randombytes: add example to test failure

This commit introduces a new example build which is meant to
test the failure mode to the randombytes API. The
randombytes_force_failure(n) function ensures that the nth call
to randombytes will fail.

Signed-off-by: Andreas Hatziiliou <[email protected]>

Author: L-series

BIBLIOGRAPHY.md

@@ -344,6 +344,8 @@ source code and documentation.
 * Referenced from:
   - [examples/basic/test_only_rng/notrandombytes.c](examples/basic/test_only_rng/notrandombytes.c)
   - [examples/basic/test_only_rng/notrandombytes.h](examples/basic/test_only_rng/notrandombytes.h)
+  - [examples/basic_rng_failure/test_only_rng/notrandombytes.c](examples/basic_rng_failure/test_only_rng/notrandombytes.c)
+  - [examples/basic_rng_failure/test_only_rng/notrandombytes.h](examples/basic_rng_failure/test_only_rng/notrandombytes.h)
   - [examples/bring_your_own_fips202/test_only_rng/notrandombytes.c](examples/bring_your_own_fips202/test_only_rng/notrandombytes.c)
   - [examples/bring_your_own_fips202/test_only_rng/notrandombytes.h](examples/bring_your_own_fips202/test_only_rng/notrandombytes.h)
   - [examples/bring_your_own_fips202_static/test_only_rng/notrandombytes.c](examples/bring_your_own_fips202_static/test_only_rng/notrandombytes.c)

examples/basic_rng_failure/Makefile

@@ -0,0 +1,119 @@
+# Copyright (c) The mlkem-native project authors
+# Copyright (c) The mldsa-native project authors
+# SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+
+.PHONY: build run clean
+.DEFAULT_GOAL := all
+
+CC  ?= gcc
+
+# Adjust CFLAGS if needed
+CFLAGS := \
+	-Wall \
+	-Wextra \
+	-Werror=unused-result \
+	-Wpedantic \
+	-Werror \
+	-Wmissing-prototypes \
+	-Wshadow \
+	-Wpointer-arith \
+	-Wredundant-decls \
+	-Wconversion \
+	-Wsign-conversion \
+	-Wno-long-long \
+	-Wno-unknown-pragmas \
+	-Wno-unused-command-line-argument \
+	-O3 \
+	-fomit-frame-pointer \
+	-std=c99 \
+	-pedantic \
+	-MMD \
+	$(CFLAGS)
+
+# If you want to use the native backends, the compiler needs to know about
+# the target architecture. Here, we import the default host detection from
+# mldsa-native's tests, but you can write your own or specialize accordingly.
+AUTO ?= 1
+include auto.mk
+
+# The following only concerns the cross-compilation tests.
+# You can likely ignore the following for your application.
+#
+# Append cross-prefix for cross compilation
+# When called from the root Makefile, CROSS_PREFIX has already been added here
+ifeq (,$(findstring $(CROSS_PREFIX),$(CC)))
+CC  := $(CROSS_PREFIX)$(CC)
+endif
+
+# Part A:
+#
+# mldsa-native source and header files
+#
+# If you are not concerned about minimizing for a specific backend,
+# you can just include _all_ source files into your build.
+#
+# In this example, we compile the individual mldsa-native source files directly.
+# Alternatively, you can compile the 'monobuild' source file mldsa_native.c.
+# See examples/monolithic_build for that.
+MLD_SOURCE=$(wildcard					\
+	mldsa_native/mldsa/src/*.c				\
+	mldsa_native/mldsa/src/**/*.c			\
+	mldsa_native/mldsa/src/**/**/*.c		\
+	mldsa_native/mldsa/src/**/**/**/*.c)
+
+INC=-Imldsa_native/mldsa/
+
+# Part B:
+#
+# Random number generator
+#
+# !!! WARNING !!!
+#
+# The randombytes() implementation used here is for TESTING ONLY.
+# You MUST NOT use this implementation outside of testing.
+#
+# !!! WARNING !!!
+RNG_SOURCE=$(wildcard test_only_rng/*.c)
+
+# Part C:
+#
+# Your application source code
+APP_SOURCE=$(wildcard *.c)
+
+ALL_SOURCE=$(MLD_SOURCE) $(RNG_SOURCE) $(APP_SOURCE)
+
+BUILD_DIR=build
+BIN=test_binary
+
+#
+# Configuration adjustments
+#
+
+# Pick prefix
+CFLAGS += -DMLD_CONFIG_NAMESPACE_PREFIX=mldsa
+
+BINARY_NAME_FULL_44=$(BUILD_DIR)/$(BIN)44
+BINARY_NAME_FULL_65=$(BUILD_DIR)/$(BIN)65
+BINARY_NAME_FULL_87=$(BUILD_DIR)/$(BIN)87
+BINARIES_FULL=$(BINARY_NAME_FULL_44) $(BINARY_NAME_FULL_65) $(BINARY_NAME_FULL_87)
+
+$(BINARY_NAME_FULL_44): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=44
+$(BINARY_NAME_FULL_65): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=65
+$(BINARY_NAME_FULL_87): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=87
+
+$(BINARIES_FULL): $(ALL_SOURCE)
+	echo "$@"
+	mkdir -p $(BUILD_DIR)
+	$(CC) $(CFLAGS) $(INC) $^ -o $@
+
+all: build
+
+build: $(BINARIES_FULL)
+
+run: $(BINARIES_FULL)
+	$(EXEC_WRAPPER) ./$(BINARY_NAME_FULL_44)
+	$(EXEC_WRAPPER) ./$(BINARY_NAME_FULL_65)
+	$(EXEC_WRAPPER) ./$(BINARY_NAME_FULL_87)
+
+clean:
+	rm -rf $(BUILD_DIR)

examples/basic_rng_failure/README.md

@@ -0,0 +1,52 @@
+[//]: # (SPDX-License-Identifier: CC-BY-4.0)
+
+# Building mldsa-native
+
+This directory contains a minimal example for how to build mldsa-native and
+intentionally force failures in the `randombytes` provider so that you can
+exercise the library’s error paths.
+
+## Components
+
+An application using mldsa-native as-is needs to include the following components:
+
+1. mldsa-native source tree, including [`mldsa/src/`](../../mldsa/src) and [`mldsa/src/fips202/`](../../mldsa/src/fips202).
+2. A secure pseudo random number generator, implementing [`randombytes.h`](../../mldsa/src/randombytes.h).
+3. The application source code
+
+**WARNING:** The `randombytes()` implementation used here is for TESTING ONLY. You MUST NOT use this implementation
+outside of testing. In this example it is also designed so tests can force
+it to fail after a configurable number of calls.
+
+## Usage
+
+Build this example with `make build`, run with `make run`.
+
+The test binary executes three scenarios for each security level:
+
+1. Force the first `randombytes` invocation (during key generation) to fail and
+	check that `crypto_sign_keypair`.
+2. Allow key generation, then fail the second `randombytes` invocation (during
+	signing) and confirm `crypto_sign_signature`.
+3. Disable failure injection (negative index) and exercise the full
+	sign/verify flow, ensuring the expected deterministic signature is produced.
+
+## What this example demonstrates
+
+This basic example shows how to use the ML-DSA (Module-Lattice-Based Digital Signature Algorithm) for:
+
+1. **Key Generation**: Generate a public/private key pair
+2. **Signing**: Sign a message with a private key and optional context
+3. **Signature Verification**: Verify a signature using the public key
+4. **Signed Messages**: Create and open signed messages (signature + message combined)
+
+The example demonstrates both the detached signature API (`crypto_sign_signature`/`crypto_sign_verify`) and the combined signature API (`crypto_sign`/`crypto_sign_open`).
+
+## Parameter Sets
+
+ML-DSA supports three parameter sets:
+- **ML-DSA-44**
+- **ML-DSA-65**
+- **ML-DSA-87**
+
+The example builds and runs all three parameter sets to demonstrate the different security levels and their corresponding key/signature sizes.

examples/basic_rng_failure/auto.mk

@@ -0,0 +1 @@
+../../test/mk/auto.mk