3 files changed, 159 insertions, 1 deletions
diff --git a/vendor/golang.org/x/crypto/nacl/box/example_test.go b/vendor/golang.org/x/crypto/nacl/box/example_test.go
new file mode 100644
index 000000000..25e42d2be
--- /dev/null
+++ b/vendor/golang.org/x/crypto/nacl/box/example_test.go
@@ -0,0 +1,95 @@
+package box_test
+
+import (
+	crypto_rand "crypto/rand" // Custom so it's clear which rand we're using.
+	"fmt"
+	"io"
+
+	"golang.org/x/crypto/nacl/box"
+)
+
+func Example() {
+	senderPublicKey, senderPrivateKey, err := box.GenerateKey(crypto_rand.Reader)
+	if err != nil {
+		panic(err)
+	}
+
+	recipientPublicKey, recipientPrivateKey, err := box.GenerateKey(crypto_rand.Reader)
+	if err != nil {
+		panic(err)
+	}
+
+	// You must use a different nonce for each message you encrypt with the
+	// same key. Since the nonce here is 192 bits long, a random value
+	// provides a sufficiently small probability of repeats.
+	var nonce [24]byte
+	if _, err := io.ReadFull(crypto_rand.Reader, nonce[:]); err != nil {
+		panic(err)
+	}
+
+	msg := []byte("Alas, poor Yorick! I knew him, Horatio")
+	// This encrypts msg and appends the result to the nonce.
+	encrypted := box.Seal(nonce[:], msg, &nonce, recipientPublicKey, senderPrivateKey)
+
+	// The recipient can decrypt the message using their private key and the
+	// sender's public key. When you decrypt, you must use the same nonce you
+	// used to encrypt the message. One way to achieve this is to store the
+	// nonce alongside the encrypted message. Above, we stored the nonce in the
+	// first 24 bytes of the encrypted text.
+	var decryptNonce [24]byte
+	copy(decryptNonce[:], encrypted[:24])
+	decrypted, ok := box.Open(nil, encrypted[24:], &decryptNonce, senderPublicKey, recipientPrivateKey)
+	if !ok {
+		panic("decryption error")
+	}
+	fmt.Println(string(decrypted))
+	// Output: Alas, poor Yorick! I knew him, Horatio
+}
+
+func Example_precompute() {
+	senderPublicKey, senderPrivateKey, err := box.GenerateKey(crypto_rand.Reader)
+	if err != nil {
+		panic(err)
+	}
+
+	recipientPublicKey, recipientPrivateKey, err := box.GenerateKey(crypto_rand.Reader)
+	if err != nil {
+		panic(err)
+	}
+
+	// The shared key can be used to speed up processing when using the same
+	// pair of keys repeatedly.
+	sharedEncryptKey := new([32]byte)
+	box.Precompute(sharedEncryptKey, recipientPublicKey, senderPrivateKey)
+
+	// You must use a different nonce for each message you encrypt with the
+	// same key. Since the nonce here is 192 bits long, a random value
+	// provides a sufficiently small probability of repeats.
+	var nonce [24]byte
+	if _, err := io.ReadFull(crypto_rand.Reader, nonce[:]); err != nil {
+		panic(err)
+	}
+
+	msg := []byte("A fellow of infinite jest, of most excellent fancy")
+	// This encrypts msg and appends the result to the nonce.
+	encrypted := box.SealAfterPrecomputation(nonce[:], msg, &nonce, sharedEncryptKey)
+
+	// The shared key can be used to speed up processing when using the same
+	// pair of keys repeatedly.
+	var sharedDecryptKey [32]byte
+	box.Precompute(&sharedDecryptKey, senderPublicKey, recipientPrivateKey)
+
+	// The recipient can decrypt the message using the shared key. When you
+	// decrypt, you must use the same nonce you used to encrypt the message.
+	// One way to achieve this is to store the nonce alongside the encrypted
+	// message. Above, we stored the nonce in the first 24 bytes of the
+	// encrypted text.
+	var decryptNonce [24]byte
+	copy(decryptNonce[:], encrypted[:24])
+	decrypted, ok := box.OpenAfterPrecomputation(nil, encrypted[24:], &decryptNonce, &sharedDecryptKey)
+	if !ok {
+		panic("decryption error")
+	}
+	fmt.Println(string(decrypted))
+	// Output: A fellow of infinite jest, of most excellent fancy
+}
diff --git a/vendor/golang.org/x/crypto/nacl/secretbox/example_test.go b/vendor/golang.org/x/crypto/nacl/secretbox/example_test.go
index b25e663a8..789f4ff03 100644
--- a/vendor/golang.org/x/crypto/nacl/secretbox/example_test.go
+++ b/vendor/golang.org/x/crypto/nacl/secretbox/example_test.go
@@ -43,7 +43,7 @@ func Example() {
 	// 24 bytes of the encrypted text.
 	var decryptNonce [24]byte
 	copy(decryptNonce[:], encrypted[:24])
-	decrypted, ok := secretbox.Open([]byte{}, encrypted[24:], &decryptNonce, &secretKey)
+	decrypted, ok := secretbox.Open(nil, encrypted[24:], &decryptNonce, &secretKey)
 	if !ok {
 		panic("decryption error")
 	}
diff --git a/vendor/golang.org/x/crypto/nacl/secretbox/secretbox_test.go b/vendor/golang.org/x/crypto/nacl/secretbox/secretbox_test.go
index 664dc1521..3c70b0f4b 100644
--- a/vendor/golang.org/x/crypto/nacl/secretbox/secretbox_test.go
+++ b/vendor/golang.org/x/crypto/nacl/secretbox/secretbox_test.go
@@ -89,3 +89,66 @@ func TestAppend(t *testing.T) {
 		t.Fatalf("Seal didn't correctly append with sufficient capacity.")
 	}
 }
+
+func benchmarkSealSize(b *testing.B, size int) {
+	message := make([]byte, size)
+	out := make([]byte, size+Overhead)
+	var nonce [24]byte
+	var key [32]byte
+
+	b.SetBytes(int64(size))
+	b.ResetTimer()
+
+	for i := 0; i < b.N; i++ {
+		out = Seal(out[:0], message, &nonce, &key)
+	}
+}
+
+func BenchmarkSeal8Bytes(b *testing.B) {
+	benchmarkSealSize(b, 8)
+}
+
+func BenchmarkSeal100Bytes(b *testing.B) {
+	benchmarkSealSize(b, 100)
+}
+
+func BenchmarkSeal1K(b *testing.B) {
+	benchmarkSealSize(b, 1024)
+}
+
+func BenchmarkSeal8K(b *testing.B) {
+	benchmarkSealSize(b, 8192)
+}
+
+func benchmarkOpenSize(b *testing.B, size int) {
+	msg := make([]byte, size)
+	result := make([]byte, size)
+	var nonce [24]byte
+	var key [32]byte
+	box := Seal(nil, msg, &nonce, &key)
+
+	b.SetBytes(int64(size))
+	b.ResetTimer()
+
+	for i := 0; i < b.N; i++ {
+		if _, ok := Open(result[:0], box, &nonce, &key); !ok {
+			panic("Open failed")
+		}
+	}
+}
+
+func BenchmarkOpen8Bytes(b *testing.B) {
+	benchmarkOpenSize(b, 8)
+}
+
+func BenchmarkOpen100Bytes(b *testing.B) {
+	benchmarkOpenSize(b, 100)
+}
+
+func BenchmarkOpen1K(b *testing.B) {
+	benchmarkOpenSize(b, 1024)
+}
+
+func BenchmarkOpen8K(b *testing.B) {
+	benchmarkOpenSize(b, 8192)
+}