Merge pull request #769 from pq-code-package/pct

Add Pairwise Consistency Test (PCT) for FIPS-203 IG compliance

Author: mkannwischer

.github/workflows/ci.yml

@@ -329,6 +329,7 @@ jobs:
           nix-cache: ${{ matrix.target.mode == 'native' && 'false' || 'true' }}
           gh_token: ${{ secrets.GITHUB_TOKEN }}
           compile_mode: ${{ matrix.target.mode }}
+          cflags: "-DMLK_KEYGEN_PCT"
           # There is no native code on R-V or AArch64_be yet, so no point running opt tests
           opt: ${{ (matrix.target.arch != 'riscv64' && matrix.target.arch != 'aarch64_be') && 'all' || 'no_opt' }}
       - name: build + test (+debug+memsan+ubsan)
@@ -337,7 +338,7 @@ jobs:
         with:
           gh_token: ${{ secrets.GITHUB_TOKEN }}
           compile_mode: native
-          cflags: "-DMLKEM_DEBUG -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all"
+          cflags: "-DMLK_KEYGEN_PCT -DMLKEM_DEBUG -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all"
   compiler_tests:
     name: Compiler tests  (${{ matrix.compiler.name }}, ${{ matrix.target.name }})
     needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint, lint-markdown-link]
@@ -393,6 +394,7 @@ jobs:
           kat: false
           acvp: false
           nix-shell: ${{ matrix.compiler.shell }}
+          cflags: "-DMLK_KEYGEN_PCT"
       - name: native build+functest (C90)
         if: ${{ matrix.compiler.darwin || matrix.target.runner != 'macos-latest' }}
         uses: ./.github/actions/multi-functest
@@ -404,7 +406,7 @@ jobs:
           kat: false
           acvp: false
           nix-shell: ${{ matrix.compiler.shell }}
-          cflags: "-std=c90"
+          cflags: "-std=c90 -DMLK_KEYGEN_PCT"
       - name: native build+functest (C99)
         if: ${{ matrix.compiler.darwin || matrix.target.runner != 'macos-latest' }}
         uses: ./.github/actions/multi-functest
@@ -428,7 +430,7 @@ jobs:
           kat: false
           acvp: false
           nix-shell: ${{ matrix.compiler.shell }}
-          cflags: "-std=c11"
+          cflags: "-std=c11 -DMLK_KEYGEN_PCT"
       - name: native build+functest (C17)
         if: ${{ (matrix.compiler.darwin || matrix.target.runner != 'macos-latest') &&
                 matrix.compiler.c17 }}
@@ -441,7 +443,7 @@ jobs:
           kat: false
           acvp: false
           nix-shell: ${{ matrix.compiler.shell }}
-          cflags: "-std=c17"
+          cflags: "-std=c17 -DMLK_KEYGEN_PCT"
   config_variations:
     name: Non-standard configurations
     needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint, lint-markdown-link]
@@ -605,6 +607,7 @@ jobs:
       acvptest: true
       lint: false
       verbose: true
+      cflags: " -DMLK_KEYGEN_PCT"
     secrets: inherit
   compatibility_tests:
     strategy:
@@ -653,6 +656,7 @@ jobs:
         with:
           nix-shell: ""
           gh_token: ${{ secrets.AWS_GITHUB_TOKEN }}
+          cflags: " -DMLK_KEYGEN_PCT"
   ec2_compatibilitytests:
     strategy:
       max-parallel: 8
@@ -699,7 +703,7 @@ jobs:
       acvptest: true
       lint: false
       verbose: true
-      cflags: "-O0"
+      cflags: "-O0 -DMLK_KEYGEN_PCT"
     secrets: inherit
   cbmc_k2:
     name: CBMC (ML-KEM-512)

examples/bring_your_own_fips202/main.c

@@ -9,6 +9,18 @@
 #include <mlkem_native.h>
 #include "test_only_rng/notrandombytes.h"
 
+#define CHECK(x)                                              \
+  do                                                          \
+  {                                                           \
+    int rc;                                                   \
+    rc = (x);                                                 \
+    if (!rc)                                                  \
+    {                                                         \
+      fprintf(stderr, "ERROR (%s,%d)\n", __FILE__, __LINE__); \
+      return 1;                                               \
+    }                                                         \
+  } while (0)
+
 int main(void)
 {
   uint8_t pk[CRYPTO_PUBLICKEYBYTES];
@@ -41,19 +53,19 @@ int main(void)
   printf("Generating keypair ... ");
 
   /* Alice generates a public key */
-  crypto_kem_keypair(pk, sk);
+  CHECK(crypto_kem_keypair(pk, sk) == 0);
 
   printf("DONE\n");
   printf("Encaps... ");
 
   /* Bob derives a secret key and creates a response */
-  crypto_kem_enc(ct, key_b, pk);
+  CHECK(crypto_kem_enc(ct, key_b, pk) == 0);
 
   printf("DONE\n");
   printf("Decaps... ");
 
   /* Alice uses Bobs response to get her shared key */
-  crypto_kem_dec(key_a, ct, sk);
+  CHECK(crypto_kem_dec(key_a, ct, sk) == 0);
 
   printf("DONE\n");
   printf("Compare... ");
@@ -74,11 +86,7 @@ int main(void)
 
   /* Check against hardcoded result to make sure that
    * we integrated custom FIPS202 correctly */
-  if (memcmp(key_a, expected_key, CRYPTO_BYTES) != 0)
-  {
-    printf("ERROR: Unexpected result\n");
-    return 1;
-  }
+  CHECK(memcmp(key_a, expected_key, CRYPTO_BYTES) == 0);
 
   printf("OK\n");
 

examples/custom_backend/main.c

@@ -9,6 +9,18 @@
 #include <mlkem_native.h>
 #include "test_only_rng/notrandombytes.h"
 
+#define CHECK(x)                                              \
+  do                                                          \
+  {                                                           \
+    int rc;                                                   \
+    rc = (x);                                                 \
+    if (!rc)                                                  \
+    {                                                         \
+      fprintf(stderr, "ERROR (%s,%d)\n", __FILE__, __LINE__); \
+      return 1;                                               \
+    }                                                         \
+  } while (0)
+
 int main(void)
 {
   uint8_t pk[CRYPTO_PUBLICKEYBYTES];
@@ -41,19 +53,19 @@ int main(void)
   printf("Generating keypair ... ");
 
   /* Alice generates a public key */
-  crypto_kem_keypair(pk, sk);
+  CHECK(crypto_kem_keypair(pk, sk) == 0);
 
   printf("DONE\n");
   printf("Encaps... ");
 
   /* Bob derives a secret key and creates a response */
-  crypto_kem_enc(ct, key_b, pk);
+  CHECK(crypto_kem_enc(ct, key_b, pk) == 0);
 
   printf("DONE\n");
   printf("Decaps... ");
 
   /* Alice uses Bobs response to get her shared key */
-  crypto_kem_dec(key_a, ct, sk);
+  CHECK(crypto_kem_dec(key_a, ct, sk) == 0);
 
   printf("DONE\n");
   printf("Compare... ");
@@ -74,11 +86,7 @@ int main(void)
 
   /* Check against hardcoded result to make sure that
    * we integrated custom FIPS202 correctly */
-  if (memcmp(key_a, expected_key, CRYPTO_BYTES) != 0)
-  {
-    printf("ERROR: Unexpected result\n");
-    return 1;
-  }
+  CHECK(memcmp(key_a, expected_key, CRYPTO_BYTES) == 0);
 
   printf("OK\n");
 

examples/mlkem_native_as_code_package/main.c

@@ -9,6 +9,18 @@
 #include "mlkem_native/mlkem/mlkem_native.h"
 #include "test_only_rng/notrandombytes.h"
 
+#define CHECK(x)                                              \
+  do                                                          \
+  {                                                           \
+    int rc;                                                   \
+    rc = (x);                                                 \
+    if (!rc)                                                  \
+    {                                                         \
+      fprintf(stderr, "ERROR (%s,%d)\n", __FILE__, __LINE__); \
+      return 1;                                               \
+    }                                                         \
+  } while (0)
+
 int main(void)
 {
   uint8_t pk[CRYPTO_PUBLICKEYBYTES];
@@ -41,28 +53,24 @@ int main(void)
   printf("Generating keypair ... ");
 
   /* Alice generates a public key */
-  crypto_kem_keypair(pk, sk);
+  CHECK(crypto_kem_keypair(pk, sk) == 0);
 
   printf("DONE\n");
   printf("Encaps... ");
 
   /* Bob derives a secret key and creates a response */
-  crypto_kem_enc(ct, key_b, pk);
+  CHECK(crypto_kem_enc(ct, key_b, pk) == 0);
 
   printf("DONE\n");
   printf("Decaps... ");
 
   /* Alice uses Bobs response to get her shared key */
-  crypto_kem_dec(key_a, ct, sk);
+  CHECK(crypto_kem_dec(key_a, ct, sk) == 0);
 
   printf("DONE\n");
   printf("Compare... ");
 
-  if (memcmp(key_a, key_b, CRYPTO_BYTES))
-  {
-    printf("ERROR\n");
-    return 1;
-  }
+  CHECK(memcmp(key_a, key_b, CRYPTO_BYTES) == 0);
 
   printf("Shared secret: ");
   {
@@ -72,12 +80,7 @@ int main(void)
   }
   printf("\n");
 
-  if (memcmp(key_a, expected_key, sizeof(key_a)) != 0)
-  {
-    printf("ERROR: Unexpected result\n");
-    return 1;
-  }
-
+  CHECK(memcmp(key_a, expected_key, sizeof(key_a)) == 0);
   printf("OK\n");
   return 0;
 }

examples/monolithic_build/main.c

@@ -10,6 +10,18 @@
 #include "mlkem_native.h"
 #include "test_only_rng/notrandombytes.h"
 
+#define CHECK(x)                                              \
+  do                                                          \
+  {                                                           \
+    int rc;                                                   \
+    rc = (x);                                                 \
+    if (!rc)                                                  \
+    {                                                         \
+      fprintf(stderr, "ERROR (%s,%d)\n", __FILE__, __LINE__); \
+      return 1;                                               \
+    }                                                         \
+  } while (0)
+
 static int test_keys_mlkem(void)
 {
 #if MLKEM_K == 2
@@ -39,19 +51,15 @@ static int test_keys_mlkem(void)
   randombytes_reset();
 
   /* Alice generates a public key */
-  mlkem_keypair(pk, sk);
+  CHECK(mlkem_keypair(pk, sk) == 0);
 
   /* Bob derives a secret key and creates a response */
-  mlkem_enc(ct, key_b, pk);
+  CHECK(mlkem_enc(ct, key_b, pk) == 0);
 
   /* Alice uses Bobs response to get her shared key */
-  mlkem_dec(key_a, ct, sk);
+  CHECK(mlkem_dec(key_a, ct, sk) == 0);
 
-  if (memcmp(key_a, key_b, MLKEM_BYTES))
-  {
-    printf("[MLKEM] ERROR keys\n");
-    return 1;
-  }
+  CHECK(memcmp(key_a, key_b, MLKEM_BYTES) == 0);
 
   printf("Shared secret: ");
   {
@@ -61,11 +69,7 @@ static int test_keys_mlkem(void)
   }
   printf("\n");
 
-  if (memcmp(key_a, expected_key, sizeof(key_a)) != 0)
-  {
-    printf("ERROR: Unexpected result\n");
-    return 1;
-  }
+  CHECK(memcmp(key_a, expected_key, sizeof(key_a)) == 0);
 
   printf("[MLKEM-%d] OK\n", MLK_BUILD_INFO_LVL);
   return 0;

examples/monolithic_build/mlkem_native_monobuild.c

@@ -140,6 +140,7 @@
 #undef MLK_BUILD_INFO_LVL
 #undef MLK_BUILD_INFO_NAMESPACE
 #undef MLK_H
+#undef MLK_MUST_CHECK_RETURN_VALUE
 #undef crypto_kem_dec
 #undef crypto_kem_enc
 #undef crypto_kem_enc_derand
@@ -197,6 +198,25 @@
 #undef polyvec_reduce
 #undef polyvec_tobytes
 #undef polyvec_tomont
+/* mlkem/sys.h */
+#undef MLK_ALIGN
+#undef MLK_ALWAYS_INLINE
+#undef MLK_CET_ENDBR
+#undef MLK_CT_TESTING_DECLASSIFY
+#undef MLK_CT_TESTING_SECRET
+#undef MLK_DEFAULT_ALIGN
+#undef MLK_HAVE_INLINE_ASM
+#undef MLK_INLINE
+#undef MLK_MUST_CHECK_RETURN_VALUE
+#undef MLK_RESTRICT
+#undef MLK_SYS_AARCH64
+#undef MLK_SYS_AARCH64_EB
+#undef MLK_SYS_BIG_ENDIAN
+#undef MLK_SYS_H
+#undef MLK_SYS_LITTLE_ENDIAN
+#undef MLK_SYS_WINDOWS
+#undef MLK_SYS_X86_64
+#undef MLK_SYS_X86_64_AVX2
 
 #if !defined(MLK_MONOBUILD_KEEP_SHARED_HEADERS)
 /*
@@ -280,24 +300,6 @@
 #undef xof_x4_init
 #undef xof_x4_release
 #undef xof_x4_squeezeblocks
-/* mlkem/sys.h */
-#undef MLK_ALIGN
-#undef MLK_ALWAYS_INLINE
-#undef MLK_CET_ENDBR
-#undef MLK_CT_TESTING_DECLASSIFY
-#undef MLK_CT_TESTING_SECRET
-#undef MLK_DEFAULT_ALIGN
-#undef MLK_HAVE_INLINE_ASM
-#undef MLK_INLINE
-#undef MLK_RESTRICT
-#undef MLK_SYS_AARCH64
-#undef MLK_SYS_AARCH64_EB
-#undef MLK_SYS_BIG_ENDIAN
-#undef MLK_SYS_H
-#undef MLK_SYS_LITTLE_ENDIAN
-#undef MLK_SYS_WINDOWS
-#undef MLK_SYS_X86_64
-#undef MLK_SYS_X86_64_AVX2
 /* mlkem/verify.h */
 #undef MLK_USE_ASM_VALUE_BARRIER
 #undef MLK_VERIFY_H