27524818275

Committed 14 Jun 2026 07:17PM UTC coverage: 89.427%. Remained the same

Build # 27524818275

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #5666 from randombit/jack/hss-l-zero

When decoding an HSS public key reject L = 0

Coverage Stats

111203 of 124350 relevant lines covered (89.43%)

11130709.1 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

91.67

/src/tests/test_siv.cpp

/*
* (C) 2017,2026 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "tests.h"

#if defined(BOTAN_HAS_AEAD_SIV)
   #include <botan/aead.h>
   #include <botan/hex.h>
   #include <botan/rng.h>
   #include <botan/internal/parsing.h>
#endif

namespace Botan_Tests {

namespace {

#if defined(BOTAN_HAS_AEAD_SIV)

class SIV_Tests final : public Text_Based_Test {
   public:
      SIV_Tests() : Text_Based_Test("siv_ad.vec", "Key,In,ADs,Out", "Nonce") {}

      Test::Result run_one_test(const std::string& algo, const VarMap& vars) override {
         const std::vector<uint8_t> key = vars.get_req_bin("Key");
         const std::vector<uint8_t> nonce = vars.get_opt_bin("Nonce");
         const std::vector<uint8_t> input = vars.get_req_bin("In");
         const std::vector<uint8_t> expected = vars.get_req_bin("Out");
         const std::vector<std::string> ad_list = Botan::split_on(vars.get_req_str("ADs"), ',');

         const std::string siv_name = algo + "/SIV";

         Test::Result result(siv_name);

         auto siv = Botan::AEAD_Mode::create(siv_name, Botan::Cipher_Dir::Encryption);

         if(!siv) {
            result.test_note("Skipping test due to missing cipher");
            return result;
         }

         siv->set_key(key);

         for(size_t i = 0; i != ad_list.size(); ++i) {
            std::vector<uint8_t> ad = Botan::hex_decode(ad_list[i]);
            siv->set_associated_data_n(i, ad);
         }

         Botan::secure_vector<uint8_t> buf(input.begin(), input.end());
         siv->start(nonce);
         siv->finish(buf, 0);

         result.test_bin_eq("SIV ciphertext", buf, expected);

         return result;
      }
};

BOTAN_REGISTER_TEST("modes", "siv_ad", SIV_Tests);

class SIV_Noncontiguous_AD_Tests final : public Test {
   public:
      std::vector<Test::Result> run() override {
         Test::Result result("SIV non-contiguous AD");

         auto gapped = Botan::AEAD_Mode::create("AES-128/SIV", Botan::Cipher_Dir::Encryption);
         if(!gapped) {
            result.test_note("Skipping test due to missing cipher");
            return {result};
         }
         auto enc = Botan::AEAD_Mode::create("AES-128/SIV", Botan::Cipher_Dir::Encryption);

         const auto key = rng().random_vec(16 * 2);
         const auto ad0 = rng().random_vec(32);
         const auto ad2 = rng().random_vec(48);
         const auto input = rng().random_vec(10);

         gapped->set_key(key);
         enc->set_key(key);

         // gapped: indices 0 and 2 set, index 1 skipped
         gapped->set_associated_data_n(0, ad0);
         gapped->set_associated_data_n(2, ad2);

         Botan::secure_vector<uint8_t> buf_gapped = input;
         gapped->start();
         gapped->finish(buf_gapped, 0);

         // enc: index 1 set to a zero-length AD
         enc->set_associated_data_n(0, ad0);
         enc->set_associated_data_n(1, {});
         enc->set_associated_data_n(2, ad2);

         Botan::secure_vector<uint8_t> buf_explicit = input;
         enc->start();
         enc->finish(buf_explicit, 0);

         result.test_bin_eq("SIV AD gap is equivalent to an explicit empty AD", buf_gapped, buf_explicit);

         // Decryption must similarly handle an AAD gap
         auto dec = Botan::AEAD_Mode::create("AES-128/SIV", Botan::Cipher_Dir::Decryption);
         dec->set_key(key);
         dec->set_associated_data_n(0, ad0);
         dec->set_associated_data_n(2, ad2);
         dec->start();
         dec->finish(buf_gapped, 0);
         result.test_bin_eq("gapped AD round-trips", buf_gapped, input);

         return {result};
      }
};

BOTAN_REGISTER_TEST("modes", "siv_noncontiguous_ad", SIV_Noncontiguous_AD_Tests);

#endif

}  // namespace

}  // namespace Botan_Tests

1	/*
2	* (C) 2017,2026 Jack Lloyd
3	*
4	* Botan is released under the Simplified BSD License (see license.txt)
5	*/
6
7	#include "tests.h"
8
9	#if defined(BOTAN_HAS_AEAD_SIV)
10	#include <botan/aead.h>
11	#include <botan/hex.h>
12	#include <botan/rng.h>
13	#include <botan/internal/parsing.h>
14	#endif
15
16	namespace Botan_Tests {
17
18	namespace {
19
20	#if defined(BOTAN_HAS_AEAD_SIV)
21
22	class SIV_Tests final : public Text_Based_Test {	×
23	public:
24	SIV_Tests() : Text_Based_Test("siv_ad.vec", "Key,In,ADs,Out", "Nonce") {}	2✔
25
26	Test::Result run_one_test(const std::string& algo, const VarMap& vars) override {	5✔
27	const std::vector<uint8_t> key = vars.get_req_bin("Key");	5✔
28	const std::vector<uint8_t> nonce = vars.get_opt_bin("Nonce");	5✔
29	const std::vector<uint8_t> input = vars.get_req_bin("In");	5✔
30	const std::vector<uint8_t> expected = vars.get_req_bin("Out");	5✔
31	const std::vector<std::string> ad_list = Botan::split_on(vars.get_req_str("ADs"), ',');	5✔
32
33	const std::string siv_name = algo + "/SIV";	5✔
34
35	Test::Result result(siv_name);	5✔
36
37	auto siv = Botan::AEAD_Mode::create(siv_name, Botan::Cipher_Dir::Encryption);	5✔
38
39	if(!siv) {	5✔
40	result.test_note("Skipping test due to missing cipher");	×
41	return result;	×
42	}
43
44	siv->set_key(key);	5✔
45
46	for(size_t i = 0; i != ad_list.size(); ++i) {	21✔
47	std::vector<uint8_t> ad = Botan::hex_decode(ad_list[i]);	16✔
48	siv->set_associated_data_n(i, ad);	16✔
49	}	16✔
50
51	Botan::secure_vector<uint8_t> buf(input.begin(), input.end());	5✔
52	siv->start(nonce);	5✔
53	siv->finish(buf, 0);	5✔
54
55	result.test_bin_eq("SIV ciphertext", buf, expected);	5✔
56
57	return result;	5✔
58	}	25✔
59	};
60
61	BOTAN_REGISTER_TEST("modes", "siv_ad", SIV_Tests);
62
63	class SIV_Noncontiguous_AD_Tests final : public Test {	1✔
64	public:
65	std::vector<Test::Result> run() override {	1✔
66	Test::Result result("SIV non-contiguous AD");	1✔
67
68	auto gapped = Botan::AEAD_Mode::create("AES-128/SIV", Botan::Cipher_Dir::Encryption);	1✔
69	if(!gapped) {	1✔
70	result.test_note("Skipping test due to missing cipher");	×
71	return {result};	×
72	}
73	auto enc = Botan::AEAD_Mode::create("AES-128/SIV", Botan::Cipher_Dir::Encryption);	1✔
74
75	const auto key = rng().random_vec(16 * 2);	1✔
76	const auto ad0 = rng().random_vec(32);	1✔
77	const auto ad2 = rng().random_vec(48);	1✔
78	const auto input = rng().random_vec(10);	1✔
79
80	gapped->set_key(key);	1✔
81	enc->set_key(key);	1✔
82
83	// gapped: indices 0 and 2 set, index 1 skipped
84	gapped->set_associated_data_n(0, ad0);	1✔
85	gapped->set_associated_data_n(2, ad2);	1✔
86
87	Botan::secure_vector<uint8_t> buf_gapped = input;	1✔
88	gapped->start();	1✔
89	gapped->finish(buf_gapped, 0);	1✔
90
91	// enc: index 1 set to a zero-length AD
92	enc->set_associated_data_n(0, ad0);	1✔
93	enc->set_associated_data_n(1, {});	1✔
94	enc->set_associated_data_n(2, ad2);	1✔
95
96	Botan::secure_vector<uint8_t> buf_explicit = input;	1✔
97	enc->start();	1✔
98	enc->finish(buf_explicit, 0);	1✔
99
100	result.test_bin_eq("SIV AD gap is equivalent to an explicit empty AD", buf_gapped, buf_explicit);	1✔
101
102	// Decryption must similarly handle an AAD gap
103	auto dec = Botan::AEAD_Mode::create("AES-128/SIV", Botan::Cipher_Dir::Decryption);	1✔
104	dec->set_key(key);	1✔
105	dec->set_associated_data_n(0, ad0);	1✔
106	dec->set_associated_data_n(2, ad2);	1✔
107	dec->start();	1✔
108	dec->finish(buf_gapped, 0);	1✔
109	result.test_bin_eq("gapped AD round-trips", buf_gapped, input);	1✔
110
111	return {result};	2✔
112	}	10✔
113	};
114
115	BOTAN_REGISTER_TEST("modes", "siv_noncontiguous_ad", SIV_Noncontiguous_AD_Tests);
116
117	#endif
118
119	} // namespace
120
121	} // namespace Botan_Tests

randombit / botan / 27524818275

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous