovAyYjhWolz+Ok3KJL2Ertds3H+M/Bdl2WnZGT0IbjZjn3DS+b1Ke0R0X4Onww2ZG3+7o6ncIwTc+lh1O7YQn00V0HJ+EIp03heKV2zWdVSC615By/+Yt9KAiV56n5+02GAuNqA",
 		"invalid padding",