Test against the HPKE PQ test vectors

bifurcation · bifurcation · commit 0264c11adfd6 · 2025-11-14T14:35:39.000-05:00
diff --git a/lib/hpke/scripts/go.mod b/lib/hpke/scripts/go.mod
@@ -1,6 +1,8 @@
 module main
 
-go 1.16
+go 1.23.0
+
+toolchain go1.24.10
 
 require (
 	github.com/cisco/go-tls-syntax v0.0.0-20200617162716-46b0cfb76b9b
diff --git a/lib/hpke/test/common.cpp b/lib/hpke/test/common.cpp
@@ -114,6 +114,40 @@ supported_kem(KEM::ID id)
   }
 }
 
+bool
+supported_kdf(KDF::ID id)
+{
+  switch (id) {
+    case KDF::ID::HKDF_SHA256:
+    case KDF::ID::HKDF_SHA384:
+    case KDF::ID::HKDF_SHA512:
+      return true;
+
+    default:
+      return false;
+  }
+}
+
+bool
+supported_aead(AEAD::ID id)
+{
+  switch (id) {
+    case AEAD::ID::AES_128_GCM:
+    case AEAD::ID::AES_256_GCM:
+    case AEAD::ID::CHACHA20_POLY1305:
+    case AEAD::ID::export_only:
+      return true;
+
+    default:
+      return false;
+  }
+}
+
+bool
+supported(KEM::ID kem, KDF::ID kdf, AEAD::ID aead) {
+  return supported_kem(kem) && supported_kdf(kdf) && supported_aead(aead);
+}
+
 const KEM&
 select_kem(KEM::ID id)
 {
diff --git a/lib/hpke/test/common.h b/lib/hpke/test/common.h
@@ -21,6 +21,15 @@ select_signature(Signature::ID id);
 bool
 supported_kem(KEM::ID id);
 
+bool
+supported_kdf(KDF::ID id);
+
+bool
+supported_aead(AEAD::ID id);
+
+bool
+supported(KEM::ID kem, KDF::ID kdf, AEAD::ID aead);
+
 const KEM&
 select_kem(KEM::ID id);
 
diff --git a/lib/hpke/test/hpke.cpp b/lib/hpke/test/hpke.cpp
@@ -45,7 +45,7 @@ test_context(ReceiverContext& ctxR, const HPKETestVector& tv)
 static void
 test_base_vector(const HPKETestVector& tv)
 {
-  if (!supported_kem(tv.kem_id)) {
+  if (!supported(tv.kem_id, tv.kdf_id, tv.aead_id)) {
     return;
   }
 
@@ -180,6 +180,34 @@ TEST_CASE("HPKE Test Vectors")
   }
 }
 
+TEST_CASE("HPKE PQ Test Vectors")
+{
+  ensure_fips_if_required();
+
+  auto test_vector_bytes = bytes(test_vector_data_pq);
+  auto test_vectors =
+    MLS_NAMESPACE::tls::get<HPKETestVectors>(test_vector_bytes);
+
+  for (const auto& tv : test_vectors.vectors) {
+    if (fips() && fips_disable(tv.aead_id)) {
+      continue;
+    }
+
+    switch (tv.mode) {
+      case HPKE::Mode::base:
+        test_base_vector(tv);
+        break;
+
+      case HPKE::Mode::psk:
+        test_psk_vector(tv);
+        break;
+
+      default:
+        REQUIRE(false);
+    }
+  }
+}
+
 TEST_CASE("HPKE Round-Trip")
 {
   ensure_fips_if_required();
diff --git a/lib/hpke/test/test_vectors.h b/lib/hpke/test/test_vectors.h
@@ -87,3 +87,4 @@ struct HPKETestVectors
 };
 
 extern const std::array<uint8_t, 2555172> test_vector_data;
+extern const std::array<uint8_t, 34137> test_vector_data_pq;
diff --git a/lib/hpke/test/test_vectors_pq.cpp b/lib/hpke/test/test_vectors_pq.cpp

Original file line number	Diff line number	Diff line change
`@@ -87,3 +87,4 @@ struct HPKETestVectors`
`87`	`87`	`};`
`88`	`88`
`89`	`89`	`extern const std::array<uint8_t, 2555172> test_vector_data;`
	`90`	`+extern const std::array<uint8_t, 34137> test_vector_data_pq;`