Python cryptography already supports ML-DSA.
I need support for HashML-DSA as well. In our secure boot implementation, we hash the firmware binary and then provide the hash for verification to different digitial signature algorithms. Pure ML-DSA would require to pass the complete data to the hash function, which is inefficient regarding startup times. Just signing the hash with Pure ML-DSA does not make use of the clean context separation provided by HashML-DSA.
Instead of the complete message, HashML-DSA can create a signature based on the given hash of some input data.
According to FIPS 204 (https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf), the HashML-DSA sign function consumes a digest as message and the hash algorithm used to generate the digest as additional parameter.
Optional contexts are supported for both ML-DSA and HashML-DSA.
Python cryptography already supports ML-DSA.
I need support for HashML-DSA as well. In our secure boot implementation, we hash the firmware binary and then provide the hash for verification to different digitial signature algorithms. Pure ML-DSA would require to pass the complete data to the hash function, which is inefficient regarding startup times. Just signing the hash with Pure ML-DSA does not make use of the clean context separation provided by HashML-DSA.
Instead of the complete message, HashML-DSA can create a signature based on the given hash of some input data.
According to FIPS 204 (https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf), the HashML-DSA sign function consumes a digest as message and the hash algorithm used to generate the digest as additional parameter.
Optional contexts are supported for both ML-DSA and HashML-DSA.