Fixed failing tests

aes/decryptor_test.go

@@ -12,7 +12,7 @@ func TestDecrypt(t *testing.T) {
 	expected := "foo"
 	key := []byte(strings.Repeat("f", 32))
 	message := `ENC[AES256_GCM,data:oYyi,iv:MyIDYbT718JRr11QtBkcj3Dwm4k1aCGZBVeZf0EyV8o=,tag:t5z2Z023Up0kxwCgw1gNxg==,type:str]`
-	decryption, err := Cipher{}.Decrypt(message, key, []byte("bar:"))
+	decryption, _, err := Cipher{}.Decrypt(message, key, "bar:")
 	if err != nil {
 		t.Errorf("%s", err)
 	}
@@ -23,25 +23,25 @@ func TestDecrypt(t *testing.T) {
 
 func TestDecryptInvalidAad(t *testing.T) {
 	message := `ENC[AES256_GCM,data:oYyi,iv:MyIDYbT718JRr11QtBkcj3Dwm4k1aCGZBVeZf0EyV8o=,tag:t5z2Z023Up0kxwCgw1gNxg==,type:str]`
-	_, err := Cipher{}.Decrypt(message, []byte(strings.Repeat("f", 32)), []byte(""))
+	_, _, err := Cipher{}.Decrypt(message, []byte(strings.Repeat("f", 32)), "")
 	if err == nil {
 		t.Errorf("Decrypting with an invalid AAC should fail")
 	}
 }
 
 func TestRoundtripString(t *testing.T) {
-	f := func(x string, aad []byte) bool {
+	f := func(x, aad string) bool {
 		key := make([]byte, 32)
 		rand.Read(key)
 		if x == "" {
 			return true
 		}
-		s, err := Cipher{}.Encrypt(x, key, aad)
+		s, err := Cipher{}.Encrypt(x, key, aad, nil)
 		if err != nil {
 			fmt.Println(err)
 			return false
 		}
-		d, err := Cipher{}.Decrypt(s, key, aad)
+		d, _, err := Cipher{}.Decrypt(s, key, aad)
 		if err != nil {
 			return false
 		}
@@ -55,12 +55,12 @@ func TestRoundtripString(t *testing.T) {
 func TestRoundtripFloat(t *testing.T) {
 	key := []byte(strings.Repeat("f", 32))
 	f := func(x float64) bool {
-		s, err := Cipher{}.Encrypt(x, key, []byte(""))
+		s, err := Cipher{}.Encrypt(x, key, "", nil)
 		if err != nil {
 			fmt.Println(err)
 			return false
 		}
-		d, err := Cipher{}.Decrypt(s, key, []byte(""))
+		d, _, err := Cipher{}.Decrypt(s, key, "")
 		if err != nil {
 			return false
 		}
@@ -74,12 +74,12 @@ func TestRoundtripFloat(t *testing.T) {
 func TestRoundtripInt(t *testing.T) {
 	key := []byte(strings.Repeat("f", 32))
 	f := func(x int) bool {
-		s, err := Cipher{}.Encrypt(x, key, []byte(""))
+		s, err := Cipher{}.Encrypt(x, key, "", nil)
 		if err != nil {
 			fmt.Println(err)
 			return false
 		}
-		d, err := Cipher{}.Decrypt(s, key, []byte(""))
+		d, _, err := Cipher{}.Decrypt(s, key, "")
 		if err != nil {
 			return false
 		}
@@ -93,12 +93,12 @@ func TestRoundtripInt(t *testing.T) {
 func TestRoundtripBool(t *testing.T) {
 	key := []byte(strings.Repeat("f", 32))
 	f := func(x bool) bool {
-		s, err := Cipher{}.Encrypt(x, key, []byte(""))
+		s, err := Cipher{}.Encrypt(x, key, "", nil)
 		if err != nil {
 			fmt.Println(err)
 			return false
 		}
-		d, err := Cipher{}.Decrypt(s, key, []byte(""))
+		d, _, err := Cipher{}.Decrypt(s, key, "")
 		if err != nil {
 			return false
 		}

sops.go

@@ -126,8 +126,12 @@ func (tree Tree) Encrypt(key []byte, cipher DataKeyCipher, stash map[string][]in
 			var err error
 			pathString := strings.Join(path, ":") + ":"
 			// Pop from the left of the stash
-			stashValue, newStash := stash[pathString][0], stash[pathString][1:len(stash[pathString])]
-			stash[pathString] = newStash
+			var stashValue interface{}
+			if len(stash[pathString]) > 0 {
+				var newStash []interface{}
+				stashValue, newStash = stash[pathString][0], stash[pathString][1:len(stash[pathString])]
+				stash[pathString] = newStash
+			}
 			in, err = cipher.Encrypt(in, key, pathString, stashValue)
 			if err != nil {
 				return nil, fmt.Errorf("Could not encrypt value: %s", err)

sops_test.go

@@ -23,14 +23,14 @@ func TestUnencryptedSuffix(t *testing.T) {
 		},
 	}
 	cipher := aes.Cipher{}
-	_, err := tree.Encrypt(bytes.Repeat([]byte("f"), 32), cipher)
+	_, err := tree.Encrypt(bytes.Repeat([]byte("f"), 32), cipher, nil)
 	if err != nil {
 		t.Errorf("Encrypting the tree failed: %s", err)
 	}
 	if !reflect.DeepEqual(tree.Branch, expected) {
 		t.Errorf("Trees don't match: \ngot \t\t%+v,\n expected \t\t%+v", tree.Branch, expected)
 	}
-	_, err = tree.Decrypt(bytes.Repeat([]byte("f"), 32), cipher)
+	_, err = tree.Decrypt(bytes.Repeat([]byte("f"), 32), cipher, nil)
 	if err != nil {
 		t.Errorf("Decrypting the tree failed: %s", err)
 	}
@@ -41,12 +41,12 @@ func TestUnencryptedSuffix(t *testing.T) {
 
 type MockCipher struct{}
 
-func (m MockCipher) Encrypt(value interface{}, key []byte, additionalAuthData []byte) (string, error) {
+func (m MockCipher) Encrypt(value interface{}, key []byte, path string, stashValue interface{}) (string, error) {
 	return "a", nil
 }
 
-func (m MockCipher) Decrypt(value string, key []byte, additionalAuthData []byte) (interface{}, error) {
-	return "a", nil
+func (m MockCipher) Decrypt(value string, key []byte, path string) (interface{}, interface{}, error) {
+	return "a", nil, nil
 }
 
 func TestEncrypt(t *testing.T) {
@@ -97,7 +97,7 @@ func TestEncrypt(t *testing.T) {
 		},
 	}
 	tree := Tree{Branch: branch, Metadata: Metadata{UnencryptedSuffix: DefaultUnencryptedSuffix}}
-	tree.Encrypt(bytes.Repeat([]byte{'f'}, 32), MockCipher{})
+	tree.Encrypt(bytes.Repeat([]byte{'f'}, 32), MockCipher{}, make(map[string][]interface{}))
 	if !reflect.DeepEqual(tree.Branch, expected) {
 		t.Errorf("%s does not equal expected tree: %s", tree.Branch, expected)
 	}
@@ -151,7 +151,7 @@ func TestDecrypt(t *testing.T) {
 		},
 	}
 	tree := Tree{Branch: branch, Metadata: Metadata{UnencryptedSuffix: DefaultUnencryptedSuffix}}
-	tree.Decrypt(bytes.Repeat([]byte{'f'}, 32), MockCipher{})
+	tree.Decrypt(bytes.Repeat([]byte{'f'}, 32), MockCipher{}, make(map[string][]interface{}))
 	if !reflect.DeepEqual(tree.Branch, expected) {
 		t.Errorf("%s does not equal expected tree: %s", tree.Branch, expected)
 	}