diff --git a/mldsa/src/poly.c b/mldsa/src/poly.c index 9004f1158..69e2b522e 100644 --- a/mldsa/src/poly.c +++ b/mldsa/src/poly.c @@ -655,7 +655,9 @@ void mld_poly_uniform(mld_poly *a, const uint8_t seed[MLDSA_SEEDBYTES + 2]) mld_zeroize(buf, sizeof(buf)); } -#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) && !defined(MLD_CONFIG_REDUCE_RAM) +#if (!defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) && \ + !defined(MLD_CONFIG_REDUCE_RAM)) || \ + defined(MLD_UNIT_TEST) MLD_INTERNAL_API void mld_poly_uniform_4x(mld_poly *vec0, mld_poly *vec1, mld_poly *vec2, mld_poly *vec3, @@ -720,7 +722,8 @@ void mld_poly_uniform_4x(mld_poly *vec0, mld_poly *vec1, mld_poly *vec2, mld_zeroize(buf, sizeof(buf)); } -#endif /* !MLD_CONFIG_SERIAL_FIPS202_ONLY && !MLD_CONFIG_REDUCE_RAM */ +#endif /* (!MLD_CONFIG_SERIAL_FIPS202_ONLY && !MLD_CONFIG_REDUCE_RAM) || \ + MLD_UNIT_TEST */ MLD_INTERNAL_API void mld_polyt1_pack(uint8_t r[MLDSA_POLYT1_PACKEDBYTES], const mld_poly *a) diff --git a/mldsa/src/poly.h b/mldsa/src/poly.h index ff7710438..3ba18107d 100644 --- a/mldsa/src/poly.h +++ b/mldsa/src/poly.h @@ -243,7 +243,9 @@ __contract__( ensures(array_bound(a->coeffs, 0, MLDSA_N, 0, MLDSA_Q)) ); -#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) && !defined(MLD_CONFIG_REDUCE_RAM) +#if (!defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) && \ + !defined(MLD_CONFIG_REDUCE_RAM)) || \ + defined(MLD_UNIT_TEST) #define mld_poly_uniform_4x MLD_NAMESPACE(poly_uniform_4x) /************************************************* * Name: mld_poly_uniform_x4 @@ -277,7 +279,8 @@ __contract__( ensures(array_bound(vec2->coeffs, 0, MLDSA_N, 0, MLDSA_Q)) ensures(array_bound(vec3->coeffs, 0, MLDSA_N, 0, MLDSA_Q)) ); -#endif /* !MLD_CONFIG_SERIAL_FIPS202_ONLY && !MLD_CONFIG_REDUCE_RAM */ +#endif /* (!MLD_CONFIG_SERIAL_FIPS202_ONLY && !MLD_CONFIG_REDUCE_RAM) || \ + MLD_UNIT_TEST */ #define mld_polyt1_pack MLD_NAMESPACE(polyt1_pack) /************************************************* diff --git a/mldsa/src/poly_kl.c b/mldsa/src/poly_kl.c index 7a319ca51..fde774224 100644 --- a/mldsa/src/poly_kl.c +++ b/mldsa/src/poly_kl.c @@ -341,7 +341,7 @@ __contract__( return mld_rej_eta_c(a, target, offset, buf, buflen); } -#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) +#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) || defined(MLD_UNIT_TEST) MLD_INTERNAL_API void mld_poly_uniform_eta_4x(mld_poly *r0, mld_poly *r1, mld_poly *r2, mld_poly *r3, const uint8_t seed[MLDSA_CRHBYTES], @@ -425,8 +425,9 @@ void mld_poly_uniform_eta_4x(mld_poly *r0, mld_poly *r1, mld_poly *r2, mld_zeroize(buf, sizeof(buf)); mld_zeroize(extseed, sizeof(extseed)); } -#else /* !MLD_CONFIG_SERIAL_FIPS202_ONLY */ +#endif /* !MLD_CONFIG_SERIAL_FIPS202_ONLY || MLD_UNIT_TEST */ +#if defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) || defined(MLD_UNIT_TEST) MLD_INTERNAL_API void mld_poly_uniform_eta(mld_poly *r, const uint8_t seed[MLDSA_CRHBYTES], uint8_t nonce) @@ -482,13 +483,14 @@ void mld_poly_uniform_eta(mld_poly *r, const uint8_t seed[MLDSA_CRHBYTES], mld_zeroize(buf, sizeof(buf)); mld_zeroize(extseed, sizeof(extseed)); } -#endif /* MLD_CONFIG_SERIAL_FIPS202_ONLY */ +#endif /* MLD_CONFIG_SERIAL_FIPS202_ONLY || MLD_UNIT_TEST */ #define MLD_POLY_UNIFORM_GAMMA1_NBLOCKS \ ((MLDSA_POLYZ_PACKEDBYTES + MLD_STREAM256_BLOCKBYTES - 1) / \ MLD_STREAM256_BLOCKBYTES) -#if MLD_CONFIG_PARAMETER_SET == 65 || defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) +#if MLD_CONFIG_PARAMETER_SET == 65 || \ + defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) || defined(MLD_UNIT_TEST) MLD_INTERNAL_API void mld_poly_uniform_gamma1(mld_poly *a, const uint8_t seed[MLDSA_CRHBYTES], uint16_t nonce) @@ -516,10 +518,11 @@ void mld_poly_uniform_gamma1(mld_poly *a, const uint8_t seed[MLDSA_CRHBYTES], mld_zeroize(buf, sizeof(buf)); mld_zeroize(extseed, sizeof(extseed)); } -#endif /* MLD_CONFIG_PARAMETER_SET == 65 || MLD_CONFIG_SERIAL_FIPS202_ONLY */ +#endif /* MLD_CONFIG_PARAMETER_SET == 65 || MLD_CONFIG_SERIAL_FIPS202_ONLY || \ + MLD_UNIT_TEST */ -#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) +#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) || defined(MLD_UNIT_TEST) MLD_INTERNAL_API void mld_poly_uniform_gamma1_4x(mld_poly *r0, mld_poly *r1, mld_poly *r2, mld_poly *r3, @@ -568,7 +571,7 @@ void mld_poly_uniform_gamma1_4x(mld_poly *r0, mld_poly *r1, mld_poly *r2, mld_zeroize(buf, sizeof(buf)); mld_zeroize(extseed, sizeof(extseed)); } -#endif /* !MLD_CONFIG_SERIAL_FIPS202_ONLY */ +#endif /* !MLD_CONFIG_SERIAL_FIPS202_ONLY || MLD_UNIT_TEST */ MLD_INTERNAL_API void mld_poly_challenge(mld_poly *c, const uint8_t seed[MLDSA_CTILDEBYTES]) diff --git a/mldsa/src/poly_kl.h b/mldsa/src/poly_kl.h index c6aa49835..02efe8894 100644 --- a/mldsa/src/poly_kl.h +++ b/mldsa/src/poly_kl.h @@ -92,7 +92,7 @@ __contract__( ensures(array_bound(b->coeffs, 0, MLDSA_N, 0, (MLDSA_Q-1)/(2*MLDSA_GAMMA2))) ); -#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) +#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) || defined(MLD_UNIT_TEST) #define mld_poly_uniform_eta_4x MLD_NAMESPACE_KL(poly_uniform_eta_4x) /************************************************* * Name: mld_poly_uniform_eta @@ -132,9 +132,9 @@ __contract__( ensures(array_abs_bound(r2->coeffs, 0, MLDSA_N, MLDSA_ETA + 1)) ensures(array_abs_bound(r3->coeffs, 0, MLDSA_N, MLDSA_ETA + 1)) ); -#endif /* !MLD_CONFIG_SERIAL_FIPS202_ONLY */ +#endif /* !MLD_CONFIG_SERIAL_FIPS202_ONLY || MLD_UNIT_TEST */ -#if defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) +#if defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) || defined(MLD_UNIT_TEST) #define mld_poly_uniform_eta MLD_NAMESPACE_KL(poly_uniform_eta) /************************************************* * Name: mld_poly_uniform_eta @@ -157,9 +157,10 @@ __contract__( assigns(memory_slice(r, sizeof(mld_poly))) ensures(array_abs_bound(r->coeffs, 0, MLDSA_N, MLDSA_ETA + 1)) ); -#endif /* MLD_CONFIG_SERIAL_FIPS202_ONLY */ +#endif /* MLD_CONFIG_SERIAL_FIPS202_ONLY || MLD_UNIT_TEST */ -#if MLD_CONFIG_PARAMETER_SET == 65 || defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) +#if MLD_CONFIG_PARAMETER_SET == 65 || \ + defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) || defined(MLD_UNIT_TEST) #define mld_poly_uniform_gamma1 MLD_NAMESPACE_KL(poly_uniform_gamma1) /************************************************* * Name: mld_poly_uniform_gamma1 @@ -182,9 +183,10 @@ __contract__( assigns(memory_slice(a, sizeof(mld_poly))) ensures(array_bound(a->coeffs, 0, MLDSA_N, -(MLDSA_GAMMA1 - 1), MLDSA_GAMMA1 + 1)) ); -#endif /* MLD_CONFIG_PARAMETER_SET == 65 || MLD_CONFIG_SERIAL_FIPS202_ONLY */ +#endif /* MLD_CONFIG_PARAMETER_SET == 65 || MLD_CONFIG_SERIAL_FIPS202_ONLY || \ + MLD_UNIT_TEST */ -#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) +#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) || defined(MLD_UNIT_TEST) #define mld_poly_uniform_gamma1_4x MLD_NAMESPACE_KL(poly_uniform_gamma1_4x) /************************************************* * Name: mld_poly_uniform_gamma1_4x @@ -219,7 +221,7 @@ __contract__( ensures(array_bound(r2->coeffs, 0, MLDSA_N, -(MLDSA_GAMMA1 - 1), MLDSA_GAMMA1 + 1)) ensures(array_bound(r3->coeffs, 0, MLDSA_N, -(MLDSA_GAMMA1 - 1), MLDSA_GAMMA1 + 1)) ); -#endif /* !MLD_CONFIG_SERIAL_FIPS202_ONLY */ +#endif /* !MLD_CONFIG_SERIAL_FIPS202_ONLY || MLD_UNIT_TEST */ #define mld_poly_challenge MLD_NAMESPACE_KL(poly_challenge) /************************************************* diff --git a/mldsa/src/symmetric.h b/mldsa/src/symmetric.h index bb70f0555..09131f380 100644 --- a/mldsa/src/symmetric.h +++ b/mldsa/src/symmetric.h @@ -10,7 +10,7 @@ #include "common.h" #include MLD_FIPS202_HEADER_FILE -#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) +#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) || defined(MLD_UNIT_TEST) #include MLD_FIPS202X4_HEADER_FILE #endif diff --git a/scripts/autogen b/scripts/autogen index 6417d9ecd..b91267aa9 100755 --- a/scripts/autogen +++ b/scripts/autogen @@ -1786,6 +1786,7 @@ def get_config_options(): "MLD_CONFIG_XXX", "MLD_CONFIG_API_CONSTANTS_ONLY", "MLD_PREHASH_", + "MLD_UNIT_TEST", ] return configs diff --git a/test/mk/components.mk b/test/mk/components.mk index 35d26f725..12fc86bf9 100644 --- a/test/mk/components.mk +++ b/test/mk/components.mk @@ -35,11 +35,11 @@ $(MLDSA87_OBJS): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=87 # Unit test object files - same sources but with MLD_STATIC_TESTABLE= MLDSA44_UNIT_OBJS = $(call MAKE_OBJS,$(MLDSA44_DIR)/unit,$(SOURCES) $(FIPS202_SRCS)) -$(MLDSA44_UNIT_OBJS): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=44 -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes +$(MLDSA44_UNIT_OBJS): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=44 -DMLD_STATIC_TESTABLE= -DMLD_UNIT_TEST -Wno-missing-prototypes MLDSA65_UNIT_OBJS = $(call MAKE_OBJS,$(MLDSA65_DIR)/unit,$(SOURCES) $(FIPS202_SRCS)) -$(MLDSA65_UNIT_OBJS): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=65 -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes +$(MLDSA65_UNIT_OBJS): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=65 -DMLD_STATIC_TESTABLE= -DMLD_UNIT_TEST -Wno-missing-prototypes MLDSA87_UNIT_OBJS = $(call MAKE_OBJS,$(MLDSA87_DIR)/unit,$(SOURCES) $(FIPS202_SRCS)) -$(MLDSA87_UNIT_OBJS): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=87 -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes +$(MLDSA87_UNIT_OBJS): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=87 -DMLD_STATIC_TESTABLE= -DMLD_UNIT_TEST -Wno-missing-prototypes # Alloc test object files - same sources but with custom alloc config MLDSA44_ALLOC_OBJS = $(call MAKE_OBJS,$(MLDSA44_DIR)/alloc,$(SOURCES) $(FIPS202_SRCS)) @@ -100,14 +100,14 @@ $(MLDSA44_DIR)/test/src/test_rng_fail.c.o: CFLAGS += -DMLD_CONFIG_FILE=\"../test $(MLDSA65_DIR)/test/src/test_rng_fail.c.o: CFLAGS += -DMLD_CONFIG_FILE=\"../test/configs/test_rng_fail_config.h\" $(MLDSA87_DIR)/test/src/test_rng_fail.c.o: CFLAGS += -DMLD_CONFIG_FILE=\"../test/configs/test_rng_fail_config.h\" -$(MLDSA44_DIR)/bin/test_unit44: CFLAGS += -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes -$(MLDSA65_DIR)/bin/test_unit65: CFLAGS += -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes -$(MLDSA87_DIR)/bin/test_unit87: CFLAGS += -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes +$(MLDSA44_DIR)/bin/test_unit44: CFLAGS += -DMLD_STATIC_TESTABLE= -DMLD_UNIT_TEST -Wno-missing-prototypes +$(MLDSA65_DIR)/bin/test_unit65: CFLAGS += -DMLD_STATIC_TESTABLE= -DMLD_UNIT_TEST -Wno-missing-prototypes +$(MLDSA87_DIR)/bin/test_unit87: CFLAGS += -DMLD_STATIC_TESTABLE= -DMLD_UNIT_TEST -Wno-missing-prototypes # Unit library object files compiled with MLD_STATIC_TESTABLE= -$(MLDSA44_DIR)/unit_%: CFLAGS += -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes -$(MLDSA65_DIR)/unit_%: CFLAGS += -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes -$(MLDSA87_DIR)/unit_%: CFLAGS += -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes +$(MLDSA44_DIR)/unit_%: CFLAGS += -DMLD_STATIC_TESTABLE= -DMLD_UNIT_TEST -Wno-missing-prototypes +$(MLDSA65_DIR)/unit_%: CFLAGS += -DMLD_STATIC_TESTABLE= -DMLD_UNIT_TEST -Wno-missing-prototypes +$(MLDSA87_DIR)/unit_%: CFLAGS += -DMLD_STATIC_TESTABLE= -DMLD_UNIT_TEST -Wno-missing-prototypes $(MLDSA44_DIR)/bin/bench_mldsa44: $(MLDSA44_DIR)/test/hal/hal.c.o diff --git a/test/src/test_unit.c b/test/src/test_unit.c index 8ce8b4ed8..705dc34c8 100644 --- a/test/src/test_unit.c +++ b/test/src/test_unit.c @@ -20,6 +20,14 @@ #endif #endif /* !NUM_RANDOM_TESTS */ +#ifndef NUM_RANDOM_TESTS_REJ_UNIFORM +#ifdef MLDSA_DEBUG +#define NUM_RANDOM_TESTS_REJ_UNIFORM 100 +#else +#define NUM_RANDOM_TESTS_REJ_UNIFORM 1000 +#endif +#endif /* !NUM_RANDOM_TESTS_REJ_UNIFORM */ + #define CHECK(x) \ do \ { \ @@ -581,6 +589,99 @@ static int test_backend_units(void) MLD_USE_NATIVE_POLYVECL_POINTWISE_ACC_MONTGOMERY_L7 || \ MLD_USE_NATIVE_POLYZ_UNPACK_17 || MLD_USE_NATIVE_POLYZ_UNPACK_19 */ +static int test_poly_uniform_gamma1_consistency(void) +{ + mld_poly r0_x4, r1_x4, r2_x4, r3_x4, r0_x1, r1_x1, r2_x1, r3_x1; + MLD_ALIGN uint8_t seed[MLDSA_CRHBYTES]; + uint16_t nonce0, nonce1, nonce2, nonce3; + int i; + for (i = 0; i < NUM_RANDOM_TESTS_REJ_UNIFORM; i++) + { + randombytes(seed, MLDSA_CRHBYTES); + randombytes((uint8_t *)&nonce0, sizeof(uint16_t)); + randombytes((uint8_t *)&nonce1, sizeof(uint16_t)); + randombytes((uint8_t *)&nonce2, sizeof(uint16_t)); + randombytes((uint8_t *)&nonce3, sizeof(uint16_t)); + /* Call 4x version */ + mld_poly_uniform_gamma1_4x(&r0_x4, &r1_x4, &r2_x4, &r3_x4, seed, nonce0, + nonce1, nonce2, nonce3); + /* Call scalar version 4 times */ + mld_poly_uniform_gamma1(&r0_x1, seed, nonce0); + mld_poly_uniform_gamma1(&r1_x1, seed, nonce1); + mld_poly_uniform_gamma1(&r2_x1, seed, nonce2); + mld_poly_uniform_gamma1(&r3_x1, seed, nonce3); + + CHECK(memcmp(r0_x4.coeffs, r0_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0); + CHECK(memcmp(r1_x4.coeffs, r1_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0); + CHECK(memcmp(r2_x4.coeffs, r2_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0); + CHECK(memcmp(r3_x4.coeffs, r3_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0); + } + return 0; +} + +static int test_poly_uniform_consistency(void) +{ + mld_poly r0_x4, r1_x4, r2_x4, r3_x4, r0_x1, r1_x1, r2_x1, r3_x1; + MLD_ALIGN uint8_t seed[4][MLD_ALIGN_UP(MLDSA_SEEDBYTES + 2)]; + int i, j; + + for (i = 0; i < NUM_RANDOM_TESTS_REJ_UNIFORM; i++) + { + for (j = 0; j < 4; j++) + { + randombytes(seed[j], MLDSA_SEEDBYTES + 2); + } + + /* Call 4x version */ + mld_poly_uniform_4x(&r0_x4, &r1_x4, &r2_x4, &r3_x4, seed); + + /* Call scalar version 4 times */ + mld_poly_uniform(&r0_x1, seed[0]); + mld_poly_uniform(&r1_x1, seed[1]); + mld_poly_uniform(&r2_x1, seed[2]); + mld_poly_uniform(&r3_x1, seed[3]); + + CHECK(memcmp(r0_x4.coeffs, r0_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0); + CHECK(memcmp(r1_x4.coeffs, r1_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0); + CHECK(memcmp(r2_x4.coeffs, r2_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0); + CHECK(memcmp(r3_x4.coeffs, r3_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0); + } + return 0; +} + +static int test_poly_uniform_eta_consistency(void) +{ + mld_poly r0_x4, r1_x4, r2_x4, r3_x4, r0_x1, r1_x1, r2_x1, r3_x1; + MLD_ALIGN uint8_t seed[MLDSA_CRHBYTES]; + uint8_t nonce0, nonce1, nonce2, nonce3; + int i; + + for (i = 0; i < NUM_RANDOM_TESTS_REJ_UNIFORM; i++) + { + randombytes(seed, MLDSA_CRHBYTES); + randombytes(&nonce0, sizeof(uint8_t)); + randombytes(&nonce1, sizeof(uint8_t)); + randombytes(&nonce2, sizeof(uint8_t)); + randombytes(&nonce3, sizeof(uint8_t)); + + /* Call 4x version */ + mld_poly_uniform_eta_4x(&r0_x4, &r1_x4, &r2_x4, &r3_x4, seed, nonce0, + nonce1, nonce2, nonce3); + + /* Call scalar version 4 times */ + mld_poly_uniform_eta(&r0_x1, seed, nonce0); + mld_poly_uniform_eta(&r1_x1, seed, nonce1); + mld_poly_uniform_eta(&r2_x1, seed, nonce2); + mld_poly_uniform_eta(&r3_x1, seed, nonce3); + + CHECK(memcmp(r0_x4.coeffs, r0_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0); + CHECK(memcmp(r1_x4.coeffs, r1_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0); + CHECK(memcmp(r2_x4.coeffs, r2_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0); + CHECK(memcmp(r3_x4.coeffs, r3_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0); + } + return 0; +} + int main(void) { /* WARNING: Test-only @@ -612,6 +713,9 @@ int main(void) MLD_USE_NATIVE_POLYVECL_POINTWISE_ACC_MONTGOMERY_L7 || \ MLD_USE_NATIVE_POLYZ_UNPACK_17 || MLD_USE_NATIVE_POLYZ_UNPACK_19 */ + CHECK(test_poly_uniform_gamma1_consistency() == 0); + CHECK(test_poly_uniform_eta_consistency() == 0); + CHECK(test_poly_uniform_consistency() == 0); return 0; }