Backport ML-KEM for SCOSSL 1.10#171
Conversation
* Boilerplate mlkem kem and keymgmt interfaces * ML-KEM key management * ML-KEM KEM interface * Update to latest APIs * ML-KEM decoder * MLKEM PEM and DER encoder. Refactor decoder * Consolidate ML-KEM decoder * MLKEM text encoder and bugfixes * Start of hybrid implementation * ML-KEM hyrbid key management * Expose classic ECDH functions for ML-KEM hybrid * ML-KEM hybrid * Cleanup ecc usage from mlkem keymgmt * Cleanup ML-KEM hybrid and register algorithms * Bugfixes for compatibility with public PQ endpoints * Fix ordering for non-x25519 hybrid and add P384MLKEM1024 * Rebase cleanup * Cleanup * Cleanup and refactoring * Fix TLS names * Use new debug logging for symcrypt errors * PR comments * PR comments * Only copy modified private bits with key material * PR comments and cleanup * Merge branch 'main' into mamckee-ml-kem * PR comments * Fix ML-KEM constants
…cations (#133) * Refactor logic to avoid use of uninitialized memory and improve consistency * Fix up a few more nitpicks + Potential memory leak in common gcm init ctx (never hit with provider, but could be hit from engine) + Consistency of dupctx ERR and assignment * Fix some unhandled OPENSSL_strdup failures
* Stub out ML-KEM interfaces * Split mlkem standalone key management * Standalone MLKEM * Hybrid key management * Re-add hybrid ML-KEM * Separate ML-KEM decoders * Separate MLKEM encoders * Cleanup * Add comment indicating hybrids are only for TLS * Cleanup and add explicit ikme rejection * Add mlkem evp_test * PR comments * Don't use boolean operators on SCOSSL_STATUS
There was a problem hiding this comment.
Pull request overview
This PR backports ML-KEM and ML-KEM-hybrid support into the SymCrypt provider for the SCOSSL 1.10 release line, including key management, KEM operations, and OpenSSL encoder/decoder integration, plus TLS group capability updates.
Changes:
- Add ML-KEM (512/768/1024) KEM + keymgmt, and ML-KEM hybrid KEM + keymgmt (X25519/P-256/P-384 hybrids).
- Add DER/PEM/text encoders and DER decoders for ML-KEM keys, plus shared encode/decode helper infrastructure.
- Introduce a core-BIO wrapper for encoder/decoder I/O and register new TLS group capability metadata (including KEM groups).
Reviewed changes
Copilot reviewed 25 out of 26 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| SymCryptProvider/src/p_scossl_ecc.h | Adds #pragma once to the ECC provider header. |
| SymCryptProvider/src/p_scossl_bio.h | Declares core-BIO dispatch wiring and provider-side BIO helpers for encoding/decoding. |
| SymCryptProvider/src/p_scossl_bio.c | Implements provider BIO_METHOD backed by core BIO callbacks. |
| SymCryptProvider/src/p_scossl_base.c | Registers new KEM/keymgmt/encoder/decoder algorithms and TLS group capability metadata; initializes core BIO method. |
| SymCryptProvider/src/keymgmt/p_scossl_mlkem_keymgmt.h | Declares ML-KEM keymgmt helper APIs used by encoder/decoder and keymgmt. |
| SymCryptProvider/src/keymgmt/p_scossl_mlkem_keymgmt.c | Implements ML-KEM key generation, import/export, match/dup, and encoded key helpers. |
| SymCryptProvider/src/keymgmt/p_scossl_mlkem_hybrid_keymgmt.c | Implements hybrid (classic + ML-KEM) keymgmt including import/export and encoding layout rules. |
| SymCryptProvider/src/keyexch/p_scossl_ecdh.h | Exposes ECDH provider context helpers for re-use by hybrid KEM implementation. |
| SymCryptProvider/src/keyexch/p_scossl_ecdh.c | Refactors ECDH context type/entry points to be externally reusable. |
| SymCryptProvider/src/kem/p_scossl_mlkem.h | Declares ML-KEM group metadata, key context, and registration/parameter helpers. |
| SymCryptProvider/src/kem/p_scossl_mlkem.c | Implements ML-KEM KEM operations and algorithm/NID registration helpers. |
| SymCryptProvider/src/kem/p_scossl_mlkem_hybrid.h | Declares hybrid key context structure. |
| SymCryptProvider/src/kem/p_scossl_mlkem_hybrid.c | Implements hybrid KEM encaps/decaps combining ECDH + ML-KEM with group-dependent layout. |
| SymCryptProvider/src/kem/p_scossl_mlkem_hybrid_ecc.h | Declares hybrid-specific ECC helper routines for ephemeral ECDH handling. |
| SymCryptProvider/src/kem/p_scossl_mlkem_hybrid_ecc.c | Implements ECC import/export/dup/gen helpers for hybrid classic components. |
| SymCryptProvider/src/encoder/p_scossl_encode_mlkem.c | Adds encoders for ML-KEM PrivateKeyInfo / EncryptedPrivateKeyInfo / SPKI and text output. |
| SymCryptProvider/src/encoder/p_scossl_encode_common.h | Adds shared encoder framework types/helpers used by ML-KEM encoders. |
| SymCryptProvider/src/encoder/p_scossl_encode_common.c | Implements shared encoder context handling and core-BIO output bridging. |
| SymCryptProvider/src/decoder/p_scossl_decode_mlkem.c | Adds DER decoders for ML-KEM PrivateKeyInfo and SubjectPublicKeyInfo. |
| SymCryptProvider/src/decoder/p_scossl_decode_common.h | Adds shared decoder framework types/helpers used by ML-KEM decoders. |
| SymCryptProvider/src/decoder/p_scossl_decode_common.c | Implements shared decoder context handling and core-BIO input bridging. |
| SymCryptProvider/inc/scossl_provider.h | Adds ML-KEM algorithm SN/LN/OID constants and a compatibility define for OSSL_PKEY_PARAM_ML_KEM_SEED. |
| SymCryptProvider/inc/p_scossl_base.h.in | Adds BIO include and stores coreBioMeth in provider context. |
| SymCryptProvider/CMakeLists.txt | Adds new KEM/keymgmt/encoder/decoder/BIO sources to the provider build. |
| CMakeLists.txt | Bumps project version to 1.10.0. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
samuel-lee-msft
left a comment
There was a problem hiding this comment.
LGTM modulo comments; I reviewed the commits from ca4b35b onwards with focus on the diff between p_scossl_mlkem_hybrid_ecc.c and p_scossl_ecc.c, which seems to be the main new stuff for the backport - let me know if you would appreciate me looking at something else in particular
Some of the AI comments also seem legit, if nitpicky.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
This PR backports ML-KEM and ML-KEM hybrid for SCOSSL 1.10 (based on 1.9)
The following PRs are backported, with some minor bugfixes and tweaks.
#103
#153