1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
// Copyright © 2024 kyberlib. All rights reserved.
// SPDX-License-Identifier: Apache-2.0 OR MIT
// Import necessary modules
use kyberlib::*;
use rand::rngs::OsRng;
// Unit tests module
#[cfg(test)]
mod tests {
// Import necessary items from the parent module
use super::*;
// Test for keypair generation
#[test]
fn test_keypair_generation() {
// Initialize a random number generator
let mut rng = OsRng;
// Generate keypair
let keypair = keypair(&mut rng).unwrap();
// Assert the length of the public and secret keys
assert_eq!(keypair.public.len(), KYBER_PUBLIC_KEY_BYTES);
assert_eq!(keypair.secret.len(), KYBER_SECRET_KEY_BYTES);
}
// Test for encapsulation and decapsulation
#[test]
fn test_encapsulate_decapsulate() {
// Initialize a random number generator
let mut rng = OsRng;
// Generate keypair
let keypair = keypair(&mut rng).unwrap();
// Encapsulate a shared secret
let (ciphertext, shared_secret1) =
encapsulate(&keypair.public, &mut rng).unwrap();
// Decapsulate the shared secret
let shared_secret2 =
decapsulate(&ciphertext, &keypair.secret).unwrap();
// Assert equality of the shared secrets
assert_eq!(shared_secret1, shared_secret2);
}
// Test for keypair derivation
#[test]
fn test_derive_keypair() {
// Create a seed
let seed = [0u8; 64];
// Derive a keypair from the seed
let keypair = derive(&seed).unwrap();
// Assert the length of the public and secret keys
assert_eq!(keypair.public.len(), KYBER_PUBLIC_KEY_BYTES);
assert_eq!(keypair.secret.len(), KYBER_SECRET_KEY_BYTES);
}
// Test for public key extraction
#[test]
fn test_public_key_extraction() {
// Initialize a random number generator
let mut rng = OsRng;
// Generate keypair
let keypair = keypair(&mut rng).unwrap();
// Extract public key from the secret key
let extracted_pk = public(&keypair.secret);
// Assert equality of the extracted public key and the original public key
assert_eq!(extracted_pk, keypair.public);
}
// Test for handling of invalid inputs
#[test]
fn test_invalid_input_handling() {
// Initialize a random number generator
let mut rng = OsRng;
// Generate keypair
let keypair = keypair(&mut rng).unwrap();
// Define invalid public key, ciphertext, and secret key
let invalid_pk = [0u8; KYBER_PUBLIC_KEY_BYTES - 1];
let invalid_ct = [0u8; KYBER_CIPHERTEXT_BYTES - 1];
let invalid_secret_key = [0u8; KYBER_SECRET_KEY_BYTES - 1];
// Assert error handling for encapsulation with invalid public key
assert!(encapsulate(&invalid_pk, &mut rng).is_err());
// Assert error handling for decapsulation with invalid ciphertext and secret key
assert!(decapsulate(&invalid_ct, &keypair.secret).is_err());
assert!(decapsulate(&invalid_ct, &invalid_secret_key).is_err());
// Assert error handling for keypair derivation with invalid secret key
assert!(derive(&invalid_secret_key).is_err());
// Define invalid seed
let invalid_seed = [0u8; 63];
// Assert error handling for keypair derivation with invalid seed
assert!(derive(&invalid_seed).is_err());
}
// Test for keypair generation using Keypair::generate
#[test]
fn test_keypair_generate() {
// Initialize a random number generator
let mut rng = OsRng;
// Generate keypair using Keypair::generate
let keypair = Keypair::generate(&mut rng).unwrap();
// Assert the length of the public and secret keys
assert_eq!(keypair.public.len(), KYBER_PUBLIC_KEY_BYTES);
assert_eq!(keypair.secret.len(), KYBER_SECRET_KEY_BYTES);
}
// Test for Keypair::import method
#[test]
fn test_keypair_import() {
// Initialize a random number generator
let mut rng = OsRng;
// Generate keypair
let keypair = keypair(&mut rng).unwrap();
// Create mutable references to the public and secret keys
let mut public_key = keypair.public;
let mut secret_key = keypair.secret;
// Import keypair using Keypair::import
let imported_keypair =
Keypair::import(&mut public_key, &mut secret_key, &mut rng)
.unwrap();
// Assert equality of the imported keypair and the original keypair
assert_eq!(imported_keypair.public, keypair.public);
assert_eq!(imported_keypair.secret, keypair.secret);
}
// Test for keypairfrom function
#[test]
fn test_keypairfrom() {
// Initialize a random number generator
let mut rng = OsRng;
// Generate keypair
let keypair = keypair(&mut rng).unwrap();
// Create mutable references to the public and secret keys
let mut public_key = keypair.public;
let mut secret_key = keypair.secret;
// Create keypair using keypairfrom
let new_keypair =
keypairfrom(&mut public_key, &mut secret_key, &mut rng)
.unwrap();
// Assert equality of the new keypair and the original keypair
assert_eq!(new_keypair.public, keypair.public);
assert_eq!(new_keypair.secret, keypair.secret);
}
// Test for handling of invalid inputs in keypairfrom
#[test]
fn test_keypairfrom_invalid_input() {
// Initialize a random number generator
let mut rng = OsRng;
// Define invalid public key and secret key
let mut invalid_public_key = [0u8; KYBER_PUBLIC_KEY_BYTES];
let mut invalid_secret_key = [0u8; KYBER_SECRET_KEY_BYTES];
// Modify the public key and secret key to make them invalid
invalid_public_key[0] = 0xFF;
invalid_secret_key[0] = 0xFF;
// Assert error handling for keypairfrom with invalid public key and secret key
assert!(keypairfrom(
&mut invalid_public_key,
&mut invalid_secret_key,
&mut rng
)
.is_err());
}
// Test for handling of invalid inputs in Keypair::import
#[test]
fn test_keypair_import_invalid_input() {
// Initialize a random number generator
let mut rng = OsRng;
// Define invalid public key and secret key
let mut invalid_public_key = [0u8; KYBER_PUBLIC_KEY_BYTES];
let mut invalid_secret_key = [0u8; KYBER_SECRET_KEY_BYTES];
// Modify the public key and secret key to make them invalid
invalid_public_key[0] = 0xFF;
invalid_secret_key[0] = 0xFF;
// Assert error handling for Keypair::import with invalid public key and secret key
assert!(Keypair::import(
&mut invalid_public_key,
&mut invalid_secret_key,
&mut rng
)
.is_err());
}
// `Keypair::generate(rng)` takes no public/secret arguments, so there
// is no "invalid input" case at this layer — generation either succeeds
// or surfaces an `RandomBytesGeneration` error from the RNG. We assert
// the happy path here; RNG failure is covered in test_rng.rs via
// `FailingRng`.
#[test]
fn test_keypair_generate_succeeds() {
let mut rng = OsRng;
assert!(Keypair::generate(&mut rng).is_ok());
}
// Test for handling of invalid inputs in encapsulate
#[test]
fn test_encapsulate_invalid_input() {
// Initialize a random number generator
let mut rng = OsRng;
// Define invalid public key
let invalid_public_key = [0u8; KYBER_PUBLIC_KEY_BYTES - 1];
// Assert error handling for encapsulate with invalid public key
assert!(encapsulate(&invalid_public_key, &mut rng).is_err());
}
// Test for handling of invalid inputs in decapsulate
#[test]
fn test_decapsulate_invalid_input() {
// Initialize a random number generator
let mut rng = OsRng;
// Generate keypair
let keypair = keypair(&mut rng).unwrap();
// Define invalid ciphertext and secret key
let invalid_ciphertext = [0u8; KYBER_CIPHERTEXT_BYTES - 1];
let invalid_secret_key = [0u8; KYBER_SECRET_KEY_BYTES - 1];
// Assert error handling for decapsulate with invalid ciphertext and secret key
assert!(
decapsulate(&invalid_ciphertext, &keypair.secret).is_err()
);
assert!(decapsulate(&invalid_ciphertext, &invalid_secret_key)
.is_err());
}
// Test for handling of invalid inputs in derive
#[test]
fn test_derive_invalid_input() {
// Define invalid secret key
let invalid_secret_key = [0u8; KYBER_SECRET_KEY_BYTES - 1];
// Assert error handling for derive with invalid secret key
assert!(derive(&invalid_secret_key).is_err());
}
// Test for handling of invalid inputs in public
#[test]
fn test_public_invalid_secret_key_length() {
let invalid_secret_key = [0u8; KYBER_SECRET_KEY_BYTES - 1];
assert_eq!(
public(&invalid_secret_key).len(),
KYBER_PUBLIC_KEY_BYTES
);
}
// Test for keypair equality
#[test]
fn test_keypair_equality() {
let mut rng = OsRng;
let keypair1 = keypair(&mut rng).unwrap();
let keypair2 = keypair(&mut rng).unwrap();
assert_eq!(keypair1, keypair1);
assert_ne!(keypair1, keypair2);
}
// Test for valid seed for derivation
#[test]
fn test_derive_valid_seed() {
let seed = [0u8; 64];
let keypair = derive(&seed).unwrap();
assert_eq!(keypair.public.len(), KYBER_PUBLIC_KEY_BYTES);
assert_eq!(keypair.secret.len(), KYBER_SECRET_KEY_BYTES);
}
// Test for valid input for encapsulation and decapsulation
#[test]
fn test_encapsulate_decapsulate_valid_input() {
let mut rng = OsRng;
let keypair = keypair(&mut rng).unwrap();
let (ciphertext, shared_secret) =
encapsulate(&keypair.public, &mut rng).unwrap();
assert_eq!(ciphertext.len(), KYBER_CIPHERTEXT_BYTES);
assert_eq!(shared_secret.len(), KYBER_SHARED_SECRET_BYTES);
let decapsulated_secret =
decapsulate(&ciphertext, &keypair.secret).unwrap();
assert_eq!(shared_secret, decapsulated_secret);
}
}