Add configurable vault security settings
This commit is contained in:
@@ -0,0 +1,50 @@
|
||||
package vault
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"slices"
|
||||
"testing"
|
||||
|
||||
"github.com/tobischo/gokeepasslib/v3"
|
||||
)
|
||||
|
||||
func TestNewSecurityConfigCreatesRequestedCipherAndKDF(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
config, err := NewSecurityConfig(SecuritySettings{Cipher: CipherAES256, KDF: KDFAES})
|
||||
if err != nil {
|
||||
t.Fatalf("NewSecurityConfig() error = %v", err)
|
||||
}
|
||||
if !slices.Equal(config.Header.FileHeaders.CipherID, gokeepasslib.CipherAES) {
|
||||
t.Fatalf("CipherID = %x, want %x", config.Header.FileHeaders.CipherID, gokeepasslib.CipherAES)
|
||||
}
|
||||
if !slices.Equal(config.Header.FileHeaders.KdfParameters.UUID, gokeepasslib.KdfAES4) {
|
||||
t.Fatalf("KDF UUID = %x, want %x", config.Header.FileHeaders.KdfParameters.UUID, gokeepasslib.KdfAES4)
|
||||
}
|
||||
}
|
||||
|
||||
func TestApplySecuritySettingsPreservesRequestedChoicesAcrossSave(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
config, err := NewSecurityConfig(SecuritySettings{Cipher: CipherChaCha20, KDF: KDFArgon2})
|
||||
if err != nil {
|
||||
t.Fatalf("NewSecurityConfig() error = %v", err)
|
||||
}
|
||||
config, err = ApplySecuritySettings(config, SecuritySettings{Cipher: CipherAES256, KDF: KDFAES})
|
||||
if err != nil {
|
||||
t.Fatalf("ApplySecuritySettings() error = %v", err)
|
||||
}
|
||||
|
||||
var encoded bytes.Buffer
|
||||
if err := SaveKDBXWithConfigAndKey(&encoded, Model{}, MasterKey{Password: "correct horse battery staple"}, config); err != nil {
|
||||
t.Fatalf("SaveKDBXWithConfigAndKey() error = %v", err)
|
||||
}
|
||||
_, reloadedConfig, err := LoadKDBXWithConfig(bytes.NewReader(encoded.Bytes()), MasterKey{Password: "correct horse battery staple"})
|
||||
if err != nil {
|
||||
t.Fatalf("LoadKDBXWithConfig() error = %v", err)
|
||||
}
|
||||
got := DetectSecuritySettings(reloadedConfig)
|
||||
if got.Cipher != CipherAES256 || got.KDF != KDFAES {
|
||||
t.Fatalf("DetectSecuritySettings() = %#v, want aes256/aes-kdf", got)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user