Merged
Conversation
kenneth-tucker
force-pushed
the
user/v-ktucker/200-more-testing-aes-xts
branch
2 times, most recently
from
ea90eb2 to
3f5c76a
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR expands AES-XTS test coverage in the C++ test suite and refactors shared AES test utilities so CBC/GCM/XTS tests can reuse common helper routines. It also adds an AES-XTS unwrap/unmask precheck at the Rust DDI layer to fail earlier on unusable XTS key pairs.
Changes:
- Added extensive AES-XTS encryption/decryption correctness, validation, and malformed-input coverage in C++ tests.
- Introduced shared AES C++ test helpers (
helpers.hpp/.cpp) and updated CBC/GCM/XTS tests to use them; removed the oldkat.cpp/hpp. - Added a minimal XTS “operability” precheck during unwrap/unmask in
aes_xts_key.rs.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| api/tests/cpp/handle_mgmt_tests.cpp | Switches AES key generation helper used by handle-management tests to the new CBC helper. |
| api/tests/cpp/algo/aes/xts_enc_dec_tests.cpp | Major expansion of AES-XTS test coverage plus new blob-wrap/unmask/unwrap negative tests. |
| api/tests/cpp/algo/aes/helpers.hpp | Adds shared test helper declarations/types (crypt wrappers, generators, sweeps, KAT structs). |
| api/tests/cpp/algo/aes/helpers.cpp | Implements shared AES test helpers and key generators; migrates KAT import helper here. |
| api/tests/cpp/algo/aes/gcm_enc_dec_tests.cpp | Refactors to use shared helpers and adds more AES-GCM coverage. |
| api/tests/cpp/algo/aes/cbc_enc_dec_tests.cpp | Refactors to use shared helpers; adjusts KAT import call to new signature. |
| api/tests/cpp/algo/aes/kat.hpp | Deleted (KAT structs/utilities moved into shared helpers). |
| api/tests/cpp/algo/aes/kat.cpp | Deleted (KAT import helper moved into shared helpers implementation). |
| api/tests/cpp/CMakeLists.txt | Replaces kat.cpp with helpers.cpp in the test build. |
| api/lib/src/ddi/aes_xts_key.rs | Adds unwrap/unmask XTS pair operability precheck; introduces new helper function. |
mhatrevi
reviewed
Feb 27, 2026
mhatrevi
reviewed
Feb 27, 2026
mhatrevi
reviewed
Feb 27, 2026
kenneth-tucker
force-pushed
the
user/v-ktucker/200-more-testing-aes-xts
branch
from
bf64920 to
dd7b746
Compare
kenneth-tucker
force-pushed
the
user/v-ktucker/200-more-testing-aes-xts
branch
2 times, most recently
from
ceeca14 to
6c32ee2
Compare
kenneth-tucker
force-pushed
the
user/v-ktucker/200-more-testing-aes-xts
branch
from
6c32ee2 to
0cca762
Compare
kenneth-tucker
force-pushed
the
user/v-ktucker/200-more-testing-aes-xts
branch
from
0cca762 to
90dcaba
Compare
kenneth-tucker
force-pushed
the
user/v-ktucker/200-more-testing-aes-xts
branch
from
90dcaba to
06c2b01
Compare
kenneth-tucker
force-pushed
the
user/v-ktucker/200-more-testing-aes-xts
branch
from
c9b0cdc to
59245d9
Compare
kenneth-tucker
force-pushed
the
user/v-ktucker/200-more-testing-aes-xts
branch
from
59245d9 to
279e9be
Compare
kenneth-tucker
force-pushed
the
user/v-ktucker/200-more-testing-aes-xts
branch
from
279e9be to
7f80b61
Compare
mhatrevi
reviewed
Mar 9, 2026
kenneth-tucker
force-pushed
the
user/v-ktucker/200-more-testing-aes-xts
branch
from
7f80b61 to
f21e8a2
Compare
kenneth-tucker
force-pushed
the
user/v-ktucker/200-more-testing-aes-xts
branch
from
f21e8a2 to
2644ac6
Compare
…nd key2 match. This was needed to fix the failing test case, azihsm_aes_xts.unwrap_xts_blob_identical_halves_is_rejected.
kenneth-tucker
force-pushed
the
user/v-ktucker/200-more-testing-aes-xts
branch
from
2644ac6 to
ca026d9
Compare
mhatrevi
approved these changes
Mar 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue:
#200
Note: this change is based on AES GCM changes because of shared test utilities. I'll rebase this on main once that is merged. See #210