Generate MLDSA test cases for the driver and dispatch layers#282
Merged
gilles-peskine-arm merged 14 commits intoMbed-TLS:mainfrom Apr 8, 2026
Merged
Conversation
gilles-peskine-arm
added
the
needs-preceding-pr
gilles-peskine-arm
added
needs-ci
github-project-automation
bot
moved this to In Development
in Roadmap pull requests (new board)
9 tasks
gilles-peskine-arm
force-pushed
the
mldsa-pqcp-driver-framework
branch
from
1a4d56b to
44b926c
Compare
gilles-peskine-arm
force-pushed
the
mldsa-pqcp-driver-framework
branch
from
44b926c to
9d3741d
Compare
This was referenced Feb 26, 2026
gilles-peskine-arm
force-pushed
the
mldsa-pqcp-driver-framework
branch
from
9d3741d to
5371456
Compare
gilles-peskine-arm
added
needs-work
and removed
needs-preceding-pr
gilles-peskine-arm
force-pushed
the
mldsa-pqcp-driver-framework
branch
from
5371456 to
94a7719
Compare
gilles-peskine-arm
force-pushed
the
mldsa-pqcp-driver-framework
branch
from
94a7719 to
2c1ed7b
Compare
gilles-peskine-arm
added
needs-review
This was referenced Mar 31, 2026
We don't support ML-DSA in libtestdriver1 yet, because it's a copy of the `builtin` driver but ML-DSA is provided by the `pqcp` driver. This means that we can't test “driver-only” ML-DSA builds, but it should be possible to enable ML-DSA in a build that dispatches through the test driver. This is currently impossible because pure ML-DSA is not a sign-the-hash algorithm, but the code in the test driver for signatures assumes that all signature algorithms are sign-the-hash. Fix this in a minimal way by making the test driver activate the fallback mechanism of driver dispatch when the algorithm is pure ML-DSA. (Don't do this for all algorithms that are not sign-the-hash, because in general, we do want the test driver to fail if it's given an algorithm that it doesn't support.) Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When TF-PSA-Crypto has pure ML-DSA, we need to handle it in the test driver for signatures. But we must not try to reference ML-DSA identifiers in TF-PSA-Crypto branches where they don't exist yet, even though the compilation option already exists (which notably includes the TF-PSA-Crypto 1.1.0 release). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When building Mbed TLS with test drivers, "psa_crypto_mldsa.h" is not on the include path. Rather than get it on, which seems complicated and is not desirable in the long term, arrange to do without this header. We just need to define the macro PSA_ALG_IS_ML_DSA, and its behavior is defined by the PSA Crypto API specification so pretty much set in stone. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
force-pushed
the
mldsa-pqcp-driver-framework
branch
from
7d8c974 to
b68a5c0
Compare
Maintainer scripts may require a more recent Python than the version we currently use for Python checks (3.6). Mbed-TLS#293 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
force-pushed
the
mldsa-pqcp-driver-framework
branch
from
b68a5c0 to
dcf227c
Compare
gilles-peskine-arm
added
needs-review
valeriosetti
removed
the
needs-reviewer
bjwtaylor
reviewed
Apr 1, 2026
There was a problem hiding this comment.
Does this file need the standard copyright header?
Contributor
Author
There was a problem hiding this comment.
It could, but there's nothing in the file that would actually get copyright protection. (Then again, there have been copyright claims on the empty program…) I copied an existing file.
| message: bytes, | ||
| descr: str) -> test_case.TestCase: | ||
| """Construct one test case for deterministic signature.""" | ||
| signature = key.sign_message(message, deterministic=True) |
There was a problem hiding this comment.
Are we 100% sure that we will never support anything but deterministic? Id not would this be better as an input variable? Other PR's seem to indicate maybe this is temporary?
Contributor
Author
There was a problem hiding this comment.
We are 100% sure that we will support non-deterministic signatures. But they're not implemented yet. And this method is only for deterministic signatures. Non-deterministic signature testing will have a different method because the test data looks very different.
valeriosetti
approved these changes
Apr 2, 2026
Contributor
Author
|
The last CI run failed because the branch is out of date. I've pushed a merge commit with the head of |
github-project-automation
bot
moved this from In Development
to Has Approval
in Roadmap pull requests (new board)
gilles-peskine-arm
added
approved
github-project-automation
bot
moved this from Has Approval
to Done
in Roadmap pull requests (new board)
This was referenced Apr 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Framework support for Mbed-TLS/TF-PSA-Crypto#700.
Continues #278.
Needs preceding PR:
PR checklist