RFR: 8349017: Update ML tests to verify against ACVP 1.1.0.38 version

Weijun Wang weijun at openjdk.org
Thu Jan 30 17:01:58 UTC 2025 

On Thu, 30 Jan 2025 15:16:16 GMT, Rajan Halade <rhalade at openjdk.org> wrote:

> This fix updates compatibility tests with verification against ACVP 1.1.0.38 data. The new data files in v1.1.0.38 are significantly larger in file size so they are moved to artifactory or are to be provided for local run. Refer to `Launcher.java` for more details on this.

test/jdk/sun/security/provider/acvp/Launcher.java line 46:

> 44: /// This test runs on `internalProjection.json`-style files generated
> 45: /// by NIST's ACVP Server. See [https://github.com/usnistgov/ACVP-Server].
> 46: /// Download zip archive, for instance -

The 1st sentence says `internalProjection.json` but the 2nd says a zip archive. Maybe we can mention the relation. For example,

/// This test runs on `internalProjection.json`-style files generated by NIST's
/// ACVP Server ([GitHub repository](https://github.com/usnistgov/ACVP-Server)).
/// These files are included in ZIP archives available under the
/// [tags section](https://github.com/usnistgov/ACVP-Server/tags)
/// of the repository.

test/jdk/sun/security/provider/acvp/Launcher.java line 51:

> 49: /// The zip archive is either hosted on artifactory server or
> 50: /// specified with local path to the test.
> 51: /// The test looks for test data files in archive listed with `TEST_FILES`.

"in archive" to "in the archive".

Now that you already have `TEST_FILES`, I think there is no need to use the `test.acvp.alg` test property anymore.

Also, to avoid confusing users, there’s no need to mention “sample files can be downloaded from…”. They can simply download the ZIP bundle.

test/jdk/sun/security/provider/acvp/ML_DSA_Test.java line 117:

> 115:                 var hashAlg = c.get("hashAlg").asString();
> 116:                 var preHash = hashAlg.equals("none") ? null : h2h(hashAlg);
> 117:                 if (preHash != null || ctxt.length != 0) {

We don't need to parse `hashAlg`. The check above can be simply:

if (!hashAlg.equals("none") || ctxt.length != 0) {

Same with the verification side. Then we can remove the `h2h` method.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/23370#discussion_r1935935837
PR Review Comment: https://git.openjdk.org/jdk/pull/23370#discussion_r1935941646
PR Review Comment: https://git.openjdk.org/jdk/pull/23370#discussion_r1935960245

More information about the security-dev mailing list