Skip to content

Commit 2151784

Browse files
cr7pt0onlykey
cr7pt0
authored and
onlykey
committed
feat: Add ML-KEM-768 (FIPS 203) post-quantum KEM support
Integrates mlkem-native (Apache-2.0/MIT/ISC) for ML-KEM-768 key encapsulation on the OnlyKey hardware token. New capabilities: - ML-KEM-768 keypair generation (KEYTYPE_MLKEM768 = 5) - ML-KEM-768 decapsulation (recover shared secret from ciphertext) - ML-KEM-768 public key retrieval from stored keypair Implementation details: - Uses mlkem-native v1.0.0 C-only portable backend (no assembly) - All C code is CBMC-verified memory-safe - RNG bridged to ArduinoLibs RNG.rand() via MLK_CONFIG_CUSTOM_RANDOMBYTES - Secret key (2400 bytes) stored AES-GCM encrypted in flash sectors 10-11 (repurposed from FIDO2 resident key slots 5-8) - Runtime scratch uses existing ctap_buffer (no new static allocations) - PACKET_BUFFER_SIZE bumped 768->1088 for ML-KEM ciphertext transport - LARGE_BUFFER_SIZE bumped 1024->1088 (no extra RAM, shifts within ctap_buffer) - Total new RAM cost: 320 bytes Protocol: - Keygen: OKGENKEY slot=133 -> returns PK (1184 bytes) - Get PK: OKGETPUBKEY slot=133 -> returns PK (1184 bytes) - Decaps: OKDECRYPT slot=133, payload=CT (1088 bytes) -> returns SS (32 bytes) Files added: - mlkem_native/ - mlkem-native library (C90, FIPS 203 compliant) Files modified: - onlykey/okcore.h - KEYTYPE_MLKEM768, size defines, buffer size bumps - onlykey/okcore.cpp - Flash storage for ML-KEM secret key - onlykey/okcrypto.h - ML-KEM function declarations - onlykey/okcrypto.cpp - ML-KEM operations and dispatch hooks
1 parent 20e1623 commit 2151784

41 files changed

Lines changed: 10374 additions & 2 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,3 +46,4 @@ Network Trash Folder
4646
Temporary Items
4747
.apdisk
4848
.vscode/settings.json
49+
mlkem_native/test/test_mlkem768

licenses.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,17 @@ at your option.
1919
https://github.com/trustcrypto/libraries/blob/master/mbedtls-2.4.0/apache-2.0.txt
2020
https://www.apache.org/licenses/LICENSE-2.0
2121

22+
## mlkem-native (ML-KEM / FIPS 203)
23+
https://github.com/pq-code-package/mlkem-native
24+
25+
Licensed under your choice of:
26+
27+
Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
28+
ISC License (https://opensource.org/licenses/ISC)
29+
MIT License (https://opensource.org/licenses/MIT)
30+
31+
Post-Quantum Cryptography Alliance, a project of the Linux Foundation.
32+
2233
## Base64, Sha1, Sha256
2334

2435
https://github.com/B-Con/crypto-algorithms

0 commit comments

Comments
 (0)