src/crypto/mldsa/mldsa_fips140v1.0_test.go - go - Git at Google

 // Copyright 2026 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 //go:build fips140v1.0

 package mldsa_test

 import (
 	"crypto"
 	. "crypto/mldsa"
 	"testing"
 )

 var _ crypto.Signer = (*PrivateKey)(nil)

 func TestUnavailable(t *testing.T) {
 	for _, params := range []Parameters{MLDSA44(), MLDSA65(), MLDSA87()} {
 		t.Run(params.String(), func(t *testing.T) {
 			if _, err := GenerateKey(params); err == nil {
 				t.Errorf("GenerateKey: want error, got nil")
 			}
 			if _, err := NewPrivateKey(params, make([]byte, PrivateKeySize)); err == nil {
 				t.Errorf("NewPrivateKey: want error, got nil")
 			}
 			if _, err := NewPublicKey(params, make([]byte, params.PublicKeySize())); err == nil {
 				t.Errorf("NewPublicKey: want error, got nil")
 			}
 			if err := Verify(&PublicKey{}, nil, nil, nil); err == nil {
 				t.Errorf("Verify: want error, got nil")
 			}
 		})
 	}
 }

 func TestMethodsPanic(t *testing.T) {
 	// All PrivateKey and PublicKey methods are unreachable in the v1.0 stub
 	// (since there is no way to construct a non-zero key) and panic if invoked
 	// on the zero value.
 	sk := &PrivateKey{}
 	pk := &PublicKey{}
 	cases := []struct {
 		name string
 		fn   func()
 	}{
 		{"PrivateKey.Public", func() { sk.Public() }},
 		{"PrivateKey.Equal", func() { sk.Equal(sk) }},
 		{"PrivateKey.PublicKey", func() { sk.PublicKey() }},
 		{"PrivateKey.Bytes", func() { sk.Bytes() }},
 		{"PrivateKey.Sign", func() { sk.Sign(nil, nil, nil) }},
 		{"PrivateKey.SignDeterministic", func() { sk.SignDeterministic(nil, nil) }},
 		{"PublicKey.Bytes", func() { pk.Bytes() }},
 		{"PublicKey.Equal", func() { pk.Equal(pk) }},
 		{"PublicKey.Parameters", func() { pk.Parameters() }},
 	}
 	for _, tc := range cases {
 		t.Run(tc.name, func(t *testing.T) {
 			defer func() {
 				if r := recover(); r == nil {
 					t.Errorf("%s: did not panic", tc.name)
 				}
 			}()
 			tc.fn()
 		})
 	}
 }

 func TestParametersAvailable(t *testing.T) {
 	// The Parameters value type and its methods must remain usable even under
 	// the v1.0 stub, so callers can introspect parameter sets without invoking
 	// the unavailable key APIs.
 	cases := []struct {
 		params  Parameters
 		name    string
 		pkSize  int
 		sigSize int
 	}{
 		{MLDSA44(), "ML-DSA-44", MLDSA44PublicKeySize, MLDSA44SignatureSize},
 		{MLDSA65(), "ML-DSA-65", MLDSA65PublicKeySize, MLDSA65SignatureSize},
 		{MLDSA87(), "ML-DSA-87", MLDSA87PublicKeySize, MLDSA87SignatureSize},
 	}
 	for _, tc := range cases {
 		if got := tc.params.String(); got != tc.name {
 			t.Errorf("String() = %q, want %q", got, tc.name)
 		}
 		if got := tc.params.PublicKeySize(); got != tc.pkSize {
 			t.Errorf("%s PublicKeySize() = %d, want %d", tc.name, got, tc.pkSize)
 		}
 		if got := tc.params.SignatureSize(); got != tc.sigSize {
 			t.Errorf("%s SignatureSize() = %d, want %d", tc.name, got, tc.sigSize)
 		}
 	}
 }
	// Copyright 2026 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	//go:build fips140v1.0

	package mldsa_test

	import (
	"crypto"
	. "crypto/mldsa"
	"testing"
	)

	var _ crypto.Signer = (*PrivateKey)(nil)

	func TestUnavailable(t *testing.T) {
	for _, params := range []Parameters{MLDSA44(), MLDSA65(), MLDSA87()} {
	t.Run(params.String(), func(t *testing.T) {
	if _, err := GenerateKey(params); err == nil {
	t.Errorf("GenerateKey: want error, got nil")
	}
	if _, err := NewPrivateKey(params, make([]byte, PrivateKeySize)); err == nil {
	t.Errorf("NewPrivateKey: want error, got nil")
	}
	if _, err := NewPublicKey(params, make([]byte, params.PublicKeySize())); err == nil {
	t.Errorf("NewPublicKey: want error, got nil")
	}
	if err := Verify(&PublicKey{}, nil, nil, nil); err == nil {
	t.Errorf("Verify: want error, got nil")
	}
	})
	}
	}

	func TestMethodsPanic(t *testing.T) {
	// All PrivateKey and PublicKey methods are unreachable in the v1.0 stub
	// (since there is no way to construct a non-zero key) and panic if invoked
	// on the zero value.
	sk := &PrivateKey{}
	pk := &PublicKey{}
	cases := []struct {
	name string
	fn func()
	}{
	{"PrivateKey.Public", func() { sk.Public() }},
	{"PrivateKey.Equal", func() { sk.Equal(sk) }},
	{"PrivateKey.PublicKey", func() { sk.PublicKey() }},
	{"PrivateKey.Bytes", func() { sk.Bytes() }},
	{"PrivateKey.Sign", func() { sk.Sign(nil, nil, nil) }},
	{"PrivateKey.SignDeterministic", func() { sk.SignDeterministic(nil, nil) }},
	{"PublicKey.Bytes", func() { pk.Bytes() }},
	{"PublicKey.Equal", func() { pk.Equal(pk) }},
	{"PublicKey.Parameters", func() { pk.Parameters() }},
	}
	for _, tc := range cases {
	t.Run(tc.name, func(t *testing.T) {
	defer func() {
	if r := recover(); r == nil {
	t.Errorf("%s: did not panic", tc.name)
	}
	}()
	tc.fn()
	})
	}
	}

	func TestParametersAvailable(t *testing.T) {
	// The Parameters value type and its methods must remain usable even under
	// the v1.0 stub, so callers can introspect parameter sets without invoking
	// the unavailable key APIs.
	cases := []struct {
	params Parameters
	name string
	pkSize int
	sigSize int
	}{
	{MLDSA44(), "ML-DSA-44", MLDSA44PublicKeySize, MLDSA44SignatureSize},
	{MLDSA65(), "ML-DSA-65", MLDSA65PublicKeySize, MLDSA65SignatureSize},
	{MLDSA87(), "ML-DSA-87", MLDSA87PublicKeySize, MLDSA87SignatureSize},
	}
	for _, tc := range cases {
	if got := tc.params.String(); got != tc.name {
	t.Errorf("String() = %q, want %q", got, tc.name)
	}
	if got := tc.params.PublicKeySize(); got != tc.pkSize {
	t.Errorf("%s PublicKeySize() = %d, want %d", tc.name, got, tc.pkSize)
	}
	if got := tc.params.SignatureSize(); got != tc.sigSize {
	t.Errorf("%s SignatureSize() = %d, want %d", tc.name, got, tc.sigSize)
	}
	}
	}