Adds a test for test vectors in https://datatracker.ietf.org/doc/draf…

…t-ietf-lamps-cms-kyber/

Cargo.toml

@@ -45,6 +45,7 @@ tiny-keccak = {version="2.0.2", features=["kmac"]}
 cms = {version="0.2.3", features=["builder", "alloc"]}
 spki = "0.7.3"
 const-oid = "0.9.6"
+base64 = "0.22.1"
 
 [profile.dev]
 opt-level = 1

src/kem/ml_kem.rs

@@ -210,9 +210,16 @@ impl Kem for MlKemManager {
 
 #[cfg(test)]
 mod tests {
+    use x509_cert::builder::Profile;
+
     use super::*;
+    use crate::certificates::{CertValidity, CertificateBuilder};
+    use crate::content::EnvelopedDataContent;
+    use crate::dsas::{DsaAlgorithm, DsaKeyGenerator};
     use crate::kem::common::kem_type::KemType;
     use crate::kem::common::macros::test_kem;
+    use crate::keys::{PrivateKey, PublicKey};
+    use base64::{engine::general_purpose::STANDARD, Engine as _};
 
     #[test]
     fn test_ml_kem_512() {
@@ -231,4 +238,59 @@ mod tests {
         let kem = MlKemManager::new(KemType::MlKem1024);
         test_kem!(kem);
     }
+
+    #[test]
+    fn test_ml_kem_512_draft_vectors() {
+        let ee_pk = PublicKey::from_file("test/data/mlkem512_pk.pem").unwrap();
+        let ee_sk = PrivateKey::from_file("test/data/mlkem512_sk.pem").unwrap();
+
+        // Test encap decap with the keys
+        let (ss, ct) = ee_pk.encap().unwrap();
+        let ss2 = ee_sk.decap(&ct).unwrap();
+        assert_eq!(ss, ss2);
+
+        //TODO: Add a mechanism to decrypt directly using the public key in addition to certificate. For now create a certificate to test
+        let mut keygen_ta = DsaKeyGenerator::new(DsaAlgorithm::MlDsa44);
+        let (ta_pk, ta_sk) = keygen_ta.generate().unwrap();
+        let ta_cert_builder = CertificateBuilder::new(
+            Profile::Root,
+            None,
+            CertValidity::new(None, "2035-01-01T00:00:00Z").unwrap(),
+            "CN=IETF Hackathon".to_string(),
+            ta_pk,
+            &ta_sk,
+        )
+        .unwrap();
+
+        let ta_cert = ta_cert_builder.build().unwrap();
+        let ee_cert_builder = CertificateBuilder::new(
+            Profile::Leaf {
+                issuer: ta_cert.get_subject(),
+                enable_key_agreement: false,
+                enable_key_encipherment: true,
+            },
+            None,
+            CertValidity::new(None, "2035-01-01T00:00:00Z").unwrap(),
+            "CN=IETF Hackathon".to_string(),
+            ee_pk,
+            &ta_sk,
+        )
+        .unwrap();
+
+        let ee_cert = ee_cert_builder.build().unwrap();
+
+        // Test decrypt with the keys
+        let enveloped_data_base64 = include_bytes!("../../test/data/mlkem512_enveloped_data.pem");
+        // Remove all newlines
+        let enveloped_data_base64 = std::str::from_utf8(enveloped_data_base64)
+            .unwrap()
+            .replace("\n", "");
+        let enveloped_data = STANDARD.decode(enveloped_data_base64).unwrap();
+        let content =
+            EnvelopedDataContent::from_bytes_for_kem_recipient(&enveloped_data, &ee_cert, &ee_sk)
+                .unwrap();
+        let decrypted = content.get_content();
+
+        assert_eq!(decrypted, b"Hello, world!");
+    }
 }

test/data/mlkem512_enveloped_data.pem

@@ -0,0 +1,21 @@
+MIID4AYJKoZIhvcNAQcDoIID0TCCA80CAQMxggOIpIIDhAYLKoZIhvcNAQkQDQMw
+ggNzAgEAgBRQFxZecg0F1wz9pfR7VL1QCMOr4TALBglghkgBZQMEBAEEggMAqXwh
+xkJt/Vd+oSOSIDXM8851hXdyECMaHp2hnWGL2JohQ38wE82Yg4GC3YfU8F/kA6EZ
+yK5p96HnJsXRfg3dzxprhf7QX4/UNo6v7nwk1JEP5cCwmuMOnbZfeKPb1Mr4qilG
+hlwjpq/r6fR9rZmGOyBG0ZDAQVNlNzgPqnlgK1V/DGYf6KAfWscdjRGs8xHMeRJg
+7vLDSz9A/u1Cu2dZWIMKzwK5snTK2FbOAYerTfDDBnYNoQFpcgoWOFN45SYDTvgb
+2n9sUxWHovMRKlF6j6f9UVa0uqHYzoIXaLU3R9f0LxUVSV6bJ3hQp87t2l3E5ysd
+k3pmqsKkHhBWltJSJeRjjELSDUYs8AuW7D0TnLH0Jt/q0XG7zm1C2cWhJ5oTij10
+yr4qf38mwbG9R1dAbkrtchxl8Rl9v0OJZgfUHJLuSVMTYAb6n3Ltc4tN8qIia3cy
+Lg+wan2CjnXA3fKGDMMWhvaH0GRirItKumKBXg11MuG8PjLm/neUX2MIE+3hzDBB
+GBqSI586EZAx+WgWEhn7sLKlbm8wZtY5jfaqobusj3hN/RxCzFtplq6e3H7tEpFv
+mblF9lSPNpeA06Tj+PXZxXjgupj4gRp+fsjcVheG/syt5MuiFuTG7xdDtWyU7K3e
+8ZBo+zSUysipy4QEFlrBo+tMvhyDffyOd/qaaQnT0cv2ctEU6OeshZ1+J+ptDmx7
+6K3WH+k9etrcwUTmblJn8FDM3czM7fC+XScB5CrNyl9C+W1TN/NzMxaXRQcWuDyJ
+3jRWXmtJEGksg489cJAv1QbZXQmDlarrwq/01Tb7PWbE1QjfRQ627p3ZtAmK6zf7
+wZ8m8ZhoVMRA7qoEd3wfDxmdv4AgGvKILntG3WPgEYpF37qJbHbD6FQqhJXN2kx1
+FUDtsYCmiXB/3+MSz3HDbmXJvC7oxVmpM7YQHWYsrmRE1xDZcQl5IOUHo6yjjDvI
+iAsbmd7BCbanMK8Izysi1Whkw/hjQIuBfi6lH4ykkhN1d9U0Ebn3OZ625WmEMA0G
+CyqGSIb3DQEJEAMcAgEgMAsGCWCGSAFlAwQBLQQoxaMpy4QqMaoK3B0wFDbqmvAW
+Kuo1hZIymSqlgVuw9FRNxbWvSMp24TA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEq
+BBB7U/4MxliKkV8ho6ZJIm9UgBDzlQzo0SLI9+VS4VoV1mvr

test/data/mlkem512_pk.pem

@@ -0,0 +1,20 @@
+-----BEGIN PUBLIC KEY-----
+MIIDMjALBglghkgBZQMEBAEDggMhACTnc6B5UOyymOxQLDt8PzI2vIHkccIGsy1b
+uI6EZ4UVHbHHpbRRv3mZwW7AEu+YEbpcB6kkZ28jUTHWFfYIIIeUbq6hMa/nRcLT
+UPYcjTwBK+dRU1UbmfTHCdtrF3U0hyB7tXsBo6tTeQWCpP7LBrYxmAFBhp2JuUx6
+MO+TpIWVHVzyzS2UE4MEBQ/HDGWyCgL6WRKGRdrEfBc2Wg7loCc7RDjoOqWGYPcV
+n2HCLPVhemLWAeCRE0wcLUPSvUzhKZsrRk4cfSi5eZB7Dze4olQ8NFGiJ8WMi+Y3
+xjiTW/w6X/Y7bC+zf8JLFcn7jOvQNM85PXp4j3KIiXSnCAv1OEUDZO5peP0QQUU1
+CxvQQjxCj+kGHZ/EaKeFy7QD0Crhl69xccB0dMzZMgQFmynLv5kZd0Z4SuSkANQ8
+ymtoLDvMqyHznseJS68ru+ZRn88KkVMosF4UkhKjphLXASHQU5RyquuBORUGLY/q
+DXQSyCJ8AHAlzCYwEUdpqGzsMo84bB72AyN5LNL3mxZaQnxAuREpQIO8w13IREfG
+HEPbHDJVZBXqCcD2wBWllJk4Fjn3b0uid62UfZLARoNCvakIkT+wUv68FS+WGVoY
+zbvYqqPSpJg5GRrTT8KUDwLscRkBVPIDctMWFD20yppmL9iLSwPkrz/1xhbgEqdA
+HGG2kt8XdkIRmEZ2IeLUJeiDPPGCi4zlywkbNpgIHajQriGcNQnoQWQZG3vWe0n2
+ZGuHoF/lPZ0awi6roL7ZOWaysXSBYRv5DiXTP3EFD2lQGDMDECjQPUw2yMXBDRFY
+pYPAeuEGfXMhl8EDgcuie/06oy45kOxxiud6r8q2b9hnH5YzGjJLYSygm9jAhQrQ
+a80GWUdVHvvElgZLs7uEFHhKtgcFbYmDH4GaiLVLMo70cSpDdDXmdVc0J9mEOsSk
+ac5ztj+mgj7qfCkib6QXeAMCmSnASKugi9iSAEEmXalmN5Jksh75YlozJM0xyDTZ
+k5SqKn5seA97Y+ExjOJXOEzcsXhHV9vc/9HTgFGXNv+Lbj8u+q4i4NDoWIntY5eM
++u9k28Eo
+-----END PUBLIC KEY-----

test/data/mlkem512_sk.pem

@@ -0,0 +1,37 @@
+-----BEGIN PRIVATE KEY-----
+MIIGdAIBADALBglghkgBZQMEBAEEggZgccN7jmIdwnCzfWgVxgIPofRkZ+qPP+Jn
+e7kd/wBvcwFsqygTliNHMixSTSc4OckHLmuehHZcpOc+mKNGyMu+flEy73GrpjrB
+L/Q/WaS7Vxe665MIbDKCqhJJS2AFguuYDBWGOxuCZYSQhawoAfR0OAkA5RoihgMH
+OKAx+6F0V8VJLFyj2yuVpNqOn2J3/bJ+DAMZv/ki2TcNoiEI/ZBfO0iEOKmso1tG
+p0A+96odcQOM0Bw2ATrJBpubaMFsK5y9Trgl6fJjwQI2eidnYcxC0ME6fVqNRWrK
+RDk3+jBiPkBzMOdJIsemNYeIwKu/ZpCbn8guTogI0tscIDiciXQwBbNp0HePdasB
+f4FklaESWfzO2XNyI8x/7nyBn2OJQrup6ec1BjKphuA5saBPnpW4D8UMJaVeCdq7
+7jVBdQwJDcUzWMGe0JpDGAJTqtONrPg0xyplcGQDoiGklDJhEuS5uDUgkaM27bJT
+FiDJxeGM9fZenJG129pCOwcTnud3yjeMsKmQ1joFjPuF4WxJsTE7BZWO9joX3oR+
+BVcrsua7ndarRDmY2LzIXWguTtulaEUkPre5l2dZpnFBv1sBEVASk+RBW8AxckcQ
+ZdIBX8QyRtgZbdVd6gy/nVhWnGcbFKEfEZY69ZlTZHG4SScdALmRfMdV2DB+i+XC
+GQZYVaeamzUa5EFqtGwPi/tz+AeZEHESs/YMamZplGBr5eCTthsZi9NZs5is1dFE
+avMnXKbN7oWBTYyKeOFFDph+RSCNlnnH5hKtFHWsPMZqVVaD7TAT8mYuhOq1gGKE
+mHlPTJNlPom1LbRiUktp9yWB9fQ5c9C5IrLPnMCIhqdcZ/a0zlHELyZ3DPNeSepD
+lBSuUacgClq7FNuV2LMgsbFqiVLD1bSVYzRLAAOac/Z1EZDCyPu9vlglAH3G5SLF
+mypxVtST1XQ91gkurfwksUK13vSif6miRvV9gFwb+5d2kJIjdJAcKilDi5TL7+wQ
+YYN9qGkYCNuVYDMVRCI0VEIHjise4KZaJOdzoHlQ7LKY7FAsO3w/Mja8geRxwgaz
+LVu4joRnhRUdsceltFG/eZnBbsAS75gRulwHqSRnbyNRMdYV9gggh5RurqExr+dF
+wtNQ9hyNPAEr51FTVRuZ9McJ22sXdTSHIHu1ewGjq1N5BYKk/ssGtjGYAUGGnYm5
+THow75OkhZUdXPLNLZQTgwQFD8cMZbIKAvpZEoZF2sR8FzZaDuWgJztEOOg6pYZg
+9xWfYcIs9WF6YtYB4JETTBwtQ9K9TOEpmytGThx9KLl5kHsPN7iiVDw0UaInxYyL
+5jfGOJNb/Dpf9jtsL7N/wksVyfuM69A0zzk9eniPcoiJdKcIC/U4RQNk7ml4/RBB
+RTULG9BCPEKP6QYdn8Rop4XLtAPQKuGXr3FxwHR0zNkyBAWbKcu/mRl3RnhK5KQA
+1DzKa2gsO8yrIfOex4lLryu75lGfzwqRUyiwXhSSEqOmEtcBIdBTlHKq64E5FQYt
+j+oNdBLIInwAcCXMJjARR2mobOwyjzhsHvYDI3ks0vebFlpCfEC5ESlAg7zDXchE
+R8YcQ9scMlVkFeoJwPbAFaWUmTgWOfdvS6J3rZR9ksBGg0K9qQiRP7BS/rwVL5YZ
+WhjNu9iqo9KkmDkZGtNPwpQPAuxxGQFU8gNy0xYUPbTKmmYv2ItLA+SvP/XGFuAS
+p0AcYbaS3xd2QhGYRnYh4tQl6IM88YKLjOXLCRs2mAgdqNCuIZw1CehBZBkbe9Z7
+SfZka4egX+U9nRrCLqugvtk5ZrKxdIFhG/kOJdM/cQUPaVAYMwMQKNA9TDbIxcEN
+EVilg8B64QZ9cyGXwQOBy6J7/TqjLjmQ7HGK53qvyrZv2GcfljMaMkthLKCb2MCF
+CtBrzQZZR1Ue+8SWBkuzu4QUeEq2BwVtiYMfgZqItUsyjvRxKkN0NeZ1VzQn2YQ6
+xKRpznO2P6aCPup8KSJvpBd4AwKZKcBIq6CL2JIAQSZdqWY3kmSyHvliWjMkzTHI
+NNmTlKoqfmx4D3tj4TGM4lc4TNyxeEdX29z/0dOAUZc2/4tuPy76riLg0OhYie1j
+l4z672TbwSjZpZyRy7PJw/1ddylMqPKx+8P8zUDASMuBWGXxUXFXnH57d4puN9tR
+8okk0ej2GS/mY8DijpX4g0XMQ0RECPq4
+-----END PRIVATE KEY-----