PQC PGP keys: composite ML-KEM-768 + ML-DSA-65 in RSA slots [UNTESTED]#31
Open
0c-coder wants to merge 15 commits into
Open
PQC PGP keys: composite ML-KEM-768 + ML-DSA-65 in RSA slots [UNTESTED]#310c-coder wants to merge 15 commits into
0c-coder wants to merge 15 commits into
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Post-quantum PGP keys on OnlyKey — UNTESTED, by inspection
Adds composite ML-KEM-768 + ML-DSA-65 PGP keys, imported and used on-device the way RSA keys are. One RSA slot (1-4) holds one composite key as a 160-byte seed blob:
Seeds expand on-device at use time; the public key is never stored. Sign/decrypt each pick a half via a component selector byte. openpgp.js does the KMAC combine / signature concatenation host-side.
What's here
onlykey/okpqc.{h,cpp}— the composite ops (okpqc_sign/okpqc_decrypt) + inline Ed25519/Curve25519 wrappers (Arduino Crypto lib).mlkem_native/— ML-KEM-768 (reused fromfeature/mlkem-768).mldsa_native/— ML-DSA-65, configured for OnlyKey:MLD_CONFIG_PARAMETER_SET=65,MLD_CONFIG_REDUCE_RAM(sign ~17 KB vs ~69 KB — required to fit the MK20DX256's 64 KB RAM), custom RNG bridge, asm backends stripped (pure C for Cortex-M4).onlykey/okcore.{cpp,h},onlykey/okcrypto.cpp— 18-line integration:KEYTYPE_PQC_PGP(7), 160-byte load/flashget, sign/decrypt dispatch.onlykey/DESIGN.md,onlykey/BUILD.md,onlykey/firmware-edits.patch.Verified
Compiles + links + runs on host (the crypto core): ML-KEM-768 decaps round-trips, ML-DSA-65 signs (3309 B) and verifies, on the exact config.
Not yet validated on hardware
[0,0]||digest) vs openpgp.jsml_dsa.js.Companion host-side work: openpgp.js hardware hooks (0c-coder/openpgpjs
onlykey-pqc-hooks) and the python-onlykeytype=7loader (to follow).