now also testing MAC against openssl-computed result.

also we're testing encryption of "hello world" instead of "hello world " now :D
[ci skip]

main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/impl/FileContentDecryptorImplTest.java

@@ -20,12 +20,12 @@ public class FileContentDecryptorImplTest {
 		final byte[] keyBytes = new byte[32];
 		final SecretKey headerKey = new SecretKeySpec(keyBytes, "AES");
 		final SecretKey macKey = new SecretKeySpec(keyBytes, "AES");
-		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbQMxxKDDeVNbWcxRPUp3zSKaIl9RDlCco7Aa975ufw/3rL27hDTQEnd3FZNlWh1VHmi5hGO9Cn5n4hrsZARZQ8mJeLxjNKI4DZL72lGQKN4=");
-		final byte[] content = Base64.decode("tPCsFM1g/ubfJMY0O2wdWwEHrRZG0HQPfeaAJxtXs7Xkq3g0idoVCp2BbUc=");
+		final byte[] header = Base64.decode("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwN74OFIGKQKgsI7bakfCYm1VXJZiKFLyhZkQCz0Ye/il0PmdZOYsSYEH9h6S00RsdHL3wLtB1FJsb9QLTtP00H8M2theZaZdlKTmjhXsmbc=");
+		final byte[] content = Base64.decode("tPCsFM1g/ubfJMa+AocdPh/WPHfXMFRJdIz6PkLuRijSIIXvxn7IUwVzHQ==");
 
 		try (FileContentDecryptor decryptor = new FileContentDecryptorImpl(headerKey, macKey, ByteBuffer.wrap(header))) {
-			decryptor.append(ByteBuffer.wrap(Arrays.copyOfRange(content, 0, 10)));
-			decryptor.append(ByteBuffer.wrap(Arrays.copyOfRange(content, 10, 44)));
+			decryptor.append(ByteBuffer.wrap(Arrays.copyOfRange(content, 0, 15)));
+			decryptor.append(ByteBuffer.wrap(Arrays.copyOfRange(content, 15, 43)));
 			decryptor.append(FileContentCryptor.EOF);
 
 			ByteBuffer result = ByteBuffer.allocate(11); // we just care about the first 11 bytes, as this is the ciphertext.

main/filesystem-crypto/src/test/java/org/cryptomator/crypto/engine/impl/FileContentEncryptorImplTest.java

@@ -35,17 +35,19 @@ public class FileContentEncryptorImplTest {
 
 		try (FileContentEncryptor encryptor = new FileContentEncryptorImpl(headerKey, macKey, RANDOM_MOCK)) {
 			encryptor.append(ByteBuffer.wrap("hello ".getBytes()));
-			encryptor.append(ByteBuffer.wrap("world ".getBytes()));
+			encryptor.append(ByteBuffer.wrap("world".getBytes()));
 			encryptor.append(FileContentCryptor.EOF);
 
-			ByteBuffer result = ByteBuffer.allocate(11); // we just care about the first 11 bytes, as this is the ciphertext.
+			ByteBuffer result = ByteBuffer.allocate(43); // 11 bytes ciphertext + 32 bytes mac.
 			ByteBuffer buf;
 			while ((buf = encryptor.ciphertext()) != FileContentCryptor.EOF) {
 				ByteBuffers.copy(buf, result);
 			}
 
-			// echo -n "hello world" | openssl enc -aes-256-ctr -K 0000000000000000000000000000000000000000000000000000000000000000 -iv 00000000000000000000000000000000 | base64
-			Assert.assertArrayEquals(Base64.decode("tPCsFM1g/ubfJMY="), result.array());
+			// Ciphertext: echo -n "hello world" | openssl enc -aes-256-ctr -K 0000000000000000000000000000000000000000000000000000000000000000 -iv 00000000000000000000000000000000 | base64
+			// MAC: echo -n "tPCsFM1g/ubfJMY=" | base64 --decode | openssl dgst -sha256 -mac HMAC -macopt hexkey:0000000000000000000000000000000000000000000000000000000000000000 -binary | base64
+			// echo -n "tPCsFM1g/ubfJMY=" | base64 --decode > A; echo -n "vgKHHT4f1jx31zBUSXSM+j5C7kYo0iCF78Z+yFMFcx0=" | base64 --decode >> A; cat A | base64
+			Assert.assertArrayEquals(Base64.decode("tPCsFM1g/ubfJMa+AocdPh/WPHfXMFRJdIz6PkLuRijSIIXvxn7IUwVzHQ=="), result.array());
 		}
 	}