[{"id":38669,"web_url":"https://patchwork.libcamera.org/comment/38669/","msgid":"","date":"2026-04-29T16:56:55","subject":"Re: [PATCH v2 1/4] libcamera: pub_key: Add ML-DSA-65 signature\n\talgorithm for PQC compliance","submitter":{"id":216,"url":"https://patchwork.libcamera.org/api/people/216/","name":"Barnabás Pőcze","email":"barnabas.pocze@ideasonboard.com"},"content":"Hi\n\n2026. 04. 22. 6:47 keltezéssel, Kate Hsuan írta:\n> As quantum computing advances, traditional signature algorithms are\n> becoming vulnerable. To ensure long-term data security, this change\n> implements ML-DSA-65, the primary Post-Quantum Cryptography (PQC)\n> standard finalized by NIST. This addition prepares for the transition\n> away from RSA, which is slated for deprecation by 2035.\n> \n> Link: https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria)\n> Link: https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8547.ipd.pdf\n> Signed-off-by: Kate Hsuan \n> ---\n\nOne thing that I believe is worth discussing is whether to keep the RSA\nsignature at all? I have no checked yet, but if at least the platforms in\nthe CI all support the PQ signature, then I think there is not much point\nin keeping RSA?\n\n\n> src/libcamera/pub_key.cpp | 53 ++++++++++++++++++++++++++++++++++++---\n> 1 file changed, 50 insertions(+), 3 deletions(-)\n> \n> diff --git a/src/libcamera/pub_key.cpp b/src/libcamera/pub_key.cpp\n> index f1d73a5c..71c1900b 100644\n> --- a/src/libcamera/pub_key.cpp\n> +++ b/src/libcamera/pub_key.cpp\n> @@ -14,8 +14,13 @@\n> #include \n> #elif HAVE_GNUTLS\n> #include \n> +#include \n> #endif\n> \n> +#include \"libcamera/internal/pub_key.h\"\n> +#include \n> +#include \n> +\n> /**\n> * \\file pub_key.h\n> * \\brief Public key signature verification\n> @@ -23,17 +28,24 @@\n> \n> namespace libcamera {\n> \n> +LOG_DEFINE_CATEGORY(PubKey);\n> /**\n> * \\class PubKey\n> * \\brief Public key wrapper for signature verification\n> *\n> * The PubKey class wraps a public key and implements signature verification. It\n> - * only supports RSA keys and the RSA-SHA256 signature algorithm.\n> + * supports RSA keys with the RSA-SHA256 signature algorithm, or ML-DSA-65 keys\n> + * as specified in NIST FIPS 204. The signature algorithm is determined in\n> + * compile time.\n> */\n> \n> /**\n> * \\brief Construct a PubKey from key data\n> * \\param[in] key Key data encoded in DER format\n> + *\n> + * The signature algorithm is determined in the compile\n> + * Supported key types are RSA (verified with RSA-SHA256) and ML-DSA-65\n> + * (verified as ML-DSA-65 according to FIPS 204).\n> */\n> PubKey::PubKey([[maybe_unused]] Span key)\n> \t: valid_(false)\n> @@ -83,7 +95,8 @@ PubKey::~PubKey()\n> * \\param[in] sig The signature\n> *\n> * Verify that the signature \\a sig matches the signed \\a data for the public\n> - * key. The signture algorithm is hardcoded to RSA-SHA256.\n> + * key. The signature algorithm is determined in compile time. RSA keys use\n> + * RSA-SHA256, while ML-DSA keys use ML-DSA-65 mentioned in FIPS 204.\n> *\n> * \\return True if the signature is valid, false otherwise\n> */\n> @@ -94,6 +107,29 @@ bool PubKey::verify([[maybe_unused]] Span data,\n> \t\treturn false;\n> \n> #if HAVE_CRYPTO\n> +\n> +#if WITH_PQC\n> +\t/* ML-DSA */\n> +\tEVP_MD_CTX *ctx_dsa = EVP_MD_CTX_new();\n\nI think this can be called `ctx` just like for rsa.\n\n\n> +\tif (!ctx_dsa) {\n> +\t\tLOG(PubKey, Error) << \"Initialize context for ML-DSA failed\";\n> +\t\treturn false;\n> +\t}\n\nI'd add\n\n utils::scope_exit ctxGuard([&] { EVP_MD_CTX_free(ctx_dsa); });\n\nhere and drop the manual calls.\n\n\n> +\n> +\tif (EVP_DigestVerifyInit(ctx_dsa, nullptr, nullptr, nullptr,\n> +\t\t\t\t pubkey_) <= 0) {\n> +\t\tEVP_MD_CTX_free(ctx_dsa);\n> +\t\tLOG(PubKey, Error) << \"Initialize ML-DSA verification failed\";\n> +\t\treturn false;\n> +\t}\n> +\n> +\tint ret = EVP_DigestVerify(ctx_dsa, sig.data(), sig.size(),\n> +\t\t\t\t data.data(), data.size());\n> +\tEVP_MD_CTX_free(ctx_dsa);\n> +\treturn ret == 1;\n> +#else\n> +\t/* RSA with SHA-256 */\n> +\n> \t/*\n> \t * Create and initialize a public key algorithm context for signature\n> \t * verification.\n> @@ -117,7 +153,10 @@ bool PubKey::verify([[maybe_unused]] Span data,\n> \tint ret = EVP_PKEY_verify(ctx, sig.data(), sig.size(), digest,\n> \t\t\t\t SHA256_DIGEST_LENGTH);\n> \tEVP_PKEY_CTX_free(ctx);\n> +\n> \treturn ret == 1;\n> +#endif\n> +\n> #elif HAVE_GNUTLS\n> \tconst gnutls_datum_t gnuTlsData{\n> \t\tconst_cast(data.data()),\n> @@ -129,9 +168,17 @@ bool PubKey::verify([[maybe_unused]] Span data,\n> \t\tstatic_cast(sig.size())\n> \t};\n> \n> -\tint ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_RSA_SHA256, 0,\n> +#if WITH_PQC\n> +\tint ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_MLDSA65, 0,\n> \t\t\t\t\t &gnuTlsData, &gnuTlsSig);\n> +\n> \treturn ret >= 0;\n> +#else\n> +\tint ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_RSA_SHA256,\n> +\t\t\t\t\t 0, &gnuTlsData, &gnuTlsSig);\n> +\n> +\treturn ret >= 0;\n> +#endif\n> #else\n> \treturn false;\n> #endif\n\n\nRegards,\nBarnabás Pőcze","headers":{"Return-Path":"","X-Original-To":"parsemail@patchwork.libcamera.org","Delivered-To":"parsemail@patchwork.libcamera.org","Received":["from lancelot.ideasonboard.com (lancelot.ideasonboard.com\n\t[92.243.16.209])\n\tby patchwork.libcamera.org (Postfix) with ESMTPS id B59CEBDCB5\n\tfor ;\n\tWed, 29 Apr 2026 16:57:01 +0000 (UTC)","from lancelot.ideasonboard.com (localhost [IPv6:::1])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTP id B500B62FDA;\n\tWed, 29 Apr 2026 18:57:00 +0200 (CEST)","from perceval.ideasonboard.com (perceval.ideasonboard.com\n\t[IPv6:2001:4b98:dc2:55:216:3eff:fef7:d647])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 617C162010\n\tfor ;\n\tWed, 29 Apr 2026 18:56:59 +0200 (CEST)","from [192.168.33.70] (185.221.140.120.nat.pool.zt.hu\n\t[185.221.140.120])\n\tby perceval.ideasonboard.com (Postfix) with ESMTPSA id 610E2227;\n\tWed, 29 Apr 2026 18:55:15 +0200 (CEST)"],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (1024-bit key;\n\tunprotected) header.d=ideasonboard.com header.i=@ideasonboard.com\n\theader.b=\"tzeaCYJc\"; dkim-atps=neutral","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;\n\ts=mail; t=1777481715;\n\tbh=AR1r4YuPl3uhOASH/RtZRxGk6BF7MYJ8DyLKrFzebok=;\n\th=Date:Subject:To:References:From:In-Reply-To:From;\n\tb=tzeaCYJchzq6PLXWINK95YIaX0A7OkmQ9kcvMBKTNgtWFhASnH4AMGiS85GpAEO+M\n\t+KbgV4trZMiG65regYFfgsuqW3Hg6Rir/jb8yZbxuSmcHEdVBrIyElE6oJGe4YqlMf\n\teM1RuZYjLtOTib0ie2R0qov6L1Ij12u1El9Bm/VA=","Message-ID":"","Date":"Wed, 29 Apr 2026 18:56:55 +0200","MIME-Version":"1.0","User-Agent":"Mozilla Thunderbird","Subject":"Re: [PATCH v2 1/4] libcamera: pub_key: Add ML-DSA-65 signature\n\talgorithm for PQC compliance","To":"Kate Hsuan , libcamera-devel@lists.libcamera.org","References":"<20260422044736.24717-1-hpa@redhat.com>\n\t<20260422044736.24717-2-hpa@redhat.com>","From":"=?utf-8?q?Barnab=C3=A1s_P=C5=91cze?= ","Content-Language":"en-US, hu-HU","In-Reply-To":"<20260422044736.24717-2-hpa@redhat.com>","Content-Type":"text/plain; charset=UTF-8; format=flowed","Content-Transfer-Encoding":"8bit","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Errors-To":"libcamera-devel-bounces@lists.libcamera.org","Sender":"\"libcamera-devel\" "}},{"id":38671,"web_url":"https://patchwork.libcamera.org/comment/38671/","msgid":"<20260429203658.GC132396@killaraus.ideasonboard.com>","date":"2026-04-29T20:36:58","subject":"Re: [PATCH v2 1/4] libcamera: pub_key: Add ML-DSA-65 signature\n\talgorithm for PQC compliance","submitter":{"id":2,"url":"https://patchwork.libcamera.org/api/people/2/","name":"Laurent Pinchart","email":"laurent.pinchart@ideasonboard.com"},"content":"On Wed, Apr 29, 2026 at 06:56:55PM +0200, Barnabás Pőcze wrote:\n> 2026. 04. 22. 6:47 keltezéssel, Kate Hsuan írta:\n> > As quantum computing advances, traditional signature algorithms are\n> > becoming vulnerable. To ensure long-term data security, this change\n> > implements ML-DSA-65, the primary Post-Quantum Cryptography (PQC)\n> > standard finalized by NIST. This addition prepares for the transition\n> > away from RSA, which is slated for deprecation by 2035.\n> > \n> > Link: https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria)\n> > Link: https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8547.ipd.pdf\n> > Signed-off-by: Kate Hsuan \n> > ---\n> \n> One thing that I believe is worth discussing is whether to keep the RSA\n> signature at all? I have no checked yet, but if at least the platforms in\n> the CI all support the PQ signature, then I think there is not much point\n> in keeping RSA?\n\nIf ML-DSA-65 iss supported in all versions of openssl and gnutls shipped\nby recent-enough major distributions (that's more or less all the active\nLTS), then I think we can ditch RSA.\n\n> > src/libcamera/pub_key.cpp | 53 ++++++++++++++++++++++++++++++++++++---\n> > 1 file changed, 50 insertions(+), 3 deletions(-)\n> > \n> > diff --git a/src/libcamera/pub_key.cpp b/src/libcamera/pub_key.cpp\n> > index f1d73a5c..71c1900b 100644\n> > --- a/src/libcamera/pub_key.cpp\n> > +++ b/src/libcamera/pub_key.cpp\n> > @@ -14,8 +14,13 @@\n> > #include \n> > #elif HAVE_GNUTLS\n> > #include \n> > +#include \n> > #endif\n> > \n> > +#include \"libcamera/internal/pub_key.h\"\n> > +#include \n> > +#include \n> > +\n> > /**\n> > * \\file pub_key.h\n> > * \\brief Public key signature verification\n> > @@ -23,17 +28,24 @@\n> > \n> > namespace libcamera {\n> > \n> > +LOG_DEFINE_CATEGORY(PubKey);\n> > /**\n> > * \\class PubKey\n> > * \\brief Public key wrapper for signature verification\n> > *\n> > * The PubKey class wraps a public key and implements signature verification. It\n> > - * only supports RSA keys and the RSA-SHA256 signature algorithm.\n> > + * supports RSA keys with the RSA-SHA256 signature algorithm, or ML-DSA-65 keys\n> > + * as specified in NIST FIPS 204. The signature algorithm is determined in\n> > + * compile time.\n> > */\n> > \n> > /**\n> > * \\brief Construct a PubKey from key data\n> > * \\param[in] key Key data encoded in DER format\n> > + *\n> > + * The signature algorithm is determined in the compile\n> > + * Supported key types are RSA (verified with RSA-SHA256) and ML-DSA-65\n> > + * (verified as ML-DSA-65 according to FIPS 204).\n> > */\n> > PubKey::PubKey([[maybe_unused]] Span key)\n> > \t: valid_(false)\n> > @@ -83,7 +95,8 @@ PubKey::~PubKey()\n> > * \\param[in] sig The signature\n> > *\n> > * Verify that the signature \\a sig matches the signed \\a data for the public\n> > - * key. The signture algorithm is hardcoded to RSA-SHA256.\n> > + * key. The signature algorithm is determined in compile time. RSA keys use\n> > + * RSA-SHA256, while ML-DSA keys use ML-DSA-65 mentioned in FIPS 204.\n> > *\n> > * \\return True if the signature is valid, false otherwise\n> > */\n> > @@ -94,6 +107,29 @@ bool PubKey::verify([[maybe_unused]] Span data,\n> > \t\treturn false;\n> > \n> > #if HAVE_CRYPTO\n> > +\n> > +#if WITH_PQC\n> > +\t/* ML-DSA */\n> > +\tEVP_MD_CTX *ctx_dsa = EVP_MD_CTX_new();\n> \n> I think this can be called `ctx` just like for rsa.\n> \n> \n> > +\tif (!ctx_dsa) {\n> > +\t\tLOG(PubKey, Error) << \"Initialize context for ML-DSA failed\";\n> > +\t\treturn false;\n> > +\t}\n> \n> I'd add\n> \n> utils::scope_exit ctxGuard([&] { EVP_MD_CTX_free(ctx_dsa); });\n> \n> here and drop the manual calls.\n> \n> \n> > +\n> > +\tif (EVP_DigestVerifyInit(ctx_dsa, nullptr, nullptr, nullptr,\n> > +\t\t\t\t pubkey_) <= 0) {\n> > +\t\tEVP_MD_CTX_free(ctx_dsa);\n> > +\t\tLOG(PubKey, Error) << \"Initialize ML-DSA verification failed\";\n> > +\t\treturn false;\n> > +\t}\n> > +\n> > +\tint ret = EVP_DigestVerify(ctx_dsa, sig.data(), sig.size(),\n> > +\t\t\t\t data.data(), data.size());\n> > +\tEVP_MD_CTX_free(ctx_dsa);\n> > +\treturn ret == 1;\n> > +#else\n> > +\t/* RSA with SHA-256 */\n> > +\n> > \t/*\n> > \t * Create and initialize a public key algorithm context for signature\n> > \t * verification.\n> > @@ -117,7 +153,10 @@ bool PubKey::verify([[maybe_unused]] Span data,\n> > \tint ret = EVP_PKEY_verify(ctx, sig.data(), sig.size(), digest,\n> > \t\t\t\t SHA256_DIGEST_LENGTH);\n> > \tEVP_PKEY_CTX_free(ctx);\n> > +\n> > \treturn ret == 1;\n> > +#endif\n> > +\n> > #elif HAVE_GNUTLS\n> > \tconst gnutls_datum_t gnuTlsData{\n> > \t\tconst_cast(data.data()),\n> > @@ -129,9 +168,17 @@ bool PubKey::verify([[maybe_unused]] Span data,\n> > \t\tstatic_cast(sig.size())\n> > \t};\n> > \n> > -\tint ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_RSA_SHA256, 0,\n> > +#if WITH_PQC\n> > +\tint ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_MLDSA65, 0,\n> > \t\t\t\t\t &gnuTlsData, &gnuTlsSig);\n> > +\n> > \treturn ret >= 0;\n> > +#else\n> > +\tint ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_RSA_SHA256,\n> > +\t\t\t\t\t 0, &gnuTlsData, &gnuTlsSig);\n> > +\n> > +\treturn ret >= 0;\n> > +#endif\n> > #else\n> > \treturn false;\n> > #endif","headers":{"Return-Path":"","X-Original-To":"parsemail@patchwork.libcamera.org","Delivered-To":"parsemail@patchwork.libcamera.org","Received":["from lancelot.ideasonboard.com (lancelot.ideasonboard.com\n\t[92.243.16.209])\n\tby patchwork.libcamera.org (Postfix) with ESMTPS id B5F3CBDCB5\n\tfor ;\n\tWed, 29 Apr 2026 20:37:02 +0000 (UTC)","from lancelot.ideasonboard.com (localhost [IPv6:::1])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTP id D531762FDC;\n\tWed, 29 Apr 2026 22:37:01 +0200 (CEST)","from perceval.ideasonboard.com (perceval.ideasonboard.com\n\t[IPv6:2001:4b98:dc2:55:216:3eff:fef7:d647])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 4CA5E62010\n\tfor ;\n\tWed, 29 Apr 2026 22:37:00 +0200 (CEST)","from killaraus.ideasonboard.com\n\t(2001-14ba-703d-e500--2a1.rev.dnainternet.fi\n\t[IPv6:2001:14ba:703d:e500::2a1])\n\tby perceval.ideasonboard.com (Postfix) with ESMTPSA id 4F2D58F;\n\tWed, 29 Apr 2026 22:35:16 +0200 (CEST)"],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (1024-bit key;\n\tunprotected) header.d=ideasonboard.com header.i=@ideasonboard.com\n\theader.b=\"TBwJEIXk\"; dkim-atps=neutral","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;\n\ts=mail; t=1777494916;\n\tbh=Cdl7Hf1JOUvYAuO/Z8rclKXfFz/SAPvsHeLBX6YqPEE=;\n\th=Date:From:To:Cc:Subject:References:In-Reply-To:From;\n\tb=TBwJEIXkgW82KnEHQqq0CIJm7GCFlYNMZ/7mLc4/qhmdvQqr7bm6Tf7QnhMLSOsxu\n\tgdVCSyb2Qa81aKRsVDb7BATHvWwdGB1fT2gXcvjFzMC+eLU0SseWs26cwTmBjbUOjW\n\t05YGsHZndFOoAPXGeIrrv48cr8OSbfvKAZmSnpmU=","Date":"Wed, 29 Apr 2026 23:36:58 +0300","From":"Laurent Pinchart ","To":"=?utf-8?q?Barnab=C3=A1s_P=C5=91cze?= ","Cc":"Kate Hsuan , libcamera-devel@lists.libcamera.org","Subject":"Re: [PATCH v2 1/4] libcamera: pub_key: Add ML-DSA-65 signature\n\talgorithm for PQC compliance","Message-ID":"<20260429203658.GC132396@killaraus.ideasonboard.com>","References":"<20260422044736.24717-1-hpa@redhat.com>\n\t<20260422044736.24717-2-hpa@redhat.com>\n\t","MIME-Version":"1.0","Content-Type":"text/plain; charset=utf-8","Content-Disposition":"inline","Content-Transfer-Encoding":"8bit","In-Reply-To":"","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Errors-To":"libcamera-devel-bounces@lists.libcamera.org","Sender":"\"libcamera-devel\" "}},{"id":38683,"web_url":"https://patchwork.libcamera.org/comment/38683/","msgid":"","date":"2026-05-04T03:58:40","subject":"Re: [PATCH v2 1/4] libcamera: pub_key: Add ML-DSA-65 signature\n\talgorithm for PQC compliance","submitter":{"id":105,"url":"https://patchwork.libcamera.org/api/people/105/","name":"Kate Hsuan","email":"hpa@redhat.com"},"content":"Hi Laurent,\n\nOn Thu, Apr 30, 2026 at 4:37 AM Laurent Pinchart\n wrote:\n>\n> On Wed, Apr 29, 2026 at 06:56:55PM +0200, Barnabás Pőcze wrote:\n> > 2026. 04. 22. 6:47 keltezéssel, Kate Hsuan írta:\n> > > As quantum computing advances, traditional signature algorithms are\n> > > becoming vulnerable. To ensure long-term data security, this change\n> > > implements ML-DSA-65, the primary Post-Quantum Cryptography (PQC)\n> > > standard finalized by NIST. This addition prepares for the transition\n> > > away from RSA, which is slated for deprecation by 2035.\n> > >\n> > > Link: https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria)\n> > > Link: https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8547.ipd.pdf\n> > > Signed-off-by: Kate Hsuan \n> > > ---\n> >\n> > One thing that I believe is worth discussing is whether to keep the RSA\n> > signature at all? I have no checked yet, but if at least the platforms in\n> > the CI all support the PQ signature, then I think there is not much point\n> > in keeping RSA?\n>\n> If ML-DSA-65 iss supported in all versions of openssl and gnutls shipped\n> by recent-enough major distributions (that's more or less all the active\n> LTS), then I think we can ditch RSA.\n\n\nOpenssl started to ship PQC in OpenSSL 3.5.0 [8 Apr 2025]\nhttps://github.com/openssl/openssl/blob/69e54bee8d89f6703eaeca5f4c8b6a8822161c64/NEWS.md?plain=1#L306\ngnutls started to ship PQC in release 3.8.9 (released 2025-02-07)\nhttps://github.com/gnutls/gnutls/blob/eb55810053382a6fbce7d62d245e98fca659b374/NEWS#L365\n\nThe latest releases of both gnutls and openssl are available in Fedora 43.\nPQC can also be found in Ubuntu 26.04 LTS and Debian 13\n\nSo, Okay, I'll drop RSA in the v3 patch.\n\n\n>\n> > > src/libcamera/pub_key.cpp | 53 ++++++++++++++++++++++++++++++++++++---\n> > > 1 file changed, 50 insertions(+), 3 deletions(-)\n> > >\n> > > diff --git a/src/libcamera/pub_key.cpp b/src/libcamera/pub_key.cpp\n> > > index f1d73a5c..71c1900b 100644\n> > > --- a/src/libcamera/pub_key.cpp\n> > > +++ b/src/libcamera/pub_key.cpp\n> > > @@ -14,8 +14,13 @@\n> > > #include \n> > > #elif HAVE_GNUTLS\n> > > #include \n> > > +#include \n> > > #endif\n> > >\n> > > +#include \"libcamera/internal/pub_key.h\"\n> > > +#include \n> > > +#include \n> > > +\n> > > /**\n> > > * \\file pub_key.h\n> > > * \\brief Public key signature verification\n> > > @@ -23,17 +28,24 @@\n> > >\n> > > namespace libcamera {\n> > >\n> > > +LOG_DEFINE_CATEGORY(PubKey);\n> > > /**\n> > > * \\class PubKey\n> > > * \\brief Public key wrapper for signature verification\n> > > *\n> > > * The PubKey class wraps a public key and implements signature verification. It\n> > > - * only supports RSA keys and the RSA-SHA256 signature algorithm.\n> > > + * supports RSA keys with the RSA-SHA256 signature algorithm, or ML-DSA-65 keys\n> > > + * as specified in NIST FIPS 204. The signature algorithm is determined in\n> > > + * compile time.\n> > > */\n> > >\n> > > /**\n> > > * \\brief Construct a PubKey from key data\n> > > * \\param[in] key Key data encoded in DER format\n> > > + *\n> > > + * The signature algorithm is determined in the compile\n> > > + * Supported key types are RSA (verified with RSA-SHA256) and ML-DSA-65\n> > > + * (verified as ML-DSA-65 according to FIPS 204).\n> > > */\n> > > PubKey::PubKey([[maybe_unused]] Span key)\n> > > : valid_(false)\n> > > @@ -83,7 +95,8 @@ PubKey::~PubKey()\n> > > * \\param[in] sig The signature\n> > > *\n> > > * Verify that the signature \\a sig matches the signed \\a data for the public\n> > > - * key. The signture algorithm is hardcoded to RSA-SHA256.\n> > > + * key. The signature algorithm is determined in compile time. RSA keys use\n> > > + * RSA-SHA256, while ML-DSA keys use ML-DSA-65 mentioned in FIPS 204.\n> > > *\n> > > * \\return True if the signature is valid, false otherwise\n> > > */\n> > > @@ -94,6 +107,29 @@ bool PubKey::verify([[maybe_unused]] Span data,\n> > > return false;\n> > >\n> > > #if HAVE_CRYPTO\n> > > +\n> > > +#if WITH_PQC\n> > > + /* ML-DSA */\n> > > + EVP_MD_CTX *ctx_dsa = EVP_MD_CTX_new();\n> >\n> > I think this can be called `ctx` just like for rsa.\n> >\n> >\n> > > + if (!ctx_dsa) {\n> > > + LOG(PubKey, Error) << \"Initialize context for ML-DSA failed\";\n> > > + return false;\n> > > + }\n> >\n> > I'd add\n> >\n> > utils::scope_exit ctxGuard([&] { EVP_MD_CTX_free(ctx_dsa); });\n> >\n> > here and drop the manual calls.\n> >\n> >\n> > > +\n> > > + if (EVP_DigestVerifyInit(ctx_dsa, nullptr, nullptr, nullptr,\n> > > + pubkey_) <= 0) {\n> > > + EVP_MD_CTX_free(ctx_dsa);\n> > > + LOG(PubKey, Error) << \"Initialize ML-DSA verification failed\";\n> > > + return false;\n> > > + }\n> > > +\n> > > + int ret = EVP_DigestVerify(ctx_dsa, sig.data(), sig.size(),\n> > > + data.data(), data.size());\n> > > + EVP_MD_CTX_free(ctx_dsa);\n> > > + return ret == 1;\n> > > +#else\n> > > + /* RSA with SHA-256 */\n> > > +\n> > > /*\n> > > * Create and initialize a public key algorithm context for signature\n> > > * verification.\n> > > @@ -117,7 +153,10 @@ bool PubKey::verify([[maybe_unused]] Span data,\n> > > int ret = EVP_PKEY_verify(ctx, sig.data(), sig.size(), digest,\n> > > SHA256_DIGEST_LENGTH);\n> > > EVP_PKEY_CTX_free(ctx);\n> > > +\n> > > return ret == 1;\n> > > +#endif\n> > > +\n> > > #elif HAVE_GNUTLS\n> > > const gnutls_datum_t gnuTlsData{\n> > > const_cast(data.data()),\n> > > @@ -129,9 +168,17 @@ bool PubKey::verify([[maybe_unused]] Span data,\n> > > static_cast(sig.size())\n> > > };\n> > >\n> > > - int ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_RSA_SHA256, 0,\n> > > +#if WITH_PQC\n> > > + int ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_MLDSA65, 0,\n> > > &gnuTlsData, &gnuTlsSig);\n> > > +\n> > > return ret >= 0;\n> > > +#else\n> > > + int ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_RSA_SHA256,\n> > > + 0, &gnuTlsData, &gnuTlsSig);\n> > > +\n> > > + return ret >= 0;\n> > > +#endif\n> > > #else\n> > > return false;\n> > > #endif\n>\n> --\n> Regards,\n>\n> Laurent Pinchart\n>","headers":{"Return-Path":"","X-Original-To":"parsemail@patchwork.libcamera.org","Delivered-To":"parsemail@patchwork.libcamera.org","Received":["from lancelot.ideasonboard.com (lancelot.ideasonboard.com\n\t[92.243.16.209])\n\tby patchwork.libcamera.org (Postfix) with ESMTPS id 9A3A6BE173\n\tfor ;\n\tMon, 4 May 2026 03:58:58 +0000 (UTC)","from lancelot.ideasonboard.com (localhost [IPv6:::1])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTP id AC3C66301A;\n\tMon, 4 May 2026 05:58:57 +0200 (CEST)","from us-smtp-delivery-124.mimecast.com\n\t(us-smtp-delivery-124.mimecast.com [170.10.133.124])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 1E81B62E6A\n\tfor ;\n\tMon, 4 May 2026 05:58:56 +0200 (CEST)","from mail-oo1-f70.google.com (mail-oo1-f70.google.com\n\t[209.85.161.70]) by relay.mimecast.com with ESMTP with STARTTLS\n\t(version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id\n\tus-mta-674-Vq0ZewpaMhq2te8uelztQQ-1; Sun, 03 May 2026 23:58:53 -0400","by mail-oo1-f70.google.com with SMTP id\n\t006d021491bc7-6961163ad6aso7220471eaf.1\n\tfor ;\n\tSun, 03 May 2026 20:58:53 -0700 (PDT)"],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (1024-bit key;\n\tunprotected) header.d=redhat.com header.i=@redhat.com\n\theader.b=\"DaLeY2T2\"; dkim-atps=neutral","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n\ts=mimecast20190719; t=1777867134;\n\th=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n\tto:to:cc:cc:mime-version:mime-version:content-type:content-type:\n\tcontent-transfer-encoding:content-transfer-encoding:\n\tin-reply-to:in-reply-to:references:references;\n\tbh=5IsDLWezAROUR27L1E03x00Frt6OBE+97lQgfMzvmCQ=;\n\tb=DaLeY2T2cm174pIio9auMPFNQXGu4CWuaLb2RzS5Ia8eTp46PFjl+7AOj0cNtpv1MSb4yH\n\tBjEp/HfTwGwZDYDGJfCBI49HyFRv5hHmQwXNkT5Nx6QZJJ3Na79Qy3wGT5pyplMSPnU95D\n\tS2jRLwgXAG15wHsQ2DoMDnL6hRcKtvA=","X-MC-Unique":"Vq0ZewpaMhq2te8uelztQQ-1","X-Mimecast-MFC-AGG-ID":"Vq0ZewpaMhq2te8uelztQQ_1777867133","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20251104; t=1777867133; x=1778471933;\n\th=content-transfer-encoding:cc:to:subject:message-id:date:from\n\t:in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from\n\t:to:cc:subject:date:message-id:reply-to;\n\tbh=5IsDLWezAROUR27L1E03x00Frt6OBE+97lQgfMzvmCQ=;\n\tb=rNN0e7tdK3K1SijkCaYFpX6RqeV/id2lHIJpr5AhorWg8jnCK1mNiHoiUgzNW1iGAN\n\tEVQo1ixOaFsniH5KBH16AW5ZsEBXy8y97eCkgibFbMAlTWfbnJLt0whbI71aBG4FhOGr\n\tenwiL6zgABWWbG+pVJ2SPurbTh8sgDSVjtPnrsAMf5gE7MCcfIT5i+BKBtn5yC6DZnac\n\tXkqYgKwXzWGTLLSo4kZPkUo9InPhSaKxTo3+WP3ZX0QLkgiGEzKhlOjdf6pJW1I9m5pt\n\t56wPNKZfvvRoNen/Bk2rctcwgkNxwnGIRjleuS7p6nQ9rvdAFegPYnXVH2pu0bHd7yiL\n\t3rNg==","X-Forwarded-Encrypted":"i=1;\n\tAFNElJ/Beq/idCXW5OeKAcr3harhU2quvJA7/bpWkM8K51TZhspYDqEYVko8WJdz2NrbCxvy6Ye2uZ0t5JynwPhA7xM=@lists.libcamera.org","X-Gm-Message-State":"AOJu0YzcyWITKSbckAuNRDmceRNSaObC7aHM0LJ5l3Emz5QT1cJymB5j\n\tz9FwwN1HtyDkT5i8F1Nf6kao095c4GPbthpE57TS1tjliRqFUgSAb1Dl4H8iCsnA0sfYd0hZM1O\n\tXtbfJA1g65YeoB7GdqTfLZwtrz5aLiXFXVHTg1MWu4U6eYETMX7Qnxosf/+HiWZW3TLw9iXYfdL\n\t39pLUULxa3FI+Mm+/b38+KzCwge4tSZYKMPkyKZwDwV1Vae++tXg==","X-Gm-Gg":"AeBDievNGhyybuOOR5YirHSh3+zyVyU5E2c5yThcAE4jUPx0mCcpE+uNJIypPXezLyV\n\t05k//ZLGxn05K+kXAcQASmA2i1FT1je/vbmUBV+TkQjSepS3ZjARCr3yu4Bq1GHQuaG/dB/IPKy\n\tWJkKRrYRRz63mVQvDGB6tezFgT42ryxuRhCxJ2RcrgxoHUpI+Kg6QqwL67RB8UhFyf7w6orGOuB\n\tokPwIix0kQvy0pO","X-Received":["by 2002:a05:6820:1988:b0:696:6fcb:21f1 with SMTP id\n\t006d021491bc7-69697e2ab86mr3791037eaf.52.1777867132818; \n\tSun, 03 May 2026 20:58:52 -0700 (PDT)","by 2002:a05:6820:1988:b0:696:6fcb:21f1 with SMTP id\n\t006d021491bc7-69697e2ab86mr3791020eaf.52.1777867132180;\n\tSun, 03 May 2026 20:58:52 -0700 (PDT)"],"MIME-Version":"1.0","References":"<20260422044736.24717-1-hpa@redhat.com>\n\t<20260422044736.24717-2-hpa@redhat.com>\n\t\n\t<20260429203658.GC132396@killaraus.ideasonboard.com>","In-Reply-To":"<20260429203658.GC132396@killaraus.ideasonboard.com>","From":"Kate Hsuan ","Date":"Mon, 4 May 2026 11:58:40 +0800","X-Gm-Features":"AVHnY4JSX--TmeMb4j90GLStePTcxTd_UltHnvKLTrlxYvMfPO9UY4aOEjZnhcY","Message-ID":"","Subject":"Re: [PATCH v2 1/4] libcamera: pub_key: Add ML-DSA-65 signature\n\talgorithm for PQC compliance","To":"Laurent Pinchart ","Cc":"=?utf-8?q?Barnab=C3=A1s_P=C5=91cze?= ,\n\tlibcamera-devel@lists.libcamera.org","X-Mimecast-Spam-Score":"0","X-Mimecast-MFC-PROC-ID":"fuoT-15zGdGwv28zGyuGMZM0qkyCvQstRPOzUuG2MAQ_1777867133","X-Mimecast-Originator":"redhat.com","Content-Type":"text/plain; charset=\"UTF-8\"","Content-Transfer-Encoding":"quoted-printable","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Errors-To":"libcamera-devel-bounces@lists.libcamera.org","Sender":"\"libcamera-devel\" "}},{"id":38687,"web_url":"https://patchwork.libcamera.org/comment/38687/","msgid":"","date":"2026-05-04T07:49:24","subject":"Re: [PATCH v2 1/4] libcamera: pub_key: Add ML-DSA-65 signature\n\talgorithm for PQC compliance","submitter":{"id":216,"url":"https://patchwork.libcamera.org/api/people/216/","name":"Barnabás Pőcze","email":"barnabas.pocze@ideasonboard.com"},"content":"2026. 05. 04. 5:58 keltezéssel, Kate Hsuan írta:\n> Hi Laurent,\n> \n> On Thu, Apr 30, 2026 at 4:37 AM Laurent Pinchart\n> wrote:\n>>\n>> On Wed, Apr 29, 2026 at 06:56:55PM +0200, Barnabás Pőcze wrote:\n>>> 2026. 04. 22. 6:47 keltezéssel, Kate Hsuan írta:\n>>>> As quantum computing advances, traditional signature algorithms are\n>>>> becoming vulnerable. To ensure long-term data security, this change\n>>>> implements ML-DSA-65, the primary Post-Quantum Cryptography (PQC)\n>>>> standard finalized by NIST. This addition prepares for the transition\n>>>> away from RSA, which is slated for deprecation by 2035.\n>>>>\n>>>> Link: https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria)\n>>>> Link: https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8547.ipd.pdf\n>>>> Signed-off-by: Kate Hsuan \n>>>> ---\n>>>\n>>> One thing that I believe is worth discussing is whether to keep the RSA\n>>> signature at all? I have no checked yet, but if at least the platforms in\n>>> the CI all support the PQ signature, then I think there is not much point\n>>> in keeping RSA?\n>>\n>> If ML-DSA-65 iss supported in all versions of openssl and gnutls shipped\n>> by recent-enough major distributions (that's more or less all the active\n>> LTS), then I think we can ditch RSA.\n> \n> \n> Openssl started to ship PQC in OpenSSL 3.5.0 [8 Apr 2025]\n> https://github.com/openssl/openssl/blob/69e54bee8d89f6703eaeca5f4c8b6a8822161c64/NEWS.md?plain=1#L306\n> gnutls started to ship PQC in release 3.8.9 (released 2025-02-07)\n> https://github.com/gnutls/gnutls/blob/eb55810053382a6fbce7d62d245e98fca659b374/NEWS#L365\n> \n> The latest releases of both gnutls and openssl are available in Fedora 43.\n> PQC can also be found in Ubuntu 26.04 LTS and Debian 13\n> \n> So, Okay, I'll drop RSA in the v3 patch.\n\nI think that will be premature sadly. I believe we want to support\ne.g. debian 12, which does not seem to have openssl 3.5.\n\n\n> \n> \n>>\n>>>> src/libcamera/pub_key.cpp | 53 ++++++++++++++++++++++++++++++++++++---\n>>>> 1 file changed, 50 insertions(+), 3 deletions(-)\n>>>>\n>>>> diff --git a/src/libcamera/pub_key.cpp b/src/libcamera/pub_key.cpp\n>>>> index f1d73a5c..71c1900b 100644\n>>>> --- a/src/libcamera/pub_key.cpp\n>>>> +++ b/src/libcamera/pub_key.cpp\n>>>> @@ -14,8 +14,13 @@\n>>>> #include \n>>>> #elif HAVE_GNUTLS\n>>>> #include \n>>>> +#include \n>>>> #endif\n>>>>\n>>>> +#include \"libcamera/internal/pub_key.h\"\n>>>> +#include \n>>>> +#include \n>>>> +\n>>>> /**\n>>>> * \\file pub_key.h\n>>>> * \\brief Public key signature verification\n>>>> @@ -23,17 +28,24 @@\n>>>>\n>>>> namespace libcamera {\n>>>>\n>>>> +LOG_DEFINE_CATEGORY(PubKey);\n>>>> /**\n>>>> * \\class PubKey\n>>>> * \\brief Public key wrapper for signature verification\n>>>> *\n>>>> * The PubKey class wraps a public key and implements signature verification. It\n>>>> - * only supports RSA keys and the RSA-SHA256 signature algorithm.\n>>>> + * supports RSA keys with the RSA-SHA256 signature algorithm, or ML-DSA-65 keys\n>>>> + * as specified in NIST FIPS 204. The signature algorithm is determined in\n>>>> + * compile time.\n>>>> */\n>>>>\n>>>> /**\n>>>> * \\brief Construct a PubKey from key data\n>>>> * \\param[in] key Key data encoded in DER format\n>>>> + *\n>>>> + * The signature algorithm is determined in the compile\n>>>> + * Supported key types are RSA (verified with RSA-SHA256) and ML-DSA-65\n>>>> + * (verified as ML-DSA-65 according to FIPS 204).\n>>>> */\n>>>> PubKey::PubKey([[maybe_unused]] Span key)\n>>>> : valid_(false)\n>>>> @@ -83,7 +95,8 @@ PubKey::~PubKey()\n>>>> * \\param[in] sig The signature\n>>>> *\n>>>> * Verify that the signature \\a sig matches the signed \\a data for the public\n>>>> - * key. The signture algorithm is hardcoded to RSA-SHA256.\n>>>> + * key. The signature algorithm is determined in compile time. RSA keys use\n>>>> + * RSA-SHA256, while ML-DSA keys use ML-DSA-65 mentioned in FIPS 204.\n>>>> *\n>>>> * \\return True if the signature is valid, false otherwise\n>>>> */\n>>>> @@ -94,6 +107,29 @@ bool PubKey::verify([[maybe_unused]] Span data,\n>>>> return false;\n>>>>\n>>>> #if HAVE_CRYPTO\n>>>> +\n>>>> +#if WITH_PQC\n>>>> + /* ML-DSA */\n>>>> + EVP_MD_CTX *ctx_dsa = EVP_MD_CTX_new();\n>>>\n>>> I think this can be called `ctx` just like for rsa.\n>>>\n>>>\n>>>> + if (!ctx_dsa) {\n>>>> + LOG(PubKey, Error) << \"Initialize context for ML-DSA failed\";\n>>>> + return false;\n>>>> + }\n>>>\n>>> I'd add\n>>>\n>>> utils::scope_exit ctxGuard([&] { EVP_MD_CTX_free(ctx_dsa); });\n>>>\n>>> here and drop the manual calls.\n>>>\n>>>\n>>>> +\n>>>> + if (EVP_DigestVerifyInit(ctx_dsa, nullptr, nullptr, nullptr,\n>>>> + pubkey_) <= 0) {\n>>>> + EVP_MD_CTX_free(ctx_dsa);\n>>>> + LOG(PubKey, Error) << \"Initialize ML-DSA verification failed\";\n>>>> + return false;\n>>>> + }\n>>>> +\n>>>> + int ret = EVP_DigestVerify(ctx_dsa, sig.data(), sig.size(),\n>>>> + data.data(), data.size());\n>>>> + EVP_MD_CTX_free(ctx_dsa);\n>>>> + return ret == 1;\n>>>> +#else\n>>>> + /* RSA with SHA-256 */\n>>>> +\n>>>> /*\n>>>> * Create and initialize a public key algorithm context for signature\n>>>> * verification.\n>>>> @@ -117,7 +153,10 @@ bool PubKey::verify([[maybe_unused]] Span data,\n>>>> int ret = EVP_PKEY_verify(ctx, sig.data(), sig.size(), digest,\n>>>> SHA256_DIGEST_LENGTH);\n>>>> EVP_PKEY_CTX_free(ctx);\n>>>> +\n>>>> return ret == 1;\n>>>> +#endif\n>>>> +\n>>>> #elif HAVE_GNUTLS\n>>>> const gnutls_datum_t gnuTlsData{\n>>>> const_cast(data.data()),\n>>>> @@ -129,9 +168,17 @@ bool PubKey::verify([[maybe_unused]] Span data,\n>>>> static_cast(sig.size())\n>>>> };\n>>>>\n>>>> - int ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_RSA_SHA256, 0,\n>>>> +#if WITH_PQC\n>>>> + int ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_MLDSA65, 0,\n>>>> &gnuTlsData, &gnuTlsSig);\n>>>> +\n>>>> return ret >= 0;\n>>>> +#else\n>>>> + int ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_RSA_SHA256,\n>>>> + 0, &gnuTlsData, &gnuTlsSig);\n>>>> +\n>>>> + return ret >= 0;\n>>>> +#endif\n>>>> #else\n>>>> return false;\n>>>> #endif\n>>\n>> --\n>> Regards,\n>>\n>> Laurent Pinchart\n>>\n> \n>","headers":{"Return-Path":"","X-Original-To":"parsemail@patchwork.libcamera.org","Delivered-To":"parsemail@patchwork.libcamera.org","Received":["from lancelot.ideasonboard.com (lancelot.ideasonboard.com\n\t[92.243.16.209])\n\tby patchwork.libcamera.org (Postfix) with ESMTPS id D891ABE173\n\tfor ;\n\tMon, 4 May 2026 07:49:30 +0000 (UTC)","from lancelot.ideasonboard.com (localhost [IPv6:::1])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTP id 97A7F6301A;\n\tMon, 4 May 2026 09:49:29 +0200 (CEST)","from perceval.ideasonboard.com (perceval.ideasonboard.com\n\t[213.167.242.64])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 27B3A6271A\n\tfor ;\n\tMon, 4 May 2026 09:49:28 +0200 (CEST)","from [192.168.33.78] (185.221.140.217.nat.pool.zt.hu\n\t[185.221.140.217])\n\tby perceval.ideasonboard.com (Postfix) with ESMTPSA id 50E978F;\n\tMon, 4 May 2026 09:49:26 +0200 (CEST)"],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (1024-bit key;\n\tunprotected) header.d=ideasonboard.com header.i=@ideasonboard.com\n\theader.b=\"HVeelmoL\"; dkim-atps=neutral","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;\n\ts=mail; t=1777880966;\n\tbh=IefknCxVoIY3dAJKlFcxUTTtFWqgIBwdTX0Y+TqPtJk=;\n\th=Date:Subject:To:Cc:References:From:In-Reply-To:From;\n\tb=HVeelmoLUVFdW1aPYsjfWL0PkUuVJwmAj3nnoVZMKAwzoymtxx5TQK3DMCUAeUVqV\n\txAaF86pbC5tVN1rHZuBFDXdb8WQtdUzJHOVSF4isRMTs2bgKqwCxZP+gwzkVyC6JRN\n\tWO2N5tWQuTtiIavQuAcA+5uVRsTy2NlxTtdC6CeQ=","Message-ID":"","Date":"Mon, 4 May 2026 09:49:24 +0200","MIME-Version":"1.0","User-Agent":"Mozilla Thunderbird","Subject":"Re: [PATCH v2 1/4] libcamera: pub_key: Add ML-DSA-65 signature\n\talgorithm for PQC compliance","To":"Kate Hsuan ,\n\tLaurent Pinchart ","Cc":"libcamera-devel@lists.libcamera.org","References":"<20260422044736.24717-1-hpa@redhat.com>\n\t<20260422044736.24717-2-hpa@redhat.com>\n\t\n\t<20260429203658.GC132396@killaraus.ideasonboard.com>\n\t","From":"=?utf-8?q?Barnab=C3=A1s_P=C5=91cze?= ","Content-Language":"en-US, hu-HU","In-Reply-To":"","Content-Type":"text/plain; charset=UTF-8; format=flowed","Content-Transfer-Encoding":"8bit","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Errors-To":"libcamera-devel-bounces@lists.libcamera.org","Sender":"\"libcamera-devel\" "}},{"id":38734,"web_url":"https://patchwork.libcamera.org/comment/38734/","msgid":"","date":"2026-05-06T05:16:56","subject":"Re: [PATCH v2 1/4] libcamera: pub_key: Add ML-DSA-65 signature\n\talgorithm for PQC compliance","submitter":{"id":105,"url":"https://patchwork.libcamera.org/api/people/105/","name":"Kate Hsuan","email":"hpa@redhat.com"},"content":"Hi Barnabás,\n\nOn Mon, May 4, 2026 at 3:49 PM Barnabás Pőcze\n wrote:\n>\n> 2026. 05. 04. 5:58 keltezéssel, Kate Hsuan írta:\n> > Hi Laurent,\n> >\n> > On Thu, Apr 30, 2026 at 4:37 AM Laurent Pinchart\n> > wrote:\n> >>\n> >> On Wed, Apr 29, 2026 at 06:56:55PM +0200, Barnabás Pőcze wrote:\n> >>> 2026. 04. 22. 6:47 keltezéssel, Kate Hsuan írta:\n> >>>> As quantum computing advances, traditional signature algorithms are\n> >>>> becoming vulnerable. To ensure long-term data security, this change\n> >>>> implements ML-DSA-65, the primary Post-Quantum Cryptography (PQC)\n> >>>> standard finalized by NIST. This addition prepares for the transition\n> >>>> away from RSA, which is slated for deprecation by 2035.\n> >>>>\n> >>>> Link: https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria)\n> >>>> Link: https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8547.ipd.pdf\n> >>>> Signed-off-by: Kate Hsuan \n> >>>> ---\n> >>>\n> >>> One thing that I believe is worth discussing is whether to keep the RSA\n> >>> signature at all? I have no checked yet, but if at least the platforms in\n> >>> the CI all support the PQ signature, then I think there is not much point\n> >>> in keeping RSA?\n> >>\n> >> If ML-DSA-65 iss supported in all versions of openssl and gnutls shipped\n> >> by recent-enough major distributions (that's more or less all the active\n> >> LTS), then I think we can ditch RSA.\n> >\n> >\n> > Openssl started to ship PQC in OpenSSL 3.5.0 [8 Apr 2025]\n> > https://github.com/openssl/openssl/blob/69e54bee8d89f6703eaeca5f4c8b6a8822161c64/NEWS.md?plain=1#L306\n> > gnutls started to ship PQC in release 3.8.9 (released 2025-02-07)\n> > https://github.com/gnutls/gnutls/blob/eb55810053382a6fbce7d62d245e98fca659b374/NEWS#L365\n> >\n> > The latest releases of both gnutls and openssl are available in Fedora 43.\n> > PQC can also be found in Ubuntu 26.04 LTS and Debian 13\n> >\n> > So, Okay, I'll drop RSA in the v3 patch.\n>\n> I think that will be premature sadly. I believe we want to support\n> e.g. debian 12, which does not seem to have openssl 3.5.\n>\n\nGot it.\nI'll keep RSA in v3. :)\n\n>\n> >\n> >\n> >>\n> >>>> src/libcamera/pub_key.cpp | 53 ++++++++++++++++++++++++++++++++++++---\n> >>>> 1 file changed, 50 insertions(+), 3 deletions(-)\n> >>>>\n> >>>> diff --git a/src/libcamera/pub_key.cpp b/src/libcamera/pub_key.cpp\n> >>>> index f1d73a5c..71c1900b 100644\n> >>>> --- a/src/libcamera/pub_key.cpp\n> >>>> +++ b/src/libcamera/pub_key.cpp\n> >>>> @@ -14,8 +14,13 @@\n> >>>> #include \n> >>>> #elif HAVE_GNUTLS\n> >>>> #include \n> >>>> +#include \n> >>>> #endif\n> >>>>\n> >>>> +#include \"libcamera/internal/pub_key.h\"\n> >>>> +#include \n> >>>> +#include \n> >>>> +\n> >>>> /**\n> >>>> * \\file pub_key.h\n> >>>> * \\brief Public key signature verification\n> >>>> @@ -23,17 +28,24 @@\n> >>>>\n> >>>> namespace libcamera {\n> >>>>\n> >>>> +LOG_DEFINE_CATEGORY(PubKey);\n> >>>> /**\n> >>>> * \\class PubKey\n> >>>> * \\brief Public key wrapper for signature verification\n> >>>> *\n> >>>> * The PubKey class wraps a public key and implements signature verification. It\n> >>>> - * only supports RSA keys and the RSA-SHA256 signature algorithm.\n> >>>> + * supports RSA keys with the RSA-SHA256 signature algorithm, or ML-DSA-65 keys\n> >>>> + * as specified in NIST FIPS 204. The signature algorithm is determined in\n> >>>> + * compile time.\n> >>>> */\n> >>>>\n> >>>> /**\n> >>>> * \\brief Construct a PubKey from key data\n> >>>> * \\param[in] key Key data encoded in DER format\n> >>>> + *\n> >>>> + * The signature algorithm is determined in the compile\n> >>>> + * Supported key types are RSA (verified with RSA-SHA256) and ML-DSA-65\n> >>>> + * (verified as ML-DSA-65 according to FIPS 204).\n> >>>> */\n> >>>> PubKey::PubKey([[maybe_unused]] Span key)\n> >>>> : valid_(false)\n> >>>> @@ -83,7 +95,8 @@ PubKey::~PubKey()\n> >>>> * \\param[in] sig The signature\n> >>>> *\n> >>>> * Verify that the signature \\a sig matches the signed \\a data for the public\n> >>>> - * key. The signture algorithm is hardcoded to RSA-SHA256.\n> >>>> + * key. The signature algorithm is determined in compile time. RSA keys use\n> >>>> + * RSA-SHA256, while ML-DSA keys use ML-DSA-65 mentioned in FIPS 204.\n> >>>> *\n> >>>> * \\return True if the signature is valid, false otherwise\n> >>>> */\n> >>>> @@ -94,6 +107,29 @@ bool PubKey::verify([[maybe_unused]] Span data,\n> >>>> return false;\n> >>>>\n> >>>> #if HAVE_CRYPTO\n> >>>> +\n> >>>> +#if WITH_PQC\n> >>>> + /* ML-DSA */\n> >>>> + EVP_MD_CTX *ctx_dsa = EVP_MD_CTX_new();\n> >>>\n> >>> I think this can be called `ctx` just like for rsa.\n> >>>\n> >>>\n> >>>> + if (!ctx_dsa) {\n> >>>> + LOG(PubKey, Error) << \"Initialize context for ML-DSA failed\";\n> >>>> + return false;\n> >>>> + }\n> >>>\n> >>> I'd add\n> >>>\n> >>> utils::scope_exit ctxGuard([&] { EVP_MD_CTX_free(ctx_dsa); });\n> >>>\n> >>> here and drop the manual calls.\n> >>>\n> >>>\n> >>>> +\n> >>>> + if (EVP_DigestVerifyInit(ctx_dsa, nullptr, nullptr, nullptr,\n> >>>> + pubkey_) <= 0) {\n> >>>> + EVP_MD_CTX_free(ctx_dsa);\n> >>>> + LOG(PubKey, Error) << \"Initialize ML-DSA verification failed\";\n> >>>> + return false;\n> >>>> + }\n> >>>> +\n> >>>> + int ret = EVP_DigestVerify(ctx_dsa, sig.data(), sig.size(),\n> >>>> + data.data(), data.size());\n> >>>> + EVP_MD_CTX_free(ctx_dsa);\n> >>>> + return ret == 1;\n> >>>> +#else\n> >>>> + /* RSA with SHA-256 */\n> >>>> +\n> >>>> /*\n> >>>> * Create and initialize a public key algorithm context for signature\n> >>>> * verification.\n> >>>> @@ -117,7 +153,10 @@ bool PubKey::verify([[maybe_unused]] Span data,\n> >>>> int ret = EVP_PKEY_verify(ctx, sig.data(), sig.size(), digest,\n> >>>> SHA256_DIGEST_LENGTH);\n> >>>> EVP_PKEY_CTX_free(ctx);\n> >>>> +\n> >>>> return ret == 1;\n> >>>> +#endif\n> >>>> +\n> >>>> #elif HAVE_GNUTLS\n> >>>> const gnutls_datum_t gnuTlsData{\n> >>>> const_cast(data.data()),\n> >>>> @@ -129,9 +168,17 @@ bool PubKey::verify([[maybe_unused]] Span data,\n> >>>> static_cast(sig.size())\n> >>>> };\n> >>>>\n> >>>> - int ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_RSA_SHA256, 0,\n> >>>> +#if WITH_PQC\n> >>>> + int ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_MLDSA65, 0,\n> >>>> &gnuTlsData, &gnuTlsSig);\n> >>>> +\n> >>>> return ret >= 0;\n> >>>> +#else\n> >>>> + int ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_RSA_SHA256,\n> >>>> + 0, &gnuTlsData, &gnuTlsSig);\n> >>>> +\n> >>>> + return ret >= 0;\n> >>>> +#endif\n> >>>> #else\n> >>>> return false;\n> >>>> #endif\n> >>\n> >> --\n> >> Regards,\n> >>\n> >> Laurent Pinchart\n> >>\n> >\n> >\n>","headers":{"Return-Path":"","X-Original-To":"parsemail@patchwork.libcamera.org","Delivered-To":"parsemail@patchwork.libcamera.org","Received":["from lancelot.ideasonboard.com (lancelot.ideasonboard.com\n\t[92.243.16.209])\n\tby patchwork.libcamera.org (Postfix) with ESMTPS id AAFA3BDCB5\n\tfor ;\n\tWed, 6 May 2026 05:17:15 +0000 (UTC)","from lancelot.ideasonboard.com (localhost [IPv6:::1])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTP id 751996301E;\n\tWed, 6 May 2026 07:17:14 +0200 (CEST)","from us-smtp-delivery-124.mimecast.com\n\t(us-smtp-delivery-124.mimecast.com [170.10.129.124])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id B664B62E9D\n\tfor ;\n\tWed, 6 May 2026 07:17:12 +0200 (CEST)","from mail-oi1-f199.google.com (mail-oi1-f199.google.com\n\t[209.85.167.199]) by relay.mimecast.com with ESMTP with STARTTLS\n\t(version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id\n\tus-mta-65-fGntIKjAPMiGpebnmSGpZw-1; Wed, 06 May 2026 01:17:10 -0400","by mail-oi1-f199.google.com with SMTP id\n\t5614622812f47-4793e70895cso7455671b6e.2\n\tfor ;\n\tTue, 05 May 2026 22:17:09 -0700 (PDT)"],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (1024-bit key;\n\tunprotected) header.d=redhat.com header.i=@redhat.com\n\theader.b=\"NH7mXslE\"; dkim-atps=neutral","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n\ts=mimecast20190719; t=1778044631;\n\th=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n\tto:to:cc:cc:mime-version:mime-version:content-type:content-type:\n\tcontent-transfer-encoding:content-transfer-encoding:\n\tin-reply-to:in-reply-to:references:references;\n\tbh=IL0A7kEj2uh0+emT96YLAa4ixvSrXn9RoGr3fv9TvEQ=;\n\tb=NH7mXslEupSNWrK+2/nUKDmHxIg3XTWv1Szc1ZsD0/adGbbg3JppucIKurxpZKRC5aJgap\n\t1Js6ycIBNWEJPhC9W66wznJU/PN89f6eyVknMucv6iTwkw2TfZt06QGfTh58abxswVqqb/\n\tob+9qzn3idnNqAkJdkd3sUomav/cpXI=","X-MC-Unique":"fGntIKjAPMiGpebnmSGpZw-1","X-Mimecast-MFC-AGG-ID":"fGntIKjAPMiGpebnmSGpZw_1778044629","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20251104; t=1778044629; x=1778649429;\n\th=content-transfer-encoding:cc:to:subject:message-id:date:from\n\t:in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from\n\t:to:cc:subject:date:message-id:reply-to;\n\tbh=IL0A7kEj2uh0+emT96YLAa4ixvSrXn9RoGr3fv9TvEQ=;\n\tb=K6II/uU6j3Ezuy8U+zZNMTKRam6/fUEmPItX1kCf7JY6y5YUDE+UaczI0jvp8/8u2o\n\tFyYTRZnL8dWWfWVgG+VH9K1rIqvNXtdYfXd9/4ZC7q/Q0roGlhGHsS0T0nWJMyZL35GE\n\tZHYZ/rxrF4XmpU5weIO8x2yYLWHwvPX2fAnO+b+SeJMOugJ/tP2Gn1xA8ulQl1WG5vAv\n\t8blZ6eWFopv1r9DlH58+OQ3iRKGsZQrhuZW+1TU+aT4LrTlEOx8IAIZ4Qx2I9rEFcPlT\n\tQMW7dXR7NJ04GlvWs6LjVGpyeLfW0QHQ9pOnAQcaezpLRP2EeJWsLjIvVLo1DVY3yUEq\n\txLyA==","X-Forwarded-Encrypted":"i=1;\n\tAFNElJ8Mpb4JMgpUQLnHOKmJDzsf82d+nI14IcaZGo9aa/P7YJzmiN6UCqlGjQ+h2ZQz1ADBTL9646+bWXWzAyTFgDE=@lists.libcamera.org","X-Gm-Message-State":"AOJu0YzdyPqy7Ks4lTkYHTpYA/pGKoWaA1ZnPDY8AqL9aqcHJSLPrA9Q\n\tGO2d1Anon+X1JsyUrIAtvrAC8hoHV0r5ibxeqWeOD7q1DgHujIGrCtqytsVVOsEM+EGl2lcwF9u\n\t4wKr8yxukpupHSEEcxT/2iRgX6WPTyn2O+uQhLAO0ogZQDteE7i5mIoBNXVab1TINgUed1WQFLB\n\tDjTXsusePsrQFQcooO8of+yEn4OfzmyYr32iMrzwvq6PuYqWO3iQ==","X-Gm-Gg":"AeBDies/HsR32eDN3ACCRR3aDdhJr7qgL/wKKZgLsl+z254vd24MtkWuEsIfEwpulK6\n\tkvbrIkRXwwRiM9+d+fUWfWodjG/aiYUxjwSXXrGUKwcGrKAYVtNEx9ivtsMZSoD+hPNk92BlJnj\n\t52RK6ba72u8sSsyMO5vmyJHpJJMXMuTXL0hvkV2NjqIuu4DnsWnWcxm3sAuF6K1GhpPy81P08F4\n\tsJIKC/S6//R0OM=","X-Received":["by 2002:a05:6808:30a5:b0:479:e7c7:dc76 with SMTP id\n\t5614622812f47-4804230c127mr1197991b6e.26.1778044629049; \n\tTue, 05 May 2026 22:17:09 -0700 (PDT)","by 2002:a05:6808:30a5:b0:479:e7c7:dc76 with SMTP id\n\t5614622812f47-4804230c127mr1197974b6e.26.1778044628534;\n\tTue, 05 May 2026 22:17:08 -0700 (PDT)"],"MIME-Version":"1.0","References":"<20260422044736.24717-1-hpa@redhat.com>\n\t<20260422044736.24717-2-hpa@redhat.com>\n\t\n\t<20260429203658.GC132396@killaraus.ideasonboard.com>\n\t\n\t","In-Reply-To":"","From":"Kate Hsuan ","Date":"Wed, 6 May 2026 13:16:56 +0800","X-Gm-Features":"AVHnY4K-w8EdDM5FnXt0AyH7wkmflRPRfaVhwrhLl1YY889ngm5Vm7YJ8SbePDo","Message-ID":"","Subject":"Re: [PATCH v2 1/4] libcamera: pub_key: Add ML-DSA-65 signature\n\talgorithm for PQC compliance","To":"=?utf-8?q?Barnab=C3=A1s_P=C5=91cze?= ","Cc":"Laurent Pinchart ,\n\tlibcamera-devel@lists.libcamera.org","X-Mimecast-Spam-Score":"0","X-Mimecast-MFC-PROC-ID":"NdB-qBaJYsUgrwk0tbJ-DFlxEoSX-EuH7fISaFqvKVA_1778044629","X-Mimecast-Originator":"redhat.com","Content-Type":"text/plain; charset=\"UTF-8\"","Content-Transfer-Encoding":"quoted-printable","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Errors-To":"libcamera-devel-bounces@lists.libcamera.org","Sender":"\"libcamera-devel\" "}}]