mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-04-12 20:30:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

fips: add ML-KEM to the FIPS provider

Browse Source 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26338)
This commit is contained in:
Pauli 2025-01-08 12:56:21 +11:00 committed by Tomas Mraz
parent 7057138f0f
commit ff40a08dee
3 changed files with 709 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
providers/fips/fipsprov.c
View File

@ -510,6 +510,11 @@ static const OSSL_ALGORITHM fips_asym_cipher[] = {
static const OSSL_ALGORITHM fips_asym_kem[] = {
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_kem_functions },
#ifndef OPENSSL_NO_ML_KEM
{ PROV_NAMES_ML_KEM_512, FIPS_DEFAULT_PROPERTIES, ossl_ml_kem_asym_kem_functions },
{ PROV_NAMES_ML_KEM_768, FIPS_DEFAULT_PROPERTIES, ossl_ml_kem_asym_kem_functions },
{ PROV_NAMES_ML_KEM_1024, FIPS_DEFAULT_PROPERTIES, ossl_ml_kem_asym_kem_functions },
#endif
{ NULL, NULL, NULL }
};
@ -559,6 +564,14 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
#ifndef OPENSSL_NO_CMAC
{ PROV_NAMES_CMAC, FIPS_DEFAULT_PROPERTIES,
ossl_cmac_legacy_keymgmt_functions, PROV_DESCS_CMAC_SIGN },
#endif
#ifndef OPENSSL_NO_ML_KEM
{ PROV_NAMES_ML_KEM_512, FIPS_DEFAULT_PROPERTIES,
ossl_ml_kem_512_keymgmt_functions, PROV_DESCS_ML_KEM_512 },
{ PROV_NAMES_ML_KEM_768, FIPS_DEFAULT_PROPERTIES,
ossl_ml_kem_768_keymgmt_functions, PROV_DESCS_ML_KEM_768 },
{ PROV_NAMES_ML_KEM_1024, FIPS_DEFAULT_PROPERTIES,
ossl_ml_kem_1024_keymgmt_functions, PROV_DESCS_ML_KEM_1024 },
#endif
{ NULL, NULL, NULL }
};

487
providers/fips/self_test_data.inc
View File

@ -154,6 +154,24 @@ typedef struct st_kat_keygen_st {
const ST_KAT_PARAM *expected_params;
} ST_KAT_ASYM_KEYGEN;
typedef struct st_kat_kem_st {
const char *desc;
const char *algorithm;
const unsigned char *cipher_text;
size_t cipher_text_len;
const unsigned char *private_key;
size_t private_key_len;
const unsigned char *public_key;
size_t public_key_len;
const unsigned char *entropy;
size_t entropy_len;
const unsigned char *seed;
size_t seed_len;
const unsigned char *secret;
size_t secret_len;
const unsigned char *reject_secret;
} ST_KAT_KEM;
/*- DIGEST SELF TEST DATA */
static const unsigned char sha512_pt[] = "abc";
static const unsigned char sha512_digest[] = {
@ -2930,7 +2948,6 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
#endif /* OPENSSL_NO_ML_DSA */
};
#if !defined(OPENSSL_NO_ML_DSA)
static const ST_KAT_PARAM ml_dsa_keygen_params[] = {
ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_ML_DSA_SEED, sig_kat_entropyin),
@ -2946,3 +2963,471 @@ static const ST_KAT_ASYM_KEYGEN st_kat_asym_keygen_tests[] = {
},
};
#endif /* !OPENSSL_NO_ML_DSA */
/*- KEM SELF TEST DATA */
/*
* Test case generated via the OpenSSL commands:
*
* openssl genpkey -algorithm ML-KEM-512 -out priv-ml-kem-512.pem
* openssl pkey -in priv-ml-kem-512.pem -pubout -out pub-ml-kem-512.pem
* openssl pkeyutl -encap -inkey pub-ml-kem-512.pem \
* -pkeyopt ikme:00000000000000000000000000000000 -secret good.dat \
* -out ctext.dat
* openssl pkeyutl -decap -inkey priv-ml-kem-512.pem \
* -secret goodcmp.dat -in ctext.dat
* apps/openssl pkeyutl -decap -inkey priv-ml-kem-512.pem \
* -secret implicit-reject.dat -in <(head -c 768 /dev/zero)
* openssl pkey -in priv-ml-kem-512.pem -text |
* sed '1,/^priv:/d; /^pub:/,$d' |
* tr -d ' :\n' |
* xxd -r -p |
* tail -c 32 > z.dat
* (cat z.dat; head -c 768 /dev/zero) |
* openssl dgst -shake256 -xoflen 32 -binary > expected.dat
*/
static const unsigned char ml_kem_512_cipher_text[] = {
0x6b, 0xc5, 0x04, 0x00, 0x27, 0x7a, 0xbb, 0x7e,
0x6b, 0xf9, 0xfb, 0x56, 0x82, 0x01, 0x75, 0xeb,
0xb7, 0xb9, 0xf4, 0xf2, 0x82, 0x2c, 0x6d, 0x0a,
0xe0, 0x80, 0xa3, 0x49, 0x92, 0x0f, 0x6d, 0x00,
0x8e, 0xba, 0x35, 0xb5, 0x42, 0xb9, 0xd7, 0xed,
0x89, 0xcb, 0xfd, 0x38, 0xd7, 0x9f, 0x55, 0x3b,
0xf0, 0x8e, 0x63, 0x80, 0x95, 0xcf, 0x0d, 0x4f,
0x50, 0x40, 0xac, 0x1d, 0x1b, 0xdc, 0x24, 0x84,
0x3b, 0x18, 0xc2, 0x77, 0x9f, 0x24, 0x11, 0x81,
0xa6, 0xcc, 0xd8, 0xf4, 0xe8, 0x00, 0xdc, 0x26,
0x61, 0x36, 0xd1, 0xb6, 0x5d, 0x9c, 0x12, 0x6d,
0xf5, 0xe7, 0x93, 0xc8, 0x6d, 0xac, 0xaf, 0x3c,
0x78, 0x3f, 0xa9, 0xc1, 0x00, 0x6f, 0x08, 0x29,
0x4f, 0x1a, 0x4d, 0x3b, 0xb4, 0x4b, 0x6f, 0xc2,
0x09, 0x00, 0x4b, 0xc1, 0xf0, 0xe6, 0x7f, 0x48,
0x48, 0x09, 0x40, 0xf2, 0x0a, 0x86, 0x18, 0xbf,
0xc6, 0x4e, 0xb2, 0xb0, 0xab, 0xfe, 0x1b, 0xea,
0x91, 0x58, 0x8c, 0x18, 0x6e, 0x30, 0xe8, 0x33,
0x87, 0x29, 0x26, 0xef, 0xe9, 0x0c, 0x3b, 0x8b,
0x0c, 0x99, 0x40, 0x53, 0xb9, 0x30, 0xba, 0x17,
0xb3, 0x8a, 0x74, 0x59, 0x5d, 0x4c, 0x76, 0x1a,
0xd3, 0x3f, 0xe4, 0xf7, 0xa3, 0x0f, 0x3a, 0x2c,
0x85, 0xc1, 0x46, 0xf0, 0xa4, 0x91, 0xa3, 0x12,
0xb2, 0xa4, 0x4b, 0x88, 0x8d, 0x1c, 0x85, 0xb1,
0xe4, 0x41, 0x1f, 0x9d, 0xb7, 0x91, 0x2f, 0x60,
0x98, 0xfd, 0xfc, 0x29, 0x89, 0x11, 0x7d, 0x16,
0x09, 0x9e, 0x76, 0xf1, 0x9c, 0xb3, 0x50, 0xb9,
0xd0, 0x02, 0xd2, 0xa2, 0x0d, 0xdd, 0xee, 0x90,
0x47, 0x0d, 0xb9, 0x4a, 0x53, 0x11, 0xa2, 0x4f,
0x13, 0x5a, 0x40, 0xdc, 0xc6, 0xfe, 0xd7, 0x28,
0x36, 0xec, 0xa0, 0x5e, 0xab, 0xc1, 0x7d, 0x19,
0x33, 0x59, 0xe2, 0xe4, 0xea, 0x26, 0x67, 0x2f,
0xe5, 0x05, 0xd8, 0x34, 0x6e, 0x3c, 0xab, 0x63,
0x8b, 0x24, 0x16, 0xc7, 0x1b, 0x2a, 0x9b, 0xe5,
0x04, 0x78, 0x98, 0x6c, 0x6c, 0x1e, 0x94, 0xe3,
0x7f, 0x86, 0x52, 0xc0, 0x17, 0x56, 0x8d, 0x01,
0x7a, 0x28, 0x81, 0x07, 0x3d, 0x61, 0x2a, 0xcd,
0xc8, 0xb6, 0x7e, 0x5b, 0xad, 0xa8, 0x90, 0xbd,
0x0c, 0x95, 0xb5, 0x09, 0x9d, 0x7c, 0x34, 0x8c,
0x74, 0x8f, 0x8e, 0x7c, 0x28, 0x6c, 0xe2, 0x2f,
0xa2, 0x87, 0x7f, 0x80, 0x43, 0x46, 0x1c, 0xb2,
0x1c, 0x5a, 0xd2, 0xec, 0xad, 0xf9, 0x55, 0xe3,
0x6b, 0x19, 0x54, 0x08, 0x84, 0x1a, 0x34, 0x82,
0xf4, 0x9c, 0xec, 0x3d, 0x65, 0xf9, 0x78, 0x7f,
0x37, 0x47, 0xcf, 0xf1, 0xcb, 0x15, 0xf2, 0xac,
0xff, 0x3b, 0x8f, 0xa0, 0x8c, 0x25, 0x88, 0x5c,
0x38, 0x23, 0x9a, 0x27, 0x16, 0x6a, 0xdf, 0xa3,
0x98, 0x1d, 0x16, 0x33, 0x4b, 0x4f, 0xfb, 0x83,
0x85, 0x66, 0x76, 0x03, 0xb9, 0xb5, 0x46, 0x21,
0xb9, 0xf3, 0xf4, 0xf1, 0x3a, 0x85, 0xec, 0x9e,
0x56, 0x6a, 0xb6, 0x1d, 0xcc, 0xca, 0xfb, 0x11,
0xae, 0x47, 0x7d, 0x93, 0xa5, 0xbc, 0x90, 0x32,
0xde, 0xa1, 0xa5, 0x1e, 0x5d, 0x52, 0x17, 0x98,
0x0a, 0x8b, 0xc4, 0x1a, 0x28, 0x7c, 0x9c, 0x22,
0x3e, 0x33, 0x06, 0x40, 0x77, 0xe5, 0x22, 0x49,
0x86, 0xf9, 0x3c, 0xc5, 0xc1, 0xb9, 0x77, 0x25,
0x53, 0x66, 0x5a, 0x18, 0x83, 0x5a, 0x2b, 0xbf,
0xac, 0x04, 0x70, 0x26, 0xe8, 0x2b, 0xb6, 0x0c,
0xe8, 0x00, 0x95, 0xbb, 0x08, 0x75, 0xf3, 0x37,
0x31, 0x2e, 0xef, 0x28, 0x8d, 0x58, 0x92, 0xd4,
0xfd, 0xd7, 0x02, 0xce, 0x8f, 0x11, 0x83, 0x17,
0x53, 0x19, 0x44, 0xd7, 0xd5, 0x6d, 0x44, 0x04,
0x3a, 0x0a, 0x01, 0x46, 0xf2, 0xd2, 0xa5, 0x05,
0x88, 0xa0, 0xd9, 0x0d, 0xe1, 0xa0, 0x7a, 0xf2,
0x20, 0x2e, 0x5b, 0x05, 0xe4, 0x2b, 0x11, 0x3d,
0xb3, 0x82, 0x64, 0x3b, 0xef, 0xc1, 0x53, 0xba,
0x9f, 0x7f, 0x29, 0x59, 0x87, 0x39, 0x52, 0xda,
0x7b, 0xff, 0xd7, 0xdd, 0xa1, 0xa9, 0x9f, 0xa1,
0xe2, 0x38, 0x74, 0xb0, 0x94, 0xdc, 0xc5, 0xb5,
0xf3, 0x61, 0xdf, 0x92, 0x62, 0xe1, 0x96, 0x87,
0x6d, 0xb4, 0x2c, 0xc7, 0xf0, 0x38, 0xe9, 0x5e,
0xfc, 0xff, 0x4c, 0x01, 0xc7, 0x59, 0x39, 0xe5,
0x9b, 0xfb, 0xf5, 0x2b, 0x1b, 0xe5, 0xf8, 0x25,
0x06, 0x07, 0xc7, 0x82, 0x46, 0x2a, 0x99, 0xd0,
0xa9, 0x67, 0x81, 0xd7, 0xa2, 0x29, 0x96, 0x1a,
0x94, 0x8e, 0x7d, 0x51, 0x76, 0x99, 0xad, 0x61,
0xec, 0xb6, 0xc0, 0x58, 0x8e, 0xd0, 0x9d, 0xff,
0x58, 0x57, 0x1b, 0x2e, 0xad, 0x65, 0xd8, 0xde,
0xa5, 0xfa, 0x81, 0x4b, 0x2c, 0x06, 0x1b, 0xfe,
0x49, 0x20, 0x4d, 0x5e, 0x1b, 0xb7, 0x40, 0x96,
0xaa, 0x81, 0x25, 0xeb, 0x84, 0xdb, 0xea, 0x5d,
0x0b, 0xaf, 0xf9, 0x8e, 0x41, 0xa6, 0xdd, 0x91,
0x3a, 0x68, 0x54, 0xb7, 0x2e, 0xb1, 0x74, 0xff,
0xf5, 0x0d, 0xa7, 0x3c, 0xc7, 0x30, 0x5b, 0x55,
0xc6, 0x2d, 0xc8, 0x4c, 0xb4, 0xad, 0xcc, 0xd0,
0xa1, 0x1b, 0x41, 0xc7, 0x23, 0xe8, 0xda, 0xff,
0xb7, 0x3a, 0x12, 0xc2, 0xdc, 0x39, 0x7c, 0xf4,
0xb9, 0x50, 0x00, 0x53, 0x88, 0xc8, 0x77, 0x49,
0xfd, 0x70, 0x3d, 0xe0, 0xaa, 0x0c, 0x28, 0xd4,
0xa2, 0xec, 0x82, 0x5d, 0xda, 0xe8, 0x05, 0x2f,
0xe8, 0x9c, 0x21, 0x39, 0x3a, 0x22, 0x2f, 0x0a,
0x5c, 0x6d, 0x01, 0xdf, 0xc8, 0x9f, 0x46, 0xf7,
0x15, 0x02, 0xad, 0x19, 0x35, 0x63, 0x55, 0x58,
0xf5, 0x7a, 0x46, 0xc9, 0x7a, 0xe6, 0x33, 0x84,
0x48, 0x2b, 0xf0, 0xe7, 0xc5, 0x72, 0x98, 0x43,
0x6a, 0x99, 0xba, 0x00, 0x57, 0x4f, 0xaa, 0x0a
};
static const unsigned char ml_kem_512_private_key[] = {
0x87, 0xca, 0x19, 0x93, 0xb6, 0x4d, 0x89, 0x32,
0xae, 0x3b, 0x22, 0x52, 0x82, 0xa1, 0xb3, 0xc1,
0x37, 0x65, 0xdc, 0xc1, 0x22, 0x4c, 0x43, 0x77,
0x33, 0x0a, 0x04, 0xec, 0xec, 0x0b, 0x25, 0x05,
0x40, 0x07, 0x53, 0x82, 0xbe, 0x37, 0x52, 0x53,
0x12, 0x87, 0x7d, 0x77, 0x69, 0xfd, 0x59, 0x4f,
0xbd, 0x16, 0x42, 0x82, 0x58, 0x9d, 0xee, 0x5c,
0x0f, 0x2c, 0x14, 0x7f, 0xc6, 0x2a, 0x95, 0x42,
0x10, 0x3c, 0x08, 0xbc, 0xcc, 0xa0, 0x05, 0x82,
0xe9, 0xc5, 0x26, 0x81, 0xfa, 0xb8, 0x79, 0x78,
0x5b, 0x3e, 0x79, 0x49, 0x68, 0x44, 0xb3, 0x7b,
0xf5, 0x26, 0x62, 0x7a, 0x8a, 0x3c, 0xd8, 0x82,
0x1f, 0x16, 0x1d, 0x92, 0x99, 0xac, 0xc4, 0xa9,
0xb9, 0x30, 0x32, 0x6b, 0x6b, 0x67, 0x3d, 0x16,
0x13, 0x1d, 0xf0, 0x98, 0x94, 0x42, 0x90, 0x68,
0xfc, 0x65, 0xa3, 0xe5, 0x16, 0x22, 0x09, 0x64,
0xc0, 0x7d, 0x54, 0x03, 0x47, 0x89, 0xbe, 0xae,
0x61, 0x4b, 0x13, 0xa1, 0xcd, 0xad, 0xbc, 0x20,
0x5e, 0x36, 0x36, 0x34, 0x41, 0x1d, 0x5b, 0x3a,
0x26, 0x91, 0x80, 0x75, 0xe0, 0x63, 0x9d, 0xd6,
0x35, 0xc9, 0x28, 0x81, 0xa4, 0x6e, 0xfb, 0x95,
0x01, 0x11, 0x8f, 0xcc, 0x18, 0xb3, 0x9a, 0x91,
0x66, 0xa6, 0x37, 0x6c, 0xeb, 0x71, 0x42, 0x29,
0xec, 0x71, 0xa4, 0x99, 0x6d, 0x92, 0x97, 0x9d,
0x94, 0x64, 0x6e, 0xc3, 0xf0, 0x5d, 0xa5, 0x49,
0x8f, 0x66, 0xa5, 0x0a, 0x9a, 0xb9, 0xcf, 0x85,
0x20, 0xa7, 0x28, 0xe1, 0xc2, 0x10, 0x08, 0x72,
0x58, 0x71, 0x56, 0x3e, 0x7b, 0x47, 0x46, 0x81,
0x7d, 0x74, 0xfa, 0xb2, 0xb6, 0xf2, 0xa0, 0xe3,
0x4a, 0x0a, 0x5e, 0x95, 0x2b, 0x32, 0xf1, 0x07,
0x2c, 0x30, 0x5e, 0x81, 0x84, 0x58, 0xf3, 0x42,
0x34, 0xdb, 0xaa, 0xc4, 0x06, 0xcb, 0x63, 0x72,
0xfa, 0x01, 0x86, 0xe8, 0xca, 0xd7, 0x73, 0x1d,
0xac, 0xd8, 0x64, 0x60, 0x66, 0xb1, 0x19, 0xb1,
0x59, 0xac, 0x78, 0x21, 0xab, 0x9a, 0x62, 0xbf,
0xe8, 0x1b, 0xd1, 0xdc, 0x75, 0x08, 0xa4, 0x9e,
0x22, 0x54, 0xa8, 0x36, 0x68, 0x4b, 0xb7, 0x22,
0xa3, 0xbc, 0x04, 0x09, 0xe2, 0xe9, 0x4d, 0xce,
0xf5, 0x46, 0x69, 0x1a, 0x47, 0x80, 0xb2, 0xa5,
0xa0, 0x24, 0xcf, 0x0d, 0x60, 0x95, 0x99, 0x33,
0xad, 0x6a, 0x58, 0x7a, 0x56, 0x53, 0x86, 0x44,
0xa8, 0x3c, 0x1f, 0x92, 0x55, 0x3f, 0x3a, 0x3b,
0x5f, 0x81, 0xaa, 0x0c, 0xc4, 0x4b, 0x1a, 0xe3,
0x61, 0x8a, 0xd0, 0x5d, 0x29, 0x87, 0xb6, 0x7d,
0x1c, 0x85, 0xa5, 0x14, 0xb0, 0xde, 0x1c, 0x8d,
0x5c, 0xc1, 0x5c, 0x04, 0xfc, 0x77, 0xad, 0x03,
0x55, 0x96, 0xe0, 0xa7, 0x43, 0xb5, 0x95, 0x9a,
0xd5, 0x22, 0xef, 0x13, 0x5f, 0x14, 0x9c, 0x0e,
0x7e, 0x56, 0x89, 0x37, 0x33, 0xc9, 0x00, 0x54,
0x7e, 0xea, 0x32, 0x4f, 0x02, 0x85, 0xcd, 0xe5,
0x9c, 0x25, 0x00, 0x3b, 0xad, 0xc2, 0x72, 0x3a,
0x38, 0x66, 0x95, 0xf9, 0xf4, 0x22, 0x1f, 0x50,
0x19, 0x20, 0x6a, 0x31, 0x03, 0xf8, 0x97, 0x91,
0xf0, 0x42, 0xbb, 0xc0, 0x86, 0xde, 0x56, 0x93,
0xf2, 0x78, 0x9b, 0xc9, 0x98, 0x16, 0x47, 0x83,
0x67, 0x55, 0x92, 0x4e, 0x5a, 0xfa, 0x5d, 0x88,
0xf9, 0xc8, 0xef, 0xa8, 0x21, 0x34, 0x58, 0x5f,
0xca, 0xbb, 0x52, 0x98, 0xbc, 0x5c, 0xf5, 0xa7,
0xae, 0xc5, 0xfc, 0x78, 0xf9, 0xa5, 0x30, 0x16,
0x68, 0x9d, 0x62, 0x17, 0x41, 0x7a, 0x95, 0xcf,
0x27, 0xb6, 0x6d, 0xae, 0x58, 0xa7, 0x28, 0x8c,
0x8f, 0xc3, 0x28, 0xac, 0x06, 0x79, 0x9d, 0x94,
0xc4, 0x9d, 0xed, 0xb2, 0x61, 0xf4, 0x44, 0x86,
0xec, 0x12, 0xc3, 0x13, 0x97, 0xa7, 0x8b, 0x9a,
0x63, 0x2e, 0xf1, 0x66, 0x08, 0x84, 0x32, 0xf6,
0x15, 0x3b, 0x91, 0xca, 0xce, 0xf7, 0x40, 0x53,
0xa9, 0x28, 0x11, 0x63, 0xa0, 0x23, 0x2e, 0xc4,
0x44, 0x28, 0x05, 0x01, 0x02, 0x74, 0xcf, 0x9c,
0x3a, 0x1a, 0xbc, 0x93, 0x8a, 0x2c, 0xe8, 0x9a,
0xca, 0xe1, 0x74, 0x62, 0x03, 0x88, 0xc7, 0x12,
0x20, 0x96, 0x3c, 0x4d, 0x10, 0x79, 0x28, 0x6f,
0x7b, 0xa8, 0x1b, 0xfb, 0x5e, 0x57, 0x17, 0xcc,
0x6d, 0xd0, 0x72, 0x8a, 0xb2, 0x70, 0xa3, 0x0a,
0x88, 0x03, 0x5b, 0x88, 0x5d, 0x35, 0x12, 0x8e,
0xac, 0xc1, 0x81, 0xca, 0xb7, 0x2b, 0xb1, 0x96,
0xf6, 0x35, 0xce, 0xbb, 0x75, 0xad, 0x0d, 0xd0,
0xba, 0x4e, 0x43, 0x5b, 0x31, 0x08, 0x93, 0x32,
0x72, 0x63, 0x58, 0xc5, 0xa2, 0x70, 0x95, 0x12,
0x8f, 0xf2, 0xc1, 0x61, 0xeb, 0x22, 0xe9, 0x4a,
0x65, 0xa5, 0x48, 0x5d, 0x4c, 0x11, 0x78, 0x69,
0x0b, 0x1f, 0x39, 0x2b, 0x7f, 0x63, 0x77, 0xad,
0x96, 0x6b, 0x67, 0x80, 0x90, 0x70, 0x57, 0x2b,
0xbc, 0x68, 0x9c, 0xaa, 0xb2, 0xd8, 0x3c, 0xbf,
0xd6, 0x4f, 0xc4, 0x28, 0x65, 0x74, 0x54, 0x84,
0x43, 0x9a, 0x1c, 0x96, 0x50, 0x02, 0x97, 0xc6,
0xcf, 0xb0, 0xb1, 0x1d, 0x98, 0x9a, 0x32, 0x94,
0x73, 0x88, 0x94, 0x78, 0x2d, 0x5f, 0x25, 0x05,
0x5f, 0xa6, 0x96, 0x7a, 0xc8, 0x3a, 0xdf, 0xa8,
0x19, 0xb2, 0x53, 0x53, 0x05, 0xf9, 0x31, 0xdc,
0x58, 0x6c, 0xd1, 0x3a, 0x9b, 0x47, 0x3b, 0x7d,
0x87, 0xe5, 0xb4, 0xb2, 0xd9, 0x96, 0x2a, 0x59,
0x90, 0x3c, 0xcc, 0xad, 0xdc, 0xa2, 0x57, 0x87,
0x71, 0xc6, 0x7e, 0x5a, 0x49, 0x98, 0xc8, 0x94,
0x29, 0x30, 0x7b, 0x0e, 0x01, 0x97, 0x53, 0x18,
0x32, 0x50, 0x73, 0x9e, 0x14, 0x47, 0x97, 0xbd,
0xcc, 0x22, 0xab, 0x02, 0x95, 0xd7, 0xc5, 0x32,
0xdf, 0x17, 0x84, 0x86, 0x77, 0x41, 0x6e, 0x95,
0x4d, 0x66, 0xf9, 0xb0, 0x9e, 0x12, 0x81, 0x53,
0x2a, 0x2e, 0x8f, 0x0c, 0x6a, 0xbe, 0x00, 0x37,
0xe7, 0xe8, 0x11, 0x90, 0x97, 0xc9, 0xec, 0x84,
0x5a, 0xa0, 0x69, 0x85, 0xc0, 0x88, 0x55, 0x2c,
0x41, 0xb6, 0x15, 0x17, 0x36, 0x42, 0xc1, 0x02,
0x51, 0xc0, 0x6e, 0x91, 0xa2, 0x5c, 0x24, 0x3c,
0x02, 0x63, 0xb6, 0x75, 0xc7, 0x20, 0x7d, 0x58,
0x70, 0x1d, 0x13, 0xa5, 0x2e, 0xab, 0x92, 0x56,
0x5e, 0xf1, 0xa1, 0xde, 0xfb, 0xae, 0xfe, 0x4c,
0x0b, 0x03, 0xf5, 0x04, 0x44, 0xa3, 0xbe, 0x20,
0xb1, 0x71, 0x31, 0x0b, 0xa3, 0xf2, 0x08, 0x52,
0xf3, 0xa2, 0xa1, 0x8e, 0x72, 0x29, 0x40, 0x70,
0x15, 0x64, 0x60, 0x52, 0xd2, 0xe7, 0x3a, 0xbe,
0xe3, 0x18, 0xd7, 0x55, 0x89, 0x9c, 0x78, 0x4a,
0x6f, 0xb5, 0xaa, 0xb1, 0x7c, 0x90, 0x2c, 0xb6,
0x8a, 0xfa, 0x36, 0x57, 0xb9, 0x01, 0x2e, 0x1b,
0xb8, 0xb6, 0xaa, 0xc2, 0x68, 0x9a, 0xa4, 0x8c,
0x2d, 0x42, 0x62, 0xbb, 0x29, 0x63, 0xb0, 0x6a,
0x24, 0x22, 0x82, 0x54, 0x1c, 0xf6, 0x14, 0x19,
0xd9, 0x0e, 0x2b, 0xd3, 0x66, 0xbe, 0xe7, 0xa4,
0x36, 0x9b, 0x72, 0x41, 0xa6, 0x6b, 0xf2, 0x64,
0x5d, 0x8e, 0x90, 0x4c, 0x3f, 0x7b, 0x30, 0x0c,
0x04, 0x1d, 0x56, 0x87, 0x39, 0x3d, 0x2c, 0xa9,
0x29, 0x75, 0xcb, 0xfd, 0xc0, 0x18, 0xdd, 0xc6,
0x0a, 0xf5, 0x62, 0x00, 0x9e, 0xb0, 0x88, 0x8e,
0x5a, 0x05, 0x76, 0x24, 0x6a, 0xce, 0x74, 0x5b,
0xb1, 0x63, 0x40, 0x8b, 0x5a, 0x9a, 0xe3, 0xc1,
0x94, 0xa8, 0x5c, 0x21, 0x90, 0x7b, 0x37, 0xb1,
0x62, 0x8e, 0xcd, 0x9a, 0x15, 0xec, 0x20, 0x24,
0x87, 0x30, 0x27, 0x34, 0x44, 0xb0, 0xa2, 0xf4,
0x54, 0xf9, 0xb4, 0x73, 0x0f, 0x33, 0x91, 0x50,
0x47, 0x6e, 0xe0, 0x70, 0x98, 0xf6, 0xbc, 0x1b,
0x97, 0xcc, 0x1b, 0xd3, 0xb8, 0xc1, 0xa2, 0xeb,
0x0e, 0x50, 0xa7, 0x82, 0xf2, 0x11, 0x5d, 0xf6,
0x17, 0x49, 0x6f, 0x6c, 0x6f, 0x8c, 0x09, 0xb0,
0x5f, 0x88, 0x8d, 0x9e, 0x93, 0x3d, 0x28, 0x77,
0x46, 0xc6, 0x31, 0xb3, 0x10, 0x87, 0x26, 0xb0,
0xc4, 0xa7, 0xc8, 0x8b, 0x09, 0xc8, 0x60, 0xac,
0xd7, 0x52, 0x35, 0x70, 0xc8, 0x02, 0xbd, 0x38,
0x72, 0x43, 0x16, 0x2d, 0x12, 0x8c, 0xa2, 0x29,
0x4c, 0x83, 0x43, 0x18, 0xcc, 0x21, 0xfb, 0x14,
0xd2, 0xab, 0x37, 0x3f, 0x22, 0x4e, 0x3f, 0xd4,
0x98, 0x43, 0x85, 0x95, 0x09, 0xf4, 0xca, 0x1a,
0x1a, 0x56, 0x6c, 0x05, 0x67, 0x88, 0xa3, 0xaa,
0x48, 0x4a, 0xaa, 0xbd, 0xf1, 0xa0, 0x8f, 0x1b,
0x44, 0xc7, 0x56, 0xab, 0x2a, 0x0c, 0x8b, 0xc5,
0x85, 0x1e, 0xe2, 0xeb, 0x23, 0x03, 0x4c, 0x2e,
0xaa, 0x5a, 0xc1, 0x5f, 0x89, 0x75, 0x1b, 0xd5,
0xca, 0xe1, 0xd5, 0x90, 0x89, 0xd5, 0x00, 0x2b,
0xb1, 0xb3, 0xbf, 0xca, 0x4a, 0xde, 0x09, 0x82,
0xad, 0x67, 0x83, 0xe9, 0xd3, 0x7f, 0xb3, 0xe3,
0x20, 0xac, 0x98, 0x55, 0xdf, 0x66, 0x6b, 0xfd,
0x7c, 0x6b, 0x87, 0xa9, 0xa4, 0x6e, 0x25, 0x97,
0x12, 0x56, 0x11, 0x61, 0x50, 0x7e, 0x17, 0x35,
0x98, 0xf9, 0x88, 0xac, 0xb6, 0xf9, 0xab, 0x3a,
0x10, 0x92, 0x63, 0x24, 0x46, 0x88, 0xc7, 0x08,
0x78, 0x75, 0x8f, 0xf4, 0xd4, 0x31, 0x3b, 0x76,
0x64, 0xf0, 0xf5, 0x10, 0xe9, 0x13, 0xca, 0x01,
0xc5, 0x2b, 0x3a, 0x1b, 0x46, 0x53, 0x51, 0x44,
0xe2, 0xdb, 0x0c, 0xac, 0xe8, 0xa6, 0x46, 0x66,
0x00, 0xcf, 0x2a, 0x87, 0x83, 0x50, 0x07, 0xe1,
0x6a, 0xa5, 0x07, 0x80, 0x1d, 0x86, 0xb7, 0x38,
0x5e, 0x66, 0x9b, 0xfa, 0xf6, 0xba, 0x1d, 0xf5,
0x68, 0x31, 0x63, 0xc2, 0xd5, 0x70, 0x53, 0x2f,
0xd7, 0x43, 0x90, 0x54, 0x64, 0x0f, 0x24, 0x4c,
0x52, 0x87, 0x13, 0x59, 0xd2, 0x84, 0x2f, 0xc3,
0x37, 0xa0, 0x60, 0x03, 0x3a, 0xf0, 0x5e, 0xaa,
0x00, 0x1c, 0x34, 0xfc, 0x7b, 0xd8, 0xf9, 0x10,
0x29, 0xe4, 0x6c, 0x29, 0x43, 0x36, 0x27, 0x64,
0x5d, 0x67, 0x86, 0x64, 0x21, 0xd6, 0x61, 0xaf,
0x25, 0x74, 0x80, 0x53, 0x2b, 0x88, 0x78, 0x50,
0xdc, 0x49, 0x9f, 0xfe, 0xd5, 0xb1, 0x40, 0x98,
0xa0, 0x33, 0x72, 0x5e, 0x82, 0x0a, 0x5b, 0xe1,
0x40, 0x0a, 0x0c, 0xb7, 0x03, 0x74, 0x1c, 0xa7,
0x4b, 0x47, 0x86, 0x73, 0xaa, 0xcf, 0x85, 0x16,
0x6e, 0xe8, 0xa1, 0x84, 0xdb, 0x2c, 0x58, 0x54,
0x9c, 0x22, 0x40, 0xb8, 0x30, 0x8c, 0x27, 0xbe,
0xba, 0x40, 0xc3, 0xb9, 0xd7, 0x29, 0xed, 0xb1,
0x8c, 0xc2, 0x06, 0x8e, 0xcd, 0xb2, 0x7d, 0xa2,
0x2b, 0x2c, 0xd3, 0xe7, 0xa0, 0xba, 0xa5, 0x30,
0xc5, 0x19, 0x3c, 0xd3, 0xc8, 0x6b, 0xf8, 0x6a,
0x44, 0xf0, 0x79, 0x9e, 0x51, 0x55, 0xb0, 0x9b,
0xe2, 0x50, 0x98, 0x85, 0x23, 0xb3, 0xa7, 0x31,
0xdd, 0x89, 0x1b, 0xc2, 0x00, 0x60, 0x11, 0xa0,
0x65, 0xc0, 0xab, 0x57, 0xf1, 0xa6, 0xc1, 0x78,
0x89, 0x55, 0xe0, 0x13, 0x5f, 0xa5, 0xca, 0x8f,
0x3e, 0x52, 0xc7, 0x5d, 0x37, 0x16, 0x97, 0x3a,
0x2f, 0xb2, 0x2c, 0x0e, 0xb1, 0x7c, 0x1b, 0x32,
0x85, 0x29, 0xd9, 0xfa, 0x76, 0x56, 0xd7, 0x4d,
0xea, 0x74, 0x0d, 0x9f, 0x07, 0x97, 0x77, 0xc3,
0x6c, 0x17, 0xa1, 0x9c, 0x19, 0x58, 0x9e, 0x84,
0xd2, 0xb8, 0xe4, 0xd1, 0xbc, 0x31, 0x07, 0xcb,
0xd2, 0x78, 0x14, 0x22, 0x48, 0x35, 0x48, 0x44,
0x6c, 0x89, 0x93, 0x14, 0x77, 0x44, 0xaa, 0x9e,
0xc1, 0xc5, 0x93, 0xec, 0x2d, 0x5b, 0xaa, 0xc8,
0x6a, 0x0a, 0xf6, 0x4a, 0x85, 0xe9, 0x09, 0xdf,
0x8e, 0x28, 0x16, 0x60, 0x5d, 0x20, 0xb4, 0xe3,
0x82, 0xb3, 0x0b, 0xbb, 0x61, 0xbf, 0x3a, 0x5f,
0x82, 0x1a, 0x0b, 0x5d, 0xba, 0x9a, 0xd3, 0xe7,
0xe5, 0xbd, 0x1b, 0x37, 0xa7, 0x5e, 0x0f, 0x09,
0x29, 0x74, 0xe8, 0x46, 0xe8, 0xc3, 0x7c, 0x45,
0x48, 0x7d, 0x60, 0x73, 0x9f, 0x99, 0x35, 0x17,
0x19, 0xa5, 0x39, 0x47, 0x23, 0x26, 0x2b, 0x3b,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
static const unsigned char ml_kem_512_public_key[] = {
0x61, 0xb5, 0x0f, 0x5f, 0xf3, 0x80, 0x25, 0xa9,
0x13, 0x9c, 0x0a, 0xc0, 0x21, 0x9b, 0xae, 0xc8,
0xa8, 0xb7, 0x1c, 0xc5, 0x50, 0xfd, 0x06, 0x29,
0x56, 0x17, 0xcf, 0x0c, 0x84, 0x54, 0xaf, 0xfc,
0x8e, 0xa0, 0x26, 0x1b, 0xe8, 0xbb, 0x2f, 0xd4,
0x77, 0x3c, 0xdd, 0xf2, 0x3e, 0x2c, 0x55, 0x47,
0x27, 0xf9, 0x64, 0x60, 0x2c, 0x9e, 0x67, 0xb5,
0x6e, 0x6e, 0xfa, 0xae, 0xca, 0x1b, 0x95, 0x08,
0x67, 0xc4, 0xc5, 0x5b, 0xb1, 0xd7, 0x50, 0x34,
0x27, 0x65, 0x0b, 0xeb, 0xda, 0x23, 0x55, 0xb9,
0x24, 0x30, 0x62, 0x19, 0xad, 0x07, 0x3b, 0x98,
0x78, 0x2a, 0xec, 0x54, 0xa8, 0xc7, 0x04, 0xcf,
0x31, 0x13, 0xc7, 0x8b, 0x17, 0x4b, 0xa8, 0x97,
0x66, 0x6c, 0xb0, 0x1b, 0x08, 0xb7, 0x05, 0x6d,
0x5c, 0x6f, 0x17, 0x87, 0x0f, 0x72, 0xd4, 0x5a,
0x9e, 0x04, 0xb0, 0xc0, 0x01, 0x7c, 0x0f, 0x96,
0xad, 0x2c, 0x52, 0x5d, 0x98, 0xc0, 0x49, 0x83,
0x6a, 0x59, 0x19, 0xb3, 0x66, 0xef, 0x48, 0x97,
0x95, 0x14, 0x5f, 0x56, 0x64, 0x68, 0x93, 0x03,
0x31, 0x3f, 0x4a, 0xa5, 0x7c, 0x55, 0x7f, 0x3c,
0xcc, 0x3b, 0x3f, 0x59, 0xbc, 0x6f, 0xb3, 0xcb,
0xdb, 0x78, 0x50, 0x2f, 0x1b, 0x33, 0x28, 0x4c,
0x65, 0x80, 0x55, 0x89, 0xca, 0xbb, 0x4b, 0x5e,
0x14, 0x24, 0xe3, 0x46, 0x7b, 0x68, 0x62, 0x1d,
0x83, 0x60, 0x58, 0x02, 0xc0, 0x82, 0x7d, 0x45,
0x5f, 0x73, 0x84, 0xa3, 0x58, 0xd7, 0xbb, 0xdb,
0x16, 0xa3, 0x71, 0x63, 0x9c, 0x7c, 0x45, 0x55,
0x9b, 0x79, 0x1c, 0x53, 0x9c, 0x99, 0xc9, 0xd7,
0xc1, 0x47, 0x70, 0xc6, 0x76, 0xd6, 0x76, 0xef,
0x07, 0x2b, 0xff, 0x19, 0x8e, 0x8e, 0x28, 0x89,
0x7e, 0xa2, 0xaa, 0x12, 0x9c, 0x8b, 0xba, 0x77,
0x46, 0xdc, 0xb6, 0xcd, 0xc0, 0x9b, 0x04, 0x47,
0x30, 0xb4, 0xd9, 0xb8, 0x95, 0x96, 0x11, 0x6b,
0xb5, 0xf8, 0x6a, 0xd9, 0x25, 0xb9, 0xcb, 0x2b,
0x2c, 0x16, 0x08, 0x31, 0x47, 0x78, 0x90, 0xe4,
0x53, 0x7e, 0x36, 0xa1, 0x53, 0x4e, 0xc5, 0x73,
0x2f, 0xc0, 0xac, 0x0b, 0x40, 0x40, 0x5a, 0x91,
0x25, 0xe7, 0x01, 0x7e, 0x6a, 0x41, 0x7d, 0xff,
0x1a, 0x8f, 0x01, 0xd3, 0x36, 0x0e, 0xa8, 0x7a,
0x03, 0x80, 0xa3, 0x30, 0xcb, 0x04, 0x69, 0x59,
0x71, 0x9b, 0x43, 0x96, 0x1d, 0xa0, 0xb1, 0x6d,
0x96, 0xcf, 0x61, 0x9c, 0x30, 0xbf, 0xba, 0x0d,
0x5a, 0x19, 0x88, 0x42, 0x00, 0x90, 0x23, 0x18,
0xbf, 0xdd, 0x68, 0xae, 0x80, 0x3b, 0x96, 0x28,
0x5a, 0x5f, 0xb9, 0x98, 0x2b, 0x37, 0x65, 0x21,
0x6c, 0x51, 0xc2, 0xce, 0x76, 0xc6, 0x3c, 0xd4,
0x27, 0xbb, 0xe5, 0x9c, 0x31, 0xd4, 0x62, 0x7c,
0x77, 0xa5, 0xc7, 0x88, 0x55, 0x90, 0x70, 0x15,
0x13, 0xcc, 0x0c, 0x9a, 0x20, 0x15, 0xb4, 0xf2,
0x8e, 0xf0, 0x33, 0x32, 0xcf, 0xc5, 0x4f, 0x23,
0x56, 0xa3, 0xef, 0xf4, 0x93, 0x82, 0xf4, 0x1b,
0x55, 0xfa, 0x5f, 0x12, 0x79, 0xb2, 0xa1, 0x88,
0xb8, 0x88, 0xb6, 0x87, 0x66, 0xc5, 0x9e, 0x44,
0xd2, 0xb2, 0x14, 0x74, 0x9b, 0x14, 0x25, 0x93,
0xf0, 0x87, 0x30, 0x12, 0x5b, 0x20, 0x2e, 0x06,
0xcb, 0xd1, 0x24, 0x0f, 0x5b, 0x25, 0x9f, 0x12,
0x9a, 0x1b, 0x0c, 0xc8, 0xa8, 0x05, 0x40, 0xbb,
0xb7, 0x79, 0x4e, 0x72, 0x49, 0x4d, 0x43, 0x92,
0x73, 0xf4, 0x54, 0x42, 0x86, 0xc9, 0x90, 0x26,
0xb0, 0x4f, 0x0c, 0xca, 0x2f, 0xf0, 0x4b, 0x48,
0x27, 0x59, 0xba, 0x6b, 0xb7, 0x67, 0xa3, 0x93,
0x1e, 0x7c, 0x17, 0x57, 0xa6, 0x47, 0xb0, 0xf3,
0x78, 0x58, 0xf1, 0xe7, 0xc9, 0xbe, 0x8c, 0x4b,
0x4e, 0xe2, 0xcd, 0xe2, 0x81, 0x25, 0xa8, 0x94,
0x08, 0x9d, 0x70, 0xa1, 0x1e, 0x24, 0x28, 0xa4,
0x1b, 0x2f, 0x4a, 0xf5, 0x9b, 0xc9, 0x67, 0x5a,
0x60, 0x48, 0x3b, 0xa3, 0x86, 0x94, 0x83, 0x06,
0x40, 0x27, 0x80, 0x79, 0xd1, 0x28, 0x03, 0x6b,
0x23, 0x5c, 0x5f, 0xc6, 0xa8, 0xfe, 0x5a, 0xab,
0x38, 0x9a, 0x36, 0x11, 0xf1, 0x92, 0x53, 0x30,
0xc3, 0x0c, 0x8b, 0xba, 0xa2, 0x2a, 0x2a, 0x60,
0x47, 0x67, 0x61, 0x72, 0x48, 0x18, 0x45, 0x37,
0x64, 0x76, 0x2f, 0x0a, 0x35, 0x17, 0xf6, 0xf8,
0xbc, 0x09, 0xa8, 0x41, 0x2e, 0xab, 0xa9, 0xd4,
0x66, 0x65, 0xf5, 0x71, 0x5a, 0x7c, 0xf1, 0x0b,
0x41, 0x25, 0x9b, 0xd8, 0xd4, 0x2b, 0xb4, 0x80,
0x48, 0xb9, 0xbb, 0x6c, 0xd3, 0x0b, 0xcc, 0x64,
0x7b, 0xb9, 0x46, 0x07, 0xac, 0xb8, 0xa1, 0x33,
0xac, 0x69, 0x17, 0xa3, 0xc9, 0xbd, 0xce, 0x84,
0xbb, 0xb2, 0x84, 0x2f, 0x60, 0xab, 0x6a, 0xa7,
0xd2, 0x94, 0x5b, 0x6b, 0xa0, 0xcb, 0x82, 0x6f,
0x9b, 0x97, 0xb3, 0x95, 0xe2, 0x86, 0x25, 0x77,
0x4b, 0x6d, 0x39, 0x81, 0xb5, 0x83, 0xb6, 0x68,
0x92, 0x73, 0x03, 0xc9, 0x3f, 0x55, 0x78, 0x5f,
0x21, 0x93, 0xce, 0x69, 0x72, 0x18, 0x6e, 0xf7,
0x58, 0xdf, 0x10, 0x1b, 0x31, 0x47, 0x6f, 0x7e,
0x28, 0x1c, 0x42, 0x0a, 0x5b, 0xbe, 0x06, 0x61,
0x4f, 0x2b, 0x06, 0xc2, 0x9c, 0x41, 0xce, 0x4b,
0x94, 0x9e, 0xb1, 0x00, 0x0f, 0xc4, 0xb6, 0x8c,
0x09, 0x54, 0x38, 0x7c, 0x43, 0x8b, 0x6b, 0x08,
0xb0, 0x1c, 0x00, 0x78, 0x79, 0xae, 0xda, 0x00,
0x9f, 0x47, 0xc6, 0x6f, 0x12, 0x05, 0xab, 0x43,
0x15, 0x88, 0x10, 0x75, 0xbb, 0x3a, 0xdc, 0x59,
0x98, 0xd9, 0x1d, 0x59, 0xb9, 0x7d, 0x64, 0x02,
0xbc, 0x36, 0xc5, 0x3a, 0x27, 0xa2, 0xb0, 0x88,
0x81, 0x20, 0x33, 0xbc, 0x5a, 0x79, 0xe6, 0x87,
0x2f, 0x72, 0x3a, 0x7e, 0x0e, 0xa5, 0x3c, 0x8e,
0xdc, 0x4e, 0x73, 0x4d, 0xae, 0x85, 0xe5, 0x04,
0x18, 0x84, 0x50, 0x24, 0x85, 0xa1, 0xae, 0x53,
0x29, 0x16, 0x22, 0xe9, 0xd4, 0xa5, 0xba, 0xd4
};
static const unsigned char ml_kem_512_secret[] = {
0x4a, 0xd5, 0x3a, 0x06, 0xb2, 0x9f, 0x12, 0x56,
0x84, 0x21, 0xa5, 0x52, 0xc0, 0x81, 0x95, 0xb5,
0x86, 0x73, 0xc8, 0x2f, 0x87, 0x0c, 0xc1, 0xcc,
0xd6, 0x5a, 0x08, 0xe4, 0x32, 0x5f, 0xeb, 0x27
};
static const unsigned char ml_kem_512_reject_secret[] = {
0x87, 0xf1, 0xe8, 0x13, 0xb7, 0x2e, 0x04, 0x87,
0x47, 0x22, 0x56, 0x6e, 0x12, 0x80, 0xd8, 0x9d,
0x8b, 0x44, 0xb7, 0xfd, 0xff, 0x7d, 0x69, 0x23,
0x36, 0xd7, 0xb8, 0x7f, 0x38, 0xe7, 0x85, 0xce
};
static const unsigned char ml_kem_512_entropy[ML_KEM_RANDOM_BYTES] = {
0
};
static const unsigned char ml_kem_512_seed[ML_KEM_SEED_BYTES] = {
0
};
static const ST_KAT_KEM st_kat_kem_tests[] = {
{
OSSL_SELF_TEST_DESC_KEM,
"ML-KEM-512",
ITM(ml_kem_512_cipher_text),
ITM(ml_kem_512_private_key),
ITM(ml_kem_512_public_key),
ITM(ml_kem_512_entropy),
ITM(ml_kem_512_seed),
ITM(ml_kem_512_secret),
ml_kem_512_reject_secret /* No length because same as _secret's */
},
};

210
providers/fips/self_test_kats.c
View File

@ -18,6 +18,7 @@
#include "internal/cryptlib.h"
#include "internal/nelem.h"
#include "self_test.h"
#include "crypto/ml_kem.h"
#include "self_test_data.inc"
static int set_kat_drbg(OSSL_LIB_CTX *ctx,
@ -624,6 +625,202 @@ err:
}
#endif /* OPENSSL_NO_ML_DSA */
/*
* FIPS 140-3 IG 10.3.A resolution 14 mandates a CAST for ML-KEM
* encapsulation.
*/
static int self_test_kem_encapsulate(const ST_KAT_KEM *t, OSSL_SELF_TEST *st,
OSSL_LIB_CTX *libctx, EVP_PKEY *pkey)
{
int ret = 0;
EVP_PKEY_CTX *ctx;
unsigned char *wrapped = NULL, *secret = NULL;
size_t wrappedlen = t->cipher_text_len, secretlen = t->secret_len;
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KEM,
OSSL_SELF_TEST_DESC_ENCAP_KEM);
ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "");
if (ctx == NULL)
goto err;
*params = OSSL_PARAM_construct_octet_string(OSSL_KEM_PARAM_IKME,
(unsigned char *)t->entropy,
t->entropy_len);
if (EVP_PKEY_encapsulate_init(ctx, params) <= 0)
goto err;
/* Allocate output buffers */
wrapped = OPENSSL_malloc(wrappedlen);
secret = OPENSSL_malloc(secretlen);
if (wrapped == NULL || secret == NULL)
goto err;
/* Encapsulate */
if (EVP_PKEY_encapsulate(ctx, wrapped, &wrappedlen, secret, &secretlen) <= 0)
goto err;
/* Compare outputs */
OSSL_SELF_TEST_oncorrupt_byte(st, wrapped);
if (wrappedlen != t->cipher_text_len
|| memcmp(wrapped, t->cipher_text, t->cipher_text_len) != 0)
goto err;
OSSL_SELF_TEST_oncorrupt_byte(st, secret);
if (secretlen != t->secret_len
|| memcmp(secret, t->secret, t->secret_len) != 0)
goto err;
ret = 1;
err:
OPENSSL_free(wrapped);
OPENSSL_free(secret);
EVP_PKEY_CTX_free(ctx);
OSSL_SELF_TEST_onend(st, ret);
return ret;
}
/*
* FIPS 140-3 IG 10.3.A resolution 14 mandates a CAST for ML-KEM
* decapsulation both for the rejection path and the normal path.
*/
static int self_test_kem_decapsulate(const ST_KAT_KEM *t, OSSL_SELF_TEST *st,
OSSL_LIB_CTX *libctx, EVP_PKEY *pkey,
int reject)
{
int ret = 0;
EVP_PKEY_CTX *ctx = NULL;
unsigned char *secret = NULL, *alloced = NULL;
const unsigned char *test_secret = t->secret;
const unsigned char *cipher_text = t->cipher_text;
size_t secretlen = t->secret_len;
OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KEM,
reject ? OSSL_SELF_TEST_DESC_DECAP_KEM_FAIL
: OSSL_SELF_TEST_DESC_DECAP_KEM);
if (reject) {
cipher_text = alloced = OPENSSL_zalloc(t->cipher_text_len);
if (alloced == NULL)
goto err;
test_secret = t->reject_secret;
}
ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "");
if (ctx == NULL)
goto err;
if (EVP_PKEY_decapsulate_init(ctx, NULL) <= 0)
goto err;
/* Allocate output buffer */
secret = OPENSSL_malloc(secretlen);
if (secret == NULL)
goto err;
/* Decapsulate */
if (EVP_PKEY_decapsulate(ctx, secret, &secretlen,
cipher_text, t->cipher_text_len) <= 0)
goto err;
/* Compare output */
OSSL_SELF_TEST_oncorrupt_byte(st, secret);
if (secretlen != t->secret_len
|| memcmp(secret, test_secret, t->secret_len) != 0)
goto err;
ret = 1;
err:
OPENSSL_free(alloced);
OPENSSL_free(secret);
EVP_PKEY_CTX_free(ctx);
OSSL_SELF_TEST_onend(st, ret);
return ret;
}
/*
* FIPS 140-3 IG 10.3.A resolution 14 mandates a CAST for ML-KEM
* key generation.
*/
static EVP_PKEY *self_test_kem_keygen(const ST_KAT_KEM *t, OSSL_SELF_TEST *st,
OSSL_LIB_CTX *libctx)
{
EVP_PKEY_CTX *genctx;
EVP_PKEY *ret = NULL, *r = NULL;
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
unsigned char *buf = NULL;
const size_t s = t->public_key_len < t->private_key_len ? t->private_key_len
: t->public_key_len;
OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KEM,
OSSL_SELF_TEST_DESC_KEYGEN_KEM);
genctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
if (genctx == NULL || EVP_PKEY_keygen_init(genctx) <= 0)
goto err;
*params = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_ML_KEM_SEED,
(unsigned char *)t->seed,
t->seed_len);
if (!EVP_PKEY_CTX_set_params(genctx, params)
|| !EVP_PKEY_keygen(genctx, &r))
goto err;
/* Allocate output space */
buf = OPENSSL_malloc(s);
if (buf == NULL)
goto err;
/* Compare outputs */
*params = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
buf, s);
if (!EVP_PKEY_get_params(r, params))
goto err;
OSSL_SELF_TEST_oncorrupt_byte(st, buf);
if (params->return_size != t->private_key_len
|| memcmp(buf, t->private_key, t->private_key_len) != 0)
goto err;
ret = r;
r = NULL;
err:
OPENSSL_free(buf);
EVP_PKEY_CTX_free(genctx);
EVP_PKEY_free(r);
OSSL_SELF_TEST_onend(st, ret != NULL);
return ret;
}
/*
* Test encapsulation, decapsulation for KEM.
*
* FIPS 140-3 IG 10.3.A resolution 14 mandates a CAST for:
* 1 ML-KEM encapsulation
* 2a ML-KEM decapsulation non-rejection path
* 2b ML-KEM decapsulation implicit rejection path
* 3 ML-KEM key generation
*/
static int self_test_kem(const ST_KAT_KEM *t, OSSL_SELF_TEST *st,
OSSL_LIB_CTX *libctx)
{
int ret = 0;
EVP_PKEY *pkey = NULL;
pkey = self_test_kem_keygen(t, st, libctx);
if (pkey == NULL)
goto err;
if (!self_test_kem_encapsulate(t, st, libctx, pkey)
|| !self_test_kem_decapsulate(t, st, libctx, pkey, 0)
|| !self_test_kem_decapsulate(t, st, libctx, pkey, 1))
goto err;
ret = 1;
err:
EVP_PKEY_free(pkey);
return ret;
}
/*
* Test a data driven list of KAT's for digest algorithms.
* All tests are run regardless of if they fail or not.
@ -651,6 +848,17 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
return ret;
}
static int self_test_kems(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
{
int i, ret = 1;
for (i = 0; i < (int)OSSL_NELEM(st_kat_kem_tests); ++i) {
if (!self_test_kem(&st_kat_kem_tests[i], st, libctx))
ret = 0;
}
return ret;
}
static int self_test_kdfs(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
{
int i, ret = 1;
@ -888,6 +1096,8 @@ int SELF_TEST_kats(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
ret = 0;
if (!self_test_asym_keygens(st, libctx))
ret = 0;
if (!self_test_kems(st, libctx))
ret = 0;
RAND_set0_private(libctx, saved_rand);
return ret;