1 /*	$OpenBSD: mlkem_internal.h,v 1.4 2024/12/19 23:52:26 tb Exp $ */
2 /*
3  * Copyright (c) 2023, Google Inc.
4  *
5  * Permission to use, copy, modify, and/or distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #ifndef OPENSSL_HEADER_CRYPTO_MLKEM_INTERNAL_H
19 #define OPENSSL_HEADER_CRYPTO_MLKEM_INTERNAL_H
20 
21 #include "bytestring.h"
22 #include "mlkem.h"
23 
24 #if defined(__cplusplus)
25 extern "C" {
26 #endif
27 
28 __BEGIN_HIDDEN_DECLS
29 
30 /*
31  * MLKEM_ENCAP_ENTROPY is the number of bytes of uniformly random entropy
32  * necessary to encapsulate a secret. The entropy will be leaked to the
33  * decapsulating party.
34  */
35 #define MLKEM_ENCAP_ENTROPY 32
36 
37 /*
38  * MLKEM768_generate_key_external_entropy is a deterministic function to create a
39  * pair of ML-KEM 768 keys, using the supplied entropy. The entropy needs to be
40  * uniformly random generated. This function is should only be used for tests,
41  * regular callers should use the non-deterministic |MLKEM_generate_key|
42  * directly.
43  */
44 void MLKEM768_generate_key_external_entropy(
45     uint8_t out_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES],
46     struct MLKEM768_private_key *out_private_key,
47     const uint8_t entropy[MLKEM_SEED_BYTES]);
48 
49 /*
50  * MLKEM768_PRIVATE_KEY_BYTES is the length of the data produced by
51  * |MLKEM768_marshal_private_key|.
52  */
53 #define MLKEM768_PRIVATE_KEY_BYTES 2400
54 
55 /*
56  * MLKEM768_marshal_private_key serializes |private_key| to |out| in the standard
57  * format for ML-KEM private keys. It returns one on success or zero on
58  * allocation error.
59  */
60 int MLKEM768_marshal_private_key(CBB *out,
61     const struct MLKEM768_private_key *private_key);
62 
63 /*
64  * MLKEM_encap_external_entropy behaves like |MLKEM_encap|, but uses
65  * |MLKEM_ENCAP_ENTROPY| bytes of |entropy| for randomization. The decapsulating
66  * side will be able to recover |entropy| in full. This function should only be
67  * used for tests, regular callers should use the non-deterministic
68  * |MLKEM_encap| directly.
69  */
70 void MLKEM768_encap_external_entropy(
71     uint8_t out_ciphertext[MLKEM768_CIPHERTEXT_BYTES],
72     uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
73     const struct MLKEM768_public_key *public_key,
74     const uint8_t entropy[MLKEM_ENCAP_ENTROPY]);
75 
76 /*
77  * MLKEM1024_generate_key_external_entropy is a deterministic function to create a
78  * pair of ML-KEM 1024 keys, using the supplied entropy. The entropy needs to be
79  * uniformly random generated. This function is should only be used for tests,
80  * regular callers should use the non-deterministic |MLKEM_generate_key|
81  * directly.
82  */
83 void MLKEM1024_generate_key_external_entropy(
84     uint8_t out_encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES],
85     struct MLKEM1024_private_key *out_private_key,
86     const uint8_t entropy[MLKEM_SEED_BYTES]);
87 
88 /*
89  * MLKEM1024_PRIVATE_KEY_BYTES is the length of the data produced by
90  * |MLKEM1024_marshal_private_key|.
91  */
92 #define MLKEM1024_PRIVATE_KEY_BYTES 3168
93 
94 /*
95  * MLKEM1024_marshal_private_key serializes |private_key| to |out| in the
96  * standard format for ML-KEM private keys. It returns one on success or zero on
97  * allocation error.
98  */
99 int MLKEM1024_marshal_private_key(CBB *out,
100     const struct MLKEM1024_private_key *private_key);
101 
102 /*
103  * MLKEM_encap_external_entropy behaves like |MLKEM_encap|, but uses
104  * |MLKEM_ENCAP_ENTROPY| bytes of |entropy| for randomization. The decapsulating
105  * side will be able to recover |entropy| in full. This function should only be
106  * used for tests, regular callers should use the non-deterministic
107  * |MLKEM_encap| directly.
108  */
109 void MLKEM1024_encap_external_entropy(
110     uint8_t out_ciphertext[MLKEM1024_CIPHERTEXT_BYTES],
111     uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
112     const struct MLKEM1024_public_key *public_key,
113     const uint8_t entropy[MLKEM_ENCAP_ENTROPY]);
114 
115 __END_HIDDEN_DECLS
116 
117 #if defined(__cplusplus)
118 }
119 #endif
120 
121 #endif  /* OPENSSL_HEADER_CRYPTO_MLKEM_INTERNAL_H */
122