(backend, wycheproof)
| 131 | ) |
| 132 | @wycheproof_tests("mldsa_65_sign_seed_test.json") |
| 133 | def test_mldsa65_sign_seed(backend, wycheproof): |
| 134 | # Skip "Internal" tests, they use the inner method `Sign_internal` |
| 135 | # instead of `Sign` which we do not expose. |
| 136 | if wycheproof.has_flag("Internal"): |
| 137 | return |
| 138 | |
| 139 | seed = binascii.unhexlify(wycheproof.testgroup["privateSeed"]) |
| 140 | try: |
| 141 | key = MLDSA65PrivateKey.from_seed_bytes(seed) |
| 142 | except ValueError: |
| 143 | assert wycheproof.invalid |
| 144 | assert wycheproof.has_flag("IncorrectPrivateKeyLength") |
| 145 | return |
| 146 | pub = MLDSA65PublicKey.from_public_bytes( |
| 147 | binascii.unhexlify(wycheproof.testgroup["publicKey"]) |
| 148 | ) |
| 149 | |
| 150 | assert key.public_key() == pub |
| 151 | |
| 152 | msg = binascii.unhexlify(wycheproof.testcase["msg"]) |
| 153 | has_ctx = "ctx" in wycheproof.testcase |
| 154 | ctx = binascii.unhexlify(wycheproof.testcase["ctx"]) if has_ctx else None |
| 155 | |
| 156 | if wycheproof.valid or wycheproof.acceptable: |
| 157 | # Sign and verify round-trip. We don't compare exact signature |
| 158 | # bytes because some backends use hedged (randomized) signing. |
| 159 | sig = key.sign(msg, ctx) |
| 160 | pub.verify(sig, msg, ctx) |
| 161 | else: |
| 162 | with pytest.raises(ValueError): |
| 163 | assert has_ctx |
| 164 | key.sign(msg, ctx) |
| 165 | |
| 166 | |
| 167 | def _compute_mu(pub_raw: bytes, msg: bytes, ctx: bytes) -> bytes: |
nothing calls this directly
no test coverage detected