add token framing, crypto and errors

crypto_test.go

@@ -0,0 +1,155 @@
+package ficha
+
+import (
+	"bytes"
+	"crypto/rand"
+	"errors"
+	"testing"
+)
+
+func testKey(t *testing.T) []byte {
+	t.Helper()
+	k := make([]byte, keySize)
+	if _, err := rand.Read(k); err != nil {
+		t.Fatalf("generate key: %v", err)
+	}
+	return k
+}
+
+func TestEncryptDecryptRoundtrip(t *testing.T) {
+	key := testKey(t)
+	plaintext := []byte("hello, ficha")
+	aad := []byte("v1.k1")
+
+	nonce, ciphertext, err := encrypt(key, plaintext, aad)
+	if err != nil {
+		t.Fatalf("encrypt: %v", err)
+	}
+
+	if len(nonce) != nonceSize {
+		t.Errorf("nonce size: got %d, want %d", len(nonce), nonceSize)
+	}
+	if len(ciphertext) != len(plaintext)+16 {
+		t.Errorf("ciphertext size: got %d, want %d", len(ciphertext), len(plaintext)+16)
+	}
+
+	got, err := decrypt(key, nonce, ciphertext, aad)
+	if err != nil {
+		t.Fatalf("decrypt: %v", err)
+	}
+	if !bytes.Equal(got, plaintext) {
+		t.Errorf("got %q, want %q", got, plaintext)
+	}
+}
+
+func TestEncryptDecryptEmptyPlaintext(t *testing.T) {
+	key := testKey(t)
+	nonce, ciphertext, err := encrypt(key, []byte{}, []byte("aad"))
+	if err != nil {
+		t.Fatalf("encrypt: %v", err)
+	}
+	got, err := decrypt(key, nonce, ciphertext, []byte("aad"))
+	if err != nil {
+		t.Fatalf("decrypt: %v", err)
+	}
+	if len(got) != 0 {
+		t.Errorf("expected empty plaintext, got %q", got)
+	}
+}
+
+func TestDecryptWrongKey(t *testing.T) {
+	key1 := testKey(t)
+	key2 := testKey(t)
+
+	nonce, ciphertext, err := encrypt(key1, []byte("secret"), []byte("v1.k1"))
+	if err != nil {
+		t.Fatalf("encrypt: %v", err)
+	}
+
+	if _, err := decrypt(key2, nonce, ciphertext, []byte("v1.k1")); !errors.Is(err, ErrInvalidToken) {
+		t.Errorf("expected ErrInvalidToken, got %v", err)
+	}
+}
+
+func TestDecryptTamperedCiphertext(t *testing.T) {
+	key := testKey(t)
+	nonce, ciphertext, err := encrypt(key, []byte("don't tamper"), []byte("v1.k1"))
+	if err != nil {
+		t.Fatalf("encrypt: %v", err)
+	}
+
+	tampered := append([]byte(nil), ciphertext...)
+	tampered[len(tampered)/2] ^= 0x01
+
+	if _, err := decrypt(key, nonce, tampered, []byte("v1.k1")); !errors.Is(err, ErrInvalidToken) {
+		t.Errorf("expected ErrInvalidToken, got %v", err)
+	}
+}
+
+func TestDecryptTamperedNonce(t *testing.T) {
+	key := testKey(t)
+	nonce, ciphertext, err := encrypt(key, []byte("nonce matters"), []byte("v1.k1"))
+	if err != nil {
+		t.Fatalf("encrypt: %v", err)
+	}
+
+	tampered := append([]byte(nil), nonce...)
+	tampered[0] ^= 0x01
+
+	if _, err := decrypt(key, tampered, ciphertext, []byte("v1.k1")); !errors.Is(err, ErrInvalidToken) {
+		t.Errorf("expected ErrInvalidToken, got %v", err)
+	}
+}
+
+func TestDecryptTamperedAAD(t *testing.T) {
+	key := testKey(t)
+	nonce, ciphertext, err := encrypt(key, []byte("aad authenticated"), []byte("v1.k1"))
+	if err != nil {
+		t.Fatalf("encrypt: %v", err)
+	}
+
+	if _, err := decrypt(key, nonce, ciphertext, []byte("v1.k2")); !errors.Is(err, ErrInvalidToken) {
+		t.Errorf("expected ErrInvalidToken, got %v", err)
+	}
+}
+
+func TestDecryptInvalidSizes(t *testing.T) {
+	tests := []struct {
+		name     string
+		keyLen   int
+		nonceLen int
+	}{
+		{"key too short", 16, nonceSize},
+		{"key too long", 64, nonceSize},
+		{"nonce too short", keySize, 12},
+		{"nonce too long", keySize, 32},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			key := make([]byte, tc.keyLen)
+			nonce := make([]byte, tc.nonceLen)
+			ct := make([]byte, 32)
+			if _, err := decrypt(key, nonce, ct, nil); err == nil {
+				t.Error("expected error, got nil")
+			}
+		})
+	}
+}
+
+func TestEncryptProducesUniqueNonces(t *testing.T) {
+	key := testKey(t)
+	const N = 1000
+	seen := make(map[string]bool, N)
+
+	for i := 0; i < N; i++ {
+		nonce, _, err := encrypt(key, []byte("same message"), []byte("v1.k1"))
+		if err != nil {
+			t.Fatalf("iter %d: %v", i, err)
+		}
+		if seen[string(nonce)] {
+			t.Fatalf("duplicate nonce after %d iterations", i)
+		}
+		seen[string(nonce)] = true
+	}
+}