Move ML-DSA to fipsmodule (#2175)

Note: **Merge after #2177 is merged**.

### Issues:
Resolves #CryptoAlg-2826

As part of validating ML-DSA into AWS-LC-FIPS we must include both
`PQDSA` and `ML-DSA` directories into the fipsmodule.

This PR is a repeat of:
- #2095

### Description of changes: 

Much like the series of PRs for ML-KEM we will implement the move into
the FIPS module across split PRs:
- #1828
- #1832
- #1838

Previous PR:
- #2166

This PR is part (2) to move `ML-DSA` from `crypto/ml_dsa/` to
`crypto/fipsmodule/ml_dsa/`.

We did this once before:
- #2095

But had to revert it here due to static fips builds for ARM failing in
CI (CryptoAlg-2899)
- #2104

We are now unblocked by:
- #2177

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.

crypto/CMakeLists.txt

@@ -440,7 +440,6 @@ add_library(
   kyber/kem_kyber.c
   lhash/lhash.c
   mem.c
-  ml_dsa/ml_dsa.c
   obj/obj.c
   obj/obj_xref.c
   ocsp/ocsp_asn.c

crypto/evp_extra/internal.h

@@ -7,7 +7,7 @@
 #include <openssl/base.h>
 #include "../fipsmodule/evp/internal.h"
 
-#include "../ml_dsa/ml_dsa.h"
+#include "../fipsmodule/ml_dsa/ml_dsa.h"
 
 #define PKCS8_VERSION_ONE 0
 #define PKCS8_VERSION_TWO 1

crypto/evp_extra/p_pqdsa_asn1.c

@@ -10,7 +10,7 @@
 #include "../crypto/fipsmodule/pqdsa/internal.h"
 #include "../crypto/internal.h"
 #include "../fipsmodule/evp/internal.h"
-#include "../ml_dsa/ml_dsa.h"
+#include "../fipsmodule/ml_dsa/ml_dsa.h"
 #include "internal.h"
 
 static void pqdsa_free(EVP_PKEY *pkey) {

crypto/evp_extra/p_pqdsa_test.cc

@@ -14,7 +14,7 @@
 #include <vector>
 #include "../fipsmodule/evp/internal.h"
 #include "../internal.h"
-#include "../ml_dsa/ml_dsa.h"
+#include "../fipsmodule/ml_dsa/ml_dsa.h"
 #include "../fipsmodule/pqdsa/internal.h"
 #include "../test/file_test.h"
 #include "../test/test_util.h"
@@ -1217,7 +1217,7 @@ INSTANTIATE_TEST_SUITE_P(All, PQDSAParameterTest, testing::ValuesIn(parameterSet
                              -> std::string { return params.param.name; });
 
 TEST_P(PQDSAParameterTest, KAT) {
-  std::string kat_filepath = "crypto/";
+  std::string kat_filepath = "crypto/fipsmodule/";
   kat_filepath += GetParam().kat_filename;
 
   FileTestGTest(kat_filepath.c_str(), [&](FileTest *t) {
@@ -1974,7 +1974,7 @@ TEST_P(PerMLDSATest, ExternalMu) {
 }
 
 TEST_P(PerMLDSATest, ACVPKeyGen) {
-  std::string kat_filepath = "crypto/";
+  std::string kat_filepath = "crypto/fipsmodule/";
   kat_filepath += GetParam().ACVP_keyGen;
 
   FileTestGTest(kat_filepath.c_str(), [&](FileTest *t) {
@@ -2001,7 +2001,7 @@ TEST_P(PerMLDSATest, ACVPKeyGen) {
 }
 
 TEST_P(PerMLDSATest, ACVPSigGen) {
-  std::string kat_filepath = "crypto/";
+  std::string kat_filepath = "crypto/fipsmodule/";
   kat_filepath += GetParam().ACVP_sigGen;
 
   FileTestGTest(kat_filepath.c_str(), [&](FileTest *t) {
@@ -2045,7 +2045,7 @@ TEST_P(PerMLDSATest, ACVPSigGen) {
 }
 
 TEST_P(PerMLDSATest, ACVPSigVer) {
-  std::string kat_filepath = "crypto/";
+  std::string kat_filepath = "crypto/fipsmodule/";
   kat_filepath += GetParam().ACVP_sigVer;
 
   FileTestGTest(kat_filepath.c_str(), [&](FileTest *t) {

crypto/evp_extra/print.c

@@ -64,7 +64,7 @@
 #include "../internal.h"
 #include "../fipsmodule/evp/internal.h"
 #include "../fipsmodule/rsa/internal.h"
-#include "../ml_dsa/ml_dsa.h"
+#include "../fipsmodule/ml_dsa/ml_dsa.h"
 #include "../fipsmodule/pqdsa/internal.h"
 
 static int print_hex(BIO *bp, const uint8_t *data, size_t len, int off) {

crypto/fipsmodule/bcm.c

@@ -127,6 +127,7 @@
 #include "kem/kem.c"
 #include "md4/md4.c"
 #include "md5/md5.c"
+#include "ml_dsa/ml_dsa.c"
 #include "ml_kem/ml_kem.c"
 #include "modes/cbc.c"
 #include "modes/cfb.c"

crypto/fipsmodule/evp/p_pqdsa.c

@@ -7,7 +7,7 @@
 
 #include "../crypto/evp_extra/internal.h"
 #include "../delocate.h"
-#include "../../ml_dsa/ml_dsa.h"
+#include "../ml_dsa/ml_dsa.h"
 #include "../crypto/internal.h"
 #include "../pqdsa/internal.h"
 

crypto/ml_dsa/ml_dsa.c → crypto/fipsmodule/ml_dsa/ml_dsa.c

@@ -1,8 +1,8 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0 OR ISC
 
-#include "../evp_extra/internal.h"
-#include "../fipsmodule/evp/internal.h"
+#include "../../evp_extra/internal.h"
+#include "../evp/internal.h"
 #include "ml_dsa.h"
 #include "ml_dsa_ref/params.h"
 #include "ml_dsa_ref/sign.h"

crypto/ml_dsa/ml_dsa_ref/ntt.c → crypto/fipsmodule/ml_dsa/ml_dsa_ref/ntt.c

@@ -3,7 +3,7 @@
 #include "ntt.h"
 #include "reduce.h"
 
-static const int32_t zetas[ML_DSA_N] = {
+static const int32_t ml_dsa_zetas[ML_DSA_N] = {
          0,    25847, -2608894,  -518909,   237124,  -777960,  -876248,   466468,
    1826347,  2353451,  -359251, -2091905,  3119733, -2884855,  3111497,  2680103,
    2725464,  1024112, -1079900,  3585928,  -549488, -1119584,  2619752, -2108549,
@@ -54,7 +54,7 @@ void ml_dsa_ntt(int32_t a[ML_DSA_N]) {
   k = 0;
   for(len = 128; len > 0; len >>= 1) {
     for(start = 0; start < ML_DSA_N; start = j + len) {
-      zeta = zetas[++k];
+      zeta = ml_dsa_zetas[++k];
       for(j = start; j < start + len; ++j) {
         t = ml_dsa_fqmul(zeta, a[j + len]);
         a[j + len] = a[j] - t;
@@ -84,7 +84,7 @@ void ml_dsa_invntt_tomont(int32_t a[ML_DSA_N]) {
   k = 256;
   for(len = 1; len < ML_DSA_N; len <<= 1) {
     for(start = 0; start < ML_DSA_N; start = j + len) {
-      zeta = -zetas[--k];
+      zeta = -ml_dsa_zetas[--k];
       for(j = start; j < start + len; ++j) {
         t = a[j];
         a[j] = t + a[j + len];

crypto/ml_dsa/ml_dsa_ref/packing.c → crypto/fipsmodule/ml_dsa/ml_dsa_ref/packing.c

@@ -2,7 +2,7 @@
 #include "packing.h"
 #include "polyvec.h"
 #include "poly.h"
-#include "../../fipsmodule/sha/internal.h"
+#include "../../sha/internal.h"
 
 /*************************************************
 * Name:        ml_dsa_pack_pk_from_sk

crypto/ml_dsa/ml_dsa_ref/poly.c → crypto/fipsmodule/ml_dsa/ml_dsa_ref/poly.c

@@ -4,7 +4,7 @@
 #include "ntt.h"
 #include "reduce.h"
 #include "rounding.h"
-#include "../../fipsmodule/sha/internal.h"
+#include "../../sha/internal.h"
 
 /*************************************************
 * Name:        ml_dsa_poly_reduce

crypto/ml_dsa/ml_dsa_ref/sign.c → crypto/fipsmodule/ml_dsa/ml_dsa_ref/sign.c

@@ -1,6 +1,6 @@
 #include "sign.h"
 #include <stdint.h>
-#include "../../internal.h"
+#include "../../../internal.h"
 #include "openssl/rand.h"
 #include "packing.h"
 #include "params.h"

crypto/fipsmodule/pqdsa/pqdsa.c

@@ -6,7 +6,7 @@
 
 #include "../delocate.h"
 #include "../../evp_extra/internal.h"
-#include "../crypto/ml_dsa/ml_dsa.h"
+#include "../ml_dsa/ml_dsa.h"
 #include "internal.h"
 
 // ML-DSA OIDs as defined within:

sources.cmake

@@ -82,6 +82,24 @@ set(
   crypto/fipsmodule/ecdsa/ecdsa_verify_tests.txt
   crypto/fipsmodule/kdf/test/kbkdf_counter.txt
   crypto/fipsmodule/kdf/test/sskdf.txt
+  crypto/fipsmodule/ml_dsa/kat/MLDSA_44_ACVP_keyGen.txt
+  crypto/fipsmodule/ml_dsa/kat/MLDSA_44_ACVP_sigGen.txt
+  crypto/fipsmodule/ml_dsa/kat/MLDSA_44_ACVP_sigVer.txt
+  crypto/fipsmodule/ml_dsa/kat/MLDSA_65_ACVP_keyGen.txt
+  crypto/fipsmodule/ml_dsa/kat/MLDSA_65_ACVP_sigGen.txt
+  crypto/fipsmodule/ml_dsa/kat/MLDSA_65_ACVP_sigVer.txt
+  crypto/fipsmodule/ml_dsa/kat/MLDSA_87_ACVP_keyGen.txt
+  crypto/fipsmodule/ml_dsa/kat/MLDSA_87_ACVP_sigGen.txt
+  crypto/fipsmodule/ml_dsa/kat/MLDSA_87_ACVP_sigVer.txt
+  crypto/fipsmodule/ml_dsa/kat/MLDSA_EXTMU_44_ACVP_sigGen.txt
+  crypto/fipsmodule/ml_dsa/kat/MLDSA_EXTMU_44_ACVP_sigVer.txt
+  crypto/fipsmodule/ml_dsa/kat/MLDSA_EXTMU_65_ACVP_sigGen.txt
+  crypto/fipsmodule/ml_dsa/kat/MLDSA_EXTMU_65_ACVP_sigVer.txt
+  crypto/fipsmodule/ml_dsa/kat/MLDSA_EXTMU_87_ACVP_sigGen.txt
+  crypto/fipsmodule/ml_dsa/kat/MLDSA_EXTMU_87_ACVP_sigVer.txt
+  crypto/fipsmodule/ml_dsa/kat/MLDSA_44_hedged_pure.txt
+  crypto/fipsmodule/ml_dsa/kat/MLDSA_65_hedged_pure.txt
+  crypto/fipsmodule/ml_dsa/kat/MLDSA_87_hedged_pure.txt
   crypto/fipsmodule/ml_kem/kat/mlkem512.txt
   crypto/fipsmodule/ml_kem/kat/mlkem768.txt
   crypto/fipsmodule/ml_kem/kat/mlkem1024.txt
@@ -102,24 +120,6 @@ set(
   crypto/kyber/kat/kyber512r3.txt
   crypto/kyber/kat/kyber768r3.txt
   crypto/kyber/kat/kyber1024r3.txt
-  crypto/ml_dsa/kat/MLDSA_44_ACVP_keyGen.txt
-  crypto/ml_dsa/kat/MLDSA_44_ACVP_sigGen.txt
-  crypto/ml_dsa/kat/MLDSA_44_ACVP_sigVer.txt
-  crypto/ml_dsa/kat/MLDSA_65_ACVP_keyGen.txt
-  crypto/ml_dsa/kat/MLDSA_65_ACVP_sigGen.txt
-  crypto/ml_dsa/kat/MLDSA_65_ACVP_sigVer.txt
-  crypto/ml_dsa/kat/MLDSA_87_ACVP_keyGen.txt
-  crypto/ml_dsa/kat/MLDSA_87_ACVP_sigGen.txt
-  crypto/ml_dsa/kat/MLDSA_87_ACVP_sigVer.txt
-  crypto/ml_dsa/kat/MLDSA_EXTMU_44_ACVP_sigGen.txt
-  crypto/ml_dsa/kat/MLDSA_EXTMU_44_ACVP_sigVer.txt
-  crypto/ml_dsa/kat/MLDSA_EXTMU_65_ACVP_sigGen.txt
-  crypto/ml_dsa/kat/MLDSA_EXTMU_65_ACVP_sigVer.txt
-  crypto/ml_dsa/kat/MLDSA_EXTMU_87_ACVP_sigGen.txt
-  crypto/ml_dsa/kat/MLDSA_EXTMU_87_ACVP_sigVer.txt
-  crypto/ml_dsa/kat/MLDSA_44_hedged_pure.txt
-  crypto/ml_dsa/kat/MLDSA_65_hedged_pure.txt
-  crypto/ml_dsa/kat/MLDSA_87_hedged_pure.txt
   crypto/ocsp/test/aws/certs.txt
   crypto/ocsp/test/aws/certs_revoked.txt
   crypto/ocsp/test/aws/certs_unknown.txt

util/fipstools/acvp/modulewrapper/modulewrapper.cc

@@ -57,8 +57,8 @@
 #include "../../../../crypto/fipsmodule/hmac/internal.h"
 #include "../../../../crypto/fipsmodule/rand/internal.h"
 #include "../../../../crypto/fipsmodule/curve25519/internal.h"
-#include "../../../../crypto/ml_dsa/ml_dsa.h"
-#include "../../../../crypto/ml_dsa/ml_dsa_ref/params.h"
+#include "../../../../crypto/fipsmodule/ml_dsa/ml_dsa.h"
+#include "../../../../crypto/fipsmodule/ml_dsa/ml_dsa_ref/params.h"
 #include "modulewrapper.h"