Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add basic asymmetric roundtrip tests #4314

Draft
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

reneme
Copy link
Collaborator

@reneme reneme commented Aug 16, 2024

Pull Request Dependencies

Description

This piggy-backs on the PK_Key_Generation_Test to perform basic roundtrip tests for Sign/Verify, Encrypt/Decrypt, Encaps/Decaps, and Key Agreement, depending on the capabilities of the keys.

The goal is explicitly not to be an exhaustive test but rather be a centralized sanity-check for the PK_*** operators and their meta-data methods. We added it mostly to serve as a place for testing whether the new set_associated_data() setting survives multiple signature/verify operations; and figured that it doesn't hurt to roundtrip-test all the other flavors as well.

This could probably also replace some of the roundtrip-tests in the new PQ implementations. We'll look into cleaning up their test harnesses after the FIPSes are implemented and merged.

Caveat

We'll have to have a look at whether that adds too much time to the test harness. Edit: it almost doubles the runtime of the entire unit test harness on my laptop. That's probably not okay! Hence, in test runs that don't set --run-long-tests we only run those roundtrips for the first parameter set of each algorithm.

reneme and others added 2 commits August 16, 2024 11:51
This is a new concept introduced by FIPS 204 and 205 (ML-DSA, SLH-DSA)
where applications get the chance to provide some context that is
incorporated into their signatures. It is conceptually similar to the
associated data in an AEAD, therefore it behaves similarly in the
Signer/Verifier.

Note that algorithms that don't support AD, are supposed to always throw
when an application calls set_associated_data() on them. There is also a
predicate function is_valid_associated_data_length() for applications to
generically check for the support of it.

Co-Authored-By: Fabian Albert <[email protected]>
@reneme reneme force-pushed the test/asym_roundtrips branch from dc197e9 to 81f4717 Compare August 16, 2024 14:44
This piggy-backs on the PK_Key_Generation_Test to perform basic
roundtrip tests for Sign/Verify, Encrypt/Decrypt, Encaps/Decaps,
and Key Agreement, depending on the capabilities of the keys.

This is explicitly not meant to be exhaustive tests but rather
be a centralized sanity-check for the PK_*** operators and their
meta-data methods.

Co-Authored-By: Fabian Albert <[email protected]>
@reneme reneme force-pushed the test/asym_roundtrips branch from 81f4717 to 15d44b7 Compare August 16, 2024 15:05
@coveralls
Copy link

Coverage Status

coverage: 91.277% (+0.007%) from 91.27%
when pulling 15d44b7 on Rohde-Schwarz:test/asym_roundtrips
into c2491c7 on randombit:master.

@reneme reneme marked this pull request as draft August 21, 2024 12:21
@reneme
Copy link
Collaborator Author

reneme commented Aug 21, 2024

This will need to be revisited once #4318 has converged and landed. I converted it to a draft PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants