Add ML-DSA-44 and ML-DSA-87 to PQDSA API

[jakemas]

Issues:

Resolves #CryptoAlg-2725

Description of changes:

This PR adds ML-DSA-44 and ML-DSA-87 to AWS-LC. As we already have support for ML-DSA-65 through the PQDSA signature API (see #1963) and already support internal functions and KATs that use these internal APIs (see #1999), this PR consists of:

• The addition of the 6 pqdsa APIs for ML-DSA-44 and ML-DSA-87: ml_dsa_{44/87}_keypair, ml_dsa_{44/87}_keypair_internal, ml_dsa_{44/87}_sign, ml_dsa_{44/87}_sign_internal, ml_dsa_{44/87}_verify, andml_dsa_{44/87}_verify_internal
• The function methods: sig_ml_dsa_44_method and sig_ml_dsa_87_method
• The algorithm data structs: sig_ml_dsa_44 and sig_ml_dsa_87

Call-outs:

I haven't hooked up ML-DSA-44/87 to X.509 in this PR, to keep the PR focused to a single feature addition.

I have hooked up ML-DSA-44/87 to the speed tool; see example output:

Did 33000 MLDSA44 keygen operations in 1000554us (32981.7 ops/sec)
Did 8541 MLDSA44 signing operations in 1061153us (8048.8 ops/sec)
Did 32000 MLDSA44 verify operations in 1016751us (31472.8 ops/sec)
Did 17000 MLDSA65 keygen operations in 1021812us (16637.1 ops/sec)
Did 6000 MLDSA65 signing operations in 1148331us (5225.0 ops/sec)
Did 20000 MLDSA65 verify operations in 1019696us (19613.7 ops/sec)
Did 12000 MLDSA87 keygen operations in 1011438us (11864.3 ops/sec)
Did 4344 MLDSA87 signing operations in 1043422us (4163.2 ops/sec)
Did 12000 MLDSA87 verify operations in 1027267us (11681.5 ops/sec)

Testing:

#1999 provided a test frame work for all pqdsa signature types, as such, ML-DSA-44/87 are added to this test harness by:

static const struct PQDSATestVector parameterSet[] = {
  {"MLDSA44", NID_MLDSA44, 1312, 2560, 2420,  "dilithium/kat/MLDSA_44_hedged_pure.txt", mldsa44kPublicKey, mldsa44kPublicKeySPKI, 1334},
  {"MLDSA65", NID_MLDSA65, 1952, 4032, 3309,  "dilithium/kat/MLDSA_65_hedged_pure.txt", mldsa65kPublicKey, mldsa65kPublicKeySPKI, 1974},
  {"MLDSA87", NID_MLDSA87, 2592, 4896, 4627,  "dilithium/kat/MLDSA_87_hedged_pure.txt", mldsa87kPublicKey, mldsa87kPublicKeySPKI, 2614},
};

This requires the inclusion of test harness raw public keys mldsa{44/87}kPublicKey and encoded public keys mldsa{44/87}kPublicKeySPKI.

The lengths of the encodings are well defined by https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium-certificates/

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.91%. Comparing base (80f984e) to head (98822e6).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2009   +/-   ##
=======================================
  Coverage   78.90%   78.91%           
=======================================
  Files         594      594           
  Lines      102415   102414    -1     
  Branches    14517    14518    +1     
=======================================
+ Hits        80812    80819    +7     
+ Misses      20953    20945    -8     
  Partials      650      650           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

---

🚨 Try these New Features:

• Flaky Tests Detection - Detect and resolve failed and flaky tests