1 files changed, 210 insertions, 177 deletions
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c b/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c
index b8779135e5..18bf128bea 100644
--- a/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c
+++ b/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c
@@ -1,7 +1,7 @@
-/*      $OpenBSD: mlkem_unittest.c,v 1.3 2024/12/14 19:16:24 tb Exp $ */
+/*      $OpenBSD: mlkem_unittest.c,v 1.4 2024/12/20 00:07:12 tb Exp $ */
 /*
- * Copyright (c) 2024, Google Inc.
+ * Copyright (c) 2024 Google Inc.
- * Copyright (c) 2024, Bob Beck <beck@obtuse.com>
+ * Copyright (c) 2024 Bob Beck <beck@obtuse.com>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
@@ -16,52 +16,22 @@
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
+#include <err.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <openssl/bytestring.h>
+#include "bytestring.h"
-#include <openssl/mlkem.h>
+#include "mlkem.h"
-#include "mlkem_internal.h"
 #include "mlkem_tests_util.h"
 static int
-encode_public_key(const struct MLKEM768_public_key *pub, uint8_t **out_buf,
+MlKem768UnitTest(void)
-    size_t *out_len)
 {
-        CBB cbb;
+        struct MLKEM768_private_key priv = { 0 }, priv2 = { 0 };
-        if (!CBB_init(&cbb, MLKEM768_PUBLIC_KEY_BYTES))
+        struct MLKEM768_public_key pub = { 0 }, pub2 = { 0 };
-                return 0;
-        if (!MLKEM768_marshal_public_key(&cbb, pub))
-                return 0;
-        if (!CBB_finish(&cbb, out_buf, out_len))
-                return 0;
-        CBB_cleanup(&cbb);
-        return 1;
-}
-static int
-encode_private_key(const struct MLKEM768_private_key *priv, uint8_t **out_buf,
-    size_t *out_len)
-{
-        CBB cbb;
-        if (!CBB_init(&cbb, MLKEM768_PUBLIC_KEY_BYTES))
-                return 0;
-        if (!MLKEM768_marshal_private_key(&cbb, priv))
-                return 0;
-        if (!CBB_finish(&cbb, out_buf, out_len))
-                return 0;
-        CBB_cleanup(&cbb);
-        return 1;
-}
-static void
-MlKem768UnitTest()
-{
-        struct MLKEM768_private_key *priv, *priv2;
-        struct MLKEM768_public_key *pub, *pub2;
        uint8_t encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES];
        uint8_t ciphertext[MLKEM768_CIPHERTEXT_BYTES];
        uint8_t shared_secret1[MLKEM_SHARED_SECRET_BYTES];
@@ -70,123 +40,138 @@ MlKem768UnitTest()
        uint8_t *encoded_private_key = NULL, *tmp_buf = NULL;
        size_t encoded_private_key_len, tmp_buf_len;
        CBS cbs;
+        int failed = 0;
-        fprintf(stderr, "ML-KEM 768...\n");
+        MLKEM768_generate_key(encoded_public_key, NULL, &priv);
-        MALLOC(priv, sizeof(struct MLKEM768_private_key));
-        MLKEM768_generate_key(encoded_public_key, NULL, priv);
        memcpy(first_two_bytes, encoded_public_key, sizeof(first_two_bytes));
        memset(encoded_public_key, 0xff, sizeof(first_two_bytes));
-        CBS_init(&cbs, encoded_public_key,
-            sizeof(encoded_public_key));
+        CBS_init(&cbs, encoded_public_key, sizeof(encoded_public_key));
-        MALLOC(pub, sizeof(struct MLKEM768_public_key));
-        /*  Parsing should fail because the first coefficient is >= kPrime; */
+        /* Parsing should fail because the first coefficient is >= kPrime. */
-        TEST(MLKEM768_parse_public_key(pub, &cbs),
+        if (MLKEM768_parse_public_key(&pub, &cbs)) {
-            "Kyber_parse_public_key should have failed");
+                warnx("MLKEM768_parse_public_key should have failed");
+                failed |= 1;
+        }
        memcpy(encoded_public_key, first_two_bytes, sizeof(first_two_bytes));
        CBS_init(&cbs, encoded_public_key, sizeof(encoded_public_key));
-        TEST(!MLKEM768_parse_public_key(pub, &cbs),
+        if (!MLKEM768_parse_public_key(&pub, &cbs)) {
-            "MLKEM768_parse_public_key");
+                warnx("MLKEM768_parse_public_key");
-        TEST(CBS_len(&cbs) != 0u, "CBS_len must be 0");
+                failed |= 1;
+        }
-        TEST(!encode_public_key(pub, &tmp_buf, &tmp_buf_len),
-            "encode_public_key");
+        if (CBS_len(&cbs) != 0u) {
-        TEST(sizeof(encoded_public_key) != tmp_buf_len,
+                warnx("CBS_len must be 0");
-            "encoded public key lengths differ");
+                failed |= 1;
-        TEST_DATAEQ(tmp_buf, encoded_public_key, tmp_buf_len,
+        }
-            "encoded public keys");
+        if (!mlkem768_encode_public_key(&pub, &tmp_buf, &tmp_buf_len)) {
+                warnx("encode_public_key");
+                failed |= 1;
+        }
+        if (sizeof(encoded_public_key) != tmp_buf_len) {
+                warnx("mlkem768 encoded public key lengths differ");
+                failed |= 1;
+        }
+        if (compare_data(encoded_public_key, tmp_buf, tmp_buf_len, 768,
+            "encoded public keys") != 0) {
+                warnx("compare_data");
+                failed |= 1;
+        }
        free(tmp_buf);
        tmp_buf = NULL;
-        MALLOC(pub2, sizeof(struct MLKEM768_public_key));
+        MLKEM768_public_from_private(&pub2, &priv);
-        MLKEM768_public_from_private(pub2, priv);
+        if (!mlkem768_encode_public_key(&pub2, &tmp_buf, &tmp_buf_len)) {
-        TEST(!encode_public_key(pub2, &tmp_buf, &tmp_buf_len),
+                warnx("mlkem768_encode_public_key");
-            "encode_public_key");
+                failed |= 1;
-        TEST(sizeof(encoded_public_key) != tmp_buf_len,
+        }
-            "encoded public key lengths differ");
+        if (sizeof(encoded_public_key) != tmp_buf_len) {
-        TEST_DATAEQ(tmp_buf, encoded_public_key, tmp_buf_len,
+                warnx("mlkem768 encoded public key lengths differ");
-            "encoded pubic keys");
+                failed |= 1;
+        }
+        if (compare_data(encoded_public_key, tmp_buf, tmp_buf_len, 768,
+            "encoded public keys") != 0) {
+                warnx("compare_data");
+                failed |= 1;
+        }
        free(tmp_buf);
        tmp_buf = NULL;
-        TEST(!encode_private_key(priv, &encoded_private_key,
+        if (!mlkem768_encode_private_key(&priv, &encoded_private_key,
-            &encoded_private_key_len), "encode_private_key");
+            &encoded_private_key_len)) {
+                warnx("mlkem768_encode_private_key");
+                failed |= 1;
+        }
        memcpy(first_two_bytes, encoded_private_key, sizeof(first_two_bytes));
        memset(encoded_private_key, 0xff, sizeof(first_two_bytes));
        CBS_init(&cbs, encoded_private_key, encoded_private_key_len);
-        MALLOC(priv2, sizeof(struct MLKEM768_private_key));
        /*  Parsing should fail because the first coefficient is >= kPrime. */
-        TEST(MLKEM768_parse_private_key(priv2, &cbs), "Should not have parsed");
+        if (MLKEM768_parse_private_key(&priv2, &cbs)) {
+                warnx("MLKEM768_parse_private_key should have failed");
+                failed |= 1;
+        }
        memcpy(encoded_private_key, first_two_bytes, sizeof(first_two_bytes));
        CBS_init(&cbs, encoded_private_key, encoded_private_key_len);
-        TEST(!MLKEM768_parse_private_key(priv2, &cbs),
-            "MLKEM768_parse_private_key");
+        if (!MLKEM768_parse_private_key(&priv2, &cbs)) {
-        TEST(!encode_private_key(priv2, &tmp_buf, &tmp_buf_len),
+                warnx("MLKEM768_parse_private_key");
-            "encode_private_key");
+                failed |= 1;
-        TEST(encoded_private_key_len != tmp_buf_len,
+        }
-            "encoded private key lengths differ");
-        TEST_DATAEQ(tmp_buf, encoded_private_key, encoded_private_key_len,
+        if (!mlkem768_encode_private_key(&priv2, &tmp_buf, &tmp_buf_len)) {
-            "encoded private keys");
+                warnx("mlkem768_encode_private_key");
+                failed |= 1;
+        }
+        if (encoded_private_key_len != tmp_buf_len) {
+                warnx("mlkem768 encode private key lengths differ");
+                failed |= 1;
+        }
+        if (compare_data(encoded_private_key, tmp_buf, tmp_buf_len, 768,
+            "encoded private key") != 0) {
+                warnx("compare_data");
+                failed |= 1;
+        }
        free(tmp_buf);
        tmp_buf = NULL;
-        MLKEM768_encap(ciphertext, shared_secret1, pub);
+        MLKEM768_encap(ciphertext, shared_secret1, &pub);
        MLKEM768_decap(shared_secret2, ciphertext, MLKEM768_CIPHERTEXT_BYTES,
-            priv);
+            &priv);
-        TEST_DATAEQ(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES,
+        if (compare_data(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES,
-            "shared secrets with priv");
+            768, "shared secrets with priv") != 0) {
+                warnx("compare_data");
+                failed |= 1;
+        }
        MLKEM768_decap(shared_secret2, ciphertext, MLKEM768_CIPHERTEXT_BYTES,
-            priv2);
+            &priv2);
-        TEST_DATAEQ(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES,
+        if (compare_data(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES,
-            "shared secrets with priv2");
+            768, "shared secrets with priv2") != 0) {
+                warnx("compare_data");
+                failed |= 1;
+        }
        free(encoded_private_key);
-        free(pub);
-        free(pub2);
-        free(priv);
-        free(priv2);
-}
-static int
+        return failed;
-encode_1024public_key(const struct MLKEM1024_public_key *pub, uint8_t **out_buf,
-    size_t *out_len)
-{
-        CBB cbb;
-        if (!CBB_init(&cbb, MLKEM1024_PUBLIC_KEY_BYTES))
-                return 0;
-        if (!MLKEM1024_marshal_public_key(&cbb, pub))
-                return 0;
-        if (!CBB_finish(&cbb, out_buf, out_len))
-                return 0;
-        CBB_cleanup(&cbb);
-        return 1;
 }
 static int
-encode_1024private_key(const struct MLKEM1024_private_key *priv, uint8_t **out_buf,
+MlKem1024UnitTest(void)
-    size_t *out_len)
-{
-        CBB cbb;
-        if (!CBB_init(&cbb, MLKEM1024_PUBLIC_KEY_BYTES))
-                return 0;
-        if (!MLKEM1024_marshal_private_key(&cbb, priv))
-                return 0;
-        if (!CBB_finish(&cbb, out_buf, out_len))
-                return 0;
-        CBB_cleanup(&cbb);
-        return 1;
-}
-static void
-MlKem1024UnitTest()
 {
-        struct MLKEM1024_private_key *priv, *priv2;
+        struct MLKEM1024_private_key priv = { 0 }, priv2 = { 0 };
-        struct MLKEM1024_public_key *pub, *pub2;
+        struct MLKEM1024_public_key pub = { 0 }, pub2 = { 0 };
        uint8_t encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES];
        uint8_t ciphertext[MLKEM1024_CIPHERTEXT_BYTES];
        uint8_t shared_secret1[MLKEM_SHARED_SECRET_BYTES];
@@ -195,92 +180,140 @@ MlKem1024UnitTest()
        uint8_t *encoded_private_key = NULL, *tmp_buf = NULL;
        size_t encoded_private_key_len, tmp_buf_len;
        CBS cbs;
+        int failed = 0;
-        fprintf(stderr, "ML-KEM 1024...\n");
+        MLKEM1024_generate_key(encoded_public_key, NULL, &priv);
-        MALLOC(priv, sizeof(struct MLKEM1024_private_key));
-        MLKEM1024_generate_key(encoded_public_key, NULL, priv);
        memcpy(first_two_bytes, encoded_public_key, sizeof(first_two_bytes));
        memset(encoded_public_key, 0xff, sizeof(first_two_bytes));
-        CBS_init(&cbs, encoded_public_key,
-            sizeof(encoded_public_key));
+        CBS_init(&cbs, encoded_public_key, sizeof(encoded_public_key));
-        MALLOC(pub, sizeof(struct MLKEM1024_public_key));
-        /*  Parsing should fail because the first coefficient is >= kPrime; */
+        /* Parsing should fail because the first coefficient is >= kPrime. */
-        TEST(MLKEM1024_parse_public_key(pub, &cbs),
+        if (MLKEM1024_parse_public_key(&pub, &cbs)) {
-            "Kyber_parse_public_key should have failed");
+                warnx("MLKEM1024_parse_public_key should have failed");
+                failed |= 1;
+        }
        memcpy(encoded_public_key, first_two_bytes, sizeof(first_two_bytes));
        CBS_init(&cbs, encoded_public_key, sizeof(encoded_public_key));
-        TEST(!MLKEM1024_parse_public_key(pub, &cbs),
+        if (!MLKEM1024_parse_public_key(&pub, &cbs)) {
-            "MLKEM1024_parse_public_key");
+                warnx("MLKEM1024_parse_public_key");
-        TEST(CBS_len(&cbs) != 0u, "CBS_len must be 0");
+                failed |= 1;
+        }
-        TEST(!encode_1024public_key(pub, &tmp_buf, &tmp_buf_len),
-            "encode_1024public_key");
+        if (CBS_len(&cbs) != 0u) {
-        TEST(sizeof(encoded_public_key) != tmp_buf_len,
+                warnx("CBS_len must be 0");
-            "encoded public key lengths differ");
+                failed |= 1;
-        TEST_DATAEQ(tmp_buf, encoded_public_key, tmp_buf_len,
+        }
-            "encoded public keys");
+        if (!mlkem1024_encode_public_key(&pub, &tmp_buf, &tmp_buf_len)) {
+                warnx("encode_public_key");
+                failed |= 1;
+        }
+        if (sizeof(encoded_public_key) != tmp_buf_len) {
+                warnx("mlkem1024 encoded public key lengths differ");
+                failed |= 1;
+        }
+        if (compare_data(encoded_public_key, tmp_buf, tmp_buf_len, 1024,
+            "encoded public keys") != 0) {
+                warnx("compare_data");
+                failed |= 1;
+        }
        free(tmp_buf);
        tmp_buf = NULL;
-        MALLOC(pub2, sizeof(struct MLKEM1024_public_key));
+        MLKEM1024_public_from_private(&pub2, &priv);
-        MLKEM1024_public_from_private(pub2, priv);
+        if (!mlkem1024_encode_public_key(&pub2, &tmp_buf, &tmp_buf_len)) {
-        TEST(!encode_1024public_key(pub2, &tmp_buf, &tmp_buf_len),
+                warnx("mlkem1024_encode_public_key");
-            "encode_public_key");
+                failed |= 1;
-        TEST(sizeof(encoded_public_key) != tmp_buf_len,
+        }
-            "encoded public key lengths differ");
+        if (sizeof(encoded_public_key) != tmp_buf_len) {
-        TEST_DATAEQ(tmp_buf, encoded_public_key, tmp_buf_len,
+                warnx("mlkem1024 encoded public key lengths differ");
-            "encoded pubic keys");
+                failed |= 1;
+        }
+        if (compare_data(encoded_public_key, tmp_buf, tmp_buf_len, 1024,
+            "encoded public keys") != 0) {
+                warnx("compare_data");
+                failed |= 1;
+        }
        free(tmp_buf);
        tmp_buf = NULL;
-        TEST(!encode_1024private_key(priv, &encoded_private_key,
+        if (!mlkem1024_encode_private_key(&priv, &encoded_private_key,
-            &encoded_private_key_len), "encode_1024private_key");
+            &encoded_private_key_len)) {
+                warnx("mlkem1024_encode_private_key");
+                failed |= 1;
+        }
        memcpy(first_two_bytes, encoded_private_key, sizeof(first_two_bytes));
        memset(encoded_private_key, 0xff, sizeof(first_two_bytes));
        CBS_init(&cbs, encoded_private_key, encoded_private_key_len);
-        MALLOC(priv2, sizeof(struct MLKEM1024_private_key));
        /*  Parsing should fail because the first coefficient is >= kPrime. */
-        TEST(MLKEM1024_parse_private_key(priv2, &cbs), "Should not have parsed");
+        if (MLKEM1024_parse_private_key(&priv2, &cbs)) {
+                warnx("MLKEM1024_parse_private_key should have failed");
+                failed |= 1;
+        }
        memcpy(encoded_private_key, first_two_bytes, sizeof(first_two_bytes));
        CBS_init(&cbs, encoded_private_key, encoded_private_key_len);
-        TEST(!MLKEM1024_parse_private_key(priv2, &cbs),
-            "MLKEM1024_parse_private_key");
+        if (!MLKEM1024_parse_private_key(&priv2, &cbs)) {
-        TEST(!encode_1024private_key(priv2, &tmp_buf, &tmp_buf_len),
+                warnx("MLKEM1024_parse_private_key");
-            "encode_private_key");
+                failed |= 1;
-        TEST(encoded_private_key_len != tmp_buf_len,
+        }
-            "encoded private key lengths differ");
-        TEST_DATAEQ(tmp_buf, encoded_private_key, encoded_private_key_len,
+        if (!mlkem1024_encode_private_key(&priv2, &tmp_buf, &tmp_buf_len)) {
-            "encoded private keys");
+                warnx("mlkem1024_encode_private_key");
+                failed |= 1;
+        }
+        if (encoded_private_key_len != tmp_buf_len) {
+                warnx("mlkem1024 encode private key lengths differ");
+                failed |= 1;
+        }
+        if (compare_data(encoded_private_key, tmp_buf, tmp_buf_len, 1024,
+            "encoded private key") != 0) {
+                warnx("compare_data");
+                failed |= 1;
+        }
        free(tmp_buf);
        tmp_buf = NULL;
-        MLKEM1024_encap(ciphertext, shared_secret1, pub);
+        MLKEM1024_encap(ciphertext, shared_secret1, &pub);
        MLKEM1024_decap(shared_secret2, ciphertext, MLKEM1024_CIPHERTEXT_BYTES,
-            priv);
+            &priv);
-        TEST_DATAEQ(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES,
+        if (compare_data(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES,
-            "shared secrets with priv");
+            1024, "shared secrets with priv") != 0) {
+                warnx("compare_data");
+                failed |= 1;
+        }
        MLKEM1024_decap(shared_secret2, ciphertext, MLKEM1024_CIPHERTEXT_BYTES,
-            priv2);
+            &priv2);
-        TEST_DATAEQ(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES,
+        if (compare_data(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES,
-            "shared secrets with priv2");
+            1024, "shared secrets with priv2") != 0) {
+                warnx("compare_data");
+                failed |= 1;
+        }
        free(encoded_private_key);
-        free(pub);
-        free(pub2);
+        return failed;
-        free(priv);
-        free(priv2);
 }
 int
 main(int argc, char **argv)
 {
-        MlKem768UnitTest();
+        int failed = 0;
-        MlKem1024UnitTest();
+        failed |= MlKem768UnitTest();
+        failed |= MlKem1024UnitTest();
-        exit(failure);
+        return failed;
 }

diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c b/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c index b8779135e5..18bf128bea 100644 --- a/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c +++ b/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c
@@ -1,7 +1,7 @@
1	/* $OpenBSD: mlkem_unittest.c,v 1.3 2024/12/14 19:16:24 tb Exp $ */	1	/* $OpenBSD: mlkem_unittest.c,v 1.4 2024/12/20 00:07:12 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2024, Google Inc.	3	* Copyright (c) 2024 Google Inc.
4	* Copyright (c) 2024, Bob Beck <beck@obtuse.com>	4	* Copyright (c) 2024 Bob Beck <beck@obtuse.com>
5	*	5	*
6	* Permission to use, copy, modify, and/or distribute this software for any	6	* Permission to use, copy, modify, and/or distribute this software for any
7	* purpose with or without fee is hereby granted, provided that the above	7	* purpose with or without fee is hereby granted, provided that the above
@@ -16,52 +16,22 @@
16	* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	16	* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17	*/	17	*/
18		18
		19	#include <err.h>
19	#include <stdint.h>	20	#include <stdint.h>
20	#include <stdio.h>	21	#include <stdio.h>
21	#include <stdlib.h>	22	#include <stdlib.h>
22	#include <string.h>	23	#include <string.h>
23		24
24	#include <openssl/bytestring.h>	25	#include "bytestring.h"
25	#include <openssl/mlkem.h>	26	#include "mlkem.h"
26		27
27	#include "mlkem_internal.h"
28	#include "mlkem_tests_util.h"	28	#include "mlkem_tests_util.h"
29		29
30	static int	30	static int
31	encode_public_key(const struct MLKEM768_public_key pub, uint8_t *out_buf,	31	MlKem768UnitTest(void)
32	size_t *out_len)
33	{	32	{
34	CBB cbb;	33	struct MLKEM768_private_key priv = { 0 }, priv2 = { 0 };
35	if (!CBB_init(&cbb, MLKEM768_PUBLIC_KEY_BYTES))	34	struct MLKEM768_public_key pub = { 0 }, pub2 = { 0 };
36	return 0;
37	if (!MLKEM768_marshal_public_key(&cbb, pub))
38	return 0;
39	if (!CBB_finish(&cbb, out_buf, out_len))
40	return 0;
41	CBB_cleanup(&cbb);
42	return 1;
43	}
44
45	static int
46	encode_private_key(const struct MLKEM768_private_key priv, uint8_t *out_buf,
47	size_t *out_len)
48	{
49	CBB cbb;
50	if (!CBB_init(&cbb, MLKEM768_PUBLIC_KEY_BYTES))
51	return 0;
52	if (!MLKEM768_marshal_private_key(&cbb, priv))
53	return 0;
54	if (!CBB_finish(&cbb, out_buf, out_len))
55	return 0;
56	CBB_cleanup(&cbb);
57	return 1;
58	}
59
60	static void
61	MlKem768UnitTest()
62	{
63	struct MLKEM768_private_key priv, priv2;
64	struct MLKEM768_public_key pub, pub2;
65	uint8_t encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES];	35	uint8_t encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES];
66	uint8_t ciphertext[MLKEM768_CIPHERTEXT_BYTES];	36	uint8_t ciphertext[MLKEM768_CIPHERTEXT_BYTES];
67	uint8_t shared_secret1[MLKEM_SHARED_SECRET_BYTES];	37	uint8_t shared_secret1[MLKEM_SHARED_SECRET_BYTES];
@@ -70,123 +40,138 @@ MlKem768UnitTest()
70	uint8_t encoded_private_key = NULL, tmp_buf = NULL;	40	uint8_t encoded_private_key = NULL, tmp_buf = NULL;
71	size_t encoded_private_key_len, tmp_buf_len;	41	size_t encoded_private_key_len, tmp_buf_len;
72	CBS cbs;	42	CBS cbs;
		43	int failed = 0;
73		44
74	fprintf(stderr, "ML-KEM 768...\n");	45	MLKEM768_generate_key(encoded_public_key, NULL, &priv);
75
76	MALLOC(priv, sizeof(struct MLKEM768_private_key));
77	MLKEM768_generate_key(encoded_public_key, NULL, priv);
78		46
79	memcpy(first_two_bytes, encoded_public_key, sizeof(first_two_bytes));	47	memcpy(first_two_bytes, encoded_public_key, sizeof(first_two_bytes));
80	memset(encoded_public_key, 0xff, sizeof(first_two_bytes));	48	memset(encoded_public_key, 0xff, sizeof(first_two_bytes));
81	CBS_init(&cbs, encoded_public_key,	49
82	sizeof(encoded_public_key));	50	CBS_init(&cbs, encoded_public_key, sizeof(encoded_public_key));
83	MALLOC(pub, sizeof(struct MLKEM768_public_key));	51
84	/* Parsing should fail because the first coefficient is >= kPrime; */	52	/* Parsing should fail because the first coefficient is >= kPrime. */
85	TEST(MLKEM768_parse_public_key(pub, &cbs),	53	if (MLKEM768_parse_public_key(&pub, &cbs)) {
86	"Kyber_parse_public_key should have failed");	54	warnx("MLKEM768_parse_public_key should have failed");
		55	failed \|= 1;
		56	}
87		57
88	memcpy(encoded_public_key, first_two_bytes, sizeof(first_two_bytes));	58	memcpy(encoded_public_key, first_two_bytes, sizeof(first_two_bytes));
89	CBS_init(&cbs, encoded_public_key, sizeof(encoded_public_key));	59	CBS_init(&cbs, encoded_public_key, sizeof(encoded_public_key));
90	TEST(!MLKEM768_parse_public_key(pub, &cbs),	60	if (!MLKEM768_parse_public_key(&pub, &cbs)) {
91	"MLKEM768_parse_public_key");	61	warnx("MLKEM768_parse_public_key");
92	TEST(CBS_len(&cbs) != 0u, "CBS_len must be 0");	62	failed \|= 1;
93		63	}
94	TEST(!encode_public_key(pub, &tmp_buf, &tmp_buf_len),	64
95	"encode_public_key");	65	if (CBS_len(&cbs) != 0u) {
96	TEST(sizeof(encoded_public_key) != tmp_buf_len,	66	warnx("CBS_len must be 0");
97	"encoded public key lengths differ");	67	failed \|= 1;
98	TEST_DATAEQ(tmp_buf, encoded_public_key, tmp_buf_len,	68	}
99	"encoded public keys");	69
		70	if (!mlkem768_encode_public_key(&pub, &tmp_buf, &tmp_buf_len)) {
		71	warnx("encode_public_key");
		72	failed \|= 1;
		73	}
		74	if (sizeof(encoded_public_key) != tmp_buf_len) {
		75	warnx("mlkem768 encoded public key lengths differ");
		76	failed \|= 1;
		77	}
		78
		79	if (compare_data(encoded_public_key, tmp_buf, tmp_buf_len, 768,
		80	"encoded public keys") != 0) {
		81	warnx("compare_data");
		82	failed \|= 1;
		83	}
100	free(tmp_buf);	84	free(tmp_buf);
101	tmp_buf = NULL;	85	tmp_buf = NULL;
102		86
103	MALLOC(pub2, sizeof(struct MLKEM768_public_key));	87	MLKEM768_public_from_private(&pub2, &priv);
104	MLKEM768_public_from_private(pub2, priv);	88	if (!mlkem768_encode_public_key(&pub2, &tmp_buf, &tmp_buf_len)) {
105	TEST(!encode_public_key(pub2, &tmp_buf, &tmp_buf_len),	89	warnx("mlkem768_encode_public_key");
106	"encode_public_key");	90	failed \|= 1;
107	TEST(sizeof(encoded_public_key) != tmp_buf_len,	91	}
108	"encoded public key lengths differ");	92	if (sizeof(encoded_public_key) != tmp_buf_len) {
109	TEST_DATAEQ(tmp_buf, encoded_public_key, tmp_buf_len,	93	warnx("mlkem768 encoded public key lengths differ");
110	"encoded pubic keys");	94	failed \|= 1;
		95	}
		96
		97	if (compare_data(encoded_public_key, tmp_buf, tmp_buf_len, 768,
		98	"encoded public keys") != 0) {
		99	warnx("compare_data");
		100	failed \|= 1;
		101	}
111	free(tmp_buf);	102	free(tmp_buf);
112	tmp_buf = NULL;	103	tmp_buf = NULL;
113		104
114	TEST(!encode_private_key(priv, &encoded_private_key,	105	if (!mlkem768_encode_private_key(&priv, &encoded_private_key,
115	&encoded_private_key_len), "encode_private_key");	106	&encoded_private_key_len)) {
		107	warnx("mlkem768_encode_private_key");
		108	failed \|= 1;
		109	}
116		110
117	memcpy(first_two_bytes, encoded_private_key, sizeof(first_two_bytes));	111	memcpy(first_two_bytes, encoded_private_key, sizeof(first_two_bytes));
118	memset(encoded_private_key, 0xff, sizeof(first_two_bytes));	112	memset(encoded_private_key, 0xff, sizeof(first_two_bytes));
119	CBS_init(&cbs, encoded_private_key, encoded_private_key_len);	113	CBS_init(&cbs, encoded_private_key, encoded_private_key_len);
120	MALLOC(priv2, sizeof(struct MLKEM768_private_key));	114
121	/* Parsing should fail because the first coefficient is >= kPrime. */	115	/* Parsing should fail because the first coefficient is >= kPrime. */
122	TEST(MLKEM768_parse_private_key(priv2, &cbs), "Should not have parsed");	116	if (MLKEM768_parse_private_key(&priv2, &cbs)) {
		117	warnx("MLKEM768_parse_private_key should have failed");
		118	failed \|= 1;
		119	}
123		120
124	memcpy(encoded_private_key, first_two_bytes, sizeof(first_two_bytes));	121	memcpy(encoded_private_key, first_two_bytes, sizeof(first_two_bytes));
125	CBS_init(&cbs, encoded_private_key, encoded_private_key_len);	122	CBS_init(&cbs, encoded_private_key, encoded_private_key_len);
126	TEST(!MLKEM768_parse_private_key(priv2, &cbs),	123
127	"MLKEM768_parse_private_key");	124	if (!MLKEM768_parse_private_key(&priv2, &cbs)) {
128	TEST(!encode_private_key(priv2, &tmp_buf, &tmp_buf_len),	125	warnx("MLKEM768_parse_private_key");
129	"encode_private_key");	126	failed \|= 1;
130	TEST(encoded_private_key_len != tmp_buf_len,	127	}
131	"encoded private key lengths differ");	128
132	TEST_DATAEQ(tmp_buf, encoded_private_key, encoded_private_key_len,	129	if (!mlkem768_encode_private_key(&priv2, &tmp_buf, &tmp_buf_len)) {
133	"encoded private keys");	130	warnx("mlkem768_encode_private_key");
		131	failed \|= 1;
		132	}
		133
		134	if (encoded_private_key_len != tmp_buf_len) {
		135	warnx("mlkem768 encode private key lengths differ");
		136	failed \|= 1;
		137	}
		138
		139	if (compare_data(encoded_private_key, tmp_buf, tmp_buf_len, 768,
		140	"encoded private key") != 0) {
		141	warnx("compare_data");
		142	failed \|= 1;
		143	}
		144
134	free(tmp_buf);	145	free(tmp_buf);
135	tmp_buf = NULL;	146	tmp_buf = NULL;
136		147
137	MLKEM768_encap(ciphertext, shared_secret1, pub);	148	MLKEM768_encap(ciphertext, shared_secret1, &pub);
138	MLKEM768_decap(shared_secret2, ciphertext, MLKEM768_CIPHERTEXT_BYTES,	149	MLKEM768_decap(shared_secret2, ciphertext, MLKEM768_CIPHERTEXT_BYTES,
139	priv);	150	&priv);
140	TEST_DATAEQ(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES,	151	if (compare_data(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES,
141	"shared secrets with priv");	152	768, "shared secrets with priv") != 0) {
		153	warnx("compare_data");
		154	failed \|= 1;
		155	}
		156
142	MLKEM768_decap(shared_secret2, ciphertext, MLKEM768_CIPHERTEXT_BYTES,	157	MLKEM768_decap(shared_secret2, ciphertext, MLKEM768_CIPHERTEXT_BYTES,
143	priv2);	158	&priv2);
144	TEST_DATAEQ(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES,	159	if (compare_data(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES,
145	"shared secrets with priv2");	160	768, "shared secrets with priv2") != 0) {
		161	warnx("compare_data");
		162	failed \|= 1;
		163	}
146		164
147	free(encoded_private_key);	165	free(encoded_private_key);
148	free(pub);
149	free(pub2);
150	free(priv);
151	free(priv2);
152
153	}
154		166
155	static int	167	return failed;
156	encode_1024public_key(const struct MLKEM1024_public_key pub, uint8_t *out_buf,
157	size_t *out_len)
158	{
159	CBB cbb;
160	if (!CBB_init(&cbb, MLKEM1024_PUBLIC_KEY_BYTES))
161	return 0;
162	if (!MLKEM1024_marshal_public_key(&cbb, pub))
163	return 0;
164	if (!CBB_finish(&cbb, out_buf, out_len))
165	return 0;
166	CBB_cleanup(&cbb);
167	return 1;
168	}	168	}
169		169
170	static int	170	static int
171	encode_1024private_key(const struct MLKEM1024_private_key priv, uint8_t *out_buf,	171	MlKem1024UnitTest(void)
172	size_t *out_len)
173	{
174	CBB cbb;
175	if (!CBB_init(&cbb, MLKEM1024_PUBLIC_KEY_BYTES))
176	return 0;
177	if (!MLKEM1024_marshal_private_key(&cbb, priv))
178	return 0;
179	if (!CBB_finish(&cbb, out_buf, out_len))
180	return 0;
181	CBB_cleanup(&cbb);
182	return 1;
183	}
184
185	static void
186	MlKem1024UnitTest()
187	{	172	{
188	struct MLKEM1024_private_key priv, priv2;	173	struct MLKEM1024_private_key priv = { 0 }, priv2 = { 0 };
189	struct MLKEM1024_public_key pub, pub2;	174	struct MLKEM1024_public_key pub = { 0 }, pub2 = { 0 };
190	uint8_t encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES];	175	uint8_t encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES];
191	uint8_t ciphertext[MLKEM1024_CIPHERTEXT_BYTES];	176	uint8_t ciphertext[MLKEM1024_CIPHERTEXT_BYTES];
192	uint8_t shared_secret1[MLKEM_SHARED_SECRET_BYTES];	177	uint8_t shared_secret1[MLKEM_SHARED_SECRET_BYTES];
@@ -195,92 +180,140 @@ MlKem1024UnitTest()
195	uint8_t encoded_private_key = NULL, tmp_buf = NULL;	180	uint8_t encoded_private_key = NULL, tmp_buf = NULL;
196	size_t encoded_private_key_len, tmp_buf_len;	181	size_t encoded_private_key_len, tmp_buf_len;
197	CBS cbs;	182	CBS cbs;
		183	int failed = 0;
198		184
199	fprintf(stderr, "ML-KEM 1024...\n");	185	MLKEM1024_generate_key(encoded_public_key, NULL, &priv);
200
201	MALLOC(priv, sizeof(struct MLKEM1024_private_key));
202	MLKEM1024_generate_key(encoded_public_key, NULL, priv);
203		186
204	memcpy(first_two_bytes, encoded_public_key, sizeof(first_two_bytes));	187	memcpy(first_two_bytes, encoded_public_key, sizeof(first_two_bytes));
205	memset(encoded_public_key, 0xff, sizeof(first_two_bytes));	188	memset(encoded_public_key, 0xff, sizeof(first_two_bytes));
206	CBS_init(&cbs, encoded_public_key,	189
207	sizeof(encoded_public_key));	190	CBS_init(&cbs, encoded_public_key, sizeof(encoded_public_key));
208	MALLOC(pub, sizeof(struct MLKEM1024_public_key));	191
209	/* Parsing should fail because the first coefficient is >= kPrime; */	192	/* Parsing should fail because the first coefficient is >= kPrime. */
210	TEST(MLKEM1024_parse_public_key(pub, &cbs),	193	if (MLKEM1024_parse_public_key(&pub, &cbs)) {
211	"Kyber_parse_public_key should have failed");	194	warnx("MLKEM1024_parse_public_key should have failed");
		195	failed \|= 1;
		196	}
212		197
213	memcpy(encoded_public_key, first_two_bytes, sizeof(first_two_bytes));	198	memcpy(encoded_public_key, first_two_bytes, sizeof(first_two_bytes));
214	CBS_init(&cbs, encoded_public_key, sizeof(encoded_public_key));	199	CBS_init(&cbs, encoded_public_key, sizeof(encoded_public_key));
215	TEST(!MLKEM1024_parse_public_key(pub, &cbs),	200	if (!MLKEM1024_parse_public_key(&pub, &cbs)) {
216	"MLKEM1024_parse_public_key");	201	warnx("MLKEM1024_parse_public_key");
217	TEST(CBS_len(&cbs) != 0u, "CBS_len must be 0");	202	failed \|= 1;
218		203	}
219	TEST(!encode_1024public_key(pub, &tmp_buf, &tmp_buf_len),	204
220	"encode_1024public_key");	205	if (CBS_len(&cbs) != 0u) {
221	TEST(sizeof(encoded_public_key) != tmp_buf_len,	206	warnx("CBS_len must be 0");
222	"encoded public key lengths differ");	207	failed \|= 1;
223	TEST_DATAEQ(tmp_buf, encoded_public_key, tmp_buf_len,	208	}
224	"encoded public keys");	209
		210	if (!mlkem1024_encode_public_key(&pub, &tmp_buf, &tmp_buf_len)) {
		211	warnx("encode_public_key");
		212	failed \|= 1;
		213	}
		214	if (sizeof(encoded_public_key) != tmp_buf_len) {
		215	warnx("mlkem1024 encoded public key lengths differ");
		216	failed \|= 1;
		217	}
		218
		219	if (compare_data(encoded_public_key, tmp_buf, tmp_buf_len, 1024,
		220	"encoded public keys") != 0) {
		221	warnx("compare_data");
		222	failed \|= 1;
		223	}
225	free(tmp_buf);	224	free(tmp_buf);
226	tmp_buf = NULL;	225	tmp_buf = NULL;
227		226
228	MALLOC(pub2, sizeof(struct MLKEM1024_public_key));	227	MLKEM1024_public_from_private(&pub2, &priv);
229	MLKEM1024_public_from_private(pub2, priv);	228	if (!mlkem1024_encode_public_key(&pub2, &tmp_buf, &tmp_buf_len)) {
230	TEST(!encode_1024public_key(pub2, &tmp_buf, &tmp_buf_len),	229	warnx("mlkem1024_encode_public_key");
231	"encode_public_key");	230	failed \|= 1;
232	TEST(sizeof(encoded_public_key) != tmp_buf_len,	231	}
233	"encoded public key lengths differ");	232	if (sizeof(encoded_public_key) != tmp_buf_len) {
234	TEST_DATAEQ(tmp_buf, encoded_public_key, tmp_buf_len,	233	warnx("mlkem1024 encoded public key lengths differ");
235	"encoded pubic keys");	234	failed \|= 1;
		235	}
		236
		237	if (compare_data(encoded_public_key, tmp_buf, tmp_buf_len, 1024,
		238	"encoded public keys") != 0) {
		239	warnx("compare_data");
		240	failed \|= 1;
		241	}
236	free(tmp_buf);	242	free(tmp_buf);
237	tmp_buf = NULL;	243	tmp_buf = NULL;
238		244
239	TEST(!encode_1024private_key(priv, &encoded_private_key,	245	if (!mlkem1024_encode_private_key(&priv, &encoded_private_key,
240	&encoded_private_key_len), "encode_1024private_key");	246	&encoded_private_key_len)) {
		247	warnx("mlkem1024_encode_private_key");
		248	failed \|= 1;
		249	}
241		250
242	memcpy(first_two_bytes, encoded_private_key, sizeof(first_two_bytes));	251	memcpy(first_two_bytes, encoded_private_key, sizeof(first_two_bytes));
243	memset(encoded_private_key, 0xff, sizeof(first_two_bytes));	252	memset(encoded_private_key, 0xff, sizeof(first_two_bytes));
244	CBS_init(&cbs, encoded_private_key, encoded_private_key_len);	253	CBS_init(&cbs, encoded_private_key, encoded_private_key_len);
245	MALLOC(priv2, sizeof(struct MLKEM1024_private_key));	254
246	/* Parsing should fail because the first coefficient is >= kPrime. */	255	/* Parsing should fail because the first coefficient is >= kPrime. */
247	TEST(MLKEM1024_parse_private_key(priv2, &cbs), "Should not have parsed");	256	if (MLKEM1024_parse_private_key(&priv2, &cbs)) {
		257	warnx("MLKEM1024_parse_private_key should have failed");
		258	failed \|= 1;
		259	}
248		260
249	memcpy(encoded_private_key, first_two_bytes, sizeof(first_two_bytes));	261	memcpy(encoded_private_key, first_two_bytes, sizeof(first_two_bytes));
250	CBS_init(&cbs, encoded_private_key, encoded_private_key_len);	262	CBS_init(&cbs, encoded_private_key, encoded_private_key_len);
251	TEST(!MLKEM1024_parse_private_key(priv2, &cbs),	263
252	"MLKEM1024_parse_private_key");	264	if (!MLKEM1024_parse_private_key(&priv2, &cbs)) {
253	TEST(!encode_1024private_key(priv2, &tmp_buf, &tmp_buf_len),	265	warnx("MLKEM1024_parse_private_key");
254	"encode_private_key");	266	failed \|= 1;
255	TEST(encoded_private_key_len != tmp_buf_len,	267	}
256	"encoded private key lengths differ");	268
257	TEST_DATAEQ(tmp_buf, encoded_private_key, encoded_private_key_len,	269	if (!mlkem1024_encode_private_key(&priv2, &tmp_buf, &tmp_buf_len)) {
258	"encoded private keys");	270	warnx("mlkem1024_encode_private_key");
		271	failed \|= 1;
		272	}
		273
		274	if (encoded_private_key_len != tmp_buf_len) {
		275	warnx("mlkem1024 encode private key lengths differ");
		276	failed \|= 1;
		277	}
		278
		279	if (compare_data(encoded_private_key, tmp_buf, tmp_buf_len, 1024,
		280	"encoded private key") != 0) {
		281	warnx("compare_data");
		282	failed \|= 1;
		283	}
		284
259	free(tmp_buf);	285	free(tmp_buf);
260	tmp_buf = NULL;	286	tmp_buf = NULL;
261		287
262	MLKEM1024_encap(ciphertext, shared_secret1, pub);	288	MLKEM1024_encap(ciphertext, shared_secret1, &pub);
263	MLKEM1024_decap(shared_secret2, ciphertext, MLKEM1024_CIPHERTEXT_BYTES,	289	MLKEM1024_decap(shared_secret2, ciphertext, MLKEM1024_CIPHERTEXT_BYTES,
264	priv);	290	&priv);
265	TEST_DATAEQ(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES,	291	if (compare_data(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES,
266	"shared secrets with priv");	292	1024, "shared secrets with priv") != 0) {
		293	warnx("compare_data");
		294	failed \|= 1;
		295	}
		296
267	MLKEM1024_decap(shared_secret2, ciphertext, MLKEM1024_CIPHERTEXT_BYTES,	297	MLKEM1024_decap(shared_secret2, ciphertext, MLKEM1024_CIPHERTEXT_BYTES,
268	priv2);	298	&priv2);
269	TEST_DATAEQ(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES,	299	if (compare_data(shared_secret1, shared_secret2, MLKEM_SHARED_SECRET_BYTES,
270	"shared secrets with priv2");	300	1024, "shared secrets with priv2") != 0) {
		301	warnx("compare_data");
		302	failed \|= 1;
		303	}
271		304
272	free(encoded_private_key);	305	free(encoded_private_key);
273	free(pub);	306
274	free(pub2);	307	return failed;
275	free(priv);
276	free(priv2);
277	}	308	}
278		309
279	int	310	int
280	main(int argc, char **argv)	311	main(int argc, char **argv)
281	{	312	{
282	MlKem768UnitTest();	313	int failed = 0;
283	MlKem1024UnitTest();	314
		315	failed \|= MlKem768UnitTest();
		316	failed \|= MlKem1024UnitTest();
284		317
285	exit(failure);	318	return failed;
286	}	319	}