feat: pending ML-KEM encryption and decryption

src/cmd_decrypt.rs

@@ -469,6 +469,7 @@ pub fn try_decrypt_key(config: &Option<TinyEncryptConfig>,
         TinyEncryptEnvelopType::PivP256 | TinyEncryptEnvelopType::PivP384 => try_decrypt_piv_key_ecdh(config, envelop, pin, slot, silent),
         TinyEncryptEnvelopType::KeyP256 => try_decrypt_se_key_ecdh(config, envelop),
         TinyEncryptEnvelopType::ExtP256 | TinyEncryptEnvelopType::ExtP384 => try_decrypt_ext_key_ecdh(config, envelop),
+        // TODO EXT ML-KEM 768 & 1024
         TinyEncryptEnvelopType::PivRsa => try_decrypt_piv_key_rsa(config, envelop, pin, slot, silent),
         #[cfg(feature = "macos")]
         TinyEncryptEnvelopType::StaticKyber1024 => try_decrypt_key_ecdh_static_kyber1204(config, envelop),

src/cmd_encrypt.rs

@@ -333,6 +333,7 @@ pub fn encrypt_envelops(cryptor: Cryptor, key: &[u8], envelops: &[&TinyEncryptCo
             TinyEncryptEnvelopType::PivP384 | TinyEncryptEnvelopType::ExtP384 => {
                 encrypted_envelops.push(encrypt_envelop_ecdh_p384(cryptor, key, envelop)?);
             }
+            // TODO ML-KEM 768 & 1024
             TinyEncryptEnvelopType::StaticKyber1024 => {
                 encrypted_envelops.push(encrypt_envelop_ecdh_kyber1204(cryptor, key, envelop)?);
             }

src/lib.rs

@@ -78,4 +78,5 @@ mod util_keychainkey;
 mod util_simple_pbe;
 mod util_log;
 mod temporary_key;
+mod util_mlkem;
 

src/spec.rs

@@ -98,6 +98,12 @@ pub enum TinyEncryptEnvelopType {
     // External ECDH P384
     #[serde(rename = "ext-p384")]
     ExtP384,
+    // External ML-KEM 768
+    #[serde(rename = "ext-mlkem768")]
+    ExtMlKem768,
+    // External ML-KEM 1024
+    #[serde(rename = "ext-mlkem1024")]
+    ExtMlKem1024,
     // PIV RSA
     #[serde(rename = "piv-rsa")]
     PivRsa,
@@ -124,6 +130,8 @@ impl TinyEncryptEnvelopType {
             TinyEncryptEnvelopType::KeyP256 => "key-p256",
             TinyEncryptEnvelopType::ExtP256 => "ext-p256",
             TinyEncryptEnvelopType::ExtP384 => "ext-p384",
+            TinyEncryptEnvelopType::ExtMlKem768 => "ext-mlkem768",
+            TinyEncryptEnvelopType::ExtMlKem1024 => "ext-mlkem1024",
             TinyEncryptEnvelopType::PivP256 => "piv-p256",
             TinyEncryptEnvelopType::PivP384 => "piv-p384",
             TinyEncryptEnvelopType::PivRsa => "piv-rsa",
@@ -142,6 +150,8 @@ impl TinyEncryptEnvelopType {
             "key-p256" => Some(TinyEncryptEnvelopType::KeyP256),
             "ext-p256" => Some(TinyEncryptEnvelopType::ExtP256),
             "ext-p384" => Some(TinyEncryptEnvelopType::ExtP384),
+            "ext-mlkem768" => Some(TinyEncryptEnvelopType::ExtMlKem768),
+            "ext-mlkem1024" => Some(TinyEncryptEnvelopType::ExtMlKem1024),
             "piv-p256" => Some(TinyEncryptEnvelopType::PivP256),
             "piv-p384" => Some(TinyEncryptEnvelopType::PivP384),
             "piv-rsa" => Some(TinyEncryptEnvelopType::PivRsa),
@@ -162,6 +172,8 @@ impl TinyEncryptEnvelopType {
             | TinyEncryptEnvelopType::PgpX25519
             | TinyEncryptEnvelopType::ExtP256
             | TinyEncryptEnvelopType::ExtP384
+            | TinyEncryptEnvelopType::ExtMlKem768
+            | TinyEncryptEnvelopType::ExtMlKem1024
             | TinyEncryptEnvelopType::PivP256
             | TinyEncryptEnvelopType::PivP384
             | TinyEncryptEnvelopType::PivRsa
@@ -184,7 +196,9 @@ impl TinyEncryptEnvelopType {
             // GPG is unknown(hardware/software)
             TinyEncryptEnvelopType::Gpg
             | TinyEncryptEnvelopType::ExtP256
-            | TinyEncryptEnvelopType::ExtP384 => None,
+            | TinyEncryptEnvelopType::ExtP384
+            | TinyEncryptEnvelopType::ExtMlKem768
+            | TinyEncryptEnvelopType::ExtMlKem1024 => None,
         }
     }
 }