Commit 959a634e authored by Eric Biggers's avatar Eric Biggers
Browse files

lib/crypto: mldsa: Add FIPS cryptographic algorithm self-test 



Since ML-DSA is FIPS-approved, add the boot-time self-test which is
apparently required.

Just add a test vector manually for now, borrowed from
lib/crypto/tests/mldsa-testvecs.h (where in turn it's borrowed from
leancrypto).  The SHA-* FIPS test vectors are generated by
scripts/crypto/gen-fips-testvecs.py instead, but the common Python
libraries don't support ML-DSA yet.

Acked-by: default avatarArd Biesheuvel <ardb@kernel.org>
Reviewed-by: default avatarDavid Howells <dhowells@redhat.com>
Link: https://lore.kernel.org/r/20260107044215.109930-1-ebiggers@kernel.org


Signed-off-by: default avatarEric Biggers <ebiggers@kernel.org>
parent 0d92c555

lib/crypto/fips-mldsa.h

0 → 100644
+458 −0

File added.

Preview size limit exceeded, changes collapsed.

lib/crypto/mldsa.c

+31 −0
Original line number Diff line number Diff line
@@ -13,6 +13,7 @@ 
#include <linux/slab.h>

#include <linux/string.h>

#include <linux/unaligned.h>

#include "fips-mldsa.h"



#define Q 8380417 /* The prime q = 2^23 - 2^13 + 1 */

#define QINV_MOD_2_32 58728449 /* Multiplicative inverse of q mod 2^32 */
@@ -648,5 +649,35 @@ int mldsa_verify(enum mldsa_alg alg, const u8 *sig, size_t sig_len, 
}

EXPORT_SYMBOL_GPL(mldsa_verify);



#ifdef CONFIG_CRYPTO_FIPS

static int __init mldsa_mod_init(void)

{

	if (fips_enabled) {

		/*

		 * FIPS cryptographic algorithm self-test.  As per the FIPS

		 * Implementation Guidance, testing any ML-DSA parameter set

		 * satisfies the test requirement for all of them, and only a

		 * positive test is required.

		 */

		int err = mldsa_verify(MLDSA65, fips_test_mldsa65_signature,

				       sizeof(fips_test_mldsa65_signature),

				       fips_test_mldsa65_message,

				       sizeof(fips_test_mldsa65_message),

				       fips_test_mldsa65_public_key,

				       sizeof(fips_test_mldsa65_public_key));

		if (err)

			panic("mldsa: FIPS self-test failed; err=%pe\n",

			      ERR_PTR(err));

	}

	return 0;

}

subsys_initcall(mldsa_mod_init);



static void __exit mldsa_mod_exit(void)

{

}

module_exit(mldsa_mod_exit);

#endif /* CONFIG_CRYPTO_FIPS */



MODULE_DESCRIPTION("ML-DSA signature verification");

MODULE_LICENSE("GPL");