Skip to content

Multipart sign/verify: dispatch functions, dispatch to ML_DSA#775

Open
gilles-peskine-arm wants to merge 24 commits intoMbed-TLS:developmentfrom
gilles-peskine-arm:mldsa-sign-multipart-dispatch
Open

Multipart sign/verify: dispatch functions, dispatch to ML_DSA#775
gilles-peskine-arm wants to merge 24 commits intoMbed-TLS:developmentfrom
gilles-peskine-arm:mldsa-sign-multipart-dispatch

Conversation

@gilles-peskine-arm
Copy link
Copy Markdown
Contributor

@gilles-peskine-arm gilles-peskine-arm commented Apr 22, 2026
edited
Loading

Add the driver dispatch functions for multipart signature and verification. Add dispatch to ML-DSA only, PQCP driver only.

Follow the driver interface for multipart sign/verify that I proposed in ARM-software/psa-api#350

Resolves #771

Prerequisites:

Status: feature complete. Needs the prerequisites to be merged and then a tweak to pacify Mbed TLS's outcome analysis.

PR checklist

  • changelog not required because: not user-facing yet
  • framework PR provided Generate multipart ML-DSA tests mbedtls-framework#300
  • TF-PSA-Crypto development PR here
  • TF-PSA-Crypto 1.1 PR not required because: new feature
  • mbedtls development PR not required because: crypto only
  • mbedtls 4.1 PR not required because: crypto only
  • mbedtls 3.6 PR not required because: crypto only
  • tests provided

@gilles-peskine-arm
Improve documentation
af5fbf2 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Fix outdated comment
d6a894d 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Multipart ML-DSA driver: create setup and abort entry points
12a9e9b 
In setup, only validation is implemented, not the storing of the key or the
start of the operation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Define MLDSA signature length macros
5e0b6f4 
As with the key type and algorithm macros, they are in the driver header for
now, and will move to the public API headers once MLDSA is reachable from
the API.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Multipart ML-DSA driver: create setup and abort entry points
3e76a7f 
In setup, only validation is implemented, not the key expansion or the
start of the operation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Multipart ML-DSA driver: function stubs, unit test functions
e5e945e 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Pass the key again to the finish stage of sign/verify multipart
179df8c 
This is a deviation from the application interface, which is practical given
that the core is supposed to have a copy of the key in the key store, and
is useful because it saves the driver from needing to make its own copy.

ARM-software/psa-api#350

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Implement multipart MLDSA verification
6250899 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Multi-part ML-DSA verification: finish-time key tests
4356666 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Implement multipart MLDSA signature
196c665 
Copy the expanded private key on the heap from setup to finish.
Temporarily allocate the public key on the heap during setup.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Multipart ML-DSA signature: output buffer size tests
fbe202a 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Update framework with ML-DSA multipart test generation
c331cb4 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Add generated multipart tests for ML-DSA driver
3b47357 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Add outcome reporting of derived options for some/no-builtin-X
524e3d3 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Define operation structures for multipart sign/verify
98dd692 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Dispatch multipart sign/verify: add driver wrapper functions
b20cd46 
There is nothing to dispatch to yet. But as a signpost, write never-enabled
boilerplate code to dispatch to test drivers (not written yet) and to the
built-in implementation (not written yet: we do not yet support any
algorithm that isn't hash-then-sign or sign-small-message).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Dispatch multipart sign/verify: test setup
86a6276 
There is nothing to dispatch to yet, so we're just checking that setup
returns `PSA_ERROR_NOT_SUPPORTED` and abort returns `PSA_SUCCESS`..

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Dispatch multipart sign/verify: allow abort on a freshly initialized …
8fd9993 
…operation

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Dispatch multipart sign/verify: pass key again to finish
d06d8c9 
This is a deviation from the application interface, which is practical given
that the core is supposed to have a copy of the key in the key store, and
is useful because it saves the driver from needing to make its own copy.

ARM-software/psa-api#350

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Dispatch multipart sign/verify: main test functions
da3638b 
Add functions to test the whole sequence (setup, update(s), finish). Also
add test functions that focus on finish.

There are no test cases yet since no algorithm is supported yet.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Declare the PQCP driver as a transparent driver
07a2c5d 
We need this to give it a driver ID for multipart operation dispatch, even
if none of the driver entry points are satisfactorily supported by
`generate_driver_wrappers.py`.

The `"export_public_key"` entry point is present in the driver and is
supported by `generate_driver_wrappers.py`. However, this is not usable
because the template `psa_crypto_driver_wrappers_no_static.c.jinja`
insists that dispatch to all non-built-in transparent drivers is guarded
by `PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT`, but dispatch to ML-DSA must
not be guarded by this macro. Sorting this out is out of scope here,
so keep using the manually written code to dispatch `"export_public_key"`
to the PQCP driver.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Dispatch multipart sign/verify to PQCP ML-DSA
5c7ec16 
Reject calls to `set_context` for now. It will be implemented later.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Add generated multipart tests for ML-DSA dispatch
53dbb38 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Add ML-DSA multipart bad-case tests
8425ea0 
Add tests that exercise checks done by setup and finish stages. Mostly bad
cases, with a few good cases for reference.

Copy of `tests/suites/test_suite_psa_crypto_mldsa.multipart.data`.

We test ML-DSA at the dispatch layer fairly extensively because we don't
have the API layer yet, and we expect early birds to access ML-DSA via
the dispatch layer. The tests focus on the behavior of our driver, and
may need to be revised when we start supporting third-party drives.
In other words, in the future, some of the test coverage added in this
commit will move to API layer tests, and some of the test coverage added
in this commit will become irrelevant because it's too specific to our
implementation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm gilles-peskine-arm added size-s Estimated task size: small (~2d) priority-high High priority - will be reviewed soon labels Apr 22, 2026
@gilles-peskine-arm gilles-peskine-arm added the needs-ci Needs to pass CI tests label Apr 22, 2026
@gilles-peskine-arm gilles-peskine-arm mentioned this pull request Apr 22, 2026
Open
5 tasks
gilles-peskine-arm
gilles-peskine-arm commented Apr 22, 2026
View reviewed changes
Comment thread tests/scripts/analyze_outcomes.py
# Tests that are not covered for a tracked reason, and that
# were also not covered by Mbed TLS testing as of Mbed TLS 4.1.0.
UNCOVERED_TESTS = {
'test_suite_config.crypto_combinations': [
Copy link
Copy Markdown
Contributor Author

@gilles-peskine-arm gilles-peskine-arm Apr 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We also need to add this (and maybe more) to tf_psa_crypto_test_case_info.py.INTERNAL_TEST_CASES``. This requires Mbed-TLS/mbedtls#10700 (I don't want to add it yet to avoid a merge conflict).

@gilles-peskine-arm gilles-peskine-arm changed the title Mldsa sign multipart dispatch Multipart sign/verify: dispatch functions, dispatch to ML_DSA Apr 22, 2026
@gilles-peskine-arm gilles-peskine-arm added needs-work needs-preceding-pr Requires another PR to be merged first labels Apr 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

needs-ci Needs to pass CI tests needs-preceding-pr Requires another PR to be merged first needs-work priority-high High priority - will be reviewed soon size-s Estimated task size: small (~2d)

Projects

Roadmap pull requests (new board)
Status: In Development

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Multipart sign-message and verify-message dispatch to ML-DSA

1 participant

@gilles-peskine-arm