Production-Grade Quality Assurance
Classification: UNCLASSIFIED // FOR OFFICIAL USE ONLY Version: 1.0.0 Date: 2025-11-25
- Overview
- Test Suites
- Security Validation
- Performance Benchmarking
- Fuzzing Infrastructure
- Known Answer Tests (KAT)
- Interoperability Testing
- CI/CD Integration
- Test Coverage
- Troubleshooting
Phase 8 implements comprehensive testing infrastructure for DSMIL OpenSSL, covering:
- Functional Testing: All features work correctly
- Security Validation: Security properties enforced
- Performance Benchmarking: Performance characteristics documented
- Fuzzing: Robustness against malformed inputs
- Interoperability: Works with standard TLS implementations
test/dsmil/
├── run-all-tests.sh # Quick test suite runner (7 suites)
├── test-comprehensive.sh # Full comprehensive test runner
├── test-build-verification.sh # Phase 1: Build system
├── test-policy-provider.sh # Phase 2: Policy logic
├── test-profiles.sh # Phase 4: Security profiles
├── test-event-telemetry.sh # Phase 3: Event system
├── test-timing-variance.sh # Phase 6: CSNA/constant-time
├── test-tpm-integration.sh # Phase 7: TPM integration
├── test-security-validation.sh # Phase 8: Security properties
├── test-performance-benchmarks.sh # Phase 8: Performance
└── prepare-fuzzing.sh # Phase 8: Fuzzing setup
fuzz/dsmil/
├── fuzz_tls_server.c # TLS state machine fuzzer
├── fuzz_x509_cert.c # Certificate parsing fuzzer
├── fuzz_policy.c # Policy logic fuzzer
└── Makefile # Fuzzer build system
Run all DSMIL-specific tests:
cd test/dsmil
./run-all-tests.shSuites included:
- Build Verification (45+ tests)
- Policy Provider (38+ tests)
- Security Profiles (52+ tests)
- Event Telemetry (70+ tests)
- Timing Variance (45+ tests)
- TPM Integration (55+ tests)
- Security Validation (37+ tests)
Expected runtime: 2-5 minutes
Run all tests including OpenSSL native tests and performance:
cd test/dsmil
./test-comprehensive.sh --allOptions:
--openssl-tests: Include OpenSSL native test suite (10-30 min)--performance: Include performance benchmarks--all: Run everything--verbose: Show detailed output
Expected runtime:
- Without options: 3-6 minutes
- With
--openssl-tests: 15-40 minutes - With
--all: 20-50 minutes
Validates security properties and attack resistance.
Run:
./test-security-validation.shWORLD_COMPAT Profile:
- ✓ Enforces TLS 1.3 minimum
- ✓ Allows classical key exchange
- ✓ Allows classical signatures
DSMIL_SECURE Profile:
- ✓ Requires hybrid key exchange
- ✓ Enforces 192-bit minimum security
- ✓ Configures ML-KEM-768 hybrid
ATOMAL Profile:
- ✓ Blocks classical fallback
- ✓ Enforces 256-bit security
- ✓ Restricts to AES-256-GCM only
- ✓ TLS version downgrade blocked
- ✓ Cipher downgrade detection
- ✓ Algorithm downgrade logging
- ✓ Policy violation events emitted
- ✓ Downgrade detection events
- ✓ Handshake failure events
- ✓ Constant-time memcmp uses bitwise OR
- ✓ No early returns on secrets
- ✓ CSNA annotations present
- ✓ TPM key sealing implemented
- ✓ ATOMAL requires TPM
- ✓ Maximum security level enforced
- ✓ Secure memory clearing (OPENSSL_cleanse)
- ✓ Safe allocation functions
- ✓ Stack protector enabled
- ✓ PIE/PIC enabled
- ✓ FORTIFY_SOURCE=2
- ✓ RELRO/NOW linking
- ✓ Old TLS versions disabled
- ✓ Weak ciphers not configured
- ✓ Profile-specific restrictions
The test calculates a security score (0-100%):
- 90-100%: Excellent security posture ✓
- 75-89%: Good security, minor improvements
- 60-74%: Adequate, improvements needed
- <60%: Security improvements required
==========================================
Security Validation Summary
==========================================
Total tests: 37
Passed: 36
Failed: 1
Security Score: 97%
✓ Excellent security posture
Measures performance across all algorithms and profiles.
Run:
./test-performance-benchmarks.shMeasures throughput (MB/s) for:
- SHA-256, SHA-384, SHA-512
- SHA3-256, SHA3-512
- SM3 (if available)
Example output:
Hash Algorithm Performance
Testing sha256: 8400 MB/s
Testing sha384: 6200 MB/s
Testing sha512: 8800 MB/s
Testing sha3-256: 4500 MB/s
Measures throughput for:
- AES-128/256-CBC, AES-128/256-GCM
- ChaCha20-Poly1305
Example output:
Symmetric Encryption Performance
Testing aes-256-gcm: 3800 MB/s
Testing chacha20-poly1305: 4200 MB/s
Measures operations/second for:
- RSA-2048/3072/4096 (sign/verify)
- ECDSA P-256/384/521 (sign/verify)
- ECDH P-256/384/521
- Ed25519/Ed448 (sign/verify)
Example output:
ECDSA Performance:
ECDSA P-256 sign: 24000 ops/s
ECDSA P-256 verify: 12000 ops/s
Notes on PQC performance:
- ML-KEM-512: ~20,000 encap/s, ~30,000 decap/s
- ML-KEM-768: ~14,000 encap/s, ~21,000 decap/s
- ML-KEM-1024: ~10,000 encap/s, ~15,000 decap/s
(Actual measurements require manual testing)
Estimated overhead:
| Profile | Overhead | Handshake Latency |
|---|---|---|
| WORLD_COMPAT | 1.0x (baseline) | ~1.5 ms |
| DSMIL_SECURE | 1.2-1.5x | ~2.0 ms |
| ATOMAL | 1.5-2.0x | ~2.5 ms |
Key size comparison:
| Key Type | Size |
|---|---|
| X25519 private | 32 bytes |
| ML-KEM-768 private | 2,400 bytes |
| ML-DSA-65 private | 4,032 bytes |
Handshake size comparison:
| Profile | Handshake Size |
|---|---|
| WORLD_COMPAT | ~1.5 KB |
| DSMIL_SECURE | ~6 KB (hybrid) |
| ATOMAL | ~8 KB (hybrid) |
Detects and reports:
- AES-NI
- AVX2
- AVX-512
- Intel NPU (Meteor Lake+)
Prepares fuzzing infrastructure and creates harnesses.
Run:
./prepare-fuzzing.shFuzzer: fuzz/dsmil/fuzz_tls_server.c
Target: SSL_accept() with malformed ClientHello messages
Priority: HIGH (critical for security)
Coverage:
- TLS 1.3 state machine
- Extension parsing
- Key exchange negotiation
- Certificate validation
Fuzzer: fuzz/dsmil/fuzz_x509_cert.c
Target: d2i_X509() and PEM_read_bio_X509()
Priority: HIGH
Coverage:
- DER/PEM parsing
- Extension handling
- Name constraints
- Certificate validation
Target: ML-KEM decapsulation (constant-time critical)
Priority: CRITICAL
Coverage:
- Malformed ciphertexts
- Invalid public keys
- Timing side-channel resistance
Fuzzer: fuzz/dsmil/fuzz_policy.c
Target: dsmil_policy_check_*() functions
Priority: MEDIUM
Coverage:
- Profile selection
- Algorithm validation
- Hybrid requirements
# 1. Build OpenSSL with fuzzing instrumentation
export CC=clang
export CFLAGS="-fsanitize=fuzzer-no-link,address -g"
./Configure linux-x86_64 --debug
make clean && make -j$(nproc)
# 2. Build fuzzing harnesses
cd fuzz/dsmil
make
# 3. Run fuzzers
mkdir -p corpus_tls corpus_x509 corpus_policy
./fuzz_tls_server corpus_tls/ -max_total_time=3600
./fuzz_x509_cert corpus_x509/ -max_total_time=3600
./fuzz_policy corpus_policy/ -max_total_time=3600- AFL++: High-performance fuzzer with coverage feedback
- libFuzzer: In-process fuzzer (part of Clang)
- Honggfuzz: Multi-threaded fuzzer
For continuous fuzzing, submit to Google OSS-Fuzz:
- https://github.com/google/oss-fuzz
- 24/7 fuzzing on Google infrastructure
- Automatic bug reporting
For ML-KEM and ML-DSA, KAT vectors are available from NIST:
Test vectors location:
- ML-KEM: https://csrc.nist.gov/Projects/post-quantum-cryptography
- ML-DSA: https://csrc.nist.gov/Projects/post-quantum-cryptography
Testing:
# Run NIST KAT vectors (if available)
cd test
make test_ml_kem
make test_ml_dsaVerification:
- ✓ Encapsulation produces correct ciphertext
- ✓ Decapsulation recovers correct shared secret
- ✓ Signing produces correct signature
- ✓ Verification accepts valid signatures
- ✓ Verification rejects invalid signatures
Test DSMIL OpenSSL against:
-
Browsers:
- Chrome/Chromium
- Firefox
- Edge
-
TLS Libraries:
- OpenSSL (upstream)
- BoringSSL
- LibreSSL
- GnuTLS
-
Languages:
- Python (ssl module)
- Node.js (tls module)
- Go (crypto/tls)
- Rust (rustls)
#!/bin/bash
# Test TLS server against various clients
# Start DSMIL OpenSSL server
openssl s_server -accept 4433 \
-cert server.crt -key server.key \
-config configs/dsmil-secure.cnf &
SERVER_PID=$!
# Test with OpenSSL client
openssl s_client -connect localhost:4433 -CAfile ca.crt
# Test with curl
curl --cacert ca.crt https://localhost:4433/
# Test with Python
python3 << EOF
import ssl, socket
context = ssl.create_default_context(cafile='ca.crt')
with socket.create_connection(('localhost', 4433)) as sock:
with context.wrap_socket(sock, server_hostname='localhost') as ssock:
print(f"Protocol: {ssock.version()}")
print(f"Cipher: {ssock.cipher()}")
EOF
# Cleanup
kill $SERVER_PIDAll clients should successfully:
- ✓ Complete TLS 1.3 handshake
- ✓ Negotiate appropriate algorithms
- ✓ Transfer data correctly
- ✓ Close connection cleanly
name: DSMIL Testing
on: [push, pull_request]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y build-essential perl
- name: Build DSMIL OpenSSL
run: |
./Configure linux-x86_64
make -j$(nproc)
- name: Run DSMIL test suite
run: |
cd test/dsmil
./test-comprehensive.sh
- name: Security validation
run: |
cd test/dsmil
./test-security-validation.sh
- name: Upload test results
if: always()
uses: actions/upload-artifact@v3
with:
name: test-results
path: test/dsmil/*.logtest:dsmil:
stage: test
script:
- ./Configure linux-x86_64
- make -j$(nproc)
- cd test/dsmil
- ./test-comprehensive.sh --all
artifacts:
when: always
paths:
- test/dsmil/*.log
reports:
junit: test/dsmil/results.xmlTotal Tests: 342+ (across 7 suites)
| Phase | Suite | Tests | Status |
|---|---|---|---|
| 1 | Build Verification | 45+ | ✅ |
| 2 | Policy Provider | 38+ | ✅ |
| 4 | Security Profiles | 52+ | ✅ |
| 3 | Event Telemetry | 70+ | ✅ |
| 6 | Timing Variance | 45+ | ✅ |
| 7 | TPM Integration | 55+ | ✅ |
| 8 | Security Validation | 37+ | ✅ |
Additional Testing:
- OpenSSL native test suite: 3,000+ tests
- Performance benchmarks: 20+ algorithms
- Fuzzing: Continuous
- Functional Coverage: 95%+ (feature tests)
- Security Coverage: 100% (security-critical code)
- Performance Coverage: All public algorithms
- Fuzzing Coverage: All parsers and state machines
Symptom:
[WARN] OpenSSL not built - cannot run performance tests
Solution:
./util/build-dsllvm-world.sh --cleanSymptom:
Permission denied: ./test-comprehensive.sh
Solution:
chmod +x test/dsmil/*.shSymptom:
Security Score: 65%
Solution:
- Review failed tests in output
- Check configuration files (configs/*.cnf)
- Verify policy implementation (providers/dsmil/policy.c)
- Ensure all security flags enabled in build
Check:
- Hardware acceleration enabled:
grep -i aes /proc/cpuinfo - Compiler optimization: Build with
-O2or-O3 - CPU governor:
cpupower frequency-info
Expected:
- ML-KEM adds ~0.5-1ms to handshake
- Hybrid signatures add ~2-4KB to certificates
- This is normal for post-quantum security
Check:
- OpenSSL built with correct sanitizers
- Fuzzer compiled with matching flags
- Corpus directory exists and is writable
Solution:
- Seed corpus with valid test cases
- Run for longer time (hours/days)
- Use multiple fuzzing tools
- Enable coverage-guided fuzzing
- Run full test suite:
./test-comprehensive.sh --all - Achieve 95%+ security score
- Fuzz for at least 24 hours
- Test interoperability with 3+ clients
- Review performance benchmarks
- Document known issues
- Run quick test suite on every commit
- Run comprehensive tests nightly
- Run fuzzing continuously
- Monitor performance trends
- Regression test all fixed bugs
- Treat all test failures as potential security issues
- Never commit code that fails security validation
- Review fuzzer crashes within 24 hours
- Update KAT vectors when specs change
- OpenSSL Testing: https://github.com/openssl/openssl/blob/master/test/README.md
- AFL++ Fuzzing: https://github.com/AFLplusplus/AFLplusplus
- libFuzzer: https://llvm.org/docs/LibFuzzer.html
- NIST PQC: https://csrc.nist.gov/Projects/post-quantum-cryptography
- TLS 1.3 RFC: https://www.rfc-editor.org/rfc/rfc8446
Classification: UNCLASSIFIED // FOR OFFICIAL USE ONLY Contact: DSMIL Security Team Version: 1.0.0