The linux kernel’s ctcrypto subsystem is powerful and flexible, containing the kernel’s internal implementations for familiar algorithms such as RSA and ECDSA, along with an API framework that allows registering cryptographic providers for other crypto-consuming modules. A quick glance at output from cat /proc/crypto shows a rich set of crypto drivers exposed, ranging from the disk encryption specific xts(aes), to NIST standards such as ecdsa-nist-p256.
But what about post-quantum cryptography in the kernel? The short answer is: there is none.
There have been very recent efforts to add verify-only ML-DSA support to the kernel crypto API, and to the kernel’s module signing facility, but as of yet they are not mainline in the kernel.
This raises an obvious question: should wolfSSL take the lead and register our own PQC in the kernel crypto API, or perhaps patch the kernel signing facility to allow for PQC-verified modules? Let us know what you think!
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now