intel
diff --git a/‎CHANGELOG.md‎
Lines changed: 3 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎README_FIPS.md‎
Lines changed: 18 additions & 0 deletions b/‎README_FIPS.md‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎include/ippcp/fips_cert.h‎
Lines changed: 14 additions & 3 deletions b/‎include/ippcp/fips_cert.h‎
Lines changed: 14 additions & 3 deletions
diff --git a/‎sources/include/fips_cert_internal/common.h‎
Lines changed: 7 additions & 6 deletions b/‎sources/include/fips_cert_internal/common.h‎
Lines changed: 7 additions & 6 deletions
@@ -2,6 +2,9 @@
 
 This is a list of notable changes to Intel® Cryptography Primitives Library, in reverse chronological order.
 
+## Intel(R) Cryptography Primitives Library 2.1.0
+- Added FIPS self-tests for ML-DSA (Module-Lattice-Based Digital Signature Algorithm) operations including key generation, signing, and verification functionality.
+
 ## Intel(R) Cryptography Primitives Library 2.0.0
 - Fixed an issue in LMS key and signature generation for certain values of `extraBufSize`.
 - Added more precise input parameters validation for multi-buffer functions (`mbx_sm3_msg_digest_mb16`, `mbx_sm3_update_mb16`, `mbx_exp_mb8` and `mbx_exp{1024,2048,3072,4096}_mb8`).
 
@@ -334,6 +334,24 @@ fips_test_status fips_selftest_ippsLMSVerify (Ipp8u *pBuffer);
 
 , where `pBuffer` is the valid buffer for selftest of size indicated by `fips_selftest_ippsLMSVerify_get_size`.
 
+##### ML-DSA keygen/sign/verify
+
+```cpp
+fips_test_status fips_selftest_ippsMLDSA_Sign_get_size_data_buff (int *pDataBuffSize);
+fips_test_status fips_selftest_ippsMLDSA_Verify_get_size_data_buff (int *pDataBuffSize);
+fips_test_status fips_selftest_ippsMLDSA_KeyGen_get_size_data_buff (int *pDataBuffSize);
+fips_test_status fips_selftest_ippsMLDSA_Sign_get_size (int *pBufferSize, Ipp8u *pDataBuff);
+fips_test_status fips_selftest_ippsMLDSA_Verify_get_size (int *pBufferSize, Ipp8u *pDataBuff);
+fips_test_status fips_selftest_ippsMLDSA_KeyGen_get_size (int *pBufferSize, Ipp8u *pDataBuff);
+fips_test_status fips_selftest_ippsMLDSA_Sign (Ipp8u *pBuffer, Ipp8u *pDataBuff);
+fips_test_status fips_selftest_ippsMLDSA_Verify (Ipp8u *pBuffer, Ipp8u *pDataBuff);
+fips_test_status fips_selftest_ippsMLDSA_KeyGen (Ipp8u *pBuffer, Ipp8u *pDataBuff);
+```
+
+, where `pDataBuff` is the valid persistent data buffer of size indicated by
+`fips_selftest_ippsMLDSASignVerify_get_size_data_buff`, and `pBuffer` is the valid scratch buffer
+of size indicated by `fips_selftest_ippsMLDSASignVerify_get_size`.
+
 ##### API for an indicator if a function is FIPS-approved
 
 ```cpp
 
@@ -116,6 +116,17 @@ IPPAPI(fips_test_status, fips_selftest_ippsGFpECSharedSecretDH, (Ipp8u *pGFpBuff
 IPPAPI(fips_test_status, fips_selftest_ippsLMSVerify_get_size, (int *pBufferSize))
 IPPAPI(fips_test_status, fips_selftest_ippsLMSVerify, (Ipp8u *pDataBuff))
 
+/* ML-DSA keygen/sign/verify */
+IPPAPI(fips_test_status, fips_selftest_ippsMLDSA_Sign_get_size_data_buff, (int* pDataBuffSize))
+IPPAPI(fips_test_status, fips_selftest_ippsMLDSA_Verify_get_size_data_buff, (int* pDataBuffSize))
+IPPAPI(fips_test_status, fips_selftest_ippsMLDSA_KeyGen_get_size_data_buff, (int* pDataBuffSize))
+IPPAPI(fips_test_status, fips_selftest_ippsMLDSA_Sign_get_size, (int* pBufferSize, Ipp8u* pDataBuff))
+IPPAPI(fips_test_status, fips_selftest_ippsMLDSA_Verify_get_size, (int* pBufferSize, Ipp8u* pDataBuff))
+IPPAPI(fips_test_status, fips_selftest_ippsMLDSA_KeyGen_get_size, (int* pBufferSize, Ipp8u* pDataBuff))
+IPPAPI(fips_test_status, fips_selftest_ippsMLDSA_Sign, (Ipp8u* pBuffer, Ipp8u* pDataBuff))
+IPPAPI(fips_test_status, fips_selftest_ippsMLDSA_Verify, (Ipp8u* pBuffer, Ipp8u* pDataBuff))
+IPPAPI(fips_test_status, fips_selftest_ippsMLDSA_KeyGen, (Ipp8u* pBuffer, Ipp8u* pDataBuff))
+
 /*
 // Enumerator that contains information about FIPS-approved
 // functions inside the ippcp cryptographic boundary
@@ -170,6 +181,9 @@ enum FIPS_IPPCP_FUNC {
     RSAEncrypt_OAEP_rmf,
     RSADecrypt_OAEP_rmf,
     LMSVerify,
+    MLDSA_KeyGen,
+    MLDSA_Sign,
+    MLDSA_Verify,
 
   /* Not approved functions or
    * FIPS-mode is not yet implemented, < 0
@@ -247,9 +261,6 @@ enum FIPS_IPPCP_FUNC {
     HKDF_extract,
     HKDF_expand,
     PBKDF2_PKCS5v2,
-    MLDSA_KeyGen,
-    MLDSA_Sign,
-    MLDSA_Verify,
     HashDRBG_Instantiate,
     HashDRBG_Uninstantiate,
     HashDRBG_Reseed,
 
@@ -26,12 +26,13 @@
 
 #define IPPCP_IV128_BYTE_LEN (16)
 
-#define IPPCP_AES_ALIGNMENT  ((int)sizeof(void*))
-#define IPPCP_HASH_ALIGNMENT ((int)sizeof(void*))
-#define IPPCP_HMAC_ALIGNMENT ((int)sizeof(void*))
-#define IPPCP_GFP_ALIGNMENT  ((int)sizeof(void*))
-#define IPPCP_BN_ALIGNMENT   ((int)sizeof(void*))
-#define IPPCP_RSA_ALIGNMENT  ((int)sizeof(BNU_CHUNK_T))
+#define IPPCP_AES_ALIGNMENT   ((int)sizeof(void*))
+#define IPPCP_HASH_ALIGNMENT  ((int)sizeof(void*))
+#define IPPCP_HMAC_ALIGNMENT  ((int)sizeof(void*))
+#define IPPCP_GFP_ALIGNMENT   ((int)sizeof(void*))
+#define IPPCP_BN_ALIGNMENT    ((int)sizeof(void*))
+#define IPPCP_MLDSA_ALIGNMENT ((int)sizeof(void*))
+#define IPPCP_RSA_ALIGNMENT   ((int)sizeof(BNU_CHUNK_T))
 
 // convert bitsize into 32-bit wordsize
 #define IPPCP_BITSIZE_2_WORDSIZE(N_BITS)   (((N_BITS) + 31) >> 5)