From: Eric Biggers <ebiggers@kernel.org>
To: David Howells <dhowells@redhat.com>
Cc: Lukas Wunner <lukas@wunner.de>,
Ignat Korchagin <ignat@cloudflare.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Luis Chamberlain <mcgrof@kernel.org>,
Petr Pavlu <petr.pavlu@suse.com>,
Daniel Gomez <da.gomez@kernel.org>,
Sami Tolvanen <samitolvanen@google.com>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
Ard Biesheuvel <ardb@kernel.org>,
Stephan Mueller <smueller@chronox.de>,
linux-crypto@vger.kernel.org, keyrings@vger.kernel.org,
linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v11 4/8] modsign: Enable ML-DSA module signing
Date: Tue, 6 Jan 2026 00:10:29 -0800 [thread overview]
Message-ID: <20260106081029.GE2630@sol> (raw)
In-Reply-To: <20260105152145.1801972-5-dhowells@redhat.com>
On Mon, Jan 05, 2026 at 03:21:29PM +0000, David Howells wrote:
> The ML-DSA algorithm uses its own internal choice of digest (SHAKE256)
> without regard to what's specified in the CMS message. This is, in theory,
> configurable, but there's currently no hook in the crypto_sig API to do
> that, though possibly it could be done by parameterising the name of the
> algorithm, e.g. ("mldsa87(sha512)").
The ML-DSA specification specifies the XOFs used. This has nothing to
do with the API.
> +config MODULE_SIG_KEY_TYPE_MLDSA_44
> + bool "ML-DSA (Dilithium) 44"
> + select CRYPTO_MLDSA
> + help
> + Use an ML-DSA (Dilithium) 44 key (NIST FIPS 204) for module signing
> + with a SHAKE256 'hash' of the authenticatedAttributes.
> +
> +config MODULE_SIG_KEY_TYPE_MLDSA_65
> + bool "ML-DSA (Dilithium) 65"
> + select CRYPTO_MLDSA
> + help
> + Use an ML-DSA (Dilithium) 65 key (NIST FIPS 204) for module signing
> + with a SHAKE256 'hash' of the authenticatedAttributes.
> +
> +config MODULE_SIG_KEY_TYPE_MLDSA_87
> + bool "ML-DSA (Dilithium) 87"
> + select CRYPTO_MLDSA
> + help
> + Use an ML-DSA (Dilithium) 87 key (NIST FIPS 204) for module signing
> + with a SHAKE256 'hash' of the authenticatedAttributes.
Kind of weird naming here. We don't have "AES (Rijndael) 256" and
"SHA-3 (Keccak) 512". We have AES-256 and SHA3-256.
Similarly, these should be ML-DSA-44, etc.
Yes, NIST went with boring names instead of the original cool names.
That's just how it is.
Also unclear why the above help text mentions anything about SHAKE256 or
the authenticatedAttributes. That's an implementation detail. (And the
CMS specification calls them signed attributes anyway.)
- Eric
next prev parent reply other threads:[~2026-01-06 8:10 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-05 15:21 [PATCH v11 0/8] x509, pkcs7, crypto: Add ML-DSA and RSASSA-PSS signing David Howells
2026-01-05 15:21 ` [PATCH v11 1/8] crypto: Add ML-DSA crypto_sig support David Howells
2026-01-05 15:21 ` [PATCH v11 2/8] pkcs7: Allow the signing algo to calculate the digest itself David Howells
2026-01-05 20:19 ` Ignat Korchagin
2026-01-07 13:53 ` David Howells
2026-01-07 13:59 ` Ignat Korchagin
2026-01-08 12:59 ` David Howells
2026-01-05 15:21 ` [PATCH v11 3/8] pkcs7, x509: Add ML-DSA support David Howells
2026-01-06 8:02 ` Eric Biggers
2026-01-06 8:22 ` Eric Biggers
2026-01-06 9:37 ` David Howells
2026-01-08 14:38 ` David Howells
2026-01-05 15:21 ` [PATCH v11 4/8] modsign: Enable ML-DSA module signing David Howells
2026-01-06 8:10 ` Eric Biggers [this message]
2026-01-05 15:21 ` [PATCH v11 5/8] crypto: Add supplementary info param to asymmetric key signature verification David Howells
2026-01-07 14:23 ` Ignat Korchagin
2026-01-05 15:21 ` [PATCH v11 6/8] crypto: Add RSASSA-PSS support David Howells
2026-01-07 16:24 ` Ignat Korchagin
2026-01-08 11:29 ` David Howells
2026-01-08 13:15 ` Jarkko Sakkinen
2026-01-08 14:39 ` David Howells
2026-01-05 15:21 ` [PATCH v11 7/8] pkcs7, x509: " David Howells
2026-01-07 16:36 ` Ignat Korchagin
2026-01-08 11:53 ` David Howells
2026-01-05 15:21 ` [PATCH v11 8/8] modsign: Enable RSASSA-PSS module signing David Howells
2026-01-07 16:38 ` Ignat Korchagin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260106081029.GE2630@sol \
--to=ebiggers@kernel.org \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=da.gomez@kernel.org \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=ignat@cloudflare.com \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=mcgrof@kernel.org \
--cc=petr.pavlu@suse.com \
--cc=samitolvanen@google.com \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox