[openpgp] The combinatorial complexity of OpenPGPv4
David Leon Gil <coruus@gmail.com> Sat, 14 March 2015 00:04 UTC
Return-Path: <coruus@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81E011A87CD for <openpgp@ietfa.amsl.com>; Fri, 13 Mar 2015 17:04:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tYW0z5vjU5vm for <openpgp@ietfa.amsl.com>; Fri, 13 Mar 2015 17:04:28 -0700 (PDT)
Received: from mail-yk0-x232.google.com (mail-yk0-x232.google.com [IPv6:2607:f8b0:4002:c07::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 573B61A89B5 for <openpgp@ietf.org>; Fri, 13 Mar 2015 17:04:27 -0700 (PDT)
Received: by ykft125 with SMTP id t125so54691ykf.1 for <openpgp@ietf.org>; Fri, 13 Mar 2015 17:04:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=QLvf4ZmTejaoPVUdkKK5TBllZ9CbPAqupHwLGg3yeKI=; b=DlIONbDlYJpPO8G2RG30MQQSx+gyzULdAeOQ3GuL5i7nSqCxU2NnBMsb/cdvx8LJxx EP/t+4KttSP7jiygsc4hy8g4MflnfCob73wmQ2aKb6Jeuku4d+fquOF2Lj+5vySVkO/W E/MimC7HcXYzxvf4sPtPzlUzS90Ys6RoBoD/oiJa9dXa5chfGRHqmkWT36cn0YVjz2pe X2dywGQE3Ff6UFkfDWGA3JWVNoy0pdRTwskLSOWXHTqzuTBYHenusTp1B6XUtY5fwwWg 5owxMcpWNTWfg62Sw6cXeoeirblL1JRNjm7e+nLdDb5cCVUdGInN5DaskNq8P7xkjmI+ mM9w==
X-Received: by 10.170.113.130 with SMTP id f124mr56571092ykb.90.1426291466735; Fri, 13 Mar 2015 17:04:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.170.125.80 with HTTP; Fri, 13 Mar 2015 17:04:06 -0700 (PDT)
From: David Leon Gil <coruus@gmail.com>
Date: Fri, 13 Mar 2015 17:04:06 -0700
Message-ID: <CAA7UWsV9RbPCNfbxumsQ-r02Rb3PG6h1fu_ENQrcSg=45a+QnA@mail.gmail.com>
To: "openpgp@ietf.org" <openpgp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/5rA4X2eTbsb1kdBKwp4DMowKVAM>
Subject: [openpgp] The combinatorial complexity of OpenPGPv4
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Mar 2015 00:04:29 -0000
Suppose that I want to test whether an implementation
handles all OpenPGPv4 signed-then-encrypted messages
correctly. How many test cases do I need?
Let's suppose, first, that I prove that handling of
PTag formats is independent of the rest of the code.
In that case, the packet composition is either:
PKESK
SEIPD
COMPRESSED
LITERAL
SIGNATURE
MDC
Or:
PKESK
SE
COMPRESSED
LITERAL
SIGNATURE
How many different ways can I compose this message?
15 * 24 * 4 * 3 * 35
- 15: PKESK
- RSA-ES
- RSA-E
- ELG-E
- 12 ECDH combinations:
- 3 curves
- P-256
- P-384
- P-521
- 4 KDF hash algorithms
- SHA2-224
- SHA2-256
- SHA2-384
- SHA2-512
- 24: SEIPD
- 2 choices of packet type
- SE
- SEIPD
- 12 encryption algorithms
- Plaintext (prohibited)
- IDEA
- TripleDES
- CAST5
- Blowfish
- AES128
- AES192
- AES256
- Twofish
- CAMELLIA128
- CAMELLIA192
- CAMELLIA256
- 4: Compressed
- Uncompressed
- ZLIB
- DEFLATE
- BZIP2
- 3: Literal
- UTF-8
- Binary
- Local
- 35: Signature
- 5 asymmetric algorithms:
- RSA-ES
- RSA-S
- DSA
- ECDSA
- ED25519 (GnuPG)
- 7 hash algorithms:
- MD5
- SHA-1
- RIPEMD160
- SHA2-224
- SHA2-256
- SHA2-384
- SHA2-512
Or: 151,200 test cases. For the simplest message anyone
wants to send.
Not including any of the details of signature subpackets,
or unusual (but valid) variants of PKESKs etc. I previously
calculated that number, but it is so absurdly huge I won't
bother.
- David
- Re: [openpgp] The combinatorial complexity of Ope… David Gil
- Re: [openpgp] The combinatorial complexity of Ope… Derek Atkins
- Re: [openpgp] The combinatorial complexity of Ope… Derek Atkins
- Re: [openpgp] The combinatorial complexity of Ope… David Leon Gil
- Re: [openpgp] The combinatorial complexity of Ope… Peter Gutmann
- Re: [openpgp] The combinatorial complexity of Ope… Werner Koch
- Re: [openpgp] The combinatorial complexity of Ope… Derek Atkins
- Re: [openpgp] The combinatorial complexity of Ope… Christoph Anton Mitterer
- Re: [openpgp] The combinatorial complexity of Ope… Phillip Hallam-Baker
- [openpgp] The combinatorial complexity of OpenPGP… David Leon Gil
- Re: [openpgp] The combinatorial complexity of Ope… Falcon Darkstar Momot