Testing and Validation
Cypheron Core implements comprehensive testing across multiple validation layers to ensure NIST compliance, cryptographic correctness, and security properties.
For complete technical details, see Architecture Documentation.
Testing Categories
1. Known Answer Tests (KAT)
Purpose: NIST compliance validation using official test vectors
cargo test kat_ # Run all KAT tests
cargo test ml_kem_kat # ML-KEM specific KAT
cargo test ml_dsa_kat # ML-DSA specific KAT
Coverage:
- FIPS 203 (ML-KEM) compliance validation
- FIPS 204 (ML-DSA) compliance validation
- Parameter compliance verification
- Cross-platform consistency testing
2. Property-Based Testing
Purpose: Cryptographic property verification using proptest
cargo test property_ # All property-based tests
cargo test correctness_ # Cryptographic correctness
cargo test roundtrip_ # Encryption/decryption cycles
Properties Verified:
- Key generation produces valid keypairs
- Encryption/decryption roundtrip correctness
- Signature generation/verification consistency
- Hybrid cryptography composition properties
3. Security Analysis Testing
Purpose: Security vulnerability detection and validation
cargo test security_ # Security-focused tests
cargo test timing_ # Basic timing attack detection
cargo test memory_safety_ # Memory safety validation
Security Testing:
- Memory safety validation with sanitizers
- Basic timing attack resistance
- Buffer boundary protection testing
- FFI safety validation
4. Fuzzing Infrastructure
Purpose: Robustness testing with malformed and edge-case inputs
# Install cargo-fuzz
cargo install cargo-fuzz
# Run fuzzing campaigns
cargo fuzz run fuzz_ml_kem # ML-KEM fuzzing
cargo fuzz run fuzz_ml_dsa # ML-DSA fuzzing
cargo fuzz run fuzz_hybrid # Hybrid crypto fuzzing
Fuzzing Targets:
- Algorithm input validation
- FFI boundary robustness
- Error handling completeness
- Memory safety under stress
5. Performance Benchmarking
Purpose: Performance regression detection and analysis
cargo bench # Run all benchmarks
cargo bench ml_kem # ML-KEM performance
cargo bench signatures # Signature algorithm performance
Performance Metrics:
- Key generation timing
- Encryption/decryption performance
- Signature generation/verification speed
- Memory usage analysis
NIST Compliance Testing
Test Vector Validation
The KAT implementation validates against official NIST test vectors:
#![allow(unused)] fn main() { #[test] fn test_ml_kem_768_kat() { // Load NIST test vectors let test_vectors = load_nist_kat_vectors("ML-KEM-768"); for vector in test_vectors { // Validate key generation let (pk, sk) = MlKem768::keypair_deterministic(&vector.seed)?; assert_eq!(pk.as_bytes(), &vector.public_key); assert_eq!(sk.as_bytes(), &vector.secret_key); // Validate encapsulation let (ct, ss) = MlKem768::encapsulate_deterministic(&pk, &vector.enc_seed)?; assert_eq!(ct.as_bytes(), &vector.ciphertext); assert_eq!(ss.expose_secret(), &vector.shared_secret); } } }
Integration Testing
#![allow(unused)] fn main() { #[test] fn test_algorithm_integration() { // Cross-algorithm compatibility test_hybrid_kem_dsa_integration(); // Platform consistency test_cross_platform_compatibility(); // Error handling test_comprehensive_error_cases(); } }
Security Testing
Memory Safety Testing
# AddressSanitizer
RUSTFLAGS="-Zsanitizer=address" cargo test
# MemorySanitizer
RUSTFLAGS="-Zsanitizer=memory" cargo test
# ThreadSanitizer
RUSTFLAGS="-Zsanitizer=thread" cargo test
FFI Boundary Testing
#![allow(unused)] fn main() { #[test] fn test_ffi_boundary_safety() { // Buffer boundary validation test_buffer_overflow_protection(); // Null pointer handling test_null_pointer_safety(); // Invalid input handling test_malformed_input_handling(); // Error propagation test_c_error_handling(); } }
Timing Analysis
#![allow(unused)] fn main() { #[test] fn test_timing_side_channels() { // Basic constant-time validation let measurements = measure_operation_timing(); validate_timing_consistency(&measurements); } }
Development Testing Workflow
Pre-Commit Testing
#!/bin/bash
# scripts/pre-commit-test.sh
# Format check
cargo fmt --check
# Lint check
cargo clippy -- -D warnings
# Unit tests
cargo test --all
# Integration tests
cargo test --test integration
# Documentation tests
cargo test --doc
Continuous Integration Testing
# .github/workflows/test.yml (excerpt)
- name: Security Testing
run: |
# Memory safety testing
RUSTFLAGS="-Zsanitizer=address" cargo test
# Dependency audit
cargo audit
# Security lints
cargo clippy -- -D warnings -W clippy::all
Platform Testing Matrix
| Platform | Rust Version | Test Suite | Additional Validation |
|---|---|---|---|
| Linux x86_64 | stable, beta, nightly | Full | AddressSanitizer, Valgrind |
| macOS x86_64 | stable | Full | Instruments profiling |
| macOS ARM64 | stable | Full | Apple Silicon validation |
| Windows x86_64 | stable | Full | Visual Studio analysis |
Test Data Management
NIST Test Vectors
tests/data/
├── kat/
│ ├── ml-kem-512.rsp # NIST KAT for ML-KEM-512
│ ├── ml-kem-768.rsp # NIST KAT for ML-KEM-768
│ ├── ml-kem-1024.rsp # NIST KAT for ML-KEM-1024
│ ├── ml-dsa-44.rsp # NIST KAT for ML-DSA-44
│ └── ...
└── vectors/
├── property_test_seeds.txt
└── fuzzing_corpus/
Test Coverage Reporting
# Generate coverage report
cargo install cargo-tarpaulin
cargo tarpaulin --out Html --output-dir coverage/
# View coverage report
open coverage/tarpaulin-report.html
Contributing Testing
Adding New Tests
- Unit Tests: Add alongside implementation in
src/ - Integration Tests: Add to
tests/directory - KAT Tests: Update with new NIST vectors when available
- Property Tests: Add to
tests/property/ - Fuzzing: Add new fuzz targets in
fuzz/
Test Quality Standards
- Comprehensive Coverage: All public APIs tested
- Edge Case Testing: Boundary conditions validated
- Error Path Testing: All error conditions exercised
- Performance Testing: No performance regressions
- Security Testing: Security properties validated
For complete testing architecture including specific test implementations and validation methodologies, see the full Architecture Documentation.