Add ML-DSA test vectors (FIPS 204 standard). (C2SP#146)

This commit adds test vectors for ML-DSA, based on the FIPS 204 standard.

These tests aim to cover the following cases:

- Baseline (signing a "Hello world" message).
- Keys and signatures of the wrong length.
- Signature with bit flips.
- Signature hints with a non-canonical encoding:
  - hints that aren't sorted,
  - hints are not strictly sorted (i.e. the same hint is repeated),
  - too many hints (potentially causing a buffer overflow),
  - non-zero padding after the hints.
- Secret keys with the `s1` or `s2` vectors out of the `[-eta, eta]` range.
- Public key with the `t1` component set to zero (allowing trivial forgeries, but the verification algorithm should still accept signatures for this key).
- Boundary conditions in the signature rejection loop (aiming to detect incorrect comparisons):
  - `z_max` equals `gamma1 - beta - 1` and `gamma1 - beta`,
  - `r0_max` equals `gamma2 - beta - 1` and `gamma2 - beta`,
  - `h_ones` equals `omega` and `omega + 1`,
  - in the case of ML-DSA-44, `|ct0|_max` equals `gamma2 - 1` and `gamma2`.
- A "large" number of SHAKE bytes and of SHAKE blocks generated in the `expand_a`, `expand_s`, `rej_ntt_poly` and `rej_bounded_poly` functions.
- Boundary conditions in arithmetic functions:
  - `power_2_round` function: when the remainder (found in `t0`) is equal to 4096 or -4095,
  - `decompose` (via `high_bits` or `low_bits`): when the condition `r_plus - r_0 = q - 1` happens.

Beyond the baseline API, also covered are:
- The `context` value: empty (default), regular length, or context too long.

**What isn't covered:**
- The randomized variant (only the deterministic variant is covered).
- The pre-hased variant "HashML-DSA" (only the regular variant is covered).

Signature generation tests are split by those that take the private key in seed form and
those that use the expanded encoding.

Co-authored-by: Daniel McCarney <daniel@binaryparadox.net>

Author: gendx

schemas/mldsa_sign_common.json

@@ -0,0 +1,47 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "definitions": {
+    "MlDsaSignTestVector": {
+      "type": "object",
+      "properties": {
+        "tcId": {
+          "type": "integer",
+          "description": "Identifier of the test case"
+        },
+        "comment": {
+          "type": "string",
+          "description": "A brief description of the test case"
+        },
+        "msg": {
+          "type": "string",
+          "format": "HexBytes",
+          "description": "The message to sign"
+        },
+        "ctx": {
+          "type": "string",
+          "format": "HexBytes",
+          "description": "[optional] The additional context string (empty if not provided)"
+        },
+        "sig": {
+          "type": "string",
+          "format": "HexBytes",
+          "description": "The encoded signature (empty in case of expected failure)"
+        },
+        "result": {
+          "type": "string",
+          "description": "Test result",
+          "enum": ["valid", "invalid"]
+        },
+        "flags": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          },
+          "description": "A list of flags"
+        }
+      },
+      "additionalProperties": false,
+      "required": ["tcId", "comment", "msg", "sig", "result", "flags"]
+    }
+  }
+}

schemas/mldsa_sign_noseed_schema.json

@@ -0,0 +1,61 @@
+{
+  "type": "object",
+  "definitions": {
+    "MlDsaSignTestGroup": {
+      "type": "object",
+      "properties": {
+        "type": {
+          "enum": ["MlDsaSign"]
+        },
+        "privateKey": {
+          "type": "string",
+          "format": "HexBytes",
+          "description": "Encoded ML-DSA private key"
+        },
+        "tests": {
+          "type": "array",
+          "items": {
+            "$ref": "mldsa_sign_common.json#/definitions/MlDsaSignTestVector"
+          }
+        },
+        "source": {
+          "$ref": "common.json#/definitions/Source"
+        }
+      },
+      "additionalProperties": false,
+      "required": ["type", "privateKey", "tests", "source"]
+    }
+  },
+  "properties": {
+    "algorithm": {
+      "type": "string",
+      "description": "the primitive tested in the test file"
+    },
+    "header": {
+      "type": "array",
+      "items": {
+        "type": "string"
+      },
+      "description": "additional documentation"
+    },
+    "notes": {
+      "type": "object",
+      "description": "a description of the labels used in the test vectors"
+    },
+    "numberOfTests": {
+      "type": "integer",
+      "description": "the number of test vectors in this test"
+    },
+    "schema": {
+      "enum": ["mldsa_sign_noseed_schema.json"]
+    },
+    "testGroups": {
+      "type": "array",
+      "items": {
+        "$ref": "#/definitions/MlDsaSignTestGroup"
+      }
+    }
+  },
+  "additionalProperties": false,
+  "required": ["algorithm", "header", "notes", "numberOfTests", "schema", "testGroups"]
+}

schemas/mldsa_sign_seed_schema.json

@@ -0,0 +1,61 @@
+{
+  "type": "object",
+  "definitions": {
+    "MlDsaSignTestGroup": {
+      "type": "object",
+      "properties": {
+        "type": {
+          "enum": ["MlDsaSign"]
+        },
+        "privateSeed": {
+          "type": "string",
+          "format": "HexBytes",
+          "description": "32-byte seed that generated the private key"
+        },
+        "tests": {
+          "type": "array",
+          "items": {
+            "$ref": "mldsa_sign_common.json#/definitions/MlDsaSignTestVector"
+          }
+        },
+        "source": {
+          "$ref": "common.json#/definitions/Source"
+        }
+      },
+      "additionalProperties": false,
+      "required": ["type", "privateSeed", "tests", "source"]
+    }
+  },
+  "properties": {
+    "algorithm": {
+      "type": "string",
+      "description": "the primitive tested in the test file"
+    },
+    "header": {
+      "type": "array",
+      "items": {
+        "type": "string"
+      },
+      "description": "additional documentation"
+    },
+    "notes": {
+      "type": "object",
+      "description": "a description of the labels used in the test vectors"
+    },
+    "numberOfTests": {
+      "type": "integer",
+      "description": "the number of test vectors in this test"
+    },
+    "schema": {
+      "enum": ["mldsa_sign_seed_schema.json"]
+    },
+    "testGroups": {
+      "type": "array",
+      "items": {
+        "$ref": "#/definitions/MlDsaSignTestGroup"
+      }
+    }
+  },
+  "additionalProperties": false,
+  "required": ["algorithm", "header", "notes", "numberOfTests", "schema", "testGroups"]
+}

schemas/mldsa_verify_schema.json

@@ -0,0 +1,97 @@
+{
+  "type": "object",
+  "definitions": {
+    "MlDsaVerifyTestGroup": {
+      "type": "object",
+      "properties": {
+        "type": {
+          "enum": ["MlDsaVerify"]
+        },
+        "public_key": {
+          "type": "string",
+          "format": "HexBytes",
+          "description": "Encoded ML-DSA public key"
+        },
+        "tests": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/MlDsaVerifyTestVector"
+          }
+        },
+        "source": {
+          "$ref": "common.json#/definitions/Source"
+        }
+      }
+    },
+    "MlDsaVerifyTestVector": {
+      "type": "object",
+      "properties": {
+        "tcId": {
+          "type": "integer",
+          "description": "Identifier of the test case"
+        },
+        "comment": {
+          "type": "string",
+          "description": "A brief description of the test case"
+        },
+        "msg": {
+          "type": "string",
+          "format": "HexBytes",
+          "description": "The message to verify"
+        },
+        "ctx": {
+          "type": "string",
+          "format": "HexBytes",
+          "description": "[optional] The additional context string (empty if not provided)"
+        },
+        "sig": {
+          "type": "string",
+          "format": "HexBytes",
+          "description": "The encoded signature"
+        },
+        "result": {
+          "type": "string",
+          "description": "Test result",
+          "enum": ["valid", "invalid"]
+        },
+        "flags": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          },
+          "description": "A list of flags"
+        }
+      }
+    }
+  },
+  "properties": {
+    "algorithm": {
+      "type": "string",
+      "description": "the primitive tested in the test file"
+    },
+    "header": {
+      "type": "array",
+      "items": {
+        "type": "string"
+      },
+      "description": "additional documentation"
+    },
+    "notes": {
+      "type": "object",
+      "description": "a description of the labels used in the test vectors"
+    },
+    "numberOfTests": {
+      "type": "integer",
+      "description": "the number of test vectors in this test"
+    },
+    "schema": {
+      "enum": ["mldsa_verify_schema.json"]
+    },
+    "testGroups": {
+      "type": "array",
+      "items": {
+        "$ref": "#/definitions/MlDsaVerifyTestGroup"
+      }
+    }
+  }
+}