mldsa-native: SHAKE integration, multipart sign/verify #599
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Ronald Cron <[email protected]>
The seedfile is generated in the build tree not in the source tree. Signed-off-by: Ronald Cron <[email protected]>
Signed-off-by: Ronald Cron <[email protected]>
Signed-off-by: Ronald Cron <[email protected]>
Add the build-tree include directory to the list of directories used to search for headers when building the libraries. Place it before the source-tree include directory so that headers in the build tree take precedence over those in the source tree. This change supports custom configurations set by `config.py` (such as full or baremetal) without overriding `crypto_config.h` in the source tree. Signed-off-by: Ronald Cron <[email protected]>
Signed-off-by: Ronald Cron <[email protected]>
Signed-off-by: Ronald Cron <[email protected]>
Signed-off-by: Ronald Cron <[email protected]>
Signed-off-by: Ronald Cron <[email protected]>
Signed-off-by: Pol Henarejos <[email protected]> Signed-off-by: Gilles Peskine <[email protected]>
…lti. Signed-off-by: Pol Henarejos <[email protected]> Signed-off-by: Gilles Peskine <[email protected]>
SHAKE, as it is a XOF function, it allows arbitrary output lengths that can be called multiple times and concatenated. The property SHAKE_finish(olen1+olen2)=SHAKE_finish(olen1)||SHAKE_finish(olen2) always holds. Signed-off-by: Pol Henarejos <[email protected]> Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Pol Henarejos <[email protected]> Signed-off-by: Gilles Peskine <[email protected]>
Split `test_suite_shax.data` into separate files per algorithm family. It was getting really long. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Make it large enough for reasonable ML-DSA tests. Signed-off-by: Gilles Peskine <[email protected]>
For this prototype, add my personal fork. When we do the official integration, we'll use a fork in the Mbed-TLS organization. Point to the head of `main` as of a few days ago, which is a little past the 1.0.0-alpha release. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Include `drivers/pqcp/include` everywhere. Build `drivers/pqcp/src/*.c`. Signed-off-by: Gilles Peskine <[email protected]>
These options are transitory. Eventually we'll want to deduce the MLDSA build options from `PSA_WANT_xxx` and `MBEDTLS_PSA_ACCEL_xxx`. Signed-off-by: Gilles Peskine <[email protected]>
Define options for mldsa-native that are visible both when building the code and when using it inside TF-PSA-Crypto. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Test cases generated by `framework/scripts/generate_mldsa_tests.py` from https://github.com/Mbed-TLS/mbedtls-framework at 74bd06068ba0011e5348860b19516c5008fff2b5. Signed-off-by: Gilles Peskine <[email protected]>
Implementation of Pure ML-DSA-87 (`PSA_ALG_ML_DSA` with bits-87) on top of mldsa-native. Basic unit tests: positive test cases, negative test cases. Positive test cases generated by `framework/scripts/generate_mldsa_tests.py` from https://github.com/Mbed-TLS/mbedtls-framework at 74bd06068ba0011e5348860b19516c5008fff2b5. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
…-shake-prototype
* Reconcile .../531 changing `${TF_PSA_CRYPTO_DIR}` to
`${PROJECT_SOURCE_DIR}` with other changes, both where there were
conflicts and in the new file `drivers/pqcp/CMakeLists.txt`.
* In `drivers/pqcp/CMakeLists.txt`, do an additional change made in
similar files: add `${PROJECT_BINARY_DIR}/include` to
`target_include_directories`.
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Use `MBEDTLS_PSA_BUILTIN_ALG_SHAKEnnn` dependencies for built-in library code and tests of the built-in code, not `PSA_WANT_ALG_SHAKEnnn`. Signed-off-by: Gilles Peskine <[email protected]>
If the new compile-time option `TF_PSA_CRYPTO_PQCP_MLDSA_OWN_SHAKE` is enabled, keep using the SHAKE (FIPS 202) implementation from mldsa-native, which is optimized for mldsa-native and especially for high-end processors. If the option is disabled, use our own SHAKE implementation from `sha3.c`. Automatically enable it if needed. For simplicity, only provide a basic implementation: I haven't tried implementing the fips202x4 interface that might provide a performance benefit. Signed-off-by: Gilles Peskine <[email protected]>
No behavior change. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Add the compilation option and the operation structure types. The implementation will follow. Signed-off-by: Gilles Peskine <[email protected]>
Test setup() together with the one-shot interface. Add new tests for multipart updates, copying existing test data. Signed-off-by: Gilles Peskine <[email protected]>
gilles-peskine-arm
added
the
needs-design-approval
This was referenced Jan 5, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Follow up to #593. New features:
TF_PSA_CRYPTO_PQCP_MLDSA_OWN_SHAKEis enabled, use our own SHA3. Using our own SHA3 is likely slower at least on platforms such as amd64 and arm64. I haven't benchmarked 32-bit platforms where our implementation has specific optimizations and I'd expect less if any benefit from mldsa-native's SHAKE×4 optimization.PR checklist
Please remove the segment/s on either side of the | symbol as appropriate, and add any relevant link/s to the end of the line.
If the provided content is part of the present PR remove the # symbol.