From 639ad6a02cbb4b713434671ec09f309aa5410921 Mon Sep 17 00:00:00 2001 From: T Date: Thu, 26 Jun 2025 11:42:17 -0600 Subject: Create authentic_kate: user authentication for go HTTP applications --- encryption_test.go | 151 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 151 insertions(+) create mode 100644 encryption_test.go (limited to 'encryption_test.go') diff --git a/encryption_test.go b/encryption_test.go new file mode 100644 index 0000000..fcec058 --- /dev/null +++ b/encryption_test.go @@ -0,0 +1,151 @@ +package kate + +import ( + "bytes" + "crypto/rand" + "fmt" + "testing" + "testing/quick" +) + +func TestEncryptDecryptRoundtrip(t *testing.T) { + property := func(data []byte) bool { + var key [naclKeyLen]byte + if _, err := rand.Read(key[:]); err != nil { + return false + } + + encryption := encryption{Key: key} + token := encryption.Encrypt(data) + decryptedData, success := encryption.Decrypt(token) + + if !bytes.Equal(decryptedData, data) { + fmt.Printf("expected %v, got %v\n", data, decryptedData) + } + return success && bytes.Equal(decryptedData, data) + } + + if err := quick.Check(property, nil); err != nil { + t.Errorf("Encrypt/Decrypt roundtrip property failed: %v", err) + } +} + +func TestEncryptionFromHexKey(t *testing.T) { + tests := []struct { + name string + key string + wantErr bool + }{ + { + name: "valid hex key", + key: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", + wantErr: false, + }, + { + name: "key too short", + key: "0123456789abcdef", + wantErr: true, + }, + { + name: "key too long", + key: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00", + wantErr: true, + }, + { + name: "invalid hex characters", + key: "0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdef0123456789abcdef", + wantErr: true, + }, + { + name: "empty key", + key: "", + wantErr: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if _, err := encryptionFromHexKey(tt.key); (err != nil) != tt.wantErr { + t.Errorf("encryptionFromHexKey() error = %v, wantErr %v", err, tt.wantErr) + } + }) + } +} + +func TestDecryptInvalidTokens(t *testing.T) { + var key [naclKeyLen]byte + if _, err := rand.Read(key[:]); err != nil { + t.Fatal(err) + } + enc := encryption{Key: key} + + tests := []struct { + name string + token string + }{ + { + name: "invalid hex token", + token: "invalid_hex_string", + }, + { + name: "token with wrong MAC", + token: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + data, ok := enc.Decrypt(tt.token) + if ok { + t.Errorf("Decrypt() should have failed for %s, but returned data: %v", tt.name, data) + } + }) + } +} + +func TestEncryptEmptyData(t *testing.T) { + var key [naclKeyLen]byte + if _, err := rand.Read(key[:]); err != nil { + t.Fatal(err) + } + enc := encryption{Key: key} + + token := enc.Encrypt([]byte{}) + if token == "" { + t.Error("Encrypt() should return non-empty token even for empty data") + } + + data, ok := enc.Decrypt(token) + if !ok { + t.Error("Decrypt() should succeed for encrypted empty data") + } + if len(data) != 0 { + t.Errorf("Decrypt() should return empty data, got %v", data) + } +} + +func TestEncryptLargeData(t *testing.T) { + var key [naclKeyLen]byte + if _, err := rand.Read(key[:]); err != nil { + t.Fatal(err) + } + enc := encryption{Key: key} + + largeData := make([]byte, 10000) + if _, err := rand.Read(largeData); err != nil { + t.Fatal(err) + } + + token := enc.Encrypt(largeData) + if token == "" { + t.Error("Encrypt() should return non-empty token for large data") + } + + decryptedData, ok := enc.Decrypt(token) + if !ok { + t.Error("Decrypt() should succeed for encrypted large data") + } + if !bytes.Equal(decryptedData, largeData) { + t.Error("Decrypt() should return original large data") + } +} -- cgit v1.2.3