xref: /freebsd/crypto/openssl/test/mldsa_wycheproof_parse.py (revision e7be843b4a162e68651d3911f0357ed464915629)

#!/usr/bin/env python
# Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html

# A python program written to parse (version 1) of the WYCHEPROOF test vectors for
# ML_DSA. The 6 files that can be processed by this utility can be downloaded
# from
#  https://github.com/C2SP/wycheproof/blob/8e7fa6f87e6993d7b613cf48b46512a32df8084a/testvectors_v1/mldsa_*_standard_*_test.json")
# and output from this utility to
# test/recipes/30-test_evp_data/evppkey_ml_dsa_44_wycheproof_sign.txt
# test/recipes/30-test_evp_data/evppkey_ml_dsa_65_wycheproof_sign.txt
# test/recipes/30-test_evp_data/evppkey_ml_dsa_87_wycheproof_sign.txt
# test/recipes/30-test_evp_data/evppkey_ml_dsa_44_wycheproof_verify.txt
# test/recipes/30-test_evp_data/evppkey_ml_dsa_65_wycheproof_verify.txt
# test/recipes/30-test_evp_data/evppkey_ml_dsa_87_wycheproof_verify.txt
#
# e.g. python3 ./test/mldsa_wycheproof_parse.py -alg ML-DSA-44 ./wycheproof/testvectors_v1/mldsa_44_standard_sign_test.json > test/recipes/30-test_evp_data/evppkey_ml_dsa_44_wycheproof_sign.txt

import json
import argparse
import datetime
from _ast import Or

def print_label(label, value):
    print(label + " = " + value)

def print_hexlabel(label, tag, value):
    print(label + " = hex" + tag + ":" + value)

def parse_ml_dsa_sig_gen(alg, groups):
    grpId = 1
    for grp in groups:
        keyOnly = False
        first = True
        name = alg.replace('-', '_')
        keyname = name + "_" + str(grpId)
        grpId += 1

        for tst in grp['tests']:
            if first:
                first = False
                if 'flags' in tst:
                    if 'IncorrectPrivateKeyLength' in tst['flags'] or 'InvalidPrivateKey' in tst['flags']:
                        keyOnly = True
                if not keyOnly:
                    print("")
                    print_label("PrivateKeyRaw", keyname + ":" + alg + ":" + grp['privateKey'])
            testname = name + "_" + str(tst['tcId'])
            print("\n# " + str(tst['tcId']) + " " + tst['comment'])

            print_label("FIPSversion", ">=3.5.0")
            if keyOnly:
                print_label("KeyFromData", alg)
                print_hexlabel("Ctrl", "priv", grp['privateKey'])
                print_label("Result", "KEY_FROMDATA_ERROR")
            else:
                print_label("Sign-Message", alg + ":" + keyname)
                print_label("Input", tst['msg'])
                print_label("Output", tst['sig'])
                if 'ctx' in tst:
                    print_hexlabel("Ctrl", "context-string", tst['ctx'])
                print_label("Ctrl", "message-encoding:1")
                print_label("Ctrl", "deterministic:1")
                if tst['result'] == "invalid":
                    print_label("Result", "PKEY_CTRL_ERROR")

def parse_ml_dsa_sig_ver(alg, groups):
    grpId = 1
    for grp in groups:
        keyOnly = False
        first = True
        name = alg.replace('-', '_')
        keyname = name + "_" + str(grpId)
        grpId += 1

        for tst in grp['tests']:
            if first:
                first = False
                if 'flags' in tst:
                    if 'IncorrectPublicKeyLength' in tst['flags'] or 'InvalidPublicKey' in tst['flags']:
                        keyOnly = True
                if not keyOnly:
                    print("")
                    print_label("PublicKeyRaw", keyname + ":" + alg + ":" + grp['publicKey'])
            testname = name + "_" + str(tst['tcId'])
            print("\n# " + str(tst['tcId']) + " " + tst['comment'])

            print_label("FIPSversion", ">=3.5.0")
            if keyOnly:
                print_label("KeyFromData", alg)
                print_hexlabel("Ctrl", "pub", grp['publicKey'])
                print_label("Result", "KEY_FROMDATA_ERROR")
            else:
                print_label("Verify-Message-Public", alg + ":" + keyname)
                print_label("Input", tst['msg'])
                print_label("Output", tst['sig'])
                if 'ctx' in tst:
                    print_hexlabel("Ctrl", "context-string", tst['ctx'])
                print_label("Ctrl", "message-encoding:1")
                print_label("Ctrl", "deterministic:1")
                if tst['result'] == "invalid":
                    if 'InvalidContext' in tst['flags']:
                        print_label("Result", "PKEY_CTRL_ERROR")
                    else:
                        print_label("Result", "VERIFY_ERROR")

parser = argparse.ArgumentParser(description="")
parser.add_argument('filename', type=str)
parser.add_argument('-alg', type=str)
args = parser.parse_args()

# Open and read the JSON file
with open(args.filename, 'r') as file:
    data = json.load(file)

year = datetime.date.today().year
version = data['generatorVersion']
algorithm = data['algorithm']
mode = data['testGroups'][0]['type']

print("# Copyright " + str(year) + " The OpenSSL Project Authors. All Rights Reserved.")
print("#")
print("# Licensed under the Apache License 2.0 (the \"License\").  You may not use")
print("# this file except in compliance with the License.  You can obtain a copy")
print("# in the file LICENSE in the source distribution or at")
print("# https://www.openssl.org/source/license.html\n")
print("# Wycheproof test data for " + algorithm + " " + mode + " generated from")
print("# https://github.com/C2SP/wycheproof/blob/8e7fa6f87e6993d7b613cf48b46512a32df8084a/testvectors_v1/mldsa_*_standard_*_test.json")

print("# [version " + str(version) + "]")

if algorithm == "ML-DSA":
    if mode == 'MlDsaSign':
        parse_ml_dsa_sig_gen(args.alg, data['testGroups'])
    elif mode == 'MlDsaVerify':
        parse_ml_dsa_sig_ver(args.alg, data['testGroups'])
    else:
        print("Unsupported mode " + mode)
else:
    print("Unsupported algorithm " + algorithm)