Refactor encryption.Cipher to be an Encrypt/Decrypt Interface

All Encrypt/Decrypt Cipher implementations will now take
and return []byte to set up usage in future binary compatible
encoding schemes to fix issues with bloat encrypting to strings
(which requires base64ing adding 33% size)

pkg/encryption/cipher_test.go

@@ -105,14 +105,14 @@ func TestEncodeAndDecodeAccessToken(t *testing.T) {
 	c, err := NewCipher([]byte(secret))
 	assert.Equal(t, nil, err)
 
-	encoded, err := c.Encrypt(token)
+	encoded, err := c.Encrypt([]byte(token))
 	assert.Equal(t, nil, err)
 
 	decoded, err := c.Decrypt(encoded)
 	assert.Equal(t, nil, err)
 
-	assert.NotEqual(t, token, encoded)
-	assert.Equal(t, token, decoded)
+	assert.NotEqual(t, []byte(token), encoded)
+	assert.Equal(t, []byte(token), decoded)
 }
 
 func TestEncodeAndDecodeAccessTokenB64(t *testing.T) {
@@ -124,14 +124,115 @@ func TestEncodeAndDecodeAccessTokenB64(t *testing.T) {
 	c, err := NewCipher([]byte(secret))
 	assert.Equal(t, nil, err)
 
-	encoded, err := c.Encrypt(token)
+	encoded, err := c.Encrypt([]byte(token))
 	assert.Equal(t, nil, err)
 
 	decoded, err := c.Decrypt(encoded)
 	assert.Equal(t, nil, err)
 
-	assert.NotEqual(t, token, encoded)
-	assert.Equal(t, token, decoded)
+	assert.NotEqual(t, []byte(token), encoded)
+	assert.Equal(t, []byte(token), decoded)
+}
+
+func TestEncryptAndDecryptBase64(t *testing.T) {
+	var err error
+
+	// Test all 3 valid AES sizes
+	for _, secretSize := range []int{16, 24, 32} {
+		secret := make([]byte, secretSize)
+		_, err = io.ReadFull(rand.Reader, secret)
+		assert.Equal(t, nil, err)
+
+		// NewCipher creates a Base64 wrapper of CFBCipher
+		c, err := NewCipher(secret)
+		assert.Equal(t, nil, err)
+
+		// Test various sizes sessions might be
+		for _, dataSize := range []int{10, 100, 1000, 5000, 10000} {
+			data := make([]byte, dataSize)
+			_, err := io.ReadFull(rand.Reader, data)
+			assert.Equal(t, nil, err)
+
+			encrypted, err := c.Encrypt(data)
+			assert.Equal(t, nil, err)
+
+			decrypted, err := c.Decrypt(encrypted)
+			assert.Equal(t, nil, err)
+			assert.Equal(t, data, decrypted)
+		}
+	}
+}
+
+func TestDecryptBase64WrongSecret(t *testing.T) {
+	var err error
+
+	secret1 := []byte("0123456789abcdefghijklmnopqrstuv")
+	secret2 := []byte("9876543210abcdefghijklmnopqrstuv")
+
+	c1, err := NewCipher(secret1)
+	assert.Equal(t, nil, err)
+
+	c2, err := NewCipher(secret2)
+	assert.Equal(t, nil, err)
+
+	data := []byte("f3928pufm982374dj02y485dsl34890u2t9nd4028s94dm58y2394087dhmsyt29h8df")
+
+	ciphertext, err := c1.Encrypt(data)
+	assert.Equal(t, nil, err)
+
+	wrongData, err := c2.Decrypt(ciphertext)
+	assert.Equal(t, nil, err)
+	assert.NotEqual(t, data, wrongData)
+}
+
+func TestEncryptAndDecryptCFB(t *testing.T) {
+	var err error
+
+	// Test all 3 valid AES sizes
+	for _, secretSize := range []int{16, 24, 32} {
+		secret := make([]byte, secretSize)
+		_, err = io.ReadFull(rand.Reader, secret)
+		assert.Equal(t, nil, err)
+
+		c, err := NewCFBCipher(secret)
+		assert.Equal(t, nil, err)
+
+		// Test various sizes sessions might be
+		for _, dataSize := range []int{10, 100, 1000, 5000, 10000} {
+			data := make([]byte, dataSize)
+			_, err := io.ReadFull(rand.Reader, data)
+			assert.Equal(t, nil, err)
+
+			encrypted, err := c.Encrypt(data)
+			assert.Equal(t, nil, err)
+
+			decrypted, err := c.Decrypt(encrypted)
+			assert.Equal(t, nil, err)
+			assert.Equal(t, data, decrypted)
+		}
+	}
+}
+
+func TestDecryptCFBWrongSecret(t *testing.T) {
+	var err error
+
+	secret1 := []byte("0123456789abcdefghijklmnopqrstuv")
+	secret2 := []byte("9876543210abcdefghijklmnopqrstuv")
+
+	c1, err := NewCFBCipher(secret1)
+	assert.Equal(t, nil, err)
+
+	c2, err := NewCFBCipher(secret2)
+	assert.Equal(t, nil, err)
+
+	data := []byte("f3928pufm982374dj02y485dsl34890u2t9nd4028s94dm58y2394087dhmsyt29h8df")
+
+	ciphertext, err := c1.Encrypt(data)
+	assert.Equal(t, nil, err)
+
+	wrongData, err := c2.Decrypt(ciphertext)
+	assert.Equal(t, nil, err)
+	assert.NotEqual(t, data, wrongData)
 }
 
 func TestEncodeIntoAndDecodeIntoAccessToken(t *testing.T) {