steve/restic-manager
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases 1 Wiki Activity
Files
8062db1f2fbd9310051fbdf259928d445db52fe2
restic-manager/internal/crypto/aead_test.go
T
steve f55747a281 phase 1 foundations: api types, store, crypto, auth 
Lands the bottom three layers of Phase 1:

P1-08 internal/api: protocol_version + envelope + every WS message
  shape from spec.md §6.2 (Hello, Heartbeat, Job*, Schedule*, etc).
  Wire-format tests pin the JSON shape so a rename here breaks
  tests instead of silently breaking the agent.

P1-02 + P1-03 internal/store: SQLite via modernc.org/sqlite,
  embed.FS + a tiny version table for hand-rolled migrations.
  0001_initial.sql covers every table from spec.md §5 plus
  enrollment_tokens and host_schedule_version. Typed accessors
  for users / sessions / enrollment / audit. WAL + foreign_keys
  + busy_timeout on by default.

P1-06 internal/crypto: XChaCha20-Poly1305 AEAD wrapper with
  per-message random nonce. Key file lifecycle (generate +
  refuse-to-overwrite, load with size validation). Optional
  additionalData binds ciphertext to the row that owns it.

P1-04 internal/auth (partial — passwords + tokens; sessions
  middleware lands with the HTTP handlers): argon2id following
  RFC 9106 (64 MiB / t=3 / p=4 / 32B), constant-time verify.
  HashToken stores SHA-256 of session/agent/enrollment tokens
  so a stolen DB doesn't hand over credentials.

Build floor moves to Go 1.25 (modernc.org/sqlite v1.50+ requires
it); CI + Dockerfile + README updated. Markdown lint diagnostics
on tasks.md cleared.

All packages tested. ~70 new tests pass in <1s.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 00:24:40 +01:00

111 lines
2.5 KiB
Go
Raw Blame History

package crypto
import (
"bytes"
"crypto/rand"
"path/filepath"
"testing"
)
func TestRoundTrip(t *testing.T) {
t.Parallel()
key := make([]byte, KeyLen)
if _, err := rand.Read(key); err != nil {
t.Fatalf("rand: %v", err)
}
a, err := NewAEAD(key)
if err != nil {
t.Fatalf("new: %v", err)
}
plaintext := []byte("super-secret-restic-password")
ad := []byte("repos/01HJ8K7/password")
ct, err := a.Encrypt(plaintext, ad)
if err != nil {
t.Fatalf("encrypt: %v", err)
}
if ct == "" {
t.Fatal("ciphertext empty")
}
pt, err := a.Decrypt(ct, ad)
if err != nil {
t.Fatalf("decrypt: %v", err)
}
if !bytes.Equal(pt, plaintext) {
t.Errorf("round-trip mismatch: got %q want %q", pt, plaintext)
}
}
func TestADMismatchFails(t *testing.T) {
t.Parallel()
key := make([]byte, KeyLen)
_, _ = rand.Read(key)
a, _ := NewAEAD(key)
ct, _ := a.Encrypt([]byte("secret"), []byte("context-A"))
if _, err := a.Decrypt(ct, []byte("context-B")); err == nil {
t.Fatal("expected AD-mismatch failure, got nil")
}
}
func TestNonceUniqueness(t *testing.T) {
t.Parallel()
key := make([]byte, KeyLen)
_, _ = rand.Read(key)
a, _ := NewAEAD(key)
// Same plaintext + AD must produce different ciphertexts because
// we use a random nonce per call. If this ever fails the AEAD is
// broken or someone made the nonce deterministic.
ct1, _ := a.Encrypt([]byte("x"), nil)
ct2, _ := a.Encrypt([]byte("x"), nil)
if ct1 == ct2 {
t.Fatal("two encryptions produced identical ciphertext — nonce reuse")
}
}
func TestKeyFileLifecycle(t *testing.T) {
t.Parallel()
dir := t.TempDir()
path := filepath.Join(dir, "secret.key")
if err := GenerateKeyFile(path); err != nil {
t.Fatalf("generate: %v", err)
}
// Refusal-to-overwrite is the safety property — a re-run of the
// server must not silently swap the key.
if err := GenerateKeyFile(path); err == nil {
t.Fatal("expected refusal to overwrite, got nil")
}
key, err := LoadKeyFromFile(path)
if err != nil {
t.Fatalf("load: %v", err)
}
if len(key) != KeyLen {
t.Errorf("key length: got %d want %d", len(key), KeyLen)
}
}
func TestRejectShortKey(t *testing.T) {
t.Parallel()
if _, err := NewAEAD(make([]byte, KeyLen-1)); err == nil {
t.Fatal("expected short-key rejection, got nil")
}
}
func TestRejectShortCiphertext(t *testing.T) {
t.Parallel()
key := make([]byte, KeyLen)
_, _ = rand.Read(key)
a, _ := NewAEAD(key)
if _, err := a.Decrypt("AAAA", nil); err == nil {
t.Fatal("expected short-ciphertext rejection, got nil")
}
}
Reference in New Issue View Git Blame Copy Permalink