1 package frodo
2
3
4
5
6 import (
7 "bytes"
8 "crypto/sha256"
9 "fmt"
10 "testing"
11
12 "github.com/cloudflare/circl/internal/nist"
13 "github.com/cloudflare/circl/kem/schemes"
14 )
15
16 func TestPQCgenKATKem(t *testing.T) {
17 kats := []struct {
18 name string
19 want string
20 }{
21
22
23 {"FrodoKEM-640-SHAKE", "604a10cfc871dfaed9cb5b057c644ab03b16852cea7f39bc7f9831513b5b1cfa"},
24 }
25 for _, kat := range kats {
26 kat := kat
27 t.Run(kat.name, func(t *testing.T) {
28 testPQCgenKATKem(t, kat.name, kat.want)
29 })
30 }
31 }
32
33 func testPQCgenKATKem(t *testing.T, name, expected string) {
34 scheme := schemes.ByName(name)
35 if scheme == nil {
36 t.Fatal()
37 }
38
39 var seed [48]byte
40 kseed := make([]byte, scheme.SeedSize())
41 eseed := make([]byte, scheme.EncapsulationSeedSize())
42 for i := 0; i < 48; i++ {
43 seed[i] = byte(i)
44 }
45 f := sha256.New()
46 g := nist.NewDRBG(&seed)
47 fmt.Fprintf(f, "# %s\n\n", name)
48 for i := 0; i < 100; i++ {
49 g.Fill(seed[:])
50 fmt.Fprintf(f, "count = %d\n", i)
51 fmt.Fprintf(f, "seed = %X\n", seed)
52 g2 := nist.NewDRBG(&seed)
53
54 g2.Fill(kseed[:])
55
56 pk, sk := scheme.DeriveKeyPair(kseed)
57 ppk, _ := pk.MarshalBinary()
58 psk, _ := sk.MarshalBinary()
59
60 g2.Fill(eseed)
61 ct, ss, err := scheme.EncapsulateDeterministically(pk, eseed)
62 if err != nil {
63 t.Fatal(err)
64 }
65 ss2, _ := scheme.Decapsulate(sk, ct)
66 if !bytes.Equal(ss, ss2) {
67 t.Fatal()
68 }
69 fmt.Fprintf(f, "pk = %X\n", ppk)
70 fmt.Fprintf(f, "sk = %X\n", psk)
71 fmt.Fprintf(f, "ct = %X\n", ct)
72 fmt.Fprintf(f, "ss = %X\n\n", ss)
73 }
74 if fmt.Sprintf("%x", f.Sum(nil)) != expected {
75 t.Fatal()
76 }
77 }
78
View as plain text