fix: ML-DSA PQC signing/verification with FIPS 204 context string

- Fix ML-DSA signature verification and signing to use FIPS 204 context
  string (ctx) via direct FFI calls to aws-lc ml_dsa_*_verify/sign APIs.
  The aws-lc-rs high-level API passes empty context, while libspdm/OpenSSL
  passes the SPDM signing context string (e.g. 'responder-challenge_auth
  signing'), causing cross-test signature verification failures.

- Add pqc_asym_sign_impl.rs with pqc_sign_with_context() that extracts
  the SPDM signing context from the data buffer and passes it to ml_dsa
  sign APIs via FFI.

- Update pqc_asym_verify_impl.rs to use FFI calls with context string
  instead of aws-lc-rs UnparsedPublicKey::verify().

- Skip PSK session test when responder does not advertise PSK capability
  to avoid false failures in PQC cross-tests.

Cross-tested successfully:
  A) spdm-rs requester + spdm-emu responder (ML-DSA-87 + ML-KEM-1024)
  B) spdm-rs responder + spdm-emu requester (ML-DSA-87 + ML-KEM-1024)

Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>

Author: jyao1

spdmlib_crypto_aws_lc/src/lib.rs

@@ -5,6 +5,7 @@
 //! spdm-rs crypto backend using aws-lc-rs for PQC (ML-KEM, ML-DSA) support.
 
 pub mod kem_impl;
+pub mod pqc_asym_sign_impl;
 pub mod pqc_asym_verify_impl;
 
 #[cfg(test)]

spdmlib_crypto_aws_lc/src/pqc_asym_sign_impl.rs

@@ -0,0 +1,124 @@
+// Copyright (c) 2025 Intel Corporation
+//
+// SPDX-License-Identifier: Apache-2.0 or MIT
+
+use core::ffi::{c_int, c_uchar};
+use spdmlib::protocol::{SpdmPqcAsymAlgo, SpdmSignatureStruct, SPDM_MAX_ASYM_SIG_SIZE};
+
+// SPDM signing prefix is 64 bytes, followed by 36 bytes of (zeropad + context_string).
+const SPDM_SIGNING_PREFIX_LEN: usize = 64;
+const SPDM_SIGNING_CONTEXT_FIELD_LEN: usize = 36;
+
+// ML-DSA signature sizes
+const MLDSA_44_SIG_SIZE: usize = 2420;
+const MLDSA_65_SIG_SIZE: usize = 3309;
+const MLDSA_87_SIG_SIZE: usize = 4627;
+
+extern "C" {
+    #[link_name = "aws_lc_0_39_0_ml_dsa_44_sign"]
+    fn ml_dsa_44_sign(
+        private_key: *const c_uchar,
+        sig: *mut c_uchar,
+        sig_len: *mut usize,
+        message: *const c_uchar,
+        message_len: usize,
+        ctx_string: *const c_uchar,
+        ctx_string_len: usize,
+    ) -> c_int;
+
+    #[link_name = "aws_lc_0_39_0_ml_dsa_65_sign"]
+    fn ml_dsa_65_sign(
+        private_key: *const c_uchar,
+        sig: *mut c_uchar,
+        sig_len: *mut usize,
+        message: *const c_uchar,
+        message_len: usize,
+        ctx_string: *const c_uchar,
+        ctx_string_len: usize,
+    ) -> c_int;
+
+    #[link_name = "aws_lc_0_39_0_ml_dsa_87_sign"]
+    fn ml_dsa_87_sign(
+        private_key: *const c_uchar,
+        sig: *mut c_uchar,
+        sig_len: *mut usize,
+        message: *const c_uchar,
+        message_len: usize,
+        ctx_string: *const c_uchar,
+        ctx_string_len: usize,
+    ) -> c_int;
+}
+
+/// Extract the SPDM signing context string from the data buffer.
+fn extract_signing_context(data: &[u8]) -> &[u8] {
+    if data.len() < SPDM_SIGNING_PREFIX_LEN + SPDM_SIGNING_CONTEXT_FIELD_LEN {
+        return &[];
+    }
+    let field =
+        &data[SPDM_SIGNING_PREFIX_LEN..SPDM_SIGNING_PREFIX_LEN + SPDM_SIGNING_CONTEXT_FIELD_LEN];
+    for i in 0..field.len() {
+        if field[i] != 0 {
+            return &field[i..];
+        }
+    }
+    &[]
+}
+
+/// Sign data using ML-DSA with the SPDM signing context string passed as
+/// the ML-DSA context parameter (FIPS 204 `ctx`).
+///
+/// `raw_private_key` is the raw ML-DSA private key bytes (not PKCS#8).
+/// `data` is the SPDM signing message (prefix + context + hash).
+pub fn pqc_sign_with_context(
+    pqc_asym_algo: SpdmPqcAsymAlgo,
+    raw_private_key: &[u8],
+    data: &[u8],
+) -> Option<SpdmSignatureStruct> {
+    let ctx_string = extract_signing_context(data);
+    let ctx_ptr = if ctx_string.is_empty() {
+        core::ptr::null()
+    } else {
+        ctx_string.as_ptr()
+    };
+
+    let sig_size = match pqc_asym_algo {
+        SpdmPqcAsymAlgo::ALG_MLDSA_44 => MLDSA_44_SIG_SIZE,
+        SpdmPqcAsymAlgo::ALG_MLDSA_65 => MLDSA_65_SIG_SIZE,
+        SpdmPqcAsymAlgo::ALG_MLDSA_87 => MLDSA_87_SIG_SIZE,
+        _ => return None,
+    };
+
+    let sign_fn: unsafe extern "C" fn(_, _, _, _, _, _, _) -> _ = match pqc_asym_algo {
+        SpdmPqcAsymAlgo::ALG_MLDSA_44 => ml_dsa_44_sign,
+        SpdmPqcAsymAlgo::ALG_MLDSA_65 => ml_dsa_65_sign,
+        SpdmPqcAsymAlgo::ALG_MLDSA_87 => ml_dsa_87_sign,
+        _ => return None,
+    };
+
+    let mut sig_buf = vec![0u8; sig_size];
+    let mut sig_len = sig_size;
+
+    let result = unsafe {
+        sign_fn(
+            raw_private_key.as_ptr(),
+            sig_buf.as_mut_ptr(),
+            &mut sig_len,
+            data.as_ptr(),
+            data.len(),
+            ctx_ptr,
+            ctx_string.len(),
+        )
+    };
+
+    if result != 1 {
+        return None;
+    }
+
+    let mut full_signature = [0u8; SPDM_MAX_ASYM_SIG_SIZE];
+    full_signature[..sig_len].copy_from_slice(&sig_buf[..sig_len]);
+
+    Some(SpdmSignatureStruct {
+        data_size: sig_len as u16,
+        data: full_signature,
+    })
+}

spdmlib_crypto_aws_lc/src/pqc_asym_verify_impl.rs

@@ -1,64 +1,148 @@
-// Copyright (c) 2025 Intel Corporation
-//
-// SPDX-License-Identifier: Apache-2.0 or MIT
-
-use aws_lc_rs::signature::UnparsedPublicKey;
-use aws_lc_rs::unstable::signature::{ML_DSA_44, ML_DSA_65, ML_DSA_87};
-use spdmlib::crypto::SpdmPqcAsymVerify;
-use spdmlib::error::{SpdmResult, SPDM_STATUS_VERIF_FAIL};
-use spdmlib::protocol::{SpdmBaseHashAlgo, SpdmPqcAsymAlgo, SpdmSignatureStruct};
-
-// Raw public key sizes for ML-DSA variants (without SPKI DER header)
-const MLDSA_44_KEY_SIZE: usize = 1312;
-const MLDSA_65_KEY_SIZE: usize = 1952;
-const MLDSA_87_KEY_SIZE: usize = 2592;
-
-pub static DEFAULT: SpdmPqcAsymVerify = SpdmPqcAsymVerify {
-    verify_cb: pqc_asym_verify,
-};
-
-/// Extract the raw public key from a SubjectPublicKeyInfo (SPKI) DER encoding.
-/// If the input is already the expected raw key size, return it as-is.
-fn extract_raw_public_key(public_key_der: &[u8], expected_raw_size: usize) -> &[u8] {
-    if public_key_der.len() == expected_raw_size {
-        return public_key_der;
-    }
-    // SPKI DER: SEQUENCE { SEQUENCE { OID, ... }, BIT STRING { 0x00, raw_key } }
-    // The raw key is at the end; strip the SPKI header.
-    if public_key_der.len() > expected_raw_size {
-        &public_key_der[public_key_der.len() - expected_raw_size..]
-    } else {
-        public_key_der
-    }
-}
-
-fn pqc_asym_verify(
-    _base_hash_algo: SpdmBaseHashAlgo,
-    pqc_asym_algo: SpdmPqcAsymAlgo,
-    public_key_der: &[u8],
-    data: &[u8],
-    signature: &SpdmSignatureStruct,
-) -> SpdmResult {
-    let sig_bytes = &signature.data[..signature.data_size as usize];
-
-    let result = match pqc_asym_algo {
-        SpdmPqcAsymAlgo::ALG_MLDSA_44 => {
-            let raw_key = extract_raw_public_key(public_key_der, MLDSA_44_KEY_SIZE);
-            let public_key = UnparsedPublicKey::new(&ML_DSA_44, raw_key);
-            public_key.verify(data, sig_bytes)
-        }
-        SpdmPqcAsymAlgo::ALG_MLDSA_65 => {
-            let raw_key = extract_raw_public_key(public_key_der, MLDSA_65_KEY_SIZE);
-            let public_key = UnparsedPublicKey::new(&ML_DSA_65, raw_key);
-            public_key.verify(data, sig_bytes)
-        }
-        SpdmPqcAsymAlgo::ALG_MLDSA_87 => {
-            let raw_key = extract_raw_public_key(public_key_der, MLDSA_87_KEY_SIZE);
-            let public_key = UnparsedPublicKey::new(&ML_DSA_87, raw_key);
-            public_key.verify(data, sig_bytes)
-        }
-        _ => return Err(SPDM_STATUS_VERIF_FAIL),
-    };
-
-    result.map_err(|_| SPDM_STATUS_VERIF_FAIL)
-}
+// Copyright (c) 2025 Intel Corporation
+//
+// SPDX-License-Identifier: Apache-2.0 or MIT
+
+use core::ffi::{c_int, c_uchar};
+use spdmlib::crypto::SpdmPqcAsymVerify;
+use spdmlib::error::{SpdmResult, SPDM_STATUS_VERIF_FAIL};
+use spdmlib::protocol::{SpdmBaseHashAlgo, SpdmPqcAsymAlgo, SpdmSignatureStruct};
+
+// Raw public key sizes for ML-DSA variants (without SPKI DER header)
+const MLDSA_44_KEY_SIZE: usize = 1312;
+const MLDSA_65_KEY_SIZE: usize = 1952;
+const MLDSA_87_KEY_SIZE: usize = 2592;
+
+// SPDM signing prefix is 64 bytes, followed by 36 bytes of (zeropad + context_string).
+const SPDM_SIGNING_PREFIX_LEN: usize = 64;
+const SPDM_SIGNING_CONTEXT_FIELD_LEN: usize = 36;
+
+extern "C" {
+    #[link_name = "aws_lc_0_39_0_ml_dsa_44_verify"]
+    fn ml_dsa_44_verify(
+        public_key: *const c_uchar,
+        sig: *const c_uchar,
+        sig_len: usize,
+        message: *const c_uchar,
+        message_len: usize,
+        ctx_string: *const c_uchar,
+        ctx_string_len: usize,
+    ) -> c_int;
+
+    #[link_name = "aws_lc_0_39_0_ml_dsa_65_verify"]
+    fn ml_dsa_65_verify(
+        public_key: *const c_uchar,
+        sig: *const c_uchar,
+        sig_len: usize,
+        message: *const c_uchar,
+        message_len: usize,
+        ctx_string: *const c_uchar,
+        ctx_string_len: usize,
+    ) -> c_int;
+
+    #[link_name = "aws_lc_0_39_0_ml_dsa_87_verify"]
+    fn ml_dsa_87_verify(
+        public_key: *const c_uchar,
+        sig: *const c_uchar,
+        sig_len: usize,
+        message: *const c_uchar,
+        message_len: usize,
+        ctx_string: *const c_uchar,
+        ctx_string_len: usize,
+    ) -> c_int;
+}
+
+pub static DEFAULT: SpdmPqcAsymVerify = SpdmPqcAsymVerify {
+    verify_cb: pqc_asym_verify,
+};
+
+/// Extract the raw public key from a SubjectPublicKeyInfo (SPKI) DER encoding.
+/// If the input is already the expected raw key size, return it as-is.
+fn extract_raw_public_key(public_key_der: &[u8], expected_raw_size: usize) -> &[u8] {
+    if public_key_der.len() == expected_raw_size {
+        return public_key_der;
+    }
+    // SPKI DER: SEQUENCE { SEQUENCE { OID, ... }, BIT STRING { 0x00, raw_key } }
+    // The raw key is at the end; strip the SPKI header.
+    if public_key_der.len() > expected_raw_size {
+        &public_key_der[public_key_der.len() - expected_raw_size..]
+    } else {
+        public_key_der
+    }
+}
+
+/// Extract the SPDM signing context string from the data buffer.
+///
+/// The SPDM 1.2+ signing message has the following structure:
+///   [0..64)   : signing prefix ("dmtf-spdm-v1.x.*" repeated 4 times)
+///   [64..100) : zero-padding + signing context string (36 bytes total)
+///   [100..)   : hash
+///
+/// The signing context string is at the end of the 36-byte field (after
+/// zero-padding). Per SPDM spec, this context string is also used as the
+/// ML-DSA context parameter (ctx) in FIPS 204 sign/verify operations.
+fn extract_signing_context(data: &[u8]) -> &[u8] {
+    if data.len() < SPDM_SIGNING_PREFIX_LEN + SPDM_SIGNING_CONTEXT_FIELD_LEN {
+        return &[];
+    }
+    let field =
+        &data[SPDM_SIGNING_PREFIX_LEN..SPDM_SIGNING_PREFIX_LEN + SPDM_SIGNING_CONTEXT_FIELD_LEN];
+    // The context string follows zero-padding. Find the first non-zero byte.
+    for i in 0..field.len() {
+        if field[i] != 0 {
+            return &field[i..];
+        }
+    }
+    &[]
+}
+
+fn pqc_asym_verify(
+    _base_hash_algo: SpdmBaseHashAlgo,
+    pqc_asym_algo: SpdmPqcAsymAlgo,
+    public_key_der: &[u8],
+    data: &[u8],
+    signature: &SpdmSignatureStruct,
+) -> SpdmResult {
+    let sig_bytes = &signature.data[..signature.data_size as usize];
+    let ctx_string = extract_signing_context(data);
+
+    let (raw_key, verify_fn): (&[u8], unsafe extern "C" fn(_, _, _, _, _, _, _) -> _) =
+        match pqc_asym_algo {
+            SpdmPqcAsymAlgo::ALG_MLDSA_44 => (
+                extract_raw_public_key(public_key_der, MLDSA_44_KEY_SIZE),
+                ml_dsa_44_verify,
+            ),
+            SpdmPqcAsymAlgo::ALG_MLDSA_65 => (
+                extract_raw_public_key(public_key_der, MLDSA_65_KEY_SIZE),
+                ml_dsa_65_verify,
+            ),
+            SpdmPqcAsymAlgo::ALG_MLDSA_87 => (
+                extract_raw_public_key(public_key_der, MLDSA_87_KEY_SIZE),
+                ml_dsa_87_verify,
+            ),
+            _ => return Err(SPDM_STATUS_VERIF_FAIL),
+        };
+
+    let ctx_ptr = if ctx_string.is_empty() {
+        core::ptr::null()
+    } else {
+        ctx_string.as_ptr()
+    };
+
+    let result = unsafe {
+        verify_fn(
+            raw_key.as_ptr(),
+            sig_bytes.as_ptr(),
+            sig_bytes.len(),
+            data.as_ptr(),
+            data.len(),
+            ctx_ptr,
+            ctx_string.len(),
+        )
+    };
+
+    if result == 1 {
+        Ok(())
+    } else {
+        Err(SPDM_STATUS_VERIF_FAIL)
+    }
+}

test/spdm-emu/src/crypto_callback.rs

@@ -199,6 +199,7 @@ fn pqc_asym_sign(
 ) -> Option<SpdmSignatureStruct> {
     #[cfg(feature = "spdm-aws-lc")]
     {
+        use aws_lc_rs::encoding::AsRawBytes;
         use aws_lc_rs::unstable::signature::{
             PqdsaKeyPair, ML_DSA_44_SIGNING, ML_DSA_65_SIGNING, ML_DSA_87_SIGNING,
         };
@@ -230,17 +231,17 @@ fn pqc_asym_sign(
         let key_pair = PqdsaKeyPair::from_pkcs8(signing_algo, &der_file)
             .unwrap_or_else(|e| panic!("unable to parse PQC key pair: {:?}", e));
 
-        let sig_len = signing_algo.signature_len();
-        let mut sig_buf = vec![0u8; sig_len];
-        let written = key_pair.sign(data, &mut sig_buf).ok()?;
+        // Extract raw private key for signing with ML-DSA context string
+        let raw_priv_key = key_pair
+            .private_key()
+            .as_raw_bytes()
+            .expect("failed to get raw private key");
 
-        let mut full_signature = [0u8; SPDM_MAX_ASYM_SIG_SIZE];
-        full_signature[..written].copy_from_slice(&sig_buf[..written]);
-
-        Some(SpdmSignatureStruct {
-            data_size: written as u16,
-            data: full_signature,
-        })
+        spdmlib_crypto_aws_lc::pqc_asym_sign_impl::pqc_sign_with_context(
+            pqc_asym_algo,
+            raw_priv_key.as_ref(),
+            data,
+        )
     }
     #[cfg(not(feature = "spdm-aws-lc"))]
     {