11844561993

Committed 14 Nov 2024 07:58PM UTC coverage: 91.178% (+0.1%) from 91.072%

Build # 11844561993

Build Type

Pull #4435

github

Committed by

web-flow

Commit Message

Merge 81dcb29da into e430f157a

Pull Request Pull Request #4435: Test duration values are now presented in seconds with six digits of precision. Tests without time measurements have been edited.

Run Details

91856 of 100744 relevant lines covered (91.18%)

9311006.71 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

95.95

/src/tests/test_frodokem.cpp

/*
 * Tests for FrodoKEM ("You SHALL Pass")
 * - KAT tests using the KAT vectors from
 *   https://github.com/microsoft/PQCrypto-LWEKE/tree/master/KAT
 *
 * (C) 2023 Jack Lloyd
 * (C) 2023 René Meusel and Amos Treiber, Rohde & Schwarz Cybersecurity
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */

#include "test_pubkey_pqc.h"
#include "test_rng.h"
#include "tests.h"

#include <iterator>
#include <memory>

#if defined(BOTAN_HAS_FRODOKEM)
   #include "test_pubkey.h"

   #include <botan/frodokem.h>
   #include <botan/pubkey.h>
   #include <botan/xof.h>
   #include <botan/internal/fmt.h>
   #include <botan/internal/frodo_constants.h>
#endif

namespace Botan_Tests {

#if defined(BOTAN_HAS_FRODOKEM)

namespace {
class Frodo_KAT_Tests final : public PK_PQC_KEM_KAT_Test {
   public:
      Frodo_KAT_Tests() : PK_PQC_KEM_KAT_Test("FrodoKEM", "pubkey/frodokem_kat.vec") {}

   private:
      Botan::FrodoKEMMode get_mode(const std::string& mode) const { return Botan::FrodoKEMMode(mode); }

      bool is_available(const std::string& mode) const final { return get_mode(mode).is_available(); }

      std::vector<uint8_t> map_value(const std::string&, std::span<const uint8_t> value, VarType var_type) const final {
         if(var_type == VarType::SharedSecret) {
            return {value.begin(), value.end()};
         }
         auto xof = Botan::XOF::create_or_throw("SHAKE-256");
         xof->update(value);
         return xof->output<std::vector<uint8_t>>(16);
      }

      Fixed_Output_RNG rng_for_keygen(const std::string& mode, Botan::RandomNumberGenerator& rng) const final {
         Botan::FrodoKEMConstants consts(get_mode(mode));
         return Fixed_Output_RNG(rng, consts.len_sec_bytes() + consts.len_se_bytes() + consts.len_a_bytes());
      }

      Fixed_Output_RNG rng_for_encapsulation(const std::string& mode, Botan::RandomNumberGenerator& rng) const final {
         Botan::FrodoKEMConstants consts(get_mode(mode));
         return Fixed_Output_RNG(rng, consts.len_sec_bytes() + consts.len_salt_bytes());
      }
};

std::vector<Test::Result> test_frodo_roundtrips() {
   auto rng = Test::new_rng("frodokem_roundtrip");

   auto modes = std::vector{Botan::FrodoKEMMode::eFrodoKEM1344_SHAKE,
                            Botan::FrodoKEMMode::eFrodoKEM976_SHAKE,
                            Botan::FrodoKEMMode::eFrodoKEM640_SHAKE,
                            Botan::FrodoKEMMode::FrodoKEM1344_SHAKE,
                            Botan::FrodoKEMMode::FrodoKEM976_SHAKE,
                            Botan::FrodoKEMMode::FrodoKEM640_SHAKE,
                            Botan::FrodoKEMMode::eFrodoKEM1344_AES,
                            Botan::FrodoKEMMode::eFrodoKEM976_AES,
                            Botan::FrodoKEMMode::eFrodoKEM640_AES,
                            Botan::FrodoKEMMode::FrodoKEM1344_AES,
                            Botan::FrodoKEMMode::FrodoKEM976_AES,
                            Botan::FrodoKEMMode::FrodoKEM640_AES};

   auto get_decryption_error_value = [](Botan::FrodoKEMConstants& consts,
                                        std::span<const uint8_t> encaps_value,
                                        const Botan::FrodoKEM_PrivateKey& sk) {
      // Extracts the `S` value from the encoded private key
      auto& shake = consts.SHAKE_XOF();
      const auto sk_bytes = sk.raw_private_key_bits();
      auto sk_s = std::span<const uint8_t>(sk_bytes.data(), consts.len_sec_bytes());
      shake.update(encaps_value);
      shake.update(sk_s);
      return shake.output(consts.len_sec_bytes());
   };

   std::vector<Test::Result> results;
   for(auto mode : modes) {
      Botan::FrodoKEMMode m(mode);
      if(!m.is_available()) {
         continue;
      }
      Botan::FrodoKEMConstants consts(mode);
      Test::Result& result = results.emplace_back("FrodoKEM roundtrip: " + m.to_string());
      result.start_timer();

      Botan::FrodoKEM_PrivateKey sk1(*rng, mode);
      Botan::FrodoKEM_PublicKey pk1(sk1.public_key_bits(), mode);

      // Happy case
      Botan::PK_KEM_Encryptor enc1(pk1, "Raw");
      const auto enc_res = enc1.encrypt(*rng, 0 /* no KDF */);

      result.test_eq("length of shared secret", enc_res.shared_key().size(), enc1.shared_key_length(0));
      result.test_eq("length of ciphertext", enc_res.encapsulated_shared_key().size(), enc1.encapsulated_key_length());

      Botan::PK_KEM_Decryptor dec1(sk1, *rng, "Raw");
      auto ss = dec1.decrypt(enc_res.encapsulated_shared_key(), 0 /* no KDF */);

      result.test_eq("shared secrets match", ss, enc_res.shared_key());
      result.test_eq("length of shared secret (decaps)", ss.size(), dec1.shared_key_length(0));

      // Decryption failures ("All right then, keep your secrets.")
      Botan::FrodoKEM_PrivateKey sk2(*rng, mode);

      // Decryption failure: mismatching private key
      Botan::PK_KEM_Decryptor dec2(sk2, *rng, "Raw");
      auto ss_mismatch = dec2.decrypt(enc_res.encapsulated_shared_key(), 0 /* no KDF */);
      result.test_eq("decryption failure sk",
                     ss_mismatch,
                     get_decryption_error_value(consts, enc_res.encapsulated_shared_key(), sk2));

      // Decryption failure: bitflip in encapsulated shared value
      const auto mutated_encaps_value = Test::mutate_vec(enc_res.encapsulated_shared_key(), *rng);
      ss_mismatch = dec2.decrypt(mutated_encaps_value, 0 /* no KDF */);
      result.test_eq(
         "decryption failure bitflip", ss_mismatch, get_decryption_error_value(consts, mutated_encaps_value, sk2));

      // Decryption failure: malformed encapsulation value
      result.test_throws(
         "malformed encapsulation value", "FrodoKEM ciphertext does not have the correct byte count", [&] {
            auto short_encaps_value = enc_res.encapsulated_shared_key();
            short_encaps_value.pop_back();
            dec1.decrypt(short_encaps_value, 0);
         });
      result.end_timer();
   }

   return results;
}

class Frodo_Keygen_Tests final : public PK_Key_Generation_Test {
   public:
      std::vector<std::string> keygen_params() const override {
         return {
   #if defined(BOTAN_HAS_FRODOKEM_SHAKE)
            "FrodoKEM-640-SHAKE", "FrodoKEM-976-SHAKE", "eFrodoKEM-640-SHAKE", "eFrodoKEM-976-SHAKE",
   #endif
   #if defined(BOTAN_HAS_FRODOKEM_AES)
               "FrodoKEM-640-AES", "FrodoKEM-976-AES", "eFrodoKEM-640-AES", "eFrodoKEM-976-AES",
   #endif
         };
      }

      std::string algo_name() const override { return "FrodoKEM"; }

      std::unique_ptr<Botan::Public_Key> public_key_from_raw(std::string_view keygen_params,
                                                             std::string_view /* provider */,
                                                             std::span<const uint8_t> raw_pk) const override {
         return std::make_unique<Botan::FrodoKEM_PublicKey>(raw_pk, Botan::FrodoKEMMode(keygen_params));
      }
};

}  // namespace

BOTAN_REGISTER_TEST("frodokem", "frodo_kat_tests", Frodo_KAT_Tests);
BOTAN_REGISTER_TEST_FN("frodokem", "frodo_roundtrips", test_frodo_roundtrips);
BOTAN_REGISTER_TEST("frodokem", "frodo_keygen", Frodo_Keygen_Tests);

#endif

}  // namespace Botan_Tests

1	/*
2	* Tests for FrodoKEM ("You SHALL Pass")
3	* - KAT tests using the KAT vectors from
4	* https://github.com/microsoft/PQCrypto-LWEKE/tree/master/KAT
5	*
6	* (C) 2023 Jack Lloyd
7	* (C) 2023 René Meusel and Amos Treiber, Rohde & Schwarz Cybersecurity
8	*
9	* Botan is released under the Simplified BSD License (see license.txt)
10	*/
11
12	#include "test_pubkey_pqc.h"
13	#include "test_rng.h"
14	#include "tests.h"
15
16	#include <iterator>
17	#include <memory>
18
19	#if defined(BOTAN_HAS_FRODOKEM)
20	#include "test_pubkey.h"
21
22	#include <botan/frodokem.h>
23	#include <botan/pubkey.h>
24	#include <botan/xof.h>
25	#include <botan/internal/fmt.h>
26	#include <botan/internal/frodo_constants.h>
27	#endif
28
29	namespace Botan_Tests {
30
31	#if defined(BOTAN_HAS_FRODOKEM)
32
33	namespace {
34	class Frodo_KAT_Tests final : public PK_PQC_KEM_KAT_Test {
35	public:
36	Frodo_KAT_Tests() : PK_PQC_KEM_KAT_Test("FrodoKEM", "pubkey/frodokem_kat.vec") {}	2✔
37
38	private:
39	Botan::FrodoKEMMode get_mode(const std::string& mode) const { return Botan::FrodoKEMMode(mode); }	1,800✔
40
41	bool is_available(const std::string& mode) const final { return get_mode(mode).is_available(); }	300✔
42
43	std::vector<uint8_t> map_value(const std::string&, std::span<const uint8_t> value, VarType var_type) const final {	1,200✔
44	if(var_type == VarType::SharedSecret) {	1,200✔
45	return {value.begin(), value.end()};	300✔
46	}
47	auto xof = Botan::XOF::create_or_throw("SHAKE-256");	900✔
48	xof->update(value);	900✔
49	return xof->output<std::vector<uint8_t>>(16);	900✔
50	}	900✔
51
52	Fixed_Output_RNG rng_for_keygen(const std::string& mode, Botan::RandomNumberGenerator& rng) const final {	300✔
53	Botan::FrodoKEMConstants consts(get_mode(mode));	300✔
54	return Fixed_Output_RNG(rng, consts.len_sec_bytes() + consts.len_se_bytes() + consts.len_a_bytes());	600✔
55	}	300✔
56
57	Fixed_Output_RNG rng_for_encapsulation(const std::string& mode, Botan::RandomNumberGenerator& rng) const final {	300✔
58	Botan::FrodoKEMConstants consts(get_mode(mode));	300✔
59	return Fixed_Output_RNG(rng, consts.len_sec_bytes() + consts.len_salt_bytes());	600✔
60	}	300✔
61	};
62
63	std::vector<Test::Result> test_frodo_roundtrips() {	1✔
64	auto rng = Test::new_rng("frodokem_roundtrip");	1✔
65
66	auto modes = std::vector{Botan::FrodoKEMMode::eFrodoKEM1344_SHAKE,	1✔
67	Botan::FrodoKEMMode::eFrodoKEM976_SHAKE,
68	Botan::FrodoKEMMode::eFrodoKEM640_SHAKE,
69	Botan::FrodoKEMMode::FrodoKEM1344_SHAKE,
70	Botan::FrodoKEMMode::FrodoKEM976_SHAKE,
71	Botan::FrodoKEMMode::FrodoKEM640_SHAKE,
72	Botan::FrodoKEMMode::eFrodoKEM1344_AES,
73	Botan::FrodoKEMMode::eFrodoKEM976_AES,
74	Botan::FrodoKEMMode::eFrodoKEM640_AES,
75	Botan::FrodoKEMMode::FrodoKEM1344_AES,
76	Botan::FrodoKEMMode::FrodoKEM976_AES,
77	Botan::FrodoKEMMode::FrodoKEM640_AES};	1✔
78
79	auto get_decryption_error_value = [](Botan::FrodoKEMConstants& consts,	25✔
80	std::span<const uint8_t> encaps_value,
81	const Botan::FrodoKEM_PrivateKey& sk) {
82	// Extracts the `S` value from the encoded private key
83	auto& shake = consts.SHAKE_XOF();	24✔
84	const auto sk_bytes = sk.raw_private_key_bits();	24✔
85	auto sk_s = std::span<const uint8_t>(sk_bytes.data(), consts.len_sec_bytes());	24✔
86	shake.update(encaps_value);	24✔
87	shake.update(sk_s);	24✔
88	return shake.output(consts.len_sec_bytes());	24✔
89	};	24✔
90
91	std::vector<Test::Result> results;	1✔
92	for(auto mode : modes) {	13✔
93	Botan::FrodoKEMMode m(mode);	12✔
94	if(!m.is_available()) {	12✔
95	continue;	×
96	}
97	Botan::FrodoKEMConstants consts(mode);	12✔
98	Test::Result& result = results.emplace_back("FrodoKEM roundtrip: " + m.to_string());	24✔
99	result.start_timer();	12✔
100
101	Botan::FrodoKEM_PrivateKey sk1(*rng, mode);	12✔
102	Botan::FrodoKEM_PublicKey pk1(sk1.public_key_bits(), mode);	12✔
103
104	// Happy case
105	Botan::PK_KEM_Encryptor enc1(pk1, "Raw");	12✔
106	const auto enc_res = enc1.encrypt(rng, 0 / no KDF */);	12✔
107
108	result.test_eq("length of shared secret", enc_res.shared_key().size(), enc1.shared_key_length(0));	12✔
109	result.test_eq("length of ciphertext", enc_res.encapsulated_shared_key().size(), enc1.encapsulated_key_length());	12✔
110
111	Botan::PK_KEM_Decryptor dec1(sk1, *rng, "Raw");	12✔
112	auto ss = dec1.decrypt(enc_res.encapsulated_shared_key(), 0 /* no KDF */);	12✔
113
114	result.test_eq("shared secrets match", ss, enc_res.shared_key());	12✔
115	result.test_eq("length of shared secret (decaps)", ss.size(), dec1.shared_key_length(0));	12✔
116
117	// Decryption failures ("All right then, keep your secrets.")
118	Botan::FrodoKEM_PrivateKey sk2(*rng, mode);	12✔
119
120	// Decryption failure: mismatching private key
121	Botan::PK_KEM_Decryptor dec2(sk2, *rng, "Raw");	12✔
122	auto ss_mismatch = dec2.decrypt(enc_res.encapsulated_shared_key(), 0 /* no KDF */);	12✔
123	result.test_eq("decryption failure sk",	24✔
124	ss_mismatch,
125	get_decryption_error_value(consts, enc_res.encapsulated_shared_key(), sk2));	12✔
126
127	// Decryption failure: bitflip in encapsulated shared value
128	const auto mutated_encaps_value = Test::mutate_vec(enc_res.encapsulated_shared_key(), *rng);	12✔
129	ss_mismatch = dec2.decrypt(mutated_encaps_value, 0 /* no KDF */);	24✔
130	result.test_eq(	24✔
131	"decryption failure bitflip", ss_mismatch, get_decryption_error_value(consts, mutated_encaps_value, sk2));	12✔
132
133	// Decryption failure: malformed encapsulation value
134	result.test_throws(	24✔
135	"malformed encapsulation value", "FrodoKEM ciphertext does not have the correct byte count", [&] {	12✔
136	auto short_encaps_value = enc_res.encapsulated_shared_key();	12✔
137	short_encaps_value.pop_back();	12✔
138	dec1.decrypt(short_encaps_value, 0);	12✔
139	});	×
140	result.end_timer();	12✔
141	}	36✔
142
143	return results;	1✔
144	}	2✔
145
146	class Frodo_Keygen_Tests final : public PK_Key_Generation_Test {	×
147	public:
148	std::vector<std::string> keygen_params() const override {	1✔
149	return {	1✔
150	#if defined(BOTAN_HAS_FRODOKEM_SHAKE)
151	"FrodoKEM-640-SHAKE", "FrodoKEM-976-SHAKE", "eFrodoKEM-640-SHAKE", "eFrodoKEM-976-SHAKE",
152	#endif
153	#if defined(BOTAN_HAS_FRODOKEM_AES)
154	"FrodoKEM-640-AES", "FrodoKEM-976-AES", "eFrodoKEM-640-AES", "eFrodoKEM-976-AES",
155	#endif
156	};	1✔
157	}
158
159	std::string algo_name() const override { return "FrodoKEM"; }	8✔
160
161	std::unique_ptr<Botan::Public_Key> public_key_from_raw(std::string_view keygen_params,	8✔
162	std::string_view /* provider */,
163	std::span<const uint8_t> raw_pk) const override {
164	return std::make_unique<Botan::FrodoKEM_PublicKey>(raw_pk, Botan::FrodoKEMMode(keygen_params));	8✔
165	}
166	};
167
168	} // namespace
169
170	BOTAN_REGISTER_TEST("frodokem", "frodo_kat_tests", Frodo_KAT_Tests);
171	BOTAN_REGISTER_TEST_FN("frodokem", "frodo_roundtrips", test_frodo_roundtrips);
172	BOTAN_REGISTER_TEST("frodokem", "frodo_keygen", Frodo_Keygen_Tests);
173
174	#endif
175
176	} // namespace Botan_Tests

randombit / botan / 11844561993

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous