From: Eric Biggers <ebiggers@kernel.org>
To: David Howells <dhowells@redhat.com>
Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
Ard Biesheuvel <ardb@kernel.org>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
Herbert Xu <herbert@gondor.apana.org.au>
Subject: Re: NIST FIPS test vector failures
Date: Mon, 19 Jan 2026 10:51:25 -0800 [thread overview]
Message-ID: <20260119185125.GA11957@sol> (raw)
In-Reply-To: <1010414.1768841311@warthog.procyon.org.uk>
On Mon, Jan 19, 2026 at 04:48:31PM +0000, David Howells wrote:
> Hi Eric,
>
> I'm trying out autogenerating X.509 and PKCS#7 tests from the NIST FIPS test
> vectors here:
>
> https://github.com/usnistgov/ACVP-Server/tree/master/gen-val/json-files/ML-DSA-sigVer-FIPS204
>
> Unfortunately, all of them seem to fail, but I'm not sure why. As far as I
> can tell, test case (tcId) 174, for example, should pass, but does not.
> Attached is a patch that adds that test case to the kunit test for ML-DSA for
> you to try, skipping the X509/PKCS7 stuff and going direct to verification.
> Could you have a look see if I've done anything obviously incorrect?
Have you checked which algorithm test case 174 is meant to test? It's
in the following test group:
{
"tgId": 12,
"testType": "AFT",
"parameterSet": "ML-DSA-87",
"signatureInterface": "internal",
"externalMu": false,
"tests": [
Given the "signatureInterface": "internal", it seems it's meant to test
ML-DSA.Verify_internal(). Currently, the kernel ML-DSA code only
supports the "external" interface, i.e. ML-DSA.Verify(). So that test
case isn't applicable to it.
- Eric
next prev parent reply other threads:[~2026-01-19 18:51 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-19 16:48 NIST FIPS test vector failures David Howells
2026-01-19 17:09 ` David Howells
2026-01-19 18:51 ` Eric Biggers [this message]
2026-01-20 15:00 ` David Howells
2026-01-20 15:04 ` Python script to generate X509/CMS from NIST testcases David Howells
2026-01-20 15:42 ` Stephan Mueller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260119185125.GA11957@sol \
--to=ebiggers@kernel.org \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.