Merge branch 'main' into sha3_absorb_squeeze

aws · Feb 4, 2025 · 0973fc2 · 0973fc2
2 parents 9c559df + cc9c9f0
commit 0973fc2
Show file tree

Hide file tree

Showing 11 changed files with 142 additions and 40 deletions.
diff --git a/crypto/evp_extra/p_pqdsa.c b/crypto/evp_extra/p_pqdsa.c
@@ -280,13 +280,9 @@ EVP_PKEY *EVP_PKEY_pqdsa_new_raw_public_key(int nid, const uint8_t *in, size_t l
     goto err;
   }
 
-  const PQDSA *pqdsa =  PQDSA_KEY_get0_dsa(ret->pkey.pqdsa_key);
-  if (pqdsa->public_key_len != len) {
-    OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
-    goto err;
-  }
-
-  if (!PQDSA_KEY_set_raw_public_key(ret->pkey.pqdsa_key, in)) {
+  CBS cbs;
+  CBS_init(&cbs, in, len);
+  if (!PQDSA_KEY_set_raw_public_key(ret->pkey.pqdsa_key, &cbs)) {
     // PQDSA_KEY_set_raw_public_key sets the appropriate error.
     goto err;
   }
@@ -316,7 +312,9 @@ EVP_PKEY *EVP_PKEY_pqdsa_new_raw_private_key(int nid, const uint8_t *in, size_t
     goto err;
   }
 
-  if (!PQDSA_KEY_set_raw_private_key(ret->pkey.pqdsa_key, in)) {
+  CBS cbs;
+  CBS_init(&cbs, in, len);
+  if (!PQDSA_KEY_set_raw_private_key(ret->pkey.pqdsa_key, &cbs)) {
     // PQDSA_KEY_set_raw_private_key sets the appropriate error.
     goto err;
   }

diff --git a/crypto/evp_extra/p_pqdsa_asn1.c b/crypto/evp_extra/p_pqdsa_asn1.c
@@ -89,18 +89,19 @@ static int pqdsa_get_pub_raw(const EVP_PKEY *pkey, uint8_t *out,
 }
 
 static int pqdsa_pub_decode(EVP_PKEY *out, CBS *params, CBS *key) {
-  // See https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium-certificates/ section 4.
-  // the only parameter that can be included is the OID which has length 9
+  // See https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium-certificates/
+  // section 4. the only parameter that can be included is the OID which has
+  // length 9
   if (CBS_len(params) != 9) {
     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
     return 0;
   }
-  // set the pqdsa params on the fresh pkey
+  // Set the pqdsa params on |out|.
   if (!EVP_PKEY_pqdsa_set_params(out, OBJ_cbs2nid(params))) {
     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
     return 0;
   }
-  return PQDSA_KEY_set_raw_public_key(out->pkey.pqdsa_key,CBS_data(key));
+  return PQDSA_KEY_set_raw_public_key(out->pkey.pqdsa_key, key);
 }
 
 static int pqdsa_pub_encode(CBB *out, const EVP_PKEY *pkey) {
@@ -138,21 +139,22 @@ static int pqdsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
 }
 
 static int pqdsa_priv_decode(EVP_PKEY *out, CBS *params, CBS *key, CBS *pubkey) {
-  // See https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium-certificates/ section 6.
-  // the only parameter that can be included is the OID which has length 9
-  if (CBS_len(params) != 9 ) {
+  // See https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium-certificates/
+  // section 6. the only parameter that can be included is the OID which has
+  // length 9.
+  if (CBS_len(params) != 9) {
     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
     return 0;
   }
 
-  // Set the pqdsa params on the fresh pkey
+  // Set the pqdsa params on |out|.
   if (!EVP_PKEY_pqdsa_set_params(out, OBJ_cbs2nid(params))) {
     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
     return 0;
   }
 
   // Set the private key
-  if (!PQDSA_KEY_set_raw_private_key(out->pkey.pqdsa_key, CBS_data(key))) {
+  if (!PQDSA_KEY_set_raw_private_key(out->pkey.pqdsa_key, key)) {
     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
     return 0;
   }
@@ -167,7 +169,8 @@ static int pqdsa_priv_decode(EVP_PKEY *out, CBS *params, CBS *key, CBS *pubkey)
   }
 
   // Construct the public key from the private key
-  if (!out->pkey.pqdsa_key->pqdsa->method->pqdsa_pack_pk_from_sk(public_key, CBS_data(key))) {
+  if (!out->pkey.pqdsa_key->pqdsa->method->pqdsa_pack_pk_from_sk(
+          public_key, CBS_data(key))) {
     OPENSSL_free(public_key);
     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
     return 0;

diff --git a/crypto/evp_extra/p_pqdsa_test.cc b/crypto/evp_extra/p_pqdsa_test.cc
@@ -1854,3 +1854,27 @@ TEST_P(PerMLDSATest, ACVPSigVer) {
     }
   });
 }
+
+static const uint8_t mldsa87kPublicKeyInvalidLength[] = {
+    0x30, 0x11, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
+    0x65, 0x03, 0x04, 0x03, 0x13, 0x03, 0x02, 0x00, 0xe4};
+
+TEST(PQDSAParameterTest, ParsePublicKeyInvalidLength) {
+  CBS cbs;
+  CBS_init(&cbs, mldsa87kPublicKeyInvalidLength,
+           sizeof(mldsa87kPublicKeyInvalidLength));
+  bssl::UniquePtr<EVP_PKEY> pub_pkey_from_der(EVP_parse_public_key(&cbs));
+  ASSERT_FALSE(pub_pkey_from_der.get());
+}
+
+static const uint8_t mldsa44kPrivateKeyInvalidLength[] = {
+    0x30, 0x16, 0x02, 0x01, 0x00, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48,
+    0x01, 0x65, 0x03, 0x04, 0x03, 0x11, 0x04, 0x04, 0x82, 0x45, 0x52, 0xd8};
+
+TEST(PQDSAParameterTest, ParsePrivateKeyInvalidLength) {
+  CBS cbs;
+  CBS_init(&cbs, mldsa44kPrivateKeyInvalidLength,
+           sizeof(mldsa44kPrivateKeyInvalidLength));
+  bssl::UniquePtr<EVP_PKEY> private_pkey_from_der(EVP_parse_private_key(&cbs));
+  ASSERT_FALSE(private_pkey_from_der.get());
+}
diff --git a/crypto/fipsmodule/service_indicator/service_indicator_test.cc b/crypto/fipsmodule/service_indicator/service_indicator_test.cc
@@ -5296,7 +5296,7 @@ TEST(ServiceIndicatorTest, ED25519SigGenVerify) {
 // Since this is running in FIPS mode it should end in FIPS
 // Update this when the AWS-LC version number is modified
 TEST(ServiceIndicatorTest, AWSLCVersionString) {
-  ASSERT_STREQ(awslc_version_string(), "AWS-LC FIPS 1.43.0");
+  ASSERT_STREQ(awslc_version_string(), "AWS-LC FIPS 1.44.0");
 }
 
 #else
@@ -5339,6 +5339,6 @@ TEST(ServiceIndicatorTest, BasicTest) {
 // Since this is not running in FIPS mode it shouldn't end in FIPS
 // Update this when the AWS-LC version number is modified
 TEST(ServiceIndicatorTest, AWSLCVersionString) {
-  ASSERT_STREQ(awslc_version_string(), "AWS-LC 1.43.0");
+  ASSERT_STREQ(awslc_version_string(), "AWS-LC 1.44.0");
 }
 #endif // AWSLC_FIPS
diff --git a/crypto/pqdsa/internal.h b/crypto/pqdsa/internal.h
@@ -76,8 +76,8 @@ PQDSA_KEY *PQDSA_KEY_new(void);
 void PQDSA_KEY_free(PQDSA_KEY *key);
 int EVP_PKEY_pqdsa_set_params(EVP_PKEY *pkey, int nid);
 
-int PQDSA_KEY_set_raw_public_key(PQDSA_KEY *key, const uint8_t *in);
-int PQDSA_KEY_set_raw_private_key(PQDSA_KEY *key, const uint8_t *in);
+int PQDSA_KEY_set_raw_public_key(PQDSA_KEY *key, CBS *in);
+int PQDSA_KEY_set_raw_private_key(PQDSA_KEY *key, CBS *in);
 #if defined(__cplusplus)
 }  // extern C
 #endif

diff --git a/crypto/pqdsa/pqdsa.c b/crypto/pqdsa/pqdsa.c
@@ -66,17 +66,29 @@ const PQDSA *PQDSA_KEY_get0_dsa(PQDSA_KEY* key) {
   return key->pqdsa;
 }
 
-int PQDSA_KEY_set_raw_public_key(PQDSA_KEY *key, const uint8_t *in) {
-  key->public_key = OPENSSL_memdup(in, key->pqdsa->public_key_len);
+int PQDSA_KEY_set_raw_public_key(PQDSA_KEY *key, CBS *in) {
+  // Check if the parsed length corresponds with the expected length.
+  if (CBS_len(in) != key->pqdsa->public_key_len) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
+    return 0;
+  }
+
+  key->public_key = OPENSSL_memdup(CBS_data(in), key->pqdsa->public_key_len);
   if (key->public_key == NULL) {
     return 0;
   }
 
   return 1;
 }
 
-int PQDSA_KEY_set_raw_private_key(PQDSA_KEY *key, const uint8_t *in) {
-  key->private_key = OPENSSL_memdup(in, key->pqdsa->private_key_len);
+int PQDSA_KEY_set_raw_private_key(PQDSA_KEY *key, CBS *in) {
+  // Check if the parsed length corresponds with the expected length.
+  if (CBS_len(in) != key->pqdsa->private_key_len) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
+    return 0;
+  }
+
+  key->private_key = OPENSSL_memdup(CBS_data(in), key->pqdsa->private_key_len);
   if (key->private_key == NULL) {
     return 0;
   }

diff --git a/include/openssl/base.h b/include/openssl/base.h
@@ -122,7 +122,7 @@ extern "C" {
 // ServiceIndicatorTest.AWSLCVersionString
 // Note: there are two versions of this test. Only one test is compiled
 // depending on FIPS mode.
-#define AWSLC_VERSION_NUMBER_STRING "1.43.0"
+#define AWSLC_VERSION_NUMBER_STRING "1.44.0"
 
 #if defined(BORINGSSL_SHARED_LIBRARY)
 

diff --git a/tests/ci/cdk/cdk/codebuild/github_ci_integration_omnibus.yaml b/tests/ci/cdk/cdk/codebuild/github_ci_integration_omnibus.yaml
@@ -250,3 +250,13 @@ batch:
         image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-22.04_gcc-12x_latest
         variables:
           AWS_LC_CI_TARGET: "tests/ci/integration/run_ntp_integration.sh"
+
+    - identifier: pq_tls_integration_x86_64
+      buildspec: tests/ci/codebuild/common/run_simple_target.yml
+      env:
+        type: LINUX_CONTAINER
+        privileged-mode: false
+        compute-type: BUILD_GENERAL1_SMALL
+        image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-22.04_gcc-12x_latest
+        variables:
+          AWS_LC_CI_TARGET: "tests/ci/integration/run_pq_tls_integration.sh"
diff --git a/tests/ci/cdk/cdk/ecr_stack.py b/tests/ci/cdk/cdk/ecr_stack.py
@@ -11,5 +11,6 @@ class EcrStack(Stack):
     def __init__(self, scope: Construct, id: str, repo_name: str, **kwargs) -> None:
         super().__init__(scope, id, **kwargs)
 
-        ecr.Repository(scope=self, id=id, repository_name=repo_name).grant_pull_push(
-            iam.ServicePrincipal("codebuild.amazonaws.com"))
+        repo = ecr.Repository(scope=self, id=id, repository_name=repo_name)
+        repo.grant_pull_push(iam.ServicePrincipal("codebuild.amazonaws.com"))
+        repo.grant_pull(iam.ArnPrincipal("arn:aws:iam::222961743098:role/scrutini-ecr"))
diff --git a/tests/ci/cdk/util/iam_policies.py b/tests/ci/cdk/util/iam_policies.py
@@ -207,17 +207,6 @@ def ecr_power_user_policy_in_json(ecr_repo_names):
                     "ecr:PutImage"
                 ],
                 "Resource": ecr_arns
-            },
-            {
-                "Sid": "scrutinice",
-                "Effect": "Allow",
-                "Principal": {
-                    "AWS": "arn:aws:iam::222961743098:role/scrutini-ecr"
-                },
-                "Action": [
-                    "ecr:BatchGetImage",
-                    "ecr:GetDownloadUrlForLayer"
-                ]
             }
         ]
     }

diff --git a/tests/ci/integration/run_pq_tls_integration.sh b/tests/ci/integration/run_pq_tls_integration.sh
@@ -0,0 +1,65 @@
+#!/usr/bin/env bash
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0 OR ISC
+set -ex
+
+source tests/ci/common_posix_setup.sh
+
+SCRATCH_FOLDER=${SYS_ROOT}/"pq-tls-scratch"
+
+AWS_LC_BUILD_FOLDER="${SCRATCH_FOLDER}/aws-lc-build"
+AWS_LC_INSTALL_FOLDER="${SCRATCH_FOLDER}/aws-lc-install"
+
+S2N_URL='https://github.com/aws/s2n-tls.git'
+S2N_BRANCH='main'
+S2N_TLS_SRC_FOLDER="${SCRATCH_FOLDER}/s2n-tls"
+S2N_TLS_BUILD_FOLDER="${SCRATCH_FOLDER}/s2n-tls-build"
+
+rm -rf "${SCRATCH_FOLDER:?}"
+mkdir -p "$SCRATCH_FOLDER"
+
+echo "build and install aws-lc"
+aws_lc_build "$SRC_ROOT" "$AWS_LC_BUILD_FOLDER" "$AWS_LC_INSTALL_FOLDER" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_TESTING=OFF
+
+echo "clone s2n_tls"
+git clone --depth 1 --branch "$S2N_BRANCH" "$S2N_URL" "$S2N_TLS_SRC_FOLDER"
+
+echo "build s2n_tls with aws-lc"
+cd "$S2N_TLS_SRC_FOLDER"
+cmake . "-B$S2N_TLS_BUILD_FOLDER" -GNinja \
+  -DCMAKE_BUILD_TYPE=Release \
+  -DCMAKE_PREFIX_PATH="$AWS_LC_INSTALL_FOLDER"
+ninja -C "$S2N_TLS_BUILD_FOLDER" -j "$NUM_CPU_THREADS"
+
+for GROUP in X25519MLKEM768 SecP256r1MLKEM768; do
+  echo "TLS Handshake: aws-lc server (bssl) with s2n-tls client (s2nc) for group $GROUP"
+  "$AWS_LC_BUILD_FOLDER"/tool/bssl s_server -curves $GROUP -accept 45000 -debug \
+    &> "$AWS_LC_BUILD_FOLDER"/s_server_out &
+  sleep 2 # to allow for the server to startup in the background thread
+  S_PID=$!
+  # Relying on s2nc behavior that it exits after the first handshake
+  "$S2N_TLS_BUILD_FOLDER"/bin/s2nc -c default_pq -i localhost 45000 &> "$S2N_TLS_BUILD_FOLDER"/s2nc_out
+  wait $S_PID || true
+  cat "$AWS_LC_BUILD_FOLDER"/s_server_out
+  cat "$S2N_TLS_BUILD_FOLDER"/s2nc_out
+  grep "libcrypto" "$S2N_TLS_BUILD_FOLDER"/s2nc_out | grep "AWS-LC"
+  grep "CONNECTED" "$S2N_TLS_BUILD_FOLDER"/s2nc_out
+  grep "KEM Group" "$S2N_TLS_BUILD_FOLDER"/s2nc_out | grep "$GROUP"
+
+  echo "TLS Handshake: s2n-tls server (s2nd) with aws-lc client (bssl) for group $GROUP"
+  "$S2N_TLS_BUILD_FOLDER"/bin/s2nd -c default_pq -i localhost 45000 &> "$S2N_TLS_BUILD_FOLDER"/s2nd_out &
+  sleep 2 # to allow for the server to startup in the background thread
+  S_PID=$!
+  # bssl s_client normally does not exit after a handshake, but when run as a background process
+  # seems to exit by closing the connection after the first handshake. Relying on that behavior here.
+  "$AWS_LC_BUILD_FOLDER"/tool/bssl s_client -curves $GROUP -connect localhost:45000 -debug \
+    &> "$AWS_LC_BUILD_FOLDER"/s_client_out &
+  wait $S_PID || true
+  cat "$S2N_TLS_BUILD_FOLDER"/s2nd_out
+  cat "$AWS_LC_BUILD_FOLDER"/s_client_out
+  grep "libcrypto" "$S2N_TLS_BUILD_FOLDER"/s2nd_out | grep "AWS-LC"
+  grep "CONNECTED" "$S2N_TLS_BUILD_FOLDER"/s2nd_out
+  grep "KEM Group" "$S2N_TLS_BUILD_FOLDER"/s2nd_out | grep "$GROUP"
+done
+
+rm -rf "${SCRATCH_FOLDER:?}"