fix(crypto): enforce 32-byte key for AES-256
This commit is contained in:
@@ -31,3 +31,9 @@ func TestEncryptNonDeterministic(t *testing.T) {
|
||||
t.Fatal("two encryptions must differ (random nonce)")
|
||||
}
|
||||
}
|
||||
|
||||
func TestEncryptRejectsWrongKeySize(t *testing.T) {
|
||||
if _, err := Encrypt(make([]byte, 16), []byte("x")); err == nil {
|
||||
t.Fatal("16-byte key must be rejected (AES-256 requires 32)")
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user