version: bump snapshot

Android 9's Bionic disallows inotify_init with seccomp, so we want the
latest unix change, and while we're at it, we update the others too.

Reported-by: Berk D. Demir <bdd@mindcast.org>
Go CL: https://go-review.googlesource.com/c/sys/+/153318
Fixes: https://lists.zx2c4.com/pipermail/wireguard/2018-December/003642.html

conn_default.go

@@ -8,10 +8,8 @@
 package main
 
 import (
-	"golang.org/x/sys/unix"
 	"net"
 	"os"
-	"runtime"
 	"syscall"
 )
 
@@ -171,47 +169,3 @@ func (bind *NativeBind) Send(buff []byte, endpoint Endpoint) error {
 	}
 	return err
 }
-
-var fwmarkIoctl int
-
-func init() {
-	switch runtime.GOOS {
-	case "linux", "android":
-		fwmarkIoctl = 36 /* unix.SO_MARK */
-	case "freebsd":
-		fwmarkIoctl = 0x1015 /* unix.SO_USER_COOKIE */
-	case "openbsd":
-		fwmarkIoctl = 0x1021 /* unix.SO_RTABLE */
-	}
-}
-
-func (bind *NativeBind) SetMark(mark uint32) error {
-	if fwmarkIoctl == 0 {
-		return nil
-	}
-	if bind.ipv4 != nil {
-		fd, err := bind.ipv4.SyscallConn()
-		if err != nil {
-			return err
-		}
-		err = fd.Control(func(fd uintptr) {
-			err = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, fwmarkIoctl, int(mark))
-		})
-		if err != nil {
-			return err
-		}
-	}
-	if bind.ipv6 != nil {
-		fd, err := bind.ipv6.SyscallConn()
-		if err != nil {
-			return err
-		}
-		err = fd.Control(func(fd uintptr) {
-			err = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, fwmarkIoctl, int(mark))
-		})
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}

cookie.go

@@ -8,7 +8,6 @@ package main
 import (
 	"crypto/hmac"
 	"crypto/rand"
-	"git.zx2c4.com/wireguard-go/xchacha20poly1305"
 	"golang.org/x/crypto/blake2s"
 	"golang.org/x/crypto/chacha20poly1305"
 	"sync"
@@ -163,13 +162,8 @@ func (st *CookieChecker) CreateReply(
 		return nil, err
 	}
 
-	xchacha20poly1305.Encrypt(
-		reply.Cookie[:0],
-		&reply.Nonce,
-		cookie[:],
-		msg[smac1:smac2],
-		&st.mac2.encryptionKey,
-	)
+	xchapoly, _ := chacha20poly1305.NewX(st.mac2.encryptionKey[:])
+	xchapoly.Seal(reply.Cookie[:0], reply.Nonce[:], cookie[:], msg[smac1:smac2])
 
 	st.mutex.RUnlock()
 
@@ -207,13 +201,8 @@ func (st *CookieGenerator) ConsumeReply(msg *MessageCookieReply) bool {
 
 	var cookie [blake2s.Size128]byte
 
-	_, err := xchacha20poly1305.Decrypt(
-		cookie[:0],
-		&msg.Nonce,
-		msg.Cookie[:],
-		st.mac2.lastMAC1[:],
-		&st.mac2.encryptionKey,
-	)
+	xchapoly, _ := chacha20poly1305.NewX(st.mac2.encryptionKey[:])
+	_, err := xchapoly.Open(cookie[:0], msg.Nonce[:], msg.Cookie[:], st.mac2.lastMAC1[:])
 
 	if err != nil {
 		return false

go.mod

@@ -1,7 +1,7 @@
 module git.zx2c4.com/wireguard-go
 
 require (
-	golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4
-	golang.org/x/net v0.0.0-20181005035420-146acd28ed58
-	golang.org/x/sys v0.0.0-20181005133103-4497e2df6f9e
+	golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9
+	golang.org/x/net v0.0.0-20181207154023-610586996380
+	golang.org/x/sys v0.0.0-20181210030007-2a47403f2ae5
 )

go.sum

@@ -1,6 +1,6 @@
-golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4 h1:Vk3wNqEZwyGyei9yq5ekj7frek2u7HUfffJ1/opblzc=
-golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/net v0.0.0-20181005035420-146acd28ed58 h1:otZG8yDCO4LVps5+9bxOeNiCvgmOyt96J3roHTYs7oE=
-golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/sys v0.0.0-20181005133103-4497e2df6f9e h1:EfdBzeKbFSvOjoIqSZcfS8wp0FBLokGBEs9lz1OtSg0=
-golang.org/x/sys v0.0.0-20181005133103-4497e2df6f9e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9 h1:mKdxBk7AujPs8kU4m80U72y/zjbZ3UcXC7dClwKbUI0=
+golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/net v0.0.0-20181207154023-610586996380 h1:zPQexyRtNYBc7bcHmehl1dH6TB3qn8zytv8cBGLDNY0=
+golang.org/x/net v0.0.0-20181207154023-610586996380/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/sys v0.0.0-20181210030007-2a47403f2ae5 h1:SlFRMb9PEnqzqnBRCynVOhxv4vHjB2lnIoxK6p5nzFM=
+golang.org/x/sys v0.0.0-20181210030007-2a47403f2ae5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=

mark_default.go

@@ -0,0 +1,12 @@
+// +build !linux,!openbsd,!freebsd
+
+/* SPDX-License-Identifier: GPL-2.0
+ *
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
+ */
+
+package main
+
+func (bind *NativeBind) SetMark(mark uint32) error {
+	return nil
+}

mark_unix.go

@@ -0,0 +1,57 @@
+// +build android openbsd freebsd
+
+/* SPDX-License-Identifier: GPL-2.0
+ *
+ * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
+ */
+
+package main
+
+import (
+	"golang.org/x/sys/unix"
+	"runtime"
+)
+
+var fwmarkIoctl int
+
+func init() {
+	switch runtime.GOOS {
+	case "linux", "android":
+		fwmarkIoctl = 36 /* unix.SO_MARK */
+	case "freebsd":
+		fwmarkIoctl = 0x1015 /* unix.SO_USER_COOKIE */
+	case "openbsd":
+		fwmarkIoctl = 0x1021 /* unix.SO_RTABLE */
+	}
+}
+
+func (bind *NativeBind) SetMark(mark uint32) error {
+	if fwmarkIoctl == 0 {
+		return nil
+	}
+	if bind.ipv4 != nil {
+		fd, err := bind.ipv4.SyscallConn()
+		if err != nil {
+			return err
+		}
+		err = fd.Control(func(fd uintptr) {
+			err = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, fwmarkIoctl, int(mark))
+		})
+		if err != nil {
+			return err
+		}
+	}
+	if bind.ipv6 != nil {
+		fd, err := bind.ipv6.SyscallConn()
+		if err != nil {
+			return err
+		}
+		err = fd.Control(func(fd uintptr) {
+			err = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, fwmarkIoctl, int(mark))
+		})
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}

noise-protocol.go

@@ -89,7 +89,7 @@ type MessageTransport struct {
 type MessageCookieReply struct {
 	Type     uint32
 	Receiver uint32
-	Nonce    [24]byte
+	Nonce    [chacha20poly1305.NonceSizeX]byte
 	Cookie   [blake2s.Size128 + poly1305.TagSize]byte
 }
 

receive.go

@@ -97,7 +97,7 @@ func (device *Device) RoutineReceiveIncoming(IP int, bind Bind) {
 		device.net.stopping.Done()
 	}()
 
-	logDebug.Println("Routine: receive incoming IPv" + strconv.Itoa(IP) + " - starting")
+	logDebug.Println("Routine: receive incoming IPv" + strconv.Itoa(IP) + " - started")
 	device.net.starting.Done()
 
 	// receive datagrams until conn is closed
@@ -351,7 +351,10 @@ func (device *Device) RoutineHandshake() {
 			// consume reply
 
 			if peer := entry.peer; peer.isRunning.Get() {
-				peer.cookieGenerator.ConsumeReply(&reply)
+				logDebug.Println("Receiving cookie response from ", elem.endpoint.DstToString())
+				if !peer.cookieGenerator.ConsumeReply(&reply) {
+					logDebug.Println("Could not decrypt invalid cookie response")
+				}
 			}
 
 			continue

rwcancel/fdset.go

@@ -1,5 +1,3 @@
-// +build !freebsd
-
 /* SPDX-License-Identifier: GPL-2.0
  *
  * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.

rwcancel/fdset_freebsd.go

@@ -1,22 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0
- *
- * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
- */
-
-package rwcancel
-
-import "golang.org/x/sys/unix"
-
-type fdSet struct {
-	fdset unix.FdSet
-}
-
-func (fdset *fdSet) set(i int) {
-	bits := 32 << (^uint(0) >> 63)
-	fdset.fdset.X__fds_bits[i/bits] |= 1 << uint(i%bits)
-}
-
-func (fdset *fdSet) check(i int) bool {
-	bits := 32 << (^uint(0) >> 63)
-	return (fdset.fdset.X__fds_bits[i/bits] & (1 << uint(i%bits))) != 0
-}

send.go

@@ -206,7 +206,7 @@ func (peer *Peer) SendHandshakeResponse() error {
 
 func (device *Device) SendHandshakeCookie(initiatingElem *QueueHandshakeElement) error {
 
-	device.log.Debug.Println("Sending cookie reply to:", initiatingElem.endpoint.DstToString())
+	device.log.Debug.Println("Sending cookie response for denied handshake message for", initiatingElem.endpoint.DstToString())
 
 	sender := binary.LittleEndian.Uint32(initiatingElem.packet[4:8])
 	reply, err := device.cookieChecker.CreateReply(initiatingElem.packet, sender, initiatingElem.endpoint.DstToBytes())
@@ -562,7 +562,6 @@ func (peer *Peer) RoutineSequentialSender() {
 						elem.Drop()
 					}
 					device.PutOutboundElement(elem)
-					elem.mutex.Unlock()
 				}
 			default:
 				goto out

tai64n/tai64n.go

@@ -20,7 +20,7 @@ func Now() Timestamp {
 	var tai64n Timestamp
 	now := time.Now()
 	secs := base + uint64(now.Unix())
-	nano := uint32(now.UnixNano())
+	nano := uint32(now.Nanosecond())
 	binary.BigEndian.PutUint64(tai64n[:], secs)
 	binary.BigEndian.PutUint32(tai64n[8:], nano)
 	return tai64n

timers.go

@@ -79,7 +79,7 @@ func (peer *Peer) timersActive() bool {
 
 func expiredRetransmitHandshake(peer *Peer) {
 	if atomic.LoadUint32(&peer.timers.handshakeAttempts) > MaxTimerHandshakes {
-		peer.device.log.Debug.Printf("%s: Handshake did not complete after %d attempts, giving up\n", peer, MaxTimerHandshakes+2)
+		peer.device.log.Debug.Printf("%s - Handshake did not complete after %d attempts, giving up\n", peer, MaxTimerHandshakes+2)
 
 		if peer.timersActive() {
 			peer.timers.sendKeepalive.Del()
@@ -98,7 +98,7 @@ func expiredRetransmitHandshake(peer *Peer) {
 		}
 	} else {
 		atomic.AddUint32(&peer.timers.handshakeAttempts, 1)
-		peer.device.log.Debug.Printf("%s: Handshake did not complete after %d seconds, retrying (try %d)\n", peer, int(RekeyTimeout.Seconds()), atomic.LoadUint32(&peer.timers.handshakeAttempts)+1)
+		peer.device.log.Debug.Printf("%s - Handshake did not complete after %d seconds, retrying (try %d)\n", peer, int(RekeyTimeout.Seconds()), atomic.LoadUint32(&peer.timers.handshakeAttempts)+1)
 
 		/* We clear the endpoint address src address, in case this is the cause of trouble. */
 		peer.mutex.Lock()
@@ -122,7 +122,7 @@ func expiredSendKeepalive(peer *Peer) {
 }
 
 func expiredNewHandshake(peer *Peer) {
-	peer.device.log.Debug.Printf("%s: Retrying handshake because we stopped hearing back after %d seconds\n", peer, int((KeepaliveTimeout + RekeyTimeout).Seconds()))
+	peer.device.log.Debug.Printf("%s - Retrying handshake because we stopped hearing back after %d seconds\n", peer, int((KeepaliveTimeout + RekeyTimeout).Seconds()))
 	/* We clear the endpoint address src address, in case this is the cause of trouble. */
 	peer.mutex.Lock()
 	if peer.endpoint != nil {
@@ -134,7 +134,7 @@ func expiredNewHandshake(peer *Peer) {
 }
 
 func expiredZeroKeyMaterial(peer *Peer) {
-	peer.device.log.Debug.Printf("%s: Removing all keys, since we haven't received a new one in %d seconds\n", peer, int((RejectAfterTime * 3).Seconds()))
+	peer.device.log.Debug.Printf("%s - Removing all keys, since we haven't received a new one in %d seconds\n", peer, int((RejectAfterTime * 3).Seconds()))
 	peer.ZeroAndFlushAll()
 }
 

tun/tun_darwin.go

@@ -1,5 +1,3 @@
-// +build !ios
-
 /* SPDX-License-Identifier: GPL-2.0
  *
  * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.

tun/tun_linux.go

@@ -368,21 +368,11 @@ func (tun *nativeTun) Close() error {
 }
 
 func CreateTUN(name string, mtu int) (TUNDevice, error) {
-
-	// open clone device
-
-	// HACK: we open it as a raw Fd first, so that f.nonblock=false
-	// when we make it into a file object.
 	nfd, err := unix.Open(cloneDevicePath, os.O_RDWR, 0)
 	if err != nil {
 		return nil, err
 	}
 
-	err = unix.SetNonblock(nfd, true)
-	if err != nil {
-		return nil, err
-	}
-
 	fd := os.NewFile(uintptr(nfd), cloneDevicePath)
 	if err != nil {
 		return nil, err

uapi.go

@@ -307,7 +307,7 @@ func ipcSetOperation(device *Device, socket *bufio.ReadWriter) *IPCError {
 
 				// update persistent keepalive interval
 
-				logDebug.Println(peer, "- UAPI: Updating persistent keepalive interva")
+				logDebug.Println(peer, "- UAPI: Updating persistent keepalive interval")
 
 				secs, err := strconv.ParseUint(value, 10, 16)
 				if err != nil {

version.go

@@ -1,2 +1,2 @@
 package main
-const WireGuardGoVersion = "0.0.20181018"
+const WireGuardGoVersion = "0.0.20181222"

xchacha20poly1305/xchacha20.go

@@ -1,171 +0,0 @@
-/* SPDX-License-Identifier: MIT
- *
- * Copyright (C) 2016 Andreas Auernhammer. All Rights Reserved.
- * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
- */
-
-package xchacha20poly1305
-
-import (
-	"encoding/binary"
-	"golang.org/x/crypto/chacha20poly1305"
-)
-
-func hChaCha20(out *[32]byte, nonce []byte, key *[32]byte) {
-
-	v00 := uint32(0x61707865)
-	v01 := uint32(0x3320646e)
-	v02 := uint32(0x79622d32)
-	v03 := uint32(0x6b206574)
-
-	v04 := binary.LittleEndian.Uint32(key[0:])
-	v05 := binary.LittleEndian.Uint32(key[4:])
-	v06 := binary.LittleEndian.Uint32(key[8:])
-	v07 := binary.LittleEndian.Uint32(key[12:])
-	v08 := binary.LittleEndian.Uint32(key[16:])
-	v09 := binary.LittleEndian.Uint32(key[20:])
-	v10 := binary.LittleEndian.Uint32(key[24:])
-	v11 := binary.LittleEndian.Uint32(key[28:])
-	v12 := binary.LittleEndian.Uint32(nonce[0:])
-	v13 := binary.LittleEndian.Uint32(nonce[4:])
-	v14 := binary.LittleEndian.Uint32(nonce[8:])
-	v15 := binary.LittleEndian.Uint32(nonce[12:])
-
-	for i := 0; i < 20; i += 2 {
-		v00 += v04
-		v12 ^= v00
-		v12 = (v12 << 16) | (v12 >> 16)
-		v08 += v12
-		v04 ^= v08
-		v04 = (v04 << 12) | (v04 >> 20)
-		v00 += v04
-		v12 ^= v00
-		v12 = (v12 << 8) | (v12 >> 24)
-		v08 += v12
-		v04 ^= v08
-		v04 = (v04 << 7) | (v04 >> 25)
-		v01 += v05
-		v13 ^= v01
-		v13 = (v13 << 16) | (v13 >> 16)
-		v09 += v13
-		v05 ^= v09
-		v05 = (v05 << 12) | (v05 >> 20)
-		v01 += v05
-		v13 ^= v01
-		v13 = (v13 << 8) | (v13 >> 24)
-		v09 += v13
-		v05 ^= v09
-		v05 = (v05 << 7) | (v05 >> 25)
-		v02 += v06
-		v14 ^= v02
-		v14 = (v14 << 16) | (v14 >> 16)
-		v10 += v14
-		v06 ^= v10
-		v06 = (v06 << 12) | (v06 >> 20)
-		v02 += v06
-		v14 ^= v02
-		v14 = (v14 << 8) | (v14 >> 24)
-		v10 += v14
-		v06 ^= v10
-		v06 = (v06 << 7) | (v06 >> 25)
-		v03 += v07
-		v15 ^= v03
-		v15 = (v15 << 16) | (v15 >> 16)
-		v11 += v15
-		v07 ^= v11
-		v07 = (v07 << 12) | (v07 >> 20)
-		v03 += v07
-		v15 ^= v03
-		v15 = (v15 << 8) | (v15 >> 24)
-		v11 += v15
-		v07 ^= v11
-		v07 = (v07 << 7) | (v07 >> 25)
-		v00 += v05
-		v15 ^= v00
-		v15 = (v15 << 16) | (v15 >> 16)
-		v10 += v15
-		v05 ^= v10
-		v05 = (v05 << 12) | (v05 >> 20)
-		v00 += v05
-		v15 ^= v00
-		v15 = (v15 << 8) | (v15 >> 24)
-		v10 += v15
-		v05 ^= v10
-		v05 = (v05 << 7) | (v05 >> 25)
-		v01 += v06
-		v12 ^= v01
-		v12 = (v12 << 16) | (v12 >> 16)
-		v11 += v12
-		v06 ^= v11
-		v06 = (v06 << 12) | (v06 >> 20)
-		v01 += v06
-		v12 ^= v01
-		v12 = (v12 << 8) | (v12 >> 24)
-		v11 += v12
-		v06 ^= v11
-		v06 = (v06 << 7) | (v06 >> 25)
-		v02 += v07
-		v13 ^= v02
-		v13 = (v13 << 16) | (v13 >> 16)
-		v08 += v13
-		v07 ^= v08
-		v07 = (v07 << 12) | (v07 >> 20)
-		v02 += v07
-		v13 ^= v02
-		v13 = (v13 << 8) | (v13 >> 24)
-		v08 += v13
-		v07 ^= v08
-		v07 = (v07 << 7) | (v07 >> 25)
-		v03 += v04
-		v14 ^= v03
-		v14 = (v14 << 16) | (v14 >> 16)
-		v09 += v14
-		v04 ^= v09
-		v04 = (v04 << 12) | (v04 >> 20)
-		v03 += v04
-		v14 ^= v03
-		v14 = (v14 << 8) | (v14 >> 24)
-		v09 += v14
-		v04 ^= v09
-		v04 = (v04 << 7) | (v04 >> 25)
-	}
-
-	binary.LittleEndian.PutUint32(out[0:], v00)
-	binary.LittleEndian.PutUint32(out[4:], v01)
-	binary.LittleEndian.PutUint32(out[8:], v02)
-	binary.LittleEndian.PutUint32(out[12:], v03)
-	binary.LittleEndian.PutUint32(out[16:], v12)
-	binary.LittleEndian.PutUint32(out[20:], v13)
-	binary.LittleEndian.PutUint32(out[24:], v14)
-	binary.LittleEndian.PutUint32(out[28:], v15)
-}
-
-func Encrypt(
-	dst []byte,
-	nonceFull *[24]byte,
-	plaintext []byte,
-	additionalData []byte,
-	key *[chacha20poly1305.KeySize]byte,
-) []byte {
-	var nonce [chacha20poly1305.NonceSize]byte
-	var derivedKey [chacha20poly1305.KeySize]byte
-	hChaCha20(&derivedKey, nonceFull[:16], key)
-	aead, _ := chacha20poly1305.New(derivedKey[:])
-	copy(nonce[4:], nonceFull[16:])
-	return aead.Seal(dst, nonce[:], plaintext, additionalData)
-}
-
-func Decrypt(
-	dst []byte,
-	nonceFull *[24]byte,
-	plaintext []byte,
-	additionalData []byte,
-	key *[chacha20poly1305.KeySize]byte,
-) ([]byte, error) {
-	var nonce [chacha20poly1305.NonceSize]byte
-	var derivedKey [chacha20poly1305.KeySize]byte
-	hChaCha20(&derivedKey, nonceFull[:16], key)
-	aead, _ := chacha20poly1305.New(derivedKey[:])
-	copy(nonce[4:], nonceFull[16:])
-	return aead.Open(dst, nonce[:], plaintext, additionalData)
-}

xchacha20poly1305/xchacha20_test.go

@@ -1,101 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0
- *
- * Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
- */
-
-package xchacha20poly1305
-
-import (
-	"encoding/hex"
-	"testing"
-)
-
-type XChaCha20Test struct {
-	Nonce string
-	Key   string
-	PT    string
-	CT    string
-}
-
-func TestXChaCha20(t *testing.T) {
-
-	tests := []XChaCha20Test{
-		{
-			Nonce: "000000000000000000000000000000000000000000000000",
-			Key:   "0000000000000000000000000000000000000000000000000000000000000000",
-			PT:    "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
-			CT:    "789e9689e5208d7fd9e1f3c5b5341f48ef18a13e418998addadd97a3693a987f8e82ecd5c1433bfed1af49750c0f1ff29c4174a05b119aa3a9e8333812e0c0feb1299c5949d895ee01dbf50f8395dd84",
-		},
-		{
-			Nonce: "0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f",
-			Key:   "0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f",
-			PT:    "0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f",
-			CT:    "e1a046aa7f71e2af8b80b6408b2fd8d3a350278cde79c94d9efaa475e1339b3dd490127b",
-		},
-		{
-			Nonce: "d9a8213e8a697508805c2c171ad54487ead9e3e02d82d5bc",
-			Key:   "979196dbd78526f2f584f7534db3f5824d8ccfa858ca7e09bdd3656ecd36033c",
-			PT:    "43cc6d624e451bbed952c3e071dc6c03392ce11eb14316a94b2fdc98b22fedea",
-			CT:    "53c1e8bef2dbb8f2505ec010a7afe21d5a8e6dd8f987e4ea1a2ed5dfbc844ea400db34496fd2153526c6e87c36694200",
-		},
-	}
-
-	for _, test := range tests {
-
-		nonce, err := hex.DecodeString(test.Nonce)
-		if err != nil {
-			panic(err)
-		}
-
-		key, err := hex.DecodeString(test.Key)
-		if err != nil {
-			panic(err)
-		}
-
-		pt, err := hex.DecodeString(test.PT)
-		if err != nil {
-			panic(err)
-		}
-
-		func() {
-			var nonceArray [24]byte
-			var keyArray [32]byte
-			copy(nonceArray[:], nonce)
-			copy(keyArray[:], key)
-
-			// test encryption
-
-			ct := Encrypt(
-				nil,
-				&nonceArray,
-				pt,
-				nil,
-				&keyArray,
-			)
-			ctHex := hex.EncodeToString(ct)
-			if ctHex != test.CT {
-				t.Fatal("encryption failed, expected:", test.CT, "got", ctHex)
-			}
-
-			// test decryption
-
-			ptp, err := Decrypt(
-				nil,
-				&nonceArray,
-				ct,
-				nil,
-				&keyArray,
-			)
-			if err != nil {
-				t.Fatal(err)
-			}
-
-			ptHex := hex.EncodeToString(ptp)
-			if ptHex != test.PT {
-				t.Fatal("decryption failed, expected:", test.PT, "got", ptHex)
-			}
-		}()
-
-	}
-
-}