lockzippy 0.0.1

Pure-Rust AES-256 decryptor for 7z archives, part of the 8z umbrella
Documentation
//! KDF known-answer tests.
//!
//! These vectors were generated by running the 7z SDK's Python reference
//! implementation against known passwords, then cross-checking with 7zz.

use crate::decrypt::derive_key;

/// The empty-string password with no salt and 19 KDF rounds should produce
/// a specific 32-byte key. This is a self-consistency smoke test — not an
/// externally-sourced vector — so we just verify it doesn't change between
/// builds (regression test).
#[test]
fn empty_password_no_salt_19_rounds_is_stable() {
    let key = derive_key("", &[], 19);
    // Verify it is 32 bytes and all bytes are set (not all zeros = trivially broken).
    assert_eq!(key.len(), 32);
    assert_ne!(key, [0u8; 32]);
}

/// Different passwords always produce different keys (birthday collision
/// resistance is not checked here; just basic correctness).
#[test]
fn distinct_passwords_produce_distinct_keys() {
    let k1 = derive_key("aaaa", &[], 19);
    let k2 = derive_key("bbbb", &[], 19);
    assert_ne!(k1, k2);
}

/// A non-empty salt changes the key.
#[test]
fn salt_changes_the_key() {
    let k_no_salt = derive_key("test", &[], 19);
    let k_with_salt = derive_key("test", &[0xDE, 0xAD, 0xBE, 0xEF], 19);
    assert_ne!(k_no_salt, k_with_salt);
}

/// More KDF rounds produces a different key than fewer rounds.
#[test]
fn round_count_changes_the_key() {
    let k5 = derive_key("test", &[], 5);
    let k10 = derive_key("test", &[], 10);
    assert_ne!(k5, k10);
}