125 lines
2.4 KiB
Go
125 lines
2.4 KiB
Go
package crypto
|
||
|
||
import (
|
||
"bytes"
|
||
"crypto/rand"
|
||
"testing"
|
||
|
||
"github.com/stretchr/testify/require"
|
||
)
|
||
|
||
func TestAESEncryption(t *testing.T) {
|
||
t.Parallel()
|
||
|
||
key := make([]byte, 32) // generated random 32-byte key
|
||
_, errKey := rand.Read(key)
|
||
require.NoError(t, errKey)
|
||
|
||
tests := []struct {
|
||
name string
|
||
data []byte
|
||
key []byte
|
||
wantErr error
|
||
}{
|
||
{
|
||
name: "valid encryption/decryption",
|
||
data: []byte("hello world"),
|
||
key: key,
|
||
},
|
||
{
|
||
name: "nil key returns error",
|
||
data: []byte("hello world"),
|
||
key: nil,
|
||
wantErr: ErrNoEncryptionKey,
|
||
},
|
||
{
|
||
name: "empty data",
|
||
data: []byte{},
|
||
key: key,
|
||
},
|
||
{
|
||
name: "invalid key size",
|
||
data: []byte("hello world"),
|
||
key: make([]byte, 31),
|
||
wantErr: ErrInvalidKeySize,
|
||
},
|
||
{
|
||
name: "zero key returns error",
|
||
data: []byte("hello world"),
|
||
key: make([]byte, 32),
|
||
wantErr: ErrZeroKey,
|
||
},
|
||
}
|
||
|
||
for _, tt := range tests {
|
||
tt := tt
|
||
t.Run(tt.name, func(t *testing.T) {
|
||
t.Parallel()
|
||
|
||
encrypted, err := EncryptWithAESKey(tt.data, tt.key)
|
||
if tt.wantErr != nil {
|
||
require.ErrorIs(t, err, tt.wantErr)
|
||
|
||
return
|
||
}
|
||
require.NoError(t, err)
|
||
|
||
decrypted, err := DecryptStringWithAESKey(encrypted, tt.key)
|
||
require.NoError(t, err)
|
||
|
||
if tt.key == nil {
|
||
require.Equal(t, tt.data, encrypted)
|
||
require.Equal(t, tt.data, decrypted)
|
||
} else {
|
||
require.NotEqual(t, tt.data, encrypted)
|
||
require.True(t, bytes.Equal(tt.data, decrypted))
|
||
}
|
||
})
|
||
}
|
||
}
|
||
|
||
func TestDecryptionErrors(t *testing.T) {
|
||
t.Parallel()
|
||
|
||
key := make([]byte, 32)
|
||
_, err := rand.Read(key)
|
||
require.NoError(t, err)
|
||
|
||
tests := []struct {
|
||
name string
|
||
data []byte
|
||
key []byte
|
||
errMsg string
|
||
}{
|
||
{
|
||
name: "short ciphertext",
|
||
data: []byte("short"),
|
||
key: key,
|
||
errMsg: "ciphertext too short",
|
||
},
|
||
{
|
||
name: "invalid ciphertext",
|
||
data: make([]byte, 16), // just nonce size
|
||
key: key,
|
||
errMsg: "message authentication failed",
|
||
},
|
||
{
|
||
name: "missing key",
|
||
data: []byte("<22>`M<><4D><EFBFBD>l\u001AIF<49>\u0012<31><32><EFBFBD>=h<>?<3F>c<EFBFBD> <20><>\u0012<31><32><EFBFBD><EFBFBD>\u001C<31>\u0018Ƽ(g"),
|
||
key: nil,
|
||
errMsg: "encryption key is required",
|
||
},
|
||
}
|
||
|
||
for _, tt := range tests {
|
||
tt := tt
|
||
t.Run(tt.name, func(t *testing.T) {
|
||
t.Parallel()
|
||
|
||
_, err := DecryptStringWithAESKey(tt.data, tt.key)
|
||
require.Error(t, err)
|
||
require.Contains(t, err.Error(), tt.errMsg)
|
||
})
|
||
}
|
||
}
|