Skip to content

[release/10.0] Composite ML-DSA Draft 12 and 13 updates (#120601, #120961)#121555

Merged
artl93 merged 3 commits intorelease/10.0from
copilot/backport-pr-120601-to-release-10-0
Nov 14, 2025
Merged

[release/10.0] Composite ML-DSA Draft 12 and 13 updates (#120601, #120961)#121555
artl93 merged 3 commits intorelease/10.0from
copilot/backport-pr-120601-to-release-10-0

Conversation

Copy link
Contributor

Copilot AI commented Nov 12, 2025
edited
Loading

Backport of #120601 and #120961 to release/10.0

Description

Backports Draft 12 and Draft 13 spec changes for Composite ML-DSA. This PR combines two related updates:

Draft 12 changes (#120601):

  • Mandate parameters field in ECPrivateKey (previously omitted)
  • CompositeMLDsaAlgorithm.cs: Calculate parameters field size for EC curves (P256/P384/P521/brainpool variants)
  • CompositeMLDsaManaged.ECDsa.cs: Validate parameters presence and curve match; write parameters with context-specific tag [0]
  • CompositeMLDsaManaged.cs: Update spec references from draft-08 to draft-12
  • Test updates: Add validation for wrong/missing/implicit/explicit curves; update expected key sizes per spec Table 4

Draft 13 changes (#120961):

  • Update OIDs from experimental range (2.16.840.1.114027.80.9.1.) to official IANA-assigned range (1.3.6.1.5.5.7.6.)
  • Oids.cs: Update all Composite ML-DSA OID constants to new range
  • CompositeMLDsaManaged.cs: Add "ECDSA" to domain separation strings (e.g., "COMPSIG-MLDSA65-P256-SHA512" → "COMPSIG-MLDSA65-ECDSA-P256-SHA512")
  • Test data and helpers: Update to reflect new OIDs and domain strings

Customer Impact

Without these fixes, Composite ML-DSA keys generated in .NET 10 would not conform to Draft 12 and Draft 13 of the IETF spec, causing interoperability failures with other implementations following the updated standards.

Regression

No. This updates implementation to match spec evolution from Draft 8 to Draft 13.

Testing

All 1,015 CompositeMLDsa tests pass. Added test coverage for:

  • Wrong curve OID rejection
  • Missing parameters rejection
  • Implicit curve parameters rejection
  • Explicit curve parameters rejection
  • Correct parameter serialization for all supported curves
  • New OID and domain string validation

Risk

Low. Changes are confined to Composite ML-DSA implementation (preview feature). Validates existing behavior is maintained while adding required spec compliance. Breaking changes are intentional and necessary for spec conformance.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@PranavSenthilnathan @vcsjones
Require parameters in ECPrivateKey for Composite ML-DSA (#120601)
3e8973d 
[Draft
12](https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pq-composite-sigs-12)
of the Composite ML-DSA spec now requires the parameters to be present
for `ECPrivateKey`. This PR implements these changes in our managed
Composite ML-DSA implementation.

---------

Co-authored-by: Kevin Jones <[email protected]>
Copilot AI changed the title [WIP] Backport changes from PR 120601 to release/10.0 branch Backport #120601: Require parameters in ECPrivateKey for Composite ML-DSA Nov 12, 2025
@PranavSenthilnathan PranavSenthilnathan changed the title Backport #120601: Require parameters in ECPrivateKey for Composite ML-DSA [release/10.0] Require parameters in ECPrivateKey for Composite ML-DSA (#120601) Nov 12, 2025
@PranavSenthilnathan PranavSenthilnathan marked this pull request as ready for review November 12, 2025 18:43
Copilot AI review requested due to automatic review settings November 12, 2025 18:43
@dotnet-policy-service
Copy link
Contributor

dotnet-policy-service bot commented Nov 12, 2025

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Copilot AI reviewed Nov 12, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR backports Draft 12 specification changes for Composite ML-DSA that mandate the presence of the parameters field in ECPrivateKey structures. Previously, per Draft 8, parameters were omitted; now they must be present with the correct named curve OID for spec conformance.

  • Updates ECPrivateKey serialization to include mandatory parameters field with context-specific tag [0]
  • Adds validation to reject keys with missing, wrong, implicit, or explicit curve parameters
  • Updates expected key sizes in tests to match Draft 12 spec Table 4

Reviewed Changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated no comments.

Show a summary per file
File Description
CompositeMLDsaAlgorithm.cs Calculates parameter field size for each EC curve variant (P256/P384/P521/brainpool) based on their DER-encoded OID sizes
CompositeMLDsaManaged.ECDsa.cs Validates parameters presence and curve match on import; writes parameters field with correct ASN.1 tag on export
CompositeMLDsaManaged.cs Updates spec reference comments from draft-08 to draft-12
CompositeMLDsaTestHelpers.cs Updates expected private key size bounds to exact values per Draft 12 Table 4 for all ECDSA variants
CompositeMLDsaFactoryTests.cs Adds comprehensive test coverage for parameter validation: wrong curve, missing parameters, implicit curves, explicit curves

This was referenced Nov 12, 2025
Open
Open
Closed
Open
PranavSenthilnathan
PranavSenthilnathan requested changes Nov 13, 2025
View reviewed changes
Copy link
Member

@PranavSenthilnathan PranavSenthilnathan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot Also cherry pick the changes from #120961 into this PR. Its commit is efb3990.

Copy link
Contributor Author

Copilot AI commented Nov 13, 2025
edited
Loading

@copilot Also cherry pick the changes from #120961 into this PR. Its commit is efb3990.

Cherry-picked commit efb3990 which updates to Draft 13 of Composite ML-DSA. All 1,015 CompositeMLDsa tests pass. Changes include:

  • Updated OIDs to official IANA range (1.3.6.1.5.5.7.6.*)
  • Added "ECDSA" to domain separation strings
  • Refreshed test data

Commit: 6970266

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • http://www.microsoft.com:80/pki/certs/MicCodSigPCA_08-31-2010.crt
    • Triggering command: /home/REDACTED/work/runtime/runtime/artifacts/bin/testhost/net10.0-linux-Debug-x64/dotnet exec --runtimeconfig System.Security.Cryptography.Tests.runtimeconfig.json --depsfile System.Security.Cryptography.Tests.deps.json /home/REDACTED/.nuget/packages/microsoft.dotnet.xunitconsoleREDACTED/2.9.3-beta.25515.111/build/../tools/net/xunit.console.dll System.Security.Cryptography.Tests.dll -xml testResults.xml -nologo -notrait category=OuterLoop -notrait category=failing (http block)
  • http://www.microsoft.com:80/pki/mscorp/Microsoft%20RSA%20TLS%20CA%2001.crt
    • Triggering command: /home/REDACTED/work/runtime/runtime/artifacts/bin/testhost/net10.0-linux-Debug-x64/dotnet exec --runtimeconfig System.Security.Cryptography.Tests.runtimeconfig.json --depsfile System.Security.Cryptography.Tests.deps.json /home/REDACTED/.nuget/packages/microsoft.dotnet.xunitconsoleREDACTED/2.9.3-beta.25515.111/build/../tools/net/xunit.console.dll System.Security.Cryptography.Tests.dll -xml testResults.xml -nologo -notrait category=OuterLoop -notrait category=failing (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI changed the title [release/10.0] Require parameters in ECPrivateKey for Composite ML-DSA (#120601) [release/10.0] Composite ML-DSA Draft 12 and 13 updates (#120601, #120961) Nov 13, 2025
@PranavSenthilnathan
Copy link
Member

PranavSenthilnathan commented Nov 13, 2025

/ba-g android timeouts and #70450

@rbhanda rbhanda added this to the 10.0.1 milestone Nov 13, 2025
@artl93 artl93 added the Servicing-approved Approved for servicing release label Nov 14, 2025
@artl93 artl93 merged commit 138d5fe into release/10.0 Nov 14, 2025
77 of 88 checks passed
@artl93 artl93 deleted the copilot/backport-pr-120601-to-release-10-0 branch November 14, 2025 03:51
@github-actions github-actions bot locked and limited conversation to collaborators Dec 14, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

@artl93 artl93 artl93 approved these changes

@bartonjs bartonjs bartonjs approved these changes

@jeffhandley jeffhandley Awaiting requested review from jeffhandley

+1 more reviewer

@PranavSenthilnathan PranavSenthilnathan PranavSenthilnathan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@PranavSenthilnathan PranavSenthilnathan

Copilot code review Copilot

Labels

area-System.Security Servicing-approved Approved for servicing release

Projects

None yet

Milestone

10.0.1

Development

Successfully merging this pull request may close these issues.

6 participants

@PranavSenthilnathan @artl93 @bartonjs @rbhanda