Fspra 5246 mldsa addition

include/mbedtls/config_adjust_legacy_from_psa.h

@@ -392,7 +392,23 @@
 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_DECAPSULATE 1
 #endif /* PSA_WANT_KEY_TYPE_MLKEM_KEY_DECAPSULATE */
 
-/* End of MLKEM section */
+/* End of ML_DSA section */
+
+/* ML_DSA: key types: enable built-ins as needed.
+ */
+#if defined(PSA_WANT_KEY_TYPE_ML_DSA_KEY_PAIR_GENERATE)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ML_DSA_KEY_PAIR_GENERATE 1
+#endif /* PSA_WANT_KEY_TYPE_ML_DSA_KEY_PAIR_GENERATE */
+
+#if defined(PSA_WANT_KEY_TYPE_ML_DSA_SIGN)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ML_DSA_SIGN 1
+#endif /* PSA_WANT_KEY_TYPE_ML_DSA_SIGN */
+
+#if defined(PSA_WANT_KEY_TYPE_ML_DSA_VERIFY)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ML_DSA_VERIFY 1
+#endif /* PSA_WANT_KEY_TYPE_ML_DSA_VERIFY */
+
+/* End of ML_DSA section */
 
 /*
  * DH key types follow the same pattern used above for EC keys. They are defined

include/mbedtls/config_adjust_psa_from_legacy.h

@@ -101,6 +101,23 @@
 // #define PSA_WANT_KEY_TYPE_MLKEM_PUBLIC_KEY 1
 #endif /* MBEDTLS_MLKEM_C */
 
+#if defined(MBEDTLS_ML_DSA_C)
+// #define PSA_WANT_KEY_TYPE_ML_DSA_KEY_PAIR_BASIC 1
+// #define PSA_WANT_KEY_TYPE_ML_DSA_KEY_PAIR_IMPORT 1
+// #define PSA_WANT_KEY_TYPE_ML_DSA_KEY_PAIR_EXPORT 1
+#define PSA_WANT_KEY_TYPE_ML_DSA_KEY_PAIR_GENERATE 1
+#define PSA_WANT_KEY_TYPE_ML_DSA_SIGN 1
+#define PSA_WANT_KEY_TYPE_ML_DSA_VERIFY 1
+// #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ML_DSA_KEY_PAIR_BASIC 1
+// #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ML_DSA_KEY_PAIR_IMPORT 1
+// #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ML_DSA_KEY_PAIR_EXPORT 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ML_DSA_KEY_PAIR_GENERATE 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ML_DSA_SIGN 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ML_DSA_VERIFY 1
+// #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ML_DSA_PUBLIC_KEY 1
+// #define PSA_WANT_KEY_TYPE_ML_DSA_PUBLIC_KEY 1
+#endif /* MBEDTLS_ML_DSA_C */
+
 #if defined(MBEDTLS_DHM_C)
 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1
 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1

include/mbedtls/mldsa.h

@@ -0,0 +1,65 @@
+/**
+ * \file mldsa.h
+ *
+ * \brief This file provides an API for Post Quantum Cryptography Module Lattice Keys(ML_DSA).
+ *
+ */
+
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef MBEDTLS_ML_DSA_H
+#define MBEDTLS_ML_DSA_H
+#include "mbedtls/private_access.h"
+
+#include "mbedtls/build_info.h"
+#include "mbedtls/platform_util.h"
+
+#include "mbedtls/bignum.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct mbedtls_mldsa_data {
+    uint32_t key_len;
+    uint32_t * key_data;
+} mbedtls_mldsa_data_t;
+
+/**
+ * \brief   The ML_DSA context structure.
+ */
+typedef struct mbedtls_mldsa_context {
+    mbedtls_mldsa_data_t private_key;  /*!< The private key data. */
+    mbedtls_mldsa_data_t public_key;  /*!< The public key data  */
+} mbedtls_mldsa_context;
+
+typedef enum mbedtls_mldsa_bits {
+    MBEDTLS_ML_DSA_44 = 44,
+    MBEDTLS_ML_DSA_65 = 65
+} mbedtls_mldsa_bits_t;
+
+void mbedtls_mldsa_init(mbedtls_mldsa_context * ctx);
+
+int mbedtls_mldsa_generate_key(mbedtls_mldsa_context * ctx, 
+                               mbedtls_mldsa_bits_t bits, 
+                               uint32_t (*f_rng)(uint32_t, uint32_t *));
+
+int mbedtls_mldsa_sign(mbedtls_mldsa_context * ctx,
+                              mbedtls_mldsa_bits_t bits,
+                              mbedtls_mldsa_data_t * msg,
+                              mbedtls_mldsa_data_t * signature,
+                              uint32_t (*f_rng)(uint32_t, uint32_t *));
+
+int mbedtls_mldsa_verify(mbedtls_mldsa_context * ctx,
+                              mbedtls_mldsa_bits_t bits,
+                              mbedtls_mldsa_data_t * signature,
+                              mbedtls_mldsa_data_t * msg);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mldsa.h */

include/psa/crypto_sizes.h

@@ -872,6 +872,7 @@
 #define PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(key_bits)   \
     (PSA_BITS_TO_BYTES(key_bits))
 
+
 #define PSA_KEY_BITS_MLKEM_512 512U
 #define PSA_KEY_BITS_MLKEM_768 768U
 
@@ -907,6 +908,41 @@
 
 #define PSA_MLKEM_SHARED_SECRET_SIZE 32U
 
+
+#define PSA_KEY_BITS_ML_DSA_44 44U
+#define PSA_KEY_BITS_ML_DSA_65 65U
+
+#define PSA_ML_DSA_44_PRIV_KEY_SIZE  2560U
+#define PSA_ML_DSA_44_PUB_KEY_SIZE   1312U
+#define PSA_ML_DSA_65_PRIV_KEY_SIZE  4032U
+#define PSA_ML_DSA_65_PUB_KEY_SIZE   1952U
+
+/* Maximum size of the ML_DSA Private Key.
+ */
+#define PSA_KEY_EXPORT_ML_DSA_PRIV_KEY_SIZE(key_bits)      \
+    ((key_bits) == PSA_KEY_BITS_ML_DSA_44 ? PSA_ML_DSA_44_PRIV_KEY_SIZE : \
+     (key_bits) == PSA_KEY_BITS_ML_DSA_65 ? PSA_ML_DSA_65_PRIV_KEY_SIZE : 0U)
+
+/* Maximum size of the ML_DSA Public Key.
+ */
+#define PSA_KEY_EXPORT_ML_DSA_PUB_KEY_SIZE(key_bits)      \
+    ((key_bits) == PSA_KEY_BITS_ML_DSA_44 ? PSA_ML_DSA_44_PUB_KEY_SIZE : \
+     (key_bits) == PSA_KEY_BITS_ML_DSA_65 ? PSA_ML_DSA_65_PUB_KEY_SIZE : 0U)
+
+/* Maximum size of the export encoding of an ML_DSA key pair.
+ */
+#define PSA_KEY_EXPORT_ML_DSA_KEY_PAIR_MAX_SIZE(key_bits)      \
+    (PSA_KEY_EXPORT_ML_DSA_PRIV_KEY_SIZE(key_bits) + \
+     PSA_KEY_EXPORT_ML_DSA_PUB_KEY_SIZE(key_bits))
+
+#define PSA_ML_DSA_44_SIGNATURE_SIZE 2420U
+#define PSA_ML_DSA_65_SIGNATURE_SIZE 3309U
+
+#define PSA_ML_DSA_SIGNATURE_SIZE(key_bits)      \
+    ((key_bits) == PSA_KEY_BITS_ML_DSA_44 ? PSA_ML_DSA_44_SIGNATURE_SIZE : \
+     (key_bits) == PSA_KEY_BITS_ML_DSA_65 ? PSA_ML_DSA_65_SIGNATURE_SIZE : 0U)
+
+
 /** Sufficient output buffer size for psa_export_key() or
  * psa_export_public_key().
  *
@@ -956,6 +992,7 @@
      PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) :      \
      PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) :  \
      PSA_KEY_TYPE_IS_MLKEM(key_type) ? PSA_KEY_EXPORT_MLKEM_KEY_PAIR_MAX_SIZE(key_bits) :  \
+     PSA_KEY_TYPE_IS_ML_DSA(key_type) ? PSA_KEY_EXPORT_ML_DSA_KEY_PAIR_MAX_SIZE(key_bits) :  \
      0U)
 
 /** Sufficient output buffer size for psa_export_public_key().

include/psa/crypto_values.h

@@ -543,7 +543,7 @@
  *
  * The size of an RSA key is the bit size of the modulus.
  */
-#define PSA_KEY_TYPE_RSA_KEY_PAIR                   ((psa_key_type_t)0x7001)
+#define PSA_KEY_TYPE_RSA_KEY_PAIR                   ((psa_key_type_t) 0x7001)
 
 /** Whether a key type is an RSA key pair; standard or vendor. */
 #define PSA_KEY_TYPE_IS_RSA_KEY_PAIR(type)  							\
@@ -784,22 +784,22 @@
 /** ML-DSA key pair.
  *
  */
-#define PSA_KEY_TYPE_MLDSA_KEY_PAIR ((psa_key_type_t)0x7002)
+#define PSA_KEY_TYPE_ML_DSA_KEY_PAIR ((psa_key_type_t)0x7006)
 
-#define PSA_KEY_TYPE_MLDSA_PUBLIC_KEY ((psa_key_type_t)0x4002)
+#define PSA_KEY_TYPE_ML_DSA_PUBLIC_KEY ((psa_key_type_t)0x4006)
 
-#define PSA_KEY_TYPE_IS_MLDSA(type) \
-    (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_MLDSA_PUBLIC_KEY)
+#define PSA_KEY_TYPE_IS_ML_DSA(type) \
+    (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_ML_DSA_PUBLIC_KEY)
 
 /** The ML-DSA algorithm.
  *
  */
-#define PSA_ALG_MLDSA                            ((psa_algorithm_t) 0x06004400)
+#define PSA_ALG_ML_DSA                            ((psa_algorithm_t) 0x06004400)
 
-#define PSA_ALG_IS_MLDSA(alg) \
+#define PSA_ALG_IS_ML_DSA(alg) \
     (((alg) & ~0x00000100) == 0x06004400)
 
-#define PSA_ALG_IS_HASH_MLDSA(alg) \
+#define PSA_ALG_IS_HASH_ML_DSA(alg) \
     (((alg) & ~0x000001ff) == 0x06004600)
 
 /** Diffie-Hellman groups defined in RFC 7919 Appendix A.
@@ -1755,7 +1755,7 @@
 #define PSA_ALG_IS_SIGN_HASH(alg)                                       \
     (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||    \
      PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) ||             \
-     PSA_ALG_IS_HASH_MLDSA(alg) || PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg))
+     PSA_ALG_IS_HASH_ML_DSA(alg) || PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg))
 
 /** Whether the specified algorithm is a signature algorithm that can be used
  * with psa_sign_message() and psa_verify_message().
@@ -1769,7 +1769,7 @@
  *         supported algorithm identifier.
  */
 #define PSA_ALG_IS_SIGN_MESSAGE(alg)                                    \
-    (PSA_ALG_IS_SIGN_HASH(alg) || (alg) == PSA_ALG_PURE_EDDSA)
+    (PSA_ALG_IS_SIGN_HASH(alg) || (alg) == PSA_ALG_PURE_EDDSA || (alg) == PSA_ALG_ML_DSA)
 
 /** Whether the specified algorithm is a hash-and-sign algorithm.
  *

library/psa_crypto.c

@@ -3135,6 +3135,18 @@ psa_status_t psa_sign_message_builtin(
             alg, hash, hash_length,
             signature, signature_size, signature_length);
     }
+    else if (PSA_ALG_IS_ML_DSA(alg))
+    {
+        status = mbedtls_psa_mldsa_sign(psa_get_key_bits(attributes),
+                                        key_buffer,
+                                        key_buffer_size,
+                                        input,
+                                        input_length,
+                                        signature,
+                                        signature_size,
+                                        signature_length);
+        return status;  
+    }
 
     return PSA_ERROR_NOT_SUPPORTED;
 }
@@ -7928,6 +7940,14 @@ static psa_status_t psa_validate_key_type_and_size_for_key_generation(
     } else
 #endif /* defined(PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_GENERATE) */
 
+#if defined(PSA_WANT_KEY_TYPE_ML_DSA_KEY_PAIR_GENERATE)
+    if (PSA_KEY_TYPE_IS_ML_DSA(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
+        /* To avoid empty block, return successfully here. */
+        // REVISIT: KF do we want logic here?
+        return PSA_SUCCESS;
+    } else
+#endif /* defined(PSA_WANT_KEY_TYPE_ML_DSA_KEY_PAIR_GENERATE) */
+
 #if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE)
     if (PSA_KEY_TYPE_IS_DH(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
         if (psa_is_dh_key_size_valid(bits) == 0) {
@@ -7998,6 +8018,15 @@ psa_status_t psa_generate_key_internal(
     } else
 #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_GENERATE) */
 
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ML_DSA_KEY_PAIR_GENERATE)
+    if (PSA_KEY_TYPE_IS_ML_DSA(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
+        return mbedtls_psa_mldsa_generate_key(attributes,
+                                              key_buffer,
+                                              key_buffer_size,
+                                              key_buffer_length);
+    } else
+#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ML_DSA_KEY_PAIR_GENERATE) */
+
 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE)
     if (PSA_KEY_TYPE_IS_DH(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
         return mbedtls_psa_ffdh_generate_key(attributes,