Deduplicate the mlkem 768 and mlkem 1024 code.

This moves everything not public to mlkem_internal.c removing the old files and doing some further cleanup on the way. With this landed mlkem is out of my stack and can be changed without breaking my subsequent changes ok tb@
author: beck <> 2025-09-05 23:30:12 +0000
committer: beck <> 2025-09-05 23:30:12 +0000
commit: 21ce890cad6ae67e0d52f7bfdc44579df2bfc032 (patch)
tree: 696ffc96af9e6fa399dc93af7325749db45458c5 /src/lib/libcrypto/mlkem/mlkem.c
parent: dc98dc450acd1ba6a9a274662e55679f5c93e5fa (diff)
download: openbsd-21ce890cad6ae67e0d52f7bfdc44579df2bfc032.tar.gz
openbsd-21ce890cad6ae67e0d52f7bfdc44579df2bfc032.tar.bz2
openbsd-21ce890cad6ae67e0d52f7bfdc44579df2bfc032.zip
1 files changed, 16 insertions, 90 deletions
diff --git a/src/lib/libcrypto/mlkem/mlkem.c b/src/lib/libcrypto/mlkem/mlkem.c
index dcc73c2631..9461a338e9 100644
--- a/src/lib/libcrypto/mlkem/mlkem.c
+++ b/src/lib/libcrypto/mlkem/mlkem.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: mlkem.c,v 1.3 2025/08/19 21:37:08 tb Exp $ */
+/*      $OpenBSD: mlkem.c,v 1.4 2025/09/05 23:30:12 beck Exp $ */
 /*
 * Copyright (c) 2025, Bob Beck <beck@obtuse.com>
 *
@@ -77,24 +77,15 @@ MLKEM_generate_key_external_entropy(MLKEM_private_key *private_key,
        if ((k = calloc(1, k_len)) == NULL)
                goto err;
-        switch (private_key->rank) {
+        if (!mlkem_generate_key_external_entropy(k, private_key, entropy))
-        case RANK768:
+                goto err;
-                if (!MLKEM768_generate_key_external_entropy(k, private_key,
-                    entropy))
-                        goto err;
-                break;
-        case RANK1024:
-                if (!MLKEM1024_generate_key_external_entropy(k, private_key,
-                    entropy))
-                        goto err;
-                break;
-        }
        private_key->state = MLKEM_PRIVATE_KEY_INITIALIZED;
        *out_encoded_public_key = k;
        *out_encoded_public_key_len = k_len;
        k = NULL;
+        k_len = 0;
        ret = 1;
@@ -154,18 +145,8 @@ MLKEM_private_key_from_seed(MLKEM_private_key *private_key,
        if (seed_len != MLKEM_SEED_LENGTH)
                goto err;
-        switch (private_key->rank) {
+        if (!mlkem_private_key_from_seed(seed, seed_len, private_key))
-        case RANK768:
+                goto err;
-                if (!MLKEM768_private_key_from_seed(seed,
-                    seed_len, private_key))
-                        goto err;
-                break;
-        case RANK1024:
-                if (!MLKEM1024_private_key_from_seed(private_key,
-                    seed, seed_len))
-                        goto err;
-                break;
-        }
        private_key->state = MLKEM_PRIVATE_KEY_INITIALIZED;
@@ -187,14 +168,8 @@ MLKEM_public_from_private(const MLKEM_private_key *private_key,
                return 0;
        if (public_key->rank != private_key->rank)
                return 0;
-        switch (private_key->rank) {
-        case RANK768:
+        mlkem_public_from_private(private_key, public_key);
-                MLKEM768_public_from_private(private_key, public_key);
-                break;
-        case RANK1024:
-                MLKEM1024_public_from_private(private_key, public_key);
-                break;
-        }
        public_key->state = MLKEM_PUBLIC_KEY_INITIALIZED;
@@ -230,17 +205,8 @@ MLKEM_encap_external_entropy(const MLKEM_public_key *public_key,
        if ((ciphertext = calloc(1, ciphertext_len)) == NULL)
                goto err;
-        switch (public_key->rank) {
+        mlkem_encap_external_entropy(ciphertext, secret, public_key, entropy);
-        case RANK768:
-                MLKEM768_encap_external_entropy(ciphertext, secret, public_key,
-                    entropy);
-                break;
-        case RANK1024:
-                MLKEM1024_encap_external_entropy(ciphertext, secret, public_key,
-                    entropy);
-                break;
-        }
        *out_ciphertext = ciphertext;
        *out_ciphertext_len = ciphertext_len;
        ciphertext = NULL;
@@ -291,15 +257,7 @@ MLKEM_decap(const MLKEM_private_key *private_key,
        if ((s = calloc(1, MLKEM_SHARED_SECRET_LENGTH)) == NULL)
                goto err;
-        switch (private_key->rank) {
+        mlkem_decap(private_key, ciphertext, ciphertext_len, s);
-        case RANK768:
-                MLKEM768_decap(private_key, ciphertext, ciphertext_len, s);
-                break;
-        case RANK1024:
-                MLKEM1024_decap(private_key, ciphertext, ciphertext_len, s);
-                break;
-        }
        *out_shared_secret = s;
        *out_shared_secret_len = MLKEM_SHARED_SECRET_LENGTH;
@@ -324,14 +282,7 @@ MLKEM_marshal_public_key(const MLKEM_public_key *public_key, uint8_t **out,
        if (!public_key_is_valid(public_key))
                return 0;
-        switch (public_key->rank) {
+        return mlkem_marshal_public_key(public_key, out, out_len);
-        case RANK768:
-                return MLKEM768_marshal_public_key(public_key, out, out_len);
-        case RANK1024:
-                return MLKEM1024_marshal_public_key(public_key, out, out_len);
-        default:
-                return 0;
-        }
 }
 LCRYPTO_ALIAS(MLKEM_marshal_public_key);
@@ -349,14 +300,7 @@ MLKEM_marshal_private_key(const MLKEM_private_key *private_key, uint8_t **out,
        if (!private_key_is_valid(private_key))
                return 0;
-        switch (private_key->rank) {
+        return mlkem_marshal_private_key(private_key, out, out_len);
-        case RANK768:
-                return MLKEM768_marshal_private_key(private_key, out, out_len);
-        case RANK1024:
-                return MLKEM1024_marshal_private_key(private_key, out, out_len);
-        default:
-                return 0;
-        }
 }
 LCRYPTO_ALIAS(MLKEM_marshal_private_key);
@@ -370,18 +314,8 @@ MLKEM_parse_public_key(MLKEM_public_key *public_key, const uint8_t *in,
        if (in_len != MLKEM_public_key_encoded_length(public_key))
                return 0;
-        switch (public_key->rank) {
+        if (!mlkem_parse_public_key(in, in_len, public_key))
-        case RANK768:
+                return 0;
-                if (!MLKEM768_parse_public_key(in, in_len,
-                    public_key))
-                        return 0;
-                break;
-        case RANK1024:
-                if (!MLKEM1024_parse_public_key(in, in_len,
-                    public_key))
-                        return 0;
-                break;
-        }
        public_key->state = MLKEM_PUBLIC_KEY_INITIALIZED;
@@ -399,16 +333,8 @@ MLKEM_parse_private_key(MLKEM_private_key *private_key, const uint8_t *in,
        if (in_len != MLKEM_private_key_encoded_length(private_key))
                return 0;
-        switch (private_key->rank) {
+        if (!mlkem_parse_private_key(in, in_len, private_key))
-        case RANK768:
+                return 0;
-                if (!MLKEM768_parse_private_key(in, in_len, private_key))
-                        return 0;
-                break;
-        case RANK1024:
-                if (!MLKEM1024_parse_private_key(in, in_len, private_key))
-                        return 0;
-                break;
-        }
        private_key->state = MLKEM_PRIVATE_KEY_INITIALIZED;
author	beck <>	2025-09-05 23:30:12 +0000
committer	beck <>	2025-09-05 23:30:12 +0000
commit	21ce890cad6ae67e0d52f7bfdc44579df2bfc032 (patch)
tree	696ffc96af9e6fa399dc93af7325749db45458c5 /src/lib/libcrypto/mlkem/mlkem.c
parent	dc98dc450acd1ba6a9a274662e55679f5c93e5fa (diff)
download	openbsd-21ce890cad6ae67e0d52f7bfdc44579df2bfc032.tar.gz openbsd-21ce890cad6ae67e0d52f7bfdc44579df2bfc032.tar.bz2 openbsd-21ce890cad6ae67e0d52f7bfdc44579df2bfc032.zip

diff --git a/src/lib/libcrypto/mlkem/mlkem.c b/src/lib/libcrypto/mlkem/mlkem.c index dcc73c2631..9461a338e9 100644 --- a/src/lib/libcrypto/mlkem/mlkem.c +++ b/src/lib/libcrypto/mlkem/mlkem.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: mlkem.c,v 1.3 2025/08/19 21:37:08 tb Exp $ */	1	/* $OpenBSD: mlkem.c,v 1.4 2025/09/05 23:30:12 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2025, Bob Beck <beck@obtuse.com>	3	* Copyright (c) 2025, Bob Beck <beck@obtuse.com>
4	*	4	*
@@ -77,24 +77,15 @@ MLKEM_generate_key_external_entropy(MLKEM_private_key *private_key,
77	if ((k = calloc(1, k_len)) == NULL)	77	if ((k = calloc(1, k_len)) == NULL)
78	goto err;	78	goto err;
79		79
80	switch (private_key->rank) {	80	if (!mlkem_generate_key_external_entropy(k, private_key, entropy))
81	case RANK768:	81	goto err;
82	if (!MLKEM768_generate_key_external_entropy(k, private_key,
83	entropy))
84	goto err;
85	break;
86	case RANK1024:
87	if (!MLKEM1024_generate_key_external_entropy(k, private_key,
88	entropy))
89	goto err;
90	break;
91	}
92		82
93	private_key->state = MLKEM_PRIVATE_KEY_INITIALIZED;	83	private_key->state = MLKEM_PRIVATE_KEY_INITIALIZED;
94		84
95	*out_encoded_public_key = k;	85	*out_encoded_public_key = k;
96	*out_encoded_public_key_len = k_len;	86	*out_encoded_public_key_len = k_len;
97	k = NULL;	87	k = NULL;
		88	k_len = 0;
98		89
99	ret = 1;	90	ret = 1;
100		91
@@ -154,18 +145,8 @@ MLKEM_private_key_from_seed(MLKEM_private_key *private_key,
154	if (seed_len != MLKEM_SEED_LENGTH)	145	if (seed_len != MLKEM_SEED_LENGTH)
155	goto err;	146	goto err;
156		147
157	switch (private_key->rank) {	148	if (!mlkem_private_key_from_seed(seed, seed_len, private_key))
158	case RANK768:	149	goto err;
159	if (!MLKEM768_private_key_from_seed(seed,
160	seed_len, private_key))
161	goto err;
162	break;
163	case RANK1024:
164	if (!MLKEM1024_private_key_from_seed(private_key,
165	seed, seed_len))
166	goto err;
167	break;
168	}
169		150
170	private_key->state = MLKEM_PRIVATE_KEY_INITIALIZED;	151	private_key->state = MLKEM_PRIVATE_KEY_INITIALIZED;
171		152
@@ -187,14 +168,8 @@ MLKEM_public_from_private(const MLKEM_private_key *private_key,
187	return 0;	168	return 0;
188	if (public_key->rank != private_key->rank)	169	if (public_key->rank != private_key->rank)
189	return 0;	170	return 0;
190	switch (private_key->rank) {	171
191	case RANK768:	172	mlkem_public_from_private(private_key, public_key);
192	MLKEM768_public_from_private(private_key, public_key);
193	break;
194	case RANK1024:
195	MLKEM1024_public_from_private(private_key, public_key);
196	break;
197	}
198		173
199	public_key->state = MLKEM_PUBLIC_KEY_INITIALIZED;	174	public_key->state = MLKEM_PUBLIC_KEY_INITIALIZED;
200		175
@@ -230,17 +205,8 @@ MLKEM_encap_external_entropy(const MLKEM_public_key *public_key,
230	if ((ciphertext = calloc(1, ciphertext_len)) == NULL)	205	if ((ciphertext = calloc(1, ciphertext_len)) == NULL)
231	goto err;	206	goto err;
232		207
233	switch (public_key->rank) {	208	mlkem_encap_external_entropy(ciphertext, secret, public_key, entropy);
234	case RANK768:
235	MLKEM768_encap_external_entropy(ciphertext, secret, public_key,
236	entropy);
237	break;
238		209
239	case RANK1024:
240	MLKEM1024_encap_external_entropy(ciphertext, secret, public_key,
241	entropy);
242	break;
243	}
244	*out_ciphertext = ciphertext;	210	*out_ciphertext = ciphertext;
245	*out_ciphertext_len = ciphertext_len;	211	*out_ciphertext_len = ciphertext_len;
246	ciphertext = NULL;	212	ciphertext = NULL;
@@ -291,15 +257,7 @@ MLKEM_decap(const MLKEM_private_key *private_key,
291	if ((s = calloc(1, MLKEM_SHARED_SECRET_LENGTH)) == NULL)	257	if ((s = calloc(1, MLKEM_SHARED_SECRET_LENGTH)) == NULL)
292	goto err;	258	goto err;
293		259
294	switch (private_key->rank) {	260	mlkem_decap(private_key, ciphertext, ciphertext_len, s);
295	case RANK768:
296	MLKEM768_decap(private_key, ciphertext, ciphertext_len, s);
297	break;
298
299	case RANK1024:
300	MLKEM1024_decap(private_key, ciphertext, ciphertext_len, s);
301	break;
302	}
303		261
304	*out_shared_secret = s;	262	*out_shared_secret = s;
305	*out_shared_secret_len = MLKEM_SHARED_SECRET_LENGTH;	263	*out_shared_secret_len = MLKEM_SHARED_SECRET_LENGTH;
@@ -324,14 +282,7 @@ MLKEM_marshal_public_key(const MLKEM_public_key public_key, uint8_t *out,
324	if (!public_key_is_valid(public_key))	282	if (!public_key_is_valid(public_key))
325	return 0;	283	return 0;
326		284
327	switch (public_key->rank) {	285	return mlkem_marshal_public_key(public_key, out, out_len);
328	case RANK768:
329	return MLKEM768_marshal_public_key(public_key, out, out_len);
330	case RANK1024:
331	return MLKEM1024_marshal_public_key(public_key, out, out_len);
332	default:
333	return 0;
334	}
335	}	286	}
336	LCRYPTO_ALIAS(MLKEM_marshal_public_key);	287	LCRYPTO_ALIAS(MLKEM_marshal_public_key);
337		288
@@ -349,14 +300,7 @@ MLKEM_marshal_private_key(const MLKEM_private_key private_key, uint8_t *out,
349	if (!private_key_is_valid(private_key))	300	if (!private_key_is_valid(private_key))
350	return 0;	301	return 0;
351		302
352	switch (private_key->rank) {	303	return mlkem_marshal_private_key(private_key, out, out_len);
353	case RANK768:
354	return MLKEM768_marshal_private_key(private_key, out, out_len);
355	case RANK1024:
356	return MLKEM1024_marshal_private_key(private_key, out, out_len);
357	default:
358	return 0;
359	}
360	}	304	}
361	LCRYPTO_ALIAS(MLKEM_marshal_private_key);	305	LCRYPTO_ALIAS(MLKEM_marshal_private_key);
362		306
@@ -370,18 +314,8 @@ MLKEM_parse_public_key(MLKEM_public_key public_key, const uint8_t in,
370	if (in_len != MLKEM_public_key_encoded_length(public_key))	314	if (in_len != MLKEM_public_key_encoded_length(public_key))
371	return 0;	315	return 0;
372		316
373	switch (public_key->rank) {	317	if (!mlkem_parse_public_key(in, in_len, public_key))
374	case RANK768:	318	return 0;
375	if (!MLKEM768_parse_public_key(in, in_len,
376	public_key))
377	return 0;
378	break;
379	case RANK1024:
380	if (!MLKEM1024_parse_public_key(in, in_len,
381	public_key))
382	return 0;
383	break;
384	}
385		319
386	public_key->state = MLKEM_PUBLIC_KEY_INITIALIZED;	320	public_key->state = MLKEM_PUBLIC_KEY_INITIALIZED;
387		321
@@ -399,16 +333,8 @@ MLKEM_parse_private_key(MLKEM_private_key private_key, const uint8_t in,
399	if (in_len != MLKEM_private_key_encoded_length(private_key))	333	if (in_len != MLKEM_private_key_encoded_length(private_key))
400	return 0;	334	return 0;
401		335
402	switch (private_key->rank) {	336	if (!mlkem_parse_private_key(in, in_len, private_key))
403	case RANK768:	337	return 0;
404	if (!MLKEM768_parse_private_key(in, in_len, private_key))
405	return 0;
406	break;
407	case RANK1024:
408	if (!MLKEM1024_parse_private_key(in, in_len, private_key))
409	return 0;
410	break;
411	}
412		338
413	private_key->state = MLKEM_PRIVATE_KEY_INITIALIZED;	339	private_key->state = MLKEM_PRIVATE_KEY_INITIALIZED;
414		340