From 8853eddc928b36aa83f7cea6850f50ae00577183 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@nbd.name>
Date: Sat, 12 Jul 2025 11:24:57 +0200
Subject: [PATCH] mldsa: add support for passing seed to the keygen

Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
 mldsa.c | 9 ++++++---
 mldsa.h | 3 ++-
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/mldsa.c b/mldsa.c
index 9db701c..aa3ef03 100644
--- a/mldsa.c
+++ b/mldsa.c
@@ -1892,10 +1892,13 @@ int MLD_44_ref_pubkey(uint8_t *pk, const uint8_t *sk)
   return 0;
 }
 
-int MLD_44_ref_keypair(uint8_t *pk, uint8_t *sk)
+int MLD_44_ref_keypair(uint8_t *pk, uint8_t *sk, const uint8_t *seed)
 {
-  uint8_t seed[MLDSA_SEEDBYTES];
-  randombytes(seed, MLDSA_SEEDBYTES);
+  uint8_t _seed[MLDSA_SEEDBYTES];
+  if (!seed) {
+	  randombytes(_seed, MLDSA_SEEDBYTES);
+	  seed = _seed;
+  }
   return crypto_sign_keypair_internal(pk, sk, seed);
 }
 
diff --git a/mldsa.h b/mldsa.h
index e451dff..fd08571 100644
--- a/mldsa.h
+++ b/mldsa.h
@@ -11,12 +11,13 @@
 #define MLD_44_PUBLICKEYBYTES 1312
 #define MLD_44_SECRETKEYBYTES 2560
 #define MLD_44_BYTES 2420
+#define MLDSA_SEEDBYTES 32
 
 #define MLD_44_ref_PUBLICKEYBYTES MLD_44_PUBLICKEYBYTES
 #define MLD_44_ref_SECRETKEYBYTES MLD_44_SECRETKEYBYTES
 #define MLD_44_ref_BYTES MLD_44_BYTES
 
-int MLD_44_ref_keypair(uint8_t *pk, uint8_t *sk);
+int MLD_44_ref_keypair(uint8_t *pk, uint8_t *sk, const uint8_t *seed);
 int MLD_44_ref_pubkey(uint8_t *pk, const uint8_t *sk);
 
 int MLD_44_ref_signature(uint8_t *sig, size_t *siglen, const uint8_t *m,
-- 
2.30.2