RELEASE/v1.1.0.34

gen-val/json-files/ML-DSA-sigVer-FIPS204/expectedResults.json

@@ -30,19 +30,19 @@
         },
         {
           "tcId": 6,
-          "testPassed": true
+          "testPassed": false
         },
         {
           "tcId": 7,
-          "testPassed": false
+          "testPassed": true
         },
         {
           "tcId": 8,
           "testPassed": false
         },
         {
           "tcId": 9,
-          "testPassed": true
+          "testPassed": false
         },
         {
           "tcId": 10,
@@ -66,7 +66,7 @@
         },
         {
           "tcId": 15,
-          "testPassed": false
+          "testPassed": true
         }
       ]
     },
@@ -75,11 +75,11 @@
       "tests": [
         {
           "tcId": 16,
-          "testPassed": false
+          "testPassed": true
         },
         {
           "tcId": 17,
-          "testPassed": true
+          "testPassed": false
         },
         {
           "tcId": 18,
@@ -144,11 +144,11 @@
         },
         {
           "tcId": 32,
-          "testPassed": false
+          "testPassed": true
         },
         {
           "tcId": 33,
-          "testPassed": false
+          "testPassed": true
         },
         {
           "tcId": 34,
@@ -164,7 +164,7 @@
         },
         {
           "tcId": 37,
-          "testPassed": false
+          "testPassed": true
         },
         {
           "tcId": 38,
@@ -180,19 +180,19 @@
         },
         {
           "tcId": 41,
-          "testPassed": true
+          "testPassed": false
         },
         {
           "tcId": 42,
           "testPassed": false
         },
         {
           "tcId": 43,
-          "testPassed": true
+          "testPassed": false
         },
         {
           "tcId": 44,
-          "testPassed": true
+          "testPassed": false
         },
         {
           "tcId": 45,

gen-val/src/crypto/src/NIST.CVP.ACVTS.Libraries.Crypto/Dilithium/Dilithium.cs

@@ -58,7 +58,7 @@ public Dilithium(DilithiumParameters param, IShaFactory shaFactory, IEntropyProv
     /// <returns>Tuple (byte[] pk, byte[] sk) containing the public key and secret key</returns>
     public (byte[] pk, byte[] sk) GenerateKey(BitArray seed)
     {
-        var seedBytes = BitsToBytes(seed);
+        var seedBytes = BitsToBytes(seed).Reverse().ToArray();
         var seedMaterial = new byte[128];
 
         _h.Init();
@@ -147,7 +147,7 @@ public byte[] Sign(byte[] sk, BitArray message, bool deterministic)
         var mu = new byte[64];
         _h.Init();
         _h.Update(BitsToBytes(tr), tr.Length);
-        _h.Update(BitsToBytes(message), message.Length);
+        _h.Update(BitsToBytes(message).Reverse().ToArray(), message.Length);
         _h.Final(mu, 512);
 
         // rnd is either 256 random bits, or 256 0-bits. 
@@ -342,7 +342,7 @@ public bool Verify(byte[] pk, byte[] signature, BitArray message)
         var mu = new byte[64];
         _h.Init();
         _h.Update(tr, 512);
-        _h.Update(BitsToBytes(message), message.Length);
+        _h.Update(BitsToBytes(message).Reverse().ToArray(), message.Length);
         _h.Final(mu, 512);
         // Console.WriteLine("muCandidate: " + IntermediateValueHelper.Print(mu));
         // Console.WriteLine();
@@ -942,7 +942,7 @@ public int[] RejBoundedPoly(BitArray rho)
                 var tempZ = new byte[256 * squeezeFactor];
 
                 _h.Squeeze(tempZ, 256 * 8 * squeezeFactor);
-                zCandidates = tempZ[..256];
+                zCandidates = tempZ[(256 * (squeezeFactor - 1))..];
             }
 
             var z = zCandidates[c];

gen-val/src/crypto/test/NIST.CVP.ACVTS.Libraries.Crypto.Dilithium.Tests/DilithiumTests.cs

@@ -32,7 +32,7 @@ public class DilithiumTests
     public void ShouldExerciseAlgorithm(DilithiumParameterSet parameterSet, string seedHex, string messageHex, string expectedSignatureHex)
     {
         var seed = new BitString(seedHex).Bits;
-        var message = new BitArray(new BitString(messageHex).ToBytes());
+        var message = new BitArray(new BitString(messageHex).ToBytes(true));
 
         var dilithium = new Dilithium(new DilithiumParameters(parameterSet), new NativeShaFactory(), new EntropyProvider(new Random800_90()));
 
@@ -92,7 +92,7 @@ public void ShouldExerciseAlgorithm(DilithiumParameterSet parameterSet, string s
     #endregion KeyTests
     public void ShouldGenerateKeyCorrectly(DilithiumParameterSet parameterSet, string seedHex, string pkHex, string skHex)
     {
-        var seed = new BitArray(new BitString(seedHex).ToBytes());
+        var seed = new BitArray(new BitString(seedHex).ToBytes(true));
 
         var dilithium = new Dilithium(new DilithiumParameters(parameterSet), new NativeShaFactory(), new EntropyProvider(new Random800_90()));
 
@@ -138,7 +138,7 @@ public void ShouldGenerateKeyCorrectly(DilithiumParameterSet parameterSet, strin
     #endregion SignatureTests
     public void ShouldGenerateSignatureCorrectly(DilithiumParameterSet parameterSet, string skHex, string messageHex, string signatureHex)
     {
-        var message = new BitArray(new BitString(messageHex).ToBytes());
+        var message = new BitArray(new BitString(messageHex).ToBytes(true));
         var sk = new BitString(skHex).ToBytes();
 
         var dilithium = new Dilithium(new DilithiumParameters(parameterSet), new NativeShaFactory(), new EntropyProvider(new Random800_90()));
@@ -190,7 +190,7 @@ public void ShouldGenerateSignatureCorrectly(DilithiumParameterSet parameterSet,
     #endregion VerifyTests
     public void ShouldVerifySignaturesCorrectly(DilithiumParameterSet parameterSet, bool expectedVerify, string pkHex, string messageHex, string signatureHex)
     {
-        var message = new BitArray(new BitString(messageHex).ToBytes());
+        var message = new BitArray(new BitString(messageHex).ToBytes(true));
         var signature = new BitString(signatureHex).ToBytes();
         var pk = new BitString(pkHex).ToBytes();
 

gen-val/src/generation/src/NIST.CVP.ACVTS.Libraries.Generation/ML-KEM/FIPS203/EncapDecap/ContractResolvers/ResultProjectionContractResolver.cs

@@ -27,19 +27,15 @@ protected override Predicate<object> TestCaseSerialization(JsonProperty jsonProp
     {
         var includeProperties = new[]
         {
-            nameof(TestCase.TestCaseId)
+            nameof(TestCase.TestCaseId),
+            nameof(TestCase.SharedKey)
         };
 
         var includeAftProperties = new[]
         {
             nameof(TestCase.Ciphertext)
         };
 
-        var includeValProperties = new[]
-        {
-            nameof(TestCase.SharedKey)
-        };
-
         if (includeProperties.Contains(jsonProperty.UnderlyingName, StringComparer.OrdinalIgnoreCase))
         {
             return jsonProperty.ShouldSerialize = _ => true;
@@ -54,15 +50,6 @@ protected override Predicate<object> TestCaseSerialization(JsonProperty jsonProp
             };
         }
 
-        if (includeValProperties.Contains(jsonProperty.UnderlyingName, StringComparer.OrdinalIgnoreCase))
-        {
-            return jsonProperty.ShouldSerialize = instance =>
-            {
-                GetTestCaseFromTestCaseObject(instance, out var group, out var testCase);
-                return group.TestType.Equals("VAL", StringComparison.OrdinalIgnoreCase);
-            };
-        }
-
         return jsonProperty.ShouldSerialize = _ => false;
     }
 }

gen-val/src/generation/src/NIST.CVP.ACVTS.Libraries.Generation/ML-KEM/FIPS203/EncapDecap/TestCaseGeneratorDecapsulationVal.cs

@@ -32,7 +32,8 @@ public async Task<TestCaseGenerateResponse<TestGroup, TestCase>> GenerateAsync(T
         {
             ParameterSet = group.ParameterSet,
             Disposition = group.TestCaseExpectationProvider.GetRandomReason().GetReason(),
-            EncapsulationKey = group.EncapsulationKey
+            EncapsulationKey = group.EncapsulationKey,
+            DecapsulationKey = group.DecapsulationKey
         };
 
         try
@@ -43,7 +44,7 @@ public async Task<TestCaseGenerateResponse<TestGroup, TestCase>> GenerateAsync(T
             {
                 Reason = param.Disposition, 
                 SharedKey = result.SharedKey,
-                Ciphertext = result.Ciphertext,
+                Ciphertext = result.Ciphertext
             };
 
             return new TestCaseGenerateResponse<TestGroup, TestCase>(testCase);

gen-val/src/generation/src/NIST.CVP.ACVTS.Libraries.Generation/ML-KEM/FIPS203/EncapDecap/TestCaseValidatorAft.cs

@@ -92,5 +92,14 @@ private async Task CheckResults(TestCase suppliedResult, List<string> errors, Di
         {
             errors.Add($"Validation failed: implicit rejection detected");
         }
+        else
+        {
+            if (!_expectedResult.SharedKey.Equals(suppliedResult.SharedKey))
+            {
+                errors.Add($"{nameof(suppliedResult.SharedKey)} does not match expected valid shared key");
+                expected.Add(nameof(_expectedResult.SharedKey), _expectedResult.SharedKey.ToHex());
+                provided.Add(nameof(suppliedResult.SharedKey), suppliedResult.SharedKey.ToHex());
+            }
+        }
     }
 }

gen-val/src/generation/src/NIST.CVP.ACVTS.Libraries.Generation/ML-KEM/FIPS203/EncapDecap/TestCaseValidatorVal.cs

@@ -2,6 +2,7 @@
 using System.Threading.Tasks;
 using NIST.CVP.ACVTS.Libraries.Generation.Core;
 using NIST.CVP.ACVTS.Libraries.Generation.Core.Async;
+using NIST.CVP.ACVTS.Libraries.Oracle.Abstractions.DispositionTypes;
 
 namespace NIST.CVP.ACVTS.Libraries.Generation.ML_KEM.FIPS203.EncapDecap;
 
@@ -56,14 +57,26 @@ private void ValidateResultPresent(TestCase suppliedResult, List<string> errors)
 
     private void CheckResults(TestCase suppliedResult, List<string> errors, Dictionary<string, string> expected, Dictionary<string, string> provided)
     {
-        if (!_expectedResult.SharedKey.Equals(suppliedResult.SharedKey))
+        // Need to check if the resulting key is valid or from implicit rejection based on what is expected
+        if (_expectedResult.Reason == MLKEMDecapsulationDisposition.None)
         {
-            errors.Add($"{nameof(suppliedResult.SharedKey)} does not match");
-            expected.Add(nameof(_expectedResult.SharedKey), _expectedResult.SharedKey.ToHex());
-            provided.Add(nameof(suppliedResult.SharedKey), suppliedResult.SharedKey.ToHex());
+            // Reason is good, just check matching shared key
+            if (!_expectedResult.SharedKey.Equals(suppliedResult.SharedKey))
+            {
+                errors.Add($"{nameof(suppliedResult.SharedKey)} does not match expected valid shared key");
+                expected.Add(nameof(_expectedResult.SharedKey), _expectedResult.SharedKey.ToHex());
+                provided.Add(nameof(suppliedResult.SharedKey), suppliedResult.SharedKey.ToHex());
+            }
+        }
+        else
+        {
+            // Reason is bad, need to compute expected implicit rejection key
+            if (!_expectedResult.SharedKey.Equals(suppliedResult.SharedKey))
+            {
+                errors.Add($"{nameof(suppliedResult.SharedKey)} does not match expected implicit rejection shared key");
+                expected.Add(nameof(_expectedResult.SharedKey), _expectedResult.SharedKey.ToHex());
+                provided.Add(nameof(suppliedResult.SharedKey), suppliedResult.SharedKey.ToHex());
+            }
         }
-
-        // TODO I don't think this is set up to capture the case when the SharedKey is from implicit rejection
-        // TODO The expectedResult.SharedKey will always be from an Encapsulation call, so it won't ever match when we expect an implicit rejection
     }
 }

gen-val/src/generation/test/NIST.CVP.ACVTS.Libraries.Generation.MLKEM.EncapDecap.IntegrationTests/GenValTests.cs

@@ -29,7 +29,8 @@ protected override void ModifyTestCaseToFail(dynamic testCase)
             bs = rand.GetDifferentBitStringOfSameSize(bs);
             testCase.k = bs.ToHex();
         }
-        else if (testCase.c != null)
+
+        if (testCase.c != null)
         {
             var bs = new BitString(testCase.c.ToString());
             bs = rand.GetDifferentBitStringOfSameSize(bs);

gen-val/src/oracle/src/NIST.CVP.ACVTS.Libraries.Crypto.Oracle/Oracle.Pqc.cs

@@ -78,7 +78,7 @@ public async Task<MLKEMEncapsulationResult> GetMLKEMEncapCaseAsync(MLKEMEncapsul
     public async Task<MLKEMEncapsulationResult> GetMLKEMEncapDeferredCaseAsync(MLKEMEncapsulationParameters param)
     {
         var observableGrain =
-            await GetObserverGrain<IOracleObserverMLKEMEncapDeferredCaseGrain, MLKEMEncapsulationResult>();
+            await GetObserverGrain<IOracleObserverMLKEMEncapCompleteDeferredCaseGrain, MLKEMEncapsulationResult>();
         await GrainInvokeRetryWrapper.WrapGrainCall(observableGrain.Grain.BeginWorkAsync, param, LoadSheddingRetries);
 
         return await observableGrain.ObserveUntilResult();

gen-val/src/orleans/src/NIST.CVP.ACVTS.Libraries.Orleans.Grains.Interfaces/Pqc/IOracleObserverMLKEMEncapDeferredCaseGrain.cs → gen-val/src/orleans/src/NIST.CVP.ACVTS.Libraries.Orleans.Grains.Interfaces/Pqc/IOracleObserverMLKEMEncapCompleteDeferredCaseGrain.cs

@@ -5,7 +5,7 @@
 
 namespace NIST.CVP.ACVTS.Libraries.Orleans.Grains.Interfaces.Pqc;
 
-public interface IOracleObserverMLKEMEncapDeferredCaseGrain : IGrainWithGuidKey, IGrainObservable<MLKEMEncapsulationResult>
+public interface IOracleObserverMLKEMEncapCompleteDeferredCaseGrain : IGrainWithGuidKey, IGrainObservable<MLKEMEncapsulationResult>
 {
     Task<bool> BeginWorkAsync(MLKEMEncapsulationParameters param);
 }

gen-val/src/orleans/src/NIST.CVP.ACVTS.Libraries.Orleans.Grains/Pqc/OracleObserverMLKEMDecapCaseGrain.cs

@@ -58,12 +58,27 @@ protected override async Task DoWorkAsync()
                 ciphertext.Bits.Set(0, !ciphertext.Bits.Get(0));
                 break;
         }
-
-        await Notify(new MLKEMEncapsulationResult
+
+        if (_param.Disposition == MLKEMDecapsulationDisposition.None)
+        {
+            await Notify(new MLKEMEncapsulationResult
+            {
+                Ciphertext = ciphertext,
+                SeedM = new BitString(seedM),
+                SharedKey = sharedKey
+            }); 
+        }
+        else
         {
-            Ciphertext = ciphertext,
-            SeedM = new BitString(seedM),
-            SharedKey = sharedKey,
-        });
+            // If the disposition leads to implicit rejection, we need to pre-compute the implicit rejection shared key
+            var implicitRejectionResult = kyber.Decapsulate(_param.DecapsulationKey.ToBytes(), ciphertext.ToBytes());
+
+            await Notify(new MLKEMEncapsulationResult
+            {
+                Ciphertext = ciphertext,
+                SeedM = new BitString(seedM),
+                SharedKey = new BitString(implicitRejectionResult.sharedKey)
+            });
+        }
     }
 }

gen-val/src/orleans/src/NIST.CVP.ACVTS.Libraries.Orleans.Grains/Pqc/OracleObserverMLKEMEncapDeferredCaseGrain.cs → gen-val/src/orleans/src/NIST.CVP.ACVTS.Libraries.Orleans.Grains/Pqc/OracleObserverMLKEMEncapCompleteDeferredCaseGrain.cs

@@ -10,13 +10,12 @@
 
 namespace NIST.CVP.ACVTS.Libraries.Orleans.Grains.Pqc;
 
-public class OracleObserverMLKEMEncapDeferredCaseGrain : ObservableOracleGrainBase<MLKEMEncapsulationResult>,
-    IOracleObserverMLKEMEncapCaseGrain
+public class OracleObserverMLKEMEncapCompleteDeferredCaseGrain : ObservableOracleGrainBase<MLKEMEncapsulationResult>, IOracleObserverMLKEMEncapCompleteDeferredCaseGrain
 {
     private MLKEMEncapsulationParameters _param;
     private IRandom800_90 _rand;
 
-    public OracleObserverMLKEMEncapDeferredCaseGrain(
+    public OracleObserverMLKEMEncapCompleteDeferredCaseGrain(
         LimitedConcurrencyLevelTaskScheduler nonOrleansScheduler,
         IRandom800_90 rand
     ) : base(nonOrleansScheduler)

gen-val/src/solutions/Kyber/Kyber.sln

@@ -41,6 +41,10 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "NIST.CVP.ACVTS.Libraries.Cr
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "NIST.CVP.ACVTS.Libraries.Crypto.Kyber.Tests", "..\..\crypto\test\NIST.CVP.ACVTS.Libraries.Crypto.Kyber.Tests\NIST.CVP.ACVTS.Libraries.Crypto.Kyber.Tests.csproj", "{7D040C1B-BFC1-4649-9C23-C672D5B4D853}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "NIST.CVP.ACVTS.Libraries.Generation.MLKEM.EncapDecap.IntegrationTests", "..\..\generation\test\NIST.CVP.ACVTS.Libraries.Generation.MLKEM.EncapDecap.IntegrationTests\NIST.CVP.ACVTS.Libraries.Generation.MLKEM.EncapDecap.IntegrationTests.csproj", "{E4E481CE-79E3-4B87-86AA-01AE2FF3C132}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "NIST.CVP.ACVTS.Libraries.Generation.MLKEM.KeyGen.IntegrationTests", "..\..\generation\test\NIST.CVP.ACVTS.Libraries.Generation.MLKEM.KeyGen.IntegrationTests\NIST.CVP.ACVTS.Libraries.Generation.MLKEM.KeyGen.IntegrationTests.csproj", "{E4A28FC8-5FB3-4EF4-AAF2-7D586A307A3C}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -119,6 +123,14 @@ Global
 		{7D040C1B-BFC1-4649-9C23-C672D5B4D853}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{7D040C1B-BFC1-4649-9C23-C672D5B4D853}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{7D040C1B-BFC1-4649-9C23-C672D5B4D853}.Release|Any CPU.Build.0 = Release|Any CPU
+		{E4E481CE-79E3-4B87-86AA-01AE2FF3C132}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{E4E481CE-79E3-4B87-86AA-01AE2FF3C132}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{E4E481CE-79E3-4B87-86AA-01AE2FF3C132}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{E4E481CE-79E3-4B87-86AA-01AE2FF3C132}.Release|Any CPU.Build.0 = Release|Any CPU
+		{E4A28FC8-5FB3-4EF4-AAF2-7D586A307A3C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{E4A28FC8-5FB3-4EF4-AAF2-7D586A307A3C}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{E4A28FC8-5FB3-4EF4-AAF2-7D586A307A3C}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{E4A28FC8-5FB3-4EF4-AAF2-7D586A307A3C}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(NestedProjects) = preSolution
 		{536D9EFA-55C6-44EC-A808-5F433DEABDA1} = {0938A743-E500-48D3-89D6-CE89B169E42D}
@@ -139,5 +151,7 @@ Global
 		{A0F826CC-2659-4FFB-A11A-63A4DE2485D5} = {01B9EB64-7666-410D-9290-AFFF2442E70B}
 		{06D2D683-4DE8-46BF-8D20-8E6960CA54CC} = {01B9EB64-7666-410D-9290-AFFF2442E70B}
 		{7D040C1B-BFC1-4649-9C23-C672D5B4D853} = {01B9EB64-7666-410D-9290-AFFF2442E70B}
+		{E4E481CE-79E3-4B87-86AA-01AE2FF3C132} = {01B9EB64-7666-410D-9290-AFFF2442E70B}
+		{E4A28FC8-5FB3-4EF4-AAF2-7D586A307A3C} = {01B9EB64-7666-410D-9290-AFFF2442E70B}
 	EndGlobalSection
 EndGlobal