--- phase: 03-round-trip-verification plan: 02 subsystem: testing tags: [golden-vectors, integration-tests, round-trip, aes-256-cbc, hmac-sha256, sha256, assert_cmd, tempfile] # Dependency graph requires: - phase: 03-round-trip-verification plan: 01 provides: "Library crate (src/lib.rs) with pub mod re-exports, dev-dependencies (assert_cmd, tempfile, hex-literal)" - phase: 02-core-archiver provides: "crypto.rs, compression.rs, format.rs, archive.rs with pack/unpack CLI" provides: - "7 golden test vectors for AES-256-CBC, HMAC-SHA256, and SHA-256 (deterministic, cross-verified)" - "6 CLI round-trip integration tests covering all Phase 3 edge cases" - "32 total tests (19 unit + 7 golden + 6 integration) all passing" affects: [phase-4-cli-polish, phase-5-shell-decoder, verification] # Tech tracking tech-stack: added: [] patterns: [golden-vector-testing-with-fixed-iv, cli-integration-via-assert_cmd-cargo_bin-macro, tempdir-isolation-for-parallel-tests] key-files: created: [tests/golden.rs, tests/round_trip.rs] modified: [] key-decisions: - "Corrected HMAC golden vector: research openssl pipe+xxd gave wrong value; verified with openssl file input and Python hmac module" - "Used cargo_bin! macro instead of deprecated Command::cargo_bin() for forward compatibility" - "Large file test uses 11MB deterministic pseudo-random data with --no-compress to avoid gzip non-determinism" patterns-established: - "Golden vector pattern: fixed IV + known KEY for deterministic crypto test output" - "CLI integration pattern: tempdir + cargo_bin! + pack/unpack + assert_eq on raw bytes" - "Edge case coverage: empty file (PKCS7), Cyrillic UTF-8 names, >10MB files, APK no-compress" requirements-completed: [INT-02, TST-01, TST-02] # Metrics duration: 5min completed: 2026-02-24 --- # Phase 3 Plan 02: Golden Vectors and Round-Trip Tests Summary **7 golden crypto test vectors (AES-256-CBC, HMAC-SHA256, SHA-256) and 6 CLI round-trip integration tests covering empty files, Cyrillic filenames, and 11MB binaries** ## Performance - **Duration:** 5 min - **Started:** 2026-02-24T21:34:17Z - **Completed:** 2026-02-24T21:39:45Z - **Tasks:** 2 - **Files created:** 2 ## Accomplishments - Created 7 golden test vectors with fixed IVs for deterministic crypto verification (TST-02) - Created 6 CLI round-trip integration tests proving byte-identical pack->unpack (INT-02, TST-01) - All 32 tests pass (19 unit + 7 golden + 6 integration) with zero warnings - Cross-verified golden values with openssl (file input) and Python hmac module ## Task Commits Each task was committed atomically: 1. **Task 1: Create golden test vectors with fixed IV/key** - `329bed6` (test) 2. **Task 2: Create CLI round-trip integration tests** - `91ee354` (test) ## Files Created/Modified - `tests/golden.rs` - 7 golden vector tests: AES-256-CBC encrypt/decrypt/empty, HMAC-SHA256 compute/verify, SHA-256 x2 - `tests/round_trip.rs` - 6 CLI integration tests: single file, multiple files, empty, Cyrillic, 11MB large, APK no-compress ## Decisions Made - Corrected HMAC golden vector from research: openssl pipe with xxd -r -p produced incorrect binary, verified correct value (`efa09db0...`) using openssl with file input and Python hmac.new() - Used `cargo_bin!` macro (non-deprecated) instead of `Command::cargo_bin()` to avoid deprecation warnings - Large file test generates 11MB of deterministic pseudo-random data (`i.wrapping_mul(2654435761) as u8`) to ensure reproducibility ## Deviations from Plan ### Auto-fixed Issues **1. [Rule 1 - Bug] Corrected HMAC-SHA256 golden vector value** - **Found during:** Task 1 (golden test vectors) - **Issue:** Research openssl cross-verification produced wrong HMAC value (`0c85780b...`) due to pipe+xxd binary corruption; correct value is `efa09db0...` - **Fix:** Computed correct value independently with Python hmac module and openssl file-based input, updated golden vector - **Files modified:** tests/golden.rs - **Verification:** All 7 golden tests pass; value matches Rust hmac crate, Python hmac, and openssl (file) - **Committed in:** 329bed6 (Task 1 commit) **2. [Rule 1 - Bug] Replaced deprecated assert_cmd API** - **Found during:** Task 2 (round-trip tests) - **Issue:** `Command::cargo_bin()` deprecated in assert_cmd 2.1 with warning about custom cargo build-dir incompatibility - **Fix:** Used `cargo_bin!("encrypted_archive")` macro which resolves at compile time via `CARGO_BIN_EXE_` env var - **Files modified:** tests/round_trip.rs - **Verification:** Zero deprecation warnings, all 6 round-trip tests pass - **Committed in:** 91ee354 (Task 2 commit) --- **Total deviations:** 2 auto-fixed (2 bugs) **Impact on plan:** Both fixes necessary for correctness and clean builds. No scope change. ## Issues Encountered None ## User Setup Required None - no external service configuration required. ## Next Phase Readiness - Phase 3 fully complete: 32 tests (19 unit + 7 golden + 6 integration) all pass - All Phase 3 success criteria met: byte-identical round-trips, golden vectors, unit tests, edge cases (empty, >10MB, Cyrillic) - Ready for Phase 4 (CLI polish) or Phase 5 (shell decoder) ## Self-Check: PASSED - All 2 key files exist on disk: tests/golden.rs, tests/round_trip.rs - Both task commits verified: 329bed6, 91ee354 - cargo test: 32 passed (19 unit + 7 golden + 6 integration), 0 failed --- *Phase: 03-round-trip-verification* *Completed: 2026-02-24*