docs(tests): TEST_CASES.md + wire-tap proof for university practice
Adds proof artifacts that the PQ tunnel is real:
- crates/aura-proto/tests/pq_wire_tap.rs — new integration test that
intercepts every byte flowing on the in-memory transport and asserts:
(1) ClientHello payload = 32 + 1184 + 32 (X25519 + ML-KEM-768 ek + nonce),
(2) ServerHello payload = 32 + 1088 + 32 (X25519_eph + ML-KEM-768 ct + nonce),
(3) a 56-byte plaintext marker shipped in a Data frame is absent from
the wire in both directions,
(4) ServerAuth/Data AEAD bodies have Shannon entropy >= 7 bits/byte.
- TEST_CASES.md — Russian-language report mapping 12 test cases to the
exact code and captured outputs (KAT, hybrid round-trip, AEAD tamper
detection, mutual X.509 rejection, replay window, 1000-packet flow,
in-vivo ping, bench-crypto timings, new wire-tap proof).
- docs/test_evidence/ — full captured stdout of cargo test runs and
aura bench-crypto, referenced from TEST_CASES.md.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
xah30
@@ -0,0 +1,12 @@
|
||||
aura bench-crypto — 200 iterations per op (hybrid X25519 + ML-KEM-768)
|
||||
|
||||
operation avg ops/sec
|
||||
------------------------------------------------------------
|
||||
KEM keygen 3.833927ms 261
|
||||
KEM encapsulate 4.429617ms 226
|
||||
KEM decapsulate 5.413446ms 185
|
||||
full hybrid handshake 13.761461ms 73
|
||||
AEAD seal+open 1KiB 342.541µs 2919
|
||||
AEAD seal+open 64KiB 19.988968ms 50
|
||||
|
||||
(timings are wall-clock averages on this host; not a substitute for criterion)
|
||||
@@ -0,0 +1,59 @@
|
||||
Compiling aura-crypto v0.1.0 (/Users/xah30/AuraVPN/crates/aura-crypto)
|
||||
Finished `test` profile [unoptimized + debuginfo] target(s) in 9.40s
|
||||
Running unittests src/lib.rs (target/debug/deps/aura_crypto-cc24ea82f5069837)
|
||||
|
||||
running 20 tests
|
||||
test aead::tests::aead_key_matches_session_nonce_scheme ... ok
|
||||
test aead::tests::nonce_layout_is_le_counter_then_zeros ... ok
|
||||
test aead::tests::aead_key_explicit_nonce_roundtrip ... ok
|
||||
test masks::tests::base64_decode_round_trips_simple ... ok
|
||||
test masks::tests::base64_rejects_invalid_char ... ok
|
||||
test aead::tests::into_parts_preserves_key_and_counter ... ok
|
||||
test aead::tests::aead_key_wrong_counter_or_aad_fails ... ok
|
||||
test masks::tests::ca_fingerprint_rejects_missing_block ... ok
|
||||
test masks::tests::ca_fingerprint_matches_direct_sha256 ... ok
|
||||
test masks::tests::format_ymd_zero_pads ... ok
|
||||
test masks::tests::russian_palette_has_entries ... ok
|
||||
test masks::tests::derive_mask_changes_with_ca_fp ... ok
|
||||
test masks::tests::derive_mask_deterministic_same_inputs ... ok
|
||||
test masks::tests::mask_fields_are_within_palettes ... ok
|
||||
test masks::tests::derive_mask_changes_with_date ... ok
|
||||
test masks::tests::default_palette_unchanged ... ok
|
||||
test aead::tests::counter_is_monotonic_per_seal ... ok
|
||||
test masks::tests::russian_palette_picks_from_russian_list ... ok
|
||||
test masks::tests::mixed_palette_picks_from_either ... ok
|
||||
test aead::tests::nonces_are_distinct_over_10_000_counters ... ok
|
||||
|
||||
test result: ok. 20 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.01s
|
||||
|
||||
Running tests/hybrid_kat.rs (target/debug/deps/hybrid_kat-48c10494edbb7070)
|
||||
|
||||
running 10 tests
|
||||
test test_aead_roundtrip ... ok
|
||||
test test_aead_counter_advances_on_failure ... ok
|
||||
test test_aead_tamper_detection ... ok
|
||||
test test_kdf_deterministic ... ok
|
||||
test test_aead_sequential_messages ... ok
|
||||
test test_hybrid_roundtrip ... ok
|
||||
test test_kdf_from_real_handshake ... ok
|
||||
test test_hybrid_wrong_key_disagrees ... ok
|
||||
test test_nonce_no_repeat ... ok
|
||||
test test_hybrid_roundtrip_property ... ok
|
||||
|
||||
test result: ok. 10 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.68s
|
||||
|
||||
Running tests/kat_kyber.rs (target/debug/deps/kat_kyber-241715dd9337e370)
|
||||
|
||||
running 3 tests
|
||||
test test_kyber768_kat_decapsulation ... ok
|
||||
test test_kyber768_sizes_on_fresh_keypair ... ok
|
||||
test test_kyber768_roundtrip ... ok
|
||||
|
||||
test result: ok. 3 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.02s
|
||||
|
||||
Doc-tests aura_crypto
|
||||
|
||||
running 0 tests
|
||||
|
||||
test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s
|
||||
|
||||
@@ -0,0 +1,41 @@
|
||||
Compiling aura-pki v0.1.0 (/Users/xah30/AuraVPN/crates/aura-pki)
|
||||
Finished `test` profile [unoptimized + debuginfo] target(s) in 10.53s
|
||||
Running unittests src/lib.rs (target/debug/deps/aura_pki-c13dd2248440635d)
|
||||
|
||||
running 0 tests
|
||||
|
||||
test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s
|
||||
|
||||
Running tests/crl_signing.rs (target/debug/deps/crl_signing-e091e8e0bce1f73f)
|
||||
|
||||
running 7 tests
|
||||
test missing_marker_is_rejected ... ok
|
||||
test tampered_body_fails_verification ... ok
|
||||
test empty_crl_round_trip ... ok
|
||||
test unknown_header_is_rejected ... ok
|
||||
test tampered_signature_fails_verification ... ok
|
||||
test signature_against_wrong_ca_fails ... ok
|
||||
test signed_crl_round_trip_verifies ... ok
|
||||
|
||||
test result: ok. 7 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.01s
|
||||
|
||||
Running tests/pki.rs (target/debug/deps/pki-a351653bfbc8049b)
|
||||
|
||||
running 8 tests
|
||||
test test_empty_chain_rejected ... ok
|
||||
test test_client_cert_not_valid_as_server_name ... ok
|
||||
test test_ca_issue_server_cert ... ok
|
||||
test test_ca_issue_client_cert ... ok
|
||||
test test_ca_issue_client_cert_uuid_cn ... ok
|
||||
test test_invalid_cert_rejected ... ok
|
||||
test test_save_load_roundtrip ... ok
|
||||
test test_revoked_cert_rejected ... ok
|
||||
|
||||
test result: ok. 8 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s
|
||||
|
||||
Doc-tests aura_pki
|
||||
|
||||
running 0 tests
|
||||
|
||||
test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s
|
||||
|
||||
@@ -0,0 +1,95 @@
|
||||
Compiling aura-proto v0.1.0 (/Users/xah30/AuraVPN/crates/aura-proto)
|
||||
Finished `test` profile [unoptimized + debuginfo] target(s) in 2.37s
|
||||
Running unittests src/lib.rs (target/debug/deps/aura_proto-7edee13b9723a1d1)
|
||||
|
||||
running 18 tests
|
||||
test frame::tests::control_envelope_rejects_truncated_payload ... ok
|
||||
test frame::tests::control_envelope_roundtrip ... ok
|
||||
test frame::tests::circuit_failed_envelope_roundtrip ... ok
|
||||
test frame::tests::control_envelope_skips_normal_ip_packets ... ok
|
||||
test frame::tests::control_envelope_unknown_kind_decodes_as_unknown ... ok
|
||||
test frame::tests::control_kind_bytes_stable ... ok
|
||||
test frame::tests::extend_bridge_rejects_bad_inputs ... ok
|
||||
test frame::tests::extend_bridge_roundtrip_v4_and_v6 ... ok
|
||||
test frame::tests::extend_bridge_v4_wire_layout ... ok
|
||||
test frame::tests::extend_bridge_v6_wire_layout ... ok
|
||||
test frame::tests::frame_decode_rejects_garbage ... ok
|
||||
test frame::tests::frame_roundtrip ... ok
|
||||
test frame::tests::header_rejects_oversize_and_bad_version ... ok
|
||||
test frame::tests::header_roundtrip_all_types ... ok
|
||||
test session::tests::replay_window_basic_monotonic ... ok
|
||||
test session::tests::replay_window_out_of_order_within_window ... ok
|
||||
test session::tests::replay_window_rejects_too_old ... ok
|
||||
test session::tests::datagram_roundtrip_reorder_and_replay ... ok
|
||||
|
||||
test result: ok. 18 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s
|
||||
|
||||
Running tests/control_extend.rs (target/debug/deps/control_extend-290e17e2bf0e7c00)
|
||||
|
||||
running 6 tests
|
||||
test circuit_failed_carries_utf8_reason ... ok
|
||||
test circuit_ready_envelope_has_empty_payload ... ok
|
||||
test extend_bridge_payload_roundtrips_ipv4 ... ok
|
||||
test extend_bridge_rejects_malformed_payload ... ok
|
||||
test extend_bridge_payload_roundtrips_ipv6 ... ok
|
||||
test extend_bridge_via_full_envelope ... ok
|
||||
|
||||
test result: ok. 6 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s
|
||||
|
||||
Running tests/control_frame.rs (target/debug/deps/control_frame-9c0cd4a2cd90b6d1)
|
||||
|
||||
running 7 tests
|
||||
test control_envelope_magic_does_not_collide_with_ip ... ok
|
||||
test control_envelope_rejects_truncated_payload ... ok
|
||||
test control_envelope_pass_through_for_non_control_packets ... ok
|
||||
test control_envelope_small_roundtrip ... ok
|
||||
test control_envelope_unknown_kind_decodes_as_unknown ... ok
|
||||
test control_envelope_round_trip_all_kinds ... ok
|
||||
test control_envelope_large_payload_roundtrip ... ok
|
||||
|
||||
test result: ok. 7 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.01s
|
||||
|
||||
Running tests/data_exchange.rs (target/debug/deps/data_exchange-66c8285d748033f9)
|
||||
|
||||
running 2 tests
|
||||
test ping_pong_and_close_frames_roundtrip ... ok
|
||||
test test_data_exchange_1000pkts ... ok
|
||||
|
||||
test result: ok. 2 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.11s
|
||||
|
||||
Running tests/handshake_loopback.rs (target/debug/deps/handshake_loopback-13e21367c13bfd93)
|
||||
|
||||
running 1 test
|
||||
test test_full_handshake_loopback ... ok
|
||||
|
||||
test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.02s
|
||||
|
||||
Running tests/pki_mutual_auth.rs (target/debug/deps/pki_mutual_auth-0f10fd7f46079542)
|
||||
|
||||
running 2 tests
|
||||
test wrong_ca_client_cert_is_rejected ... ok
|
||||
test forged_client_signature_is_rejected ... ok
|
||||
|
||||
test result: ok. 2 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.03s
|
||||
|
||||
Running tests/pq_wire_tap.rs (target/debug/deps/pq_wire_tap-738259f6ef41df6b)
|
||||
|
||||
running 2 tests
|
||||
test shannon_entropy_baseline ... ok
|
||||
test pq_handshake_and_data_wire_capture ... ok
|
||||
|
||||
test result: ok. 2 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.02s
|
||||
|
||||
Running tests/replay_protection.rs (target/debug/deps/replay_protection-e0916aadd85a9593)
|
||||
|
||||
running 1 test
|
||||
test test_replay_protection ... ok
|
||||
|
||||
test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.02s
|
||||
|
||||
Doc-tests aura_proto
|
||||
|
||||
running 0 tests
|
||||
|
||||
test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
Finished `test` profile [unoptimized + debuginfo] target(s) in 0.11s
|
||||
Running tests/pq_wire_tap.rs (target/debug/deps/pq_wire_tap-738259f6ef41df6b)
|
||||
|
||||
running 2 tests
|
||||
test shannon_entropy_baseline ... ok
|
||||
=== Aura PQ wire-tap test summary ===
|
||||
client_peer = "vpn.aura.example", server_peer = "client-pq-proof"
|
||||
captured c->s = 2869 bytes, s->c = 1723 bytes
|
||||
ClientHello payload = 1248 bytes (= 32 + 1184 + 32, X25519 + ML-KEM-768 ek + nonce)
|
||||
ServerHello payload = 1152 bytes (= 32 + 1088 + 32, X25519_eph + ML-KEM-768 ct + nonce)
|
||||
ServerAuth body Shannon entropy = 7.580 bits/byte over 474 bytes
|
||||
Data record AEAD body Shannon entropy = 7.829 bits/byte over 1101 bytes (plaintext was marker + 1024 zero bytes; zeros become keystream after ChaCha20)
|
||||
Plaintext marker present on wire? c->s: NO, s->c: NO
|
||||
test pq_handshake_and_data_wire_capture ... ok
|
||||
|
||||
test result: ok. 2 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.02s
|
||||
|
||||
Reference in New Issue
Block a user