Additional round of review

Author: DarkaMaul

src/rust/cryptography-key-parsing/src/pkcs8.rs

@@ -24,12 +24,24 @@ pub struct PrivateKeyInfo<'a> {
 
 // RFC 9881 Section 6.5
 #[cfg(CRYPTOGRAPHY_IS_AWSLC)]
-// NO-COVERAGE-START
 #[derive(asn1::Asn1Read, asn1::Asn1Write)]
-// NO-COVERAGE-END
-pub enum MlDsaPrivateKey<'a> {
+pub enum MlDsaPrivateKey {
     #[implicit(0)]
-    Seed(&'a [u8]),
+    Seed([u8; 32]),
+}
+
+/// Extract the 32-byte ML-DSA-65 seed from a private key.
+///
+/// AWS-LC's `raw_private_key()` returns the expanded key, not the seed.
+/// This function round-trips through the native PKCS#8 encoding to extract it.
+/// https://github.com/aws/aws-lc/issues/3072
+#[cfg(CRYPTOGRAPHY_IS_AWSLC)]
+pub fn mldsa_seed_from_pkey(
+    pkey: &openssl::pkey::PKeyRef<openssl::pkey::Private>,
+) -> Result<MlDsaPrivateKey, openssl::error::ErrorStack> {
+    let pkcs8_der = pkey.private_key_to_pkcs8()?;
+    let pki = asn1::parse_single::<PrivateKeyInfo<'_>>(&pkcs8_der).unwrap();
+    Ok(asn1::parse_single::<MlDsaPrivateKey>(pki.private_key).unwrap())
 }
 
 pub fn parse_private_key(
@@ -120,9 +132,8 @@ pub fn parse_private_key(
 
         #[cfg(CRYPTOGRAPHY_IS_AWSLC)]
         AlgorithmParameters::MlDsa65 => {
-            let MlDsaPrivateKey::Seed(seed) =
-                asn1::parse_single::<MlDsaPrivateKey<'_>>(k.private_key)?;
-            Ok(cryptography_openssl::mldsa::new_raw_private_key(seed)?)
+            let MlDsaPrivateKey::Seed(seed) = asn1::parse_single::<MlDsaPrivateKey>(k.private_key)?;
+            Ok(cryptography_openssl::mldsa::new_raw_private_key(&seed)?)
         }
 
         _ => Err(KeyParsingError::UnsupportedKeyType(
@@ -462,8 +473,7 @@ pub fn serialize_private_key(
         }
         #[cfg(CRYPTOGRAPHY_IS_AWSLC)]
         cryptography_openssl::mldsa::PKEY_ID => {
-            let seed = pkey.raw_private_key()?;
-            let private_key_der = asn1::write_single(&MlDsaPrivateKey::Seed(seed.as_slice()))?;
+            let private_key_der = asn1::write_single(&mldsa_seed_from_pkey(pkey)?)?;
             (AlgorithmParameters::MlDsa65, private_key_der)
         }
         _ => {

src/rust/src/backend/mldsa.rs

@@ -91,21 +91,9 @@ impl MlDsa65PrivateKey {
         &self,
         py: pyo3::Python<'p>,
     ) -> CryptographyResult<pyo3::Bound<'p, pyo3::types::PyBytes>> {
-        // AWS-LC's raw_private_key() returns the expanded key, not the seed.
-        // Round-trip through PKCS#8 DER to extract the 32-byte seed.
-        // Note: private_key_to_pkcs8() (i2d_PKCS8PrivateKey_bio) must be used
-        // instead of private_key_to_der() (i2d_PrivateKey), because AWS-LC's
-        // i2d_PrivateKey doesn't support PQDSA keys.
-        let pkcs8_der = self.pkey.private_key_to_pkcs8()?;
-        let pki =
-            asn1::parse_single::<cryptography_key_parsing::pkcs8::PrivateKeyInfo<'_>>(&pkcs8_der)
-                .unwrap();
         let cryptography_key_parsing::pkcs8::MlDsaPrivateKey::Seed(seed) =
-            asn1::parse_single::<cryptography_key_parsing::pkcs8::MlDsaPrivateKey<'_>>(
-                pki.private_key,
-            )
-            .unwrap();
-        Ok(pyo3::types::PyBytes::new(py, seed))
+            cryptography_key_parsing::pkcs8::mldsa_seed_from_pkey(&self.pkey)?;
+        Ok(pyo3::types::PyBytes::new(py, &seed))
     }
 
     fn private_bytes<'p>(

tests/hazmat/primitives/test_mldsa.py

@@ -160,6 +160,7 @@ def test_round_trip_private_serialization(
         serialized = key.private_bytes(encoding, fmt, encryption)
         loaded_key = load_func(serialized, passwd, backend)
         assert isinstance(loaded_key, MlDsa65PrivateKey)
+        assert loaded_key.private_bytes_raw() == key.private_bytes_raw()
         sig = loaded_key.sign(b"test data")
         key.public_key().verify(sig, b"test data")