Consider the introduction of a test which empirically validates that the rate of signature rejection, and accordingly the number of attempts required for a successful signature, matches the expectation from FIPS204.
This can be based on #1059 which introduces an option MLD_CONFIG_MAX_SIGNING_ATTEMPTS to limit the number of signature attempts. Setting this to 1 one, one can analyze the failure rate from the top-level API. Alternatively, one could consider if there's a way to get the # of signing attempts by some other means -- TBD.
Consider the introduction of a test which empirically validates that the rate of signature rejection, and accordingly the number of attempts required for a successful signature, matches the expectation from FIPS204.
This can be based on #1059 which introduces an option
MLD_CONFIG_MAX_SIGNING_ATTEMPTSto limit the number of signature attempts. Setting this to1one, one can analyze the failure rate from the top-level API. Alternatively, one could consider if there's a way to get the # of signing attempts by some other means -- TBD.