use base64::Engine;
use base64::engine::general_purpose::STANDARD as BASE64;
use serde::Deserialize;
use serde_json::Value;
use sha2::{Digest, Sha256};
use sha3::Sha3_256;
use std::collections::HashSet;
use std::fs;
use std::path::PathBuf;
use dcp_ai::providers::ed25519::Ed25519Provider;
use dcp_ai::providers::ml_dsa_65::MlDsa65Provider;
use dcp_ai::v2::canonicalize::canonicalize_v2;
use dcp_ai::v2::composite_ops::{composite_verify, CompositeKeyInfo};
use dcp_ai::v2::composite_sig::CompositeSignature;
use dcp_ai::v2::crypto_provider::{derive_kid, CryptoProvider};
use dcp_ai::v2::domain_separation::{
domain_separated_message, CTX_AGENT_PASSPORT, CTX_AUDIT_EVENT, CTX_AWARENESS, CTX_BUNDLE,
CTX_DELEGATION, CTX_DISPUTE, CTX_HUMAN_CONFIRMATION, CTX_INTENT,
CTX_JURISDICTION_ATTESTATION, CTX_KEY_ROTATION, CTX_LIFECYCLE, CTX_MULTI_PARTY_AUTH,
CTX_POLICY_DECISION, CTX_PROOF_OF_POSSESSION, CTX_RESPONSIBLE_PRINCIPAL, CTX_REVOCATION,
CTX_RIGHTS, CTX_SUCCESSION,
};
fn vectors_path() -> PathBuf {
let manifest = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
manifest
.parent()
.unwrap()
.parent()
.unwrap()
.join("tests")
.join("interop")
.join("v2")
.join("interop_vectors.json")
}
fn load_vectors() -> Value {
let data = fs::read_to_string(vectors_path()).expect("read interop vectors");
serde_json::from_str(&data).expect("parse interop vectors")
}
fn hex_encode(data: &[u8]) -> String {
hex::encode(data)
}
fn sha256_hex(data: &[u8]) -> String {
let hash = Sha256::digest(data);
hex::encode(hash)
}
fn sha3_256_hex(data: &[u8]) -> String {
let hash = Sha3_256::digest(data);
hex::encode(hash)
}
fn ctx_map() -> Vec<(&'static str, &'static str)> {
vec![
("AgentPassport", CTX_AGENT_PASSPORT),
("ResponsiblePrincipal", CTX_RESPONSIBLE_PRINCIPAL),
("Intent", CTX_INTENT),
("PolicyDecision", CTX_POLICY_DECISION),
("AuditEvent", CTX_AUDIT_EVENT),
("Bundle", CTX_BUNDLE),
("Revocation", CTX_REVOCATION),
("KeyRotation", CTX_KEY_ROTATION),
("ProofOfPossession", CTX_PROOF_OF_POSSESSION),
("JurisdictionAttestation", CTX_JURISDICTION_ATTESTATION),
("HumanConfirmation", CTX_HUMAN_CONFIRMATION),
("MultiPartyAuth", CTX_MULTI_PARTY_AUTH),
("Lifecycle", CTX_LIFECYCLE),
("Succession", CTX_SUCCESSION),
("Dispute", CTX_DISPUTE),
("Rights", CTX_RIGHTS),
("Delegation", CTX_DELEGATION),
("Awareness", CTX_AWARENESS),
]
}
#[test]
fn interop_kid_ed25519() {
let v = load_vectors();
let kd = &v["kid_derivation"]["ed25519"];
let alg = kd["alg"].as_str().unwrap();
let pk_b64 = kd["public_key_b64"].as_str().unwrap();
let expected = kd["expected_kid"].as_str().unwrap();
let pk_bytes = BASE64.decode(pk_b64).unwrap();
let kid = derive_kid(alg, &pk_bytes);
assert_eq!(kid, expected);
}
#[test]
fn interop_kid_ml_dsa_65() {
let v = load_vectors();
let kd = &v["kid_derivation"]["ml_dsa_65"];
let alg = kd["alg"].as_str().unwrap();
let pk_b64 = kd["public_key_b64"].as_str().unwrap();
let expected = kd["expected_kid"].as_str().unwrap();
let pk_bytes = BASE64.decode(pk_b64).unwrap();
let kid = derive_kid(alg, &pk_bytes);
assert_eq!(kid, expected);
}
#[test]
fn interop_canonicalization() {
let v = load_vectors();
for name in &["agent_passport", "intent", "audit_event"] {
let entry = &v["canonicalization"][name];
let input = &entry["input"];
let expected = entry["expected_canonical"].as_str().unwrap();
let canonical = canonicalize_v2(input).unwrap();
assert_eq!(canonical, expected, "canonical mismatch for {}", name);
}
}
#[test]
fn interop_payload_hashes() {
let v = load_vectors();
for name in &["agent_passport", "intent", "audit_event"] {
let canonical = v["canonicalization"][name]["expected_canonical"]
.as_str()
.unwrap();
let expected_sha256 = v["payload_hashes"][name]["sha256"].as_str().unwrap();
let expected_sha3 = v["payload_hashes"][name]["sha3_256"].as_str().unwrap();
assert_eq!(sha256_hex(canonical.as_bytes()), expected_sha256, "sha256 for {}", name);
assert_eq!(sha3_256_hex(canonical.as_bytes()), expected_sha3, "sha3 for {}", name);
}
}
#[test]
fn interop_domain_separation_all_contexts() {
let v = load_vectors();
let payload = v["domain_separation_all_contexts"]["payload_canonical"]
.as_str()
.unwrap();
let dsm_expected = &v["domain_separation_all_contexts"]["dsm_hex"];
let mut seen = HashSet::new();
for (name, ctx) in ctx_map() {
let dsm = domain_separated_message(ctx, payload.as_bytes()).unwrap();
let hex_val = hex_encode(&dsm);
let expected = dsm_expected[name].as_str().unwrap();
assert_eq!(hex_val, expected, "DSM mismatch for {}", name);
seen.insert(hex_val);
}
assert_eq!(seen.len(), ctx_map().len(), "DSMs must all be distinct");
}
#[test]
fn interop_ed25519_signatures() {
let v = load_vectors();
let ed = Ed25519Provider;
let pub_key_b64 = v["test_keys"]["ed25519"]["public_key_b64"].as_str().unwrap();
for sig_name in &["passport_ed25519", "intent_ed25519", "audit_ed25519"] {
let entry = &v["ed25519_signatures"][sig_name];
let context = entry["context"].as_str().unwrap();
let payload_key = entry["payload_key"].as_str().unwrap();
let sig_b64 = entry["sig_b64"].as_str().unwrap();
let canonical = v["canonicalization"][payload_key]["expected_canonical"]
.as_str()
.unwrap();
let dsm = domain_separated_message(context, canonical.as_bytes()).unwrap();
let sig_bytes = BASE64.decode(sig_b64).unwrap();
let valid = ed.verify(&dsm, &sig_bytes, pub_key_b64).unwrap();
assert!(valid, "Ed25519 sig {} should verify", sig_name);
}
}
fn parse_composite_sig(v: &Value) -> CompositeSignature {
serde_json::from_value(v.clone()).expect("parse composite sig")
}
#[test]
fn interop_composite_signatures() {
let v = load_vectors();
let ed = Ed25519Provider;
let ml = MlDsa65Provider;
let ed_pk = v["test_keys"]["ed25519"]["public_key_b64"].as_str().unwrap();
let ml_pk = v["test_keys"]["ml_dsa_65"]["public_key_b64"].as_str().unwrap();
for comp_name in &["passport_composite", "intent_composite", "audit_composite"] {
let entry = &v["composite_signatures"][comp_name];
let context = entry["context"].as_str().unwrap();
let payload_key = entry["payload_key"].as_str().unwrap();
let comp_sig = parse_composite_sig(&entry["composite_sig"]);
let canonical = v["canonicalization"][payload_key]["expected_canonical"]
.as_str()
.unwrap();
let result = composite_verify(
&ed,
Some(&ml as &dyn CryptoProvider),
context,
canonical.as_bytes(),
&comp_sig,
ed_pk,
Some(ml_pk),
)
.unwrap();
assert!(result.valid, "composite {} should be valid", comp_name);
assert!(result.classical_valid, "classical should be valid for {}", comp_name);
assert!(result.pq_valid, "PQ should be valid for {}", comp_name);
}
}
#[test]
fn interop_classical_only() {
let v = load_vectors();
let ed = Ed25519Provider;
let entry = &v["classical_only_signatures"]["intent_classical_only"];
let context = entry["context"].as_str().unwrap();
let payload_key = entry["payload_key"].as_str().unwrap();
let comp_sig = parse_composite_sig(&entry["composite_sig"]);
let canonical = v["canonicalization"][payload_key]["expected_canonical"]
.as_str()
.unwrap();
let ed_pk = v["test_keys"]["ed25519"]["public_key_b64"].as_str().unwrap();
let result = composite_verify(&ed, None, context, canonical.as_bytes(), &comp_sig, ed_pk, None).unwrap();
assert!(result.valid);
assert!(result.classical_valid);
assert!(!result.pq_valid);
}
#[test]
fn interop_stripping_pq_removal() {
let v = load_vectors();
let ed = Ed25519Provider;
let ml = MlDsa65Provider;
let av = &v["attack_vectors"]["stripping_pq_removal"];
let comp_sig = parse_composite_sig(&av["composite_sig"]);
let payload_key = av["payload_key"].as_str().unwrap();
let context = av["context"].as_str().unwrap();
let canonical = v["canonicalization"][payload_key]["expected_canonical"].as_str().unwrap();
let ed_pk = v["test_keys"]["ed25519"]["public_key_b64"].as_str().unwrap();
let ml_pk = v["test_keys"]["ml_dsa_65"]["public_key_b64"].as_str().unwrap();
let result = composite_verify(
&ed, Some(&ml as &dyn CryptoProvider), context, canonical.as_bytes(),
&comp_sig, ed_pk, Some(ml_pk),
);
match result {
Ok(r) => assert!(!r.valid, "stripped PQ should fail"),
Err(_) => {} }
}
#[test]
fn interop_stripping_with_downgrade() {
let v = load_vectors();
let ed = Ed25519Provider;
let av = &v["attack_vectors"]["stripping_pq_with_downgrade"];
let comp_sig = parse_composite_sig(&av["composite_sig"]);
let payload_key = av["payload_key"].as_str().unwrap();
let context = av["context"].as_str().unwrap();
let canonical = v["canonicalization"][payload_key]["expected_canonical"].as_str().unwrap();
let ed_pk = v["test_keys"]["ed25519"]["public_key_b64"].as_str().unwrap();
let result = composite_verify(&ed, None, context, canonical.as_bytes(), &comp_sig, ed_pk, None).unwrap();
assert!(result.classical_valid, "classical should still verify");
assert!(!result.pq_valid, "PQ should be missing");
}
#[test]
fn interop_tampered_classical() {
let v = load_vectors();
let ed = Ed25519Provider;
let ml = MlDsa65Provider;
let av = &v["attack_vectors"]["tampered_classical_sig"];
let comp_sig = parse_composite_sig(&av["composite_sig"]);
let payload_key = av["payload_key"].as_str().unwrap();
let context = av["context"].as_str().unwrap();
let canonical = v["canonicalization"][payload_key]["expected_canonical"].as_str().unwrap();
let ed_pk = v["test_keys"]["ed25519"]["public_key_b64"].as_str().unwrap();
let ml_pk = v["test_keys"]["ml_dsa_65"]["public_key_b64"].as_str().unwrap();
let result = composite_verify(
&ed, Some(&ml as &dyn CryptoProvider), context, canonical.as_bytes(),
&comp_sig, ed_pk, Some(ml_pk),
).unwrap();
assert!(!result.valid, "tampered classical should fail");
assert!(!result.classical_valid, "classical sig should not verify");
}
#[test]
fn interop_tampered_pq() {
let v = load_vectors();
let ed = Ed25519Provider;
let ml = MlDsa65Provider;
let av = &v["attack_vectors"]["tampered_pq_sig"];
let comp_sig = parse_composite_sig(&av["composite_sig"]);
let payload_key = av["payload_key"].as_str().unwrap();
let context = av["context"].as_str().unwrap();
let canonical = v["canonicalization"][payload_key]["expected_canonical"].as_str().unwrap();
let ed_pk = v["test_keys"]["ed25519"]["public_key_b64"].as_str().unwrap();
let ml_pk = v["test_keys"]["ml_dsa_65"]["public_key_b64"].as_str().unwrap();
let result = composite_verify(
&ed, Some(&ml as &dyn CryptoProvider), context, canonical.as_bytes(),
&comp_sig, ed_pk, Some(ml_pk),
).unwrap();
assert!(!result.valid, "tampered PQ should fail");
assert!(!result.pq_valid, "PQ sig should not verify");
}
#[test]
fn interop_cross_context_replay_fails() {
let v = load_vectors();
let ed = Ed25519Provider;
let ml = MlDsa65Provider;
let av = &v["attack_vectors"]["cross_context_replay"];
let comp_sig = parse_composite_sig(&av["composite_sig"]);
let payload_key = av["payload_key"].as_str().unwrap();
let verify_ctx = av["verify_context"].as_str().unwrap();
let sign_ctx = av["sign_context"].as_str().unwrap();
let canonical = v["canonicalization"][payload_key]["expected_canonical"].as_str().unwrap();
let ed_pk = v["test_keys"]["ed25519"]["public_key_b64"].as_str().unwrap();
let ml_pk = v["test_keys"]["ml_dsa_65"]["public_key_b64"].as_str().unwrap();
let wrong = composite_verify(
&ed, Some(&ml as &dyn CryptoProvider), verify_ctx, canonical.as_bytes(),
&comp_sig, ed_pk, Some(ml_pk),
).unwrap();
assert!(!wrong.valid, "cross-context replay should fail");
let correct = composite_verify(
&ed, Some(&ml as &dyn CryptoProvider), sign_ctx, canonical.as_bytes(),
&comp_sig, ed_pk, Some(ml_pk),
).unwrap();
assert!(correct.valid, "correct context should pass");
}
#[test]
fn interop_session_splicing() {
let v = load_vectors();
let ed = Ed25519Provider;
let ml = MlDsa65Provider;
let ed_pk = v["test_keys"]["ed25519"]["public_key_b64"].as_str().unwrap();
let ml_pk = v["test_keys"]["ml_dsa_65"]["public_key_b64"].as_str().unwrap();
let sa = &v["session_splicing"]["session_a"];
let sb = &v["session_splicing"]["session_b"];
let nonce_a = sa["nonce"].as_str().unwrap();
let nonce_b = sb["nonce"].as_str().unwrap();
assert_ne!(nonce_a, nonce_b, "session nonces must differ");
let passport_nonce = sa["passport"]["session_nonce"].as_str().unwrap();
let intent_nonce = sb["intent"]["session_nonce"].as_str().unwrap();
assert_ne!(passport_nonce, intent_nonce, "cross-session nonces must mismatch");
let passport_canonical = sa["passport_canonical"].as_str().unwrap();
let passport_sig = parse_composite_sig(&sa["passport_composite_sig"]);
let pa = composite_verify(
&ed, Some(&ml as &dyn CryptoProvider), CTX_AGENT_PASSPORT,
passport_canonical.as_bytes(), &passport_sig, ed_pk, Some(ml_pk),
).unwrap();
assert!(pa.valid, "passport A should verify");
let intent_canonical = sb["intent_canonical"].as_str().unwrap();
let intent_sig = parse_composite_sig(&sb["intent_composite_sig"]);
let ib = composite_verify(
&ed, Some(&ml as &dyn CryptoProvider), CTX_INTENT,
intent_canonical.as_bytes(), &intent_sig, ed_pk, Some(ml_pk),
).unwrap();
assert!(ib.valid, "intent B should verify");
}
#[test]
fn canonicalization_edge_cases() {
use dcp_ai::v2::canonicalize::canonicalize_v2;
let v = load_vectors();
let edge = v["canonicalization"]["edge_cases"]["vectors"]
.as_array()
.expect("edge_cases.vectors array missing");
for vec in edge {
let name = vec["name"].as_str().unwrap_or("?");
let payload: Value = if let Some(raw_json) = vec["input_json"].as_str() {
serde_json::from_str(raw_json)
.unwrap_or_else(|e| panic!("{name}: bad input_json: {e}"))
} else if !vec["input"].is_null() {
vec["input"].clone()
} else if let Some(_) = vec.get("input") {
vec["input"].clone()
} else {
panic!("{name}: neither input nor input_json")
};
let expects_error = vec["expects_error"].as_bool().unwrap_or(false);
let result = canonicalize_v2(&payload);
if expects_error {
assert!(
result.is_err(),
"{name}: expected error, got {:?}",
result
);
} else {
let want = vec["canonical"].as_str().expect("canonical field");
let got = result.unwrap_or_else(|e| panic!("{name}: {e}"));
assert_eq!(got, want, "{name}: canonical mismatch");
}
}
}