From 0ae596a402bfca820f4fce35015fc1825a7c7dfc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sat, 4 Oct 2025 14:41:17 +0100 Subject: [PATCH] API: Add check_sk and check_pk to external API Signed-off-by: Hanno Becker --- mlkem/mlkem_native.S | 2 ++ mlkem/mlkem_native.c | 2 ++ mlkem/mlkem_native.h | 41 +++++++++++++++++++++++++++++++++++++++++ mlkem/src/kem.c | 4 ++-- mlkem/src/kem.h | 4 ++-- 5 files changed, 49 insertions(+), 4 deletions(-) diff --git a/mlkem/mlkem_native.S b/mlkem/mlkem_native.S index bff040079..27fa0ed6f 100644 --- a/mlkem/mlkem_native.S +++ b/mlkem/mlkem_native.S @@ -157,6 +157,8 @@ #undef MLK_API_MUST_CHECK_RETURN_VALUE #undef MLK_API_NAMESPACE #undef MLK_H +#undef crypto_kem_check_pk +#undef crypto_kem_check_sk #undef crypto_kem_dec #undef crypto_kem_enc #undef crypto_kem_enc_derand diff --git a/mlkem/mlkem_native.c b/mlkem/mlkem_native.c index 74c1f9387..e2a3a2c03 100644 --- a/mlkem/mlkem_native.c +++ b/mlkem/mlkem_native.c @@ -144,6 +144,8 @@ #undef MLK_API_MUST_CHECK_RETURN_VALUE #undef MLK_API_NAMESPACE #undef MLK_H +#undef crypto_kem_check_pk +#undef crypto_kem_check_sk #undef crypto_kem_dec #undef crypto_kem_enc #undef crypto_kem_enc_derand diff --git a/mlkem/mlkem_native.h b/mlkem/mlkem_native.h index e6d386222..08e083d9d 100644 --- a/mlkem/mlkem_native.h +++ b/mlkem/mlkem_native.h @@ -262,6 +262,45 @@ int MLK_API_NAMESPACE(dec)( const uint8_t ct[MLKEM_CIPHERTEXTBYTES(MLK_CONFIG_API_PARAMETER_SET)], const uint8_t sk[MLKEM_SECRETKEYBYTES(MLK_CONFIG_API_PARAMETER_SET)]); +/************************************************* + * Name: crypto_kem_check_pk + * + * Description: Implements modulus check mandated by FIPS 203, + * i.e., ensures that coefficients are in [0,q-1]. + * + * Arguments: - const uint8_t *pk: pointer to input public key, an array of + * MLKEM{512,768,1024}_PUBLICKEYBYTES bytes. + * + * Returns: - 0 on success + * - -1 on failure + * + * Specification: Implements @[FIPS203, Section 7.2, 'modulus check'] + * + **************************************************/ +MLK_API_MUST_CHECK_RETURN_VALUE +int MLK_API_NAMESPACE(check_pk)( + const uint8_t pk[MLKEM_PUBLICKEYBYTES(MLK_CONFIG_API_PARAMETER_SET)]); + +/************************************************* + * Name: crypto_kem_check_sk + * + * Description: Implements public key hash check mandated by FIPS 203, + * i.e., ensures that + * sk[768𝑘+32 ∶ 768𝑘+64] = H(pk)= H(sk[384𝑘 : 768𝑘+32]) + * + * Arguments: - const uint8_t *sk: pointer to input private key, an array of + * MLKEM{512,768,1024}_SECRETKEYBYTES bytes. + * + * Returns: - 0 on success + * - -1 on failure + * + * Specification: Implements @[FIPS203, Section 7.3, 'hash check'] + * + **************************************************/ +MLK_API_MUST_CHECK_RETURN_VALUE +int MLK_API_NAMESPACE(check_sk)( + const uint8_t sk[MLKEM_SECRETKEYBYTES(MLK_CONFIG_API_PARAMETER_SET)]); + /****************************** SUPERCOP API *********************************/ #if !defined(MLK_CONFIG_API_NO_SUPERCOP) @@ -278,6 +317,8 @@ int MLK_API_NAMESPACE(dec)( #define crypto_kem_enc_derand MLK_API_NAMESPACE(enc_derand) #define crypto_kem_enc MLK_API_NAMESPACE(enc) #define crypto_kem_dec MLK_API_NAMESPACE(dec) +#define crypto_kem_check_pk MLK_API_NAMESPACE(check_pk) +#define crypto_kem_check_sk MLK_API_NAMESPACE(check_sk) #else /* !MLK_CONFIG_API_NO_SUPERCOP */ diff --git a/mlkem/src/kem.c b/mlkem/src/kem.c index 01430e2c2..6084cf66f 100644 --- a/mlkem/src/kem.c +++ b/mlkem/src/kem.c @@ -50,7 +50,7 @@ __contract__( /* Reference: Not implemented in the reference implementation @[REF]. */ -MLK_INTERNAL_API +MLK_EXTERNAL_API MLK_MUST_CHECK_RETURN_VALUE int crypto_kem_check_pk(const uint8_t pk[MLKEM_INDCCA_PUBLICKEYBYTES]) { @@ -75,7 +75,7 @@ int crypto_kem_check_pk(const uint8_t pk[MLKEM_INDCCA_PUBLICKEYBYTES]) /* Reference: Not implemented in the reference implementation @[REF]. */ -MLK_INTERNAL_API +MLK_EXTERNAL_API MLK_MUST_CHECK_RETURN_VALUE int crypto_kem_check_sk(const uint8_t sk[MLKEM_INDCCA_SECRETKEYBYTES]) { diff --git a/mlkem/src/kem.h b/mlkem/src/kem.h index effe21a51..506c53f8a 100644 --- a/mlkem/src/kem.h +++ b/mlkem/src/kem.h @@ -77,7 +77,7 @@ **************************************************/ /* Reference: Not implemented in the reference implementation @[REF]. */ -MLK_INTERNAL_API +MLK_EXTERNAL_API MLK_MUST_CHECK_RETURN_VALUE int crypto_kem_check_pk(const uint8_t pk[MLKEM_INDCCA_PUBLICKEYBYTES]) __contract__( @@ -105,7 +105,7 @@ __contract__( **************************************************/ /* Reference: Not implemented in the reference implementation @[REF]. */ -MLK_INTERNAL_API +MLK_EXTERNAL_API MLK_MUST_CHECK_RETURN_VALUE int crypto_kem_check_sk(const uint8_t sk[MLKEM_INDCCA_SECRETKEYBYTES]) __contract__(