age-crypto 0.2.0

A safe, ergonomic Rust wrapper around the age encryption library with strong typing, comprehensive error handling, and passphrase support.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

use age_crypto::{
    DecryptError, Error, decrypt_with_passphrase_armor, encrypt_with_passphrase_armor,
};
const CORRECT_PHRASE: &str = "correct-horse-battery-staple-πŸ”";
const WRONG_PHRASE: &str = "wrong-passphrase-❌";
fn create_armored_ciphertext(plaintext: &[u8], passphrase: &str) -> String {
    encrypt_with_passphrase_armor(plaintext, passphrase)
        .expect("encryption for test setup failed")
        .to_string()
}
#[test]
fn test_decrypt_passphrase_armor_success() {
    let plaintext = b"Top secret armored";
    let armored = create_armored_ciphertext(plaintext, CORRECT_PHRASE);
    let decrypted = decrypt_with_passphrase_armor(&armored, CORRECT_PHRASE).unwrap();
    assert_eq!(decrypted, plaintext);
}
#[test]
fn test_decrypt_passphrase_armor_wrong_passphrase() {
    let armored = create_armored_ciphertext(b"secret", CORRECT_PHRASE);
    let result = decrypt_with_passphrase_armor(&armored, WRONG_PHRASE);
    assert!(result.is_err());
    let err = result.unwrap_err();
    assert!(matches!(err, Error::Decrypt(DecryptError::Failed(_))));
    assert!(
        err.to_string().contains("Decrypt error: Decryption failed")
            || err.to_string().contains("no matching secret key")
    );
}
#[test]
fn test_decrypt_passphrase_armor_empty_string() {
    let result = decrypt_with_passphrase_armor("", CORRECT_PHRASE);
    assert!(result.is_err());
    assert!(matches!(
        result.unwrap_err(),
        Error::Decrypt(DecryptError::InvalidCiphertext(_))
    ));
}
#[test]
fn test_decrypt_passphrase_armor_invalid_marker() {
    let invalid = "-----BEGIN WRONG-----\n...\n-----END WRONG-----";
    let result = decrypt_with_passphrase_armor(invalid, CORRECT_PHRASE);
    assert!(result.is_err());
    assert!(matches!(
        result.unwrap_err(),
        Error::Decrypt(DecryptError::InvalidCiphertext(_))
    ));
}
#[test]
fn test_decrypt_passphrase_armor_truncated() {
    let full = create_armored_ciphertext(b"data", CORRECT_PHRASE);
    let lengths_to_test = [0, 20, full.len() / 2];
    for len in lengths_to_test {
        if len < full.len() {
            let truncated = &full[..len];
            let result = decrypt_with_passphrase_armor(truncated, CORRECT_PHRASE);
            assert!(result.is_err(), "Truncated at {} must fail", len);
        }
    }
}
#[test]
fn test_decrypt_passphrase_armor_corrupted() {
    let mut full = create_armored_ciphertext(b"I am data", CORRECT_PHRASE);
    let pos = full.len() / 2;
    if pos < full.len() {
        full.replace_range(pos..=pos, "X");
    }
    let result = decrypt_with_passphrase_armor(&full, CORRECT_PHRASE);
    assert!(result.is_err());
}
#[test]
fn test_decrypt_passphrase_armor_case_sensitive_passphrase() {
    let armored = create_armored_ciphertext(b"case test", "MyPass");
    assert!(decrypt_with_passphrase_armor(&armored, "MyPass").is_ok());
    assert!(decrypt_with_passphrase_armor(&armored, "mypass").is_err());
    assert!(decrypt_with_passphrase_armor(&armored, "MYPASS").is_err());
}
#[test]
fn test_decrypt_passphrase_armor_unicode_passphrase() {
    let pass = "パスワード 密码 πŸ—οΈ";
    let plaintext = b"Unicode armored";
    let armored = encrypt_with_passphrase_armor(plaintext, pass).unwrap();
    let decrypted = decrypt_with_passphrase_armor(armored.as_str(), pass).unwrap();
    assert_eq!(decrypted, plaintext);
    let mut wrong = pass.to_string();
    wrong.push('x');
    assert!(decrypt_with_passphrase_armor(armored.as_str(), &wrong).is_err());
}
#[test]
fn test_decrypt_passphrase_armor_large_ciphertext() {
    let plaintext = vec![0xCD; 500_000];
    let armored = encrypt_with_passphrase_armor(&plaintext, CORRECT_PHRASE).unwrap();
    let decrypted = decrypt_with_passphrase_armor(armored.as_str(), CORRECT_PHRASE).unwrap();
    assert_eq!(decrypted, plaintext);
}
#[test]
fn test_decrypt_passphrase_armor_reuse() {
    let plaintext = b"Immortal";
    let armored = create_armored_ciphertext(plaintext, CORRECT_PHRASE);
    for _ in 0..5 {
        let decrypted = decrypt_with_passphrase_armor(&armored, CORRECT_PHRASE).unwrap();
        assert_eq!(decrypted, plaintext);
    }
}
#[test]
fn test_decrypt_passphrase_armor_output_fresh_allocation() {
    let armored = create_armored_ciphertext(b"fresh", CORRECT_PHRASE);
    let d1 = decrypt_with_passphrase_armor(&armored, CORRECT_PHRASE).unwrap();
    let d2 = decrypt_with_passphrase_armor(&armored, CORRECT_PHRASE).unwrap();
    assert_ne!(d1.as_ptr(), d2.as_ptr(), "Outputs must be independent");
    assert_eq!(d1, d2);
}
#[test]
fn test_decrypt_passphrase_armor_does_not_mutate_input() {
    let armored = create_armored_ciphertext(b"immutable", CORRECT_PHRASE);
    let original = armored.clone();
    let _ = decrypt_with_passphrase_armor(&armored, CORRECT_PHRASE).unwrap();
    assert_eq!(
        armored, original,
        "Input armored string must not be mutated"
    );
}