ML-DSA driver: support the expanded private key format#834
Open
gilles-peskine-arm wants to merge 8 commits into
Open
ML-DSA driver: support the expanded private key format#834gilles-peskine-arm wants to merge 8 commits into
gilles-peskine-arm wants to merge 8 commits into
Conversation
No behavior change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The value is 64 either way, so the behavior was correct, but use the intended constant name. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The public key hash (tr) is stored in the expanded private key. In multipart signature, get it from there, rather than recalculate it from the public key. (In one-shot signature, this is what mldsa-native does internally.) This is a tiny performance improvement. But more importantly, it paves the way for being able to sign with just the expanded private key, without having to have the public key. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
…rmat Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In one-shot and multipart MLDSA signature, support the key either as just the seed (the standard PSA format), or the seed concatenated with the standard expanded key format. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In the multipart signature interface, the driver dispatch code must pass the same key to the `sign_setup` and `sign_finish` entry points. Otherwise the behavior of the driver is undefined. For robustness, prepare to validate the behavior of the ML-DSA driver when the keys are different. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
* Only the expanded private key (not supported). * Almost but not exactly the joined format. * Mismatch between the seed and the private key. * Mismatch between the key format passed to setup() and finish(). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
d11e1fe to
c73fd1b
Compare
5 tasks
bjwtaylor
reviewed
Jul 9, 2026
bjwtaylor
left a comment
Contributor
There was a problem hiding this comment.
One question on the scope, though otherwise looks good.
| } | ||
| } | ||
|
|
||
| psa_status_t tf_psa_crypto_mldsa_export_public_key( |
Contributor
There was a problem hiding this comment.
The PR description says this PR adds support for export-public and signing where the key input is the concatenation of the seed and the expanded private key. However it looks like this function still calls to seed_to_public_key and doesn't accept the proposed new key input and the other changes seem related to signing? So is the description out of date, the code needs additional functionality or have I missed something?
Contributor
Author
There was a problem hiding this comment.
Oh, oops. That's what you get for working on a feature one hour at a time... I'll do it when I get back, either here or in a follow-up.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In the ML-DSA driver, support export-public and signing where the key input is the concatenation of the seed and the expanded private key, in addition to supporting the seed only. Resolves #774.
Needs preceding PR: framework prerequisite Mbed-TLS/mbedtls-framework#312
PR checklist
Please remove the segment/s on either side of the | symbol as appropriate, and add any relevant link/s to the end of the line.
If the provided content is part of the present PR remove the # symbol.