refactor: naming cleanup and crypto package improvements (#551)

* refactor: naming cleanup across all packages
This commit is contained in:
Roger
2026-04-05 16:51:56 +08:00
committed by GitHub
parent 4af2ded428
commit 410bffe643
49 changed files with 716 additions and 510 deletions
+118 -4
View File
@@ -27,16 +27,16 @@ var (
aesGCMCiphertext = "6c49dac89992639713edab3a114c450968a08b53556872cea3919e2e9a"
)
func TestAES128CBCEncrypt(t *testing.T) {
encrypted, err := AES128CBCEncrypt(aesKey, aesIV, plainText)
func TestAESCBCEncrypt(t *testing.T) {
encrypted, err := AESCBCEncrypt(aesKey, aesIV, plainText)
require.NoError(t, err)
assert.NotEmpty(t, encrypted)
assert.Equal(t, aes128Ciphertext, fmt.Sprintf("%x", encrypted))
}
func TestAES128CBCDecrypt(t *testing.T) {
func TestAESCBCDecrypt(t *testing.T) {
ciphertext, _ := hex.DecodeString(aes128Ciphertext)
decrypted, err := AES128CBCDecrypt(aesKey, aesIV, ciphertext)
decrypted, err := AESCBCDecrypt(aesKey, aesIV, ciphertext)
require.NoError(t, err)
assert.NotEmpty(t, decrypted)
assert.Equal(t, plainText, decrypted)
@@ -71,3 +71,117 @@ func TestAESGCMDecrypt(t *testing.T) {
assert.NotEmpty(t, decrypted)
assert.Equal(t, plainText, decrypted)
}
// --- Bug-fix verification tests ---
// These tests verify the fixes for known issues in the crypto primitives.
// Tests marked with t.Skip document bugs that exist before the fix.
func TestPkcs5Padding_NoMutation(t *testing.T) {
// pkcs5Padding should not mutate the original slice's backing array.
src := make([]byte, 3, 32) // len=3, cap=32 — append won't allocate
copy(src, "abc")
backup := make([]byte, cap(src))
copy(backup, src[:cap(src)])
padded := pkcs5Padding(src, 16)
assert.Len(t, padded, 16)
assert.Equal(t, []byte("abc"), src) // original length unchanged
// The bytes beyond len(src) in the original backing array must not be touched.
current := make([]byte, cap(src))
copy(current, src[:cap(src)])
assert.Equal(t, backup, current, "pkcs5Padding mutated the original slice backing array")
}
func TestPaddingZero_NoMutation(t *testing.T) {
src := make([]byte, 3, 32)
copy(src, "abc")
backup := make([]byte, cap(src))
copy(backup, src[:cap(src)])
padded := paddingZero(src, 20)
assert.Len(t, padded, 20)
current := make([]byte, cap(src))
copy(current, src[:cap(src)])
assert.Equal(t, backup, current, "paddingZero mutated the original slice backing array")
}
func TestAESCBCDecrypt_WrongIVLength(t *testing.T) {
key := bytes.Repeat([]byte("k"), 16)
wrongIV := []byte("short")
ct := make([]byte, 16)
_, err := AESCBCDecrypt(key, wrongIV, ct)
require.Error(t, err, "wrong IV length should return error, not panic")
assert.ErrorIs(t, err, errInvalidIVLength)
}
func TestAESCBCEncrypt_WrongIVLength(t *testing.T) {
key := bytes.Repeat([]byte("k"), 16)
wrongIV := []byte("short")
_, err := AESCBCEncrypt(key, wrongIV, plainText)
require.Error(t, err)
assert.ErrorIs(t, err, errInvalidIVLength)
}
func TestDES3Decrypt_WrongIVLength(t *testing.T) {
key := bytes.Repeat([]byte("k"), 24)
wrongIV := []byte("ab") // DES needs 8-byte IV
ct := make([]byte, 8)
_, err := DES3Decrypt(key, wrongIV, ct)
require.Error(t, err, "wrong IV length should return error, not panic")
assert.ErrorIs(t, err, errInvalidIVLength)
}
func TestDES3Encrypt_WrongIVLength(t *testing.T) {
key := bytes.Repeat([]byte("k"), 24)
wrongIV := []byte("ab")
_, err := DES3Encrypt(key, wrongIV, plainText)
require.Error(t, err, "wrong IV length should return error, not panic")
assert.ErrorIs(t, err, errInvalidIVLength)
}
func TestAESCBCDecrypt_EmptyCiphertext(t *testing.T) {
key := bytes.Repeat([]byte("k"), 16)
iv := bytes.Repeat([]byte("i"), 16)
_, err := AESCBCDecrypt(key, iv, nil)
require.Error(t, err)
_, err = AESCBCDecrypt(key, iv, []byte{})
require.Error(t, err)
}
func TestAESGCMEncrypt_WrongNonceLength(t *testing.T) {
key := bytes.Repeat([]byte("k"), 16)
wrongNonce := []byte("short")
_, err := AESGCMEncrypt(key, wrongNonce, plainText)
require.Error(t, err, "wrong nonce length should return error, not panic")
assert.ErrorIs(t, err, errInvalidNonceLen)
}
func TestAESGCMDecrypt_WrongNonceLength(t *testing.T) {
key := bytes.Repeat([]byte("k"), 16)
wrongNonce := []byte("short")
ct := make([]byte, 32)
_, err := AESGCMDecrypt(key, wrongNonce, ct)
require.Error(t, err, "wrong nonce length should return error, not panic")
assert.ErrorIs(t, err, errInvalidNonceLen)
}
func TestDES3Decrypt_EmptyCiphertext(t *testing.T) {
key := bytes.Repeat([]byte("k"), 24)
iv := bytes.Repeat([]byte("i"), 8)
_, err := DES3Decrypt(key, iv, nil)
require.Error(t, err)
_, err = DES3Decrypt(key, iv, []byte{})
require.Error(t, err)
}