diff --git a/xchacha20poly1305/xchachapoly.go b/xchacha20poly1305/xchachapoly.go index 96413b8c1..9e0778579 100644 --- a/xchacha20poly1305/xchachapoly.go +++ b/xchacha20poly1305/xchachapoly.go @@ -4,6 +4,7 @@ import ( "crypto/cipher" "encoding/binary" "errors" + "fmt" "golang.org/x/crypto/chacha20poly1305" ) @@ -64,10 +65,10 @@ func (c *xchacha20poly1305) Seal(dst, nonce, plaintext, additionalData []byte) [ func (c *xchacha20poly1305) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) { if len(nonce) != NonceSize { - panic("xchacha20poly1305: bad nonce length passed to Open") + return nil, fmt.Errorf("xchacha20poly1305: bad nonce length passed to Open") } if uint64(len(ciphertext)) > (1<<38)-48 { - panic("xchacha20poly1305: ciphertext too large") + return nil, fmt.Errorf("xchacha20poly1305: ciphertext too large") } var subKey [KeySize]byte var hNonce [16]byte diff --git a/xchacha20poly1305/xchachapoly_test.go b/xchacha20poly1305/xchachapoly_test.go index 460b90ab4..3001217f4 100644 --- a/xchacha20poly1305/xchachapoly_test.go +++ b/xchacha20poly1305/xchachapoly_test.go @@ -80,6 +80,13 @@ func TestVectors(t *testing.T) { if !bytes.Equal(dst, v.ciphertext) { t.Errorf("Test %d: ciphertext mismatch:\n \t got: %s\n \t want: %s", i, toHex(dst), toHex(v.ciphertext)) } + open, err := aead.Open(nil, nonce[:], dst, v.ad) + if err != nil { + t.Error(err) + } + if !bytes.Equal(open, v.plaintext) { + t.Errorf("Test %d: plaintext mismatch:\n \t got: %s\n \t want: %s", i, string(open), string(v.plaintext)) + } } }