(self, backend, subtests)
| 235 | assert ss_n == binascii.unhexlify(vector["ss_n"]) |
| 236 | |
| 237 | def test_kat_vectors_1024(self, backend, subtests): |
| 238 | vectors = load_vectors_from_file( |
| 239 | os.path.join("asymmetric", "MLKEM", "kat_MLKEM_1024.rsp"), |
| 240 | load_nist_vectors, |
| 241 | ) |
| 242 | for vector in vectors: |
| 243 | with subtests.test(): |
| 244 | d = binascii.unhexlify(vector["d"]) |
| 245 | z = binascii.unhexlify(vector["z"]) |
| 246 | |
| 247 | seed = d + z |
| 248 | key = MLKEM1024PrivateKey.from_seed_bytes(seed) |
| 249 | assert key.private_bytes_raw() == seed |
| 250 | |
| 251 | # Verify public key matches |
| 252 | pub = key.public_key() |
| 253 | assert pub.public_bytes_raw() == binascii.unhexlify( |
| 254 | vector["pk"] |
| 255 | ) |
| 256 | |
| 257 | # Verify decapsulation produces the expected shared secret |
| 258 | ss = key.decapsulate(binascii.unhexlify(vector["ct"])) |
| 259 | assert ss == binascii.unhexlify(vector["ss"]) |
| 260 | |
| 261 | # Decapsulating an invalid ciphertext should use |
| 262 | # implicit rejection, producing a deterministic but |
| 263 | # different shared secret. |
| 264 | ss_n = key.decapsulate(binascii.unhexlify(vector["ct_n"])) |
| 265 | assert ss_n == binascii.unhexlify(vector["ss_n"]) |
| 266 | |
| 267 | @pytest.mark.parametrize("variant", ML_KEM_VARIANTS) |
| 268 | @pytest.mark.parametrize( |
nothing calls this directly
no test coverage detected