Skip to content

Integrate Wycheproof ML-KEM test vectors#2891

Merged
sgmenda merged 20 commits intoaws:mainfrom
sgmenda:mlkem-wycheproof
Jan 20, 2026
Merged

Integrate Wycheproof ML-KEM test vectors#2891
sgmenda merged 20 commits intoaws:mainfrom
sgmenda:mlkem-wycheproof

Conversation

@sgmenda
Copy link
Copy Markdown
Contributor

@sgmenda sgmenda commented Dec 8, 2025
edited
Loading

Description of changes:

Integrates 9 Wycheproof ML-KEM test vector files:

  • 3 ML-KEM encapsulation test files (mlkem_512_encaps_test, mlkem_768_encaps_test, mlkem_1024_encaps_test)
  • 3 ML-KEM test files (mlkem_512_test, mlkem_768_test, mlkem_1024_test)
  • 3 ML-KEM decapsulation test files (mlkem_512_semi_expanded_decaps_test, mlkem_768_semi_expanded_decaps_test, mlkem_1024_semi_expanded_decaps_test)

Each integration adds upstream JSON vectors and converted txt files to third_party/vectors/, and adds test code with duvet annotations for traceability.

Call-outs:

  • Generated new test vectors: the ML-KEM decapsulation test vectors (mlkem_[512/768/1024]thu_semi_expanded_decaps_test) are new, and have been merged into upstream Add ML-KEM decapsulation validation test vectors C2SP/wycheproof#202. Adds util/vecgen that we used to generate the test vectors.
  • Missing encaps key import checks: we successfully import ML-KEM encapsulation keys with modulus overflow. This is allowed by FIPS 203, but is not ideal, so the tests print a warning. We will resolve this in an upcoming PR.
  • Missing decaps key import checks: we successfully import ML-KEM decapsulation keys with an inconsistent hash of the embedded encaps key. This is also allowed by FIPS 203, so the tests print a warning, and we will resolve this in an upcoming PR.

Testing:

All new tests pass and duvet verification succeeds:

cd build && ./crypto/crypto_test --gtest_filter="*Wycheproof*"
cd third_party/vectors && python3 sync.py

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@sgmenda
Integrate Wycheproof ML-KEM test vectors
5af61e2 
### Issues:

Integrating Wycheproof ML-KEM test vectors.

### Description of changes:

Integrates all 6 Wycheproof ML-KEM test vector files:
- 3 ML-KEM encapsulation test files (mlkem_512_encaps_test, mlkem_768_encaps_test, mlkem_1024_encaps_test)
- 3 ML-KEM decapsulation test files (mlkem_512_test, mlkem_768_test, mlkem_1024_test)

Each integration adds upstream JSON vectors and converted txt files to `third_party/vectors/`, and adds test code with duvet annotations for traceability.

### Call-outs:

- We successfully import ML-KEM encapsulation keys with modulus overflow. This is allowed by FIPS 203, but is not ideal, so the tests print a warning.
- Decapsulation tests have only one test case per parameter set. We will add more vectors in follow-up PR.

### Testing:

All new tests pass and duvet verification succeeds:
```bash
cd build && ./crypto/crypto_test --gtest_filter="*Wycheproof*"
cd third_party/vectors && python3 sync.py
```

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
@sgmenda sgmenda requested a review from dkostic December 8, 2025 22:43
@sgmenda sgmenda requested a review from a team as a code owner December 8, 2025 22:43
@sgmenda sgmenda self-assigned this Dec 8, 2025
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Dec 8, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 87.80488% with 10 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.07%. Comparing base (cb37cb0) to head (80f7e82).
⚠️ Report is 124 commits behind head on main.

Files with missing lines Patch % Lines
crypto/test/wycheproof_util.cc 22.22% 7 Missing ⚠️
crypto/evp_extra/p_kem_test.cc 95.89% 3 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2891   +/-   ##
=======================================
  Coverage   78.07%   78.07%           
=======================================
  Files         682      682           
  Lines      118273   118355   +82     
  Branches    16607    16611    +4     
=======================================
+ Hits        92336    92410   +74     
- Misses      25050    25055    +5     
- Partials      887      890    +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@sgmenda
Copy link
Copy Markdown
Contributor Author

sgmenda commented Dec 9, 2025

I added some noseed decaps test vectors to see how we handle invalid decaps keys, and similarly to encaps, we successfully import invalid decaps keys, but do not successfully decaps with them. This also seems not-ideal.

justsmth
justsmth previously approved these changes Dec 9, 2025
View reviewed changes
@sgmenda sgmenda mentioned this pull request Dec 11, 2025
Merged
@sgmenda sgmenda marked this pull request as draft January 6, 2026 17:55
@sgmenda sgmenda marked this pull request as ready for review January 6, 2026 22:50
dkostic
dkostic previously approved these changes Jan 14, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@dkostic dkostic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work, thanks for doing this!

justsmth
justsmth previously approved these changes Jan 20, 2026
View reviewed changes
@sgmenda sgmenda dismissed stale reviews from justsmth and dkostic via 80f7e82 January 20, 2026 18:36
@sgmenda sgmenda merged commit d4cc872 into aws:main Jan 20, 2026
419 of 428 checks passed
@sgmenda sgmenda deleted the mlkem-wycheproof branch January 20, 2026 22:34
@justsmth justsmth mentioned this pull request Jan 21, 2026
Merged
justsmth added a commit that referenced this pull request Jan 22, 2026
@justsmth
Prepare v1.67.0 (#2952)
bee13c3 
### Description of changes: 
Prepare AWS-LC v1.67.0

#### What's Changed
* Migrate Wycheproof test vectors for ECDSA, RSA PKCS#1, and some more
by @sgmenda in #2887
* increase timeout for SDE tests by @sgmenda in
#2936
* Rename volatile state/memory to unique state/memory by @torben-hansen
in #2935
* Fix failing Windows Docker image build by @nhatnghiho in
#2931
* Service Indicator: Add error call trampoline to avoid delocator issue
by @jakemas in #2920
* Add support for Big Endian in ACVP tool by @samuel40791765 in
#2938
* AES-GCM: Add function pointer trampolines to avoid delocator issue by
@jakemas in #2919
* Use already defined macro for no inline by @torben-hansen in
#2942
* Remove Kyber completely by @torben-hansen in
#2941
* Windows 7 support by @justsmth in
#2940
* Import mldsa-native by @jakemas in
#2902
* Use existing session context if new is actually NULL by @torben-hansen
in #2946
* Integrate Wycheproof ML-KEM test vectors by @sgmenda in
#2891
* Avoid cross-compilation build failure by @justsmth in
#2944


By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dkostic dkostic dkostic approved these changes

@justsmth justsmth justsmth approved these changes

Assignees

@sgmenda sgmenda

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sgmenda @codecov-commenter @dkostic @justsmth