How are the messages computed for ML DSA KAT?

[GiacomoPope]

I tried to generate the messages myself to compare against the KAT vectors but I couldn't make it work: https://github.com/GiacomoPope/dilithium-py/blob/42c0767480db232b501dcc818030c3a6e086db75/tests/test_ml_dsa.py#L163-L166

All other values seem fine though.

[kriskwiatkowski]

DRBG is initialized:

    // Set initial entropy
    let Ok(mut entropy) = hex::decode("60496cd0a12512800a79161189b055ac3996ad24e578d3c5fc57c1e60fa2eb4e550d08e51e9db7b67f1a616681d9182d") else {
        std::process::exit(1);
    };

    let mut drbg: DrbgCtx = DrbgCtx::new();
    drbg.init(&entropy, Vec::new());
    for i in 0..args.n_samples {
        drbg.get_random(&mut entropy);
        sig::sig(p, i, &entropy, args.rnd.clone());
    }

and then when signing:

pub fn sig(p: Params, count: usize, entropy: &[u8], rnd: RndSource) {
    let mut pk = Vec::new();
    let mut sk = Vec::new();
    let mut sig = Vec::new();
    let mut msg = Vec::new();
    let obj: *mut pqcl_sig_t;

    println!("count = {}", count);

    pk.resize(p.pk, 0);
    sk.resize(p.sk, 0);
    sig.resize(p.sig, 0);
    msg.resize(2 * (8 * (count + 1)), 0);

    unsafe {
        let mut buf = Vec::new();
        buf.resize(32, 0);
        DRBG.init(&entropy.clone(), Vec::new());
        DRBG.get_random(&mut buf);
        println!("xi = {}", hex::encode(&buf));
        if rnd == RndSource::Randomised {
            DRBG.get_random(&mut buf);
            println!("rng = {}", hex::encode(&buf));
        }
        DRBG.get_random(&mut msg); /// <---- Here is the message
        DRBG.init(&entropy.clone(), Vec::new());
    };
    ....

Let me know if you need more help

[GiacomoPope]

Thanks a lot!