test: add cast coverage and standardize on testify

- add table-driven tests for the new internal/cast helpers, covering happy
  paths plus overflow and parse errors for each converter
- switch encoding and subtle tests to use require/assertions from testify so
  the suite uses one assertion style
- keep go test ./... passing to validate the expanded coverage

Author: allisson

argon2/argon2id.go

@@ -7,6 +7,7 @@ import (
 
 	"golang.org/x/crypto/argon2"
 
+	"github.com/allisson/go-pwdhash/internal/cast"
 	"github.com/allisson/go-pwdhash/internal/encoding"
 	"github.com/allisson/go-pwdhash/internal/subtle"
 )
@@ -74,17 +75,33 @@ func (a *Argon2idHasher) Verify(password []byte, encoded string) (bool, error) {
 		return false, err
 	}
 
-	mem, _ := strconv.Atoi(parsed.Params["m"])
-	it, _ := strconv.Atoi(parsed.Params["t"])
-	par, _ := strconv.Atoi(parsed.Params["p"])
+	mem, err := cast.ConvertStringToUint32(parsed.Params["m"])
+	if err != nil {
+		return false, err
+	}
+
+	it, err := cast.ConvertStringToUint32(parsed.Params["t"])
+	if err != nil {
+		return false, err
+	}
+
+	par, err := cast.ConvertStringToUint8(parsed.Params["p"])
+	if err != nil {
+		return false, err
+	}
+
+	keyLen, err := cast.ConvertIntToUint32(len(parsed.Hash))
+	if err != nil {
+		return false, err
+	}
 
 	key := argon2.IDKey(
 		password,
 		parsed.Salt,
-		uint32(it),
-		uint32(mem),
-		uint8(par),
-		uint32(len(parsed.Hash)),
+		it,
+		mem,
+		par,
+		keyLen,
 	)
 
 	return subtle.ConstantTimeCompare(key, parsed.Hash), nil

go.mod

@@ -3,7 +3,8 @@ module github.com/allisson/go-pwdhash
 go 1.24.0
 
 require (
-	github.com/stretchr/testify v1.9.0
+	github.com/ccoveille/go-safecast/v2 v2.0.0
+	github.com/stretchr/testify v1.11.1
 	golang.org/x/crypto v0.47.0
 )
 

go.sum

@@ -1,9 +1,11 @@
+github.com/ccoveille/go-safecast/v2 v2.0.0 h1:+5eyITXAUj3wMjad6cRVJKGnC7vDS55zk0INzJagub0=
+github.com/ccoveille/go-safecast/v2 v2.0.0/go.mod h1:JIYA4CAR33blIDuE6fSwCp2sz1oOBahXnvmdBhOAABs=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
 golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
 golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=

internal/cast/cast.go

@@ -0,0 +1,32 @@
+package cast
+
+import (
+	"strconv"
+
+	"github.com/ccoveille/go-safecast/v2"
+)
+
+// ConvertStringToUint32 parses a base-10 string and returns a uint32 value.
+func ConvertStringToUint32(s string) (uint32, error) {
+	i, err := strconv.ParseInt(s, 10, 32)
+	if err != nil {
+		return uint32(0), err
+	}
+
+	return safecast.Convert[uint32](i)
+}
+
+// ConvertStringToUint8 parses a base-10 string and returns a uint8 value.
+func ConvertStringToUint8(s string) (uint8, error) {
+	i, err := strconv.ParseInt(s, 10, 32)
+	if err != nil {
+		return uint8(0), err
+	}
+
+	return safecast.Convert[uint8](i)
+}
+
+// ConvertIntToUint32 safely casts an int to uint32.
+func ConvertIntToUint32(i int) (uint32, error) {
+	return safecast.Convert[uint32](i)
+}

internal/cast/cast_test.go

@@ -0,0 +1,85 @@
+package cast
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestConvertStringToUint32(t *testing.T) {
+	tests := []struct {
+		name    string
+		input   string
+		want    uint32
+		wantErr bool
+	}{
+		{name: "ok", input: "12345", want: 12345},
+		{name: "nonNumeric", input: "abc", wantErr: true},
+		{name: "negative", input: "-1", wantErr: true},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := ConvertStringToUint32(tt.input)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+
+			require.NoError(t, err)
+			require.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func TestConvertStringToUint8(t *testing.T) {
+	tests := []struct {
+		name    string
+		input   string
+		want    uint8
+		wantErr bool
+	}{
+		{name: "ok", input: "255", want: 255},
+		{name: "nonNumeric", input: "hello", wantErr: true},
+		{name: "overflow", input: "512", wantErr: true},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := ConvertStringToUint8(tt.input)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+
+			require.NoError(t, err)
+			require.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func TestConvertIntToUint32(t *testing.T) {
+	tests := []struct {
+		name    string
+		input   int
+		want    uint32
+		wantErr bool
+	}{
+		{name: "zero", input: 0, want: 0},
+		{name: "positive", input: 65535, want: 65535},
+		{name: "negative", input: -1, wantErr: true},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := ConvertIntToUint32(tt.input)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+
+			require.NoError(t, err)
+			require.Equal(t, tt.want, got)
+		})
+	}
+}

internal/encoding/encoding_test.go

@@ -3,7 +3,6 @@ package encoding
 import (
 	"testing"
 
-	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
@@ -26,10 +25,10 @@ func TestParse_ValidPHCString(t *testing.T) {
 	require.NoError(t, err)
 	require.NotNil(t, parsed)
 
-	assert.Equal(t, original.Algorithm, parsed.Algorithm)
-	assert.Equal(t, original.Params, parsed.Params)
-	assert.Equal(t, original.Salt, parsed.Salt)
-	assert.Equal(t, original.Hash, parsed.Hash)
+	require.Equal(t, original.Algorithm, parsed.Algorithm)
+	require.Equal(t, original.Params, parsed.Params)
+	require.Equal(t, original.Salt, parsed.Salt)
+	require.Equal(t, original.Hash, parsed.Hash)
 }
 
 func TestParse_InvalidPHCString(t *testing.T) {
@@ -50,7 +49,7 @@ func TestEncodedHashStringIncludesMetadata(t *testing.T) {
 
 	encoded := enc.String()
 
-	assert.Contains(t, encoded, "$argon2id$")
-	assert.Contains(t, encoded, "$v=19$")
-	assert.Contains(t, encoded, "m=65536")
+	require.Contains(t, encoded, "$argon2id$")
+	require.Contains(t, encoded, "$v=19$")
+	require.Contains(t, encoded, "m=65536")
 }

internal/encoding/parse.go

@@ -7,6 +7,11 @@ import (
 )
 
 // Parse decodes a PHC-formatted string into an EncodedHash structure.
+//
+// The input must follow the "$<id>$v=<ver>$<params>$<salt>$<hash>" convention
+// defined by the PHC string format. Parameters are stored verbatim without
+// validation to keep parsing focused on syntax; callers must enforce any
+// semantic constraints.
 func Parse(s string) (*EncodedHash, error) {
 	parts := strings.Split(s, "$")
 	if len(parts) < 6 {

internal/subtle/compare_test.go

@@ -1,17 +1,17 @@
 package subtle
 
-import "testing"
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
 
 func TestConstantTimeCompare(t *testing.T) {
 	a := []byte("same-length")
 	b := []byte("same-length")
 
-	if !ConstantTimeCompare(a, b) {
-		t.Fatalf("expected slices to be equal")
-	}
+	require.True(t, ConstantTimeCompare(a, b))
 
 	different := []byte("different")
-	if ConstantTimeCompare(a, different) {
-		t.Fatalf("expected mismatch to return false")
-	}
+	require.False(t, ConstantTimeCompare(a, different))
 }