crypto/internal/fips140test: add ML-DSA to FIPS 140-3 functional tests

Change-Id: I568d28d27d2bc55bbadcc678a2fcf9d36a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/731540
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

diff --git a/src/crypto/internal/fips140test/cast_fips140v1.26_test.go b/src/crypto/internal/fips140test/cast_fips140v1.26_test.go
deleted file mode 100644 (file)
index ef79068..0000000
--- a/src/crypto/internal/fips140test/cast_fips140v1.26_test.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2024 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !fips140v1.0
-
-package fipstest
-
-import "crypto/internal/fips140/mldsa"
-
-func fips140v126Conditionals() {
-       // ML-DSA sign and verify PCT
-       kMLDSA := mldsa.GenerateKey44()
-       // ML-DSA-44
-       mldsa.SignDeterministic(kMLDSA, make([]byte, 32), "")
-}

diff --git a/src/crypto/internal/fips140test/cast_fips140v1.0_test.go b/src/crypto/internal/fips140test/fips140v1.0_test.go
similarity index 75%
rename from src/crypto/internal/fips140test/cast_fips140v1.0_test.go
rename to src/crypto/internal/fips140test/fips140v1.0_test.go
index b9ddfe4d8b49b689bb867ca10a9a4df2db5dcc3c..262ef61d5c45230d53b78297aa473bc35e5ccdf6 100644 (file)
--- a/src/crypto/internal/fips140test/cast_fips140v1.0_test.go
+++ b/src/crypto/internal/fips140test/fips140v1.0_test.go
@@ -6,4 +6,8 @@
 
 package fipstest
 
+import "testing"
+
 func fips140v126Conditionals() {}
+
+func testFIPS140v126(t *testing.T, plaintext []byte) {}

diff --git a/src/crypto/internal/fips140test/fips140v1.26_test.go b/src/crypto/internal/fips140test/fips140v1.26_test.go
new file mode 100644 (file)
index 0000000..6cd9f4f
--- /dev/null
+++ b/src/crypto/internal/fips140test/fips140v1.26_test.go
@@ -0,0 +1,33 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !fips140v1.0
+
+package fipstest
+
+import (
+       "crypto/internal/fips140/mldsa"
+       "testing"
+)
+
+func fips140v126Conditionals() {
+       // ML-DSA sign and verify PCT
+       kMLDSA := mldsa.GenerateKey44()
+       // ML-DSA-44
+       mldsa.SignDeterministic(kMLDSA, make([]byte, 32), "")
+}
+
+func testFIPS140v126(t *testing.T, plaintext []byte) {
+       t.Run("ML-DSA KeyGen, SigGen, SigVer", func(t *testing.T) {
+               ensureServiceIndicator(t)
+               k := mldsa.GenerateKey44()
+
+               sig, err := mldsa.SignDeterministic(k, plaintext, "")
+               fatalIfErr(t, err)
+               t.Logf("ML-DSA signature: %x", sig)
+
+               err = mldsa.Verify(k.PublicKey(), plaintext, sig, "")
+               fatalIfErr(t, err)
+       })
+}

diff --git a/src/crypto/internal/fips140test/fips_test.go b/src/crypto/internal/fips140test/fips_test.go
index 52fc9d3488600373936239221735569bd0532d2a..7f2824ca9ac0527507bc4c152fccb6f01e763629 100644 (file)
--- a/src/crypto/internal/fips140test/fips_test.go
+++ b/src/crypto/internal/fips140test/fips_test.go
@@ -101,6 +101,8 @@ func TestFIPS140(t *testing.T) {
        aesBlock, err := aes.New(aesKey)
        fatalIfErr(t, err)
 
+       testFIPS140v126(t, plaintext)
+
        t.Run("AES-CTR", func(t *testing.T) {
                ensureServiceIndicator(t)
                ctr := aes.NewCTR(aesBlock, aesIV)