OpenSSL OQS unable to open mlddsa44 key from pkcs12 that is created with IAIK-PQ (Post-Quantum) library

[stauro79]

Describe the bug we are using a IAIK java library to create mldsa44 key and certificate and store into a PKCS#12 in java.
Trying to open the pkcs12 in openssl oqs failed. Recompiled the oqs provider with -DNOPUBKEY_IN_PRIVKEY=ON and it didn't work aswell.

Attached is pkcs#12 created in java code.

pqckeycert2.zip

+

To Reproduce Steps to reproduce the behavior: Opening the pkcs12 with oqs provider fails with below error. `$openssl pkcs12 -in ./pqckeycert2.p12 -passin pass:123456 Bag Attributes friendlyName: acme.com localKeyID: 2D 32 35 39 32 32 34 35 35 37 Error outputting keys and certificates 00A4EEA3CA7F0000:error:1E08010C:DECODER routines:OSSL_DECODER_from_bio:unsupported:crypto/encode_decode/decoder_lib.c:102:No supported data to decode. Input type: DER, Input structure: PrivateKeyInfo 00A4EEA3CA7F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:crypto/evp/p_lib.c:1566: 00A4EEA3CA7F0000:error:03000076:digital envelope routines:evp_pkcs82pkey_legacy:unsupported private key algorithm:crypto/evp/evp_pkey.c:42:TYPE=mldsa44

Recompiled OQS Provider with -DNOPUBKEY_IN_PRIVKEY=ON, fails with the same error. $openssl pkcs12 -in ~/pqckeycert2.p12 -passin pass:123456 Bag Attributes friendlyName: acme.com localKeyID: 2D 32 35 39 32 32 34 35 35 37 Error outputting keys and certificates 00D41F85407F0000:error:1E08010C:DECODER routines:OSSL_DECODER_from_bio:unsupported:crypto/encode_decode/decoder_lib.c:102:No supported data to decode. Input type: DER, Input structure: PrivateKeyInfo 00D41F85407F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:crypto/evp/p_lib.c:1565: 00D41F85407F0000:error:03000076:digital envelope routines:evp_pkcs82pkey_legacy:unsupported private key algorithm:crypto/evp/evp_pkey.c:42:TYPE=mldsa44 `

Expected behavior openssl oqs should open p12 created in third-party IAIK library.

Environment (please complete the following information): Redhat 8

Please run the following commands to obtain the version information: master branch of openssel and oqsprovider

[baentsch]

That's not surprising as ML-DSA44 (final) is not yet integrated into OQS: If you want to check quickly, you may want to try with the corresponding "feature" branches bhe-fips204-final (liboqs) and bhe-fips204-final-tracker (oqsprovider). Otherwise, please wait for the next releases.

[danvangeest]

That PKCS#12 key uses OID 1.3.6.1.4.1.2.267.12.4.4, which is not the ML-DSA OID, it's the old OID used for the IPD version for testing purposes.

The IAIK library needs to be updated to the correct OID (and if it hasn't been already, the encoding from https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium-certificates/ - still under development).

[stauro79]

The failure happens in oqsprov/oqsprov_keys.c, while calling d2i_ASN1_OCTET_STRING() function which return NULL.

The privatekey that came from the PKCS#12 has size 2560, which is passed to d2i_ASN1_OCTET_STRING(). d2i_ASN1_OCTET_STRING expects ASN.1 octet encoded string and fails because input is not a ASN.1 octet string but a raw private key bytes.

1212 OQSX_KEY oqsx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO p8inf, 1213 OSSL_LIB_CTX libctx, const char propq) { 1214 OQSX_KEY oqsx = NULL; 1215 const unsigned char p; 1216 int plen; 1217 ASN1_OCTET_STRING oct = NULL; 1218 const X509_ALGOR palg; 1219 STACK_OF(ASN1_TYPE) sk = NULL; 1220 ASN1_TYPE aType = NULL; 1221 unsigned char concat_key; 1222 const unsigned char buf; 1223 int count, aux, i, buflen, key_diff = 0; 1224 1225 if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8inf)) 1226 return 0; 1227 1228 if (get_keytype(OBJ_obj2nid(palg->algorithm)) != KEY_TYPE_CMP_SIG) { 1229 oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen);