crypto/internal/fips140test: add ML-DSA to FIPS 140-3 functional tests

Change-Id: I568d28d27d2bc55bbadcc678a2fcf9d36a6a6964 Reviewed-on: https://go-review.googlesource.com/c/go/+/731540 Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Junyang Shao <shaojunyang@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2026-01-29 07:02:05 +03:00 · 2025-12-19 23:14:05 +01:00
parent e242961960
commit 2bc4315d92
4 changed files with 39 additions and 16 deletions
--- a/src/crypto/internal/fips140test/cast_fips140v1.26_test.go
+++ b/src/crypto/internal/fips140test/cast_fips140v1.26_test.go
@@ -1,16 +0,0 @@
-// Copyright 2024 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !fips140v1.0
-
-package fipstest
-
-import "crypto/internal/fips140/mldsa"
-
-func fips140v126Conditionals() {
-	// ML-DSA sign and verify PCT
-	kMLDSA := mldsa.GenerateKey44()
-	// ML-DSA-44
-	mldsa.SignDeterministic(kMLDSA, make([]byte, 32), "")
-}
--- a/src/crypto/internal/fips140test/cast_fips140v1.0_test.go
+++ b/src/crypto/internal/fips140test/cast_fips140v1.0_test.go
@@ -6,4 +6,8 @@

 package fipstest

+import "testing"
+
 func fips140v126Conditionals() {}
+
+func testFIPS140v126(t *testing.T, plaintext []byte) {}
--- a/src/crypto/internal/fips140test/fips140v1.26_test.go
+++ b/src/crypto/internal/fips140test/fips140v1.26_test.go
@@ -0,0 +1,33 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !fips140v1.0
+
+package fipstest
+
+import (
+	"crypto/internal/fips140/mldsa"
+	"testing"
+)
+
+func fips140v126Conditionals() {
+	// ML-DSA sign and verify PCT
+	kMLDSA := mldsa.GenerateKey44()
+	// ML-DSA-44
+	mldsa.SignDeterministic(kMLDSA, make([]byte, 32), "")
+}
+
+func testFIPS140v126(t *testing.T, plaintext []byte) {
+	t.Run("ML-DSA KeyGen, SigGen, SigVer", func(t *testing.T) {
+		ensureServiceIndicator(t)
+		k := mldsa.GenerateKey44()
+
+		sig, err := mldsa.SignDeterministic(k, plaintext, "")
+		fatalIfErr(t, err)
+		t.Logf("ML-DSA signature: %x", sig)
+
+		err = mldsa.Verify(k.PublicKey(), plaintext, sig, "")
+		fatalIfErr(t, err)
+	})
+}
--- a/src/crypto/internal/fips140test/fips_test.go
+++ b/src/crypto/internal/fips140test/fips_test.go
@@ -101,6 +101,8 @@ func TestFIPS140(t *testing.T) {
 	aesBlock, err := aes.New(aesKey)
 	fatalIfErr(t, err)

+	testFIPS140v126(t, plaintext)
+
 	t.Run("AES-CTR", func(t *testing.T) {
 		ensureServiceIndicator(t)
 		ctr := aes.NewCTR(aesBlock, aesIV)