//! compatibility checks against the Tor client Arti original `tor-llcrypto` code.

use hex_literal::hex;

use mix_hs::ed25519_keyblind::{conversion, ed25519, key_blinding};
use tor_llcrypto::pk as arti_pk;
use x25519_dalek::{PublicKey as XPublicKey, StaticSecret as XStaticSecret};

#[test]
fn keypair_bytes_and_signature_match_arti() {
    let expanded_secret = hex!(
        "c0a4de23cc64392d85aa1da82b3defddbea946d13bb053bf8489fa9296281f49"
        "5022f1f7ec0dcf52f07d4c7965c4eaed121d5d88d0a8ff546b06116a20e97755"
    );
    let message = b"bit-for-bit expanded Ed25519 compatibility";

    let extracted = ed25519::ExpandedKeypair::from_secret_key_bytes(expanded_secret);
    let original =
        arti_pk::ed25519::ExpandedKeypair::from_secret_key_bytes(expanded_secret).unwrap();

    assert_eq!(
        extracted.to_secret_key_bytes(),
        original.to_secret_key_bytes()
    );
    assert_eq!(extracted.public().to_bytes(), original.public().to_bytes());
    assert_eq!(
        extracted.sign(message).to_bytes(),
        original.sign(message).to_bytes()
    );
}

#[test]
fn curve25519_conversion_match_arti() {
    let curve_secret = hex!("5c8eac469bb3f1b85bc7cd893f52dc42a9ab66f1b02b5ce6a68e9b175d3bb433");

    let extracted_sk = XStaticSecret::from(curve_secret);
    let original_sk = arti_pk::curve25519::StaticSecret::from(curve_secret);
    let extracted_pk = XPublicKey::from(&extracted_sk);
    let original_curve_pk = arti_pk::curve25519::PublicKey::from(&original_sk);

    assert_eq!(extracted_pk.to_bytes(), original_curve_pk.to_bytes());

    let extracted_pub = conversion::convert_curve25519_to_ed25519_public(&extracted_pk, 1).unwrap();
    let original_pub =
        arti_pk::keymanip::convert_curve25519_to_ed25519_public(&original_curve_pk, 1).unwrap();
    assert_eq!(extracted_pub.to_bytes(), original_pub.to_bytes());

    let (extracted_ed, extracted_signbit) =
        conversion::convert_curve25519_to_ed25519_private(&extracted_sk).unwrap();
    let (original_ed, original_signbit) =
        arti_pk::keymanip::convert_curve25519_to_ed25519_private(&original_sk).unwrap();

    assert_eq!(extracted_signbit, original_signbit);
    assert_eq!(
        extracted_ed.to_secret_key_bytes(),
        original_ed.to_secret_key_bytes()
    );
    assert_eq!(
        extracted_ed.public().to_bytes(),
        original_ed.public().to_bytes()
    );
}

#[test]
fn blinded_keypair_and_signature_match_arti() {
    let seed = hex!("67e3aa7a14fac8445d15e45e38a523481a69ae35513c9e4143eb1c2196729a0e");
    let blinding_param = hex!("ac78a1d46faf3bfbbdc5af5f053dc6dc9023ed78236bec1760dadfd0b2603760");
    let message = b"bit-for-bit blinded Ed25519 compatibility";

    let extracted_kp = ed25519::ExpandedKeypair::from(&ed25519::Keypair::from_bytes(&seed));
    let original_kp =
        arti_pk::ed25519::ExpandedKeypair::from(&arti_pk::ed25519::Keypair::from_bytes(&seed));

    let extracted_blinded = key_blinding::blind_keypair(&extracted_kp, blinding_param).unwrap();
    let original_blinded = arti_pk::keymanip::blind_keypair(&original_kp, blinding_param).unwrap();

    assert_eq!(
        extracted_blinded.to_secret_key_bytes(),
        original_blinded.to_secret_key_bytes()
    );
    assert_eq!(
        extracted_blinded.public().to_bytes(),
        original_blinded.public().to_bytes()
    );
    assert_eq!(
        extracted_blinded.sign(message).to_bytes(),
        original_blinded.sign(message).to_bytes()
    );
}