From 0247a327d40fdbe9df1285b8805ffe814a50ed79 Mon Sep 17 00:00:00 2001
From: livebe01 <livebe01@nist.gov>
Date: Tue, 20 Aug 2024 15:46:01 -0400
Subject: [PATCH 1/5] Updates SLH-DSA spec to indicate testing of internal
 interfaces

---
 src/slh-dsa/sections/04-testtypes.adoc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/slh-dsa/sections/04-testtypes.adoc b/src/slh-dsa/sections/04-testtypes.adoc
index 89aa5a91..f75456da 100644
--- a/src/slh-dsa/sections/04-testtypes.adoc
+++ b/src/slh-dsa/sections/04-testtypes.adoc
@@ -7,11 +7,11 @@
 
 The ACVP server performs a set of tests on the specified SLH-DSA algorithm in order to assess the correctness and robustness of the implementation. A typical ACVP validation session *SHALL* require multiple tests to be performed for every supported permutation of SLH-DSA capabilities. This section describes the design of the tests used to validate implementations of the SLH-DSA algorithms.
 
-* SLH-DSA / keyGen / * "AFT" - Algorithm Functional Test. The IUT is *REQUIRED* for each test case provided, to generate a key pair from provided seed and key values, i.e., SK.seed, SK.prf, and PK.seed. The key pair is communicated to the ACVP server and validated.
+* SLH-DSA / keyGen / * "AFT" - Algorithm Functional Test. The IUT is *REQUIRED* for each test case provided, to generate a key pair from provided seed and key values, i.e., SK.seed, SK.prf, and PK.seed. The key pair is communicated to the ACVP server and validated. This tests the implementation of Algorithm 18 slh_keygen_internal() from [FIPS 205 Section 9.1](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf#page=43).
 
-* SLH-DSA / sigGen / * "AFT" - Algorithm Functional Test. This testing mode *REQUIRES* the IUT to generate a valid signature for each test case given the ACVP-provided private key, message and a selected parameter set. The signature is then compared to the known result by the ACVP server.
+* SLH-DSA / sigGen / * "AFT" - Algorithm Functional Test. This testing mode *REQUIRES* the IUT to generate a valid signature for each test case given the ACVP-provided private key, message and a selected parameter set. The signature is then compared to the known result by the ACVP server. This tests the implementation of Algorithm 19 slh_sign_internal() from [FIPS 205 Section 9.2](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf#page=44).
 
-* SLH-DSA / sigVer / * "AFT" - Algorithm Functional Test. The ACVP server generates a series of signatures to communicate to the IUT. The IUT is *REQUIRED* to determine the validity of the signature given the parameter set, key, and message.
+* SLH-DSA / sigVer / * "AFT" - Algorithm Functional Test. The ACVP server generates a series of signatures to communicate to the IUT. The IUT is *REQUIRED* to determine the validity of the signature given the parameter set, key, and message. This tests the implementation of Algorithm 20 slh_verify_internal() from [FIPS 205 Section 9.3](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf#page=46).
 
 [[test_coverage]]
 === Test Coverage

From 612cf2bee80d4618008cc8b69c5dbc654385fcd5 Mon Sep 17 00:00:00 2001
From: livebe01 <livebe01@nist.gov>
Date: Tue, 20 Aug 2024 15:58:54 -0400
Subject: [PATCH 2/5] Updates ML-DSA spec to note that the FIPS 204 internal
 algorithms are tested

---
 src/ml-dsa/sections/04-testtypes.adoc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/ml-dsa/sections/04-testtypes.adoc b/src/ml-dsa/sections/04-testtypes.adoc
index b9de88a4..b9d8795c 100644
--- a/src/ml-dsa/sections/04-testtypes.adoc
+++ b/src/ml-dsa/sections/04-testtypes.adoc
@@ -7,11 +7,11 @@
 
 The ACVP server performs a set of tests on the specified ML-DSA algorithm in order to assess the correctness and robustness of the implementation. A typical ACVP validation session *SHALL* require multiple tests to be performed for every supported permutation of ML-DSA capabilities. This section describes the design of the tests used to validate implementations of the ML-DSA algorithms.
 
-* ML-DSA / keyGen / * "AFT" - Algorithm Functional Test. The IUT is *REQUIRED* for each test case provided, to generate a key pair from a provided seed. The key pair is communicated to the ACVP server and validated.
+* ML-DSA / keyGen / * "AFT" - Algorithm Functional Test. The IUT is *REQUIRED* for each test case provided, to generate a key pair from a provided seed. The key pair is communicated to the ACVP server and validated. This tests the implementation of Algorithm 6 ML-DSA.KeyGen_internal() from [FIPS 204 Section 6.1](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf#page=32).
 
-* ML-DSA / sigGen / * "AFT" - Algorithm Functional Test. This testing mode expects the IUT to generate valid signatures based on the ACVP provided message. The signature is then compared to the known result by the ACVP server given the IUT's communicated parameter set, public key, and signature.
+* ML-DSA / sigGen / * "AFT" - Algorithm Functional Test. This testing mode expects the IUT to generate valid signatures based on the ACVP provided message. The signature is then compared to the known result by the ACVP server given the IUT's communicated parameter set, public key, and signature. This tests the implementation of Algorithm 7 ML-DSA.Sign_internal() from [FIPS 204 Section 6.2](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf#page=33).
 
-* ML-DSA / sigVer / * "AFT" - Algorithm Functional Test. The ACVP server generates a series of signatures to communicate to the IUT. The IUT is *REQUIRED* to determine the validity of the signature given the parameter set, key, and message.
+* ML-DSA / sigVer / * "AFT" - Algorithm Functional Test. The ACVP server generates a series of signatures to communicate to the IUT. The IUT is *REQUIRED* to determine the validity of the signature given the parameter set, key, and message. This tests the implementation of Algorithm 8 ML-DSA.Verify_internal() from [FIPS 204 Section 6.3](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf#page=35).
 
 [[test_coverage]]
 === Test Coverage

From 2935f09c192554add588b99cbcd2115cef7446dc Mon Sep 17 00:00:00 2001
From: livebe01 <livebe01@nist.gov>
Date: Tue, 20 Aug 2024 16:16:51 -0400
Subject: [PATCH 3/5] Updates ML-KEM spec to note that the FIPS 203 internal
 algorithms are tested

---
 src/ml-kem/sections/04-testtypes.adoc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/ml-kem/sections/04-testtypes.adoc b/src/ml-kem/sections/04-testtypes.adoc
index f4f37173..a6366393 100644
--- a/src/ml-kem/sections/04-testtypes.adoc
+++ b/src/ml-kem/sections/04-testtypes.adoc
@@ -7,11 +7,11 @@
 
 The ACVP server performs a set of tests on the specified ML-KEM algorithm in order to assess the correctness and robustness of the implementation. A typical ACVP validation session *SHALL* require multiple tests to be performed for every supported permutation of ML-KEM capabilities. This section describes the design of the tests used to validate implementations of the ML-KEM algorithms.
 
-* ML-KEM / keyGen / * "AFT" - Algorithm Functional Test. The IUT is *REQUIRED* for each test case provided, to generate a key pair from a provided seed. The key pair is communicated to the ACVP server and validated.
+* ML-KEM / keyGen / * "AFT" - Algorithm Functional Test. The IUT is *REQUIRED* for each test case provided, to generate a key pair from a provided seed. The key pair is communicated to the ACVP server and validated. This tests the implementation of Algorithm 16 ML-KEM.KeyGen_internal() from <<FIPS203>> Section 6.1.
 
-* ML-KEM / encapDecap / * "AFT" - Algorithm Functional Test. The server will generate a random `m` and encapsulation key `ek`. The IUT *SHALL* generate the corresponding shared secret `k` and ciphertext `c`. 
+* ML-KEM / encapDecap / * "AFT" - Algorithm Functional Test. The server will generate a random `m` and encapsulation key `ek`. The IUT *SHALL* generate the corresponding shared secret `k` and ciphertext `c`. This tests the implementation of Algorithm 17 ML-KEM.Encaps_internal() from <<FIPS203>> Section 6.2.
 
-* ML-KEM /encapDecap / * "VAL" - Validation Test. The server will generate a decapsulation key `dk` and a potentially valid or invalid ciphertext `c`. The IUT *SHALL* generate the corresponding shared secret `k` whether the `k` is provided from the valid decapsulation route or from the implicit rejection present in <<FIPS203>> Algorithm 17.
+* ML-KEM /encapDecap / * "VAL" - Validation Test. The server will generate a decapsulation key `dk` and a potentially valid or invalid ciphertext `c`. The IUT *SHALL* generate the corresponding shared secret `k` whether the `k` is provided from the valid decapsulation route or from the implicit rejection present in <<FIPS203>> Algorithm 17. This tests the implementation of Algorithm 18 ML-KEM.Decaps_internal() from <<FIPS203>> Section 6.3.
 
 [[test_coverage]]
 === Test Coverage

From 09f67a4ebccdb01da8fe7896489b0bdb11dd43ba Mon Sep 17 00:00:00 2001
From: livebe01 <livebe01@nist.gov>
Date: Tue, 20 Aug 2024 16:20:48 -0400
Subject: [PATCH 4/5] updates newly added FIPS 204 references to be consistent
 with other publication references

---
 src/ml-dsa/sections/04-testtypes.adoc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/ml-dsa/sections/04-testtypes.adoc b/src/ml-dsa/sections/04-testtypes.adoc
index b9d8795c..4bda8ed9 100644
--- a/src/ml-dsa/sections/04-testtypes.adoc
+++ b/src/ml-dsa/sections/04-testtypes.adoc
@@ -7,11 +7,11 @@
 
 The ACVP server performs a set of tests on the specified ML-DSA algorithm in order to assess the correctness and robustness of the implementation. A typical ACVP validation session *SHALL* require multiple tests to be performed for every supported permutation of ML-DSA capabilities. This section describes the design of the tests used to validate implementations of the ML-DSA algorithms.
 
-* ML-DSA / keyGen / * "AFT" - Algorithm Functional Test. The IUT is *REQUIRED* for each test case provided, to generate a key pair from a provided seed. The key pair is communicated to the ACVP server and validated. This tests the implementation of Algorithm 6 ML-DSA.KeyGen_internal() from [FIPS 204 Section 6.1](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf#page=32).
+* ML-DSA / keyGen / * "AFT" - Algorithm Functional Test. The IUT is *REQUIRED* for each test case provided, to generate a key pair from a provided seed. The key pair is communicated to the ACVP server and validated. This tests the implementation of Algorithm 6 ML-DSA.KeyGen_internal() from <<FIPS204>> Section 6.1.
 
-* ML-DSA / sigGen / * "AFT" - Algorithm Functional Test. This testing mode expects the IUT to generate valid signatures based on the ACVP provided message. The signature is then compared to the known result by the ACVP server given the IUT's communicated parameter set, public key, and signature. This tests the implementation of Algorithm 7 ML-DSA.Sign_internal() from [FIPS 204 Section 6.2](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf#page=33).
+* ML-DSA / sigGen / * "AFT" - Algorithm Functional Test. This testing mode expects the IUT to generate valid signatures based on the ACVP provided message. The signature is then compared to the known result by the ACVP server given the IUT's communicated parameter set, public key, and signature. This tests the implementation of Algorithm 7 ML-DSA.Sign_internal() from <<FIPS204>> Section 6.2.
 
-* ML-DSA / sigVer / * "AFT" - Algorithm Functional Test. The ACVP server generates a series of signatures to communicate to the IUT. The IUT is *REQUIRED* to determine the validity of the signature given the parameter set, key, and message. This tests the implementation of Algorithm 8 ML-DSA.Verify_internal() from [FIPS 204 Section 6.3](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf#page=35).
+* ML-DSA / sigVer / * "AFT" - Algorithm Functional Test. The ACVP server generates a series of signatures to communicate to the IUT. The IUT is *REQUIRED* to determine the validity of the signature given the parameter set, key, and message. This tests the implementation of Algorithm 8 ML-DSA.Verify_internal() from <<FIPS204>> Section 6.3.
 
 [[test_coverage]]
 === Test Coverage

From 00ea001855d0987d90a52b2cc27476db8da9082e Mon Sep 17 00:00:00 2001
From: livebe01 <livebe01@nist.gov>
Date: Tue, 20 Aug 2024 16:23:05 -0400
Subject: [PATCH 5/5] updates newly added FIPS 205 references to be consistent
 with other publication references

---
 src/slh-dsa/sections/04-testtypes.adoc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/slh-dsa/sections/04-testtypes.adoc b/src/slh-dsa/sections/04-testtypes.adoc
index f75456da..80f46b08 100644
--- a/src/slh-dsa/sections/04-testtypes.adoc
+++ b/src/slh-dsa/sections/04-testtypes.adoc
@@ -7,11 +7,11 @@
 
 The ACVP server performs a set of tests on the specified SLH-DSA algorithm in order to assess the correctness and robustness of the implementation. A typical ACVP validation session *SHALL* require multiple tests to be performed for every supported permutation of SLH-DSA capabilities. This section describes the design of the tests used to validate implementations of the SLH-DSA algorithms.
 
-* SLH-DSA / keyGen / * "AFT" - Algorithm Functional Test. The IUT is *REQUIRED* for each test case provided, to generate a key pair from provided seed and key values, i.e., SK.seed, SK.prf, and PK.seed. The key pair is communicated to the ACVP server and validated. This tests the implementation of Algorithm 18 slh_keygen_internal() from [FIPS 205 Section 9.1](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf#page=43).
+* SLH-DSA / keyGen / * "AFT" - Algorithm Functional Test. The IUT is *REQUIRED* for each test case provided, to generate a key pair from provided seed and key values, i.e., SK.seed, SK.prf, and PK.seed. The key pair is communicated to the ACVP server and validated. This tests the implementation of Algorithm 18 slh_keygen_internal() from <<FIPS205>> Section 9.1.
 
-* SLH-DSA / sigGen / * "AFT" - Algorithm Functional Test. This testing mode *REQUIRES* the IUT to generate a valid signature for each test case given the ACVP-provided private key, message and a selected parameter set. The signature is then compared to the known result by the ACVP server. This tests the implementation of Algorithm 19 slh_sign_internal() from [FIPS 205 Section 9.2](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf#page=44).
+* SLH-DSA / sigGen / * "AFT" - Algorithm Functional Test. This testing mode *REQUIRES* the IUT to generate a valid signature for each test case given the ACVP-provided private key, message and a selected parameter set. The signature is then compared to the known result by the ACVP server. This tests the implementation of Algorithm 19 slh_sign_internal() from <<FIPS205>> Section 9.2.
 
-* SLH-DSA / sigVer / * "AFT" - Algorithm Functional Test. The ACVP server generates a series of signatures to communicate to the IUT. The IUT is *REQUIRED* to determine the validity of the signature given the parameter set, key, and message. This tests the implementation of Algorithm 20 slh_verify_internal() from [FIPS 205 Section 9.3](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf#page=46).
+* SLH-DSA / sigVer / * "AFT" - Algorithm Functional Test. The ACVP server generates a series of signatures to communicate to the IUT. The IUT is *REQUIRED* to determine the validity of the signature given the parameter set, key, and message. This tests the implementation of Algorithm 20 slh_verify_internal() from <<FIPS205>> Section 9.3.
 
 [[test_coverage]]
 === Test Coverage