Security Functions

Roadmap Summary of Full Test Plan


v0.0.5 added FFI, Interop (deferred), pending fuzzing

v0.0.4 added aes_gcm

v0.0.3 8 additional test

v0.0.2 12 of 32 implemented and passed

v0.0.1 3 functinal tests


Here is the Full Test Plan, re-ordered into a logical progression for implementation, from foundational robustness to advanced integration.

Enhanced Test Plan for pqc-combo Crate (Implementation Order)

Lean • Comprehensive • Production-Ready

| Category | Tests |

| 1. Input Length | 3 |

| 2. Malformed Inputs | 5 |

| 3. Mismatched Keys | 3 |

| 4. API Misuse | 2 |

| 5. KATs | 2 |

| 6. Security | 2 |

| 7. Lifecycle | 3 |

| 8. Feature Flags | 5 |

| 9. Concurrency | 1 |

| 10. Fuzzing | 3 |

| 11. FFI | 3 |

| 12. Interop | 2 |

| 13. Performance | 0 (benchmarks) |

| Total | 32 unit tests |


Category 1: Input Length Variation Tests

Goal: Ensure correct behavior across message sizes (zero, small, large).

Test

Description

test_sign_verify_empty_message

Sign and verify &[]. Expect success.

test_sign_verify_single_byte_message

Sign and verify &[0x01]. Expect success.

test_sign_verify_large_message

Sign and verify 10MB test data. Expect success.

— distinct code paths.


Category 2: Malformed and Edge-Case Input Tests

Goal: Graceful failure on invalid, truncated, or corrupted inputs.

Test

Description

test_verify_tampered_signature

Bit-flip valid signature → expect false or PQC_Error.

test_verify_truncated_signature

Use first half of valid signature → expect PQC_Error::InvalidInput.

test_decapsulate_tampered_ciphertext

Bit-flip valid ciphertext → expect error.

test_decapsulate_truncated_ciphertext

Use first half of ciphertext → expect error.

test_invalid_key_length

Load key from too-short/long byte slice → expect error.


Category 3: Mismatched Key/Data Tests

Goal: Detect misuse of valid but incorrect keys/messages.

Test

Description

test_verify_with_wrong_public_key

Sign with A, verify with B → fails.

test_verify_with_wrong_message

Sign msg A, verify msg B → fails.

test_decapsulate_with_wrong_secret_key

Encap to A, decap with B → error.


Category 4: API and Logic Misuse Tests

Goal: Prevent cross-algorithm or role confusion.

Test

Description

test_key_reuse_across_algorithms

Use Kyber key in Dilithium op (and vice versa) → compile-time or runtime error.

test_public_key_as_secret_key

Call sign/decapsulate with public key → error.

Use trybuild for compile-fail tests when types are distinct.


Category 5: Known-Answer Tests (KATs)

Goal: Verify against NIST official vectors.

Test

Description

test_known_answer_kem

Hard-coded Kyber seed → pk/sk → ciphertext → shared secret.

test_known_answer_signature

Hard-coded Dilithium pk/msg/sig → verify succeeds.

— non-negotiable correctness.


Category 6: Security and Side-Channel Tests

Goal: Verify critical security properties.

Test

Description

test_deterministic_signatures

Sign same message twice → identical signatures (Dilithium only).

test_zeroization_on_drop_secret_key

Drop secret key → memory zeroed (unsafe pointer check).


Category 7: State and Lifecycle Tests

Goal: Ensure serialization, regeneration, and error consistency.

Test

Description

test_keypair_serialization_deserialization

Serialize → deserialize → round-trip crypto op.

test_keypair_regeneration_consistency

Same seed → identical keypairs.

test_decapsulate_failure_consistency

All failures return PQC_Error::DecapsulationFailure.


Category 8: Feature Flag Verification

Goal: Confirm feature-gated code compiles and works.

Test

Description

test_no_std_no_alloc_default_success

Stack-based round-trip works.

test_cortex_m_compile_success

Parameterized: M4 & M7 → compile + KEM/sign round-trip.

test_cortex_m4_zeroization_on_drop

Secret key memory zeroed on drop.

test_std_feature_enables_heap

Heap functions work under alloc.

test_alloc_compile_fail_without_feature

compile_fail: heap use without alloc → fails to compile.


Category 9: Concurrency and Multithreading Tests

Goal: Thread-safety in keygen and operations.

Test

Description

test_concurrent_operations

Parameterized:

• 100 threads × keygen

• sign/verify (shared pk, isolated sk)

• decap (shared sk, valid cts)


Category 10: Fuzzing Harness Integrity

Goal: Validate fuzz targets are robust.

Test

Description

test_fuzz_harness_compilation_and_config

All targets compile under feature combos.

test_fuzz_harness_panic_safety

Inject panic input → harness catches, doesn’t crash.

test_fuzz_coverage_check

Synthetic input → coverage hits core functions.

meta-testing is essential.


Category 11: Foreign Function Interface (FFI) Testing

Goal: C API safety and correctness.

Test

Description

test_ffi_key_generation_null_pointers

NULL output ptr → returns PQC_ERROR_NULL_POINTER.

test_ffi_sign_verify_roundtrip

Full C round-trip: gen → sign → verify.

test_ffi_memory_cleanup

Alloc + free → no leaks (Valgrind).


Category 12: Interoperability and Cross-Implementation Testing

Goal: Confirm standard-compliant encoding.

Test

Description

test_cross_implementation_kem_decap

Encap with external pk → decap with external sk → match.

test_cross_implementation_signature_verify

Verify external sig with external pk → succeeds.


Category 13: Performance and Regression Testing

Goal: Prevent performance regressions.

No unit tests. Baselines stored in CI.

Benchmark

Target

bench_kem_encapsulate

ops/sec

bench_kem_decapsulate

ops/sec

bench_sign

ops/sec

bench_verify

ops/sec

bench_memory_allocation

alloc count/size (with alloc)

Final Test Suite Summary (Re-ordered)

| Category | Tests |

| 1. Input Length | 3 |

| 2. Malformed Inputs | 5 |

| 3. Mismatched Keys | 3 |

| 4. API Misuse | 2 |

| 5. KATs | 2 |

| 6. Security | 2 |

| 7. Lifecycle | 3 |

| 8. Feature Flags | 5 |

| 9. Concurrency | 1 |

| 10. Fuzzing | 3 |

| 11. FFI | 3 |

| 12. Interop | 2 |

| 13. Performance | 0 (benchmarks) |

| Total | 32 unit tests |

Additional Recommendations

Integrated into the plan and infrastructure

Area

Tool / Practice

Implementation

Constant-Time

cargo const, dylint, ctgrind

Add to CI:


cargo const check --workspace


ctgrind in nightly pipeline

Zeroization

zeroize + test_zeroization_on_drop

Enforce SecretKey: Zeroize


Run test under valgrind --leak-check=full

Compile-Fail Tests

trybuild

Add tests/compile_fail/


Example: kyber_key_in_dilithium.rs → fails

Fuzzing

cargo fuzz + differential testing

Targets: fuzz_dilithium_verify, fuzz_kyber_decap


Diff vs liboqs, pqcrypto

Benchmarks

criterion + baseline tracking

Store baselines in target/criterion/


CI fails if >5% regression

Memory Safety

miri, valgrind

Run nightly: cargo miri test


valgrind for FFI + zeroization

Coverage

tarpaulin or grcov

Require >95% line coverage on core crypto

Recommended tests/ Directory Layout

Plaintext

tests/

├── unit/

│ ├── input_length.rs

│ ├── malformed.rs

│ ├── mismatch.rs

│ ├── lifecycle.rs

│ ├── concurrency.rs

│ └── security.rs

├── compile_fail/

│ ├── kyber_key_in_dilithium.rs

│ └── public_key_as_secret.rs

├── ffi/

│ └── c_api_roundtrip.c

├── fuzz/

│ └── (cargo fuzz targets)

└── interop/

├── external_kyber_vectors.rs

└── external_dilithium_vectors.rs

CI Workflow Snippet (GitHub Actions)

YAML

name: CI


on: [push, pull_request]


jobs:

  test:

    runs-on: ubuntu-latest

    steps:

      - uses: actions/checkout@v4

      - uses: actions-rust-lang/setup-rust-toolchain@v1

        with:

          components: clippy, rustfmt, miri

      - run: cargo test --all-features

      - run: cargo test --no-default-features

      - run: cargo miri test

      - run: cargo const check

      - run: cargo fuzz run fuzz_kyber_decap -- -runs=10000

      - run: cargo bench -- --baseline=save

      - run: cargo tarpaulin --fail-under=95