Add KAT tests

This is automatically executed (also in CI) as a part of quickcheck.

This adds known-answer tests following what is done in
https://github.com/PQClean/PQClean/blob/master/test/crypto_sign/testvectors.c

The main added benefit of this test over the NISTKAT tests is that is also
includes the detachted signature API (crypto_sign_signature and
crypto_sign_verify).

Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>

Makefile

@@ -1,13 +1,13 @@
 # SPDX-License-Identifier: Apache-2.0
 
-.PHONY: func \
-	func_44 \
-	func_65 \
-	func_87 \
-	run_func \
-	run_func_44 \
-	run_func_65\
-	run_func_87 \
+.PHONY: func kat \
+	func_44  kat_44 \
+	func_65 kat_65 \
+	func_87 kat_87 \
+	run_func run_kat \
+	run_func_44 run_kat_44 \
+	run_func_65 run_kat_65 \
+	run_func_87 run_kat_87 \
 	build test all \
 	clean quickcheck
 
@@ -22,12 +22,21 @@ include test/mk/rules.mk
 
 quickcheck: test
 
-build: func
+build: func kat
 	$(Q)echo "  Everything builds fine!"
 
-test: run_func
+test: run_kat run_func
 	$(Q)echo "  Everything checks fine!"
 
+
+run_kat_44: kat_44
+	$(W) $(MLDSA44_DIR)/bin/gen_KAT44 | sha256sum | cut -d " " -f 1 | xargs ./META.sh ML-DSA-44  kat-sha256
+run_kat_65: kat_65
+	$(W) $(MLDSA65_DIR)/bin/gen_KAT65 | sha256sum | cut -d " " -f 1 | xargs ./META.sh ML-DSA-65  kat-sha256
+run_kat_87: kat_87
+	$(W) $(MLDSA87_DIR)/bin/gen_KAT87 | sha256sum | cut -d " " -f 1 | xargs ./META.sh ML-DSA-87  kat-sha256
+run_kat: run_kat_44 run_kat_65 run_kat_87
+
 run_func_44: func_44
 	$(W) $(MLDSA44_DIR)/bin/test_mldsa44
 run_func_65: func_65
@@ -44,6 +53,14 @@ func_87: $(MLDSA87_DIR)/bin/test_mldsa87
 	$(Q)echo "  FUNC       ML-DSA-87:  $^"
 func: func_44 func_65 func_87
 
+kat_44: $(MLDSA44_DIR)/bin/gen_KAT44
+	$(Q)echo "  KAT        ML-DSA-44:   $^"
+kat_65: $(MLDSA65_DIR)/bin/gen_KAT65
+	$(Q)echo "  KAT        ML-DSA-65:   $^"
+kat_87: $(MLDSA87_DIR)/bin/gen_KAT87
+	$(Q)echo "  KAT        ML-DSA-87:  $^"
+kat: kat_44 kat_65 kat_87
+
 lib: $(BUILD_DIR)/libmldsa.a $(BUILD_DIR)/libmldsa44.a $(BUILD_DIR)/libmldsa65.a $(BUILD_DIR)/libmldsa87.a
 
 clean:

test/gen_KAT.c

@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2025 The mldsa-native project authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include <stddef.h>
+#include <stdio.h>
+#include <string.h>
+#include "../mldsa/api.h"
+#include "notrandombytes/notrandombytes.h"
+
+#define MAXMLEN 2048
+#define CTXLEN 0
+
+static void print_hex(const uint8_t *data, size_t size)
+{
+  size_t i;
+  for (i = 0; i < size; i++)
+  {
+    printf("%02x", data[i]);
+  }
+  printf("\n");
+}
+
+int main(void)
+{
+  unsigned i, j;
+  int rc;
+  uint8_t pk[CRYPTO_PUBLICKEYBYTES];
+  uint8_t sk[CRYPTO_SECRETKEYBYTES];
+  uint8_t sm[MAXMLEN + CRYPTO_BYTES];
+  uint8_t s[CRYPTO_BYTES];
+  uint8_t m[MAXMLEN];
+  uint8_t m2[MAXMLEN + CRYPTO_BYTES];
+  size_t smlen;
+  size_t slen;
+  size_t mlen;
+
+  for (i = 0; i < MAXMLEN; i = (i == 0) ? i + 1 : i << 2)
+  {
+    randombytes(m, i);
+
+
+    crypto_sign_keypair(pk, sk);
+
+    print_hex(pk, CRYPTO_PUBLICKEYBYTES);
+    print_hex(sk, CRYPTO_SECRETKEYBYTES);
+
+    crypto_sign(sm, &smlen, m, i, NULL, CTXLEN, sk);
+    crypto_sign_signature(s, &slen, m, i, NULL, CTXLEN, sk);
+
+    print_hex(sm, smlen);
+    print_hex(s, slen);
+
+    rc = crypto_sign_open(m2, &mlen, sm, smlen, NULL, CTXLEN, pk);
+    rc |= crypto_sign_verify(s, slen, m, i, NULL, CTXLEN, pk);
+
+    if (rc)
+    {
+      printf("ERROR: signature verification failed\n");
+      return -1;
+    }
+    for (j = 0; j < i; j++)
+    {
+      if (m2[j] != m[j])
+      {
+        printf("ERROR: message recovery failed\n");
+        return -1;
+      }
+    }
+  }
+  return 0;
+}

test/mk/components.mk

@@ -3,7 +3,7 @@
 FIPS202_SRCS = $(wildcard mldsa/fips202/*.c)
 SOURCES += $(wildcard mldsa/*.c)
 
-ALL_TESTS = test_mldsa
+ALL_TESTS = test_mldsa gen_KAT
 NON_NIST_TESTS = $(filter-out gen_NISTKAT,$(ALL_TESTS))
 
 MLDSA44_DIR = $(BUILD_DIR)/mldsa44