Add checksum KAT to Github Action

Signed-off-by: Duc Tri Nguyen <[email protected]>

.github/workflows/build.yml

@@ -6,6 +6,7 @@ on:
     branches: [ '*' ]
   pull_request:
     branches: [ "main" ]
+
 jobs:
   build_test:
     runs-on: ubuntu-latest
@@ -20,10 +21,17 @@ jobs:
           if [[ ${#err} != 0 ]]; then
             echo "$err" | while IFS= read -r file; do
               echo "::error file={"$file"},title={checking}::Formatted $file"
-            done
-            exit 1
+              done
+              exit 1
           fi
     - name: Build targets
       shell: nix develop .#ci -c bash -e {0}
       run: |
-          make
+          make
+    - name: Compare gen_KAT with known hash
+      shell: nix develop .#ci -c bash -e {0}
+      run: |
+        make kat; 
+        ./checksum.sh ./test/gen_KAT512  ec4ac397e595ac7457cb7d8830921faf3290898a10d7dd3864aab89ea61fe9a3
+        ./checksum.sh ./test/gen_KAT768  9a0826ad3c5232dfd3b21bc4801408655c565a491b760f509b2ee2cd7180babe
+        ./checksum.sh ./test/gen_KAT1024 6dafb867599b750a6a831b03e494cf41dea748c78a0e275e7b268bbb893cf37d

.gitignore

@@ -6,3 +6,6 @@
 test/test_kyber512
 test/test_kyber768
 test/test_kyber1024
+test/gen_KAT512
+test/gen_KAT768
+test/gen_KAT1024

Makefile

@@ -14,15 +14,20 @@ SOURCESKECCAK = $(SOURCES) fips202/keccakf1600.c fips202/fips202.c mlkem/symmetr
 HEADERS = mlkem/params.h mlkem/kem.h mlkem/indcpa.h mlkem/polyvec.h mlkem/poly.h mlkem/ntt.h mlkem/cbd.h mlkem/reduce.c mlkem/verify.h mlkem/symmetric.h
 HEADERSKECCAK = $(HEADERS) fips202/keccakf1600.h fips202/fips202.h
 
-.PHONY: all mlkem clean
+.PHONY: all mlkem kat clean
 
-all: mlkem
+all: mlkem kat
 
 mlkem: \
   test/test_kyber512 \
   test/test_kyber768 \
   test/test_kyber1024
 
+kat: \
+  test/gen_KAT512 \
+  test/gen_KAT768 \
+  test/gen_KAT1024
+
 test/test_kyber512: $(SOURCESKECCAK) $(HEADERSKECCAK) test/test_kyber.c randombytes/randombytes.c
 	$(CC) $(CFLAGS) -DKYBER_K=2 $(SOURCESKECCAK) randombytes/randombytes.c test/test_kyber.c -o $@
 
@@ -32,8 +37,21 @@ test/test_kyber768: $(SOURCESKECCAK) $(HEADERSKECCAK) test/test_kyber.c randomby
 test/test_kyber1024: $(SOURCESKECCAK) $(HEADERSKECCAK) test/test_kyber.c randombytes/randombytes.c
 	$(CC) $(CFLAGS) -DKYBER_K=4 $(SOURCESKECCAK) randombytes/randombytes.c test/test_kyber.c -o $@
 
+test/gen_KAT512: $(SOURCESKECCAK) $(HEADERSKECCAK) test/gen_KAT.c randombytes/randombytes.c
+	$(CC) $(CFLAGS) -DKYBER_K=2 $(SOURCESKECCAK) randombytes/randombytes.c test/gen_KAT.c -o $@
+
+test/gen_KAT768: $(SOURCESKECCAK) $(HEADERSKECCAK) test/gen_KAT.c randombytes/randombytes.c
+	$(CC) $(CFLAGS) -DKYBER_K=3 $(SOURCESKECCAK) randombytes/randombytes.c test/gen_KAT.c -o $@
+
+test/gen_KAT1024: $(SOURCESKECCAK) $(HEADERSKECCAK) test/gen_KAT.c randombytes/randombytes.c
+	$(CC) $(CFLAGS) -DKYBER_K=4 $(SOURCESKECCAK) randombytes/randombytes.c test/gen_KAT.c -o $@
+
+
 clean:
 	-$(RM) -rf *.gcno *.gcda *.lcov *.o *.so
 	-$(RM) -rf test/test_kyber512
 	-$(RM) -rf test/test_kyber768
 	-$(RM) -rf test/test_kyber1024
+	-$(RM) -rf test/gen_KAT512
+	-$(RM) -rf test/gen_KAT768
+	-$(RM) -rf test/gen_KAT1024

checksum.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# This script executes a binary file, captures its output, then generates and compares its SHA-256 hash with a provided one.
+output=$(./$1)
+
+output_hash=$(echo "$output" | sha256sum | awk '{ print $1 }')
+
+if [ "$output_hash" == "$2" ]; then
+    echo "$1 Hashes match."
+    exit 0
+else
+    echo "$1 Hashes do not match: $output_hash vs $2"
+    exit 1
+fi

test/gen_KAT.c

@@ -0,0 +1,64 @@
+#include <stddef.h>
+#include <stdio.h>
+#include <string.h>
+#include "fips202.h"
+#include "kem.h"
+#include "params.h"
+#include "randombytes.h"
+
+#define NTESTS 10000
+
+static void print_hex(const char *label, const uint8_t *data, size_t size) {
+    printf("%s = ", label);
+    for (size_t i = 0; i < size; i++) {
+        printf("%02x", data[i]);
+    }
+    printf("\n");
+}
+
+static void shake256_absorb(shake256incctx *state, const uint8_t *input, size_t inlen) {
+    shake256_inc_init(state);
+    shake256_inc_absorb(state, input, inlen);
+    shake256_inc_finalize(state);
+}
+
+int main(void) {
+    uint8_t coins[3 * KYBER_SYMBYTES];
+    uint8_t pk[CRYPTO_PUBLICKEYBYTES];
+    uint8_t sk[CRYPTO_SECRETKEYBYTES];
+    uint8_t ct[CRYPTO_CIPHERTEXTBYTES];
+    uint8_t ss1[CRYPTO_BYTES];
+    uint8_t ss2[CRYPTO_BYTES];
+
+    const uint8_t seed[64] = {32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
+                              48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63,
+                              64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79,
+                              80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95,
+                             };
+
+    shake256incctx state;
+    shake256_absorb(&state, seed, sizeof(seed));
+
+    for (unsigned int i = 0; i < NTESTS; i++) {
+
+        shake256_inc_squeeze(coins, sizeof(coins), &state);
+
+        crypto_kem_keypair_derand(pk, sk, coins);
+        print_hex("pk", pk, sizeof(pk));
+        print_hex("sk", sk, sizeof(sk));
+
+        crypto_kem_enc_derand(ct, ss1, pk, coins + 2 * KYBER_SYMBYTES);
+        print_hex("ct", ct, sizeof(ct));
+
+        crypto_kem_dec(ss2, ct, sk);
+
+        if (memcmp(ss1, ss2, sizeof(ss1))) {
+            fprintf(stderr, "ERROR\n");
+            return -1;
+        }
+
+        print_hex("ss", ss1, sizeof(ss1));
+    }
+
+    return 0;
+}