-rw-r--r-- 2840 lib25519-20240928/doc/test.md raw
To run the full test suite after compiling and installing lib25519, run `lib25519-fulltest`. This indicates success in two ways: it prints `full tests succeeded` as its last line of output; it exits 0. Any change in the compiled library (compiling for a different architecture, compiling with a different compiler, etc.) must be subjected to a new round of tests. A compiled version of lib25519 that does not pass the full test suite is **not supported**. One run of `lib25519-fulltest` was observed to take 31 core-minutes on a 3.3GHz Intel Core i3-12100 with overclocking disabled. This test finished in 6 minutes of real time; `lib25519-fulltest` includes some automatic parallelization. To limit the number of threads used to 1, run `env THREADS=1 lib25519-fulltest`. lib25519 automatically selects AVX2 implementations when it is running on an Intel/AMD CPU that supports AVX2, while falling back to portable implementations otherwise. Running `lib25519-fulltest` on an Intel/AMD CPU without AVX2 will say `CPU does not support implementation` for the AVX2 implementations and will fail. To test a compilation of lib25519 for Intel/AMD CPUs, you have to pick an Intel/AMD CPU with AVX2 to run `lib25519-fulltest`. The rest of this page says more about what is happening inside `lib25519-fulltest`. ### <a name="conventional"></a>Conventional tests The workhorse inside `lib25519-fulltest` is a separate `lib25519-test` program. Simply calling `lib25519-test` without arguments will run SUPERCOP-style tests that the subroutines in lib25519 produce the expected results for known inputs (including known randomness), and will indicate success in two ways: printing `all tests succeeded` as the last line of output, and exiting 0. For parallelism, `lib25519-fulltest` calls `lib25519-test` many times, using optional `lib25519-test` arguments to narrow which subroutines are being tested. ### <a name="dataflow"></a>Data-flow tests Another way that `lib25519-fulltest` runs `lib25519-test` is as follows, running TIMECOP-style tests that branch conditions and array indices are independent of secrets: env valgrind_multiplier=1 \ valgrind -q \ --error-exitcode=99 \ lib25519-test This requires `valgrind` to be installed at test time. The output will include a line `valgrind 1 declassify 1` if the library was compiled with `--valgrind` (which is the only supported option), or a line `valgrind 1 declassify 0 (expect false positives)` otherwise. These data-flow tests do not supersede the conventional tests. The conventional tests run code directly on the CPU and might catch issues hidden by the emulation in `valgrind`. The conventional tests also include some memory tests that are disabled to improve the `valgrind` memory tests but that are not necessarily superseded by the `valgrind` memory tests.