test: exercise SPHINCS+ OID round-trip for -simple variants#2345
Open
major wants to merge 1 commit into
Open
Conversation
The OID encode/decode round-trip in SphincsPlusTest was skipped for -simple hash-mode variants behind a stale FIXME guard. OID mappings for these variants were already wired correctly in commit 729a3aa (interop updates for SPHINCS+, Nov 2023), aligning with FIPS 205 SLH-DSA finalizing on the simple hashing mode, so the guard was never needed after that change. - remove the stale FIXME/guard so the round-trip runs for all variants - add parameter-identity assertions so decode(encode(params)) is verified to return the exact same parameter set, not just matching raw key bytes - apply the same fix to the jdk1.3 mirror of this test Verified locally: all 9 SphincsPlusTest cases pass, including every -simple, -robust, and haraka variant. Investigation and fix drafted with AI assistance (Claude); reviewed and verified by the author before submission. Signed-off-by: Major Hayden <major@redhat.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This removes a stale
FIXMEinSphincsPlusTestthat was skipping the SubjectPublicKeyInfo/PrivateKeyInfo (OID) encode/decode round-trip for SPHINCS+ "-simple" hash-mode variants.Why the FIXME was stale:
sphincsPlusOids/sphincsPlusParamsinpqc/crypto/util/Utils.javaalready have correct forward and reverse OID mappings for all "-simple" variants (haraka has dedicated_simple-suffixed constants; sha2/shake reuse the unsuffixed constant, which now maps to the final SLH-DSA standard OID rather than the round-3-draft one). This was wired up in729a3aa83("interop updates for SPHINCS+", Nov 2023), which aligned BC's naming with FIPS 205 finalizing on the "simple" hashing mode and dropping "robust". The test guard just never got removed after that change landed.What changed:
// FIXME No OIDs for simple variants of SPHINCS+comment and theif (name.indexOf("-simple") < 0)guard, so the OID round-trip now runs unconditionally for every variant.assertTrue(... parameters == pubParams.getParameters())/ same for private key, so the test verifiesdecode(encode(params))returns the exact same parameter-set instance, not just that raw key bytes happen to match afterward.jdk1.3mirror of this test.Verification: ran
SphincsPlusTestlocally (viajunit.textui.TestRunner, since the gradle module restricts--teststoAllTest*), all 9 cases pass, including every-simple,-robust, and haraka variant now exercising the full ASN.1 round-trip plus the new parameter-identity checks.Investigation and fix drafted with AI assistance (Claude); I reviewed the git history, verified the OID mapping tables, and ran the tests myself before submitting.