1 files changed, 50 insertions, 1 deletions
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
index 13d7b40b93..0004e8e916 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
-/* $OpenBSD: wycheproof.go,v 1.200 2026/01/22 09:05:15 tb Exp $ */
+/* $OpenBSD: wycheproof.go,v 1.201 2026/01/22 09:08:56 tb Exp $ */
 /*
 * Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2018,2019,2022-2025 Theo Buehler <tb@openbsd.org>
@@ -2501,6 +2501,55 @@ func runMLKEMDecapsValidationTest(rank C.int, wt *wycheproofTestMLKEM) bool {
 }
 func runMLKEMKeyGenTest(rank C.int, wt *wycheproofTestMLKEM) bool {
+        privKey := C.MLKEM_private_key_new(rank)
+        defer C.MLKEM_private_key_free(privKey)
+        if privKey == nil {
+                log.Fatal("MLKEM_private_key_new failed")
+        }
+        pubKey := C.MLKEM_public_key_new(rank)
+        defer C.MLKEM_public_key_free(pubKey)
+        if pubKey == nil {
+                log.Fatal("MLKEM_public_key_new failed")
+        }
+        seed, seedLen := mustDecodeHexString(wt.Seed, "seed")
+        if C.MLKEM_private_key_from_seed(privKey, (*C.uchar)(unsafe.Pointer(&seed[0])), (C.size_t)(seedLen)) != 1 {
+                fmt.Printf("FAIL: %s - MLKEM_private_key_from_seed failed\n", wt)
+                return false
+        }
+        if C.MLKEM_public_from_private(privKey, pubKey) != 1 {
+                fmt.Printf("FAIL: %s - MLKEM_private_key_from_seed failed\n", wt)
+                return false
+        }
+        var encodedPrivateKey, encodedPublicKey *C.uint8_t
+        var encodedPrivateKeyLen, encodedPublicKeyLen C.size_t
+        defer C.free(unsafe.Pointer(encodedPrivateKey))
+        defer C.free(unsafe.Pointer(encodedPublicKey))
+        if C.MLKEM_marshal_private_key(privKey, &encodedPrivateKey, &encodedPrivateKeyLen) != 1 {
+                fmt.Printf("FAIL: %s - MLKEM_marshal_private_key failed\n", wt)
+                return false
+        }
+        if C.MLKEM_marshal_public_key(pubKey, &encodedPublicKey, &encodedPublicKeyLen) != 1 {
+                fmt.Printf("FAIL: %s - MLKEM_marshal_public_key failed\n", wt)
+                return false
+        }
+        gotDk := unsafe.Slice((*byte)(unsafe.Pointer(encodedPrivateKey)), encodedPrivateKeyLen)
+        gotEk := unsafe.Slice((*byte)(unsafe.Pointer(encodedPublicKey)), encodedPublicKeyLen)
+        dK, _ := mustDecodeHexString(wt.Dk, "dK")
+        eK, _ := mustDecodeHexString(wt.Ek, "eK")
+        
+        if (bytes.Equal(dK, gotDk) && bytes.Equal(eK, gotEk)) != (wt.Result != "invalid") {
+                fmt.Printf("FAIL: %s - encoded keys differ", wt);
+                return false
+        }
        return true
 }

diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go index 13d7b40b93..0004e8e916 100644 --- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
1	/* $OpenBSD: wycheproof.go,v 1.200 2026/01/22 09:05:15 tb Exp $ */	1	/* $OpenBSD: wycheproof.go,v 1.201 2026/01/22 09:08:56 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2018,2019,2022-2025 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2018,2019,2022-2025 Theo Buehler <tb@openbsd.org>
@@ -2501,6 +2501,55 @@ func runMLKEMDecapsValidationTest(rank C.int, wt *wycheproofTestMLKEM) bool {
2501	}	2501	}
2502		2502
2503	func runMLKEMKeyGenTest(rank C.int, wt *wycheproofTestMLKEM) bool {	2503	func runMLKEMKeyGenTest(rank C.int, wt *wycheproofTestMLKEM) bool {
		2504	privKey := C.MLKEM_private_key_new(rank)
		2505	defer C.MLKEM_private_key_free(privKey)
		2506	if privKey == nil {
		2507	log.Fatal("MLKEM_private_key_new failed")
		2508	}
		2509
		2510	pubKey := C.MLKEM_public_key_new(rank)
		2511	defer C.MLKEM_public_key_free(pubKey)
		2512	if pubKey == nil {
		2513	log.Fatal("MLKEM_public_key_new failed")
		2514	}
		2515
		2516	seed, seedLen := mustDecodeHexString(wt.Seed, "seed")
		2517
		2518	if C.MLKEM_private_key_from_seed(privKey, (*C.uchar)(unsafe.Pointer(&seed[0])), (C.size_t)(seedLen)) != 1 {
		2519	fmt.Printf("FAIL: %s - MLKEM_private_key_from_seed failed\n", wt)
		2520	return false
		2521	}
		2522
		2523	if C.MLKEM_public_from_private(privKey, pubKey) != 1 {
		2524	fmt.Printf("FAIL: %s - MLKEM_private_key_from_seed failed\n", wt)
		2525	return false
		2526	}
		2527
		2528	var encodedPrivateKey, encodedPublicKey *C.uint8_t
		2529	var encodedPrivateKeyLen, encodedPublicKeyLen C.size_t
		2530	defer C.free(unsafe.Pointer(encodedPrivateKey))
		2531	defer C.free(unsafe.Pointer(encodedPublicKey))
		2532
		2533	if C.MLKEM_marshal_private_key(privKey, &encodedPrivateKey, &encodedPrivateKeyLen) != 1 {
		2534	fmt.Printf("FAIL: %s - MLKEM_marshal_private_key failed\n", wt)
		2535	return false
		2536	}
		2537	if C.MLKEM_marshal_public_key(pubKey, &encodedPublicKey, &encodedPublicKeyLen) != 1 {
		2538	fmt.Printf("FAIL: %s - MLKEM_marshal_public_key failed\n", wt)
		2539	return false
		2540	}
		2541
		2542	gotDk := unsafe.Slice((*byte)(unsafe.Pointer(encodedPrivateKey)), encodedPrivateKeyLen)
		2543	gotEk := unsafe.Slice((*byte)(unsafe.Pointer(encodedPublicKey)), encodedPublicKeyLen)
		2544
		2545	dK, _ := mustDecodeHexString(wt.Dk, "dK")
		2546	eK, _ := mustDecodeHexString(wt.Ek, "eK")
		2547
		2548	if (bytes.Equal(dK, gotDk) && bytes.Equal(eK, gotEk)) != (wt.Result != "invalid") {
		2549	fmt.Printf("FAIL: %s - encoded keys differ", wt);
		2550	return false
		2551	}
		2552
2504	return true	2553	return true
2505	}	2554	}
2506		2555