mc/metacrypt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4deb469a9db5050bfa53f315a9ca7360d9c42550
metacrypt/internal/crypto/crypto_test.go
Kyle Isom fbaf79a8a0 Fix gosec, govet, and errorlint linter errors 
Co-authored-by: Junie <junie@jetbrains.com>
2026-03-15 10:16:28 -07:00

134 lines
3.1 KiB
Go
Raw Blame History

package crypto
import (
"bytes"
"errors"
"testing"
)
func TestGenerateKey(t *testing.T) {
key, err := GenerateKey()
if err != nil {
t.Fatalf("GenerateKey: %v", err)
}
if len(key) != KeySize {
t.Fatalf("key length: got %d, want %d", len(key), KeySize)
}
// Should be random (not all zeros).
if bytes.Equal(key, make([]byte, KeySize)) {
t.Fatal("key is all zeros")
}
}
func TestGenerateSalt(t *testing.T) {
salt, err := GenerateSalt()
if err != nil {
t.Fatalf("GenerateSalt: %v", err)
}
if len(salt) != SaltSize {
t.Fatalf("salt length: got %d, want %d", len(salt), SaltSize)
}
}
func TestEncryptDecrypt(t *testing.T) {
key, _ := GenerateKey()
plaintext := []byte("hello, metacrypt!")
ciphertext, err := Encrypt(key, plaintext)
if err != nil {
t.Fatalf("Encrypt: %v", err)
}
// Version byte should be present.
if ciphertext[0] != BarrierVersion {
t.Fatalf("version byte: got %d, want %d", ciphertext[0], BarrierVersion)
}
decrypted, err := Decrypt(key, ciphertext)
if err != nil {
t.Fatalf("Decrypt: %v", err)
}
if !bytes.Equal(plaintext, decrypted) {
t.Fatalf("roundtrip failed: got %q, want %q", decrypted, plaintext)
}
}
func TestDecryptWrongKey(t *testing.T) {
key1, _ := GenerateKey()
key2, _ := GenerateKey()
plaintext := []byte("secret data")
ciphertext, _ := Encrypt(key1, plaintext)
_, err := Decrypt(key2, ciphertext)
if !errors.Is(err, ErrDecryptionFailed) {
t.Fatalf("expected ErrDecryptionFailed, got: %v", err)
}
}
func TestDecryptInvalidCiphertext(t *testing.T) {
key, _ := GenerateKey()
_, err := Decrypt(key, []byte("short"))
if !errors.Is(err, ErrInvalidCiphertext) {
t.Fatalf("expected ErrInvalidCiphertext, got: %v", err)
}
}
func TestDeriveKey(t *testing.T) {
password := []byte("test-password")
salt, _ := GenerateSalt()
params := Argon2Params{Time: 1, Memory: 64 * 1024, Threads: 1}
key := DeriveKey(password, salt, params)
if len(key) != KeySize {
t.Fatalf("derived key length: got %d, want %d", len(key), KeySize)
}
// Same inputs should produce same output.
key2 := DeriveKey(password, salt, params)
if !bytes.Equal(key, key2) {
t.Fatal("determinism: same inputs produced different keys")
}
// Different password should produce different output.
key3 := DeriveKey([]byte("different"), salt, params)
if bytes.Equal(key, key3) {
t.Fatal("different passwords produced same key")
}
}
func TestZeroize(t *testing.T) {
data := []byte{1, 2, 3, 4, 5}
Zeroize(data)
for i, b := range data {
if b != 0 {
t.Fatalf("byte %d not zeroed: %d", i, b)
}
}
}
func TestConstantTimeEqual(t *testing.T) {
a := []byte("hello")
b := []byte("hello")
c := []byte("world")
if !ConstantTimeEqual(a, b) {
t.Fatal("equal slices reported as not equal")
}
if ConstantTimeEqual(a, c) {
t.Fatal("different slices reported as equal")
}
}
func TestEncryptProducesDifferentCiphertext(t *testing.T) {
key, _ := GenerateKey()
plaintext := []byte("same data")
ct1, _ := Encrypt(key, plaintext)
ct2, _ := Encrypt(key, plaintext)
if bytes.Equal(ct1, ct2) {
t.Fatal("two encryptions of same plaintext produced identical ciphertext (nonce reuse)")
}
}
Reference in New Issue View Git Blame Copy Permalink