diff options
| author | tb <> | 2026-01-22 08:59:40 +0000 |
|---|---|---|
| committer | tb <> | 2026-01-22 08:59:40 +0000 |
| commit | 7230345c386ca08c3bd745cb449fc7fa99ee0081 (patch) | |
| tree | 84f06e7e462006f7756e63738ad247d3befe74cf | |
| parent | 28d8cf0bbfe2d8e27749a1453bd2771c8e41c31b (diff) | |
| download | openbsd-7230345c386ca08c3bd745cb449fc7fa99ee0081.tar.gz openbsd-7230345c386ca08c3bd745cb449fc7fa99ee0081.tar.bz2 openbsd-7230345c386ca08c3bd745cb449fc7fa99ee0081.zip | |
ML-KEM: don't treat API failure as test failure for invalid test cases
An update to the test vectors adds tests which verifies that the API
correctly rejects some inputs.
| -rw-r--r-- | src/regress/lib/libcrypto/wycheproof/wycheproof.go | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go index 397958ac15..a204503c3e 100644 --- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: wycheproof.go,v 1.196 2026/01/01 12:47:52 tb Exp $ */ | 1 | /* $OpenBSD: wycheproof.go,v 1.197 2026/01/22 08:59:40 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2018,2019,2022-2025 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2018,2019,2022-2025 Theo Buehler <tb@openbsd.org> |
| @@ -2387,8 +2387,11 @@ func runMLKEMTestGroup(rank C.int, wt *wycheproofTestMLKEM) bool { | |||
| 2387 | ek, _ := mustDecodeHexString(wt.Ek, "ek") | 2387 | ek, _ := mustDecodeHexString(wt.Ek, "ek") |
| 2388 | 2388 | ||
| 2389 | if C.MLKEM_private_key_from_seed(privKey, (*C.uchar)(unsafe.Pointer(&seed[0])), C.size_t(seedLen)) != 1 { | 2389 | if C.MLKEM_private_key_from_seed(privKey, (*C.uchar)(unsafe.Pointer(&seed[0])), C.size_t(seedLen)) != 1 { |
| 2390 | fmt.Printf("%s - MLKEM_private_key_from_seed failed\n", wt) | 2390 | if wt.Result != "invalid" { |
| 2391 | return false | 2391 | fmt.Printf("%s - MLKEM_private_key_from_seed failed\n", wt) |
| 2392 | return false; | ||
| 2393 | } | ||
| 2394 | return true | ||
| 2392 | } | 2395 | } |
| 2393 | 2396 | ||
| 2394 | if C.MLKEM_public_from_private(privKey, pubKey) != 1 { | 2397 | if C.MLKEM_public_from_private(privKey, pubKey) != 1 { |
| @@ -2416,8 +2419,11 @@ func runMLKEMTestGroup(rank C.int, wt *wycheproofTestMLKEM) bool { | |||
| 2416 | var sharedSecretLen C.size_t | 2419 | var sharedSecretLen C.size_t |
| 2417 | defer C.free(unsafe.Pointer(sharedSecret)) | 2420 | defer C.free(unsafe.Pointer(sharedSecret)) |
| 2418 | if C.MLKEM_decap(privKey, (*C.uchar)(unsafe.Pointer(&c[0])), C.size_t(cLen), (**C.uchar)(unsafe.Pointer(&sharedSecret)), (*C.size_t)(unsafe.Pointer(&sharedSecretLen))) != 1 { | 2421 | if C.MLKEM_decap(privKey, (*C.uchar)(unsafe.Pointer(&c[0])), C.size_t(cLen), (**C.uchar)(unsafe.Pointer(&sharedSecret)), (*C.size_t)(unsafe.Pointer(&sharedSecretLen))) != 1 { |
| 2419 | fmt.Printf("%s - MLKEM_decap failed\n", wt) | 2422 | if wt.Result != "invalid" { |
| 2420 | return false | 2423 | fmt.Printf("%s - MLKEM_decap failed\n", wt) |
| 2424 | return false | ||
| 2425 | } | ||
| 2426 | return true | ||
| 2421 | } | 2427 | } |
| 2422 | gotK := unsafe.Slice((*byte)(unsafe.Pointer(sharedSecret)), sharedSecretLen) | 2428 | gotK := unsafe.Slice((*byte)(unsafe.Pointer(sharedSecret)), sharedSecretLen) |
| 2423 | 2429 | ||