Unit-test: add consistency tests for mld_poly_uniform*_x1/x4

In mldsa-native, there are three functions that have both scalar and
4-way batched variants:

- mld_poly_uniform_gamma1 / mld_poly_uniform_gamma1_4x
- mld_poly_uniform_eta    / mld_poly_uniform_eta_4x
- mld_poly_uniform        / mld_poly_uniform_4x

For each of the above pairs, this PR implements consistency test
functions in test_unit.c that compare the outputs of the scalar and
4-way batched variants.

For mld_poly_uniform_eta and mld_poly_uniform_eta_4x, the two variants
are not defined under the same compilation conditions in poly_kl.h.
To enable testing both variants, this commit introduces a new macro:
MLD_UNIT_TEST which is made available in test_unit.c to override the
conditional compilation and allow both implementations to be exercised
in the unit tests.

Signed-off-by: willieyz <willie.zhao@chelpis.com>

Author: willieyz

mldsa/src/poly_kl.c

@@ -341,7 +341,7 @@ __contract__(
   return mld_rej_eta_c(a, target, offset, buf, buflen);
 }
 
-#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY)
+#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) || defined(MLD_UNIT_TEST)
 MLD_INTERNAL_API
 void mld_poly_uniform_eta_4x(mld_poly *r0, mld_poly *r1, mld_poly *r2,
                              mld_poly *r3, const uint8_t seed[MLDSA_CRHBYTES],
@@ -425,7 +425,9 @@ void mld_poly_uniform_eta_4x(mld_poly *r0, mld_poly *r1, mld_poly *r2,
   mld_zeroize(buf, sizeof(buf));
   mld_zeroize(extseed, sizeof(extseed));
 }
-#else  /* !MLD_CONFIG_SERIAL_FIPS202_ONLY */
+#endif /* !MLD_CONFIG_SERIAL_FIPS202_ONLY || MLD_UNIT_TEST */
+
+#if defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) || defined(MLD_UNIT_TEST)
 
 MLD_INTERNAL_API
 void mld_poly_uniform_eta(mld_poly *r, const uint8_t seed[MLDSA_CRHBYTES],
@@ -482,7 +484,7 @@ void mld_poly_uniform_eta(mld_poly *r, const uint8_t seed[MLDSA_CRHBYTES],
   mld_zeroize(buf, sizeof(buf));
   mld_zeroize(extseed, sizeof(extseed));
 }
-#endif /* MLD_CONFIG_SERIAL_FIPS202_ONLY */
+#endif /* MLD_CONFIG_SERIAL_FIPS202_ONLY || MLD_UNIT_TEST */
 
 #define MLD_POLY_UNIFORM_GAMMA1_NBLOCKS                       \
   ((MLDSA_POLYZ_PACKEDBYTES + MLD_STREAM256_BLOCKBYTES - 1) / \

mldsa/src/poly_kl.h

@@ -92,7 +92,7 @@ __contract__(
   ensures(array_bound(b->coeffs, 0, MLDSA_N, 0, (MLDSA_Q-1)/(2*MLDSA_GAMMA2)))
 );
 
-#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY)
+#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) || defined(MLD_UNIT_TEST)
 #define mld_poly_uniform_eta_4x MLD_NAMESPACE_KL(poly_uniform_eta_4x)
 /*************************************************
  * Name:        mld_poly_uniform_eta
@@ -132,9 +132,9 @@ __contract__(
   ensures(array_abs_bound(r2->coeffs, 0, MLDSA_N, MLDSA_ETA + 1))
   ensures(array_abs_bound(r3->coeffs, 0, MLDSA_N, MLDSA_ETA + 1))
 );
-#endif /* !MLD_CONFIG_SERIAL_FIPS202_ONLY */
+#endif /* !MLD_CONFIG_SERIAL_FIPS202_ONLY || MLD_UNIT_TEST */
 
-#if defined(MLD_CONFIG_SERIAL_FIPS202_ONLY)
+#if defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) || defined(MLD_UNIT_TEST)
 #define mld_poly_uniform_eta MLD_NAMESPACE_KL(poly_uniform_eta)
 /*************************************************
  * Name:        mld_poly_uniform_eta
@@ -157,7 +157,7 @@ __contract__(
   assigns(memory_slice(r, sizeof(mld_poly)))
   ensures(array_abs_bound(r->coeffs, 0, MLDSA_N, MLDSA_ETA + 1))
 );
-#endif /* MLD_CONFIG_SERIAL_FIPS202_ONLY */
+#endif /* MLD_CONFIG_SERIAL_FIPS202_ONLY || MLD_UNIT_TEST */
 
 #if MLD_CONFIG_PARAMETER_SET == 65 || defined(MLD_CONFIG_SERIAL_FIPS202_ONLY)
 #define mld_poly_uniform_gamma1 MLD_NAMESPACE_KL(poly_uniform_gamma1)

mldsa/src/symmetric.h

@@ -10,7 +10,7 @@
 #include "common.h"
 
 #include MLD_FIPS202_HEADER_FILE
-#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY)
+#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) || defined(MLD_UNIT_TEST)
 #include MLD_FIPS202X4_HEADER_FILE
 #endif
 

scripts/autogen

@@ -1786,6 +1786,7 @@ def get_config_options():
         "MLD_CONFIG_XXX",
         "MLD_CONFIG_API_CONSTANTS_ONLY",
         "MLD_PREHASH_",
+        "MLD_UNIT_TEST",
     ]
 
     return configs

test/mk/components.mk

@@ -35,11 +35,11 @@ $(MLDSA87_OBJS): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=87
 
 # Unit test object files - same sources but with MLD_STATIC_TESTABLE=
 MLDSA44_UNIT_OBJS = $(call MAKE_OBJS,$(MLDSA44_DIR)/unit,$(SOURCES) $(FIPS202_SRCS))
-$(MLDSA44_UNIT_OBJS): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=44 -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes
+$(MLDSA44_UNIT_OBJS): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=44 -DMLD_STATIC_TESTABLE= -DMLD_UNIT_TEST -Wno-missing-prototypes
 MLDSA65_UNIT_OBJS = $(call MAKE_OBJS,$(MLDSA65_DIR)/unit,$(SOURCES) $(FIPS202_SRCS))
-$(MLDSA65_UNIT_OBJS): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=65 -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes
+$(MLDSA65_UNIT_OBJS): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=65 -DMLD_STATIC_TESTABLE= -DMLD_UNIT_TEST -Wno-missing-prototypes
 MLDSA87_UNIT_OBJS = $(call MAKE_OBJS,$(MLDSA87_DIR)/unit,$(SOURCES) $(FIPS202_SRCS))
-$(MLDSA87_UNIT_OBJS): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=87 -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes
+$(MLDSA87_UNIT_OBJS): CFLAGS += -DMLD_CONFIG_PARAMETER_SET=87 -DMLD_STATIC_TESTABLE= -DMLD_UNIT_TEST -Wno-missing-prototypes
 
 # Alloc test object files - same sources but with custom alloc config
 MLDSA44_ALLOC_OBJS = $(call MAKE_OBJS,$(MLDSA44_DIR)/alloc,$(SOURCES) $(FIPS202_SRCS))
@@ -100,14 +100,14 @@ $(MLDSA44_DIR)/test/src/test_rng_fail.c.o: CFLAGS += -DMLD_CONFIG_FILE=\"../test
 $(MLDSA65_DIR)/test/src/test_rng_fail.c.o: CFLAGS += -DMLD_CONFIG_FILE=\"../test/configs/test_rng_fail_config.h\"
 $(MLDSA87_DIR)/test/src/test_rng_fail.c.o: CFLAGS += -DMLD_CONFIG_FILE=\"../test/configs/test_rng_fail_config.h\"
 
-$(MLDSA44_DIR)/bin/test_unit44: CFLAGS += -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes
-$(MLDSA65_DIR)/bin/test_unit65: CFLAGS += -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes
-$(MLDSA87_DIR)/bin/test_unit87: CFLAGS += -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes
+$(MLDSA44_DIR)/bin/test_unit44: CFLAGS += -DMLD_STATIC_TESTABLE= -DMLD_UNIT_TEST -Wno-missing-prototypes
+$(MLDSA65_DIR)/bin/test_unit65: CFLAGS += -DMLD_STATIC_TESTABLE= -DMLD_UNIT_TEST -Wno-missing-prototypes
+$(MLDSA87_DIR)/bin/test_unit87: CFLAGS += -DMLD_STATIC_TESTABLE= -DMLD_UNIT_TEST -Wno-missing-prototypes
 
 # Unit library object files compiled with MLD_STATIC_TESTABLE=
-$(MLDSA44_DIR)/unit_%: CFLAGS += -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes
-$(MLDSA65_DIR)/unit_%: CFLAGS += -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes
-$(MLDSA87_DIR)/unit_%: CFLAGS += -DMLD_STATIC_TESTABLE= -Wno-missing-prototypes
+$(MLDSA44_DIR)/unit_%: CFLAGS += -DMLD_STATIC_TESTABLE= -DMLD_UNIT_TEST -Wno-missing-prototypes
+$(MLDSA65_DIR)/unit_%: CFLAGS += -DMLD_STATIC_TESTABLE= -DMLD_UNIT_TEST -Wno-missing-prototypes
+$(MLDSA87_DIR)/unit_%: CFLAGS += -DMLD_STATIC_TESTABLE= -DMLD_UNIT_TEST -Wno-missing-prototypes
 
 
 $(MLDSA44_DIR)/bin/bench_mldsa44: $(MLDSA44_DIR)/test/hal/hal.c.o

test/src/test_unit.c

@@ -20,6 +20,14 @@
 #endif
 #endif /* !NUM_RANDOM_TESTS */
 
+#ifndef NUM_RANDOM_TESTS_UNIFORM
+#ifdef MLDSA_DEBUG
+#define NUM_RANDOM_TESTS_UNIFORM 100
+#else
+#define NUM_RANDOM_TESTS_UNIFORM 1000
+#endif
+#endif /* !NUM_RANDOM_TESTS_UNIFORM */
+
 #define CHECK(x)                                              \
   do                                                          \
   {                                                           \
@@ -581,6 +589,107 @@ static int test_backend_units(void)
           MLD_USE_NATIVE_POLYVECL_POINTWISE_ACC_MONTGOMERY_L7 ||               \
           MLD_USE_NATIVE_POLYZ_UNPACK_17 || MLD_USE_NATIVE_POLYZ_UNPACK_19 */
 
+
+#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) && MLD_CONFIG_PARAMETER_SET == 65
+static int test_poly_uniform_gamma1_consistency(void)
+{
+  mld_poly r0_x4, r1_x4, r2_x4, r3_x4, r0_x1, r1_x1, r2_x1, r3_x1;
+  uint8_t seed[MLDSA_CRHBYTES];
+  uint16_t nonce0, nonce1, nonce2, nonce3;
+  int i;
+  for (i = 0; i < NUM_RANDOM_TESTS_UNIFORM; i++)
+  {
+    randombytes(seed, MLDSA_CRHBYTES);
+    randombytes((uint8_t *)&nonce0, sizeof(uint16_t));
+    nonce1 = nonce0 + 1;
+    nonce2 = nonce0 + 2;
+    nonce3 = nonce0 + 3;
+    /* Call 4x version */
+    mld_poly_uniform_gamma1_4x(&r0_x4, &r1_x4, &r2_x4, &r3_x4, seed, nonce0,
+                               nonce1, nonce2, nonce3);
+    /* Call scalar version 4 times */
+    mld_poly_uniform_gamma1(&r0_x1, seed, nonce0);
+    mld_poly_uniform_gamma1(&r1_x1, seed, nonce1);
+    mld_poly_uniform_gamma1(&r2_x1, seed, nonce2);
+    mld_poly_uniform_gamma1(&r3_x1, seed, nonce3);
+
+    CHECK(memcmp(r0_x4.coeffs, r0_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0);
+    CHECK(memcmp(r1_x4.coeffs, r1_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0);
+    CHECK(memcmp(r2_x4.coeffs, r2_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0);
+    CHECK(memcmp(r3_x4.coeffs, r3_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0);
+  }
+  return 0;
+}
+#endif /* !MLD_CONFIG_SERIAL_FIPS202_ONLY && MLD_CONFIG_PARAMETER_SET == 65 */
+
+#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) && !defined(MLD_CONFIG_REDUCE_RAM)
+static int test_poly_uniform_consistency(void)
+{
+  mld_poly r0_x4, r1_x4, r2_x4, r3_x4, r0_x1, r1_x1, r2_x1, r3_x1;
+  MLD_ALIGN uint8_t seed[4][MLD_ALIGN_UP(MLDSA_SEEDBYTES + 2)];
+  int i, j;
+
+  for (i = 0; i < NUM_RANDOM_TESTS_UNIFORM; i++)
+  {
+    for (j = 0; j < 4; j++)
+    {
+      randombytes(seed[j], MLDSA_SEEDBYTES + 2);
+    }
+
+    /* Call 4x version */
+    mld_poly_uniform_4x(&r0_x4, &r1_x4, &r2_x4, &r3_x4, seed);
+
+    /* Call scalar version 4 times */
+    mld_poly_uniform(&r0_x1, seed[0]);
+    mld_poly_uniform(&r1_x1, seed[1]);
+    mld_poly_uniform(&r2_x1, seed[2]);
+    mld_poly_uniform(&r3_x1, seed[3]);
+
+    CHECK(memcmp(r0_x4.coeffs, r0_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0);
+    CHECK(memcmp(r1_x4.coeffs, r1_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0);
+    CHECK(memcmp(r2_x4.coeffs, r2_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0);
+    CHECK(memcmp(r3_x4.coeffs, r3_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0);
+  }
+  return 0;
+}
+#endif /* !MLD_CONFIG_SERIAL_FIPS202_ONLY && !MLD_CONFIG_REDUCE_RAM */
+
+#if defined(MLD_UNIT_TEST)
+static int test_poly_uniform_eta_consistency(void)
+{
+  mld_poly r0_x4, r1_x4, r2_x4, r3_x4, r0_x1, r1_x1, r2_x1, r3_x1;
+  uint8_t seed[MLDSA_CRHBYTES];
+  uint8_t nonce0, nonce1, nonce2, nonce3;
+  int i;
+
+  for (i = 0; i < NUM_RANDOM_TESTS_UNIFORM; i++)
+  {
+    randombytes(seed, MLDSA_CRHBYTES);
+    randombytes(&nonce0, sizeof(uint8_t));
+    nonce1 = (uint8_t)(nonce0 + 1);
+    nonce2 = (uint8_t)(nonce0 + 2);
+    nonce3 = (uint8_t)(nonce0 + 3);
+
+    /* Call 4x version */
+    mld_poly_uniform_eta_4x(&r0_x4, &r1_x4, &r2_x4, &r3_x4, seed, nonce0,
+                            nonce1, nonce2, nonce3);
+
+    /* Call scalar version 4 times */
+    mld_poly_uniform_eta(&r0_x1, seed, nonce0);
+    mld_poly_uniform_eta(&r1_x1, seed, nonce1);
+    mld_poly_uniform_eta(&r2_x1, seed, nonce2);
+    mld_poly_uniform_eta(&r3_x1, seed, nonce3);
+
+    CHECK(memcmp(r0_x4.coeffs, r0_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0);
+    CHECK(memcmp(r1_x4.coeffs, r1_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0);
+    CHECK(memcmp(r2_x4.coeffs, r2_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0);
+    CHECK(memcmp(r3_x4.coeffs, r3_x1.coeffs, MLDSA_N * sizeof(int32_t)) == 0);
+  }
+  return 0;
+}
+#endif /* MLD_UNIT_TEST */
+
+
 int main(void)
 {
   /* WARNING: Test-only
@@ -612,6 +721,17 @@ int main(void)
           MLD_USE_NATIVE_POLYVECL_POINTWISE_ACC_MONTGOMERY_L7 ||               \
           MLD_USE_NATIVE_POLYZ_UNPACK_17 || MLD_USE_NATIVE_POLYZ_UNPACK_19 */
 
+#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) && MLD_CONFIG_PARAMETER_SET == 65
+  CHECK(test_poly_uniform_gamma1_consistency() == 0);
+#endif
+
+#if !defined(MLD_CONFIG_SERIAL_FIPS202_ONLY) && !defined(MLD_CONFIG_REDUCE_RAM)
+  CHECK(test_poly_uniform_consistency() == 0);
+#endif
+
+#if defined(MLD_UNIT_TEST)
+  CHECK(test_poly_uniform_eta_consistency() == 0);
+#endif
 
   return 0;
 }