From 1e544a7d41718a58e8cc4012d7fe613d2e6bc24b Mon Sep 17 00:00:00 2001
From: thePR0M3TH3AN <53631862+PR0M3TH3AN@users.noreply.github.com>
Date: Sun, 3 Aug 2025 09:49:21 -0400
Subject: [PATCH] test: add fingerprint consistency tests for key derivation

---
 src/tests/test_key_derivation.py | 33 ++++++++++++++++++++++----------
 1 file changed, 23 insertions(+), 10 deletions(-)

diff --git a/src/tests/test_key_derivation.py b/src/tests/test_key_derivation.py
index e1806f3..433ff94 100644
--- a/src/tests/test_key_derivation.py
+++ b/src/tests/test_key_derivation.py
@@ -1,5 +1,6 @@
 import logging
 import pytest
+from utils.fingerprint import generate_fingerprint
 from utils.key_derivation import (
     derive_key_from_password,
     derive_key_from_password_argon2,
@@ -8,14 +9,19 @@ from utils.key_derivation import (
 )
 
 
-def test_derive_key_deterministic():
+def test_pbkdf2_fingerprint_affects_key():
     password = "correct horse battery staple"
-    fp = "fp"
-    key1 = derive_key_from_password(password, fp, iterations=1)
-    key2 = derive_key_from_password(password, fp, iterations=1)
+    fp1 = generate_fingerprint("seed one")
+    fp2 = generate_fingerprint("seed two")
+
+    key1 = derive_key_from_password(password, fp1, iterations=1)
+    key2 = derive_key_from_password(password, fp1, iterations=1)
+    key3 = derive_key_from_password(password, fp2, iterations=1)
+
     assert key1 == key2
+    assert key1 != key3
     assert len(key1) == 44
-    logging.info("Deterministic key derivation succeeded")
+    logging.info("PBKDF2 fingerprint behaviour verified")
 
 
 def test_derive_key_empty_password_error():
@@ -37,14 +43,21 @@ def test_derive_index_key_seed_only():
     assert derive_index_key(seed) == derive_index_key_seed_only(seed)
 
 
-def test_argon2_key_deterministic():
-    pw = "correct horse battery staple"
-    fp = "fp"
+def test_argon2_fingerprint_affects_key():
+    password = "correct horse battery staple"
+    fp1 = generate_fingerprint("seed one")
+    fp2 = generate_fingerprint("seed two")
+
     k1 = derive_key_from_password_argon2(
-        pw, fp, time_cost=1, memory_cost=8, parallelism=1
+        password, fp1, time_cost=1, memory_cost=8, parallelism=1
     )
     k2 = derive_key_from_password_argon2(
-        pw, fp, time_cost=1, memory_cost=8, parallelism=1
+        password, fp1, time_cost=1, memory_cost=8, parallelism=1
     )
+    k3 = derive_key_from_password_argon2(
+        password, fp2, time_cost=1, memory_cost=8, parallelism=1
+    )
+
     assert k1 == k2
+    assert k1 != k3
     assert len(k1) == 44