55 lines
1.5 KiB
Go
55 lines
1.5 KiB
Go
package crypto
|
||
|
||
import (
|
||
"bytes"
|
||
"testing"
|
||
)
|
||
|
||
func TestDefaultAES(t *testing.T) {
|
||
// 1. 测试初始默认值
|
||
var confAES *Symmetric
|
||
OnSetDefaultAES(func(aes *Symmetric) {
|
||
confAES = aes
|
||
})
|
||
|
||
if confAES == nil {
|
||
t.Fatal("confAES should be initialized by OnSetDefaultAES")
|
||
}
|
||
|
||
// 2. 测试 SetDefaultAES 触发更新与锁定
|
||
rawKey := []byte("12345678901234567890123456789012")
|
||
newKey := bytes.Clone(rawKey)
|
||
newIv := []byte("123456789012")
|
||
SetDefaultAES(newKey, newIv)
|
||
|
||
// 验证密钥已被擦除 (ZeroMemory 会用随机 junk 覆盖,所以检查是否不再等于原始值)
|
||
if bytes.Equal(newKey, rawKey) {
|
||
t.Error("newKey should be overwritten after SetDefaultAES")
|
||
}
|
||
|
||
// 此时 confAES 应该已经被回调更新了
|
||
data := []byte("hello world")
|
||
encrypted, err := confAES.EncryptAndErase(bytes.Clone(data))
|
||
if err != nil {
|
||
t.Fatalf("Encrypt failed: %v", err)
|
||
}
|
||
|
||
// 3. 测试安全性:SetDefaultAES 之后不再允许 OnSetDefaultAES
|
||
var blockedAES *Symmetric
|
||
OnSetDefaultAES(func(aes *Symmetric) {
|
||
blockedAES = aes
|
||
})
|
||
if blockedAES != nil {
|
||
t.Error("OnSetDefaultAES should be blocked after SetDefaultAES (auto-lock)")
|
||
}
|
||
|
||
// 4. 测试 SetDefaultAES 仅允许一次
|
||
anotherKey := []byte("another key 32 bytes long.......")
|
||
SetDefaultAES(anotherKey, newIv)
|
||
// 验证密钥没有改变(通过解密验证)
|
||
_, err = confAES.DecryptBytes(encrypted)
|
||
if err != nil {
|
||
t.Errorf("Decryption should still work with the first injected key: %v", err)
|
||
}
|
||
}
|