Conversation
There was a problem hiding this comment.
Pull request overview
This pull request adds pure ML-DSA (Module-Lattice-Based Digital Signature Algorithm) signature support to the SymCrypt provider, implementing the signature algorithm through OpenSSL's provider interface. The implementation includes key management, signature operations, and encoder/decoder functionality for ML-DSA-44, ML-DSA-65, and ML-DSA-87 variants. The PR also introduces ML-DSA encoders/decoders for compatibility with OpenSSL versions that don't natively support ML-DSA (e.g., OpenSSL 3.3 on AZL3).
Changes:
- Added ML-DSA signature operations including sign/verify interfaces with support for context strings and parameter validation
- Implemented key management for ML-DSA keys supporting private seed and private key formats, including key generation, import/export, and matching operations
- Added PEM/DER encoders and decoders for ML-DSA PrivateKeyInfo, EncryptedPrivateKeyInfo, and SubjectPublicKeyInfo
- Integrated ML-DSA into OpenSSL provider with TLS signature algorithm capabilities
- Modified fallthrough attribute syntax in AES cipher code for better portability
Reviewed changes
Copilot reviewed 11 out of 14 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| SymCryptProvider/src/signature/p_scossl_mldsa.h | Header defining ML-DSA signature context structures and algorithm info |
| SymCryptProvider/src/signature/p_scossl_mldsa.c | Implementation of ML-DSA signature operations (sign, verify, parameter handling) |
| SymCryptProvider/src/keymgmt/p_scossl_mldsa_keymgmt.h | Header for ML-DSA key management interface |
| SymCryptProvider/src/keymgmt/p_scossl_mldsa_keymgmt.c | Key management implementation including keygen, import/export, and key operations |
| SymCryptProvider/src/encoder/p_scossl_encode_mldsa.c | Encoder for ML-DSA keys to various formats (DER/PEM, text) |
| SymCryptProvider/src/decoder/p_scossl_decode_mldsa.c | Decoder for ML-DSA keys from various formats |
| SymCryptProvider/src/p_scossl_base.c | Provider registration integrating ML-DSA algorithms and TLS capabilities |
| SymCryptProvider/src/p_scossl_names.h | Algorithm name definitions for ML-DSA variants |
| SymCryptProvider/inc/scossl_provider.h | Constants, OIDs, and parameter definitions for ML-DSA |
| SymCryptProvider/CMakeLists.txt | Build configuration updated to include ML-DSA source files |
| SymCryptProvider/src/ciphers/p_scossl_aes.c | Fallthrough attribute changed from GCC-specific to standard comment |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 11 out of 14 changed files in this pull request and generated 11 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 12 out of 15 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 14 out of 17 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 14 out of 17 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This PR adds pure ML-DSA to the SymCrypt provider through the provider signature interface. This PR was tested with the EVP crypto API, as well as TLS and CMS APIS.
This PR also adds an ML-DSA encoder/decoder for testing on platforms with OpenSSL versions that don't support ML-DSA by default (e.g. AZL3 with OpenSSL 3.3).
Composite ML-DSA and external mu will be added later.