From nobody Tue Jan 27 00:13:38 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0CEBB22DFB8 for ; Mon, 26 Jan 2026 14:30:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769437825; cv=none; b=LXMaEo5pkmzuwL1PHFECisV0RgcThd+NSEK98IyjnNvanAZkuA4IzgeymFQd0XjwSUacuTAolYJk47d/UWHfXkNY1uYJRbg76MqcboHeStPZg1vKRRx0AYl9CRIEbKhivCvoyboAg8//5w3LmKRDGrcLsyIwst7yWfHImeD4wRs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769437825; c=relaxed/simple; bh=l/fa67HBV5uX6Gdt7JrduYhxUxeS2/+/0g+TUOR714A=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=SbZthQemrWXMaGQYhbO/zfaWufQu8Oaz9o+ohcKiPIRN5SBNdXo1qY4ypi0j2QGxUnUM69uBqV9HZ3dAR2OwIjrQuXQyALC49YV36Hj01ce96RGmdUkAyhl2/VYCUexE+mvvORjgH+Ds0hOTxVsKaR2a/+8b2mNwdf5vCdwQvnc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=Oht62j4v; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Oht62j4v" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1769437823; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RIPQr5EvD0RaYtFXC8NPZPZWU9cXfzbV/hp3jKESUjo=; b=Oht62j4vIdZ7LyhcSsQi0fl5vrsk9TuqVRiOi2RkJAPIZXMDXSej9Kfo8QRTGhljVJZL3K oPlZkoMHAhHBwhowhdC/0PdGI8i6BLf9EFsQzNEJ5hQkvxeT9K9anBE2Mv0Kwk70GPDBXh 1Ey5tAABD4tV0XMOY2hP89yyDeGGyao= Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-259-EhNtqsVGOFmx7X9IOM9gKg-1; Mon, 26 Jan 2026 09:30:18 -0500 X-MC-Unique: EhNtqsVGOFmx7X9IOM9gKg-1 X-Mimecast-MFC-AGG-ID: EhNtqsVGOFmx7X9IOM9gKg_1769437815 Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 88C0218005BF; Mon, 26 Jan 2026 14:30:15 +0000 (UTC) Received: from warthog.procyon.org.uk.com (unknown [10.44.33.164]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id CAC1819560B2; Mon, 26 Jan 2026 14:30:10 +0000 (UTC) From: David Howells To: Lukas Wunner , Ignat Korchagin Cc: David Howells , Jarkko Sakkinen , Herbert Xu , Eric Biggers , Luis Chamberlain , Petr Pavlu , Daniel Gomez , Sami Tolvanen , "Jason A . Donenfeld" , Ard Biesheuvel , Stephan Mueller , linux-crypto@vger.kernel.org, keyrings@vger.kernel.org, linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v15 5/7] pkcs7, x509: Add ML-DSA support Date: Mon, 26 Jan 2026 14:29:26 +0000 Message-ID: <20260126142931.1940586-6-dhowells@redhat.com> In-Reply-To: <20260126142931.1940586-1-dhowells@redhat.com> References: <20260126142931.1940586-1-dhowells@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 Content-Type: text/plain; charset="utf-8" Add support for ML-DSA keys and signatures to the CMS/PKCS#7 and X.509 implementations. ML-DSA-44, -65 and -87 are all supported. For X.509 certificates, the TBSCertificate is required to be signed directly; for CMS, direct signing of the data is preferred, though use of SHA512 (and only tha= t) as an intermediate hash of the content is permitted with signedAttrs. Signed-off-by: David Howells cc: Lukas Wunner cc: Ignat Korchagin cc: Stephan Mueller cc: Eric Biggers cc: Herbert Xu cc: keyrings@vger.kernel.org cc: linux-crypto@vger.kernel.org --- crypto/asymmetric_keys/pkcs7_parser.c | 24 +++++++++++++++++++- crypto/asymmetric_keys/public_key.c | 10 +++++++++ crypto/asymmetric_keys/x509_cert_parser.c | 27 ++++++++++++++++++++++- include/linux/oid_registry.h | 5 +++++ 4 files changed, 64 insertions(+), 2 deletions(-) diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys= /pkcs7_parser.c index 3cdbab3b9f50..594a8f1d9dfb 100644 --- a/crypto/asymmetric_keys/pkcs7_parser.c +++ b/crypto/asymmetric_keys/pkcs7_parser.c @@ -95,11 +95,18 @@ static int pkcs7_check_authattrs(struct pkcs7_message *= msg) if (sinfo->authattrs) { want =3D true; msg->have_authattrs =3D true; + } else if (sinfo->sig->algo_takes_data) { + sinfo->sig->hash_algo =3D "none"; } =20 - for (sinfo =3D sinfo->next; sinfo; sinfo =3D sinfo->next) + for (sinfo =3D sinfo->next; sinfo; sinfo =3D sinfo->next) { if (!!sinfo->authattrs !=3D want) goto inconsistent; + + if (!sinfo->authattrs && + sinfo->sig->algo_takes_data) + sinfo->sig->hash_algo =3D "none"; + } return 0; =20 inconsistent: @@ -297,6 +304,21 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdr= len, ctx->sinfo->sig->pkey_algo =3D "ecrdsa"; ctx->sinfo->sig->encoding =3D "raw"; break; + case OID_id_ml_dsa_44: + ctx->sinfo->sig->pkey_algo =3D "mldsa44"; + ctx->sinfo->sig->encoding =3D "raw"; + ctx->sinfo->sig->algo_takes_data =3D true; + break; + case OID_id_ml_dsa_65: + ctx->sinfo->sig->pkey_algo =3D "mldsa65"; + ctx->sinfo->sig->encoding =3D "raw"; + ctx->sinfo->sig->algo_takes_data =3D true; + break; + case OID_id_ml_dsa_87: + ctx->sinfo->sig->pkey_algo =3D "mldsa87"; + ctx->sinfo->sig->encoding =3D "raw"; + ctx->sinfo->sig->algo_takes_data =3D true; + break; default: printk("Unsupported pkey algo: %u\n", ctx->last_oid); return -ENOPKG; diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/p= ublic_key.c index a46356e0c08b..09a0b83d5d77 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -142,6 +142,16 @@ software_key_determine_akcipher(const struct public_ke= y *pkey, if (strcmp(hash_algo, "streebog256") !=3D 0 && strcmp(hash_algo, "streebog512") !=3D 0) return -EINVAL; + } else if (strcmp(pkey->pkey_algo, "mldsa44") =3D=3D 0 || + strcmp(pkey->pkey_algo, "mldsa65") =3D=3D 0 || + strcmp(pkey->pkey_algo, "mldsa87") =3D=3D 0) { + if (strcmp(encoding, "raw") !=3D 0) + return -EINVAL; + if (!hash_algo) + return -EINVAL; + if (strcmp(hash_algo, "none") !=3D 0 && + strcmp(hash_algo, "sha512") !=3D 0) + return -EINVAL; } else { /* Unknown public key algorithm */ return -ENOPKG; diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_= keys/x509_cert_parser.c index b37cae914987..2fe094f5caf3 100644 --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c @@ -257,6 +257,15 @@ int x509_note_sig_algo(void *context, size_t hdrlen, u= nsigned char tag, case OID_gost2012Signature512: ctx->cert->sig->hash_algo =3D "streebog512"; goto ecrdsa; + case OID_id_ml_dsa_44: + ctx->cert->sig->pkey_algo =3D "mldsa44"; + goto ml_dsa; + case OID_id_ml_dsa_65: + ctx->cert->sig->pkey_algo =3D "mldsa65"; + goto ml_dsa; + case OID_id_ml_dsa_87: + ctx->cert->sig->pkey_algo =3D "mldsa87"; + goto ml_dsa; } =20 rsa_pkcs1: @@ -274,6 +283,12 @@ int x509_note_sig_algo(void *context, size_t hdrlen, u= nsigned char tag, ctx->cert->sig->encoding =3D "x962"; ctx->sig_algo =3D ctx->last_oid; return 0; +ml_dsa: + ctx->cert->sig->algo_takes_data =3D true; + ctx->cert->sig->hash_algo =3D "none"; + ctx->cert->sig->encoding =3D "raw"; + ctx->sig_algo =3D ctx->last_oid; + return 0; } =20 /* @@ -300,7 +315,8 @@ int x509_note_signature(void *context, size_t hdrlen, =20 if (strcmp(ctx->cert->sig->pkey_algo, "rsa") =3D=3D 0 || strcmp(ctx->cert->sig->pkey_algo, "ecrdsa") =3D=3D 0 || - strcmp(ctx->cert->sig->pkey_algo, "ecdsa") =3D=3D 0) { + strcmp(ctx->cert->sig->pkey_algo, "ecdsa") =3D=3D 0 || + strncmp(ctx->cert->sig->pkey_algo, "mldsa", 5) =3D=3D 0) { /* Discard the BIT STRING metadata */ if (vlen < 1 || *(const u8 *)value !=3D 0) return -EBADMSG; @@ -524,6 +540,15 @@ int x509_extract_key_data(void *context, size_t hdrlen, return -ENOPKG; } break; + case OID_id_ml_dsa_44: + ctx->cert->pub->pkey_algo =3D "mldsa44"; + break; + case OID_id_ml_dsa_65: + ctx->cert->pub->pkey_algo =3D "mldsa65"; + break; + case OID_id_ml_dsa_87: + ctx->cert->pub->pkey_algo =3D "mldsa87"; + break; default: return -ENOPKG; } diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h index 6de479ebbe5d..ebce402854de 100644 --- a/include/linux/oid_registry.h +++ b/include/linux/oid_registry.h @@ -145,6 +145,11 @@ enum OID { OID_id_rsassa_pkcs1_v1_5_with_sha3_384, /* 2.16.840.1.101.3.4.3.15 */ OID_id_rsassa_pkcs1_v1_5_with_sha3_512, /* 2.16.840.1.101.3.4.3.16 */ =20 + /* NIST FIPS-204 ML-DSA */ + OID_id_ml_dsa_44, /* 2.16.840.1.101.3.4.3.17 */ + OID_id_ml_dsa_65, /* 2.16.840.1.101.3.4.3.18 */ + OID_id_ml_dsa_87, /* 2.16.840.1.101.3.4.3.19 */ + OID__NR };