From 08ba3e45c5c2132c7a3a738c4c2ea868f6f24b72 Mon Sep 17 00:00:00 2001
From: Bas Westerbaan <bas@westerbaan.name>
Date: Thu, 15 Feb 2024 15:29:18 +0100
Subject: [PATCH 1/2] Add script to generate example keys (#33)

* Add script to generate example keys

* example: update deps

* example: don't wrap private key
---
 example/go.mod  | 10 +++++++
 example/go.sum  | 10 +++++++
 example/main.go | 75 +++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 95 insertions(+)
 create mode 100644 example/go.mod
 create mode 100644 example/go.sum
 create mode 100644 example/main.go

diff --git a/example/go.mod b/example/go.mod
new file mode 100644
index 0000000..c243729
--- /dev/null
+++ b/example/go.mod
@@ -0,0 +1,10 @@
+module github.com/lamps-wg/kyber-certificates/example
+
+go 1.20
+
+require github.com/cloudflare/circl v1.3.2
+
+require (
+	golang.org/x/crypto v0.7.0 // indirect
+	golang.org/x/sys v0.6.0 // indirect
+)
diff --git a/example/go.sum b/example/go.sum
new file mode 100644
index 0000000..9bfd31a
--- /dev/null
+++ b/example/go.sum
@@ -0,0 +1,10 @@
+github.com/cloudflare/circl v1.3.2 h1:VWp8dY3yH69fdM7lM6A1+NhhVoDu9vqK0jOgmkQHFWk=
+github.com/cloudflare/circl v1.3.2/go.mod h1:+CauBF6R70Jqcyl8N2hC8pAXYbWkGIezuSbuGLtRhnw=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab h1:2QkjZIsXupsJbJIdSjjUOgWK3aEtzyuh2mPt3l/CkeU=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
diff --git a/example/main.go b/example/main.go
new file mode 100644
index 0000000..169d994
--- /dev/null
+++ b/example/main.go
@@ -0,0 +1,75 @@
+package main
+
+import (
+	"crypto/x509/pkix"
+	"encoding/asn1"
+	"encoding/pem"
+	"log"
+	"os"
+
+	"github.com/cloudflare/circl/kem/schemes"
+)
+
+type subjectPublicKeyInfo struct {
+	Algorithm pkix.AlgorithmIdentifier
+	PublicKey asn1.BitString
+}
+
+type oneAsymmetricKey struct {
+	Version    int
+	Algorithm  pkix.AlgorithmIdentifier
+	PrivateKey []byte
+	Attributes []asn1.RawValue       `asn1:"tag:0,optional"`
+	PublicKey  *subjectPublicKeyInfo `asn1:"tag:1,optional"`
+}
+
+func main() {
+	scheme := schemes.ByName("Kyber768")
+	seed := make([]byte, scheme.SeedSize())
+	pk, sk := scheme.DeriveKeyPair(seed)
+
+	ppk, _ := pk.MarshalBinary()
+	psk, _ := sk.MarshalBinary()
+
+	apk := subjectPublicKeyInfo{
+		Algorithm: pkix.AlgorithmIdentifier{
+			Algorithm: asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 44363, 45, 1234, 1}, // TODO
+		},
+		PublicKey: asn1.BitString{
+			BitLength: len(ppk) * 8,
+			Bytes:     ppk,
+		},
+	}
+
+	ask := oneAsymmetricKey{
+		Version: 0,
+		Algorithm: pkix.AlgorithmIdentifier{
+			Algorithm: asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 44363, 45, 1234, 1}, // TODO
+		},
+		PrivateKey: psk,
+	}
+
+	papk, err := asn1.Marshal(apk)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	pask, err := asn1.Marshal(ask)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	if err = pem.Encode(os.Stdout, &pem.Block{
+		Type:  "KYBER768 PRIVATE KEY",
+		Bytes: pask,
+	}); err != nil {
+		log.Fatal(err)
+	}
+
+	if err = pem.Encode(os.Stdout, &pem.Block{
+		Type:  "KYBER768 PUBLIC KEY",
+		Bytes: papk,
+	}); err != nil {
+		log.Fatal(err)
+	}
+}

From 64d531ba1aebdbcf23f9051b192cf607c1005617 Mon Sep 17 00:00:00 2001
From: Sean Turner <sean@sn3rd.com>
Date: Thu, 15 Feb 2024 09:29:37 -0500
Subject: [PATCH 2/2] Fixing md (#35)

Putting "NOTE" back in the asides.
---
 draft-ietf-lamps-kyber-certificates.md | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/draft-ietf-lamps-kyber-certificates.md b/draft-ietf-lamps-kyber-certificates.md
index 52115a7..2062544 100644
--- a/draft-ietf-lamps-kyber-certificates.md
+++ b/draft-ietf-lamps-kyber-certificates.md
@@ -79,11 +79,11 @@ algorithm identifiers and ASN.1 encoding format for Kyber in public
 key certificates. The encoding for public and private keys are also
 provided.
 
-\ [EDNOTE:
+\[EDNOTE:
 This document is not expected to be finalized before the NIST PQC
 Project has standardized PQ algorithms. This specification will use
 object identifiers for the new algorithms that are assigned by NIST,
-and will use placeholders until these are released.
+and will use placeholders until these are released.]
 
 --- middle
 
@@ -136,7 +136,7 @@ is defined as follows:
 ~~~
 
 <aside markdown="block">
-: The above syntax is from {{!RFC5912}} and is compatible with the
+  NOTE: The above syntax is from {{!RFC5912}} and is compatible with the
   2021 ASN.1 syntax {{X680}}.
 </aside>
 
@@ -152,7 +152,7 @@ The fields in AlgorithmIdentifier have the following meanings:
 Kyber-1024. For all of these OIDs, the parameters MUST be absent.
 
 <aside markdown="block">
-: It is possible to find systems that require the parameters to be
+  NOTE: It is possible to find systems that require the parameters to be
   present. This can be due to either a defect in the original 1997
   syntax or a programming error where developers never got input where
   this was not true. The optimal solution is to fix these systems;
@@ -205,7 +205,7 @@ certificate extension MUST only contain keyEncipherment
 
 
 <aside markdown="block">
-: As noted in Section 3, the values for these object identifers
+  NOTE: As noted in Section 3, the values for these object identifers
   will be assigned by NIST.  Once assigned, they will be added to a future
   revision of this document.
 </aside>
@@ -224,7 +224,7 @@ SubjectPublicKeyInfo type, which has the following ASN.1 syntax:
 ~~~
 
 <aside markdown="block">
-: The above syntax is from {{RFC5912}} and is compatible with the
+  NOTE: The above syntax is from {{RFC5912}} and is compatible with the
   2021 ASN.1 syntax {{X680}}.
 </aside>
 
@@ -283,7 +283,7 @@ algorithm itself.
 ~~~
 
 <aside markdown="block">
-: The above syntax is from {{RFC5958}} and is compatible with the
+  NOTE: The above syntax is from {{RFC5958}} and is compatible with the
   2021 ASN.1 syntax {{X680}}.
 </aside>
 
@@ -318,7 +318,7 @@ prior example, the textual encoding defined in {{RFC7468}} is used:
 ~~~
 
 <aside markdown="block">
-: There exist some private key import functions that have not
+  NOTE: There exist some private key import functions that have not
   implemented the new ASN.1 structure OneAsymmetricKey that is defined in
   {{RFC5958}}. This means that they will not accept a private key
   structure that contains the public key field.  This means a balancing
@@ -335,8 +335,9 @@ TODO ASN.1 Module
 
 The Security Considerations section of {{RFC5280}} applies to this specification as well.
 
-\[EDNOTE: Discuss side-channels for Kyber TBD1.\]
-
+<aside markdown="block">
+  To Do: Discuss side-channels for Kyber TBD1.
+</aside>
 
 # IANA Considerations