Merge pull request #212 from stripe/v2
Export RandReader for deterministic testing
diff --git a/asymmetric.go b/asymmetric.go
index 5272648..6793556 100644
--- a/asymmetric.go
+++ b/asymmetric.go
@@ -195,11 +195,11 @@
func (ctx rsaEncrypterVerifier) encrypt(cek []byte, alg KeyAlgorithm) ([]byte, error) {
switch alg {
case RSA1_5:
- return rsa.EncryptPKCS1v15(randReader, ctx.publicKey, cek)
+ return rsa.EncryptPKCS1v15(RandReader, ctx.publicKey, cek)
case RSA_OAEP:
- return rsa.EncryptOAEP(sha1.New(), randReader, ctx.publicKey, cek, []byte{})
+ return rsa.EncryptOAEP(sha1.New(), RandReader, ctx.publicKey, cek, []byte{})
case RSA_OAEP_256:
- return rsa.EncryptOAEP(sha256.New(), randReader, ctx.publicKey, cek, []byte{})
+ return rsa.EncryptOAEP(sha256.New(), RandReader, ctx.publicKey, cek, []byte{})
}
return nil, ErrUnsupportedAlgorithm
@@ -285,9 +285,9 @@
switch alg {
case RS256, RS384, RS512:
- out, err = rsa.SignPKCS1v15(randReader, ctx.privateKey, hash, hashed)
+ out, err = rsa.SignPKCS1v15(RandReader, ctx.privateKey, hash, hashed)
case PS256, PS384, PS512:
- out, err = rsa.SignPSS(randReader, ctx.privateKey, hash, hashed, &rsa.PSSOptions{
+ out, err = rsa.SignPSS(RandReader, ctx.privateKey, hash, hashed, &rsa.PSSOptions{
SaltLength: rsa.PSSSaltLengthAuto,
})
}
@@ -388,7 +388,7 @@
// Get a content encryption key for ECDH-ES
func (ctx ecKeyGenerator) genKey() ([]byte, rawHeader, error) {
- priv, err := ecdsa.GenerateKey(ctx.publicKey.Curve, randReader)
+ priv, err := ecdsa.GenerateKey(ctx.publicKey.Curve, RandReader)
if err != nil {
return nil, rawHeader{}, err
}
@@ -472,7 +472,7 @@
return Signature{}, ErrUnsupportedAlgorithm
}
- sig, err := ctx.privateKey.Sign(randReader, payload, crypto.Hash(0))
+ sig, err := ctx.privateKey.Sign(RandReader, payload, crypto.Hash(0))
if err != nil {
return Signature{}, err
}
@@ -522,7 +522,7 @@
_, _ = hasher.Write(payload)
hashed := hasher.Sum(nil)
- r, s, err := ecdsa.Sign(randReader, ctx.privateKey, hashed)
+ r, s, err := ecdsa.Sign(RandReader, ctx.privateKey, hashed)
if err != nil {
return Signature{}, err
}
diff --git a/crypter_test.go b/crypter_test.go
index 7eade73..604f124 100644
--- a/crypter_test.go
+++ b/crypter_test.go
@@ -252,7 +252,7 @@
for _, enc := range encAlgs {
for _, key := range generateTestKeys(alg, enc) {
for i, getReader := range readers {
- randReader = getReader()
+ RandReader = getReader()
err := RoundtripJWE(alg, enc, NONE, serializer, corrupter, nil, key.enc, key.dec)
if err == nil {
t.Error("encrypter should fail if rand is broken", i)
diff --git a/jwe_test.go b/jwe_test.go
index aff9c9e..c5c5f96 100644
--- a/jwe_test.go
+++ b/jwe_test.go
@@ -270,7 +270,7 @@
"tag":"XFBoMYUZodetZdvTiFvSkQ" }`)
// Mock random reader
- randReader = bytes.NewReader([]byte{
+ RandReader = bytes.NewReader([]byte{
// Encryption key
177, 161, 244, 128, 84, 143, 225, 115, 63, 180, 3, 255, 107, 154,
212, 246, 138, 7, 110, 91, 112, 46, 34, 105, 47, 130, 203, 46, 122,
diff --git a/signing_test.go b/signing_test.go
index 4ed2482..256a4a2 100644
--- a/signing_test.go
+++ b/signing_test.go
@@ -169,7 +169,7 @@
for _, alg := range sigAlgs {
signingKey, verificationKey := GenerateSigningTestKey(alg)
for i, getReader := range readers {
- randReader = getReader()
+ RandReader = getReader()
err := RoundtripJWS(alg, serializer, corrupter, signingKey, verificationKey, "test_nonce")
if err == nil {
t.Error("signer should fail if rand is broken", alg, i)
diff --git a/symmetric.go b/symmetric.go
index b6047fc..264a0fe 100644
--- a/symmetric.go
+++ b/symmetric.go
@@ -35,7 +35,7 @@
)
// Random reader (stubbed out in tests)
-var randReader = rand.Reader
+var RandReader = rand.Reader
const (
// RFC7518 recommends a minimum of 1,000 iterations:
@@ -148,7 +148,7 @@
// getRandomSalt generates a new salt of the given size.
func getRandomSalt(size int) ([]byte, error) {
salt := make([]byte, size)
- _, err := io.ReadFull(randReader, salt)
+ _, err := io.ReadFull(RandReader, salt)
if err != nil {
return nil, err
}
@@ -193,7 +193,7 @@
// Generate a random key for the given content cipher
func (ctx randomKeyGenerator) genKey() ([]byte, rawHeader, error) {
key := make([]byte, ctx.size)
- _, err := io.ReadFull(randReader, key)
+ _, err := io.ReadFull(RandReader, key)
if err != nil {
return nil, rawHeader{}, err
}
@@ -233,7 +233,7 @@
// Initialize a new nonce
iv := make([]byte, aead.NonceSize())
- _, err = io.ReadFull(randReader, iv)
+ _, err = io.ReadFull(RandReader, iv)
if err != nil {
return nil, err
}
diff --git a/symmetric_test.go b/symmetric_test.go
index 74bad3d..c4aa116 100644
--- a/symmetric_test.go
+++ b/symmetric_test.go
@@ -126,7 +126,7 @@
92, 80, 104, 49, 133, 25, 161, 215, 173, 101, 219, 211, 136, 91, 210, 145}
// Mock random reader
- randReader = bytes.NewReader([]byte{
+ RandReader = bytes.NewReader([]byte{
177, 161, 244, 128, 84, 143, 225, 115, 63, 180, 3, 255, 107, 154,
212, 246, 138, 7, 110, 91, 112, 46, 34, 105, 47, 130, 203, 46, 122,
234, 64, 252, 227, 197, 117, 252, 2, 219, 233, 68, 180, 225, 77, 219})
diff --git a/utils_test.go b/utils_test.go
index c8e01a3..434636b 100644
--- a/utils_test.go
+++ b/utils_test.go
@@ -26,7 +26,7 @@
// Reset random reader to original value
func resetRandReader() {
- randReader = rand.Reader
+ RandReader = rand.Reader
}
// Build big int from hex-encoded string. Strips whitespace (for testing).
