Add functional tests

.github/workflows/ci.yml

@@ -0,0 +1,40 @@
+# SPDX-License-Identifier: Apache-2.0
+
+name: CI
+permissions:
+  contents: read
+on:
+  workflow_dispatch:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+    types: [ "opened", "synchronize" ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  quickcheck:
+    strategy:
+      fail-fast: false
+      matrix:
+        external:
+         - ${{ github.repository_owner != 'pq-code-package' }}
+        target:
+         - runner: pqcp-arm64
+           name: 'aarch64'
+         - runner: ubuntu-latest
+           name: 'x86_64'
+         - runner: macos-latest
+           name: 'macos (aarch64)'
+         - runner: macos-13
+           name: 'macos (x86_64)'
+    name: Quickcheck (${{ matrix.target.name }})
+    runs-on: ${{ matrix.target.runner }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: make quickcheck
+        run: |
+          make quickcheck

.gitignore

@@ -0,0 +1,3 @@
+# SPDX-License-Identifier: Apache-2.0
+
+test/build

Makefile

@@ -0,0 +1,51 @@
+# SPDX-License-Identifier: Apache-2.0
+
+.PHONY: func \
+	func_44 \
+	func_65 \
+	func_87 \
+	run_func \
+	run_func_44 \
+	run_func_65\
+	run_func_87 \
+	build test all \
+	clean quickcheck
+
+.DEFAULT_GOAL := build
+all: build
+
+W := $(EXEC_WRAPPER)
+
+include test/mk/config.mk
+include test/mk/components.mk
+include test/mk/rules.mk
+
+quickcheck: test
+
+build: func
+	$(Q)echo "  Everything builds fine!"
+
+test: run_func
+	$(Q)echo "  Everything checks fine!"
+
+run_func_44: func_44
+	$(W) $(MLDSA44_DIR)/bin/test_mldsa44
+run_func_65: func_65
+	$(W) $(MLDSA65_DIR)/bin/test_mldsa65
+run_func_87: func_87
+	$(W) $(MLDSA87_DIR)/bin/test_mldsa87
+run_func: run_func_44 run_func_65 run_func_87
+
+func_44: $(MLDSA44_DIR)/bin/test_mldsa44
+	$(Q)echo "  FUNC       ML-DSA-44:   $^"
+func_65: $(MLDSA65_DIR)/bin/test_mldsa65
+	$(Q)echo "  FUNC       ML-DSA-65:   $^"
+func_87: $(MLDSA87_DIR)/bin/test_mldsa87
+	$(Q)echo "  FUNC       ML-DSA-87:  $^"
+func: func_44 func_65 func_87
+
+lib: $(BUILD_DIR)/libmldsa.a $(BUILD_DIR)/libmldsa44.a $(BUILD_DIR)/libmldsa65.a $(BUILD_DIR)/libmldsa87.a
+
+clean:
+	-$(RM) -rf *.gcno *.gcda *.lcov *.o *.so
+	-$(RM) -rf $(BUILD_DIR)

mldsa/api.h

@@ -94,5 +94,34 @@ int pqcrystals_dilithium5_ref_open(uint8_t *m, size_t *mlen,
                                    const uint8_t *ctx, size_t ctxlen,
                                    const uint8_t *pk);
 
+#if DILITHIUM_MODE == 2
+#define CRYPTO_PUBLICKEYBYTES pqcrystals_dilithium2_PUBLICKEYBYTES
+#define CRYPTO_SECRETKEYBYTES pqcrystals_dilithium2_SECRETKEYBYTES
+#define CRYPTO_BYTES pqcrystals_dilithium2_BYTES
+#define crypto_sign_keypair pqcrystals_dilithium2_ref_keypair
+#define crypto_sign_signature pqcrystals_dilithium2_ref_signature
+#define crypto_sign pqcrystals_dilithium2_ref
+#define crypto_sign_verify pqcrystals_dilithium2_ref_verify
+#define crypto_sign_open pqcrystals_dilithium2_ref_open
+#elif DILITHIUM_MODE == 3
+#define CRYPTO_PUBLICKEYBYTES pqcrystals_dilithium3_PUBLICKEYBYTES
+#define CRYPTO_SECRETKEYBYTES pqcrystals_dilithium3_SECRETKEYBYTES
+#define CRYPTO_BYTES pqcrystals_dilithium3_BYTES
+#define crypto_sign_keypair pqcrystals_dilithium3_ref_keypair
+#define crypto_sign_signature pqcrystals_dilithium3_ref_signature
+#define crypto_sign pqcrystals_dilithium3_ref
+#define crypto_sign_verify pqcrystals_dilithium3_ref_verify
+#define crypto_sign_open pqcrystals_dilithium3_ref_open
+#elif DILITHIUM_MODE == 5
+#define CRYPTO_PUBLICKEYBYTES pqcrystals_dilithium5_PUBLICKEYBYTES
+#define CRYPTO_SECRETKEYBYTES pqcrystals_dilithium5_SECRETKEYBYTES
+#define CRYPTO_BYTES pqcrystals_dilithium5_BYTES
+#define crypto_sign_keypair pqcrystals_dilithium5_ref_keypair
+#define crypto_sign_signature pqcrystals_dilithium5_ref_signature
+#define crypto_sign pqcrystals_dilithium5_ref
+#define crypto_sign_verify pqcrystals_dilithium5_ref_verify
+#define crypto_sign_open pqcrystals_dilithium5_ref_open
+#endif
+
 
 #endif

mldsa/sign.c

@@ -6,7 +6,7 @@
 #include "poly.h"
 #include "randombytes.h"
 #include "symmetric.h"
-#include "fips202.h"
+#include "fips202/fips202.h"
 
 /*************************************************
 * Name:        crypto_sign_keypair

mldsa/symmetric-shake.c

@@ -1,7 +1,7 @@
 #include <stdint.h>
 #include "params.h"
 #include "symmetric.h"
-#include "fips202.h"
+#include "fips202/fips202.h"
 
 void dilithium_shake128_stream_init(keccak_state *state, const uint8_t seed[SEEDBYTES], uint16_t nonce)
 {

mldsa/symmetric.h

@@ -4,7 +4,7 @@
 #include <stdint.h>
 #include "params.h"
 
-#include "fips202.h"
+#include "fips202/fips202.h"
 
 typedef keccak_state stream128_state;
 typedef keccak_state stream256_state;

test/mk/components.mk

@@ -0,0 +1,67 @@
+# SPDX-License-Identifier: Apache-2.0
+
+FIPS202_SRCS = $(wildcard mldsa/fips202/*.c)
+SOURCES += $(wildcard mldsa/*.c)
+
+ALL_TESTS = test_mldsa
+NON_NIST_TESTS = $(filter-out gen_NISTKAT,$(ALL_TESTS))
+
+MLDSA44_DIR = $(BUILD_DIR)/mldsa44
+MLDSA65_DIR = $(BUILD_DIR)/mldsa65
+MLDSA87_DIR = $(BUILD_DIR)/mldsa87
+
+MLDSA44_OBJS = $(call MAKE_OBJS,$(MLDSA44_DIR),$(SOURCES) $(FIPS202_SRCS))
+$(MLDSA44_OBJS): CFLAGS += -DDILITHIUM_MODE=2
+MLDSA65_OBJS = $(call MAKE_OBJS,$(MLDSA65_DIR),$(SOURCES) $(FIPS202_SRCS))
+$(MLDSA65_OBJS): CFLAGS += -DDILITHIUM_MODE=3
+MLDSA87_OBJS = $(call MAKE_OBJS,$(MLDSA87_DIR),$(SOURCES) $(FIPS202_SRCS))
+$(MLDSA87_OBJS): CFLAGS += -DDILITHIUM_MODE=5
+
+$(BUILD_DIR)/libmldsa44.a: $(MLDSA44_OBJS)
+$(BUILD_DIR)/libmldsa65.a: $(MLDSA65_OBJS)
+$(BUILD_DIR)/libmldsa87.a: $(MLDSA87_OBJS)
+
+$(BUILD_DIR)/libmldsa.a: $(MLDSA44_OBJS) $(MLDSA65_OBJS) $(MLDSA87_OBJS)
+
+$(MLDSA44_DIR)/bin/bench_mldsa44: CFLAGS += -Itest/hal
+$(MLDSA65_DIR)/bin/bench_mldsa65: CFLAGS += -Itest/hal
+$(MLDSA87_DIR)/bin/bench_mldsa87: CFLAGS += -Itest/hal
+$(MLDSA44_DIR)/bin/bench_components_mldsa44: CFLAGS += -Itest/hal
+$(MLDSA65_DIR)/bin/bench_components_mldsa65: CFLAGS += -Itest/hal
+$(MLDSA87_DIR)/bin/bench_components_mldsa87: CFLAGS += -Itest/hal
+
+$(MLDSA44_DIR)/bin/bench_mldsa44: $(MLDSA44_DIR)/test/hal/hal.c.o
+$(MLDSA65_DIR)/bin/bench_mldsa65: $(MLDSA65_DIR)/test/hal/hal.c.o
+$(MLDSA87_DIR)/bin/bench_mldsa87: $(MLDSA87_DIR)/test/hal/hal.c.o
+$(MLDSA44_DIR)/bin/bench_components_mldsa44: $(MLDSA44_DIR)/test/hal/hal.c.o
+$(MLDSA65_DIR)/bin/bench_components_mldsa65: $(MLDSA65_DIR)/test/hal/hal.c.o
+$(MLDSA87_DIR)/bin/bench_components_mldsa87: $(MLDSA87_DIR)/test/hal/hal.c.o
+
+$(MLDSA44_DIR)/bin/%: CFLAGS += -DDILITHIUM_MODE=2
+$(MLDSA65_DIR)/bin/%: CFLAGS += -DDILITHIUM_MODE=3
+$(MLDSA87_DIR)/bin/%: CFLAGS += -DDILITHIUM_MODE=5
+
+# Link tests with respective library
+define ADD_SOURCE
+$(BUILD_DIR)/$(1)/bin/$(2)$(shell echo $(1) | tr -d -c 0-9): LDLIBS += -L$(BUILD_DIR) -l$(1)
+$(BUILD_DIR)/$(1)/bin/$(2)$(shell echo $(1) | tr -d -c 0-9): $(BUILD_DIR)/$(1)/test/$(2).c.o $(BUILD_DIR)/lib$(1).a
+endef
+
+$(foreach scheme,mldsa44 mldsa65 mldsa87, \
+	$(foreach test,$(ALL_TESTS), \
+		$(eval $(call ADD_SOURCE,$(scheme),$(test))) \
+	) \
+)
+
+# nistkat tests require special RNG
+$(MLDSA44_DIR)/bin/gen_NISTKAT44: CFLAGS += -Itest/nistrng
+$(MLDSA44_DIR)/bin/gen_NISTKAT44: $(call MAKE_OBJS, $(MLDSA44_DIR), $(wildcard test/nistrng/*.c))
+$(MLDSA65_DIR)/bin/gen_NISTKAT65: CFLAGS += -Itest/nistrng
+$(MLDSA65_DIR)/bin/gen_NISTKAT65: $(call MAKE_OBJS, $(MLDSA65_DIR), $(wildcard test/nistrng/*.c))
+$(MLDSA87_DIR)/bin/gen_NISTKAT87: CFLAGS += -Itest/nistrng
+$(MLDSA87_DIR)/bin/gen_NISTKAT87: $(call MAKE_OBJS, $(MLDSA87_DIR), $(wildcard test/nistrng/*.c))
+
+# All other tests use test-only RNG
+$(NON_NIST_TESTS:%=$(MLDSA44_DIR)/bin/%44): $(call MAKE_OBJS, $(MLDSA44_DIR), $(wildcard test/notrandombytes/*.c))
+$(NON_NIST_TESTS:%=$(MLDSA65_DIR)/bin/%65): $(call MAKE_OBJS, $(MLDSA65_DIR), $(wildcard test/notrandombytes/*.c))
+$(NON_NIST_TESTS:%=$(MLDSA87_DIR)/bin/%87): $(call MAKE_OBJS, $(MLDSA87_DIR), $(wildcard test/notrandombytes/*.c))