ML_KEM_SHARED_SECRET_BYTES
static __owur int encrypt_cpa(uint8_t out[ML_KEM_SHARED_SECRET_BYTES],
decrypt_cpa(uint8_t out[ML_KEM_SHARED_SECRET_BYTES],
static int encap(uint8_t *ctext, uint8_t secret[ML_KEM_SHARED_SECRET_BYTES],
uint8_t Kr[ML_KEM_SHARED_SECRET_BYTES + ML_KEM_RANDOM_BYTES];
uint8_t *r = Kr + ML_KEM_SHARED_SECRET_BYTES;
memcpy(secret, Kr, ML_KEM_SHARED_SECRET_BYTES);
static int decap(uint8_t secret[ML_KEM_SHARED_SECRET_BYTES],
uint8_t decrypted[ML_KEM_SHARED_SECRET_BYTES + ML_KEM_PKHASH_BYTES];
uint8_t Kr[ML_KEM_SHARED_SECRET_BYTES + ML_KEM_RANDOM_BYTES];
uint8_t *r = Kr + ML_KEM_SHARED_SECRET_BYTES;
memcpy(decrypted + ML_KEM_SHARED_SECRET_BYTES, pkhash, ML_KEM_PKHASH_BYTES);
memcpy(secret, failure_key, ML_KEM_SHARED_SECRET_BYTES);
OPENSSL_cleanse(decrypted, ML_KEM_SHARED_SECRET_BYTES);
for (i = 0; i < ML_KEM_SHARED_SECRET_BYTES; i++)
OPENSSL_cleanse(decrypted, ML_KEM_SHARED_SECRET_BYTES);
#if ML_KEM_SEED_BYTES != ML_KEM_SHARED_SECRET_BYTES + ML_KEM_RANDOM_BYTES
|| shared_secret == NULL || slen != ML_KEM_SHARED_SECRET_BYTES
if (shared_secret == NULL || slen != ML_KEM_SHARED_SECRET_BYTES
ML_KEM_SHARED_SECRET_BYTES, vinfo->secbits);
#if ML_KEM_SHARED_SECRET_BYTES != ML_KEM_RANDOM_BYTES
static __owur int kdf(uint8_t out[ML_KEM_SHARED_SECRET_BYTES],
&& EVP_DigestFinalXOF(mdctx, out, ML_KEM_SHARED_SECRET_BYTES);
encap_slen = ML_KEM_SHARED_SECRET_BYTES;
size_t decap_slen = ML_KEM_SHARED_SECRET_BYTES;
*slen = ML_KEM_SHARED_SECRET_BYTES;
encap_slen = ML_KEM_SHARED_SECRET_BYTES + key->xinfo->shsec_bytes;
encap_slen = ML_KEM_SHARED_SECRET_BYTES;
if (encap_slen != ML_KEM_SHARED_SECRET_BYTES) {
sbuf = shsec + (1 - ml_kem_slot) * ML_KEM_SHARED_SECRET_BYTES;
size_t decap_slen = ML_KEM_SHARED_SECRET_BYTES + key->xinfo->shsec_bytes;
decap_slen = ML_KEM_SHARED_SECRET_BYTES;
if (decap_slen != ML_KEM_SHARED_SECRET_BYTES) {
sbuf = shsec + (1 - ml_kem_slot) * ML_KEM_SHARED_SECRET_BYTES;
unsigned char secret[ML_KEM_SHARED_SECRET_BYTES];
unsigned char out[ML_KEM_SHARED_SECRET_BYTES];
|| !TEST_size_t_eq(bgenkeylen, ML_KEM_SHARED_SECRET_BYTES))
expected_shared_secret[i], ML_KEM_SHARED_SECRET_BYTES))
if (!TEST_size_t_eq(agenkeylen, ML_KEM_SHARED_SECRET_BYTES))
uint8_t shared_secret[ML_KEM_SHARED_SECRET_BYTES];
uint8_t shared_secret2[ML_KEM_SHARED_SECRET_BYTES];
ML_KEM_SHARED_SECRET_BYTES))
decap_entropy, ML_KEM_SHARED_SECRET_BYTES))