@@ -138,4 +138,182 @@ mod tests {
138138 KYBER_SHARED_SECRET_BYTES
139139 ) ;
140140 }
141+
142+ // Test the Kex::new() method with an invalid public key size
143+ #[ wasm_bindgen_test]
144+ fn test_kex_new_invalid_pubkey_size ( ) {
145+ // Generate an invalid public key with incorrect size
146+ let invalid_pk =
147+ vec ! [ 0u8 ; KYBER_PUBLIC_KEY_BYTES - 1 ] . into_boxed_slice ( ) ;
148+
149+ // Call Kex::new() with the invalid public key and expect a panic
150+ std:: panic:: catch_unwind ( || {
151+ Kex :: new ( invalid_pk) ;
152+ } )
153+ . unwrap_err ( ) ;
154+ }
155+
156+ // Test the decapsulate() function with mismatched ciphertext and secret key
157+ #[ wasm_bindgen_test]
158+ fn test_decapsulate_mismatched_inputs ( ) {
159+ // Generate a key pair
160+ let keys = match Keys :: new ( ) {
161+ Ok ( keys) => keys,
162+ Err ( _) => return ,
163+ } ;
164+
165+ // Encapsulate with the public key to get a valid ciphertext
166+ let kex = Kex :: new ( keys. pubkey ( ) ) ;
167+
168+ // Generate a different key pair
169+ let different_keys = match Keys :: new ( ) {
170+ Ok ( keys) => keys,
171+ Err ( _) => return ,
172+ } ;
173+
174+ // Call decapsulate() with mismatched ciphertext and secret key
175+ let result =
176+ decapsulate ( & kex. ciphertext ( ) , & different_keys. secret ( ) ) ;
177+ assert ! ( result. is_err( ) ) ;
178+ }
179+
180+ // Test the decapsulate() function with a valid ciphertext and secret key
181+ #[ wasm_bindgen_test]
182+ fn test_decapsulate_valid_inputs ( ) {
183+ // Generate a key pair
184+ let keys = match Keys :: new ( ) {
185+ Ok ( keys) => keys,
186+ Err ( _) => return ,
187+ } ;
188+
189+ // Encapsulate with the public key to get a valid ciphertext
190+ let kex = Kex :: new ( keys. pubkey ( ) ) ;
191+
192+ // Call decapsulate() with the valid ciphertext and secret key
193+ let result = decapsulate ( & kex. ciphertext ( ) , & keys. secret ( ) ) ;
194+ assert ! ( result. is_ok( ) ) ;
195+ }
196+
197+ // Test the decapsulate() function with an invalid ciphertext size
198+ #[ wasm_bindgen_test]
199+ fn test_decapsulate_invalid_ciphertext_size ( ) {
200+ // Generate a key pair
201+ let keys = match Keys :: new ( ) {
202+ Ok ( keys) => keys,
203+ Err ( _) => return ,
204+ } ;
205+
206+ // Create an invalid ciphertext with incorrect size
207+ let invalid_ct =
208+ vec ! [ 0u8 ; KYBER_CIPHERTEXT_BYTES - 1 ] . into_boxed_slice ( ) ;
209+
210+ // Call decapsulate() with the invalid ciphertext and valid secret key
211+ let result = decapsulate ( & invalid_ct, & keys. secret ( ) ) ;
212+ assert ! ( result. is_err( ) ) ;
213+ }
214+
215+ // Test the decapsulate() function with an invalid secret key size
216+ #[ wasm_bindgen_test]
217+ fn test_decapsulate_invalid_secret_key_size ( ) {
218+ // Generate a key pair
219+ let keys = match Keys :: new ( ) {
220+ Ok ( keys) => keys,
221+ Err ( _) => return ,
222+ } ;
223+
224+ // Encapsulate with the public key to get a valid ciphertext
225+ let kex = Kex :: new ( keys. pubkey ( ) ) ;
226+
227+ // Create an invalid secret key with incorrect size
228+ let invalid_sk =
229+ vec ! [ 0u8 ; KYBER_SECRET_KEY_BYTES - 1 ] . into_boxed_slice ( ) ;
230+
231+ // Call decapsulate() with the valid ciphertext and invalid secret key
232+ let result = decapsulate ( & kex. ciphertext ( ) , & invalid_sk) ;
233+ assert ! ( result. is_err( ) ) ;
234+ }
235+
236+ // Test the Keys struct's pubkey() and secret() methods
237+ #[ wasm_bindgen_test]
238+ fn test_keys_methods ( ) {
239+ // Generate a key pair
240+ let keys = match Keys :: new ( ) {
241+ Ok ( keys) => keys,
242+ Err ( _) => return ,
243+ } ;
244+
245+ // Check if pubkey() returns the expected public key
246+ assert_eq ! ( keys. pubkey( ) . len( ) , KYBER_PUBLIC_KEY_BYTES ) ;
247+
248+ // Check if secret() returns the expected secret key
249+ assert_eq ! ( keys. secret( ) . len( ) , KYBER_SECRET_KEY_BYTES ) ;
250+ }
251+
252+ // Test the Kex struct's ciphertext(), sharedSecret(), set_ciphertext(), and set_sharedSecret() methods
253+ #[ wasm_bindgen_test]
254+ fn test_kex_methods ( ) {
255+ // Generate a key pair
256+ let keys = match Keys :: new ( ) {
257+ Ok ( keys) => keys,
258+ Err ( _) => return ,
259+ } ;
260+
261+ // Create a Kex instance
262+ let mut kex = Kex :: new ( keys. pubkey ( ) ) ;
263+
264+ // Check if ciphertext() returns the expected ciphertext
265+ assert_eq ! ( kex. ciphertext( ) . len( ) , KYBER_CIPHERTEXT_BYTES ) ;
266+
267+ // Check if sharedSecret() returns the expected shared secret
268+ assert_eq ! ( kex. sharedSecret( ) . len( ) , KYBER_SHARED_SECRET_BYTES ) ;
269+
270+ // Create new ciphertext and shared secret
271+ let new_ct =
272+ vec ! [ 1u8 ; KYBER_CIPHERTEXT_BYTES ] . into_boxed_slice ( ) ;
273+ let new_ss =
274+ vec ! [ 2u8 ; KYBER_SHARED_SECRET_BYTES ] . into_boxed_slice ( ) ;
275+
276+ // Set the new ciphertext and shared secret
277+ kex. set_ciphertext ( new_ct. clone ( ) ) ;
278+ kex. set_sharedSecret ( new_ss. clone ( ) ) ;
279+
280+ // Check if the ciphertext and shared secret are updated correctly
281+ assert_eq ! ( kex. ciphertext( ) , new_ct) ;
282+ assert_eq ! ( kex. sharedSecret( ) , new_ss) ;
283+ }
284+
285+ // Test the encapsulate() function with a valid public key and an invalid RNG
286+ #[ wasm_bindgen_test]
287+ fn test_encapsulate_invalid_rng ( ) {
288+ // Generate a valid key pair
289+ let keys = match Keys :: new ( ) {
290+ Ok ( keys) => keys,
291+ Err ( _) => return ,
292+ } ;
293+
294+ // Create a mock RNG that always returns an error
295+ #[ allow( dead_code) ]
296+ struct MockRng ;
297+ impl rand_core:: RngCore for MockRng {
298+ fn next_u32 ( & mut self ) -> u32 {
299+ 0
300+ }
301+ fn next_u64 ( & mut self ) -> u64 {
302+ 0
303+ }
304+ fn fill_bytes ( & mut self , _dest : & mut [ u8 ] ) { }
305+
306+ fn try_fill_bytes (
307+ & mut self ,
308+ _dest : & mut [ u8 ] ,
309+ ) -> Result < ( ) , rand_core:: Error > {
310+ Err ( rand_core:: Error :: new ( "MockRng error" ) )
311+ }
312+ }
313+ impl rand_core:: CryptoRng for MockRng { }
314+
315+ // Call encapsulate() with the valid public key and the mock RNG
316+ let result = encapsulate ( & keys. pubkey ( ) , & mut MockRng ) ;
317+ assert ! ( result. is_err( ) ) ;
318+ }
141319}
0 commit comments