189 lines
4.3 KiB
Go
189 lines
4.3 KiB
Go
package lib
|
|
|
|
import (
|
|
"testing"
|
|
)
|
|
|
|
func TestNormalizeKey_8bytes(t *testing.T) {
|
|
key := []byte{1, 2, 3, 4, 5, 6, 7, 8}
|
|
got := NormalizeKey(key)
|
|
if len(got) != 16 {
|
|
t.Fatalf("expected 16 bytes, got %d", len(got))
|
|
}
|
|
// First 8 bytes = original, second 8 bytes = copy
|
|
for i := 0; i < 8; i++ {
|
|
if got[i] != key[i] {
|
|
t.Errorf("byte %d: expected %d, got %d", i, key[i], got[i])
|
|
}
|
|
if got[i+8] != key[i] {
|
|
t.Errorf("byte %d: expected %d (doubled), got %d", i+8, key[i], got[i+8])
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestNormalizeKey_16bytes_passthrough(t *testing.T) {
|
|
key := make([]byte, 16)
|
|
for i := range key {
|
|
key[i] = byte(i)
|
|
}
|
|
got := NormalizeKey(key)
|
|
if len(got) != 16 {
|
|
t.Fatalf("expected 16 bytes, got %d", len(got))
|
|
}
|
|
for i := range key {
|
|
if got[i] != key[i] {
|
|
t.Errorf("byte %d changed: expected %d, got %d", i, key[i], got[i])
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestNormalizeKey_32bytes_passthrough(t *testing.T) {
|
|
key := make([]byte, 32)
|
|
got := NormalizeKey(key)
|
|
if len(got) != 32 {
|
|
t.Fatalf("expected 32 bytes, got %d", len(got))
|
|
}
|
|
}
|
|
|
|
func TestDeriveEntryKey_deterministic(t *testing.T) {
|
|
l1 := []byte{0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}
|
|
key1, err := DeriveEntryKey(l1, 12345)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
key2, err := DeriveEntryKey(l1, 12345)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if string(key1) != string(key2) {
|
|
t.Error("same inputs must produce same key")
|
|
}
|
|
}
|
|
|
|
func TestDeriveEntryKey_different_entries_different_keys(t *testing.T) {
|
|
l1 := []byte{0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}
|
|
key1, _ := DeriveEntryKey(l1, 1)
|
|
key2, _ := DeriveEntryKey(l1, 2)
|
|
if string(key1) == string(key2) {
|
|
t.Error("different entry IDs must produce different keys")
|
|
}
|
|
}
|
|
|
|
func TestDeriveHMACKey_deterministic(t *testing.T) {
|
|
l1 := []byte{0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}
|
|
key1, _ := DeriveHMACKey(l1)
|
|
key2, _ := DeriveHMACKey(l1)
|
|
if string(key1) != string(key2) {
|
|
t.Error("same L1 must produce same HMAC key")
|
|
}
|
|
if len(key1) != 32 {
|
|
t.Errorf("HMAC key should be 32 bytes, got %d", len(key1))
|
|
}
|
|
}
|
|
|
|
func TestBlindIndex_deterministic(t *testing.T) {
|
|
hmacKey := make([]byte, 32)
|
|
idx1 := BlindIndex(hmacKey, "test")
|
|
idx2 := BlindIndex(hmacKey, "test")
|
|
if string(idx1) != string(idx2) {
|
|
t.Error("same input must produce same blind index")
|
|
}
|
|
if len(idx1) != 16 {
|
|
t.Errorf("blind index should be 16 bytes, got %d", len(idx1))
|
|
}
|
|
}
|
|
|
|
func TestBlindIndex_different_inputs(t *testing.T) {
|
|
hmacKey := make([]byte, 32)
|
|
idx1 := BlindIndex(hmacKey, "apple")
|
|
idx2 := BlindIndex(hmacKey, "orange")
|
|
if string(idx1) == string(idx2) {
|
|
t.Error("different inputs should produce different blind indexes")
|
|
}
|
|
}
|
|
|
|
func TestPackUnpack_roundtrip(t *testing.T) {
|
|
key := make([]byte, 16) // AES-128
|
|
for i := range key {
|
|
key[i] = byte(i + 1)
|
|
}
|
|
|
|
original := `{"title":"GitHub","fields":[{"label":"password","value":"hunter2"}]}`
|
|
packed, err := Pack(key, original)
|
|
if err != nil {
|
|
t.Fatalf("Pack: %v", err)
|
|
}
|
|
|
|
if string(packed) == original {
|
|
t.Fatal("Pack must not return plaintext")
|
|
}
|
|
|
|
unpacked, err := Unpack(key, packed)
|
|
if err != nil {
|
|
t.Fatalf("Unpack: %v", err)
|
|
}
|
|
|
|
if unpacked != original {
|
|
t.Errorf("roundtrip failed:\n want: %s\n got: %s", original, unpacked)
|
|
}
|
|
}
|
|
|
|
func TestPackUnpack_wrong_key_fails(t *testing.T) {
|
|
key1 := make([]byte, 16)
|
|
key2 := make([]byte, 16)
|
|
key2[0] = 0xFF
|
|
|
|
packed, err := Pack(key1, "secret data")
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
_, err = Unpack(key2, packed)
|
|
if err == nil {
|
|
t.Fatal("Unpack with wrong key should fail")
|
|
}
|
|
}
|
|
|
|
func TestPackUnpack_empty_string(t *testing.T) {
|
|
key := make([]byte, 16)
|
|
result, err := Unpack(key, nil)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if result != "" {
|
|
t.Errorf("Unpack of nil should return empty string, got %q", result)
|
|
}
|
|
}
|
|
|
|
func TestPackUnpack_AES256(t *testing.T) {
|
|
key := make([]byte, 32) // AES-256
|
|
for i := range key {
|
|
key[i] = byte(i)
|
|
}
|
|
|
|
original := "AES-256 test payload"
|
|
packed, err := Pack(key, original)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
unpacked, err := Unpack(key, packed)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if unpacked != original {
|
|
t.Errorf("AES-256 roundtrip failed: got %q", unpacked)
|
|
}
|
|
}
|
|
|
|
func TestGenerateToken_length_and_uniqueness(t *testing.T) {
|
|
t1 := GenerateToken()
|
|
t2 := GenerateToken()
|
|
if len(t1) != 64 {
|
|
t.Errorf("token should be 64 hex chars, got %d", len(t1))
|
|
}
|
|
if t1 == t2 {
|
|
t.Error("two generated tokens should not be equal")
|
|
}
|
|
}
|