Skip to content

Add ML-KEM and ML-DSA support#399

Open
aidangarske wants to merge 18 commits into
wolfSSL:masterfrom
aidangarske:pqc-support
Open

Add ML-KEM and ML-DSA support#399
aidangarske wants to merge 18 commits into
wolfSSL:masterfrom
aidangarske:pqc-support

Conversation

@aidangarske
Copy link
Copy Markdown
Member

@aidangarske aidangarske commented May 23, 2026
edited
Loading

ML-KEM (FIPS 203) and ML-DSA (FIPS 204) via wolfSSL backend.

Algorithms: ML-KEM-512/768/1024, ML-DSA-44/65/87

Opt-in: ./scripts/build-wolfprovider.sh --enable-pqc (adds --enable-mlkem --enable-mldsa --enable-experimental to wolfSSL). wolfProvider auto-detects from wolfSSL's options.h macros; older wolfSSL builds skip the PQC paths cleanly with no code changes here.

Validation: three independent paths cross-checked, all pass.

  • Internal unit tests (11 functions x 3 levels = 33 assertions) in make test
  • wolfProvider <-> OpenSSL 3.5 default provider (12 cross-pairs)
  • wolfProvider <-> wolfSSL direct wc_* API (12 cross-pairs)

CI: new wolfssl-versions-pqc.yml runs three matrix rows - pre-PQC wolfSSL, latest stable, master -- and the three-way interop validator on the PQC-enabled rows.

Test plan

  • make test passes (all 11 PQC tests + existing suite)
  • ./test/pqc_interop.test -- ALL PASS (24 cross-pairs)
  • Build against pre-PQC wolfSSL: PQC code paths skip, make test clean
  • CI green on all three matrix rows

Copilot AI review requested due to automatic review settings May 23, 2026 05:56

This comment was marked as resolved.

Sign in to view

@aidangarske aidangarske self-assigned this May 23, 2026
@aidangarske aidangarske marked this pull request as ready for review May 26, 2026 17:13
Frauschi
Frauschi requested changes May 27, 2026
View reviewed changes
Copy link
Copy Markdown

@Frauschi Frauschi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some smaller findings. The biggest "issue" imo is the usage of the now old ML-DSA API instead of the new one. But moving this to the new one should be easy.

Comment thread docs/INTEGRATION_GUIDE.md Outdated
Comment thread docs/INTEGRATION_GUIDE.md Outdated
Comment thread docs/INTEGRATION_GUIDE.md Outdated
Comment thread docs/INTEGRATION_GUIDE.md Outdated
Comment thread docs/INTEGRATION_GUIDE.md Outdated
Comment thread src/wp_mldsa_kmgmt.c Outdated
Comment thread src/wp_mldsa_kmgmt.c Outdated
Comment thread src/wp_mldsa_kmgmt.c Outdated
Comment thread src/wp_mldsa_kmgmt.c
Comment thread src/wp_mlkem_kmgmt.c
@Frauschi
Copy link
Copy Markdown

Frauschi commented May 27, 2026

Jenkins retest this please

@aidangarske aidangarske requested a review from Frauschi May 29, 2026 23:43
@aidangarske
Copy link
Copy Markdown
Member Author

aidangarske commented May 30, 2026

Jenkins retest this please

Frauschi
Frauschi approved these changes Jun 1, 2026
View reviewed changes
Copy link
Copy Markdown

@Frauschi Frauschi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Frauschi Frauschi Frauschi approved these changes

@ColtonWilley ColtonWilley Awaiting requested review from ColtonWilley

Assignees

@aidangarske aidangarske

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aidangarske @Frauschi