Add ML-KEM decapsulation validation test vectors#202
Merged
Conversation
cpu
approved these changes
Dec 15, 2025
Member
cpu
left a comment
cpu
left a comment
There was a problem hiding this comment.
Thanks! Would love to get another +1 review on this, but generally makes sense to me and doesn't seem like a good candidate for folding into existing test files/schemas.
cpu
reviewed
Dec 16, 2025
Member
@sgmenda I chatted with Filippo about this OOB and he gave a verbal +1 to the PR but also suggested naming the test files to include "semi-expanded" (e.g. something like |
Member
|
Thanks! |
sgmenda
added a commit
to aws/aws-lc
that referenced
this pull request
Jan 20, 2026
### Description of changes: Integrates 9 Wycheproof ML-KEM test vector files: - 3 ML-KEM encapsulation test files (mlkem_512_encaps_test, mlkem_768_encaps_test, mlkem_1024_encaps_test) - 3 ML-KEM test files (mlkem_512_test, mlkem_768_test, mlkem_1024_test) - 3 ML-KEM decapsulation test files (mlkem_512_semi_expanded_decaps_test, mlkem_768_semi_expanded_decaps_test, mlkem_1024_semi_expanded_decaps_test) Each integration adds upstream JSON vectors and converted txt files to `third_party/vectors/`, and adds test code with duvet annotations for traceability. ### Call-outs: - **Generated new test vectors**: the ML-KEM decapsulation test vectors (`mlkem_[512/768/1024]thu_semi_expanded_decaps_test`) are new, and have been merged into upstream C2SP/wycheproof#202. Adds `util/vecgen` that we used to generate the test vectors. - **Missing encaps key import checks**: we successfully import ML-KEM encapsulation keys with modulus overflow. This is allowed by FIPS 203, but is not ideal, so the tests print a warning. We will resolve this in an upcoming PR. - **Missing decaps key import checks**: we successfully import ML-KEM decapsulation keys with an inconsistent hash of the embedded encaps key. This is also allowed by FIPS 203, so the tests print a warning, and we will resolve this in an upcoming PR. ### Testing: All new tests pass and duvet verification succeeds: ```bash cd build && ./crypto/crypto_test --gtest_filter="*Wycheproof*" cd third_party/vectors && python3 sync.py ``` By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license. --------- Signed-off-by: sanketh <sgmenda@amazon.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
For aws/aws-lc#2891, I made some simple vectors to validate full decaps keys. I needed a new schema because the existing
mlkem_test_schema.jsononly supports seed keys, and not full keys: https://github.com/C2SP/wycheproof/blob/main/schemas/mlkem_test_schema.json#L80-L84