aws · justsmth · Feb 5, 2025 · Feb 3, 2025 · Feb 3, 2025 · Feb 3, 2025
@@ -302,21 +302,32 @@ EVP_PKEY *EVP_PKEY_pqdsa_new_raw_private_key(int nid, const uint8_t *in, size_t
 
   EVP_PKEY *ret = EVP_PKEY_pqdsa_new(nid);
   if (ret == NULL || ret->pkey.pqdsa_key == NULL) {
-    // EVP_PKEY_kem_new sets the appropriate error.
+    // EVP_PKEY_pqdsa_new sets the appropriate error.
     goto err;
   }
 
-  const PQDSA *pqdsa =  PQDSA_KEY_get0_dsa(ret->pkey.pqdsa_key);
-  if (pqdsa->private_key_len != len) {
+  // Get PQDSA instance and validate lengths
+  const PQDSA *pqdsa = PQDSA_KEY_get0_dsa(ret->pkey.pqdsa_key);
+  if (len != pqdsa->private_key_len && len != pqdsa->keygen_seed_len) {
     OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
     goto err;
   }
 
   CBS cbs;
   CBS_init(&cbs, in, len);
-  if (!PQDSA_KEY_set_raw_private_key(ret->pkey.pqdsa_key, &cbs)) {
-    // PQDSA_KEY_set_raw_private_key sets the appropriate error.
-    goto err;
+
+  // Set key based on input length
+  if (len == pqdsa->private_key_len) {
+    if (!PQDSA_KEY_set_raw_private_key(ret->pkey.pqdsa_key, &cbs)) {
+      // PQDSA_KEY_set_raw_private_key sets the appropriate error.
+      goto err;
+    }
+  }
+  else if (len == pqdsa->keygen_seed_len) {
+    if (!PQDSA_KEY_set_raw_keypair_from_seed(ret->pkey.pqdsa_key, &cbs)) {
+      // PQDSA_KEY_set_raw_keypair_from_seed sets the appropriate error.
+      goto err;
+    }
   }
 
   return ret;

@@ -153,31 +153,49 @@ static int pqdsa_priv_decode(EVP_PKEY *out, CBS *params, CBS *key, CBS *pubkey)
     return 0;
   }
 
-  // Set the private key
-  if (!PQDSA_KEY_set_raw_private_key(out->pkey.pqdsa_key, key)) {
-    OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+  // check the size of the provided input against the private key and seed len
+  if (CBS_len(key) != out->pkey.pqdsa_key->pqdsa->private_key_len &&
+      CBS_len(key) != out->pkey.pqdsa_key->pqdsa->keygen_seed_len) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
     return 0;
   }
 
-  // Create buffers to store public key based on size
-  size_t pk_len = out->pkey.pqdsa_key->pqdsa->public_key_len;
-  uint8_t *public_key = OPENSSL_malloc(pk_len);
-
-  if (public_key == NULL) {
-    OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
-    return 0;
+  // See https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium-certificates/
+  // The caller can either provide the full key of size |private_key_len| or
+  // |keygen_seed_len|.
+  if (CBS_len(key) == out->pkey.pqdsa_key->pqdsa->private_key_len) {
+
+    // Set the private key
+    if (!PQDSA_KEY_set_raw_private_key(out->pkey.pqdsa_key, key)) {
+      OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+      return 0;
+    }
+
+    // Create buffers to store public key based on size
+    size_t pk_len = out->pkey.pqdsa_key->pqdsa->public_key_len;
+    uint8_t *public_key = OPENSSL_malloc(pk_len);
+
+    if (public_key == NULL) {
+      OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
+      return 0;
+    }
+
+    // Construct the public key from the private key
+    if (!out->pkey.pqdsa_key->pqdsa->method->pqdsa_pack_pk_from_sk(
+        public_key, CBS_data(key))) {
+      OPENSSL_free(public_key);
+      OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+      return 0;
+    }
+
+    out->pkey.pqdsa_key->public_key = public_key;
   }
-
-  // Construct the public key from the private key
-  if (!out->pkey.pqdsa_key->pqdsa->method->pqdsa_pack_pk_from_sk(
-          public_key, CBS_data(key))) {
-    OPENSSL_free(public_key);
-    OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
-    return 0;
+  else if (CBS_len(key) == out->pkey.pqdsa_key->pqdsa->keygen_seed_len) {
+    if (!PQDSA_KEY_set_raw_keypair_from_seed(out->pkey.pqdsa_key, key)) {
+      OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+      return 0;
+    }
   }
-
-  out->pkey.pqdsa_key->public_key = public_key;
-
   return 1;
 }