Update vendored deps, including AWS SDK, openpgp, ftp, ...

2026-05-30 04:20:53 +00:00 · 2018-04-05 17:46:45 +03:00
parent cef4fefc40
commit 0e6ee35942
1497 changed files with 450721 additions and 68034 deletions
@@ -3,21 +3,26 @@ package s3crypto_test
 import (
 	"testing"

-	"github.com/stretchr/testify/assert"
-
 	"github.com/aws/aws-sdk-go/service/s3/s3crypto"
 )

 func TestAESGCMContentCipherBuilder(t *testing.T) {
 	generator := mockGenerator{}
-	builder := s3crypto.AESGCMContentCipherBuilder(generator)
-	assert.NotNil(t, builder)
+	if builder := s3crypto.AESGCMContentCipherBuilder(generator); builder == nil {
+		t.Error("expected non-nil value")
+	}
 }

 func TestAESGCMContentCipherNewEncryptor(t *testing.T) {
 	generator := mockGenerator{}
 	builder := s3crypto.AESGCMContentCipherBuilder(generator)
 	cipher, err := builder.ContentCipher()
-	assert.NoError(t, err)
-	assert.NotNil(t, cipher)
+
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
+
+	if cipher == nil {
+		t.Errorf("expected non-nil vaue")
+	}
 }
@@ -5,8 +5,6 @@ import (
 	"encoding/hex"
 	"io/ioutil"
 	"testing"
-
-	"github.com/stretchr/testify/assert"
 )

 // AES GCM
@@ -52,22 +50,32 @@ func aesgcmTest(t *testing.T, iv, key, plaintext, expected, tag []byte) {
 		IV:  iv,
 	}
 	gcm, err := newAESGCM(cd)
-	assert.NoError(t, err)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
+
 	cipherdata := gcm.Encrypt(bytes.NewReader(plaintext))

 	ciphertext, err := ioutil.ReadAll(cipherdata)
-	assert.NoError(t, err)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}

 	// splitting tag and ciphertext
 	etag := ciphertext[len(ciphertext)-16:]
-	assert.Equal(t, etag, tag)
-	assert.Equal(t, len(ciphertext), len(expected))
-	assert.Equal(t, ciphertext, expected)
+	if !bytes.Equal(etag, tag) {
+		t.Errorf("expected tags to be equivalent")
+	}
+	if !bytes.Equal(ciphertext, expected) {
+		t.Errorf("expected ciphertext to be equivalent")
+	}

 	data := gcm.Decrypt(bytes.NewReader(ciphertext))
-	assert.NoError(t, err)
 	text, err := ioutil.ReadAll(data)
-	assert.NoError(t, err)
-	assert.Equal(t, len(text), len(plaintext))
-	assert.Equal(t, text, plaintext)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
+	if !bytes.Equal(plaintext, text) {
+		t.Errorf("expected ciphertext to be equivalent")
+	}
 }
@@ -5,8 +5,6 @@ import (
 	"strings"
 	"testing"

-	"github.com/stretchr/testify/assert"
-
 	"github.com/aws/aws-sdk-go/service/s3/s3crypto"
 )

@@ -16,8 +14,12 @@ func TestCryptoReadCloserRead(t *testing.T) {
 	rc := &s3crypto.CryptoReadCloser{Body: ioutil.NopCloser(str), Decrypter: str}

 	b, err := ioutil.ReadAll(rc)
-	assert.NoError(t, err)
-	assert.Equal(t, expectedStr, string(b))
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
+	if expectedStr != string(b) {
+		t.Errorf("expected %s, but received %s", expectedStr, string(b))
+	}
 }

 func TestCryptoReadCloserClose(t *testing.T) {
@@ -29,6 +31,10 @@ func TestCryptoReadCloserClose(t *testing.T) {
 	rc.Close()

 	b, err := ioutil.ReadAll(rc)
-	assert.NoError(t, err)
-	assert.Equal(t, expectedStr, string(b))
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
+	if expectedStr != string(b) {
+		t.Errorf("expected %s, but received %s", expectedStr, string(b))
+	}
 }
@@ -8,8 +8,6 @@ import (
 	"net/http/httptest"
 	"testing"

-	"github.com/stretchr/testify/assert"
-
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/awstesting/unit"
 	"github.com/aws/aws-sdk-go/service/kms"
@@ -31,10 +29,17 @@ func TestWrapFactory(t *testing.T) {
 		MatDesc: `{"kms_cmk_id":""}`,
 	}
 	wrap, err := c.wrapFromEnvelope(env)
-	_, ok := wrap.(*kmsKeyHandler)
-	assert.NoError(t, err)
-	assert.NotNil(t, wrap)
-	assert.True(t, ok)
+	w, ok := wrap.(*kmsKeyHandler)
+
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
+	if wrap == nil {
+		t.Error("expected non-nil value")
+	}
+	if !ok {
+		t.Errorf("expected kmsKeyHandler, but received %v", *w)
+	}
 }
 func TestWrapFactoryErrorNoWrap(t *testing.T) {
 	c := DecryptionClient{
@@ -52,8 +57,13 @@ func TestWrapFactoryErrorNoWrap(t *testing.T) {
 		MatDesc: `{"kms_cmk_id":""}`,
 	}
 	wrap, err := c.wrapFromEnvelope(env)
-	assert.Error(t, err)
-	assert.Nil(t, wrap)
+
+	if err == nil {
+		t.Error("expected error, but received none")
+	}
+	if wrap != nil {
+		t.Errorf("expected nil wrap value, received %v", wrap)
+	}
 }

 func TestWrapFactoryCustomEntry(t *testing.T) {
@@ -72,8 +82,13 @@ func TestWrapFactoryCustomEntry(t *testing.T) {
 		MatDesc: `{"kms_cmk_id":""}`,
 	}
 	wrap, err := c.wrapFromEnvelope(env)
-	assert.NoError(t, err)
-	assert.NotNil(t, wrap)
+
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
+	if wrap == nil {
+		t.Errorf("expected nil wrap value, received %v", wrap)
+	}
 }

 func TestCEKFactory(t *testing.T) {
@@ -106,11 +121,15 @@ func TestCEKFactory(t *testing.T) {
 		},
 	}
 	iv, err := hex.DecodeString("0d18e06c7c725ac9e362e1ce")
-	assert.NoError(t, err)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
 	ivB64 := base64.URLEncoding.EncodeToString(iv)

 	cipherKey, err := hex.DecodeString("31bdadd96698c204aa9ce1448ea94ae1fb4a9a0b3c9d773b51bb1822666b8f22")
-	assert.NoError(t, err)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
 	cipherKeyB64 := base64.URLEncoding.EncodeToString(cipherKey)

 	env := Envelope{
@@ -122,8 +141,13 @@ func TestCEKFactory(t *testing.T) {
 	}
 	wrap, err := c.wrapFromEnvelope(env)
 	cek, err := c.cekFromEnvelope(env, wrap)
-	assert.NoError(t, err)
-	assert.NotNil(t, cek)
+
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
+	if cek == nil {
+		t.Errorf("expected non-nil cek")
+	}
 }

 func TestCEKFactoryNoCEK(t *testing.T) {
@@ -156,11 +180,15 @@ func TestCEKFactoryNoCEK(t *testing.T) {
 		},
 	}
 	iv, err := hex.DecodeString("0d18e06c7c725ac9e362e1ce")
-	assert.NoError(t, err)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
 	ivB64 := base64.URLEncoding.EncodeToString(iv)

 	cipherKey, err := hex.DecodeString("31bdadd96698c204aa9ce1448ea94ae1fb4a9a0b3c9d773b51bb1822666b8f22")
-	assert.NoError(t, err)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
 	cipherKeyB64 := base64.URLEncoding.EncodeToString(cipherKey)

 	env := Envelope{
@@ -172,8 +200,13 @@ func TestCEKFactoryNoCEK(t *testing.T) {
 	}
 	wrap, err := c.wrapFromEnvelope(env)
 	cek, err := c.cekFromEnvelope(env, wrap)
-	assert.Error(t, err)
-	assert.Nil(t, cek)
+
+	if err == nil {
+		t.Error("expected error, but received none")
+	}
+	if cek != nil {
+		t.Errorf("expected nil cek value, received %v", wrap)
+	}
 }

 func TestCEKFactoryCustomEntry(t *testing.T) {
@@ -204,11 +237,15 @@ func TestCEKFactoryCustomEntry(t *testing.T) {
 		PadderRegistry: map[string]Padder{},
 	}
 	iv, err := hex.DecodeString("0d18e06c7c725ac9e362e1ce")
-	assert.NoError(t, err)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
 	ivB64 := base64.URLEncoding.EncodeToString(iv)

 	cipherKey, err := hex.DecodeString("31bdadd96698c204aa9ce1448ea94ae1fb4a9a0b3c9d773b51bb1822666b8f22")
-	assert.NoError(t, err)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
 	cipherKeyB64 := base64.URLEncoding.EncodeToString(cipherKey)

 	env := Envelope{
@@ -220,6 +257,11 @@ func TestCEKFactoryCustomEntry(t *testing.T) {
 	}
 	wrap, err := c.wrapFromEnvelope(env)
 	cek, err := c.cekFromEnvelope(env, wrap)
-	assert.NoError(t, err)
-	assert.NotNil(t, cek)
+
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
+	if cek == nil {
+		t.Errorf("expected non-nil cek")
+	}
 }
@@ -11,8 +11,6 @@ import (
 	"strings"
 	"testing"

-	"github.com/stretchr/testify/assert"
-
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/request"
@@ -40,7 +38,9 @@ func TestGetObjectGCM(t *testing.T) {
 	})

 	c := s3crypto.NewDecryptionClient(sess)
-	assert.NotNil(t, c)
+	if c == nil {
+		t.Error("expected non-nil value")
+	}
 	input := &s3.GetObjectInput{
 		Key:    aws.String("test"),
 		Bucket: aws.String("test"),
@@ -49,9 +49,14 @@ func TestGetObjectGCM(t *testing.T) {
 	req.Handlers.Send.Clear()
 	req.Handlers.Send.PushBack(func(r *request.Request) {
 		iv, err := hex.DecodeString("0d18e06c7c725ac9e362e1ce")
-		assert.NoError(t, err)
+		if err != nil {
+			t.Errorf("expected no error, but received %v", err)
+		}
+
 		b, err := hex.DecodeString("fa4362189661d163fcd6a56d8bf0405ad636ac1bbedd5cc3ee727dc2ab4a9489")
-		assert.NoError(t, err)
+		if err != nil {
+			t.Errorf("expected no error, but received %v", err)
+		}

 		r.HTTPResponse = &http.Response{
 			StatusCode: 200,
@@ -69,14 +74,21 @@ func TestGetObjectGCM(t *testing.T) {
 		out.Metadata["x-amz-wrap-alg"] = aws.String(s3crypto.KMSWrap)
 	})
 	err := req.Send()
-	assert.NoError(t, err)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
 	b, err := ioutil.ReadAll(out.Body)
-	assert.NoError(t, err)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
 	expected, err := hex.DecodeString("2db5168e932556f8089a0622981d017d")
-	assert.NoError(t, err)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}

-	assert.Equal(t, len(expected), len(b))
-	assert.Equal(t, expected, b)
+	if !bytes.Equal(expected, b) {
+		t.Error("expected bytes to be equivalent")
+	}
 }

 func TestGetObjectCBC(t *testing.T) {
@@ -97,7 +109,9 @@ func TestGetObjectCBC(t *testing.T) {
 	})

 	c := s3crypto.NewDecryptionClient(sess)
-	assert.NotNil(t, c)
+	if c == nil {
+		t.Error("expected non-nil value")
+	}
 	input := &s3.GetObjectInput{
 		Key:    aws.String("test"),
 		Bucket: aws.String("test"),
@@ -106,9 +120,13 @@ func TestGetObjectCBC(t *testing.T) {
 	req.Handlers.Send.Clear()
 	req.Handlers.Send.PushBack(func(r *request.Request) {
 		iv, err := hex.DecodeString("9dea7621945988f96491083849b068df")
-		assert.NoError(t, err)
+		if err != nil {
+			t.Errorf("expected no error, but received %v", err)
+		}
 		b, err := hex.DecodeString("e232cd6ef50047801ee681ec30f61d53cfd6b0bca02fd03c1b234baa10ea82ac9dab8b960926433a19ce6dea08677e34")
-		assert.NoError(t, err)
+		if err != nil {
+			t.Errorf("expected no error, but received %v", err)
+		}

 		r.HTTPResponse = &http.Response{
 			StatusCode: 200,
@@ -125,14 +143,21 @@ func TestGetObjectCBC(t *testing.T) {
 		out.Metadata["x-amz-wrap-alg"] = aws.String(s3crypto.KMSWrap)
 	})
 	err := req.Send()
-	assert.NoError(t, err)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
 	b, err := ioutil.ReadAll(out.Body)
-	assert.NoError(t, err)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
 	expected, err := hex.DecodeString("0397f4f6820b1f9386f14403be5ac16e50213bd473b4874b9bcbf5f318ee686b1d")
-	assert.NoError(t, err)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}

-	assert.Equal(t, len(expected), len(b))
-	assert.Equal(t, expected, b)
+	if !bytes.Equal(expected, b) {
+		t.Error("expected bytes to be equivalent")
+	}
 }

 func TestGetObjectCBC2(t *testing.T) {
@@ -153,7 +178,9 @@ func TestGetObjectCBC2(t *testing.T) {
 	})

 	c := s3crypto.NewDecryptionClient(sess)
-	assert.NotNil(t, c)
+	if c == nil {
+		t.Error("expected non-nil value")
+	}
 	input := &s3.GetObjectInput{
 		Key:    aws.String("test"),
 		Bucket: aws.String("test"),
@@ -162,7 +189,9 @@ func TestGetObjectCBC2(t *testing.T) {
 	req.Handlers.Send.Clear()
 	req.Handlers.Send.PushBack(func(r *request.Request) {
 		b, err := hex.DecodeString("fd0c71ecb7ed16a9bf42ea5f75501d416df608f190890c3b4d8897f24744cd7f9ea4a0b212e60634302450e1c5378f047ff753ccefe365d411c36339bf22e301fae4c3a6226719a4b93dc74c1af79d0296659b5d56c0892315f2c7cc30190220db1eaafae3920d6d9c65d0aa366499afc17af493454e141c6e0fbdeb6a990cb4")
-		assert.NoError(t, err)
+		if err != nil {
+			t.Errorf("expected no error, but received %v", err)
+		}

 		r.HTTPResponse = &http.Response{
 			StatusCode: 200,
@@ -180,14 +209,21 @@ func TestGetObjectCBC2(t *testing.T) {
 		out.Metadata["x-amz-wrap-alg"] = aws.String(s3crypto.KMSWrap)
 	})
 	err := req.Send()
-	assert.NoError(t, err)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
 	b, err := ioutil.ReadAll(out.Body)
-	assert.NoError(t, err)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
 	expected, err := hex.DecodeString("a6ccd3482f5ce25c9ddeb69437cd0acbc0bdda2ef8696d90781de2b35704543529871b2032e68ef1c5baed1769aba8d420d1aca181341b49b8b3587a6580cdf1d809c68f06735f7735c16691f4b70c967d68fc08195b81ad71bcc4df452fd0a5799c1e1234f92f1cd929fc072167ccf9f2ac85b93170932b32")
-	assert.NoError(t, err)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}

-	assert.Equal(t, len(expected), len(b))
-	assert.Equal(t, expected, b)
+	if !bytes.Equal(expected, b) {
+		t.Error("expected bytes to be equivalent")
+	}
 }

 func TestGetObjectWithContext(t *testing.T) {
@@ -7,6 +7,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/client"
 	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/sdkio"
 	"github.com/aws/aws-sdk-go/service/s3"
 	"github.com/aws/aws-sdk-go/service/s3/s3iface"
 )
@@ -64,19 +65,18 @@ func NewEncryptionClient(prov client.ConfigProvider, builder ContentCipherBuilde
 //	req, out := svc.PutObjectRequest(&s3.PutObjectInput {
 //	  Key: aws.String("testKey"),
 //	  Bucket: aws.String("testBucket"),
-//	  Body: bytes.NewBuffer("test data"),
+//	  Body: strings.NewReader("test data"),
 //	})
 //	err := req.Send()
 func (c *EncryptionClient) PutObjectRequest(input *s3.PutObjectInput) (*request.Request, *s3.PutObjectOutput) {
 	req, out := c.S3Client.PutObjectRequest(input)

 	// Get Size of file
-	n, err := input.Body.Seek(0, 2)
+	n, err := aws.SeekerLen(input.Body)
 	if err != nil {
 		req.Error = err
 		return req, out
 	}
-	input.Body.Seek(0, 0)

 	dst, err := getWriterStore(req, c.TempFolderPath, n >= c.MinFileSize)
 	if err != nil {
@@ -115,7 +115,7 @@ func (c *EncryptionClient) PutObjectRequest(input *s3.PutObjectInput) (*request.
 		shaHex := hex.EncodeToString(sha.GetValue())
 		req.HTTPRequest.Header.Set("X-Amz-Content-Sha256", shaHex)

-		dst.Seek(0, 0)
+		dst.Seek(0, sdkio.SeekStart)
 		input.Body = dst

 		err = c.SaveStrategy.Save(env, r)
@@ -9,8 +9,6 @@ import (
 	"strings"
 	"testing"

-	"github.com/stretchr/testify/assert"
-
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/request"
@@ -32,9 +30,15 @@ func TestDefaultConfigValues(t *testing.T) {

 	c := s3crypto.NewEncryptionClient(sess, s3crypto.AESGCMContentCipherBuilder(handler))

-	assert.NotNil(t, c)
-	assert.NotNil(t, c.ContentCipherBuilder)
-	assert.NotNil(t, c.SaveStrategy)
+	if c == nil {
+		t.Error("expected non-vil client value")
+	}
+	if c.ContentCipherBuilder == nil {
+		t.Error("expected non-vil content cipher builder value")
+	}
+	if c.SaveStrategy == nil {
+		t.Error("expected non-vil save strategy value")
+	}
 }

 func TestPutObject(t *testing.T) {
@@ -49,7 +53,9 @@ func TestPutObject(t *testing.T) {
 		Region:           aws.String("us-west-2"),
 	})
 	c := s3crypto.NewEncryptionClient(sess, cb)
-	assert.NotNil(t, c)
+	if c == nil {
+		t.Error("expected non-vil client value")
+	}
 	input := &s3.PutObjectInput{
 		Key:    aws.String("test"),
 		Bucket: aws.String("test"),
@@ -64,10 +70,16 @@ func TestPutObject(t *testing.T) {
 		}
 	})
 	err := req.Send()
-	assert.Equal(t, "stop", err.Error())
+	if e, a := "stop", err.Error(); e != a {
+		t.Errorf("expected %s error, but received %s", e, a)
+	}
 	b, err := ioutil.ReadAll(req.HTTPRequest.Body)
-	assert.NoError(t, err)
-	assert.Equal(t, expected, b)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
+	if !bytes.Equal(expected, b) {
+		t.Error("expected bytes to be equivalent, but received otherwise")
+	}
 }

 func TestPutObjectWithContext(t *testing.T) {
@@ -4,8 +4,6 @@ import (
 	"bytes"
 	"encoding/hex"
 	"testing"
-
-	"github.com/stretchr/testify/assert"
 )

 // From Go stdlib encoding/sha256 test cases
@@ -13,7 +11,10 @@ func TestSHA256(t *testing.T) {
 	sha := newSHA256Writer(nil)
 	expected, _ := hex.DecodeString("e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855")
 	b := sha.GetValue()
-	assert.Equal(t, expected, b)
+
+	if !bytes.Equal(expected, b) {
+		t.Errorf("expected equivalent sha values, but received otherwise")
+	}
 }

 func TestSHA256_Case2(t *testing.T) {
@@ -21,5 +22,8 @@ func TestSHA256_Case2(t *testing.T) {
 	sha.Write([]byte("hello"))
 	expected, _ := hex.DecodeString("2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824")
 	b := sha.GetValue()
-	assert.Equal(t, expected, b)
+
+	if !bytes.Equal(expected, b) {
+		t.Errorf("expected equivalent sha values, but received otherwise")
+	}
 }
@@ -1,9 +1,10 @@
 package s3crypto

 import (
+	"bytes"
 	"testing"

-	"github.com/stretchr/testify/assert"
+	"github.com/aws/aws-sdk-go/internal/sdkio"
 )

 func TestBytesReadWriteSeeker_Read(t *testing.T) {
@@ -12,9 +13,17 @@ func TestBytesReadWriteSeeker_Read(t *testing.T) {
 	buf := make([]byte, 3)
 	n, err := b.Read(buf)

-	assert.NoError(t, err)
-	assert.Equal(t, 3, n)
-	assert.Equal(t, expected, buf)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
+
+	if e, a := 3, n; e != a {
+		t.Errorf("expected %d, but received %d", e, a)
+	}
+
+	if !bytes.Equal(expected, buf) {
+		t.Error("expected equivalent byte slices, but received otherwise")
+	}
 }

 func TestBytesReadWriteSeeker_Write(t *testing.T) {
@@ -23,25 +32,53 @@ func TestBytesReadWriteSeeker_Write(t *testing.T) {
 	buf := make([]byte, 3)
 	n, err := b.Write([]byte{1, 2, 3})

-	assert.NoError(t, err)
-	assert.Equal(t, 3, n)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
+
+	if e, a := 3, n; e != a {
+		t.Errorf("expected %d, but received %d", e, a)
+	}

 	n, err = b.Read(buf)
-	assert.NoError(t, err)
-	assert.Equal(t, 3, n)
-	assert.Equal(t, expected, buf)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
+
+	if e, a := 3, n; e != a {
+		t.Errorf("expected %d, but received %d", e, a)
+	}
+
+	if !bytes.Equal(expected, buf) {
+		t.Error("expected equivalent byte slices, but received otherwise")
+	}
 }

 func TestBytesReadWriteSeeker_Seek(t *testing.T) {
 	b := &bytesReadWriteSeeker{[]byte{1, 2, 3}, 0}
 	expected := []byte{2, 3}
-	m, err := b.Seek(1, 0)
-	assert.NoError(t, err)
-	assert.Equal(t, 1, int(m))
+	m, err := b.Seek(1, sdkio.SeekStart)
+
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
+
+	if e, a := 1, int(m); e != a {
+		t.Errorf("expected %d, but received %d", e, a)
+	}
+
 	buf := make([]byte, 3)
 	n, err := b.Read(buf)

-	assert.NoError(t, err)
-	assert.Equal(t, 2, n)
-	assert.Equal(t, expected, buf[:n])
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
+
+	if e, a := 2, n; e != a {
+		t.Errorf("expected %d, but received %d", e, a)
+	}
+
+	if !bytes.Equal(expected, buf[:n]) {
+		t.Error("expected equivalent byte slices, but received otherwise")
+	}
 }
@@ -2,15 +2,19 @@ package s3crypto

 import (
 	"testing"
-
-	"github.com/stretchr/testify/assert"
 )

 func TestGenerateBytes(t *testing.T) {
 	b := generateBytes(5)
-	assert.Equal(t, 5, len(b))
+	if e, a := 5, len(b); e != a {
+		t.Errorf("expected %d, but received %d", e, a)
+	}
 	b = generateBytes(0)
-	assert.Equal(t, 0, len(b))
+	if e, a := 0, len(b); e != a {
+		t.Errorf("expected %d, but received %d", e, a)
+	}
 	b = generateBytes(1024)
-	assert.Equal(t, 1024, len(b))
+	if e, a := 1024, len(b); e != a {
+		t.Errorf("expected %d, but received %d", e, a)
+	}
 }
@@ -1,15 +1,15 @@
 package s3crypto

 import (
+	"bytes"
 	"encoding/base64"
 	"encoding/hex"
 	"fmt"
 	"net/http"
 	"net/http/httptest"
+	"reflect"
 	"testing"

-	"github.com/stretchr/testify/assert"
-
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/awstesting/unit"
 	"github.com/aws/aws-sdk-go/service/kms"
@@ -18,7 +18,9 @@ import (
 func TestBuildKMSEncryptHandler(t *testing.T) {
 	svc := kms.New(unit.Session)
 	handler := NewKMSKeyGenerator(svc, "testid")
-	assert.NotNil(t, handler)
+	if handler == nil {
+		t.Error("expected non-nil handler")
+	}
 }

 func TestBuildKMSEncryptHandlerWithMatDesc(t *testing.T) {
@@ -26,14 +28,19 @@ func TestBuildKMSEncryptHandlerWithMatDesc(t *testing.T) {
 	handler := NewKMSKeyGeneratorWithMatDesc(svc, "testid", MaterialDescription{
 		"Testing": aws.String("123"),
 	})
-	assert.NotNil(t, handler)
+	if handler == nil {
+		t.Error("expected non-nil handler")
+	}

 	kmsHandler := handler.(*kmsKeyHandler)
 	expected := MaterialDescription{
 		"kms_cmk_id": aws.String("testid"),
 		"Testing":    aws.String("123"),
 	}
-	assert.Equal(t, expected, kmsHandler.CipherData.MaterialDescription)
+
+	if !reflect.DeepEqual(expected, kmsHandler.CipherData.MaterialDescription) {
+		t.Errorf("expected %v, but received %v", expected, kmsHandler.CipherData.MaterialDescription)
+	}
 }

 func TestKMSGenerateCipherData(t *testing.T) {
@@ -56,11 +63,15 @@ func TestKMSGenerateCipherData(t *testing.T) {
 	ivSize := 16

 	cd, err := handler.GenerateCipherData(keySize, ivSize)
-	assert.NoError(t, err)
-	assert.Equal(t, keySize, len(cd.Key))
-	assert.Equal(t, ivSize, len(cd.IV))
-	assert.NotEmpty(t, cd.Key)
-	assert.NotEmpty(t, cd.IV)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
+	if keySize != len(cd.Key) {
+		t.Errorf("expected %d, but received %d", keySize, len(cd.Key))
+	}
+	if ivSize != len(cd.IV) {
+		t.Errorf("expected %d, but received %d", ivSize, len(cd.IV))
+	}
 }

 func TestKMSDecrypt(t *testing.T) {
@@ -78,11 +89,18 @@ func TestKMSDecrypt(t *testing.T) {
 		Region:           aws.String("us-west-2"),
 	})
 	handler, err := (kmsKeyHandler{kms: kms.New(sess)}).decryptHandler(Envelope{MatDesc: `{"kms_cmk_id":"test"}`})
-	assert.NoError(t, err)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}

 	plaintextKey, err := handler.DecryptKey([]byte{1, 2, 3, 4})
-	assert.NoError(t, err)
-	assert.Equal(t, key, plaintextKey)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
+
+	if !bytes.Equal(key, plaintextKey) {
+		t.Errorf("expected %v, but received %v", key, plaintextKey)
+	}
 }

 func TestKMSDecryptBadJSON(t *testing.T) {
@@ -101,5 +119,7 @@ func TestKMSDecryptBadJSON(t *testing.T) {
 	})

 	_, err := (kmsKeyHandler{kms: kms.New(sess)}).decryptHandler(Envelope{MatDesc: `{"kms_cmk_id":"test"`})
-	assert.Error(t, err)
+	if err == nil {
+		t.Errorf("expected error, but received none")
+	}
 }
@@ -1,10 +1,9 @@
 package s3crypto

 import (
+	"reflect"
 	"testing"

-	"github.com/stretchr/testify/assert"
-
 	"github.com/aws/aws-sdk-go/aws"
 )

@@ -13,8 +12,12 @@ func TestEncodeMaterialDescription(t *testing.T) {
 	md["foo"] = aws.String("bar")
 	b, err := md.encodeDescription()
 	expected := `{"foo":"bar"}`
-	assert.NoError(t, err)
-	assert.Equal(t, expected, string(b))
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
+	if expected != string(b) {
+		t.Errorf("expected %s, but received %s", expected, string(b))
+	}
 }
 func TestDecodeMaterialDescription(t *testing.T) {
 	md := MaterialDescription{}
@@ -23,6 +26,10 @@ func TestDecodeMaterialDescription(t *testing.T) {
 	expected := MaterialDescription{
 		"foo": aws.String("bar"),
 	}
-	assert.NoError(t, err)
-	assert.Equal(t, expected, md)
+	if err != nil {
+		t.Errorf("expected no error, but received %v", err)
+	}
+	if !reflect.DeepEqual(expected, md) {
+		t.Error("expected material description to be equivalent, but received otherwise")
+	}
 }
@@ -63,9 +63,12 @@ func (strat HeaderV2SaveStrategy) Save(env Envelope, req *request.Request) error
 	input.Metadata[http.CanonicalHeaderKey(matDescHeader)] = &env.MatDesc
 	input.Metadata[http.CanonicalHeaderKey(wrapAlgorithmHeader)] = &env.WrapAlg
 	input.Metadata[http.CanonicalHeaderKey(cekAlgorithmHeader)] = &env.CEKAlg
-	input.Metadata[http.CanonicalHeaderKey(tagLengthHeader)] = &env.TagLen
 	input.Metadata[http.CanonicalHeaderKey(unencryptedMD5Header)] = &env.UnencryptedMD5
 	input.Metadata[http.CanonicalHeaderKey(unencryptedContentLengthHeader)] = &env.UnencryptedContentLen
+
+	if len(env.TagLen) > 0 {
+		input.Metadata[http.CanonicalHeaderKey(tagLengthHeader)] = &env.TagLen
+	}
 	return nil
 }

@@ -1,10 +1,9 @@
 package s3crypto_test

 import (
+	"reflect"
 	"testing"

-	"github.com/stretchr/testify/assert"
-
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/service/s3"
@@ -12,35 +11,67 @@ import (
 )

 func TestHeaderV2SaveStrategy(t *testing.T) {
-	env := s3crypto.Envelope{
-		CipherKey:             "Foo",
-		IV:                    "Bar",
-		MatDesc:               "{}",
-		WrapAlg:               s3crypto.KMSWrap,
-		CEKAlg:                s3crypto.AESGCMNoPadding,
-		TagLen:                "128",
-		UnencryptedMD5:        "hello",
-		UnencryptedContentLen: "0",
-	}
-	params := &s3.PutObjectInput{}
-	req := &request.Request{
-		Params: params,
-	}
-	strat := s3crypto.HeaderV2SaveStrategy{}
-	err := strat.Save(env, req)
-	assert.NoError(t, err)
-
-	expected := map[string]*string{
-		"X-Amz-Key-V2":                     aws.String("Foo"),
-		"X-Amz-Iv":                         aws.String("Bar"),
-		"X-Amz-Matdesc":                    aws.String("{}"),
-		"X-Amz-Wrap-Alg":                   aws.String(s3crypto.KMSWrap),
-		"X-Amz-Cek-Alg":                    aws.String(s3crypto.AESGCMNoPadding),
-		"X-Amz-Tag-Len":                    aws.String("128"),
-		"X-Amz-Unencrypted-Content-Md5":    aws.String("hello"),
-		"X-Amz-Unencrypted-Content-Length": aws.String("0"),
+	cases := []struct {
+		env      s3crypto.Envelope
+		expected map[string]*string
+	}{
+		{
+			s3crypto.Envelope{
+				CipherKey:             "Foo",
+				IV:                    "Bar",
+				MatDesc:               "{}",
+				WrapAlg:               s3crypto.KMSWrap,
+				CEKAlg:                s3crypto.AESGCMNoPadding,
+				TagLen:                "128",
+				UnencryptedMD5:        "hello",
+				UnencryptedContentLen: "0",
+			},
+			map[string]*string{
+				"X-Amz-Key-V2":                     aws.String("Foo"),
+				"X-Amz-Iv":                         aws.String("Bar"),
+				"X-Amz-Matdesc":                    aws.String("{}"),
+				"X-Amz-Wrap-Alg":                   aws.String(s3crypto.KMSWrap),
+				"X-Amz-Cek-Alg":                    aws.String(s3crypto.AESGCMNoPadding),
+				"X-Amz-Tag-Len":                    aws.String("128"),
+				"X-Amz-Unencrypted-Content-Md5":    aws.String("hello"),
+				"X-Amz-Unencrypted-Content-Length": aws.String("0"),
+			},
+		},
+		{
+			s3crypto.Envelope{
+				CipherKey:             "Foo",
+				IV:                    "Bar",
+				MatDesc:               "{}",
+				WrapAlg:               s3crypto.KMSWrap,
+				CEKAlg:                s3crypto.AESGCMNoPadding,
+				UnencryptedMD5:        "hello",
+				UnencryptedContentLen: "0",
+			},
+			map[string]*string{
+				"X-Amz-Key-V2":                     aws.String("Foo"),
+				"X-Amz-Iv":                         aws.String("Bar"),
+				"X-Amz-Matdesc":                    aws.String("{}"),
+				"X-Amz-Wrap-Alg":                   aws.String(s3crypto.KMSWrap),
+				"X-Amz-Cek-Alg":                    aws.String(s3crypto.AESGCMNoPadding),
+				"X-Amz-Unencrypted-Content-Md5":    aws.String("hello"),
+				"X-Amz-Unencrypted-Content-Length": aws.String("0"),
+			},
+		},
 	}

-	assert.Equal(t, len(expected), len(params.Metadata))
-	assert.Equal(t, expected, params.Metadata)
+	for _, c := range cases {
+		params := &s3.PutObjectInput{}
+		req := &request.Request{
+			Params: params,
+		}
+		strat := s3crypto.HeaderV2SaveStrategy{}
+		err := strat.Save(c.env, req)
+		if err != nil {
+			t.Errorf("expected no error, but received %v", err)
+		}
+
+		if !reflect.DeepEqual(c.expected, params.Metadata) {
+			t.Errorf("expected %v, but received %v", c.expected, params.Metadata)
+		}
+	}
 }