Add ML-KEM 768 from BoringSSL

Changes include conversion from C++, basic KNF, then adaptation to use our sha3 functions for sha3 and shake instead of the BorinSSL version. This Adds units tests to run against BoringSSL and NIST test vectors. The future public API is the same as Boring's - but is not yet exposed pending making bytesring.h public (which will happen separately) and a minor bump Currently this will just ensure we build and run regress. ok tb@ to get it into the tree and massage from there.
author: beck <> 2024-12-13 00:03:57 +0000
committer: beck <> 2024-12-13 00:03:57 +0000
commit: c3bf83f7cf1ff567aae1e260425898b2af6bf4cc (patch)
tree: a9ff1c725db56dbeb46224505b3dd6fd05a21777 /src/regress/lib/libcrypto/mlkem/mlkem_unittest.c
parent: f0b174e51673db27d4324ea95b112eb95ad05291 (diff)
download: openbsd-c3bf83f7cf1ff567aae1e260425898b2af6bf4cc.tar.gz
openbsd-c3bf83f7cf1ff567aae1e260425898b2af6bf4cc.tar.bz2
openbsd-c3bf83f7cf1ff567aae1e260425898b2af6bf4cc.zip
1 files changed, 149 insertions, 0 deletions
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c b/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c
new file mode 100644
index 0000000000..71bfe60179
--- /dev/null
+++ b/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c
@@ -0,0 +1,149 @@
+/* Copyright (c) 2024, Google Inc.
+ * Copyright (c) 2024, Bob Beck <beck@obtuse.com>
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include "bytestring.h"
+#include "mlkem.h"
+#include "mlkem_internal.h"
+#include "mlkem_tests_util.h"
+static int
+encode_public_key(const struct MLKEM768_public_key *pub, uint8_t **out_buf,
+    size_t *out_len)
+{
+        CBB cbb;
+        if (!CBB_init(&cbb, MLKEM768_PUBLIC_KEY_BYTES))
+                return 0;
+        if (!MLKEM768_marshal_public_key(&cbb, pub))
+                return 0;
+        if (!CBB_finish(&cbb, out_buf, out_len))
+                return 0;
+        CBB_cleanup(&cbb);
+        return 1;
+}
+static int
+encode_private_key(const struct MLKEM768_private_key *priv, uint8_t **out_buf,
+    size_t *out_len)
+{
+        CBB cbb;
+        if (!CBB_init(&cbb, MLKEM768_PUBLIC_KEY_BYTES))
+                return 0;
+        if (!MLKEM768_marshal_private_key(&cbb, priv))
+                return 0;
+        if (!CBB_finish(&cbb, out_buf, out_len))
+                return 0;
+        CBB_cleanup(&cbb);
+        return 1;
+}
+int
+main(int argc, char **argv)
+{
+        struct MLKEM768_private_key *priv, *priv2;
+        struct MLKEM768_public_key *pub, *pub2;
+        uint8_t encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES];
+        uint8_t ciphertext[MLKEM768_CIPHERTEXT_BYTES];
+        uint8_t shared_secret1[MLKEM_SHARED_SECRET_BYTES];
+        uint8_t shared_secret2[MLKEM_SHARED_SECRET_BYTES];
+        uint8_t first_two_bytes[2];
+        uint8_t *encoded_private_key = NULL, *tmp_buf = NULL;
+        size_t encoded_private_key_len, tmp_buf_len;
+        CBS cbs;
+        fprintf(stderr, "ML-KEM 768...\n");
+        MALLOC(priv, sizeof(struct MLKEM768_private_key));
+        MLKEM768_generate_key(encoded_public_key, NULL, priv);
+        memcpy(first_two_bytes, encoded_public_key, sizeof(first_two_bytes));
+        memset(encoded_public_key, 0xff, sizeof(first_two_bytes));
+        CBS_init(&cbs, encoded_public_key,
+            sizeof(encoded_public_key));
+        MALLOC(pub, sizeof(struct MLKEM768_public_key));
+        /*  Parsing should fail because the first coefficient is >= kPrime; */
+        TEST(MLKEM768_parse_public_key(pub, &cbs),
+            "Kyber_parse_public_key should have failed");
+        memcpy(encoded_public_key, first_two_bytes, sizeof(first_two_bytes));
+        CBS_init(&cbs, encoded_public_key, sizeof(encoded_public_key));
+        TEST(!MLKEM768_parse_public_key(pub, &cbs),
+            "MLKEM768_parse_public_key");
+        TEST(CBS_len(&cbs) != 0u, "CBS_len must be 0");
+        TEST(!encode_public_key(pub, &tmp_buf, &tmp_buf_len),
+            "encode_public_key");
+        TEST(sizeof(encoded_public_key) != tmp_buf_len,
+            "encoded public key lengths differ");
+        TEST_DATAEQ(tmp_buf, encoded_public_key, tmp_buf_len,
+            "encoded public keys");
+        free(tmp_buf);
+        tmp_buf = NULL;
+        MALLOC(pub2, sizeof(struct MLKEM768_public_key));
+        MLKEM768_public_from_private(pub2, priv);
+        TEST(!encode_public_key(pub2, &tmp_buf, &tmp_buf_len),
+            "encode_public_key");
+        TEST(sizeof(encoded_public_key) != tmp_buf_len,
+            "encoded public key lengths differ");
+        TEST_DATAEQ(tmp_buf, encoded_public_key, tmp_buf_len,
+            "encoded pubic keys");
+        free(tmp_buf);
+        tmp_buf = NULL;
+        TEST(!encode_private_key(priv, &encoded_private_key,
+            &encoded_private_key_len), "encode_private_key");
+        memcpy(first_two_bytes, encoded_private_key, sizeof(first_two_bytes));
+        memset(encoded_private_key, 0xff, sizeof(first_two_bytes));
+        CBS_init(&cbs, encoded_private_key, encoded_private_key_len);
+        MALLOC(priv2, sizeof(struct MLKEM768_private_key));
+        /*  Parsing should fail because the first coefficient is >= kPrime. */
+        TEST(MLKEM768_parse_private_key(priv2, &cbs), "Should not have parsed");
+        memcpy(encoded_private_key, first_two_bytes, sizeof(first_two_bytes));
+        CBS_init(&cbs, encoded_private_key, encoded_private_key_len);
+        TEST(!MLKEM768_parse_private_key(priv2, &cbs),
+            "MLKEM768_parse_private_key");
+        TEST(!encode_private_key(priv2, &tmp_buf, &tmp_buf_len),
+            "encode_private_key");
+        TEST(encoded_private_key_len != tmp_buf_len,
+            "encoded private key lengths differ");
+        TEST_DATAEQ(tmp_buf, encoded_private_key, encoded_private_key_len,
+            "encoded private keys");
+        free(tmp_buf);
+        tmp_buf = NULL;
+        MLKEM768_encap(ciphertext, shared_secret1, pub);
+        MLKEM768_decap(shared_secret2, ciphertext, MLKEM768_CIPHERTEXT_BYTES,
+            priv);
+        TEST_DATAEQ(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES,
+            "shared secrets with priv");
+        MLKEM768_decap(shared_secret2, ciphertext, MLKEM768_CIPHERTEXT_BYTES,
+            priv2);
+        TEST_DATAEQ(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES,
+            "shared secrets with priv2");
+        free(encoded_private_key);
+        free(pub);
+        free(pub2);
+        free(priv);
+        free(priv2);
+        exit(failure);
+}
author	beck <>	2024-12-13 00:03:57 +0000
committer	beck <>	2024-12-13 00:03:57 +0000
commit	c3bf83f7cf1ff567aae1e260425898b2af6bf4cc (patch)
tree	a9ff1c725db56dbeb46224505b3dd6fd05a21777 /src/regress/lib/libcrypto/mlkem/mlkem_unittest.c
parent	f0b174e51673db27d4324ea95b112eb95ad05291 (diff)
download	openbsd-c3bf83f7cf1ff567aae1e260425898b2af6bf4cc.tar.gz openbsd-c3bf83f7cf1ff567aae1e260425898b2af6bf4cc.tar.bz2 openbsd-c3bf83f7cf1ff567aae1e260425898b2af6bf4cc.zip

diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c b/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c new file mode 100644 index 0000000000..71bfe60179 --- /dev/null +++ b/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c
@@ -0,0 +1,149 @@
	1	/* Copyright (c) 2024, Google Inc.
	2	* Copyright (c) 2024, Bob Beck <beck@obtuse.com>
	3	*
	4	* Permission to use, copy, modify, and/or distribute this software for any
	5	* purpose with or without fee is hereby granted, provided that the above
	6	* copyright notice and this permission notice appear in all copies.
	7	*
	8	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	9	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	10	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
	11	* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	12	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
	13	* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
	14	* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
	15
	16	#include <stdlib.h>
	17	#include <stdio.h>
	18	#include <string.h>
	19
	20	#include "bytestring.h"
	21	#include "mlkem.h"
	22	#include "mlkem_internal.h"
	23	#include "mlkem_tests_util.h"
	24
	25	static int
	26	encode_public_key(const struct MLKEM768_public_key pub, uint8_t *out_buf,
	27	size_t *out_len)
	28	{
	29	CBB cbb;
	30	if (!CBB_init(&cbb, MLKEM768_PUBLIC_KEY_BYTES))
	31	return 0;
	32	if (!MLKEM768_marshal_public_key(&cbb, pub))
	33	return 0;
	34	if (!CBB_finish(&cbb, out_buf, out_len))
	35	return 0;
	36	CBB_cleanup(&cbb);
	37	return 1;
	38	}
	39
	40	static int
	41	encode_private_key(const struct MLKEM768_private_key priv, uint8_t *out_buf,
	42	size_t *out_len)
	43	{
	44	CBB cbb;
	45	if (!CBB_init(&cbb, MLKEM768_PUBLIC_KEY_BYTES))
	46	return 0;
	47	if (!MLKEM768_marshal_private_key(&cbb, priv))
	48	return 0;
	49	if (!CBB_finish(&cbb, out_buf, out_len))
	50	return 0;
	51	CBB_cleanup(&cbb);
	52	return 1;
	53	}
	54
	55	int
	56	main(int argc, char **argv)
	57	{
	58	struct MLKEM768_private_key priv, priv2;
	59	struct MLKEM768_public_key pub, pub2;
	60	uint8_t encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES];
	61	uint8_t ciphertext[MLKEM768_CIPHERTEXT_BYTES];
	62	uint8_t shared_secret1[MLKEM_SHARED_SECRET_BYTES];
	63	uint8_t shared_secret2[MLKEM_SHARED_SECRET_BYTES];
	64	uint8_t first_two_bytes[2];
	65	uint8_t encoded_private_key = NULL, tmp_buf = NULL;
	66	size_t encoded_private_key_len, tmp_buf_len;
	67	CBS cbs;
	68
	69	fprintf(stderr, "ML-KEM 768...\n");
	70
	71	MALLOC(priv, sizeof(struct MLKEM768_private_key));
	72	MLKEM768_generate_key(encoded_public_key, NULL, priv);
	73
	74	memcpy(first_two_bytes, encoded_public_key, sizeof(first_two_bytes));
	75	memset(encoded_public_key, 0xff, sizeof(first_two_bytes));
	76	CBS_init(&cbs, encoded_public_key,
	77	sizeof(encoded_public_key));
	78	MALLOC(pub, sizeof(struct MLKEM768_public_key));
	79	/* Parsing should fail because the first coefficient is >= kPrime; */
	80	TEST(MLKEM768_parse_public_key(pub, &cbs),
	81	"Kyber_parse_public_key should have failed");
	82
	83	memcpy(encoded_public_key, first_two_bytes, sizeof(first_two_bytes));
	84	CBS_init(&cbs, encoded_public_key, sizeof(encoded_public_key));
	85	TEST(!MLKEM768_parse_public_key(pub, &cbs),
	86	"MLKEM768_parse_public_key");
	87	TEST(CBS_len(&cbs) != 0u, "CBS_len must be 0");
	88
	89	TEST(!encode_public_key(pub, &tmp_buf, &tmp_buf_len),
	90	"encode_public_key");
	91	TEST(sizeof(encoded_public_key) != tmp_buf_len,
	92	"encoded public key lengths differ");
	93	TEST_DATAEQ(tmp_buf, encoded_public_key, tmp_buf_len,
	94	"encoded public keys");
	95	free(tmp_buf);
	96	tmp_buf = NULL;
	97
	98	MALLOC(pub2, sizeof(struct MLKEM768_public_key));
	99	MLKEM768_public_from_private(pub2, priv);
	100	TEST(!encode_public_key(pub2, &tmp_buf, &tmp_buf_len),
	101	"encode_public_key");
	102	TEST(sizeof(encoded_public_key) != tmp_buf_len,
	103	"encoded public key lengths differ");
	104	TEST_DATAEQ(tmp_buf, encoded_public_key, tmp_buf_len,
	105	"encoded pubic keys");
	106	free(tmp_buf);
	107	tmp_buf = NULL;
	108
	109	TEST(!encode_private_key(priv, &encoded_private_key,
	110	&encoded_private_key_len), "encode_private_key");
	111
	112	memcpy(first_two_bytes, encoded_private_key, sizeof(first_two_bytes));
	113	memset(encoded_private_key, 0xff, sizeof(first_two_bytes));
	114	CBS_init(&cbs, encoded_private_key, encoded_private_key_len);
	115	MALLOC(priv2, sizeof(struct MLKEM768_private_key));
	116	/* Parsing should fail because the first coefficient is >= kPrime. */
	117	TEST(MLKEM768_parse_private_key(priv2, &cbs), "Should not have parsed");
	118
	119	memcpy(encoded_private_key, first_two_bytes, sizeof(first_two_bytes));
	120	CBS_init(&cbs, encoded_private_key, encoded_private_key_len);
	121	TEST(!MLKEM768_parse_private_key(priv2, &cbs),
	122	"MLKEM768_parse_private_key");
	123	TEST(!encode_private_key(priv2, &tmp_buf, &tmp_buf_len),
	124	"encode_private_key");
	125	TEST(encoded_private_key_len != tmp_buf_len,
	126	"encoded private key lengths differ");
	127	TEST_DATAEQ(tmp_buf, encoded_private_key, encoded_private_key_len,
	128	"encoded private keys");
	129	free(tmp_buf);
	130	tmp_buf = NULL;
	131
	132	MLKEM768_encap(ciphertext, shared_secret1, pub);
	133	MLKEM768_decap(shared_secret2, ciphertext, MLKEM768_CIPHERTEXT_BYTES,
	134	priv);
	135	TEST_DATAEQ(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES,
	136	"shared secrets with priv");
	137	MLKEM768_decap(shared_secret2, ciphertext, MLKEM768_CIPHERTEXT_BYTES,
	138	priv2);
	139	TEST_DATAEQ(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES,
	140	"shared secrets with priv2");
	141
	142	free(encoded_private_key);
	143	free(pub);
	144	free(pub2);
	145	free(priv);
	146	free(priv2);
	147
	148	exit(failure);
	149	}