Merge branch 'main' into implement-ec-cli

Author: kingstjo

crypto/evp_extra/p_kem_asn1.c

@@ -178,26 +178,45 @@ static int kem_priv_decode(EVP_PKEY *out, CBS *oid, CBS *params, CBS *key,
     return 0;
   }
 
-  // At the moment, we only support expandedKey format from
-  // https://datatracker.ietf.org/doc/draft-ietf-lamps-kyber-certificates.
-  // TODO(awslc): add support for "seed" and "both" formats.
-  if (!CBS_peek_asn1_tag(key, CBS_ASN1_OCTETSTRING)) {
+  // Support multiple ML-KEM private key formats from
+  // https://datatracker.ietf.org/doc/draft-ietf-lamps-kyber-certificates/
+  // Case 1: seed [0] OCTET STRING
+  // Case 2: expandedKey OCTET STRING
+  // Case 3: TODO: both SEQUENCE {seed, expandedKey}
+
+  if (CBS_peek_asn1_tag(key, CBS_ASN1_CONTEXT_SPECIFIC)) {
+    // Case 1: seed [0] OCTET STRING
+    CBS seed;
+    if (!CBS_get_asn1(key, &seed, CBS_ASN1_CONTEXT_SPECIFIC)) {
+      OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+      return 0;
+    }
+
+    if (CBS_len(&seed) != out->pkey.kem_key->kem->keygen_seed_len) {
+      OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
+      return 0;
+    }
+
+    return KEM_KEY_set_raw_keypair_from_seed(out->pkey.kem_key, &seed);
+  } else if (CBS_peek_asn1_tag(key, CBS_ASN1_OCTETSTRING)) {
+    // Case 2: expandedKey OCTET STRING
+    CBS expanded_key;
+    if (!CBS_get_asn1(key, &expanded_key, CBS_ASN1_OCTETSTRING)) {
+      OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+      return 0;
+    }
+
+    if (CBS_len(&expanded_key) != out->pkey.kem_key->kem->secret_key_len) {
+      OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
+      return 0;
+    }
+
+    return KEM_KEY_set_raw_secret_key(out->pkey.kem_key, CBS_data(&expanded_key));
+  } else {
+    // Case 3: both SEQUENCE {seed, expandedKey} - not implemented yet
     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
     return 0;
   }
-
-  CBS expanded_key;
-  if (!CBS_get_asn1(key, &expanded_key, CBS_ASN1_OCTETSTRING)) {
-    OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
-    return 0;
-  }
-
-  if (CBS_len(&expanded_key) != out->pkey.kem_key->kem->secret_key_len) {
-    OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
-    return 0;
-  }
-
-  return KEM_KEY_set_raw_secret_key(out->pkey.kem_key, CBS_data(&expanded_key));
 }
 
 static int kem_priv_encode(CBB *out, const EVP_PKEY *pkey) {

crypto/evp_extra/p_kem_test.cc

@@ -98,6 +98,17 @@ int KEM_KEY_set_raw_secret_key(KEM_KEY *key, const uint8_t *in);
 int KEM_KEY_set_raw_key(KEM_KEY *key, const uint8_t *in_public,
                                       const uint8_t *in_secret);
 
+// KEM_KEY_set_raw_keypair_from_seed function generates a keypair from the
+// given seed using the appropriate key generation function based on the
+// KEM variant, then allocates and sets both public and secret key buffers
+// within the given |key|.
+//
+// NOTE: The seed must be exactly 64 bytes for all ML-KEM variants.
+//       The caller must ensure the seed CBS contains valid data.
+//       |key->kem| must be initialized and |key->public_key| and 
+//       |key->secret_key| must both be NULL.
+int KEM_KEY_set_raw_keypair_from_seed(KEM_KEY *key, const CBS *seed);
+
 #if defined(__cplusplus)
 }  // extern C
 #endif

crypto/fipsmodule/kem/internal.h

@@ -7,6 +7,8 @@
 #include "../delocate.h"
 #include "../ml_kem/ml_kem.h"
 #include "internal.h"
+#include <openssl/bytestring.h>
+#include <openssl/err.h>
 
 // https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration
 // 2.16.840.1.101.3.4.4.1
@@ -306,3 +308,51 @@ int KEM_KEY_set_raw_key(KEM_KEY *key, const uint8_t *in_public,
 
   return 1;
 }
+
+int KEM_KEY_set_raw_keypair_from_seed(KEM_KEY *key, const CBS *seed) {
+  if (key == NULL || seed == NULL || key->kem == NULL) {
+    OPENSSL_PUT_ERROR(CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+    return 0;
+  }
+
+  // Ensure key is uninitialized
+  if (key->public_key != NULL || key->secret_key != NULL) {
+    OPENSSL_PUT_ERROR(CRYPTO, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return 0;
+  }
+
+  // Validate seed length - all ML-KEM variants use 64-byte seeds
+  if (CBS_len(seed) != key->kem->keygen_seed_len) {
+    OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW);
+    return 0;
+  }
+
+  // Allocate buffers for key generation
+  uint8_t *public_key = OPENSSL_malloc(key->kem->public_key_len);
+  uint8_t *secret_key = OPENSSL_malloc(key->kem->secret_key_len);
+
+  if (public_key == NULL || secret_key == NULL) {
+    OPENSSL_free(public_key);
+    OPENSSL_free(secret_key);
+    return 0;
+  }
+
+  size_t public_len = key->kem->public_key_len;
+  size_t secret_len = key->kem->secret_key_len;
+
+  // Generate keypair from seed using the KEM method
+  if (!key->kem->method->keygen_deterministic(public_key, &public_len,
+                                              secret_key, &secret_len,
+                                              CBS_data(seed))) {
+    OPENSSL_PUT_ERROR(EVP, ERR_R_INTERNAL_ERROR);
+    OPENSSL_free(public_key);
+    OPENSSL_free(secret_key);
+    return 0;
+  }
+
+  // Set public and secret key
+  key->public_key = public_key;
+  key->secret_key = secret_key;
+
+  return 1;
+}

crypto/fipsmodule/kem/kem.c

@@ -679,7 +679,11 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
     if (!BUF_MEM_grow(headerB, hl + i + 9)) {
       goto err;
     }
-    if (strncmp(buf, "-----END ", 9) == 0) {
+    // To resolve following error:
+    // /home/runner/work/aws-lc-rs/aws-lc-rs/aws-lc-sys/aws-lc/crypto/pem/pem_lib.c:707:11: error: 'strncmp' of strings of length 1 and 9 and bound of 9 evaluates to nonzero [-Werror=string-compare]
+    //       707 |       if (strncmp(buf, "-----END ", 9) == 0) {
+    //           |           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
+    if (CRYPTO_memcmp(buf, "-----END ", 9) == 0) {
       nohead = 1;
       break;
     }
@@ -709,7 +713,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
       if (i != 65) {
         end = 1;
       }
-      if (strncmp(buf, "-----END ", 9) == 0) {
+      if (CRYPTO_memcmp(buf, "-----END ", 9) == 0) {
         break;
       }
       if (i > 65) {
@@ -744,7 +748,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
     bl = hl;
   }
   i = strlen(nameB->data);
-  if ((strncmp(buf, "-----END ", 9) != 0) ||
+  if ((CRYPTO_memcmp(buf, "-----END ", 9) != 0) ||
       (strncmp(nameB->data, &(buf[9]), i) != 0) ||
       (strncmp(&(buf[9 + i]), "-----\n", 6) != 0)) {
     OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_END_LINE);

crypto/pem/pem_lib.c

@@ -10,6 +10,7 @@ add_executable(
     crl.cc
     dgst.cc
     ec.cc
+    pass_util.cc
     pkcs8.cc
     pkey.cc
     rehash.cc
@@ -90,6 +91,8 @@ if(BUILD_TESTING)
         dgst_test.cc
         ec.cc
         ec_test.cc
+        pass_util.cc
+        pass_util_test.cc
         pkcs8.cc
         pkcs8_test.cc
         pkey.cc