Skip to content

Allow ML-DSA roots and intermediates #517

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

Allow ML-DSA roots and intermediates #517

wants to merge 5 commits into from

Conversation

@aarongable
Copy link
Contributor

@aarongable aarongable commented Oct 2, 2025
edited
Loading

Add support for using ML-DSA-65 to generate Pebble's root and intermediate keys and certificates.

This uses Cloudflare's "circl" library to handle generating ML-DSA keys, serializing pubkeys, and generating signatures. Specifically, it uses the mldsa44, mldsa65, and mldsa87 packages, as well as the abstractions provided by the sign and pki packages:

However, the Go stdlib crypto/x509 package does not support using these keys. Although they implement the crypto.Signer interface, the x509 package also needs to be able to map keys to PublicKeyAlgorithm and SignatureAlgorithm OIDs, and does not provide any hooks for crypto.Signers to provide that information. As such, this PR also forks the relevant portions of crypto/x509 (MarshalPKIXPublicKey, CreateCertificate, and ParseCertificate), strips them down to their bare bones, and then adds support for ML-DSA.

@aarongable aarongable changed the base branch from main to ecdsa-chains October 2, 2025 21:25
@aarongable aarongable changed the title Allow ECDSA and ML-DSA roots and intermediates Allow ML-DSA roots and intermediates Oct 2, 2025
@aarongable aarongable mentioned this pull request Oct 2, 2025
Open
@Muzosh
Copy link

Muzosh commented Oct 3, 2025

We may need to fork crypto/x509

Forking individual package from Go's standard library is almost impossible, I tried. See the reason here.

As I already mentioned in golang/go#64537, check out AgiliGo.

@DemiMarie
Copy link

Should this use assembly for the ML-DSA operations to prevent side-channel attacks? Or is that not an issue because production users will use an HSM?

Base automatically changed from ecdsa-chains to main October 3, 2025 18:43
@aarongable
Copy link
Contributor Author

Should this use assembly for the ML-DSA operations to prevent side-channel attacks? Or is that not an issue because production users will use an HSM?

Pebble is not intended for production use; as documented in its README and as demonstrated by the fact that it generates its signing keys on startup and forgets them on shutdown, it is intended for testing and development use only. It's fine if its signing operations are not constant-time.

@aarongable aarongable force-pushed the mldsa-chains branch 3 times, most recently from ab5e064 to 858633f Compare October 7, 2025 20:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@aarongable @Muzosh @DemiMarie