1 files changed, 200 insertions, 0 deletions
diff --git a/src/lib/libcrypto/mlkem/mlkem_key.c b/src/lib/libcrypto/mlkem/mlkem_key.c
new file mode 100644
index 0000000000..051d8f2b88
--- /dev/null
+++ b/src/lib/libcrypto/mlkem/mlkem_key.c
@@ -0,0 +1,200 @@
+/* $OpenBSD: mlkem_key.c,v 1.1 2025/08/14 15:48:48 beck Exp $ */
+/*
+ * Copyright (c) 2025 Bob Beck <beck@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/mlkem.h>
+#include "mlkem_internal.h"
+MLKEM_private_key *
+MLKEM_private_key_new(int rank)
+{
+        struct MLKEM1024_private_key *key_1024 = NULL;
+        struct MLKEM768_private_key *key_768 = NULL;
+        MLKEM_private_key *key = NULL;
+        MLKEM_private_key *ret = NULL;
+        if ((key = calloc(1, sizeof(MLKEM_private_key))) == NULL)
+                goto err;
+        switch (rank) {
+        case RANK768:
+                if ((key_768 = calloc(1, sizeof(*key_768))) ==
+                    NULL)
+                        goto err;
+                key->key_768 = key_768;
+                break;
+        case RANK1024:
+                if ((key_1024 = calloc(1, sizeof(*key_1024))) ==
+                    NULL)
+                        goto err;
+                key->key_1024 = key_1024;
+                break;
+        default:
+                goto err;
+        }
+        key->rank = rank;
+        key->state = MLKEM_PRIVATE_KEY_UNINITIALIZED;
+        ret = key;
+        key= NULL;
+ err:
+        MLKEM_private_key_free(key);
+        return ret;
+}
+LCRYPTO_ALIAS(MLKEM_private_key_new);
+void
+MLKEM_private_key_free(MLKEM_private_key *key)
+{
+        if (key == NULL)
+                return;
+        freezero(key->key_768, sizeof(*key->key_768));
+        freezero(key->key_1024, sizeof(*key->key_1024));
+        freezero(key, sizeof(*key));
+}
+LCRYPTO_ALIAS(MLKEM_private_key_free);
+size_t
+MLKEM_private_key_encoded_length(const MLKEM_private_key *key)
+{
+        if (key == NULL)
+                return 0;
+        switch (key->rank) {
+        case RANK768:
+                return MLKEM768_PRIVATE_KEY_BYTES;
+        case RANK1024:
+                return MLKEM1024_PRIVATE_KEY_BYTES;
+        default:
+                return 0;
+        }
+        return 0;
+}
+LCRYPTO_ALIAS(MLKEM_private_key_encoded_length);
+size_t
+MLKEM_private_key_ciphertext_length(const MLKEM_private_key *key)
+{
+        if (key == NULL)
+                return 0;
+        switch (key->rank) {
+        case RANK768:
+                return MLKEM768_CIPHERTEXT_BYTES;
+        case RANK1024:
+                return MLKEM1024_CIPHERTEXT_BYTES;
+        default:
+                return 0;
+        }
+        return 0;
+}
+LCRYPTO_ALIAS(MLKEM_private_key_ciphertext_length);
+MLKEM_public_key *
+MLKEM_public_key_new(int rank)
+{
+        struct MLKEM1024_public_key *key_1024 = NULL;
+        struct MLKEM768_public_key *key_768 = NULL;
+        MLKEM_public_key *key = NULL;
+        MLKEM_public_key *ret = NULL;
+        if ((key = calloc(1, sizeof(MLKEM_public_key))) == NULL)
+                goto err;
+        switch (rank) {
+        case RANK768:
+                if ((key_768 = calloc(1, sizeof(*key_768))) ==
+                    NULL)
+                        goto err;
+                key->key_768 = key_768;
+                break;
+        case RANK1024:
+                if ((key_1024 = calloc(1, sizeof(*key_1024))) ==
+                    NULL)
+                        goto err;
+                key->key_1024 = key_1024;
+                break;
+        default:
+                goto err;
+        }
+        key->rank = rank;
+        key->state = MLKEM_PUBLIC_KEY_UNINITIALIZED;
+        ret = key;
+        key = NULL;
+ err:
+        MLKEM_public_key_free(key);
+        return ret;
+}
+LCRYPTO_ALIAS(MLKEM_public_key_new);
+void
+MLKEM_public_key_free(MLKEM_public_key *key)
+{
+        if (key == NULL)
+                return;
+        freezero(key->key_768, sizeof(*key->key_768));
+        freezero(key->key_1024, sizeof(*key->key_1024));
+        freezero(key, sizeof(*key));
+}
+LCRYPTO_ALIAS(MLKEM_public_key_free);
+size_t
+MLKEM_public_key_encoded_length(const MLKEM_public_key *key)
+{
+        if (key == NULL)
+                return 0;
+        switch (key->rank) {
+        case RANK768:
+                return MLKEM768_PUBLIC_KEY_BYTES;
+        case RANK1024:
+                return MLKEM1024_PUBLIC_KEY_BYTES;
+        default:
+                return 0;
+        }
+        return 0;
+}
+LCRYPTO_ALIAS(MLKEM_public_key_encoded_length);
+size_t
+MLKEM_public_key_ciphertext_length(const MLKEM_public_key *key)
+{
+        if (key == NULL)
+                return 0;
+        switch (key->rank) {
+        case RANK768:
+                return MLKEM768_CIPHERTEXT_BYTES;
+        case RANK1024:
+                return MLKEM1024_CIPHERTEXT_BYTES;
+        default:
+                return 0;
+        }
+        return 0;
+}
+LCRYPTO_ALIAS(MLKEM_public_key_ciphertext_length);

diff --git a/src/lib/libcrypto/mlkem/mlkem_key.c b/src/lib/libcrypto/mlkem/mlkem_key.c new file mode 100644 index 0000000000..051d8f2b88 --- /dev/null +++ b/src/lib/libcrypto/mlkem/mlkem_key.c
@@ -0,0 +1,200 @@
	1	/* $OpenBSD: mlkem_key.c,v 1.1 2025/08/14 15:48:48 beck Exp $ */
	2	/*
	3	* Copyright (c) 2025 Bob Beck <beck@openbsd.org>
	4	*
	5	* Permission to use, copy, modify, and distribute this software for any
	6	* purpose with or without fee is hereby granted, provided that the above
	7	* copyright notice and this permission notice appear in all copies.
	8	*
	9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	*/
	17
	18	#include <stdlib.h>
	19	#include <string.h>
	20
	21	#include <openssl/mlkem.h>
	22
	23	#include "mlkem_internal.h"
	24
	25	MLKEM_private_key *
	26	MLKEM_private_key_new(int rank)
	27	{
	28	struct MLKEM1024_private_key *key_1024 = NULL;
	29	struct MLKEM768_private_key *key_768 = NULL;
	30	MLKEM_private_key *key = NULL;
	31	MLKEM_private_key *ret = NULL;
	32
	33	if ((key = calloc(1, sizeof(MLKEM_private_key))) == NULL)
	34	goto err;
	35
	36	switch (rank) {
	37	case RANK768:
	38	if ((key_768 = calloc(1, sizeof(*key_768))) ==
	39	NULL)
	40	goto err;
	41	key->key_768 = key_768;
	42	break;
	43	case RANK1024:
	44	if ((key_1024 = calloc(1, sizeof(*key_1024))) ==
	45	NULL)
	46	goto err;
	47	key->key_1024 = key_1024;
	48	break;
	49	default:
	50	goto err;
	51	}
	52	key->rank = rank;
	53	key->state = MLKEM_PRIVATE_KEY_UNINITIALIZED;
	54
	55	ret = key;
	56	key= NULL;
	57
	58	err:
	59	MLKEM_private_key_free(key);
	60
	61	return ret;
	62	}
	63	LCRYPTO_ALIAS(MLKEM_private_key_new);
	64
	65	void
	66	MLKEM_private_key_free(MLKEM_private_key *key)
	67	{
	68	if (key == NULL)
	69	return;
	70
	71	freezero(key->key_768, sizeof(*key->key_768));
	72	freezero(key->key_1024, sizeof(*key->key_1024));
	73	freezero(key, sizeof(*key));
	74	}
	75	LCRYPTO_ALIAS(MLKEM_private_key_free);
	76
	77	size_t
	78	MLKEM_private_key_encoded_length(const MLKEM_private_key *key)
	79	{
	80	if (key == NULL)
	81	return 0;
	82
	83	switch (key->rank) {
	84	case RANK768:
	85	return MLKEM768_PRIVATE_KEY_BYTES;
	86	case RANK1024:
	87	return MLKEM1024_PRIVATE_KEY_BYTES;
	88	default:
	89	return 0;
	90	}
	91	return 0;
	92	}
	93	LCRYPTO_ALIAS(MLKEM_private_key_encoded_length);
	94
	95	size_t
	96	MLKEM_private_key_ciphertext_length(const MLKEM_private_key *key)
	97	{
	98	if (key == NULL)
	99	return 0;
	100
	101	switch (key->rank) {
	102	case RANK768:
	103	return MLKEM768_CIPHERTEXT_BYTES;
	104	case RANK1024:
	105	return MLKEM1024_CIPHERTEXT_BYTES;
	106	default:
	107	return 0;
	108	}
	109	return 0;
	110	}
	111	LCRYPTO_ALIAS(MLKEM_private_key_ciphertext_length);
	112
	113	MLKEM_public_key *
	114	MLKEM_public_key_new(int rank)
	115	{
	116	struct MLKEM1024_public_key *key_1024 = NULL;
	117	struct MLKEM768_public_key *key_768 = NULL;
	118	MLKEM_public_key *key = NULL;
	119	MLKEM_public_key *ret = NULL;
	120
	121	if ((key = calloc(1, sizeof(MLKEM_public_key))) == NULL)
	122	goto err;
	123
	124	switch (rank) {
	125	case RANK768:
	126	if ((key_768 = calloc(1, sizeof(*key_768))) ==
	127	NULL)
	128	goto err;
	129	key->key_768 = key_768;
	130	break;
	131	case RANK1024:
	132	if ((key_1024 = calloc(1, sizeof(*key_1024))) ==
	133	NULL)
	134	goto err;
	135	key->key_1024 = key_1024;
	136	break;
	137	default:
	138	goto err;
	139	}
	140
	141	key->rank = rank;
	142	key->state = MLKEM_PUBLIC_KEY_UNINITIALIZED;
	143
	144	ret = key;
	145	key = NULL;
	146
	147	err:
	148	MLKEM_public_key_free(key);
	149
	150	return ret;
	151	}
	152	LCRYPTO_ALIAS(MLKEM_public_key_new);
	153
	154	void
	155	MLKEM_public_key_free(MLKEM_public_key *key)
	156	{
	157	if (key == NULL)
	158	return;
	159
	160	freezero(key->key_768, sizeof(*key->key_768));
	161	freezero(key->key_1024, sizeof(*key->key_1024));
	162	freezero(key, sizeof(*key));
	163	}
	164	LCRYPTO_ALIAS(MLKEM_public_key_free);
	165
	166	size_t
	167	MLKEM_public_key_encoded_length(const MLKEM_public_key *key)
	168	{
	169	if (key == NULL)
	170	return 0;
	171
	172	switch (key->rank) {
	173	case RANK768:
	174	return MLKEM768_PUBLIC_KEY_BYTES;
	175	case RANK1024:
	176	return MLKEM1024_PUBLIC_KEY_BYTES;
	177	default:
	178	return 0;
	179	}
	180	return 0;
	181	}
	182	LCRYPTO_ALIAS(MLKEM_public_key_encoded_length);
	183
	184	size_t
	185	MLKEM_public_key_ciphertext_length(const MLKEM_public_key *key)
	186	{
	187	if (key == NULL)
	188	return 0;
	189
	190	switch (key->rank) {
	191	case RANK768:
	192	return MLKEM768_CIPHERTEXT_BYTES;
	193	case RANK1024:
	194	return MLKEM1024_CIPHERTEXT_BYTES;
	195	default:
	196	return 0;
	197	}
	198	return 0;
	199	}
	200	LCRYPTO_ALIAS(MLKEM_public_key_ciphertext_length);