Skip to content

MLDSA for Pingora#497

Open
kornelski wants to merge 5 commits into
masterfrom
mldsa
Open

MLDSA for Pingora#497
kornelski wants to merge 5 commits into
masterfrom
mldsa

Conversation

@kornelski

@kornelski kornelski commented Apr 21, 2026

Copy link
Copy Markdown
Collaborator

No description provided.

@kornelski kornelski requested a review from rushilmehra April 21, 2026 18:32
cjpatton
cjpatton reviewed Apr 21, 2026
View reviewed changes

@cjpatton cjpatton left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks pretty good. I'll note that BoringSSL has also integrated MLDSA into X.509, but this has happened after the commit we've currently checked out. I'm working on bumping BoringSSL in #498.

Comment thread boring/src/mldsa.rs Outdated
Comment thread boring/src/mldsa.rs Outdated
@cjpatton cjpatton mentioned this pull request Apr 22, 2026
Closed
jedisct1
jedisct1 reviewed Apr 23, 2026
View reviewed changes
Comment thread boring/src/mldsa.rs
jedisct1
jedisct1 reviewed Apr 23, 2026
View reviewed changes
Comment thread boring/src/mldsa.rs Outdated

impl MlDsaPublicKey {
/// Parses a public key from its serialized form.
pub fn from_bytes(algorithm: Algorithm, bytes: &[u8]) -> Result<Self, ErrorStack> {

@jedisct1 jedisct1 Apr 23, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe there should be a to_bytes() counterpart?

cjpatton
cjpatton approved these changes Apr 23, 2026
View reviewed changes

@cjpatton cjpatton left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, one cosmetic thing for consistency with mlkem

Comment thread boring/src/mldsa.rs Outdated
Comment thread boring/src/mldsa.rs
Comment thread boring/src/mldsa.rs
@kornelski kornelski requested a review from johnhurt April 23, 2026 14:04
jedisct1 added a commit to jedisct1/rust-superboring that referenced this pull request Apr 23, 2026
@jedisct1
Update mldsa interface
8cbc9e7 
See recent comments from cloudflare/boring#497
jedisct1
jedisct1 reviewed Apr 23, 2026
View reviewed changes
Comment thread boring/src/mldsa.rs
MlDsa87(Box<ffi::MLDSA87_private_key>),
}

impl MlDsaPrivateKey {

@jedisct1 jedisct1 Apr 23, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be very useful to have a public_key() function as well.

@kornelski kornelski Apr 23, 2026

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's from RustCrypto's implementation. Boring's version is a bit more involved. I'll leave it for later.

@kornelski kornelski force-pushed the mldsa branch 3 times, most recently from f743a23 to 91a2c70 Compare April 23, 2026 18:25
@lukevalenta

lukevalenta commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

Is this still needed now that we've pulled in BoringSSL's ML-DSA support? #509

@badcf00d

badcf00d commented Jun 16, 2026

Copy link
Copy Markdown

Is this still needed now that we've pulled in BoringSSL's ML-DSA support? #509

Perhaps I'm missing something, but I assume without this MR you would still need to use the FFI to generate ML-DSA signatures? This seems like a pretty nice API just for generating standalone signatures

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cjpatton cjpatton cjpatton approved these changes

@rushilmehra rushilmehra Awaiting requested review from rushilmehra

@johnhurt johnhurt Awaiting requested review from johnhurt

+1 more reviewer

@jedisct1 jedisct1 jedisct1 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@kornelski @lukevalenta @badcf00d @jedisct1 @cjpatton @johnhurt