21747534840

Committed 06 Feb 2026 10:36AM UTC coverage: 91.639% (+1.6%) from 90.073%

Build # 21747534840

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #5284 from randombit/jack/rng-no-chrono

Avoid <chrono> in rng.h

Run Details

104013 of 113503 relevant lines covered (91.64%)

11308702.41 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

93.9

/src/tests/test_cmce.cpp

/*
* Tests for Classic McEliece
*
* (C) 2023 Jack Lloyd
*     2023,2024 Fabian Albert, Amos Treiber - Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "test_pubkey.h"
#include "test_pubkey_pqc.h"
#include "test_rng.h"
#include "tests.h"

#if defined(BOTAN_HAS_CLASSICMCELIECE)

   #include <botan/cmce.h>
   #include <botan/hash.h>
   #include <botan/pk_algs.h>
   #include <botan/pubkey.h>
   #include <botan/internal/cmce_gf.h>
   #include <botan/internal/cmce_parameters.h>
   #include <botan/internal/cmce_poly.h>
   #include <algorithm>

namespace Botan_Tests {

namespace {

Botan::Classic_McEliece_Polynomial create_element_from_bytes(std::span<const uint8_t> bytes,
                                                             const Botan::Classic_McEliece_Polynomial_Ring& ring) {
   BOTAN_ARG_CHECK(bytes.size() == ring.degree() * 2, "Correct input size");
   std::vector<uint16_t> coef(ring.degree());
   Botan::load_le<uint16_t>(coef.data(), bytes.data(), ring.degree());

   std::vector<Botan::Classic_McEliece_GF> coeff_vec_gf;
   coeff_vec_gf.reserve(coef.size());
   for(const auto& coeff : coef) {
      coeff_vec_gf.push_back(Botan::Classic_McEliece_GF(Botan::CmceGfElem(coeff), ring.poly_f()));
   }
   return Botan::Classic_McEliece_Polynomial(coeff_vec_gf);
}

std::vector<Botan::Classic_McEliece_Parameter_Set> get_test_instances_all() {
   return {// All instances
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864f,

           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_460896,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_460896f,

           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128f,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128pc,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128pcf,

           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119f,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pc,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pcf,

           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128f,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128pc,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128pcf};
}

std::vector<Botan::Classic_McEliece_Parameter_Set> get_test_instances_min() {
   return {// Testing with and without pc and f. Also testing 6960119 with m*t mod 8 != 0.
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864,
           Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pcf};
}

std::vector<Botan::Classic_McEliece_Parameter_Set> instances_to_test() {
   if(Test::run_long_tests()) {
      return get_test_instances_all();
   } else {
      return get_test_instances_min();
   }
}

bool skip_cmce_test(const std::string& params_str) {
   auto params = Botan::Classic_McEliece_Parameters::create(params_str);
   auto to_test = instances_to_test();
   return std::find(to_test.begin(), to_test.end(), params.parameter_set()) == to_test.end();
}
}  // namespace

class CMCE_Utility_Tests final : public Test {
   public:
      Test::Result expand_seed_test() {
         Test::Result result("Seed expansion");

         auto params =
            Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);

         // Created using the reference implementation
         auto seed = Botan::hex_decode_locked("0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20");

         auto exp_first_and_last_bytes = Botan::hex_decode(
            "543e2791fd98dbc1"    // first 8 bytes
            "d332a7c40776ca01");  // last 8 bytes

         const size_t byte_length =
            (params.n() + params.sigma2() * params.q() + params.sigma1() * params.t() + params.ell()) / 8;

         auto rand = params.prg(seed)->output_stdvec(byte_length);
         rand.erase(rand.begin() + 8, rand.end() - 8);

         result.test_is_eq("Seed expansion", rand, exp_first_and_last_bytes);

         return result;
      }

      Test::Result irreducible_poly_gen_test() {
         Test::Result result("Irreducible Polynomial Generation");

         auto params =
            Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);

         // Created using the reference implementation
         auto random_bits = Botan::CmceIrreducibleBits(Botan::hex_decode(
            "d9b8bb962a3f9dac0f832d243def581e7d26f4028de1ff9cd168460e5050ab095a32a372b40d720bd5d75389a6b3f08fa1d13cec60a4b716d4d6c240f2f80cd3"
            "cbc76ae0dddca164c1130da185bd04e890f2256fb9f4754864811e14ea5a43b8b3612d59cecde1b2fdb6362659a0193d2b7d4b9d79aa1801dde3ca90dc300773"));

         auto exp_g = Botan::Classic_McEliece_Minimal_Polynomial::from_bytes(
            Botan::hex_decode(
               "8d00a50f520a0307b8007c06cb04b9073b0f4a0f800fb706a60f2a05910a670b460375091209fc060a09ab036c09e5085a0df90d3506b404a30fda041d09970f"
               "1206d000e00aac01c00dc80f490cd80b4108330c0208cf00d602450ec00a21079806eb093f00de015f052905560917081b09270c820af002000c34094504cd03"),
            params.poly_f());

         auto g = params.poly_ring().compute_minimal_polynomial(random_bits);
         result.confirm("Minimize polynomial successful", g.has_value());
         result.test_is_eq("Minimize polynomial", g.value().coef(), exp_g.coef());

         return result;
      }

      Test::Result gf_inv_test() {
         Test::Result result("GF inv test");

         auto params =
            Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);

         auto v = params.gf(Botan::CmceGfElem(42));
         auto v_inv = v.inv();
         result.test_is_eq("Control bits creation", (v * v_inv).elem(), Botan::CmceGfElem(1));

         return result;
      }

      Test::Result gf_poly_mul_test() {
         Test::Result result("GF Poly Mul");

         auto params =
            Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);

         const auto& field = params.poly_ring();

         auto val1 = create_element_from_bytes(
            Botan::hex_decode(
               "bb02d40437094c0ae4034c00b10fed090a04850f660c3b0e110eb409810a86015b0f5804ca0e78089806e20b5b03aa0bc2020b05ea03710da902340c390f630b"
               "bc07a70db20b9e0ee4038905a00a09090a0521045e0a0706370b5a00050a4100480c4d0e8f00730692093701fe04650dbe0fd00702011a04910360023f04fb0a"),
            field);

         auto val2 = create_element_from_bytes(
            Botan::hex_decode(
               "060c630b170abb00020fef03e501020e89098108bf01f30dd30900000e0d3d0ca404ec01190760021f088c09b90b0a06a702d104500f0f02f00a580287010a09"
               "4e01490d270c73051800bc0af303b901b202b50321002802b903ce0ab40806083f0a2d06d002df0f260811005c02a10b300e5c0ba20d14045003c50f2f02de02"),
            field);

         auto exp_mul = create_element_from_bytes(
            Botan::hex_decode(
               "370d090b19008f0efb01f5011b04f9054b0d1f071d0457011e09cd0dfa093c004f08500e670abb0567090000f603770a3905bf044408b8025805930b25012201"
               "8d0a560e840d960d9d0a280d1d06fc08d5078c06fe0cb406d0061e02c6090507d20eb10cb90146085c042e030c0e1a07910fcd0c5f0fda066c0cee061d01f40f"),
            field);

         auto mul = field.multiply(val1, val2);  // val1 * val2;
         result.test_is_eq("GF multiplication", mul.coef(), exp_mul.coef());

         return result;
      }

      Test::Result rigged_rng_encryption_test() {
         // RNG that always returns zero bytes
         class All_Zero_RNG : public Botan::RandomNumberGenerator {
            public:
               void fill_bytes_with_input(std::span<uint8_t> output, std::span<const uint8_t> /* ignored */) override {
                  std::fill(output.begin(), output.end(), static_cast<uint8_t>(0));
               }

               std::string name() const override { return "All_Zero_RNG"; }

               bool accepts_input() const override { return false; }

               void clear() override {}

               bool is_seeded() const override { return true; }
         } rigged_rng;

         Test::Result result("No endless loop with rigged RNG");
         // Key creation should work even with a rigged RNG (PRNG is not used for key creation)
         auto private_key = Botan::create_private_key("ClassicMcEliece", rigged_rng, "348864f");
         if(!private_key) {
            result.test_failure("Key generation failed");
            return result;
         }
         auto enc = Botan::PK_KEM_Encryptor(*private_key, "Raw");
         result.test_throws("Many failed encryption attempts throws exception", [&] { enc.encrypt(rigged_rng); });

         return result;
      }

      std::vector<Test::Result> run() override {
         return {expand_seed_test(),
                 irreducible_poly_gen_test(),
                 gf_inv_test(),
                 gf_poly_mul_test(),
                 rigged_rng_encryption_test()};
      }
};

   #if defined(BOTAN_HAS_AES)
class CMCE_Invalid_Test : public Text_Based_Test {
   public:
      CMCE_Invalid_Test() :
            Text_Based_Test("pubkey/cmce_negative.vec", "seed,ct_invalid,ss_invalid", "ct_invalid_c1,ss_invalid_c1") {}

      Test::Result run_one_test(const std::string& params_str, const VarMap& vars) override {
         Test::Result result("CMCE Invalid Ciphertext Test");

         auto params = Botan::Classic_McEliece_Parameters::create(params_str);

         const auto kat_seed = Botan::lock(vars.get_req_bin("seed"));
         const auto ct_invalid = vars.get_req_bin("ct_invalid");
         const auto ref_ss_invalid = Botan::lock(vars.get_req_bin("ss_invalid"));

         const auto test_rng = std::make_unique<CTR_DRBG_AES256>(kat_seed);

         auto private_key = Botan::create_private_key("ClassicMcEliece", *test_rng, params_str);

         // Decaps an invalid ciphertext
         auto dec = Botan::PK_KEM_Decryptor(*private_key, *test_rng, "Raw");
         auto decaps_ct_invalid = dec.decrypt(ct_invalid);

         result.test_is_eq("Decaps an invalid encapsulated key", decaps_ct_invalid, ref_ss_invalid);

         if(params.is_pc()) {
            // For pc variants, additionally check the plaintext confirmation (pc) logic by
            // flipping a bit in the second part of the ciphertext (C_1 in pc). In this case
            // C_0 is decoded correctly, but pc will change the shared secret, since C_1' != C_1.
            const auto ct_invalid_c1 = vars.get_opt_bin("ct_invalid_c1");
            const auto ref_ss_invalid_c1 = Botan::lock(vars.get_opt_bin("ss_invalid_c1"));
            auto decaps_ct_invalid_c1 = dec.decrypt(ct_invalid_c1);

            result.test_is_eq("Decaps with invalid C_1 in pc", decaps_ct_invalid_c1, ref_ss_invalid_c1);
         }

         return result;
      }
};
   #endif  // BOTAN_HAS_AES

class CMCE_Generic_Keygen_Tests final : public PK_Key_Generation_Test {
   public:
      std::vector<std::string> keygen_params() const override {
         std::vector<std::string> res;
         for(const auto& param_set : get_test_instances_min()) {
            res.push_back(param_set.to_string());
         }
         return res;
      }

      std::unique_ptr<Botan::Public_Key> public_key_from_raw(std::string_view keygen_params,
                                                             std::string_view /*provider*/,
                                                             std::span<const uint8_t> raw_key_bits) const override {
         return std::make_unique<Botan::Classic_McEliece_PublicKey>(
            raw_key_bits, Botan::Classic_McEliece_Parameter_Set::from_string(keygen_params));
      }

      std::string algo_name() const override { return "ClassicMcEliece"; }
};

class Classic_McEliece_KAT_Tests final : public Botan_Tests::PK_PQC_KEM_KAT_Test {
   public:
      Classic_McEliece_KAT_Tests() : PK_PQC_KEM_KAT_Test("ClassicMcEliece", "pubkey/cmce_kat_hashed.vec") {}

   private:
      Botan::Classic_McEliece_Parameters get_params(const std::string& header) const {
         return Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::from_string(header));
      }

      bool is_available(const std::string& alg_name) const final { return !skip_cmce_test(alg_name); }

      std::vector<uint8_t> map_value(const std::string& /*params*/,
                                     std::span<const uint8_t> value,
                                     VarType var_type) const final {
         if(var_type == VarType::Ciphertext || var_type == VarType::SharedSecret) {
            return {value.begin(), value.end()};
         }
         auto hash = Botan::HashFunction::create_or_throw("SHAKE-256(512)");
         return hash->process<std::vector<uint8_t>>(value);
      }

      Fixed_Output_RNG rng_for_keygen(const std::string& /*params*/, Botan::RandomNumberGenerator& rng) const final {
         const auto seed = rng.random_vec(Botan::Classic_McEliece_Parameters::seed_len());
         return Fixed_Output_RNG(seed);
      }

      Fixed_Output_RNG rng_for_encapsulation(const std::string& alg_name,
                                             Botan::RandomNumberGenerator& rng) const final {
         // There is no way to tell exactly how much randomness is
         // needed for encapsulation (rejection sampling)
         // For testing we use a number that fits for all test cases
         auto params = get_params(alg_name);
         const size_t max_attempts = 100;
         const size_t bits_per_attempt = (params.sigma1() / 8) * params.tau();

         std::vector<uint8_t> rand_buffer;
         for(size_t attempt = 0; attempt < max_attempts; ++attempt) {
            auto random_bytes = rng.random_vec(bits_per_attempt);
            rand_buffer.insert(rand_buffer.end(), random_bytes.begin(), random_bytes.end());
         }

         return Fixed_Output_RNG(rand_buffer);
      }

      void inspect_rng_after_encaps(const std::string& /*params*/,
                                    const Fixed_Output_RNG& /*rng*/,
                                    Test::Result& /*result*/) const final {
         // Encaps uses any number of random bytes, so we cannot check the RNG
      }
};

BOTAN_REGISTER_TEST("cmce", "cmce_utility", CMCE_Utility_Tests);
BOTAN_REGISTER_TEST("cmce", "cmce_generic_keygen", CMCE_Generic_Keygen_Tests);
BOTAN_REGISTER_TEST("cmce", "cmce_generic_kat", Classic_McEliece_KAT_Tests);
   #if defined(BOTAN_HAS_AES)
BOTAN_REGISTER_TEST("cmce", "cmce_invalid", CMCE_Invalid_Test);
   #endif

}  // namespace Botan_Tests

#endif  // BOTAN_HAS_CLASSICMCELIECE

1	/*
2	* Tests for Classic McEliece
3	*
4	* (C) 2023 Jack Lloyd
5	* 2023,2024 Fabian Albert, Amos Treiber - Rohde & Schwarz Cybersecurity
6	*
7	* Botan is released under the Simplified BSD License (see license.txt)
8	*/
9
10	#include "test_pubkey.h"
11	#include "test_pubkey_pqc.h"
12	#include "test_rng.h"
13	#include "tests.h"
14
15	#if defined(BOTAN_HAS_CLASSICMCELIECE)
16
17	#include <botan/cmce.h>
18	#include <botan/hash.h>
19	#include <botan/pk_algs.h>
20	#include <botan/pubkey.h>
21	#include <botan/internal/cmce_gf.h>
22	#include <botan/internal/cmce_parameters.h>
23	#include <botan/internal/cmce_poly.h>
24	#include <algorithm>
25
26	namespace Botan_Tests {
27
28	namespace {
29
30	Botan::Classic_McEliece_Polynomial create_element_from_bytes(std::span<const uint8_t> bytes,	3✔
31	const Botan::Classic_McEliece_Polynomial_Ring& ring) {
32	BOTAN_ARG_CHECK(bytes.size() == ring.degree() * 2, "Correct input size");	3✔
33	std::vector<uint16_t> coef(ring.degree());	3✔
34	Botan::load_le<uint16_t>(coef.data(), bytes.data(), ring.degree());	3✔
35
36	std::vector<Botan::Classic_McEliece_GF> coeff_vec_gf;	3✔
37	coeff_vec_gf.reserve(coef.size());	3✔
38	for(const auto& coeff : coef) {	195✔
39	coeff_vec_gf.push_back(Botan::Classic_McEliece_GF(Botan::CmceGfElem(coeff), ring.poly_f()));	192✔
40	}
41	return Botan::Classic_McEliece_Polynomial(coeff_vec_gf);	3✔
42	}	6✔
43
44	std::vector<Botan::Classic_McEliece_Parameter_Set> get_test_instances_all() {	16✔
45	return {// All instances	16✔
46	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864,
47	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864f,
48
49	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_460896,
50	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_460896f,
51
52	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128,
53	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128f,
54	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128pc,
55	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128pcf,
56
57	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119,
58	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119f,
59	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pc,
60	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pcf,
61
62	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128,
63	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128f,
64	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128pc,
65	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128pcf};	16✔
66	}
67
68	std::vector<Botan::Classic_McEliece_Parameter_Set> get_test_instances_min() {	1✔
69	return {// Testing with and without pc and f. Also testing 6960119 with m*t mod 8 != 0.	1✔
70	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864,
71	Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pcf};	×
72	}
73
74	std::vector<Botan::Classic_McEliece_Parameter_Set> instances_to_test() {	16✔
75	if(Test::run_long_tests()) {	16✔
76	return get_test_instances_all();	16✔
77	} else {
78	return get_test_instances_min();	×
79	}
80	}
81
82	bool skip_cmce_test(const std::string& params_str) {	16✔
83	auto params = Botan::Classic_McEliece_Parameters::create(params_str);	16✔
84	auto to_test = instances_to_test();	16✔
85	return std::find(to_test.begin(), to_test.end(), params.parameter_set()) == to_test.end();	16✔
86	}	16✔
87	} // namespace
88
89	class CMCE_Utility_Tests final : public Test {	1✔
90	public:
91	Test::Result expand_seed_test() {	1✔
92	Test::Result result("Seed expansion");	1✔
93
94	auto params =	1✔
95	Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);	1✔
96
97	// Created using the reference implementation
98	auto seed = Botan::hex_decode_locked("0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20");	1✔
99
100	auto exp_first_and_last_bytes = Botan::hex_decode(	1✔
101	"543e2791fd98dbc1" // first 8 bytes
102	"d332a7c40776ca01"); // last 8 bytes	1✔
103
104	const size_t byte_length =	1✔
105	(params.n() + params.sigma2() * params.q() + params.sigma1() * params.t() + params.ell()) / 8;	2✔
106
107	auto rand = params.prg(seed)->output_stdvec(byte_length);	1✔
108	rand.erase(rand.begin() + 8, rand.end() - 8);	1✔
109
110	result.test_is_eq("Seed expansion", rand, exp_first_and_last_bytes);	1✔
111
112	return result;	1✔
113	}	3✔
114
115	Test::Result irreducible_poly_gen_test() {	1✔
116	Test::Result result("Irreducible Polynomial Generation");	1✔
117
118	auto params =	1✔
119	Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);	1✔
120
121	// Created using the reference implementation
122	auto random_bits = Botan::CmceIrreducibleBits(Botan::hex_decode(	1✔
123	"d9b8bb962a3f9dac0f832d243def581e7d26f4028de1ff9cd168460e5050ab095a32a372b40d720bd5d75389a6b3f08fa1d13cec60a4b716d4d6c240f2f80cd3"
124	"cbc76ae0dddca164c1130da185bd04e890f2256fb9f4754864811e14ea5a43b8b3612d59cecde1b2fdb6362659a0193d2b7d4b9d79aa1801dde3ca90dc300773"));	1✔
125
126	auto exp_g = Botan::Classic_McEliece_Minimal_Polynomial::from_bytes(	1✔
127	Botan::hex_decode(	1✔
128	"8d00a50f520a0307b8007c06cb04b9073b0f4a0f800fb706a60f2a05910a670b460375091209fc060a09ab036c09e5085a0df90d3506b404a30fda041d09970f"
129	"1206d000e00aac01c00dc80f490cd80b4108330c0208cf00d602450ec00a21079806eb093f00de015f052905560917081b09270c820af002000c34094504cd03"),
130	params.poly_f());	1✔
131
132	auto g = params.poly_ring().compute_minimal_polynomial(random_bits);	1✔
133	result.confirm("Minimize polynomial successful", g.has_value());	2✔
134	result.test_is_eq("Minimize polynomial", g.value().coef(), exp_g.coef());	1✔
135
136	return result;	1✔
137	}	2✔
138
139	Test::Result gf_inv_test() {	1✔
140	Test::Result result("GF inv test");	1✔
141
142	auto params =	1✔
143	Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);	1✔
144
145	auto v = params.gf(Botan::CmceGfElem(42));	1✔
146	auto v_inv = v.inv();	1✔
147	result.test_is_eq("Control bits creation", (v * v_inv).elem(), Botan::CmceGfElem(1));	1✔
148
149	return result;	1✔
150	}	1✔
151
152	Test::Result gf_poly_mul_test() {	1✔
153	Test::Result result("GF Poly Mul");	1✔
154
155	auto params =	1✔
156	Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864);	1✔
157
158	const auto& field = params.poly_ring();	1✔
159
160	auto val1 = create_element_from_bytes(	1✔
161	Botan::hex_decode(	1✔
162	"bb02d40437094c0ae4034c00b10fed090a04850f660c3b0e110eb409810a86015b0f5804ca0e78089806e20b5b03aa0bc2020b05ea03710da902340c390f630b"
163	"bc07a70db20b9e0ee4038905a00a09090a0521045e0a0706370b5a00050a4100480c4d0e8f00730692093701fe04650dbe0fd00702011a04910360023f04fb0a"),
164	field);	1✔
165
166	auto val2 = create_element_from_bytes(	1✔
167	Botan::hex_decode(	1✔
168	"060c630b170abb00020fef03e501020e89098108bf01f30dd30900000e0d3d0ca404ec01190760021f088c09b90b0a06a702d104500f0f02f00a580287010a09"
169	"4e01490d270c73051800bc0af303b901b202b50321002802b903ce0ab40806083f0a2d06d002df0f260811005c02a10b300e5c0ba20d14045003c50f2f02de02"),
170	field);	1✔
171
172	auto exp_mul = create_element_from_bytes(	1✔
173	Botan::hex_decode(	1✔
174	"370d090b19008f0efb01f5011b04f9054b0d1f071d0457011e09cd0dfa093c004f08500e670abb0567090000f603770a3905bf044408b8025805930b25012201"
175	"8d0a560e840d960d9d0a280d1d06fc08d5078c06fe0cb406d0061e02c6090507d20eb10cb90146085c042e030c0e1a07910fcd0c5f0fda066c0cee061d01f40f"),
176	field);	1✔
177
178	auto mul = field.multiply(val1, val2); // val1 * val2;	1✔
179	result.test_is_eq("GF multiplication", mul.coef(), exp_mul.coef());	1✔
180
181	return result;	1✔
182	}	1✔
183
184	Test::Result rigged_rng_encryption_test() {	1✔
185	// RNG that always returns zero bytes
186	class All_Zero_RNG : public Botan::RandomNumberGenerator {	2✔
187	public:
188	void fill_bytes_with_input(std::span<uint8_t> output, std::span<const uint8_t> /* ignored */) override {	648✔
189	std::fill(output.begin(), output.end(), static_cast<uint8_t>(0));	648✔
190	}	648✔
191
192	std::string name() const override { return "All_Zero_RNG"; }	×
193
194	bool accepts_input() const override { return false; }	×
195
196	void clear() override {}	×
197
198	bool is_seeded() const override { return true; }	×
199	} rigged_rng;	1✔
200
201	Test::Result result("No endless loop with rigged RNG");	1✔
202	// Key creation should work even with a rigged RNG (PRNG is not used for key creation)
203	auto private_key = Botan::create_private_key("ClassicMcEliece", rigged_rng, "348864f");	1✔
204	if(!private_key) {	1✔
205	result.test_failure("Key generation failed");	×
206	return result;	×
207	}
208	auto enc = Botan::PK_KEM_Encryptor(*private_key, "Raw");	1✔
209	result.test_throws("Many failed encryption attempts throws exception", [&] { enc.encrypt(rigged_rng); });	3✔
210
211	return result;	1✔
212	}	2✔
213
214	std::vector<Test::Result> run() override {	1✔
215	return {expand_seed_test(),	1✔
216	irreducible_poly_gen_test(),
217	gf_inv_test(),
218	gf_poly_mul_test(),
219	rigged_rng_encryption_test()};	6✔
220	}	1✔
221	};
222
223	#if defined(BOTAN_HAS_AES)
224	class CMCE_Invalid_Test : public Text_Based_Test {
225	public:
226	CMCE_Invalid_Test() :	1✔
227	Text_Based_Test("pubkey/cmce_negative.vec", "seed,ct_invalid,ss_invalid", "ct_invalid_c1,ss_invalid_c1") {}	2✔
228
229	Test::Result run_one_test(const std::string& params_str, const VarMap& vars) override {	2✔
230	Test::Result result("CMCE Invalid Ciphertext Test");	2✔
231
232	auto params = Botan::Classic_McEliece_Parameters::create(params_str);	2✔
233
234	const auto kat_seed = Botan::lock(vars.get_req_bin("seed"));	6✔
235	const auto ct_invalid = vars.get_req_bin("ct_invalid");	2✔
236	const auto ref_ss_invalid = Botan::lock(vars.get_req_bin("ss_invalid"));	6✔
237
238	const auto test_rng = std::make_unique<CTR_DRBG_AES256>(kat_seed);	2✔
239
240	auto private_key = Botan::create_private_key("ClassicMcEliece", *test_rng, params_str);	2✔
241
242	// Decaps an invalid ciphertext
243	auto dec = Botan::PK_KEM_Decryptor(private_key, test_rng, "Raw");	2✔
244	auto decaps_ct_invalid = dec.decrypt(ct_invalid);	2✔
245
246	result.test_is_eq("Decaps an invalid encapsulated key", decaps_ct_invalid, ref_ss_invalid);	2✔
247
248	if(params.is_pc()) {	2✔
249	// For pc variants, additionally check the plaintext confirmation (pc) logic by
250	// flipping a bit in the second part of the ciphertext (C_1 in pc). In this case
251	// C_0 is decoded correctly, but pc will change the shared secret, since C_1' != C_1.
252	const auto ct_invalid_c1 = vars.get_opt_bin("ct_invalid_c1");	1✔
253	const auto ref_ss_invalid_c1 = Botan::lock(vars.get_opt_bin("ss_invalid_c1"));	3✔
254	auto decaps_ct_invalid_c1 = dec.decrypt(ct_invalid_c1);	1✔
255
256	result.test_is_eq("Decaps with invalid C_1 in pc", decaps_ct_invalid_c1, ref_ss_invalid_c1);	2✔
257	}	3✔
258
259	return result;	2✔
260	}	12✔
261	};
262	#endif // BOTAN_HAS_AES
263
264	class CMCE_Generic_Keygen_Tests final : public PK_Key_Generation_Test {	1✔
265	public:
266	std::vector<std::string> keygen_params() const override {	1✔
267	std::vector<std::string> res;	1✔
268	for(const auto& param_set : get_test_instances_min()) {	3✔
269	res.push_back(param_set.to_string());	4✔
270	}	×
271	return res;	1✔
272	}	×
273
274	std::unique_ptr<Botan::Public_Key> public_key_from_raw(std::string_view keygen_params,	2✔
275	std::string_view /provider/,
276	std::span<const uint8_t> raw_key_bits) const override {
277	return std::make_unique<Botan::Classic_McEliece_PublicKey>(	2✔
278	raw_key_bits, Botan::Classic_McEliece_Parameter_Set::from_string(keygen_params));	2✔
279	}
280
281	std::string algo_name() const override { return "ClassicMcEliece"; }	2✔
282	};
283
284	class Classic_McEliece_KAT_Tests final : public Botan_Tests::PK_PQC_KEM_KAT_Test {
285	public:
286	Classic_McEliece_KAT_Tests() : PK_PQC_KEM_KAT_Test("ClassicMcEliece", "pubkey/cmce_kat_hashed.vec") {}	2✔
287
288	private:
289	Botan::Classic_McEliece_Parameters get_params(const std::string& header) const {	16✔
290	return Botan::Classic_McEliece_Parameters::create(Botan::Classic_McEliece_Parameter_Set::from_string(header));	16✔
291	}
292
293	bool is_available(const std::string& alg_name) const final { return !skip_cmce_test(alg_name); }	16✔
294
295	std::vector<uint8_t> map_value(const std::string& /params/,	64✔
296	std::span<const uint8_t> value,
297	VarType var_type) const final {
298	if(var_type == VarType::Ciphertext \|\| var_type == VarType::SharedSecret) {	64✔
299	return {value.begin(), value.end()};	32✔
300	}
301	auto hash = Botan::HashFunction::create_or_throw("SHAKE-256(512)");	32✔
302	return hash->process<std::vector<uint8_t>>(value);	32✔
303	}	32✔
304
305	Fixed_Output_RNG rng_for_keygen(const std::string& /params/, Botan::RandomNumberGenerator& rng) const final {	16✔
306	const auto seed = rng.random_vec(Botan::Classic_McEliece_Parameters::seed_len());	16✔
307	return Fixed_Output_RNG(seed);	16✔
308	}	16✔
309
310	Fixed_Output_RNG rng_for_encapsulation(const std::string& alg_name,	16✔
311	Botan::RandomNumberGenerator& rng) const final {
312	// There is no way to tell exactly how much randomness is
313	// needed for encapsulation (rejection sampling)
314	// For testing we use a number that fits for all test cases
315	auto params = get_params(alg_name);	16✔
316	const size_t max_attempts = 100;	16✔
317	const size_t bits_per_attempt = (params.sigma1() / 8) * params.tau();	16✔
318
319	std::vector<uint8_t> rand_buffer;	16✔
320	for(size_t attempt = 0; attempt < max_attempts; ++attempt) {	1,616✔
321	auto random_bytes = rng.random_vec(bits_per_attempt);	1,600✔
322	rand_buffer.insert(rand_buffer.end(), random_bytes.begin(), random_bytes.end());	1,600✔
323	}	1,600✔
324
325	return Fixed_Output_RNG(rand_buffer);	16✔
326	}	16✔
327
328	void inspect_rng_after_encaps(const std::string& /params/,	16✔
329	const Fixed_Output_RNG& /rng/,
330	Test::Result& /result/) const final {
331	// Encaps uses any number of random bytes, so we cannot check the RNG
332	}	16✔
333	};
334
335	BOTAN_REGISTER_TEST("cmce", "cmce_utility", CMCE_Utility_Tests);
336	BOTAN_REGISTER_TEST("cmce", "cmce_generic_keygen", CMCE_Generic_Keygen_Tests);
337	BOTAN_REGISTER_TEST("cmce", "cmce_generic_kat", Classic_McEliece_KAT_Tests);
338	#if defined(BOTAN_HAS_AES)
339	BOTAN_REGISTER_TEST("cmce", "cmce_invalid", CMCE_Invalid_Test);
340	#endif
341
342	} // namespace Botan_Tests
343
344	#endif // BOTAN_HAS_CLASSICMCELIECE

randombit / botan / 21747534840

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous