From f230aeb342708139619d5115160e2c7f425d3b07 Mon Sep 17 00:00:00 2001 From: moonD4rk Date: Mon, 1 Jun 2026 23:01:22 +0800 Subject: [PATCH] test: fix v10 Windows test to use 32B AES-256-GCM key MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit decryptValue routes v10 by key length (32B→GCM, 16B→CBC); the test's 16B key landed on the CBC path against GCM ciphertext. Real Windows v10 keys are always 32B. --- browser/chromium/decrypt_windows_test.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/browser/chromium/decrypt_windows_test.go b/browser/chromium/decrypt_windows_test.go index f2a4d5f..8002138 100644 --- a/browser/chromium/decrypt_windows_test.go +++ b/browser/chromium/decrypt_windows_test.go @@ -54,17 +54,19 @@ func encryptWithDPAPI(plaintext []byte) ([]byte, error) { } func TestDecryptValue_V10_Windows(t *testing.T) { - // Windows uses AES-GCM for v10 (not AES-CBC like macOS/Linux) + // Windows v10 is AES-256-GCM, so the master key is 32 bytes; decryptValue routes v10 by key + // length (32B→GCM). testAESKey is 16B, so this uses an explicit 32B key. + key32 := []byte("0123456789abcdef0123456789abcdef") // 32 bytes plaintext := []byte("test_secret_value") nonce := []byte("123456789012") // 12-byte nonce - gcmEncrypted, err := crypto.AESGCMEncrypt(testAESKey, nonce, plaintext) + gcmEncrypted, err := crypto.AESGCMEncrypt(key32, nonce, plaintext) require.NoError(t, err) // v10 format on Windows: "v10" + nonce(12) + encrypted ciphertext := append([]byte("v10"), append(nonce, gcmEncrypted...)...) - got, err := decryptValue(masterkey.MasterKeys{V10: testAESKey}, ciphertext) + got, err := decryptValue(masterkey.MasterKeys{V10: key32}, ciphertext) require.NoError(t, err) assert.Equal(t, plaintext, got) }