Open
Conversation
alex
reviewed
Mar 13, 2026
reaperhulk
reviewed
Mar 13, 2026
| encrypted with ``pbeWithSHA1And128BitRC4``. The password is ``password``. | ||
| * ``asymmetric/PKCS8/enc-rsa-pkcs8-pbkdf2-0iter.pem`` a PKCS8 encoded | ||
| structure with an invalid PBKDF2 iteration count (zero). | ||
| * ``asymmetric/MLDSA/mldsa44_pub.der`` and ``asymmetric/MLDSA/mldsa44_priv.der`` |
Member
There was a problem hiding this comment.
mldsa44_priv.der appears to contain both seed and pub/priv so this is the OpenSSL "kitchen sink" format I think?
Contributor
There was a problem hiding this comment.
when I decode it I see this, which only contains the seed?
The OCTET STRING has tag 0, which should mean that it's the seed variant from the ML-DSA-44-PrivateKey CHOICE:
ML-DSA-44-PrivateKey ::= CHOICE {
seed [0] OCTET STRING (SIZE (32)),
expandedKey OCTET STRING (SIZE (2560)),
both SEQUENCE {
seed OCTET STRING (SIZE (32)),
expandedKey OCTET STRING (SIZE (2560))
}
}
| structure with an invalid PBKDF2 iteration count (zero). | ||
| * ``asymmetric/MLDSA/mldsa44_pub.der`` and ``asymmetric/MLDSA/mldsa44_priv.der`` | ||
| a PKCS8 encoded key pair for ML-DSA-44 generated by OpenSSL. | ||
| * ``asymmetric/MLDSA/mldsa65_noseed_priv.der`` a PKCS8 encoded ML-DSA-65 private |
Member
There was a problem hiding this comment.
This appears to have serialized nothing:
SEQUENCE {
INTEGER { 0 }
SEQUENCE {
# ml-dsa-65
OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.18 }
}
OCTET_STRING {
SEQUENCE {}
}
}
Contributor
There was a problem hiding this comment.
I think that's intended, it's for a test for an invalid key:
def generate_mldsa65_noseed(output_dir: str) -> None:
# ML-DSA-65 OID: 2.16.840.1.101.3.4.3.18
# Generate an ML-DSA-65 PKCS#8 key whose inner privateKey is an
# empty SEQUENCE (0x30 0x00) — i.e. the "both" SEQUENCE form with
# no seed present. This exercises the InvalidKey error path in the
# Rust parser when seed is None.(from the script used to generate it)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
For testing certain codepaths for unsupported key sizes and key serialization, we need some extra vectors.
Extracted from #14404 per @alex's comment.