Merge to fips-20250107: Update PQ ACVP to reflect NIST's breaking changes. NIST have updated the ACVP protocol for SLH-DSA and ML-DSA in several breaking ways. This change updates acvptool to reflect this. (cherry picked from commit 298ac78507178d1e7d058eee1e52333f760eb0c1) Change-Id: Iddd2d1db2241a83119c7b671c225bb709d01c70c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/77267 Auto-Submit: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Bob Beck <bbe@google.com> Commit-Queue: Bob Beck <bbe@google.com>
diff --git a/util/fipstools/acvp/acvptool/subprocess/mldsa.go b/util/fipstools/acvp/acvptool/subprocess/mldsa.go index d248ff6..b7cde7d 100644 --- a/util/fipstools/acvp/acvptool/subprocess/mldsa.go +++ b/util/fipstools/acvp/acvptool/subprocess/mldsa.go
@@ -92,12 +92,12 @@ ID uint64 `json:"tgId"` TestType string `json:"testType"` ParameterSet string `json:"parameterSet"` - PublicKey string `json:"pk"` Tests []mldsaSigVerTest `json:"tests"` } type mldsaSigVerTest struct { ID uint64 `json:"tcId"` + PublicKey string `json:"pk"` Message string `json:"message"` Signature string `json:"signature"` } @@ -254,13 +254,13 @@ } cmdName := group.ParameterSet + "/sigVer" - pk, err := hex.DecodeString(group.PublicKey) - if err != nil { - return nil, fmt.Errorf("failed to decode public key in group %d: %s", - group.ID, err) - } - for _, test := range group.Tests { + pk, err := hex.DecodeString(test.PublicKey) + if err != nil || len(pk) == 0 { + return nil, fmt.Errorf("failed to decode public key in test case %d/%d: %s", + group.ID, test.ID, err) + } + msg, err := hex.DecodeString(test.Message) if err != nil { return nil, fmt.Errorf("failed to decode message in test case %d/%d: %s",
diff --git a/util/fipstools/acvp/acvptool/test/expected/ML-DSA.bz2 b/util/fipstools/acvp/acvptool/test/expected/ML-DSA.bz2 index 77290c1..cf13292 100644 --- a/util/fipstools/acvp/acvptool/test/expected/ML-DSA.bz2 +++ b/util/fipstools/acvp/acvptool/test/expected/ML-DSA.bz2 Binary files differ
diff --git a/util/fipstools/acvp/acvptool/test/vectors/ML-DSA.bz2 b/util/fipstools/acvp/acvptool/test/vectors/ML-DSA.bz2 index e4bcaa1..317dfec 100644 --- a/util/fipstools/acvp/acvptool/test/vectors/ML-DSA.bz2 +++ b/util/fipstools/acvp/acvptool/test/vectors/ML-DSA.bz2 Binary files differ
diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index 831a998..3245ece 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
@@ -958,30 +958,42 @@ "algorithm": "ML-DSA", "mode": "sigGen", "revision": "FIPS204", - "parameterSets": [ - "ML-DSA-65", - "ML-DSA-87" - ], + "signatureInterfaces": ["internal"], "deterministic": [ true, false ], - "messageLength": [ - { + "externalMu": [ + false + ], + "capabilities": [{ + "parameterSets": [ + "ML-DSA-65", + "ML-DSA-87" + ], + "messageLength": [{ "min": 8, "max": 65536, "increment": 8 - } - ] + }] + }] }, { "algorithm": "ML-DSA", "mode": "sigVer", "revision": "FIPS204", - "parameterSets": [ - "ML-DSA-65", - "ML-DSA-87" - ] + "signatureInterfaces": ["internal"], + "capabilities": [{ + "messageLength": [{ + "min": 8, + "max": 65536, + "increment": 8 + }], + "parameterSets": [ + "ML-DSA-65", + "ML-DSA-87" + ] + }] }, { "algorithm": "ML-KEM", @@ -1021,6 +1033,7 @@ true, false ], + "signatureInterfaces": [ "internal" ], "capabilities": [ { "parameterSets": [ @@ -1040,6 +1053,7 @@ "algorithm": "SLH-DSA", "mode": "sigVer", "revision": "FIPS205", + "signatureInterfaces": [ "internal" ], "deterministic": [ true, false