ML-KEM: improve the EncapsTest

New testvectors want some more detailed handling, which brings these Wycheproof encapsulation tests about on par with our existing tests.
author: tb <> 2026-01-22 09:05:15 +0000
committer: tb <> 2026-01-22 09:05:15 +0000
commit: a4d3c7b310e717d538f5b8ccf242580e7fa8de99 (patch)
tree: 39d9cf253ed0763fe1df7166f8d95f1631609d15 /src/regress
parent: 3fc95b9b041fc74201119cc54bcc9955546a69c7 (diff)
download: openbsd-a4d3c7b310e717d538f5b8ccf242580e7fa8de99.tar.gz
openbsd-a4d3c7b310e717d538f5b8ccf242580e7fa8de99.tar.bz2
openbsd-a4d3c7b310e717d538f5b8ccf242580e7fa8de99.zip
1 files changed, 46 insertions, 4 deletions
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
index c147d6929c..13d7b40b93 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
-/* $OpenBSD: wycheproof.go,v 1.199 2026/01/22 09:02:34 tb Exp $ */
+/* $OpenBSD: wycheproof.go,v 1.200 2026/01/22 09:05:15 tb Exp $ */
 /*
 * Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2018,2019,2022-2025 Theo Buehler <tb@openbsd.org>
@@ -20,7 +20,9 @@
 package main
 /*
-#cgo LDFLAGS: -lcrypto
+#cgo CFLAGS: -I"../../../../lib/libcrypto/bytestring"
+#cgo CFLAGS: -I"../../../../lib/libcrypto/mlkem"
+#cgo LDFLAGS: -lcrypto -static
 #include <limits.h>
 #include <string.h>
@@ -42,6 +44,8 @@ package main
 #include <openssl/x509.h>
 #include <openssl/rsa.h>
+#include "mlkem_internal.h"
 int
 wp_EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md)
 {
@@ -2446,8 +2450,46 @@ func runMLKEMEncapsTestGroup(rank C.int, wt *wycheproofTestMLKEM) bool {
        ek, ekLen := mustDecodeHexString(wt.Ek, "eK")
-        if C.MLKEM_parse_public_key(pubKey, (*C.uchar)(unsafe.Pointer(&ek[0])), (C.size_t)(ekLen)) != 0 || wt.Result != "invalid" {
+        if C.MLKEM_parse_public_key(pubKey, (*C.uchar)(unsafe.Pointer(&ek[0])), (C.size_t)(ekLen)) != 1 {
-                fmt.Printf("FAIL: %s MLKEM_parse_public_key succeeded\n", wt)
+                if wt.Result != "invalid" {
+                        fmt.Printf("FAIL: %s: MLKEM_parse_public_key failed !!!\n", wt)
+                        return false;
+                }
+                return true
+        }
+        m, _ := mustDecodeHexString(wt.M, "m")
+        var cipherText, sharedSecret *C.uint8_t
+        var cipherTextLen, sharedSecretLen C.size_t
+        defer C.free(unsafe.Pointer(cipherText))
+        defer C.free(unsafe.Pointer(sharedSecret))
+        if C.MLKEM_encap_external_entropy(pubKey, (*C.uchar)(unsafe.Pointer(&m[0])), &cipherText, &cipherTextLen, &sharedSecret, &sharedSecretLen) != 1 {
+                fmt.Printf("FAIL: %s: MLKEM_encap_external_entropy\n", wt)
+                return false
+        }
+        if cipherTextLen != C.MLKEM_public_key_ciphertext_length(pubKey) {
+                fmt.Printf("FAIL: %s: ciphertext length mismatch\n", wt)
+                return false
+        }
+        gotC := unsafe.Slice((*byte)(unsafe.Pointer(cipherText)), cipherTextLen)
+        c, _ := mustDecodeHexString(wt.C, "c")
+        if bytes.Equal(c, gotC) != (wt.Result != "invalid") {
+                fmt.Printf("%s: ciphertext mismatch\nwant:\n%s\ngot:\n%s\n", wt, hex.Dump(c), hex.Dump(gotC))
+        }
+        if sharedSecretLen != C.MLKEM_SHARED_SECRET_LENGTH {
+                fmt.Printf("FAIL: %s: shared secret length mismatch\n", wt)
+                return false
+        }
+        gotK := unsafe.Slice((*byte)(unsafe.Pointer(sharedSecret)), sharedSecretLen)
+        k, _ := mustDecodeHexString(wt.K, "k")
+        if bytes.Equal(k, gotK) != (wt.Result != "invalid") {
+                fmt.Printf("%s: shared secret mismatch\nwant:\n%s\ngot:\n%s\n", wt, hex.Dump(k), hex.Dump(gotK))
                return false
        }
author	tb <>	2026-01-22 09:05:15 +0000
committer	tb <>	2026-01-22 09:05:15 +0000
commit	a4d3c7b310e717d538f5b8ccf242580e7fa8de99 (patch)
tree	39d9cf253ed0763fe1df7166f8d95f1631609d15 /src/regress
parent	3fc95b9b041fc74201119cc54bcc9955546a69c7 (diff)
download	openbsd-a4d3c7b310e717d538f5b8ccf242580e7fa8de99.tar.gz openbsd-a4d3c7b310e717d538f5b8ccf242580e7fa8de99.tar.bz2 openbsd-a4d3c7b310e717d538f5b8ccf242580e7fa8de99.zip

diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go index c147d6929c..13d7b40b93 100644 --- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
1	/* $OpenBSD: wycheproof.go,v 1.199 2026/01/22 09:02:34 tb Exp $ */	1	/* $OpenBSD: wycheproof.go,v 1.200 2026/01/22 09:05:15 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2018,2019,2022-2025 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2018,2019,2022-2025 Theo Buehler <tb@openbsd.org>
@@ -20,7 +20,9 @@
20	package main	20	package main
21		21
22	/*	22	/*
23	#cgo LDFLAGS: -lcrypto	23	#cgo CFLAGS: -I"../../../../lib/libcrypto/bytestring"
		24	#cgo CFLAGS: -I"../../../../lib/libcrypto/mlkem"
		25	#cgo LDFLAGS: -lcrypto -static
24		26
25	#include <limits.h>	27	#include <limits.h>
26	#include <string.h>	28	#include <string.h>
@@ -42,6 +44,8 @@ package main
42	#include <openssl/x509.h>	44	#include <openssl/x509.h>
43	#include <openssl/rsa.h>	45	#include <openssl/rsa.h>
44		46
		47	#include "mlkem_internal.h"
		48
45	int	49	int
46	wp_EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX pctx, const EVP_MD md)	50	wp_EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX pctx, const EVP_MD md)
47	{	51	{
@@ -2446,8 +2450,46 @@ func runMLKEMEncapsTestGroup(rank C.int, wt *wycheproofTestMLKEM) bool {
2446		2450
2447	ek, ekLen := mustDecodeHexString(wt.Ek, "eK")	2451	ek, ekLen := mustDecodeHexString(wt.Ek, "eK")
2448		2452
2449	if C.MLKEM_parse_public_key(pubKey, (*C.uchar)(unsafe.Pointer(&ek[0])), (C.size_t)(ekLen)) != 0 \|\| wt.Result != "invalid" {	2453	if C.MLKEM_parse_public_key(pubKey, (*C.uchar)(unsafe.Pointer(&ek[0])), (C.size_t)(ekLen)) != 1 {
2450	fmt.Printf("FAIL: %s MLKEM_parse_public_key succeeded\n", wt)	2454	if wt.Result != "invalid" {
		2455	fmt.Printf("FAIL: %s: MLKEM_parse_public_key failed !!!\n", wt)
		2456	return false;
		2457	}
		2458	return true
		2459	}
		2460
		2461	m, _ := mustDecodeHexString(wt.M, "m")
		2462
		2463	var cipherText, sharedSecret *C.uint8_t
		2464	var cipherTextLen, sharedSecretLen C.size_t
		2465	defer C.free(unsafe.Pointer(cipherText))
		2466	defer C.free(unsafe.Pointer(sharedSecret))
		2467
		2468	if C.MLKEM_encap_external_entropy(pubKey, (*C.uchar)(unsafe.Pointer(&m[0])), &cipherText, &cipherTextLen, &sharedSecret, &sharedSecretLen) != 1 {
		2469	fmt.Printf("FAIL: %s: MLKEM_encap_external_entropy\n", wt)
		2470	return false
		2471	}
		2472
		2473	if cipherTextLen != C.MLKEM_public_key_ciphertext_length(pubKey) {
		2474	fmt.Printf("FAIL: %s: ciphertext length mismatch\n", wt)
		2475	return false
		2476	}
		2477	gotC := unsafe.Slice((*byte)(unsafe.Pointer(cipherText)), cipherTextLen)
		2478
		2479	c, _ := mustDecodeHexString(wt.C, "c")
		2480	if bytes.Equal(c, gotC) != (wt.Result != "invalid") {
		2481	fmt.Printf("%s: ciphertext mismatch\nwant:\n%s\ngot:\n%s\n", wt, hex.Dump(c), hex.Dump(gotC))
		2482	}
		2483
		2484	if sharedSecretLen != C.MLKEM_SHARED_SECRET_LENGTH {
		2485	fmt.Printf("FAIL: %s: shared secret length mismatch\n", wt)
		2486	return false
		2487	}
		2488	gotK := unsafe.Slice((*byte)(unsafe.Pointer(sharedSecret)), sharedSecretLen)
		2489
		2490	k, _ := mustDecodeHexString(wt.K, "k")
		2491	if bytes.Equal(k, gotK) != (wt.Result != "invalid") {
		2492	fmt.Printf("%s: shared secret mismatch\nwant:\n%s\ngot:\n%s\n", wt, hex.Dump(k), hex.Dump(gotK))
2451	return false	2493	return false
2452	}	2494	}
2453		2495