UUXO/dbbackup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 31 Wiki Activity
Files
f29e6fe102c1418ee838edde5922ba8de425a0e5
dbbackup/internal/encryption/encryption_test.go
A. Renz 914307ac8f ci: add golangci-lint config and fix formatting 
- Add .golangci.yml with minimal linters (govet, ineffassign)
- Run gofmt -s and goimports on all files to fix formatting
- Disable fieldalignment and copylocks checks in govet
2025-12-11 17:53:28 +01:00

235 lines
5.6 KiB
Go
Raw Blame History

package encryption
import (
"bytes"
"io"
"testing"
)
func TestEncryptDecrypt(t *testing.T) {
// Test data
original := []byte("This is a secret database backup that needs encryption! 🔒")
// Test with passphrase
t.Run("Passphrase", func(t *testing.T) {
var encrypted bytes.Buffer
// Encrypt
writer, err := NewEncryptionWriter(&encrypted, EncryptionOptions{
Passphrase: "super-secret-password",
})
if err != nil {
t.Fatalf("Failed to create encryption writer: %v", err)
}
if _, err := writer.Write(original); err != nil {
t.Fatalf("Failed to write data: %v", err)
}
if err := writer.Close(); err != nil {
t.Fatalf("Failed to close writer: %v", err)
}
t.Logf("Original size: %d bytes", len(original))
t.Logf("Encrypted size: %d bytes", encrypted.Len())
// Verify encrypted data is different from original
if bytes.Contains(encrypted.Bytes(), original) {
t.Error("Encrypted data contains plaintext - encryption failed!")
}
// Decrypt
reader, err := NewDecryptionReader(&encrypted, EncryptionOptions{
Passphrase: "super-secret-password",
})
if err != nil {
t.Fatalf("Failed to create decryption reader: %v", err)
}
decrypted, err := io.ReadAll(reader)
if err != nil {
t.Fatalf("Failed to read decrypted data: %v", err)
}
// Verify decrypted matches original
if !bytes.Equal(decrypted, original) {
t.Errorf("Decrypted data doesn't match original\nOriginal: %s\nDecrypted: %s",
string(original), string(decrypted))
}
t.Log("✅ Encryption/decryption successful")
})
// Test with direct key
t.Run("DirectKey", func(t *testing.T) {
key, err := GenerateKey()
if err != nil {
t.Fatalf("Failed to generate key: %v", err)
}
var encrypted bytes.Buffer
// Encrypt
writer, err := NewEncryptionWriter(&encrypted, EncryptionOptions{
Key: key,
})
if err != nil {
t.Fatalf("Failed to create encryption writer: %v", err)
}
if _, err := writer.Write(original); err != nil {
t.Fatalf("Failed to write data: %v", err)
}
if err := writer.Close(); err != nil {
t.Fatalf("Failed to close writer: %v", err)
}
// Decrypt
reader, err := NewDecryptionReader(&encrypted, EncryptionOptions{
Key: key,
})
if err != nil {
t.Fatalf("Failed to create decryption reader: %v", err)
}
decrypted, err := io.ReadAll(reader)
if err != nil {
t.Fatalf("Failed to read decrypted data: %v", err)
}
if !bytes.Equal(decrypted, original) {
t.Errorf("Decrypted data doesn't match original")
}
t.Log("✅ Direct key encryption/decryption successful")
})
// Test wrong password
t.Run("WrongPassword", func(t *testing.T) {
var encrypted bytes.Buffer
// Encrypt
writer, err := NewEncryptionWriter(&encrypted, EncryptionOptions{
Passphrase: "correct-password",
})
if err != nil {
t.Fatalf("Failed to create encryption writer: %v", err)
}
writer.Write(original)
writer.Close()
// Try to decrypt with wrong password
reader, err := NewDecryptionReader(&encrypted, EncryptionOptions{
Passphrase: "wrong-password",
})
if err != nil {
t.Fatalf("Failed to create decryption reader: %v", err)
}
_, err = io.ReadAll(reader)
if err == nil {
t.Error("Expected decryption to fail with wrong password, but it succeeded")
}
t.Logf("✅ Wrong password correctly rejected: %v", err)
})
}
func TestLargeData(t *testing.T) {
// Test with large data (1MB) to test chunking
original := make([]byte, 1024*1024)
for i := range original {
original[i] = byte(i % 256)
}
var encrypted bytes.Buffer
// Encrypt
writer, err := NewEncryptionWriter(&encrypted, EncryptionOptions{
Passphrase: "test-password",
})
if err != nil {
t.Fatalf("Failed to create encryption writer: %v", err)
}
if _, err := writer.Write(original); err != nil {
t.Fatalf("Failed to write data: %v", err)
}
if err := writer.Close(); err != nil {
t.Fatalf("Failed to close writer: %v", err)
}
t.Logf("Original size: %d bytes", len(original))
t.Logf("Encrypted size: %d bytes", encrypted.Len())
t.Logf("Overhead: %.2f%%", float64(encrypted.Len()-len(original))/float64(len(original))*100)
// Decrypt
reader, err := NewDecryptionReader(&encrypted, EncryptionOptions{
Passphrase: "test-password",
})
if err != nil {
t.Fatalf("Failed to create decryption reader: %v", err)
}
decrypted, err := io.ReadAll(reader)
if err != nil {
t.Fatalf("Failed to read decrypted data: %v", err)
}
if !bytes.Equal(decrypted, original) {
t.Errorf("Large data decryption failed")
}
t.Log("✅ Large data encryption/decryption successful")
}
func TestKeyGeneration(t *testing.T) {
// Test key generation
key1, err := GenerateKey()
if err != nil {
t.Fatalf("Failed to generate key: %v", err)
}
if len(key1) != KeySize {
t.Errorf("Key size mismatch: expected %d, got %d", KeySize, len(key1))
}
// Generate another key and verify it's different
key2, err := GenerateKey()
if err != nil {
t.Fatalf("Failed to generate second key: %v", err)
}
if bytes.Equal(key1, key2) {
t.Error("Generated keys are identical - randomness broken!")
}
t.Log("✅ Key generation successful")
}
func TestKeyDerivation(t *testing.T) {
passphrase := "my-secret-passphrase"
salt1, _ := GenerateSalt()
// Derive key twice with same salt - should be identical
key1 := DeriveKey(passphrase, salt1)
key2 := DeriveKey(passphrase, salt1)
if !bytes.Equal(key1, key2) {
t.Error("Key derivation not deterministic")
}
// Derive with different salt - should be different
salt2, _ := GenerateSalt()
key3 := DeriveKey(passphrase, salt2)
if bytes.Equal(key1, key3) {
t.Error("Different salts produced same key")
}
t.Log("✅ Key derivation successful")
}
Reference in New Issue View Git Blame Copy Permalink