Google Git
Sign in
pigweed/third_party/github/cose-wg/COSE-C/refs/heads/pigweed^!/.
commit
ed175db8ab048224c3b7d8596f023e6c8bea7348
[log]
author
Vikram Gaur <vikramgaur@google.com>
Thu Feb 19 12:47:51 2026 -0800
committer
Vikram Gaur <vikramgaur@google.com>
Thu Feb 19 12:47:51 2026 -0800
tree
cece866983f23c850b3878963b4f25b71197dda0
parent
97d1805e71b7a6770093c5e6790d46611680d563 [diff]
Add ML-DSA support for COSE sign1

Add the new AKP key type parameter and public key label for AKP.
Everything currently is hidden behind USE_MLDSA macro enabling which
would need the implementation for MLDSA_Verify and MLDSA_Sign. This CL
only adds the MLDSA support for Sign1 construct.

Bug: 476101020
Test: Ran locally in open-dice repo
Change-Id: I6c9f047a7b0b560d5606c19663aee6265b55d524
Reviewed-on: https://pigweed-review.googlesource.com/c/third_party/github/cose-wg/COSE-C/+/377112

diff --git a/include/cose/cose.h b/include/cose/cose.h
index c9a5783..824cb8e 100644
--- a/include/cose/cose.h
+++ b/include/cose/cose.h

@@ -160,7 +160,10 @@
 
 	COSE_Algorithm_ECDSA_SHA_256 = -7,
 	COSE_Algorithm_ECDSA_SHA_384 = -35,
-	COSE_Algorithm_ECDSA_SHA_512 = -36
+	COSE_Algorithm_ECDSA_SHA_512 = -36,
+
+	COSE_Algorithm_MLDSA_65 = -49,
+	COSE_Algorithm_MLDSA_87 = -50
 } COSE_Algorithms;
 
 typedef enum {
@@ -198,6 +201,7 @@
 	COSE_Key_Type_OKP = 1,
 	COSE_Key_Type_EC2 = 2,
 	COSE_Key_Type_OCTET = 4,
+	COSE_Key_Type_AKP = 7,
 	COSE_Key_Type = 1,
 	COSE_Key_ID = 2,
 	COSE_Parameter_KID = 4,
@@ -205,7 +209,8 @@
 	COSE_Key_EC2_X = -2,
 	COSE_Key_EC2_Y = -3,
 	COSE_Key_OPK_Curve = -1,
-	COSE_Key_OPK_X = -2
+	COSE_Key_OPK_X = -2,
+	COSE_Key_AKP_Pub = -1
 } COSE_Constants;
 
 typedef enum {

diff --git a/src/Sign1.cpp b/src/Sign1.cpp
index efd7775..d52c98e 100644
--- a/src/Sign1.cpp
+++ b/src/Sign1.cpp

@@ -572,6 +572,14 @@
 			break;
 #endif
 
+#ifdef USE_MLDSA
+		case COSE_Algorithm_MLDSA_65:
+		case COSE_Algorithm_MLDSA_87:
+			f = MLDSA_Sign(&pSigner->m_message, INDEX_SIGNATURE + 1, pKey,
+				pbToSign, cbToSign, perr);
+			break;
+#endif
+
 		default:
 			FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
 	}
@@ -658,6 +666,16 @@
 			break;
 #endif
 
+#ifdef USE_MLDSA
+		case COSE_Algorithm_MLDSA_65:
+		case COSE_Algorithm_MLDSA_87:
+			if (!MLDSA_Verify(&pSign->m_message, INDEX_SIGNATURE + 1, pKey,
+					pbToSign, cbToSign, perr)) {
+				goto errorReturn;
+			}
+			break;
+#endif
+
 		default:
 			FAIL_CONDITION(COSE_ERR_UNKNOWN_ALGORITHM);
 			break;

diff --git a/src/cose_crypto.h b/src/cose_crypto.h
index 4081296..12d4578 100644
--- a/src/cose_crypto.h
+++ b/src/cose_crypto.h

@@ -194,6 +194,21 @@
 	size_t cbToSign,
 	cose_errback* perr);
 
+#ifdef USE_MLDSA
+bool MLDSA_Sign(COSE* pSigner,
+	int index,
+	COSE_KEY* pKey,
+	const byte* rgbToSign,
+	size_t cbToSign,
+	cose_errback* perr);
+bool MLDSA_Verify(COSE* pSigner,
+	int index,
+	COSE_KEY* pKey,
+	const byte* rgbToSign,
+	size_t cbToSign,
+	cose_errback* perr);
+#endif
+
 /**
  *  Generate random bytes in a buffer
  *