Add support for MLDSA in hsmtool by willyzha · Pull Request #29202 · lowRISC/opentitan

willyzha · 2026-01-28T17:18:39Z

Bumps up cryptoki dep version and adds MLDSA support. Tested against fork of softhsmv2 with MLDSA support on the opentitan-provisioning repo.

cfrantz · 2026-01-28T17:58:11Z

                // Data is a slice of plaintext: hash.
                SignData::Slice(a, b) => Self::data_plain_text(&input[*a..*b]),
            },
+            KeyType::MlDsa => match self {


Does ML-DSA have a notion of input types categorized into signing domains like SLH-DSA does?

If no, then this is the correct way to handle the data preparation.
If yes, then we may need something a bit like the spx_prepare function below.

Yes there is a "pure" and "prehash" version of MLDSA as well. I updated with mldsa_prepare below.

Should we eliminate MlDsa from the prepare function since the mldsa operations should be using mldsa_prepare (and it should be an error to prepare when there is a more specific domain-enabled preparation function).

cfrantz · 2026-01-28T18:10:25Z

It would be nice to add some tests for MLDSA into //sw/host/hsmtool/tests.
That might be somewhat involved, as those tests check for interoperability between hsmtool+SoftHSM and opentitantool. I'm ok with adding tests in a follow-up PR.

willyzha · 2026-01-29T03:00:47Z

It would be nice to add some tests for MLDSA into //sw/host/hsmtool/tests. That might be somewhat involved, as those tests check for interoperability between hsmtool+SoftHSM and opentitantool. I'm ok with adding tests in a follow-up PR.

Yeah, I'll file an issue to add tests for MLDSA, currently softhsmv2 MLDSA is still in a PR softhsm/SoftHSMv2#809 (hopefully merged soon). I think it makes most sense to update the softhsmv2 dependency once MLDSA support is merged.

I only need this change so i can test opentitan-provisioning locally against the softhsmv2 fork.

cfrantz · 2026-02-03T23:31:46Z

+        let val = map
+            .get(&AttributeType::Value)
+            .ok_or(anyhow!("Key does not contain a value"))?;
+        let key_value: Vec<u8> = val.try_into()?;


What (if anything) does the PKCS#11 spec say about the encoding of the Value field?

I see that we're using this as-is later to save the key as either DER or PEM form. This is ok as long as the Value field is already DER encoded.

Ah good catch this is wrong, I was just writing the raw keys to a file which is wrong.

I imported the ml_dsa rust library to perform the encoding to PEM/DER for export

This encode/decode stuff maybe belongs in //sw/host/hsmtool/src/util/key/.... The existing code for ecdsa and rsa has TryFrom implementations that convert between the RustCrypto forms and AttributeMap. This is meant to hide the ugliness of the conversions from the code that implements the command hierarchy.

moved the encode/decode logic to a seperate file under //sw/host/hsmtool/src/util/key/mldsa.rs

cfrantz · 2026-02-03T23:39:13Z

                // Data is a slice of plaintext: hash.
                SignData::Slice(a, b) => Self::data_plain_text(&input[*a..*b]),
            },
+            KeyType::MlDsa => match self {


Should we eliminate MlDsa from the prepare function since the mldsa operations should be using mldsa_prepare (and it should be an error to prepare when there is a more specific domain-enabled preparation function).

timothytrippel · 2026-02-11T06:53:33Z

+
+#[derive(clap::Args, Debug, Serialize, Deserialize)]
+pub struct Export {
+    #[arg(long)]


nit: can you provide doc comments for each parameter?

willyzha · 2026-02-11T23:43:12Z

Rebased my PR onto origin/main to see if that resolves the presubmit failures

Updates the cryptoki crate to version 0.12.0 and cryptoki-sys to 0.5.0. Removes local patches that are now upstreamed and updates the library initialization code to match the new API. Signed-off-by: Willy Zhang <willyzhang@google.com>

Adds commands to generate, export, sign, and verify using the MLDSA algorithm (defaulting to ML-DSA-87). Includes support for exporting CSRs with the correct ML-DSA-87 OID. Signed-off-by: Willy Zhang <willyzhang@google.com>

Signed-off-by: Willy Zhang <willyzhang@google.com>

This updates the PKCS#11 constant generation script to support MLDSA aliases and adds a workaround for handling MLDSA ParameterSet attributes in the hsmtool library. It also adds necessary dependencies to the build file. Signed-off-by: Willy Zhang <willyzhang@google.com>

Signed-off-by: Willy Zhang <willyzhang@google.com>

Moves the MLDSA key encoding and decoding logic from the import/export commands into a dedicated utility module at `sw/host/hsmtool/src/util/key/mldsa.rs`. Signed-off-by: Willy Zhang <willyzhang@google.com>

Signed-off-by: Willy Zhang <willyzhang@google.com>

willyzha requested a review from a team as a code owner January 28, 2026 17:18

willyzha requested review from pamaury and removed request for a team January 28, 2026 17:18

pamaury requested review from cfrantz and jwnrt January 28, 2026 17:21

cfrantz reviewed Jan 28, 2026

View reviewed changes

willyzha force-pushed the mldsa-hsmtool-rebased branch 2 times, most recently from 9147cb3 to 7be7c25 Compare January 29, 2026 02:44

willyzha changed the title ~~Add support for MLDSA87 in hsmtool~~ Add support for MLDSA in hsmtool Jan 29, 2026

willyzha force-pushed the mldsa-hsmtool-rebased branch from 7be7c25 to 7ceb7c3 Compare January 29, 2026 02:53

pamaury reviewed Jan 29, 2026

View reviewed changes

Comment thread sw/host/hsmtool/src/commands/mldsa/generate.rs Outdated

cfrantz reviewed Jan 29, 2026

View reviewed changes

Comment thread sw/host/hsmtool/src/commands/mldsa/sign.rs Outdated

Comment thread sw/host/hsmtool/src/commands/mldsa/sign.rs Outdated

Comment thread sw/host/hsmtool/src/commands/mldsa/generate.rs Outdated

Comment thread sw/host/hsmtool/src/commands/mldsa/generate.rs

willyzha requested a review from cfrantz February 2, 2026 18:58

timothytrippel requested review from pamaury and timothytrippel February 3, 2026 18:33

cfrantz reviewed Feb 3, 2026

View reviewed changes

willyzha requested a review from cfrantz February 4, 2026 19:55

willyzha force-pushed the mldsa-hsmtool-rebased branch from a4d3e70 to 6e782dd Compare February 4, 2026 20:49

timothytrippel approved these changes Feb 11, 2026

View reviewed changes

cfrantz approved these changes Feb 11, 2026

View reviewed changes

willyzha force-pushed the mldsa-hsmtool-rebased branch from 1d35cc6 to 5c0000b Compare February 11, 2026 23:42

willyzha force-pushed the mldsa-hsmtool-rebased branch from 5c0000b to 0fc7316 Compare February 13, 2026 01:14

build(rust): Bump cryptoki to 0.12.0

7505c69

Updates the cryptoki crate to version 0.12.0 and cryptoki-sys to 0.5.0. Removes local patches that are now upstreamed and updates the library initialization code to match the new API. Signed-off-by: Willy Zhang <willyzhang@google.com>

willyzha force-pushed the mldsa-hsmtool-rebased branch from 0fc7316 to 0dc87de Compare February 19, 2026 05:11

Willy Zhang added 3 commits February 18, 2026 21:25

[hsmtool] Add MLDSA support

7e489ba

Adds commands to generate, export, sign, and verify using the MLDSA algorithm (defaulting to ML-DSA-87). Includes support for exporting CSRs with the correct ML-DSA-87 OID. Signed-off-by: Willy Zhang <willyzhang@google.com>

[hsmtool] Configure domain for MLDSA operations

d1844f6

Signed-off-by: Willy Zhang <willyzhang@google.com>

[hsmtool] Fix rust format

46dca35

Signed-off-by: Willy Zhang <willyzhang@google.com>

Willy Zhang added 6 commits February 18, 2026 21:25

[hsmtool] Use ml_dsa crate for key MLDSA encoding and decoding

9c3eb21

Signed-off-by: Willy Zhang <willyzhang@google.com>

[hsmtool] Use enum type for mldsa generate alg input

bee74a1

Signed-off-by: Willy Zhang <willyzhang@google.com>

[hsmtool] Refactor MLDSA key logic to util/key/mldsa

5065ef6

Moves the MLDSA key encoding and decoding logic from the import/export commands into a dedicated utility module at `sw/host/hsmtool/src/util/key/mldsa.rs`. Signed-off-by: Willy Zhang <willyzhang@google.com>

[hsmtool] Add doc comments for all MLDSA commands

85d15f1

Signed-off-by: Willy Zhang <willyzhang@google.com>

[hsmtool] Run rustfmt on mldsa command and util

e4c9ff6

Signed-off-by: Willy Zhang <willyzhang@google.com>

willyzha force-pushed the mldsa-hsmtool-rebased branch from 0dc87de to e4c9ff6 Compare February 19, 2026 05:33

timothytrippel added this pull request to the merge queue Feb 19, 2026

Merged via the queue into lowRISC:master with commit c18f9a2 Feb 19, 2026
46 checks passed

Conversation

willyzha commented Jan 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

cfrantz commented Jan 28, 2026

Uh oh!

willyzha commented Jan 29, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

willyzha commented Feb 11, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

willyzha commented Jan 28, 2026 •

edited

Loading