-
Notifications
You must be signed in to change notification settings - Fork 478
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ML-KEM doesn't perform encapsulation key check #1951
Comments
Thanks for the report, @ueno. We pull our ML-KEM implementation from the pq-crystals/kyber repo. It seems to me that it would be better to add the optional checks upstream and then integrate the updated code into liboqs. Would you agree with that assessment? As an aside, I don't believe we support the |
Also tagging @bhess as he is the one most familiar with the CRYSTALS algorithms. |
Thanks for the report, input validation still needs to be added upstream, see pq-crystals/kyber#87 (comment) |
Can you please help me understand whether this patch to liboqs will be able to identify bad keys
|
@nidhidamodaran on first look, yes, it does look like the thing that's missing |
This patch is not a good idea for a couple of reasons.
|
when would it be operating on a secret values though? either it's used for checking input for decapsulation: that's public |
The |
Right, for my use case i have defined a different API available only in ref implementation, |
Sorry, this trace isn't what I meant to send. Give me a second... EDIT: Here is the correct trace. I mixed up |
Describe the bug
When encapsulating, FIPS 203 7.1 suggests checking input key so any integers in the encoded public key are in the range [0, q - 1]. However, the current liboqs code seems to omit this check.
To Reproduce
Steps to reproduce the behavior:
gcc -o test-kem test-kem.c $(pkg-config liboqs --cflags --libs)
test-kem
test-kem: test-kem.c:48: main: Assertion 'rc != OQS_SUCCESS' failed.
Expected behavior
The program should exit normally.
Environment (please complete the following information):
-DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_AES_INSTRUCTIONS=OFF -DOQS_DIST_BUILD=ON -DOQS_ALGS_ENABLED=STD_IANA -DOQS_USE_SHA3_OPENSSL=ON -DOQS_DLOPEN_OPENSSL=ON -DCMAKE_BUILD_TYPE=Debug -LAH
Additional context
This was found when running a tlsfuzzer test script currently in development, against gnutls-serv (in MR).
The text was updated successfully, but these errors were encountered: