[PATCH 0/5] ML-KEM and X-Wing support

[Eric Biggers]

This series applies to v7.1-rc5.  It is a proof-of-concept that won't be
merged until there is an in-kernel user.  Multiple people have been
asking about this though, so I wanted to get ahead of the curve and
provide something that people can experiment with if needed.

This series adds support for "post-quantum" (i.e. quantum-resistant) key
encapsulation to the kernel's crypto library.  Specifically this
includes ML-KEM-768 and ML-KEM-1024, and the X-Wing hybrid KEM built on
top of it.  The ML-KEM functions are put in the CRYPTO_INTERNAL
namespace, as they will be used only as a component of hybrid KEMs.

It's likely this will eventually be useful for at least one of the
in-kernel users of classical key agreement schemes (currently NVMe
authentication, Bluetooth, and WireGuard).  However, the details of the
upgrade to "post-quantum" will be up to the protocol authors in each
case.  I suggest that X-Wing be chosen when possible.

Eric Biggers (5):
  lib/crypto: mlkem: Add ML-KEM-768 and ML-KEM-1024 support
  lib/crypto: mlkem: Add KUnit tests for ML-KEM
  lib/crypto: mlkem: Add FIPS 140-3 tests
  lib/crypto: xwing: Add support for X-Wing KEM
  lib/crypto: xwing: Add KUnit tests for X-Wing KEM

 Documentation/crypto/libcrypto-asymmetric.rst |   27 +
 Documentation/crypto/libcrypto-signature.rst  |   11 -
 Documentation/crypto/libcrypto.rst            |    2 +-
 include/crypto/mlkem.h                        |  159 +++
 include/crypto/xwing.h                        |   84 ++
 lib/crypto/.kunitconfig                       |    2 +
 lib/crypto/Kconfig                            |   17 +
 lib/crypto/Makefile                           |   10 +
 lib/crypto/fips-mlkem.h                       |  523 +++++++++
 lib/crypto/mlkem.c                            | 1036 +++++++++++++++++
 lib/crypto/tests/Kconfig                      |   18 +
 lib/crypto/tests/Makefile                     |    2 +
 lib/crypto/tests/mlkem-testvecs.h             |   19 +
 lib/crypto/tests/mlkem_kunit.c                |  520 +++++++++
 lib/crypto/tests/xwing-testvecs.h             |  138 +++
 lib/crypto/tests/xwing_kunit.c                |  129 ++
 lib/crypto/xwing.c                            |  237 ++++
 scripts/crypto/import-mlkem-testvecs.py       |  179 +++
 scripts/crypto/import-xwing-testvecs.py       |  111 ++
 19 files changed, 3212 insertions(+), 12 deletions(-)
 create mode 100644 Documentation/crypto/libcrypto-asymmetric.rst
 delete mode 100644 Documentation/crypto/libcrypto-signature.rst
 create mode 100644 include/crypto/mlkem.h
 create mode 100644 include/crypto/xwing.h
 create mode 100644 lib/crypto/fips-mlkem.h
 create mode 100644 lib/crypto/mlkem.c
 create mode 100644 lib/crypto/tests/mlkem-testvecs.h
 create mode 100644 lib/crypto/tests/mlkem_kunit.c
 create mode 100644 lib/crypto/tests/xwing-testvecs.h
 create mode 100644 lib/crypto/tests/xwing_kunit.c
 create mode 100644 lib/crypto/xwing.c
 create mode 100755 scripts/crypto/import-mlkem-testvecs.py
 create mode 100755 scripts/crypto/import-xwing-testvecs.py


base-commit: e7ae89a0c97ce2b68b0983cd01eda67cf373517d
-- 
2.54.0