Add ML-DSA-44 support alongside existing ML-DSA-65

Extend the ML-DSA module to support the ML-DSA-44 parameter set (FIPS 204
security level 2), following the MlDsaVariant enum and parameterized test
patterns established on main.

- MlDsaVariant enum: add MlDsa44 with NID, public key size, sign/verify FFI
- X.509: ML-DSA-44 OID (2.16.840.1.101.3.4.3.17) and AlgorithmParameters
- Key parsing: PKCS#8 and SPKI support using MlDsaVariant::from_pkey dispatch
- Python API: MlDsa44PrivateKey/MlDsa44PublicKey with generate_mldsa44_key,
  from_mldsa44_seed_bytes, from_mldsa44_public_bytes barrier functions
- Tests: ML-DSA-44 added to parameterized ML_DSA_VARIANTS, KAT vectors,
  and wycheproof tests
- Docs: complete API documentation for both variants

https://claude.ai/code/session_01GaM5UZrNWJvnptDHvFNBWg

Author: claude

CHANGELOG.rst

@@ -90,7 +90,7 @@ Changelog
 * Added :doc:`/hazmat/primitives/hpke` support implementing :rfc:`9180` for
   hybrid authenticated encryption.
 * Added new :doc:`/hazmat/primitives/asymmetric/mldsa` module with
-  support for ML-DSA-65 signing and verification with the AWS-LC backend.
+  support for ML-DSA signing and verification with the AWS-LC backend.
 
 .. _v46-0-6:
 

docs/hazmat/primitives/asymmetric/mldsa.rst

@@ -14,8 +14,8 @@ Signing & Verification
 .. doctest::
     :skipif: not _backend.mldsa_supported()
 
-    >>> from cryptography.hazmat.primitives.asymmetric.mldsa import MlDsa65PrivateKey
-    >>> private_key = MlDsa65PrivateKey.generate()
+    >>> from cryptography.hazmat.primitives.asymmetric.mldsa import MlDsa44PrivateKey
+    >>> private_key = MlDsa44PrivateKey.generate()
     >>> signature = private_key.sign(b"my authenticated message")
     >>> public_key = private_key.public_key()
     >>> public_key.verify(signature, b"my authenticated message")
@@ -30,8 +30,8 @@ different contexts or protocols.
 .. doctest::
     :skipif: not _backend.mldsa_supported()
 
-    >>> from cryptography.hazmat.primitives.asymmetric.mldsa import MlDsa65PrivateKey
-    >>> private_key = MlDsa65PrivateKey.generate()
+    >>> from cryptography.hazmat.primitives.asymmetric.mldsa import MlDsa44PrivateKey
+    >>> private_key = MlDsa44PrivateKey.generate()
     >>> context = b"email-signature-v1"
     >>> signature = private_key.sign(b"my authenticated message", context)
     >>> public_key = private_key.public_key()
@@ -41,6 +41,192 @@ different contexts or protocols.
 Key interfaces
 ~~~~~~~~~~~~~~
 
+.. class:: MlDsa44PrivateKey
+
+    .. versionadded:: 47.0
+
+    .. classmethod:: generate()
+
+        Generate an ML-DSA-44 private key.
+
+        :returns: :class:`MlDsa44PrivateKey`
+
+        :raises cryptography.exceptions.UnsupportedAlgorithm: If ML-DSA-44 is
+            not supported by the backend ``cryptography`` is using.
+
+    .. classmethod:: from_seed_bytes(data)
+
+        Load an ML-DSA-44 private key from seed bytes.
+
+        :param data: 32 byte seed.
+        :type data: :term:`bytes-like`
+
+        :returns: :class:`MlDsa44PrivateKey`
+
+        :raises ValueError: If the seed is not 32 bytes.
+
+        :raises cryptography.exceptions.UnsupportedAlgorithm: If ML-DSA-44 is
+            not supported by the backend ``cryptography`` is using.
+
+        .. doctest::
+            :skipif: not _backend.mldsa_supported()
+
+            >>> from cryptography.hazmat.primitives.asymmetric import mldsa
+            >>> private_key = mldsa.MlDsa44PrivateKey.generate()
+            >>> seed = private_key.private_bytes_raw()
+            >>> same_key = mldsa.MlDsa44PrivateKey.from_seed_bytes(seed)
+
+    .. method:: public_key()
+
+        :returns: :class:`MlDsa44PublicKey`
+
+    .. method:: sign(data, context=None)
+
+        Sign the data using ML-DSA-44. An optional context string can be
+        provided.
+
+        :param data: The data to sign.
+        :type data: :term:`bytes-like`
+
+        :param context: An optional context string (up to 255 bytes).
+        :type context: :term:`bytes-like` or ``None``
+
+        :returns bytes: The signature (2420 bytes).
+
+        :raises ValueError: If the context is longer than 255 bytes.
+
+    .. method:: private_bytes(encoding, format, encryption_algorithm)
+
+        Allows serialization of the key to bytes. Encoding (
+        :attr:`~cryptography.hazmat.primitives.serialization.Encoding.PEM`,
+        :attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER`, or
+        :attr:`~cryptography.hazmat.primitives.serialization.Encoding.Raw`) and
+        format (
+        :attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.PKCS8`
+        or
+        :attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.Raw`
+        ) are chosen to define the exact serialization.
+
+        This method only returns the serialization of the seed form of the
+        private key, never the expanded one.
+
+        :param encoding: A value from the
+            :class:`~cryptography.hazmat.primitives.serialization.Encoding` enum.
+
+        :param format: A value from the
+            :class:`~cryptography.hazmat.primitives.serialization.PrivateFormat`
+            enum. If the ``encoding`` is
+            :attr:`~cryptography.hazmat.primitives.serialization.Encoding.Raw`
+            then ``format`` must be
+            :attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.Raw`
+            , otherwise it must be
+            :attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.PKCS8`.
+
+        :param encryption_algorithm: An instance of an object conforming to the
+            :class:`~cryptography.hazmat.primitives.serialization.KeySerializationEncryption`
+            interface.
+
+        :return bytes: Serialized key.
+
+    .. method:: private_bytes_raw()
+
+        Allows serialization of the key to raw bytes. This method is a
+        convenience shortcut for calling :meth:`private_bytes` with
+        :attr:`~cryptography.hazmat.primitives.serialization.Encoding.Raw`
+        encoding,
+        :attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.Raw`
+        format, and
+        :class:`~cryptography.hazmat.primitives.serialization.NoEncryption`.
+
+        This method only returns the seed form of the private key (32 bytes).
+
+        :return bytes: Raw key (32-byte seed).
+
+.. class:: MlDsa44PublicKey
+
+    .. versionadded:: 47.0
+
+    .. classmethod:: from_public_bytes(data)
+
+        :param bytes data: 1312 byte public key.
+
+        :returns: :class:`MlDsa44PublicKey`
+
+        :raises ValueError: If the public key is not 1312 bytes.
+
+        :raises cryptography.exceptions.UnsupportedAlgorithm: If ML-DSA-44 is
+            not supported by the backend ``cryptography`` is using.
+
+        .. doctest::
+            :skipif: not _backend.mldsa_supported()
+
+            >>> from cryptography.hazmat.primitives import serialization
+            >>> from cryptography.hazmat.primitives.asymmetric import mldsa
+            >>> private_key = mldsa.MlDsa44PrivateKey.generate()
+            >>> public_key = private_key.public_key()
+            >>> public_bytes = public_key.public_bytes(
+            ...     encoding=serialization.Encoding.Raw,
+            ...     format=serialization.PublicFormat.Raw
+            ... )
+            >>> loaded_public_key = mldsa.MlDsa44PublicKey.from_public_bytes(public_bytes)
+
+    .. method:: public_bytes(encoding, format)
+
+        Allows serialization of the key to bytes. Encoding (
+        :attr:`~cryptography.hazmat.primitives.serialization.Encoding.PEM`,
+        :attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER`, or
+        :attr:`~cryptography.hazmat.primitives.serialization.Encoding.Raw`) and
+        format (
+        :attr:`~cryptography.hazmat.primitives.serialization.PublicFormat.SubjectPublicKeyInfo`
+        or
+        :attr:`~cryptography.hazmat.primitives.serialization.PublicFormat.Raw`
+        ) are chosen to define the exact serialization.
+
+        :param encoding: A value from the
+            :class:`~cryptography.hazmat.primitives.serialization.Encoding` enum.
+
+        :param format: A value from the
+            :class:`~cryptography.hazmat.primitives.serialization.PublicFormat`
+            enum. If the ``encoding`` is
+            :attr:`~cryptography.hazmat.primitives.serialization.Encoding.Raw`
+            then ``format`` must be
+            :attr:`~cryptography.hazmat.primitives.serialization.PublicFormat.Raw`
+            , otherwise it must be
+            :attr:`~cryptography.hazmat.primitives.serialization.PublicFormat.SubjectPublicKeyInfo`.
+
+        :returns bytes: The public key bytes.
+
+    .. method:: public_bytes_raw()
+
+        Allows serialization of the key to raw bytes. This method is a
+        convenience shortcut for calling :meth:`public_bytes` with
+        :attr:`~cryptography.hazmat.primitives.serialization.Encoding.Raw`
+        encoding and
+        :attr:`~cryptography.hazmat.primitives.serialization.PublicFormat.Raw`
+        format.
+
+        :return bytes: 1312-byte raw public key.
+
+    .. method:: verify(signature, data, context=None)
+
+        Verify a signature using ML-DSA-44. If a context string was used during
+        signing, the same context must be provided for verification to succeed.
+
+        :param signature: The signature to verify.
+        :type signature: :term:`bytes-like`
+
+        :param data: The data to verify.
+        :type data: :term:`bytes-like`
+
+        :param context: An optional context string (up to 255 bytes) that was
+            used during signing.
+        :type context: :term:`bytes-like` or ``None``
+
+        :returns: None
+        :raises cryptography.exceptions.InvalidSignature: Raised when the
+            signature cannot be verified.
+        :raises ValueError: If the context is longer than 255 bytes.
+
 .. class:: MlDsa65PrivateKey
 
     .. versionadded:: 47.0

src/cryptography/hazmat/bindings/_rust/openssl/mldsa.pyi

@@ -5,9 +5,14 @@
 from cryptography.hazmat.primitives.asymmetric import mldsa
 from cryptography.utils import Buffer
 
+class MlDsa44PrivateKey: ...
+class MlDsa44PublicKey: ...
 class MlDsa65PrivateKey: ...
 class MlDsa65PublicKey: ...
 
+def generate_mldsa44_key() -> mldsa.MlDsa44PrivateKey: ...
+def from_mldsa44_public_bytes(data: bytes) -> mldsa.MlDsa44PublicKey: ...
+def from_mldsa44_seed_bytes(data: Buffer) -> mldsa.MlDsa44PrivateKey: ...
 def generate_mldsa65_key() -> mldsa.MlDsa65PrivateKey: ...
 def from_mldsa65_public_bytes(data: bytes) -> mldsa.MlDsa65PublicKey: ...
 def from_mldsa65_seed_bytes(data: Buffer) -> mldsa.MlDsa65PrivateKey: ...

src/cryptography/hazmat/primitives/asymmetric/mldsa.py

@@ -12,6 +12,149 @@
 from cryptography.utils import Buffer
 
 
+class MlDsa44PublicKey(metaclass=abc.ABCMeta):
+    @classmethod
+    def from_public_bytes(cls, data: bytes) -> MlDsa44PublicKey:
+        from cryptography.hazmat.backends.openssl.backend import backend
+
+        if not backend.mldsa_supported():
+            raise UnsupportedAlgorithm(
+                "ML-DSA-44 is not supported by this backend.",
+                _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM,
+            )
+
+        return rust_openssl.mldsa.from_mldsa44_public_bytes(data)
+
+    @abc.abstractmethod
+    def public_bytes(
+        self,
+        encoding: _serialization.Encoding,
+        format: _serialization.PublicFormat,
+    ) -> bytes:
+        """
+        The serialized bytes of the public key.
+        """
+
+    @abc.abstractmethod
+    def public_bytes_raw(self) -> bytes:
+        """
+        The raw bytes of the public key.
+        Equivalent to public_bytes(Raw, Raw).
+
+        The public key is 1,312 bytes for MLDSA-44.
+        """
+
+    @abc.abstractmethod
+    def verify(
+        self,
+        signature: Buffer,
+        data: Buffer,
+        context: Buffer | None = None,
+    ) -> None:
+        """
+        Verify the signature.
+        """
+
+    @abc.abstractmethod
+    def __eq__(self, other: object) -> bool:
+        """
+        Checks equality.
+        """
+
+    @abc.abstractmethod
+    def __copy__(self) -> MlDsa44PublicKey:
+        """
+        Returns a copy.
+        """
+
+    @abc.abstractmethod
+    def __deepcopy__(self, memo: dict) -> MlDsa44PublicKey:
+        """
+        Returns a deep copy.
+        """
+
+
+if hasattr(rust_openssl, "mldsa"):
+    MlDsa44PublicKey.register(rust_openssl.mldsa.MlDsa44PublicKey)
+
+
+class MlDsa44PrivateKey(metaclass=abc.ABCMeta):
+    @classmethod
+    def generate(cls) -> MlDsa44PrivateKey:
+        from cryptography.hazmat.backends.openssl.backend import backend
+
+        if not backend.mldsa_supported():
+            raise UnsupportedAlgorithm(
+                "ML-DSA-44 is not supported by this backend.",
+                _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM,
+            )
+
+        return rust_openssl.mldsa.generate_mldsa44_key()
+
+    @classmethod
+    def from_seed_bytes(cls, data: Buffer) -> MlDsa44PrivateKey:
+        from cryptography.hazmat.backends.openssl.backend import backend
+
+        if not backend.mldsa_supported():
+            raise UnsupportedAlgorithm(
+                "ML-DSA-44 is not supported by this backend.",
+                _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM,
+            )
+
+        return rust_openssl.mldsa.from_mldsa44_seed_bytes(data)
+
+    @abc.abstractmethod
+    def public_key(self) -> MlDsa44PublicKey:
+        """
+        The MlDsa44PublicKey derived from the private key.
+        """
+
+    @abc.abstractmethod
+    def private_bytes(
+        self,
+        encoding: _serialization.Encoding,
+        format: _serialization.PrivateFormat,
+        encryption_algorithm: _serialization.KeySerializationEncryption,
+    ) -> bytes:
+        """
+        The serialized bytes of the private key.
+
+        This method only returns the serialization of the seed form of the
+        private key, never the expanded one.
+        """
+
+    @abc.abstractmethod
+    def private_bytes_raw(self) -> bytes:
+        """
+        The raw bytes of the private key.
+        Equivalent to private_bytes(Raw, Raw, NoEncryption()).
+
+        This method only returns the seed form of the private key (32 bytes).
+        """
+
+    @abc.abstractmethod
+    def sign(self, data: Buffer, context: Buffer | None = None) -> bytes:
+        """
+        Signs the data.
+        """
+
+    @abc.abstractmethod
+    def __copy__(self) -> MlDsa44PrivateKey:
+        """
+        Returns a copy.
+        """
+
+    @abc.abstractmethod
+    def __deepcopy__(self, memo: dict) -> MlDsa44PrivateKey:
+        """
+        Returns a deep copy.
+        """
+
+
+if hasattr(rust_openssl, "mldsa"):
+    MlDsa44PrivateKey.register(rust_openssl.mldsa.MlDsa44PrivateKey)
+
+
 class MlDsa65PublicKey(metaclass=abc.ABCMeta):
     @classmethod
     def from_public_bytes(cls, data: bytes) -> MlDsa65PublicKey: