Conversation
aarongable
changed the title
aarongable
force-pushed
the
mldsa-chains
branch
from
89fd2e5 to
086d2f5
Compare
Forking individual package from Go's standard library is almost impossible, I tried. See the reason here. As I already mentioned in golang/go#64537, check out AgiliGo. |
|
Should this use assembly for the ML-DSA operations to prevent side-channel attacks? Or is that not an issue because production users will use an HSM? |
Pebble is not intended for production use; as documented in its README and as demonstrated by the fact that it generates its signing keys on startup and forgets them on shutdown, it is intended for testing and development use only. It's fine if its signing operations are not constant-time. |
aarongable
force-pushed
the
mldsa-chains
branch
3 times, most recently
from
ab5e064 to
858633f
Compare
aarongable
force-pushed
the
mldsa-chains
branch
from
858633f to
494da50
Compare
3 participants
Add support for using ML-DSA-65 to generate Pebble's root and intermediate keys and certificates.
This uses Cloudflare's "circl" library to handle generating ML-DSA keys, serializing pubkeys, and generating signatures. Specifically, it uses the
mldsa44,mldsa65, andmldsa87packages, as well as the abstractions provided by thesignandpkipackages:However, the Go stdlib crypto/x509 package does not support using these keys. Although they implement the crypto.Signer interface, the x509 package also needs to be able to map keys to PublicKeyAlgorithm and SignatureAlgorithm OIDs, and does not provide any hooks for crypto.Signers to provide that information. As such, this PR also forks the relevant portions of crypto/x509 (MarshalPKIXPublicKey, CreateCertificate, and ParseCertificate), strips them down to their bare bones, and then adds support for ML-DSA.