Add tests for key rotation from BOLT8 test vectors

This adds a test of encryption/decryption of 1002 copies
of a message "hello" so as to test the test vectors in the
final section of BOLT 8 ("transport-message test").
It also corrects some typos in the preceding section of the
same function (TestBolt0008TestVectors).

brontide/noise_test.go

@@ -367,13 +367,23 @@ func TestBolt0008TestVectors(t *testing.T) {
 		t.Fatalf("unable to parse recv'ing key: %v", err)
 	}
 
+	chainKey, err := hex.DecodeString("919219dbb2920afa8db80f9a51787a840" +
+		"bcf111ed8d588caf9ab4be716e42b01")
+	if err != nil {
+		t.Fatalf("unable to parse chaining key: %v", err)
+	}
+
 	if !bytes.Equal(initiator.sendCipher.secretKey[:], sendingKey) {
 		t.Fatalf("sending key mismatch: expected %x, got %x",
 			initiator.sendCipher.secretKey[:], sendingKey)
 	}
 	if !bytes.Equal(initiator.recvCipher.secretKey[:], recvKey) {
-		t.Fatalf("sending key mismatch: expected %x, got %x",
-			initiator.sendCipher.secretKey[:], recvKey)
+		t.Fatalf("receiving key mismatch: expected %x, got %x",
+			initiator.recvCipher.secretKey[:], recvKey)
+	}
+	if !bytes.Equal(initiator.chainingKey[:], chainKey) {
+		t.Fatalf("chaining key mismatch: expected %x, got %x",
+			initiator.chainingKey[:], chainKey)
 	}
 
 	if !bytes.Equal(responder.sendCipher.secretKey[:], recvKey) {
@@ -381,7 +391,70 @@ func TestBolt0008TestVectors(t *testing.T) {
 			responder.sendCipher.secretKey[:], recvKey)
 	}
 	if !bytes.Equal(responder.recvCipher.secretKey[:], sendingKey) {
-		t.Fatalf("sending key mismatch: expected %x, got %x",
-			responder.sendCipher.secretKey[:], sendingKey)
+		t.Fatalf("receiving key mismatch: expected %x, got %x",
+			responder.recvCipher.secretKey[:], sendingKey)
+	}
+	if !bytes.Equal(responder.chainingKey[:], chainKey) {
+		t.Fatalf("chaining key mismatch: expected %x, got %x",
+			responder.chainingKey[:], chainKey)
+	}
+
+	// Now test as per section "transport-message test" in Test Vectors
+	// (the transportMessageVectors ciphertexts are from this section of BOLT 8);
+	// we do slightly greater than 1000 encryption/decryption operations
+	// to ensure that the key rotation algorithm is operating as expected.
+	// The starting point for enc/decr is already guaranteed correct from the
+	// above tests of sendingKey, receivingKey, chainingKey.
+	transportMessageVectors := map[int]string{
+		0: "cf2b30ddf0cf3f80e7c35a6e6730b59fe802473180f396d88a8fb0db8cb" +
+			"cf25d2f214cf9ea1d95",
+		1: "72887022101f0b6753e0c7de21657d35a4cb2a1f5cde2650528bbc8f837" +
+			"d0f0d7ad833b1a256a1",
+		500: "178cb9d7387190fa34db9c2d50027d21793c9bc2d40b1e14dcf30ebeeeb2" +
+			"20f48364f7a4c68bf8",
+		501: "1b186c57d44eb6de4c057c49940d79bb838a145cb528d6e8fd26dbe50a6" +
+			"0ca2c104b56b60e45bd",
+		1000: "4a2f3cc3b5e78ddb83dcb426d9863d9d9a723b0337c89dd0b005d89f8d3" +
+			"c05c52b76b29b740f09",
+		1001: "2ecd8c8a5629d0d02ab457a0fdd0f7b90a192cd46be5ecb6ca570bfc5e2" +
+			"68338b1a16cf4ef2d36",
+	}
+
+	// Payload for every message is the string "hello".
+	payload := []byte("hello")
+
+	var buf bytes.Buffer
+
+	for i := 0; i < 1002; i++ {
+		err = initiator.WriteMessage(&buf, payload)
+		if err != nil {
+			t.Fatalf("could not write message %s", payload)
+		}
+		if val, ok := transportMessageVectors[i]; ok {
+			binaryVal, err := hex.DecodeString(val)
+			if err != nil {
+				t.Fatalf("Failed to decode hex string %s", val)
+			}
+			if !bytes.Equal(buf.Bytes(), binaryVal) {
+				t.Fatalf("Ciphertext %x was not equal to expected %s",
+					buf.String()[:], val)
+			}
+		}
+
+		// Responder decrypts the bytes, in every iteration, and
+		// should always be able to decrypt the same payload message.
+		plaintext, err := responder.ReadMessage(&buf)
+		if err != nil {
+			t.Fatalf("failed to read message in responder: %v", err)
+		}
+
+		// Ensure decryption succeeded
+		if !bytes.Equal(plaintext, payload) {
+			t.Fatalf("Decryption failed to receive plaintext: %s, got %s",
+				payload, plaintext)
+		}
+
+		// Clear out the buffer for the next iteration
+		buf.Reset()
 	}
 }