diff options
| -rw-r--r-- | src/lib/libcrypto/mlkem/mlkem.c | 12 | ||||
| -rw-r--r-- | src/lib/libcrypto/mlkem/mlkem.h | 18 | ||||
| -rw-r--r-- | src/lib/libcrypto/mlkem/mlkem_internal.c | 38 | ||||
| -rw-r--r-- | src/lib/libcrypto/mlkem/mlkem_key.c | 26 | ||||
| -rw-r--r-- | src/lib/libssl/tls_key_share.c | 6 | ||||
| -rw-r--r-- | src/regress/lib/libcrypto/mlkem/mlkem_iteration_tests.c | 10 | ||||
| -rw-r--r-- | src/regress/lib/libcrypto/mlkem/mlkem_tests.c | 22 | ||||
| -rw-r--r-- | src/regress/lib/libcrypto/mlkem/mlkem_unittest.c | 6 | ||||
| -rw-r--r-- | src/regress/lib/libcrypto/wycheproof/wycheproof.go | 6 |
9 files changed, 72 insertions, 72 deletions
diff --git a/src/lib/libcrypto/mlkem/mlkem.c b/src/lib/libcrypto/mlkem/mlkem.c index 9461a338e9..006937c39d 100644 --- a/src/lib/libcrypto/mlkem/mlkem.c +++ b/src/lib/libcrypto/mlkem/mlkem.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: mlkem.c,v 1.4 2025/09/05 23:30:12 beck Exp $ */ | 1 | /* $OpenBSD: mlkem.c,v 1.5 2026/01/01 12:47:52 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2025, Bob Beck <beck@obtuse.com> | 3 | * Copyright (c) 2025, Bob Beck <beck@obtuse.com> |
| 4 | * | 4 | * |
| @@ -24,7 +24,7 @@ private_key_is_new(const MLKEM_private_key *key) | |||
| 24 | { | 24 | { |
| 25 | return (key != NULL && | 25 | return (key != NULL && |
| 26 | key->state == MLKEM_PRIVATE_KEY_UNINITIALIZED && | 26 | key->state == MLKEM_PRIVATE_KEY_UNINITIALIZED && |
| 27 | (key->rank == RANK768 || key->rank == RANK1024)); | 27 | (key->rank == MLKEM768_RANK || key->rank == MLKEM1024_RANK)); |
| 28 | } | 28 | } |
| 29 | 29 | ||
| 30 | static inline int | 30 | static inline int |
| @@ -32,7 +32,7 @@ private_key_is_valid(const MLKEM_private_key *key) | |||
| 32 | { | 32 | { |
| 33 | return (key != NULL && | 33 | return (key != NULL && |
| 34 | key->state == MLKEM_PRIVATE_KEY_INITIALIZED && | 34 | key->state == MLKEM_PRIVATE_KEY_INITIALIZED && |
| 35 | (key->rank == RANK768 || key->rank == RANK1024)); | 35 | (key->rank == MLKEM768_RANK || key->rank == MLKEM1024_RANK)); |
| 36 | } | 36 | } |
| 37 | 37 | ||
| 38 | static inline int | 38 | static inline int |
| @@ -40,7 +40,7 @@ public_key_is_new(const MLKEM_public_key *key) | |||
| 40 | { | 40 | { |
| 41 | return (key != NULL && | 41 | return (key != NULL && |
| 42 | key->state == MLKEM_PUBLIC_KEY_UNINITIALIZED && | 42 | key->state == MLKEM_PUBLIC_KEY_UNINITIALIZED && |
| 43 | (key->rank == RANK768 || key->rank == RANK1024)); | 43 | (key->rank == MLKEM768_RANK || key->rank == MLKEM1024_RANK)); |
| 44 | } | 44 | } |
| 45 | 45 | ||
| 46 | static inline int | 46 | static inline int |
| @@ -48,7 +48,7 @@ public_key_is_valid(const MLKEM_public_key *key) | |||
| 48 | { | 48 | { |
| 49 | return (key != NULL && | 49 | return (key != NULL && |
| 50 | key->state == MLKEM_PUBLIC_KEY_INITIALIZED && | 50 | key->state == MLKEM_PUBLIC_KEY_INITIALIZED && |
| 51 | (key->rank == RANK768 || key->rank == RANK1024)); | 51 | (key->rank == MLKEM768_RANK || key->rank == MLKEM1024_RANK)); |
| 52 | } | 52 | } |
| 53 | 53 | ||
| 54 | /* | 54 | /* |
| @@ -71,7 +71,7 @@ MLKEM_generate_key_external_entropy(MLKEM_private_key *private_key, | |||
| 71 | goto err; | 71 | goto err; |
| 72 | 72 | ||
| 73 | k_len = MLKEM768_PUBLIC_KEY_BYTES; | 73 | k_len = MLKEM768_PUBLIC_KEY_BYTES; |
| 74 | if (private_key->rank == RANK1024) | 74 | if (private_key->rank == MLKEM1024_RANK) |
| 75 | k_len = MLKEM1024_PUBLIC_KEY_BYTES; | 75 | k_len = MLKEM1024_PUBLIC_KEY_BYTES; |
| 76 | 76 | ||
| 77 | if ((k = calloc(1, k_len)) == NULL) | 77 | if ((k = calloc(1, k_len)) == NULL) |
diff --git a/src/lib/libcrypto/mlkem/mlkem.h b/src/lib/libcrypto/mlkem/mlkem.h index dac3cf24de..17978782a7 100644 --- a/src/lib/libcrypto/mlkem/mlkem.h +++ b/src/lib/libcrypto/mlkem/mlkem.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: mlkem.h,v 1.8 2025/08/19 21:37:08 tb Exp $ */ | 1 | /* $OpenBSD: mlkem.h,v 1.9 2026/01/01 12:47:52 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2025 Bob Beck <beck@obtuse.com> | 3 | * Copyright (c) 2025 Bob Beck <beck@obtuse.com> |
| 4 | * | 4 | * |
| @@ -29,8 +29,8 @@ extern "C" { | |||
| 29 | * ML-KEM constants | 29 | * ML-KEM constants |
| 30 | */ | 30 | */ |
| 31 | 31 | ||
| 32 | #define RANK768 3 | 32 | #define MLKEM768_RANK 3 |
| 33 | #define RANK1024 4 | 33 | #define MLKEM1024_RANK 4 |
| 34 | 34 | ||
| 35 | /* | 35 | /* |
| 36 | * ML-KEM keys | 36 | * ML-KEM keys |
| @@ -41,8 +41,8 @@ typedef struct MLKEM_public_key_st MLKEM_public_key; | |||
| 41 | 41 | ||
| 42 | /* | 42 | /* |
| 43 | * MLKEM_private_key_new allocates a new uninitialized ML-KEM private key for | 43 | * MLKEM_private_key_new allocates a new uninitialized ML-KEM private key for |
| 44 | * |rank|, which must be RANK768 or RANK1024. It returns a pointer to an | 44 | * |rank|, which must be MLKEM768_RANK or MLKEM1024_RANK. It returns a pointer |
| 45 | * allocated structure suitable for holding a generated private key of the | 45 | * to an allocated structure suitable for holding a generated private key of the |
| 46 | * corresponding rank on success, NULL is returned on failure. The caller is | 46 | * corresponding rank on success, NULL is returned on failure. The caller is |
| 47 | * responsible for deallocating the resulting key with |MLKEM_private_key_free|. | 47 | * responsible for deallocating the resulting key with |MLKEM_private_key_free|. |
| 48 | */ | 48 | */ |
| @@ -71,8 +71,8 @@ size_t MLKEM_private_key_ciphertext_length(const MLKEM_private_key *key); | |||
| 71 | 71 | ||
| 72 | /* | 72 | /* |
| 73 | * MLKEM_public_key_new allocates a new uninitialized ML-KEM public key for | 73 | * MLKEM_public_key_new allocates a new uninitialized ML-KEM public key for |
| 74 | * |rank|, which must be RANK768 or RANK1024. It returns a pointer to an | 74 | * |rank|, which must be MLKEM768_RANK or MLKEM1024_RANK. It returns a pointer |
| 75 | * allocated structure suitable for holding a generated public key of the | 75 | * to an allocated structure suitable for holding a generated public key of the |
| 76 | * corresponding rank on success, NULL is returned on failure. The caller is | 76 | * corresponding rank on success, NULL is returned on failure. The caller is |
| 77 | * responsible for deallocating the resulting key with |MLKEM_public_key_free|. | 77 | * responsible for deallocating the resulting key with |MLKEM_public_key_free|. |
| 78 | */ | 78 | */ |
| @@ -94,8 +94,8 @@ size_t MLKEM_public_key_encoded_length(const MLKEM_public_key *key); | |||
| 94 | 94 | ||
| 95 | /* | 95 | /* |
| 96 | * MLKEM_public_key_cipertext_length returns the number of bytes produced as the | 96 | * MLKEM_public_key_cipertext_length returns the number of bytes produced as the |
| 97 | * ciphertext when encrypting a shared secret with |key| using |MLKEM_encap|. Zero | 97 | * ciphertext when encrypting a shared secret with |key| using |MLKEM_encap|. |
| 98 | * is returned if |key| is NULL or has an invalid rank. | 98 | * Zero is returned if |key| is NULL or has an invalid rank. |
| 99 | */ | 99 | */ |
| 100 | size_t MLKEM_public_key_ciphertext_length(const MLKEM_public_key *key); | 100 | size_t MLKEM_public_key_ciphertext_length(const MLKEM_public_key *key); |
| 101 | 101 | ||
diff --git a/src/lib/libcrypto/mlkem/mlkem_internal.c b/src/lib/libcrypto/mlkem/mlkem_internal.c index cdc198b7cd..903b1ea2a3 100644 --- a/src/lib/libcrypto/mlkem/mlkem_internal.c +++ b/src/lib/libcrypto/mlkem/mlkem_internal.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: mlkem_internal.c,v 1.3 2025/09/16 06:12:04 tb Exp $ */ | 1 | /* $OpenBSD: mlkem_internal.c,v 1.4 2026/01/01 12:47:52 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2024, Google Inc. | 3 | * Copyright (c) 2024, Google Inc. |
| 4 | * Copyright (c) 2024, 2025 Bob Beck <beck@obtuse.com> | 4 | * Copyright (c) 2024, 2025 Bob Beck <beck@obtuse.com> |
| @@ -103,7 +103,7 @@ encoded_vector_size(uint16_t rank) | |||
| 103 | static inline size_t | 103 | static inline size_t |
| 104 | compressed_vector_size(uint16_t rank) | 104 | compressed_vector_size(uint16_t rank) |
| 105 | { | 105 | { |
| 106 | return ((rank == RANK768) ? kDU768 : kDU1024) * rank * DEGREE / 8; | 106 | return ((rank == MLKEM768_RANK) ? kDU768 : kDU1024) * rank * DEGREE / 8; |
| 107 | } | 107 | } |
| 108 | 108 | ||
| 109 | typedef struct scalar { | 109 | typedef struct scalar { |
| @@ -615,7 +615,7 @@ scalar_encode_1(uint8_t out[32], const scalar *s) | |||
| 615 | } | 615 | } |
| 616 | 616 | ||
| 617 | /* | 617 | /* |
| 618 | * Encodes an entire vector into 32*|RANK768|*|bits| bytes. Note that since 256 | 618 | * Encodes an entire vector into 32*|MLKEM768_RANK|*|bits| bytes. Since 256 |
| 619 | * (DEGREE) is divisible by 8, the individual vector entries will always fill a | 619 | * (DEGREE) is divisible by 8, the individual vector entries will always fill a |
| 620 | * whole number of bytes, so we do not need to worry about bit packing here. | 620 | * whole number of bytes, so we do not need to worry about bit packing here. |
| 621 | */ | 621 | */ |
| @@ -707,7 +707,7 @@ scalar_decode_1(scalar *out, const uint8_t in[32]) | |||
| 707 | } | 707 | } |
| 708 | 708 | ||
| 709 | /* | 709 | /* |
| 710 | * Decodes 32*|RANK768|*|bits| bytes from |in| into |out|. It returns one on | 710 | * Decodes 32*|MLKEM768_RANK|*|bits| bytes from |in| into |out|. It returns one on |
| 711 | * success or zero if any parsed value is >= |kPrime|. | 711 | * success or zero if any parsed value is >= |kPrime|. |
| 712 | */ | 712 | */ |
| 713 | static int | 713 | static int |
| @@ -831,7 +831,7 @@ public_key_from_external(const MLKEM_public_key *external, | |||
| 831 | uint8_t *bytes = external->key_768->bytes; | 831 | uint8_t *bytes = external->key_768->bytes; |
| 832 | size_t offset = 0; | 832 | size_t offset = 0; |
| 833 | 833 | ||
| 834 | if (external->rank == RANK1024) | 834 | if (external->rank == MLKEM1024_RANK) |
| 835 | bytes = external->key_1024->bytes; | 835 | bytes = external->key_1024->bytes; |
| 836 | 836 | ||
| 837 | pub->t = (struct scalar *)bytes + offset; | 837 | pub->t = (struct scalar *)bytes + offset; |
| @@ -858,7 +858,7 @@ private_key_from_external(const MLKEM_private_key *external, | |||
| 858 | size_t offset = 0; | 858 | size_t offset = 0; |
| 859 | uint8_t *bytes = external->key_768->bytes; | 859 | uint8_t *bytes = external->key_768->bytes; |
| 860 | 860 | ||
| 861 | if (external->rank == RANK1024) | 861 | if (external->rank == MLKEM1024_RANK) |
| 862 | bytes = external->key_1024->bytes; | 862 | bytes = external->key_1024->bytes; |
| 863 | 863 | ||
| 864 | priv->pub.t = (struct scalar *)(bytes + offset); | 864 | priv->pub.t = (struct scalar *)(bytes + offset); |
| @@ -898,7 +898,7 @@ mlkem_private_key_from_seed(const uint8_t *seed, size_t seed_len, | |||
| 898 | MLKEM_private_key *out_private_key) | 898 | MLKEM_private_key *out_private_key) |
| 899 | { | 899 | { |
| 900 | uint8_t *public_key_buf = NULL; | 900 | uint8_t *public_key_buf = NULL; |
| 901 | size_t public_key_buf_len = out_private_key->rank == RANK768 ? | 901 | size_t public_key_buf_len = out_private_key->rank == MLKEM768_RANK ? |
| 902 | MLKEM768_PUBLIC_KEY_BYTES : MLKEM1024_PUBLIC_KEY_BYTES; | 902 | MLKEM768_PUBLIC_KEY_BYTES : MLKEM1024_PUBLIC_KEY_BYTES; |
| 903 | int ret = 0; | 903 | int ret = 0; |
| 904 | 904 | ||
| @@ -937,7 +937,7 @@ mlkem_generate_key_external_entropy(uint8_t *out_encoded_public_key, | |||
| 937 | uint8_t *rho, *sigma; | 937 | uint8_t *rho, *sigma; |
| 938 | uint8_t counter = 0; | 938 | uint8_t counter = 0; |
| 939 | uint8_t hashed[64]; | 939 | uint8_t hashed[64]; |
| 940 | scalar error[RANK1024]; | 940 | scalar error[MLKEM1024_RANK]; |
| 941 | CBB cbb; | 941 | CBB cbb; |
| 942 | int ret = 0; | 942 | int ret = 0; |
| 943 | 943 | ||
| @@ -961,7 +961,7 @@ mlkem_generate_key_external_entropy(uint8_t *out_encoded_public_key, | |||
| 961 | vector_add(priv.pub.t, &error[0], out_private_key->rank); | 961 | vector_add(priv.pub.t, &error[0], out_private_key->rank); |
| 962 | 962 | ||
| 963 | if (!CBB_init_fixed(&cbb, out_encoded_public_key, | 963 | if (!CBB_init_fixed(&cbb, out_encoded_public_key, |
| 964 | out_private_key->rank == RANK768 ? MLKEM768_PUBLIC_KEY_BYTES : | 964 | out_private_key->rank == MLKEM768_RANK ? MLKEM768_PUBLIC_KEY_BYTES : |
| 965 | MLKEM1024_PUBLIC_KEY_BYTES)) | 965 | MLKEM1024_PUBLIC_KEY_BYTES)) |
| 966 | goto err; | 966 | goto err; |
| 967 | 967 | ||
| @@ -970,7 +970,7 @@ mlkem_generate_key_external_entropy(uint8_t *out_encoded_public_key, | |||
| 970 | goto err; | 970 | goto err; |
| 971 | 971 | ||
| 972 | hash_h(priv.pub.public_key_hash, out_encoded_public_key, | 972 | hash_h(priv.pub.public_key_hash, out_encoded_public_key, |
| 973 | out_private_key->rank == RANK768 ? MLKEM768_PUBLIC_KEY_BYTES : | 973 | out_private_key->rank == MLKEM768_RANK ? MLKEM768_PUBLIC_KEY_BYTES : |
| 974 | MLKEM1024_PUBLIC_KEY_BYTES); | 974 | MLKEM1024_PUBLIC_KEY_BYTES); |
| 975 | memcpy(priv.fo_failure_secret, entropy + 32, 32); | 975 | memcpy(priv.fo_failure_secret, entropy + 32, 32); |
| 976 | 976 | ||
| @@ -987,12 +987,12 @@ mlkem_public_from_private(const MLKEM_private_key *private_key, | |||
| 987 | MLKEM_public_key *out_public_key) | 987 | MLKEM_public_key *out_public_key) |
| 988 | { | 988 | { |
| 989 | switch (private_key->rank) { | 989 | switch (private_key->rank) { |
| 990 | case RANK768: | 990 | case MLKEM768_RANK: |
| 991 | memcpy(out_public_key->key_768->bytes, | 991 | memcpy(out_public_key->key_768->bytes, |
| 992 | private_key->key_768->bytes, | 992 | private_key->key_768->bytes, |
| 993 | sizeof(out_public_key->key_768->bytes)); | 993 | sizeof(out_public_key->key_768->bytes)); |
| 994 | break; | 994 | break; |
| 995 | case RANK1024: | 995 | case MLKEM1024_RANK: |
| 996 | memcpy(out_public_key->key_1024->bytes, | 996 | memcpy(out_public_key->key_1024->bytes, |
| 997 | private_key->key_1024->bytes, | 997 | private_key->key_1024->bytes, |
| 998 | sizeof(out_public_key->key_1024->bytes)); | 998 | sizeof(out_public_key->key_1024->bytes)); |
| @@ -1010,7 +1010,7 @@ encrypt_cpa(uint8_t *out, const struct public_key *pub, | |||
| 1010 | const uint8_t message[32], const uint8_t randomness[32], | 1010 | const uint8_t message[32], const uint8_t randomness[32], |
| 1011 | size_t rank) | 1011 | size_t rank) |
| 1012 | { | 1012 | { |
| 1013 | scalar secret[RANK1024], error[RANK1024], u[RANK1024]; | 1013 | scalar secret[MLKEM1024_RANK], error[MLKEM1024_RANK], u[MLKEM1024_RANK]; |
| 1014 | scalar expanded_message, scalar_error; | 1014 | scalar expanded_message, scalar_error; |
| 1015 | uint8_t counter = 0; | 1015 | uint8_t counter = 0; |
| 1016 | uint8_t input[33]; | 1016 | uint8_t input[33]; |
| @@ -1018,7 +1018,7 @@ encrypt_cpa(uint8_t *out, const struct public_key *pub, | |||
| 1018 | int u_bits = kDU768; | 1018 | int u_bits = kDU768; |
| 1019 | int v_bits = kDV768; | 1019 | int v_bits = kDV768; |
| 1020 | 1020 | ||
| 1021 | if (rank == RANK1024) { | 1021 | if (rank == MLKEM1024_RANK) { |
| 1022 | u_bits = kDU1024; | 1022 | u_bits = kDU1024; |
| 1023 | v_bits = kDV1024; | 1023 | v_bits = kDV1024; |
| 1024 | } | 1024 | } |
| @@ -1082,12 +1082,12 @@ static void | |||
| 1082 | decrypt_cpa(uint8_t out[32], const struct private_key *priv, | 1082 | decrypt_cpa(uint8_t out[32], const struct private_key *priv, |
| 1083 | const uint8_t *ciphertext, size_t rank) | 1083 | const uint8_t *ciphertext, size_t rank) |
| 1084 | { | 1084 | { |
| 1085 | scalar u[RANK1024]; | 1085 | scalar u[MLKEM1024_RANK]; |
| 1086 | scalar mask, v; | 1086 | scalar mask, v; |
| 1087 | int u_bits = kDU768; | 1087 | int u_bits = kDU768; |
| 1088 | int v_bits = kDV768; | 1088 | int v_bits = kDV768; |
| 1089 | 1089 | ||
| 1090 | if (rank == RANK1024) { | 1090 | if (rank == MLKEM1024_RANK) { |
| 1091 | u_bits = kDU1024; | 1091 | u_bits = kDU1024; |
| 1092 | v_bits = kDV1024; | 1092 | v_bits = kDV1024; |
| 1093 | } | 1093 | } |
| @@ -1109,7 +1109,7 @@ mlkem_decap(const MLKEM_private_key *private_key, const uint8_t *ciphertext, | |||
| 1109 | size_t ciphertext_len, uint8_t out_shared_secret[MLKEM_SHARED_SECRET_LENGTH]) | 1109 | size_t ciphertext_len, uint8_t out_shared_secret[MLKEM_SHARED_SECRET_LENGTH]) |
| 1110 | { | 1110 | { |
| 1111 | struct private_key priv; | 1111 | struct private_key priv; |
| 1112 | size_t expected_ciphertext_length = private_key->rank == RANK768 ? | 1112 | size_t expected_ciphertext_length = private_key->rank == MLKEM768_RANK ? |
| 1113 | MLKEM768_CIPHERTEXT_BYTES : MLKEM1024_CIPHERTEXT_BYTES; | 1113 | MLKEM768_CIPHERTEXT_BYTES : MLKEM1024_CIPHERTEXT_BYTES; |
| 1114 | uint8_t *expected_ciphertext = NULL; | 1114 | uint8_t *expected_ciphertext = NULL; |
| 1115 | uint8_t key_and_randomness[64]; | 1115 | uint8_t key_and_randomness[64]; |
| @@ -1161,7 +1161,7 @@ mlkem_marshal_public_key(const MLKEM_public_key *public_key, | |||
| 1161 | int ret = 0; | 1161 | int ret = 0; |
| 1162 | CBB cbb; | 1162 | CBB cbb; |
| 1163 | 1163 | ||
| 1164 | if (!CBB_init(&cbb, public_key->rank == RANK768 ? | 1164 | if (!CBB_init(&cbb, public_key->rank == MLKEM768_RANK ? |
| 1165 | MLKEM768_PUBLIC_KEY_BYTES : MLKEM1024_PUBLIC_KEY_BYTES)) | 1165 | MLKEM768_PUBLIC_KEY_BYTES : MLKEM1024_PUBLIC_KEY_BYTES)) |
| 1166 | goto err; | 1166 | goto err; |
| 1167 | public_key_from_external(public_key, &pub); | 1167 | public_key_from_external(public_key, &pub); |
| @@ -1223,7 +1223,7 @@ mlkem_marshal_private_key(const MLKEM_private_key *private_key, | |||
| 1223 | uint8_t **out_private_key, size_t *out_private_key_len) | 1223 | uint8_t **out_private_key, size_t *out_private_key_len) |
| 1224 | { | 1224 | { |
| 1225 | struct private_key priv; | 1225 | struct private_key priv; |
| 1226 | size_t key_length = private_key->rank == RANK768 ? | 1226 | size_t key_length = private_key->rank == MLKEM768_RANK ? |
| 1227 | MLKEM768_PRIVATE_KEY_BYTES : MLKEM1024_PRIVATE_KEY_BYTES; | 1227 | MLKEM768_PRIVATE_KEY_BYTES : MLKEM1024_PRIVATE_KEY_BYTES; |
| 1228 | CBB cbb; | 1228 | CBB cbb; |
| 1229 | int ret = 0; | 1229 | int ret = 0; |
diff --git a/src/lib/libcrypto/mlkem/mlkem_key.c b/src/lib/libcrypto/mlkem/mlkem_key.c index 7c6476d971..d4e3d69d88 100644 --- a/src/lib/libcrypto/mlkem/mlkem_key.c +++ b/src/lib/libcrypto/mlkem/mlkem_key.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: mlkem_key.c,v 1.4 2025/09/16 06:10:24 tb Exp $ */ | 1 | /* $OpenBSD: mlkem_key.c,v 1.5 2026/01/01 12:47:52 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2025 Bob Beck <beck@obtuse.com> | 3 | * Copyright (c) 2025 Bob Beck <beck@obtuse.com> |
| 4 | * | 4 | * |
| @@ -32,11 +32,11 @@ MLKEM_private_key_new(int rank) | |||
| 32 | goto err; | 32 | goto err; |
| 33 | 33 | ||
| 34 | switch (rank) { | 34 | switch (rank) { |
| 35 | case RANK768: | 35 | case MLKEM768_RANK: |
| 36 | if ((key->key_768 = calloc(1, sizeof(*key->key_768))) == NULL) | 36 | if ((key->key_768 = calloc(1, sizeof(*key->key_768))) == NULL) |
| 37 | goto err; | 37 | goto err; |
| 38 | break; | 38 | break; |
| 39 | case RANK1024: | 39 | case MLKEM1024_RANK: |
| 40 | if ((key->key_1024 = calloc(1, sizeof(*key->key_1024))) == NULL) | 40 | if ((key->key_1024 = calloc(1, sizeof(*key->key_1024))) == NULL) |
| 41 | goto err; | 41 | goto err; |
| 42 | break; | 42 | break; |
| @@ -75,9 +75,9 @@ MLKEM_private_key_encoded_length(const MLKEM_private_key *key) | |||
| 75 | return 0; | 75 | return 0; |
| 76 | 76 | ||
| 77 | switch (key->rank) { | 77 | switch (key->rank) { |
| 78 | case RANK768: | 78 | case MLKEM768_RANK: |
| 79 | return MLKEM768_PRIVATE_KEY_BYTES; | 79 | return MLKEM768_PRIVATE_KEY_BYTES; |
| 80 | case RANK1024: | 80 | case MLKEM1024_RANK: |
| 81 | return MLKEM1024_PRIVATE_KEY_BYTES; | 81 | return MLKEM1024_PRIVATE_KEY_BYTES; |
| 82 | default: | 82 | default: |
| 83 | return 0; | 83 | return 0; |
| @@ -93,9 +93,9 @@ MLKEM_private_key_ciphertext_length(const MLKEM_private_key *key) | |||
| 93 | return 0; | 93 | return 0; |
| 94 | 94 | ||
| 95 | switch (key->rank) { | 95 | switch (key->rank) { |
| 96 | case RANK768: | 96 | case MLKEM768_RANK: |
| 97 | return MLKEM768_CIPHERTEXT_BYTES; | 97 | return MLKEM768_CIPHERTEXT_BYTES; |
| 98 | case RANK1024: | 98 | case MLKEM1024_RANK: |
| 99 | return MLKEM1024_CIPHERTEXT_BYTES; | 99 | return MLKEM1024_CIPHERTEXT_BYTES; |
| 100 | default: | 100 | default: |
| 101 | return 0; | 101 | return 0; |
| @@ -114,11 +114,11 @@ MLKEM_public_key_new(int rank) | |||
| 114 | goto err; | 114 | goto err; |
| 115 | 115 | ||
| 116 | switch (rank) { | 116 | switch (rank) { |
| 117 | case RANK768: | 117 | case MLKEM768_RANK: |
| 118 | if ((key->key_768 = calloc(1, sizeof(*key->key_768))) == NULL) | 118 | if ((key->key_768 = calloc(1, sizeof(*key->key_768))) == NULL) |
| 119 | goto err; | 119 | goto err; |
| 120 | break; | 120 | break; |
| 121 | case RANK1024: | 121 | case MLKEM1024_RANK: |
| 122 | if ((key->key_1024 = calloc(1, sizeof(*key->key_1024))) == NULL) | 122 | if ((key->key_1024 = calloc(1, sizeof(*key->key_1024))) == NULL) |
| 123 | goto err; | 123 | goto err; |
| 124 | break; | 124 | break; |
| @@ -158,9 +158,9 @@ MLKEM_public_key_encoded_length(const MLKEM_public_key *key) | |||
| 158 | return 0; | 158 | return 0; |
| 159 | 159 | ||
| 160 | switch (key->rank) { | 160 | switch (key->rank) { |
| 161 | case RANK768: | 161 | case MLKEM768_RANK: |
| 162 | return MLKEM768_PUBLIC_KEY_BYTES; | 162 | return MLKEM768_PUBLIC_KEY_BYTES; |
| 163 | case RANK1024: | 163 | case MLKEM1024_RANK: |
| 164 | return MLKEM1024_PUBLIC_KEY_BYTES; | 164 | return MLKEM1024_PUBLIC_KEY_BYTES; |
| 165 | default: | 165 | default: |
| 166 | return 0; | 166 | return 0; |
| @@ -176,9 +176,9 @@ MLKEM_public_key_ciphertext_length(const MLKEM_public_key *key) | |||
| 176 | return 0; | 176 | return 0; |
| 177 | 177 | ||
| 178 | switch (key->rank) { | 178 | switch (key->rank) { |
| 179 | case RANK768: | 179 | case MLKEM768_RANK: |
| 180 | return MLKEM768_CIPHERTEXT_BYTES; | 180 | return MLKEM768_CIPHERTEXT_BYTES; |
| 181 | case RANK1024: | 181 | case MLKEM1024_RANK: |
| 182 | return MLKEM1024_CIPHERTEXT_BYTES; | 182 | return MLKEM1024_CIPHERTEXT_BYTES; |
| 183 | default: | 183 | default: |
| 184 | return 0; | 184 | return 0; |
diff --git a/src/lib/libssl/tls_key_share.c b/src/lib/libssl/tls_key_share.c index 3f4c44f558..9e04cb7b75 100644 --- a/src/lib/libssl/tls_key_share.c +++ b/src/lib/libssl/tls_key_share.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_key_share.c,v 1.9 2025/12/04 21:03:42 beck Exp $ */ | 1 | /* $OpenBSD: tls_key_share.c,v 1.10 2026/01/01 12:47:52 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -285,7 +285,7 @@ tls_key_share_generate_mlkem(struct tls_key_share *ks, int rank) | |||
| 285 | static int | 285 | static int |
| 286 | tls_key_share_client_generate_mlkem768x25519(struct tls_key_share *ks) | 286 | tls_key_share_client_generate_mlkem768x25519(struct tls_key_share *ks) |
| 287 | { | 287 | { |
| 288 | if (!tls_key_share_generate_mlkem(ks, RANK768)) | 288 | if (!tls_key_share_generate_mlkem(ks, MLKEM768_RANK)) |
| 289 | return 0; | 289 | return 0; |
| 290 | 290 | ||
| 291 | if (!tls_key_share_generate_x25519(ks)) | 291 | if (!tls_key_share_generate_x25519(ks)) |
| @@ -586,7 +586,7 @@ tls_key_share_server_peer_public_mlkem768x25519(struct tls_key_share *ks, | |||
| 586 | return 0; | 586 | return 0; |
| 587 | 587 | ||
| 588 | /* Nein, ist nur normal (1024 ist gigantisch) */ | 588 | /* Nein, ist nur normal (1024 ist gigantisch) */ |
| 589 | if ((ks->mlkem_peer_public = MLKEM_public_key_new(RANK768)) == NULL) | 589 | if ((ks->mlkem_peer_public = MLKEM_public_key_new(MLKEM768_RANK)) == NULL) |
| 590 | goto err; | 590 | goto err; |
| 591 | 591 | ||
| 592 | if (!CBS_get_bytes(cbs, &mlkem768_cbs, | 592 | if (!CBS_get_bytes(cbs, &mlkem768_cbs, |
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_iteration_tests.c b/src/regress/lib/libcrypto/mlkem/mlkem_iteration_tests.c index 053f8e1222..d6451fafb8 100644 --- a/src/regress/lib/libcrypto/mlkem/mlkem_iteration_tests.c +++ b/src/regress/lib/libcrypto/mlkem/mlkem_iteration_tests.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: mlkem_iteration_tests.c,v 1.8 2025/08/17 19:26:35 tb Exp $ */ | 1 | /* $OpenBSD: mlkem_iteration_tests.c,v 1.9 2026/01/01 12:47:52 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2024 Google Inc. | 3 | * Copyright (c) 2024 Google Inc. |
| 4 | * Copyright (c) 2024 Bob Beck <beck@obtuse.com> | 4 | * Copyright (c) 2024 Bob Beck <beck@obtuse.com> |
| @@ -78,10 +78,10 @@ MlkemIterativeTest(int rank) | |||
| 78 | start = kExpectedSeedStart; | 78 | start = kExpectedSeedStart; |
| 79 | start_len = sizeof(kExpectedSeedStart); | 79 | start_len = sizeof(kExpectedSeedStart); |
| 80 | switch(rank){ | 80 | switch(rank){ |
| 81 | case RANK768: | 81 | case MLKEM768_RANK: |
| 82 | expected = kExpectedAdam768; | 82 | expected = kExpectedAdam768; |
| 83 | break; | 83 | break; |
| 84 | case RANK1024: | 84 | case MLKEM1024_RANK: |
| 85 | expected = kExpectedAdam1024; | 85 | expected = kExpectedAdam1024; |
| 86 | break; | 86 | break; |
| 87 | default: | 87 | default: |
| @@ -196,8 +196,8 @@ main(void) | |||
| 196 | { | 196 | { |
| 197 | int failed = 0; | 197 | int failed = 0; |
| 198 | 198 | ||
| 199 | failed |= MlkemIterativeTest(RANK768); | 199 | failed |= MlkemIterativeTest(MLKEM768_RANK); |
| 200 | failed |= MlkemIterativeTest(RANK1024); | 200 | failed |= MlkemIterativeTest(MLKEM1024_RANK); |
| 201 | 201 | ||
| 202 | return failed; | 202 | return failed; |
| 203 | } | 203 | } |
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_tests.c b/src/regress/lib/libcrypto/mlkem/mlkem_tests.c index 361467afd0..5e8441307c 100644 --- a/src/regress/lib/libcrypto/mlkem/mlkem_tests.c +++ b/src/regress/lib/libcrypto/mlkem/mlkem_tests.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: mlkem_tests.c,v 1.10 2025/08/15 21:47:39 tb Exp $ */ | 1 | /* $OpenBSD: mlkem_tests.c,v 1.11 2026/01/01 12:47:52 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2024 Google Inc. | 3 | * Copyright (c) 2024 Google Inc. |
| 4 | * Copyright (c) 2024 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2024 Theo Buehler <tb@openbsd.org> |
| @@ -686,27 +686,27 @@ static int | |||
| 686 | run_mlkem_test(const char *test, const char *fn) | 686 | run_mlkem_test(const char *test, const char *fn) |
| 687 | { | 687 | { |
| 688 | if (strcmp(test, "mlkem768_decap_tests") == 0) | 688 | if (strcmp(test, "mlkem768_decap_tests") == 0) |
| 689 | return mlkem_decap_tests(fn, RANK768, TEST_TYPE_NORMAL); | 689 | return mlkem_decap_tests(fn, MLKEM768_RANK, TEST_TYPE_NORMAL); |
| 690 | if (strcmp(test, "mlkem768_nist_decap_tests") == 0) | 690 | if (strcmp(test, "mlkem768_nist_decap_tests") == 0) |
| 691 | return mlkem_decap_tests(fn, RANK768, TEST_TYPE_NIST); | 691 | return mlkem_decap_tests(fn, MLKEM768_RANK, TEST_TYPE_NIST); |
| 692 | if (strcmp(test, "mlkem1024_decap_tests") == 0) | 692 | if (strcmp(test, "mlkem1024_decap_tests") == 0) |
| 693 | return mlkem_decap_tests(fn, RANK1024, TEST_TYPE_NORMAL); | 693 | return mlkem_decap_tests(fn, MLKEM1024_RANK, TEST_TYPE_NORMAL); |
| 694 | if (strcmp(test, "mlkem1024_nist_decap_tests") == 0) | 694 | if (strcmp(test, "mlkem1024_nist_decap_tests") == 0) |
| 695 | return mlkem_decap_tests(fn, RANK1024, TEST_TYPE_NIST); | 695 | return mlkem_decap_tests(fn, MLKEM1024_RANK, TEST_TYPE_NIST); |
| 696 | 696 | ||
| 697 | if (strcmp(test, "mlkem768_encap_tests") == 0) | 697 | if (strcmp(test, "mlkem768_encap_tests") == 0) |
| 698 | return mlkem_encap_tests(fn, RANK768); | 698 | return mlkem_encap_tests(fn, MLKEM768_RANK); |
| 699 | if (strcmp(test, "mlkem1024_encap_tests") == 0) | 699 | if (strcmp(test, "mlkem1024_encap_tests") == 0) |
| 700 | return mlkem_encap_tests(fn, RANK1024); | 700 | return mlkem_encap_tests(fn, MLKEM1024_RANK); |
| 701 | 701 | ||
| 702 | if (strcmp(test, "mlkem768_keygen_tests") == 0) | 702 | if (strcmp(test, "mlkem768_keygen_tests") == 0) |
| 703 | return mlkem_keygen_tests(fn, RANK768, TEST_TYPE_NORMAL); | 703 | return mlkem_keygen_tests(fn, MLKEM768_RANK, TEST_TYPE_NORMAL); |
| 704 | if (strcmp(test, "mlkem768_nist_keygen_tests") == 0) | 704 | if (strcmp(test, "mlkem768_nist_keygen_tests") == 0) |
| 705 | return mlkem_keygen_tests(fn, RANK768, TEST_TYPE_NIST); | 705 | return mlkem_keygen_tests(fn, MLKEM768_RANK, TEST_TYPE_NIST); |
| 706 | if (strcmp(test, "mlkem1024_keygen_tests") == 0) | 706 | if (strcmp(test, "mlkem1024_keygen_tests") == 0) |
| 707 | return mlkem_keygen_tests(fn, RANK1024, TEST_TYPE_NORMAL); | 707 | return mlkem_keygen_tests(fn, MLKEM1024_RANK, TEST_TYPE_NORMAL); |
| 708 | if (strcmp(test, "mlkem1024_nist_keygen_tests") == 0) | 708 | if (strcmp(test, "mlkem1024_nist_keygen_tests") == 0) |
| 709 | return mlkem_keygen_tests(fn, RANK1024, TEST_TYPE_NIST); | 709 | return mlkem_keygen_tests(fn, MLKEM1024_RANK, TEST_TYPE_NIST); |
| 710 | 710 | ||
| 711 | errx(1, "unknown test %s (test file %s)", test, fn); | 711 | errx(1, "unknown test %s (test file %s)", test, fn); |
| 712 | } | 712 | } |
diff --git a/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c b/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c index f802324189..1d8149b523 100644 --- a/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c +++ b/src/regress/lib/libcrypto/mlkem/mlkem_unittest.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: mlkem_unittest.c,v 1.15 2025/08/17 19:26:35 tb Exp $ */ | 1 | /* $OpenBSD: mlkem_unittest.c,v 1.16 2026/01/01 12:47:52 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2024 Google Inc. | 3 | * Copyright (c) 2024 Google Inc. |
| 4 | * Copyright (c) 2024 Bob Beck <beck@obtuse.com> | 4 | * Copyright (c) 2024 Bob Beck <beck@obtuse.com> |
| @@ -300,8 +300,8 @@ main(void) | |||
| 300 | { | 300 | { |
| 301 | int failed = 0; | 301 | int failed = 0; |
| 302 | 302 | ||
| 303 | failed |= MlKemUnitTest(RANK768); | 303 | failed |= MlKemUnitTest(MLKEM768_RANK); |
| 304 | failed |= MlKemUnitTest(RANK1024); | 304 | failed |= MlKemUnitTest(MLKEM1024_RANK); |
| 305 | 305 | ||
| 306 | return failed; | 306 | return failed; |
| 307 | } | 307 | } |
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go index 907f58d5f8..397958ac15 100644 --- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: wycheproof.go,v 1.195 2025/12/27 03:23:57 tb Exp $ */ | 1 | /* $OpenBSD: wycheproof.go,v 1.196 2026/01/01 12:47:52 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2018,2019,2022-2025 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2018,2019,2022-2025 Theo Buehler <tb@openbsd.org> |
| @@ -2460,9 +2460,9 @@ func (wtg *wycheproofTestGroupMLKEM) run(algorithm string, variant testVariant) | |||
| 2460 | fmt.Printf("INFO: skipping %v test group of type %v for %s\n", algorithm, wtg.Type, wtg.ParameterSet) | 2460 | fmt.Printf("INFO: skipping %v test group of type %v for %s\n", algorithm, wtg.Type, wtg.ParameterSet) |
| 2461 | return true | 2461 | return true |
| 2462 | case "ML-KEM-768": | 2462 | case "ML-KEM-768": |
| 2463 | rank = C.RANK768 | 2463 | rank = C.MLKEM768_RANK |
| 2464 | case "ML-KEM-1024": | 2464 | case "ML-KEM-1024": |
| 2465 | rank = C.RANK1024 | 2465 | rank = C.MLKEM1024_RANK |
| 2466 | default: | 2466 | default: |
| 2467 | log.Fatalf("Unknown ML-KEM parameterSet %v", wtg.ParameterSet) | 2467 | log.Fatalf("Unknown ML-KEM parameterSet %v", wtg.ParameterSet) |
| 2468 | } | 2468 | } |