Skip to content

Commit fa4142d

Browse files
JacobBarthelmehJacobBarthelmeh
authored
Merge pull request #67 from kojiws/koji/support_mlkem
Support ML-KEM
2 parents 0d345aa + 2e2d9cd commit fa4142d

File tree

4 files changed

+1002
-2
lines changed

4 files changed

+1002
-2
lines changed

docs/asymmetric.rst

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -81,3 +81,35 @@ ECC
8181
.. autoclass:: EccPrivate
8282
:members:
8383
:inherited-members:
84+
85+
ML-KEM
86+
------
87+
88+
.. autoclass:: MlKemType
89+
:show-inheritance:
90+
91+
.. autoclass:: MlKemPublic
92+
:private-members:
93+
:members:
94+
:inherited-members:
95+
96+
.. autoclass:: MlKemPrivate
97+
:members:
98+
:inherited-members:
99+
100+
**Example:**
101+
102+
>>> from wolfcrypt.ciphers import MlKemType, MlKemPrivate, MlKemPublic
103+
>>>
104+
>>> mlkem_type = MlKemType.ML_KEM_512
105+
>>>
106+
>>> mlkem_priv = MlKemPrivate.make_key(mlkem_type)
107+
>>> pub_key = mlkem_priv.encode_pub_key()
108+
>>>
109+
>>> mlkem_pub = MlKemPublic(mlkem_type)
110+
>>> mlkem_pub.decode_key(pub_key)
111+
>>> ss_send, ct = mlkem_pub.encapsulate()
112+
>>>
113+
>>> ss_recv = mlkem_priv.decapsulate(ct)
114+
>>> ss_send == ss_recv
115+
True

scripts/build_ffi.py

Lines changed: 33 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -232,6 +232,9 @@ def make_flags(prefix, fips):
232232
flags.append("--enable-pwdbased")
233233
flags.append("--enable-pkcs7")
234234

235+
# ML-KEM
236+
flags.append("--enable-kyber")
237+
235238
# disabling other configs enabled by default
236239
flags.append("--disable-oldtls")
237240
flags.append("--disable-oldnames")
@@ -442,6 +445,8 @@ def build_ffi(local_wolfssl, features):
442445
#include <wolfssl/wolfcrypt/curve25519.h>
443446
#include <wolfssl/wolfcrypt/poly1305.h>
444447
#include <wolfssl/wolfcrypt/chacha20_poly1305.h>
448+
#include <wolfssl/wolfcrypt/kyber.h>
449+
#include <wolfssl/wolfcrypt/wc_kyber.h>
445450
"""
446451

447452
init_source_string = """
@@ -478,6 +483,7 @@ def build_ffi(local_wolfssl, features):
478483
int AESGCM_STREAM_ENABLED = """ + str(features["AESGCM_STREAM"]) + """;
479484
int RSA_PSS_ENABLED = """ + str(features["RSA_PSS"]) + """;
480485
int CHACHA20_POLY1305_ENABLED = """ + str(features["CHACHA20_POLY1305"]) + """;
486+
int ML_KEM_ENABLED = """ + str(features["ML_KEM"]) + """;
481487
"""
482488

483489
ffibuilder.set_source( "wolfcrypt._ffi", init_source_string,
@@ -513,6 +519,7 @@ def build_ffi(local_wolfssl, features):
513519
extern int AESGCM_STREAM_ENABLED;
514520
extern int RSA_PSS_ENABLED;
515521
extern int CHACHA20_POLY1305_ENABLED;
522+
extern int ML_KEM_ENABLED;
516523
517524
typedef unsigned char byte;
518525
typedef unsigned int word32;
@@ -922,6 +929,30 @@ def build_ffi(local_wolfssl, features):
922929
int wolfCrypt_GetPrivateKeyReadEnable_fips(enum wc_KeyType);
923930
"""
924931

932+
if features["ML_KEM"]:
933+
cdef += """
934+
static const int WC_ML_KEM_512;
935+
static const int WC_ML_KEM_768;
936+
static const int WC_ML_KEM_1024;
937+
static const int INVALID_DEVID;
938+
typedef struct {...; } KyberKey;
939+
int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len);
940+
int wc_KyberKey_SharedSecretSize(KyberKey* key, word32* len);
941+
int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len);
942+
int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len);
943+
int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId);
944+
void wc_KyberKey_Free(KyberKey* key);
945+
int wc_KyberKey_MakeKey(KyberKey* key, WC_RNG* rng);
946+
int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand, int len);
947+
int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len);
948+
int wc_KyberKey_DecodePublicKey(KyberKey* key, const unsigned char* in, word32 len);
949+
int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss, WC_RNG* rng);
950+
int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct, unsigned char* ss, const unsigned char* rand, int len);
951+
int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, const unsigned char* ct, word32 len);
952+
int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out, word32 len);
953+
int wc_KyberKey_DecodePrivateKey(KyberKey* key, const unsigned char* in, word32 len);
954+
"""
955+
925956
ffibuilder.cdef(cdef)
926957

927958
def main(ffibuilder):
@@ -951,7 +982,8 @@ def main(ffibuilder):
951982
"WC_RNG_SEED_CB": 0,
952983
"AESGCM_STREAM": 1,
953984
"RSA_PSS": 1,
954-
"CHACHA20_POLY1305": 1
985+
"CHACHA20_POLY1305": 1,
986+
"ML_KEM": 1
955987
}
956988

957989
# Ed448 requires SHAKE256, which isn't part of the Windows build, yet.

0 commit comments

Comments
 (0)