package crypto import ( "bytes" "testing" ) func TestEncryptDecryptRoundTrip(t *testing.T) { key := make([]byte, 32) enc, err := Encrypt(key, []byte("hunter2")) if err != nil { t.Fatalf("encrypt: %v", err) } if enc == "hunter2" { t.Fatal("ciphertext must not equal plaintext") } got, err := Decrypt(key, enc) if err != nil { t.Fatalf("decrypt: %v", err) } if !bytes.Equal(got, []byte("hunter2")) { t.Fatalf("got %q, want hunter2", got) } } func TestEncryptNonDeterministic(t *testing.T) { key := make([]byte, 32) a, _ := Encrypt(key, []byte("x")) b, _ := Encrypt(key, []byte("x")) if a == b { t.Fatal("two encryptions must differ (random nonce)") } } func TestEncryptRejectsWrongKeySize(t *testing.T) { if _, err := Encrypt(make([]byte, 16), []byte("x")); err == nil { t.Fatal("16-byte key must be rejected (AES-256 requires 32)") } }