From 81e8d4ddddefaadbd0c387e8c306ae963dd603e8 Mon Sep 17 00:00:00 2001
From: Nedithgar Amirka <150447520+nedithgar@users.noreply.github.com>
Date: Wed, 15 Oct 2025 00:32:14 +0800
Subject: [PATCH] test: add integration tests for decrypting Ed25519 keys with
 AES-256-GCM and ChaCha20-Poly1305

---
 .../OpenSSHFormatIntegrationTests.swift       | 46 +++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/Tests/SwiftKeyGenTests/Integration/OpenSSHFormatIntegrationTests.swift b/Tests/SwiftKeyGenTests/Integration/OpenSSHFormatIntegrationTests.swift
index 63d51b6..e4fc238 100644
--- a/Tests/SwiftKeyGenTests/Integration/OpenSSHFormatIntegrationTests.swift
+++ b/Tests/SwiftKeyGenTests/Integration/OpenSSHFormatIntegrationTests.swift
@@ -723,6 +723,52 @@ struct OpenSSHFormatIntegrationTests {
             #expect(ourNormalized == theirNormalized, "Public keys should match")
         }
     }
+
+    @Test("ssh-keygen decrypts our aes256-gcm OpenSSH format Ed25519")
+    func testSSHKeygenDecryptsOurEncryptedEd25519AES256GCM() throws {
+        try IntegrationTestSupporter.withTemporaryDirectory { tempDir in
+            let key = try SwiftKeyGen.generateKey(type: .ed25519, comment: "encrypted-our-ed25519-aes256-gcm@example.com") as! Ed25519Key
+            let passphrase = "our-secret-passphrase-ed25519-aes256-gcm"
+
+            let keyPath = tempDir.appendingPathComponent("our_encrypted_key_aes256gcm")
+            let keyData = try OpenSSHPrivateKey.serialize(key: key, passphrase: passphrase, cipher: .aes256gcm)
+            try IntegrationTestSupporter.write(keyData, to: keyPath)
+
+            let result = try IntegrationTestSupporter.runSSHKeygen([
+                "-y", "-f", keyPath.path, "-P", passphrase
+            ])
+
+            #expect(result.succeeded, "ssh-keygen should decrypt our AES-256-GCM OpenSSH format")
+            #expect(result.stdout.contains("ssh-ed25519"), "Output should contain Ed25519 public key")
+
+            let ourNormalized = IntegrationTestSupporter.normalizeOpenSSHPublicKey(key.publicKeyString())
+            let theirNormalized = IntegrationTestSupporter.normalizeOpenSSHPublicKey(result.stdout)
+            #expect(ourNormalized == theirNormalized, "Public keys should match")
+        }
+    }
+
+    @Test("ssh-keygen decrypts our chacha20-poly1305 OpenSSH format Ed25519")
+    func testSSHKeygenDecryptsOurEncryptedEd25519ChaCha20Poly1305() throws {
+        try IntegrationTestSupporter.withTemporaryDirectory { tempDir in
+            let key = try SwiftKeyGen.generateKey(type: .ed25519, comment: "encrypted-our-ed25519-chacha20@example.com") as! Ed25519Key
+            let passphrase = "our-secret-passphrase-ed25519-chacha20"
+
+            let keyPath = tempDir.appendingPathComponent("our_encrypted_key_chacha20poly1305")
+            let keyData = try OpenSSHPrivateKey.serialize(key: key, passphrase: passphrase, cipher: .chacha20poly1305)
+            try IntegrationTestSupporter.write(keyData, to: keyPath)
+
+            let result = try IntegrationTestSupporter.runSSHKeygen([
+                "-y", "-f", keyPath.path, "-P", passphrase
+            ])
+
+            #expect(result.succeeded, "ssh-keygen should decrypt our ChaCha20-Poly1305 OpenSSH format")
+            #expect(result.stdout.contains("ssh-ed25519"), "Output should contain Ed25519 public key")
+
+            let ourNormalized = IntegrationTestSupporter.normalizeOpenSSHPublicKey(key.publicKeyString())
+            let theirNormalized = IntegrationTestSupporter.normalizeOpenSSHPublicKey(result.stdout)
+            #expect(ourNormalized == theirNormalized, "Public keys should match")
+        }
+    }
     
     @Test("ssh-keygen decrypts our encrypted OpenSSH format RSA", .tags(.rsa))
     func testSSHKeygenDecryptsOurEncryptedRSA() throws {