tests/crypto_operations.rs at fix/did-generation-and-signatures · zicklag.dev/atproto-plc

zicklag.dev / atproto-plc
forked from smokesignal.events/atproto-plc
Rust and WASM did-method-plc tools and structures
atproto-plc / tests / crypto_operations.rs
at fix/did-generation-and-signatures 4.5 kB view raw
  1//! Tests for cryptographic operations
  2
  3use atproto_plc::crypto::{SigningKey, VerifyingKey};
  4
  5#[test]
  6fn test_p256_key_generation() {
  7    let key = SigningKey::generate_p256();
  8    let did_key = key.to_did_key();
  9
 10    assert!(did_key.starts_with("did:key:z"));
 11
 12    // Verify key can be parsed back
 13    let verifying_key = VerifyingKey::from_did_key(&did_key).unwrap();
 14    assert_eq!(verifying_key, key.verifying_key());
 15}
 16
 17#[test]
 18fn test_k256_key_generation() {
 19    let key = SigningKey::generate_k256();
 20    let did_key = key.to_did_key();
 21
 22    assert!(did_key.starts_with("did:key:z"));
 23
 24    // Verify key can be parsed back
 25    let verifying_key = VerifyingKey::from_did_key(&did_key).unwrap();
 26    assert_eq!(verifying_key, key.verifying_key());
 27}
 28
 29#[test]
 30fn test_p256_signing_and_verification() {
 31    let key = SigningKey::generate_p256();
 32    let data = b"The quick brown fox jumps over the lazy dog";
 33
 34    // Sign the data
 35    let signature = key.sign(data).unwrap();
 36    assert!(!signature.is_empty());
 37
 38    // Verify with correct key
 39    let verifying_key = key.verifying_key();
 40    assert!(verifying_key.verify(data, &signature).is_ok());
 41
 42    // Verify with wrong data should fail
 43    let wrong_data = b"The quick brown fox jumps over the lazy cat";
 44    assert!(verifying_key.verify(wrong_data, &signature).is_err());
 45
 46    // Verify with wrong key should fail
 47    let wrong_key = SigningKey::generate_p256();
 48    let wrong_verifying_key = wrong_key.verifying_key();
 49    assert!(wrong_verifying_key.verify(data, &signature).is_err());
 50}
 51
 52#[test]
 53fn test_k256_signing_and_verification() {
 54    let key = SigningKey::generate_k256();
 55    let data = b"Hello, world!";
 56
 57    // Sign the data
 58    let signature = key.sign(data).unwrap();
 59
 60    // Verify with correct key
 61    let verifying_key = key.verifying_key();
 62    assert!(verifying_key.verify(data, &signature).is_ok());
 63
 64    // Wrong key should fail
 65    let wrong_key = SigningKey::generate_k256();
 66    assert!(wrong_key.verifying_key().verify(data, &signature).is_err());
 67}
 68
 69#[test]
 70fn test_base64url_signing() {
 71    let key = SigningKey::generate_p256();
 72    let data = b"test data";
 73
 74    // Sign as base64url
 75    let signature_b64 = key.sign_base64url(data).unwrap();
 76    assert!(!signature_b64.contains('='));
 77    assert!(!signature_b64.contains('+'));
 78    assert!(!signature_b64.contains('/'));
 79
 80    // Verify base64url signature
 81    let verifying_key = key.verifying_key();
 82    assert!(verifying_key.verify_base64url(data, &signature_b64).is_ok());
 83}
 84
 85#[test]
 86fn test_signature_non_deterministic() {
 87    let key = SigningKey::generate_p256();
 88    let data = b"same data";
 89
 90    // Sign the same data twice
 91    let sig1 = key.sign(data).unwrap();
 92    let sig2 = key.sign(data).unwrap();
 93
 94    // Signatures should be different (ECDSA is non-deterministic)
 95    // Note: This might occasionally fail due to randomness, but is very unlikely
 96    // The important thing is both signatures verify correctly
 97    let verifying_key = key.verifying_key();
 98    assert!(verifying_key.verify(data, &sig1).is_ok());
 99    assert!(verifying_key.verify(data, &sig2).is_ok());
100}
101
102#[test]
103fn test_invalid_did_key_parsing() {
104    // Invalid prefix
105    assert!(VerifyingKey::from_did_key("not:a:did:key").is_err());
106
107    // Wrong DID method
108    assert!(VerifyingKey::from_did_key("did:web:example.com").is_err());
109
110    // Invalid base58
111    assert!(VerifyingKey::from_did_key("did:key:z!!!INVALID!!!").is_err());
112}
113
114#[test]
115fn test_did_key_roundtrip_multiple_keys() {
116    // Test with multiple different keys
117    let keys = vec![
118        SigningKey::generate_p256(),
119        SigningKey::generate_k256(),
120        SigningKey::generate_p256(),
121        SigningKey::generate_k256(),
122    ];
123
124    for key in keys {
125        let did_key = key.to_did_key();
126        let parsed = VerifyingKey::from_did_key(&did_key).unwrap();
127        assert_eq!(parsed, key.verifying_key());
128    }
129}
130
131// Note: VerifyingKey doesn't implement Serialize/Deserialize directly
132// because the underlying ECDSA types don't support it.
133// Keys are serialized as did:key strings instead.
134
135#[test]
136fn test_cross_curve_verification_fails() {
137    // Sign with P-256
138    let p256_key = SigningKey::generate_p256();
139    let data = b"test";
140    let signature = p256_key.sign(data).unwrap();
141
142    // Try to verify with K-256 should fail
143    let k256_key = SigningKey::generate_k256();
144    assert!(k256_key.verifying_key().verify(data, &signature).is_err());
145}