Add ML-DSA support#1124
Open
jku wants to merge 14 commits into
Open
Conversation
Collaborator
Author
|
Test run on GCP: https://github.com/secure-systems-lab/securesystemslib/actions/runs/25749092040/job/75620285276: looks ok. There is a test TUF repo https://github.com/jku/pqc-test-repo2
|
jku
commented
May 13, 2026
| ]: | ||
| if not isinstance(private_key, RSAPrivateKey): | ||
| raise ValueError(f"invalid rsa key: {type(private_key)}") | ||
| assert_type("rsa", private_key, RSAPrivateKey) |
Collaborator
Author
There was a problem hiding this comment.
all these assert tweaks are just to keep linter happy ("too many branches"): the functionality should not change
Closed
jku
commented
May 26, 2026
This comment was marked as outdated.
This comment was marked as outdated.
jku
commented
Jun 9, 2026
Open
This is related to proposed TAP: theupdateframework/taps#195 This currently enables the key for verification and signing for easier testing: In reality we may want to leave the verify support disabled until the TAP is approved. This makes cryptography 48 a requirement * we could make this more complicated with a separate feature but I'm not going to unless someone has a good reason for it * ML-DSA support was added in 47 already but support via openssl only became available in 48 Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
The skip is for SSLibKey._verify: I think it makes sense to be a longer function Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
No need to make this more complicated until there is more than 1 key version Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Collaborator
Author
|
rebased on main |
This way we can merge without the spec being finalized Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This is just a helper method, not 100% required Fix some nearby docstrings. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Revert the version changes that are not 100% needed to avoid unnecessary changes in pyproject.toml Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This implements a proposed ML-DSA TAP: I think it's ready for review.
This currently enables the ML-DSA algorithms by default for signing but not for verify: this should allow merging before the TAP is finalized so we can add support in tuf-conformance.
The only unusual thing about the new key is the custom pre-hash with domain prefix: this is documented in the TAP.
Support is added to
No dependencies are added but minimum cryptography version is bumped to 48: ML-DSA support was added in 47 already but support via openssl only became available in 48
The test code is from AI.