package vault import ( "bytes" "slices" "testing" "github.com/tobischo/gokeepasslib/v3" ) func TestNewSecurityConfigCreatesRequestedCipherAndKDF(t *testing.T) { t.Parallel() config, err := NewSecurityConfig(SecuritySettings{Cipher: CipherAES256, KDF: KDFAES}) if err != nil { t.Fatalf("NewSecurityConfig() error = %v", err) } if !slices.Equal(config.Header.FileHeaders.CipherID, gokeepasslib.CipherAES) { t.Fatalf("CipherID = %x, want %x", config.Header.FileHeaders.CipherID, gokeepasslib.CipherAES) } if !slices.Equal(config.Header.FileHeaders.KdfParameters.UUID, gokeepasslib.KdfAES4) { t.Fatalf("KDF UUID = %x, want %x", config.Header.FileHeaders.KdfParameters.UUID, gokeepasslib.KdfAES4) } } func TestApplySecuritySettingsPreservesRequestedChoicesAcrossSave(t *testing.T) { t.Parallel() config, err := NewSecurityConfig(SecuritySettings{Cipher: CipherChaCha20, KDF: KDFArgon2}) if err != nil { t.Fatalf("NewSecurityConfig() error = %v", err) } config, err = ApplySecuritySettings(config, SecuritySettings{Cipher: CipherAES256, KDF: KDFAES}) if err != nil { t.Fatalf("ApplySecuritySettings() error = %v", err) } var encoded bytes.Buffer if err := SaveKDBXWithConfigAndKey(&encoded, Model{}, MasterKey{Password: "correct horse battery staple"}, config); err != nil { t.Fatalf("SaveKDBXWithConfigAndKey() error = %v", err) } _, reloadedConfig, err := LoadKDBXWithConfig(bytes.NewReader(encoded.Bytes()), MasterKey{Password: "correct horse battery staple"}) if err != nil { t.Fatalf("LoadKDBXWithConfig() error = %v", err) } got := DetectSecuritySettings(reloadedConfig) if got.Cipher != CipherAES256 || got.KDF != KDFAES { t.Fatalf("DetectSecuritySettings() = %#v, want aes256/aes-kdf", got) } }