From 352a79122a19c7c4b4696c347cd7b0cb5e6ccf30 Mon Sep 17 00:00:00 2001 From: Dave Mihalcik Date: Fri, 22 May 2026 15:13:35 -0400 Subject: [PATCH] fix(xtest): correct PQC feature guard version threshold and algorithm error detection MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two bugs causing spurious CI failures in test_pqc.py when testing against older platform versions: 1. **`tdfs.py` version threshold** — `mechanism-xwing` and `mechanism-secpmlkem` were gated at `>= (0, 14, 0)`, but the key management API for hpqt:* algorithms didn't land until after `service/v0.15.0`. Platform v0.15.0 rejects them with a protobuf validation error (`key_algorithm_defined`), causing tests to ERROR (fixture crash) rather than SKIP. Raise threshold to `(0, 16, 0)`. 2. **`otdfctl.py` error string** — `kas_registry_create_key` only matched `"Invalid key parameters: invalid algorithm"` to raise `InvalidAlgorithm`. Platform v0.15.0 returns `"key_algorithm_defined"` (a protobuf validation error), which fell through to a bare `AssertionError`, turning what should be a pytest.skip into a test ERROR. Extend the match condition. These fixes target PR #461 (fix/DSPX-3356-xwing-kao-size-assertions) which was failing on `xct (v0.15.0, go@v0.32.0)` for exactly these reasons. Co-Authored-By: Claude Sonnet 4.6 (1M context) --- xtest/otdfctl.py | 5 ++++- xtest/tdfs.py | 6 ++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/xtest/otdfctl.py b/xtest/otdfctl.py index b937aa58..9ab99d47 100644 --- a/xtest/otdfctl.py +++ b/xtest/otdfctl.py @@ -312,7 +312,10 @@ def kas_registry_create_key( # Handle race condition: if key already exists, return the existing one if process.returncode != 0: err_str = (err.decode() if err else "") + (out.decode() if out else "") - if "Invalid key parameters: invalid algorithm" in err_str: + if ( + "Invalid key parameters: invalid algorithm" in err_str + or "key_algorithm_defined" in err_str + ): raise InvalidAlgorithm( f"Algorithm not supported by platform: {err_str}" ) diff --git a/xtest/tdfs.py b/xtest/tdfs.py index 4501604c..2dcd2875 100644 --- a/xtest/tdfs.py +++ b/xtest/tdfs.py @@ -136,8 +136,10 @@ def __init__(self, **kwargs: dict[str, Any]): if self.semver >= (0, 13, 0): self.features.add("mechanism-ec-curves-384-521") - # X-Wing hybrid PQ/T KEM support (ML-KEM-768 + X25519) - if self.semver >= (0, 14, 0): + # X-Wing / secp+ML-KEM hybrid PQ/T KEM support. + # Key management API for hpqt:* algorithms landed after service/v0.15.0; + # v0.15.0 rejects them with a key_algorithm validation error. + if self.semver >= (0, 16, 0): self.features.add("mechanism-xwing") self.features.add("mechanism-secpmlkem")