(self, backend, subtests)
| 205 | variant.private_key_class.from_seed_bytes(object()) |
| 206 | |
| 207 | def test_kat_vectors_768(self, backend, subtests): |
| 208 | vectors = load_vectors_from_file( |
| 209 | os.path.join("asymmetric", "MLKEM", "kat_MLKEM_768.rsp"), |
| 210 | load_nist_vectors, |
| 211 | ) |
| 212 | for vector in vectors: |
| 213 | with subtests.test(): |
| 214 | d = binascii.unhexlify(vector["d"]) |
| 215 | z = binascii.unhexlify(vector["z"]) |
| 216 | |
| 217 | seed = d + z |
| 218 | key = MLKEM768PrivateKey.from_seed_bytes(seed) |
| 219 | assert key.private_bytes_raw() == seed |
| 220 | |
| 221 | # Verify public key matches |
| 222 | pub = key.public_key() |
| 223 | assert pub.public_bytes_raw() == binascii.unhexlify( |
| 224 | vector["pk"] |
| 225 | ) |
| 226 | |
| 227 | # Verify decapsulation produces the expected shared secret |
| 228 | ss = key.decapsulate(binascii.unhexlify(vector["ct"])) |
| 229 | assert ss == binascii.unhexlify(vector["ss"]) |
| 230 | |
| 231 | # Decapsulating an invalid ciphertext should use |
| 232 | # implicit rejection, producing a deterministic but |
| 233 | # different shared secret. |
| 234 | ss_n = key.decapsulate(binascii.unhexlify(vector["ct_n"])) |
| 235 | assert ss_n == binascii.unhexlify(vector["ss_n"]) |
| 236 | |
| 237 | def test_kat_vectors_1024(self, backend, subtests): |
| 238 | vectors = load_vectors_from_file( |
nothing calls this directly
no test coverage detected