20579846577

Committed 29 Dec 2025 06:24PM UTC coverage: 90.415% (+0.2%) from 90.243%

Build # 20579846577

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #5167 from randombit/jack/src-size-reductions

Changes to reduce unnecessary inclusions

Run Details

101523 of 112285 relevant lines covered (90.42%)

12817276.56 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

93.9

/src/tests/test_cmce.cpp

/*
* Tests for Classic McEliece
*
* (C) 2023 Jack Lloyd
*     2023,2024 Fabian Albert, Amos Treiber - Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "test_pubkey.h"
#include "test_pubkey_pqc.h"
#include "test_rng.h"
#include "tests.h"

#if defined(BOTAN_HAS_CLASSICMCELIECE)

   #include <botan/cmce.h>
   #include <botan/hash.h>
   #include <botan/pk_algs.h>
   #include <botan/pubkey.h>
   #include <botan/internal/cmce_gf.h>
   #include <botan/internal/cmce_parameters.h>
   #include <botan/internal/cmce_poly.h>

namespace Botan_Tests {

namespace {

Botan::Classic_McEliece_Polynomial create_element_from_bytes(std::span<const uint8_t> bytes,
                                                             const Botan::Classic_McEliece_Polynomial_Ring& ring) {
   BOTAN_ARG_CHECK(bytes.size() == ring.degree() * 2, "Correct input size");
   std::vector<uint16_t> coef(ring.degree());
   Botan::load_le<uint16_t>(coef.data(), bytes.data(), ring.degree());

   std::vector<Botan::Classic_McEliece_GF> coeff_vec_gf;
   coeff_vec_gf.reserve(coef.size());
   for(const auto& coeff : coef) {
      coeff_vec_gf.push_back(Botan::Classic_McEliece_GF(Botan::CmceGfElem(coeff), ring.poly_f()));
   }
   return Botan::Classic_McEliece_Polynomial(coeff_vec_gf);
}

std::vector<Botan::Classic_McEliece_Parameter_Set> get_test_instances_all() {
   return {// All instances
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864f,

           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_460896,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_460896f,

           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128f,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128pc,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128pcf,

           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119f,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pc,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pcf,

           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128f,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128pc,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128pcf};
}

std::vector<Botan::Classic_McEliece_Parameter_Set> get_test_instances_min() {
   return {// Testing with and without pc and f. Also testing 6960119 with m*t mod 8 != 0.
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pcf};
}

std::vector<Botan::Classic_McEliece_Parameter_Set> instances_to_test() {
   if(Test::run_long_tests()) {
      return get_test_instances_all();
   } else {
      return get_test_instances_min();
   }
}

bool skip_cmce_test(const std::string& params_str) {
   auto params = Botan::Classic_McEliece_Parameters::create(params_str);
   auto to_test = instances_to_test();
   return std::find(to_test.begin(), to_test.end(), params.parameter_set()) == to_test.end();
}
}  // namespace

class CMCE_Utility_Tests final : public Test {
   public:
      Test::Result expand_seed_test() {
         Test::Result result("Seed expansion");

         auto params =
            Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);

         // Created using the reference implementation
         auto seed = Botan::hex_decode_locked("0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20");

         auto exp_first_and_last_bytes = Botan::hex_decode(
            "543e2791fd98dbc1"    // first 8 bytes
            "d332a7c40776ca01");  // last 8 bytes

         const size_t byte_length =
            (params.n() + params.sigma2() * params.q() + params.sigma1() * params.t() + params.ell()) / 8;

         auto rand = params.prg(seed)->output_stdvec(byte_length);
         rand.erase(rand.begin() + 8, rand.end() - 8);

         result.test_is_eq("Seed expansion", rand, exp_first_and_last_bytes);

         return result;
      }

      Test::Result irreducible_poly_gen_test() {
         Test::Result result("Irreducible Polynomial Generation");

         auto params =
            Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);

         // Created using the reference implementation
         auto random_bits = Botan::CmceIrreducibleBits(Botan::hex_decode(
            "d9b8bb962a3f9dac0f832d243def581e7d26f4028de1ff9cd168460e5050ab095a32a372b40d720bd5d75389a6b3f08fa1d13cec60a4b716d4d6c240f2f80cd3"
            "cbc76ae0dddca164c1130da185bd04e890f2256fb9f4754864811e14ea5a43b8b3612d59cecde1b2fdb6362659a0193d2b7d4b9d79aa1801dde3ca90dc300773"));

         auto exp_g = Botan::Classic_McEliece_Minimal_Polynomial::from_bytes(
            Botan::hex_decode(
               "8d00a50f520a0307b8007c06cb04b9073b0f4a0f800fb706a60f2a05910a670b460375091209fc060a09ab036c09e5085a0df90d3506b404a30fda041d09970f"
               "1206d000e00aac01c00dc80f490cd80b4108330c0208cf00d602450ec00a21079806eb093f00de015f052905560917081b09270c820af002000c34094504cd03"),
            params.poly_f());

         auto g = params.poly_ring().compute_minimal_polynomial(random_bits);
         result.confirm("Minimize polynomial successful", g.has_value());
         result.test_is_eq("Minimize polynomial", g.value().coef(), exp_g.coef());

         return result;
      }

      Test::Result gf_inv_test() {
         Test::Result result("GF inv test");

         auto params =
            Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);

         auto v = params.gf(Botan::CmceGfElem(42));
         auto v_inv = v.inv();
         result.test_is_eq("Control bits creation", (v * v_inv).elem(), Botan::CmceGfElem(1));

         return result;
      }

      Test::Result gf_poly_mul_test() {
         Test::Result result("GF Poly Mul");

         auto params =
            Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);

         const auto& field = params.poly_ring();

         auto val1 = create_element_from_bytes(
            Botan::hex_decode(
               "bb02d40437094c0ae4034c00b10fed090a04850f660c3b0e110eb409810a86015b0f5804ca0e78089806e20b5b03aa0bc2020b05ea03710da902340c390f630b"
               "bc07a70db20b9e0ee4038905a00a09090a0521045e0a0706370b5a00050a4100480c4d0e8f00730692093701fe04650dbe0fd00702011a04910360023f04fb0a"),
            field);

         auto val2 = create_element_from_bytes(
            Botan::hex_decode(
               "060c630b170abb00020fef03e501020e89098108bf01f30dd30900000e0d3d0ca404ec01190760021f088c09b90b0a06a702d104500f0f02f00a580287010a09"
               "4e01490d270c73051800bc0af303b901b202b50321002802b903ce0ab40806083f0a2d06d002df0f260811005c02a10b300e5c0ba20d14045003c50f2f02de02"),
            field);

         auto exp_mul = create_element_from_bytes(
            Botan::hex_decode(
               "370d090b19008f0efb01f5011b04f9054b0d1f071d0457011e09cd0dfa093c004f08500e670abb0567090000f603770a3905bf044408b8025805930b25012201"
               "8d0a560e840d960d9d0a280d1d06fc08d5078c06fe0cb406d0061e02c6090507d20eb10cb90146085c042e030c0e1a07910fcd0c5f0fda066c0cee061d01f40f"),
            field);

         auto mul = field.multiply(val1, val2);  // val1 * val2;
         result.test_is_eq("GF multiplication", mul.coef(), exp_mul.coef());

         return result;
      }

      Test::Result rigged_rng_encryption_test() {
         // RNG that always returns zero bytes
         class All_Zero_RNG : public Botan::RandomNumberGenerator {
            public:
               void fill_bytes_with_input(std::span<uint8_t> output, std::span<const uint8_t> /* ignored */) override {
                  std::fill(output.begin(), output.end(), static_cast<uint8_t>(0));
               }

               std::string name() const override { return "All_Zero_RNG"; }

               bool accepts_input() const override { return false; }

               void clear() override {}

               bool is_seeded() const override { return true; }
         } rigged_rng;

         Test::Result result("No endless loop with rigged RNG");
         // Key creation should work even with a rigged RNG (PRNG is not used for key creation)
         auto private_key = Botan::create_private_key("ClassicMcEliece", rigged_rng, "348864f");
         if(!private_key) {
            result.test_failure("Key generation failed");
            return result;
         }
         auto enc = Botan::PK_KEM_Encryptor(*private_key, "Raw");
         result.test_throws("Many failed encryption attempts throws exception", [&] { enc.encrypt(rigged_rng); });

         return result;
      }

      std::vector<Test::Result> run() override {
         return {expand_seed_test(),
                 irreducible_poly_gen_test(),
                 gf_inv_test(),
                 gf_poly_mul_test(),
                 rigged_rng_encryption_test()};
      }
};

   #if defined(BOTAN_HAS_AES)
class CMCE_Invalid_Test : public Text_Based_Test {
   public:
      CMCE_Invalid_Test() :
            Text_Based_Test("pubkey/cmce_negative.vec", "seed,ct_invalid,ss_invalid", "ct_invalid_c1,ss_invalid_c1") {}

      Test::Result run_one_test(const std::string& params_str, const VarMap& vars) override {
         Test::Result result("CMCE Invalid Ciphertext Test");

         auto params = Botan::Classic_McEliece_Parameters::create(params_str);

         const auto kat_seed = Botan::lock(vars.get_req_bin("seed"));
         const auto ct_invalid = vars.get_req_bin("ct_invalid");
         const auto ref_ss_invalid = Botan::lock(vars.get_req_bin("ss_invalid"));

         const auto test_rng = std::make_unique<CTR_DRBG_AES256>(kat_seed);

         auto private_key = Botan::create_private_key("ClassicMcEliece", *test_rng, params_str);

         // Decaps an invalid ciphertext
         auto dec = Botan::PK_KEM_Decryptor(*private_key, *test_rng, "Raw");
         auto decaps_ct_invalid = dec.decrypt(ct_invalid);

         result.test_is_eq("Decaps an invalid encapsulated key", decaps_ct_invalid, ref_ss_invalid);

         if(params.is_pc()) {
            // For pc variants, additionally check the plaintext confirmation (pc) logic by
            // flipping a bit in the second part of the ciphertext (C_1 in pc). In this case
            // C_0 is decoded correctly, but pc will change the shared secret, since C_1' != C_1.
            const auto ct_invalid_c1 = vars.get_opt_bin("ct_invalid_c1");
            const auto ref_ss_invalid_c1 = Botan::lock(vars.get_opt_bin("ss_invalid_c1"));
            auto decaps_ct_invalid_c1 = dec.decrypt(ct_invalid_c1);

            result.test_is_eq("Decaps with invalid C_1 in pc", decaps_ct_invalid_c1, ref_ss_invalid_c1);
         }

         return result;
      }
};
   #endif  // BOTAN_HAS_AES

class CMCE_Generic_Keygen_Tests final : public PK_Key_Generation_Test {
   public:
      std::vector<std::string> keygen_params() const override {
         std::vector<std::string> res;
         for(const auto& param_set : get_test_instances_min()) {
            res.push_back(param_set.to_string());
         }
         return res;
      }

      std::unique_ptr<Botan::Public_Key> public_key_from_raw(std::string_view keygen_params,
                                                             std::string_view /*provider*/,
                                                             std::span<const uint8_t> raw_key_bits) const override {
         return std::make_unique<Botan::Classic_McEliece_PublicKey>(
            raw_key_bits, Botan::Classic_McEliece_Parameter_Set::from_string(keygen_params));
      }

      std::string algo_name() const override { return "ClassicMcEliece"; }
};

class Classic_McEliece_KAT_Tests final : public Botan_Tests::PK_PQC_KEM_KAT_Test {
   public:
      Classic_McEliece_KAT_Tests() : PK_PQC_KEM_KAT_Test("ClassicMcEliece", "pubkey/cmce_kat_hashed.vec") {}

   private:
      Botan::Classic_McEliece_Parameters get_params(const std::string& header) const {
         return Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::from_string(header));
      }

      bool is_available(const std::string& alg_name) const final { return !skip_cmce_test(alg_name); }

      std::vector<uint8_t> map_value(const std::string& /*params*/,
                                     std::span<const uint8_t> value,
                                     VarType var_type) const final {
         if(var_type == VarType::Ciphertext || var_type == VarType::SharedSecret) {
            return {value.begin(), value.end()};
         }
         auto hash = Botan::HashFunction::create_or_throw("SHAKE-256(512)");
         return hash->process<std::vector<uint8_t>>(value);
      }

      Fixed_Output_RNG rng_for_keygen(const std::string& /*params*/, Botan::RandomNumberGenerator& rng) const final {
         const auto seed = rng.random_vec(Botan::Classic_McEliece_Parameters::seed_len());
         return Fixed_Output_RNG(seed);
      }

      Fixed_Output_RNG rng_for_encapsulation(const std::string& alg_name,
                                             Botan::RandomNumberGenerator& rng) const final {
         // There is no way to tell exactly how much randomness is
         // needed for encapsulation (rejection sampling)
         // For testing we use a number that fits for all test cases
         auto params = get_params(alg_name);
         const size_t max_attempts = 100;
         const size_t bits_per_attempt = (params.sigma1() / 8) * params.tau();

         std::vector<uint8_t> rand_buffer;
         for(size_t attempt = 0; attempt < max_attempts; ++attempt) {
            auto random_bytes = rng.random_vec(bits_per_attempt);
            rand_buffer.insert(rand_buffer.end(), random_bytes.begin(), random_bytes.end());
         }

         return Fixed_Output_RNG(rand_buffer);
      }

      void inspect_rng_after_encaps(const std::string& /*params*/,
                                    const Fixed_Output_RNG& /*rng*/,
                                    Test::Result& /*result*/) const final {
         // Encaps uses any number of random bytes, so we cannot check the RNG
      }
};

BOTAN_REGISTER_TEST("cmce", "cmce_utility", CMCE_Utility_Tests);
BOTAN_REGISTER_TEST("cmce", "cmce_generic_keygen", CMCE_Generic_Keygen_Tests);
BOTAN_REGISTER_TEST("cmce", "cmce_generic_kat", Classic_McEliece_KAT_Tests);
   #if defined(BOTAN_HAS_AES)
BOTAN_REGISTER_TEST("cmce", "cmce_invalid", CMCE_Invalid_Test);
   #endif

}  // namespace Botan_Tests

#endif  // BOTAN_HAS_CLASSICMCELIECE

1	/*
2	* Tests for Classic McEliece
3	*
4	* (C) 2023 Jack Lloyd
5	* 2023,2024 Fabian Albert, Amos Treiber - Rohde & Schwarz Cybersecurity
6	*
7	* Botan is released under the Simplified BSD License (see license.txt)
8	*/
9
10	#include "test_pubkey.h"
11	#include "test_pubkey_pqc.h"
12	#include "test_rng.h"
13	#include "tests.h"
14
15	#if defined(BOTAN_HAS_CLASSICMCELIECE)
16
17	#include <botan/cmce.h>
18	#include <botan/hash.h>
19	#include <botan/pk_algs.h>
20	#include <botan/pubkey.h>
21	#include <botan/internal/cmce_gf.h>
22	#include <botan/internal/cmce_parameters.h>
23	#include <botan/internal/cmce_poly.h>
24
25	namespace Botan_Tests {
26
27	namespace {
28
29	Botan::Classic_McEliece_Polynomial create_element_from_bytes(std::span<const uint8_t> bytes,	3✔
30	const Botan::Classic_McEliece_Polynomial_Ring& ring) {
31	BOTAN_ARG_CHECK(bytes.size() == ring.degree() * 2, "Correct input size");	3✔
32	std::vector<uint16_t> coef(ring.degree());	3✔
33	Botan::load_le<uint16_t>(coef.data(), bytes.data(), ring.degree());	3✔
34
35	std::vector<Botan::Classic_McEliece_GF> coeff_vec_gf;	3✔
36	coeff_vec_gf.reserve(coef.size());	3✔
37	for(const auto& coeff : coef) {	195✔
38	coeff_vec_gf.push_back(Botan::Classic_McEliece_GF(Botan::CmceGfElem(coeff), ring.poly_f()));	192✔
39	}
40	return Botan::Classic_McEliece_Polynomial(coeff_vec_gf);	3✔
41	}	6✔
42
43	std::vector<Botan::Classic_McEliece_Parameter_Set> get_test_instances_all() {	16✔
44	return {// All instances	16✔
45	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864,
46	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864f,
47
48	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_460896,
49	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_460896f,
50
51	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128,
52	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128f,
53	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128pc,
54	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128pcf,
55
56	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119,
57	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119f,
58	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pc,
59	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pcf,
60
61	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128,
62	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128f,
63	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128pc,
64	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128pcf};	16✔
65	}
66
67	std::vector<Botan::Classic_McEliece_Parameter_Set> get_test_instances_min() {	1✔
68	return {// Testing with and without pc and f. Also testing 6960119 with m*t mod 8 != 0.	1✔
69	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864,
70	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pcf};	×
71	}
72
73	std::vector<Botan::Classic_McEliece_Parameter_Set> instances_to_test() {	16✔
74	if(Test::run_long_tests()) {	16✔
75	return get_test_instances_all();	16✔
76	} else {
77	return get_test_instances_min();	×
78	}
79	}
80
81	bool skip_cmce_test(const std::string& params_str) {	16✔
82	auto params = Botan::Classic_McEliece_Parameters::create(params_str);	16✔
83	auto to_test = instances_to_test();	16✔
84	return std::find(to_test.begin(), to_test.end(), params.parameter_set()) == to_test.end();	16✔
85	}	16✔
86	} // namespace
87
88	class CMCE_Utility_Tests final : public Test {	1✔
89	public:
90	Test::Result expand_seed_test() {	1✔
91	Test::Result result("Seed expansion");	1✔
92
93	auto params =	1✔
94	Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);	1✔
95
96	// Created using the reference implementation
97	auto seed = Botan::hex_decode_locked("0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20");	1✔
98
99	auto exp_first_and_last_bytes = Botan::hex_decode(	1✔
100	"543e2791fd98dbc1" // first 8 bytes
101	"d332a7c40776ca01"); // last 8 bytes	1✔
102
103	const size_t byte_length =	1✔
104	(params.n() + params.sigma2() * params.q() + params.sigma1() * params.t() + params.ell()) / 8;	1✔
105
106	auto rand = params.prg(seed)->output_stdvec(byte_length);	1✔
107	rand.erase(rand.begin() + 8, rand.end() - 8);	1✔
108
109	result.test_is_eq("Seed expansion", rand, exp_first_and_last_bytes);	1✔
110
111	return result;	1✔
112	}	3✔
113
114	Test::Result irreducible_poly_gen_test() {	1✔
115	Test::Result result("Irreducible Polynomial Generation");	1✔
116
117	auto params =	1✔
118	Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);	1✔
119
120	// Created using the reference implementation
121	auto random_bits = Botan::CmceIrreducibleBits(Botan::hex_decode(	1✔
122	"d9b8bb962a3f9dac0f832d243def581e7d26f4028de1ff9cd168460e5050ab095a32a372b40d720bd5d75389a6b3f08fa1d13cec60a4b716d4d6c240f2f80cd3"
123	"cbc76ae0dddca164c1130da185bd04e890f2256fb9f4754864811e14ea5a43b8b3612d59cecde1b2fdb6362659a0193d2b7d4b9d79aa1801dde3ca90dc300773"));	1✔
124
125	auto exp_g = Botan::Classic_McEliece_Minimal_Polynomial::from_bytes(	1✔
126	Botan::hex_decode(	1✔
127	"8d00a50f520a0307b8007c06cb04b9073b0f4a0f800fb706a60f2a05910a670b460375091209fc060a09ab036c09e5085a0df90d3506b404a30fda041d09970f"
128	"1206d000e00aac01c00dc80f490cd80b4108330c0208cf00d602450ec00a21079806eb093f00de015f052905560917081b09270c820af002000c34094504cd03"),
129	params.poly_f());	1✔
130
131	auto g = params.poly_ring().compute_minimal_polynomial(random_bits);	1✔
132	result.confirm("Minimize polynomial successful", g.has_value());	2✔
133	result.test_is_eq("Minimize polynomial", g.value().coef(), exp_g.coef());	1✔
134
135	return result;	1✔
136	}	2✔
137
138	Test::Result gf_inv_test() {	1✔
139	Test::Result result("GF inv test");	1✔
140
141	auto params =	1✔
142	Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);	1✔
143
144	auto v = params.gf(Botan::CmceGfElem(42));	1✔
145	auto v_inv = v.inv();	1✔
146	result.test_is_eq("Control bits creation", (v * v_inv).elem(), Botan::CmceGfElem(1));	1✔
147
148	return result;	1✔
149	}	1✔
150
151	Test::Result gf_poly_mul_test() {	1✔
152	Test::Result result("GF Poly Mul");	1✔
153
154	auto params =	1✔
155	Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);	1✔
156
157	const auto& field = params.poly_ring();	1✔
158
159	auto val1 = create_element_from_bytes(	1✔
160	Botan::hex_decode(	1✔
161	"bb02d40437094c0ae4034c00b10fed090a04850f660c3b0e110eb409810a86015b0f5804ca0e78089806e20b5b03aa0bc2020b05ea03710da902340c390f630b"
162	"bc07a70db20b9e0ee4038905a00a09090a0521045e0a0706370b5a00050a4100480c4d0e8f00730692093701fe04650dbe0fd00702011a04910360023f04fb0a"),
163	field);	1✔
164
165	auto val2 = create_element_from_bytes(	1✔
166	Botan::hex_decode(	1✔
167	"060c630b170abb00020fef03e501020e89098108bf01f30dd30900000e0d3d0ca404ec01190760021f088c09b90b0a06a702d104500f0f02f00a580287010a09"
168	"4e01490d270c73051800bc0af303b901b202b50321002802b903ce0ab40806083f0a2d06d002df0f260811005c02a10b300e5c0ba20d14045003c50f2f02de02"),
169	field);	1✔
170
171	auto exp_mul = create_element_from_bytes(	1✔
172	Botan::hex_decode(	1✔
173	"370d090b19008f0efb01f5011b04f9054b0d1f071d0457011e09cd0dfa093c004f08500e670abb0567090000f603770a3905bf044408b8025805930b25012201"
174	"8d0a560e840d960d9d0a280d1d06fc08d5078c06fe0cb406d0061e02c6090507d20eb10cb90146085c042e030c0e1a07910fcd0c5f0fda066c0cee061d01f40f"),
175	field);	1✔
176
177	auto mul = field.multiply(val1, val2); // val1 * val2;	1✔
178	result.test_is_eq("GF multiplication", mul.coef(), exp_mul.coef());	1✔
179
180	return result;	1✔
181	}	1✔
182
183	Test::Result rigged_rng_encryption_test() {	1✔
184	// RNG that always returns zero bytes
185	class All_Zero_RNG : public Botan::RandomNumberGenerator {	2✔
186	public:
187	void fill_bytes_with_input(std::span<uint8_t> output, std::span<const uint8_t> /* ignored */) override {	648✔
188	std::fill(output.begin(), output.end(), static_cast<uint8_t>(0));	648✔
189	}	648✔
190
191	std::string name() const override { return "All_Zero_RNG"; }	×
192
193	bool accepts_input() const override { return false; }	×
194
195	void clear() override {}	×
196
197	bool is_seeded() const override { return true; }	×
198	} rigged_rng;	1✔
199
200	Test::Result result("No endless loop with rigged RNG");	1✔
201	// Key creation should work even with a rigged RNG (PRNG is not used for key creation)
202	auto private_key = Botan::create_private_key("ClassicMcEliece", rigged_rng, "348864f");	1✔
203	if(!private_key) {	1✔
204	result.test_failure("Key generation failed");	×
205	return result;	×
206	}
207	auto enc = Botan::PK_KEM_Encryptor(*private_key, "Raw");	1✔
208	result.test_throws("Many failed encryption attempts throws exception", [&] { enc.encrypt(rigged_rng); });	3✔
209
210	return result;	1✔
211	}	2✔
212
213	std::vector<Test::Result> run() override {	1✔
214	return {expand_seed_test(),	1✔
215	irreducible_poly_gen_test(),
216	gf_inv_test(),
217	gf_poly_mul_test(),
218	rigged_rng_encryption_test()};	6✔
219	}	1✔
220	};
221
222	#if defined(BOTAN_HAS_AES)
223	class CMCE_Invalid_Test : public Text_Based_Test {
224	public:
225	CMCE_Invalid_Test() :	1✔
226	Text_Based_Test("pubkey/cmce_negative.vec", "seed,ct_invalid,ss_invalid", "ct_invalid_c1,ss_invalid_c1") {}	2✔
227
228	Test::Result run_one_test(const std::string& params_str, const VarMap& vars) override {	2✔
229	Test::Result result("CMCE Invalid Ciphertext Test");	2✔
230
231	auto params = Botan::Classic_McEliece_Parameters::create(params_str);	2✔
232
233	const auto kat_seed = Botan::lock(vars.get_req_bin("seed"));	6✔
234	const auto ct_invalid = vars.get_req_bin("ct_invalid");	2✔
235	const auto ref_ss_invalid = Botan::lock(vars.get_req_bin("ss_invalid"));	6✔
236
237	const auto test_rng = std::make_unique<CTR_DRBG_AES256>(kat_seed);	2✔
238
239	auto private_key = Botan::create_private_key("ClassicMcEliece", *test_rng, params_str);	2✔
240
241	// Decaps an invalid ciphertext
242	auto dec = Botan::PK_KEM_Decryptor(private_key, test_rng, "Raw");	2✔
243	auto decaps_ct_invalid = dec.decrypt(ct_invalid);	2✔
244
245	result.test_is_eq("Decaps an invalid encapsulated key", decaps_ct_invalid, ref_ss_invalid);	2✔
246
247	if(params.is_pc()) {	2✔
248	// For pc variants, additionally check the plaintext confirmation (pc) logic by
249	// flipping a bit in the second part of the ciphertext (C_1 in pc). In this case
250	// C_0 is decoded correctly, but pc will change the shared secret, since C_1' != C_1.
251	const auto ct_invalid_c1 = vars.get_opt_bin("ct_invalid_c1");	1✔
252	const auto ref_ss_invalid_c1 = Botan::lock(vars.get_opt_bin("ss_invalid_c1"));	3✔
253	auto decaps_ct_invalid_c1 = dec.decrypt(ct_invalid_c1);	1✔
254
255	result.test_is_eq("Decaps with invalid C_1 in pc", decaps_ct_invalid_c1, ref_ss_invalid_c1);	2✔
256	}	3✔
257
258	return result;	2✔
259	}	12✔
260	};
261	#endif // BOTAN_HAS_AES
262
263	class CMCE_Generic_Keygen_Tests final : public PK_Key_Generation_Test {	1✔
264	public:
265	std::vector<std::string> keygen_params() const override {	1✔
266	std::vector<std::string> res;	1✔
267	for(const auto& param_set : get_test_instances_min()) {	3✔
268	res.push_back(param_set.to_string());	4✔
269	}	×
270	return res;	1✔
271	}	×
272
273	std::unique_ptr<Botan::Public_Key> public_key_from_raw(std::string_view keygen_params,	2✔
274	std::string_view /provider/,
275	std::span<const uint8_t> raw_key_bits) const override {
276	return std::make_unique<Botan::Classic_McEliece_PublicKey>(	2✔
277	raw_key_bits, Botan::Classic_McEliece_Parameter_Set::from_string(keygen_params));	2✔
278	}
279
280	std::string algo_name() const override { return "ClassicMcEliece"; }	2✔
281	};
282
283	class Classic_McEliece_KAT_Tests final : public Botan_Tests::PK_PQC_KEM_KAT_Test {
284	public:
285	Classic_McEliece_KAT_Tests() : PK_PQC_KEM_KAT_Test("ClassicMcEliece", "pubkey/cmce_kat_hashed.vec") {}	2✔
286
287	private:
288	Botan::Classic_McEliece_Parameters get_params(const std::string& header) const {	16✔
289	return Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::from_string(header));	16✔
290	}
291
292	bool is_available(const std::string& alg_name) const final { return !skip_cmce_test(alg_name); }	16✔
293
294	std::vector<uint8_t> map_value(const std::string& /params/,	64✔
295	std::span<const uint8_t> value,
296	VarType var_type) const final {
297	if(var_type == VarType::Ciphertext \|\| var_type == VarType::SharedSecret) {	64✔
298	return {value.begin(), value.end()};	32✔
299	}
300	auto hash = Botan::HashFunction::create_or_throw("SHAKE-256(512)");	32✔
301	return hash->process<std::vector<uint8_t>>(value);	32✔
302	}	32✔
303
304	Fixed_Output_RNG rng_for_keygen(const std::string& /params/, Botan::RandomNumberGenerator& rng) const final {	16✔
305	const auto seed = rng.random_vec(Botan::Classic_McEliece_Parameters::seed_len());	16✔
306	return Fixed_Output_RNG(seed);	16✔
307	}	16✔
308
309	Fixed_Output_RNG rng_for_encapsulation(const std::string& alg_name,	16✔
310	Botan::RandomNumberGenerator& rng) const final {
311	// There is no way to tell exactly how much randomness is
312	// needed for encapsulation (rejection sampling)
313	// For testing we use a number that fits for all test cases
314	auto params = get_params(alg_name);	16✔
315	const size_t max_attempts = 100;	16✔
316	const size_t bits_per_attempt = (params.sigma1() / 8) * params.tau();	16✔
317
318	std::vector<uint8_t> rand_buffer;	16✔
319	for(size_t attempt = 0; attempt < max_attempts; ++attempt) {	1,616✔
320	auto random_bytes = rng.random_vec(bits_per_attempt);	1,600✔
321	rand_buffer.insert(rand_buffer.end(), random_bytes.begin(), random_bytes.end());	1,600✔
322	}	1,600✔
323
324	return Fixed_Output_RNG(rand_buffer);	16✔
325	}	16✔
326
327	void inspect_rng_after_encaps(const std::string& /params/,	16✔
328	const Fixed_Output_RNG& /rng/,
329	Test::Result& /result/) const final {
330	// Encaps uses any number of random bytes, so we cannot check the RNG
331	}	16✔
332	};
333
334	BOTAN_REGISTER_TEST("cmce", "cmce_utility", CMCE_Utility_Tests);
335	BOTAN_REGISTER_TEST("cmce", "cmce_generic_keygen", CMCE_Generic_Keygen_Tests);
336	BOTAN_REGISTER_TEST("cmce", "cmce_generic_kat", Classic_McEliece_KAT_Tests);
337	#if defined(BOTAN_HAS_AES)
338	BOTAN_REGISTER_TEST("cmce", "cmce_invalid", CMCE_Invalid_Test);
339	#endif
340
341	} // namespace Botan_Tests
342
343	#endif // BOTAN_HAS_CLASSICMCELIECE

randombit / botan / 20579846577

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous