Move DSA tests into System.Security.Cryptography#129320
Open
PranavSenthilnathan wants to merge 4 commits into
Open
Move DSA tests into System.Security.Cryptography#129320PranavSenthilnathan wants to merge 4 commits into
PranavSenthilnathan wants to merge 4 commits into
Conversation
Replace 'partial class DSAFactory' wiring with an abstract 'DSAProvider' base + per-provider concrete leaf classes (_Default/_Cng/_Csp/_OpenSsl), all hosted under S.S.C/tests in Windows-only/Unix-only ItemGroups. DSA test files moved out of S.S.C.Cng/Csp/OpenSsl into S.S.C/tests. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
|
Tagging subscribers to this area: @bartonjs, @vcsjones, @dotnet/area-system-security |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR refactors the DSA test suite so the shared DSA test logic lives under System.Security.Cryptography.Tests, with provider-specific “driver” types (Default / CNG / CSP / OpenSSL) selecting the appropriate DSA factory per platform. It also removes the duplicated DSA test sources from the OpenSsl/Csp/Cng test projects accordingly.
Changes:
- Replaces the old static
DSAFactory/IDSAProviderpattern with an instance-basedDSAProviderabstraction, and converts common DSA test classes fromstatic/sealedtoabstractwith provider overrides. - Adds provider-specific derived test classes and provider implementations into
System.Security.Cryptography.Tests, with platform-conditional compilation in the csproj. - Updates dependent tests and project files to reference the new structure and removes DSA test sources from the legacy per-implementation test projects.
Reviewed changes
Copilot reviewed 27 out of 28 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/PrivateKeyAssociationTests.cs | Updates DSA key-selection logic to use the new default DSA provider capability check. |
| src/libraries/System.Security.Cryptography/tests/System.Security.Cryptography.Tests.csproj | Adds new DSA provider + driver test files and wires them into platform-specific ItemGroups. |
| src/libraries/System.Security.Cryptography/tests/OpenSslDsaCommonTests.Unix.cs | Adds OpenSSL-specific derived classes to run the shared DSA common tests with DSAOpenSsl. |
| src/libraries/System.Security.Cryptography/tests/DsaOpenSslTests.Unix.cs | Moves OpenSSL-specific DSA API tests into the consolidated test assembly (Unix build). |
| src/libraries/System.Security.Cryptography/tests/DSAOpenSslProvider.Unix.cs | Converts OpenSSL provider to the new DSAProvider base pattern and adds a singleton instance. |
| src/libraries/System.Security.Cryptography/tests/DSACryptoServiceProviderProvider.Windows.cs | Converts CSP provider to the new DSAProvider base pattern and adds a singleton instance. |
| src/libraries/System.Security.Cryptography/tests/DSACryptoServiceProviderCommonTests.Windows.cs | Adds CSP-specific derived classes to run shared DSA common tests against DSACryptoServiceProvider. |
| src/libraries/System.Security.Cryptography/tests/DSACreateTests.cs | Replaces prior conditional-attribute gating with runtime gating using the new provider capability check. |
| src/libraries/System.Security.Cryptography/tests/DSACngProvider.Windows.cs | Converts CNG provider to the new DSAProvider base pattern and adds a singleton instance. |
| src/libraries/System.Security.Cryptography/tests/DSACngCommonTests.Windows.cs | Adds CNG-specific derived classes to run shared DSA common tests against DSACng. |
| src/libraries/System.Security.Cryptography/tests/DefaultDSAProvider.cs | Reworks the default provider to use DSAProvider + singleton instance. |
| src/libraries/System.Security.Cryptography/tests/DefaultDsaCommonTests.cs | Adds Default-DSA derived classes to run shared DSA common tests against DSA.Create(). |
| src/libraries/System.Security.Cryptography.OpenSsl/tests/System.Security.Cryptography.OpenSsl.Tests.csproj | Removes DSA test sources now relocated into System.Security.Cryptography.Tests. |
| src/libraries/System.Security.Cryptography.Csp/tests/System.Security.Cryptography.Csp.Tests.csproj | Removes shared DSA test sources now relocated into System.Security.Cryptography.Tests. |
| src/libraries/System.Security.Cryptography.Cng/tests/System.Security.Cryptography.Cng.Tests.csproj | Removes shared DSA test sources now relocated into System.Security.Cryptography.Tests. |
| src/libraries/System.Security.Cryptography.Cng/tests/DSACngTests.cs | Adjusts DSACng-specific tests after the shared DSA factory removal. |
| src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAXml.cs | Refactors common DSA XML tests into an abstract base using DSAProvider. |
| src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignVerify.NistValidation.cs | Refactors NIST validation tests to use instance-based provider selection and runtime gating. |
| src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignVerify.cs | Refactors sign/verify tests into abstract bases with DSAProvider injection. |
| src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatTests.cs | Refactors signature-format tests into abstract bases; shifts key generation to provider-based instance paths. |
| src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSASignatureFormatter.cs | Refactors signature formatter tests into an abstract base using DSAProvider. |
| src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAProvider.cs | Introduces the new DSAProvider abstraction used by the refactored DSA tests. |
| src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyPemTests.cs | Refactors PEM import tests into an abstract base with provider injection. |
| src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyGeneration.cs | Refactors key-generation tests into an abstract base with provider injection. |
| src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyFileTests.cs | Refactors key file tests into an abstract base with provider injection. |
| src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAImportExport.cs | Refactors import/export tests into an abstract base with provider injection and runtime gating. |
| src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactoryTests.cs | Refactors factory tests into an abstract base using provider injection. |
| src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAFactory.cs | Deletes the old static DSAFactory / IDSAProvider implementation. |
Comments suppressed due to low confidence (2)
src/libraries/System.Security.Cryptography/tests/DSACngProvider.Windows.cs:21
SupportsFips186_3is hard-coded totrue, but DSACng itself varies default key size / 2048-bit support based on Windows version. Making this reflect the actual OS capability keeps the shared tests from trying 2048/SHA-2 paths on downlevel Windows.
src/libraries/System.Security.Cryptography.Cng/tests/DSACngTests.cs:29TestImportV2Key(2048-bit import) used to be conditionally executed; making it an unconditional[Fact]can fail on downlevel Windows where 2048-bit DSA/CNG isn’t supported. Consider restoring a condition (based on Windows version) so the test skips when the platform can’t import 2048-bit keys.
public static class DsaCngTests
{
[Fact]
public static void TestImportV1Key()
{
using (CngKey key = CngKey.Import(TestData.Key_DSA1024Key, CngKeyBlobFormat.GenericPrivateBlob))
{
VerifyImportedKey(key);
Assert.Equal(1024, key.KeySize);
}
}
[Fact]
public static void TestImportV2Key()
{
using (CngKey key = CngKey.Import(TestData.Key_DSA2048Key, CngKeyBlobFormat.GenericPrivateBlob))
{
VerifyImportedKey(key);
Assert.Equal(2048, key.KeySize);
}
}
bartonjs
reviewed
Jun 12, 2026
- Rename DSA test registration files to DSATestRegistration.<Provider>.cs - Remove dead #if NET guards around DSASignVerify_Span_* leaves (SSC tests only target NetCoreAppCurrent) - Remove redundant parens and add blank lines per style nits in DSAKeyGeneration.cs and DSACreateTests.cs - Move DSACngTests.cs from S.S.C.Cng/tests to S.S.C/tests so it can use DSACngProvider.Instance.SupportsFips186_3 directly; inline the three CNG-specific key blobs and remove them from TestData.cs Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Moved DSACryptoServiceProviderTests.cs from S.S.C.Csp/tests to S.S.C/tests with file lists in both the Windows and Unix ItemGroups so it runs on the two platforms where DSACryptoServiceProvider has a real implementation. - Renamed DSACryptoServiceProviderProvider.Windows.cs and DSATestRegistration.Csp.Windows.cs to drop the .Windows suffix since they are no longer Windows-only. - Split ShimHelpers into a partial class: TestSymmetricAlgorithmProperties stays in the Csp tests project; VerifyAllBaseMembersOverridden moves to S.S.C/tests/ShimHelpers.cs and is linked into the Csp tests project so it continues to be reachable from the symmetric algorithm tests. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Comment on lines
823
to
831
| <Compile Include="Interop.EVP.ExtraHandle.cs" /> | ||
| <Compile Include="DsaOpenSslTests.Unix.cs" /> | ||
| <Compile Include="DSAOpenSslProvider.Unix.cs" /> | ||
| <Compile Include="DSATestRegistration.OpenSsl.Unix.cs" /> | ||
| <Compile Include="DSACryptoServiceProviderProvider.cs" /> | ||
| <Compile Include="DSACryptoServiceProviderTests.cs" /> | ||
| <Compile Include="DSATestRegistration.Csp.cs" /> | ||
| <Compile Include="ShimHelpers.cs" /> | ||
| <Compile Include="MLDsaOpenSslTests.Unix.cs" /> |
Member
Author
There was a problem hiding this comment.
There is a Unix implementation and it forwards to the default implementation (which would be OpenSSL):
Added DSAProvider.ThrowSkipTestExceptionIfFips186_3IsNotSupported(),
which throws SkipTestException when the provider doesn't support
FIPS 186-3. Replaced every
if (!DSAFactory.SupportsFips186_3) { return; }
skip pattern with a single call to the helper and switched the
corresponding [Fact]/[Theory] attributes to [ConditionalFact]/
[ConditionalTheory] so the runner reports the test as Skipped rather
than silently Passing.
This makes the Csp leaf's now-reachable 2048-bit tests show up as
'Skip' (with the reason 'Platform does not support FIPS 186-3.')
instead of pretending to pass.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
bartonjs
reviewed
Jun 12, 2026
| <Compile Include="DSACryptoServiceProviderProvider.Windows.cs" /> | ||
| <Compile Include="DSACryptoServiceProviderCommonTests.Windows.cs" /> | ||
| <Compile Include="DSACngTests.Windows.cs" /> | ||
| <Compile Include="DSATestRegistration.Cng.Windows.cs" /> |
bartonjs
reviewed
Jun 12, 2026
| <Compile Include="DSACryptoServiceProviderProvider.cs" /> | ||
| <Compile Include="DSACryptoServiceProviderTests.cs" /> | ||
| <Compile Include="DSATestRegistration.Csp.cs" /> | ||
| <Compile Include="ShimHelpers.cs" /> |
bartonjs
reviewed
Jun 12, 2026
| { | ||
| return; | ||
| } | ||
| DefaultDSAProvider.Instance.ThrowSkipTestExceptionIfFips186_3IsNotSupported(); |
Member
There was a problem hiding this comment.
I'd've called it something based on "Require" or "Assert" instead of "ThrowSkipTest...", e.g. DefaultDSAProvider.Instance.AssertFips186_3(). Particularly because the name you have here puts the "FIPS 186-3" part buried in the middle.
Open
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Currently
System.Security.Cryptography.OpenSsl.Tests,System.Security.Cryptography.Csp.Tests,System.Security.Cryptography.Cng.TestsandSystem.Security.Cryptography.Testseach produce separate assemblies with different static DSA factories to test a specific creation methods (DSAOpenSsl, DSACng, DSACsp, or just DSA). This PR consolidates all these tests intoSystem.Security.Cryptography.Testsby:This is currently scoped to DSA since the changes were starting to get large, so EC and RSA will be follow-ups instead.
Contributes to #66338