Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support to export ML-DSA key-pairs in seed format #2194

Merged
merged 42 commits into from
Feb 28, 2025
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
42 commits
Select commit Hold shift + click to select a range
7d8957a
store seed during keygen and export
jakemas Feb 13, 2025
bb3f760
clear seed
jakemas Feb 13, 2025
c307952
removed get_raw_seed
jakemas Feb 18, 2025
11b51ec
Merge branch 'main' into ml-dsa-seeds
jakemas Feb 19, 2025
2132f7f
Merge branch 'main' into ml-dsa-seeds
jakemas Feb 20, 2025
09bd679
memory freeing
jakemas Feb 20, 2025
6d6127f
added failure mode test
jakemas Feb 20, 2025
6473b30
clean up failure mode tests
jakemas Feb 20, 2025
f178391
added EVP documentation
jakemas Feb 24, 2025
d1ee613
Merge branch 'main' into ml-dsa-seeds
jakemas Feb 24, 2025
ce5cd9b
CR fix
jakemas Feb 24, 2025
1ed7e2e
Merge branch 'ml-dsa-seeds' of github.com:jakemas/aws-lc into ml-dsa-…
jakemas Feb 24, 2025
7afa89a
cr fixes
jakemas Feb 24, 2025
270c74f
revert
jakemas Feb 24, 2025
b482db7
cbs copy change
jakemas Feb 25, 2025
9e86f22
implement pkcs8v2 asn1
jakemas Feb 25, 2025
2c2666f
move function back
jakemas Feb 25, 2025
1e47e2d
free der
jakemas Feb 25, 2025
a3f0212
modify asn.1 mldsa encode to match draft RFC
jakemas Feb 26, 2025
95ce517
Merge branch 'main' into ml-dsa-seeds
jakemas Feb 26, 2025
61cf26e
one not two
jakemas Feb 26, 2025
c0b93e7
Merge branch 'ml-dsa-seeds' of github.com:jakemas/aws-lc into ml-dsa-…
jakemas Feb 26, 2025
20f6d7e
restore comment
jakemas Feb 26, 2025
25959e9
cleaned up documentation
jakemas Feb 26, 2025
3692f72
remove PQDSA utility; seed from key
jakemas Feb 26, 2025
e550280
update encoding/decoding to align with standard
jakemas Feb 26, 2025
6164a3d
updated test key to RFC
jakemas Feb 26, 2025
75ca581
Merge branch 'main' into ml-dsa-seeds
jakemas Feb 26, 2025
0679285
implement import key as seed
jakemas Feb 26, 2025
36df5ed
implement import key as seed
jakemas Feb 26, 2025
da1aa98
reinstate comment
jakemas Feb 26, 2025
117728b
nits
jakemas Feb 26, 2025
7796da1
CR nits
jakemas Feb 26, 2025
d70db93
implemented alternative tagging
jakemas Feb 27, 2025
c3bde1c
0 tag
jakemas Feb 27, 2025
c3563dc
CR fixes
jakemas Feb 27, 2025
7e68294
CR fixes
jakemas Feb 27, 2025
54ca186
support current format also
jakemas Feb 27, 2025
b4a52ed
CR fixes
jakemas Feb 28, 2025
c8f5c33
Rework how OID is handled and passed down
skmcgrail Feb 28, 2025
d4455e0
put tag back on seed
jakemas Feb 28, 2025
f718c29
Merge branch 'main' into ml-dsa-seeds
jakemas Feb 28, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion crypto/evp_extra/evp_extra_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -702,7 +702,7 @@ static const uint8_t kInvalidPrivateKey[] = {
static const uint8_t kExampleMLDSA65KeyDER[] = {
0x30, 0x82, 0x0F, 0xD8, 0x02, 0x01, 0x00, 0x30, 0x0B, 0x06, 0x09, 0x60,
0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x12, 0x04, 0x82, 0x0F, 0xC4,
0x04, 0x82, 0x0F, 0xC0, 0x48, 0x68, 0x3D, 0x91, 0x97, 0x8E, 0x31, 0xEB,
0x81, 0x82, 0x0F, 0xC0, 0x48, 0x68, 0x3D, 0x91, 0x97, 0x8E, 0x31, 0xEB,
0x3D, 0xDD, 0xB8, 0xB0, 0x47, 0x34, 0x82, 0xD2, 0xB8, 0x8A, 0x5F, 0x62,
0x59, 0x49, 0xFD, 0x8F, 0x58, 0xA5, 0x61, 0xE6, 0x96, 0xBD, 0x4C, 0x27,
0xD8, 0x53, 0xFA, 0x69, 0xB8, 0x19, 0x90, 0x23, 0xE8, 0xCD, 0x67, 0x8D,
Expand Down
33 changes: 10 additions & 23 deletions crypto/evp_extra/p_pqdsa_asn1.c
Original file line number Diff line number Diff line change
Expand Up @@ -158,31 +158,20 @@ static int pqdsa_priv_decode(EVP_PKEY *out, CBS *params, CBS *key, CBS *pubkey)

// Try to parse as one of the three ASN.1 formats defined in ML-DSA-XX-PrivateKey
// Currently only the following cases are supported:
// Case 1: seed [0] OCTET STRING
// Case 2: expandedKey OCTET STRING
// Case 1: seed OCTET STRING
// Case 2: expandedKey [1] OCTET STRING

// Once https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium-certificates/
// is stable we will implement:
// Case 3: both SEQUENCE { seed, expandedKey }

if (CBS_peek_asn1_tag(key, CBS_ASN1_CONTEXT_SPECIFIC | 0)) {
// Case 1: seed [0] OCTET STRING
CBS seed;
if (!CBS_get_asn1(key, &seed, CBS_ASN1_CONTEXT_SPECIFIC | 0)) {
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
return 0;
}

if (CBS_len(&seed) != out->pkey.pqdsa_key->pqdsa->keygen_seed_len) {
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
return 0;
}

return PQDSA_KEY_set_raw_keypair_from_seed(out->pkey.pqdsa_key, &seed);
} else if (CBS_peek_asn1_tag(key, CBS_ASN1_OCTETSTRING)) {
// Case 2: expandedKey OCTET STRING
if (CBS_len(key) == out->pkey.pqdsa_key->pqdsa->keygen_seed_len) {
// Case 1: seed OCTET STRING
return PQDSA_KEY_set_raw_keypair_from_seed(out->pkey.pqdsa_key, key);
} else if (CBS_peek_asn1_tag(key, CBS_ASN1_CONTEXT_SPECIFIC | 1)) {
// Case 2: expandedKey [1] OCTET STRING
CBS expanded_key;
if (!CBS_get_asn1(key, &expanded_key, CBS_ASN1_OCTETSTRING)) {
if (!CBS_get_asn1(key, &expanded_key, CBS_ASN1_CONTEXT_SPECIFIC | 1)) {
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
return 0;
}
Expand All @@ -191,7 +180,6 @@ static int pqdsa_priv_decode(EVP_PKEY *out, CBS *params, CBS *key, CBS *pubkey)
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
return 0;
}

return PQDSA_KEY_set_raw_private_key(out->pkey.pqdsa_key, &expanded_key);
} else {
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
Expand All @@ -207,15 +195,14 @@ static int pqdsa_priv_encode(CBB *out, const EVP_PKEY *pkey) {
return 0;
}
// See https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium-certificates/ section 6.
CBB pkcs8, algorithm, oid, private_key, seed_choice;
CBB pkcs8, algorithm, oid, private_key;
if (!CBB_add_asn1(out, &pkcs8, CBS_ASN1_SEQUENCE) ||
!CBB_add_asn1_uint64(&pkcs8, PKCS8_VERSION_ONE /* version */) ||
!CBB_add_asn1(&pkcs8, &algorithm, CBS_ASN1_SEQUENCE) ||
!CBB_add_asn1(&algorithm, &oid, CBS_ASN1_OBJECT) ||
!CBB_add_bytes(&oid, pqdsa->oid, pqdsa->oid_len) ||
!CBB_add_asn1(&pkcs8, &private_key, CBS_ASN1_OCTETSTRING) ||
!CBB_add_asn1(&private_key, &seed_choice, CBS_ASN1_CONTEXT_SPECIFIC | 0) ||
!CBB_add_bytes(&seed_choice, key->seed, pqdsa->keygen_seed_len) ||
!CBB_add_bytes(&private_key, key->seed, pqdsa->keygen_seed_len) ||
!CBB_flush(out)) {
OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
return 0;
Expand Down
12 changes: 6 additions & 6 deletions crypto/evp_extra/p_pqdsa_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -1089,20 +1089,20 @@ const char *mldsa_87_pub_pem_str =
// C.1. Example Private Key
const char *mldsa_44_priv_pem_str =
"-----BEGIN PRIVATE KEY-----\n"
"MDQCAQAwCwYJYIZIAWUDBAMRBCKAIAABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZ\n"
"GhscHR4f\n"
"MDICAQAwCwYJYIZIAWUDBAMRBCAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRob\n"
"HB0eHw==\n"
"-----END PRIVATE KEY-----\n";

const char *mldsa_65_priv_pem_str =
"-----BEGIN PRIVATE KEY-----\n"
"MDQCAQAwCwYJYIZIAWUDBAMSBCKAIAABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZ\n"
"GhscHR4f\n"
"MDICAQAwCwYJYIZIAWUDBAMSBCAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRob\n"
"HB0eHw==\n"
"-----END PRIVATE KEY-----\n";

const char *mldsa_87_priv_pem_str =
"-----BEGIN PRIVATE KEY-----\n"
"MDQCAQAwCwYJYIZIAWUDBAMTBCKAIAABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZ\n"
"GhscHR4f\n"
"MDICAQAwCwYJYIZIAWUDBAMTBCAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRob\n"
"HB0eHw==\n"
"-----END PRIVATE KEY-----\n";

struct PQDSATestVector {
Expand Down
Loading