//! Tests for cryptographic operations use atproto_plc::crypto::{SigningKey, VerifyingKey}; #[test] fn test_p256_key_generation() { let key = SigningKey::generate_p256(); let did_key = key.to_did_key(); assert!(did_key.starts_with("did:key:z")); // Verify key can be parsed back let verifying_key = VerifyingKey::from_did_key(&did_key).unwrap(); assert_eq!(verifying_key, key.verifying_key()); } #[test] fn test_k256_key_generation() { let key = SigningKey::generate_k256(); let did_key = key.to_did_key(); assert!(did_key.starts_with("did:key:z")); // Verify key can be parsed back let verifying_key = VerifyingKey::from_did_key(&did_key).unwrap(); assert_eq!(verifying_key, key.verifying_key()); } #[test] fn test_p256_signing_and_verification() { let key = SigningKey::generate_p256(); let data = b"The quick brown fox jumps over the lazy dog"; // Sign the data let signature = key.sign(data).unwrap(); assert!(!signature.is_empty()); // Verify with correct key let verifying_key = key.verifying_key(); assert!(verifying_key.verify(data, &signature).is_ok()); // Verify with wrong data should fail let wrong_data = b"The quick brown fox jumps over the lazy cat"; assert!(verifying_key.verify(wrong_data, &signature).is_err()); // Verify with wrong key should fail let wrong_key = SigningKey::generate_p256(); let wrong_verifying_key = wrong_key.verifying_key(); assert!(wrong_verifying_key.verify(data, &signature).is_err()); } #[test] fn test_k256_signing_and_verification() { let key = SigningKey::generate_k256(); let data = b"Hello, world!"; // Sign the data let signature = key.sign(data).unwrap(); // Verify with correct key let verifying_key = key.verifying_key(); assert!(verifying_key.verify(data, &signature).is_ok()); // Wrong key should fail let wrong_key = SigningKey::generate_k256(); assert!(wrong_key.verifying_key().verify(data, &signature).is_err()); } #[test] fn test_base64url_signing() { let key = SigningKey::generate_p256(); let data = b"test data"; // Sign as base64url let signature_b64 = key.sign_base64url(data).unwrap(); assert!(!signature_b64.contains('=')); assert!(!signature_b64.contains('+')); assert!(!signature_b64.contains('/')); // Verify base64url signature let verifying_key = key.verifying_key(); assert!(verifying_key.verify_base64url(data, &signature_b64).is_ok()); } #[test] fn test_signature_non_deterministic() { let key = SigningKey::generate_p256(); let data = b"same data"; // Sign the same data twice let sig1 = key.sign(data).unwrap(); let sig2 = key.sign(data).unwrap(); // Signatures should be different (ECDSA is non-deterministic) // Note: This might occasionally fail due to randomness, but is very unlikely // The important thing is both signatures verify correctly let verifying_key = key.verifying_key(); assert!(verifying_key.verify(data, &sig1).is_ok()); assert!(verifying_key.verify(data, &sig2).is_ok()); } #[test] fn test_invalid_did_key_parsing() { // Invalid prefix assert!(VerifyingKey::from_did_key("not:a:did:key").is_err()); // Wrong DID method assert!(VerifyingKey::from_did_key("did:web:example.com").is_err()); // Invalid base58 assert!(VerifyingKey::from_did_key("did:key:z!!!INVALID!!!").is_err()); } #[test] fn test_did_key_roundtrip_multiple_keys() { // Test with multiple different keys let keys = vec![ SigningKey::generate_p256(), SigningKey::generate_k256(), SigningKey::generate_p256(), SigningKey::generate_k256(), ]; for key in keys { let did_key = key.to_did_key(); let parsed = VerifyingKey::from_did_key(&did_key).unwrap(); assert_eq!(parsed, key.verifying_key()); } } // Note: VerifyingKey doesn't implement Serialize/Deserialize directly // because the underlying ECDSA types don't support it. // Keys are serialized as did:key strings instead. #[test] fn test_cross_curve_verification_fails() { // Sign with P-256 let p256_key = SigningKey::generate_p256(); let data = b"test"; let signature = p256_key.sign(data).unwrap(); // Try to verify with K-256 should fail let k256_key = SigningKey::generate_k256(); assert!(k256_key.verifying_key().verify(data, &signature).is_err()); }