enc_file 0.6.3

Password-based file encryption tool with a versioned header, AEAD, Argon2id KDF, and streaming mode. Library + CLI + GUI.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162

use enc_file::{AeadAlg, EncFileError, EncryptOptions, encrypt_file_streaming};
use secrecy::SecretString;
use std::fs;
use std::path::PathBuf;
use tempfile::tempdir;

// Helper: Write a binary blob of a specific length
fn write_blob(path: &PathBuf, len: usize) {
    let data = vec![0u8; len];
    fs::write(path, &data).unwrap();
}

// Default password for tests
fn test_pw() -> SecretString {
    SecretString::new("pw".into())
}

// Get test algorithms
fn test_algs() -> [AeadAlg; 2] {
    [AeadAlg::XChaCha20Poly1305, AeadAlg::Aes256GcmSiv]
}

#[test]
fn streaming_rejects_oversized_chunk_for_both_algs() {
    println!("[TEST] streaming_rejects_oversized_chunk_for_both_algs: starting");
    let input_len = 10;
    let oversized_chunk = u32::MAX as usize; // Deliberately too large (AEAD tag is +16 bytes)
    for &alg in &test_algs() {
        println!("[TEST] Trying algorithm: {:?}", alg);
        let dir = tempdir().unwrap();
        let infile = dir.path().join("in.bin");
        let outfile = dir.path().join("out.enc");
        write_blob(&infile, input_len);
        let opts = EncryptOptions {
            alg,
            stream: true,
            chunk_size: oversized_chunk,
            ..Default::default()
        };
        let result = encrypt_file_streaming(&infile, Some(&outfile), test_pw(), opts);
        match result {
            Err(EncFileError::Invalid(ref msg)) if msg.contains("chunk size") => {
                println!(
                    "[TEST] streaming_rejects_oversized_chunk_for_both_algs: got expected error for {:?}: {}",
                    alg, msg
                )
            }
            Err(ref e) => println!(
                "[TEST] streaming_rejects_oversized_chunk_for_both_algs: got unexpected error for {:?}: {:?}",
                alg, e
            ),
            Ok(_) => println!(
                "[TEST] streaming_rejects_oversized_chunk_for_both_algs: unexpected success for {:?}",
                alg
            ),
        }
        assert!(result.is_err());
    }
    println!("[TEST] streaming_rejects_oversized_chunk_for_both_algs: finished");
}

/// This test attempts a ~4 GiB allocation (max boundary) and is ignored by default.
/// Run explicitly with: `cargo test -- --ignored`
#[ignore]
#[test]
fn streaming_accepts_max_boundary_chunk_size() {
    println!("[TEST] streaming_accepts_max_boundary_chunk_size: starting");
    let input_len = 10;
    let max_chunk = (u32::MAX - 16) as usize; // Maximum allowed chunk size for streaming
    for &alg in &test_algs() {
        println!("[TEST] Trying algorithm: {:?}", alg);
        let dir = tempdir().unwrap();
        let infile = dir.path().join("in.bin");
        let outfile = dir.path().join("out.enc");
        write_blob(&infile, input_len);
        let opts = EncryptOptions {
            alg,
            stream: true,
            chunk_size: max_chunk,
            ..Default::default()
        };
        let result = encrypt_file_streaming(&infile, Some(&outfile), test_pw(), opts);
        match result {
            Ok(ref path) => println!(
                "[TEST] streaming_accepts_max_boundary_chunk_size: succeeded for {:?}, out: {:?}",
                alg, path
            ),
            Err(ref e) => println!(
                "[TEST] streaming_accepts_max_boundary_chunk_size: unexpected error for {:?}: {:?}",
                alg, e
            ),
        }
        assert!(result.is_ok());
    }
    println!("[TEST] streaming_accepts_max_boundary_chunk_size: finished");
}

#[test]
fn streaming_accepts_small_reasonable_chunk_for_both_algs() {
    println!("[TEST] streaming_accepts_small_reasonable_chunk_for_both_algs: starting");
    let input_len = 10;
    let small_chunk = 8; // Small but valid
    for &alg in &test_algs() {
        println!("[TEST] Trying algorithm: {:?}", alg);
        let dir = tempdir().unwrap();
        let infile = dir.path().join("in.bin");
        let outfile = dir.path().join("out.enc");
        write_blob(&infile, input_len);
        let opts = EncryptOptions {
            alg,
            stream: true,
            chunk_size: small_chunk,
            ..Default::default()
        };
        let result = encrypt_file_streaming(&infile, Some(&outfile), test_pw(), opts);
        match result {
            Ok(ref path) => println!(
                "[TEST] streaming_accepts_small_reasonable_chunk_for_both_algs: succeeded for {:?}, out: {:?}",
                alg, path
            ),
            Err(ref e) => println!(
                "[TEST] streaming_accepts_small_reasonable_chunk_for_both_algs: unexpected error for {:?}: {:?}",
                alg, e
            ),
        }
        assert!(result.is_ok());
    }
    println!("[TEST] streaming_accepts_small_reasonable_chunk_for_both_algs: finished");
}

#[test]
fn streaming_zero_chunk_size_defaults_and_succeeds_for_both_algs() {
    println!("[TEST] streaming_zero_chunk_size_defaults_and_succeeds_for_both_algs: starting");
    let input_len = 10;
    let zero_chunk = 0; // Should default internally (usually 1 MiB)
    for &alg in &test_algs() {
        println!("[TEST] Trying algorithm: {:?}", alg);
        let dir = tempdir().unwrap();
        let infile = dir.path().join("in.bin");
        let outfile = dir.path().join("out.enc");
        write_blob(&infile, input_len);
        let opts = EncryptOptions {
            alg,
            stream: true,
            chunk_size: zero_chunk,
            ..Default::default()
        };
        let result = encrypt_file_streaming(&infile, Some(&outfile), test_pw(), opts);
        match result {
            Ok(ref path) => println!(
                "[TEST] streaming_zero_chunk_size_defaults_and_succeeds_for_both_algs: succeeded for {:?}, out: {:?}",
                alg, path
            ),
            Err(ref e) => println!(
                "[TEST] streaming_zero_chunk_size_defaults_and_succeeds_for_both_algs: unexpected error for {:?}: {:?}",
                alg, e
            ),
        }
        assert!(result.is_ok());
    }
    println!("[TEST] streaming_zero_chunk_size_defaults_and_succeeds_for_both_algs: finished");
}