From: Eric Biggers <ebiggers@kernel.org>
To: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
David Howells <dhowells@redhat.com>,
Eric Biggers <ebiggers@kernel.org>
Subject: [PATCH] lib/crypto: mldsa: Clarify the documentation for mldsa_verify() slightly
Date: Mon, 2 Feb 2026 14:15:52 -0800 [thread overview]
Message-ID: <20260202221552.174341-1-ebiggers@kernel.org> (raw)
mldsa_verify() implements ML-DSA.Verify with ctx='', so document this
more explicitly. Remove the one-liner comment above mldsa_verify()
which was somewhat misleading.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
include/crypto/mldsa.h | 4 +++-
lib/crypto/mldsa.c | 1 -
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/include/crypto/mldsa.h b/include/crypto/mldsa.h
index cf30aef299706..3ef2676787c9e 100644
--- a/include/crypto/mldsa.h
+++ b/include/crypto/mldsa.h
@@ -37,11 +37,13 @@ enum mldsa_alg {
* @pk_len: Length of the public key in bytes. Should match the
* MLDSA*_PUBLIC_KEY_SIZE constant associated with @alg,
* otherwise -EBADMSG will be returned.
*
* This verifies a signature using pure ML-DSA with the specified parameter set.
- * The context string is assumed to be empty.
+ * The context string is assumed to be empty. This corresponds to FIPS 204
+ * Algorithm 3 "ML-DSA.Verify" with the ctx parameter set to the empty string
+ * and the lengths of the signature and key given explicitly by the caller.
*
* Context: Might sleep
*
* Return:
* * 0 if the signature is valid
diff --git a/lib/crypto/mldsa.c b/lib/crypto/mldsa.c
index ba0c0468956e2..c96fddc4e7dcf 100644
--- a/lib/crypto/mldsa.c
+++ b/lib/crypto/mldsa.c
@@ -523,11 +523,10 @@ static size_t encode_w1(u8 out[MAX_W1_ENCODED_LEN],
out[pos++] = w1->x[j] | (w1->x[j + 1] << 4);
}
return pos;
}
-/* Reference: FIPS 204 Section 6.3 "ML-DSA Verifying (Internal)" */
int mldsa_verify(enum mldsa_alg alg, const u8 *sig, size_t sig_len,
const u8 *msg, size_t msg_len, const u8 *pk, size_t pk_len)
{
const struct mldsa_parameter_set *params = &mldsa_parameter_sets[alg];
const int k = params->k, l = params->l;
base-commit: fbfeca74043777b48add294089cd4c4f68ed3377
--
2.52.0
next reply other threads:[~2026-02-02 22:16 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-02 22:15 Eric Biggers [this message]
2026-02-03 21:56 ` [PATCH] lib/crypto: mldsa: Clarify the documentation for mldsa_verify() slightly David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260202221552.174341-1-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.