Feature/mldsa cert generation 669#670
Open
netanmangal wants to merge 5 commits into
Open
Conversation
Add the -mldsa flag parallel to the existing -ecdsa flag, including mutual exclusion validation and CSR conflict checking. The flag will enable ML-DSA-65 (FIPS 204) key generation for both root CA and leaf certificates. Ref: FiloSottile#669 Signed-off-by: netanmangal <imnetanmangal@gmail.com>
Introduce mldsa_go127.go (using crypto/mldsa from Go 1.27 stdlib) and mldsa_nogo127.go (stub returning clear errors) to support ML-DSA key generation without breaking builds on older Go versions. The Go 1.27 path uses crypto/mldsa.MLDSA65 (FIPS 204) for key generation and delegates to the stdlib x509 package for marshaling, which gained native ML-DSA support in that release. Ref: FiloSottile#669 Signed-off-by: netanmangal <imnetanmangal@gmail.com>
Integrate ML-DSA-65 into generateKey(), makeCert(), and newCA(): - generateKey() delegates to generateMLDSAKey() when -mldsa is set, with a build-time guard that fatals on Go < 1.27 - makeCert() sets KeyUsage to DigitalSignature only (ML-DSA cannot do key encipherment) and rejects the -pkcs12 + -mldsa combination since PKCS#12 libraries do not support post-quantum keys - newCA() and loadCA() work unchanged because Go 1.27's x509 package natively handles ML-DSA in CreateCertificate, MarshalPKCS8PrivateKey, and ParsePKCS8PrivateKey Ref: FiloSottile#669 Signed-off-by: netanmangal <imnetanmangal@gmail.com>
Test coverage for the ML-DSA-65 code path (guarded by //go:build go1.27): - TestGenerateMLDSAKey: key generation produces *mldsa.PrivateKey for both leaf and root CA modes - TestMLDSARootCA: root CA creation writes valid ML-DSA cert and key - TestMLDSALeafCert: leaf cert is ML-DSA, signed by ML-DSA CA, verifies successfully, has correct KeyUsage (no KeyEncipherment) - TestMLDSALoadCA: round-trip create/load preserves ML-DSA key types - TestMLDSANotECDSA: mldsa flag takes precedence correctly - TestECDSAStillWorks, TestRSAStillWorks: no regressions Ref: FiloSottile#669 Signed-off-by: netanmangal <imnetanmangal@gmail.com>
The Go 1.27 stdlib x509 package natively handles ML-DSA keys in MarshalPKCS8PrivateKey, ParsePKCS8PrivateKey, MarshalPKIXPublicKey, and CreateCertificate. The wrapper functions (marshalMLDSAPrivateKey, marshalMLDSAPublicKey, parseMLDSAPrivateKey, isMLDSAKey, etc.) are unnecessary since cert.go's existing x509 calls work transparently with ML-DSA keys on Go 1.27. Keep only generateMLDSAKey() and the mldsaSupported constant. Ref: FiloSottile#669 Signed-off-by: netanmangal <imnetanmangal@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add
--mldsaflag for generating ML-DSA (FIPS 204) development certificates.Relates to #669
Design:
mldsa_go127.go(Go 1.27+): Usescrypto/mldsanatively.x509.CreateCertificatehandles ML-DSA directly — no custom ASN.1.mldsa_nogo127.go(Go < 1.27): Returns clear error.mldsaSupported = false.go.modunchanged.--ecdsa+--mldsamutual exclusion enforced.--mldsa --pkcs12rejected (PKCS#12 can't encode PQ keys).KeyUsage: DigitalSignatureonly (noKeyEncipherment).mldsa_test.go(223 lines): 7 tests — key generation, root CA, leaf cert + chain verification, CA reload, flag precedence, RSA/ECDSA regression. Verified viaopenssl x509 -text:Signature Algorithm: ML-DSA-65.