Don't have separate BCM and ML-KEM and ML-DSA types
This avoids a ton of casts, means the BCM and public APIs can
interoperate a bit more straightforwardly, and changing the types no
longer needs to update two copies of the struct.
Even when we were pursuing a crisper BCM and libcrypto split, this
division wouldn't have done anything useful because we would be forever
forced to keep them exactly the same size.
While I'm here, remove a bunch of unnecessary `struct`s. In C++, they
are not needed. We can't avoid them in the public headers. (Public
headers should probably follow the OpenSSL struct + typedef convention
to avoid this.)
Bug: 450044889
Change-Id: I9d9cde41de1df380c0f928c559433eff6b97666a
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/82688
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/fipsmodule/bcm_interface.h b/crypto/fipsmodule/bcm_interface.h
index 230e273..ea0f291 100644
--- a/crypto/fipsmodule/bcm_interface.h
+++ b/crypto/fipsmodule/bcm_interface.h
@@ -16,6 +16,8 @@
#define OPENSSL_HEADER_CRYPTO_FIPSMODULE_BCM_INTERFACE_H
#include <openssl/aes.h>
+#include <openssl/mldsa.h>
+#include <openssl/mlkem.h>
#include <openssl/sha.h>
#include <openssl/sha2.h>
@@ -236,119 +238,76 @@
// random entropy necessary to generate a signature in randomized mode.
#define BCM_MLDSA_SIGNATURE_RANDOMIZER_BYTES 32
-// BCM_MLDSA_SEED_BYTES is the number of bytes in an ML-DSA seed value.
-#define BCM_MLDSA_SEED_BYTES 32
-
-// BCM_MLDSA_MU_BYTES is the number of bytes in an ML-DSA mu value.
-#define BCM_MLDSA_MU_BYTES 64
-
// BCM_MLDSA65_PRIVATE_KEY_BYTES is the number of bytes in an encoded ML-DSA-65
// private key.
#define BCM_MLDSA65_PRIVATE_KEY_BYTES 4032
-// BCM_MLDSA65_PUBLIC_KEY_BYTES is the number of bytes in an encoded ML-DSA-65
-// public key.
-#define BCM_MLDSA65_PUBLIC_KEY_BYTES 1952
-
-// BCM_MLDSA65_SIGNATURE_BYTES is the number of bytes in an encoded ML-DSA-65
-// signature.
-#define BCM_MLDSA65_SIGNATURE_BYTES 3309
-
-struct BCM_mldsa65_private_key {
- union {
- uint8_t bytes[32 + 32 + 64 + 256 * 4 * (5 + 6 + 6)];
- uint32_t alignment;
- } opaque;
-};
-
-struct BCM_mldsa65_public_key {
- union {
- uint8_t bytes[32 + 64 + 256 * 4 * 6];
- uint32_t alignment;
- } opaque;
-};
-
-struct BCM_mldsa65_prehash {
- union {
- uint8_t bytes[200 + 4 + 4 + 4 * sizeof(size_t)];
- uint64_t alignment;
- } opaque;
-};
-
OPENSSL_EXPORT bcm_status BCM_mldsa65_generate_key(
- uint8_t out_encoded_public_key[BCM_MLDSA65_PUBLIC_KEY_BYTES],
- uint8_t out_seed[BCM_MLDSA_SEED_BYTES],
- struct BCM_mldsa65_private_key *out_private_key);
+ uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES],
+ uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA65_private_key *out_private_key);
OPENSSL_EXPORT bcm_status BCM_mldsa65_private_key_from_seed(
- struct BCM_mldsa65_private_key *out_private_key,
- const uint8_t seed[BCM_MLDSA_SEED_BYTES]);
+ MLDSA65_private_key *out_private_key, const uint8_t seed[MLDSA_SEED_BYTES]);
OPENSSL_EXPORT bcm_status BCM_mldsa65_public_from_private(
- struct BCM_mldsa65_public_key *out_public_key,
- const struct BCM_mldsa65_private_key *private_key);
+ MLDSA65_public_key *out_public_key, const MLDSA65_private_key *private_key);
OPENSSL_EXPORT bcm_status
-BCM_mldsa65_check_key_fips(struct BCM_mldsa65_private_key *private_key);
+BCM_mldsa65_check_key_fips(MLDSA65_private_key *private_key);
OPENSSL_EXPORT bcm_status BCM_mldsa65_generate_key_fips(
- uint8_t out_encoded_public_key[BCM_MLDSA65_PUBLIC_KEY_BYTES],
- uint8_t out_seed[BCM_MLDSA_SEED_BYTES],
- struct BCM_mldsa65_private_key *out_private_key);
+ uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES],
+ uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA65_private_key *out_private_key);
OPENSSL_EXPORT bcm_status BCM_mldsa65_private_key_from_seed_fips(
- struct BCM_mldsa65_private_key *out_private_key,
- const uint8_t seed[BCM_MLDSA_SEED_BYTES]);
+ MLDSA65_private_key *out_private_key, const uint8_t seed[MLDSA_SEED_BYTES]);
-OPENSSL_EXPORT bcm_status BCM_mldsa65_sign(
- uint8_t out_encoded_signature[BCM_MLDSA65_SIGNATURE_BYTES],
- const struct BCM_mldsa65_private_key *private_key, const uint8_t *msg,
- size_t msg_len, const uint8_t *context, size_t context_len);
+OPENSSL_EXPORT bcm_status
+BCM_mldsa65_sign(uint8_t out_encoded_signature[MLDSA65_SIGNATURE_BYTES],
+ const MLDSA65_private_key *private_key, const uint8_t *msg,
+ size_t msg_len, const uint8_t *context, size_t context_len);
OPENSSL_EXPORT bcm_status BCM_mldsa65_verify(
- const struct BCM_mldsa65_public_key *public_key,
- const uint8_t signature[BCM_MLDSA65_SIGNATURE_BYTES], const uint8_t *msg,
+ const MLDSA65_public_key *public_key,
+ const uint8_t signature[MLDSA65_SIGNATURE_BYTES], const uint8_t *msg,
size_t msg_len, const uint8_t *context, size_t context_len);
OPENSSL_EXPORT void BCM_mldsa65_prehash_init(
- struct BCM_mldsa65_prehash *out_prehash_ctx,
- const struct BCM_mldsa65_public_key *public_key, const uint8_t *context,
- size_t context_len);
+ MLDSA65_prehash *out_prehash_ctx, const MLDSA65_public_key *public_key,
+ const uint8_t *context, size_t context_len);
OPENSSL_EXPORT void BCM_mldsa65_prehash_update(
- struct BCM_mldsa65_prehash *inout_prehash_ctx, const uint8_t *msg,
- size_t msg_len);
+ MLDSA65_prehash *inout_prehash_ctx, const uint8_t *msg, size_t msg_len);
OPENSSL_EXPORT void BCM_mldsa65_prehash_finalize(
- uint8_t out_msg_rep[BCM_MLDSA_MU_BYTES],
- struct BCM_mldsa65_prehash *inout_prehash_ctx);
+ uint8_t out_msg_rep[MLDSA_MU_BYTES], MLDSA65_prehash *inout_prehash_ctx);
OPENSSL_EXPORT bcm_status BCM_mldsa65_sign_message_representative(
- uint8_t out_encoded_signature[BCM_MLDSA65_SIGNATURE_BYTES],
- const struct BCM_mldsa65_private_key *private_key,
- const uint8_t msg_rep[BCM_MLDSA_MU_BYTES]);
+ uint8_t out_encoded_signature[MLDSA65_SIGNATURE_BYTES],
+ const MLDSA65_private_key *private_key,
+ const uint8_t msg_rep[MLDSA_MU_BYTES]);
-OPENSSL_EXPORT bcm_status BCM_mldsa65_marshal_public_key(
- CBB *out, const struct BCM_mldsa65_public_key *public_key);
+OPENSSL_EXPORT bcm_status
+BCM_mldsa65_marshal_public_key(CBB *out, const MLDSA65_public_key *public_key);
-OPENSSL_EXPORT bcm_status BCM_mldsa65_parse_public_key(
- struct BCM_mldsa65_public_key *public_key, CBS *in);
+OPENSSL_EXPORT bcm_status
+BCM_mldsa65_parse_public_key(MLDSA65_public_key *public_key, CBS *in);
-OPENSSL_EXPORT bcm_status BCM_mldsa65_parse_private_key(
- struct BCM_mldsa65_private_key *private_key, CBS *in);
+OPENSSL_EXPORT bcm_status
+BCM_mldsa65_parse_private_key(MLDSA65_private_key *private_key, CBS *in);
// BCM_mldsa65_generate_key_external_entropy generates a public/private key pair
// using the given seed, writes the encoded public key to
// |out_encoded_public_key| and sets |out_private_key| to the private key.
OPENSSL_EXPORT bcm_status BCM_mldsa65_generate_key_external_entropy(
- uint8_t out_encoded_public_key[BCM_MLDSA65_PUBLIC_KEY_BYTES],
- struct BCM_mldsa65_private_key *out_private_key,
- const uint8_t entropy[BCM_MLDSA_SEED_BYTES]);
+ uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES],
+ MLDSA65_private_key *out_private_key,
+ const uint8_t entropy[MLDSA_SEED_BYTES]);
OPENSSL_EXPORT bcm_status BCM_mldsa65_generate_key_external_entropy_fips(
- uint8_t out_encoded_public_key[BCM_MLDSA65_PUBLIC_KEY_BYTES],
- struct BCM_mldsa65_private_key *out_private_key,
- const uint8_t entropy[BCM_MLDSA_SEED_BYTES]);
+ uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES],
+ MLDSA65_private_key *out_private_key,
+ const uint8_t entropy[MLDSA_SEED_BYTES]);
// BCM_mldsa5_sign_internal signs |msg| using |private_key| and writes the
// signature to |out_encoded_signature|. The |context_prefix| and |context| are
@@ -356,9 +315,9 @@
// value can be set to zero bytes in order to make a deterministic signature, or
// else filled with entropy for the usual |MLDSA_sign| behavior.
OPENSSL_EXPORT bcm_status BCM_mldsa65_sign_internal(
- uint8_t out_encoded_signature[BCM_MLDSA65_SIGNATURE_BYTES],
- const struct BCM_mldsa65_private_key *private_key, const uint8_t *msg,
- size_t msg_len, const uint8_t *context_prefix, size_t context_prefix_len,
+ uint8_t out_encoded_signature[MLDSA65_SIGNATURE_BYTES],
+ const MLDSA65_private_key *private_key, const uint8_t *msg, size_t msg_len,
+ const uint8_t *context_prefix, size_t context_prefix_len,
const uint8_t *context, size_t context_len,
const uint8_t randomizer[BCM_MLDSA_SIGNATURE_RANDOMIZER_BYTES]);
@@ -366,124 +325,87 @@
// signature of |msg| by |public_key|. The |context_prefix| and |context| are
// prefixed to the message before verification, in that order.
OPENSSL_EXPORT bcm_status BCM_mldsa65_verify_internal(
- const struct BCM_mldsa65_public_key *public_key,
- const uint8_t encoded_signature[BCM_MLDSA65_SIGNATURE_BYTES],
+ const MLDSA65_public_key *public_key,
+ const uint8_t encoded_signature[MLDSA65_SIGNATURE_BYTES],
const uint8_t *msg, size_t msg_len, const uint8_t *context_prefix,
size_t context_prefix_len, const uint8_t *context, size_t context_len);
// BCM_mldsa65_marshal_private_key serializes |private_key| to |out| in the
// NIST format for ML-DSA-65 private keys.
OPENSSL_EXPORT bcm_status BCM_mldsa65_marshal_private_key(
- CBB *out, const struct BCM_mldsa65_private_key *private_key);
+ CBB *out, const MLDSA65_private_key *private_key);
// BCM_MLDSA87_PRIVATE_KEY_BYTES is the number of bytes in an encoded ML-DSA-87
// private key.
#define BCM_MLDSA87_PRIVATE_KEY_BYTES 4896
-// BCM_MLDSA87_PUBLIC_KEY_BYTES is the number of bytes in an encoded ML-DSA-87
-// public key.
-#define BCM_MLDSA87_PUBLIC_KEY_BYTES 2592
-
-// BCM_MLDSA87_SIGNATURE_BYTES is the number of bytes in an encoded ML-DSA-87
-// signature.
-#define BCM_MLDSA87_SIGNATURE_BYTES 4627
-
-struct BCM_mldsa87_private_key {
- union {
- uint8_t bytes[32 + 32 + 64 + 256 * 4 * (7 + 8 + 8)];
- uint32_t alignment;
- } opaque;
-};
-
-struct BCM_mldsa87_public_key {
- union {
- uint8_t bytes[32 + 64 + 256 * 4 * 8];
- uint32_t alignment;
- } opaque;
-};
-
-struct BCM_mldsa87_prehash {
- union {
- uint8_t bytes[200 + 4 + 4 + 4 * sizeof(size_t)];
- uint64_t alignment;
- } opaque;
-};
-
OPENSSL_EXPORT bcm_status BCM_mldsa87_generate_key(
- uint8_t out_encoded_public_key[BCM_MLDSA87_PUBLIC_KEY_BYTES],
- uint8_t out_seed[BCM_MLDSA_SEED_BYTES],
- struct BCM_mldsa87_private_key *out_private_key);
+ uint8_t out_encoded_public_key[MLDSA87_PUBLIC_KEY_BYTES],
+ uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA87_private_key *out_private_key);
OPENSSL_EXPORT bcm_status BCM_mldsa87_private_key_from_seed(
- struct BCM_mldsa87_private_key *out_private_key,
- const uint8_t seed[BCM_MLDSA_SEED_BYTES]);
+ MLDSA87_private_key *out_private_key, const uint8_t seed[MLDSA_SEED_BYTES]);
OPENSSL_EXPORT bcm_status BCM_mldsa87_public_from_private(
- struct BCM_mldsa87_public_key *out_public_key,
- const struct BCM_mldsa87_private_key *private_key);
+ MLDSA87_public_key *out_public_key, const MLDSA87_private_key *private_key);
OPENSSL_EXPORT bcm_status
-BCM_mldsa87_check_key_fips(struct BCM_mldsa87_private_key *private_key);
+BCM_mldsa87_check_key_fips(MLDSA87_private_key *private_key);
OPENSSL_EXPORT bcm_status BCM_mldsa87_generate_key_fips(
- uint8_t out_encoded_public_key[BCM_MLDSA87_PUBLIC_KEY_BYTES],
- uint8_t out_seed[BCM_MLDSA_SEED_BYTES],
- struct BCM_mldsa87_private_key *out_private_key);
+ uint8_t out_encoded_public_key[MLDSA87_PUBLIC_KEY_BYTES],
+ uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA87_private_key *out_private_key);
OPENSSL_EXPORT bcm_status BCM_mldsa87_private_key_from_seed_fips(
- struct BCM_mldsa87_private_key *out_private_key,
- const uint8_t seed[BCM_MLDSA_SEED_BYTES]);
-
-OPENSSL_EXPORT bcm_status BCM_mldsa87_sign(
- uint8_t out_encoded_signature[BCM_MLDSA87_SIGNATURE_BYTES],
- const struct BCM_mldsa87_private_key *private_key, const uint8_t *msg,
- size_t msg_len, const uint8_t *context, size_t context_len);
+ MLDSA87_private_key *out_private_key, const uint8_t seed[MLDSA_SEED_BYTES]);
OPENSSL_EXPORT bcm_status
-BCM_mldsa87_verify(const struct BCM_mldsa87_public_key *public_key,
+BCM_mldsa87_sign(uint8_t out_encoded_signature[MLDSA87_SIGNATURE_BYTES],
+ const MLDSA87_private_key *private_key, const uint8_t *msg,
+ size_t msg_len, const uint8_t *context, size_t context_len);
+
+OPENSSL_EXPORT bcm_status
+BCM_mldsa87_verify(const MLDSA87_public_key *public_key,
const uint8_t *signature, const uint8_t *msg, size_t msg_len,
const uint8_t *context, size_t context_len);
OPENSSL_EXPORT void BCM_mldsa87_prehash_init(
- struct BCM_mldsa87_prehash *out_prehash_ctx,
- const struct BCM_mldsa87_public_key *public_key, const uint8_t *context,
- size_t context_len);
+ MLDSA87_prehash *out_prehash_ctx, const MLDSA87_public_key *public_key,
+ const uint8_t *context, size_t context_len);
OPENSSL_EXPORT void BCM_mldsa87_prehash_update(
- struct BCM_mldsa87_prehash *inout_prehash_ctx, const uint8_t *msg,
- size_t msg_len);
+ MLDSA87_prehash *inout_prehash_ctx, const uint8_t *msg, size_t msg_len);
OPENSSL_EXPORT void BCM_mldsa87_prehash_finalize(
- uint8_t out_msg_rep[BCM_MLDSA_MU_BYTES],
- struct BCM_mldsa87_prehash *inout_prehash_ctx);
+ uint8_t out_msg_rep[MLDSA_MU_BYTES], MLDSA87_prehash *inout_prehash_ctx);
OPENSSL_EXPORT bcm_status BCM_mldsa87_sign_message_representative(
- uint8_t out_encoded_signature[BCM_MLDSA87_SIGNATURE_BYTES],
- const struct BCM_mldsa87_private_key *private_key,
- const uint8_t msg_rep[BCM_MLDSA_MU_BYTES]);
+ uint8_t out_encoded_signature[MLDSA87_SIGNATURE_BYTES],
+ const MLDSA87_private_key *private_key,
+ const uint8_t msg_rep[MLDSA_MU_BYTES]);
-OPENSSL_EXPORT bcm_status BCM_mldsa87_marshal_public_key(
- CBB *out, const struct BCM_mldsa87_public_key *public_key);
+OPENSSL_EXPORT bcm_status
+BCM_mldsa87_marshal_public_key(CBB *out, const MLDSA87_public_key *public_key);
-OPENSSL_EXPORT bcm_status BCM_mldsa87_parse_public_key(
- struct BCM_mldsa87_public_key *public_key, CBS *in);
+OPENSSL_EXPORT bcm_status
+BCM_mldsa87_parse_public_key(MLDSA87_public_key *public_key, CBS *in);
-OPENSSL_EXPORT bcm_status BCM_mldsa87_parse_private_key(
- struct BCM_mldsa87_private_key *private_key, CBS *in);
+OPENSSL_EXPORT bcm_status
+BCM_mldsa87_parse_private_key(MLDSA87_private_key *private_key, CBS *in);
// BCM_mldsa87_generate_key_external_entropy generates a public/private key pair
// using the given seed, writes the encoded public key to
// |out_encoded_public_key| and sets |out_private_key| to the private key.
OPENSSL_EXPORT bcm_status BCM_mldsa87_generate_key_external_entropy(
- uint8_t out_encoded_public_key[BCM_MLDSA87_PUBLIC_KEY_BYTES],
- struct BCM_mldsa87_private_key *out_private_key,
- const uint8_t entropy[BCM_MLDSA_SEED_BYTES]);
+ uint8_t out_encoded_public_key[MLDSA87_PUBLIC_KEY_BYTES],
+ MLDSA87_private_key *out_private_key,
+ const uint8_t entropy[MLDSA_SEED_BYTES]);
OPENSSL_EXPORT bcm_status BCM_mldsa87_generate_key_external_entropy_fips(
- uint8_t out_encoded_public_key[BCM_MLDSA87_PUBLIC_KEY_BYTES],
- struct BCM_mldsa87_private_key *out_private_key,
- const uint8_t entropy[BCM_MLDSA_SEED_BYTES]);
+ uint8_t out_encoded_public_key[MLDSA87_PUBLIC_KEY_BYTES],
+ MLDSA87_private_key *out_private_key,
+ const uint8_t entropy[MLDSA_SEED_BYTES]);
// BCM_mldsa87_sign_internal signs |msg| using |private_key| and writes the
// signature to |out_encoded_signature|. The |context_prefix| and |context| are
@@ -491,9 +413,9 @@
// value can be set to zero bytes in order to make a deterministic signature, or
// else filled with entropy for the usual |MLDSA_sign| behavior.
OPENSSL_EXPORT bcm_status BCM_mldsa87_sign_internal(
- uint8_t out_encoded_signature[BCM_MLDSA87_SIGNATURE_BYTES],
- const struct BCM_mldsa87_private_key *private_key, const uint8_t *msg,
- size_t msg_len, const uint8_t *context_prefix, size_t context_prefix_len,
+ uint8_t out_encoded_signature[MLDSA87_SIGNATURE_BYTES],
+ const MLDSA87_private_key *private_key, const uint8_t *msg, size_t msg_len,
+ const uint8_t *context_prefix, size_t context_prefix_len,
const uint8_t *context, size_t context_len,
const uint8_t randomizer[BCM_MLDSA_SIGNATURE_RANDOMIZER_BYTES]);
@@ -501,123 +423,86 @@
// signature of |msg| by |public_key|. The |context_prefix| and |context| are
// prefixed to the message before verification, in that order.
OPENSSL_EXPORT bcm_status BCM_mldsa87_verify_internal(
- const struct BCM_mldsa87_public_key *public_key,
- const uint8_t encoded_signature[BCM_MLDSA87_SIGNATURE_BYTES],
+ const MLDSA87_public_key *public_key,
+ const uint8_t encoded_signature[MLDSA87_SIGNATURE_BYTES],
const uint8_t *msg, size_t msg_len, const uint8_t *context_prefix,
size_t context_prefix_len, const uint8_t *context, size_t context_len);
// BCM_mldsa87_marshal_private_key serializes |private_key| to |out| in the
// NIST format for ML-DSA-87 private keys.
OPENSSL_EXPORT bcm_status BCM_mldsa87_marshal_private_key(
- CBB *out, const struct BCM_mldsa87_private_key *private_key);
+ CBB *out, const MLDSA87_private_key *private_key);
// BCM_MLDSA44_PRIVATE_KEY_BYTES is the number of bytes in an encoded ML-DSA-44
// private key.
#define BCM_MLDSA44_PRIVATE_KEY_BYTES 2560
-// BCM_MLDSA44_PUBLIC_KEY_BYTES is the number of bytes in an encoded ML-DSA-44
-// public key.
-#define BCM_MLDSA44_PUBLIC_KEY_BYTES 1312
-
-// BCM_MLDSA44_SIGNATURE_BYTES is the number of bytes in an encoded ML-DSA-44
-// signature.
-#define BCM_MLDSA44_SIGNATURE_BYTES 2420
-
-struct BCM_mldsa44_private_key {
- union {
- uint8_t bytes[32 + 32 + 64 + 256 * 4 * (4 + 4 + 4)];
- uint32_t alignment;
- } opaque;
-};
-
-struct BCM_mldsa44_public_key {
- union {
- uint8_t bytes[32 + 64 + 256 * 4 * 4];
- uint32_t alignment;
- } opaque;
-};
-
-struct BCM_mldsa44_prehash {
- union {
- uint8_t bytes[200 + 4 + 4 + 4 * sizeof(size_t)];
- uint64_t alignment;
- } opaque;
-};
-
OPENSSL_EXPORT bcm_status BCM_mldsa44_generate_key(
- uint8_t out_encoded_public_key[BCM_MLDSA44_PUBLIC_KEY_BYTES],
- uint8_t out_seed[BCM_MLDSA_SEED_BYTES],
- struct BCM_mldsa44_private_key *out_private_key);
+ uint8_t out_encoded_public_key[MLDSA44_PUBLIC_KEY_BYTES],
+ uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA44_private_key *out_private_key);
OPENSSL_EXPORT bcm_status BCM_mldsa44_private_key_from_seed(
- struct BCM_mldsa44_private_key *out_private_key,
- const uint8_t seed[BCM_MLDSA_SEED_BYTES]);
+ MLDSA44_private_key *out_private_key, const uint8_t seed[MLDSA_SEED_BYTES]);
OPENSSL_EXPORT bcm_status BCM_mldsa44_public_from_private(
- struct BCM_mldsa44_public_key *out_public_key,
- const struct BCM_mldsa44_private_key *private_key);
+ MLDSA44_public_key *out_public_key, const MLDSA44_private_key *private_key);
OPENSSL_EXPORT bcm_status
-BCM_mldsa44_check_key_fips(struct BCM_mldsa44_private_key *private_key);
+BCM_mldsa44_check_key_fips(MLDSA44_private_key *private_key);
OPENSSL_EXPORT bcm_status BCM_mldsa44_generate_key_fips(
- uint8_t out_encoded_public_key[BCM_MLDSA44_PUBLIC_KEY_BYTES],
- uint8_t out_seed[BCM_MLDSA_SEED_BYTES],
- struct BCM_mldsa44_private_key *out_private_key);
+ uint8_t out_encoded_public_key[MLDSA44_PUBLIC_KEY_BYTES],
+ uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA44_private_key *out_private_key);
OPENSSL_EXPORT bcm_status BCM_mldsa44_private_key_from_seed_fips(
- struct BCM_mldsa44_private_key *out_private_key,
- const uint8_t seed[BCM_MLDSA_SEED_BYTES]);
-
-OPENSSL_EXPORT bcm_status BCM_mldsa44_sign(
- uint8_t out_encoded_signature[BCM_MLDSA44_SIGNATURE_BYTES],
- const struct BCM_mldsa44_private_key *private_key, const uint8_t *msg,
- size_t msg_len, const uint8_t *context, size_t context_len);
+ MLDSA44_private_key *out_private_key, const uint8_t seed[MLDSA_SEED_BYTES]);
OPENSSL_EXPORT bcm_status
-BCM_mldsa44_verify(const struct BCM_mldsa44_public_key *public_key,
+BCM_mldsa44_sign(uint8_t out_encoded_signature[MLDSA44_SIGNATURE_BYTES],
+ const MLDSA44_private_key *private_key, const uint8_t *msg,
+ size_t msg_len, const uint8_t *context, size_t context_len);
+
+OPENSSL_EXPORT bcm_status
+BCM_mldsa44_verify(const MLDSA44_public_key *public_key,
const uint8_t *signature, const uint8_t *msg, size_t msg_len,
const uint8_t *context, size_t context_len);
OPENSSL_EXPORT void BCM_mldsa44_prehash_init(
- struct BCM_mldsa44_prehash *out_prehash_ctx,
- const struct BCM_mldsa44_public_key *public_key, const uint8_t *context,
- size_t context_len);
+ MLDSA44_prehash *out_prehash_ctx, const MLDSA44_public_key *public_key,
+ const uint8_t *context, size_t context_len);
OPENSSL_EXPORT void BCM_mldsa44_prehash_update(
- struct BCM_mldsa44_prehash *inout_prehash_ctx, const uint8_t *msg,
- size_t msg_len);
+ MLDSA44_prehash *inout_prehash_ctx, const uint8_t *msg, size_t msg_len);
OPENSSL_EXPORT void BCM_mldsa44_prehash_finalize(
- uint8_t out_msg_rep[BCM_MLDSA_MU_BYTES],
- struct BCM_mldsa44_prehash *inout_prehash_ctx);
+ uint8_t out_msg_rep[MLDSA_MU_BYTES], MLDSA44_prehash *inout_prehash_ctx);
OPENSSL_EXPORT bcm_status BCM_mldsa44_sign_message_representative(
- uint8_t out_encoded_signature[BCM_MLDSA44_SIGNATURE_BYTES],
- const struct BCM_mldsa44_private_key *private_key,
- const uint8_t msg_rep[BCM_MLDSA_MU_BYTES]);
+ uint8_t out_encoded_signature[MLDSA44_SIGNATURE_BYTES],
+ const MLDSA44_private_key *private_key,
+ const uint8_t msg_rep[MLDSA_MU_BYTES]);
-OPENSSL_EXPORT bcm_status BCM_mldsa44_marshal_public_key(
- CBB *out, const struct BCM_mldsa44_public_key *public_key);
+OPENSSL_EXPORT bcm_status
+BCM_mldsa44_marshal_public_key(CBB *out, const MLDSA44_public_key *public_key);
-OPENSSL_EXPORT bcm_status BCM_mldsa44_parse_public_key(
- struct BCM_mldsa44_public_key *public_key, CBS *in);
+OPENSSL_EXPORT bcm_status
+BCM_mldsa44_parse_public_key(MLDSA44_public_key *public_key, CBS *in);
-OPENSSL_EXPORT bcm_status BCM_mldsa44_parse_private_key(
- struct BCM_mldsa44_private_key *private_key, CBS *in);
+OPENSSL_EXPORT bcm_status
+BCM_mldsa44_parse_private_key(MLDSA44_private_key *private_key, CBS *in);
// BCM_mldsa44_generate_key_external_entropy generates a public/private key pair
// using the given seed, writes the encoded public key to
// |out_encoded_public_key| and sets |out_private_key| to the private key.
OPENSSL_EXPORT bcm_status BCM_mldsa44_generate_key_external_entropy(
- uint8_t out_encoded_public_key[BCM_MLDSA44_PUBLIC_KEY_BYTES],
- struct BCM_mldsa44_private_key *out_private_key,
- const uint8_t entropy[BCM_MLDSA_SEED_BYTES]);
+ uint8_t out_encoded_public_key[MLDSA44_PUBLIC_KEY_BYTES],
+ MLDSA44_private_key *out_private_key,
+ const uint8_t entropy[MLDSA_SEED_BYTES]);
OPENSSL_EXPORT bcm_status BCM_mldsa44_generate_key_external_entropy_fips(
- uint8_t out_encoded_public_key[BCM_MLDSA44_PUBLIC_KEY_BYTES],
- struct BCM_mldsa44_private_key *out_private_key,
- const uint8_t entropy[BCM_MLDSA_SEED_BYTES]);
+ uint8_t out_encoded_public_key[MLDSA44_PUBLIC_KEY_BYTES],
+ MLDSA44_private_key *out_private_key,
+ const uint8_t entropy[MLDSA_SEED_BYTES]);
// BCM_mldsa44_sign_internal signs |msg| using |private_key| and writes the
// signature to |out_encoded_signature|. The |context_prefix| and |context| are
@@ -625,9 +510,9 @@
// value can be set to zero bytes in order to make a deterministic signature, or
// else filled with entropy for the usual |MLDSA_sign| behavior.
OPENSSL_EXPORT bcm_status BCM_mldsa44_sign_internal(
- uint8_t out_encoded_signature[BCM_MLDSA44_SIGNATURE_BYTES],
- const struct BCM_mldsa44_private_key *private_key, const uint8_t *msg,
- size_t msg_len, const uint8_t *context_prefix, size_t context_prefix_len,
+ uint8_t out_encoded_signature[MLDSA44_SIGNATURE_BYTES],
+ const MLDSA44_private_key *private_key, const uint8_t *msg, size_t msg_len,
+ const uint8_t *context_prefix, size_t context_prefix_len,
const uint8_t *context, size_t context_len,
const uint8_t randomizer[BCM_MLDSA_SIGNATURE_RANDOMIZER_BYTES]);
@@ -635,15 +520,15 @@
// signature of |msg| by |public_key|. The |context_prefix| and |context| are
// prefixed to the message before verification, in that order.
OPENSSL_EXPORT bcm_status BCM_mldsa44_verify_internal(
- const struct BCM_mldsa44_public_key *public_key,
- const uint8_t encoded_signature[BCM_MLDSA44_SIGNATURE_BYTES],
+ const MLDSA44_public_key *public_key,
+ const uint8_t encoded_signature[MLDSA44_SIGNATURE_BYTES],
const uint8_t *msg, size_t msg_len, const uint8_t *context_prefix,
size_t context_prefix_len, const uint8_t *context, size_t context_len);
// BCM_mldsa44_marshal_private_key serializes |private_key| to |out| in the
// NIST format for ML-DSA-44 private keys.
OPENSSL_EXPORT bcm_status BCM_mldsa44_marshal_private_key(
- CBB *out, const struct BCM_mldsa44_private_key *private_key);
+ CBB *out, const MLDSA44_private_key *private_key);
// ML-KEM
@@ -656,22 +541,6 @@
// decapsulating party.
#define BCM_MLKEM_ENCAP_ENTROPY 32
-// BCM_MLKEM768_PUBLIC_KEY_BYTES is the number of bytes in an encoded ML-KEM-768
-// public key.
-#define BCM_MLKEM768_PUBLIC_KEY_BYTES 1184
-
-// BCM_MLKEM1024_PUBLIC_KEY_BYTES is the number of bytes in an encoded
-// ML-KEM-1024 public key.
-#define BCM_MLKEM1024_PUBLIC_KEY_BYTES 1568
-
-// BCM_MLKEM768_CIPHERTEXT_BYTES is number of bytes in the ML-KEM-768
-// ciphertext.
-#define BCM_MLKEM768_CIPHERTEXT_BYTES 1088
-
-// BCM_MLKEM1024_CIPHERTEXT_BYTES is number of bytes in the ML-KEM-1024
-// ciphertext.
-#define BCM_MLKEM1024_CIPHERTEXT_BYTES 1568
-
// BCM_MLKEM768_PRIVATE_KEY_BYTES is the length of the data produced by
// |BCM_mlkem768_marshal_private_key|.
#define BCM_MLKEM768_PRIVATE_KEY_BYTES 2400
@@ -680,73 +549,50 @@
// |BCM_mlkem1024_marshal_private_key|.
#define BCM_MLKEM1024_PRIVATE_KEY_BYTES 3168
-// BCM_MLKEM_SEED_BYTES is the number of bytes in an ML-KEM seed.
-#define BCM_MLKEM_SEED_BYTES 64
-
-// BCM_mlkem_SHARED_SECRET_BYTES is the number of bytes in an ML-KEM shared
-// secret.
-#define BCM_MLKEM_SHARED_SECRET_BYTES 32
-
-struct BCM_mlkem768_public_key {
- union {
- uint8_t bytes[512 * (3 + 9) + 32 + 32];
- uint16_t alignment;
- } opaque;
-};
-
-struct BCM_mlkem768_private_key {
- union {
- uint8_t bytes[512 * (3 + 3 + 9) + 32 + 32 + 32];
- uint16_t alignment;
- } opaque;
-};
-
-
-
OPENSSL_EXPORT bcm_infallible BCM_mlkem768_generate_key(
- uint8_t out_encoded_public_key[BCM_MLKEM768_PUBLIC_KEY_BYTES],
- uint8_t optional_out_seed[BCM_MLKEM_SEED_BYTES],
- struct BCM_mlkem768_private_key *out_private_key);
+ uint8_t out_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES],
+ uint8_t optional_out_seed[MLKEM_SEED_BYTES],
+ MLKEM768_private_key *out_private_key);
-OPENSSL_EXPORT bcm_status BCM_mlkem768_private_key_from_seed(
- struct BCM_mlkem768_private_key *out_private_key, const uint8_t *seed,
- size_t seed_len);
+OPENSSL_EXPORT bcm_status
+BCM_mlkem768_private_key_from_seed(MLKEM768_private_key *out_private_key,
+ const uint8_t *seed, size_t seed_len);
OPENSSL_EXPORT bcm_status BCM_mlkem768_generate_key_fips(
- uint8_t out_encoded_public_key[BCM_MLKEM768_PUBLIC_KEY_BYTES],
- uint8_t optional_out_seed[BCM_MLKEM_SEED_BYTES],
- struct BCM_mlkem768_private_key *out_private_key);
+ uint8_t out_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES],
+ uint8_t optional_out_seed[MLKEM_SEED_BYTES],
+ MLKEM768_private_key *out_private_key);
OPENSSL_EXPORT bcm_status
-BCM_mlkem768_check_fips(const struct BCM_mlkem768_private_key *private_key);
-
-OPENSSL_EXPORT bcm_infallible BCM_mlkem768_public_from_private(
- struct BCM_mlkem768_public_key *out_public_key,
- const struct BCM_mlkem768_private_key *private_key);
+BCM_mlkem768_check_fips(const MLKEM768_private_key *private_key);
OPENSSL_EXPORT bcm_infallible
-BCM_mlkem768_encap(uint8_t out_ciphertext[BCM_MLKEM768_CIPHERTEXT_BYTES],
- uint8_t out_shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES],
- const struct BCM_mlkem768_public_key *public_key);
+BCM_mlkem768_public_from_private(MLKEM768_public_key *out_public_key,
+ const MLKEM768_private_key *private_key);
+
+OPENSSL_EXPORT bcm_infallible
+BCM_mlkem768_encap(uint8_t out_ciphertext[MLKEM768_CIPHERTEXT_BYTES],
+ uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
+ const MLKEM768_public_key *public_key);
OPENSSL_EXPORT bcm_status
-BCM_mlkem768_decap(uint8_t out_shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES],
+BCM_mlkem768_decap(uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
const uint8_t *ciphertext, size_t ciphertext_len,
- const struct BCM_mlkem768_private_key *private_key);
+ const MLKEM768_private_key *private_key);
OPENSSL_EXPORT bcm_status BCM_mlkem768_marshal_public_key(
- CBB *out, const struct BCM_mlkem768_public_key *public_key);
+ CBB *out, const MLKEM768_public_key *public_key);
-OPENSSL_EXPORT bcm_status BCM_mlkem768_parse_public_key(
- struct BCM_mlkem768_public_key *out_public_key, CBS *in);
+OPENSSL_EXPORT bcm_status
+BCM_mlkem768_parse_public_key(MLKEM768_public_key *out_public_key, CBS *in);
// BCM_mlkem768_parse_private_key parses a private key, in NIST's format for
// private keys, from |in| and writes the result to |out_private_key|. It
// returns one on success or zero on parse error or if there are trailing bytes
// in |in|. This format is verbose and should be avoided. Private keys should be
// stored as seeds and parsed using |BCM_mlkem768_private_key_from_seed|.
-OPENSSL_EXPORT bcm_status BCM_mlkem768_parse_private_key(
- struct BCM_mlkem768_private_key *out_private_key, CBS *in);
+OPENSSL_EXPORT bcm_status
+BCM_mlkem768_parse_private_key(MLKEM768_private_key *out_private_key, CBS *in);
// BCM_mlkem768_generate_key_external_seed is a deterministic function to create
// a pair of ML-KEM-768 keys, using the supplied seed. The seed needs to be
@@ -754,9 +600,9 @@
// callers should use the non-deterministic |BCM_mlkem768_generate_key|
// directly.
OPENSSL_EXPORT bcm_infallible BCM_mlkem768_generate_key_external_seed(
- uint8_t out_encoded_public_key[BCM_MLKEM768_PUBLIC_KEY_BYTES],
- struct BCM_mlkem768_private_key *out_private_key,
- const uint8_t seed[BCM_MLKEM_SEED_BYTES]);
+ uint8_t out_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES],
+ MLKEM768_private_key *out_private_key,
+ const uint8_t seed[MLKEM_SEED_BYTES]);
// BCM_mlkem768_encap_external_entropy behaves like |MLKEM768_encap|, but uses
// |MLKEM_ENCAP_ENTROPY| bytes of |entropy| for randomization. The decapsulating
@@ -764,9 +610,9 @@
// used for tests, regular callers should use the non-deterministic
// |BCM_mlkem768_encap| directly.
OPENSSL_EXPORT bcm_infallible BCM_mlkem768_encap_external_entropy(
- uint8_t out_ciphertext[BCM_MLKEM768_CIPHERTEXT_BYTES],
- uint8_t out_shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES],
- const struct BCM_mlkem768_public_key *public_key,
+ uint8_t out_ciphertext[MLKEM768_CIPHERTEXT_BYTES],
+ uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
+ const MLKEM768_public_key *public_key,
const uint8_t entropy[BCM_MLKEM_ENCAP_ENTROPY]);
// BCM_mlkem768_marshal_private_key serializes |private_key| to |out| in the
@@ -774,58 +620,44 @@
// the seed value produced by |BCM_mlkem768_generate_key|, which is
// significantly smaller.)
OPENSSL_EXPORT bcm_status BCM_mlkem768_marshal_private_key(
- CBB *out, const struct BCM_mlkem768_private_key *private_key);
-
-struct BCM_mlkem1024_public_key {
- union {
- uint8_t bytes[512 * (4 + 16) + 32 + 32];
- uint16_t alignment;
- } opaque;
-};
-
-struct BCM_mlkem1024_private_key {
- union {
- uint8_t bytes[512 * (4 + 4 + 16) + 32 + 32 + 32];
- uint16_t alignment;
- } opaque;
-};
+ CBB *out, const MLKEM768_private_key *private_key);
OPENSSL_EXPORT bcm_infallible BCM_mlkem1024_generate_key(
- uint8_t out_encoded_public_key[BCM_MLKEM1024_PUBLIC_KEY_BYTES],
- uint8_t optional_out_seed[BCM_MLKEM_SEED_BYTES],
- struct BCM_mlkem1024_private_key *out_private_key);
+ uint8_t out_encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES],
+ uint8_t optional_out_seed[MLKEM_SEED_BYTES],
+ MLKEM1024_private_key *out_private_key);
OPENSSL_EXPORT bcm_status BCM_mlkem1024_generate_key_fips(
- uint8_t out_encoded_public_key[BCM_MLKEM1024_PUBLIC_KEY_BYTES],
- uint8_t optional_out_seed[BCM_MLKEM_SEED_BYTES],
- struct BCM_mlkem1024_private_key *out_private_key);
+ uint8_t out_encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES],
+ uint8_t optional_out_seed[MLKEM_SEED_BYTES],
+ MLKEM1024_private_key *out_private_key);
OPENSSL_EXPORT bcm_status
-BCM_mlkem1024_check_fips(const struct BCM_mlkem1024_private_key *private_key);
+BCM_mlkem1024_check_fips(const MLKEM1024_private_key *private_key);
-OPENSSL_EXPORT bcm_status BCM_mlkem1024_private_key_from_seed(
- struct BCM_mlkem1024_private_key *out_private_key, const uint8_t *seed,
- size_t seed_len);
-
-OPENSSL_EXPORT bcm_infallible BCM_mlkem1024_public_from_private(
- struct BCM_mlkem1024_public_key *out_public_key,
- const struct BCM_mlkem1024_private_key *private_key);
+OPENSSL_EXPORT bcm_status
+BCM_mlkem1024_private_key_from_seed(MLKEM1024_private_key *out_private_key,
+ const uint8_t *seed, size_t seed_len);
OPENSSL_EXPORT bcm_infallible
-BCM_mlkem1024_encap(uint8_t out_ciphertext[BCM_MLKEM1024_CIPHERTEXT_BYTES],
- uint8_t out_shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES],
- const struct BCM_mlkem1024_public_key *public_key);
+BCM_mlkem1024_public_from_private(MLKEM1024_public_key *out_public_key,
+ const MLKEM1024_private_key *private_key);
+
+OPENSSL_EXPORT bcm_infallible
+BCM_mlkem1024_encap(uint8_t out_ciphertext[MLKEM1024_CIPHERTEXT_BYTES],
+ uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
+ const MLKEM1024_public_key *public_key);
OPENSSL_EXPORT bcm_status
-BCM_mlkem1024_decap(uint8_t out_shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES],
+BCM_mlkem1024_decap(uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
const uint8_t *ciphertext, size_t ciphertext_len,
- const struct BCM_mlkem1024_private_key *private_key);
+ const MLKEM1024_private_key *private_key);
OPENSSL_EXPORT bcm_status BCM_mlkem1024_marshal_public_key(
- CBB *out, const struct BCM_mlkem1024_public_key *public_key);
+ CBB *out, const MLKEM1024_public_key *public_key);
-OPENSSL_EXPORT bcm_status BCM_mlkem1024_parse_public_key(
- struct BCM_mlkem1024_public_key *out_public_key, CBS *in);
+OPENSSL_EXPORT bcm_status
+BCM_mlkem1024_parse_public_key(MLKEM1024_public_key *out_public_key, CBS *in);
// BCM_mlkem1024_parse_private_key parses a private key, in NIST's format for
// private keys, from |in| and writes the result to |out_private_key|. It
@@ -833,7 +665,7 @@
// in |in|. This format is verbose and should be avoided. Private keys should be
// stored as seeds and parsed using |BCM_mlkem1024_private_key_from_seed|.
OPENSSL_EXPORT bcm_status BCM_mlkem1024_parse_private_key(
- struct BCM_mlkem1024_private_key *out_private_key, CBS *in);
+ MLKEM1024_private_key *out_private_key, CBS *in);
// BCM_mlkem1024_generate_key_external_seed is a deterministic function to
// create a pair of ML-KEM-1024 keys, using the supplied seed. The seed needs to
@@ -841,9 +673,9 @@
// callers should use the non-deterministic |BCM_mlkem1024_generate_key|
// directly.
OPENSSL_EXPORT bcm_infallible BCM_mlkem1024_generate_key_external_seed(
- uint8_t out_encoded_public_key[BCM_MLKEM1024_PUBLIC_KEY_BYTES],
- struct BCM_mlkem1024_private_key *out_private_key,
- const uint8_t seed[BCM_MLKEM_SEED_BYTES]);
+ uint8_t out_encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES],
+ MLKEM1024_private_key *out_private_key,
+ const uint8_t seed[MLKEM_SEED_BYTES]);
// BCM_mlkem1024_encap_external_entropy behaves like |MLKEM1024_encap|, but uses
// |MLKEM_ENCAP_ENTROPY| bytes of |entropy| for randomization. The
@@ -851,9 +683,9 @@
// should only be used for tests, regular callers should use the
// non-deterministic |BCM_mlkem1024_encap| directly.
OPENSSL_EXPORT bcm_infallible BCM_mlkem1024_encap_external_entropy(
- uint8_t out_ciphertext[BCM_MLKEM1024_CIPHERTEXT_BYTES],
- uint8_t out_shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES],
- const struct BCM_mlkem1024_public_key *public_key,
+ uint8_t out_ciphertext[MLKEM1024_CIPHERTEXT_BYTES],
+ uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
+ const MLKEM1024_public_key *public_key,
const uint8_t entropy[BCM_MLKEM_ENCAP_ENTROPY]);
// BCM_mlkem1024_marshal_private_key serializes |private_key| to |out| in the
@@ -861,7 +693,7 @@
// the seed value produced by |BCM_mlkem1024_generate_key|, which is
// significantly smaller.)
OPENSSL_EXPORT bcm_status BCM_mlkem1024_marshal_private_key(
- CBB *out, const struct BCM_mlkem1024_private_key *private_key);
+ CBB *out, const MLKEM1024_private_key *private_key);
// SLH-DSA
diff --git a/crypto/fipsmodule/mldsa/fips_known_values.inc b/crypto/fipsmodule/mldsa/fips_known_values.inc
index 948fb5c..dc639bd 100644
--- a/crypto/fipsmodule/mldsa/fips_known_values.inc
+++ b/crypto/fipsmodule/mldsa/fips_known_values.inc
@@ -1,9 +1,9 @@
-const uint8_t kGenerateKeyEntropy[BCM_MLDSA_SEED_BYTES] = {
+const uint8_t kGenerateKeyEntropy[MLDSA_SEED_BYTES] = {
0x47, 0x90, 0x52, 0x10, 0x30, 0x27, 0xbd, 0xf1, 0x7e, 0xb1, 0x22,
0xd7, 0x84, 0xfb, 0x3c, 0xf0, 0x40, 0xd2, 0xf4, 0x97, 0x11, 0x7e,
0x01, 0x38, 0xc4, 0xce, 0x9c, 0xac, 0x94, 0x71, 0xab, 0x39};
-const uint8_t kExpectedPublicKey[BCM_MLDSA65_PUBLIC_KEY_BYTES] = {
+const uint8_t kExpectedPublicKey[MLDSA65_PUBLIC_KEY_BYTES] = {
0x0c, 0x6f, 0x38, 0x7d, 0x2a, 0xb4, 0x33, 0x87, 0xf0, 0x21, 0xb0, 0xda,
0x81, 0x6c, 0x71, 0xf0, 0xbc, 0x81, 0x5e, 0xf0, 0xb1, 0x6a, 0xf1, 0x12,
0x4f, 0x35, 0x4c, 0x27, 0x3e, 0xed, 0xb4, 0x2f, 0xe5, 0x4a, 0x01, 0x9a,
@@ -506,12 +506,12 @@
0x35, 0x7e, 0x99, 0x89, 0x7f, 0x4f, 0xf7, 0xc2, 0x21, 0xc7, 0x11, 0xbf,
0xf2, 0x20, 0xa3, 0x56, 0x91, 0xab, 0x26, 0xfe, 0x17, 0xf1, 0xa5, 0xf3};
-const uint8_t kSignEntropy[BCM_MLDSA_SEED_BYTES] = {
+const uint8_t kSignEntropy[MLDSA_SEED_BYTES] = {
0x7c, 0xf6, 0x8e, 0x63, 0x14, 0x04, 0x0b, 0x08, 0x20, 0x9b, 0x00,
0x8c, 0x31, 0x48, 0xee, 0xd3, 0xe1, 0x6d, 0x5f, 0x71, 0x3b, 0xc7,
0x08, 0x78, 0x05, 0x4b, 0x12, 0x4f, 0xf1, 0xf3, 0x50, 0x07};
-const uint8_t kExpectedCase1Signature[BCM_MLDSA65_SIGNATURE_BYTES] = {
+const uint8_t kExpectedCase1Signature[MLDSA65_SIGNATURE_BYTES] = {
0xf8, 0xc7, 0x25, 0x84, 0x8b, 0x39, 0xd9, 0xd9, 0x80, 0xf0, 0x2f, 0xf7,
0xa0, 0x24, 0x19, 0x08, 0x70, 0x65, 0xe2, 0xc8, 0x0a, 0xc4, 0xd3, 0xd5,
0x97, 0x49, 0x31, 0xea, 0x7b, 0xd6, 0x64, 0xb6, 0x6e, 0x6b, 0xf3, 0xc7,
@@ -788,7 +788,7 @@
0xc2, 0xf3, 0xf7, 0xfd, 0x41, 0x76, 0x99, 0xec, 0x92, 0xb8, 0xbd, 0xf3,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x06, 0x0f, 0x16, 0x20, 0x24, 0x28};
-const uint8_t kExpectedCase2Signature[BCM_MLDSA65_SIGNATURE_BYTES] = {
+const uint8_t kExpectedCase2Signature[MLDSA65_SIGNATURE_BYTES] = {
0xef, 0xbf, 0xd8, 0x29, 0xd3, 0x48, 0xaf, 0x86, 0x0d, 0xe5, 0x31, 0xde,
0xfc, 0xe8, 0x90, 0xc3, 0x1d, 0x9a, 0xda, 0x49, 0xd4, 0xb2, 0xab, 0x5e,
0x19, 0x8e, 0x31, 0x6f, 0x73, 0x3f, 0x7f, 0x77, 0xf8, 0xda, 0x71, 0x90,
diff --git a/crypto/fipsmodule/mldsa/mldsa.cc.inc b/crypto/fipsmodule/mldsa/mldsa.cc.inc
index f63c0b2..2a2fd1c 100644
--- a/crypto/fipsmodule/mldsa/mldsa.cc.inc
+++ b/crypto/fipsmodule/mldsa/mldsa.cc.inc
@@ -61,22 +61,22 @@
template <int K>
constexpr size_t public_key_bytes() {
if constexpr (K == 6) {
- return BCM_MLDSA65_PUBLIC_KEY_BYTES;
+ return MLDSA65_PUBLIC_KEY_BYTES;
} else if constexpr (K == 8) {
- return BCM_MLDSA87_PUBLIC_KEY_BYTES;
+ return MLDSA87_PUBLIC_KEY_BYTES;
} else if constexpr (K == 4) {
- return BCM_MLDSA44_PUBLIC_KEY_BYTES;
+ return MLDSA44_PUBLIC_KEY_BYTES;
}
}
template <int K>
constexpr size_t signature_bytes() {
if constexpr (K == 6) {
- return BCM_MLDSA65_SIGNATURE_BYTES;
+ return MLDSA65_SIGNATURE_BYTES;
} else if constexpr (K == 8) {
- return BCM_MLDSA87_SIGNATURE_BYTES;
+ return MLDSA87_SIGNATURE_BYTES;
} else if constexpr (K == 4) {
- return BCM_MLDSA44_SIGNATURE_BYTES;
+ return MLDSA44_SIGNATURE_BYTES;
}
}
@@ -196,9 +196,9 @@
// Fundamental types.
-typedef struct scalar {
+struct scalar {
uint32_t c[kDegree];
-} scalar;
+};
template <int K>
struct vector {
@@ -1125,7 +1125,7 @@
// is used for matrix expansion and only operates on public inputs.
void scalar_from_keccak_vartime(scalar *out,
const uint8_t derived_seed[kRhoBytes + 2]) {
- struct BORINGSSL_keccak_st keccak_ctx;
+ BORINGSSL_keccak_st keccak_ctx;
BORINGSSL_keccak_init(&keccak_ctx, boringssl_shake128);
BORINGSSL_keccak_absorb(&keccak_ctx, derived_seed, kRhoBytes + 2);
assert(keccak_ctx.squeeze_offset == 0);
@@ -1175,7 +1175,7 @@
// FIPS 204, Algorithm 31 (`RejBoundedPoly`).
template <int ETA>
void scalar_uniform(scalar *out, const uint8_t derived_seed[kSigmaBytes + 2]) {
- struct BORINGSSL_keccak_st keccak_ctx;
+ BORINGSSL_keccak_st keccak_ctx;
BORINGSSL_keccak_init(&keccak_ctx, boringssl_shake256);
BORINGSSL_keccak_absorb(&keccak_ctx, derived_seed, kSigmaBytes + 2);
assert(keccak_ctx.squeeze_offset == 0);
@@ -1218,7 +1218,7 @@
// FIPS 204, Algorithm 29 (`SampleInBall`).
void scalar_sample_in_ball_vartime(scalar *out, const uint8_t *seed, int len,
int tau) {
- struct BORINGSSL_keccak_st keccak_ctx;
+ BORINGSSL_keccak_st keccak_ctx;
BORINGSSL_keccak_init(&keccak_ctx, boringssl_shake256);
BORINGSSL_keccak_absorb(&keccak_ctx, seed, len);
assert(keccak_ctx.squeeze_offset == 0);
@@ -1452,7 +1452,7 @@
// FIPS 204, Algorithm 22 (`pkEncode`).
template <int K>
-int mldsa_marshal_public_key(CBB *out, const struct public_key<K> *pub) {
+int mldsa_marshal_public_key(CBB *out, const public_key<K> *pub) {
if (!CBB_add_bytes(out, pub->rho, sizeof(pub->rho))) {
return 0;
}
@@ -1468,7 +1468,7 @@
// FIPS 204, Algorithm 23 (`pkDecode`).
template <int K>
-int mldsa_parse_public_key(struct public_key<K> *pub, CBS *in) {
+int mldsa_parse_public_key(public_key<K> *pub, CBS *in) {
const CBS orig_in = *in;
if (!CBS_copy_bytes(in, pub->rho, sizeof(pub->rho))) {
@@ -1490,7 +1490,7 @@
// FIPS 204, Algorithm 24 (`skEncode`).
template <int K, int L>
-int mldsa_marshal_private_key(CBB *out, const struct private_key<K, L> *priv) {
+int mldsa_marshal_private_key(CBB *out, const private_key<K, L> *priv) {
if (!CBB_add_bytes(out, priv->rho, sizeof(priv->rho)) ||
!CBB_add_bytes(out, priv->k, sizeof(priv->k)) ||
!CBB_add_bytes(out, priv->public_key_hash,
@@ -1525,7 +1525,7 @@
// FIPS 204, Algorithm 25 (`skDecode`).
template <int K, int L>
-int mldsa_parse_private_key(struct private_key<K, L> *priv, CBS *in) {
+int mldsa_parse_private_key(private_key<K, L> *priv, CBS *in) {
CBS s1_bytes;
CBS s2_bytes;
CBS t0_bytes;
@@ -1552,7 +1552,7 @@
// FIPS 204, Algorithm 26 (`sigEncode`).
template <int K, int L>
-int mldsa_marshal_signature(CBB *out, const struct signature<K, L> *sign) {
+int mldsa_marshal_signature(CBB *out, const signature<K, L> *sign) {
if (!CBB_add_bytes(out, sign->c_tilde, sizeof(sign->c_tilde))) {
return 0;
}
@@ -1575,7 +1575,7 @@
// FIPS 204, Algorithm 27 (`sigDecode`).
template <int K, int L>
-int mldsa_parse_signature(struct signature<K, L> *sign, CBS *in) {
+int mldsa_parse_signature(signature<K, L> *sign, CBS *in) {
CBS z_bytes;
CBS hint_bytes;
if (!CBS_copy_bytes(in, sign->c_tilde, sizeof(sign->c_tilde)) ||
@@ -1601,27 +1601,26 @@
template <int K, int L>
int mldsa_generate_key_external_entropy_no_self_test(
uint8_t out_encoded_public_key[public_key_bytes<K>()],
- struct private_key<K, L> *priv,
- const uint8_t entropy[BCM_MLDSA_SEED_BYTES]) {
+ private_key<K, L> *priv, const uint8_t entropy[MLDSA_SEED_BYTES]) {
// Intermediate values, allocated on the heap to allow use when there is a
// limited amount of stack.
struct values_st {
- struct public_key<K> pub;
+ public_key<K> pub;
matrix<K, L> a_ntt;
vector<L> s1_ntt;
vector<K> t;
};
std::unique_ptr<values_st, DeleterFree<values_st>> values(
- reinterpret_cast<struct values_st *>(OPENSSL_malloc(sizeof(values_st))));
+ reinterpret_cast<values_st *>(OPENSSL_malloc(sizeof(values_st))));
if (values == NULL) {
return 0;
}
- uint8_t augmented_entropy[BCM_MLDSA_SEED_BYTES + 2];
- OPENSSL_memcpy(augmented_entropy, entropy, BCM_MLDSA_SEED_BYTES);
+ uint8_t augmented_entropy[MLDSA_SEED_BYTES + 2];
+ OPENSSL_memcpy(augmented_entropy, entropy, MLDSA_SEED_BYTES);
// The k and l parameters are appended to the seed.
- augmented_entropy[BCM_MLDSA_SEED_BYTES] = K;
- augmented_entropy[BCM_MLDSA_SEED_BYTES + 1] = L;
+ augmented_entropy[MLDSA_SEED_BYTES] = K;
+ augmented_entropy[MLDSA_SEED_BYTES + 1] = L;
uint8_t expanded_seed[kRhoBytes + kSigmaBytes + kKBytes];
BORINGSSL_keccak(expanded_seed, sizeof(expanded_seed), augmented_entropy,
sizeof(augmented_entropy), boringssl_shake256);
@@ -1665,16 +1664,15 @@
template <int K, int L>
int mldsa_generate_key_external_entropy(
uint8_t out_encoded_public_key[public_key_bytes<K>()],
- struct private_key<K, L> *priv,
- const uint8_t entropy[BCM_MLDSA_SEED_BYTES]) {
+ private_key<K, L> *priv, const uint8_t entropy[MLDSA_SEED_BYTES]) {
fips::ensure_keygen_self_test();
return mldsa_generate_key_external_entropy_no_self_test(
out_encoded_public_key, priv, entropy);
}
template <int K, int L>
-int mldsa_public_from_private(struct public_key<K> *pub,
- const struct private_key<K, L> *priv) {
+int mldsa_public_from_private(public_key<K> *pub,
+ const private_key<K, L> *priv) {
// Intermediate values, allocated on the heap to allow use when there is a
// limited amount of stack.
struct values_st {
@@ -1684,7 +1682,7 @@
vector<K> t0;
};
std::unique_ptr<values_st, DeleterFree<values_st>> values(
- reinterpret_cast<struct values_st *>(OPENSSL_malloc(sizeof(values_st))));
+ reinterpret_cast<values_st *>(OPENSSL_malloc(sizeof(values_st))));
if (values == NULL) {
return 0;
}
@@ -1713,10 +1711,10 @@
template <int K, int L>
int mldsa_sign_mu(
uint8_t out_encoded_signature[signature_bytes<K>()],
- const struct private_key<K, L> *priv, const uint8_t mu[kMuBytes],
+ const private_key<K, L> *priv, const uint8_t mu[kMuBytes],
const uint8_t randomizer[BCM_MLDSA_SIGNATURE_RANDOMIZER_BYTES]) {
uint8_t rho_prime[kRhoPrimeBytes];
- struct BORINGSSL_keccak_st keccak_ctx;
+ BORINGSSL_keccak_st keccak_ctx;
BORINGSSL_keccak_init(&keccak_ctx, boringssl_shake256);
BORINGSSL_keccak_absorb(&keccak_ctx, priv->k, sizeof(priv->k));
BORINGSSL_keccak_absorb(&keccak_ctx, randomizer,
@@ -1727,7 +1725,7 @@
// Intermediate values, allocated on the heap to allow use when there is a
// limited amount of stack.
struct values_st {
- struct signature<K, L> sign;
+ signature<K, L> sign;
vector<L> s1_ntt;
vector<K> s2_ntt;
vector<K> t0_ntt;
@@ -1739,7 +1737,7 @@
vector<K> cs2;
};
std::unique_ptr<values_st, DeleterFree<values_st>> values(
- reinterpret_cast<struct values_st *>(OPENSSL_malloc(sizeof(values_st))));
+ reinterpret_cast<values_st *>(OPENSSL_malloc(sizeof(values_st))));
if (values == NULL) {
return 0;
}
@@ -1853,12 +1851,12 @@
template <int K, int L>
int mldsa_sign_internal_no_self_test(
uint8_t out_encoded_signature[signature_bytes<K>()],
- const struct private_key<K, L> *priv, const uint8_t *msg, size_t msg_len,
+ const private_key<K, L> *priv, const uint8_t *msg, size_t msg_len,
const uint8_t *context_prefix, size_t context_prefix_len,
const uint8_t *context, size_t context_len,
const uint8_t randomizer[BCM_MLDSA_SIGNATURE_RANDOMIZER_BYTES]) {
uint8_t mu[kMuBytes];
- struct BORINGSSL_keccak_st keccak_ctx;
+ BORINGSSL_keccak_st keccak_ctx;
BORINGSSL_keccak_init(&keccak_ctx, boringssl_shake256);
BORINGSSL_keccak_absorb(&keccak_ctx, priv->public_key_hash,
sizeof(priv->public_key_hash));
@@ -1875,7 +1873,7 @@
template <int K, int L>
int mldsa_sign_internal(
uint8_t out_encoded_signature[signature_bytes<K>()],
- const struct private_key<K, L> *priv, const uint8_t *msg, size_t msg_len,
+ const private_key<K, L> *priv, const uint8_t *msg, size_t msg_len,
const uint8_t *context_prefix, size_t context_prefix_len,
const uint8_t *context, size_t context_len,
const uint8_t randomizer[BCM_MLDSA_SIGNATURE_RANDOMIZER_BYTES]) {
@@ -1886,13 +1884,12 @@
}
struct prehash_context {
- struct BORINGSSL_keccak_st keccak_ctx;
+ BORINGSSL_keccak_st keccak_ctx;
};
template <int K>
-void mldsa_prehash_init(struct prehash_context *out_prehash_ctx,
- const struct public_key<K> *pub,
- const uint8_t *context_prefix,
+void mldsa_prehash_init(prehash_context *out_prehash_ctx,
+ const public_key<K> *pub, const uint8_t *context_prefix,
size_t context_prefix_len, const uint8_t *context,
size_t context_len) {
BORINGSSL_keccak_init(&out_prehash_ctx->keccak_ctx, boringssl_shake256);
@@ -1903,13 +1900,13 @@
BORINGSSL_keccak_absorb(&out_prehash_ctx->keccak_ctx, context, context_len);
}
-void mldsa_prehash_update(struct prehash_context *inout_prehash_ctx,
+void mldsa_prehash_update(prehash_context *inout_prehash_ctx,
const uint8_t *msg, size_t msg_len) {
BORINGSSL_keccak_absorb(&inout_prehash_ctx->keccak_ctx, msg, msg_len);
}
void mldsa_prehash_finalize(uint8_t out_msg_rep[kMuBytes],
- struct prehash_context *inout_prehash_ctx) {
+ prehash_context *inout_prehash_ctx) {
BORINGSSL_keccak_squeeze(&inout_prehash_ctx->keccak_ctx, out_msg_rep,
kMuBytes);
}
@@ -1917,21 +1914,21 @@
// FIPS 204, Algorithm 8 (`ML-DSA.Verify_internal`).
template <int K, int L>
int mldsa_verify_internal_no_self_test(
- const struct public_key<K> *pub,
+ const public_key<K> *pub,
const uint8_t encoded_signature[signature_bytes<K>()], const uint8_t *msg,
size_t msg_len, const uint8_t *context_prefix, size_t context_prefix_len,
const uint8_t *context, size_t context_len) {
// Intermediate values, allocated on the heap to allow use when there is a
// limited amount of stack.
struct values_st {
- struct signature<K, L> sign;
+ signature<K, L> sign;
matrix<K, L> a_ntt;
vector<L> z_ntt;
vector<K> az_ntt;
vector<K> ct1_ntt;
};
std::unique_ptr<values_st, DeleterFree<values_st>> values(
- reinterpret_cast<struct values_st *>(OPENSSL_malloc(sizeof(values_st))));
+ reinterpret_cast<values_st *>(OPENSSL_malloc(sizeof(values_st))));
if (values == NULL) {
return 0;
}
@@ -1945,7 +1942,7 @@
matrix_expand(&values->a_ntt, pub->rho);
uint8_t mu[kMuBytes];
- struct BORINGSSL_keccak_st keccak_ctx;
+ BORINGSSL_keccak_st keccak_ctx;
BORINGSSL_keccak_init(&keccak_ctx, boringssl_shake256);
BORINGSSL_keccak_absorb(&keccak_ctx, pub->public_key_hash,
sizeof(pub->public_key_hash));
@@ -1989,7 +1986,7 @@
0;
}
template <int K, int L>
-int mldsa_verify_internal(const struct public_key<K> *pub,
+int mldsa_verify_internal(const public_key<K> *pub,
const uint8_t encoded_signature[signature_bytes<K>()],
const uint8_t *msg, size_t msg_len,
const uint8_t *context_prefix,
@@ -2001,102 +1998,81 @@
context, context_len);
}
-struct private_key<6, 5> *private_key_from_external_65(
- const struct BCM_mldsa65_private_key *external) {
- static_assert(sizeof(struct BCM_mldsa65_private_key) ==
- sizeof(struct private_key<6, 5>),
+private_key<6, 5> *private_key_from_external_65(
+ const MLDSA65_private_key *external) {
+ static_assert(sizeof(MLDSA65_private_key) == sizeof(private_key<6, 5>),
"MLDSA65 private key size incorrect");
- static_assert(alignof(struct BCM_mldsa65_private_key) ==
- alignof(struct private_key<6, 5>),
+ static_assert(alignof(MLDSA65_private_key) == alignof(private_key<6, 5>),
"MLDSA65 private key alignment incorrect");
- return (struct private_key<6, 5> *)external;
+ return (private_key<6, 5> *)external;
}
-struct public_key<6> *public_key_from_external_65(
- const struct BCM_mldsa65_public_key *external) {
- static_assert(
- sizeof(struct BCM_mldsa65_public_key) == sizeof(struct public_key<6>),
- "MLDSA65 public key size incorrect");
- static_assert(
- alignof(struct BCM_mldsa65_public_key) == alignof(struct public_key<6>),
- "MLDSA65 public key alignment incorrect");
- return (struct public_key<6> *)external;
+public_key<6> *public_key_from_external_65(const MLDSA65_public_key *external) {
+ static_assert(sizeof(MLDSA65_public_key) == sizeof(public_key<6>),
+ "MLDSA65 public key size incorrect");
+ static_assert(alignof(MLDSA65_public_key) == alignof(public_key<6>),
+ "MLDSA65 public key alignment incorrect");
+ return (public_key<6> *)external;
}
struct prehash_context *prehash_context_from_external_65(
- struct BCM_mldsa65_prehash *external) {
- static_assert(
- sizeof(struct BCM_mldsa65_prehash) == sizeof(struct prehash_context),
- "MLDSA pre-hash context size incorrect");
- static_assert(
- alignof(struct BCM_mldsa65_prehash) == alignof(struct prehash_context),
- "MLDSA pre-hash context alignment incorrect");
+ MLDSA65_prehash *external) {
+ static_assert(sizeof(MLDSA65_prehash) == sizeof(prehash_context),
+ "MLDSA pre-hash context size incorrect");
+ static_assert(alignof(MLDSA65_prehash) == alignof(prehash_context),
+ "MLDSA pre-hash context alignment incorrect");
return reinterpret_cast<prehash_context *>(external);
}
-struct private_key<8, 7> *private_key_from_external_87(
- const struct BCM_mldsa87_private_key *external) {
- static_assert(sizeof(struct BCM_mldsa87_private_key) ==
- sizeof(struct private_key<8, 7>),
+private_key<8, 7> *private_key_from_external_87(
+ const MLDSA87_private_key *external) {
+ static_assert(sizeof(MLDSA87_private_key) == sizeof(private_key<8, 7>),
"MLDSA87 private key size incorrect");
- static_assert(alignof(struct BCM_mldsa87_private_key) ==
- alignof(struct private_key<8, 7>),
+ static_assert(alignof(MLDSA87_private_key) == alignof(private_key<8, 7>),
"MLDSA87 private key alignment incorrect");
- return (struct private_key<8, 7> *)external;
+ return (private_key<8, 7> *)external;
}
-struct public_key<8> *public_key_from_external_87(
- const struct BCM_mldsa87_public_key *external) {
- static_assert(
- sizeof(struct BCM_mldsa87_public_key) == sizeof(struct public_key<8>),
- "MLDSA87 public key size incorrect");
- static_assert(
- alignof(struct BCM_mldsa87_public_key) == alignof(struct public_key<8>),
- "MLDSA87 public key alignment incorrect");
- return (struct public_key<8> *)external;
+public_key<8> *public_key_from_external_87(const MLDSA87_public_key *external) {
+ static_assert(sizeof(MLDSA87_public_key) == sizeof(public_key<8>),
+ "MLDSA87 public key size incorrect");
+ static_assert(alignof(MLDSA87_public_key) == alignof(public_key<8>),
+ "MLDSA87 public key alignment incorrect");
+ return (public_key<8> *)external;
}
struct prehash_context *prehash_context_from_external_87(
- struct BCM_mldsa87_prehash *external) {
- static_assert(
- sizeof(struct BCM_mldsa87_prehash) == sizeof(struct prehash_context),
- "MLDSA pre-hash context size incorrect");
- static_assert(
- alignof(struct BCM_mldsa87_prehash) == alignof(struct prehash_context),
- "MLDSA pre-hash context alignment incorrect");
+ MLDSA87_prehash *external) {
+ static_assert(sizeof(MLDSA87_prehash) == sizeof(prehash_context),
+ "MLDSA pre-hash context size incorrect");
+ static_assert(alignof(MLDSA87_prehash) == alignof(prehash_context),
+ "MLDSA pre-hash context alignment incorrect");
return reinterpret_cast<prehash_context *>(external);
}
-struct private_key<4, 4> *private_key_from_external_44(
- const struct BCM_mldsa44_private_key *external) {
- static_assert(sizeof(struct BCM_mldsa44_private_key) ==
- sizeof(struct private_key<4, 4>),
+private_key<4, 4> *private_key_from_external_44(
+ const MLDSA44_private_key *external) {
+ static_assert(sizeof(MLDSA44_private_key) == sizeof(private_key<4, 4>),
"MLDSA44 private key size incorrect");
- static_assert(alignof(struct BCM_mldsa44_private_key) ==
- alignof(struct private_key<4, 4>),
+ static_assert(alignof(MLDSA44_private_key) == alignof(private_key<4, 4>),
"MLDSA44 private key alignment incorrect");
- return (struct private_key<4, 4> *)external;
+ return (private_key<4, 4> *)external;
}
-struct public_key<4> *public_key_from_external_44(
- const struct BCM_mldsa44_public_key *external) {
- static_assert(
- sizeof(struct BCM_mldsa44_public_key) == sizeof(struct public_key<4>),
- "MLDSA44 public key size incorrect");
- static_assert(
- alignof(struct BCM_mldsa44_public_key) == alignof(struct public_key<4>),
- "MLDSA44 public key alignment incorrect");
- return (struct public_key<4> *)external;
+public_key<4> *public_key_from_external_44(const MLDSA44_public_key *external) {
+ static_assert(sizeof(MLDSA44_public_key) == sizeof(public_key<4>),
+ "MLDSA44 public key size incorrect");
+ static_assert(alignof(MLDSA44_public_key) == alignof(public_key<4>),
+ "MLDSA44 public key alignment incorrect");
+ return (public_key<4> *)external;
}
struct prehash_context *prehash_context_from_external_44(
- struct BCM_mldsa44_prehash *external) {
- static_assert(
- sizeof(struct BCM_mldsa44_prehash) == sizeof(struct prehash_context),
- "MLDSA pre-hash context size incorrect");
- static_assert(
- alignof(struct BCM_mldsa44_prehash) == alignof(struct prehash_context),
- "MLDSA pre-hash context alignment incorrect");
+ MLDSA44_prehash *external) {
+ static_assert(sizeof(MLDSA44_prehash) == sizeof(prehash_context),
+ "MLDSA pre-hash context size incorrect");
+ static_assert(alignof(MLDSA44_prehash) == alignof(prehash_context),
+ "MLDSA pre-hash context alignment incorrect");
return reinterpret_cast<prehash_context *>(external);
}
@@ -2106,7 +2082,7 @@
static int keygen_self_test() {
private_key<6, 5> priv;
- uint8_t pub_bytes[BCM_MLDSA65_PUBLIC_KEY_BYTES];
+ uint8_t pub_bytes[MLDSA65_PUBLIC_KEY_BYTES];
if (!mldsa_generate_key_external_entropy_no_self_test(pub_bytes, &priv,
kGenerateKeyEntropy)) {
return 0;
@@ -2133,13 +2109,13 @@
static int sign_self_test() {
private_key<6, 5> priv;
- uint8_t pub_bytes[BCM_MLDSA65_PUBLIC_KEY_BYTES];
+ uint8_t pub_bytes[MLDSA65_PUBLIC_KEY_BYTES];
if (!mldsa_generate_key_external_entropy(pub_bytes, &priv, kSignEntropy)) {
return 0;
}
const uint8_t randomizer[BCM_MLDSA_SIGNATURE_RANDOMIZER_BYTES] = {};
- uint8_t sig[BCM_MLDSA65_SIGNATURE_BYTES];
+ uint8_t sig[MLDSA65_SIGNATURE_BYTES];
// This message triggers the first restart case for signing.
uint8_t message[4] = {0};
@@ -2172,10 +2148,10 @@
struct values_st {
private_key<6, 5> priv;
public_key<6> pub;
- uint8_t pub_bytes[BCM_MLDSA65_PUBLIC_KEY_BYTES];
+ uint8_t pub_bytes[MLDSA65_PUBLIC_KEY_BYTES];
};
std::unique_ptr<values_st, DeleterFree<values_st>> values(
- reinterpret_cast<struct values_st *>(OPENSSL_malloc(sizeof(values_st))));
+ reinterpret_cast<values_st *>(OPENSSL_malloc(sizeof(values_st))));
if (!values) {
return 0;
}
@@ -2266,28 +2242,27 @@
// ML-DSA-65 specific wrappers.
-bcm_status BCM_mldsa65_parse_public_key(
- struct BCM_mldsa65_public_key *public_key, CBS *in) {
+bcm_status BCM_mldsa65_parse_public_key(MLDSA65_public_key *public_key,
+ CBS *in) {
return bcm_as_approved_status(mldsa_parse_public_key(
mldsa::public_key_from_external_65(public_key), in));
}
bcm_status BCM_mldsa65_marshal_private_key(
- CBB *out, const struct BCM_mldsa65_private_key *private_key) {
+ CBB *out, const MLDSA65_private_key *private_key) {
return bcm_as_approved_status(mldsa_marshal_private_key(
out, mldsa::private_key_from_external_65(private_key)));
}
-bcm_status BCM_mldsa65_parse_private_key(
- struct BCM_mldsa65_private_key *private_key, CBS *in) {
+bcm_status BCM_mldsa65_parse_private_key(MLDSA65_private_key *private_key,
+ CBS *in) {
return bcm_as_approved_status(
mldsa_parse_private_key(mldsa::private_key_from_external_65(private_key),
in) &&
CBS_len(in) == 0);
}
-bcm_status BCM_mldsa65_check_key_fips(
- struct BCM_mldsa65_private_key *private_key) {
+bcm_status BCM_mldsa65_check_key_fips(MLDSA65_private_key *private_key) {
return bcm_as_approved_status(
mldsa::fips::check_key(mldsa::private_key_from_external_65(private_key)));
}
@@ -2295,36 +2270,34 @@
// Calls |MLDSA_generate_key_external_entropy| with random bytes from
// |BCM_rand_bytes|.
bcm_status BCM_mldsa65_generate_key(
- uint8_t out_encoded_public_key[BCM_MLDSA65_PUBLIC_KEY_BYTES],
- uint8_t out_seed[BCM_MLDSA_SEED_BYTES],
- struct BCM_mldsa65_private_key *out_private_key) {
- BCM_rand_bytes(out_seed, BCM_MLDSA_SEED_BYTES);
- CONSTTIME_SECRET(out_seed, BCM_MLDSA_SEED_BYTES);
+ uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES],
+ uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA65_private_key *out_private_key) {
+ BCM_rand_bytes(out_seed, MLDSA_SEED_BYTES);
+ CONSTTIME_SECRET(out_seed, MLDSA_SEED_BYTES);
return BCM_mldsa65_generate_key_external_entropy(out_encoded_public_key,
out_private_key, out_seed);
}
bcm_status BCM_mldsa65_private_key_from_seed(
- struct BCM_mldsa65_private_key *out_private_key,
- const uint8_t seed[BCM_MLDSA_SEED_BYTES]) {
- uint8_t public_key[BCM_MLDSA65_PUBLIC_KEY_BYTES];
+ MLDSA65_private_key *out_private_key,
+ const uint8_t seed[MLDSA_SEED_BYTES]) {
+ uint8_t public_key[MLDSA65_PUBLIC_KEY_BYTES];
return BCM_mldsa65_generate_key_external_entropy(public_key, out_private_key,
seed);
}
bcm_status BCM_mldsa65_generate_key_external_entropy(
- uint8_t out_encoded_public_key[BCM_MLDSA65_PUBLIC_KEY_BYTES],
- struct BCM_mldsa65_private_key *out_private_key,
- const uint8_t entropy[BCM_MLDSA_SEED_BYTES]) {
+ uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES],
+ MLDSA65_private_key *out_private_key,
+ const uint8_t entropy[MLDSA_SEED_BYTES]) {
return bcm_as_not_approved_status(mldsa_generate_key_external_entropy(
out_encoded_public_key,
mldsa::private_key_from_external_65(out_private_key), entropy));
}
bcm_status BCM_mldsa65_generate_key_fips(
- uint8_t out_encoded_public_key[BCM_MLDSA65_PUBLIC_KEY_BYTES],
- uint8_t out_seed[BCM_MLDSA_SEED_BYTES],
- struct BCM_mldsa65_private_key *out_private_key) {
+ uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES],
+ uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA65_private_key *out_private_key) {
if (out_encoded_public_key == nullptr || out_private_key == nullptr) {
return bcm_status::failure;
}
@@ -2336,9 +2309,9 @@
}
bcm_status BCM_mldsa65_generate_key_external_entropy_fips(
- uint8_t out_encoded_public_key[BCM_MLDSA65_PUBLIC_KEY_BYTES],
- struct BCM_mldsa65_private_key *out_private_key,
- const uint8_t entropy[BCM_MLDSA_SEED_BYTES]) {
+ uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES],
+ MLDSA65_private_key *out_private_key,
+ const uint8_t entropy[MLDSA_SEED_BYTES]) {
if (out_encoded_public_key == nullptr || out_private_key == nullptr) {
return bcm_status::failure;
}
@@ -2351,9 +2324,9 @@
}
bcm_status BCM_mldsa65_private_key_from_seed_fips(
- struct BCM_mldsa65_private_key *out_private_key,
- const uint8_t seed[BCM_MLDSA_SEED_BYTES]) {
- uint8_t public_key[BCM_MLDSA65_PUBLIC_KEY_BYTES];
+ MLDSA65_private_key *out_private_key,
+ const uint8_t seed[MLDSA_SEED_BYTES]) {
+ uint8_t public_key[MLDSA65_PUBLIC_KEY_BYTES];
if (BCM_mldsa65_generate_key_external_entropy(public_key, out_private_key,
seed) == bcm_status::failure) {
return bcm_status::failure;
@@ -2362,17 +2335,17 @@
}
bcm_status BCM_mldsa65_public_from_private(
- struct BCM_mldsa65_public_key *out_public_key,
- const struct BCM_mldsa65_private_key *private_key) {
+ MLDSA65_public_key *out_public_key,
+ const MLDSA65_private_key *private_key) {
return bcm_as_approved_status(mldsa_public_from_private(
mldsa::public_key_from_external_65(out_public_key),
mldsa::private_key_from_external_65(private_key)));
}
bcm_status BCM_mldsa65_sign_internal(
- uint8_t out_encoded_signature[BCM_MLDSA65_SIGNATURE_BYTES],
- const struct BCM_mldsa65_private_key *private_key, const uint8_t *msg,
- size_t msg_len, const uint8_t *context_prefix, size_t context_prefix_len,
+ uint8_t out_encoded_signature[MLDSA65_SIGNATURE_BYTES],
+ const MLDSA65_private_key *private_key, const uint8_t *msg, size_t msg_len,
+ const uint8_t *context_prefix, size_t context_prefix_len,
const uint8_t *context, size_t context_len,
const uint8_t randomizer[BCM_MLDSA_SIGNATURE_RANDOMIZER_BYTES]) {
return bcm_as_approved_status(mldsa_sign_internal(
@@ -2384,9 +2357,9 @@
// ML-DSA signature in randomized mode, filling the random bytes with
// |BCM_rand_bytes|.
bcm_status BCM_mldsa65_sign(
- uint8_t out_encoded_signature[BCM_MLDSA65_SIGNATURE_BYTES],
- const struct BCM_mldsa65_private_key *private_key, const uint8_t *msg,
- size_t msg_len, const uint8_t *context, size_t context_len) {
+ uint8_t out_encoded_signature[MLDSA65_SIGNATURE_BYTES],
+ const MLDSA65_private_key *private_key, const uint8_t *msg, size_t msg_len,
+ const uint8_t *context, size_t context_len) {
BSSL_CHECK(context_len <= 255);
uint8_t randomizer[BCM_MLDSA_SIGNATURE_RANDOMIZER_BYTES];
BCM_rand_bytes(randomizer, sizeof(randomizer));
@@ -2399,8 +2372,8 @@
}
// ML-DSA pre-hashed API: initializing a pre-hashing context.
-void BCM_mldsa65_prehash_init(struct BCM_mldsa65_prehash *out_prehash_ctx,
- const struct BCM_mldsa65_public_key *public_key,
+void BCM_mldsa65_prehash_init(MLDSA65_prehash *out_prehash_ctx,
+ const MLDSA65_public_key *public_key,
const uint8_t *context, size_t context_len) {
BSSL_CHECK(context_len <= 255);
@@ -2412,25 +2385,24 @@
}
// ML-DSA pre-hashed API: updating a pre-hashing context with a message chunk.
-void BCM_mldsa65_prehash_update(struct BCM_mldsa65_prehash *inout_prehash_ctx,
+void BCM_mldsa65_prehash_update(MLDSA65_prehash *inout_prehash_ctx,
const uint8_t *msg, size_t msg_len) {
mldsa_prehash_update(
mldsa::prehash_context_from_external_65(inout_prehash_ctx), msg, msg_len);
}
// ML-DSA pre-hashed API: obtaining a message representative to sign.
-void BCM_mldsa65_prehash_finalize(
- uint8_t out_msg_rep[BCM_MLDSA_MU_BYTES],
- struct BCM_mldsa65_prehash *inout_prehash_ctx) {
+void BCM_mldsa65_prehash_finalize(uint8_t out_msg_rep[MLDSA_MU_BYTES],
+ MLDSA65_prehash *inout_prehash_ctx) {
mldsa_prehash_finalize(
out_msg_rep, mldsa::prehash_context_from_external_65(inout_prehash_ctx));
}
// ML-DSA pre-hashed API: signing a message representative.
bcm_status BCM_mldsa65_sign_message_representative(
- uint8_t out_encoded_signature[BCM_MLDSA65_SIGNATURE_BYTES],
- const struct BCM_mldsa65_private_key *private_key,
- const uint8_t msg_rep[BCM_MLDSA_MU_BYTES]) {
+ uint8_t out_encoded_signature[MLDSA65_SIGNATURE_BYTES],
+ const MLDSA65_private_key *private_key,
+ const uint8_t msg_rep[MLDSA_MU_BYTES]) {
uint8_t randomizer[BCM_MLDSA_SIGNATURE_RANDOMIZER_BYTES];
BCM_rand_bytes(randomizer, sizeof(randomizer));
CONSTTIME_SECRET(randomizer, sizeof(randomizer));
@@ -2441,10 +2413,10 @@
}
// FIPS 204, Algorithm 3 (`ML-DSA.Verify`).
-bcm_status BCM_mldsa65_verify(
- const struct BCM_mldsa65_public_key *public_key,
- const uint8_t signature[BCM_MLDSA65_SIGNATURE_BYTES], const uint8_t *msg,
- size_t msg_len, const uint8_t *context, size_t context_len) {
+bcm_status BCM_mldsa65_verify(const MLDSA65_public_key *public_key,
+ const uint8_t signature[MLDSA65_SIGNATURE_BYTES],
+ const uint8_t *msg, size_t msg_len,
+ const uint8_t *context, size_t context_len) {
BSSL_CHECK(context_len <= 255);
const uint8_t context_prefix[2] = {0, static_cast<uint8_t>(context_len)};
return BCM_mldsa65_verify_internal(public_key, signature, msg, msg_len,
@@ -2453,8 +2425,8 @@
}
bcm_status BCM_mldsa65_verify_internal(
- const struct BCM_mldsa65_public_key *public_key,
- const uint8_t encoded_signature[BCM_MLDSA65_SIGNATURE_BYTES],
+ const MLDSA65_public_key *public_key,
+ const uint8_t encoded_signature[MLDSA65_SIGNATURE_BYTES],
const uint8_t *msg, size_t msg_len, const uint8_t *context_prefix,
size_t context_prefix_len, const uint8_t *context, size_t context_len) {
return bcm_as_approved_status(mldsa::mldsa_verify_internal<6, 5>(
@@ -2463,7 +2435,7 @@
}
bcm_status BCM_mldsa65_marshal_public_key(
- CBB *out, const struct BCM_mldsa65_public_key *public_key) {
+ CBB *out, const MLDSA65_public_key *public_key) {
return bcm_as_approved_status(mldsa_marshal_public_key(
out, mldsa::public_key_from_external_65(public_key)));
}
@@ -2471,28 +2443,27 @@
// ML-DSA-87 specific wrappers.
-bcm_status BCM_mldsa87_parse_public_key(
- struct BCM_mldsa87_public_key *public_key, CBS *in) {
+bcm_status BCM_mldsa87_parse_public_key(MLDSA87_public_key *public_key,
+ CBS *in) {
return bcm_as_approved_status(mldsa_parse_public_key(
mldsa::public_key_from_external_87(public_key), in));
}
bcm_status BCM_mldsa87_marshal_private_key(
- CBB *out, const struct BCM_mldsa87_private_key *private_key) {
+ CBB *out, const MLDSA87_private_key *private_key) {
return bcm_as_approved_status(mldsa_marshal_private_key(
out, mldsa::private_key_from_external_87(private_key)));
}
-bcm_status BCM_mldsa87_parse_private_key(
- struct BCM_mldsa87_private_key *private_key, CBS *in) {
+bcm_status BCM_mldsa87_parse_private_key(MLDSA87_private_key *private_key,
+ CBS *in) {
return bcm_as_approved_status(
mldsa_parse_private_key(mldsa::private_key_from_external_87(private_key),
in) &&
CBS_len(in) == 0);
}
-bcm_status BCM_mldsa87_check_key_fips(
- struct BCM_mldsa87_private_key *private_key) {
+bcm_status BCM_mldsa87_check_key_fips(MLDSA87_private_key *private_key) {
return bcm_as_approved_status(
mldsa::fips::check_key(mldsa::private_key_from_external_87(private_key)));
}
@@ -2500,35 +2471,33 @@
// Calls |MLDSA_generate_key_external_entropy| with random bytes from
// |BCM_rand_bytes|.
bcm_status BCM_mldsa87_generate_key(
- uint8_t out_encoded_public_key[BCM_MLDSA87_PUBLIC_KEY_BYTES],
- uint8_t out_seed[BCM_MLDSA_SEED_BYTES],
- struct BCM_mldsa87_private_key *out_private_key) {
- BCM_rand_bytes(out_seed, BCM_MLDSA_SEED_BYTES);
+ uint8_t out_encoded_public_key[MLDSA87_PUBLIC_KEY_BYTES],
+ uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA87_private_key *out_private_key) {
+ BCM_rand_bytes(out_seed, MLDSA_SEED_BYTES);
return BCM_mldsa87_generate_key_external_entropy(out_encoded_public_key,
out_private_key, out_seed);
}
bcm_status BCM_mldsa87_private_key_from_seed(
- struct BCM_mldsa87_private_key *out_private_key,
- const uint8_t seed[BCM_MLDSA_SEED_BYTES]) {
- uint8_t public_key[BCM_MLDSA87_PUBLIC_KEY_BYTES];
+ MLDSA87_private_key *out_private_key,
+ const uint8_t seed[MLDSA_SEED_BYTES]) {
+ uint8_t public_key[MLDSA87_PUBLIC_KEY_BYTES];
return BCM_mldsa87_generate_key_external_entropy(public_key, out_private_key,
seed);
}
bcm_status BCM_mldsa87_generate_key_external_entropy(
- uint8_t out_encoded_public_key[BCM_MLDSA87_PUBLIC_KEY_BYTES],
- struct BCM_mldsa87_private_key *out_private_key,
- const uint8_t entropy[BCM_MLDSA_SEED_BYTES]) {
+ uint8_t out_encoded_public_key[MLDSA87_PUBLIC_KEY_BYTES],
+ MLDSA87_private_key *out_private_key,
+ const uint8_t entropy[MLDSA_SEED_BYTES]) {
return bcm_as_not_approved_status(mldsa_generate_key_external_entropy(
out_encoded_public_key,
mldsa::private_key_from_external_87(out_private_key), entropy));
}
bcm_status BCM_mldsa87_generate_key_fips(
- uint8_t out_encoded_public_key[BCM_MLDSA87_PUBLIC_KEY_BYTES],
- uint8_t out_seed[BCM_MLDSA_SEED_BYTES],
- struct BCM_mldsa87_private_key *out_private_key) {
+ uint8_t out_encoded_public_key[MLDSA87_PUBLIC_KEY_BYTES],
+ uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA87_private_key *out_private_key) {
if (out_encoded_public_key == nullptr || out_private_key == nullptr) {
return bcm_status::failure;
}
@@ -2540,9 +2509,9 @@
}
bcm_status BCM_mldsa87_generate_key_external_entropy_fips(
- uint8_t out_encoded_public_key[BCM_MLDSA87_PUBLIC_KEY_BYTES],
- struct BCM_mldsa87_private_key *out_private_key,
- const uint8_t entropy[BCM_MLDSA_SEED_BYTES]) {
+ uint8_t out_encoded_public_key[MLDSA87_PUBLIC_KEY_BYTES],
+ MLDSA87_private_key *out_private_key,
+ const uint8_t entropy[MLDSA_SEED_BYTES]) {
if (out_encoded_public_key == nullptr || out_private_key == nullptr) {
return bcm_status::failure;
}
@@ -2555,9 +2524,9 @@
}
bcm_status BCM_mldsa87_private_key_from_seed_fips(
- struct BCM_mldsa87_private_key *out_private_key,
- const uint8_t seed[BCM_MLDSA_SEED_BYTES]) {
- uint8_t public_key[BCM_MLDSA87_PUBLIC_KEY_BYTES];
+ MLDSA87_private_key *out_private_key,
+ const uint8_t seed[MLDSA_SEED_BYTES]) {
+ uint8_t public_key[MLDSA87_PUBLIC_KEY_BYTES];
if (BCM_mldsa87_generate_key_external_entropy(public_key, out_private_key,
seed) == bcm_status::failure) {
return bcm_status::failure;
@@ -2566,17 +2535,17 @@
}
bcm_status BCM_mldsa87_public_from_private(
- struct BCM_mldsa87_public_key *out_public_key,
- const struct BCM_mldsa87_private_key *private_key) {
+ MLDSA87_public_key *out_public_key,
+ const MLDSA87_private_key *private_key) {
return bcm_as_approved_status(mldsa_public_from_private(
mldsa::public_key_from_external_87(out_public_key),
mldsa::private_key_from_external_87(private_key)));
}
bcm_status BCM_mldsa87_sign_internal(
- uint8_t out_encoded_signature[BCM_MLDSA87_SIGNATURE_BYTES],
- const struct BCM_mldsa87_private_key *private_key, const uint8_t *msg,
- size_t msg_len, const uint8_t *context_prefix, size_t context_prefix_len,
+ uint8_t out_encoded_signature[MLDSA87_SIGNATURE_BYTES],
+ const MLDSA87_private_key *private_key, const uint8_t *msg, size_t msg_len,
+ const uint8_t *context_prefix, size_t context_prefix_len,
const uint8_t *context, size_t context_len,
const uint8_t randomizer[BCM_MLDSA_SIGNATURE_RANDOMIZER_BYTES]) {
return bcm_as_approved_status(mldsa_sign_internal(
@@ -2588,9 +2557,9 @@
// ML-DSA signature in randomized mode, filling the random bytes with
// |BCM_rand_bytes|.
bcm_status BCM_mldsa87_sign(
- uint8_t out_encoded_signature[BCM_MLDSA87_SIGNATURE_BYTES],
- const struct BCM_mldsa87_private_key *private_key, const uint8_t *msg,
- size_t msg_len, const uint8_t *context, size_t context_len) {
+ uint8_t out_encoded_signature[MLDSA87_SIGNATURE_BYTES],
+ const MLDSA87_private_key *private_key, const uint8_t *msg, size_t msg_len,
+ const uint8_t *context, size_t context_len) {
BSSL_CHECK(context_len <= 255);
uint8_t randomizer[BCM_MLDSA_SIGNATURE_RANDOMIZER_BYTES];
BCM_rand_bytes(randomizer, sizeof(randomizer));
@@ -2602,8 +2571,8 @@
}
// ML-DSA pre-hashed API: initializing a pre-hashing context.
-void BCM_mldsa87_prehash_init(struct BCM_mldsa87_prehash *out_prehash_ctx,
- const struct BCM_mldsa87_public_key *public_key,
+void BCM_mldsa87_prehash_init(MLDSA87_prehash *out_prehash_ctx,
+ const MLDSA87_public_key *public_key,
const uint8_t *context, size_t context_len) {
BSSL_CHECK(context_len <= 255);
@@ -2615,25 +2584,24 @@
}
// ML-DSA pre-hashed API: updating a pre-hashing context with a message chunk.
-void BCM_mldsa87_prehash_update(struct BCM_mldsa87_prehash *inout_prehash_ctx,
+void BCM_mldsa87_prehash_update(MLDSA87_prehash *inout_prehash_ctx,
const uint8_t *msg, size_t msg_len) {
mldsa_prehash_update(
mldsa::prehash_context_from_external_87(inout_prehash_ctx), msg, msg_len);
}
// ML-DSA pre-hashed API: obtaining a message representative to sign.
-void BCM_mldsa87_prehash_finalize(
- uint8_t out_msg_rep[BCM_MLDSA_MU_BYTES],
- struct BCM_mldsa87_prehash *inout_prehash_ctx) {
+void BCM_mldsa87_prehash_finalize(uint8_t out_msg_rep[MLDSA_MU_BYTES],
+ MLDSA87_prehash *inout_prehash_ctx) {
mldsa_prehash_finalize(
out_msg_rep, mldsa::prehash_context_from_external_87(inout_prehash_ctx));
}
// ML-DSA pre-hashed API: signing a message representative.
bcm_status BCM_mldsa87_sign_message_representative(
- uint8_t out_encoded_signature[BCM_MLDSA87_SIGNATURE_BYTES],
- const struct BCM_mldsa87_private_key *private_key,
- const uint8_t msg_rep[BCM_MLDSA_MU_BYTES]) {
+ uint8_t out_encoded_signature[MLDSA87_SIGNATURE_BYTES],
+ const MLDSA87_private_key *private_key,
+ const uint8_t msg_rep[MLDSA_MU_BYTES]) {
uint8_t randomizer[BCM_MLDSA_SIGNATURE_RANDOMIZER_BYTES];
BCM_rand_bytes(randomizer, sizeof(randomizer));
CONSTTIME_SECRET(randomizer, sizeof(randomizer));
@@ -2644,7 +2612,7 @@
}
// FIPS 204, Algorithm 3 (`ML-DSA.Verify`).
-bcm_status BCM_mldsa87_verify(const struct BCM_mldsa87_public_key *public_key,
+bcm_status BCM_mldsa87_verify(const MLDSA87_public_key *public_key,
const uint8_t *signature, const uint8_t *msg,
size_t msg_len, const uint8_t *context,
size_t context_len) {
@@ -2656,8 +2624,8 @@
}
bcm_status BCM_mldsa87_verify_internal(
- const struct BCM_mldsa87_public_key *public_key,
- const uint8_t encoded_signature[BCM_MLDSA87_SIGNATURE_BYTES],
+ const MLDSA87_public_key *public_key,
+ const uint8_t encoded_signature[MLDSA87_SIGNATURE_BYTES],
const uint8_t *msg, size_t msg_len, const uint8_t *context_prefix,
size_t context_prefix_len, const uint8_t *context, size_t context_len) {
return bcm_as_approved_status(mldsa::mldsa_verify_internal<8, 7>(
@@ -2666,7 +2634,7 @@
}
bcm_status BCM_mldsa87_marshal_public_key(
- CBB *out, const struct BCM_mldsa87_public_key *public_key) {
+ CBB *out, const MLDSA87_public_key *public_key) {
return bcm_as_approved_status(mldsa_marshal_public_key(
out, mldsa::public_key_from_external_87(public_key)));
}
@@ -2674,28 +2642,27 @@
// ML-DSA-44 specific wrappers.
-bcm_status BCM_mldsa44_parse_public_key(
- struct BCM_mldsa44_public_key *public_key, CBS *in) {
+bcm_status BCM_mldsa44_parse_public_key(MLDSA44_public_key *public_key,
+ CBS *in) {
return bcm_as_approved_status(mldsa_parse_public_key(
mldsa::public_key_from_external_44(public_key), in));
}
bcm_status BCM_mldsa44_marshal_private_key(
- CBB *out, const struct BCM_mldsa44_private_key *private_key) {
+ CBB *out, const MLDSA44_private_key *private_key) {
return bcm_as_approved_status(mldsa_marshal_private_key(
out, mldsa::private_key_from_external_44(private_key)));
}
-bcm_status BCM_mldsa44_parse_private_key(
- struct BCM_mldsa44_private_key *private_key, CBS *in) {
+bcm_status BCM_mldsa44_parse_private_key(MLDSA44_private_key *private_key,
+ CBS *in) {
return bcm_as_approved_status(
mldsa_parse_private_key(mldsa::private_key_from_external_44(private_key),
in) &&
CBS_len(in) == 0);
}
-bcm_status BCM_mldsa44_check_key_fips(
- struct BCM_mldsa44_private_key *private_key) {
+bcm_status BCM_mldsa44_check_key_fips(MLDSA44_private_key *private_key) {
return bcm_as_approved_status(
mldsa::fips::check_key(mldsa::private_key_from_external_44(private_key)));
}
@@ -2703,35 +2670,33 @@
// Calls |MLDSA_generate_key_external_entropy| with random bytes from
// |BCM_rand_bytes|.
bcm_status BCM_mldsa44_generate_key(
- uint8_t out_encoded_public_key[BCM_MLDSA44_PUBLIC_KEY_BYTES],
- uint8_t out_seed[BCM_MLDSA_SEED_BYTES],
- struct BCM_mldsa44_private_key *out_private_key) {
- BCM_rand_bytes(out_seed, BCM_MLDSA_SEED_BYTES);
+ uint8_t out_encoded_public_key[MLDSA44_PUBLIC_KEY_BYTES],
+ uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA44_private_key *out_private_key) {
+ BCM_rand_bytes(out_seed, MLDSA_SEED_BYTES);
return BCM_mldsa44_generate_key_external_entropy(out_encoded_public_key,
out_private_key, out_seed);
}
bcm_status BCM_mldsa44_private_key_from_seed(
- struct BCM_mldsa44_private_key *out_private_key,
- const uint8_t seed[BCM_MLDSA_SEED_BYTES]) {
- uint8_t public_key[BCM_MLDSA44_PUBLIC_KEY_BYTES];
+ MLDSA44_private_key *out_private_key,
+ const uint8_t seed[MLDSA_SEED_BYTES]) {
+ uint8_t public_key[MLDSA44_PUBLIC_KEY_BYTES];
return BCM_mldsa44_generate_key_external_entropy(public_key, out_private_key,
seed);
}
bcm_status BCM_mldsa44_generate_key_external_entropy(
- uint8_t out_encoded_public_key[BCM_MLDSA44_PUBLIC_KEY_BYTES],
- struct BCM_mldsa44_private_key *out_private_key,
- const uint8_t entropy[BCM_MLDSA_SEED_BYTES]) {
+ uint8_t out_encoded_public_key[MLDSA44_PUBLIC_KEY_BYTES],
+ MLDSA44_private_key *out_private_key,
+ const uint8_t entropy[MLDSA_SEED_BYTES]) {
return bcm_as_not_approved_status(mldsa_generate_key_external_entropy(
out_encoded_public_key,
mldsa::private_key_from_external_44(out_private_key), entropy));
}
bcm_status BCM_mldsa44_generate_key_fips(
- uint8_t out_encoded_public_key[BCM_MLDSA44_PUBLIC_KEY_BYTES],
- uint8_t out_seed[BCM_MLDSA_SEED_BYTES],
- struct BCM_mldsa44_private_key *out_private_key) {
+ uint8_t out_encoded_public_key[MLDSA44_PUBLIC_KEY_BYTES],
+ uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA44_private_key *out_private_key) {
if (out_encoded_public_key == nullptr || out_private_key == nullptr) {
return bcm_status::failure;
}
@@ -2743,9 +2708,9 @@
}
bcm_status BCM_mldsa44_generate_key_external_entropy_fips(
- uint8_t out_encoded_public_key[BCM_MLDSA44_PUBLIC_KEY_BYTES],
- struct BCM_mldsa44_private_key *out_private_key,
- const uint8_t entropy[BCM_MLDSA_SEED_BYTES]) {
+ uint8_t out_encoded_public_key[MLDSA44_PUBLIC_KEY_BYTES],
+ MLDSA44_private_key *out_private_key,
+ const uint8_t entropy[MLDSA_SEED_BYTES]) {
if (out_encoded_public_key == nullptr || out_private_key == nullptr) {
return bcm_status::failure;
}
@@ -2758,9 +2723,9 @@
}
bcm_status BCM_mldsa44_private_key_from_seed_fips(
- struct BCM_mldsa44_private_key *out_private_key,
- const uint8_t seed[BCM_MLDSA_SEED_BYTES]) {
- uint8_t public_key[BCM_MLDSA44_PUBLIC_KEY_BYTES];
+ MLDSA44_private_key *out_private_key,
+ const uint8_t seed[MLDSA_SEED_BYTES]) {
+ uint8_t public_key[MLDSA44_PUBLIC_KEY_BYTES];
if (BCM_mldsa44_generate_key_external_entropy(public_key, out_private_key,
seed) == bcm_status::failure) {
return bcm_status::failure;
@@ -2769,17 +2734,17 @@
}
bcm_status BCM_mldsa44_public_from_private(
- struct BCM_mldsa44_public_key *out_public_key,
- const struct BCM_mldsa44_private_key *private_key) {
+ MLDSA44_public_key *out_public_key,
+ const MLDSA44_private_key *private_key) {
return bcm_as_approved_status(mldsa_public_from_private(
mldsa::public_key_from_external_44(out_public_key),
mldsa::private_key_from_external_44(private_key)));
}
bcm_status BCM_mldsa44_sign_internal(
- uint8_t out_encoded_signature[BCM_MLDSA44_SIGNATURE_BYTES],
- const struct BCM_mldsa44_private_key *private_key, const uint8_t *msg,
- size_t msg_len, const uint8_t *context_prefix, size_t context_prefix_len,
+ uint8_t out_encoded_signature[MLDSA44_SIGNATURE_BYTES],
+ const MLDSA44_private_key *private_key, const uint8_t *msg, size_t msg_len,
+ const uint8_t *context_prefix, size_t context_prefix_len,
const uint8_t *context, size_t context_len,
const uint8_t randomizer[BCM_MLDSA_SIGNATURE_RANDOMIZER_BYTES]) {
return bcm_as_approved_status(mldsa_sign_internal(
@@ -2791,9 +2756,9 @@
// ML-DSA signature in randomized mode, filling the random bytes with
// |BCM_rand_bytes|.
bcm_status BCM_mldsa44_sign(
- uint8_t out_encoded_signature[BCM_MLDSA44_SIGNATURE_BYTES],
- const struct BCM_mldsa44_private_key *private_key, const uint8_t *msg,
- size_t msg_len, const uint8_t *context, size_t context_len) {
+ uint8_t out_encoded_signature[MLDSA44_SIGNATURE_BYTES],
+ const MLDSA44_private_key *private_key, const uint8_t *msg, size_t msg_len,
+ const uint8_t *context, size_t context_len) {
BSSL_CHECK(context_len <= 255);
uint8_t randomizer[BCM_MLDSA_SIGNATURE_RANDOMIZER_BYTES];
BCM_rand_bytes(randomizer, sizeof(randomizer));
@@ -2805,8 +2770,8 @@
}
// ML-DSA pre-hashed API: initializing a pre-hashing context.
-void BCM_mldsa44_prehash_init(struct BCM_mldsa44_prehash *out_prehash_ctx,
- const struct BCM_mldsa44_public_key *public_key,
+void BCM_mldsa44_prehash_init(MLDSA44_prehash *out_prehash_ctx,
+ const MLDSA44_public_key *public_key,
const uint8_t *context, size_t context_len) {
BSSL_CHECK(context_len <= 255);
@@ -2818,25 +2783,24 @@
}
// ML-DSA pre-hashed API: updating a pre-hashing context with a message chunk.
-void BCM_mldsa44_prehash_update(struct BCM_mldsa44_prehash *inout_prehash_ctx,
+void BCM_mldsa44_prehash_update(MLDSA44_prehash *inout_prehash_ctx,
const uint8_t *msg, size_t msg_len) {
mldsa_prehash_update(
mldsa::prehash_context_from_external_44(inout_prehash_ctx), msg, msg_len);
}
// ML-DSA pre-hashed API: obtaining a message representative to sign.
-void BCM_mldsa44_prehash_finalize(
- uint8_t out_msg_rep[BCM_MLDSA_MU_BYTES],
- struct BCM_mldsa44_prehash *inout_prehash_ctx) {
+void BCM_mldsa44_prehash_finalize(uint8_t out_msg_rep[MLDSA_MU_BYTES],
+ MLDSA44_prehash *inout_prehash_ctx) {
mldsa_prehash_finalize(
out_msg_rep, mldsa::prehash_context_from_external_44(inout_prehash_ctx));
}
// ML-DSA pre-hashed API: signing a message representative.
bcm_status BCM_mldsa44_sign_message_representative(
- uint8_t out_encoded_signature[BCM_MLDSA44_SIGNATURE_BYTES],
- const struct BCM_mldsa44_private_key *private_key,
- const uint8_t msg_rep[BCM_MLDSA_MU_BYTES]) {
+ uint8_t out_encoded_signature[MLDSA44_SIGNATURE_BYTES],
+ const MLDSA44_private_key *private_key,
+ const uint8_t msg_rep[MLDSA_MU_BYTES]) {
uint8_t randomizer[BCM_MLDSA_SIGNATURE_RANDOMIZER_BYTES];
BCM_rand_bytes(randomizer, sizeof(randomizer));
CONSTTIME_SECRET(randomizer, sizeof(randomizer));
@@ -2847,7 +2811,7 @@
}
// FIPS 204, Algorithm 3 (`ML-DSA.Verify`).
-bcm_status BCM_mldsa44_verify(const struct BCM_mldsa44_public_key *public_key,
+bcm_status BCM_mldsa44_verify(const MLDSA44_public_key *public_key,
const uint8_t *signature, const uint8_t *msg,
size_t msg_len, const uint8_t *context,
size_t context_len) {
@@ -2859,8 +2823,8 @@
}
bcm_status BCM_mldsa44_verify_internal(
- const struct BCM_mldsa44_public_key *public_key,
- const uint8_t encoded_signature[BCM_MLDSA44_SIGNATURE_BYTES],
+ const MLDSA44_public_key *public_key,
+ const uint8_t encoded_signature[MLDSA44_SIGNATURE_BYTES],
const uint8_t *msg, size_t msg_len, const uint8_t *context_prefix,
size_t context_prefix_len, const uint8_t *context, size_t context_len) {
return bcm_as_approved_status(mldsa::mldsa_verify_internal<4, 4>(
@@ -2869,7 +2833,7 @@
}
bcm_status BCM_mldsa44_marshal_public_key(
- CBB *out, const struct BCM_mldsa44_public_key *public_key) {
+ CBB *out, const MLDSA44_public_key *public_key) {
return bcm_as_approved_status(mldsa_marshal_public_key(
out, mldsa::public_key_from_external_44(public_key)));
}
diff --git a/crypto/fipsmodule/mlkem/fips_known_values.inc b/crypto/fipsmodule/mlkem/fips_known_values.inc
index 81c1b8e..ac5aca6 100644
--- a/crypto/fipsmodule/mlkem/fips_known_values.inc
+++ b/crypto/fipsmodule/mlkem/fips_known_values.inc
@@ -1,9 +1,9 @@
-const uint8_t kTestEntropy[BCM_MLKEM_SEED_BYTES] = {
+const uint8_t kTestEntropy[MLKEM_SEED_BYTES] = {
0xc8, 0x77, 0x34, 0x04, 0xb3, 0xe5, 0x3e, 0x31, 0x7b, 0xab, 0x41,
0x08, 0xa8, 0x88, 0x9c, 0x90, 0xbe, 0xfb, 0x38, 0x0f, 0x63, 0x89,
0x70, 0xbc, 0xdc, 0x33, 0xeb, 0x2d, 0xe2, 0x99, 0x6b, 0x1a};
-const uint8_t kExpectedPublicKeyBytes[BCM_MLKEM768_PUBLIC_KEY_BYTES] = {
+const uint8_t kExpectedPublicKeyBytes[MLKEM768_PUBLIC_KEY_BYTES] = {
0xcb, 0x0b, 0x33, 0xa2, 0xac, 0xc4, 0x94, 0x56, 0x1a, 0x36, 0x1c, 0x0d,
0xa3, 0x57, 0x5b, 0x63, 0x6c, 0x0d, 0x1f, 0xe1, 0xa8, 0x36, 0xd5, 0x5d,
0x38, 0x5c, 0xac, 0xf4, 0x67, 0x39, 0x9a, 0x12, 0x5b, 0xef, 0xa1, 0x0a,
@@ -306,7 +306,7 @@
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
-const uint8_t kExpectedCiphertext[BCM_MLKEM768_CIPHERTEXT_BYTES] = {
+const uint8_t kExpectedCiphertext[MLKEM768_CIPHERTEXT_BYTES] = {
0x8c, 0xfa, 0xd2, 0x09, 0x06, 0x1b, 0xff, 0x23, 0x9f, 0x84, 0x61, 0xfd,
0x69, 0x7a, 0xa6, 0x2c, 0x57, 0x43, 0x64, 0x6b, 0x6b, 0x6b, 0xa3, 0xe1,
0xa9, 0x4f, 0x3e, 0x29, 0xff, 0x3d, 0xb1, 0x84, 0x51, 0x1d, 0x48, 0xe3,
@@ -399,13 +399,13 @@
0xf2, 0x60, 0x8a, 0xb6, 0x1c, 0x14, 0xb6, 0x25, 0xf2, 0x44, 0x59, 0xb7,
0x67, 0x3b, 0x94, 0x88, 0x15, 0x70, 0x6f, 0xa8};
-const uint8_t kExpectedSharedSecret[BCM_MLKEM_SHARED_SECRET_BYTES] = {
+const uint8_t kExpectedSharedSecret[MLKEM_SHARED_SECRET_BYTES] = {
0x7d, 0x9f, 0x1c, 0xb4, 0xae, 0x04, 0xd7, 0x5f, 0xa6, 0x57, 0x5a,
0xe0, 0xe4, 0x29, 0xb5, 0x73, 0xa9, 0x74, 0xb7, 0xa1, 0x25, 0xbd,
0xfb, 0x8a, 0x6e, 0x0f, 0x19, 0xba, 0xe1, 0x16, 0xae, 0x81};
const uint8_t
- kExpectedImplicitRejectionSharedSecret[BCM_MLKEM_SHARED_SECRET_BYTES] = {
+ kExpectedImplicitRejectionSharedSecret[MLKEM_SHARED_SECRET_BYTES] = {
0xa3, 0x19, 0x2a, 0x8c, 0x88, 0xfc, 0x99, 0x6d, 0x2d, 0xf9, 0x85,
0x8d, 0x2c, 0x55, 0x36, 0x39, 0x93, 0xf0, 0x49, 0x4d, 0x7e, 0xc0,
0xbe, 0x5a, 0x56, 0x7b, 0x8a, 0x42, 0x43, 0xa5, 0x74, 0x5d};
diff --git a/crypto/fipsmodule/mlkem/mlkem.cc.inc b/crypto/fipsmodule/mlkem/mlkem.cc.inc
index 07aa29d..692670c 100644
--- a/crypto/fipsmodule/mlkem/mlkem.cc.inc
+++ b/crypto/fipsmodule/mlkem/mlkem.cc.inc
@@ -26,7 +26,6 @@
#include "../../internal.h"
#include "../bcm_interface.h"
-#include "../delocate.h"
#include "../keccak/internal.h"
@@ -56,14 +55,14 @@
}
// This is called `J` in the spec.
-void kdf(uint8_t out[BCM_MLKEM_SHARED_SECRET_BYTES],
+void kdf(uint8_t out[MLKEM_SHARED_SECRET_BYTES],
const uint8_t failure_secret[32], const uint8_t *ciphertext,
size_t ciphertext_len) {
- struct BORINGSSL_keccak_st st;
+ BORINGSSL_keccak_st st;
BORINGSSL_keccak_init(&st, boringssl_shake256);
BORINGSSL_keccak_absorb(&st, failure_secret, 32);
BORINGSSL_keccak_absorb(&st, ciphertext, ciphertext_len);
- BORINGSSL_keccak_squeeze(&st, out, BCM_MLKEM_SHARED_SECRET_BYTES);
+ BORINGSSL_keccak_squeeze(&st, out, MLKEM_SHARED_SECRET_BYTES);
}
// Constants that are common across all sizes.
@@ -93,10 +92,8 @@
return encoded_vector_size(rank) + /*sizeof(rho)=*/32;
}
-static_assert(encoded_public_key_size(RANK768) ==
- BCM_MLKEM768_PUBLIC_KEY_BYTES);
-static_assert(encoded_public_key_size(RANK1024) ==
- BCM_MLKEM1024_PUBLIC_KEY_BYTES);
+static_assert(encoded_public_key_size(RANK768) == MLKEM768_PUBLIC_KEY_BYTES);
+static_assert(encoded_public_key_size(RANK1024) == MLKEM1024_PUBLIC_KEY_BYTES);
constexpr size_t compressed_vector_size(int rank) {
// `if constexpr` isn't available in C++17.
@@ -109,13 +106,13 @@
(rank == RANK768 ? kDV768 : kDV1024) * DEGREE / 8;
}
-static_assert(ciphertext_size(RANK768) == BCM_MLKEM768_CIPHERTEXT_BYTES);
-static_assert(ciphertext_size(RANK1024) == BCM_MLKEM1024_CIPHERTEXT_BYTES);
+static_assert(ciphertext_size(RANK768) == MLKEM768_CIPHERTEXT_BYTES);
+static_assert(ciphertext_size(RANK1024) == MLKEM1024_CIPHERTEXT_BYTES);
-typedef struct scalar {
+struct scalar {
// On every function entry and exit, 0 <= c < kPrime.
uint16_t c[DEGREE];
-} scalar;
+};
template <int RANK>
struct vector {
@@ -367,7 +364,7 @@
// uniformly distributed elements. This is used for matrix expansion and only
// operates on public inputs.
static void scalar_from_keccak_vartime(scalar *out,
- struct BORINGSSL_keccak_st *keccak_ctx) {
+ BORINGSSL_keccak_st *keccak_ctx) {
assert(keccak_ctx->squeeze_offset == 0);
assert(keccak_ctx->rate_bytes == 168);
static_assert(168 % 3 == 0, "block and coefficient boundaries do not align");
@@ -445,7 +442,7 @@
for (int j = 0; j < RANK; j++) {
input[32] = i;
input[33] = j;
- struct BORINGSSL_keccak_st keccak_ctx;
+ BORINGSSL_keccak_st keccak_ctx;
BORINGSSL_keccak_init(&keccak_ctx, boringssl_shake128);
BORINGSSL_keccak_absorb(&keccak_ctx, input, sizeof(input));
scalar_from_keccak_vartime(&out->v[i][j], &keccak_ctx);
@@ -654,15 +651,14 @@
template <int RANK>
struct private_key {
- struct public_key<RANK> pub;
+ public_key<RANK> pub;
vector<RANK> s;
uint8_t fo_failure_secret[32];
};
template <int RANK>
-static void decrypt_cpa(
- uint8_t out[32], const struct private_key<RANK> *priv,
- const uint8_t ciphertext[BCM_MLKEM768_CIPHERTEXT_BYTES]) {
+static void decrypt_cpa(uint8_t out[32], const private_key<RANK> *priv,
+ const uint8_t ciphertext[MLKEM768_CIPHERTEXT_BYTES]) {
constexpr int du = RANK == RANK768 ? kDU768 : kDU1024;
constexpr int dv = RANK == RANK768 ? kDV768 : kDV1024;
@@ -683,7 +679,7 @@
template <int RANK>
static bcm_status mlkem_marshal_public_key(CBB *out,
- const struct public_key<RANK> *pub) {
+ const public_key<RANK> *pub) {
uint8_t *vector_output;
if (!CBB_add_space(out, &vector_output, encoded_vector_size(RANK))) {
return bcm_status::failure;
@@ -698,7 +694,7 @@
template <int RANK>
void mlkem_generate_key_external_seed_no_self_test(
uint8_t *out_encoded_public_key, private_key<RANK> *priv,
- const uint8_t seed[BCM_MLKEM_SEED_BYTES]) {
+ const uint8_t seed[MLKEM_SEED_BYTES]) {
uint8_t augmented_seed[33];
OPENSSL_memcpy(augmented_seed, seed, 32);
augmented_seed[32] = RANK;
@@ -734,9 +730,9 @@
}
template <int RANK>
-void mlkem_generate_key_external_seed(
- uint8_t *out_encoded_public_key, private_key<RANK> *priv,
- const uint8_t seed[BCM_MLKEM_SEED_BYTES]) {
+void mlkem_generate_key_external_seed(uint8_t *out_encoded_public_key,
+ private_key<RANK> *priv,
+ const uint8_t seed[MLKEM_SEED_BYTES]) {
fips::ensure_keygen_self_test();
mlkem_generate_key_external_seed_no_self_test(out_encoded_public_key, priv,
seed);
@@ -747,7 +743,7 @@
// would not result in a CCA secure scheme, since lattice schemes are vulnerable
// to decryption failure oracles.
template <int RANK>
-void encrypt_cpa(uint8_t *out, const struct mlkem::public_key<RANK> *pub,
+void encrypt_cpa(uint8_t *out, const mlkem::public_key<RANK> *pub,
const uint8_t message[32], const uint8_t randomness[32]) {
constexpr int du = RANK == RANK768 ? mlkem::kDU768 : mlkem::kDU1024;
constexpr int dv = RANK == RANK768 ? mlkem::kDV768 : mlkem::kDV1024;
@@ -784,8 +780,8 @@
// See section 6.3
template <int RANK>
void mlkem_decap_no_self_test(
- uint8_t out_shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES],
- const uint8_t *ciphertext, const struct private_key<RANK> *priv) {
+ uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
+ const uint8_t *ciphertext, const private_key<RANK> *priv) {
uint8_t decrypted[64];
decrypt_cpa(decrypted, priv, ciphertext);
OPENSSL_memcpy(decrypted + 32, priv->pub.public_key_hash,
@@ -793,7 +789,7 @@
uint8_t key_and_randomness[64];
hash_g(key_and_randomness, decrypted, sizeof(decrypted));
constexpr size_t ciphertext_len = ciphertext_size(RANK);
- uint8_t expected_ciphertext[BCM_MLKEM1024_CIPHERTEXT_BYTES];
+ uint8_t expected_ciphertext[MLKEM1024_CIPHERTEXT_BYTES];
static_assert(ciphertext_len <= sizeof(expected_ciphertext));
encrypt_cpa(expected_ciphertext, &priv->pub, decrypted,
key_and_randomness + 32);
@@ -803,16 +799,15 @@
uint8_t mask = constant_time_eq_int_8(
CRYPTO_memcmp(ciphertext, expected_ciphertext, ciphertext_len), 0);
- for (int i = 0; i < BCM_MLKEM_SHARED_SECRET_BYTES; i++) {
+ for (int i = 0; i < MLKEM_SHARED_SECRET_BYTES; i++) {
out_shared_secret[i] =
constant_time_select_8(mask, key_and_randomness[i], failure_key[i]);
}
}
template <int RANK>
-void mlkem_decap(uint8_t out_shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES],
- const uint8_t *ciphertext,
- const struct private_key<RANK> *priv) {
+void mlkem_decap(uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
+ const uint8_t *ciphertext, const private_key<RANK> *priv) {
fips::ensure_decap_self_test();
mlkem_decap_no_self_test(out_shared_secret, ciphertext, priv);
}
@@ -820,7 +815,7 @@
// mlkem_parse_public_key_no_hash parses |in| into |pub| but doesn't calculate
// the value of |pub->public_key_hash|.
template <int RANK>
-int mlkem_parse_public_key_no_hash(struct public_key<RANK> *pub, CBS *in) {
+int mlkem_parse_public_key_no_hash(public_key<RANK> *pub, CBS *in) {
CBS t_bytes;
if (!CBS_get_bytes(in, &t_bytes, encoded_vector_size(RANK)) ||
!vector_decode(&pub->t, CBS_data(&t_bytes), kLog2Prime) ||
@@ -832,7 +827,7 @@
}
template <int RANK>
-int mlkem_parse_public_key(struct public_key<RANK> *pub, CBS *in) {
+int mlkem_parse_public_key(public_key<RANK> *pub, CBS *in) {
CBS orig_in = *in;
if (!mlkem_parse_public_key_no_hash(pub, in) || //
CBS_len(in) != 0) {
@@ -843,7 +838,7 @@
}
template <int RANK>
-int mlkem_parse_private_key(struct private_key<RANK> *priv, CBS *in) {
+int mlkem_parse_private_key(private_key<RANK> *priv, CBS *in) {
CBS s_bytes;
if (!CBS_get_bytes(in, &s_bytes, encoded_vector_size(RANK)) ||
!vector_decode(&priv->s, CBS_data(&s_bytes), kLog2Prime) ||
@@ -859,7 +854,7 @@
}
template <int RANK>
-int mlkem_marshal_private_key(CBB *out, const struct private_key<RANK> *priv) {
+int mlkem_marshal_private_key(CBB *out, const private_key<RANK> *priv) {
uint8_t *s_output;
if (!CBB_add_space(out, &s_output, encoded_vector_size(RANK))) {
return 0;
@@ -875,56 +870,49 @@
return 1;
}
-struct public_key<RANK768> *public_key_768_from_external(
- const struct BCM_mlkem768_public_key *external) {
- static_assert(sizeof(struct BCM_mlkem768_public_key) >=
- sizeof(struct public_key<RANK768>),
+public_key<RANK768> *public_key_768_from_external(
+ const MLKEM768_public_key *external) {
+ static_assert(sizeof(MLKEM768_public_key) >= sizeof(public_key<RANK768>),
"MLKEM public key is too small");
- static_assert(alignof(struct BCM_mlkem768_public_key) >=
- alignof(struct public_key<RANK768>),
+ static_assert(alignof(MLKEM768_public_key) >= alignof(public_key<RANK768>),
"MLKEM public key alignment incorrect");
- return (struct public_key<RANK768> *)external;
+ return (public_key<RANK768> *)external;
}
-static struct public_key<RANK1024> *public_key_1024_from_external(
- const struct BCM_mlkem1024_public_key *external) {
- static_assert(sizeof(struct BCM_mlkem1024_public_key) >=
- sizeof(struct public_key<RANK1024>),
+static public_key<RANK1024> *public_key_1024_from_external(
+ const MLKEM1024_public_key *external) {
+ static_assert(sizeof(MLKEM1024_public_key) >= sizeof(public_key<RANK1024>),
"MLKEM1024 public key is too small");
- static_assert(alignof(struct BCM_mlkem1024_public_key) >=
- alignof(struct public_key<RANK1024>),
+ static_assert(alignof(MLKEM1024_public_key) >= alignof(public_key<RANK1024>),
"MLKEM1024 public key alignment incorrect");
- return (struct public_key<RANK1024> *)external;
+ return (public_key<RANK1024> *)external;
}
-struct private_key<RANK768> *private_key_768_from_external(
- const struct BCM_mlkem768_private_key *external) {
- static_assert(sizeof(struct BCM_mlkem768_private_key) >=
- sizeof(struct private_key<RANK768>),
+private_key<RANK768> *private_key_768_from_external(
+ const MLKEM768_private_key *external) {
+ static_assert(sizeof(MLKEM768_private_key) >= sizeof(private_key<RANK768>),
"MLKEM private key too small");
- static_assert(alignof(struct BCM_mlkem768_private_key) >=
- alignof(struct private_key<RANK768>),
+ static_assert(alignof(MLKEM768_private_key) >= alignof(private_key<RANK768>),
"MLKEM private key alignment incorrect");
- return (struct private_key<RANK768> *)external;
+ return (private_key<RANK768> *)external;
}
-struct private_key<RANK1024> *private_key_1024_from_external(
- const struct BCM_mlkem1024_private_key *external) {
- static_assert(sizeof(struct BCM_mlkem1024_private_key) >=
- sizeof(struct private_key<RANK1024>),
+private_key<RANK1024> *private_key_1024_from_external(
+ const MLKEM1024_private_key *external) {
+ static_assert(sizeof(MLKEM1024_private_key) >= sizeof(private_key<RANK1024>),
"MLKEM1024 private key too small");
- static_assert(alignof(struct BCM_mlkem1024_private_key) >=
- alignof(struct private_key<RANK1024>),
- "MLKEM1024 private key alignment incorrect");
- return (struct private_key<RANK1024> *)external;
+ static_assert(
+ alignof(MLKEM1024_private_key) >= alignof(private_key<RANK1024>),
+ "MLKEM1024 private key alignment incorrect");
+ return (private_key<RANK1024> *)external;
}
// See section 6.2.
template <int RANK>
void mlkem_encap_external_entropy_no_self_test(
uint8_t *out_ciphertext,
- uint8_t out_shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES],
- const struct mlkem::public_key<RANK> *pub,
+ uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
+ const mlkem::public_key<RANK> *pub,
const uint8_t entropy[BCM_MLKEM_ENCAP_ENTROPY]) {
uint8_t input[64];
OPENSSL_memcpy(input, entropy, BCM_MLKEM_ENCAP_ENTROPY);
@@ -935,15 +923,15 @@
encrypt_cpa(out_ciphertext, pub, entropy, key_and_randomness + 32);
// The ciphertext is public.
CONSTTIME_DECLASSIFY(out_ciphertext, mlkem::ciphertext_size(RANK));
- static_assert(BCM_MLKEM_SHARED_SECRET_BYTES == 32);
+ static_assert(MLKEM_SHARED_SECRET_BYTES == 32);
memcpy(out_shared_secret, key_and_randomness, 32);
}
template <int RANK>
void mlkem_encap_external_entropy(
uint8_t *out_ciphertext,
- uint8_t out_shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES],
- const struct mlkem::public_key<RANK> *pub,
+ uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
+ const mlkem::public_key<RANK> *pub,
const uint8_t entropy[BCM_MLKEM_ENCAP_ENTROPY]) {
fips::ensure_encap_self_test();
mlkem_encap_external_entropy_no_self_test(out_ciphertext, out_shared_secret,
@@ -955,9 +943,9 @@
#include "fips_known_values.inc"
static int keygen_self_test() {
- uint8_t pub_key[BCM_MLKEM768_PUBLIC_KEY_BYTES];
+ uint8_t pub_key[MLKEM768_PUBLIC_KEY_BYTES];
private_key<RANK768> priv;
- static_assert(sizeof(kTestEntropy) >= BCM_MLKEM_SEED_BYTES);
+ static_assert(sizeof(kTestEntropy) >= MLKEM_SEED_BYTES);
mlkem_generate_key_external_seed_no_self_test(pub_key, &priv, kTestEntropy);
CBB cbb;
constexpr size_t kMarshaledPrivateKeySize = 2400;
@@ -982,8 +970,8 @@
if (!mlkem_parse_public_key(&pub, &cbs)) {
return 0;
}
- uint8_t ciphertext[BCM_MLKEM768_CIPHERTEXT_BYTES];
- uint8_t shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES];
+ uint8_t ciphertext[MLKEM768_CIPHERTEXT_BYTES];
+ uint8_t shared_secret[MLKEM_SHARED_SECRET_BYTES];
static_assert(sizeof(kTestEntropy) >= BCM_MLKEM_ENCAP_ENTROPY);
mlkem_encap_external_entropy_no_self_test(ciphertext, shared_secret, &pub,
kTestEntropy);
@@ -1004,7 +992,7 @@
if (!mlkem_parse_private_key(&priv, &cbs)) {
return 0;
}
- uint8_t shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES];
+ uint8_t shared_secret[MLKEM_SHARED_SECRET_BYTES];
mlkem_decap_no_self_test(shared_secret, kExpectedCiphertext, &priv);
static_assert(sizeof(kExpectedSharedSecret) == sizeof(shared_secret));
if (!BORINGSSL_check_test(kExpectedSharedSecret, shared_secret,
@@ -1013,7 +1001,7 @@
return 0;
}
- uint8_t implicit_rejection_shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES];
+ uint8_t implicit_rejection_shared_secret[MLKEM_SHARED_SECRET_BYTES];
static_assert(sizeof(kExpectedPrivateKeyBytes) >=
sizeof(kExpectedCiphertext));
mlkem_decap_no_self_test(implicit_rejection_shared_secret,
@@ -1073,14 +1061,13 @@
} // namespace
} // namespace mlkem
-bcm_status BCM_mlkem768_check_fips(
- const struct BCM_mlkem768_private_key *private_key) {
+bcm_status BCM_mlkem768_check_fips(const MLKEM768_private_key *private_key) {
mlkem::private_key<RANK768> *priv =
mlkem::private_key_768_from_external(private_key);
const uint8_t entropy[BCM_MLKEM_ENCAP_ENTROPY] = {1, 2, 3, 4};
- uint8_t ciphertext[BCM_MLKEM768_CIPHERTEXT_BYTES];
- uint8_t shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES];
+ uint8_t ciphertext[MLKEM768_CIPHERTEXT_BYTES];
+ uint8_t shared_secret[MLKEM_SHARED_SECRET_BYTES];
mlkem_encap_external_entropy_no_self_test(ciphertext, shared_secret,
&priv->pub, entropy);
@@ -1088,7 +1075,7 @@
shared_secret[0] ^= 1;
}
- uint8_t shared_secret2[BCM_MLKEM_SHARED_SECRET_BYTES];
+ uint8_t shared_secret2[MLKEM_SHARED_SECRET_BYTES];
mlkem::mlkem_decap_no_self_test(shared_secret2, ciphertext, priv);
if (CRYPTO_memcmp(shared_secret, shared_secret2, sizeof(shared_secret)) !=
0) {
@@ -1098,9 +1085,9 @@
}
bcm_status BCM_mlkem768_generate_key_fips(
- uint8_t out_encoded_public_key[BCM_MLKEM768_PUBLIC_KEY_BYTES],
- uint8_t optional_out_seed[BCM_MLKEM_SEED_BYTES],
- struct BCM_mlkem768_private_key *out_private_key) {
+ uint8_t out_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES],
+ uint8_t optional_out_seed[MLKEM_SEED_BYTES],
+ MLKEM768_private_key *out_private_key) {
if (out_encoded_public_key == nullptr || out_private_key == nullptr) {
return bcm_status::failure;
}
@@ -1110,10 +1097,10 @@
}
bcm_infallible BCM_mlkem768_generate_key(
- uint8_t out_encoded_public_key[BCM_MLKEM768_PUBLIC_KEY_BYTES],
- uint8_t optional_out_seed[BCM_MLKEM_SEED_BYTES],
- struct BCM_mlkem768_private_key *out_private_key) {
- uint8_t seed[BCM_MLKEM_SEED_BYTES];
+ uint8_t out_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES],
+ uint8_t optional_out_seed[MLKEM_SEED_BYTES],
+ MLKEM768_private_key *out_private_key) {
+ uint8_t seed[MLKEM_SEED_BYTES];
BCM_rand_bytes(seed, sizeof(seed));
CONSTTIME_SECRET(seed, sizeof(seed));
if (optional_out_seed) {
@@ -1125,26 +1112,25 @@
}
bcm_status BCM_mlkem768_private_key_from_seed(
- struct BCM_mlkem768_private_key *out_private_key, const uint8_t *seed,
+ MLKEM768_private_key *out_private_key, const uint8_t *seed,
size_t seed_len) {
- if (seed_len != BCM_MLKEM_SEED_BYTES) {
+ if (seed_len != MLKEM_SEED_BYTES) {
return bcm_status::failure;
}
- uint8_t public_key_bytes[BCM_MLKEM768_PUBLIC_KEY_BYTES];
+ uint8_t public_key_bytes[MLKEM768_PUBLIC_KEY_BYTES];
BCM_mlkem768_generate_key_external_seed(public_key_bytes, out_private_key,
seed);
return bcm_status::not_approved;
}
-bcm_status BCM_mlkem1024_check_fips(
- const struct BCM_mlkem1024_private_key *private_key) {
+bcm_status BCM_mlkem1024_check_fips(const MLKEM1024_private_key *private_key) {
mlkem::private_key<RANK1024> *priv =
mlkem::private_key_1024_from_external(private_key);
const uint8_t entropy[BCM_MLKEM_ENCAP_ENTROPY] = {1, 2, 3, 4};
- uint8_t ciphertext[BCM_MLKEM1024_CIPHERTEXT_BYTES];
- uint8_t shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES];
+ uint8_t ciphertext[MLKEM1024_CIPHERTEXT_BYTES];
+ uint8_t shared_secret[MLKEM_SHARED_SECRET_BYTES];
mlkem_encap_external_entropy_no_self_test(ciphertext, shared_secret,
&priv->pub, entropy);
@@ -1152,7 +1138,7 @@
shared_secret[0] ^= 1;
}
- uint8_t shared_secret2[BCM_MLKEM_SHARED_SECRET_BYTES];
+ uint8_t shared_secret2[MLKEM_SHARED_SECRET_BYTES];
mlkem::mlkem_decap_no_self_test(shared_secret2, ciphertext, priv);
if (CRYPTO_memcmp(shared_secret, shared_secret2, sizeof(shared_secret)) !=
0) {
@@ -1162,9 +1148,9 @@
}
bcm_status BCM_mlkem1024_generate_key_fips(
- uint8_t out_encoded_public_key[BCM_MLKEM1024_PUBLIC_KEY_BYTES],
- uint8_t optional_out_seed[BCM_MLKEM_SEED_BYTES],
- struct BCM_mlkem1024_private_key *out_private_key) {
+ uint8_t out_encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES],
+ uint8_t optional_out_seed[MLKEM_SEED_BYTES],
+ MLKEM1024_private_key *out_private_key) {
if (out_encoded_public_key == nullptr || out_private_key == nullptr) {
return bcm_status::failure;
}
@@ -1174,10 +1160,10 @@
}
bcm_infallible BCM_mlkem1024_generate_key(
- uint8_t out_encoded_public_key[BCM_MLKEM1024_PUBLIC_KEY_BYTES],
- uint8_t optional_out_seed[BCM_MLKEM_SEED_BYTES],
- struct BCM_mlkem1024_private_key *out_private_key) {
- uint8_t seed[BCM_MLKEM_SEED_BYTES];
+ uint8_t out_encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES],
+ uint8_t optional_out_seed[MLKEM_SEED_BYTES],
+ MLKEM1024_private_key *out_private_key) {
+ uint8_t seed[MLKEM_SEED_BYTES];
BCM_rand_bytes(seed, sizeof(seed));
CONSTTIME_SECRET(seed, sizeof(seed));
if (optional_out_seed) {
@@ -1189,21 +1175,21 @@
}
bcm_status BCM_mlkem1024_private_key_from_seed(
- struct BCM_mlkem1024_private_key *out_private_key, const uint8_t *seed,
+ MLKEM1024_private_key *out_private_key, const uint8_t *seed,
size_t seed_len) {
- if (seed_len != BCM_MLKEM_SEED_BYTES) {
+ if (seed_len != MLKEM_SEED_BYTES) {
return bcm_status::failure;
}
- uint8_t public_key_bytes[BCM_MLKEM1024_PUBLIC_KEY_BYTES];
+ uint8_t public_key_bytes[MLKEM1024_PUBLIC_KEY_BYTES];
BCM_mlkem1024_generate_key_external_seed(public_key_bytes, out_private_key,
seed);
return bcm_status::not_approved;
}
bcm_infallible BCM_mlkem768_generate_key_external_seed(
- uint8_t out_encoded_public_key[BCM_MLKEM768_PUBLIC_KEY_BYTES],
- struct BCM_mlkem768_private_key *out_private_key,
- const uint8_t seed[BCM_MLKEM_SEED_BYTES]) {
+ uint8_t out_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES],
+ MLKEM768_private_key *out_private_key,
+ const uint8_t seed[MLKEM_SEED_BYTES]) {
mlkem::private_key<RANK768> *priv =
mlkem::private_key_768_from_external(out_private_key);
mlkem_generate_key_external_seed(out_encoded_public_key, priv, seed);
@@ -1211,9 +1197,9 @@
}
bcm_infallible BCM_mlkem1024_generate_key_external_seed(
- uint8_t out_encoded_public_key[BCM_MLKEM1024_PUBLIC_KEY_BYTES],
- struct BCM_mlkem1024_private_key *out_private_key,
- const uint8_t seed[BCM_MLKEM_SEED_BYTES]) {
+ uint8_t out_encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES],
+ MLKEM1024_private_key *out_private_key,
+ const uint8_t seed[MLKEM_SEED_BYTES]) {
mlkem::private_key<RANK1024> *priv =
mlkem::private_key_1024_from_external(out_private_key);
mlkem_generate_key_external_seed(out_encoded_public_key, priv, seed);
@@ -1221,22 +1207,22 @@
}
bcm_infallible BCM_mlkem768_public_from_private(
- struct BCM_mlkem768_public_key *out_public_key,
- const struct BCM_mlkem768_private_key *private_key) {
- struct mlkem::public_key<RANK768> *const pub =
+ MLKEM768_public_key *out_public_key,
+ const MLKEM768_private_key *private_key) {
+ mlkem::public_key<RANK768> *const pub =
mlkem::public_key_768_from_external(out_public_key);
- const struct mlkem::private_key<RANK768> *const priv =
+ const mlkem::private_key<RANK768> *const priv =
mlkem::private_key_768_from_external(private_key);
*pub = priv->pub;
return bcm_infallible::approved;
}
bcm_infallible BCM_mlkem1024_public_from_private(
- struct BCM_mlkem1024_public_key *out_public_key,
- const struct BCM_mlkem1024_private_key *private_key) {
- struct mlkem::public_key<RANK1024> *const pub =
+ MLKEM1024_public_key *out_public_key,
+ const MLKEM1024_private_key *private_key) {
+ mlkem::public_key<RANK1024> *const pub =
mlkem::public_key_1024_from_external(out_public_key);
- const struct mlkem::private_key<RANK1024> *const priv =
+ const mlkem::private_key<RANK1024> *const priv =
mlkem::private_key_1024_from_external(private_key);
*pub = priv->pub;
return bcm_infallible::approved;
@@ -1245,9 +1231,9 @@
// Calls |MLKEM768_encap_external_entropy| with random bytes from
// |BCM_rand_bytes|
bcm_infallible BCM_mlkem768_encap(
- uint8_t out_ciphertext[BCM_MLKEM768_CIPHERTEXT_BYTES],
- uint8_t out_shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES],
- const struct BCM_mlkem768_public_key *public_key) {
+ uint8_t out_ciphertext[MLKEM768_CIPHERTEXT_BYTES],
+ uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
+ const MLKEM768_public_key *public_key) {
uint8_t entropy[BCM_MLKEM_ENCAP_ENTROPY];
BCM_rand_bytes(entropy, BCM_MLKEM_ENCAP_ENTROPY);
CONSTTIME_SECRET(entropy, BCM_MLKEM_ENCAP_ENTROPY);
@@ -1257,9 +1243,9 @@
}
bcm_infallible BCM_mlkem1024_encap(
- uint8_t out_ciphertext[BCM_MLKEM1024_CIPHERTEXT_BYTES],
- uint8_t out_shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES],
- const struct BCM_mlkem1024_public_key *public_key) {
+ uint8_t out_ciphertext[MLKEM1024_CIPHERTEXT_BYTES],
+ uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
+ const MLKEM1024_public_key *public_key) {
uint8_t entropy[BCM_MLKEM_ENCAP_ENTROPY];
BCM_rand_bytes(entropy, BCM_MLKEM_ENCAP_ENTROPY);
CONSTTIME_SECRET(entropy, BCM_MLKEM_ENCAP_ENTROPY);
@@ -1269,70 +1255,70 @@
}
bcm_infallible BCM_mlkem768_encap_external_entropy(
- uint8_t out_ciphertext[BCM_MLKEM768_CIPHERTEXT_BYTES],
- uint8_t out_shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES],
- const struct BCM_mlkem768_public_key *public_key,
+ uint8_t out_ciphertext[MLKEM768_CIPHERTEXT_BYTES],
+ uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
+ const MLKEM768_public_key *public_key,
const uint8_t entropy[BCM_MLKEM_ENCAP_ENTROPY]) {
- const struct mlkem::public_key<RANK768> *pub =
+ const mlkem::public_key<RANK768> *pub =
mlkem::public_key_768_from_external(public_key);
mlkem_encap_external_entropy(out_ciphertext, out_shared_secret, pub, entropy);
return bcm_infallible::approved;
}
bcm_infallible BCM_mlkem1024_encap_external_entropy(
- uint8_t out_ciphertext[BCM_MLKEM1024_CIPHERTEXT_BYTES],
- uint8_t out_shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES],
- const struct BCM_mlkem1024_public_key *public_key,
+ uint8_t out_ciphertext[MLKEM1024_CIPHERTEXT_BYTES],
+ uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
+ const MLKEM1024_public_key *public_key,
const uint8_t entropy[BCM_MLKEM_ENCAP_ENTROPY]) {
- const struct mlkem::public_key<RANK1024> *pub =
+ const mlkem::public_key<RANK1024> *pub =
mlkem::public_key_1024_from_external(public_key);
mlkem_encap_external_entropy(out_ciphertext, out_shared_secret, pub, entropy);
return bcm_infallible::approved;
}
bcm_status BCM_mlkem768_decap(
- uint8_t out_shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES],
+ uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
const uint8_t *ciphertext, size_t ciphertext_len,
- const struct BCM_mlkem768_private_key *private_key) {
- if (ciphertext_len != BCM_MLKEM768_CIPHERTEXT_BYTES) {
- BCM_rand_bytes(out_shared_secret, BCM_MLKEM_SHARED_SECRET_BYTES);
+ const MLKEM768_private_key *private_key) {
+ if (ciphertext_len != MLKEM768_CIPHERTEXT_BYTES) {
+ BCM_rand_bytes(out_shared_secret, MLKEM_SHARED_SECRET_BYTES);
return bcm_status::failure;
}
- const struct mlkem::private_key<RANK768> *priv =
+ const mlkem::private_key<RANK768> *priv =
mlkem::private_key_768_from_external(private_key);
mlkem_decap(out_shared_secret, ciphertext, priv);
return bcm_status::approved;
}
bcm_status BCM_mlkem1024_decap(
- uint8_t out_shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES],
+ uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
const uint8_t *ciphertext, size_t ciphertext_len,
- const struct BCM_mlkem1024_private_key *private_key) {
- if (ciphertext_len != BCM_MLKEM1024_CIPHERTEXT_BYTES) {
- BCM_rand_bytes(out_shared_secret, BCM_MLKEM_SHARED_SECRET_BYTES);
+ const MLKEM1024_private_key *private_key) {
+ if (ciphertext_len != MLKEM1024_CIPHERTEXT_BYTES) {
+ BCM_rand_bytes(out_shared_secret, MLKEM_SHARED_SECRET_BYTES);
return bcm_status::failure;
}
- const struct mlkem::private_key<RANK1024> *priv =
+ const mlkem::private_key<RANK1024> *priv =
mlkem::private_key_1024_from_external(private_key);
mlkem_decap(out_shared_secret, ciphertext, priv);
return bcm_status::approved;
}
bcm_status BCM_mlkem768_marshal_public_key(
- CBB *out, const struct BCM_mlkem768_public_key *public_key) {
+ CBB *out, const MLKEM768_public_key *public_key) {
return mlkem_marshal_public_key(
out, mlkem::public_key_768_from_external(public_key));
}
bcm_status BCM_mlkem1024_marshal_public_key(
- CBB *out, const struct BCM_mlkem1024_public_key *public_key) {
+ CBB *out, const MLKEM1024_public_key *public_key) {
return mlkem_marshal_public_key(
out, mlkem::public_key_1024_from_external(public_key));
}
-bcm_status BCM_mlkem768_parse_public_key(
- struct BCM_mlkem768_public_key *public_key, CBS *in) {
- struct mlkem::public_key<RANK768> *pub =
+bcm_status BCM_mlkem768_parse_public_key(MLKEM768_public_key *public_key,
+ CBS *in) {
+ mlkem::public_key<RANK768> *pub =
mlkem::public_key_768_from_external(public_key);
if (!mlkem_parse_public_key(pub, in)) {
return bcm_status::failure;
@@ -1340,9 +1326,9 @@
return bcm_status::approved;
}
-bcm_status BCM_mlkem1024_parse_public_key(
- struct BCM_mlkem1024_public_key *public_key, CBS *in) {
- struct mlkem::public_key<RANK1024> *pub =
+bcm_status BCM_mlkem1024_parse_public_key(MLKEM1024_public_key *public_key,
+ CBS *in) {
+ mlkem::public_key<RANK1024> *pub =
mlkem::public_key_1024_from_external(public_key);
if (!mlkem_parse_public_key(pub, in)) {
return bcm_status::failure;
@@ -1351,8 +1337,8 @@
}
bcm_status BCM_mlkem768_marshal_private_key(
- CBB *out, const struct BCM_mlkem768_private_key *private_key) {
- const struct mlkem::private_key<RANK768> *const priv =
+ CBB *out, const MLKEM768_private_key *private_key) {
+ const mlkem::private_key<RANK768> *const priv =
mlkem::private_key_768_from_external(private_key);
if (!mlkem_marshal_private_key(out, priv)) {
return bcm_status::failure;
@@ -1361,8 +1347,8 @@
}
bcm_status BCM_mlkem1024_marshal_private_key(
- CBB *out, const struct BCM_mlkem1024_private_key *private_key) {
- const struct mlkem::private_key<RANK1024> *const priv =
+ CBB *out, const MLKEM1024_private_key *private_key) {
+ const mlkem::private_key<RANK1024> *const priv =
mlkem::private_key_1024_from_external(private_key);
if (!mlkem_marshal_private_key(out, priv)) {
return bcm_status::failure;
@@ -1370,9 +1356,9 @@
return bcm_status::approved;
}
-bcm_status BCM_mlkem768_parse_private_key(
- struct BCM_mlkem768_private_key *out_private_key, CBS *in) {
- struct mlkem::private_key<RANK768> *const priv =
+bcm_status BCM_mlkem768_parse_private_key(MLKEM768_private_key *out_private_key,
+ CBS *in) {
+ mlkem::private_key<RANK768> *const priv =
mlkem::private_key_768_from_external(out_private_key);
if (!mlkem_parse_private_key(priv, in)) {
return bcm_status::failure;
@@ -1381,8 +1367,8 @@
}
bcm_status BCM_mlkem1024_parse_private_key(
- struct BCM_mlkem1024_private_key *out_private_key, CBS *in) {
- struct mlkem::private_key<RANK1024> *const priv =
+ MLKEM1024_private_key *out_private_key, CBS *in) {
+ mlkem::private_key<RANK1024> *const priv =
mlkem::private_key_1024_from_external(out_private_key);
if (!mlkem_parse_private_key(priv, in)) {
return bcm_status::failure;
diff --git a/crypto/hpke/hpke.cc b/crypto/hpke/hpke.cc
index 38fba75..53b7e92 100644
--- a/crypto/hpke/hpke.cc
+++ b/crypto/hpke/hpke.cc
@@ -725,15 +725,15 @@
template <uint16_t KEM_ID, size_t PUBLIC_KEY_BYTES, size_t CIPHERTEXT_BYTES,
size_t ENCAP_ENTROPY_BYTES,
- typename PrivateKey, typename PublicKey, typename BCMPublicKey,
+ typename PrivateKey, typename PublicKey,
int (*PrivateKeyFromSeed)(PrivateKey *, const uint8_t *, size_t),
void (*PublicFromPrivate)(PublicKey *, const PrivateKey *),
int (*MarshalPublicKey)(CBB *, const PublicKey *),
void (*GenerateKey)(uint8_t *, uint8_t *, PrivateKey *),
- bcm_status (*BCMParsePublicKey)(BCMPublicKey *, CBS *),
+ int (*ParsePublicKey)(PublicKey *, CBS *),
bcm_infallible (*BCMEncapExternalEntropy)(
- uint8_t *, uint8_t *, const BCMPublicKey *, const uint8_t *),
+ uint8_t *, uint8_t *, const PublicKey *, const uint8_t *),
int (*Decap)(uint8_t *, const uint8_t *, size_t, const PrivateKey *)>
struct MLKEMHPKE {
// These sizes are common across both ML-KEM-768 and ML-KEM-1024.
@@ -797,8 +797,8 @@
CBS cbs;
CBS_init(&cbs, peer_public_key, peer_public_key_len);
- BCMPublicKey public_key;
- if (!bcm_success(BCMParsePublicKey(&public_key, &cbs))) {
+ PublicKey public_key;
+ if (!ParsePublicKey(&public_key, &cbs)) {
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
return 0;
}
@@ -835,24 +835,22 @@
MLKEM768_CIPHERTEXT_BYTES, BCM_MLKEM_ENCAP_ENTROPY,
MLKEM768_private_key, MLKEM768_public_key,
- BCM_mlkem768_public_key,
MLKEM768_private_key_from_seed, MLKEM768_public_from_private,
MLKEM768_marshal_public_key, MLKEM768_generate_key,
- BCM_mlkem768_parse_public_key,
- BCM_mlkem768_encap_external_entropy, MLKEM768_decap>;
+ MLKEM768_parse_public_key, BCM_mlkem768_encap_external_entropy,
+ MLKEM768_decap>;
using MLKEM1024HPKE =
MLKEMHPKE<EVP_HPKE_MLKEM1024, MLKEM1024_PUBLIC_KEY_BYTES,
MLKEM1024_CIPHERTEXT_BYTES, BCM_MLKEM_ENCAP_ENTROPY,
MLKEM1024_private_key, MLKEM1024_public_key,
- BCM_mlkem1024_public_key,
MLKEM1024_private_key_from_seed, MLKEM1024_public_from_private,
MLKEM1024_marshal_public_key, MLKEM1024_generate_key,
- BCM_mlkem1024_parse_public_key,
- BCM_mlkem1024_encap_external_entropy, MLKEM1024_decap>;
+ MLKEM1024_parse_public_key, BCM_mlkem1024_encap_external_entropy,
+ MLKEM1024_decap>;
template <typename MLKEM>
static const EVP_HPKE_KEM kMLKEM = {
diff --git a/crypto/mldsa/mldsa.cc b/crypto/mldsa/mldsa.cc
index bbe4062..a1ad7ed 100644
--- a/crypto/mldsa/mldsa.cc
+++ b/crypto/mldsa/mldsa.cc
@@ -16,59 +16,26 @@
#include "../fipsmodule/bcm_interface.h"
-static_assert(sizeof(BCM_mldsa65_private_key) == sizeof(MLDSA65_private_key));
-static_assert(alignof(BCM_mldsa65_private_key) == alignof(MLDSA65_private_key));
-static_assert(sizeof(BCM_mldsa65_public_key) == sizeof(MLDSA65_public_key));
-static_assert(alignof(BCM_mldsa65_public_key) == alignof(MLDSA65_public_key));
-static_assert(sizeof(BCM_mldsa65_prehash) == sizeof(MLDSA65_prehash));
-static_assert(alignof(BCM_mldsa65_prehash) == alignof(MLDSA65_prehash));
-static_assert(sizeof(BCM_mldsa87_private_key) == sizeof(MLDSA87_private_key));
-static_assert(alignof(BCM_mldsa87_private_key) == alignof(MLDSA87_private_key));
-static_assert(sizeof(BCM_mldsa87_public_key) == sizeof(MLDSA87_public_key));
-static_assert(alignof(BCM_mldsa87_public_key) == alignof(MLDSA87_public_key));
-static_assert(sizeof(BCM_mldsa87_prehash) == sizeof(MLDSA87_prehash));
-static_assert(alignof(BCM_mldsa87_prehash) == alignof(MLDSA87_prehash));
-static_assert(sizeof(BCM_mldsa44_private_key) == sizeof(MLDSA44_private_key));
-static_assert(alignof(BCM_mldsa44_private_key) == alignof(MLDSA44_private_key));
-static_assert(sizeof(BCM_mldsa44_public_key) == sizeof(MLDSA44_public_key));
-static_assert(alignof(BCM_mldsa44_public_key) == alignof(MLDSA44_public_key));
-static_assert(sizeof(BCM_mldsa44_prehash) == sizeof(MLDSA44_prehash));
-static_assert(alignof(BCM_mldsa44_prehash) == alignof(MLDSA44_prehash));
-static_assert(MLDSA_SEED_BYTES == BCM_MLDSA_SEED_BYTES);
-static_assert(MLDSA_MU_BYTES == BCM_MLDSA_MU_BYTES);
-static_assert(MLDSA65_PRIVATE_KEY_BYTES == BCM_MLDSA65_PRIVATE_KEY_BYTES);
-static_assert(MLDSA65_PUBLIC_KEY_BYTES == BCM_MLDSA65_PUBLIC_KEY_BYTES);
-static_assert(MLDSA65_SIGNATURE_BYTES == BCM_MLDSA65_SIGNATURE_BYTES);
-static_assert(MLDSA87_PRIVATE_KEY_BYTES == BCM_MLDSA87_PRIVATE_KEY_BYTES);
-static_assert(MLDSA87_PUBLIC_KEY_BYTES == BCM_MLDSA87_PUBLIC_KEY_BYTES);
-static_assert(MLDSA87_SIGNATURE_BYTES == BCM_MLDSA87_SIGNATURE_BYTES);
-static_assert(MLDSA44_PRIVATE_KEY_BYTES == BCM_MLDSA44_PRIVATE_KEY_BYTES);
-static_assert(MLDSA44_PUBLIC_KEY_BYTES == BCM_MLDSA44_PUBLIC_KEY_BYTES);
-static_assert(MLDSA44_SIGNATURE_BYTES == BCM_MLDSA44_SIGNATURE_BYTES);
-
int MLDSA65_generate_key(
uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES],
uint8_t out_seed[MLDSA_SEED_BYTES],
struct MLDSA65_private_key *out_private_key) {
- return bcm_success(BCM_mldsa65_generate_key(
- out_encoded_public_key, out_seed,
- reinterpret_cast<BCM_mldsa65_private_key *>(out_private_key)));
+ return bcm_success(BCM_mldsa65_generate_key(out_encoded_public_key, out_seed,
+ out_private_key));
}
int MLDSA65_private_key_from_seed(struct MLDSA65_private_key *out_private_key,
const uint8_t *seed, size_t seed_len) {
- if (seed_len != BCM_MLDSA_SEED_BYTES) {
+ if (seed_len != MLDSA_SEED_BYTES) {
return 0;
}
- return bcm_success(BCM_mldsa65_private_key_from_seed(
- reinterpret_cast<BCM_mldsa65_private_key *>(out_private_key), seed));
+ return bcm_success(BCM_mldsa65_private_key_from_seed(out_private_key, seed));
}
int MLDSA65_public_from_private(struct MLDSA65_public_key *out_public_key,
const struct MLDSA65_private_key *private_key) {
- return bcm_success(BCM_mldsa65_public_from_private(
- reinterpret_cast<BCM_mldsa65_public_key *>(out_public_key),
- reinterpret_cast<const BCM_mldsa65_private_key *>(private_key)));
+ return bcm_success(
+ BCM_mldsa65_public_from_private(out_public_key, private_key));
}
int MLDSA65_sign(uint8_t out_encoded_signature[MLDSA65_SIGNATURE_BYTES],
@@ -78,22 +45,19 @@
if (context_len > 255) {
return 0;
}
- return bcm_success(BCM_mldsa65_sign(
- out_encoded_signature,
- reinterpret_cast<const BCM_mldsa65_private_key *>(private_key), msg,
- msg_len, context, context_len));
+ return bcm_success(BCM_mldsa65_sign(out_encoded_signature, private_key, msg,
+ msg_len, context, context_len));
}
int MLDSA65_verify(const struct MLDSA65_public_key *public_key,
const uint8_t *signature, size_t signature_len,
const uint8_t *msg, size_t msg_len, const uint8_t *context,
size_t context_len) {
- if (context_len > 255 || signature_len != BCM_MLDSA65_SIGNATURE_BYTES) {
+ if (context_len > 255 || signature_len != MLDSA65_SIGNATURE_BYTES) {
return 0;
}
- return bcm_success(BCM_mldsa65_verify(
- reinterpret_cast<const BCM_mldsa65_public_key *>(public_key), signature,
- msg, msg_len, context, context_len));
+ return bcm_success(BCM_mldsa65_verify(public_key, signature, msg, msg_len,
+ context, context_len));
}
int MLDSA65_prehash_init(struct MLDSA65_prehash *out_state,
@@ -102,23 +66,18 @@
if (context_len > 255) {
return 0;
}
- BCM_mldsa65_prehash_init(
- reinterpret_cast<BCM_mldsa65_prehash *>(out_state),
- reinterpret_cast<const BCM_mldsa65_public_key *>(public_key), context,
- context_len);
+ BCM_mldsa65_prehash_init(out_state, public_key, context, context_len);
return 1;
}
void MLDSA65_prehash_update(struct MLDSA65_prehash *inout_state,
const uint8_t *msg, size_t msg_len) {
- BCM_mldsa65_prehash_update(
- reinterpret_cast<BCM_mldsa65_prehash *>(inout_state), msg, msg_len);
+ BCM_mldsa65_prehash_update(inout_state, msg, msg_len);
}
void MLDSA65_prehash_finalize(uint8_t out_msg_rep[MLDSA_MU_BYTES],
struct MLDSA65_prehash *inout_state) {
- BCM_mldsa65_prehash_finalize(
- out_msg_rep, reinterpret_cast<BCM_mldsa65_prehash *>(inout_state));
+ BCM_mldsa65_prehash_finalize(out_msg_rep, inout_state);
}
int MLDSA65_sign_message_representative(
@@ -126,44 +85,38 @@
const struct MLDSA65_private_key *private_key,
const uint8_t msg_rep[MLDSA_MU_BYTES]) {
return bcm_success(BCM_mldsa65_sign_message_representative(
- out_encoded_signature,
- reinterpret_cast<const BCM_mldsa65_private_key *>(private_key), msg_rep));
+ out_encoded_signature, private_key, msg_rep));
}
int MLDSA65_marshal_public_key(CBB *out,
const struct MLDSA65_public_key *public_key) {
- return bcm_success(BCM_mldsa65_marshal_public_key(
- out, reinterpret_cast<const BCM_mldsa65_public_key *>(public_key)));
+ return bcm_success(BCM_mldsa65_marshal_public_key(out, public_key));
}
int MLDSA65_parse_public_key(struct MLDSA65_public_key *public_key, CBS *in) {
- return bcm_success(BCM_mldsa65_parse_public_key(
- reinterpret_cast<BCM_mldsa65_public_key *>(public_key), in));
+ return bcm_success(BCM_mldsa65_parse_public_key(public_key, in));
}
int MLDSA87_generate_key(
uint8_t out_encoded_public_key[MLDSA87_PUBLIC_KEY_BYTES],
uint8_t out_seed[MLDSA_SEED_BYTES],
struct MLDSA87_private_key *out_private_key) {
- return bcm_success(BCM_mldsa87_generate_key(
- out_encoded_public_key, out_seed,
- reinterpret_cast<BCM_mldsa87_private_key *>(out_private_key)));
+ return bcm_success(BCM_mldsa87_generate_key(out_encoded_public_key, out_seed,
+ out_private_key));
}
int MLDSA87_private_key_from_seed(struct MLDSA87_private_key *out_private_key,
const uint8_t *seed, size_t seed_len) {
- if (seed_len != BCM_MLDSA_SEED_BYTES) {
+ if (seed_len != MLDSA_SEED_BYTES) {
return 0;
}
- return bcm_success(BCM_mldsa87_private_key_from_seed(
- reinterpret_cast<BCM_mldsa87_private_key *>(out_private_key), seed));
+ return bcm_success(BCM_mldsa87_private_key_from_seed(out_private_key, seed));
}
int MLDSA87_public_from_private(struct MLDSA87_public_key *out_public_key,
const struct MLDSA87_private_key *private_key) {
- return bcm_success(BCM_mldsa87_public_from_private(
- reinterpret_cast<BCM_mldsa87_public_key *>(out_public_key),
- reinterpret_cast<const BCM_mldsa87_private_key *>(private_key)));
+ return bcm_success(
+ BCM_mldsa87_public_from_private(out_public_key, private_key));
}
int MLDSA87_sign(uint8_t out_encoded_signature[MLDSA87_SIGNATURE_BYTES],
@@ -173,22 +126,19 @@
if (context_len > 255) {
return 0;
}
- return bcm_success(BCM_mldsa87_sign(
- out_encoded_signature,
- reinterpret_cast<const BCM_mldsa87_private_key *>(private_key), msg,
- msg_len, context, context_len));
+ return bcm_success(BCM_mldsa87_sign(out_encoded_signature, private_key, msg,
+ msg_len, context, context_len));
}
int MLDSA87_verify(const struct MLDSA87_public_key *public_key,
const uint8_t *signature, size_t signature_len,
const uint8_t *msg, size_t msg_len, const uint8_t *context,
size_t context_len) {
- if (context_len > 255 || signature_len != BCM_MLDSA87_SIGNATURE_BYTES) {
+ if (context_len > 255 || signature_len != MLDSA87_SIGNATURE_BYTES) {
return 0;
}
- return bcm_success(BCM_mldsa87_verify(
- reinterpret_cast<const BCM_mldsa87_public_key *>(public_key), signature,
- msg, msg_len, context, context_len));
+ return bcm_success(BCM_mldsa87_verify(public_key, signature, msg, msg_len,
+ context, context_len));
}
int MLDSA87_prehash_init(struct MLDSA87_prehash *out_state,
@@ -197,23 +147,18 @@
if (context_len > 255) {
return 0;
}
- BCM_mldsa87_prehash_init(
- reinterpret_cast<BCM_mldsa87_prehash *>(out_state),
- reinterpret_cast<const BCM_mldsa87_public_key *>(public_key), context,
- context_len);
+ BCM_mldsa87_prehash_init(out_state, public_key, context, context_len);
return 1;
}
void MLDSA87_prehash_update(struct MLDSA87_prehash *inout_state,
const uint8_t *msg, size_t msg_len) {
- BCM_mldsa87_prehash_update(
- reinterpret_cast<BCM_mldsa87_prehash *>(inout_state), msg, msg_len);
+ BCM_mldsa87_prehash_update(inout_state, msg, msg_len);
}
void MLDSA87_prehash_finalize(uint8_t out_msg_rep[MLDSA_MU_BYTES],
struct MLDSA87_prehash *inout_state) {
- BCM_mldsa87_prehash_finalize(
- out_msg_rep, reinterpret_cast<BCM_mldsa87_prehash *>(inout_state));
+ BCM_mldsa87_prehash_finalize(out_msg_rep, inout_state);
}
int MLDSA87_sign_message_representative(
@@ -221,44 +166,38 @@
const struct MLDSA87_private_key *private_key,
const uint8_t msg_rep[MLDSA_MU_BYTES]) {
return bcm_success(BCM_mldsa87_sign_message_representative(
- out_encoded_signature,
- reinterpret_cast<const BCM_mldsa87_private_key *>(private_key), msg_rep));
+ out_encoded_signature, private_key, msg_rep));
}
int MLDSA87_marshal_public_key(CBB *out,
const struct MLDSA87_public_key *public_key) {
- return bcm_success(BCM_mldsa87_marshal_public_key(
- out, reinterpret_cast<const BCM_mldsa87_public_key *>(public_key)));
+ return bcm_success(BCM_mldsa87_marshal_public_key(out, public_key));
}
int MLDSA87_parse_public_key(struct MLDSA87_public_key *public_key, CBS *in) {
- return bcm_success(BCM_mldsa87_parse_public_key(
- reinterpret_cast<BCM_mldsa87_public_key *>(public_key), in));
+ return bcm_success(BCM_mldsa87_parse_public_key(public_key, in));
}
int MLDSA44_generate_key(
uint8_t out_encoded_public_key[MLDSA44_PUBLIC_KEY_BYTES],
uint8_t out_seed[MLDSA_SEED_BYTES],
struct MLDSA44_private_key *out_private_key) {
- return bcm_success(BCM_mldsa44_generate_key(
- out_encoded_public_key, out_seed,
- reinterpret_cast<BCM_mldsa44_private_key *>(out_private_key)));
+ return bcm_success(BCM_mldsa44_generate_key(out_encoded_public_key, out_seed,
+ out_private_key));
}
int MLDSA44_private_key_from_seed(struct MLDSA44_private_key *out_private_key,
const uint8_t *seed, size_t seed_len) {
- if (seed_len != BCM_MLDSA_SEED_BYTES) {
+ if (seed_len != MLDSA_SEED_BYTES) {
return 0;
}
- return bcm_success(BCM_mldsa44_private_key_from_seed(
- reinterpret_cast<BCM_mldsa44_private_key *>(out_private_key), seed));
+ return bcm_success(BCM_mldsa44_private_key_from_seed(out_private_key, seed));
}
int MLDSA44_public_from_private(struct MLDSA44_public_key *out_public_key,
const struct MLDSA44_private_key *private_key) {
- return bcm_success(BCM_mldsa44_public_from_private(
- reinterpret_cast<BCM_mldsa44_public_key *>(out_public_key),
- reinterpret_cast<const BCM_mldsa44_private_key *>(private_key)));
+ return bcm_success(
+ BCM_mldsa44_public_from_private(out_public_key, private_key));
}
int MLDSA44_sign(uint8_t out_encoded_signature[MLDSA44_SIGNATURE_BYTES],
@@ -268,22 +207,19 @@
if (context_len > 255) {
return 0;
}
- return bcm_success(BCM_mldsa44_sign(
- out_encoded_signature,
- reinterpret_cast<const BCM_mldsa44_private_key *>(private_key), msg,
- msg_len, context, context_len));
+ return bcm_success(BCM_mldsa44_sign(out_encoded_signature, private_key, msg,
+ msg_len, context, context_len));
}
int MLDSA44_verify(const struct MLDSA44_public_key *public_key,
const uint8_t *signature, size_t signature_len,
const uint8_t *msg, size_t msg_len, const uint8_t *context,
size_t context_len) {
- if (context_len > 255 || signature_len != BCM_MLDSA44_SIGNATURE_BYTES) {
+ if (context_len > 255 || signature_len != MLDSA44_SIGNATURE_BYTES) {
return 0;
}
- return bcm_success(BCM_mldsa44_verify(
- reinterpret_cast<const BCM_mldsa44_public_key *>(public_key), signature,
- msg, msg_len, context, context_len));
+ return bcm_success(BCM_mldsa44_verify(public_key, signature, msg, msg_len,
+ context, context_len));
}
int MLDSA44_prehash_init(struct MLDSA44_prehash *out_state,
@@ -292,23 +228,18 @@
if (context_len > 255) {
return 0;
}
- BCM_mldsa44_prehash_init(
- reinterpret_cast<BCM_mldsa44_prehash *>(out_state),
- reinterpret_cast<const BCM_mldsa44_public_key *>(public_key), context,
- context_len);
+ BCM_mldsa44_prehash_init(out_state, public_key, context, context_len);
return 1;
}
void MLDSA44_prehash_update(struct MLDSA44_prehash *inout_state,
const uint8_t *msg, size_t msg_len) {
- BCM_mldsa44_prehash_update(
- reinterpret_cast<BCM_mldsa44_prehash *>(inout_state), msg, msg_len);
+ BCM_mldsa44_prehash_update(inout_state, msg, msg_len);
}
void MLDSA44_prehash_finalize(uint8_t out_msg_rep[MLDSA_MU_BYTES],
struct MLDSA44_prehash *inout_state) {
- BCM_mldsa44_prehash_finalize(
- out_msg_rep, reinterpret_cast<BCM_mldsa44_prehash *>(inout_state));
+ BCM_mldsa44_prehash_finalize(out_msg_rep, inout_state);
}
int MLDSA44_sign_message_representative(
@@ -316,17 +247,14 @@
const struct MLDSA44_private_key *private_key,
const uint8_t msg_rep[MLDSA_MU_BYTES]) {
return bcm_success(BCM_mldsa44_sign_message_representative(
- out_encoded_signature,
- reinterpret_cast<const BCM_mldsa44_private_key *>(private_key), msg_rep));
+ out_encoded_signature, private_key, msg_rep));
}
int MLDSA44_marshal_public_key(CBB *out,
const struct MLDSA44_public_key *public_key) {
- return bcm_success(BCM_mldsa44_marshal_public_key(
- out, reinterpret_cast<const BCM_mldsa44_public_key *>(public_key)));
+ return bcm_success(BCM_mldsa44_marshal_public_key(out, public_key));
}
int MLDSA44_parse_public_key(struct MLDSA44_public_key *public_key, CBS *in) {
- return bcm_success(BCM_mldsa44_parse_public_key(
- reinterpret_cast<BCM_mldsa44_public_key *>(public_key), in));
+ return bcm_success(BCM_mldsa44_parse_public_key(public_key, in));
}
diff --git a/crypto/mldsa/mldsa_test.cc b/crypto/mldsa/mldsa_test.cc
index bbac3e4..66c5fc8 100644
--- a/crypto/mldsa/mldsa_test.cc
+++ b/crypto/mldsa/mldsa_test.cc
@@ -85,17 +85,17 @@
}
}
-template <
- typename PrivateKey, typename PublicKey, size_t PublicKeyBytes,
- size_t SignatureBytes, int (*Generate)(uint8_t *, uint8_t *, PrivateKey *),
- int (*Sign)(uint8_t *, const PrivateKey *, const uint8_t *, size_t,
- const uint8_t *, size_t),
- int (*ParsePublicKey)(PublicKey *, CBS *),
- int (*Verify)(const PublicKey *, const uint8_t *, size_t, const uint8_t *,
- size_t, const uint8_t *, size_t),
- int (*PrivateKeyFromSeed)(PrivateKey *, const uint8_t *, size_t),
- typename BCMPrivateKey, bcm_status (*ParsePrivate)(BCMPrivateKey *, CBS *),
- bcm_status (*MarshalPrivate)(CBB *, const BCMPrivateKey *)>
+template <typename PrivateKey, typename PublicKey, size_t PublicKeyBytes,
+ size_t SignatureBytes,
+ int (*Generate)(uint8_t *, uint8_t *, PrivateKey *),
+ int (*Sign)(uint8_t *, const PrivateKey *, const uint8_t *, size_t,
+ const uint8_t *, size_t),
+ int (*ParsePublicKey)(PublicKey *, CBS *),
+ int (*Verify)(const PublicKey *, const uint8_t *, size_t,
+ const uint8_t *, size_t, const uint8_t *, size_t),
+ int (*PrivateKeyFromSeed)(PrivateKey *, const uint8_t *, size_t),
+ bcm_status (*ParsePrivate)(PrivateKey *, CBS *),
+ bcm_status (*MarshalPrivate)(CBB *, const PrivateKey *)>
static void MLDSABasicTest() {
std::vector<uint8_t> encoded_public_key(PublicKeyBytes);
auto priv = std::make_unique<PrivateKey>();
@@ -103,10 +103,9 @@
EXPECT_TRUE(Generate(encoded_public_key.data(), seed, priv.get()));
const std::vector<uint8_t> encoded_private_key =
- Marshal(MarshalPrivate, reinterpret_cast<BCMPrivateKey *>(priv.get()));
+ Marshal(MarshalPrivate, priv.get());
CBS cbs = CBS(encoded_private_key);
- EXPECT_TRUE(bcm_success(
- ParsePrivate(reinterpret_cast<BCMPrivateKey *>(priv.get()), &cbs)));
+ EXPECT_TRUE(bcm_success(ParsePrivate(priv.get(), &cbs)));
std::vector<uint8_t> encoded_signature(SignatureBytes);
static const uint8_t kMessage[] = {'H', 'e', 'l', 'l', 'o', ' ',
@@ -127,38 +126,32 @@
auto priv2 = std::make_unique<PrivateKey>();
EXPECT_TRUE(PrivateKeyFromSeed(priv2.get(), seed, sizeof(seed)));
- EXPECT_EQ(
- Bytes(Declassified(Marshal(
- MarshalPrivate, reinterpret_cast<BCMPrivateKey *>(priv.get())))),
- Bytes(Declassified(Marshal(
- MarshalPrivate, reinterpret_cast<BCMPrivateKey *>(priv2.get())))));
+ EXPECT_EQ(Bytes(Declassified(Marshal(MarshalPrivate, priv.get()))),
+ Bytes(Declassified(Marshal(MarshalPrivate, priv2.get()))));
}
TEST(MLDSATest, Basic65) {
- MLDSABasicTest<MLDSA65_private_key, MLDSA65_public_key,
- MLDSA65_PUBLIC_KEY_BYTES, MLDSA65_SIGNATURE_BYTES,
- MLDSA65_generate_key, MLDSA65_sign, MLDSA65_parse_public_key,
- MLDSA65_verify, MLDSA65_private_key_from_seed,
- BCM_mldsa65_private_key, BCM_mldsa65_parse_private_key,
- BCM_mldsa65_marshal_private_key>();
+ MLDSABasicTest<
+ MLDSA65_private_key, MLDSA65_public_key, MLDSA65_PUBLIC_KEY_BYTES,
+ MLDSA65_SIGNATURE_BYTES, MLDSA65_generate_key, MLDSA65_sign,
+ MLDSA65_parse_public_key, MLDSA65_verify, MLDSA65_private_key_from_seed,
+ BCM_mldsa65_parse_private_key, BCM_mldsa65_marshal_private_key>();
}
TEST(MLDSATest, Basic87) {
- MLDSABasicTest<MLDSA87_private_key, MLDSA87_public_key,
- BCM_MLDSA87_PUBLIC_KEY_BYTES, BCM_MLDSA87_SIGNATURE_BYTES,
- MLDSA87_generate_key, MLDSA87_sign, MLDSA87_parse_public_key,
- MLDSA87_verify, MLDSA87_private_key_from_seed,
- BCM_mldsa87_private_key, BCM_mldsa87_parse_private_key,
- BCM_mldsa87_marshal_private_key>();
+ MLDSABasicTest<
+ MLDSA87_private_key, MLDSA87_public_key, MLDSA87_PUBLIC_KEY_BYTES,
+ MLDSA87_SIGNATURE_BYTES, MLDSA87_generate_key, MLDSA87_sign,
+ MLDSA87_parse_public_key, MLDSA87_verify, MLDSA87_private_key_from_seed,
+ BCM_mldsa87_parse_private_key, BCM_mldsa87_marshal_private_key>();
}
TEST(MLDSATest, Basic44) {
- MLDSABasicTest<MLDSA44_private_key, MLDSA44_public_key,
- BCM_MLDSA44_PUBLIC_KEY_BYTES, BCM_MLDSA44_SIGNATURE_BYTES,
- MLDSA44_generate_key, MLDSA44_sign, MLDSA44_parse_public_key,
- MLDSA44_verify, MLDSA44_private_key_from_seed,
- BCM_mldsa44_private_key, BCM_mldsa44_parse_private_key,
- BCM_mldsa44_marshal_private_key>();
+ MLDSABasicTest<
+ MLDSA44_private_key, MLDSA44_public_key, MLDSA44_PUBLIC_KEY_BYTES,
+ MLDSA44_SIGNATURE_BYTES, MLDSA44_generate_key, MLDSA44_sign,
+ MLDSA44_parse_public_key, MLDSA44_verify, MLDSA44_private_key_from_seed,
+ BCM_mldsa44_parse_private_key, BCM_mldsa44_marshal_private_key>();
}
TEST(MLDSATest, SignatureIsRandomized) {
@@ -286,32 +279,35 @@
TEST(MLDSATest, InvalidPrivateKeyEncodingLength) {
std::vector<uint8_t> encoded_public_key(MLDSA65_PUBLIC_KEY_BYTES);
- auto priv = std::make_unique<BCM_mldsa65_private_key>();
+ auto priv = std::make_unique<MLDSA65_private_key>();
uint8_t seed[MLDSA_SEED_BYTES];
EXPECT_TRUE(bcm_success(
BCM_mldsa65_generate_key(encoded_public_key.data(), seed, priv.get())));
CBB cbb;
- std::vector<uint8_t> malformed_private_key(MLDSA65_PRIVATE_KEY_BYTES + 1, 0);
- CBB_init_fixed(&cbb, malformed_private_key.data(), MLDSA65_PRIVATE_KEY_BYTES);
- ASSERT_TRUE(bcm_success(BCM_mldsa65_marshal_private_key(
- &cbb, reinterpret_cast<BCM_mldsa65_private_key *>(priv.get()))));
+ std::vector<uint8_t> malformed_private_key(BCM_MLDSA65_PRIVATE_KEY_BYTES + 1,
+ 0);
+ CBB_init_fixed(&cbb, malformed_private_key.data(),
+ BCM_MLDSA65_PRIVATE_KEY_BYTES);
+ ASSERT_TRUE(bcm_success(BCM_mldsa65_marshal_private_key(&cbb, priv.get())));
CBS cbs;
- auto parsed_priv = std::make_unique<BCM_mldsa65_private_key>();
+ auto parsed_priv = std::make_unique<MLDSA65_private_key>();
// Private key is 1 byte too short.
- CBS_init(&cbs, malformed_private_key.data(), MLDSA65_PRIVATE_KEY_BYTES - 1);
+ CBS_init(&cbs, malformed_private_key.data(),
+ BCM_MLDSA65_PRIVATE_KEY_BYTES - 1);
EXPECT_FALSE(
bcm_success(BCM_mldsa65_parse_private_key(parsed_priv.get(), &cbs)));
// Private key has the correct length.
- CBS_init(&cbs, malformed_private_key.data(), MLDSA65_PRIVATE_KEY_BYTES);
+ CBS_init(&cbs, malformed_private_key.data(), BCM_MLDSA65_PRIVATE_KEY_BYTES);
EXPECT_TRUE(
bcm_success(BCM_mldsa65_parse_private_key(parsed_priv.get(), &cbs)));
// Private key is 1 byte too long.
- CBS_init(&cbs, malformed_private_key.data(), MLDSA65_PRIVATE_KEY_BYTES + 1);
+ CBS_init(&cbs, malformed_private_key.data(),
+ BCM_MLDSA65_PRIVATE_KEY_BYTES + 1);
EXPECT_FALSE(
bcm_success(BCM_mldsa65_parse_private_key(parsed_priv.get(), &cbs)));
}
@@ -322,7 +318,7 @@
const uint8_t *, size_t, const uint8_t *,
size_t, const uint8_t *, size_t,
const uint8_t *),
- bcm_status (*PublicFromPrivate)(PublicKey *, const PrivateKey *),
+ int (*PublicFromPrivate)(PublicKey *, const PrivateKey *),
bcm_status (*VerifyInternal)(const PublicKey *, const uint8_t *,
const uint8_t *, size_t, const uint8_t *,
size_t, const uint8_t *, size_t)>
@@ -346,7 +342,7 @@
EXPECT_EQ(Bytes(signature), Bytes(expected_signature));
auto pub = std::make_unique<PublicKey>();
- ASSERT_TRUE(bcm_success(PublicFromPrivate(pub.get(), priv.get())));
+ ASSERT_TRUE(PublicFromPrivate(pub.get(), priv.get()));
EXPECT_TRUE(
bcm_success(VerifyInternal(pub.get(), signature.data(), msg.data(),
msg.size(), nullptr, 0, nullptr, 0)));
@@ -355,30 +351,27 @@
TEST(MLDSATest, SigGenTests65) {
FileTestGTest(
"crypto/mldsa/mldsa_nist_siggen_65_tests.txt",
- MLDSASigGenTest<BCM_mldsa65_private_key, BCM_mldsa65_public_key,
+ MLDSASigGenTest<MLDSA65_private_key, MLDSA65_public_key,
MLDSA65_SIGNATURE_BYTES, BCM_mldsa65_parse_private_key,
- BCM_mldsa65_sign_internal,
- BCM_mldsa65_public_from_private,
+ BCM_mldsa65_sign_internal, MLDSA65_public_from_private,
BCM_mldsa65_verify_internal>);
}
TEST(MLDSATest, SigGenTests87) {
FileTestGTest(
"crypto/mldsa/mldsa_nist_siggen_87_tests.txt",
- MLDSASigGenTest<BCM_mldsa87_private_key, BCM_mldsa87_public_key,
- BCM_MLDSA87_SIGNATURE_BYTES,
- BCM_mldsa87_parse_private_key, BCM_mldsa87_sign_internal,
- BCM_mldsa87_public_from_private,
+ MLDSASigGenTest<MLDSA87_private_key, MLDSA87_public_key,
+ MLDSA87_SIGNATURE_BYTES, BCM_mldsa87_parse_private_key,
+ BCM_mldsa87_sign_internal, MLDSA87_public_from_private,
BCM_mldsa87_verify_internal>);
}
TEST(MLDSATest, SigGenTests44) {
FileTestGTest(
"crypto/mldsa/mldsa_nist_siggen_44_tests.txt",
- MLDSASigGenTest<BCM_mldsa44_private_key, BCM_mldsa44_public_key,
- BCM_MLDSA44_SIGNATURE_BYTES,
- BCM_mldsa44_parse_private_key, BCM_mldsa44_sign_internal,
- BCM_mldsa44_public_from_private,
+ MLDSASigGenTest<MLDSA44_private_key, MLDSA44_public_key,
+ MLDSA44_SIGNATURE_BYTES, BCM_mldsa44_parse_private_key,
+ BCM_mldsa44_sign_internal, MLDSA44_public_from_private,
BCM_mldsa44_verify_internal>);
}
@@ -406,27 +399,25 @@
}
TEST(MLDSATest, KeyGenTests65) {
- FileTestGTest(
- "crypto/mldsa/mldsa_nist_keygen_65_tests.txt",
- MLDSAKeyGenTest<BCM_mldsa65_private_key, MLDSA65_PUBLIC_KEY_BYTES,
- BCM_mldsa65_generate_key_external_entropy,
- BCM_mldsa65_marshal_private_key>);
+ FileTestGTest("crypto/mldsa/mldsa_nist_keygen_65_tests.txt",
+ MLDSAKeyGenTest<MLDSA65_private_key, MLDSA65_PUBLIC_KEY_BYTES,
+ BCM_mldsa65_generate_key_external_entropy,
+ BCM_mldsa65_marshal_private_key>);
}
TEST(MLDSATest, KeyGenTests87) {
FileTestGTest(
"crypto/mldsa/mldsa_nist_keygen_87_tests.txt",
- MLDSAKeyGenTest<BCM_mldsa87_private_key, BCM_MLDSA87_PUBLIC_KEY_BYTES,
+ MLDSAKeyGenTest<MLDSA87_private_key, MLDSA87_PUBLIC_KEY_BYTES,
BCM_mldsa87_generate_key_external_entropy,
BCM_mldsa87_marshal_private_key>);
}
TEST(MLDSATest, KeyGenTests44) {
- FileTestGTest(
- "crypto/mldsa/mldsa_nist_keygen_44_tests.txt",
- MLDSAKeyGenTest<BCM_mldsa44_private_key, BCM_MLDSA44_PUBLIC_KEY_BYTES,
- BCM_mldsa44_generate_key_external_entropy,
- BCM_mldsa44_marshal_private_key>);
+ FileTestGTest("crypto/mldsa/mldsa_nist_keygen_44_tests.txt",
+ MLDSAKeyGenTest<MLDSA44_private_key, MLDSA44_PUBLIC_KEY_BYTES,
+ BCM_mldsa44_generate_key_external_entropy,
+ BCM_mldsa44_marshal_private_key>);
}
template <
@@ -480,7 +471,7 @@
FileTestGTest(
"third_party/wycheproof_testvectors/mldsa_65_standard_sign_test.txt",
MLDSAWycheproofSignTest<
- BCM_mldsa65_private_key, BCM_mldsa65_parse_private_key,
+ MLDSA65_private_key, BCM_mldsa65_parse_private_key,
MLDSA65_SIGNATURE_BYTES, BCM_mldsa65_sign_internal>);
}
@@ -488,23 +479,22 @@
FileTestGTest(
"third_party/wycheproof_testvectors/mldsa_87_standard_sign_test.txt",
MLDSAWycheproofSignTest<
- BCM_mldsa87_private_key, BCM_mldsa87_parse_private_key,
- BCM_MLDSA87_SIGNATURE_BYTES, BCM_mldsa87_sign_internal>);
+ MLDSA87_private_key, BCM_mldsa87_parse_private_key,
+ MLDSA87_SIGNATURE_BYTES, BCM_mldsa87_sign_internal>);
}
TEST(MLDSATest, WycheproofSignTests44) {
FileTestGTest(
"third_party/wycheproof_testvectors/mldsa_44_standard_sign_test.txt",
MLDSAWycheproofSignTest<
- BCM_mldsa44_private_key, BCM_mldsa44_parse_private_key,
- BCM_MLDSA44_SIGNATURE_BYTES, BCM_mldsa44_sign_internal>);
+ MLDSA44_private_key, BCM_mldsa44_parse_private_key,
+ MLDSA44_SIGNATURE_BYTES, BCM_mldsa44_sign_internal>);
}
template <typename PublicKey, size_t SignatureLength,
- bcm_status_t (*ParsePublicKey)(PublicKey *, CBS *),
- bcm_status_t (*Verify)(const PublicKey *, const uint8_t *,
- const uint8_t *, size_t, const uint8_t *,
- size_t)>
+ int (*ParsePublicKey)(PublicKey *, CBS *),
+ int (*Verify)(const PublicKey *, const uint8_t *, size_t,
+ const uint8_t *, size_t, const uint8_t *, size_t)>
static void MLDSAWycheproofVerifyTest(FileTest *t) {
std::vector<uint8_t> public_key_bytes, msg, signature, context;
ASSERT_TRUE(t->GetInstructionBytes(&public_key_bytes, "publicKey"));
@@ -520,7 +510,7 @@
CBS cbs;
CBS_init(&cbs, public_key_bytes.data(), public_key_bytes.size());
auto pub = std::make_unique<PublicKey>();
- const int pub_ok = bcm_success(ParsePublicKey(pub.get(), &cbs));
+ const int pub_ok = ParsePublicKey(pub.get(), &cbs);
if (!pub_ok) {
EXPECT_EQ(flags, "IncorrectPublicKeyLength");
@@ -528,9 +518,8 @@
}
const int sig_ok =
- signature.size() == SignatureLength && context.size() <= 255 &&
- bcm_success(Verify(pub.get(), signature.data(), msg.data(), msg.size(),
- context.data(), context.size()));
+ Verify(pub.get(), signature.data(), signature.size(), msg.data(),
+ msg.size(), context.data(), context.size());
if (!sig_ok) {
EXPECT_EQ(result, "invalid");
} else {
@@ -541,44 +530,41 @@
TEST(MLDSATest, WycheproofVerifyTests65) {
FileTestGTest(
"third_party/wycheproof_testvectors/mldsa_65_standard_verify_test.txt",
- MLDSAWycheproofVerifyTest<
- BCM_mldsa65_public_key, BCM_MLDSA65_SIGNATURE_BYTES,
- BCM_mldsa65_parse_public_key, BCM_mldsa65_verify>);
+ MLDSAWycheproofVerifyTest<MLDSA65_public_key, MLDSA65_SIGNATURE_BYTES,
+ MLDSA65_parse_public_key, MLDSA65_verify>);
}
TEST(MLDSATest, WycheproofVerifyTests87) {
FileTestGTest(
"third_party/wycheproof_testvectors/mldsa_87_standard_verify_test.txt",
- MLDSAWycheproofVerifyTest<
- BCM_mldsa87_public_key, BCM_MLDSA87_SIGNATURE_BYTES,
- BCM_mldsa87_parse_public_key, BCM_mldsa87_verify>);
+ MLDSAWycheproofVerifyTest<MLDSA87_public_key, MLDSA87_SIGNATURE_BYTES,
+ MLDSA87_parse_public_key, MLDSA87_verify>);
}
TEST(MLDSATest, WycheproofVerifyTests44) {
FileTestGTest(
"third_party/wycheproof_testvectors/mldsa_44_standard_verify_test.txt",
- MLDSAWycheproofVerifyTest<
- BCM_mldsa44_public_key, BCM_MLDSA44_SIGNATURE_BYTES,
- BCM_mldsa44_parse_public_key, BCM_mldsa44_verify>);
+ MLDSAWycheproofVerifyTest<MLDSA44_public_key, MLDSA44_SIGNATURE_BYTES,
+ MLDSA44_parse_public_key, MLDSA44_verify>);
}
TEST(MLDSATest, Self) { ASSERT_TRUE(boringssl_self_test_mldsa()); }
TEST(MLDSATest, PWCT) {
- uint8_t seed[BCM_MLDSA_SEED_BYTES];
+ uint8_t seed[MLDSA_SEED_BYTES];
- auto pub65 = std::make_unique<uint8_t[]>(BCM_MLDSA65_PUBLIC_KEY_BYTES);
- auto priv65 = std::make_unique<BCM_mldsa65_private_key>();
+ auto pub65 = std::make_unique<uint8_t[]>(MLDSA65_PUBLIC_KEY_BYTES);
+ auto priv65 = std::make_unique<MLDSA65_private_key>();
ASSERT_EQ(BCM_mldsa65_generate_key_fips(pub65.get(), seed, priv65.get()),
bcm_status::approved);
- auto pub87 = std::make_unique<uint8_t[]>(BCM_MLDSA87_PUBLIC_KEY_BYTES);
- auto priv87 = std::make_unique<BCM_mldsa87_private_key>();
+ auto pub87 = std::make_unique<uint8_t[]>(MLDSA87_PUBLIC_KEY_BYTES);
+ auto priv87 = std::make_unique<MLDSA87_private_key>();
ASSERT_EQ(BCM_mldsa87_generate_key_fips(pub87.get(), seed, priv87.get()),
bcm_status::approved);
- auto pub44 = std::make_unique<uint8_t[]>(BCM_MLDSA44_PUBLIC_KEY_BYTES);
- auto priv44 = std::make_unique<BCM_mldsa44_private_key>();
+ auto pub44 = std::make_unique<uint8_t[]>(MLDSA44_PUBLIC_KEY_BYTES);
+ auto priv44 = std::make_unique<MLDSA44_private_key>();
ASSERT_EQ(BCM_mldsa44_generate_key_fips(pub44.get(), seed, priv44.get()),
bcm_status::approved);
}
diff --git a/crypto/mlkem/mlkem.cc b/crypto/mlkem/mlkem.cc
index 3b7cb46..505414b 100644
--- a/crypto/mlkem/mlkem.cc
+++ b/crypto/mlkem/mlkem.cc
@@ -17,128 +17,90 @@
#include "../fipsmodule/bcm_interface.h"
-static_assert(sizeof(BCM_mlkem768_private_key) <= sizeof(MLKEM768_private_key));
-static_assert(alignof(BCM_mlkem768_private_key) <=
- alignof(MLKEM768_private_key));
-static_assert(sizeof(BCM_mlkem768_public_key) <= sizeof(MLKEM768_public_key));
-static_assert(alignof(BCM_mlkem768_public_key) <= alignof(MLKEM768_public_key));
-static_assert(MLKEM768_PUBLIC_KEY_BYTES == BCM_MLKEM768_PUBLIC_KEY_BYTES);
-static_assert(MLKEM_SEED_BYTES == BCM_MLKEM_SEED_BYTES);
-static_assert(MLKEM768_CIPHERTEXT_BYTES == BCM_MLKEM768_CIPHERTEXT_BYTES);
-static_assert(MLKEM_SHARED_SECRET_BYTES == BCM_MLKEM_SHARED_SECRET_BYTES);
-static_assert(MLKEM1024_PUBLIC_KEY_BYTES == BCM_MLKEM1024_PUBLIC_KEY_BYTES);
-static_assert(MLKEM1024_CIPHERTEXT_BYTES == BCM_MLKEM1024_CIPHERTEXT_BYTES);
-
void MLKEM768_generate_key(
uint8_t out_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES],
uint8_t optional_out_seed[MLKEM_SEED_BYTES],
struct MLKEM768_private_key *out_private_key) {
- BCM_mlkem768_generate_key(
- out_encoded_public_key, optional_out_seed,
- reinterpret_cast<BCM_mlkem768_private_key *>(out_private_key));
+ BCM_mlkem768_generate_key(out_encoded_public_key, optional_out_seed,
+ out_private_key);
}
int MLKEM768_private_key_from_seed(struct MLKEM768_private_key *out_private_key,
const uint8_t *seed, size_t seed_len) {
- return bcm_success(BCM_mlkem768_private_key_from_seed(
- reinterpret_cast<BCM_mlkem768_private_key *>(out_private_key), seed,
- seed_len));
+ return bcm_success(
+ BCM_mlkem768_private_key_from_seed(out_private_key, seed, seed_len));
}
void MLKEM768_public_from_private(
struct MLKEM768_public_key *out_public_key,
const struct MLKEM768_private_key *private_key) {
- (void)BCM_mlkem768_public_from_private(
- reinterpret_cast<BCM_mlkem768_public_key *>(out_public_key),
- reinterpret_cast<const BCM_mlkem768_private_key *>(private_key));
+ (void)BCM_mlkem768_public_from_private(out_public_key, private_key);
}
void MLKEM768_encap(uint8_t out_ciphertext[MLKEM768_CIPHERTEXT_BYTES],
uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
const struct MLKEM768_public_key *public_key) {
- (void)BCM_mlkem768_encap(
- out_ciphertext, out_shared_secret,
- reinterpret_cast<const BCM_mlkem768_public_key *>(public_key));
+ (void)BCM_mlkem768_encap(out_ciphertext, out_shared_secret, public_key);
}
int MLKEM768_decap(uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
const uint8_t *ciphertext, size_t ciphertext_len,
const struct MLKEM768_private_key *private_key) {
- return bcm_success(BCM_mlkem768_decap(
- out_shared_secret, ciphertext, ciphertext_len,
- reinterpret_cast<const BCM_mlkem768_private_key *>(private_key)));
+ return bcm_success(BCM_mlkem768_decap(out_shared_secret, ciphertext,
+ ciphertext_len, private_key));
}
int MLKEM768_marshal_public_key(CBB *out,
const struct MLKEM768_public_key *public_key) {
- return bcm_success(BCM_mlkem768_marshal_public_key(
- out, reinterpret_cast<const BCM_mlkem768_public_key *>(public_key)));
+ return bcm_success(BCM_mlkem768_marshal_public_key(out, public_key));
}
int MLKEM768_parse_public_key(struct MLKEM768_public_key *out_public_key,
CBS *in) {
- return bcm_success(BCM_mlkem768_parse_public_key(
- reinterpret_cast<BCM_mlkem768_public_key *>(out_public_key), in));
+ return bcm_success(BCM_mlkem768_parse_public_key(out_public_key, in));
}
-static_assert(sizeof(BCM_mlkem1024_private_key) <=
- sizeof(MLKEM1024_private_key));
-static_assert(alignof(BCM_mlkem1024_private_key) <=
- alignof(MLKEM1024_private_key));
-static_assert(sizeof(BCM_mlkem1024_public_key) <= sizeof(MLKEM1024_public_key));
-static_assert(alignof(BCM_mlkem1024_public_key) <=
- alignof(MLKEM1024_public_key));
-
void MLKEM1024_generate_key(
uint8_t out_encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES],
uint8_t optional_out_seed[MLKEM_SEED_BYTES],
struct MLKEM1024_private_key *out_private_key) {
- (void)BCM_mlkem1024_generate_key(
- out_encoded_public_key, optional_out_seed,
- reinterpret_cast<BCM_mlkem1024_private_key *>(out_private_key));
+ (void)BCM_mlkem1024_generate_key(out_encoded_public_key, optional_out_seed,
+ out_private_key);
}
int MLKEM1024_private_key_from_seed(
struct MLKEM1024_private_key *out_private_key, const uint8_t *seed,
size_t seed_len) {
- return bcm_success(BCM_mlkem1024_private_key_from_seed(
- reinterpret_cast<BCM_mlkem1024_private_key *>(out_private_key), seed,
- seed_len));
+ return bcm_success(
+ BCM_mlkem1024_private_key_from_seed(out_private_key, seed, seed_len));
}
void MLKEM1024_public_from_private(
struct MLKEM1024_public_key *out_public_key,
const struct MLKEM1024_private_key *private_key) {
- (void)BCM_mlkem1024_public_from_private(
- reinterpret_cast<BCM_mlkem1024_public_key *>(out_public_key),
- reinterpret_cast<const BCM_mlkem1024_private_key *>(private_key));
+ (void)BCM_mlkem1024_public_from_private(out_public_key, private_key);
}
void MLKEM1024_encap(uint8_t out_ciphertext[MLKEM1024_CIPHERTEXT_BYTES],
uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
const struct MLKEM1024_public_key *public_key) {
- (void)BCM_mlkem1024_encap(
- out_ciphertext, out_shared_secret,
- reinterpret_cast<const BCM_mlkem1024_public_key *>(public_key));
+ (void)BCM_mlkem1024_encap(out_ciphertext, out_shared_secret, public_key);
}
int MLKEM1024_decap(uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
const uint8_t *ciphertext, size_t ciphertext_len,
const struct MLKEM1024_private_key *private_key) {
- return bcm_success(BCM_mlkem1024_decap(
- out_shared_secret, ciphertext, ciphertext_len,
- reinterpret_cast<const BCM_mlkem1024_private_key *>(private_key)));
+ return bcm_success(BCM_mlkem1024_decap(out_shared_secret, ciphertext,
+ ciphertext_len, private_key));
}
int MLKEM1024_marshal_public_key(
CBB *out, const struct MLKEM1024_public_key *public_key) {
- return bcm_success(BCM_mlkem1024_marshal_public_key(
- out, reinterpret_cast<const BCM_mlkem1024_public_key *>(public_key)));
+ return bcm_success(BCM_mlkem1024_marshal_public_key(out, public_key));
}
int MLKEM1024_parse_public_key(struct MLKEM1024_public_key *out_public_key,
CBS *in) {
- return bcm_success(BCM_mlkem1024_parse_public_key(
- reinterpret_cast<BCM_mlkem1024_public_key *>(out_public_key), in));
+ return bcm_success(BCM_mlkem1024_parse_public_key(out_public_key, in));
}
diff --git a/crypto/mlkem/mlkem_test.cc b/crypto/mlkem/mlkem_test.cc
index 5b4d686..56e175c 100644
--- a/crypto/mlkem/mlkem_test.cc
+++ b/crypto/mlkem/mlkem_test.cc
@@ -54,66 +54,58 @@
// take care of casting the key types from the public keys to the BCM types.
// That saves casting noise in the template functions.
-int wrapper_768_marshal_private_key(
- CBB *out, const struct MLKEM768_private_key *private_key) {
- return bcm_success(BCM_mlkem768_marshal_private_key(
- out, reinterpret_cast<const BCM_mlkem768_private_key *>(private_key)));
+int wrapper_768_marshal_private_key(CBB *out,
+ const MLKEM768_private_key *private_key) {
+ return bcm_success(BCM_mlkem768_marshal_private_key(out, private_key));
}
-int wrapper_1024_marshal_private_key(
- CBB *out, const struct MLKEM1024_private_key *private_key) {
- return bcm_success(BCM_mlkem1024_marshal_private_key(
- out, reinterpret_cast<const BCM_mlkem1024_private_key *>(private_key)));
+int wrapper_1024_marshal_private_key(CBB *out,
+ const MLKEM1024_private_key *private_key) {
+ return bcm_success(BCM_mlkem1024_marshal_private_key(out, private_key));
}
void wrapper_768_generate_key_external_seed(
uint8_t out_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES],
struct MLKEM768_private_key *out_private_key,
const uint8_t seed[MLKEM_SEED_BYTES]) {
- BCM_mlkem768_generate_key_external_seed(
- out_encoded_public_key,
- reinterpret_cast<BCM_mlkem768_private_key *>(out_private_key), seed);
+ BCM_mlkem768_generate_key_external_seed(out_encoded_public_key,
+ out_private_key, seed);
}
void wrapper_1024_generate_key_external_seed(
uint8_t out_encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES],
struct MLKEM1024_private_key *out_private_key,
const uint8_t seed[MLKEM_SEED_BYTES]) {
- BCM_mlkem1024_generate_key_external_seed(
- out_encoded_public_key,
- reinterpret_cast<BCM_mlkem1024_private_key *>(out_private_key), seed);
+ BCM_mlkem1024_generate_key_external_seed(out_encoded_public_key,
+ out_private_key, seed);
}
void wrapper_768_encap_external_entropy(
uint8_t out_ciphertext[MLKEM768_CIPHERTEXT_BYTES],
uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
- const struct MLKEM768_public_key *public_key,
+ const MLKEM768_public_key *public_key,
const uint8_t entropy[BCM_MLKEM_ENCAP_ENTROPY]) {
- BCM_mlkem768_encap_external_entropy(
- out_ciphertext, out_shared_secret,
- reinterpret_cast<const BCM_mlkem768_public_key *>(public_key), entropy);
+ BCM_mlkem768_encap_external_entropy(out_ciphertext, out_shared_secret,
+ public_key, entropy);
}
void wrapper_1024_encap_external_entropy(
uint8_t out_ciphertext[MLKEM1024_CIPHERTEXT_BYTES],
uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
- const struct MLKEM1024_public_key *public_key,
+ const MLKEM1024_public_key *public_key,
const uint8_t entropy[BCM_MLKEM_ENCAP_ENTROPY]) {
- BCM_mlkem1024_encap_external_entropy(
- out_ciphertext, out_shared_secret,
- reinterpret_cast<const BCM_mlkem1024_public_key *>(public_key), entropy);
+ BCM_mlkem1024_encap_external_entropy(out_ciphertext, out_shared_secret,
+ public_key, entropy);
}
int wrapper_768_parse_private_key(struct MLKEM768_private_key *out_private_key,
CBS *in) {
- return bcm_success(BCM_mlkem768_parse_private_key(
- reinterpret_cast<BCM_mlkem768_private_key *>(out_private_key), in));
+ return bcm_success(BCM_mlkem768_parse_private_key(out_private_key, in));
}
int wrapper_1024_parse_private_key(
struct MLKEM1024_private_key *out_private_key, CBS *in) {
- return bcm_success(BCM_mlkem1024_parse_private_key(
- reinterpret_cast<BCM_mlkem1024_private_key *>(out_private_key), in));
+ return bcm_success(BCM_mlkem1024_parse_private_key(out_private_key, in));
}
template <typename PUBLIC_KEY, size_t PUBLIC_KEY_BYTES, typename PRIVATE_KEY,
@@ -531,14 +523,14 @@
TEST(MLKEMTest, Self) { ASSERT_TRUE(boringssl_self_test_mlkem()); }
TEST(MLKEMTest, PWCT) {
- auto pub768 = std::make_unique<uint8_t[]>(BCM_MLKEM768_PUBLIC_KEY_BYTES);
- auto priv768 = std::make_unique<BCM_mlkem768_private_key>();
+ auto pub768 = std::make_unique<uint8_t[]>(MLKEM768_PUBLIC_KEY_BYTES);
+ auto priv768 = std::make_unique<MLKEM768_private_key>();
ASSERT_EQ(
BCM_mlkem768_generate_key_fips(pub768.get(), nullptr, priv768.get()),
bcm_status::approved);
- auto pub1024 = std::make_unique<uint8_t[]>(BCM_MLKEM1024_PUBLIC_KEY_BYTES);
- auto priv1024 = std::make_unique<BCM_mlkem1024_private_key>();
+ auto pub1024 = std::make_unique<uint8_t[]>(MLKEM1024_PUBLIC_KEY_BYTES);
+ auto priv1024 = std::make_unique<MLKEM1024_private_key>();
ASSERT_EQ(
BCM_mlkem1024_generate_key_fips(pub1024.get(), nullptr, priv1024.get()),
bcm_status::approved);
diff --git a/crypto/xwing/xwing.cc b/crypto/xwing/xwing.cc
index 216f12a..532aa4f 100644
--- a/crypto/xwing/xwing.cc
+++ b/crypto/xwing/xwing.cc
@@ -30,17 +30,16 @@
};
static struct private_key *private_key_from_external(
- const struct XWING_private_key *external) {
- static_assert(sizeof(struct XWING_private_key) == sizeof(struct private_key),
+ const XWING_private_key *external) {
+ static_assert(sizeof(XWING_private_key) == sizeof(private_key),
"XWING private key size is incorrect");
- static_assert(
- alignof(struct XWING_private_key) == alignof(struct private_key),
- "XWING private key alignment is incorrect");
- return (struct private_key *)external;
+ static_assert(alignof(XWING_private_key) == alignof(private_key),
+ "XWING private key alignment is incorrect");
+ return (private_key *)external;
}
-static void xwing_expand_private_key(struct private_key *inout_private_key) {
- struct BORINGSSL_keccak_st context;
+static void xwing_expand_private_key(private_key *inout_private_key) {
+ BORINGSSL_keccak_st context;
BORINGSSL_keccak_init(&context, boringssl_shake256);
BORINGSSL_keccak_absorb(&context, inout_private_key->seed,
sizeof(inout_private_key->seed));
@@ -56,8 +55,7 @@
sizeof(inout_private_key->x25519_private_key));
}
-static int xwing_parse_private_key(struct private_key *out_private_key,
- CBS *in) {
+static int xwing_parse_private_key(private_key *out_private_key, CBS *in) {
if (!CBS_copy_bytes(in, out_private_key->seed,
sizeof(out_private_key->seed))) {
return 0;
@@ -67,14 +65,13 @@
return 1;
}
-static int xwing_marshal_private_key(CBB *out,
- const struct private_key *private_key) {
+static int xwing_marshal_private_key(CBB *out, const private_key *private_key) {
return CBB_add_bytes(out, private_key->seed, sizeof(private_key->seed));
}
static int xwing_public_from_private(
uint8_t out_encoded_public_key[XWING_PUBLIC_KEY_BYTES],
- const struct private_key *private_key) {
+ const private_key *private_key) {
CBB cbb;
if (!CBB_init_fixed(&cbb, out_encoded_public_key, XWING_PUBLIC_KEY_BYTES)) {
return 0;
@@ -107,7 +104,7 @@
const uint8_t mlkem_shared_secret[MLKEM_SHARED_SECRET_BYTES],
const uint8_t x25519_shared_secret[32], const uint8_t x25519_ciphertext[32],
const uint8_t x25519_public_key[32]) {
- struct BORINGSSL_keccak_st context;
+ BORINGSSL_keccak_st context;
BORINGSSL_keccak_init(&context, boringssl_sha3_256);
BORINGSSL_keccak_absorb(&context, mlkem_shared_secret,
@@ -142,7 +139,7 @@
int XWING_generate_key(uint8_t out_encoded_public_key[XWING_PUBLIC_KEY_BYTES],
struct XWING_private_key *out_private_key) {
- struct private_key *private_key = private_key_from_external(out_private_key);
+ private_key *private_key = private_key_from_external(out_private_key);
RAND_bytes(private_key->seed, sizeof(private_key->seed));
xwing_expand_private_key(private_key);
@@ -191,9 +188,8 @@
static_assert(MLKEM768_PUBLIC_KEY_BYTES <= XWING_PUBLIC_KEY_BYTES);
CBS_init(&mlkem_cbs, encoded_public_key, MLKEM768_PUBLIC_KEY_BYTES);
- BCM_mlkem768_public_key mlkem_public_key;
- if (!bcm_success(
- BCM_mlkem768_parse_public_key(&mlkem_public_key, &mlkem_cbs))) {
+ MLKEM768_public_key mlkem_public_key;
+ if (!MLKEM768_parse_public_key(&mlkem_public_key, &mlkem_cbs)) {
return 0;
}
@@ -210,7 +206,7 @@
static int xwing_decap(uint8_t out_shared_secret[XWING_SHARED_SECRET_BYTES],
const uint8_t ciphertext[XWING_CIPHERTEXT_BYTES],
- const struct private_key *private_key) {
+ const private_key *private_key) {
static_assert(XWING_CIPHERTEXT_BYTES >= MLKEM768_CIPHERTEXT_BYTES + 32);
const uint8_t *mlkem_ciphertext = ciphertext;
const uint8_t *x25519_ciphertext = ciphertext + MLKEM768_CIPHERTEXT_BYTES;
diff --git a/include/openssl/mldsa.h b/include/openssl/mldsa.h
index 63dc91f..decb5b3 100644
--- a/include/openssl/mldsa.h
+++ b/include/openssl/mldsa.h
@@ -65,10 +65,6 @@
} opaque;
};
-// MLDSA65_PRIVATE_KEY_BYTES is the number of bytes in an encoded ML-DSA-65
-// private key.
-#define MLDSA65_PRIVATE_KEY_BYTES 4032
-
// MLDSA65_PUBLIC_KEY_BYTES is the number of bytes in an encoded ML-DSA-65
// public key.
#define MLDSA65_PUBLIC_KEY_BYTES 1952
@@ -208,10 +204,6 @@
} opaque;
};
-// MLDSA87_PRIVATE_KEY_BYTES is the number of bytes in an encoded ML-DSA-87
-// private key.
-#define MLDSA87_PRIVATE_KEY_BYTES 4896
-
// MLDSA87_PUBLIC_KEY_BYTES is the number of bytes in an encoded ML-DSA-87
// public key.
#define MLDSA87_PUBLIC_KEY_BYTES 2592
@@ -348,10 +340,6 @@
} opaque;
};
-// MLDSA44_PRIVATE_KEY_BYTES is the number of bytes in an encoded ML-DSA-44
-// private key.
-#define MLDSA44_PRIVATE_KEY_BYTES 2560
-
// MLDSA44_PUBLIC_KEY_BYTES is the number of bytes in an encoded ML-DSA-44
// public key.
#define MLDSA44_PUBLIC_KEY_BYTES 1312
diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
index 044b96e..f4bb4d7 100644
--- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc
+++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
@@ -2046,7 +2046,7 @@
static bool MLDSAKeyGen(const Span<const uint8_t> args[],
ReplyCallback write_reply) {
const Span<const uint8_t> seed = args[0];
- if (seed.size() != BCM_MLDSA_SEED_BYTES) {
+ if (seed.size() != MLDSA_SEED_BYTES) {
LOG_ERROR("Bad seed size.\n");
return false;
}
@@ -2144,7 +2144,7 @@
static bool MLKEMKeyGen(const Span<const uint8_t> args[],
ReplyCallback write_reply) {
const Span<const uint8_t> seed = args[0];
- if (seed.size() != BCM_MLKEM_SEED_BYTES) {
+ if (seed.size() != MLKEM_SEED_BYTES) {
LOG_ERROR("Bad seed size.\n");
return false;
}
@@ -2186,7 +2186,7 @@
}
uint8_t ciphertext[CiphertextBytes];
- uint8_t shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES];
+ uint8_t shared_secret[MLKEM_SHARED_SECRET_BYTES];
Encap(ciphertext, shared_secret, pub.get(), entropy.data());
return write_reply({ciphertext, shared_secret});
@@ -2207,7 +2207,7 @@
return false;
}
- uint8_t shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES];
+ uint8_t shared_secret[MLKEM_SHARED_SECRET_BYTES];
if (!bcm_success(Decap(shared_secret, ciphertext.data(), ciphertext.size(),
priv.get()))) {
LOG_ERROR("ML-KEM decapsulation failed.\n");
@@ -2377,56 +2377,56 @@
{"ECDH/P-521", 3, ECDH<NID_secp521r1>},
{"FFDH", 6, FFDH},
{"ML-DSA-44/keyGen", 1,
- MLDSAKeyGen<BCM_mldsa44_private_key, BCM_MLDSA44_PUBLIC_KEY_BYTES,
+ MLDSAKeyGen<MLDSA44_private_key, MLDSA44_PUBLIC_KEY_BYTES,
BCM_mldsa44_generate_key_external_entropy_fips,
BCM_mldsa44_marshal_private_key>},
{"ML-DSA-65/keyGen", 1,
- MLDSAKeyGen<BCM_mldsa65_private_key, BCM_MLDSA65_PUBLIC_KEY_BYTES,
+ MLDSAKeyGen<MLDSA65_private_key, MLDSA65_PUBLIC_KEY_BYTES,
BCM_mldsa65_generate_key_external_entropy_fips,
BCM_mldsa65_marshal_private_key>},
{"ML-DSA-87/keyGen", 1,
- MLDSAKeyGen<BCM_mldsa87_private_key, BCM_MLDSA87_PUBLIC_KEY_BYTES,
+ MLDSAKeyGen<MLDSA87_private_key, MLDSA87_PUBLIC_KEY_BYTES,
BCM_mldsa87_generate_key_external_entropy_fips,
BCM_mldsa87_marshal_private_key>},
{"ML-DSA-44/sigGen", 3,
- MLDSASigGen<BCM_mldsa44_private_key, BCM_MLDSA44_SIGNATURE_BYTES,
+ MLDSASigGen<MLDSA44_private_key, MLDSA44_SIGNATURE_BYTES,
BCM_mldsa44_parse_private_key, BCM_mldsa44_sign_internal>},
{"ML-DSA-65/sigGen", 3,
- MLDSASigGen<BCM_mldsa65_private_key, BCM_MLDSA65_SIGNATURE_BYTES,
+ MLDSASigGen<MLDSA65_private_key, MLDSA65_SIGNATURE_BYTES,
BCM_mldsa65_parse_private_key, BCM_mldsa65_sign_internal>},
{"ML-DSA-87/sigGen", 3,
- MLDSASigGen<BCM_mldsa87_private_key, BCM_MLDSA87_SIGNATURE_BYTES,
+ MLDSASigGen<MLDSA87_private_key, MLDSA87_SIGNATURE_BYTES,
BCM_mldsa87_parse_private_key, BCM_mldsa87_sign_internal>},
{"ML-DSA-44/sigVer", 3,
- MLDSASigVer<BCM_mldsa44_public_key, BCM_MLDSA44_SIGNATURE_BYTES,
+ MLDSASigVer<MLDSA44_public_key, MLDSA44_SIGNATURE_BYTES,
BCM_mldsa44_parse_public_key, BCM_mldsa44_verify_internal>},
{"ML-DSA-65/sigVer", 3,
- MLDSASigVer<BCM_mldsa65_public_key, BCM_MLDSA65_SIGNATURE_BYTES,
+ MLDSASigVer<MLDSA65_public_key, MLDSA65_SIGNATURE_BYTES,
BCM_mldsa65_parse_public_key, BCM_mldsa65_verify_internal>},
{"ML-DSA-87/sigVer", 3,
- MLDSASigVer<BCM_mldsa87_public_key, BCM_MLDSA87_SIGNATURE_BYTES,
+ MLDSASigVer<MLDSA87_public_key, MLDSA87_SIGNATURE_BYTES,
BCM_mldsa87_parse_public_key, BCM_mldsa87_verify_internal>},
{"ML-KEM-768/keyGen", 1,
- MLKEMKeyGen<BCM_mlkem768_private_key, BCM_MLKEM768_PUBLIC_KEY_BYTES,
+ MLKEMKeyGen<MLKEM768_private_key, MLKEM768_PUBLIC_KEY_BYTES,
BCM_mlkem768_generate_key_external_seed,
BCM_mlkem768_marshal_private_key>},
{"ML-KEM-1024/keyGen", 1,
- MLKEMKeyGen<BCM_mlkem1024_private_key, BCM_MLKEM1024_PUBLIC_KEY_BYTES,
+ MLKEMKeyGen<MLKEM1024_private_key, MLKEM1024_PUBLIC_KEY_BYTES,
BCM_mlkem1024_generate_key_external_seed,
BCM_mlkem1024_marshal_private_key>},
{"ML-KEM-768/encap", 2,
- MLKEMEncap<BCM_mlkem768_public_key, BCM_mlkem768_parse_public_key,
- BCM_MLKEM768_CIPHERTEXT_BYTES,
+ MLKEMEncap<MLKEM768_public_key, BCM_mlkem768_parse_public_key,
+ MLKEM768_CIPHERTEXT_BYTES,
BCM_mlkem768_encap_external_entropy>},
{"ML-KEM-1024/encap", 2,
- MLKEMEncap<BCM_mlkem1024_public_key, BCM_mlkem1024_parse_public_key,
- BCM_MLKEM1024_CIPHERTEXT_BYTES,
+ MLKEMEncap<MLKEM1024_public_key, BCM_mlkem1024_parse_public_key,
+ MLKEM1024_CIPHERTEXT_BYTES,
BCM_mlkem1024_encap_external_entropy>},
{"ML-KEM-768/decap", 2,
- MLKEMDecap<BCM_mlkem768_private_key, BCM_mlkem768_parse_private_key,
+ MLKEMDecap<MLKEM768_private_key, BCM_mlkem768_parse_private_key,
BCM_mlkem768_decap>},
{"ML-KEM-1024/decap", 2,
- MLKEMDecap<BCM_mlkem1024_private_key, BCM_mlkem1024_parse_private_key,
+ MLKEMDecap<MLKEM1024_private_key, BCM_mlkem1024_parse_private_key,
BCM_mlkem1024_decap>},
{"SLH-DSA-SHA2-128s/keyGen", 1, SLHDSAKeyGen},
{"SLH-DSA-SHA2-128s/sigGen", 3, SLHDSASigGen},
diff --git a/util/fipstools/test_fips.cc b/util/fipstools/test_fips.cc
index 889a966..6391fbe 100644
--- a/util/fipstools/test_fips.cc
+++ b/util/fipstools/test_fips.cc
@@ -440,8 +440,8 @@
/* ML-KEM */
printf("About to generate ML-KEM key:\n");
auto mlkem_public_key_bytes =
- std::make_unique<uint8_t[]>(BCM_MLKEM768_PUBLIC_KEY_BYTES);
- auto mlkem_private_key = std::make_unique<BCM_mlkem768_private_key>();
+ std::make_unique<uint8_t[]>(MLKEM768_PUBLIC_KEY_BYTES);
+ auto mlkem_private_key = std::make_unique<MLKEM768_private_key>();
if (BCM_mlkem768_generate_key_fips(mlkem_public_key_bytes.get(), nullptr,
mlkem_private_key.get()) !=
bcm_status::approved) {
@@ -449,13 +449,13 @@
return 0;
}
printf(" got ");
- hexdump(mlkem_public_key_bytes.get(), BCM_MLKEM768_PUBLIC_KEY_BYTES);
+ hexdump(mlkem_public_key_bytes.get(), MLKEM768_PUBLIC_KEY_BYTES);
printf("About to do ML-KEM encap:\n");
auto mlkem_ciphertext =
- std::make_unique<uint8_t[]>(BCM_MLKEM768_CIPHERTEXT_BYTES);
- uint8_t mlkem_shared_secret[BCM_MLKEM_SHARED_SECRET_BYTES];
- auto mlkem_public_key = std::make_unique<BCM_mlkem768_public_key>();
+ std::make_unique<uint8_t[]>(MLKEM768_CIPHERTEXT_BYTES);
+ uint8_t mlkem_shared_secret[MLKEM_SHARED_SECRET_BYTES];
+ auto mlkem_public_key = std::make_unique<MLKEM768_public_key>();
BCM_mlkem768_public_from_private(mlkem_public_key.get(),
mlkem_private_key.get());
if (BCM_mlkem768_encap(mlkem_ciphertext.get(), mlkem_shared_secret,
@@ -468,7 +468,7 @@
printf("About to do ML-KEM decap:\n");
if (BCM_mlkem768_decap(mlkem_shared_secret, mlkem_ciphertext.get(),
- BCM_MLKEM768_CIPHERTEXT_BYTES,
+ MLKEM768_CIPHERTEXT_BYTES,
mlkem_private_key.get()) != bcm_status::approved) {
fprintf(stderr, "ML-KEM decap failed");
return 0;
@@ -479,29 +479,29 @@
/* ML-DSA */
printf("About to generate ML-DSA key:\n");
auto mldsa_public_key_bytes =
- std::make_unique<uint8_t[]>(BCM_MLDSA65_PUBLIC_KEY_BYTES);
- uint8_t mldsa_seed[BCM_MLDSA_SEED_BYTES];
- auto mldsa_priv = std::make_unique<BCM_mldsa65_private_key>();
+ std::make_unique<uint8_t[]>(MLDSA65_PUBLIC_KEY_BYTES);
+ uint8_t mldsa_seed[MLDSA_SEED_BYTES];
+ auto mldsa_priv = std::make_unique<MLDSA65_private_key>();
if (BCM_mldsa65_generate_key_fips(mldsa_public_key_bytes.get(), mldsa_seed,
mldsa_priv.get()) != bcm_status::approved) {
fprintf(stderr, "ML-DSA keygen failed");
return 0;
}
printf(" got ");
- hexdump(mldsa_public_key_bytes.get(), BCM_MLDSA65_PUBLIC_KEY_BYTES);
+ hexdump(mldsa_public_key_bytes.get(), MLDSA65_PUBLIC_KEY_BYTES);
printf("About to ML-DSA sign:\n");
- auto mldsa_sig = std::make_unique<uint8_t[]>(BCM_MLDSA65_SIGNATURE_BYTES);
+ auto mldsa_sig = std::make_unique<uint8_t[]>(MLDSA65_SIGNATURE_BYTES);
if (BCM_mldsa65_sign(mldsa_sig.get(), mldsa_priv.get(), nullptr, 0, nullptr,
0) != bcm_status::approved) {
fprintf(stderr, "ML-DSA sign failed");
return 0;
}
printf(" got ");
- hexdump(mldsa_sig.get(), BCM_MLDSA65_SIGNATURE_BYTES);
+ hexdump(mldsa_sig.get(), MLDSA65_SIGNATURE_BYTES);
printf("About to ML-DSA verify:\n");
- auto mldsa_pub = std::make_unique<BCM_mldsa65_public_key>();
+ auto mldsa_pub = std::make_unique<MLDSA65_public_key>();
if (BCM_mldsa65_public_from_private(mldsa_pub.get(), mldsa_priv.get()) !=
bcm_status::approved ||
BCM_mldsa65_verify(mldsa_pub.get(), mldsa_sig.get(), nullptr, 0, nullptr,
