pyca · reaperhulk · Mar 28, 2026 · Mar 2, 2026 · Mar 3, 2026 · Mar 4, 2026
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -272,6 +272,9 @@ def x448_supported(self) -> bool:
             and not rust_openssl.CRYPTOGRAPHY_IS_AWSLC
         )
 
+    def mldsa_supported(self) -> bool:
+        return rust_openssl.CRYPTOGRAPHY_IS_AWSLC
+
     def ed25519_supported(self) -> bool:
         return not self._fips_enabled
 

diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi
@@ -18,6 +18,7 @@ from cryptography.hazmat.bindings._rust.openssl import (
     hpke,
     kdf,
     keys,
+    mldsa65,
     poly1305,
     rsa,
     x448,
@@ -38,6 +39,7 @@ __all__ = [
     "hpke",
     "kdf",
     "keys",
+    "mldsa65",
     "openssl_version",
     "openssl_version_text",
     "poly1305",

diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/mldsa65.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/mldsa65.pyi
@@ -0,0 +1,13 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from cryptography.hazmat.primitives.asymmetric import mldsa65
+from cryptography.utils import Buffer
+
+class MlDsa65PrivateKey: ...
+class MlDsa65PublicKey: ...
+
+def generate_key() -> mldsa65.MlDsa65PrivateKey: ...
+def from_public_bytes(data: bytes) -> mldsa65.MlDsa65PublicKey: ...
+def from_seed_bytes(data: Buffer) -> mldsa65.MlDsa65PrivateKey: ...
diff --git a/src/cryptography/hazmat/primitives/asymmetric/mldsa65.py b/src/cryptography/hazmat/primitives/asymmetric/mldsa65.py
@@ -0,0 +1,157 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import annotations
+
+import abc
+
+from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
+from cryptography.hazmat.bindings._rust import openssl as rust_openssl
+from cryptography.hazmat.primitives import _serialization
+from cryptography.utils import Buffer
+
+
+class MlDsa65PublicKey(metaclass=abc.ABCMeta):
+    @classmethod
+    def from_public_bytes(cls, data: bytes) -> MlDsa65PublicKey:
+        from cryptography.hazmat.backends.openssl.backend import backend
+
+        if not backend.mldsa_supported():
+            raise UnsupportedAlgorithm(
+                "ML-DSA-65 is not supported by this backend.",
+                _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM,
+            )
+
+        return rust_openssl.mldsa65.from_public_bytes(data)
+
+    @abc.abstractmethod
+    def public_bytes(
+        self,
+        encoding: _serialization.Encoding,
+        format: _serialization.PublicFormat,
+    ) -> bytes:
+        """
+        The serialized bytes of the public key.
+        """
+
+    @abc.abstractmethod
+    def public_bytes_raw(self) -> bytes:
+        """
+        The raw bytes of the public key.
+        Equivalent to public_bytes(Raw, Raw).
+        """
+
+    @abc.abstractmethod
+    def verify(self, signature: Buffer, data: Buffer) -> None:
+        """
+        Verify the signature.
+        """
+
+    @abc.abstractmethod
+    def verify_with_context(
+        self, signature: Buffer, data: Buffer, context: Buffer
+    ) -> None:
+        """
+        Verify the signature with a context string.
+        """
+
+    @abc.abstractmethod
+    def __eq__(self, other: object) -> bool:
+        """
+        Checks equality.
+        """
+
+    @abc.abstractmethod
+    def __copy__(self) -> MlDsa65PublicKey:
+        """
+        Returns a copy.
+        """
+
+    @abc.abstractmethod
+    def __deepcopy__(self, memo: dict) -> MlDsa65PublicKey:
+        """
+        Returns a deep copy.
+        """
+
+
+if hasattr(rust_openssl, "mldsa65"):
+    MlDsa65PublicKey.register(rust_openssl.mldsa65.MlDsa65PublicKey)
+
+
+class MlDsa65PrivateKey(metaclass=abc.ABCMeta):
+    @classmethod
+    def generate(cls) -> MlDsa65PrivateKey:
+        from cryptography.hazmat.backends.openssl.backend import backend
+
+        if not backend.mldsa_supported():
+            raise UnsupportedAlgorithm(
+                "ML-DSA-65 is not supported by this backend.",
+                _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM,
+            )
+
+        return rust_openssl.mldsa65.generate_key()
+
+    @classmethod
+    def from_seed_bytes(cls, data: Buffer) -> MlDsa65PrivateKey:
+        from cryptography.hazmat.backends.openssl.backend import backend
+
+        if not backend.mldsa_supported():
+            raise UnsupportedAlgorithm(
+                "ML-DSA-65 is not supported by this backend.",
+                _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM,
+            )
+
+        return rust_openssl.mldsa65.from_seed_bytes(data)
+
+    @abc.abstractmethod
+    def public_key(self) -> MlDsa65PublicKey:
+        """
+        The MlDsa65PublicKey derived from the private key.
+        """
+
+    @abc.abstractmethod
+    def private_bytes(
+        self,
+        encoding: _serialization.Encoding,
+        format: _serialization.PrivateFormat,
+        encryption_algorithm: (_serialization.KeySerializationEncryption),
+    ) -> bytes:
+        """
+        The serialized bytes of the private key.
+        """
+
+    @abc.abstractmethod
+    def private_bytes_raw(self) -> bytes:
+        """
+        The raw bytes of the private key (32-byte seed).
+        Equivalent to private_bytes(Raw, Raw, NoEncryption()).
+        """
+
+    @abc.abstractmethod
+    def sign(self, data: Buffer) -> bytes:
+        """
+        Signs the data.
+        """
+
+    @abc.abstractmethod
+    def sign_with_context(self, data: Buffer, context: Buffer) -> bytes:
+        """
+        Signs the data with a context string.
+        """
+
+    @abc.abstractmethod
+    def __copy__(self) -> MlDsa65PrivateKey:
+        """
+        Returns a copy.
+        """
+
+    @abc.abstractmethod
+    def __deepcopy__(self, memo: dict) -> MlDsa65PrivateKey:
+        """
+        Returns a deep copy.
+        """
+
+
+if hasattr(rust_openssl, "mldsa65"):
+    MlDsa65PrivateKey.register(rust_openssl.mldsa65.MlDsa65PrivateKey)
diff --git a/src/cryptography/hazmat/primitives/asymmetric/types.py b/src/cryptography/hazmat/primitives/asymmetric/types.py
@@ -13,6 +13,7 @@
     ec,
     ed448,
     ed25519,
+    mldsa65,
     rsa,
     x448,
     x25519,
@@ -26,6 +27,7 @@
     ec.EllipticCurvePublicKey,
     ed25519.Ed25519PublicKey,
     ed448.Ed448PublicKey,
+    mldsa65.MlDsa65PublicKey,
     x25519.X25519PublicKey,
     x448.X448PublicKey,
 ]
@@ -42,6 +44,7 @@
     dh.DHPrivateKey,
     ed25519.Ed25519PrivateKey,
     ed448.Ed448PrivateKey,
+    mldsa65.MlDsa65PrivateKey,
     rsa.RSAPrivateKey,
     dsa.DSAPrivateKey,
     ec.EllipticCurvePrivateKey,

diff --git a/src/rust/cryptography-key-parsing/src/pkcs8.rs b/src/rust/cryptography-key-parsing/src/pkcs8.rs
@@ -108,6 +108,9 @@ pub fn parse_private_key(
             )?)
         }
 
+        #[cfg(CRYPTOGRAPHY_IS_AWSLC)]
+        AlgorithmParameters::MlDsa65 => Ok(openssl::pkey::PKey::private_key_from_der(data)?),
+
         _ => Err(KeyParsingError::UnsupportedKeyType(
             k.algorithm.oid().clone(),
         )),
@@ -440,6 +443,10 @@ pub fn serialize_private_key(
 
             (params, private_key_der)
         }
+        #[cfg(CRYPTOGRAPHY_IS_AWSLC)]
+        id if id == openssl::pkey::Id::from_raw(cryptography_openssl::mldsa::NID_PQDSA) => {
+            return Ok(pkey.private_key_to_pkcs8()?);
+        }
         _ => {
             unimplemented!("Unknown key type");
         }

diff --git a/src/rust/cryptography-key-parsing/src/spki.rs b/src/rust/cryptography-key-parsing/src/spki.rs
@@ -100,6 +100,12 @@ pub fn parse_public_key(
 
             Ok(openssl::pkey::PKey::from_dh(dh)?)
         }
+        #[cfg(CRYPTOGRAPHY_IS_AWSLC)]
+        AlgorithmParameters::MlDsa65 => Ok(cryptography_openssl::mldsa::new_raw_public_key(
+            k.subject_public_key.as_bytes(),
+        )
+        .map_err(|_| KeyParsingError::InvalidKey)?),
+
         _ => Err(KeyParsingError::UnsupportedKeyType(
             k.algorithm.oid().clone(),
         )),
@@ -214,6 +220,15 @@ pub fn serialize_public_key(
 
             (params, pub_key_der)
         }
+        #[cfg(CRYPTOGRAPHY_IS_AWSLC)]
+        id if id == openssl::pkey::Id::from_raw(cryptography_openssl::mldsa::NID_PQDSA) => {
+            let raw_bytes = pkey.raw_public_key()?;
+            if raw_bytes.len() == cryptography_openssl::mldsa::MLDSA65_PUBLIC_KEY_BYTES {
+                (AlgorithmParameters::MlDsa65, raw_bytes)
+            } else {
+                unimplemented!("Unsupported ML-DSA variant");
+            }
+        }
         _ => {
             unimplemented!("Unknown key type");
         }
@@ -254,4 +269,15 @@ mod tests {
         // Expected to panic
         _ = serialize_public_key(&pkey);
     }
+
+    #[cfg(CRYPTOGRAPHY_IS_AWSLC)]
+    #[test]
+    #[should_panic(expected = "Unsupported ML-DSA variant")]
+    fn test_serialize_public_key_unsupported_mldsa_variant() {
+        // Load an ML-DSA-44 public key from a Wycheproof test vector DER.
+        let der = include_bytes!("../../test_data/mldsa44_pub.der");
+        let pub_pkey = openssl::pkey::PKey::public_key_from_der(der).unwrap();
+        // Expected to panic with "Unsupported ML-DSA variant"
+        _ = serialize_public_key(&pub_pkey);
+    }
 }
diff --git a/src/rust/cryptography-openssl/src/lib.rs b/src/rust/cryptography-openssl/src/lib.rs
@@ -9,6 +9,8 @@ pub mod aead;
 pub mod cmac;
 pub mod fips;
 pub mod hmac;
+#[cfg(CRYPTOGRAPHY_IS_AWSLC)]
+pub mod mldsa;
 #[cfg(any(
     CRYPTOGRAPHY_IS_BORINGSSL,
     CRYPTOGRAPHY_IS_LIBRESSL,