(backend, wycheproof)
| 60 | ) |
| 61 | @wycheproof_tests("mldsa_44_sign_seed_test.json") |
| 62 | def test_mldsa44_sign_seed(backend, wycheproof): |
| 63 | # Skip "Internal" tests, they use the inner method `Sign_internal` |
| 64 | # instead of `Sign` which we do not expose. |
| 65 | if wycheproof.has_flag("Internal"): |
| 66 | return |
| 67 | |
| 68 | seed = binascii.unhexlify(wycheproof.testgroup["privateSeed"]) |
| 69 | try: |
| 70 | key = MLDSA44PrivateKey.from_seed_bytes(seed) |
| 71 | except ValueError: |
| 72 | assert wycheproof.invalid |
| 73 | assert wycheproof.has_flag("IncorrectPrivateKeyLength") |
| 74 | return |
| 75 | pub = MLDSA44PublicKey.from_public_bytes( |
| 76 | binascii.unhexlify(wycheproof.testgroup["publicKey"]) |
| 77 | ) |
| 78 | |
| 79 | assert key.public_key() == pub |
| 80 | |
| 81 | msg = binascii.unhexlify(wycheproof.testcase["msg"]) |
| 82 | has_ctx = "ctx" in wycheproof.testcase |
| 83 | ctx = binascii.unhexlify(wycheproof.testcase["ctx"]) if has_ctx else None |
| 84 | |
| 85 | if wycheproof.valid or wycheproof.acceptable: |
| 86 | # Sign and verify round-trip. We don't compare exact signature |
| 87 | # bytes because some backends use hedged (randomized) signing. |
| 88 | sig = key.sign(msg, ctx) |
| 89 | pub.verify(sig, msg, ctx) |
| 90 | else: |
| 91 | with pytest.raises(ValueError): |
| 92 | assert has_ctx |
| 93 | key.sign(msg, ctx) |
| 94 | |
| 95 | |
| 96 | @pytest.mark.supported( |
nothing calls this directly
no test coverage detected