runner: Fix HPKE parameter order.
Matching the Go standard library cipher.AEAD interface, EVP_AEAD, and
the C implementation, put the AAD parameter after plaintext/ciphertext.
Bug: 275
Change-Id: I46804ff0e55a75742016ff6311bbe6fd6d208355
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46665
Reviewed-by: Dan McArdle <dmcardle@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/ssl/test/runner/hpke/hpke.go b/ssl/test/runner/hpke/hpke.go
index 513b37a..71cf1e7 100644
--- a/ssl/test/runner/hpke/hpke.go
+++ b/ssl/test/runner/hpke/hpke.go
@@ -113,13 +113,13 @@
return context, nil
}
-func (c *Context) Seal(additionalData, plaintext []byte) []byte {
+func (c *Context) Seal(plaintext, additionalData []byte) []byte {
ciphertext := c.aead.Seal(nil, c.computeNonce(), plaintext, additionalData)
c.incrementSeq()
return ciphertext
}
-func (c *Context) Open(additionalData, ciphertext []byte) ([]byte, error) {
+func (c *Context) Open(ciphertext, additionalData []byte) ([]byte, error) {
plaintext, err := c.aead.Open(nil, c.computeNonce(), ciphertext, additionalData)
if err != nil {
return nil, err
diff --git a/ssl/test/runner/hpke/hpke_test.go b/ssl/test/runner/hpke/hpke_test.go
index 45d2ce9..e8c7544 100644
--- a/ssl/test/runner/hpke/hpke_test.go
+++ b/ssl/test/runner/hpke/hpke_test.go
@@ -59,8 +59,8 @@
// Seal() our plaintext with the sender context, then Open() the
// ciphertext with the receiver context.
plaintext := []byte("foobar")
- ciphertext := senderContext.Seal(nil, plaintext)
- decrypted, err := receiverContext.Open(nil, ciphertext)
+ ciphertext := senderContext.Seal(plaintext, nil)
+ decrypted, err := receiverContext.Open(ciphertext, nil)
if err != nil {
t.Errorf("encryption round trip failed: %s", err)
return
@@ -167,10 +167,10 @@
}
for encryptionNum, e := range testVec.Encryptions {
- ciphertext := senderContext.Seal(e.AdditionalData, e.Plaintext)
+ ciphertext := senderContext.Seal(e.Plaintext, e.AdditionalData)
checkBytesEqual(t, "ciphertext", ciphertext, e.Ciphertext)
- decrypted, err := receiverContext.Open(e.AdditionalData, ciphertext)
+ decrypted, err := receiverContext.Open(ciphertext, e.AdditionalData)
if err != nil {
t.Errorf("decryption %d failed: %s", encryptionNum, err)
return