Add support for ML-DSA-87 parameter set.

PiperOrigin-RevId: 842177576
Change-Id: I8338def95a8b1cff50ab80ed534c59b07a30b06a

Author: lukaszobernig

signature/mldsa/key.go

@@ -61,12 +61,16 @@ const (
 	UnknownInstance Instance = iota
 	// MLDSA65 yields ML-DSA-65 parameters.
 	MLDSA65
+	// MLDSA87 yields ML-DSA-87 parameters.
+	MLDSA87
 )
 
 func (instance Instance) String() string {
 	switch instance {
 	case MLDSA65:
 		return "MLDSA65"
+	case MLDSA87:
+		return "MLDSA87"
 	default:
 		return "UNKNOWN"
 	}
@@ -138,6 +142,11 @@ func checkPublicKeyLengthForInstance(length int, instance Instance) error {
 		if length != expectedLength {
 			return fmt.Errorf("public key length must be %d bytes", expectedLength)
 		}
+	case MLDSA87:
+		expectedLength := mldsa.MLDSA87.PublicKeyLength()
+		if length != expectedLength {
+			return fmt.Errorf("public key length must be %d bytes", expectedLength)
+		}
 	default:
 		return fmt.Errorf("invalid instance: %v", instance)
 	}
@@ -214,6 +223,11 @@ func keyGenForInstance(seed secretdata.Bytes, instance Instance) ([]byte, secret
 		copy(seedBytes[:], seed.Data(insecuresecretdataaccess.Token{}))
 		publicKey, secretKey := mldsa.MLDSA65.KeyGenFromSeed(seedBytes)
 		return publicKey.Encode(), secretdata.NewBytesFromData(secretKey.Encode(), insecuresecretdataaccess.Token{}), nil
+	case MLDSA87:
+		var seedBytes [mldsa.SecretKeySeedSize]byte
+		copy(seedBytes[:], seed.Data(insecuresecretdataaccess.Token{}))
+		publicKey, secretKey := mldsa.MLDSA87.KeyGenFromSeed(seedBytes)
+		return publicKey.Encode(), secretdata.NewBytesFromData(secretKey.Encode(), insecuresecretdataaccess.Token{}), nil
 	default:
 		return nil, secretdata.Bytes{}, fmt.Errorf("invalid instance: %v", instance)
 	}
@@ -304,8 +318,8 @@ func createPrivateKey(p key.Parameters, idRequirement uint32) (key.Key, error) {
 	if !ok {
 		return nil, fmt.Errorf("invalid parameters type: %T", p)
 	}
-	// Make sure the parameters are not "empty"; only MLDSA65 is supported.
-	if mlDSAParams.Instance() != MLDSA65 {
+	// Make sure the parameters are not "empty"; only MLDSA65 and MLDSA87 are supported.
+	if mlDSAParams.Instance() != MLDSA65 && mlDSAParams.Instance() != MLDSA87 {
 		return nil, fmt.Errorf("invalid parameters")
 	}
 	seed, err := secretdata.NewBytesFromRand(mldsa.SecretKeySeedSize)

signature/mldsa/key_test.go

@@ -27,9 +27,13 @@ func TestCreateKeysetHandleFromParameters(t *testing.T) {
 		instance mldsa.Instance
 	}{
 		{
-			name:     "MLDSA65",
+			name:     "ML-DSA-65",
 			instance: mldsa.MLDSA65,
 		},
+		{
+			name:     "ML-DSA-87",
+			instance: mldsa.MLDSA87,
+		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			params, err := mldsa.NewParameters(tc.instance, mldsa.VariantNoPrefix)

signature/mldsa/mldsa_test.go

@@ -61,6 +61,8 @@ func protoMlDsaInstanceFromInstance(instance Instance) (mldsapb.MlDsaInstance, e
 	switch instance {
 	case MLDSA65:
 		return mldsapb.MlDsaInstance_ML_DSA_65, nil
+	case MLDSA87:
+		return mldsapb.MlDsaInstance_ML_DSA_87, nil
 	default:
 		return mldsapb.MlDsaInstance_ML_DSA_UNKNOWN_INSTANCE, fmt.Errorf("unknown instance: %v", instance)
 	}
@@ -171,6 +173,8 @@ func instanceFromProto(instanceType mldsapb.MlDsaInstance) (Instance, error) {
 	switch instanceType {
 	case mldsapb.MlDsaInstance_ML_DSA_65:
 		return MLDSA65, nil
+	case mldsapb.MlDsaInstance_ML_DSA_87:
+		return MLDSA87, nil
 	default:
 		return UnknownInstance, fmt.Errorf("unsupported instance type: %v", instanceType)
 	}

signature/mldsa/protoserialization.go

@@ -38,6 +38,8 @@ func mldsaSecretKeyFromPrivateKey(privateKey *PrivateKey) (*mldsa.SecretKey, err
 	switch privateKey.publicKey.params.Instance() {
 	case MLDSA65:
 		return mldsa.MLDSA65.DecodeSecretKey(privateKey.expandedKeyBytes.Data(insecuresecretdataaccess.Token{}))
+	case MLDSA87:
+		return mldsa.MLDSA87.DecodeSecretKey(privateKey.expandedKeyBytes.Data(insecuresecretdataaccess.Token{}))
 	default:
 		return &mldsa.SecretKey{}, fmt.Errorf("invalid instance: %v", privateKey.publicKey.params.Instance())
 	}

signature/mldsa/signer.go

@@ -38,9 +38,13 @@ func TestSignerKeyManagerGetPrimitiveBasic(t *testing.T) {
 		instance tinkmldsa.Instance
 	}{
 		{
-			name:     "MLDSA65",
+			name:     "ML-DSA-65",
 			instance: tinkmldsa.MLDSA65,
 		},
+		{
+			name:     "ML-DSA-87",
+			instance: tinkmldsa.MLDSA87,
+		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			km, err := registry.GetKeyManager("type.googleapis.com/google.crypto.tink.MlDsaPrivateKey")
@@ -108,9 +112,13 @@ func TestSignerKeyManagerGetPrimitiveWithInvalidInput(t *testing.T) {
 		instance mldsapb.MlDsaInstance
 	}{
 		{
-			name:     "MLDSA65",
+			name:     "ML-DSA-65",
 			instance: mldsapb.MlDsaInstance_ML_DSA_65,
 		},
+		{
+			name:     "ML-DSA-87",
+			instance: mldsapb.MlDsaInstance_ML_DSA_87,
+		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			key := newMLDSAPrivateKey(tc.instance)
@@ -139,9 +147,13 @@ func TestSignerKeyManagerNewKeyDataBasic(t *testing.T) {
 		instance mldsapb.MlDsaInstance
 	}{
 		{
-			name:     "MLDSA65",
+			name:     "ML-DSA-65",
 			instance: mldsapb.MlDsaInstance_ML_DSA_65,
 		},
+		{
+			name:     "ML-DSA-87",
+			instance: mldsapb.MlDsaInstance_ML_DSA_87,
+		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			km, err := registry.GetKeyManager("type.googleapis.com/google.crypto.tink.MlDsaPrivateKey")
@@ -179,9 +191,13 @@ func TestSignerKeyManagerPublicKeyDataBasic(t *testing.T) {
 		instance mldsapb.MlDsaInstance
 	}{
 		{
-			name:     "MLDSA65",
+			name:     "ML-DSA-65",
 			instance: mldsapb.MlDsaInstance_ML_DSA_65,
 		},
+		{
+			name:     "ML-DSA-87",
+			instance: mldsapb.MlDsaInstance_ML_DSA_87,
+		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			km, err := registry.GetKeyManager("type.googleapis.com/google.crypto.tink.MlDsaPrivateKey")
@@ -223,9 +239,13 @@ func TestSignerKeyManagerPublicKeyDataWithInvalidInput(t *testing.T) {
 		instance mldsapb.MlDsaInstance
 	}{
 		{
-			name:     "MLDSA65",
+			name:     "ML-DSA-65",
 			instance: mldsapb.MlDsaInstance_ML_DSA_65,
 		},
+		{
+			name:     "ML-DSA-87",
+			instance: mldsapb.MlDsaInstance_ML_DSA_87,
+		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			km, err := registry.GetKeyManager("type.googleapis.com/google.crypto.tink.MlDsaPrivateKey")
@@ -271,6 +291,21 @@ func newMLDSAPrivateKey(instance mldsapb.MlDsaInstance) *mldsapb.MlDsaPrivateKey
 			PublicKey: publicProto,
 			KeyValue:  seed[:],
 		}
+	case mldsapb.MlDsaInstance_ML_DSA_87:
+		public, private := mldsa.MLDSA87.KeyGen()
+		publicProto := &mldsapb.MlDsaPublicKey{
+			Params: &mldsapb.MlDsaParams{
+				MlDsaInstance: mldsapb.MlDsaInstance_ML_DSA_87,
+			},
+			Version:  0,
+			KeyValue: public.Encode(),
+		}
+		seed := private.Seed()
+		return &mldsapb.MlDsaPrivateKey{
+			Version:   0,
+			PublicKey: publicProto,
+			KeyValue:  seed[:],
+		}
 	default:
 		panic(fmt.Sprintf("Unsupported MLDSA instance: %v", instance))
 	}
@@ -294,6 +329,8 @@ func validateMLDSAPrivateKey(instance mldsapb.MlDsaInstance, key *mldsapb.MlDsaP
 	switch instance {
 	case mldsapb.MlDsaInstance_ML_DSA_65:
 		pub, _ = mldsa.MLDSA65.KeyGenFromSeed(seedBytes)
+	case mldsapb.MlDsaInstance_ML_DSA_87:
+		pub, _ = mldsa.MLDSA87.KeyGenFromSeed(seedBytes)
 	default:
 		return fmt.Errorf("unsupported instance: %v", instance)
 	}

signature/mldsa/signer_key_manager_test.go

@@ -36,17 +36,29 @@ func TestSignVerifyManager(t *testing.T) {
 		idRequirement uint32
 	}{
 		{
-			name:          "TINK",
+			name:          "TINK ML-DSA-65",
 			instance:      tinkmldsa.MLDSA65,
 			variant:       tinkmldsa.VariantTink,
 			idRequirement: uint32(0x01020304),
 		},
 		{
-			name:          "RAW",
+			name:          "TINK ML-DSA-87",
+			instance:      tinkmldsa.MLDSA87,
+			variant:       tinkmldsa.VariantTink,
+			idRequirement: uint32(0x01020304),
+		},
+		{
+			name:          "RAW ML-DSA-65",
 			instance:      tinkmldsa.MLDSA65,
 			variant:       tinkmldsa.VariantNoPrefix,
 			idRequirement: uint32(0),
 		},
+		{
+			name:          "RAW ML-DSA-87",
+			instance:      tinkmldsa.MLDSA87,
+			variant:       tinkmldsa.VariantNoPrefix,
+			idRequirement: uint32(0),
+		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			params, err := tinkmldsa.NewParameters(tc.instance, tc.variant)
@@ -126,15 +138,25 @@ func TestVerifyFails(t *testing.T) {
 		variant  tinkmldsa.Variant
 	}{
 		{
-			name:     "TINK",
+			name:     "TINK ML-DSA-65",
 			instance: tinkmldsa.MLDSA65,
 			variant:  tinkmldsa.VariantTink,
 		},
 		{
-			name:     "RAW",
+			name:     "TINK ML-DSA-87",
+			instance: tinkmldsa.MLDSA87,
+			variant:  tinkmldsa.VariantTink,
+		},
+		{
+			name:     "RAW ML-DSA-65",
 			instance: tinkmldsa.MLDSA65,
 			variant:  tinkmldsa.VariantNoPrefix,
 		},
+		{
+			name:     "RAW ML-DSA-87",
+			instance: tinkmldsa.MLDSA87,
+			variant:  tinkmldsa.VariantNoPrefix,
+		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			seed := random.GetRandomBytes(32)
@@ -211,15 +233,25 @@ func TestSignVerifyCorrectness(t *testing.T) {
 		variant  tinkmldsa.Variant
 	}{
 		{
-			name:     "TINK",
+			name:     "TINK ML-DSA-65",
 			instance: tinkmldsa.MLDSA65,
 			variant:  tinkmldsa.VariantTink,
 		},
 		{
-			name:     "RAW",
+			name:     "TINK ML-DSA-87",
+			instance: tinkmldsa.MLDSA87,
+			variant:  tinkmldsa.VariantTink,
+		},
+		{
+			name:     "RAW ML-DSA-65",
 			instance: tinkmldsa.MLDSA65,
 			variant:  tinkmldsa.VariantNoPrefix,
 		},
+		{
+			name:     "RAW ML-DSA-87",
+			instance: tinkmldsa.MLDSA87,
+			variant:  tinkmldsa.VariantNoPrefix,
+		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			seed := random.GetRandomBytes(32)

signature/mldsa/signer_verifier_test.go

@@ -37,6 +37,8 @@ func mldsaPublicKeyFromPublicKey(publicKey *PublicKey) (*mldsa.PublicKey, error)
 	switch publicKey.params.instance {
 	case MLDSA65:
 		return mldsa.MLDSA65.DecodePublicKey(publicKey.KeyBytes())
+	case MLDSA87:
+		return mldsa.MLDSA87.DecodePublicKey(publicKey.KeyBytes())
 	default:
 		return &mldsa.PublicKey{}, fmt.Errorf("invalid instance: %v", publicKey.params.instance)
 	}

signature/mldsa/verifier.go

@@ -35,12 +35,19 @@ func TestVerifierKeyManagerGetPrimitiveBasic(t *testing.T) {
 		msg      []byte
 	}{
 		{
-			name:     "MLDSA65",
+			name:     "ML-DSA-65",
 			instance: tinkmldsa.MLDSA65,
 			pub:      mustDecodeString(t, pubKey65Hex),
 			sig:      mustDecodeString(t, sig65Hex),
 			msg:      mustDecodeString(t, msg65Hex),
 		},
+		{
+			name:     "ML-DSA-87",
+			instance: tinkmldsa.MLDSA87,
+			pub:      mustDecodeString(t, pubKey87Hex),
+			sig:      mustDecodeString(t, sig87Hex),
+			msg:      mustDecodeString(t, msg87Hex),
+		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			km, err := registry.GetKeyManager("type.googleapis.com/google.crypto.tink.MlDsaPublicKey")
@@ -86,9 +93,13 @@ func TestVerifierKeyManagerGetPrimitiveWithInvalidInput(t *testing.T) {
 		instance mldsapb.MlDsaInstance
 	}{
 		{
-			name:     "MLDSA65",
+			name:     "ML-DSA-65",
 			instance: mldsapb.MlDsaInstance_ML_DSA_65,
 		},
+		{
+			name:     "ML-DSA-87",
+			instance: mldsapb.MlDsaInstance_ML_DSA_87,
+		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			key := newMLDSAPublicKey(tc.instance)