implemented alternative tagging

aws · Feb 27, 2025 · d70db93 · d70db93
1 parent 7796da1
commit d70db93
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 30 deletions.
diff --git a/crypto/evp_extra/evp_extra_test.cc b/crypto/evp_extra/evp_extra_test.cc
@@ -702,7 +702,7 @@ static const uint8_t kInvalidPrivateKey[] = {
 static const uint8_t kExampleMLDSA65KeyDER[] = {
     0x30, 0x82, 0x0F, 0xD8, 0x02, 0x01, 0x00, 0x30, 0x0B, 0x06, 0x09, 0x60,
     0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x12, 0x04, 0x82, 0x0F, 0xC4,
-    0x04, 0x82, 0x0F, 0xC0, 0x48, 0x68, 0x3D, 0x91, 0x97, 0x8E, 0x31, 0xEB,
+    0x81, 0x82, 0x0F, 0xC0, 0x48, 0x68, 0x3D, 0x91, 0x97, 0x8E, 0x31, 0xEB,
     0x3D, 0xDD, 0xB8, 0xB0, 0x47, 0x34, 0x82, 0xD2, 0xB8, 0x8A, 0x5F, 0x62,
     0x59, 0x49, 0xFD, 0x8F, 0x58, 0xA5, 0x61, 0xE6, 0x96, 0xBD, 0x4C, 0x27,
     0xD8, 0x53, 0xFA, 0x69, 0xB8, 0x19, 0x90, 0x23, 0xE8, 0xCD, 0x67, 0x8D,

diff --git a/crypto/evp_extra/p_pqdsa_asn1.c b/crypto/evp_extra/p_pqdsa_asn1.c
@@ -158,31 +158,20 @@ static int pqdsa_priv_decode(EVP_PKEY *out, CBS *params, CBS *key, CBS *pubkey)
 
   // Try to parse as one of the three ASN.1 formats defined in ML-DSA-XX-PrivateKey
   // Currently only the following cases are supported:
-  // Case 1: seed [0] OCTET STRING
-  // Case 2: expandedKey OCTET STRING
+  // Case 1: seed OCTET STRING
+  // Case 2: expandedKey [1] OCTET STRING
 
   // Once https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium-certificates/
   // is stable we will implement:
   // Case 3: both SEQUENCE { seed, expandedKey }
 
-  if (CBS_peek_asn1_tag(key, CBS_ASN1_CONTEXT_SPECIFIC | 0)) {
-    // Case 1: seed [0] OCTET STRING
-    CBS seed;
-    if (!CBS_get_asn1(key, &seed, CBS_ASN1_CONTEXT_SPECIFIC | 0)) {
-      OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
-      return 0;
-    }
-
-    if (CBS_len(&seed) != out->pkey.pqdsa_key->pqdsa->keygen_seed_len) {
-      OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
-      return 0;
-    }
-
-    return PQDSA_KEY_set_raw_keypair_from_seed(out->pkey.pqdsa_key, &seed);
-  } else if (CBS_peek_asn1_tag(key, CBS_ASN1_OCTETSTRING)) {
-    // Case 2: expandedKey OCTET STRING
+  if (CBS_len(key) == out->pkey.pqdsa_key->pqdsa->keygen_seed_len) {
+    // Case 1: seed OCTET STRING
+    return PQDSA_KEY_set_raw_keypair_from_seed(out->pkey.pqdsa_key, key);
+  } else if (CBS_peek_asn1_tag(key, CBS_ASN1_CONTEXT_SPECIFIC | 1)) {
+    // Case 2: expandedKey [1] OCTET STRING
     CBS expanded_key;
-    if (!CBS_get_asn1(key, &expanded_key, CBS_ASN1_OCTETSTRING)) {
+    if (!CBS_get_asn1(key, &expanded_key, CBS_ASN1_CONTEXT_SPECIFIC | 1)) {
       OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
       return 0;
     }
@@ -191,7 +180,6 @@ static int pqdsa_priv_decode(EVP_PKEY *out, CBS *params, CBS *key, CBS *pubkey)
       OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
       return 0;
     }
-
     return PQDSA_KEY_set_raw_private_key(out->pkey.pqdsa_key, &expanded_key);
   } else {
     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
@@ -207,15 +195,14 @@ static int pqdsa_priv_encode(CBB *out, const EVP_PKEY *pkey) {
     return 0;
   }
   // See https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium-certificates/ section 6.
-  CBB pkcs8, algorithm, oid, private_key, seed_choice;
+  CBB pkcs8, algorithm, oid, private_key;
   if (!CBB_add_asn1(out, &pkcs8, CBS_ASN1_SEQUENCE) ||
       !CBB_add_asn1_uint64(&pkcs8, PKCS8_VERSION_ONE /* version */) ||
       !CBB_add_asn1(&pkcs8, &algorithm, CBS_ASN1_SEQUENCE) ||
       !CBB_add_asn1(&algorithm, &oid, CBS_ASN1_OBJECT) ||
       !CBB_add_bytes(&oid, pqdsa->oid, pqdsa->oid_len) ||
       !CBB_add_asn1(&pkcs8, &private_key, CBS_ASN1_OCTETSTRING) ||
-      !CBB_add_asn1(&private_key, &seed_choice, CBS_ASN1_CONTEXT_SPECIFIC | 0) ||
-      !CBB_add_bytes(&seed_choice, key->seed, pqdsa->keygen_seed_len) ||
+      !CBB_add_bytes(&private_key, key->seed, pqdsa->keygen_seed_len) ||
       !CBB_flush(out)) {
     OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
     return 0;

diff --git a/crypto/evp_extra/p_pqdsa_test.cc b/crypto/evp_extra/p_pqdsa_test.cc
@@ -1089,20 +1089,20 @@ const char *mldsa_87_pub_pem_str =
 // C.1.  Example Private Key
 const char *mldsa_44_priv_pem_str =
 "-----BEGIN PRIVATE KEY-----\n"
-"MDQCAQAwCwYJYIZIAWUDBAMRBCKAIAABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZ\n"
-"GhscHR4f\n"
+"MDICAQAwCwYJYIZIAWUDBAMRBCAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRob\n"
+"HB0eHw==\n"
 "-----END PRIVATE KEY-----\n";
 
 const char *mldsa_65_priv_pem_str =
 "-----BEGIN PRIVATE KEY-----\n"
-"MDQCAQAwCwYJYIZIAWUDBAMSBCKAIAABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZ\n"
-"GhscHR4f\n"
+"MDICAQAwCwYJYIZIAWUDBAMSBCAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRob\n"
+"HB0eHw==\n"
 "-----END PRIVATE KEY-----\n";
 
 const char *mldsa_87_priv_pem_str =
 "-----BEGIN PRIVATE KEY-----\n"
-"MDQCAQAwCwYJYIZIAWUDBAMTBCKAIAABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZ\n"
-"GhscHR4f\n"
+"MDICAQAwCwYJYIZIAWUDBAMTBCAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRob\n"
+"HB0eHw==\n"
 "-----END PRIVATE KEY-----\n";
 
 struct PQDSATestVector {