Add proptests for Signature encoding

tarcieri · tarcieri · commit 24179cc34cb9 · 2025-02-12T11:53:23.000-07:00
Ensures encoded signatures can be round tripped successfully, i.e.
encoded and then decoded again without errors or panics.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/ml-dsa/Cargo.toml b/ml-dsa/Cargo.toml
@@ -37,6 +37,7 @@ criterion = "0.5.1"
 hex = { version = "0.4.3", features = ["serde"] }
 hex-literal = "0.4.1"
 pkcs8 = { version = "=0.11.0-rc.1", features = ["pem"] }
+proptest = "1"
 rand = "0.8.5"
 serde = { version = "1.0.215", features = ["derive"] }
 serde_json = "1.0.132"
diff --git a/ml-dsa/src/hint.rs b/ml-dsa/src/hint.rs
@@ -33,7 +33,7 @@ fn use_hint<TwoGamma2: Unsigned>(h: bool, r: Elem) -> Elem {
     }
 }
 
-#[derive(Clone, PartialEq)]
+#[derive(Clone, PartialEq, Debug)]
 pub struct Hint<P>(pub Array<Array<bool, U256>, P::K>)
 where
     P: SignatureParams;
diff --git a/ml-dsa/src/lib.rs b/ml-dsa/src/lib.rs
@@ -17,8 +17,7 @@
 //! # Quickstart
 //!
 //! ```
-//! use ml_dsa::{MlDsa65, KeyGen};
-//! use signature::{Keypair, Signer, Verifier};
+//! use ml_dsa::{MlDsa65, KeyGen, signature::{Keypair, Signer, Verifier}};
 //!
 //! let mut rng = rand::thread_rng();
 //! let kp = MlDsa65::key_gen(&mut rng);
@@ -86,10 +85,10 @@ use crate::util::B64;
 
 pub use crate::param::{EncodedSignature, EncodedSigningKey, EncodedVerifyingKey, MlDsaParams};
 pub use crate::util::B32;
-pub use signature::Error;
+pub use signature::{self, Error};
 
 /// An ML-DSA signature
-#[derive(Clone, PartialEq)]
+#[derive(Clone, PartialEq, Debug)]
 pub struct Signature<P: MlDsaParams> {
     c_tilde: Array<u8, P::Lambda>,
     z: Vector<P::L>,
diff --git a/ml-dsa/tests/sig-encoding.proptest-regressions b/ml-dsa/tests/sig-encoding.proptest-regressions
diff --git a/ml-dsa/tests/sig-encoding.rs b/ml-dsa/tests/sig-encoding.rs
@@ -0,0 +1,46 @@
+use ml_dsa::{signature::Signer, KeyGen, MlDsa44, MlDsa65, MlDsa87, MlDsaParams, Signature, B32};
+use proptest::prelude::*;
+
+fn example_signature<P: MlDsaParams>(seed_bytes: &B32) -> Signature<P> {
+    let keypair = P::key_gen_internal(seed_bytes);
+    let msg = b"";
+    keypair.signing_key().sign(msg)
+}
+
+prop_compose! {
+    fn mldsa44_signature()(seed_bytes in any::<[u8; 32]>()) -> Signature<MlDsa44> {
+        example_signature::<MlDsa44>(seed_bytes.as_ref())
+    }
+}
+
+prop_compose! {
+    fn mldsa65_signature()(seed_bytes in any::<[u8; 32]>()) -> Signature<MlDsa65> {
+        example_signature::<MlDsa65>(seed_bytes.as_ref())
+    }
+}
+
+prop_compose! {
+    fn mldsa87_signature()(seed_bytes in any::<[u8; 32]>()) -> Signature<MlDsa87> {
+        example_signature::<MlDsa87>(seed_bytes.as_ref())
+    }
+}
+
+proptest! {
+    #[test]
+    fn mldsa44_round_trip(sig in mldsa44_signature()) {
+        let sig_decoded = Signature::<MlDsa44>::decode(&sig.encode());
+        prop_assert_eq!(Some(sig), sig_decoded);
+    }
+
+    #[test]
+    fn mldsa65_round_trip(sig in mldsa65_signature()) {
+        let sig_decoded = Signature::<MlDsa65>::decode(&sig.encode());
+        prop_assert_eq!(Some(sig), sig_decoded);
+    }
+
+    #[test]
+    fn mldsa87_round_trip(sig in mldsa87_signature()) {
+        let sig_decoded = Signature::<MlDsa87>::decode(&sig.encode());
+        prop_assert_eq!(Some(sig), sig_decoded);
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ fn use_hint<TwoGamma2: Unsigned>(h: bool, r: Elem) -> Elem {`
`33`	`33`	`}`
`34`	`34`	`}`
`35`	`35`
`36`		`-#[derive(Clone, PartialEq)]`
	`36`	`+#[derive(Clone, PartialEq, Debug)]`
`37`	`37`	`pub struct Hint<P>(pub Array<Array<bool, U256>, P::K>)`
`38`	`38`	`where`
`39`	`39`	`P: SignatureParams;`