From: Felix Fietkau <nbd@nbd.name>
Date: Fri, 11 Jul 2025 09:25:56 +0000 (+0200)
Subject: mldsa: implement function for deriving public key from secret key
X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=dfe642e0bc64e7272f31b080bffc30b0a03fd719;p=project%2Funetd.git

mldsa: implement function for deriving public key from secret key

Signed-off-by: Felix Fietkau <nbd@nbd.name>
---

diff --git a/mldsa.c b/mldsa.c
index b302712..9db701c 100644
--- a/mldsa.c
+++ b/mldsa.c
@@ -1862,6 +1862,36 @@ crypto_sign_keypair_internal(uint8_t *pk, uint8_t *sk,
   return 0;
 }
 
+int MLD_44_ref_pubkey(uint8_t *pk, const uint8_t *sk)
+{
+  uint8_t rho[MLDSA_SEEDBYTES];
+  uint8_t key[MLDSA_SEEDBYTES];
+  uint8_t tr[MLDSA_TRBYTES];
+  polyvecl mat[MLDSA_K];
+  polyvecl s1;
+  polyveck s2, t2, t1, t0;
+
+  unpack_sk(rho, tr, key, &t0, &s1, &s2, sk);
+
+  /* Expand matrix */
+  polyvec_matrix_expand(mat, rho);
+
+  /* Matrix-vector multiplication */
+  polyvecl_ntt(&s1);
+  polyvec_matrix_pointwise_montgomery(&t1, mat, &s1);
+  polyveck_reduce(&t1);
+  polyveck_invntt_tomont(&t1);
+
+  /* Add error vector s2 */
+  polyveck_add(&t1, &s2);
+
+  /* Extract t1 and write public key */
+  polyveck_caddq(&t1);
+  polyveck_power2round(&t2, &t0, &t1);
+  pack_pk(pk, rho, &t2);
+  return 0;
+}
+
 int MLD_44_ref_keypair(uint8_t *pk, uint8_t *sk)
 {
   uint8_t seed[MLDSA_SEEDBYTES];
diff --git a/mldsa.h b/mldsa.h
index 7c41d2b..e451dff 100644
--- a/mldsa.h
+++ b/mldsa.h
@@ -17,6 +17,7 @@
 #define MLD_44_ref_BYTES MLD_44_BYTES
 
 int MLD_44_ref_keypair(uint8_t *pk, uint8_t *sk);
+int MLD_44_ref_pubkey(uint8_t *pk, const uint8_t *sk);
 
 int MLD_44_ref_signature(uint8_t *sig, size_t *siglen, const uint8_t *m,
                          size_t mlen, const uint8_t *ctx, size_t ctxlen,