|
Boost : |
From: Christian Mazakas (christian.mazakas_at_[hidden])
Date: 2024-12-10 23:25:44
On Tue, Dec 10, 2024 at 12:07â¯PM Christopher Kormanyos via Boost <
boost_at_[hidden]> wrote:
> What I'd like to see short-term:
> * Handle enhanced compiler warnings.
> * Include a subset of NIST testing.
> * Fuzzing run(s) on some hashes in CI.
> * I think SHA-3 is worthy of inclusion.
>
I was wondering what kind of NIST testing you're alluding to.
We do have some copy-pasted test vectors for myriad PDFs but for a good
portion of the algorithms, we're using the test vectors outlined here:
https://github.com/pdimov/hash2/blob/7a25f8518692b657e9272884519519fbaca2ec54/test/sha2.cpp#L282
https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Secure-Hashing
Towards the bottom there under Test Vectors, one can download a .zip folder
full of .rsp files which were used to verify the output of the applicable
algorithms.
I tried to avoid relying on those too much during testing because I wanted
something quasi-human readable and understandable so if there was an
applicable PDF, I preferred that.
I did think about a scenario where we would've committed the .rsp files to
the repo and run them during CI or some such as part of a much more
extensive test suite.
Which hashes would you like to see fuzzed, assuming "all of them" is off
the table? And how long should we fuzz as well? I'm not sure if we can
exhaustively fuzz the algorithms as part of a normal CI infrastructure.
- Christian
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk