Skip to main content

uselesskey_ecdsa/
lib.rs

1#![forbid(unsafe_code)]
2
3//! ECDSA fixtures built on `uselesskey-core`.
4//!
5//! This crate is used by the `uselesskey` facade crate.
6//!
7//! # Usage
8//!
9//! The main entry point is the [`EcdsaFactoryExt`] trait, which adds the `.ecdsa()` method
10//! to [`Factory`](uselesskey_core::Factory).
11//!
12//! ```
13//! use uselesskey_core::Factory;
14//! use uselesskey_ecdsa::{EcdsaFactoryExt, EcdsaSpec};
15//!
16//! let fx = Factory::random();
17//! let keypair = fx.ecdsa("my-service", EcdsaSpec::es256());
18//!
19//! // Access key material in various formats
20//! let private_pem = keypair.private_key_pkcs8_pem();
21//! let private_der = keypair.private_key_pkcs8_der();
22//! let public_pem = keypair.public_key_spki_pem();
23//! let public_der = keypair.public_key_spki_der();
24//!
25//! assert!(private_pem.contains("BEGIN PRIVATE KEY"));
26//! ```
27//!
28//! # Deterministic Mode
29//!
30//! Use deterministic mode for reproducible test fixtures:
31//!
32//! ```
33//! use uselesskey_core::{Factory, Seed};
34//! use uselesskey_ecdsa::{EcdsaFactoryExt, EcdsaSpec};
35//!
36//! let seed = Seed::from_env_value("test-seed").unwrap();
37//! let fx = Factory::deterministic(seed);
38//!
39//! // Same seed + label + spec = same key
40//! let key1 = fx.ecdsa("issuer", EcdsaSpec::es256());
41//! let key2 = fx.ecdsa("issuer", EcdsaSpec::es256());
42//! assert_eq!(key1.private_key_pkcs8_pem(), key2.private_key_pkcs8_pem());
43//!
44//! // Different labels produce different keys
45//! let key3 = fx.ecdsa("other", EcdsaSpec::es256());
46//! assert_ne!(key1.private_key_pkcs8_pem(), key3.private_key_pkcs8_pem());
47//! ```
48//!
49//! # Negative Fixtures
50//!
51//! Generate intentionally broken keys for testing error handling:
52//!
53//! ```
54//! use uselesskey_core::Factory;
55//! use uselesskey_core::negative::CorruptPem;
56//! use uselesskey_ecdsa::{EcdsaFactoryExt, EcdsaSpec};
57//!
58//! let fx = Factory::random();
59//! let keypair = fx.ecdsa("test", EcdsaSpec::es256());
60//!
61//! // Corrupted PEM
62//! let bad_pem = keypair.private_key_pkcs8_pem_corrupt(CorruptPem::BadHeader);
63//!
64//! // Truncated DER
65//! let truncated = keypair.private_key_pkcs8_der_truncated(10);
66//!
67//! // Mismatched public key (valid but from a different keypair)
68//! let wrong_pub = keypair.mismatched_public_key_spki_der();
69//! ```
70//!
71//! # Available Specs
72//!
73//! | Spec | Curve | JWT Algorithm |
74//! |------|-------|---------------|
75//! | [`EcdsaSpec::es256()`] | P-256 (secp256r1) | ES256 |
76//! | [`EcdsaSpec::es384()`] | P-384 (secp384r1) | ES384 |
77
78mod keypair;
79mod spec;
80
81pub use keypair::{DOMAIN_ECDSA_KEYPAIR, EcdsaFactoryExt, EcdsaKeyPair};
82pub use spec::EcdsaSpec;