Add passthrough for pure ML-DSA to the test driver

We don't support ML-DSA in libtestdriver1 yet, because it's a copy of the
`builtin` driver but ML-DSA is provided by the `pqcp` driver. This means
that we can't test “driver-only” ML-DSA builds, but it should be possible to
enable ML-DSA in a build that dispatches through the test driver. This is
currently impossible because pure ML-DSA is not a sign-the-hash algorithm,
but the code in the test driver for signatures assumes that all signature
algorithms are sign-the-hash. Fix this in a minimal way by making the test
driver activate the fallback mechanism of driver dispatch when the algorithm
is pure ML-DSA. (Don't do this for all algorithms that are not sign-the-hash,
because in general, we do want the test driver to fail if it's given an
algorithm that it doesn't support.)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

tests/src/drivers/test_driver_signature.c

@@ -39,6 +39,15 @@
 #include LIBTESTDRIVER1_PSA_DRIVER_INTERNAL_HEADER(psa_crypto_rsa.h)
 #endif
 
+#if defined(TF_PSA_CRYPTO_PQCP_MLDSA_ENABLED)
+/* For PSA_ALG_IS_ML_DSA. Including this internal header will no longer
+ * be needed once we add the ML-DSA macro definitions to the public
+ * headers.
+ * https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/726
+ */
+#include "psa_crypto_mldsa.h"
+#endif
+
 #include <string.h>
 
 mbedtls_test_driver_signature_hooks_t
@@ -213,6 +222,20 @@ psa_status_t mbedtls_test_transparent_signature_sign_message(
         return PSA_SUCCESS;
     }
 
+#if defined(TF_PSA_CRYPTO_PQCP_MLDSA_ENABLED)
+    /* Pure ML-DSA is not a sign-the-hash algorithm. At the moment, this
+     * function only knows how to deal with sign-the-hash algorithms.
+     * So give up and let the next driver in the chain handle the algorithm.
+     * For pure ML-DSA, this will be the pqcp driver, which does not have
+     * a libtestdriver1 variant, meaning that we can't test "driver-only"
+     * builds for pure ML-DSA, but we can have ML-DSA enabled in builds that
+     * dispatch through the test driver.
+     */
+    if (PSA_ALG_IS_ML_DSA(alg)) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
+#endif
+
 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
     defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
     status = libtestdriver1_mbedtls_psa_hash_compute(
@@ -280,6 +303,20 @@ psa_status_t mbedtls_test_transparent_signature_verify_message(
         return mbedtls_test_driver_signature_verify_hooks.forced_status;
     }
 
+#if defined(TF_PSA_CRYPTO_PQCP_MLDSA_ENABLED)
+    /* Pure ML-DSA is not a sign-the-hash algorithm. At the moment, this
+     * function only knows how to deal with sign-the-hash algorithms.
+     * So give up and let the next driver in the chain handle the algorithm.
+     * For pure ML-DSA, this will be the pqcp driver, which does not have
+     * a libtestdriver1 variant, meaning that we can't test "driver-only"
+     * builds for pure ML-DSA, but we can have ML-DSA enabled in builds that
+     * dispatch through the test driver.
+     */
+    if (PSA_ALG_IS_ML_DSA(alg)) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
+#endif
+
 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
     defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
     status = libtestdriver1_mbedtls_psa_hash_compute(