crypto/internal/fips140test: add ML-DSA to FIPS 140-3 functional tests
Change-Id: I568d28d27d2bc55bbadcc678a2fcf9d36a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/731540
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
diff --git a/src/crypto/internal/fips140test/cast_fips140v1.26_test.go b/src/crypto/internal/fips140test/cast_fips140v1.26_test.go
deleted file mode 100644
index ef79068..0000000
--- a/src/crypto/internal/fips140test/cast_fips140v1.26_test.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2024 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !fips140v1.0
-
-package fipstest
-
-import "crypto/internal/fips140/mldsa"
-
-func fips140v126Conditionals() {
- // ML-DSA sign and verify PCT
- kMLDSA := mldsa.GenerateKey44()
- // ML-DSA-44
- mldsa.SignDeterministic(kMLDSA, make([]byte, 32), "")
-}
diff --git a/src/crypto/internal/fips140test/cast_fips140v1.0_test.go b/src/crypto/internal/fips140test/fips140v1.0_test.go
similarity index 76%
rename from src/crypto/internal/fips140test/cast_fips140v1.0_test.go
rename to src/crypto/internal/fips140test/fips140v1.0_test.go
index b9ddfe4..262ef61 100644
--- a/src/crypto/internal/fips140test/cast_fips140v1.0_test.go
+++ b/src/crypto/internal/fips140test/fips140v1.0_test.go
@@ -6,4 +6,8 @@
package fipstest
+import "testing"
+
func fips140v126Conditionals() {}
+
+func testFIPS140v126(t *testing.T, plaintext []byte) {}
diff --git a/src/crypto/internal/fips140test/fips140v1.26_test.go b/src/crypto/internal/fips140test/fips140v1.26_test.go
new file mode 100644
index 0000000..6cd9f4f
--- /dev/null
+++ b/src/crypto/internal/fips140test/fips140v1.26_test.go
@@ -0,0 +1,33 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !fips140v1.0
+
+package fipstest
+
+import (
+ "crypto/internal/fips140/mldsa"
+ "testing"
+)
+
+func fips140v126Conditionals() {
+ // ML-DSA sign and verify PCT
+ kMLDSA := mldsa.GenerateKey44()
+ // ML-DSA-44
+ mldsa.SignDeterministic(kMLDSA, make([]byte, 32), "")
+}
+
+func testFIPS140v126(t *testing.T, plaintext []byte) {
+ t.Run("ML-DSA KeyGen, SigGen, SigVer", func(t *testing.T) {
+ ensureServiceIndicator(t)
+ k := mldsa.GenerateKey44()
+
+ sig, err := mldsa.SignDeterministic(k, plaintext, "")
+ fatalIfErr(t, err)
+ t.Logf("ML-DSA signature: %x", sig)
+
+ err = mldsa.Verify(k.PublicKey(), plaintext, sig, "")
+ fatalIfErr(t, err)
+ })
+}
diff --git a/src/crypto/internal/fips140test/fips_test.go b/src/crypto/internal/fips140test/fips_test.go
index 52fc9d3..7f2824c 100644
--- a/src/crypto/internal/fips140test/fips_test.go
+++ b/src/crypto/internal/fips140test/fips_test.go
@@ -101,6 +101,8 @@
aesBlock, err := aes.New(aesKey)
fatalIfErr(t, err)
+ testFIPS140v126(t, plaintext)
+
t.Run("AES-CTR", func(t *testing.T) {
ensureServiceIndicator(t)
ctr := aes.NewCTR(aesBlock, aesIV)
