ML-DSA support on CryptoKit #120550
Description
Apple introduced ML-DSA in CryptoKit in Apple Platform 26. We should light up MLDsa on Apple platforms with CryptoKit.
Some notable details on CryptoKit.
-
No Security Category < 3, so that means ML-DSA-44 parameter set is not supported.
-
CryptoKit does not support FIPS-204 private keys. Only private seeds. Practically, that means
ExportMLDsaPrivateKey,ExportMLDsaPrivateKeyPem, and their import variants are going to throwPlatformNotSupportedException. -
We need to decide how PKCS#8 imports work. ML-DSA private keys, as of IETF draft 13, are
seed,expandedKey, andboth.seedwill work just work.expandedKeyis going to throw.both, we can do one of two ways. The challenge here is what to do withexpandedKeyin the SEQUENCE. We have no ability to validate theexpandedKey. We can ignore it (inconsistent with other platforms, as well as allowing inconsistencies in private key structures) and just import the seed, or we can always throw because don't have the information needed to validate theexpandedKey. Throwing is tempted, except for the fact that by default OpenSSL CLI producesbothif the key has a seed. So OpenSSL CLI will create PKCS#8 private keys that arebothif it can. This is different from .NET on OpenSSL however, where we will always produceseedif we can, otherwiseexpandedKey, but never both.
-
No X.509 or key services support. Apple does not support certificates with ML-DSA signatures or keys. So this support from CryptoKit only offers
MLDsaprimitive support. That meansX509Certificate2APIs that work with keys will not be supported. SubjectPublicKeyInfo onX509Certificate2and inPublicKeyare going to work. -
No external Mu support.
-
No PreHash support.