ACVP: Adjust to actual ACVP flow

mkannwischer · mkannwischer · commit 5fb2f9f9b90c · 2025-10-28T12:05:09.000+08:00
This commit ports pq-code-package/mlkem-native#1052 With HashML-DSA support added in #498, we now have full coverage of the ACVP tests allowing us to switch to the actual ACVP flow: In real ACVP validation, the internalProjection is not available. Rather, one gets a prompt containing the inputs and has to produce a result json that has the match the expected results hold by the ACVP server. This commit modifies the acvp_client.py to follow this flow and aligns it with the client in mlkem-native. This in theory allows to perform CAVP validation without any changes, but I have not done that yet. Resolves #294 Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
diff --git a/test/acvp_client.py b/test/acvp_client.py
@@ -185,8 +185,7 @@ def run_sigGen_test(tg, tc):
     assert tg["testType"] == "AFT"
 
     is_deterministic = tg["deterministic"] is True
-
-    if tg["preHash"] == "preHash":
+    if "preHash" in tg and tg["preHash"] == "preHash":
         assert len(tc["context"]) <= 2 * 255
 
         # Use specialized SHAKE256 function that computes hash internally
@@ -217,7 +216,7 @@ def run_sigGen_test(tg, tc):
                 f"hashAlg={tc['hashAlg']}",
             ]
     elif tg["signatureInterface"] == "external":
-        assert tc["hashAlg"] == "none"
+        assert "hashAlg" not in tc or tc["hashAlg"] == "none"
         assert len(tc["context"]) <= 2 * 255
         assert len(tc["message"]) <= 2 * 65536
 
@@ -230,7 +229,7 @@ def run_sigGen_test(tg, tc):
             f"context={tc['context']}",
         ]
     else:  # signatureInterface=internal
-        assert tc["hashAlg"] == "none"
+        assert "hashAlg" not in tc or tc["hashAlg"] == "none"
         externalMu = 0
         if tg["externalMu"] is True:
             externalMu = 1
@@ -272,7 +271,7 @@ def run_sigVer_test(tg, tc):
     results = {"tcId": tc["tcId"]}
     acvp_bin = get_acvp_binary(tg)
 
-    if tg["preHash"] == "preHash":
+    if "preHash" in tg and tg["preHash"] == "preHash":
         assert len(tc["context"]) <= 2 * 255
 
         # Use specialized SHAKE256 function that computes hash internally
@@ -297,7 +296,7 @@ def run_sigVer_test(tg, tc):
                 f"hashAlg={tc['hashAlg']}",
             ]
     elif tg["signatureInterface"] == "external":
-        assert tc["hashAlg"] == "none"
+        assert "hashAlg" not in tc or tc["hashAlg"] == "none"
         assert len(tc["context"]) <= 2 * 255
         assert len(tc["message"]) <= 2 * 65536
 
@@ -310,7 +309,7 @@ def run_sigVer_test(tg, tc):
             f"pk={tc['pk']}",
         ]
     else:  # signatureInterface=internal
-        assert tc["hashAlg"] == "none"
+        assert "hashAlg" not in tc or tc["hashAlg"] == "none"
         externalMu = 0
         if tg["externalMu"] is True:
             externalMu = 1
@@ -331,8 +330,9 @@ def run_sigVer_test(tg, tc):
 
     result = subprocess.run(acvp_call, encoding="utf-8", capture_output=True)
     # Extract results
-    results["testPassed"] == (result.returncode == 0)
+    results["testPassed"] = result.returncode == 0
     info("done")
+    return results
 
 
 def runTestSingle(promptName, prompt, expectedResultName, expectedResult, output):
