From d75c589b661b0ca74e385314e54b8d2f51888c70 Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Fri, 26 Sep 2025 23:44:31 +0800
Subject: [PATCH] feat: add keymlkem

---
 src/cmd_encrypt.rs |  1 +
 src/spec.rs        | 14 ++++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/src/cmd_encrypt.rs b/src/cmd_encrypt.rs
index e97ce24..42a0c26 100644
--- a/src/cmd_encrypt.rs
+++ b/src/cmd_encrypt.rs
@@ -332,6 +332,7 @@ pub fn encrypt_envelops(cryptor: Cryptor, key: &[u8], envelops: &[&TinyEncryptCo
             TinyEncryptEnvelopType::StaticKyber1024 => {
                 encrypted_envelops.push(encrypt_envelop_ecdh_kyber1204(cryptor, key, envelop)?);
             }
+            TinyEncryptEnvelopType::KeyMlKem768 | TinyEncryptEnvelopType::KeyMlKem1024 |
             TinyEncryptEnvelopType::ExtMlKem768 | TinyEncryptEnvelopType::ExtMlKem1024 => {
                 encrypted_envelops.push(encrypt_envelop_ecdh_ml_kem(cryptor, key, envelop)?);
             }
diff --git a/src/spec.rs b/src/spec.rs
index f98f4d8..e88810a 100644
--- a/src/spec.rs
+++ b/src/spec.rs
@@ -86,6 +86,12 @@ pub enum TinyEncryptEnvelopType {
     // Secure Enclave ECDH P256
     #[serde(rename = "key-p256")]
     KeyP256,
+    // Secure Enclave ML-KEM 768
+    #[serde(rename = "key-mlkem768")]
+    KeyMlKem768,
+    // Secure Enclave ML-KEM 1024
+    #[serde(rename = "key-mlkem1024")]
+    KeyMlKem1024,
     // PIV ECDH P256
     #[serde(rename = "piv-p256", alias = "ecdh")]
     PivP256,
@@ -128,6 +134,8 @@ impl TinyEncryptEnvelopType {
             TinyEncryptEnvelopType::StaticX25519 => "static-x25519",
             TinyEncryptEnvelopType::StaticKyber1024 => "static-kyber1024",
             TinyEncryptEnvelopType::KeyP256 => "key-p256",
+            TinyEncryptEnvelopType::KeyMlKem768 => "key-mlkem768",
+            TinyEncryptEnvelopType::KeyMlKem1024 => "key-mlkem1024",
             TinyEncryptEnvelopType::ExtP256 => "ext-p256",
             TinyEncryptEnvelopType::ExtP384 => "ext-p384",
             TinyEncryptEnvelopType::ExtMlKem768 => "ext-mlkem768",
@@ -148,6 +156,8 @@ impl TinyEncryptEnvelopType {
             "static-x25519" => Some(TinyEncryptEnvelopType::StaticX25519),
             "static-kyber1024" => Some(TinyEncryptEnvelopType::StaticKyber1024),
             "key-p256" => Some(TinyEncryptEnvelopType::KeyP256),
+            "key-mlkem768" => Some(TinyEncryptEnvelopType::KeyMlKem768),
+            "key-mlkem1024" => Some(TinyEncryptEnvelopType::KeyMlKem1024),
             "ext-p256" => Some(TinyEncryptEnvelopType::ExtP256),
             "ext-p384" => Some(TinyEncryptEnvelopType::ExtP384),
             "ext-mlkem768" => Some(TinyEncryptEnvelopType::ExtMlKem768),
@@ -166,6 +176,8 @@ impl TinyEncryptEnvelopType {
             TinyEncryptEnvelopType::StaticX25519
             | TinyEncryptEnvelopType::StaticKyber1024
             | TinyEncryptEnvelopType::KeyP256
+            | TinyEncryptEnvelopType::KeyMlKem768
+            | TinyEncryptEnvelopType::KeyMlKem1024
             | TinyEncryptEnvelopType::Gpg
             | TinyEncryptEnvelopType::Kms => true,
             TinyEncryptEnvelopType::PgpRsa
@@ -186,6 +198,8 @@ impl TinyEncryptEnvelopType {
             TinyEncryptEnvelopType::PgpRsa
             | TinyEncryptEnvelopType::PgpX25519
             | TinyEncryptEnvelopType::KeyP256
+            | TinyEncryptEnvelopType::KeyMlKem768
+            | TinyEncryptEnvelopType::KeyMlKem1024
             | TinyEncryptEnvelopType::PivP256
             | TinyEncryptEnvelopType::PivP384
             | TinyEncryptEnvelopType::PivRsa