Skip to content

Test ML-DSA keytypes#398

Draft
jku wants to merge 1 commit into
theupdateframework:mainfrom
jku:key-type-tests
Draft

Test ML-DSA keytypes#398
jku wants to merge 1 commit into
theupdateframework:mainfrom
jku:key-type-tests

Conversation

@jku

@jku jku commented Jul 1, 2026

Copy link
Copy Markdown
Member

Added ML-DSA keys as defined in theupdateframework/taps#195: Leaving this DRAFT as it requires securesystemslib with secure-systems-lab/securesystemslib#1124.

Current test_keytype_and_scheme is preserved for the "standard" ketytypes (the ones referenced in the spec). This way new, more optional, keytypes will be ergonomic to xfail when needed.

We could set the "non-standard" keytypes to xpass (so failures would be listed but would not fail a run) but that seems more complex: Users already have two fine options:

  • add new failing tests to the clients xfails list "test_mldsa_keytype_and_scheme" will cover all mldsa tests
  • postpone conformance upgrade until suppport is added

The 9000 char signature line is obnoxious but I don't want to replace it with "00"*4627 since it's likely this would not be a valid ASN1.DER key -- we can move the sigs to a resource file if the long lines are an issue.

Added ML-DSA: This will require newer securesystemslib

Current test_keytype_and_scheme is preserved for the "standard"
ketytypes (the ones referenced in the spec). This way new more
optional keytypes will be ergonomic to xfail when needed.

We could set the "non-standard" keytypes to xpass (so failures
would be listed but would not fail a run) but that seems more complex:
Users already have two fine options:
* add new failing tests to the clients xfails list
    "test_mldsa_keytype_and_scheme" will cover all mldsa tests
* postpone conformance upgrade until suppport is added

The 9000 char signature line is obnoxious but I don't want to
replace it with "00"*4627 since it's possible this would not be a
valid ASN1.DER key -- we can move the sigs to a resource file if the
long lines are an issue.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant