package starcrypto import ( "bytes" "testing" ) func TestRootSymmetricWrappers(t *testing.T) { aesKey := []byte("0123456789abcdef") aesIV := []byte("abcdef9876543210") plain := []byte("root-wrapper-aes") aesEnc, err := EncryptAesCBC(plain, aesKey, aesIV, "") if err != nil { t.Fatalf("EncryptAesCBC failed: %v", err) } aesDec, err := DecryptAesCBC(aesEnc, aesKey, aesIV, "") if err != nil { t.Fatalf("DecryptAesCBC failed: %v", err) } if !bytes.Equal(aesDec, plain) { t.Fatalf("aes wrapper mismatch") } aesCFBEnc, err := EncryptAes(plain, aesKey, aesIV, MODECFB, "") if err != nil { t.Fatalf("EncryptAes failed: %v", err) } aesCFBDec, err := DecryptAes(aesCFBEnc, aesKey, aesIV, MODECFB, "") if err != nil { t.Fatalf("DecryptAes failed: %v", err) } if !bytes.Equal(aesCFBDec, plain) { t.Fatalf("aes generic wrapper mismatch") } aesStreamEnc := &bytes.Buffer{} if err := EncryptAesCBCStream(aesStreamEnc, bytes.NewReader(plain), aesKey, aesIV, ""); err != nil { t.Fatalf("EncryptAesCBCStream failed: %v", err) } aesStreamDec := &bytes.Buffer{} if err := DecryptAesCBCStream(aesStreamDec, bytes.NewReader(aesStreamEnc.Bytes()), aesKey, aesIV, ""); err != nil { t.Fatalf("DecryptAesCBCStream failed: %v", err) } if !bytes.Equal(aesStreamDec.Bytes(), plain) { t.Fatalf("aes stream wrapper mismatch") } sm4Enc, err := EncryptSM4CBC(plain, aesKey, aesIV, "") if err != nil { t.Fatalf("EncryptSM4CBC failed: %v", err) } sm4Dec, err := DecryptSM4CBC(sm4Enc, aesKey, aesIV, "") if err != nil { t.Fatalf("DecryptSM4CBC failed: %v", err) } if !bytes.Equal(sm4Dec, plain) { t.Fatalf("sm4 wrapper mismatch") } sm4StreamEnc := &bytes.Buffer{} if err := EncryptSM4CBCStream(sm4StreamEnc, bytes.NewReader(plain), aesKey, aesIV, ""); err != nil { t.Fatalf("EncryptSM4CBCStream failed: %v", err) } sm4StreamDec := &bytes.Buffer{} if err := DecryptSM4CBCStream(sm4StreamDec, bytes.NewReader(sm4StreamEnc.Bytes()), aesKey, aesIV, ""); err != nil { t.Fatalf("DecryptSM4CBCStream failed: %v", err) } if !bytes.Equal(sm4StreamDec.Bytes(), plain) { t.Fatalf("sm4 stream wrapper mismatch") } desKey := []byte("12345678") desIV := []byte("abcdefgh") desEnc, err := EncryptDESCBC(plain, desKey, desIV, "") if err != nil { t.Fatalf("EncryptDESCBC failed: %v", err) } desDec, err := DecryptDESCBC(desEnc, desKey, desIV, "") if err != nil { t.Fatalf("DecryptDESCBC failed: %v", err) } if !bytes.Equal(desDec, plain) { t.Fatalf("des wrapper mismatch") } desStreamEnc := &bytes.Buffer{} if err := EncryptDESCBCStream(desStreamEnc, bytes.NewReader(plain), desKey, desIV, ""); err != nil { t.Fatalf("EncryptDESCBCStream failed: %v", err) } desStreamDec := &bytes.Buffer{} if err := DecryptDESCBCStream(desStreamDec, bytes.NewReader(desStreamEnc.Bytes()), desKey, desIV, ""); err != nil { t.Fatalf("DecryptDESCBCStream failed: %v", err) } if !bytes.Equal(desStreamDec.Bytes(), plain) { t.Fatalf("des stream wrapper mismatch") } } func TestRootSM2AndSM9Wrappers(t *testing.T) { sm2Priv, sm2Pub, err := GenerateSM2Key() if err != nil { t.Fatalf("GenerateSM2Key failed: %v", err) } msg := []byte("root-sm") sig, err := SM2Sign(sm2Priv, msg, nil) if err != nil { t.Fatalf("SM2Sign failed: %v", err) } if !SM2Verify(sm2Pub, msg, sig, nil) { t.Fatalf("SM2Verify failed") } signMaster, signPub, err := GenerateSM9SignMasterKey() if err != nil { t.Fatalf("GenerateSM9SignMasterKey failed: %v", err) } encryptMaster, encryptPub, err := GenerateSM9EncryptMasterKey() if err != nil { t.Fatalf("GenerateSM9EncryptMasterKey failed: %v", err) } uid := []byte("root@example.com") signUser, err := GenerateSM9SignUserKey(signMaster, uid, 0) if err != nil { t.Fatalf("GenerateSM9SignUserKey failed: %v", err) } encryptUser, err := GenerateSM9EncryptUserKey(encryptMaster, uid, 0) if err != nil { t.Fatalf("GenerateSM9EncryptUserKey failed: %v", err) } sm9Sig, err := SM9SignASN1(signUser, msg) if err != nil { t.Fatalf("SM9SignASN1 failed: %v", err) } if !SM9VerifyASN1(signPub, uid, 0, msg, sm9Sig) { t.Fatalf("SM9VerifyASN1 failed") } cipher, err := SM9Encrypt(encryptPub, uid, 0, msg) if err != nil { t.Fatalf("SM9Encrypt failed: %v", err) } dec, err := SM9Decrypt(encryptUser, uid, cipher) if err != nil { t.Fatalf("SM9Decrypt failed: %v", err) } if !bytes.Equal(dec, msg) { t.Fatalf("SM9 wrapper decrypt mismatch") } } func TestRootChaChaAndSM4DerivedWrappers(t *testing.T) { key := []byte("0123456789abcdef0123456789abcdef") nonce := []byte("123456789012") aad := []byte("aad") plain := []byte("root-chacha-wrapper") chachaEnc, err := EncryptChaCha20(plain, key, nonce) if err != nil { t.Fatalf("EncryptChaCha20 failed: %v", err) } chachaDec, err := DecryptChaCha20(chachaEnc, key, nonce) if err != nil { t.Fatalf("DecryptChaCha20 failed: %v", err) } if !bytes.Equal(chachaDec, plain) { t.Fatalf("chacha wrapper mismatch") } polyEnc, err := EncryptChaCha20Poly1305(plain, key, nonce, aad) if err != nil { t.Fatalf("EncryptChaCha20Poly1305 failed: %v", err) } polyDec, err := DecryptChaCha20Poly1305(polyEnc, key, nonce, aad) if err != nil { t.Fatalf("DecryptChaCha20Poly1305 failed: %v", err) } if !bytes.Equal(polyDec, plain) { t.Fatalf("chacha20-poly1305 wrapper mismatch") } sm4Key := []byte("0123456789abcdef") sm4IV := []byte("abcdef9876543210") sm4Plain := []byte("root-sm4-derived") ecbEnc, err := EncryptSM4ECB(sm4Plain, sm4Key, "") if err != nil { t.Fatalf("EncryptSM4ECB failed: %v", err) } ecbDec, err := DecryptSM4ECB(ecbEnc, sm4Key, "") if err != nil { t.Fatalf("DecryptSM4ECB failed: %v", err) } if !bytes.Equal(ecbDec, sm4Plain) { t.Fatalf("sm4 ecb wrapper mismatch") } ofbEnc, err := EncryptSM4OFB(sm4Plain, sm4Key, sm4IV) if err != nil { t.Fatalf("EncryptSM4OFB failed: %v", err) } ofbDec, err := DecryptSM4OFB(ofbEnc, sm4Key, sm4IV) if err != nil { t.Fatalf("DecryptSM4OFB failed: %v", err) } if !bytes.Equal(ofbDec, sm4Plain) { t.Fatalf("sm4 ofb wrapper mismatch") } ctrEnc, err := EncryptSM4CTR(sm4Plain, sm4Key, sm4IV) if err != nil { t.Fatalf("EncryptSM4CTR failed: %v", err) } ctrDec, err := DecryptSM4CTR(ctrEnc, sm4Key, sm4IV) if err != nil { t.Fatalf("DecryptSM4CTR failed: %v", err) } if !bytes.Equal(ctrDec, sm4Plain) { t.Fatalf("sm4 ctr wrapper mismatch") } ecbStreamEnc := &bytes.Buffer{} if err := EncryptSM4ECBStream(ecbStreamEnc, bytes.NewReader(sm4Plain), sm4Key, ""); err != nil { t.Fatalf("EncryptSM4ECBStream failed: %v", err) } ecbStreamDec := &bytes.Buffer{} if err := DecryptSM4ECBStream(ecbStreamDec, bytes.NewReader(ecbStreamEnc.Bytes()), sm4Key, ""); err != nil { t.Fatalf("DecryptSM4ECBStream failed: %v", err) } if !bytes.Equal(ecbStreamDec.Bytes(), sm4Plain) { t.Fatalf("sm4 ecb stream wrapper mismatch") } } func TestRootOptionsAndGCMWrappers(t *testing.T) { aesKey := []byte("0123456789abcdef") sm4Key := []byte("0123456789abcdef") nonce := []byte("123456789012") plain := []byte("root-options-gcm") aesEnc, err := EncryptAesGCM(plain, aesKey, nonce, []byte("aad")) if err != nil { t.Fatalf("EncryptAesGCM failed: %v", err) } aesDec, err := DecryptAesGCM(aesEnc, aesKey, nonce, []byte("aad")) if err != nil { t.Fatalf("DecryptAesGCM failed: %v", err) } if !bytes.Equal(aesDec, plain) { t.Fatalf("aes gcm wrapper mismatch") } sm4Enc, err := EncryptSM4WithOptions(plain, sm4Key, &CipherOptions{Nonce: nonce}) if err != nil { t.Fatalf("EncryptSM4WithOptions failed: %v", err) } sm4Dec, err := DecryptSM4WithOptions(sm4Enc, sm4Key, &CipherOptions{Nonce: nonce}) if err != nil { t.Fatalf("DecryptSM4WithOptions failed: %v", err) } if !bytes.Equal(sm4Dec, plain) { t.Fatalf("sm4 options wrapper mismatch") } } func TestRootCTRAtAndGCMChunkWrappers(t *testing.T) { aesKey := []byte("0123456789abcdef") aesIV := []byte("abcdef9876543210") aesNonce := []byte("123456789012") plain := bytes.Repeat([]byte("root-ctr-offset-"), 64) aesFull, err := EncryptAesCTR(plain, aesKey, aesIV) if err != nil { t.Fatalf("EncryptAesCTR failed: %v", err) } offset := 33 seg := aesFull[offset : offset+100] decSeg, err := DecryptAesCTRAt(seg, aesKey, aesIV, int64(offset)) if err != nil { t.Fatalf("DecryptAesCTRAt failed: %v", err) } if !bytes.Equal(decSeg, plain[offset:offset+100]) { t.Fatalf("root aes ctr at mismatch") } chunkCipher, err := EncryptAesGCMChunk([]byte("root-aes-gcm-chunk"), aesKey, aesNonce, []byte("aad"), 2) if err != nil { t.Fatalf("EncryptAesGCMChunk failed: %v", err) } chunkPlain, err := DecryptAesGCMChunk(chunkCipher, aesKey, aesNonce, []byte("aad"), 2) if err != nil { t.Fatalf("DecryptAesGCMChunk failed: %v", err) } if !bytes.Equal(chunkPlain, []byte("root-aes-gcm-chunk")) { t.Fatalf("root aes gcm chunk mismatch") } sm4Key := []byte("0123456789abcdef") sm4IV := []byte("abcdef9876543210") sm4Nonce := []byte("123456789012") sm4Full, err := EncryptSM4CTR(plain, sm4Key, sm4IV) if err != nil { t.Fatalf("EncryptSM4CTR failed: %v", err) } sm4Seg := sm4Full[offset : offset+100] sm4DecSeg, err := DecryptSM4CTRAt(sm4Seg, sm4Key, sm4IV, int64(offset)) if err != nil { t.Fatalf("DecryptSM4CTRAt failed: %v", err) } if !bytes.Equal(sm4DecSeg, plain[offset:offset+100]) { t.Fatalf("root sm4 ctr at mismatch") } sm4ChunkCipher, err := EncryptSM4GCMChunk([]byte("root-sm4-gcm-chunk"), sm4Key, sm4Nonce, []byte("aad"), 3) if err != nil { t.Fatalf("EncryptSM4GCMChunk failed: %v", err) } sm4ChunkPlain, err := DecryptSM4GCMChunk(sm4ChunkCipher, sm4Key, sm4Nonce, []byte("aad"), 3) if err != nil { t.Fatalf("DecryptSM4GCMChunk failed: %v", err) } if !bytes.Equal(sm4ChunkPlain, []byte("root-sm4-gcm-chunk")) { t.Fatalf("root sm4 gcm chunk mismatch") } } func TestRootCFB8AndSegmentDecryptWrappers(t *testing.T) { key := []byte("0123456789abcdef") iv := []byte("abcdef9876543210") plain := bytes.Repeat([]byte("0123456789abcdef"), 4) aesCFB8, err := EncryptAesCFB8(plain, key, iv) if err != nil { t.Fatalf("EncryptAesCFB8 failed: %v", err) } aesCFB8Dec, err := DecryptAesCFB8(aesCFB8, key, iv) if err != nil { t.Fatalf("DecryptAesCFB8 failed: %v", err) } if !bytes.Equal(aesCFB8Dec, plain) { t.Fatalf("root aes cfb8 mismatch") } aesCBC, err := EncryptAesCBC(plain, key, iv, ZEROPADDING) if err != nil { t.Fatalf("EncryptAesCBC failed: %v", err) } aesCBCSegDec, err := DecryptAesCBCFromSecondBlock(aesCBC[len(iv):], key, aesCBC[:len(iv)]) if err != nil { t.Fatalf("DecryptAesCBCFromSecondBlock failed: %v", err) } if !bytes.Equal(aesCBCSegDec, plain[len(iv):]) { t.Fatalf("root aes cbc from-second-block mismatch") } aesCFB, err := EncryptAesCFB(plain, key, iv) if err != nil { t.Fatalf("EncryptAesCFB failed: %v", err) } aesCFBSegDec, err := DecryptAesCFBFromSecondBlock(aesCFB[len(iv):], key, aesCFB[:len(iv)]) if err != nil { t.Fatalf("DecryptAesCFBFromSecondBlock failed: %v", err) } if !bytes.Equal(aesCFBSegDec, plain[len(iv):]) { t.Fatalf("root aes cfb from-second-block mismatch") } sm4CFB8, err := EncryptSM4CFB8(plain, key, iv) if err != nil { t.Fatalf("EncryptSM4CFB8 failed: %v", err) } sm4CFB8Dec, err := DecryptSM4CFB8(sm4CFB8, key, iv) if err != nil { t.Fatalf("DecryptSM4CFB8 failed: %v", err) } if !bytes.Equal(sm4CFB8Dec, plain) { t.Fatalf("root sm4 cfb8 mismatch") } sm4CBC, err := EncryptSM4CBC(plain, key, iv, ZEROPADDING) if err != nil { t.Fatalf("EncryptSM4CBC failed: %v", err) } sm4CBCSegDec, err := DecryptSM4CBCFromSecondBlock(sm4CBC[len(iv):], key, sm4CBC[:len(iv)]) if err != nil { t.Fatalf("DecryptSM4CBCFromSecondBlock failed: %v", err) } if !bytes.Equal(sm4CBCSegDec, plain[len(iv):]) { t.Fatalf("root sm4 cbc from-second-block mismatch") } sm4CFB, err := EncryptSM4CFBNoBlock(plain, key, iv) if err != nil { t.Fatalf("EncryptSM4CFB failed: %v", err) } sm4CFBSegDec, err := DecryptSM4CFBFromSecondBlock(sm4CFB[len(iv):], key, sm4CFB[:len(iv)]) if err != nil { t.Fatalf("DecryptSM4CFBFromSecondBlock failed: %v", err) } if !bytes.Equal(sm4CFBSegDec, plain[len(iv):]) { t.Fatalf("root sm4 cfb from-second-block mismatch") } } func TestRootOptionsAndCCMWrappers(t *testing.T) { aesKey := []byte("0123456789abcdef") sm4Key := []byte("0123456789abcdef") nonce := []byte("123456789012") aad := []byte("aad") plain := []byte("root-options-ccm") aesEnc, err := EncryptAesCCM(plain, aesKey, nonce, aad) if err != nil { t.Fatalf("EncryptAesCCM failed: %v", err) } aesDec, err := DecryptAesCCM(aesEnc, aesKey, nonce, aad) if err != nil { t.Fatalf("DecryptAesCCM failed: %v", err) } if !bytes.Equal(aesDec, plain) { t.Fatalf("aes ccm wrapper mismatch") } aesOpts := &CipherOptions{Mode: MODECCM, Nonce: nonce, AAD: aad} aesOptEnc, err := EncryptAesWithOptions(plain, aesKey, aesOpts) if err != nil { t.Fatalf("EncryptAesWithOptions CCM failed: %v", err) } aesOptDec, err := DecryptAesWithOptions(aesOptEnc, aesKey, aesOpts) if err != nil { t.Fatalf("DecryptAesWithOptions CCM failed: %v", err) } if !bytes.Equal(aesOptDec, plain) { t.Fatalf("aes options ccm wrapper mismatch") } aesChunkCipher, err := EncryptAesCCMChunk([]byte("root-aes-ccm-chunk"), aesKey, nonce, aad, 4) if err != nil { t.Fatalf("EncryptAesCCMChunk failed: %v", err) } aesChunkPlain, err := DecryptAesCCMChunk(aesChunkCipher, aesKey, nonce, aad, 4) if err != nil { t.Fatalf("DecryptAesCCMChunk failed: %v", err) } if !bytes.Equal(aesChunkPlain, []byte("root-aes-ccm-chunk")) { t.Fatalf("root aes ccm chunk mismatch") } aesStreamEnc := &bytes.Buffer{} if err := EncryptAesCCMStream(aesStreamEnc, bytes.NewReader(plain), aesKey, nonce, aad); err != nil { t.Fatalf("EncryptAesCCMStream failed: %v", err) } aesStreamDec := &bytes.Buffer{} if err := DecryptAesCCMStream(aesStreamDec, bytes.NewReader(aesStreamEnc.Bytes()), aesKey, nonce, aad); err != nil { t.Fatalf("DecryptAesCCMStream failed: %v", err) } if !bytes.Equal(aesStreamDec.Bytes(), plain) { t.Fatalf("aes ccm stream wrapper mismatch") } sm4Enc, err := EncryptSM4CCM(plain, sm4Key, nonce, aad) if err != nil { t.Fatalf("EncryptSM4CCM failed: %v", err) } sm4Dec, err := DecryptSM4CCM(sm4Enc, sm4Key, nonce, aad) if err != nil { t.Fatalf("DecryptSM4CCM failed: %v", err) } if !bytes.Equal(sm4Dec, plain) { t.Fatalf("sm4 ccm wrapper mismatch") } sm4Opts := &CipherOptions{Mode: MODECCM, Nonce: nonce, AAD: aad} sm4OptEnc, err := EncryptSM4WithOptions(plain, sm4Key, sm4Opts) if err != nil { t.Fatalf("EncryptSM4WithOptions CCM failed: %v", err) } sm4OptDec, err := DecryptSM4WithOptions(sm4OptEnc, sm4Key, sm4Opts) if err != nil { t.Fatalf("DecryptSM4WithOptions CCM failed: %v", err) } if !bytes.Equal(sm4OptDec, plain) { t.Fatalf("sm4 options ccm wrapper mismatch") } sm4ChunkCipher, err := EncryptSM4CCMChunk([]byte("root-sm4-ccm-chunk"), sm4Key, nonce, aad, 6) if err != nil { t.Fatalf("EncryptSM4CCMChunk failed: %v", err) } sm4ChunkPlain, err := DecryptSM4CCMChunk(sm4ChunkCipher, sm4Key, nonce, aad, 6) if err != nil { t.Fatalf("DecryptSM4CCMChunk failed: %v", err) } if !bytes.Equal(sm4ChunkPlain, []byte("root-sm4-ccm-chunk")) { t.Fatalf("root sm4 ccm chunk mismatch") } sm4StreamEnc := &bytes.Buffer{} if err := EncryptSM4CCMStream(sm4StreamEnc, bytes.NewReader(plain), sm4Key, nonce, aad); err != nil { t.Fatalf("EncryptSM4CCMStream failed: %v", err) } sm4StreamDec := &bytes.Buffer{} if err := DecryptSM4CCMStream(sm4StreamDec, bytes.NewReader(sm4StreamEnc.Bytes()), sm4Key, nonce, aad); err != nil { t.Fatalf("DecryptSM4CCMStream failed: %v", err) } if !bytes.Equal(sm4StreamDec.Bytes(), plain) { t.Fatalf("sm4 ccm stream wrapper mismatch") } } func TestRootXTSWrappers(t *testing.T) { k1 := []byte("0123456789abcdef") k2 := []byte("fedcba9876543210") plain := bytes.Repeat([]byte("0123456789abcdef"), 16) aesEnc, err := EncryptAesXTS(plain, k1, k2, 64) if err != nil { t.Fatalf("EncryptAesXTS failed: %v", err) } aesDec, err := DecryptAesXTS(aesEnc, k1, k2, 64) if err != nil { t.Fatalf("DecryptAesXTS failed: %v", err) } if !bytes.Equal(aesDec, plain) { t.Fatalf("root aes xts mismatch") } aesSegEnc, err := EncryptAesXTSAt(plain[:64], k1, k2, 64, 1) if err != nil { t.Fatalf("EncryptAesXTSAt failed: %v", err) } aesSegDec, err := DecryptAesXTSAt(aesSegEnc, k1, k2, 64, 1) if err != nil { t.Fatalf("DecryptAesXTSAt failed: %v", err) } if !bytes.Equal(aesSegDec, plain[:64]) { t.Fatalf("root aes xts at mismatch") } aesStreamEnc := &bytes.Buffer{} if err := EncryptAesXTSStream(aesStreamEnc, bytes.NewReader(plain), k1, k2, 64); err != nil { t.Fatalf("EncryptAesXTSStream failed: %v", err) } aesStreamDec := &bytes.Buffer{} if err := DecryptAesXTSStream(aesStreamDec, bytes.NewReader(aesStreamEnc.Bytes()), k1, k2, 64); err != nil { t.Fatalf("DecryptAesXTSStream failed: %v", err) } if !bytes.Equal(aesStreamDec.Bytes(), plain) { t.Fatalf("root aes xts stream mismatch") } sm4Enc, err := EncryptSM4XTS(plain, k1, k2, 64) if err != nil { t.Fatalf("EncryptSM4XTS failed: %v", err) } sm4Dec, err := DecryptSM4XTS(sm4Enc, k1, k2, 64) if err != nil { t.Fatalf("DecryptSM4XTS failed: %v", err) } if !bytes.Equal(sm4Dec, plain) { t.Fatalf("root sm4 xts mismatch") } sm4SegEnc, err := EncryptSM4XTSAt(plain[:64], k1, k2, 64, 2) if err != nil { t.Fatalf("EncryptSM4XTSAt failed: %v", err) } sm4SegDec, err := DecryptSM4XTSAt(sm4SegEnc, k1, k2, 64, 2) if err != nil { t.Fatalf("DecryptSM4XTSAt failed: %v", err) } if !bytes.Equal(sm4SegDec, plain[:64]) { t.Fatalf("root sm4 xts at mismatch") } sm4StreamEnc := &bytes.Buffer{} if err := EncryptSM4XTSStream(sm4StreamEnc, bytes.NewReader(plain), k1, k2, 64); err != nil { t.Fatalf("EncryptSM4XTSStream failed: %v", err) } sm4StreamDec := &bytes.Buffer{} if err := DecryptSM4XTSStream(sm4StreamDec, bytes.NewReader(sm4StreamEnc.Bytes()), k1, k2, 64); err != nil { t.Fatalf("DecryptSM4XTSStream failed: %v", err) } if !bytes.Equal(sm4StreamDec.Bytes(), plain) { t.Fatalf("root sm4 xts stream mismatch") } } func TestRootKDFAndXTSKeySplitWrappers(t *testing.T) { pbk, err := DerivePBKDF2SHA256Key("password", []byte("salt"), 1, 32) if err != nil { t.Fatalf("DerivePBKDF2SHA256Key failed: %v", err) } if len(pbk) != 32 { t.Fatalf("pbkdf2 key length mismatch") } argonParams := DefaultArgon2idParams() argonParams.Memory = 32 * 1024 argonParams.Threads = 1 argon, err := DeriveArgon2idKey("password", []byte("salt-salt"), argonParams) if err != nil { t.Fatalf("DeriveArgon2idKey failed: %v", err) } if len(argon) != int(argonParams.KeyLen) { t.Fatalf("argon2 key length mismatch") } master := []byte("0123456789abcdef0123456789abcdef") k1, k2, err := SplitXTSMasterKey(master) if err != nil { t.Fatalf("SplitXTSMasterKey failed: %v", err) } if len(k1) != 16 || len(k2) != 16 { t.Fatalf("split xts wrapper key lengths mismatch") } }