19012754211

Committed 02 Nov 2025 01:10PM UTC coverage: 90.677% (+0.006%) from 90.671%

Build # 19012754211

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #5137 from randombit/jack/clang-tidy-includes

Remove various unused includes flagged by clang-tidy misc-include-cleaner

Run Details

100457 of 110786 relevant lines covered (90.68%)

12189873.8 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

95.83

/src/tests/test_frodokem.cpp

/*
 * Tests for FrodoKEM ("You SHALL Pass")
 * - KAT tests using the KAT vectors from
 *   https://github.com/microsoft/PQCrypto-LWEKE/tree/master
 *
 * (C) 2023 Jack Lloyd
 * (C) 2023 René Meusel and Amos Treiber, Rohde & Schwarz Cybersecurity
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */

#include "test_pubkey_pqc.h"
#include "test_rng.h"
#include "tests.h"

#include <memory>

#if defined(BOTAN_HAS_FRODOKEM)
   #include "test_pubkey.h"

   #include <botan/frodokem.h>
   #include <botan/pubkey.h>
   #include <botan/xof.h>
   #include <botan/internal/frodo_constants.h>
#endif

namespace Botan_Tests {

#if defined(BOTAN_HAS_FRODOKEM)

namespace {
class Frodo_KAT_Tests final : public PK_PQC_KEM_KAT_Test {
   public:
      Frodo_KAT_Tests() : PK_PQC_KEM_KAT_Test("FrodoKEM", "pubkey/frodokem_kat.vec") {}

   private:
      Botan::FrodoKEMMode get_mode(const std::string& mode) const { return Botan::FrodoKEMMode(mode); }

      bool is_available(const std::string& mode) const final { return get_mode(mode).is_available(); }

      std::vector<uint8_t> map_value(const std::string& /*params*/,
                                     std::span<const uint8_t> value,
                                     VarType var_type) const final {
         if(var_type == VarType::SharedSecret) {
            return {value.begin(), value.end()};
         }
         auto xof = Botan::XOF::create_or_throw("SHAKE-256");
         xof->update(value);
         return xof->output<std::vector<uint8_t>>(16);
      }

      Fixed_Output_RNG rng_for_keygen(const std::string& mode, Botan::RandomNumberGenerator& rng) const final {
         Botan::FrodoKEMConstants consts(get_mode(mode));
         return Fixed_Output_RNG(rng, consts.len_sec_bytes() + consts.len_se_bytes() + consts.len_a_bytes());
      }

      Fixed_Output_RNG rng_for_encapsulation(const std::string& mode, Botan::RandomNumberGenerator& rng) const final {
         Botan::FrodoKEMConstants consts(get_mode(mode));
         return Fixed_Output_RNG(rng, consts.len_sec_bytes() + consts.len_salt_bytes());
      }
};

std::vector<Test::Result> test_frodo_roundtrips() {
   auto rng = Test::new_rng("frodokem_roundtrip");

   auto modes = std::vector{Botan::FrodoKEMMode::eFrodoKEM1344_SHAKE,
                            Botan::FrodoKEMMode::eFrodoKEM976_SHAKE,
                            Botan::FrodoKEMMode::eFrodoKEM640_SHAKE,
                            Botan::FrodoKEMMode::FrodoKEM1344_SHAKE,
                            Botan::FrodoKEMMode::FrodoKEM976_SHAKE,
                            Botan::FrodoKEMMode::FrodoKEM640_SHAKE,
                            Botan::FrodoKEMMode::eFrodoKEM1344_AES,
                            Botan::FrodoKEMMode::eFrodoKEM976_AES,
                            Botan::FrodoKEMMode::eFrodoKEM640_AES,
                            Botan::FrodoKEMMode::FrodoKEM1344_AES,
                            Botan::FrodoKEMMode::FrodoKEM976_AES,
                            Botan::FrodoKEMMode::FrodoKEM640_AES};

   auto get_decryption_error_value = [](Botan::FrodoKEMConstants& consts,
                                        std::span<const uint8_t> encaps_value,
                                        const Botan::FrodoKEM_PrivateKey& sk) {
      // Extracts the `S` value from the encoded private key
      auto& shake = consts.SHAKE_XOF();
      const auto sk_bytes = sk.raw_private_key_bits();
      auto sk_s = std::span<const uint8_t>(sk_bytes.data(), consts.len_sec_bytes());
      shake.update(encaps_value);
      shake.update(sk_s);
      return shake.output(consts.len_sec_bytes());
   };

   std::vector<Test::Result> results;
   for(auto mode : modes) {
      Botan::FrodoKEMMode m(mode);
      if(!m.is_available()) {
         continue;
      }
      Botan::FrodoKEMConstants consts(mode);
      Test::Result& result = results.emplace_back("FrodoKEM roundtrip: " + m.to_string());

      Botan::FrodoKEM_PrivateKey sk1(*rng, mode);
      Botan::FrodoKEM_PublicKey pk1(sk1.public_key_bits(), mode);

      // Happy case
      Botan::PK_KEM_Encryptor enc1(pk1, "Raw");
      const auto enc_res = enc1.encrypt(*rng, 0 /* no KDF */);

      result.test_eq("length of shared secret", enc_res.shared_key().size(), enc1.shared_key_length(0));
      result.test_eq("length of ciphertext", enc_res.encapsulated_shared_key().size(), enc1.encapsulated_key_length());

      Botan::PK_KEM_Decryptor dec1(sk1, *rng, "Raw");
      auto ss = dec1.decrypt(enc_res.encapsulated_shared_key(), 0 /* no KDF */);

      result.test_eq("shared secrets match", ss, enc_res.shared_key());
      result.test_eq("length of shared secret (decaps)", ss.size(), dec1.shared_key_length(0));

      // Decryption failures ("All right then, keep your secrets.")
      Botan::FrodoKEM_PrivateKey sk2(*rng, mode);

      // Decryption failure: mismatching private key
      Botan::PK_KEM_Decryptor dec2(sk2, *rng, "Raw");
      auto ss_mismatch = dec2.decrypt(enc_res.encapsulated_shared_key(), 0 /* no KDF */);
      result.test_eq("decryption failure sk",
                     ss_mismatch,
                     get_decryption_error_value(consts, enc_res.encapsulated_shared_key(), sk2));

      // Decryption failure: bitflip in encapsulated shared value
      const auto mutated_encaps_value = Test::mutate_vec(enc_res.encapsulated_shared_key(), *rng);
      ss_mismatch = dec2.decrypt(mutated_encaps_value, 0 /* no KDF */);
      result.test_eq(
         "decryption failure bitflip", ss_mismatch, get_decryption_error_value(consts, mutated_encaps_value, sk2));

      // Decryption failure: malformed encapsulation value
      result.test_throws(
         "malformed encapsulation value", "FrodoKEM ciphertext does not have the correct byte count", [&] {
            auto short_encaps_value = enc_res.encapsulated_shared_key();
            short_encaps_value.pop_back();
            dec1.decrypt(short_encaps_value, 0);
         });
   }

   return results;
}

class Frodo_Keygen_Tests final : public PK_Key_Generation_Test {
   public:
      std::vector<std::string> keygen_params() const override {
         return {
   #if defined(BOTAN_HAS_FRODOKEM_SHAKE)
            "FrodoKEM-640-SHAKE", "FrodoKEM-976-SHAKE", "eFrodoKEM-640-SHAKE", "eFrodoKEM-976-SHAKE",
   #endif
   #if defined(BOTAN_HAS_FRODOKEM_AES)
               "FrodoKEM-640-AES", "FrodoKEM-976-AES", "eFrodoKEM-640-AES", "eFrodoKEM-976-AES",
   #endif
         };
      }

      std::string algo_name() const override { return "FrodoKEM"; }

      std::unique_ptr<Botan::Public_Key> public_key_from_raw(std::string_view keygen_params,
                                                             std::string_view /* provider */,
                                                             std::span<const uint8_t> raw_pk) const override {
         return std::make_unique<Botan::FrodoKEM_PublicKey>(raw_pk, Botan::FrodoKEMMode(keygen_params));
      }
};

}  // namespace

BOTAN_REGISTER_TEST("frodokem", "frodo_kat_tests", Frodo_KAT_Tests);
BOTAN_REGISTER_TEST_FN("frodokem", "frodo_roundtrips", test_frodo_roundtrips);
BOTAN_REGISTER_TEST("frodokem", "frodo_keygen", Frodo_Keygen_Tests);

#endif

}  // namespace Botan_Tests

1	/*
2	* Tests for FrodoKEM ("You SHALL Pass")
3	* - KAT tests using the KAT vectors from
4	* https://github.com/microsoft/PQCrypto-LWEKE/tree/master
5	*
6	* (C) 2023 Jack Lloyd
7	* (C) 2023 René Meusel and Amos Treiber, Rohde & Schwarz Cybersecurity
8	*
9	* Botan is released under the Simplified BSD License (see license.txt)
10	*/
11
12	#include "test_pubkey_pqc.h"
13	#include "test_rng.h"
14	#include "tests.h"
15
16	#include <memory>
17
18	#if defined(BOTAN_HAS_FRODOKEM)
19	#include "test_pubkey.h"
20
21	#include <botan/frodokem.h>
22	#include <botan/pubkey.h>
23	#include <botan/xof.h>
24	#include <botan/internal/frodo_constants.h>
25	#endif
26
27	namespace Botan_Tests {
28
29	#if defined(BOTAN_HAS_FRODOKEM)
30
31	namespace {
32	class Frodo_KAT_Tests final : public PK_PQC_KEM_KAT_Test {
33	public:
34	Frodo_KAT_Tests() : PK_PQC_KEM_KAT_Test("FrodoKEM", "pubkey/frodokem_kat.vec") {}	2✔
35
36	private:
37	Botan::FrodoKEMMode get_mode(const std::string& mode) const { return Botan::FrodoKEMMode(mode); }	1,800✔
38
39	bool is_available(const std::string& mode) const final { return get_mode(mode).is_available(); }	300✔
40
41	std::vector<uint8_t> map_value(const std::string& /params/,	1,200✔
42	std::span<const uint8_t> value,
43	VarType var_type) const final {
44	if(var_type == VarType::SharedSecret) {	1,200✔
45	return {value.begin(), value.end()};	300✔
46	}
47	auto xof = Botan::XOF::create_or_throw("SHAKE-256");	900✔
48	xof->update(value);	900✔
49	return xof->output<std::vector<uint8_t>>(16);	900✔
50	}	900✔
51
52	Fixed_Output_RNG rng_for_keygen(const std::string& mode, Botan::RandomNumberGenerator& rng) const final {	300✔
53	Botan::FrodoKEMConstants consts(get_mode(mode));	300✔
54	return Fixed_Output_RNG(rng, consts.len_sec_bytes() + consts.len_se_bytes() + consts.len_a_bytes());	600✔
55	}	300✔
56
57	Fixed_Output_RNG rng_for_encapsulation(const std::string& mode, Botan::RandomNumberGenerator& rng) const final {	300✔
58	Botan::FrodoKEMConstants consts(get_mode(mode));	300✔
59	return Fixed_Output_RNG(rng, consts.len_sec_bytes() + consts.len_salt_bytes());	600✔
60	}	300✔
61	};
62
63	std::vector<Test::Result> test_frodo_roundtrips() {	1✔
64	auto rng = Test::new_rng("frodokem_roundtrip");	1✔
65
66	auto modes = std::vector{Botan::FrodoKEMMode::eFrodoKEM1344_SHAKE,	1✔
67	Botan::FrodoKEMMode::eFrodoKEM976_SHAKE,
68	Botan::FrodoKEMMode::eFrodoKEM640_SHAKE,
69	Botan::FrodoKEMMode::FrodoKEM1344_SHAKE,
70	Botan::FrodoKEMMode::FrodoKEM976_SHAKE,
71	Botan::FrodoKEMMode::FrodoKEM640_SHAKE,
72	Botan::FrodoKEMMode::eFrodoKEM1344_AES,
73	Botan::FrodoKEMMode::eFrodoKEM976_AES,
74	Botan::FrodoKEMMode::eFrodoKEM640_AES,
75	Botan::FrodoKEMMode::FrodoKEM1344_AES,
76	Botan::FrodoKEMMode::FrodoKEM976_AES,
77	Botan::FrodoKEMMode::FrodoKEM640_AES};	1✔
78
79	auto get_decryption_error_value = [](Botan::FrodoKEMConstants& consts,	25✔
80	std::span<const uint8_t> encaps_value,
81	const Botan::FrodoKEM_PrivateKey& sk) {
82	// Extracts the `S` value from the encoded private key
83	auto& shake = consts.SHAKE_XOF();	24✔
84	const auto sk_bytes = sk.raw_private_key_bits();	24✔
85	auto sk_s = std::span<const uint8_t>(sk_bytes.data(), consts.len_sec_bytes());	24✔
86	shake.update(encaps_value);	24✔
87	shake.update(sk_s);	24✔
88	return shake.output(consts.len_sec_bytes());	24✔
89	};	24✔
90
91	std::vector<Test::Result> results;	1✔
92	for(auto mode : modes) {	13✔
93	Botan::FrodoKEMMode m(mode);	12✔
94	if(!m.is_available()) {	12✔
95	continue;	×
96	}
97	Botan::FrodoKEMConstants consts(mode);	12✔
98	Test::Result& result = results.emplace_back("FrodoKEM roundtrip: " + m.to_string());	24✔
99
100	Botan::FrodoKEM_PrivateKey sk1(*rng, mode);	12✔
101	Botan::FrodoKEM_PublicKey pk1(sk1.public_key_bits(), mode);	12✔
102
103	// Happy case
104	Botan::PK_KEM_Encryptor enc1(pk1, "Raw");	12✔
105	const auto enc_res = enc1.encrypt(rng, 0 / no KDF */);	12✔
106
107	result.test_eq("length of shared secret", enc_res.shared_key().size(), enc1.shared_key_length(0));	12✔
108	result.test_eq("length of ciphertext", enc_res.encapsulated_shared_key().size(), enc1.encapsulated_key_length());	12✔
109
110	Botan::PK_KEM_Decryptor dec1(sk1, *rng, "Raw");	12✔
111	auto ss = dec1.decrypt(enc_res.encapsulated_shared_key(), 0 /* no KDF */);	12✔
112
113	result.test_eq("shared secrets match", ss, enc_res.shared_key());	24✔
114	result.test_eq("length of shared secret (decaps)", ss.size(), dec1.shared_key_length(0));	12✔
115
116	// Decryption failures ("All right then, keep your secrets.")
117	Botan::FrodoKEM_PrivateKey sk2(*rng, mode);	12✔
118
119	// Decryption failure: mismatching private key
120	Botan::PK_KEM_Decryptor dec2(sk2, *rng, "Raw");	12✔
121	auto ss_mismatch = dec2.decrypt(enc_res.encapsulated_shared_key(), 0 /* no KDF */);	12✔
122	result.test_eq("decryption failure sk",	24✔
123	ss_mismatch,
124	get_decryption_error_value(consts, enc_res.encapsulated_shared_key(), sk2));	12✔
125
126	// Decryption failure: bitflip in encapsulated shared value
127	const auto mutated_encaps_value = Test::mutate_vec(enc_res.encapsulated_shared_key(), *rng);	12✔
128	ss_mismatch = dec2.decrypt(mutated_encaps_value, 0 /* no KDF */);	24✔
129	result.test_eq(	24✔
130	"decryption failure bitflip", ss_mismatch, get_decryption_error_value(consts, mutated_encaps_value, sk2));	12✔
131
132	// Decryption failure: malformed encapsulation value
133	result.test_throws(	36✔
134	"malformed encapsulation value", "FrodoKEM ciphertext does not have the correct byte count", [&] {	12✔
135	auto short_encaps_value = enc_res.encapsulated_shared_key();	12✔
136	short_encaps_value.pop_back();	12✔
137	dec1.decrypt(short_encaps_value, 0);	12✔
138	});	×
139	}	36✔
140
141	return results;	1✔
142	}	2✔
143
144	class Frodo_Keygen_Tests final : public PK_Key_Generation_Test {	×
145	public:
146	std::vector<std::string> keygen_params() const override {	1✔
147	return {	1✔
148	#if defined(BOTAN_HAS_FRODOKEM_SHAKE)
149	"FrodoKEM-640-SHAKE", "FrodoKEM-976-SHAKE", "eFrodoKEM-640-SHAKE", "eFrodoKEM-976-SHAKE",
150	#endif
151	#if defined(BOTAN_HAS_FRODOKEM_AES)
152	"FrodoKEM-640-AES", "FrodoKEM-976-AES", "eFrodoKEM-640-AES", "eFrodoKEM-976-AES",
153	#endif
154	};	1✔
155	}
156
157	std::string algo_name() const override { return "FrodoKEM"; }	8✔
158
159	std::unique_ptr<Botan::Public_Key> public_key_from_raw(std::string_view keygen_params,	8✔
160	std::string_view /* provider */,
161	std::span<const uint8_t> raw_pk) const override {
162	return std::make_unique<Botan::FrodoKEM_PublicKey>(raw_pk, Botan::FrodoKEMMode(keygen_params));	8✔
163	}
164	};
165
166	} // namespace
167
168	BOTAN_REGISTER_TEST("frodokem", "frodo_kat_tests", Frodo_KAT_Tests);
169	BOTAN_REGISTER_TEST_FN("frodokem", "frodo_roundtrips", test_frodo_roundtrips);
170	BOTAN_REGISTER_TEST("frodokem", "frodo_keygen", Frodo_Keygen_Tests);
171
172	#endif
173
174	} // namespace Botan_Tests

randombit / botan / 19012754211

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous