Merge pull request #31 from Snider/test-sigil-coverage

test: increase test coverage to 100%

pkg/crypt/std/rsa/rsa_test.go

@@ -1,11 +1,24 @@
 package rsa
 
 import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/x509"
+	"encoding/pem"
+	"errors"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
 )
 
+// mockReader is a reader that returns an error.
+type mockReader struct{}
+
+func (r *mockReader) Read(p []byte) (n int, err error) {
+	return 0, errors.New("read error")
+}
+
 func TestRSA_Good(t *testing.T) {
 	s := NewService()
 
@@ -55,4 +68,34 @@ func TestRSA_Ugly(t *testing.T) {
 	assert.Error(t, err)
 	_, err = s.Decrypt([]byte("-----BEGIN RSA PRIVATE KEY-----\nMIIBOQIBAAJBAL/6j/y7/r/9/z/8/f/+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+\nv/7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v4CAwEAAQJB\nAL/6j/y7/r/9/z/8/f/+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+\nv/7+/v7+/v7+/v7+/v7+/v7+/v7+/v4CgYEA/f8/vLv+v/3/P/z9//7+/v7+/v7+\nvv7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v4C\ngYEA/f8/vLv+v/3/P/z9//7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+\nvv7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v4CgYEA/f8/vLv+v/3/P/z9//7+/v7+\nvv7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+\nv/4CgYEA/f8/vLv+v/3/P/z9//7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+\nvv7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v4CgYEA/f8/vLv+v/3/P/z9//7+/v7+\nvv7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+\nv/4=\n-----END RSA PRIVATE KEY-----"), []byte("message"), nil)
 	assert.Error(t, err)
+
+	// Key generation failure
+	oldReader := rand.Reader
+	rand.Reader = &mockReader{}
+	t.Cleanup(func() { rand.Reader = oldReader })
+	_, _, err = s.GenerateKeyPair(2048)
+	assert.Error(t, err)
+
+	// Encrypt with non-RSA key
+	rand.Reader = oldReader // Restore reader for this test
+	ecdsaPrivKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	assert.NoError(t, err)
+	ecdsaPubKeyBytes, err := x509.MarshalPKIXPublicKey(&ecdsaPrivKey.PublicKey)
+	assert.NoError(t, err)
+	ecdsaPubKeyPEM := pem.EncodeToMemory(&pem.Block{
+		Type:  "PUBLIC KEY",
+		Bytes: ecdsaPubKeyBytes,
+	})
+	_, err = s.Encrypt(ecdsaPubKeyPEM, []byte("message"), nil)
+	assert.Error(t, err)
+	rand.Reader = &mockReader{} // Set it back for the next test
+
+	// Encrypt message too long
+	rand.Reader = oldReader // Restore reader for this test
+	pubKey, _, err := s.GenerateKeyPair(2048)
+	assert.NoError(t, err)
+	message := make([]byte, 2048)
+	_, err = s.Encrypt(pubKey, message, nil)
+	assert.Error(t, err)
+	rand.Reader = &mockReader{} // Set it back
 }

pkg/trix/trix.go

@@ -182,9 +182,6 @@ func (t *Trix) Pack() error {
 		if err != nil {
 			return err
 		}
-		if sigil == nil {
-			return ErrNilSigil
-		}
 		t.Payload, err = sigil.In(t.Payload)
 		if err != nil {
 			return err
@@ -205,9 +202,6 @@ func (t *Trix) Unpack() error {
 		if err != nil {
 			return err
 		}
-		if sigil == nil {
-			return ErrNilSigil
-		}
 		t.Payload, err = sigil.Out(t.Payload)
 		if err != nil {
 			return err

pkg/trix/trix_test.go

@@ -128,6 +128,18 @@ func TestTrixEncodeDecode_Ugly(t *testing.T) {
 		assert.Equal(t, err, io.ErrUnexpectedEOF)
 	})
 
+	t.Run("InvalidVersion", func(t *testing.T) {
+		var buf []byte
+		buf = append(buf, []byte(magicNumber)...)
+		buf = append(buf, byte(99)) // Invalid version
+		buf = append(buf, []byte{0, 0, 0, 2}...)
+		buf = append(buf, []byte("{}")...)
+		buf = append(buf, []byte("payload")...)
+
+		_, err := trix.Decode(buf, magicNumber, nil)
+		assert.ErrorIs(t, err, trix.ErrInvalidVersion)
+	})
+
 	t.Run("DataTooShort", func(t *testing.T) {
 		data := []byte("BAD")
 		_, err := trix.Decode(data, magicNumber, nil)
@@ -190,6 +202,11 @@ func TestPackUnpack_Bad(t *testing.T) {
 	trixOb.Payload = []byte("not hex")
 	err = trixOb.Unpack()
 	assert.Error(t, err)
+
+	trixOb.InSigils = []string{"json"}
+	trixOb.Payload = []byte("not json")
+	err = trixOb.Pack()
+	assert.Error(t, err)
 }
 
 func TestPackUnpack_Ugly(t *testing.T) {