1 files changed, 16 insertions, 90 deletions
diff --git a/src/lib/libcrypto/mlkem/mlkem.c b/src/lib/libcrypto/mlkem/mlkem.c
index dcc73c2631..9461a338e9 100644
--- a/src/lib/libcrypto/mlkem/mlkem.c
+++ b/src/lib/libcrypto/mlkem/mlkem.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: mlkem.c,v 1.3 2025/08/19 21:37:08 tb Exp $ */
+/*      $OpenBSD: mlkem.c,v 1.4 2025/09/05 23:30:12 beck Exp $ */
 /*
 * Copyright (c) 2025, Bob Beck <beck@obtuse.com>
 *
@@ -77,24 +77,15 @@ MLKEM_generate_key_external_entropy(MLKEM_private_key *private_key,
        if ((k = calloc(1, k_len)) == NULL)
                goto err;
-        switch (private_key->rank) {
+        if (!mlkem_generate_key_external_entropy(k, private_key, entropy))
-        case RANK768:
+                goto err;
-                if (!MLKEM768_generate_key_external_entropy(k, private_key,
-                    entropy))
-                        goto err;
-                break;
-        case RANK1024:
-                if (!MLKEM1024_generate_key_external_entropy(k, private_key,
-                    entropy))
-                        goto err;
-                break;
-        }
        private_key->state = MLKEM_PRIVATE_KEY_INITIALIZED;
        *out_encoded_public_key = k;
        *out_encoded_public_key_len = k_len;
        k = NULL;
+        k_len = 0;
        ret = 1;
@@ -154,18 +145,8 @@ MLKEM_private_key_from_seed(MLKEM_private_key *private_key,
        if (seed_len != MLKEM_SEED_LENGTH)
                goto err;
-        switch (private_key->rank) {
+        if (!mlkem_private_key_from_seed(seed, seed_len, private_key))
-        case RANK768:
+                goto err;
-                if (!MLKEM768_private_key_from_seed(seed,
-                    seed_len, private_key))
-                        goto err;
-                break;
-        case RANK1024:
-                if (!MLKEM1024_private_key_from_seed(private_key,
-                    seed, seed_len))
-                        goto err;
-                break;
-        }
        private_key->state = MLKEM_PRIVATE_KEY_INITIALIZED;
@@ -187,14 +168,8 @@ MLKEM_public_from_private(const MLKEM_private_key *private_key,
                return 0;
        if (public_key->rank != private_key->rank)
                return 0;
-        switch (private_key->rank) {
-        case RANK768:
+        mlkem_public_from_private(private_key, public_key);
-                MLKEM768_public_from_private(private_key, public_key);
-                break;
-        case RANK1024:
-                MLKEM1024_public_from_private(private_key, public_key);
-                break;
-        }
        public_key->state = MLKEM_PUBLIC_KEY_INITIALIZED;
@@ -230,17 +205,8 @@ MLKEM_encap_external_entropy(const MLKEM_public_key *public_key,
        if ((ciphertext = calloc(1, ciphertext_len)) == NULL)
                goto err;
-        switch (public_key->rank) {
+        mlkem_encap_external_entropy(ciphertext, secret, public_key, entropy);
-        case RANK768:
-                MLKEM768_encap_external_entropy(ciphertext, secret, public_key,
-                    entropy);
-                break;
-        case RANK1024:
-                MLKEM1024_encap_external_entropy(ciphertext, secret, public_key,
-                    entropy);
-                break;
-        }
        *out_ciphertext = ciphertext;
        *out_ciphertext_len = ciphertext_len;
        ciphertext = NULL;
@@ -291,15 +257,7 @@ MLKEM_decap(const MLKEM_private_key *private_key,
        if ((s = calloc(1, MLKEM_SHARED_SECRET_LENGTH)) == NULL)
                goto err;
-        switch (private_key->rank) {
+        mlkem_decap(private_key, ciphertext, ciphertext_len, s);
-        case RANK768:
-                MLKEM768_decap(private_key, ciphertext, ciphertext_len, s);
-                break;
-        case RANK1024:
-                MLKEM1024_decap(private_key, ciphertext, ciphertext_len, s);
-                break;
-        }
        *out_shared_secret = s;
        *out_shared_secret_len = MLKEM_SHARED_SECRET_LENGTH;
@@ -324,14 +282,7 @@ MLKEM_marshal_public_key(const MLKEM_public_key *public_key, uint8_t **out,
        if (!public_key_is_valid(public_key))
                return 0;
-        switch (public_key->rank) {
+        return mlkem_marshal_public_key(public_key, out, out_len);
-        case RANK768:
-                return MLKEM768_marshal_public_key(public_key, out, out_len);
-        case RANK1024:
-                return MLKEM1024_marshal_public_key(public_key, out, out_len);
-        default:
-                return 0;
-        }
 }
 LCRYPTO_ALIAS(MLKEM_marshal_public_key);
@@ -349,14 +300,7 @@ MLKEM_marshal_private_key(const MLKEM_private_key *private_key, uint8_t **out,
        if (!private_key_is_valid(private_key))
                return 0;
-        switch (private_key->rank) {
+        return mlkem_marshal_private_key(private_key, out, out_len);
-        case RANK768:
-                return MLKEM768_marshal_private_key(private_key, out, out_len);
-        case RANK1024:
-                return MLKEM1024_marshal_private_key(private_key, out, out_len);
-        default:
-                return 0;
-        }
 }
 LCRYPTO_ALIAS(MLKEM_marshal_private_key);
@@ -370,18 +314,8 @@ MLKEM_parse_public_key(MLKEM_public_key *public_key, const uint8_t *in,
        if (in_len != MLKEM_public_key_encoded_length(public_key))
                return 0;
-        switch (public_key->rank) {
+        if (!mlkem_parse_public_key(in, in_len, public_key))
-        case RANK768:
+                return 0;
-                if (!MLKEM768_parse_public_key(in, in_len,
-                    public_key))
-                        return 0;
-                break;
-        case RANK1024:
-                if (!MLKEM1024_parse_public_key(in, in_len,
-                    public_key))
-                        return 0;
-                break;
-        }
        public_key->state = MLKEM_PUBLIC_KEY_INITIALIZED;
@@ -399,16 +333,8 @@ MLKEM_parse_private_key(MLKEM_private_key *private_key, const uint8_t *in,
        if (in_len != MLKEM_private_key_encoded_length(private_key))
                return 0;
-        switch (private_key->rank) {
+        if (!mlkem_parse_private_key(in, in_len, private_key))
-        case RANK768:
+                return 0;
-                if (!MLKEM768_parse_private_key(in, in_len, private_key))
-                        return 0;
-                break;
-        case RANK1024:
-                if (!MLKEM1024_parse_private_key(in, in_len, private_key))
-                        return 0;
-                break;
-        }
        private_key->state = MLKEM_PRIVATE_KEY_INITIALIZED;

diff --git a/src/lib/libcrypto/mlkem/mlkem.c b/src/lib/libcrypto/mlkem/mlkem.c index dcc73c2631..9461a338e9 100644 --- a/src/lib/libcrypto/mlkem/mlkem.c +++ b/src/lib/libcrypto/mlkem/mlkem.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: mlkem.c,v 1.3 2025/08/19 21:37:08 tb Exp $ */	1	/* $OpenBSD: mlkem.c,v 1.4 2025/09/05 23:30:12 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2025, Bob Beck <beck@obtuse.com>	3	* Copyright (c) 2025, Bob Beck <beck@obtuse.com>
4	*	4	*
@@ -77,24 +77,15 @@ MLKEM_generate_key_external_entropy(MLKEM_private_key *private_key,
77	if ((k = calloc(1, k_len)) == NULL)	77	if ((k = calloc(1, k_len)) == NULL)
78	goto err;	78	goto err;
79		79
80	switch (private_key->rank) {	80	if (!mlkem_generate_key_external_entropy(k, private_key, entropy))
81	case RANK768:	81	goto err;
82	if (!MLKEM768_generate_key_external_entropy(k, private_key,
83	entropy))
84	goto err;
85	break;
86	case RANK1024:
87	if (!MLKEM1024_generate_key_external_entropy(k, private_key,
88	entropy))
89	goto err;
90	break;
91	}
92		82
93	private_key->state = MLKEM_PRIVATE_KEY_INITIALIZED;	83	private_key->state = MLKEM_PRIVATE_KEY_INITIALIZED;
94		84
95	*out_encoded_public_key = k;	85	*out_encoded_public_key = k;
96	*out_encoded_public_key_len = k_len;	86	*out_encoded_public_key_len = k_len;
97	k = NULL;	87	k = NULL;
		88	k_len = 0;
98		89
99	ret = 1;	90	ret = 1;
100		91
@@ -154,18 +145,8 @@ MLKEM_private_key_from_seed(MLKEM_private_key *private_key,
154	if (seed_len != MLKEM_SEED_LENGTH)	145	if (seed_len != MLKEM_SEED_LENGTH)
155	goto err;	146	goto err;
156		147
157	switch (private_key->rank) {	148	if (!mlkem_private_key_from_seed(seed, seed_len, private_key))
158	case RANK768:	149	goto err;
159	if (!MLKEM768_private_key_from_seed(seed,
160	seed_len, private_key))
161	goto err;
162	break;
163	case RANK1024:
164	if (!MLKEM1024_private_key_from_seed(private_key,
165	seed, seed_len))
166	goto err;
167	break;
168	}
169		150
170	private_key->state = MLKEM_PRIVATE_KEY_INITIALIZED;	151	private_key->state = MLKEM_PRIVATE_KEY_INITIALIZED;
171		152
@@ -187,14 +168,8 @@ MLKEM_public_from_private(const MLKEM_private_key *private_key,
187	return 0;	168	return 0;
188	if (public_key->rank != private_key->rank)	169	if (public_key->rank != private_key->rank)
189	return 0;	170	return 0;
190	switch (private_key->rank) {	171
191	case RANK768:	172	mlkem_public_from_private(private_key, public_key);
192	MLKEM768_public_from_private(private_key, public_key);
193	break;
194	case RANK1024:
195	MLKEM1024_public_from_private(private_key, public_key);
196	break;
197	}
198		173
199	public_key->state = MLKEM_PUBLIC_KEY_INITIALIZED;	174	public_key->state = MLKEM_PUBLIC_KEY_INITIALIZED;
200		175
@@ -230,17 +205,8 @@ MLKEM_encap_external_entropy(const MLKEM_public_key *public_key,
230	if ((ciphertext = calloc(1, ciphertext_len)) == NULL)	205	if ((ciphertext = calloc(1, ciphertext_len)) == NULL)
231	goto err;	206	goto err;
232		207
233	switch (public_key->rank) {	208	mlkem_encap_external_entropy(ciphertext, secret, public_key, entropy);
234	case RANK768:
235	MLKEM768_encap_external_entropy(ciphertext, secret, public_key,
236	entropy);
237	break;
238		209
239	case RANK1024:
240	MLKEM1024_encap_external_entropy(ciphertext, secret, public_key,
241	entropy);
242	break;
243	}
244	*out_ciphertext = ciphertext;	210	*out_ciphertext = ciphertext;
245	*out_ciphertext_len = ciphertext_len;	211	*out_ciphertext_len = ciphertext_len;
246	ciphertext = NULL;	212	ciphertext = NULL;
@@ -291,15 +257,7 @@ MLKEM_decap(const MLKEM_private_key *private_key,
291	if ((s = calloc(1, MLKEM_SHARED_SECRET_LENGTH)) == NULL)	257	if ((s = calloc(1, MLKEM_SHARED_SECRET_LENGTH)) == NULL)
292	goto err;	258	goto err;
293		259
294	switch (private_key->rank) {	260	mlkem_decap(private_key, ciphertext, ciphertext_len, s);
295	case RANK768:
296	MLKEM768_decap(private_key, ciphertext, ciphertext_len, s);
297	break;
298
299	case RANK1024:
300	MLKEM1024_decap(private_key, ciphertext, ciphertext_len, s);
301	break;
302	}
303		261
304	*out_shared_secret = s;	262	*out_shared_secret = s;
305	*out_shared_secret_len = MLKEM_SHARED_SECRET_LENGTH;	263	*out_shared_secret_len = MLKEM_SHARED_SECRET_LENGTH;
@@ -324,14 +282,7 @@ MLKEM_marshal_public_key(const MLKEM_public_key public_key, uint8_t *out,
324	if (!public_key_is_valid(public_key))	282	if (!public_key_is_valid(public_key))
325	return 0;	283	return 0;
326		284
327	switch (public_key->rank) {	285	return mlkem_marshal_public_key(public_key, out, out_len);
328	case RANK768:
329	return MLKEM768_marshal_public_key(public_key, out, out_len);
330	case RANK1024:
331	return MLKEM1024_marshal_public_key(public_key, out, out_len);
332	default:
333	return 0;
334	}
335	}	286	}
336	LCRYPTO_ALIAS(MLKEM_marshal_public_key);	287	LCRYPTO_ALIAS(MLKEM_marshal_public_key);
337		288
@@ -349,14 +300,7 @@ MLKEM_marshal_private_key(const MLKEM_private_key private_key, uint8_t *out,
349	if (!private_key_is_valid(private_key))	300	if (!private_key_is_valid(private_key))
350	return 0;	301	return 0;
351		302
352	switch (private_key->rank) {	303	return mlkem_marshal_private_key(private_key, out, out_len);
353	case RANK768:
354	return MLKEM768_marshal_private_key(private_key, out, out_len);
355	case RANK1024:
356	return MLKEM1024_marshal_private_key(private_key, out, out_len);
357	default:
358	return 0;
359	}
360	}	304	}
361	LCRYPTO_ALIAS(MLKEM_marshal_private_key);	305	LCRYPTO_ALIAS(MLKEM_marshal_private_key);
362		306
@@ -370,18 +314,8 @@ MLKEM_parse_public_key(MLKEM_public_key public_key, const uint8_t in,
370	if (in_len != MLKEM_public_key_encoded_length(public_key))	314	if (in_len != MLKEM_public_key_encoded_length(public_key))
371	return 0;	315	return 0;
372		316
373	switch (public_key->rank) {	317	if (!mlkem_parse_public_key(in, in_len, public_key))
374	case RANK768:	318	return 0;
375	if (!MLKEM768_parse_public_key(in, in_len,
376	public_key))
377	return 0;
378	break;
379	case RANK1024:
380	if (!MLKEM1024_parse_public_key(in, in_len,
381	public_key))
382	return 0;
383	break;
384	}
385		319
386	public_key->state = MLKEM_PUBLIC_KEY_INITIALIZED;	320	public_key->state = MLKEM_PUBLIC_KEY_INITIALIZED;
387		321
@@ -399,16 +333,8 @@ MLKEM_parse_private_key(MLKEM_private_key private_key, const uint8_t in,
399	if (in_len != MLKEM_private_key_encoded_length(private_key))	333	if (in_len != MLKEM_private_key_encoded_length(private_key))
400	return 0;	334	return 0;
401		335
402	switch (private_key->rank) {	336	if (!mlkem_parse_private_key(in, in_len, private_key))
403	case RANK768:	337	return 0;
404	if (!MLKEM768_parse_private_key(in, in_len, private_key))
405	return 0;
406	break;
407	case RANK1024:
408	if (!MLKEM1024_parse_private_key(in, in_len, private_key))
409	return 0;
410	break;
411	}
412		338
413	private_key->state = MLKEM_PRIVATE_KEY_INITIALIZED;	339	private_key->state = MLKEM_PRIVATE_KEY_INITIALIZED;
414		340