summaryrefslogtreecommitdiff
path: root/src/regress/lib/libcrypto/mlkem/mlkem768_iteration_test.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/regress/lib/libcrypto/mlkem/mlkem768_iteration_test.c')
-rw-r--r--src/regress/lib/libcrypto/mlkem/mlkem768_iteration_test.c53
1 files changed, 21 insertions, 32 deletions
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem768_iteration_test.c b/src/regress/lib/libcrypto/mlkem/mlkem768_iteration_test.c
index e9866134eb..9517980d7b 100644
--- a/src/regress/lib/libcrypto/mlkem/mlkem768_iteration_test.c
+++ b/src/regress/lib/libcrypto/mlkem/mlkem768_iteration_test.c
@@ -1,7 +1,8 @@
1/* $OpenBSD: mlkem768_iteration_test.c,v 1.2 2024/12/14 19:16:24 tb Exp $ */ 1/* $OpenBSD: mlkem768_iteration_test.c,v 1.3 2024/12/20 00:07:12 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2024, Google Inc. 3 * Copyright (c) 2024 Google Inc.
4 * Copyright (c) 2024, Bob Beck <beck@obtuse.com> 4 * Copyright (c) 2024 Bob Beck <beck@obtuse.com>
5 * Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
5 * 6 *
6 * Permission to use, copy, modify, and/or distribute this software for any 7 * Permission to use, copy, modify, and/or distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above 8 * purpose with or without fee is hereby granted, provided that the above
@@ -16,32 +17,17 @@
16 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */ 18 */
18 19
20#include <err.h>
19#include <stdint.h> 21#include <stdint.h>
20#include <stdio.h> 22#include <stdio.h>
21#include <stdlib.h> 23#include <stdlib.h>
22 24
23#include <openssl/bytestring.h> 25#include "mlkem.h"
24#include <openssl/mlkem.h>
25 26
26#include "mlkem_internal.h" 27#include "mlkem_internal.h"
27#include "mlkem_tests_util.h" 28#include "mlkem_tests_util.h"
28#include "sha3_internal.h" 29#include "sha3_internal.h"
29 30
30static int
31encode_private_key(const struct MLKEM768_private_key *priv, uint8_t **out_buf,
32 size_t *out_len)
33{
34 CBB cbb;
35 if (!CBB_init(&cbb, MLKEM768_PUBLIC_KEY_BYTES))
36 return 0;
37 if (!MLKEM768_marshal_private_key(&cbb, priv))
38 return 0;
39 if (!CBB_finish(&cbb, out_buf, out_len))
40 return 0;
41 CBB_cleanup(&cbb);
42 return 1;
43}
44
45/* 31/*
46 * The structure of this test is taken from 32 * The structure of this test is taken from
47 * https://github.com/C2SP/CCTV/blob/main/ML-KEM/README.md?ref=words.filippo.io#accumulated-pq-crystals-vectors 33 * https://github.com/C2SP/CCTV/blob/main/ML-KEM/README.md?ref=words.filippo.io#accumulated-pq-crystals-vectors
@@ -52,8 +38,8 @@ encode_private_key(const struct MLKEM768_private_key *priv, uint8_t **out_buf,
52 * (The RNG stream starts with 7f9c2ba4e88f827d616045507605853e.) 38 * (The RNG stream starts with 7f9c2ba4e88f827d616045507605853e.)
53 */ 39 */
54 40
55static void 41static int
56MlkemIterativeTest() 42MlkemIterativeTest(void)
57{ 43{
58 /* https://github.com/C2SP/CCTV/tree/main/ML-KEM */ 44 /* https://github.com/C2SP/CCTV/tree/main/ML-KEM */
59 /* 45 /*
@@ -64,6 +50,7 @@ MlkemIterativeTest()
64 0x7f, 0x9c, 0x2b, 0xa4, 0xe8, 0x8f, 0x82, 0x7d, 0x61, 0x60, 0x45, 50 0x7f, 0x9c, 0x2b, 0xa4, 0xe8, 0x8f, 0x82, 0x7d, 0x61, 0x60, 0x45,
65 0x50, 0x76, 0x05, 0x85, 0x3e 51 0x50, 0x76, 0x05, 0x85, 0x3e
66 }; 52 };
53
67 /* 54 /*
68 * Filippo says: 55 * Filippo says:
69 * ML-KEM-768: f7db260e1137a742e05fe0db9525012812b004d29040a5b606aad3d134b548d3 56 * ML-KEM-768: f7db260e1137a742e05fe0db9525012812b004d29040a5b606aad3d134b548d3
@@ -100,8 +87,9 @@ MlkemIterativeTest()
100 */ 87 */
101 shake_out(&drng, seed, sizeof(seed)); 88 shake_out(&drng, seed, sizeof(seed));
102 if (i == 0) { 89 if (i == 0) {
103 TEST_DATAEQ(seed, kExpectedSeedStart, 90 if (compare_data(seed, kExpectedSeedStart,
104 sizeof(kExpectedSeedStart), "seed start"); 91 sizeof(kExpectedSeedStart), 0, "seed start") != 0)
92 errx(1, "compare_data");
105 } 93 }
106 94
107 /* generate ek as encoded_public_key */ 95 /* generate ek as encoded_public_key */
@@ -114,8 +102,9 @@ MlkemIterativeTest()
114 sizeof(encoded_public_key)); 102 sizeof(encoded_public_key));
115 103
116 /* marshal priv to dk as encoded_private_key */ 104 /* marshal priv to dk as encoded_private_key */
117 TEST(!encode_private_key(&priv, &encoded_private_key, 105 if (!mlkem768_encode_private_key(&priv, &encoded_private_key,
118 &encoded_private_key_len), "encode_private_key"); 106 &encoded_private_key_len))
107 errx(1, "mlkem768_encode_private_key");
119 108
120 /* hash in dk */ 109 /* hash in dk */
121 shake_update(&results, encoded_private_key, 110 shake_update(&results, encoded_private_key,
@@ -140,21 +129,21 @@ MlkemIterativeTest()
140 sizeof(invalid_ciphertext)); 129 sizeof(invalid_ciphertext));
141 130
142 /* generte k as shared secret from invalid ciphertext */ 131 /* generte k as shared secret from invalid ciphertext */
143 TEST(!MLKEM768_decap(shared_secret, invalid_ciphertext, 132 if (!MLKEM768_decap(shared_secret, invalid_ciphertext,
144 sizeof(invalid_ciphertext), &priv), "decap failed!"); 133 sizeof(invalid_ciphertext), &priv))
134 errx(1, "decap failed");
145 135
146 /* hash in k */ 136 /* hash in k */
147 shake_update(&results, shared_secret, sizeof(shared_secret)); 137 shake_update(&results, shared_secret, sizeof(shared_secret));
148 } 138 }
149 shake_xof(&results); 139 shake_xof(&results);
150 shake_out(&results, out, 32); 140 shake_out(&results, out, sizeof(out));
151 141
152 TEST_DATAEQ(out, kExpectedAdam, 32, "final result hash"); 142 return compare_data(kExpectedAdam, out, sizeof(out), i, "final result hash");
153} 143}
154 144
155int 145int
156main(int argc, char **argv) 146main(int argc, char **argv)
157{ 147{
158 MlkemIterativeTest(); 148 return MlkemIterativeTest();
159 exit(failure);
160} 149}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-03 17:13:52 +0000