Use NIST test vectors. I copied the first test case for each parameter set.
For ML-KEM and ML-DSA, I did it manually. For SLH-DSA, I used the following
Python script:
```
<gen-val/json-files/SLH-DSA-keyGen-FIPS205/internalProjection.json python -c '
import json, re, sys
data = json.load(sys.stdin)
types = {family: {} for family in ["SHA2_F", "SHA2_S", "SHAKE_F", "SHAKE_S"]}
for group in data["testGroups"]:
t = group["tests"][0]
m = re.match(r"SLH-DSA-(\w+)-([0-9]+)(\w+)", group["parameterSet"])
type = m.group(1) + "_" + m.group(3).upper()
size = m.group(2)
prv = t["skSeed"] + t["skPrf"] + t["pkSeed"] + t["pk"]
pub = t["pkSeed"] + t["pk"]
types[type][size] = (prv, pub)
for type in sorted(types.keys()):
print("")
print(f" # https://github.com/usnistgov/ACVP-Server/blob/v1.1.0.41/gen-val/json-files/SLH-DSA-keyGen-FIPS205/internalProjection.json")
print(f" \x27SLH_DSA(PSA_SLH_FAMILY_{type})\x27: {{")
for size in sorted(types[type].keys()):
entry = types[type][size]
print(f" {size}: (\"{entry[0]}\",")
print(f" \"{entry[1]}\"),")
print(f" }},")
'
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Define the necessary new categories (key wrap, key encapsulation, XOF).
This completes the list of mechanisms in the PSA Crypto API version 1.4,
except for PAKE that are more challenging (family parametrization, need to
find sample keys in `asymmetric_key_data.py`), and except for the PQC
extension.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add generated files that are no longer checked in.
Remove obsolete things (including things now covered at the framework root).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The files are now generated during the build. Stop having them in version
control.
As formerly in Mbed TLS, `make clean` doesn't remove
configuration-independent target-independent generated files, but the new
target `make neat` does.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We don't need to check those generated files into version control.
This fixes the problem that the generated files have precise knowledge of
the functions that exist on whatever branch of TF-PSA-Crypto is consuming
the framework.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
TF-PSA-Crypto no longer has `psa_can_do_hash()` (except as a temporary stub
to avoid breaking the build of psasim).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The mldsa-native and mlkem-native headers use preprocessor tricks to
construct identifiers. We can't recognize those. So f a symbol found in the
binary is in the expected sub-namespace for those parts of the library,
allow it to be undeclared.
Make the exception general enough for mldsa-native (needed now) and
mlkem-native (needed soon).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The pattern for internal macros was weird, in part, because of the unusual
short names we use in bignum code. Make the pattern stricter, but add an
exception mechanism. Declare an exception for those bignum names, but
allow them only in bignum code.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
I needed that to understand how the data is represented (str vs Match, list
vs set vs tuple, ...).
No semantic change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use a typed namespace instead of a dictionary with heterogenously typed values.
No semantic change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Keep TEST_EQUAL() on the function that might fail so that if a failure
happen the message will report the actual function that failed.
Documentation of the helper function is also updated.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
`python` might be the wrong version, for example it might be Python 2 on
some systems, or it might be a different version of Python 3. Use
`sys.executable`, so that the same version gets used consistently.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Gilles Peskine