From e10d0ffc81b7b3da1604657dc2830991e469fd10 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Mar 2026 17:30:38 +0100 Subject: [PATCH] Add passthrough for pure ML-DSA to the test driver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We don't support ML-DSA in libtestdriver1 yet, because it's a copy of the `builtin` driver but ML-DSA is provided by the `pqcp` driver. This means that we can't test “driver-only” ML-DSA builds, but it should be possible to enable ML-DSA in a build that dispatches through the test driver. This is currently impossible because pure ML-DSA is not a sign-the-hash algorithm, but the code in the test driver for signatures assumes that all signature algorithms are sign-the-hash. Fix this in a minimal way by making the test driver activate the fallback mechanism of driver dispatch when the algorithm is pure ML-DSA. (Don't do this for all algorithms that are not sign-the-hash, because in general, we do want the test driver to fail if it's given an algorithm that it doesn't support.) Signed-off-by: Gilles Peskine --- tests/src/drivers/test_driver_signature.c | 37 +++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c index e8dc07655..010cdfcf4 100644 --- a/tests/src/drivers/test_driver_signature.c +++ b/tests/src/drivers/test_driver_signature.c @@ -39,6 +39,15 @@ #include LIBTESTDRIVER1_PSA_DRIVER_INTERNAL_HEADER(psa_crypto_rsa.h) #endif +#if defined(TF_PSA_CRYPTO_PQCP_MLDSA_ENABLED) +/* For PSA_ALG_IS_ML_DSA. Including this internal header will no longer + * be needed once we add the ML-DSA macro definitions to the public + * headers. + * https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/726 + */ +#include "psa_crypto_mldsa.h" +#endif + #include mbedtls_test_driver_signature_hooks_t @@ -213,6 +222,20 @@ psa_status_t mbedtls_test_transparent_signature_sign_message( return PSA_SUCCESS; } +#if defined(TF_PSA_CRYPTO_PQCP_MLDSA_ENABLED) + /* Pure ML-DSA is not a sign-the-hash algorithm. At the moment, this + * function only knows how to deal with sign-the-hash algorithms. + * So give up and let the next driver in the chain handle the algorithm. + * For pure ML-DSA, this will be the pqcp driver, which does not have + * a libtestdriver1 variant, meaning that we can't test "driver-only" + * builds for pure ML-DSA, but we can have ML-DSA enabled in builds that + * dispatch through the test driver. + */ + if (PSA_ALG_IS_ML_DSA(alg)) { + return PSA_ERROR_NOT_SUPPORTED; + } +#endif + #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) status = libtestdriver1_mbedtls_psa_hash_compute( @@ -280,6 +303,20 @@ psa_status_t mbedtls_test_transparent_signature_verify_message( return mbedtls_test_driver_signature_verify_hooks.forced_status; } +#if defined(TF_PSA_CRYPTO_PQCP_MLDSA_ENABLED) + /* Pure ML-DSA is not a sign-the-hash algorithm. At the moment, this + * function only knows how to deal with sign-the-hash algorithms. + * So give up and let the next driver in the chain handle the algorithm. + * For pure ML-DSA, this will be the pqcp driver, which does not have + * a libtestdriver1 variant, meaning that we can't test "driver-only" + * builds for pure ML-DSA, but we can have ML-DSA enabled in builds that + * dispatch through the test driver. + */ + if (PSA_ALG_IS_ML_DSA(alg)) { + return PSA_ERROR_NOT_SUPPORTED; + } +#endif + #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) status = libtestdriver1_mbedtls_psa_hash_compute(