add acvp test framework for ml-dsa

aws · Dec 18, 2024 · 0c77c94 · 0c77c94
1 parent 51ae4b1
commit 0c77c94
Show file tree

Hide file tree

Showing 7 changed files with 384 additions and 10 deletions.
diff --git a/crypto/dilithium/ml_dsa.c b/crypto/dilithium/ml_dsa.c
@@ -58,7 +58,7 @@ int ml_dsa_44_sign_internal(const uint8_t *private_key  /* IN */,
                             size_t message_len          /* IN */,
                             const uint8_t *pre          /* IN */,
                             size_t pre_len              /* IN */,
-                            uint8_t *rnd                /* IN */) {
+                            const uint8_t *rnd                /* IN */) {
   ml_dsa_params params;
   ml_dsa_44_params_init(&params);
   return crypto_sign_signature_internal(&params, sig, sig_len, message, message_len,
@@ -126,7 +126,7 @@ int ml_dsa_65_sign_internal(const uint8_t *private_key  /* IN */,
                             size_t message_len          /* IN */,
                             const uint8_t *pre          /* IN */,
                             size_t pre_len              /* IN */,
-                            uint8_t *rnd                /* IN */) {
+                            const uint8_t *rnd                /* IN */) {
   ml_dsa_params params;
   ml_dsa_65_params_init(&params);
   return crypto_sign_signature_internal(&params, sig, sig_len, message, message_len,
@@ -194,7 +194,7 @@ int ml_dsa_87_sign_internal(const uint8_t *private_key  /* IN */,
                             size_t message_len          /* IN */,
                             const uint8_t *pre          /* IN */,
                             size_t pre_len              /* IN */,
-                            uint8_t *rnd                /* IN */) {
+                            const uint8_t *rnd                /* IN */) {
   ml_dsa_params params;
   ml_dsa_87_params_init(&params);
   return crypto_sign_signature_internal(&params, sig, sig_len, message, message_len,

diff --git a/crypto/dilithium/ml_dsa.h b/crypto/dilithium/ml_dsa.h
@@ -46,7 +46,7 @@ OPENSSL_EXPORT int ml_dsa_44_sign_internal(const uint8_t *private_key,
                                            uint8_t *sig, size_t *sig_len,
                                            const uint8_t *message, size_t message_len,
                                            const uint8_t *pre, size_t pre_len,
-                                           uint8_t *rnd);
+                                           const uint8_t *rnd);
 
 OPENSSL_EXPORT int ml_dsa_44_verify(const uint8_t *public_key,
                                     const uint8_t *sig, size_t sig_len,
@@ -74,7 +74,7 @@ OPENSSL_EXPORT int ml_dsa_65_sign_internal(const uint8_t *private_key,
                                           uint8_t *sig, size_t *sig_len,
                                           const uint8_t *message, size_t message_len,
                                           const uint8_t *pre, size_t pre_len,
-                                          uint8_t *rnd);
+                                          const uint8_t *rnd);
 
 OPENSSL_EXPORT int ml_dsa_65_verify(const uint8_t *public_key,
                                     const uint8_t *sig, size_t sig_len,
@@ -102,7 +102,7 @@ OPENSSL_EXPORT int ml_dsa_87_sign_internal(const uint8_t *private_key,
                                            uint8_t *sig, size_t *sig_len,
                                            const uint8_t *message, size_t message_len,
                                            const uint8_t *pre, size_t pre_len,
-                                           uint8_t *rnd);
+                                           const uint8_t *rnd);
 
 OPENSSL_EXPORT int ml_dsa_87_verify(const uint8_t *public_key,
                                     const uint8_t *sig, size_t sig_len,

diff --git a/crypto/dilithium/pqcrystals_dilithium_ref_common/params.h b/crypto/dilithium/pqcrystals_dilithium_ref_common/params.h
@@ -1,6 +1,10 @@
 #ifndef PARAMS_H
 #define PARAMS_H
 
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
 // The only defined parameters are those that don't depend
 // on the parameter set. All other parameters are specified
 // in ml_dsa_params structure that is unique for each parameter
@@ -45,8 +49,11 @@ typedef struct {
 #define DILITHIUM_POLY_UNIFORM_ETA_NBLOCKS_MAX ((227 + SHAKE256_RATE - 1)/SHAKE256_RATE)
 #define DILITHIUM_POLYZ_PACKEDBYTES_MAX (576)
 
-void ml_dsa_44_params_init(ml_dsa_params *params);
-void ml_dsa_65_params_init(ml_dsa_params *params);
-void ml_dsa_87_params_init(ml_dsa_params *params);
+OPENSSL_EXPORT void ml_dsa_44_params_init(ml_dsa_params *params);
+OPENSSL_EXPORT void ml_dsa_65_params_init(ml_dsa_params *params);
+OPENSSL_EXPORT void ml_dsa_87_params_init(ml_dsa_params *params);
 
+#if defined(__cplusplus)
+}
+#endif
 #endif
diff --git a/util/fipstools/acvp/acvptool/subprocess/ml_dsa.go b/util/fipstools/acvp/acvptool/subprocess/ml_dsa.go
@@ -0,0 +1,220 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0 OR ISC
+
+package subprocess
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+)
+
+type mlDsa struct{}
+
+func (*mlDsa) Process(vectorSet []byte, m Transactable) (interface{}, error) {
+	var vs struct {
+		Mode       string          `json:"mode"`
+		TestGroups json.RawMessage `json:"testGroups"`
+	}
+
+	if err := json.Unmarshal(vectorSet, &vs); err != nil {
+		return nil, err
+	}
+
+	switch {
+	case strings.EqualFold(vs.Mode, "keyGen"):
+		return processMlDsaKeyGen(vs.TestGroups, m)
+	case strings.EqualFold(vs.Mode, "sigGen"):
+		return processMlDsaSigGen(vs.TestGroups, m)
+	case strings.EqualFold(vs.Mode, "sigVer"):
+        return processMlDsaSigVer(vs.TestGroups, m)
+	}
+
+	return nil, fmt.Errorf("unknown ML-DSA mode: %v", vs.Mode)
+}
+
+type mlDsaKeyGenTestGroup struct {
+	ID           uint64 `json:"tgId"`
+	Type         string `json:"testType"`
+	ParameterSet string `json:"parameterSet"`
+	Tests        []struct {
+		ID    uint64               `json:"tcId"`
+		SEED  hexEncodedByteString `json:"seed"`
+	}
+}
+
+type mlDsaKeyGenTestGroupResponse struct {
+	ID    uint64                        `json:"tgId"`
+	Tests []mlDsaKeyGenTestCaseResponse `json:"tests"`
+}
+
+type mlDsaKeyGenTestCaseResponse struct {
+	ID uint64               `json:"tcId"`
+	PK hexEncodedByteString `json:"pk"`
+	SK hexEncodedByteString `json:"sk`
+}
+
+func processMlDsaKeyGen(vectors json.RawMessage, m Transactable) (interface{}, error) {
+	var groups []mlDsaKeyGenTestGroup
+
+	if err := json.Unmarshal(vectors, &groups); err != nil {
+		return nil, err
+	}
+
+	var responses []mlDsaKeyGenTestGroupResponse
+
+	for _, group := range groups {
+		if !strings.EqualFold(group.Type, "AFT") {
+			return nil, fmt.Errorf("unsupported keyGen test type: %v", group.Type)
+		}
+
+		response := mlDsaKeyGenTestGroupResponse{
+			ID: group.ID,
+		}
+
+		for _, test := range group.Tests {
+			results, err := m.Transact("ML-DSA/"+group.ParameterSet+"/keyGen", 1, test.SEED)
+			if err != nil {
+				return nil, err
+			}
+
+			pk := results[0]
+			sk := results[1]
+
+			response.Tests = append(response.Tests, mlDsaKeyGenTestCaseResponse{
+				ID: test.ID,
+				PK: pk,
+				SK: sk,
+			})
+		}
+
+		responses = append(responses, response)
+	}
+
+	return responses, nil
+}
+
+type mlDsaSigGenTestGroup struct {
+	ID            uint64               `json:"tgId"`
+	Type          string               `json:"testType"`
+	ParameterSet  string               `json:"parameterSet"`
+	Deterministic bool                 `json:"deterministic"`
+	Tests         []struct {
+		ID      uint64               `json:"tcId"`
+		MESSAGE hexEncodedByteString `json:"message"`
+		SK      hexEncodedByteString `json:"sk"`
+		RND     hexEncodedByteString `json:"rnd"`
+	}
+}
+
+
+type mlDsaSigGenTestGroupResponse struct {
+	ID    uint64                          `json:"tgId"`
+	Tests []mlDsaSigGenTestCaseResponse   `json:"tests"`
+}
+
+type mlDsaSigGenTestCaseResponse struct {
+	ID         uint64               `json:"tcId"`
+	SIGNATURE  hexEncodedByteString `json:"signature"`
+}
+
+func processMlDsaSigGen(vectors json.RawMessage, m Transactable) (interface{}, error) {
+	var groups []mlDsaSigGenTestGroup
+
+	if err := json.Unmarshal(vectors, &groups); err != nil {
+		return nil, err
+	}
+
+	var responses []mlDsaSigGenTestGroupResponse
+
+	for _, group := range groups {
+		if !strings.EqualFold(group.Type, "AFT") {
+			return nil, fmt.Errorf("unsupported sigGen test type: %v", group.Type)
+		}
+
+    	response := mlDsaSigGenTestGroupResponse{
+    			ID: group.ID,
+    	}
+
+        for _, test := range group.Tests {
+        	results, err := m.Transact("ML-DSA/"+group.ParameterSet+"/sigGen", 3, test.SK, test.MESSAGE, test.RND)
+        	if err != nil {
+        		return nil, err
+        	}
+
+            signature := results[0]
+
+			response.Tests = append(response.Tests, mlDsaSigGenTestCaseResponse{
+				ID: test.ID,
+				SIGNATURE: signature,
+			})
+		}
+
+		responses = append(responses, response)
+	}
+	return responses, nil
+}
+
+type mlDsaSigVerTestGroup struct {
+	ID            uint64               `json:"tgId"`
+	Type          string               `json:"testType"`
+	ParameterSet  string               `json:"parameterSet"`
+	PK            hexEncodedByteString `json:"pk"`
+	Tests         []struct {
+		ID        uint64               `json:"tcId"`
+		MESSAGE   hexEncodedByteString `json:"message"`
+		SIGNATURE hexEncodedByteString `json:"signature"`
+	}
+}
+
+type mlDsaSigVerTestGroupResponse struct {
+	ID    uint64                          `json:"tgId"`
+	Tests []mlDsaSigVerTestCaseResponse   `json:"tests"`
+}
+
+type mlDsaSigVerTestCaseResponse struct {
+	ID         uint64      `json:"tcId"`
+	TESTPASSED *bool       `json:"testPassed"`
+}
+
+
+func processMlDsaSigVer(vectors json.RawMessage, m Transactable) (interface{}, error) {
+	var groups []mlDsaSigVerTestGroup
+
+	if err := json.Unmarshal(vectors, &groups); err != nil {
+		return nil, err
+	}
+
+	var responses []mlDsaSigVerTestGroupResponse
+
+	for _, group := range groups {
+		if !strings.EqualFold(group.Type, "AFT") {
+			return nil, fmt.Errorf("unsupported sigVer test type: %v", group.Type)
+		}
+
+    	response := mlDsaSigVerTestGroupResponse{
+    			ID: group.ID,
+    	}
+
+        for _, test := range group.Tests {
+        	results, err := m.Transact("ML-DSA/"+group.ParameterSet+"/sigVer", 3, test.SIGNATURE, group.PK, test.MESSAGE)
+        	if err != nil {
+        		return nil, err
+        	}
+
+            var passed *bool
+            if len(results[0]) == 1 {
+                val := results[0][0] == 1
+                passed = &val
+            }
+
+			response.Tests = append(response.Tests, mlDsaSigVerTestCaseResponse{
+				ID: test.ID,
+				TESTPASSED: passed,
+			})
+		}
+
+		responses = append(responses, response)
+	}
+	return responses, nil
+}
diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go
@@ -155,6 +155,7 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess
 		"PBKDF":          &pbkdf{},
 		"ML-KEM":         &mlKem{},
 		"EDDSA":          &eddsa{},
+		"ML-DSA":         &mlDsa{},
 	}
 	m.primitives["ECDSA"] = &ecdsa{"ECDSA", map[string]bool{"P-224": true, "P-256": true, "P-384": true, "P-521": true}, m.primitives}
 

diff --git a/util/fipstools/acvp/acvptool/test/tests.json b/util/fipstools/acvp/acvptool/test/tests.json
@@ -37,5 +37,6 @@
 {"Wrapper": "modulewrapper", "In": "vectors/ML-KEM.bz2", "Out": "expected/ML-KEM.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/EDDSA.bz2", "Out": "expected/EDDSA.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/EDDSA-KeyGen.bz2"},
-{"Wrapper": "modulewrapper", "In": "vectors/EDDSA-SigGen.bz2"}
+{"Wrapper": "modulewrapper", "In": "vectors/EDDSA-SigGen.bz2"},
+{"Wrapper": "modulewrapper", "In": "vectors/ML-DSA.bz2", "Out": "expected/ML-DSA.bz2"}
 ]