sui_crypto/
simple.rs

1use crate::SignatureError;
2use signature::Verifier;
3use sui_sdk_types::SimpleSignature;
4use sui_sdk_types::UserSignature;
5
6pub struct SimpleVerifier;
7
8impl Verifier<SimpleSignature> for SimpleVerifier {
9    #[allow(unused_variables)]
10    fn verify(&self, message: &[u8], signature: &SimpleSignature) -> Result<(), SignatureError> {
11        match signature {
12            #[cfg(feature = "ed25519")]
13            SimpleSignature::Ed25519 {
14                signature,
15                public_key,
16            } => {
17                let verifying_key = crate::ed25519::Ed25519VerifyingKey::new(public_key)?;
18                verifying_key.verify(message, signature)
19            }
20            #[cfg(not(feature = "ed25519"))]
21            SimpleSignature::Ed25519 { .. } => Err(SignatureError::from_source(
22                "support for ed25519 is not enabled",
23            )),
24            #[cfg(feature = "secp256k1")]
25            SimpleSignature::Secp256k1 {
26                signature,
27                public_key,
28            } => {
29                let verifying_key = crate::secp256k1::Secp256k1VerifyingKey::new(public_key)?;
30                verifying_key.verify(message, signature)
31            }
32            #[cfg(not(feature = "secp256k1"))]
33            SimpleSignature::Secp256k1 { .. } => Err(SignatureError::from_source(
34                "support for secp256k1 is not enabled",
35            )),
36            #[cfg(feature = "secp256r1")]
37            SimpleSignature::Secp256r1 {
38                signature,
39                public_key,
40            } => {
41                let verifying_key = crate::secp256r1::Secp256r1VerifyingKey::new(public_key)?;
42                verifying_key.verify(message, signature)
43            }
44            #[cfg(not(feature = "secp256r1"))]
45            SimpleSignature::Secp256r1 { .. } => Err(SignatureError::from_source(
46                "support for secp256r1 is not enabled",
47            )),
48            _ => Err(SignatureError::from_source("unknown signature scheme")),
49        }
50    }
51}
52
53impl Verifier<UserSignature> for SimpleVerifier {
54    fn verify(&self, message: &[u8], signature: &UserSignature) -> Result<(), SignatureError> {
55        let UserSignature::Simple(signature) = signature else {
56            return Err(SignatureError::from_source("not a simple signature"));
57        };
58
59        <Self as Verifier<SimpleSignature>>::verify(self, message, signature)
60    }
61}
62
63#[cfg(any(feature = "ed25519", feature = "secp256r1", feature = "secp256k1",))]
64#[cfg_attr(
65    doc_cfg,
66    doc(cfg(any(feature = "ed25519", feature = "secp256r1", feature = "secp256k1",)))
67)]
68#[rustfmt::skip]
69pub use keypair::{SimpleKeypair, SimpleVerifiyingKey};
70
71#[cfg(any(feature = "ed25519", feature = "secp256r1", feature = "secp256k1",))]
72#[cfg_attr(
73    doc_cfg,
74    doc(cfg(any(feature = "ed25519", feature = "secp256r1", feature = "secp256k1",)))
75)]
76mod keypair {
77    use crate::SignatureError;
78    use signature::Signer;
79    use signature::Verifier;
80    use sui_sdk_types::MultisigMemberPublicKey;
81    use sui_sdk_types::SignatureScheme;
82    use sui_sdk_types::SimpleSignature;
83    use sui_sdk_types::UserSignature;
84
85    #[derive(Debug, Clone)]
86    pub struct SimpleKeypair {
87        inner: InnerKeypair,
88    }
89
90    #[derive(Debug, Clone)]
91    enum InnerKeypair {
92        #[cfg(feature = "ed25519")]
93        Ed25519(crate::ed25519::Ed25519PrivateKey),
94        #[cfg(feature = "secp256k1")]
95        Secp256k1(crate::secp256k1::Secp256k1PrivateKey),
96        #[cfg(feature = "secp256r1")]
97        Secp256r1(crate::secp256r1::Secp256r1PrivateKey),
98    }
99
100    impl SimpleKeypair {
101        pub fn scheme(&self) -> SignatureScheme {
102            match &self.inner {
103                #[cfg(feature = "ed25519")]
104                InnerKeypair::Ed25519(private_key) => private_key.scheme(),
105                #[cfg(feature = "secp256k1")]
106                InnerKeypair::Secp256k1(private_key) => private_key.scheme(),
107                #[cfg(feature = "secp256r1")]
108                InnerKeypair::Secp256r1(private_key) => private_key.scheme(),
109            }
110        }
111
112        pub fn verifying_key(&self) -> SimpleVerifiyingKey {
113            let verifying_key = match &self.inner {
114                #[cfg(feature = "ed25519")]
115                InnerKeypair::Ed25519(private_key) => {
116                    InnerVerifyingKey::Ed25519(private_key.verifying_key())
117                }
118                #[cfg(feature = "secp256k1")]
119                InnerKeypair::Secp256k1(private_key) => {
120                    InnerVerifyingKey::Secp256k1(private_key.verifying_key())
121                }
122                #[cfg(feature = "secp256r1")]
123                InnerKeypair::Secp256r1(private_key) => {
124                    InnerVerifyingKey::Secp256r1(private_key.verifying_key())
125                }
126            };
127
128            SimpleVerifiyingKey {
129                inner: verifying_key,
130            }
131        }
132
133        pub fn public_key(&self) -> MultisigMemberPublicKey {
134            self.verifying_key().public_key()
135        }
136
137        #[cfg(feature = "pem")]
138        #[cfg_attr(doc_cfg, doc(cfg(feature = "pem")))]
139        /// Deserialize PKCS#8 private key from ASN.1 DER-encoded data (binary format).
140        pub fn from_der(bytes: &[u8]) -> Result<Self, SignatureError> {
141            let private_key =
142                pkcs8::PrivateKeyInfo::try_from(bytes).map_err(SignatureError::from_source)?;
143
144            match private_key
145                .algorithm
146                .oids()
147                .map_err(SignatureError::from_source)?
148            {
149                #[cfg(feature = "ed25519")]
150                (ed25519_dalek::pkcs8::ALGORITHM_OID, None) => private_key
151                    .try_into()
152                    .map(crate::ed25519::Ed25519PrivateKey::from_dalek)
153                    .map(InnerKeypair::Ed25519)
154                    .map_err(SignatureError::from_source),
155
156                #[cfg(feature = "secp256r1")]
157                (
158                    p256::elliptic_curve::ALGORITHM_OID,
159                    Some(<p256::NistP256 as pkcs8::AssociatedOid>::OID),
160                ) => private_key
161                    .try_into()
162                    .map(crate::secp256r1::Secp256r1PrivateKey::from_p256)
163                    .map(InnerKeypair::Secp256r1)
164                    .map_err(SignatureError::from_source),
165
166                #[cfg(feature = "secp256k1")]
167                (
168                    k256::elliptic_curve::ALGORITHM_OID,
169                    Some(<k256::Secp256k1 as pkcs8::AssociatedOid>::OID),
170                ) => private_key
171                    .try_into()
172                    .map(crate::secp256k1::Secp256k1PrivateKey::from_k256)
173                    .map(InnerKeypair::Secp256k1)
174                    .map_err(SignatureError::from_source),
175
176                _ => Err(SignatureError::from_source(
177                    "unsupported or invalid private key type",
178                )),
179            }
180            .map(|inner| Self { inner })
181        }
182
183        #[cfg(feature = "pem")]
184        #[cfg_attr(doc_cfg, doc(cfg(feature = "pem")))]
185        /// Serialize this private key as DER-encoded PKCS#8
186        pub fn to_der(&self) -> Result<Vec<u8>, SignatureError> {
187            match &self.inner {
188                #[cfg(feature = "ed25519")]
189                InnerKeypair::Ed25519(private_key) => private_key.to_der(),
190                #[cfg(feature = "secp256k1")]
191                InnerKeypair::Secp256k1(private_key) => private_key.to_der(),
192                #[cfg(feature = "secp256r1")]
193                InnerKeypair::Secp256r1(private_key) => private_key.to_der(),
194            }
195        }
196
197        #[cfg(feature = "pem")]
198        #[cfg_attr(doc_cfg, doc(cfg(feature = "pem")))]
199        /// Deserialize PKCS#8-encoded private key from PEM.
200        pub fn from_pem(s: &str) -> Result<Self, SignatureError> {
201            use pkcs8::der::pem::PemLabel;
202
203            let (label, doc) =
204                pkcs8::SecretDocument::from_pem(s).map_err(SignatureError::from_source)?;
205            pkcs8::PrivateKeyInfo::validate_pem_label(label)
206                .map_err(SignatureError::from_source)?;
207            Self::from_der(doc.as_bytes())
208        }
209
210        #[cfg(feature = "pem")]
211        #[cfg_attr(doc_cfg, doc(cfg(feature = "pem")))]
212        /// Serialize this private key as DER-encoded PKCS#8
213        pub fn to_pem(&self) -> Result<String, SignatureError> {
214            match &self.inner {
215                #[cfg(feature = "ed25519")]
216                InnerKeypair::Ed25519(private_key) => private_key.to_pem(),
217                #[cfg(feature = "secp256k1")]
218                InnerKeypair::Secp256k1(private_key) => private_key.to_pem(),
219                #[cfg(feature = "secp256r1")]
220                InnerKeypair::Secp256r1(private_key) => private_key.to_pem(),
221            }
222        }
223    }
224
225    impl Signer<SimpleSignature> for SimpleKeypair {
226        fn try_sign(&self, message: &[u8]) -> Result<SimpleSignature, SignatureError> {
227            match &self.inner {
228                #[cfg(feature = "ed25519")]
229                InnerKeypair::Ed25519(private_key) => private_key.try_sign(message),
230                #[cfg(feature = "secp256k1")]
231                InnerKeypair::Secp256k1(private_key) => private_key.try_sign(message),
232                #[cfg(feature = "secp256r1")]
233                InnerKeypair::Secp256r1(private_key) => private_key.try_sign(message),
234            }
235        }
236    }
237
238    impl Signer<UserSignature> for SimpleKeypair {
239        fn try_sign(&self, msg: &[u8]) -> Result<UserSignature, SignatureError> {
240            <Self as Signer<SimpleSignature>>::try_sign(self, msg).map(UserSignature::Simple)
241        }
242    }
243
244    #[cfg(feature = "ed25519")]
245    #[cfg_attr(doc_cfg, doc(cfg(feature = "ed25519")))]
246    impl From<crate::ed25519::Ed25519PrivateKey> for SimpleKeypair {
247        fn from(private_key: crate::ed25519::Ed25519PrivateKey) -> Self {
248            Self {
249                inner: InnerKeypair::Ed25519(private_key),
250            }
251        }
252    }
253
254    #[cfg(feature = "secp256r1")]
255    #[cfg_attr(doc_cfg, doc(cfg(feature = "secp256r1")))]
256    impl From<crate::secp256r1::Secp256r1PrivateKey> for SimpleKeypair {
257        fn from(private_key: crate::secp256r1::Secp256r1PrivateKey) -> Self {
258            Self {
259                inner: InnerKeypair::Secp256r1(private_key),
260            }
261        }
262    }
263
264    #[cfg(feature = "secp256k1")]
265    #[cfg_attr(doc_cfg, doc(cfg(feature = "secp256k1")))]
266    impl From<crate::secp256k1::Secp256k1PrivateKey> for SimpleKeypair {
267        fn from(private_key: crate::secp256k1::Secp256k1PrivateKey) -> Self {
268            Self {
269                inner: InnerKeypair::Secp256k1(private_key),
270            }
271        }
272    }
273
274    #[derive(Debug, Clone, Eq, PartialEq)]
275    pub struct SimpleVerifiyingKey {
276        inner: InnerVerifyingKey,
277    }
278
279    #[derive(Debug, Clone, Eq, PartialEq)]
280    enum InnerVerifyingKey {
281        #[cfg(feature = "ed25519")]
282        Ed25519(crate::ed25519::Ed25519VerifyingKey),
283        #[cfg(feature = "secp256k1")]
284        Secp256k1(crate::secp256k1::Secp256k1VerifyingKey),
285        #[cfg(feature = "secp256r1")]
286        Secp256r1(crate::secp256r1::Secp256r1VerifyingKey),
287    }
288
289    impl SimpleVerifiyingKey {
290        pub fn scheme(&self) -> SignatureScheme {
291            match &self.inner {
292                #[cfg(feature = "ed25519")]
293                InnerVerifyingKey::Ed25519(verifying_key) => verifying_key.public_key().scheme(),
294                #[cfg(feature = "secp256k1")]
295                InnerVerifyingKey::Secp256k1(verifying_key) => verifying_key.public_key().scheme(),
296                #[cfg(feature = "secp256r1")]
297                InnerVerifyingKey::Secp256r1(verifying_key) => verifying_key.public_key().scheme(),
298            }
299        }
300
301        pub fn public_key(&self) -> MultisigMemberPublicKey {
302            match &self.inner {
303                #[cfg(feature = "ed25519")]
304                InnerVerifyingKey::Ed25519(verifying_key) => {
305                    MultisigMemberPublicKey::Ed25519(verifying_key.public_key())
306                }
307                #[cfg(feature = "secp256k1")]
308                InnerVerifyingKey::Secp256k1(verifying_key) => {
309                    MultisigMemberPublicKey::Secp256k1(verifying_key.public_key())
310                }
311                #[cfg(feature = "secp256r1")]
312                InnerVerifyingKey::Secp256r1(verifying_key) => {
313                    MultisigMemberPublicKey::Secp256r1(verifying_key.public_key())
314                }
315            }
316        }
317
318        #[cfg(feature = "pem")]
319        #[cfg_attr(doc_cfg, doc(cfg(feature = "pem")))]
320        /// Deserialize public key from ASN.1 DER-encoded data (binary format).
321        pub fn from_der(bytes: &[u8]) -> Result<Self, SignatureError> {
322            let public_key = pkcs8::SubjectPublicKeyInfoRef::try_from(bytes)
323                .map_err(SignatureError::from_source)?;
324
325            match public_key
326                .algorithm
327                .oids()
328                .map_err(SignatureError::from_source)?
329            {
330                #[cfg(feature = "ed25519")]
331                (ed25519_dalek::pkcs8::ALGORITHM_OID, None) => public_key
332                    .try_into()
333                    .map(crate::ed25519::Ed25519VerifyingKey::from_dalek)
334                    .map(InnerVerifyingKey::Ed25519)
335                    .map_err(SignatureError::from_source),
336
337                #[cfg(feature = "secp256r1")]
338                (
339                    p256::elliptic_curve::ALGORITHM_OID,
340                    Some(<p256::NistP256 as pkcs8::AssociatedOid>::OID),
341                ) => public_key
342                    .try_into()
343                    .map(crate::secp256r1::Secp256r1VerifyingKey::from_p256)
344                    .map(InnerVerifyingKey::Secp256r1)
345                    .map_err(SignatureError::from_source),
346
347                #[cfg(feature = "secp256k1")]
348                (
349                    k256::elliptic_curve::ALGORITHM_OID,
350                    Some(<k256::Secp256k1 as pkcs8::AssociatedOid>::OID),
351                ) => public_key
352                    .try_into()
353                    .map(crate::secp256k1::Secp256k1VerifyingKey::from_k256)
354                    .map(InnerVerifyingKey::Secp256k1)
355                    .map_err(SignatureError::from_source),
356
357                _ => Err(SignatureError::from_source(
358                    "unsupported or invalid public key type",
359                )),
360            }
361            .map(|inner| Self { inner })
362        }
363
364        #[cfg(feature = "pem")]
365        #[cfg_attr(doc_cfg, doc(cfg(feature = "pem")))]
366        /// Serialize this public key as DER-encoded data
367        pub fn to_der(&self) -> Result<Vec<u8>, SignatureError> {
368            match &self.inner {
369                #[cfg(feature = "ed25519")]
370                InnerVerifyingKey::Ed25519(verifying_key) => verifying_key.to_der(),
371                #[cfg(feature = "secp256k1")]
372                InnerVerifyingKey::Secp256k1(verifying_key) => verifying_key.to_der(),
373                #[cfg(feature = "secp256r1")]
374                InnerVerifyingKey::Secp256r1(verifying_key) => verifying_key.to_der(),
375            }
376        }
377
378        #[cfg(feature = "pem")]
379        #[cfg_attr(doc_cfg, doc(cfg(feature = "pem")))]
380        /// Deserialize public key from PEM.
381        pub fn from_pem(s: &str) -> Result<Self, SignatureError> {
382            use pkcs8::der::pem::PemLabel;
383
384            let (label, doc) = pkcs8::Document::from_pem(s).map_err(SignatureError::from_source)?;
385            pkcs8::SubjectPublicKeyInfoRef::validate_pem_label(label)
386                .map_err(SignatureError::from_source)?;
387            Self::from_der(doc.as_bytes())
388        }
389
390        #[cfg(feature = "pem")]
391        #[cfg_attr(doc_cfg, doc(cfg(feature = "pem")))]
392        /// Serialize this public key as PEM
393        pub fn to_pem(&self) -> Result<String, SignatureError> {
394            match &self.inner {
395                #[cfg(feature = "ed25519")]
396                InnerVerifyingKey::Ed25519(verifying_key) => verifying_key.to_pem(),
397                #[cfg(feature = "secp256k1")]
398                InnerVerifyingKey::Secp256k1(verifying_key) => verifying_key.to_pem(),
399                #[cfg(feature = "secp256r1")]
400                InnerVerifyingKey::Secp256r1(verifying_key) => verifying_key.to_pem(),
401            }
402        }
403    }
404
405    impl Verifier<SimpleSignature> for SimpleVerifiyingKey {
406        fn verify(
407            &self,
408            message: &[u8],
409            signature: &SimpleSignature,
410        ) -> Result<(), SignatureError> {
411            match &self.inner {
412                #[cfg(feature = "ed25519")]
413                InnerVerifyingKey::Ed25519(verifying_key) => {
414                    verifying_key.verify(message, signature)
415                }
416                #[cfg(feature = "secp256k1")]
417                InnerVerifyingKey::Secp256k1(verifying_key) => {
418                    verifying_key.verify(message, signature)
419                }
420                #[cfg(feature = "secp256r1")]
421                InnerVerifyingKey::Secp256r1(verifying_key) => {
422                    verifying_key.verify(message, signature)
423                }
424            }
425        }
426    }
427
428    impl Verifier<UserSignature> for SimpleVerifiyingKey {
429        fn verify(&self, message: &[u8], signature: &UserSignature) -> Result<(), SignatureError> {
430            let UserSignature::Simple(signature) = signature else {
431                return Err(SignatureError::from_source("not a simple signature"));
432            };
433
434            <Self as Verifier<SimpleSignature>>::verify(self, message, signature)
435        }
436    }
437
438    #[cfg(feature = "ed25519")]
439    #[cfg_attr(doc_cfg, doc(cfg(feature = "ed25519")))]
440    impl From<crate::ed25519::Ed25519VerifyingKey> for SimpleVerifiyingKey {
441        fn from(verifying_key: crate::ed25519::Ed25519VerifyingKey) -> Self {
442            Self {
443                inner: InnerVerifyingKey::Ed25519(verifying_key),
444            }
445        }
446    }
447
448    #[cfg(feature = "secp256r1")]
449    #[cfg_attr(doc_cfg, doc(cfg(feature = "secp256r1")))]
450    impl From<crate::secp256r1::Secp256r1VerifyingKey> for SimpleVerifiyingKey {
451        fn from(verifying_key: crate::secp256r1::Secp256r1VerifyingKey) -> Self {
452            Self {
453                inner: InnerVerifyingKey::Secp256r1(verifying_key),
454            }
455        }
456    }
457
458    #[cfg(feature = "secp256k1")]
459    #[cfg_attr(doc_cfg, doc(cfg(feature = "secp256k1")))]
460    impl From<crate::secp256k1::Secp256k1VerifyingKey> for SimpleVerifiyingKey {
461        fn from(verifying_key: crate::secp256k1::Secp256k1VerifyingKey) -> Self {
462            Self {
463                inner: InnerVerifyingKey::Secp256k1(verifying_key),
464            }
465        }
466    }
467}
468
469#[cfg(test)]
470mod test {
471    use super::*;
472    use crate::ed25519::Ed25519PrivateKey;
473    use crate::ed25519::Ed25519VerifyingKey;
474    use crate::secp256k1::Secp256k1PrivateKey;
475    use crate::secp256k1::Secp256k1VerifyingKey;
476    use crate::secp256r1::Secp256r1PrivateKey;
477    use crate::secp256r1::Secp256r1VerifyingKey;
478    use test_strategy::proptest;
479
480    #[cfg(target_arch = "wasm32")]
481    use wasm_bindgen_test::wasm_bindgen_test as test;
482
483    #[proptest]
484    fn ed25519_pem_der(signer: Ed25519PrivateKey) {
485        //
486        // Private Key
487        //
488        let public_key = signer.public_key();
489        let ed25519_der = signer.to_der().unwrap();
490        let ed25519_pem = signer.to_pem().unwrap();
491
492        // der and pem round-trip
493        let from_der = Ed25519PrivateKey::from_der(&ed25519_der).unwrap();
494        assert_eq!(from_der.public_key(), public_key);
495        let from_pem = Ed25519PrivateKey::from_pem(&ed25519_pem).unwrap();
496        assert_eq!(from_pem.public_key(), public_key);
497
498        // der and pem bytes don't convert to secp256r1 or secp256k1
499        Secp256r1PrivateKey::from_der(&ed25519_der).unwrap_err();
500        Secp256r1PrivateKey::from_pem(&ed25519_pem).unwrap_err();
501        Secp256k1PrivateKey::from_der(&ed25519_der).unwrap_err();
502        Secp256k1PrivateKey::from_pem(&ed25519_pem).unwrap_err();
503
504        // SimpleKeypair parses
505        let keypair_from_der = SimpleKeypair::from_der(&ed25519_der).unwrap();
506        assert_eq!(ed25519_der, keypair_from_der.to_der().unwrap());
507        let keypair_from_pem = SimpleKeypair::from_pem(&ed25519_pem).unwrap();
508        assert_eq!(ed25519_pem, keypair_from_pem.to_pem().unwrap());
509
510        //
511        // Verifying Key
512        //
513        let verifying_key = signer.verifying_key();
514        let der = verifying_key.to_der().unwrap();
515        let pem = verifying_key.to_pem().unwrap();
516
517        // der and pem round-trip
518        let from_der = Ed25519VerifyingKey::from_der(&der).unwrap();
519        assert_eq!(from_der.public_key(), public_key);
520        let from_pem = Ed25519VerifyingKey::from_pem(&pem).unwrap();
521        assert_eq!(from_pem.public_key(), public_key);
522
523        // der and pem bytes don't convert to secp256r1 or secp256k1
524        Secp256r1VerifyingKey::from_der(&der).unwrap_err();
525        Secp256r1VerifyingKey::from_pem(&pem).unwrap_err();
526        Secp256k1VerifyingKey::from_der(&der).unwrap_err();
527        Secp256k1VerifyingKey::from_pem(&pem).unwrap_err();
528
529        // SimpleKeypair parses
530        let from_der = SimpleVerifiyingKey::from_der(&der).unwrap();
531        assert_eq!(der, from_der.to_der().unwrap());
532        let from_pem = SimpleVerifiyingKey::from_pem(&pem).unwrap();
533        assert_eq!(pem, from_pem.to_pem().unwrap());
534    }
535
536    #[proptest]
537    fn secp256r1_pem_der(signer: Secp256r1PrivateKey) {
538        //
539        // Private Key
540        //
541        let public_key = signer.public_key();
542        let secp256r1_der = signer.to_der().unwrap();
543        let secp256r1_pem = signer.to_pem().unwrap();
544
545        // der and pem round-trip
546        let from_der = Secp256r1PrivateKey::from_der(&secp256r1_der).unwrap();
547        assert_eq!(from_der.public_key(), public_key);
548        let from_pem = Secp256r1PrivateKey::from_pem(&secp256r1_pem).unwrap();
549        assert_eq!(from_pem.public_key(), public_key);
550
551        // der and pem bytes don't convert to ed25519 or secp256k1
552        Ed25519PrivateKey::from_der(&secp256r1_der).unwrap_err();
553        Ed25519PrivateKey::from_pem(&secp256r1_pem).unwrap_err();
554        Secp256k1PrivateKey::from_der(&secp256r1_der).unwrap_err();
555        Secp256k1PrivateKey::from_pem(&secp256r1_pem).unwrap_err();
556
557        // SimpleKeypair parses
558        let keypair_from_der = SimpleKeypair::from_der(&secp256r1_der).unwrap();
559        assert_eq!(secp256r1_der, keypair_from_der.to_der().unwrap());
560        let keypair_from_pem = SimpleKeypair::from_pem(&secp256r1_pem).unwrap();
561        assert_eq!(secp256r1_pem, keypair_from_pem.to_pem().unwrap());
562
563        //
564        // Verifying Key
565        //
566        let verifying_key = signer.verifying_key();
567        let der = verifying_key.to_der().unwrap();
568        let pem = verifying_key.to_pem().unwrap();
569
570        // der and pem round-trip
571        let from_der = Secp256r1VerifyingKey::from_der(&der).unwrap();
572        assert_eq!(from_der.public_key(), public_key);
573        let from_pem = Secp256r1VerifyingKey::from_pem(&pem).unwrap();
574        assert_eq!(from_pem.public_key(), public_key);
575
576        // der and pem bytes don't convert to ed25519 or secp256k1
577        Ed25519VerifyingKey::from_der(&der).unwrap_err();
578        Ed25519VerifyingKey::from_pem(&pem).unwrap_err();
579        Secp256k1VerifyingKey::from_der(&der).unwrap_err();
580        Secp256k1VerifyingKey::from_pem(&pem).unwrap_err();
581
582        // SimpleKeypair parses
583        let from_der = SimpleVerifiyingKey::from_der(&der).unwrap();
584        assert_eq!(der, from_der.to_der().unwrap());
585        let from_pem = SimpleVerifiyingKey::from_pem(&pem).unwrap();
586        assert_eq!(pem, from_pem.to_pem().unwrap());
587    }
588
589    #[proptest]
590    fn secp256k1_pem_der(signer: Secp256k1PrivateKey) {
591        //
592        // Private Key
593        //
594        let public_key = signer.public_key();
595        let secp256k1_der = signer.to_der().unwrap();
596        let secp256k1_pem = signer.to_pem().unwrap();
597
598        // der and pem round-trip
599        let from_der = Secp256k1PrivateKey::from_der(&secp256k1_der).unwrap();
600        assert_eq!(from_der.public_key(), public_key);
601        let from_pem = Secp256k1PrivateKey::from_pem(&secp256k1_pem).unwrap();
602        assert_eq!(from_pem.public_key(), public_key);
603
604        // der and pem bytes don't convert to secp256r1 or ed25519
605        Ed25519PrivateKey::from_der(&secp256k1_der).unwrap_err();
606        Ed25519PrivateKey::from_pem(&secp256k1_pem).unwrap_err();
607        Secp256r1PrivateKey::from_der(&secp256k1_der).unwrap_err();
608        Secp256r1PrivateKey::from_pem(&secp256k1_pem).unwrap_err();
609
610        // SimpleKeypair parses
611        let keypair_from_der = SimpleKeypair::from_der(&secp256k1_der).unwrap();
612        assert_eq!(secp256k1_der, keypair_from_der.to_der().unwrap());
613        let keypair_from_pem = SimpleKeypair::from_pem(&secp256k1_pem).unwrap();
614        assert_eq!(secp256k1_pem, keypair_from_pem.to_pem().unwrap());
615
616        //
617        // Verifying Key
618        //
619        let verifying_key = signer.verifying_key();
620        let der = verifying_key.to_der().unwrap();
621        let pem = verifying_key.to_pem().unwrap();
622
623        // der and pem round-trip
624        let from_der = Secp256k1VerifyingKey::from_der(&der).unwrap();
625        assert_eq!(from_der.public_key(), public_key);
626        let from_pem = Secp256k1VerifyingKey::from_pem(&pem).unwrap();
627        assert_eq!(from_pem.public_key(), public_key);
628
629        // der and pem bytes don't convert to ed25519 or secp256r1
630        Ed25519VerifyingKey::from_der(&der).unwrap_err();
631        Ed25519VerifyingKey::from_pem(&pem).unwrap_err();
632        Secp256r1VerifyingKey::from_der(&der).unwrap_err();
633        Secp256r1VerifyingKey::from_pem(&pem).unwrap_err();
634
635        // SimpleKeypair parses
636        let from_der = SimpleVerifiyingKey::from_der(&der).unwrap();
637        assert_eq!(der, from_der.to_der().unwrap());
638        let from_pem = SimpleVerifiyingKey::from_pem(&pem).unwrap();
639        assert_eq!(pem, from_pem.to_pem().unwrap());
640    }
641}