Test all variants x optimizations with standard Wycheproof vectors

libcrux-ml-dsa/tests/wycheproof/sign_schema.rs

@@ -79,6 +79,9 @@ pub struct Test {
 
     msg: String,
 
+    #[serde(default)]
+    ctx: String,
+
     sig: String,
 
     result: Result,
@@ -97,6 +100,9 @@ pub enum Flag {
     #[serde(rename = "InvalidPrivateKey")]
     InvalidPrivateKey,
 
+    #[serde(rename = "InvalidContext")]
+    InvalidContext,
+
     #[serde(rename = "ManySteps")]
     ManySteps,
 

libcrux-ml-dsa/tests/wycheproof/verify_schema.rs

@@ -87,6 +87,9 @@ pub struct Test {
 
     msg: String,
 
+    #[serde(default)]
+    ctx: String,
+
     sig: String,
 
     result: Result,
@@ -111,6 +114,9 @@ pub enum Flag {
     #[serde(rename = "InvalidPrivateKey")]
     InvalidPrivateKey,
 
+    #[serde(rename = "InvalidContext")]
+    InvalidContext,
+
     #[serde(rename = "ManySteps")]
     ManySteps,
 

libcrux-ml-dsa/tests/wycheproof_sign.rs.todo → libcrux-ml-dsa/tests/wycheproof_sign.rs

@@ -8,7 +8,7 @@ use libcrux_ml_dsa::{
     ml_dsa_44::{self, MLDSA44SigningKey},
     ml_dsa_65::{self, MLDSA65SigningKey},
     ml_dsa_87::{self, MLDSA87SigningKey},
-    MLDSASigningKey,
+    MLDSASigningKey, SigningError,
 };
 
 include!("wycheproof/sign_schema.rs");
@@ -19,7 +19,7 @@ macro_rules! wycheproof_sign_test {
         fn $name() {
             let katfile_path = Path::new("tests")
                 .join("wycheproof")
-                .join(format!("mldsa_{}_draft_sign_test.json", $parameter_set));
+                .join(format!("mldsa_{}_standard_sign_test.json", $parameter_set));
             let katfile = File::open(katfile_path).expect("Could not open KAT file.");
             let reader = BufReader::new(katfile);
 
@@ -47,13 +47,17 @@ macro_rules! wycheproof_sign_test {
 
                 for test in test_group.tests {
                     let message = hex::decode(test.msg).unwrap();
+                    let context = hex::decode(test.ctx).unwrap();
 
-                    let signature = $sign(&signing_key, &message, signing_randomness)
-                        .expect("Rejection sampling failure probability is < 2⁻¹²⁸");
+                    let signature = $sign(&signing_key, &message, &context, signing_randomness);
+
+                    if let Err(SigningError::ContextTooLongError) = signature {
+                        assert!(test.result == Result::Invalid)
+                    }
 
                     if test.result == Result::Valid {
                         assert_eq!(
-                            signature.0.as_slice(),
+                            signature.unwrap().0.as_slice(),
                             hex::decode(test.sig).unwrap().as_slice()
                         );
                     }
@@ -98,6 +102,52 @@ wycheproof_sign_test!(
 
 wycheproof_sign_test!(wycheproof_sign_65, 65, MLDSA65SigningKey, ml_dsa_65::sign);
 
+wycheproof_sign_test!(
+    wycheproof_sign_65_portable,
+    65,
+    MLDSA65SigningKey,
+    ml_dsa_65::portable::sign
+);
+
+#[cfg(feature = "simd128")]
+wycheproof_sign_test!(
+    wycheproof_sign_65_simd128,
+    65,
+    MLDSA65SigningKey,
+    ml_dsa_65::neon::sign
+);
+
+#[cfg(feature = "simd256")]
+wycheproof_sign_test!(
+    wycheproof_sign_65_simd256,
+    65,
+    MLDSA65SigningKey,
+    ml_dsa_65::avx2::sign
+);
+
 // 87
 
 wycheproof_sign_test!(wycheproof_sign_87, 87, MLDSA87SigningKey, ml_dsa_87::sign);
+
+wycheproof_sign_test!(
+    wycheproof_sign_87_portable,
+    87,
+    MLDSA87SigningKey,
+    ml_dsa_87::portable::sign
+);
+
+#[cfg(feature = "simd128")]
+wycheproof_sign_test!(
+    wycheproof_sign_87_simd128,
+    87,
+    MLDSA87SigningKey,
+    ml_dsa_87::neon::sign
+);
+
+#[cfg(feature = "simd256")]
+wycheproof_sign_test!(
+    wycheproof_sign_87_simd256,
+    87,
+    MLDSA87SigningKey,
+    ml_dsa_87::avx2::sign
+);

libcrux-ml-dsa/tests/wycheproof_verify.rs.todo → libcrux-ml-dsa/tests/wycheproof_verify.rs

@@ -8,13 +8,14 @@ use libcrux_ml_dsa::{ml_dsa_44, ml_dsa_65, ml_dsa_87, MLDSASignature, MLDSAVerif
 
 include!("wycheproof/verify_schema.rs");
 
-macro_rules! wycheproof_sign_test {
+macro_rules! wycheproof_verify_test {
     ($name:ident, $parameter_set:literal, $verification_key_object:ty, $signature_object:ty, $verify:expr) => {
         #[test]
         fn $name() {
-            let katfile_path = Path::new("tests")
-                .join("wycheproof")
-                .join(format!("mldsa_{}_draft_verify_test.json", $parameter_set));
+            let katfile_path = Path::new("tests").join("wycheproof").join(format!(
+                "mldsa_{}_standard_verify_test.json",
+                $parameter_set
+            ));
             let katfile = File::open(katfile_path).expect("Could not open KAT file.");
             let reader = BufReader::new(katfile);
 
@@ -41,7 +42,7 @@ macro_rules! wycheproof_sign_test {
 
                 for test in test_group.tests {
                     let message = hex::decode(test.msg).unwrap();
-
+                    let context = hex::decode(test.ctx).unwrap();
                     let signature_bytes = hex::decode(test.sig).unwrap();
                     if signature_bytes.len() != <$signature_object>::len() {
                         // If the signature size in the KAT does not match the
@@ -54,7 +55,8 @@ macro_rules! wycheproof_sign_test {
                     }
                     let signature = MLDSASignature(signature_bytes.try_into().unwrap());
 
-                    let verification_result = $verify(&verification_key, &message, &signature);
+                    let verification_result =
+                        $verify(&verification_key, &message, &context, &signature);
 
                     match test.result {
                         Result::Valid => assert!(verification_result.is_ok()),
@@ -68,34 +70,34 @@ macro_rules! wycheproof_sign_test {
 
 // 44
 
-wycheproof_sign_test!(
-    wycheproof_sign_44,
+wycheproof_verify_test!(
+    wycheproof_verify_44,
     44,
     ml_dsa_44::MLDSA44VerificationKey,
     ml_dsa_44::MLDSA44Signature,
     ml_dsa_44::verify
 );
 
-wycheproof_sign_test!(
-    wycheproof_sign_44_portable,
+wycheproof_verify_test!(
+    wycheproof_verify_44_portable,
     44,
     ml_dsa_44::MLDSA44VerificationKey,
     ml_dsa_44::MLDSA44Signature,
     ml_dsa_44::portable::verify
 );
 
 #[cfg(feature = "simd128")]
-wycheproof_sign_test!(
-    wycheproof_sign_44_simd128,
+wycheproof_verify_test!(
+    wycheproof_verify_44_simd128,
     44,
     ml_dsa_44::MLDSA44VerificationKey,
     ml_dsa_44::MLDSA44Signature,
     ml_dsa_44::neon::verify
 );
 
 #[cfg(feature = "simd256")]
-wycheproof_sign_test!(
-    wycheproof_sign_44_simd256,
+wycheproof_verify_test!(
+    wycheproof_verify_44_simd256,
     44,
     ml_dsa_44::MLDSA44VerificationKey,
     ml_dsa_44::MLDSA44Signature,
@@ -104,20 +106,72 @@ wycheproof_sign_test!(
 
 // 65
 
-wycheproof_sign_test!(
-    wycheproof_sign_65,
+wycheproof_verify_test!(
+    wycheproof_verify_65,
     65,
     ml_dsa_65::MLDSA65VerificationKey,
     ml_dsa_65::MLDSA65Signature,
     ml_dsa_65::verify
 );
 
+wycheproof_verify_test!(
+    wycheproof_verify_65_portable,
+    65,
+    ml_dsa_65::MLDSA65VerificationKey,
+    ml_dsa_65::MLDSA65Signature,
+    ml_dsa_65::portable::verify
+);
+
+#[cfg(feature = "simd128")]
+wycheproof_verify_test!(
+    wycheproof_verify_65_simd128,
+    65,
+    ml_dsa_65::MLDSA65VerificationKey,
+    ml_dsa_65::MLDSA65Signature,
+    ml_dsa_65::neon::verify
+);
+
+#[cfg(feature = "simd256")]
+wycheproof_verify_test!(
+    wycheproof_verify_65_simd256,
+    65,
+    ml_dsa_65::MLDSA65VerificationKey,
+    ml_dsa_65::MLDSA65Signature,
+    ml_dsa_65::avx2::verify
+);
+
 // 87
 
-wycheproof_sign_test!(
-    wycheproof_sign_87,
+wycheproof_verify_test!(
+    wycheproof_verify_87,
     87,
     ml_dsa_87::MLDSA87VerificationKey,
     ml_dsa_87::MLDSA87Signature,
     ml_dsa_87::verify
 );
+
+wycheproof_verify_test!(
+    wycheproof_verify_87_portable,
+    87,
+    ml_dsa_87::MLDSA87VerificationKey,
+    ml_dsa_87::MLDSA87Signature,
+    ml_dsa_87::portable::verify
+);
+
+#[cfg(feature = "simd128")]
+wycheproof_verify_test!(
+    wycheproof_verify_87_simd128,
+    87,
+    ml_dsa_87::MLDSA87VerificationKey,
+    ml_dsa_87::MLDSA87Signature,
+    ml_dsa_87::neon::verify
+);
+
+#[cfg(feature = "simd256")]
+wycheproof_verify_test!(
+    wycheproof_verify_87_simd256,
+    87,
+    ml_dsa_87::MLDSA87VerificationKey,
+    ml_dsa_87::MLDSA87Signature,
+    ml_dsa_87::avx2::verify
+);