Draft 13 of Composite ML-DSA #120961
Merged
Draft 13 of Composite ML-DSA #120961
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones |
PranavSenthilnathan
changed the title
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR updates the implementation to conform to draft 13 of the Composite ML-DSA specification. The changes primarily involve updating OID values and standardizing domain separator strings for ECDSA variants.
Key Changes:
- Updated all 18 Composite ML-DSA algorithm OIDs from the draft 12 range to the draft 13 standardized range
- Standardized ECDSA variant domain separator strings to explicitly include "ECDSA" in their names
Reviewed Changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| src/libraries/Common/src/System/Security/Cryptography/Oids.cs | Updated all 18 Composite ML-DSA OID constants from 2.16.840.1.114027.80.9.1.* to 1.3.6.1.5.5.7.6.* range (37-54) |
| src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/CompositeMLDsa/CompositeMLDsaTestHelpers.cs | Updated test helper OID mappings to match the new OID values in Oids.cs |
| src/libraries/Common/src/System/Security/Cryptography/CompositeMLDsaManaged.cs | Updated 6 ECDSA variant domain separator strings to include "ECDSA" for clarity and consistency with draft 13 |
Member
Author
|
@bartonjs this is ready to review |
This was referenced Nov 12, 2025
Open
bartonjs
approved these changes
Nov 12, 2025
Member
Author
|
/ba-g android timeouts |
Copilot AI
pushed a commit
that referenced
this pull request
Nov 13, 2025
Update to draft 13 of Composite ML-DSA. Changelog: lamps-wg/draft-composite-sigs@draft-ietf-lamps-pq-composite-sigs-12...main
artl93
pushed a commit
that referenced
this pull request
Nov 14, 2025
…0961) (#121555) Backport of #120601 and #120961 to release/10.0 # Description Backports Draft 12 and Draft 13 spec changes for Composite ML-DSA. This PR combines two related updates: **Draft 12 changes (#120601):** - Mandate parameters field in ECPrivateKey (previously omitted) - `CompositeMLDsaAlgorithm.cs`: Calculate parameters field size for EC curves (P256/P384/P521/brainpool variants) - `CompositeMLDsaManaged.ECDsa.cs`: Validate parameters presence and curve match; write parameters with context-specific tag [0] - `CompositeMLDsaManaged.cs`: Update spec references from draft-08 to draft-12 - Test updates: Add validation for wrong/missing/implicit/explicit curves; update expected key sizes per spec Table 4 **Draft 13 changes (#120961):** - Update OIDs from experimental range (2.16.840.1.114027.80.9.1.*) to official IANA-assigned range (1.3.6.1.5.5.7.6.*) - `Oids.cs`: Update all Composite ML-DSA OID constants to new range - `CompositeMLDsaManaged.cs`: Add "ECDSA" to domain separation strings (e.g., "COMPSIG-MLDSA65-P256-SHA512" → "COMPSIG-MLDSA65-ECDSA-P256-SHA512") - Test data and helpers: Update to reflect new OIDs and domain strings # Customer Impact Without these fixes, Composite ML-DSA keys generated in .NET 10 would not conform to Draft 12 and Draft 13 of the IETF spec, causing interoperability failures with other implementations following the updated standards. # Regression No. This updates implementation to match spec evolution from Draft 8 to Draft 13. # Testing All 1,015 CompositeMLDsa tests pass. Added test coverage for: - Wrong curve OID rejection - Missing parameters rejection - Implicit curve parameters rejection - Explicit curve parameters rejection - Correct parameter serialization for all supported curves - New OID and domain string validation # Risk Low. Changes are confined to Composite ML-DSA implementation (preview feature). Validates existing behavior is maintained while adding required spec compliance. Breaking changes are intentional and necessary for spec conformance. <!-- START COPILOT CODING AGENT TIPS --> --- ✨ Let Copilot coding agent [set things up for you](https://github.com/dotnet/runtime/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot) — coding agent works faster and does higher quality work when set up for your repo. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Pranav Senthilnathan <pranas@microsoft.com> Co-authored-by: Kevin Jones <vcsjones@github.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update to draft 13 of Composite ML-DSA.
Changelog: lamps-wg/draft-composite-sigs@draft-ietf-lamps-pq-composite-sigs-12...main