From 187c234e60fc9fa465d918a91e0930a025b2ec4d Mon Sep 17 00:00:00 2001
From: Laisky <github@laisky.com>
Date: Thu, 28 Mar 2024 02:10:39 +0000
Subject: [PATCH] test: Update crypto/smtongsuo_test.go with SM2/RSA encryption
 tests

* Add comprehensive test cases for Tongsuo\_EncryptBySm2 function
  - Implement test case for valid encryption and decryption using SM2 algorithm
  - Include test case for invalid ciphertext check
  - Test SM2 encryption and RSA decryption compatibility
  - Verify invalid ciphertext check for RSA decryption
---
 crypto/smtongsuo_test.go | 63 +++++++++++++++++++++++++++++++---------
 1 file changed, 50 insertions(+), 13 deletions(-)

diff --git a/crypto/smtongsuo_test.go b/crypto/smtongsuo_test.go
index 1553177..ef38270 100644
--- a/crypto/smtongsuo_test.go
+++ b/crypto/smtongsuo_test.go
@@ -708,21 +708,58 @@ func TestTongsuo_EncryptBySm2(t *testing.T) {
 	ins, err := NewTongsuo("/usr/local/bin/tongsuo")
 	require.NoError(t, err)
 
-	prikeyPem, err := ins.NewPrikey(ctx)
-	require.NoError(t, err)
+	plaintext := []byte("Hello, World!")
 
-	pubkeyPem, err := ins.Prikey2Pubkey(ctx, prikeyPem)
-	require.NoError(t, err)
+	t.Run("sm2", func(t *testing.T) {
+		prikeyPem, err := ins.NewPrikey(ctx)
+		require.NoError(t, err)
 
-	plaintext := []byte("Hello, World!")
+		pubkeyPem, err := ins.Prikey2Pubkey(ctx, prikeyPem)
+		require.NoError(t, err)
 
-	// encrypt by sm2 pubkey
-	ciphertext, err := ins.EncryptBySm2(ctx, pubkeyPem, plaintext)
-	require.NoError(t, err)
-	require.NotNil(t, ciphertext)
+		// encrypt by sm2 pubkey
+		ciphertext, err := ins.EncryptBySm2(ctx, pubkeyPem, plaintext)
+		require.NoError(t, err)
+		require.NotNil(t, ciphertext)
 
-	// decrypt by sm2 prikey
-	decrypted, err := ins.DecryptBySm2(ctx, prikeyPem, ciphertext)
-	require.NoError(t, err)
-	require.Equal(t, plaintext, decrypted)
+		// decrypt by sm2 prikey
+		decrypted, err := ins.DecryptBySm2(ctx, prikeyPem, ciphertext)
+		require.NoError(t, err)
+		require.Equal(t, plaintext, decrypted)
+
+		t.Run("ivalid ciphertext", func(t *testing.T) {
+			decrypted, err := ins.DecryptBySm2(ctx, prikeyPem,
+				append([]byte("halo"), ciphertext...))
+			require.ErrorContains(t, err, "operation error")
+			require.NotEqual(t, plaintext, decrypted)
+		})
+	})
+
+	t.Run("compatable with rsa", func(t *testing.T) {
+		prikey, err := NewRSAPrikey(RSAPrikeyBits2048)
+		require.NoError(t, err)
+		prikeyPem, err := Prikey2Pem(prikey)
+		require.NoError(t, err)
+
+		pubkey := Prikey2Pubkey(prikey)
+		pubkeyPem, err := Pubkey2Pem(pubkey)
+		require.NoError(t, err)
+
+		// encrypt by rsa pubkey
+		ciphertext, err := ins.EncryptBySm2(ctx, pubkeyPem, plaintext)
+		require.NoError(t, err)
+		require.NotNil(t, ciphertext)
+
+		// decrypt by rsa prikey
+		decrypted, err := ins.DecryptBySm2(ctx, prikeyPem, ciphertext)
+		require.NoError(t, err)
+		require.Equal(t, plaintext, decrypted)
+
+		t.Run("ivalid ciphertext", func(t *testing.T) {
+			decrypted, err := ins.DecryptBySm2(ctx, prikeyPem,
+				append(ciphertext, []byte("halo")...))
+			require.ErrorContains(t, err, "operation error")
+			require.NotEqual(t, plaintext, decrypted)
+		})
+	})
 }