ml-dsa: adapt many_round_trip_test into a proptest (#1184)

tarcieri · web-flow · commit b316da41521b · 2026-01-26T10:42:56.000-07:00
Replaces ad hoc randomized testing with proptest, which can
automatically report seeds to reproduce failures experienced in CI, and
can automatically track and test previous regressions.
diff --git a/ml-dsa/src/lib.rs b/ml-dsa/src/lib.rs
@@ -943,11 +943,6 @@ where
 mod test {
     use super::*;
     use crate::param::*;
-    use getrandom::{
-        SysRng,
-        rand_core::{Rng, UnwrapErr},
-    };
-    use signature::digest::Update;
 
     #[test]
     fn output_sizes() {
@@ -1046,42 +1041,6 @@ mod test {
         sign_verify_round_trip_test::<MlDsa87>();
     }
 
-    fn many_round_trip_test<P>()
-    where
-        P: MlDsaParams,
-    {
-        const ITERATIONS: usize = 1000;
-
-        let mut rng = UnwrapErr(SysRng);
-        let mut seed = B32::default();
-
-        for _i in 0..ITERATIONS {
-            let seed_data: &mut [u8] = seed.as_mut();
-            rng.fill_bytes(seed_data);
-
-            let kp = P::from_seed(&seed);
-            let sk = kp.signing_key;
-            let vk = kp.verifying_key;
-
-            let M = b"Hello world";
-            let rnd = Array([0u8; 32]);
-            let sig = sk.sign_internal(&[M], &rnd);
-
-            let sig_enc = sig.encode();
-            let sig_dec = Signature::<P>::decode(&sig_enc).unwrap();
-
-            assert_eq!(sig_dec, sig);
-            assert!(vk.verify_internal(M, &sig_dec));
-        }
-    }
-
-    #[test]
-    fn many_round_trip() {
-        many_round_trip_test::<MlDsa44>();
-        many_round_trip_test::<MlDsa65>();
-        many_round_trip_test::<MlDsa87>();
-    }
-
     #[test]
     fn sign_mu_verify_mu_round_trip() {
         fn sign_mu_verify_mu<P>()
@@ -1148,63 +1107,6 @@ mod test {
         sign_internal_verify_mu::<MlDsa87>();
     }
 
-    #[test]
-    fn sign_digest_round_trip() {
-        fn sign_digest<P>()
-        where
-            P: MlDsaParams,
-        {
-            let kp = P::from_seed(&Array::default());
-            let sk = kp.signing_key;
-            let vk = kp.verifying_key;
-
-            let M = b"Hello world";
-            let sig = sk.sign_digest(|digest| digest.update(M));
-            assert_eq!(sig, sk.sign(M));
-
-            vk.verify_digest(
-                |digest| {
-                    digest.update(M);
-                    Ok(())
-                },
-                &sig,
-            )
-            .unwrap();
-        }
-        sign_digest::<MlDsa44>();
-        sign_digest::<MlDsa65>();
-        sign_digest::<MlDsa87>();
-    }
-
-    #[test]
-    #[cfg(feature = "rand_core")]
-    fn sign_randomized_digest_round_trip() {
-        fn sign_digest<P>()
-        where
-            P: MlDsaParams,
-        {
-            let kp = P::from_seed(&Array::default());
-            let sk = kp.signing_key;
-            let vk = kp.verifying_key;
-
-            let M = b"Hello world";
-            let mut rng = UnwrapErr(SysRng);
-            let sig = sk.sign_digest_with_rng(&mut rng, |digest| digest.update(M));
-
-            vk.verify_digest(
-                |digest| {
-                    digest.update(M);
-                    Ok(())
-                },
-                &sig,
-            )
-            .unwrap();
-        }
-        sign_digest::<MlDsa44>();
-        sign_digest::<MlDsa65>();
-        sign_digest::<MlDsa87>();
-    }
-
     #[test]
     fn from_seed_implementations_match() {
         fn assert_from_seed_equality<P>()
diff --git a/ml-dsa/tests/proptests.proptest-regressions b/ml-dsa/tests/proptests.proptest-regressions
diff --git a/ml-dsa/tests/proptests.rs b/ml-dsa/tests/proptests.rs
@@ -1,57 +1,79 @@
-use hybrid_array::AsArrayRef;
-use ml_dsa::{
-    KeyGen, KeyPair, MlDsa44, MlDsa65, MlDsa87, Signature,
-    signature::{Signer, Verifier},
-};
-use proptest::prelude::*;
-
-/// Example message
-const MSG: &[u8] = b"Hello world";
-
-// Keypairs
-prop_compose! {
-    fn mldsa44_keypair()(seed_bytes in any::<[u8; 32]>()) -> KeyPair<MlDsa44> {
-       MlDsa44::from_seed(seed_bytes.as_array_ref())
-    }
-}
-prop_compose! {
-    fn mldsa65_keypair()(seed_bytes in any::<[u8; 32]>()) -> KeyPair<MlDsa65> {
-       MlDsa65::from_seed(seed_bytes.as_array_ref())
-    }
-}
-prop_compose! {
-    fn mldsa87_keypair()(seed_bytes in any::<[u8; 32]>()) -> KeyPair<MlDsa87> {
-        MlDsa87::from_seed(seed_bytes.as_array_ref())
-    }
+//! Property-based tests for the `ml-dsa` crate.
+
+macro_rules! signature_round_trip_encode {
+    ($alg:ident, $sig:expr) => {{
+        let sig_enc = $sig.encode();
+        let sig_dec_result = Signature::<$alg>::decode(&sig_enc);
+        prop_assert_eq!(&sig_dec_result, &Some($sig));
+        sig_dec_result.unwrap()
+    }};
 }
 
-macro_rules! round_trip_test {
-    ($params:path, $keypair:expr) => {
-        let sig = $keypair.signing_key().sign(MSG);
+macro_rules! mldsa_proptests {
+    ($name:ident, $alg:ident) => {
+        mod $name {
+            use ml_dsa::{
+                KeyGen, Signature,
+                signature::{DigestSigner, DigestVerifier, digest::Update},
+                $alg,
+            };
+            use proptest::{collection, prelude::*};
+
+            #[cfg(feature = "rand_core")]
+            use ml_dsa::signature::RandomizedDigestSigner;
+
+            proptest! {
+                #[test]
+                fn round_trip_test(
+                    seed in any::<[u8; 32]>(),
+                    msg in collection::vec(0u8..u8::MAX, 0..65536),
+                    rnd in any::<[u8; 32]>()
+                ) {
+                    let kp = $alg::from_seed(&seed.into());
+                    let sk = kp.signing_key();
+                    let vk = kp.verifying_key();
 
-        // Check signature verification
-        let verify_result = $keypair.verifying_key().verify(MSG, &sig);
-        prop_assert!(verify_result.is_ok());
+                    let sig = sk.sign_internal(&[&msg], &rnd.into());
+                    let sig_dec = signature_round_trip_encode!($alg, sig);
+                    assert!(vk.verify_internal(&msg, &sig_dec));
+                }
 
-        // Check signature encoding round trip
-        let sig_decoded = Signature::<$params>::decode(&sig.encode());
-        prop_assert_eq!(Some(sig), sig_decoded);
+                #[test]
+                fn round_trip_digest_test(
+                    seed in any::<[u8; 32]>(),
+                    msg in collection::vec(0u8..u8::MAX, 0..65536),
+                ) {
+                    let kp = $alg::from_seed(&seed.into());
+                    let sk = kp.signing_key();
+                    let vk = kp.verifying_key();
+
+                    let sig = sk.sign_digest(|digest| digest.update(&msg));
+                    let sig_dec = signature_round_trip_encode!($alg, sig);
+                    let verify_result = vk.verify_digest(|digest| Ok(digest.update(&msg)), &sig_dec);
+                    assert!(verify_result.is_ok());
+                }
+
+                #[cfg(feature = "rand_core")]
+                #[test]
+                fn round_trip_randomized_digest_test(
+                    seed in any::<[u8; 32]>(),
+                    msg in collection::vec(0u8..u8::MAX, 0..65536),
+                ) {
+                    let kp = $alg::from_seed(&seed.into());
+                    let sk = kp.signing_key();
+                    let vk = kp.verifying_key();
+
+                    let mut rng = rand_core::UnwrapErr(getrandom::SysRng);
+                    let sig = sk.sign_digest_with_rng(&mut rng, |digest| digest.update(&msg));
+                    let sig_dec = signature_round_trip_encode!($alg, sig);
+                    let verify_result = vk.verify_digest(|digest| Ok(digest.update(&msg)), &sig_dec);
+                    assert!(verify_result.is_ok());
+                }
+            }
+        }
     };
 }
 
-proptest! {
-    #[test]
-    fn mldsa44_round_trip(keypair in mldsa44_keypair()) {
-        round_trip_test!(MlDsa44, keypair);
-    }
-
-    #[test]
-    fn mldsa65_round_trip(keypair in mldsa65_keypair()) {
-        round_trip_test!(MlDsa65, keypair);
-    }
-
-    #[test]
-    fn mldsa87_round_trip(keypair in mldsa87_keypair()) {
-        round_trip_test!(MlDsa87, keypair);
-    }
-}
+mldsa_proptests!(mldsa44, MlDsa44);
+mldsa_proptests!(mldsa65, MlDsa65);
+mldsa_proptests!(mldsa87, MlDsa87);
