randombit / botan / 16271721753

coverage: 90.622% (-0.003%) from 90.625%
16271721753

push

github

web-flow 
Merge pull request #4989 from randombit/jack/fix-more-named-parameters

Fix more readability-named-parameter warnings from clang-tidy

99624 of 109934 relevant lines covered (90.62%)

12378967.04 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

95.83
/src/tests/test_frodokem.cpp
1 
/*
2 
 * Tests for FrodoKEM ("You SHALL Pass")
3 
 * - KAT tests using the KAT vectors from
4 
 *   https://github.com/microsoft/PQCrypto-LWEKE/tree/master/KAT
5 
 *
6 
 * (C) 2023 Jack Lloyd
7 
 * (C) 2023 René Meusel and Amos Treiber, Rohde & Schwarz Cybersecurity
8 
 *
9 
 * Botan is released under the Simplified BSD License (see license.txt)
10 
 */
11 









12



#include "test_pubkey_pqc.h"










13



#include "test_rng.h"










14



#include "tests.h"










15












16



#include <iterator>










17



#include <memory>










18












19



#if defined(BOTAN_HAS_FRODOKEM)










20



   #include "test_pubkey.h"










21












22



   #include <botan/frodokem.h>










23



   #include <botan/pubkey.h>










24



   #include <botan/xof.h>










25



   #include <botan/internal/fmt.h>










26



   #include <botan/internal/frodo_constants.h>










27



#endif










28












29



namespace Botan_Tests {










30












31



#if defined(BOTAN_HAS_FRODOKEM)










32












33



namespace {










34



class Frodo_KAT_Tests final : public PK_PQC_KEM_KAT_Test {










35



   public:










36



      Frodo_KAT_Tests() : PK_PQC_KEM_KAT_Test("FrodoKEM", "pubkey/frodokem_kat.vec") {}




2





37












38



   private:










39



      Botan::FrodoKEMMode get_mode(const std::string& mode) const { return Botan::FrodoKEMMode(mode); }




1,800





40












41



      bool is_available(const std::string& mode) const final { return get_mode(mode).is_available(); }




300





42












43



      std::vector<uint8_t> map_value(const std::string& /*params*/,




1,200





44



                                     std::span<const uint8_t> value,










45



                                     VarType var_type) const final {










46



         if(var_type == VarType::SharedSecret) {




1,200





47



            return {value.begin(), value.end()};




300





48



         }










49



         auto xof = Botan::XOF::create_or_throw("SHAKE-256");




900





50



         xof->update(value);




900





51



         return xof->output<std::vector<uint8_t>>(16);




900





52



      }




900





53












54



      Fixed_Output_RNG rng_for_keygen(const std::string& mode, Botan::RandomNumberGenerator& rng) const final {




300





55



         Botan::FrodoKEMConstants consts(get_mode(mode));




300





56



         return Fixed_Output_RNG(rng, consts.len_sec_bytes() + consts.len_se_bytes() + consts.len_a_bytes());




600





57



      }




300





58












59



      Fixed_Output_RNG rng_for_encapsulation(const std::string& mode, Botan::RandomNumberGenerator& rng) const final {




300





60



         Botan::FrodoKEMConstants consts(get_mode(mode));




300





61



         return Fixed_Output_RNG(rng, consts.len_sec_bytes() + consts.len_salt_bytes());




600





62



      }




300





63



};










64












65



std::vector<Test::Result> test_frodo_roundtrips() {




1





66



   auto rng = Test::new_rng("frodokem_roundtrip");




1





67












68



   auto modes = std::vector{Botan::FrodoKEMMode::eFrodoKEM1344_SHAKE,




1





69



                            Botan::FrodoKEMMode::eFrodoKEM976_SHAKE,










70



                            Botan::FrodoKEMMode::eFrodoKEM640_SHAKE,










71



                            Botan::FrodoKEMMode::FrodoKEM1344_SHAKE,










72



                            Botan::FrodoKEMMode::FrodoKEM976_SHAKE,










73



                            Botan::FrodoKEMMode::FrodoKEM640_SHAKE,










74



                            Botan::FrodoKEMMode::eFrodoKEM1344_AES,










75



                            Botan::FrodoKEMMode::eFrodoKEM976_AES,










76



                            Botan::FrodoKEMMode::eFrodoKEM640_AES,










77



                            Botan::FrodoKEMMode::FrodoKEM1344_AES,










78



                            Botan::FrodoKEMMode::FrodoKEM976_AES,










79



                            Botan::FrodoKEMMode::FrodoKEM640_AES};




1





80












81



   auto get_decryption_error_value = [](Botan::FrodoKEMConstants& consts,




25





82



                                        std::span<const uint8_t> encaps_value,










83



                                        const Botan::FrodoKEM_PrivateKey& sk) {










84



      // Extracts the `S` value from the encoded private key










85



      auto& shake = consts.SHAKE_XOF();




24





86



      const auto sk_bytes = sk.raw_private_key_bits();




24





87



      auto sk_s = std::span<const uint8_t>(sk_bytes.data(), consts.len_sec_bytes());




24





88



      shake.update(encaps_value);




24





89



      shake.update(sk_s);




24





90



      return shake.output(consts.len_sec_bytes());




24





91



   };




24





92












93



   std::vector<Test::Result> results;




1





94



   for(auto mode : modes) {




13





95



      Botan::FrodoKEMMode m(mode);




12





96



      if(!m.is_available()) {




12





97



         continue;




×







98



      }










99



      Botan::FrodoKEMConstants consts(mode);




12





100



      Test::Result& result = results.emplace_back("FrodoKEM roundtrip: " + m.to_string());




24





101












102



      Botan::FrodoKEM_PrivateKey sk1(*rng, mode);




12





103



      Botan::FrodoKEM_PublicKey pk1(sk1.public_key_bits(), mode);




12





104












105



      // Happy case










106



      Botan::PK_KEM_Encryptor enc1(pk1, "Raw");




12





107



      const auto enc_res = enc1.encrypt(*rng, 0 /* no KDF */);




12





108












109



      result.test_eq("length of shared secret", enc_res.shared_key().size(), enc1.shared_key_length(0));




12





110



      result.test_eq("length of ciphertext", enc_res.encapsulated_shared_key().size(), enc1.encapsulated_key_length());




12





111












112



      Botan::PK_KEM_Decryptor dec1(sk1, *rng, "Raw");




12





113



      auto ss = dec1.decrypt(enc_res.encapsulated_shared_key(), 0 /* no KDF */);




12





114












115



      result.test_eq("shared secrets match", ss, enc_res.shared_key());




24





116



      result.test_eq("length of shared secret (decaps)", ss.size(), dec1.shared_key_length(0));




12





117












118



      // Decryption failures ("All right then, keep your secrets.")










119



      Botan::FrodoKEM_PrivateKey sk2(*rng, mode);




12





120












121



      // Decryption failure: mismatching private key










122



      Botan::PK_KEM_Decryptor dec2(sk2, *rng, "Raw");




12





123



      auto ss_mismatch = dec2.decrypt(enc_res.encapsulated_shared_key(), 0 /* no KDF */);




12





124



      result.test_eq("decryption failure sk",




24





125



                     ss_mismatch,










126



                     get_decryption_error_value(consts, enc_res.encapsulated_shared_key(), sk2));




12





127












128



      // Decryption failure: bitflip in encapsulated shared value










129



      const auto mutated_encaps_value = Test::mutate_vec(enc_res.encapsulated_shared_key(), *rng);




12





130



      ss_mismatch = dec2.decrypt(mutated_encaps_value, 0 /* no KDF */);




24





131



      result.test_eq(




24





132



         "decryption failure bitflip", ss_mismatch, get_decryption_error_value(consts, mutated_encaps_value, sk2));




12





133












134



      // Decryption failure: malformed encapsulation value










135



      result.test_throws(




36





136



         "malformed encapsulation value", "FrodoKEM ciphertext does not have the correct byte count", [&] {




12





137



            auto short_encaps_value = enc_res.encapsulated_shared_key();




12





138



            short_encaps_value.pop_back();




12





139



            dec1.decrypt(short_encaps_value, 0);




12





140



         });




×







141



   }




36





142












143



   return results;




1





144



}




2





145












146



class Frodo_Keygen_Tests final : public PK_Key_Generation_Test {




×







147



   public:










148



      std::vector<std::string> keygen_params() const override {




1





149



         return {




1





150



   #if defined(BOTAN_HAS_FRODOKEM_SHAKE)










151



            "FrodoKEM-640-SHAKE", "FrodoKEM-976-SHAKE", "eFrodoKEM-640-SHAKE", "eFrodoKEM-976-SHAKE",










152



   #endif










153



   #if defined(BOTAN_HAS_FRODOKEM_AES)










154



               "FrodoKEM-640-AES", "FrodoKEM-976-AES", "eFrodoKEM-640-AES", "eFrodoKEM-976-AES",










155



   #endif










156



         };




1





157



      }










158












159



      std::string algo_name() const override { return "FrodoKEM"; }




8





160












161



      std::unique_ptr<Botan::Public_Key> public_key_from_raw(std::string_view keygen_params,




8





162



                                                             std::string_view /* provider */,










163



                                                             std::span<const uint8_t> raw_pk) const override {










164



         return std::make_unique<Botan::FrodoKEM_PublicKey>(raw_pk, Botan::FrodoKEMMode(keygen_params));




8





165



      }










166



};










167












168



}  // namespace










169












170



BOTAN_REGISTER_TEST("frodokem", "frodo_kat_tests", Frodo_KAT_Tests);










171



BOTAN_REGISTER_TEST_FN("frodokem", "frodo_roundtrips", test_frodo_roundtrips);










172



BOTAN_REGISTER_TEST("frodokem", "frodo_keygen", Frodo_Keygen_Tests);










173












174



#endif










175












176



}  // namespace Botan_Tests
























    

  • 

    •