Add SPDM 1.4 ML-KEM post-quantum key exchange (FIPS 203)#18
Merged
Conversation
…pcheck redundant assign, KEY_EXCHANGE/reconnect tests, rename PQC workflow
…write, validate kemMask, fail-fast test, ML-KEM-only CI
…EM ct-size read, ML-KEM-only transcript budget, parse/negotiate tests, configure probe, doc comment
…ale kemAlgSel, robust emu cleanup in CI
…API/helper error-path tests
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds standalone ML-KEM key exchange (DSP0274 1.4.0, FIPS 203) to the requester — the final post-quantum piece from issue #10, completing a fully post-quantum SPDM handshake (ML-KEM key exchange + ML-DSA signing).
Spec grounding (DSP0274 1.4.0)
Authoritative facts from the 1.4.0 text — ML-KEM is standalone, not hybrid (section 23.5: "No support for hybrid algorithms"). The requester sends the encapsulation key
ekin KEY_EXCHANGE; the responder returns ciphertextc; the requester decapsulates to a 32-byteK'that feeds the existing key schedule in place of the ECDH secret. KEMAlg AlgStruct = AlgType0x07; ML-KEM-512/768/1024 =0x01/0x02/0x04(cross-checked vs libspdm 3.8).What's here
--enable-mlkemgate (auto fromWOLFSSL_HAVE_MLKEM),wc_MlKemKey_*API only.ek; KEY_EXCHANGE_RSP decapsulatesctoK'; zero new allocation; ephemeral key union withecc_key.wolfSPDM_SetKeyExchangePref+ demo--kex ecdhe|mlkem512|mlkem768|mlkem1024.Testing
K==K'round trip, KEM negotiation offsets, DHE-xor-KEM mutual exclusivity. Passes across mldsa+mlkem / classical / mlkem-only / mldsa-only; strict-Werror -Wconversion -Wshadowclean; no bare scopes; nowc_kybertokens.