Add basic asymmetric roundtrip tests #4314
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a new concept introduced by FIPS 204 and 205 (ML-DSA, SLH-DSA) where applications get the chance to provide some context that is incorporated into their signatures. It is conceptually similar to the associated data in an AEAD, therefore it behaves similarly in the Signer/Verifier. Note that algorithms that don't support AD, are supposed to always throw when an application calls set_associated_data() on them. There is also a predicate function is_valid_associated_data_length() for applications to generically check for the support of it. Co-Authored-By: Fabian Albert <[email protected]>
reneme
force-pushed
the
test/asym_roundtrips
branch
from
dc197e9
to
81f4717
Compare
This piggy-backs on the PK_Key_Generation_Test to perform basic roundtrip tests for Sign/Verify, Encrypt/Decrypt, Encaps/Decaps, and Key Agreement, depending on the capabilities of the keys. This is explicitly not meant to be exhaustive tests but rather be a centralized sanity-check for the PK_*** operators and their meta-data methods. Co-Authored-By: Fabian Albert <[email protected]>
reneme
force-pushed
the
test/asym_roundtrips
branch
from
81f4717
to
15d44b7
Compare
|
This will need to be revisited once #4318 has converged and landed. I converted it to a draft PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request Dependencies
Description
This piggy-backs on the
PK_Key_Generation_Testto perform basic roundtrip tests for Sign/Verify, Encrypt/Decrypt, Encaps/Decaps, and Key Agreement, depending on the capabilities of the keys.The goal is explicitly not to be an exhaustive test but rather be a centralized sanity-check for the PK_*** operators and their meta-data methods. We added it mostly to serve as a place for testing whether the new
set_associated_data()setting survives multiple signature/verify operations; and figured that it doesn't hurt to roundtrip-test all the other flavors as well.This could probably also replace some of the roundtrip-tests in the new PQ implementations. We'll look into cleaning up their test harnesses after the FIPSes are implemented and merged.
Caveat
We'll have to have a look at whether that adds too much time to the test harness. Edit: it almost doubles the runtime of the entire unit test harness on my laptop. That's probably not okay! Hence, in test runs that don't set
--run-long-testswe only run those roundtrips for the first parameter set of each algorithm.