19012754211

Committed 02 Nov 2025 01:10PM UTC coverage: 90.677% (+0.006%) from 90.671%

Build # 19012754211

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #5137 from randombit/jack/clang-tidy-includes

Remove various unused includes flagged by clang-tidy misc-include-cleaner

Run Details

100457 of 110786 relevant lines covered (90.68%)

12189873.8 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

93.87

/src/tests/test_cmce.cpp

/*
* Tests for Classic McEliece
*
* (C) 2023 Jack Lloyd
*     2023,2024 Fabian Albert, Amos Treiber - Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "test_pubkey.h"
#include "test_pubkey_pqc.h"
#include "test_rng.h"
#include "tests.h"

#if defined(BOTAN_HAS_CLASSICMCELIECE)

   #include <botan/cmce.h>
   #include <botan/hash.h>
   #include <botan/pk_algs.h>
   #include <botan/pubkey.h>
   #include <botan/internal/cmce_gf.h>
   #include <botan/internal/cmce_parameters.h>
   #include <botan/internal/cmce_poly.h>

namespace Botan_Tests {

namespace {

Botan::Classic_McEliece_Polynomial create_element_from_bytes(std::span<const uint8_t> bytes,
                                                             const Botan::Classic_McEliece_Polynomial_Ring& ring) {
   BOTAN_ARG_CHECK(bytes.size() == ring.degree() * 2, "Correct input size");
   std::vector<uint16_t> coef(ring.degree());
   Botan::load_le<uint16_t>(coef.data(), bytes.data(), ring.degree());

   std::vector<Botan::Classic_McEliece_GF> coeff_vec_gf;
   std::transform(coef.begin(), coef.end(), std::back_inserter(coeff_vec_gf), [&](auto& coeff) {
      return Botan::Classic_McEliece_GF(Botan::CmceGfElem(coeff), ring.poly_f());
   });
   return Botan::Classic_McEliece_Polynomial(coeff_vec_gf);
}

std::vector<Botan::Classic_McEliece_Parameter_Set> get_test_instances_all() {
   return {// All instances
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864f,

           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_460896,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_460896f,

           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128f,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128pc,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128pcf,

           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119f,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pc,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pcf,

           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128f,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128pc,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128pcf};
}

std::vector<Botan::Classic_McEliece_Parameter_Set> get_test_instances_min() {
   return {// Testing with and without pc and f. Also testing 6960119 with m*t mod 8 != 0.
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pcf};
}

std::vector<Botan::Classic_McEliece_Parameter_Set> instances_to_test() {
   if(Test::run_long_tests()) {
      return get_test_instances_all();
   } else {
      return get_test_instances_min();
   }
}

bool skip_cmce_test(const std::string& params_str) {
   auto params = Botan::Classic_McEliece_Parameters::create(params_str);
   auto to_test = instances_to_test();
   return std::find(to_test.begin(), to_test.end(), params.parameter_set()) == to_test.end();
}
}  // namespace

class CMCE_Utility_Tests final : public Test {
   public:
      Test::Result expand_seed_test() {
         Test::Result result("Seed expansion");

         auto params =
            Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);

         // Created using the reference implementation
         auto seed = Botan::hex_decode_locked("0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20");

         auto exp_first_and_last_bytes = Botan::hex_decode(
            "543e2791fd98dbc1"    // first 8 bytes
            "d332a7c40776ca01");  // last 8 bytes

         size_t byte_length =
            (params.n() + params.sigma2() * params.q() + params.sigma1() * params.t() + params.ell()) / 8;

         auto rand = params.prg(seed)->output_stdvec(byte_length);
         rand.erase(rand.begin() + 8, rand.end() - 8);

         result.test_is_eq("Seed expansion", rand, exp_first_and_last_bytes);

         return result;
      }

      Test::Result irreducible_poly_gen_test() {
         Test::Result result("Irreducible Polynomial Generation");

         auto params =
            Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);

         // Created using the reference implementation
         auto random_bits = Botan::CmceIrreducibleBits(Botan::hex_decode(
            "d9b8bb962a3f9dac0f832d243def581e7d26f4028de1ff9cd168460e5050ab095a32a372b40d720bd5d75389a6b3f08fa1d13cec60a4b716d4d6c240f2f80cd3"
            "cbc76ae0dddca164c1130da185bd04e890f2256fb9f4754864811e14ea5a43b8b3612d59cecde1b2fdb6362659a0193d2b7d4b9d79aa1801dde3ca90dc300773"));

         auto exp_g = Botan::Classic_McEliece_Minimal_Polynomial::from_bytes(
            Botan::hex_decode(
               "8d00a50f520a0307b8007c06cb04b9073b0f4a0f800fb706a60f2a05910a670b460375091209fc060a09ab036c09e5085a0df90d3506b404a30fda041d09970f"
               "1206d000e00aac01c00dc80f490cd80b4108330c0208cf00d602450ec00a21079806eb093f00de015f052905560917081b09270c820af002000c34094504cd03"),
            params.poly_f());

         auto g = params.poly_ring().compute_minimal_polynomial(random_bits);
         result.confirm("Minimize polynomial successful", g.has_value());
         result.test_is_eq("Minimize polynomial", g.value().coef(), exp_g.coef());

         return result;
      }

      Test::Result gf_inv_test() {
         Test::Result result("GF inv test");

         auto params =
            Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);

         auto v = params.gf(Botan::CmceGfElem(42));
         auto v_inv = v.inv();
         result.test_is_eq("Control bits creation", (v * v_inv).elem(), Botan::CmceGfElem(1));

         return result;
      }

      Test::Result gf_poly_mul_test() {
         Test::Result result("GF Poly Mul");

         auto params =
            Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);

         const auto& field = params.poly_ring();

         auto val1 = create_element_from_bytes(
            Botan::hex_decode(
               "bb02d40437094c0ae4034c00b10fed090a04850f660c3b0e110eb409810a86015b0f5804ca0e78089806e20b5b03aa0bc2020b05ea03710da902340c390f630b"
               "bc07a70db20b9e0ee4038905a00a09090a0521045e0a0706370b5a00050a4100480c4d0e8f00730692093701fe04650dbe0fd00702011a04910360023f04fb0a"),
            field);

         auto val2 = create_element_from_bytes(
            Botan::hex_decode(
               "060c630b170abb00020fef03e501020e89098108bf01f30dd30900000e0d3d0ca404ec01190760021f088c09b90b0a06a702d104500f0f02f00a580287010a09"
               "4e01490d270c73051800bc0af303b901b202b50321002802b903ce0ab40806083f0a2d06d002df0f260811005c02a10b300e5c0ba20d14045003c50f2f02de02"),
            field);

         auto exp_mul = create_element_from_bytes(
            Botan::hex_decode(
               "370d090b19008f0efb01f5011b04f9054b0d1f071d0457011e09cd0dfa093c004f08500e670abb0567090000f603770a3905bf044408b8025805930b25012201"
               "8d0a560e840d960d9d0a280d1d06fc08d5078c06fe0cb406d0061e02c6090507d20eb10cb90146085c042e030c0e1a07910fcd0c5f0fda066c0cee061d01f40f"),
            field);

         auto mul = field.multiply(val1, val2);  // val1 * val2;
         result.test_is_eq("GF multiplication", mul.coef(), exp_mul.coef());

         return result;
      }

      Test::Result rigged_rng_encryption_test() {
         // RNG that always returns zero bytes
         class All_Zero_RNG : public Botan::RandomNumberGenerator {
            public:
               void fill_bytes_with_input(std::span<uint8_t> output, std::span<const uint8_t> /* ignored */) override {
                  std::fill(output.begin(), output.end(), static_cast<uint8_t>(0));
               }

               std::string name() const override { return "All_Zero_RNG"; }

               bool accepts_input() const override { return false; }

               void clear() override {}

               bool is_seeded() const override { return true; }
         } rigged_rng;

         Test::Result result("No endless loop with rigged RNG");
         // Key creation should work even with a rigged RNG (PRNG is not used for key creation)
         auto private_key = Botan::create_private_key("ClassicMcEliece", rigged_rng, "348864f");
         if(!private_key) {
            result.test_failure("Key generation failed");
            return result;
         }
         auto enc = Botan::PK_KEM_Encryptor(*private_key, "Raw");
         result.test_throws("Many failed encryption attempts throws exception", [&] { enc.encrypt(rigged_rng); });

         return result;
      }

      std::vector<Test::Result> run() override {
         return {expand_seed_test(),
                 irreducible_poly_gen_test(),
                 gf_inv_test(),
                 gf_poly_mul_test(),
                 rigged_rng_encryption_test()};
      }
};

   #if defined(BOTAN_HAS_AES)
class CMCE_Invalid_Test : public Text_Based_Test {
   public:
      CMCE_Invalid_Test() :
            Text_Based_Test("pubkey/cmce_negative.vec", "seed,ct_invalid,ss_invalid", "ct_invalid_c1,ss_invalid_c1") {}

      Test::Result run_one_test(const std::string& params_str, const VarMap& vars) override {
         Test::Result result("CMCE Invalid Ciphertext Test");

         auto params = Botan::Classic_McEliece_Parameters::create(params_str);

         const auto kat_seed = Botan::lock(vars.get_req_bin("seed"));
         const auto ct_invalid = vars.get_req_bin("ct_invalid");
         const auto ref_ss_invalid = Botan::lock(vars.get_req_bin("ss_invalid"));

         const auto test_rng = std::make_unique<CTR_DRBG_AES256>(kat_seed);

         auto private_key = Botan::create_private_key("ClassicMcEliece", *test_rng, params_str);

         // Decaps an invalid ciphertext
         auto dec = Botan::PK_KEM_Decryptor(*private_key, *test_rng, "Raw");
         auto decaps_ct_invalid = dec.decrypt(ct_invalid);

         result.test_is_eq("Decaps an invalid encapsulated key", decaps_ct_invalid, ref_ss_invalid);

         if(params.is_pc()) {
            // For pc variants, additionally check the plaintext confirmation (pc) logic by
            // flipping a bit in the second part of the ciphertext (C_1 in pc). In this case
            // C_0 is decoded correctly, but pc will change the shared secret, since C_1' != C_1.
            const auto ct_invalid_c1 = vars.get_opt_bin("ct_invalid_c1");
            const auto ref_ss_invalid_c1 = Botan::lock(vars.get_opt_bin("ss_invalid_c1"));
            auto decaps_ct_invalid_c1 = dec.decrypt(ct_invalid_c1);

            result.test_is_eq("Decaps with invalid C_1 in pc", decaps_ct_invalid_c1, ref_ss_invalid_c1);
         }

         return result;
      }
};
   #endif  // BOTAN_HAS_AES

class CMCE_Generic_Keygen_Tests final : public PK_Key_Generation_Test {
   public:
      std::vector<std::string> keygen_params() const override {
         auto to_test = get_test_instances_min();

         std::vector<std::string> res;
         std::transform(to_test.begin(), to_test.end(), std::back_inserter(res), [](auto& param_set) {
            return param_set.to_string();
         });

         return res;
      }

      std::unique_ptr<Botan::Public_Key> public_key_from_raw(std::string_view keygen_params,
                                                             std::string_view /*provider*/,
                                                             std::span<const uint8_t> raw_key_bits) const override {
         return std::make_unique<Botan::Classic_McEliece_PublicKey>(
            raw_key_bits, Botan::Classic_McEliece_Parameter_Set::from_string(keygen_params));
      }

      std::string algo_name() const override { return "ClassicMcEliece"; }
};

class Classic_McEliece_KAT_Tests final : public Botan_Tests::PK_PQC_KEM_KAT_Test {
   public:
      Classic_McEliece_KAT_Tests() : PK_PQC_KEM_KAT_Test("ClassicMcEliece", "pubkey/cmce_kat_hashed.vec") {}

   private:
      Botan::Classic_McEliece_Parameters get_params(const std::string& header) const {
         return Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::from_string(header));
      }

      bool is_available(const std::string& alg_name) const final { return !skip_cmce_test(alg_name); }

      std::vector<uint8_t> map_value(const std::string& /*params*/,
                                     std::span<const uint8_t> value,
                                     VarType var_type) const final {
         if(var_type == VarType::Ciphertext || var_type == VarType::SharedSecret) {
            return {value.begin(), value.end()};
         }
         auto hash = Botan::HashFunction::create_or_throw("SHAKE-256(512)");
         return hash->process<std::vector<uint8_t>>(value);
      }

      Fixed_Output_RNG rng_for_keygen(const std::string& /*params*/, Botan::RandomNumberGenerator& rng) const final {
         const auto seed = rng.random_vec(Botan::Classic_McEliece_Parameters::seed_len());
         return Fixed_Output_RNG(seed);
      }

      Fixed_Output_RNG rng_for_encapsulation(const std::string& alg_name,
                                             Botan::RandomNumberGenerator& rng) const final {
         // There is no way to tell exactly how much randomness is
         // needed for encapsulation (rejection sampling)
         // For testing we use a number that fits for all test cases
         auto params = get_params(alg_name);
         const size_t max_attempts = 100;
         const size_t bits_per_attempt = (params.sigma1() / 8) * params.tau();

         std::vector<uint8_t> rand_buffer;
         for(size_t attempt = 0; attempt < max_attempts; ++attempt) {
            auto random_bytes = rng.random_vec(bits_per_attempt);
            rand_buffer.insert(rand_buffer.end(), random_bytes.begin(), random_bytes.end());
         }

         return Fixed_Output_RNG(rand_buffer);
      }

      void inspect_rng_after_encaps(const std::string& /*params*/, const Fixed_Output_RNG&, Test::Result&) const final {
         // Encaps uses any number of random bytes, so we cannot check the RNG
      }
};

BOTAN_REGISTER_TEST("cmce", "cmce_utility", CMCE_Utility_Tests);
BOTAN_REGISTER_TEST("cmce", "cmce_generic_keygen", CMCE_Generic_Keygen_Tests);
BOTAN_REGISTER_TEST("cmce", "cmce_generic_kat", Classic_McEliece_KAT_Tests);
   #if defined(BOTAN_HAS_AES)
BOTAN_REGISTER_TEST("cmce", "cmce_invalid", CMCE_Invalid_Test);
   #endif

}  // namespace Botan_Tests

#endif  // BOTAN_HAS_CLASSICMCELIECE

1	/*
2	* Tests for Classic McEliece
3	*
4	* (C) 2023 Jack Lloyd
5	* 2023,2024 Fabian Albert, Amos Treiber - Rohde & Schwarz Cybersecurity
6	*
7	* Botan is released under the Simplified BSD License (see license.txt)
8	*/
9
10	#include "test_pubkey.h"
11	#include "test_pubkey_pqc.h"
12	#include "test_rng.h"
13	#include "tests.h"
14
15	#if defined(BOTAN_HAS_CLASSICMCELIECE)
16
17	#include <botan/cmce.h>
18	#include <botan/hash.h>
19	#include <botan/pk_algs.h>
20	#include <botan/pubkey.h>
21	#include <botan/internal/cmce_gf.h>
22	#include <botan/internal/cmce_parameters.h>
23	#include <botan/internal/cmce_poly.h>
24
25	namespace Botan_Tests {
26
27	namespace {
28
29	Botan::Classic_McEliece_Polynomial create_element_from_bytes(std::span<const uint8_t> bytes,	3✔
30	const Botan::Classic_McEliece_Polynomial_Ring& ring) {
31	BOTAN_ARG_CHECK(bytes.size() == ring.degree() * 2, "Correct input size");	3✔
32	std::vector<uint16_t> coef(ring.degree());	3✔
33	Botan::load_le<uint16_t>(coef.data(), bytes.data(), ring.degree());	3✔
34
35	std::vector<Botan::Classic_McEliece_GF> coeff_vec_gf;	3✔
36	std::transform(coef.begin(), coef.end(), std::back_inserter(coeff_vec_gf), [&](auto& coeff) {	3✔
37	return Botan::Classic_McEliece_GF(Botan::CmceGfElem(coeff), ring.poly_f());	192✔
38	});
39	return Botan::Classic_McEliece_Polynomial(coeff_vec_gf);	3✔
40	}	6✔
41
42	std::vector<Botan::Classic_McEliece_Parameter_Set> get_test_instances_all() {	16✔
43	return {// All instances	16✔
44	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864,
45	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864f,
46
47	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_460896,
48	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_460896f,
49
50	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128,
51	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128f,
52	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128pc,
53	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128pcf,
54
55	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119,
56	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119f,
57	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pc,
58	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pcf,
59
60	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128,
61	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128f,
62	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128pc,
63	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128pcf};	16✔
64	}
65
66	std::vector<Botan::Classic_McEliece_Parameter_Set> get_test_instances_min() {	1✔
67	return {// Testing with and without pc and f. Also testing 6960119 with m*t mod 8 != 0.	1✔
68	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864,
69	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pcf};	×
70	}
71
72	std::vector<Botan::Classic_McEliece_Parameter_Set> instances_to_test() {	16✔
73	if(Test::run_long_tests()) {	16✔
74	return get_test_instances_all();	16✔
75	} else {
76	return get_test_instances_min();	×
77	}
78	}
79
80	bool skip_cmce_test(const std::string& params_str) {	16✔
81	auto params = Botan::Classic_McEliece_Parameters::create(params_str);	16✔
82	auto to_test = instances_to_test();	16✔
83	return std::find(to_test.begin(), to_test.end(), params.parameter_set()) == to_test.end();	16✔
84	}	16✔
85	} // namespace
86
87	class CMCE_Utility_Tests final : public Test {	×
88	public:
89	Test::Result expand_seed_test() {	1✔
90	Test::Result result("Seed expansion");	1✔
91
92	auto params =	1✔
93	Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);	1✔
94
95	// Created using the reference implementation
96	auto seed = Botan::hex_decode_locked("0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20");	1✔
97
98	auto exp_first_and_last_bytes = Botan::hex_decode(	1✔
99	"543e2791fd98dbc1" // first 8 bytes
100	"d332a7c40776ca01"); // last 8 bytes	1✔
101
102	size_t byte_length =	1✔
103	(params.n() + params.sigma2() * params.q() + params.sigma1() * params.t() + params.ell()) / 8;	1✔
104
105	auto rand = params.prg(seed)->output_stdvec(byte_length);	1✔
106	rand.erase(rand.begin() + 8, rand.end() - 8);	1✔
107
108	result.test_is_eq("Seed expansion", rand, exp_first_and_last_bytes);	1✔
109
110	return result;	1✔
111	}	3✔
112
113	Test::Result irreducible_poly_gen_test() {	1✔
114	Test::Result result("Irreducible Polynomial Generation");	1✔
115
116	auto params =	1✔
117	Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);	1✔
118
119	// Created using the reference implementation
120	auto random_bits = Botan::CmceIrreducibleBits(Botan::hex_decode(	1✔
121	"d9b8bb962a3f9dac0f832d243def581e7d26f4028de1ff9cd168460e5050ab095a32a372b40d720bd5d75389a6b3f08fa1d13cec60a4b716d4d6c240f2f80cd3"
122	"cbc76ae0dddca164c1130da185bd04e890f2256fb9f4754864811e14ea5a43b8b3612d59cecde1b2fdb6362659a0193d2b7d4b9d79aa1801dde3ca90dc300773"));	1✔
123
124	auto exp_g = Botan::Classic_McEliece_Minimal_Polynomial::from_bytes(	1✔
125	Botan::hex_decode(	1✔
126	"8d00a50f520a0307b8007c06cb04b9073b0f4a0f800fb706a60f2a05910a670b460375091209fc060a09ab036c09e5085a0df90d3506b404a30fda041d09970f"
127	"1206d000e00aac01c00dc80f490cd80b4108330c0208cf00d602450ec00a21079806eb093f00de015f052905560917081b09270c820af002000c34094504cd03"),
128	params.poly_f());	1✔
129
130	auto g = params.poly_ring().compute_minimal_polynomial(random_bits);	1✔
131	result.confirm("Minimize polynomial successful", g.has_value());	2✔
132	result.test_is_eq("Minimize polynomial", g.value().coef(), exp_g.coef());	1✔
133
134	return result;	1✔
135	}	2✔
136
137	Test::Result gf_inv_test() {	1✔
138	Test::Result result("GF inv test");	1✔
139
140	auto params =	1✔
141	Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);	1✔
142
143	auto v = params.gf(Botan::CmceGfElem(42));	1✔
144	auto v_inv = v.inv();	1✔
145	result.test_is_eq("Control bits creation", (v * v_inv).elem(), Botan::CmceGfElem(1));	1✔
146
147	return result;	1✔
148	}	1✔
149
150	Test::Result gf_poly_mul_test() {	1✔
151	Test::Result result("GF Poly Mul");	1✔
152
153	auto params =	1✔
154	Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);	1✔
155
156	const auto& field = params.poly_ring();	1✔
157
158	auto val1 = create_element_from_bytes(	1✔
159	Botan::hex_decode(	1✔
160	"bb02d40437094c0ae4034c00b10fed090a04850f660c3b0e110eb409810a86015b0f5804ca0e78089806e20b5b03aa0bc2020b05ea03710da902340c390f630b"
161	"bc07a70db20b9e0ee4038905a00a09090a0521045e0a0706370b5a00050a4100480c4d0e8f00730692093701fe04650dbe0fd00702011a04910360023f04fb0a"),
162	field);	1✔
163
164	auto val2 = create_element_from_bytes(	1✔
165	Botan::hex_decode(	1✔
166	"060c630b170abb00020fef03e501020e89098108bf01f30dd30900000e0d3d0ca404ec01190760021f088c09b90b0a06a702d104500f0f02f00a580287010a09"
167	"4e01490d270c73051800bc0af303b901b202b50321002802b903ce0ab40806083f0a2d06d002df0f260811005c02a10b300e5c0ba20d14045003c50f2f02de02"),
168	field);	1✔
169
170	auto exp_mul = create_element_from_bytes(	1✔
171	Botan::hex_decode(	1✔
172	"370d090b19008f0efb01f5011b04f9054b0d1f071d0457011e09cd0dfa093c004f08500e670abb0567090000f603770a3905bf044408b8025805930b25012201"
173	"8d0a560e840d960d9d0a280d1d06fc08d5078c06fe0cb406d0061e02c6090507d20eb10cb90146085c042e030c0e1a07910fcd0c5f0fda066c0cee061d01f40f"),
174	field);	1✔
175
176	auto mul = field.multiply(val1, val2); // val1 * val2;	1✔
177	result.test_is_eq("GF multiplication", mul.coef(), exp_mul.coef());	1✔
178
179	return result;	1✔
180	}	1✔
181
182	Test::Result rigged_rng_encryption_test() {	1✔
183	// RNG that always returns zero bytes
184	class All_Zero_RNG : public Botan::RandomNumberGenerator {	2✔
185	public:
186	void fill_bytes_with_input(std::span<uint8_t> output, std::span<const uint8_t> /* ignored */) override {	648✔
187	std::fill(output.begin(), output.end(), static_cast<uint8_t>(0));	648✔
188	}	648✔
189
190	std::string name() const override { return "All_Zero_RNG"; }	×
191
192	bool accepts_input() const override { return false; }	×
193
194	void clear() override {}	×
195
196	bool is_seeded() const override { return true; }	×
197	} rigged_rng;	1✔
198
199	Test::Result result("No endless loop with rigged RNG");	1✔
200	// Key creation should work even with a rigged RNG (PRNG is not used for key creation)
201	auto private_key = Botan::create_private_key("ClassicMcEliece", rigged_rng, "348864f");	1✔
202	if(!private_key) {	1✔
203	result.test_failure("Key generation failed");	×
204	return result;	×
205	}
206	auto enc = Botan::PK_KEM_Encryptor(*private_key, "Raw");	1✔
207	result.test_throws("Many failed encryption attempts throws exception", [&] { enc.encrypt(rigged_rng); });	3✔
208
209	return result;	1✔
210	}	2✔
211
212	std::vector<Test::Result> run() override {	1✔
213	return {expand_seed_test(),	1✔
214	irreducible_poly_gen_test(),
215	gf_inv_test(),
216	gf_poly_mul_test(),
217	rigged_rng_encryption_test()};	6✔
218	}	1✔
219	};
220
221	#if defined(BOTAN_HAS_AES)
222	class CMCE_Invalid_Test : public Text_Based_Test {
223	public:
224	CMCE_Invalid_Test() :	1✔
225	Text_Based_Test("pubkey/cmce_negative.vec", "seed,ct_invalid,ss_invalid", "ct_invalid_c1,ss_invalid_c1") {}	2✔
226
227	Test::Result run_one_test(const std::string& params_str, const VarMap& vars) override {	2✔
228	Test::Result result("CMCE Invalid Ciphertext Test");	2✔
229
230	auto params = Botan::Classic_McEliece_Parameters::create(params_str);	2✔
231
232	const auto kat_seed = Botan::lock(vars.get_req_bin("seed"));	6✔
233	const auto ct_invalid = vars.get_req_bin("ct_invalid");	2✔
234	const auto ref_ss_invalid = Botan::lock(vars.get_req_bin("ss_invalid"));	6✔
235
236	const auto test_rng = std::make_unique<CTR_DRBG_AES256>(kat_seed);	2✔
237
238	auto private_key = Botan::create_private_key("ClassicMcEliece", *test_rng, params_str);	2✔
239
240	// Decaps an invalid ciphertext
241	auto dec = Botan::PK_KEM_Decryptor(private_key, test_rng, "Raw");	2✔
242	auto decaps_ct_invalid = dec.decrypt(ct_invalid);	2✔
243
244	result.test_is_eq("Decaps an invalid encapsulated key", decaps_ct_invalid, ref_ss_invalid);	2✔
245
246	if(params.is_pc()) {	2✔
247	// For pc variants, additionally check the plaintext confirmation (pc) logic by
248	// flipping a bit in the second part of the ciphertext (C_1 in pc). In this case
249	// C_0 is decoded correctly, but pc will change the shared secret, since C_1' != C_1.
250	const auto ct_invalid_c1 = vars.get_opt_bin("ct_invalid_c1");	1✔
251	const auto ref_ss_invalid_c1 = Botan::lock(vars.get_opt_bin("ss_invalid_c1"));	3✔
252	auto decaps_ct_invalid_c1 = dec.decrypt(ct_invalid_c1);	1✔
253
254	result.test_is_eq("Decaps with invalid C_1 in pc", decaps_ct_invalid_c1, ref_ss_invalid_c1);	2✔
255	}	3✔
256
257	return result;	2✔
258	}	12✔
259	};
260	#endif // BOTAN_HAS_AES
261
262	class CMCE_Generic_Keygen_Tests final : public PK_Key_Generation_Test {	×
263	public:
264	std::vector<std::string> keygen_params() const override {	1✔
265	auto to_test = get_test_instances_min();	1✔
266
267	std::vector<std::string> res;	1✔
268	std::transform(to_test.begin(), to_test.end(), std::back_inserter(res), [](auto& param_set) {	1✔
269	return param_set.to_string();	2✔
270	});
271
272	return res;	1✔
273	}	1✔
274
275	std::unique_ptr<Botan::Public_Key> public_key_from_raw(std::string_view keygen_params,	2✔
276	std::string_view /provider/,
277	std::span<const uint8_t> raw_key_bits) const override {
278	return std::make_unique<Botan::Classic_McEliece_PublicKey>(	2✔
279	raw_key_bits, Botan::Classic_McEliece_Parameter_Set::from_string(keygen_params));	2✔
280	}
281
282	std::string algo_name() const override { return "ClassicMcEliece"; }	2✔
283	};
284
285	class Classic_McEliece_KAT_Tests final : public Botan_Tests::PK_PQC_KEM_KAT_Test {
286	public:
287	Classic_McEliece_KAT_Tests() : PK_PQC_KEM_KAT_Test("ClassicMcEliece", "pubkey/cmce_kat_hashed.vec") {}	2✔
288
289	private:
290	Botan::Classic_McEliece_Parameters get_params(const std::string& header) const {	16✔
291	return Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::from_string(header));	16✔
292	}
293
294	bool is_available(const std::string& alg_name) const final { return !skip_cmce_test(alg_name); }	16✔
295
296	std::vector<uint8_t> map_value(const std::string& /params/,	64✔
297	std::span<const uint8_t> value,
298	VarType var_type) const final {
299	if(var_type == VarType::Ciphertext \|\| var_type == VarType::SharedSecret) {	64✔
300	return {value.begin(), value.end()};	32✔
301	}
302	auto hash = Botan::HashFunction::create_or_throw("SHAKE-256(512)");	32✔
303	return hash->process<std::vector<uint8_t>>(value);	32✔
304	}	32✔
305
306	Fixed_Output_RNG rng_for_keygen(const std::string& /params/, Botan::RandomNumberGenerator& rng) const final {	16✔
307	const auto seed = rng.random_vec(Botan::Classic_McEliece_Parameters::seed_len());	16✔
308	return Fixed_Output_RNG(seed);	16✔
309	}	16✔
310
311	Fixed_Output_RNG rng_for_encapsulation(const std::string& alg_name,	16✔
312	Botan::RandomNumberGenerator& rng) const final {
313	// There is no way to tell exactly how much randomness is
314	// needed for encapsulation (rejection sampling)
315	// For testing we use a number that fits for all test cases
316	auto params = get_params(alg_name);	16✔
317	const size_t max_attempts = 100;	16✔
318	const size_t bits_per_attempt = (params.sigma1() / 8) * params.tau();	16✔
319
320	std::vector<uint8_t> rand_buffer;	16✔
321	for(size_t attempt = 0; attempt < max_attempts; ++attempt) {	1,616✔
322	auto random_bytes = rng.random_vec(bits_per_attempt);	1,600✔
323	rand_buffer.insert(rand_buffer.end(), random_bytes.begin(), random_bytes.end());	1,600✔
324	}	1,600✔
325
326	return Fixed_Output_RNG(rand_buffer);	16✔
327	}	16✔
328
329	void inspect_rng_after_encaps(const std::string& /params/, const Fixed_Output_RNG&, Test::Result&) const final {	16✔
330	// Encaps uses any number of random bytes, so we cannot check the RNG
331	}	16✔
332	};
333
334	BOTAN_REGISTER_TEST("cmce", "cmce_utility", CMCE_Utility_Tests);
335	BOTAN_REGISTER_TEST("cmce", "cmce_generic_keygen", CMCE_Generic_Keygen_Tests);
336	BOTAN_REGISTER_TEST("cmce", "cmce_generic_kat", Classic_McEliece_KAT_Tests);
337	#if defined(BOTAN_HAS_AES)
338	BOTAN_REGISTER_TEST("cmce", "cmce_invalid", CMCE_Invalid_Test);
339	#endif
340
341	} // namespace Botan_Tests
342
343	#endif // BOTAN_HAS_CLASSICMCELIECE

randombit / botan / 19012754211

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous