Page MenuHome GnuPG
Create Task
Maniphest T7277

libgcrypt: Adding Known Answer Tests for KEM
Testing, NormalPublic
Actions

Description

FIPS 203 is published. It's good to add KAT for libgcrypt/tests/t-kem.c.

Currently, it simply does: generate, encaps, decaps.

generate and encaps use RNG, so, if we want to test them, some interface to access RNG in use might be needed for tests.

Or, simply adding tests for decaps (only) makes sense.

Revisions and Commits

rC libgcrypt
rC4876a1a45c25 tests:kyber: Add genkey and encap KAT tests.
rC38742196c04c cipher:kyber: Add gcry_kem_genkey to support deterministic op.

Event Timeline

gniibe triaged this task as Normal priority.Aug 29 2024, 8:18 AM
gniibe created this task.
gniibe added a comment.Aug 29 2024, 8:23 AM
gniibe added a comment.Aug 30 2024, 7:57 AM

I was confused. We already have KAT for decap in t-mlkem.c.

I found that we need to extend our API for FIPS 140 testing with FIPS 203, since the test vector for FIPS 203 assumes that the API has derand variant, supplying random "coins" from application.

I created gniibe/t7277 branch: https://dev.gnupg.org/source/libgcrypt/history/gniibe%252Ft7277/

gniibe added a comment.Sep 4 2024, 7:07 AM

I re-consider. Adding arguments to existing gcry_kem_keypair is not good since it introduces API break.
Instead, I add gcry_kem_genkey with additional arguments (which can be used for deterministic key generation).

gniibe added a project: libgcrypt.Sep 4 2024, 7:13 AM
gniibe added a project: PQC.Sep 6 2024, 8:50 AM
gniibe changed the task status from Open to Testing.Sep 17 2024, 9:39 AM

Pushed the change in: rC38742196c04c: cipher:kyber: Add gcry_kem_genkey to support deterministic op.
rC4876a1a45c25: tests:kyber: Add genkey and encap KAT tests.

gniibe added a commit: rC38742196c04c: cipher:kyber: Add gcry_kem_genkey to support deterministic op..Sep 17 2024, 10:39 AM
gniibe added a commit: rC4876a1a45c25: tests:kyber: Add genkey and encap KAT tests..