[openpgp] The combinatorial complexity of OpenPGPv4
David Leon Gil <coruus@gmail.com> Sat, 14 March 2015 00:04 UTC
Return-Path: <coruus@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81E011A87CD for <openpgp@ietfa.amsl.com>; Fri, 13 Mar 2015 17:04:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tYW0z5vjU5vm for <openpgp@ietfa.amsl.com>; Fri, 13 Mar 2015 17:04:28 -0700 (PDT)
Received: from mail-yk0-x232.google.com (mail-yk0-x232.google.com [IPv6:2607:f8b0:4002:c07::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 573B61A89B5 for <openpgp@ietf.org>; Fri, 13 Mar 2015 17:04:27 -0700 (PDT)
Received: by ykft125 with SMTP id t125so54691ykf.1 for <openpgp@ietf.org>; Fri, 13 Mar 2015 17:04:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=QLvf4ZmTejaoPVUdkKK5TBllZ9CbPAqupHwLGg3yeKI=; b=DlIONbDlYJpPO8G2RG30MQQSx+gyzULdAeOQ3GuL5i7nSqCxU2NnBMsb/cdvx8LJxx EP/t+4KttSP7jiygsc4hy8g4MflnfCob73wmQ2aKb6Jeuku4d+fquOF2Lj+5vySVkO/W E/MimC7HcXYzxvf4sPtPzlUzS90Ys6RoBoD/oiJa9dXa5chfGRHqmkWT36cn0YVjz2pe X2dywGQE3Ff6UFkfDWGA3JWVNoy0pdRTwskLSOWXHTqzuTBYHenusTp1B6XUtY5fwwWg 5owxMcpWNTWfg62Sw6cXeoeirblL1JRNjm7e+nLdDb5cCVUdGInN5DaskNq8P7xkjmI+ mM9w==
X-Received: by 10.170.113.130 with SMTP id f124mr56571092ykb.90.1426291466735; Fri, 13 Mar 2015 17:04:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.170.125.80 with HTTP; Fri, 13 Mar 2015 17:04:06 -0700 (PDT)
From: David Leon Gil <coruus@gmail.com>
Date: Fri, 13 Mar 2015 17:04:06 -0700
Message-ID: <CAA7UWsV9RbPCNfbxumsQ-r02Rb3PG6h1fu_ENQrcSg=45a+QnA@mail.gmail.com>
To: "openpgp@ietf.org" <openpgp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/5rA4X2eTbsb1kdBKwp4DMowKVAM>
Subject: [openpgp] The combinatorial complexity of OpenPGPv4
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Mar 2015 00:04:29 -0000
Suppose that I want to test whether an implementation handles all OpenPGPv4 signed-then-encrypted messages correctly. How many test cases do I need? Let's suppose, first, that I prove that handling of PTag formats is independent of the rest of the code. In that case, the packet composition is either: PKESK SEIPD COMPRESSED LITERAL SIGNATURE MDC Or: PKESK SE COMPRESSED LITERAL SIGNATURE How many different ways can I compose this message? 15 * 24 * 4 * 3 * 35 - 15: PKESK - RSA-ES - RSA-E - ELG-E - 12 ECDH combinations: - 3 curves - P-256 - P-384 - P-521 - 4 KDF hash algorithms - SHA2-224 - SHA2-256 - SHA2-384 - SHA2-512 - 24: SEIPD - 2 choices of packet type - SE - SEIPD - 12 encryption algorithms - Plaintext (prohibited) - IDEA - TripleDES - CAST5 - Blowfish - AES128 - AES192 - AES256 - Twofish - CAMELLIA128 - CAMELLIA192 - CAMELLIA256 - 4: Compressed - Uncompressed - ZLIB - DEFLATE - BZIP2 - 3: Literal - UTF-8 - Binary - Local - 35: Signature - 5 asymmetric algorithms: - RSA-ES - RSA-S - DSA - ECDSA - ED25519 (GnuPG) - 7 hash algorithms: - MD5 - SHA-1 - RIPEMD160 - SHA2-224 - SHA2-256 - SHA2-384 - SHA2-512 Or: 151,200 test cases. For the simplest message anyone wants to send. Not including any of the details of signature subpackets, or unusual (but valid) variants of PKESKs etc. I previously calculated that number, but it is so absurdly huge I won't bother. - David
- Re: [openpgp] The combinatorial complexity of Ope… David Gil
- Re: [openpgp] The combinatorial complexity of Ope… Derek Atkins
- Re: [openpgp] The combinatorial complexity of Ope… Derek Atkins
- Re: [openpgp] The combinatorial complexity of Ope… David Leon Gil
- Re: [openpgp] The combinatorial complexity of Ope… Peter Gutmann
- Re: [openpgp] The combinatorial complexity of Ope… Werner Koch
- Re: [openpgp] The combinatorial complexity of Ope… Derek Atkins
- Re: [openpgp] The combinatorial complexity of Ope… Christoph Anton Mitterer
- Re: [openpgp] The combinatorial complexity of Ope… Phillip Hallam-Baker
- [openpgp] The combinatorial complexity of OpenPGP… David Leon Gil
- Re: [openpgp] The combinatorial complexity of Ope… Falcon Darkstar Momot