diff options
| author | tb <> | 2024-12-20 00:07:12 +0000 |
|---|---|---|
| committer | tb <> | 2024-12-20 00:07:12 +0000 |
| commit | b1838090ad769162b2ea08f33254c67d084bb22f (patch) | |
| tree | f04653a882e3c8a90b00b8e6f900e4a225736db9 /src/regress/lib/libcrypto/mlkem/mlkem_unittest.c | |
| parent | 86a35b733e7f43fa01b1c83b3c582855e18ef432 (diff) | |
| download | openbsd-b1838090ad769162b2ea08f33254c67d084bb22f.tar.gz openbsd-b1838090ad769162b2ea08f33254c67d084bb22f.tar.bz2 openbsd-b1838090ad769162b2ea08f33254c67d084bb22f.zip | |
Rework and fix the mlkem tests
Make proper use of CBB and CBS. If a CBS ever owns data, you're holding
it wrong. Ditch gross macros, sscanf, and globals. The use of fgets is
annoying here, so replace it with getline, which be provided by portable
if needed.
Most importantly, make the tests actually signal failure rather than
only printing an error. Fix the state machines in a few of them. Some
tests didn't parse the .txt file at all. Others mostly did but didn't
actually test what they were supposed to be testing. Such failures
were hidden by the way the tests were written.
This basically needed a complete revamp. It still isn't pretty and much
of it could be deduplicated, but I only have so much time alotted on this
blue planet.
Diffstat (limited to 'src/regress/lib/libcrypto/mlkem/mlkem_unittest.c')
| -rw-r--r-- | src/regress/lib/libcrypto/mlkem/mlkem_unittest.c | 387 |
1 files changed, 210 insertions, 177 deletions
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c b/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c index b8779135e5..18bf128bea 100644 --- a/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c +++ b/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | /* $OpenBSD: mlkem_unittest.c,v 1.3 2024/12/14 19:16:24 tb Exp $ */ | 1 | /* $OpenBSD: mlkem_unittest.c,v 1.4 2024/12/20 00:07:12 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2024, Google Inc. | 3 | * Copyright (c) 2024 Google Inc. |
| 4 | * Copyright (c) 2024, Bob Beck <beck@obtuse.com> | 4 | * Copyright (c) 2024 Bob Beck <beck@obtuse.com> |
| 5 | * | 5 | * |
| 6 | * Permission to use, copy, modify, and/or distribute this software for any | 6 | * Permission to use, copy, modify, and/or distribute this software for any |
| 7 | * purpose with or without fee is hereby granted, provided that the above | 7 | * purpose with or without fee is hereby granted, provided that the above |
| @@ -16,52 +16,22 @@ | |||
| 16 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 16 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 17 | */ | 17 | */ |
| 18 | 18 | ||
| 19 | #include <err.h> | ||
| 19 | #include <stdint.h> | 20 | #include <stdint.h> |
| 20 | #include <stdio.h> | 21 | #include <stdio.h> |
| 21 | #include <stdlib.h> | 22 | #include <stdlib.h> |
| 22 | #include <string.h> | 23 | #include <string.h> |
| 23 | 24 | ||
| 24 | #include <openssl/bytestring.h> | 25 | #include "bytestring.h" |
| 25 | #include <openssl/mlkem.h> | 26 | #include "mlkem.h" |
| 26 | 27 | ||
| 27 | #include "mlkem_internal.h" | ||
| 28 | #include "mlkem_tests_util.h" | 28 | #include "mlkem_tests_util.h" |
| 29 | 29 | ||
| 30 | static int | 30 | static int |
| 31 | encode_public_key(const struct MLKEM768_public_key *pub, uint8_t **out_buf, | 31 | MlKem768UnitTest(void) |
| 32 | size_t *out_len) | ||
| 33 | { | 32 | { |
| 34 | CBB cbb; | 33 | struct MLKEM768_private_key priv = { 0 }, priv2 = { 0 }; |
| 35 | if (!CBB_init(&cbb, MLKEM768_PUBLIC_KEY_BYTES)) | 34 | struct MLKEM768_public_key pub = { 0 }, pub2 = { 0 }; |
| 36 | return 0; | ||
| 37 | if (!MLKEM768_marshal_public_key(&cbb, pub)) | ||
| 38 | return 0; | ||
| 39 | if (!CBB_finish(&cbb, out_buf, out_len)) | ||
| 40 | return 0; | ||
| 41 | CBB_cleanup(&cbb); | ||
| 42 | return 1; | ||
| 43 | } | ||
| 44 | |||
| 45 | static int | ||
| 46 | encode_private_key(const struct MLKEM768_private_key *priv, uint8_t **out_buf, | ||
| 47 | size_t *out_len) | ||
| 48 | { | ||
| 49 | CBB cbb; | ||
| 50 | if (!CBB_init(&cbb, MLKEM768_PUBLIC_KEY_BYTES)) | ||
| 51 | return 0; | ||
| 52 | if (!MLKEM768_marshal_private_key(&cbb, priv)) | ||
| 53 | return 0; | ||
| 54 | if (!CBB_finish(&cbb, out_buf, out_len)) | ||
| 55 | return 0; | ||
| 56 | CBB_cleanup(&cbb); | ||
| 57 | return 1; | ||
| 58 | } | ||
| 59 | |||
| 60 | static void | ||
| 61 | MlKem768UnitTest() | ||
| 62 | { | ||
| 63 | struct MLKEM768_private_key *priv, *priv2; | ||
| 64 | struct MLKEM768_public_key *pub, *pub2; | ||
| 65 | uint8_t encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES]; | 35 | uint8_t encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES]; |
| 66 | uint8_t ciphertext[MLKEM768_CIPHERTEXT_BYTES]; | 36 | uint8_t ciphertext[MLKEM768_CIPHERTEXT_BYTES]; |
| 67 | uint8_t shared_secret1[MLKEM_SHARED_SECRET_BYTES]; | 37 | uint8_t shared_secret1[MLKEM_SHARED_SECRET_BYTES]; |
| @@ -70,123 +40,138 @@ MlKem768UnitTest() | |||
| 70 | uint8_t *encoded_private_key = NULL, *tmp_buf = NULL; | 40 | uint8_t *encoded_private_key = NULL, *tmp_buf = NULL; |
| 71 | size_t encoded_private_key_len, tmp_buf_len; | 41 | size_t encoded_private_key_len, tmp_buf_len; |
| 72 | CBS cbs; | 42 | CBS cbs; |
| 43 | int failed = 0; | ||
| 73 | 44 | ||
| 74 | fprintf(stderr, "ML-KEM 768...\n"); | 45 | MLKEM768_generate_key(encoded_public_key, NULL, &priv); |
| 75 | |||
| 76 | MALLOC(priv, sizeof(struct MLKEM768_private_key)); | ||
| 77 | MLKEM768_generate_key(encoded_public_key, NULL, priv); | ||
| 78 | 46 | ||
| 79 | memcpy(first_two_bytes, encoded_public_key, sizeof(first_two_bytes)); | 47 | memcpy(first_two_bytes, encoded_public_key, sizeof(first_two_bytes)); |
| 80 | memset(encoded_public_key, 0xff, sizeof(first_two_bytes)); | 48 | memset(encoded_public_key, 0xff, sizeof(first_two_bytes)); |
| 81 | CBS_init(&cbs, encoded_public_key, | 49 | |
| 82 | sizeof(encoded_public_key)); | 50 | CBS_init(&cbs, encoded_public_key, sizeof(encoded_public_key)); |
| 83 | MALLOC(pub, sizeof(struct MLKEM768_public_key)); | 51 | |
| 84 | /* Parsing should fail because the first coefficient is >= kPrime; */ | 52 | /* Parsing should fail because the first coefficient is >= kPrime. */ |
| 85 | TEST(MLKEM768_parse_public_key(pub, &cbs), | 53 | if (MLKEM768_parse_public_key(&pub, &cbs)) { |
| 86 | "Kyber_parse_public_key should have failed"); | 54 | warnx("MLKEM768_parse_public_key should have failed"); |
| 55 | failed |= 1; | ||
| 56 | } | ||
| 87 | 57 | ||
| 88 | memcpy(encoded_public_key, first_two_bytes, sizeof(first_two_bytes)); | 58 | memcpy(encoded_public_key, first_two_bytes, sizeof(first_two_bytes)); |
| 89 | CBS_init(&cbs, encoded_public_key, sizeof(encoded_public_key)); | 59 | CBS_init(&cbs, encoded_public_key, sizeof(encoded_public_key)); |
| 90 | TEST(!MLKEM768_parse_public_key(pub, &cbs), | 60 | if (!MLKEM768_parse_public_key(&pub, &cbs)) { |
| 91 | "MLKEM768_parse_public_key"); | 61 | warnx("MLKEM768_parse_public_key"); |
| 92 | TEST(CBS_len(&cbs) != 0u, "CBS_len must be 0"); | 62 | failed |= 1; |
| 93 | 63 | } | |
| 94 | TEST(!encode_public_key(pub, &tmp_buf, &tmp_buf_len), | 64 | |
| 95 | "encode_public_key"); | 65 | if (CBS_len(&cbs) != 0u) { |
| 96 | TEST(sizeof(encoded_public_key) != tmp_buf_len, | 66 | warnx("CBS_len must be 0"); |
| 97 | "encoded public key lengths differ"); | 67 | failed |= 1; |
| 98 | TEST_DATAEQ(tmp_buf, encoded_public_key, tmp_buf_len, | 68 | } |
| 99 | "encoded public keys"); | 69 | |
| 70 | if (!mlkem768_encode_public_key(&pub, &tmp_buf, &tmp_buf_len)) { | ||
| 71 | warnx("encode_public_key"); | ||
| 72 | failed |= 1; | ||
| 73 | } | ||
| 74 | if (sizeof(encoded_public_key) != tmp_buf_len) { | ||
| 75 | warnx("mlkem768 encoded public key lengths differ"); | ||
| 76 | failed |= 1; | ||
| 77 | } | ||
| 78 | |||
| 79 | if (compare_data(encoded_public_key, tmp_buf, tmp_buf_len, 768, | ||
| 80 | "encoded public keys") != 0) { | ||
| 81 | warnx("compare_data"); | ||
| 82 | failed |= 1; | ||
| 83 | } | ||
| 100 | free(tmp_buf); | 84 | free(tmp_buf); |
| 101 | tmp_buf = NULL; | 85 | tmp_buf = NULL; |
| 102 | 86 | ||
| 103 | MALLOC(pub2, sizeof(struct MLKEM768_public_key)); | 87 | MLKEM768_public_from_private(&pub2, &priv); |
| 104 | MLKEM768_public_from_private(pub2, priv); | 88 | if (!mlkem768_encode_public_key(&pub2, &tmp_buf, &tmp_buf_len)) { |
| 105 | TEST(!encode_public_key(pub2, &tmp_buf, &tmp_buf_len), | 89 | warnx("mlkem768_encode_public_key"); |
| 106 | "encode_public_key"); | 90 | failed |= 1; |
| 107 | TEST(sizeof(encoded_public_key) != tmp_buf_len, | 91 | } |
| 108 | "encoded public key lengths differ"); | 92 | if (sizeof(encoded_public_key) != tmp_buf_len) { |
| 109 | TEST_DATAEQ(tmp_buf, encoded_public_key, tmp_buf_len, | 93 | warnx("mlkem768 encoded public key lengths differ"); |
| 110 | "encoded pubic keys"); | 94 | failed |= 1; |
| 95 | } | ||
| 96 | |||
| 97 | if (compare_data(encoded_public_key, tmp_buf, tmp_buf_len, 768, | ||
| 98 | "encoded public keys") != 0) { | ||
| 99 | warnx("compare_data"); | ||
| 100 | failed |= 1; | ||
| 101 | } | ||
| 111 | free(tmp_buf); | 102 | free(tmp_buf); |
| 112 | tmp_buf = NULL; | 103 | tmp_buf = NULL; |
| 113 | 104 | ||
| 114 | TEST(!encode_private_key(priv, &encoded_private_key, | 105 | if (!mlkem768_encode_private_key(&priv, &encoded_private_key, |
| 115 | &encoded_private_key_len), "encode_private_key"); | 106 | &encoded_private_key_len)) { |
| 107 | warnx("mlkem768_encode_private_key"); | ||
| 108 | failed |= 1; | ||
| 109 | } | ||
| 116 | 110 | ||
| 117 | memcpy(first_two_bytes, encoded_private_key, sizeof(first_two_bytes)); | 111 | memcpy(first_two_bytes, encoded_private_key, sizeof(first_two_bytes)); |
| 118 | memset(encoded_private_key, 0xff, sizeof(first_two_bytes)); | 112 | memset(encoded_private_key, 0xff, sizeof(first_two_bytes)); |
| 119 | CBS_init(&cbs, encoded_private_key, encoded_private_key_len); | 113 | CBS_init(&cbs, encoded_private_key, encoded_private_key_len); |
| 120 | MALLOC(priv2, sizeof(struct MLKEM768_private_key)); | 114 | |
| 121 | /* Parsing should fail because the first coefficient is >= kPrime. */ | 115 | /* Parsing should fail because the first coefficient is >= kPrime. */ |
| 122 | TEST(MLKEM768_parse_private_key(priv2, &cbs), "Should not have parsed"); | 116 | if (MLKEM768_parse_private_key(&priv2, &cbs)) { |
| 117 | warnx("MLKEM768_parse_private_key should have failed"); | ||
| 118 | failed |= 1; | ||
| 119 | } | ||
| 123 | 120 | ||
| 124 | memcpy(encoded_private_key, first_two_bytes, sizeof(first_two_bytes)); | 121 | memcpy(encoded_private_key, first_two_bytes, sizeof(first_two_bytes)); |
| 125 | CBS_init(&cbs, encoded_private_key, encoded_private_key_len); | 122 | CBS_init(&cbs, encoded_private_key, encoded_private_key_len); |
| 126 | TEST(!MLKEM768_parse_private_key(priv2, &cbs), | 123 | |
| 127 | "MLKEM768_parse_private_key"); | 124 | if (!MLKEM768_parse_private_key(&priv2, &cbs)) { |
| 128 | TEST(!encode_private_key(priv2, &tmp_buf, &tmp_buf_len), | 125 | warnx("MLKEM768_parse_private_key"); |
| 129 | "encode_private_key"); | 126 | failed |= 1; |
| 130 | TEST(encoded_private_key_len != tmp_buf_len, | 127 | } |
| 131 | "encoded private key lengths differ"); | 128 | |
| 132 | TEST_DATAEQ(tmp_buf, encoded_private_key, encoded_private_key_len, | 129 | if (!mlkem768_encode_private_key(&priv2, &tmp_buf, &tmp_buf_len)) { |
| 133 | "encoded private keys"); | 130 | warnx("mlkem768_encode_private_key"); |
| 131 | failed |= 1; | ||
| 132 | } | ||
| 133 | |||
| 134 | if (encoded_private_key_len != tmp_buf_len) { | ||
| 135 | warnx("mlkem768 encode private key lengths differ"); | ||
| 136 | failed |= 1; | ||
| 137 | } | ||
| 138 | |||
| 139 | if (compare_data(encoded_private_key, tmp_buf, tmp_buf_len, 768, | ||
| 140 | "encoded private key") != 0) { | ||
| 141 | warnx("compare_data"); | ||
| 142 | failed |= 1; | ||
| 143 | } | ||
| 144 | |||
| 134 | free(tmp_buf); | 145 | free(tmp_buf); |
| 135 | tmp_buf = NULL; | 146 | tmp_buf = NULL; |
| 136 | 147 | ||
| 137 | MLKEM768_encap(ciphertext, shared_secret1, pub); | 148 | MLKEM768_encap(ciphertext, shared_secret1, &pub); |
| 138 | MLKEM768_decap(shared_secret2, ciphertext, MLKEM768_CIPHERTEXT_BYTES, | 149 | MLKEM768_decap(shared_secret2, ciphertext, MLKEM768_CIPHERTEXT_BYTES, |
| 139 | priv); | 150 | &priv); |
| 140 | TEST_DATAEQ(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES, | 151 | if (compare_data(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES, |
| 141 | "shared secrets with priv"); | 152 | 768, "shared secrets with priv") != 0) { |
| 153 | warnx("compare_data"); | ||
| 154 | failed |= 1; | ||
| 155 | } | ||
| 156 | |||
| 142 | MLKEM768_decap(shared_secret2, ciphertext, MLKEM768_CIPHERTEXT_BYTES, | 157 | MLKEM768_decap(shared_secret2, ciphertext, MLKEM768_CIPHERTEXT_BYTES, |
| 143 | priv2); | 158 | &priv2); |
| 144 | TEST_DATAEQ(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES, | 159 | if (compare_data(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES, |
| 145 | "shared secrets with priv2"); | 160 | 768, "shared secrets with priv2") != 0) { |
| 161 | warnx("compare_data"); | ||
| 162 | failed |= 1; | ||
| 163 | } | ||
| 146 | 164 | ||
| 147 | free(encoded_private_key); | 165 | free(encoded_private_key); |
| 148 | free(pub); | ||
| 149 | free(pub2); | ||
| 150 | free(priv); | ||
| 151 | free(priv2); | ||
| 152 | |||
| 153 | } | ||
| 154 | 166 | ||
| 155 | static int | 167 | return failed; |
| 156 | encode_1024public_key(const struct MLKEM1024_public_key *pub, uint8_t **out_buf, | ||
| 157 | size_t *out_len) | ||
| 158 | { | ||
| 159 | CBB cbb; | ||
| 160 | if (!CBB_init(&cbb, MLKEM1024_PUBLIC_KEY_BYTES)) | ||
| 161 | return 0; | ||
| 162 | if (!MLKEM1024_marshal_public_key(&cbb, pub)) | ||
| 163 | return 0; | ||
| 164 | if (!CBB_finish(&cbb, out_buf, out_len)) | ||
| 165 | return 0; | ||
| 166 | CBB_cleanup(&cbb); | ||
| 167 | return 1; | ||
| 168 | } | 168 | } |
| 169 | 169 | ||
| 170 | static int | 170 | static int |
| 171 | encode_1024private_key(const struct MLKEM1024_private_key *priv, uint8_t **out_buf, | 171 | MlKem1024UnitTest(void) |
| 172 | size_t *out_len) | ||
| 173 | { | ||
| 174 | CBB cbb; | ||
| 175 | if (!CBB_init(&cbb, MLKEM1024_PUBLIC_KEY_BYTES)) | ||
| 176 | return 0; | ||
| 177 | if (!MLKEM1024_marshal_private_key(&cbb, priv)) | ||
| 178 | return 0; | ||
| 179 | if (!CBB_finish(&cbb, out_buf, out_len)) | ||
| 180 | return 0; | ||
| 181 | CBB_cleanup(&cbb); | ||
| 182 | return 1; | ||
| 183 | } | ||
| 184 | |||
| 185 | static void | ||
| 186 | MlKem1024UnitTest() | ||
| 187 | { | 172 | { |
| 188 | struct MLKEM1024_private_key *priv, *priv2; | 173 | struct MLKEM1024_private_key priv = { 0 }, priv2 = { 0 }; |
| 189 | struct MLKEM1024_public_key *pub, *pub2; | 174 | struct MLKEM1024_public_key pub = { 0 }, pub2 = { 0 }; |
| 190 | uint8_t encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES]; | 175 | uint8_t encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES]; |
| 191 | uint8_t ciphertext[MLKEM1024_CIPHERTEXT_BYTES]; | 176 | uint8_t ciphertext[MLKEM1024_CIPHERTEXT_BYTES]; |
| 192 | uint8_t shared_secret1[MLKEM_SHARED_SECRET_BYTES]; | 177 | uint8_t shared_secret1[MLKEM_SHARED_SECRET_BYTES]; |
| @@ -195,92 +180,140 @@ MlKem1024UnitTest() | |||
| 195 | uint8_t *encoded_private_key = NULL, *tmp_buf = NULL; | 180 | uint8_t *encoded_private_key = NULL, *tmp_buf = NULL; |
| 196 | size_t encoded_private_key_len, tmp_buf_len; | 181 | size_t encoded_private_key_len, tmp_buf_len; |
| 197 | CBS cbs; | 182 | CBS cbs; |
| 183 | int failed = 0; | ||
| 198 | 184 | ||
| 199 | fprintf(stderr, "ML-KEM 1024...\n"); | 185 | MLKEM1024_generate_key(encoded_public_key, NULL, &priv); |
| 200 | |||
| 201 | MALLOC(priv, sizeof(struct MLKEM1024_private_key)); | ||
| 202 | MLKEM1024_generate_key(encoded_public_key, NULL, priv); | ||
| 203 | 186 | ||
| 204 | memcpy(first_two_bytes, encoded_public_key, sizeof(first_two_bytes)); | 187 | memcpy(first_two_bytes, encoded_public_key, sizeof(first_two_bytes)); |
| 205 | memset(encoded_public_key, 0xff, sizeof(first_two_bytes)); | 188 | memset(encoded_public_key, 0xff, sizeof(first_two_bytes)); |
| 206 | CBS_init(&cbs, encoded_public_key, | 189 | |
| 207 | sizeof(encoded_public_key)); | 190 | CBS_init(&cbs, encoded_public_key, sizeof(encoded_public_key)); |
| 208 | MALLOC(pub, sizeof(struct MLKEM1024_public_key)); | 191 | |
| 209 | /* Parsing should fail because the first coefficient is >= kPrime; */ | 192 | /* Parsing should fail because the first coefficient is >= kPrime. */ |
| 210 | TEST(MLKEM1024_parse_public_key(pub, &cbs), | 193 | if (MLKEM1024_parse_public_key(&pub, &cbs)) { |
| 211 | "Kyber_parse_public_key should have failed"); | 194 | warnx("MLKEM1024_parse_public_key should have failed"); |
| 195 | failed |= 1; | ||
| 196 | } | ||
| 212 | 197 | ||
| 213 | memcpy(encoded_public_key, first_two_bytes, sizeof(first_two_bytes)); | 198 | memcpy(encoded_public_key, first_two_bytes, sizeof(first_two_bytes)); |
| 214 | CBS_init(&cbs, encoded_public_key, sizeof(encoded_public_key)); | 199 | CBS_init(&cbs, encoded_public_key, sizeof(encoded_public_key)); |
| 215 | TEST(!MLKEM1024_parse_public_key(pub, &cbs), | 200 | if (!MLKEM1024_parse_public_key(&pub, &cbs)) { |
| 216 | "MLKEM1024_parse_public_key"); | 201 | warnx("MLKEM1024_parse_public_key"); |
| 217 | TEST(CBS_len(&cbs) != 0u, "CBS_len must be 0"); | 202 | failed |= 1; |
| 218 | 203 | } | |
| 219 | TEST(!encode_1024public_key(pub, &tmp_buf, &tmp_buf_len), | 204 | |
| 220 | "encode_1024public_key"); | 205 | if (CBS_len(&cbs) != 0u) { |
| 221 | TEST(sizeof(encoded_public_key) != tmp_buf_len, | 206 | warnx("CBS_len must be 0"); |
| 222 | "encoded public key lengths differ"); | 207 | failed |= 1; |
| 223 | TEST_DATAEQ(tmp_buf, encoded_public_key, tmp_buf_len, | 208 | } |
| 224 | "encoded public keys"); | 209 | |
| 210 | if (!mlkem1024_encode_public_key(&pub, &tmp_buf, &tmp_buf_len)) { | ||
| 211 | warnx("encode_public_key"); | ||
| 212 | failed |= 1; | ||
| 213 | } | ||
| 214 | if (sizeof(encoded_public_key) != tmp_buf_len) { | ||
| 215 | warnx("mlkem1024 encoded public key lengths differ"); | ||
| 216 | failed |= 1; | ||
| 217 | } | ||
| 218 | |||
| 219 | if (compare_data(encoded_public_key, tmp_buf, tmp_buf_len, 1024, | ||
| 220 | "encoded public keys") != 0) { | ||
| 221 | warnx("compare_data"); | ||
| 222 | failed |= 1; | ||
| 223 | } | ||
| 225 | free(tmp_buf); | 224 | free(tmp_buf); |
| 226 | tmp_buf = NULL; | 225 | tmp_buf = NULL; |
| 227 | 226 | ||
| 228 | MALLOC(pub2, sizeof(struct MLKEM1024_public_key)); | 227 | MLKEM1024_public_from_private(&pub2, &priv); |
| 229 | MLKEM1024_public_from_private(pub2, priv); | 228 | if (!mlkem1024_encode_public_key(&pub2, &tmp_buf, &tmp_buf_len)) { |
| 230 | TEST(!encode_1024public_key(pub2, &tmp_buf, &tmp_buf_len), | 229 | warnx("mlkem1024_encode_public_key"); |
| 231 | "encode_public_key"); | 230 | failed |= 1; |
| 232 | TEST(sizeof(encoded_public_key) != tmp_buf_len, | 231 | } |
| 233 | "encoded public key lengths differ"); | 232 | if (sizeof(encoded_public_key) != tmp_buf_len) { |
| 234 | TEST_DATAEQ(tmp_buf, encoded_public_key, tmp_buf_len, | 233 | warnx("mlkem1024 encoded public key lengths differ"); |
| 235 | "encoded pubic keys"); | 234 | failed |= 1; |
| 235 | } | ||
| 236 | |||
| 237 | if (compare_data(encoded_public_key, tmp_buf, tmp_buf_len, 1024, | ||
| 238 | "encoded public keys") != 0) { | ||
| 239 | warnx("compare_data"); | ||
| 240 | failed |= 1; | ||
| 241 | } | ||
| 236 | free(tmp_buf); | 242 | free(tmp_buf); |
| 237 | tmp_buf = NULL; | 243 | tmp_buf = NULL; |
| 238 | 244 | ||
| 239 | TEST(!encode_1024private_key(priv, &encoded_private_key, | 245 | if (!mlkem1024_encode_private_key(&priv, &encoded_private_key, |
| 240 | &encoded_private_key_len), "encode_1024private_key"); | 246 | &encoded_private_key_len)) { |
| 247 | warnx("mlkem1024_encode_private_key"); | ||
| 248 | failed |= 1; | ||
| 249 | } | ||
| 241 | 250 | ||
| 242 | memcpy(first_two_bytes, encoded_private_key, sizeof(first_two_bytes)); | 251 | memcpy(first_two_bytes, encoded_private_key, sizeof(first_two_bytes)); |
| 243 | memset(encoded_private_key, 0xff, sizeof(first_two_bytes)); | 252 | memset(encoded_private_key, 0xff, sizeof(first_two_bytes)); |
| 244 | CBS_init(&cbs, encoded_private_key, encoded_private_key_len); | 253 | CBS_init(&cbs, encoded_private_key, encoded_private_key_len); |
| 245 | MALLOC(priv2, sizeof(struct MLKEM1024_private_key)); | 254 | |
| 246 | /* Parsing should fail because the first coefficient is >= kPrime. */ | 255 | /* Parsing should fail because the first coefficient is >= kPrime. */ |
| 247 | TEST(MLKEM1024_parse_private_key(priv2, &cbs), "Should not have parsed"); | 256 | if (MLKEM1024_parse_private_key(&priv2, &cbs)) { |
| 257 | warnx("MLKEM1024_parse_private_key should have failed"); | ||
| 258 | failed |= 1; | ||
| 259 | } | ||
| 248 | 260 | ||
| 249 | memcpy(encoded_private_key, first_two_bytes, sizeof(first_two_bytes)); | 261 | memcpy(encoded_private_key, first_two_bytes, sizeof(first_two_bytes)); |
| 250 | CBS_init(&cbs, encoded_private_key, encoded_private_key_len); | 262 | CBS_init(&cbs, encoded_private_key, encoded_private_key_len); |
| 251 | TEST(!MLKEM1024_parse_private_key(priv2, &cbs), | 263 | |
| 252 | "MLKEM1024_parse_private_key"); | 264 | if (!MLKEM1024_parse_private_key(&priv2, &cbs)) { |
| 253 | TEST(!encode_1024private_key(priv2, &tmp_buf, &tmp_buf_len), | 265 | warnx("MLKEM1024_parse_private_key"); |
| 254 | "encode_private_key"); | 266 | failed |= 1; |
| 255 | TEST(encoded_private_key_len != tmp_buf_len, | 267 | } |
| 256 | "encoded private key lengths differ"); | 268 | |
| 257 | TEST_DATAEQ(tmp_buf, encoded_private_key, encoded_private_key_len, | 269 | if (!mlkem1024_encode_private_key(&priv2, &tmp_buf, &tmp_buf_len)) { |
| 258 | "encoded private keys"); | 270 | warnx("mlkem1024_encode_private_key"); |
| 271 | failed |= 1; | ||
| 272 | } | ||
| 273 | |||
| 274 | if (encoded_private_key_len != tmp_buf_len) { | ||
| 275 | warnx("mlkem1024 encode private key lengths differ"); | ||
| 276 | failed |= 1; | ||
| 277 | } | ||
| 278 | |||
| 279 | if (compare_data(encoded_private_key, tmp_buf, tmp_buf_len, 1024, | ||
| 280 | "encoded private key") != 0) { | ||
| 281 | warnx("compare_data"); | ||
| 282 | failed |= 1; | ||
| 283 | } | ||
| 284 | |||
| 259 | free(tmp_buf); | 285 | free(tmp_buf); |
| 260 | tmp_buf = NULL; | 286 | tmp_buf = NULL; |
| 261 | 287 | ||
| 262 | MLKEM1024_encap(ciphertext, shared_secret1, pub); | 288 | MLKEM1024_encap(ciphertext, shared_secret1, &pub); |
| 263 | MLKEM1024_decap(shared_secret2, ciphertext, MLKEM1024_CIPHERTEXT_BYTES, | 289 | MLKEM1024_decap(shared_secret2, ciphertext, MLKEM1024_CIPHERTEXT_BYTES, |
| 264 | priv); | 290 | &priv); |
| 265 | TEST_DATAEQ(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES, | 291 | if (compare_data(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES, |
| 266 | "shared secrets with priv"); | 292 | 1024, "shared secrets with priv") != 0) { |
| 293 | warnx("compare_data"); | ||
| 294 | failed |= 1; | ||
| 295 | } | ||
| 296 | |||
| 267 | MLKEM1024_decap(shared_secret2, ciphertext, MLKEM1024_CIPHERTEXT_BYTES, | 297 | MLKEM1024_decap(shared_secret2, ciphertext, MLKEM1024_CIPHERTEXT_BYTES, |
| 268 | priv2); | 298 | &priv2); |
| 269 | TEST_DATAEQ(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES, | 299 | if (compare_data(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES, |
| 270 | "shared secrets with priv2"); | 300 | 1024, "shared secrets with priv2") != 0) { |
| 301 | warnx("compare_data"); | ||
| 302 | failed |= 1; | ||
| 303 | } | ||
| 271 | 304 | ||
| 272 | free(encoded_private_key); | 305 | free(encoded_private_key); |
| 273 | free(pub); | 306 | |
| 274 | free(pub2); | 307 | return failed; |
| 275 | free(priv); | ||
| 276 | free(priv2); | ||
| 277 | } | 308 | } |
| 278 | 309 | ||
| 279 | int | 310 | int |
| 280 | main(int argc, char **argv) | 311 | main(int argc, char **argv) |
| 281 | { | 312 | { |
| 282 | MlKem768UnitTest(); | 313 | int failed = 0; |
| 283 | MlKem1024UnitTest(); | 314 | |
| 315 | failed |= MlKem768UnitTest(); | ||
| 316 | failed |= MlKem1024UnitTest(); | ||
| 284 | 317 | ||
| 285 | exit(failure); | 318 | return failed; |
| 286 | } | 319 | } |