lib-q-core 0.0.5

Core types and traits for lib-Q post-quantum cryptography library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386

//! Comprehensive tests for the new modular architecture
//!
//! This module tests the new modular architecture including providers,
//! security validation, and context management.

use lib_q_core::api::{
    Algorithm,
    AlgorithmCategory,
    CryptoProvider,
};
use lib_q_core::providers::LibQCryptoProvider;
use lib_q_core::security::SecurityValidator;
use lib_q_core::traits::{
    AeadKey,
    Nonce,
};

/// Test the main LibQCryptoProvider
#[cfg(feature = "std")]
#[test]
fn test_libq_crypto_provider() {
    let provider = LibQCryptoProvider::new();
    assert!(
        provider.is_ok(),
        "LibQCryptoProvider should be created successfully"
    );

    let provider = provider.unwrap();

    // Test that all operation providers are available
    assert!(provider.kem().is_some(), "KEM provider should be available");
    assert!(
        provider.signature().is_some(),
        "Signature provider should be available"
    );
    assert!(
        provider.hash().is_some(),
        "Hash provider should be available"
    );
    assert!(
        provider.aead().is_some(),
        "AEAD provider should be available"
    );
}

/// Test security validator creation and basic functionality
#[cfg(feature = "std")]
#[test]
fn test_security_validator() {
    let validator = SecurityValidator::new();
    assert!(
        validator.is_ok(),
        "SecurityValidator should be created successfully"
    );

    let validator = validator.unwrap();

    // Test algorithm category validation
    let result = validator.validate_algorithm_category(Algorithm::MlKem512, AlgorithmCategory::Kem);
    assert!(result.is_ok(), "Should accept correct algorithm category");

    let result =
        validator.validate_algorithm_category(Algorithm::MlKem512, AlgorithmCategory::Signature);
    assert!(
        result.is_err(),
        "Should reject incorrect algorithm category"
    );
}

/// Test key material validation
#[cfg(feature = "std")]
#[test]
fn test_key_material_validation() {
    let validator = SecurityValidator::new().unwrap();

    // Test valid key (use a more realistic key that passes entropy validation)
    let valid_key = vec![
        0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F,
        0x3C,
    ];
    let result = validator.validate_key_material(&valid_key);
    assert!(result.is_ok(), "Should accept valid key material");

    // Test zero key
    let zero_key = vec![0u8; 16];
    let result = validator.validate_key_material(&zero_key);
    assert!(result.is_err(), "Should reject zero key");

    // Test all-ones key
    let ones_key = vec![0xFFu8; 16];
    let result = validator.validate_key_material(&ones_key);
    assert!(result.is_err(), "Should reject all-ones key");

    // Test empty key
    let empty_key = vec![];
    let result = validator.validate_key_material(&empty_key);
    assert!(result.is_err(), "Should reject empty key");
}

/// Test message validation
#[cfg(feature = "std")]
#[test]
fn test_message_validation() {
    let validator = SecurityValidator::new().unwrap();

    // Test valid message
    let valid_message = vec![1u8; 1000];
    let result = validator.validate_aead_message(&valid_message);
    assert!(result.is_ok(), "Should accept valid AEAD payload size");

    // Test oversized message
    let oversized_message = vec![1u8; 2 * 1024 * 1024]; // 2MB
    let result = validator.validate_aead_message(&oversized_message);
    assert!(result.is_err(), "Should reject oversized AEAD payload");
}

/// Test nonce validation
#[cfg(feature = "std")]
#[test]
fn test_nonce_validation() {
    let validator = SecurityValidator::new().unwrap();

    // Test valid nonce
    let valid_nonce = vec![1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16];
    let result = validator.validate_nonce(&valid_nonce);
    assert!(result.is_ok(), "Should accept valid nonce");

    // Test wrong size nonce
    let wrong_size_nonce = vec![1, 2, 3, 4, 5, 6, 7, 8];
    let result = validator.validate_nonce(&wrong_size_nonce);
    assert!(result.is_err(), "Should reject wrong size nonce");

    // Test zero nonce
    let zero_nonce = vec![0u8; 16];
    let result = validator.validate_nonce(&zero_nonce);
    assert!(result.is_err(), "Should reject zero nonce");
}

/// Test constant-time comparison
#[cfg(feature = "std")]
#[test]
fn test_constant_time_compare() {
    let validator = SecurityValidator::new().unwrap();

    // Test equal slices
    let a = vec![1, 2, 3, 4];
    let b = vec![1, 2, 3, 4];
    assert!(
        validator.constant_time_compare(&a, &b),
        "Should return true for equal slices"
    );

    // Test different slices
    let c = vec![1, 2, 3, 5];
    assert!(
        !validator.constant_time_compare(&a, &c),
        "Should return false for different slices"
    );

    // Test different length slices
    let d = vec![1, 2, 3];
    assert!(
        !validator.constant_time_compare(&a, &d),
        "Should return false for different length slices"
    );
}

/// Test KEM provider with unsupported algorithms
#[cfg(feature = "std")]
#[test]
fn test_kem_provider_unsupported_algorithm() {
    let provider = LibQCryptoProvider::new().unwrap();
    let kem_provider = provider.kem().unwrap();

    // Test unsupported algorithm
    let result = kem_provider.generate_keypair(Algorithm::Sha3_256, None);
    assert!(
        result.is_err(),
        "Should return error for unsupported algorithm"
    );

    if let Err(lib_q_core::error::Error::InvalidAlgorithm { .. }) = result {
        // Expected error type
    } else {
        panic!("Expected InvalidAlgorithm error");
    }
}

/// Test signature provider with unsupported algorithms
#[cfg(feature = "std")]
#[test]
fn test_signature_provider_unsupported_algorithm() {
    let provider = LibQCryptoProvider::new().unwrap();
    let sig_provider = provider.signature().unwrap();

    // Test unsupported algorithm
    let result = sig_provider.generate_keypair(Algorithm::Sha3_256, None);
    assert!(
        result.is_err(),
        "Should return error for unsupported algorithm"
    );

    if let Err(lib_q_core::error::Error::InvalidAlgorithm { .. }) = result {
        // Expected error type
    } else {
        panic!("Expected InvalidAlgorithm error");
    }
}

/// Test hash provider with unsupported algorithms
#[cfg(feature = "std")]
#[test]
fn test_hash_provider_unsupported_algorithm() {
    let provider = LibQCryptoProvider::new().unwrap();
    let hash_provider = provider.hash().unwrap();

    // Test unsupported algorithm
    let result = hash_provider.hash(Algorithm::MlKem512, b"test data");
    assert!(
        result.is_err(),
        "Should return error for unsupported algorithm"
    );

    if let Err(lib_q_core::error::Error::InvalidAlgorithm { .. }) = result {
        // Expected error type
    } else {
        panic!("Expected InvalidAlgorithm error");
    }
}

/// Test AEAD provider with unsupported algorithms
#[cfg(feature = "std")]
#[test]
fn test_aead_provider_unsupported_algorithm() {
    let provider = LibQCryptoProvider::new().unwrap();
    let aead_provider = provider.aead().unwrap();

    let key = AeadKey::new(vec![0u8; 32]);
    let nonce = Nonce::new(vec![0u8; 16]);

    // Test unsupported algorithm
    let result = aead_provider.encrypt(Algorithm::MlKem512, &key, &nonce, b"test", None);
    assert!(
        result.is_err(),
        "Should return error for unsupported algorithm"
    );

    if let Err(lib_q_core::error::Error::InvalidAlgorithm { .. }) = result {
        // Expected error type
    } else {
        panic!("Expected InvalidAlgorithm error");
    }
}

/// Test feature flag handling
#[cfg(feature = "std")]
#[test]
fn test_feature_flag_handling() {
    let provider = LibQCryptoProvider::new().unwrap();
    let kem_provider = provider.kem().unwrap();

    // Test ML-KEM without feature flag (should return NotImplemented with feature flag message)
    let result = kem_provider.generate_keypair(Algorithm::MlKem512, None);
    assert!(
        result.is_err(),
        "Should return error when feature flag is not enabled"
    );

    if let Err(lib_q_core::error::Error::NotImplemented { feature }) = result {
        assert!(
            feature.contains("ML-KEM implementations are provided by the main lib-q crate"),
            "Error should mention that implementations are provided by main lib-q crate"
        );
    } else {
        panic!("Expected NotImplemented error");
    }
}

/// Test provider pattern integration
#[cfg(feature = "std")]
#[test]
fn test_provider_pattern_integration() {
    let provider = LibQCryptoProvider::new().unwrap();

    // Test that the provider implements CryptoProvider trait
    assert!(provider.kem().is_some());
    assert!(provider.signature().is_some());
    assert!(provider.hash().is_some());
    assert!(provider.aead().is_some());

    // Test that we can get references to the operation providers
    let kem_ops = provider.kem().unwrap();
    let sig_ops = provider.signature().unwrap();
    let hash_ops = provider.hash().unwrap();
    let aead_ops = provider.aead().unwrap();

    // Test that the operation providers implement their respective traits
    // (This is tested by the fact that we can call methods on them)
    let _ = kem_ops.generate_keypair(Algorithm::MlKem512, None);
    let _ = sig_ops.generate_keypair(Algorithm::MlDsa65, None);
    let _ = hash_ops.hash(Algorithm::Sha3_256, b"test");
    let _ = aead_ops.encrypt(
        Algorithm::Saturnin,
        &AeadKey::new(vec![0u8; 32]),
        &Nonce::new(vec![0u8; 16]),
        b"test",
        None,
    );
}

/// Test security validation integration
#[cfg(feature = "std")]
#[test]
fn test_security_validation_integration() {
    let provider = LibQCryptoProvider::new().unwrap();
    let kem_provider = provider.kem().unwrap();

    // Test that security validation is integrated into operations
    // This should fail due to invalid algorithm category
    let result = kem_provider.generate_keypair(Algorithm::Sha3_256, None);
    assert!(result.is_err(), "Should fail due to security validation");

    // Test that proper error types are returned
    if let Err(lib_q_core::error::Error::InvalidAlgorithm { .. }) = result {
        // Expected error type from security validation
    } else {
        panic!("Expected InvalidAlgorithm error from security validation");
    }
}

/// Test error handling consistency
#[cfg(feature = "std")]
#[test]
fn test_error_handling_consistency() {
    let provider = LibQCryptoProvider::new().unwrap();
    let kem_provider = provider.kem().unwrap();

    // Test that all providers return consistent error types
    let kem_result = kem_provider.generate_keypair(Algorithm::Sha3_256, None);
    let sig_result = provider
        .signature()
        .unwrap()
        .generate_keypair(Algorithm::Sha3_256, None);
    let hash_result = provider.hash().unwrap().hash(Algorithm::MlKem512, b"test");

    // All should return InvalidAlgorithm errors
    assert!(matches!(
        kem_result,
        Err(lib_q_core::error::Error::InvalidAlgorithm { .. })
    ));
    assert!(matches!(
        sig_result,
        Err(lib_q_core::error::Error::InvalidAlgorithm { .. })
    ));
    assert!(matches!(
        hash_result,
        Err(lib_q_core::error::Error::InvalidAlgorithm { .. })
    ));
}

/// Test modular architecture benefits
#[cfg(feature = "std")]
#[test]
fn test_modular_architecture_benefits() {
    // Test that we can create individual components
    let validator = SecurityValidator::new().unwrap();
    let provider = LibQCryptoProvider::new().unwrap();

    // Test that components work independently
    let valid_key = vec![
        0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F,
        0x3C,
    ];
    assert!(validator.validate_key_material(&valid_key).is_ok());
    assert!(provider.kem().is_some());

    // Test that components can be used together
    let kem_provider = provider.kem().unwrap();
    let result = kem_provider.generate_keypair(Algorithm::MlKem512, None);
    // Should fail due to feature flag, but the integration should work
    assert!(result.is_err());
    assert!(matches!(
        result,
        Err(lib_q_core::error::Error::NotImplemented { .. })
    ));
}