{"id":26774,"url":"https://patchwork.libcamera.org/api/patches/26774/?format=json","web_url":"https://patchwork.libcamera.org/patch/26774/","project":{"id":1,"url":"https://patchwork.libcamera.org/api/projects/1/?format=json","name":"libcamera","link_name":"libcamera","list_id":"libcamera_core","list_email":"libcamera-devel@lists.libcamera.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260519030020.408693-2-hpa@redhat.com>","date":"2026-05-19T03:00:17","name":"[v3,1/4] libcamera: pub_key: Add ML-DSA-65 signature algorithm for PQC compliance","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"f65da659f20489bd2b7844179d053494ba06dde3","submitter":{"id":105,"url":"https://patchwork.libcamera.org/api/people/105/?format=json","name":"Kate Hsuan","email":"hpa@redhat.com"},"delegate":null,"mbox":"https://patchwork.libcamera.org/patch/26774/mbox/","series":[{"id":5954,"url":"https://patchwork.libcamera.org/api/series/5954/?format=json","web_url":"https://patchwork.libcamera.org/project/libcamera/list/?series=5954","date":"2026-05-19T03:00:16","name":"Implement ML-DSA-65 for Post-Quantum Cryptographic compliance","version":3,"mbox":"https://patchwork.libcamera.org/series/5954/mbox/"}],"comments":"https://patchwork.libcamera.org/api/patches/26774/comments/","check":"pending","checks":"https://patchwork.libcamera.org/api/patches/26774/checks/","tags":{},"headers":{"Return-Path":"<libcamera-devel-bounces@lists.libcamera.org>","X-Original-To":"parsemail@patchwork.libcamera.org","Delivered-To":"parsemail@patchwork.libcamera.org","Received":["from lancelot.ideasonboard.com (lancelot.ideasonboard.com\n\t[92.243.16.209])\n\tby patchwork.libcamera.org (Postfix) with ESMTPS id 5F92EBDCBC\n\tfor <parsemail@patchwork.libcamera.org>;\n\tTue, 19 May 2026 03:00:59 +0000 (UTC)","from lancelot.ideasonboard.com (localhost [IPv6:::1])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTP id 1A8AC63026;\n\tTue, 19 May 2026 05:00:59 +0200 (CEST)","from us-smtp-delivery-124.mimecast.com\n\t(us-smtp-delivery-124.mimecast.com [170.10.129.124])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 79C7462FD3\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tTue, 19 May 2026 05:00:56 +0200 (CEST)","from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com\n\t(ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97])\n\tby relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,\n\tcipher=TLS_AES_256_GCM_SHA384) id us-mta-179-LMD5x-BBOFmOyfx-JLV5Bg-1;\n\tMon, 18 May 2026 23:00:52 -0400","from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com\n\t(mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com\n\t[10.30.177.12])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\tkey-exchange X25519 server-signature RSA-PSS (2048 bits)\n\tserver-digest SHA256) (No client certificate requested)\n\tby mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix)\n\twith ESMTPS id 9E73018005B5; Tue, 19 May 2026 03:00:50 +0000 (UTC)","from fedora.redhat.com (unknown [10.67.32.77])\n\tby mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix)\n\twith ESMTP id C1BEE19560A3; Tue, 19 May 2026 03:00:47 +0000 (UTC)"],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (1024-bit key;\n\tunprotected) header.d=redhat.com header.i=@redhat.com\n\theader.b=\"fBAChDJ0\"; dkim-atps=neutral","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n\ts=mimecast20190719; t=1779159655;\n\th=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n\tto:to:cc:cc:mime-version:mime-version:content-type:content-type:\n\tcontent-transfer-encoding:content-transfer-encoding:\n\tin-reply-to:in-reply-to:references:references;\n\tbh=kGEF3sM7icJvnMPus+uLSNaGiEhUBcAWjw8M6GKMKKs=;\n\tb=fBAChDJ03Y1MBfL0z+cZWQ7xgLQeFbYcn9ghe+mXBvRoyYisPaIm+0ITkvTBCNqk34da+n\n\t0c5DIKKI2ZuN1PzIl80PGRenvUdIwcwBM2+NGZb9r0vwvUwhRVmcgVqc2CYobVzmRU8gt2\n\tkdfvOnwO1Il2oc0H6aMX0Ag3LwCfMOo=","X-MC-Unique":"LMD5x-BBOFmOyfx-JLV5Bg-1","X-Mimecast-MFC-AGG-ID":"LMD5x-BBOFmOyfx-JLV5Bg_1779159651","From":"Kate Hsuan <hpa@redhat.com>","To":"libcamera-devel@lists.libcamera.org, =?utf-8?b?QmFybmFiw6FzIFDFkWN6?=\n\t=?utf-8?q?e?= <barnabas.pocze@ideasonboard.com>, Kieran Bingham\n\t<kieran.bingham@ideasonboard.com>","Cc":"Kate Hsuan <hpa@redhat.com>","Subject":"[PATCH v3 1/4] libcamera: pub_key: Add ML-DSA-65 signature algorithm\n\tfor PQC compliance","Date":"Tue, 19 May 2026 11:00:17 +0800","Message-ID":"<20260519030020.408693-2-hpa@redhat.com>","In-Reply-To":"<20260519030020.408693-1-hpa@redhat.com>","References":"<20260519030020.408693-1-hpa@redhat.com>","MIME-Version":"1.0","X-Scanned-By":"MIMEDefang 3.0 on 10.30.177.12","X-Mimecast-Spam-Score":"0","X-Mimecast-MFC-PROC-ID":"BfFmL7rkbYpSL7jaaYN8lJSFDEzBb4Nn-paFQX-gf6s_1779159651","X-Mimecast-Originator":"redhat.com","Content-Transfer-Encoding":"8bit","content-type":"text/plain; charset=\"US-ASCII\"; x-default=true","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"<libcamera-devel.lists.libcamera.org>","List-Unsubscribe":"<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>","List-Archive":"<https://lists.libcamera.org/pipermail/libcamera-devel/>","List-Post":"<mailto:libcamera-devel@lists.libcamera.org>","List-Help":"<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>","List-Subscribe":"<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>","Errors-To":"libcamera-devel-bounces@lists.libcamera.org","Sender":"\"libcamera-devel\" <libcamera-devel-bounces@lists.libcamera.org>"},"content":"As quantum computing advances, traditional signature algorithms are\nbecoming vulnerable. To ensure long-term data security, this change\nimplements ML-DSA-65, the primary Post-Quantum Cryptography (PQC)\nstandard finalized by NIST. This addition prepares for the transition\naway from RSA, which is slated for deprecation by 2035.\n\nLink: https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria)\nLink: https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8547.ipd.pdf\nSigned-off-by: Kate Hsuan <hpa@redhat.com>\n\n../src/libcamera/pub_key.cpp fix\n---\n src/libcamera/pub_key.cpp | 48 ++++++++++++++++++++++++++++++++++++---\n 1 file changed, 45 insertions(+), 3 deletions(-)","diff":"diff --git a/src/libcamera/pub_key.cpp b/src/libcamera/pub_key.cpp\nindex f1d73a5c..a169cf7a 100644\n--- a/src/libcamera/pub_key.cpp\n+++ b/src/libcamera/pub_key.cpp\n@@ -14,8 +14,13 @@\n #include <openssl/x509.h>\n #elif HAVE_GNUTLS\n #include <gnutls/abstract.h>\n+#include <gnutls/gnutls.h>\n #endif\n \n+#include \"libcamera/internal/pub_key.h\"\n+#include <libcamera/base/log.h>\n+#include <libcamera/base/utils.h>\n+\n /**\n  * \\file pub_key.h\n  * \\brief Public key signature verification\n@@ -28,12 +33,18 @@ namespace libcamera {\n  * \\brief Public key wrapper for signature verification\n  *\n  * The PubKey class wraps a public key and implements signature verification. It\n- * only supports RSA keys and the RSA-SHA256 signature algorithm.\n+ * supports RSA keys with the RSA-SHA256 signature algorithm, or ML-DSA-65 keys\n+ * as specified in NIST FIPS 204. The signature algorithm is determined in\n+ * compile time.\n  */\n \n /**\n  * \\brief Construct a PubKey from key data\n  * \\param[in] key Key data encoded in DER format\n+ *\n+ * The signature algorithm is determined in the compile\n+ * Supported key types are RSA (verified with RSA-SHA256) and ML-DSA-65\n+ * (verified as ML-DSA-65 according to FIPS 204).\n  */\n PubKey::PubKey([[maybe_unused]] Span<const uint8_t> key)\n \t: valid_(false)\n@@ -83,7 +94,8 @@ PubKey::~PubKey()\n  * \\param[in] sig The signature\n  *\n  * Verify that the signature \\a sig matches the signed \\a data for the public\n- * key. The signture algorithm is hardcoded to RSA-SHA256.\n+ * key. The signature algorithm is determined in compile time. RSA keys use\n+ * RSA-SHA256, while ML-DSA keys use ML-DSA-65 mentioned in FIPS 204.\n  *\n  * \\return True if the signature is valid, false otherwise\n  */\n@@ -94,6 +106,25 @@ bool PubKey::verify([[maybe_unused]] Span<const uint8_t> data,\n \t\treturn false;\n \n #if HAVE_CRYPTO\n+\n+#if WITH_PQC\n+\t/* ML-DSA */\n+\tEVP_MD_CTX *ctx = EVP_MD_CTX_new();\n+\tif (!ctx)\n+\t\treturn false;\n+\n+\tutils::scope_exit ctxGuard([&] { EVP_MD_CTX_free(ctx); });\n+\n+\tif (EVP_DigestVerifyInit(ctx, nullptr, nullptr, nullptr,\n+\t\t\t\t pubkey_) <= 0) {\n+\t\treturn false;\n+\n+\tint ret = EVP_DigestVerify(ctx, sig.data(), sig.size(),\n+\t\t\t\t   data.data(), data.size());\n+\treturn ret == 1;\n+#else\n+\t/* RSA with SHA-256 */\n+\n \t/*\n \t * Create and initialize a public key algorithm context for signature\n \t * verification.\n@@ -117,7 +148,10 @@ bool PubKey::verify([[maybe_unused]] Span<const uint8_t> data,\n \tint ret = EVP_PKEY_verify(ctx, sig.data(), sig.size(), digest,\n \t\t\t\t  SHA256_DIGEST_LENGTH);\n \tEVP_PKEY_CTX_free(ctx);\n+\n \treturn ret == 1;\n+#endif\n+\n #elif HAVE_GNUTLS\n \tconst gnutls_datum_t gnuTlsData{\n \t\tconst_cast<unsigned char *>(data.data()),\n@@ -129,9 +163,17 @@ bool PubKey::verify([[maybe_unused]] Span<const uint8_t> data,\n \t\tstatic_cast<unsigned int>(sig.size())\n \t};\n \n-\tint ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_RSA_SHA256, 0,\n+#if WITH_PQC\n+\tint ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_MLDSA65, 0,\n \t\t\t\t\t     &gnuTlsData, &gnuTlsSig);\n+\n \treturn ret >= 0;\n+#else\n+\tint ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_RSA_SHA256,\n+\t\t\t\t\t     0, &gnuTlsData, &gnuTlsSig);\n+\n+\treturn ret >= 0;\n+#endif\n #else\n \treturn false;\n #endif\n","prefixes":["v3","1/4"]}