import { describe, test, expect } from 'bun:test'; import { SubtleCryptoProvider } from '../src/provider.js'; const crypto = new SubtleCryptoProvider(); describe('SubtleCryptoProvider', () => { // ─── X25519 ────────────────────────────────────────────── describe('X25519', () => { test('generates keypair with correct byte lengths', async () => { const kp = await crypto.generateX25519KeyPair(); expect(kp.publicKey).toBeInstanceOf(Uint8Array); expect(kp.privateKey).toBeInstanceOf(Uint8Array); expect(kp.publicKey.length).toBe(32); expect(kp.privateKey.length).toBe(32); }); test('two keypairs produce different keys', async () => { const a = await crypto.generateX25519KeyPair(); const b = await crypto.generateX25519KeyPair(); expect(a.publicKey).not.toEqual(b.publicKey); expect(a.privateKey).not.toEqual(b.privateKey); }); test('DH agreement: both sides derive same shared secret', async () => { const alice = await crypto.generateX25519KeyPair(); const bob = await crypto.generateX25519KeyPair(); const secretA = await crypto.x25519(alice.privateKey, bob.publicKey); const secretB = await crypto.x25519(bob.privateKey, alice.publicKey); expect(secretA.length).toBe(32); expect(secretA).toEqual(secretB); }); test('DH with different peers produces different secrets', async () => { const alice = await crypto.generateX25519KeyPair(); const bob = await crypto.generateX25519KeyPair(); const charlie = await crypto.generateX25519KeyPair(); const secretAB = await crypto.x25519(alice.privateKey, bob.publicKey); const secretAC = await crypto.x25519(alice.privateKey, charlie.publicKey); expect(secretAB).not.toEqual(secretAC); }); }); // ─── Ed25519 ───────────────────────────────────────────── describe('Ed25519', () => { test('generates keypair with correct byte lengths', async () => { const kp = await crypto.generateEd25519KeyPair(); expect(kp.publicKey.length).toBe(32); expect(kp.privateKey.length).toBe(32); }); test('sign and verify roundtrip', async () => { const kp = await crypto.generateEd25519KeyPair(); const message = new TextEncoder().encode('hello shade'); const sig = await crypto.sign(kp.privateKey, message); expect(sig.length).toBe(64); const valid = await crypto.verify(kp.publicKey, message, sig); expect(valid).toBe(true); }); test('verify fails with wrong public key', async () => { const alice = await crypto.generateEd25519KeyPair(); const bob = await crypto.generateEd25519KeyPair(); const message = new TextEncoder().encode('hello shade'); const sig = await crypto.sign(alice.privateKey, message); const valid = await crypto.verify(bob.publicKey, message, sig); expect(valid).toBe(false); }); test('verify fails with tampered message', async () => { const kp = await crypto.generateEd25519KeyPair(); const message = new TextEncoder().encode('hello shade'); const tampered = new TextEncoder().encode('hello SHADE'); const sig = await crypto.sign(kp.privateKey, message); const valid = await crypto.verify(kp.publicKey, tampered, sig); expect(valid).toBe(false); }); }); // ─── AES-256-GCM ──────────────────────────────────────── describe('AES-256-GCM', () => { test('encrypt/decrypt roundtrip', async () => { const key = crypto.randomBytes(32); const plaintext = new TextEncoder().encode('secret message'); const { ciphertext, nonce } = await crypto.aesGcmEncrypt(key, plaintext); expect(nonce.length).toBe(12); expect(ciphertext.length).toBeGreaterThan(plaintext.length); // includes auth tag const decrypted = await crypto.aesGcmDecrypt(key, ciphertext, nonce); expect(decrypted).toEqual(plaintext); }); test('each encryption produces unique nonce', async () => { const key = crypto.randomBytes(32); const plaintext = new TextEncoder().encode('same message'); const a = await crypto.aesGcmEncrypt(key, plaintext); const b = await crypto.aesGcmEncrypt(key, plaintext); expect(a.nonce).not.toEqual(b.nonce); expect(a.ciphertext).not.toEqual(b.ciphertext); }); test('wrong key fails decryption', async () => { const key1 = crypto.randomBytes(32); const key2 = crypto.randomBytes(32); const plaintext = new TextEncoder().encode('secret'); const { ciphertext, nonce } = await crypto.aesGcmEncrypt(key1, plaintext); expect(crypto.aesGcmDecrypt(key2, ciphertext, nonce)).rejects.toThrow(); }); test('tampered ciphertext fails decryption', async () => { const key = crypto.randomBytes(32); const plaintext = new TextEncoder().encode('secret'); const { ciphertext, nonce } = await crypto.aesGcmEncrypt(key, plaintext); ciphertext[0] ^= 0xff; // flip a byte expect(crypto.aesGcmDecrypt(key, ciphertext, nonce)).rejects.toThrow(); }); test('associated data (AAD) is authenticated', async () => { const key = crypto.randomBytes(32); const plaintext = new TextEncoder().encode('secret'); const aad = new TextEncoder().encode('header data'); const wrongAad = new TextEncoder().encode('wrong header'); const { ciphertext, nonce } = await crypto.aesGcmEncrypt(key, plaintext, aad); // Correct AAD works const decrypted = await crypto.aesGcmDecrypt(key, ciphertext, nonce, aad); expect(decrypted).toEqual(plaintext); // Wrong AAD fails expect(crypto.aesGcmDecrypt(key, ciphertext, nonce, wrongAad)).rejects.toThrow(); // Missing AAD fails expect(crypto.aesGcmDecrypt(key, ciphertext, nonce)).rejects.toThrow(); }); }); // ─── HKDF ─────────────────────────────────────────────── describe('HKDF-SHA256', () => { test('produces correct output length', async () => { const ikm = crypto.randomBytes(32); const salt = crypto.randomBytes(32); const info = new TextEncoder().encode('test'); const out32 = await crypto.hkdf(ikm, salt, info, 32); expect(out32.length).toBe(32); const out64 = await crypto.hkdf(ikm, salt, info, 64); expect(out64.length).toBe(64); }); test('deterministic: same inputs produce same output', async () => { const ikm = new Uint8Array(32).fill(0xab); const salt = new Uint8Array(32).fill(0xcd); const info = new TextEncoder().encode('deterministic test'); const a = await crypto.hkdf(ikm, salt, info, 32); const b = await crypto.hkdf(ikm, salt, info, 32); expect(a).toEqual(b); }); test('different info produces different output', async () => { const ikm = crypto.randomBytes(32); const salt = crypto.randomBytes(32); const a = await crypto.hkdf(ikm, salt, new TextEncoder().encode('info-a'), 32); const b = await crypto.hkdf(ikm, salt, new TextEncoder().encode('info-b'), 32); expect(a).not.toEqual(b); }); }); // ─── HMAC-SHA256 ──────────────────────────────────────── describe('HMAC-SHA256', () => { test('produces 32-byte output', async () => { const key = crypto.randomBytes(32); const data = new TextEncoder().encode('test data'); const mac = await crypto.hmacSha256(key, data); expect(mac.length).toBe(32); }); test('deterministic: same inputs produce same MAC', async () => { const key = new Uint8Array(32).fill(0x42); const data = new TextEncoder().encode('deterministic'); const a = await crypto.hmacSha256(key, data); const b = await crypto.hmacSha256(key, data); expect(a).toEqual(b); }); test('different key produces different MAC', async () => { const key1 = crypto.randomBytes(32); const key2 = crypto.randomBytes(32); const data = new TextEncoder().encode('test'); const a = await crypto.hmacSha256(key1, data); const b = await crypto.hmacSha256(key2, data); expect(a).not.toEqual(b); }); }); // ─── randomBytes ──────────────────────────────────────── describe('randomBytes', () => { test('produces correct length', () => { expect(crypto.randomBytes(16).length).toBe(16); expect(crypto.randomBytes(32).length).toBe(32); expect(crypto.randomBytes(64).length).toBe(64); }); test('produces different values each call', () => { const a = crypto.randomBytes(32); const b = crypto.randomBytes(32); expect(a).not.toEqual(b); }); }); });