/rust/registry/src/index.crates.io-1949cf8c6b5b557f/aws-lc-rs-1.12.4/src/pq.rs

Source
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 OR ISC
#![allow(unused)]

use crate::aws_lc::{
    d2i_PrivateKey, CBB_init, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_pqdsa_set_params,
    EVP_PKEY_get_raw_private_key, EVP_PKEY_get_raw_public_key, EVP_PKEY_new,
    EVP_PKEY_pqdsa_new_raw_private_key, EVP_PKEY_pqdsa_new_raw_public_key, EVP_marshal_private_key,
    EVP_marshal_public_key, EVP_parse_public_key, CBB, EVP_PKEY, EVP_PKEY_PQDSA,
};
use crate::cbb::LcCBB;
use crate::cbs::build_CBS;
use crate::digest;
use crate::digest::digest_ctx::DigestContext;
use crate::error::{KeyRejected, Unspecified};
use crate::evp_pkey::*;
use crate::fips::indicator_check;
use crate::ptr::LcPtr;
use crate::signature::MAX_LEN;
use std::os::raw::c_int;
use std::ptr::null_mut;

pub(crate) fn evp_key_pqdsa_generate(nid: c_int) -> Result<LcPtr<EVP_PKEY>, Unspecified> {
    let params_fn = |ctx| {
        if 1 == unsafe { EVP_PKEY_CTX_pqdsa_set_params(ctx, nid) } {
            Ok(())
        } else {
            Err(())
        }
    };
    LcPtr::<EVP_PKEY>::generate(EVP_PKEY_PQDSA, Some(params_fn))
}

#[cfg(test)]
mod tests {
    use crate::aws_lc::{
        EVP_PKEY_cmp, EVP_PKEY, EVP_PKEY_PQDSA, NID_MLDSA44, NID_MLDSA65, NID_MLDSA87,
    };
    use crate::digest;
    use crate::evp_pkey::*;
    use crate::hmac::sign;
    use crate::pkcs8::Version;
    use crate::pq::evp_key_pqdsa_generate;
    use crate::ptr::LcPtr;
    use std::ffi::c_int;

    #[test]
    fn test_keygen() {
        for nid in [NID_MLDSA44, NID_MLDSA65, NID_MLDSA87] {
            let key = evp_key_pqdsa_generate(nid).unwrap();
            println!("key size: {:?}", key.key_size_bytes());
            test_serialization_for(&key);
            test_signing_for(&key);
        }
    }

    fn test_serialization_for(evp_pkey: &LcPtr<EVP_PKEY>) {
        let public_buffer = evp_pkey.marshal_rfc5280_public_key().unwrap();
        println!("public marshall: {public_buffer:?}");
        let key_public =
            LcPtr::<EVP_PKEY>::parse_rfc5280_public_key(&public_buffer, EVP_PKEY_PQDSA).unwrap();

        let private_buffer = evp_pkey.marshal_rfc5208_private_key(Version::V1).unwrap();
        println!("private marshall: {private_buffer:?}");
        let key_private =
            LcPtr::<EVP_PKEY>::parse_rfc5208_private_key(&private_buffer, EVP_PKEY_PQDSA).unwrap();

        let raw_public_buffer = key_public.marshal_raw_public_key().unwrap();
        println!("raw public size: {}", raw_public_buffer.len());
        let key_public2 =
            LcPtr::<EVP_PKEY>::parse_raw_public_key(&raw_public_buffer, EVP_PKEY_PQDSA).unwrap();

        assert_eq!(1, unsafe {
            EVP_PKEY_cmp(*key_public.as_const(), *key_public2.as_const())
        });

        let raw_private_buffer = key_private.marshal_raw_private_key().unwrap();
        println!("raw private size: {}", raw_private_buffer.len());
        let key_private2 =
            LcPtr::<EVP_PKEY>::parse_raw_private_key(&raw_private_buffer, EVP_PKEY_PQDSA).unwrap();

        // TODO: Currently the public key is not populated
        // assert_eq!(1, unsafe {
        //     EVP_PKEY_cmp(*key_private.as_const(), *key_private2.as_const())
        // });
    }

    fn test_signing_for(evp_pkey: &LcPtr<EVP_PKEY>) {
        let message = b"hello world";
        let signature = evp_pkey
            .sign(message, None, No_EVP_PKEY_CTX_consumer)
            .unwrap();
        println!("signature size: {}", signature.len());
        assert_eq!(signature.len(), evp_pkey.signature_size_bytes());
        evp_pkey
            .verify(message, None, No_EVP_PKEY_CTX_consumer, &signature)
            .unwrap();
        println!("verified: {signature:?}");
    }
}

Coverage Report

Created: 2025-10-29 07:05

Line	Count	Source
1		// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2		// SPDX-License-Identifier: Apache-2.0 OR ISC
3		#![allow(unused)]
4
5		use crate::aws_lc::{
6		d2i_PrivateKey, CBB_init, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_pqdsa_set_params,
7		EVP_PKEY_get_raw_private_key, EVP_PKEY_get_raw_public_key, EVP_PKEY_new,
8		EVP_PKEY_pqdsa_new_raw_private_key, EVP_PKEY_pqdsa_new_raw_public_key, EVP_marshal_private_key,
9		EVP_marshal_public_key, EVP_parse_public_key, CBB, EVP_PKEY, EVP_PKEY_PQDSA,
10		};
11		use crate::cbb::LcCBB;
12		use crate::cbs::build_CBS;
13		use crate::digest;
14		use crate::digest::digest_ctx::DigestContext;
15		use crate::error::{KeyRejected, Unspecified};
16		use crate::evp_pkey::*;
17		use crate::fips::indicator_check;
18		use crate::ptr::LcPtr;
19		use crate::signature::MAX_LEN;
20		use std::os::raw::c_int;
21		use std::ptr::null_mut;
22
23	0	pub(crate) fn evp_key_pqdsa_generate(nid: c_int) -> Result<LcPtr<EVP_PKEY>, Unspecified> {
24	0	let params_fn = \|ctx\| {
25	0	if 1 == unsafe { EVP_PKEY_CTX_pqdsa_set_params(ctx, nid) } {
26	0	Ok(())
27		} else {
28	0	Err(())
29		}
30	0	};
31	0	LcPtr::<EVP_PKEY>::generate(EVP_PKEY_PQDSA, Some(params_fn))
32	0	}
33
34		#[cfg(test)]
35		mod tests {
36		use crate::aws_lc::{
37		EVP_PKEY_cmp, EVP_PKEY, EVP_PKEY_PQDSA, NID_MLDSA44, NID_MLDSA65, NID_MLDSA87,
38		};
39		use crate::digest;
40		use crate::evp_pkey::*;
41		use crate::hmac::sign;
42		use crate::pkcs8::Version;
43		use crate::pq::evp_key_pqdsa_generate;
44		use crate::ptr::LcPtr;
45		use std::ffi::c_int;
46
47		#[test]
48		fn test_keygen() {
49		for nid in [NID_MLDSA44, NID_MLDSA65, NID_MLDSA87] {
50		let key = evp_key_pqdsa_generate(nid).unwrap();
51		println!("key size: {:?}", key.key_size_bytes());
52		test_serialization_for(&key);
53		test_signing_for(&key);
54		}
55		}
56
57		fn test_serialization_for(evp_pkey: &LcPtr<EVP_PKEY>) {
58		let public_buffer = evp_pkey.marshal_rfc5280_public_key().unwrap();
59		println!("public marshall: {public_buffer:?}");
60		let key_public =
61		LcPtr::<EVP_PKEY>::parse_rfc5280_public_key(&public_buffer, EVP_PKEY_PQDSA).unwrap();
62
63		let private_buffer = evp_pkey.marshal_rfc5208_private_key(Version::V1).unwrap();
64		println!("private marshall: {private_buffer:?}");
65		let key_private =
66		LcPtr::<EVP_PKEY>::parse_rfc5208_private_key(&private_buffer, EVP_PKEY_PQDSA).unwrap();
67
68		let raw_public_buffer = key_public.marshal_raw_public_key().unwrap();
69		println!("raw public size: {}", raw_public_buffer.len());
70		let key_public2 =
71		LcPtr::<EVP_PKEY>::parse_raw_public_key(&raw_public_buffer, EVP_PKEY_PQDSA).unwrap();
72
73		assert_eq!(1, unsafe {
74		EVP_PKEY_cmp(key_public.as_const(), key_public2.as_const())
75		});
76
77		let raw_private_buffer = key_private.marshal_raw_private_key().unwrap();
78		println!("raw private size: {}", raw_private_buffer.len());
79		let key_private2 =
80		LcPtr::<EVP_PKEY>::parse_raw_private_key(&raw_private_buffer, EVP_PKEY_PQDSA).unwrap();
81
82		// TODO: Currently the public key is not populated
83		// assert_eq!(1, unsafe {
84		// EVP_PKEY_cmp(key_private.as_const(), key_private2.as_const())
85		// });
86		}
87
88		fn test_signing_for(evp_pkey: &LcPtr<EVP_PKEY>) {
89		let message = b"hello world";
90		let signature = evp_pkey
91		.sign(message, None, No_EVP_PKEY_CTX_consumer)
92		.unwrap();
93		println!("signature size: {}", signature.len());
94		assert_eq!(signature.len(), evp_pkey.signature_size_bytes());
95		evp_pkey
96		.verify(message, None, No_EVP_PKEY_CTX_consumer, &signature)
97		.unwrap();
98		println!("verified: {signature:?}");
99		}
100		}