From fe866468143c6117037f663b59795d43ffb022ff Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 26 Sep 2019 16:23:18 +0200 Subject: [PATCH 01/33] add OpenSSH Private Key decryption demo Signed-off-by: Steffen Jaeckel --- .gitignore | 2 + demos/openssh-privkey.c | 272 ++++++++++++++++++++++++++++++++++++++++ makefile_include.mk | 9 +- 3 files changed, 279 insertions(+), 4 deletions(-) create mode 100644 demos/openssh-privkey.c diff --git a/.gitignore b/.gitignore index bd45adc96..217b03fdf 100644 --- a/.gitignore +++ b/.gitignore @@ -34,6 +34,8 @@ multi multi.exe openssl-enc openssl-enc.exe +openssh-privkey +openssh-privkey.exe sizes sizes.exe small diff --git a/demos/openssh-privkey.c b/demos/openssh-privkey.c new file mode 100644 index 000000000..b941ff3bf --- /dev/null +++ b/demos/openssh-privkey.c @@ -0,0 +1,272 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ + +/** + @file openssh-privkey.c + OpenSSH Private Key decryption demo, Steffen Jaeckel +*/ + +#include +#include +#include + +static int verbose = 1; + +static void print_hex(const char* what, const void* v, const unsigned long l) +{ + const unsigned char* p = v; + unsigned long x, y = 0, z; + + if (!verbose) return; + + fprintf(stderr, "%s contents: \n", what); + for (x = 0; x < l; ) { + fprintf(stderr, "%02X ", p[x]); + if (!(++x % 16) || x == l) { + if((x % 16) != 0) { + z = 16 - (x % 16); + if(z >= 8) + fprintf(stderr, " "); + for (; z != 0; --z) { + fprintf(stderr, " "); + } + } + fprintf(stderr, " | "); + for(; y < x; y++) { + if((y % 8) == 0) + fprintf(stderr, " "); + if(isgraph(p[y])) + fprintf(stderr, "%c", p[y]); + else + fprintf(stderr, "."); + } + fprintf(stderr, "\n"); + } + else if((x % 8) == 0) { + fprintf(stderr, " "); + } + } +} + +static void print_err(const char *fmt, ...) +{ + va_list args; + + if (!verbose) return; + + va_start(args, fmt); + vfprintf(stderr, fmt, args); +} + +static void die_(int err, int line) +{ + print_err("%3d: LTC sez %s\n", line, error_to_string(err)); + exit(EXIT_FAILURE); +} + +#define die(i) do { die_(i, __LINE__); } while(0) +#define DIE(s) do { print_err("%3d: " s "\n", __LINE__); exit(EXIT_FAILURE); } while(0) + + +enum blockcipher_mode { + none, cbc, ctr, stream, gcm +}; +struct ssh_blockcipher { + const char *name; + const char *cipher; + int len; + enum blockcipher_mode mode; +}; + +/* Table as of + * https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-17 + */ +const struct ssh_blockcipher ssh_ciphers[] = +{ + { "aes256-cbc", "aes", 256 / 8, cbc }, + { 0 }, +}; + + +struct ssh_decode_ctx { + unsigned char *orig; + size_t len, rd; + void *cur; +}; + +ulong32 read_length_and_advance(int is_length, struct ssh_decode_ctx *ctx) { + ulong32 r; + ctx->cur = &ctx->orig[ctx->rd]; + + LOAD32H(r, ctx->cur); + print_err("%u\n", r); + if (is_length && ctx->rd + r > ctx->len) DIE("too long"); + ctx->rd += 4; + + ctx->cur = &ctx->orig[ctx->rd]; + if (is_length) print_hex("next", ctx->cur, r); + return r; +} + +/* The basic format of the key is described here: + * https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key + */ + +int main(int argc, char **argv) +{ + if (argc < 2) return EXIT_FAILURE; + + int err; + if ((err = register_all_ciphers()) != CRYPT_OK) { + die(err); + } + if ((err = register_all_hashes()) != CRYPT_OK) { + die(err); + } + + char pem[100 * 72]; + size_t w = 0; + const char *b64_start = "-----BEGIN OPENSSH PRIVATE KEY-----"; + const char *b64_end = "-----END OPENSSH PRIVATE KEY-----"; + char buf[72]; + FILE *f = fopen(argv[1], "r"); + if (f == NULL) DIE("fopen sez no"); + while (fgets(buf, sizeof(buf), f)) { + const char *start = strstr(buf, b64_start); + if (start == buf) break; + } + while (fgets(buf, sizeof(buf), f)) { + char *end = strstr(buf, b64_end); + if (end != NULL) { + if (end == buf) break; + *end = '\0'; + } + size_t l = strlcpy(pem + w, buf, sizeof(pem) - w); + if (l == 0) { + DIE("strlcpy sez no"); + } + w += l; + } + + unsigned char b64_decoded[sizeof(pem)]; + unsigned long b64_decoded_len = sizeof(pem); + if ((err = base64_sane_decode(pem, w, b64_decoded, &b64_decoded_len)) != CRYPT_OK) { + die(err); + } + print_hex("decoded", b64_decoded, b64_decoded_len); + + void *magic = strstr((const char*)b64_decoded, "openssh-key-v1"); + if (magic == NULL) DIE("magic not found"); + if (magic != b64_decoded) DIE("magic not at the beginning"); + struct ssh_decode_ctx dec_ctx; + dec_ctx.orig = b64_decoded; + dec_ctx.len = b64_decoded_len; + dec_ctx.rd = strlen("openssh-key-v1") + 1; + + ulong32 l = read_length_and_advance(1, &dec_ctx); + + const struct ssh_blockcipher *c = NULL; + for (size_t i = 0; i < sizeof(ssh_ciphers)/sizeof(ssh_ciphers[0]); ++i) { + if (memcmp(dec_ctx.cur, ssh_ciphers[i].name, l) == 0) { + c = &ssh_ciphers[i]; + break; + } + } + if (c == NULL) DIE("can't find cipher"); + dec_ctx.rd += l; + + l = read_length_and_advance(1, &dec_ctx); + + if (memcmp(dec_ctx.cur, "bcrypt", l) != 0) DIE("unsupported kdf"); + dec_ctx.rd += l; + + l = read_length_and_advance(1, &dec_ctx); + + unsigned char salt[32]; + unsigned long salt_len = read_length_and_advance(1, &dec_ctx); + + memcpy(salt, dec_ctx.cur, salt_len); + dec_ctx.rd += salt_len; + + ulong32 rounds = read_length_and_advance(0, &dec_ctx); + + ulong32 num_pubkeys = read_length_and_advance(1, &dec_ctx); + + l = read_length_and_advance(1, &dec_ctx); + l = read_length_and_advance(1, &dec_ctx); + if (memcmp(dec_ctx.cur, "ssh-ed25519", l) != 0) DIE("unsupported pka"); + dec_ctx.rd += l; + + unsigned char pubkey[32]; + unsigned long pubkey_len = read_length_and_advance(1, &dec_ctx); + + memcpy(pubkey, dec_ctx.cur, pubkey_len); + dec_ctx.rd += pubkey_len; + + l = read_length_and_advance(1, &dec_ctx); + + unsigned char decrypted_privkey[sizeof(pem)]; + unsigned long decrypted_privkey_len = sizeof(decrypted_privkey); + + int cipher = find_cipher(c->cipher); + + unsigned char symkey[128]; + unsigned long symkey_len = c->len + cipher_descriptor[cipher].block_length; + + if (sizeof(symkey) < symkey_len) DIE("too small"); + + if ((err = bcrypt("abc123", 6, salt, salt_len, rounds, find_hash("sha512"), symkey, &symkey_len)) != CRYPT_OK) { + die(err); + } + + symmetric_CBC cbc_ctx; + if ((err = cbc_start(cipher, symkey + c->len, symkey, c->len, 0, &cbc_ctx)) != CRYPT_OK) { + die(err); + } + if ((err = cbc_decrypt(dec_ctx.cur, decrypted_privkey, l, &cbc_ctx)) != CRYPT_OK) { + die(err); + } + decrypted_privkey_len = l; + print_hex("decrypted", decrypted_privkey, decrypted_privkey_len); + + dec_ctx.orig = decrypted_privkey; + dec_ctx.len = decrypted_privkey_len; + dec_ctx.rd = 0; + + ulong32 check1 = read_length_and_advance(0, &dec_ctx); + ulong32 check2 = read_length_and_advance(0, &dec_ctx); + + if (check1 != check2) DIE("decrypt failed"); + + l = read_length_and_advance(1, &dec_ctx); + if (memcmp(dec_ctx.cur, "ssh-ed25519", l) != 0) DIE("unsupported pka"); + dec_ctx.rd += l; + + l = read_length_and_advance(1, &dec_ctx); + if (memcmp(dec_ctx.cur, pubkey, l) != 0) DIE("pubkey's don't match"); + dec_ctx.rd += l; + + unsigned char privkey[64]; + unsigned long privkey_len = read_length_and_advance(1, &dec_ctx); + + memcpy(privkey, dec_ctx.cur, privkey_len); + + if (memcmp(&privkey[32], pubkey, 32) != 0) DIE("pubkey in privkey doesn't match"); + + curve25519_key k; + if ((err = ed25519_set_key(privkey, 32, &privkey[32], 32, &k)) != CRYPT_OK) { + die(err); + } + + return EXIT_SUCCESS; +} + +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/makefile_include.mk b/makefile_include.mk index f76798c41..e7e3cf522 100644 --- a/makefile_include.mk +++ b/makefile_include.mk @@ -174,10 +174,11 @@ USEABLE_DEMOS = ltcrypt sizes constants TEST_DEMOS = small tv_gen # Demos that are in one config broken -# aesgcm - can't be built with LTC_EASY -# openssl-enc - can't be built with LTC_EASY -# timing - not really broken, but older gcc builds spit warnings -BROKEN_DEMOS = aesgcm openssl-enc timing +# aesgcm - can't be built with LTC_EASY +# openssl-enc - can't be built with LTC_EASY +# openssh-privkey - can't be built with LTC_EASY +# timing - not really broken, but older gcc builds spit warnings +BROKEN_DEMOS = aesgcm openssl-enc openssh-privkey timing # Combine demos in groups UNBROKEN_DEMOS = $(TEST_DEMOS) $(USEABLE_DEMOS) $(USEFUL_DEMOS) From a1beec9a28dfdbadd7d17c57d9213a1cea07cbef Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 2 Oct 2019 01:47:18 +0200 Subject: [PATCH 02/33] add rsa-support Signed-off-by: Steffen Jaeckel --- demos/openssh-privkey.c | 359 ++++++++++++++++++++++++++++------------ 1 file changed, 250 insertions(+), 109 deletions(-) diff --git a/demos/openssh-privkey.c b/demos/openssh-privkey.c index b941ff3bf..7a0923a3f 100644 --- a/demos/openssh-privkey.c +++ b/demos/openssh-privkey.c @@ -12,8 +12,10 @@ OpenSSH Private Key decryption demo, Steffen Jaeckel */ +#define _GNU_SOURCE + #include -#include +#include #include static int verbose = 1; @@ -71,15 +73,34 @@ static void die_(int err, int line) } #define die(i) do { die_(i, __LINE__); } while(0) -#define DIE(s) do { print_err("%3d: " s "\n", __LINE__); exit(EXIT_FAILURE); } while(0) +#define DIE(s, ...) do { print_err("%3d: " s "\n", __LINE__, ##__VA_ARGS__); exit(EXIT_FAILURE); } while(0) + + +static void check_padding(unsigned char *p, unsigned long len) +{ + unsigned char pad = 0x1u; + while (len != 0) { + if (*p != pad) DIE("pad wrong 0x%02x != 0x%02x", *p, pad); + p++; + pad++; + len--; + } +} +typedef struct pka_key_ { + enum ltc_oid_id id; + union { + curve25519_key ed25519; + rsa_key rsa; + } u; +} pka_key; enum blockcipher_mode { none, cbc, ctr, stream, gcm }; struct ssh_blockcipher { const char *name; - const char *cipher; + const char *algo; int len; enum blockcipher_mode mode; }; @@ -89,29 +110,153 @@ struct ssh_blockcipher { */ const struct ssh_blockcipher ssh_ciphers[] = { + { "none", "", 0, none }, { "aes256-cbc", "aes", 256 / 8, cbc }, { 0 }, }; +struct ssh_kdf { + const char *name; +}; + +struct kdf_options { + struct ssh_blockcipher *cipher; + unsigned char salt[64]; + ulong32 saltlen; + ulong32 num_rounds; + const char *pass; + unsigned long passlen; +}; -struct ssh_decode_ctx { - unsigned char *orig; - size_t len, rd; - void *cur; +const struct ssh_kdf ssh_kdfs[] = +{ + { "bcrypt" }, + { "none" }, + { 0 }, }; -ulong32 read_length_and_advance(int is_length, struct ssh_decode_ctx *ctx) { - ulong32 r; - ctx->cur = &ctx->orig[ctx->rd]; +int ssh_decode_private_key(const unsigned char *in, unsigned long *inlen, pka_key *key) +{ + int err; + ulong32 check1, check2; + unsigned char pka[64], pubkey[2048], privkey[2048], comment[256]; + ulong32 pkalen = sizeof(pka), pubkeylen = sizeof(pubkey); + ulong32 privkeylen = sizeof(privkey), commentlen = sizeof(comment); + unsigned long remaining, cur_len; + unsigned char *p; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(inlen != NULL); + LTC_ARGCHK(key != NULL); + + p = in; + cur_len = *inlen; + + if ((err = ssh_decode_sequence_multi(p, &cur_len, + LTC_SSHDATA_UINT32, &check1, + LTC_SSHDATA_UINT32, &check2, + LTC_SSHDATA_STRING, pka, &pkalen, + LTC_SSHDATA_EOL)) != CRYPT_OK) { + die(err); + } + if (check1 != check2) DIE("decrypt failed"); + + p += cur_len; + remaining = *inlen - cur_len; + + if (XSTRCMP(pka, "ssh-ed25519") == 0) { + cur_len = remaining; + if ((err = ssh_decode_sequence_multi(p, &cur_len, + LTC_SSHDATA_STRING, pubkey, &pubkeylen, + LTC_SSHDATA_STRING, privkey, &privkeylen, + LTC_SSHDATA_EOL)) != CRYPT_OK) { + die(err); + } + + if ((err = ed25519_set_key(privkey, 32, &privkey[32], 32, &key->u.ed25519)) != CRYPT_OK) { + die(err); + } + + key->id = PKA_ED25519; + } else if (XSTRCMP(pka, "ssh-rsa") == 0) { + void *tmp1, *tmp2; + if ((err = mp_init_multi(&tmp1, &tmp2, NULL)) != CRYPT_OK) { + die(err); + } + if ((err = rsa_init(&key->u.rsa)) != CRYPT_OK) { + die(err); + } + + cur_len = remaining; + if ((err = ssh_decode_sequence_multi(p, &cur_len, + LTC_SSHDATA_MPINT, key->u.rsa.N, + LTC_SSHDATA_MPINT, key->u.rsa.e, + LTC_SSHDATA_MPINT, key->u.rsa.d, + LTC_SSHDATA_MPINT, key->u.rsa.qP, + LTC_SSHDATA_MPINT, key->u.rsa.q, + LTC_SSHDATA_MPINT, key->u.rsa.p, + LTC_SSHDATA_EOL)) != CRYPT_OK) { + die(err); + } + + if ((err = mp_sub_d(key->u.rsa.p, 1, tmp1)) != CRYPT_OK) { die(err); } /* tmp1 = q-1 */ + if ((err = mp_sub_d(key->u.rsa.q, 1, tmp2)) != CRYPT_OK) { die(err); } /* tmp2 = p-1 */ + if ((err = mp_mod( key->u.rsa.d, tmp1, key->u.rsa.dP)) != CRYPT_OK) { die(err); } /* dP = d mod p-1 */ + if ((err = mp_mod( key->u.rsa.d, tmp2, key->u.rsa.dQ)) != CRYPT_OK) { die(err); } /* dQ = d mod q-1 */ + + mp_clear_multi(tmp2, tmp1, NULL); + } else { + DIE("unsupported pka"); + } + p += cur_len; + remaining -= cur_len; + + cur_len = remaining; + if ((err = ssh_decode_sequence_multi(p, &cur_len, + LTC_SSHDATA_STRING, comment, &commentlen, + LTC_SSHDATA_EOL)) != CRYPT_OK) { + die(err); + } + + printf("comment: %s\n", comment); + + p += cur_len; + remaining -= cur_len; - LOAD32H(r, ctx->cur); - print_err("%u\n", r); - if (is_length && ctx->rd + r > ctx->len) DIE("too long"); - ctx->rd += 4; + check_padding(p, remaining); - ctx->cur = &ctx->orig[ctx->rd]; - if (is_length) print_hex("next", ctx->cur, r); - return r; + return err; +} + +int ssh_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struct kdf_options *opts) +{ + int err, cipher; + unsigned char symkey[128]; + unsigned long cur_len, symkey_len; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(inlen != NULL); + LTC_ARGCHK(opts != NULL); + + cipher = find_cipher(opts->cipher->algo); + symkey_len = opts->cipher->len + cipher_descriptor[cipher].block_length; + + if (sizeof(symkey) < symkey_len) DIE("too small"); + + if ((err = bcrypt_pbkdf_openbsd(opts->pass, opts->passlen, opts->salt, opts->saltlen, opts->num_rounds, find_hash("sha512"), symkey, &symkey_len)) != CRYPT_OK) { + die(err); + } + + symmetric_CBC cbc_ctx; + if ((err = cbc_start(cipher, symkey + opts->cipher->len, symkey, opts->cipher->len, 0, &cbc_ctx)) != CRYPT_OK) { + die(err); + } + if ((err = cbc_decrypt(in, in, *inlen, &cbc_ctx)) != CRYPT_OK) { + die(err); + } + print_hex("decrypted", in, *inlen); + + return err; } /* The basic format of the key is described here: @@ -120,8 +265,6 @@ ulong32 read_length_and_advance(int is_length, struct ssh_decode_ctx *ctx) { int main(int argc, char **argv) { - if (argc < 2) return EXIT_FAILURE; - int err; if ((err = register_all_ciphers()) != CRYPT_OK) { die(err); @@ -129,30 +272,41 @@ int main(int argc, char **argv) if ((err = register_all_hashes()) != CRYPT_OK) { die(err); } + if ((err = crypt_mp_init("ltm")) != CRYPT_OK) { + die(err); + } char pem[100 * 72]; size_t w = 0; - const char *b64_start = "-----BEGIN OPENSSH PRIVATE KEY-----"; - const char *b64_end = "-----END OPENSSH PRIVATE KEY-----"; + const char *openssh_privkey_start = "-----BEGIN OPENSSH PRIVATE KEY-----"; + const char *openssh_privkey_end = "-----END OPENSSH PRIVATE KEY-----"; char buf[72]; - FILE *f = fopen(argv[1], "r"); + FILE *f = NULL; + + if (argc > 1) f = fopen(argv[1], "r"); + else f = stdin; if (f == NULL) DIE("fopen sez no"); + while (fgets(buf, sizeof(buf), f)) { - const char *start = strstr(buf, b64_start); - if (start == buf) break; + const char *start = strstr(buf, openssh_privkey_start); + if (start != NULL) { + start += strlen(openssh_privkey_start); + size_t l = strlcpy(pem + w, start, sizeof(pem) - w); + w += l; + break; + } } while (fgets(buf, sizeof(buf), f)) { - char *end = strstr(buf, b64_end); - if (end != NULL) { - if (end == buf) break; - *end = '\0'; - } size_t l = strlcpy(pem + w, buf, sizeof(pem) - w); if (l == 0) { DIE("strlcpy sez no"); } w += l; } + char *end = strstr(pem, openssh_privkey_end); + if (end == NULL) DIE("could not find PEM end-tag"); + *end = '\0'; + w = end - pem; unsigned char b64_decoded[sizeof(pem)]; unsigned long b64_decoded_len = sizeof(pem); @@ -164,103 +318,90 @@ int main(int argc, char **argv) void *magic = strstr((const char*)b64_decoded, "openssh-key-v1"); if (magic == NULL) DIE("magic not found"); if (magic != b64_decoded) DIE("magic not at the beginning"); - struct ssh_decode_ctx dec_ctx; - dec_ctx.orig = b64_decoded; - dec_ctx.len = b64_decoded_len; - dec_ctx.rd = strlen("openssh-key-v1") + 1; - ulong32 l = read_length_and_advance(1, &dec_ctx); + size_t nlen = strlen("openssh-key-v1"); + unsigned char *start = &b64_decoded[nlen + 1]; + unsigned long tot_len = b64_decoded_len - nlen - 1; + + unsigned char ciphername[64]; + ulong32 ciphernamelen = sizeof(ciphername); + unsigned char kdfname[64]; + ulong32 kdfnamelen = sizeof(kdfname); + unsigned char kdfoptions[128]; + ulong32 kdfoptionslen = sizeof(kdfoptions); + ulong32 num_keys; + unsigned char pubkey1[2048]; + ulong32 pubkey1len = sizeof(pubkey1); + + unsigned long cur_len = tot_len; + + if ((err = ssh_decode_sequence_multi(start, &cur_len, + LTC_SSHDATA_STRING, ciphername, &ciphernamelen, + LTC_SSHDATA_STRING, kdfname, &kdfnamelen, + LTC_SSHDATA_STRING, kdfoptions, &kdfoptionslen, + LTC_SSHDATA_UINT32, &num_keys, + LTC_SSHDATA_STRING, pubkey1, &pubkey1len, + LTC_SSHDATA_EOL)) != CRYPT_OK) { + die(err); + } + if (num_keys != 1) DIE("more than 1 pubkey not supported"); + + print_hex("public key", pubkey1, pubkey1len); + + start += cur_len; + tot_len -= cur_len; + cur_len = tot_len; const struct ssh_blockcipher *c = NULL; for (size_t i = 0; i < sizeof(ssh_ciphers)/sizeof(ssh_ciphers[0]); ++i) { - if (memcmp(dec_ctx.cur, ssh_ciphers[i].name, l) == 0) { + nlen = strlen(ssh_ciphers[i].name); + if ((nlen == ciphernamelen) && (XMEMCMP(ciphername, ssh_ciphers[i].name, nlen) == 0)) { c = &ssh_ciphers[i]; break; } } - if (c == NULL) DIE("can't find cipher"); - dec_ctx.rd += l; - - l = read_length_and_advance(1, &dec_ctx); - - if (memcmp(dec_ctx.cur, "bcrypt", l) != 0) DIE("unsupported kdf"); - dec_ctx.rd += l; - - l = read_length_and_advance(1, &dec_ctx); - - unsigned char salt[32]; - unsigned long salt_len = read_length_and_advance(1, &dec_ctx); - - memcpy(salt, dec_ctx.cur, salt_len); - dec_ctx.rd += salt_len; - - ulong32 rounds = read_length_and_advance(0, &dec_ctx); - - ulong32 num_pubkeys = read_length_and_advance(1, &dec_ctx); + if (c == NULL) DIE("can't find algo"); - l = read_length_and_advance(1, &dec_ctx); - l = read_length_and_advance(1, &dec_ctx); - if (memcmp(dec_ctx.cur, "ssh-ed25519", l) != 0) DIE("unsupported pka"); - dec_ctx.rd += l; + struct kdf_options opts; + opts.saltlen = sizeof(opts.salt); + opts.cipher = c; + opts.pass = "abc123"; + opts.passlen = 6; - unsigned char pubkey[32]; - unsigned long pubkey_len = read_length_and_advance(1, &dec_ctx); + unsigned char privkey[sizeof(pem)]; + ulong32 privkey_len = sizeof(privkey); - memcpy(pubkey, dec_ctx.cur, pubkey_len); - dec_ctx.rd += pubkey_len; - - l = read_length_and_advance(1, &dec_ctx); - - unsigned char decrypted_privkey[sizeof(pem)]; - unsigned long decrypted_privkey_len = sizeof(decrypted_privkey); - - int cipher = find_cipher(c->cipher); - - unsigned char symkey[128]; - unsigned long symkey_len = c->len + cipher_descriptor[cipher].block_length; - - if (sizeof(symkey) < symkey_len) DIE("too small"); - - if ((err = bcrypt("abc123", 6, salt, salt_len, rounds, find_hash("sha512"), symkey, &symkey_len)) != CRYPT_OK) { + cur_len = tot_len; + if ((err = ssh_decode_sequence_multi(start, &cur_len, + LTC_SSHDATA_STRING, privkey, &privkey_len, + LTC_SSHDATA_EOL)) != CRYPT_OK) { die(err); } - symmetric_CBC cbc_ctx; - if ((err = cbc_start(cipher, symkey + c->len, symkey, c->len, 0, &cbc_ctx)) != CRYPT_OK) { - die(err); - } - if ((err = cbc_decrypt(dec_ctx.cur, decrypted_privkey, l, &cbc_ctx)) != CRYPT_OK) { - die(err); - } - decrypted_privkey_len = l; - print_hex("decrypted", decrypted_privkey, decrypted_privkey_len); - - dec_ctx.orig = decrypted_privkey; - dec_ctx.len = decrypted_privkey_len; - dec_ctx.rd = 0; - - ulong32 check1 = read_length_and_advance(0, &dec_ctx); - ulong32 check2 = read_length_and_advance(0, &dec_ctx); - - if (check1 != check2) DIE("decrypt failed"); - - l = read_length_and_advance(1, &dec_ctx); - if (memcmp(dec_ctx.cur, "ssh-ed25519", l) != 0) DIE("unsupported pka"); - dec_ctx.rd += l; - - l = read_length_and_advance(1, &dec_ctx); - if (memcmp(dec_ctx.cur, pubkey, l) != 0) DIE("pubkey's don't match"); - dec_ctx.rd += l; - - unsigned char privkey[64]; - unsigned long privkey_len = read_length_and_advance(1, &dec_ctx); + if (XSTRCMP(kdfname, "none") == 0) { + /* NOP */ + } else if (XSTRCMP(kdfname, "bcrypt") == 0) { + cur_len = kdfoptionslen; + if ((err = ssh_decode_sequence_multi(kdfoptions, &cur_len, + LTC_SSHDATA_STRING, opts.salt, &opts.saltlen, + LTC_SSHDATA_UINT32, &opts.num_rounds, + LTC_SSHDATA_EOL)) != CRYPT_OK) { + die(err); + } + if (cur_len != kdfoptionslen) DIE("unused data %lu", kdfoptionslen-cur_len); - memcpy(privkey, dec_ctx.cur, privkey_len); + cur_len = privkey_len; + if ((err = ssh_decrypt_private_keys(privkey, &cur_len, &opts)) != CRYPT_OK) { + die(err); + } + } else { + DIE("unsupported kdf %s", kdfname); + } - if (memcmp(&privkey[32], pubkey, 32) != 0) DIE("pubkey in privkey doesn't match"); + pka_key k; - curve25519_key k; - if ((err = ed25519_set_key(privkey, 32, &privkey[32], 32, &k)) != CRYPT_OK) { + cur_len = privkey_len; + if ((err = ssh_decode_private_key(privkey, &cur_len, &k)) != CRYPT_OK) { die(err); } From 7d2cb1fb3ec50827892f90d2d389907c208681af Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 2 Oct 2019 12:42:49 +0200 Subject: [PATCH 03/33] add ecdsa key support Signed-off-by: Steffen Jaeckel --- demos/openssh-privkey.c | 171 +++++++++++++++++++++++++++++----------- 1 file changed, 127 insertions(+), 44 deletions(-) diff --git a/demos/openssh-privkey.c b/demos/openssh-privkey.c index 7a0923a3f..dec65cf4a 100644 --- a/demos/openssh-privkey.c +++ b/demos/openssh-privkey.c @@ -18,7 +18,7 @@ #include #include -static int verbose = 1; +static int verbose = 0; static void print_hex(const char* what, const void* v, const unsigned long l) { @@ -68,12 +68,13 @@ static void print_err(const char *fmt, ...) static void die_(int err, int line) { + verbose = 1; print_err("%3d: LTC sez %s\n", line, error_to_string(err)); exit(EXIT_FAILURE); } #define die(i) do { die_(i, __LINE__); } while(0) -#define DIE(s, ...) do { print_err("%3d: " s "\n", __LINE__, ##__VA_ARGS__); exit(EXIT_FAILURE); } while(0) +#define DIE(s, ...) do { verbose = 1; print_err("%3d: " s "\n", __LINE__, ##__VA_ARGS__); exit(EXIT_FAILURE); } while(0) static void check_padding(unsigned char *p, unsigned long len) @@ -91,6 +92,7 @@ typedef struct pka_key_ { enum ltc_oid_id id; union { curve25519_key ed25519; + ecc_key ecdsa; rsa_key rsa; } u; } pka_key; @@ -135,6 +137,115 @@ const struct ssh_kdf ssh_kdfs[] = { 0 }, }; +int ssh_find_init_ecc(const char *pka, pka_key *key) +{ + int err; + const char* prefix = "ecdsa-sha2-"; + size_t prefixlen = strlen(prefix); + const ltc_ecc_curve *cu; + if (strstr(pka, prefix) == NULL) return CRYPT_PK_INVALID_TYPE; + if ((err = ecc_find_curve(pka + prefixlen, &cu)) != CRYPT_OK) return err; + return ecc_set_curve(cu, &key->u.ecdsa); +} + +int ssh_decode_ecdsa(const unsigned char *in, unsigned long *inlen, pka_key *key) +{ + int err; + unsigned char groupname[64], group[512], privkey[512]; + ulong32 groupnamelen = sizeof(groupname), grouplen = sizeof(group), privkeylen = sizeof(privkey); + + if ((err = ssh_decode_sequence_multi(in, inlen, + LTC_SSHDATA_STRING, group, &groupnamelen, + LTC_SSHDATA_STRING, group, &grouplen, + LTC_SSHDATA_STRING, privkey, &privkeylen, + LTC_SSHDATA_EOL)) != CRYPT_OK) { + die(err); + } + + if ((err = ecc_set_key(privkey, privkeylen, PK_PRIVATE, &key->u.ecdsa)) != CRYPT_OK) { + die(err); + } + + key->id = PKA_EC; + + zeromem(groupname, sizeof(groupname)); + zeromem(group, sizeof(group)); + zeromem(privkey, sizeof(privkey)); + + return err; +} + +int ssh_decode_ed25519(const unsigned char *in, unsigned long *inlen, pka_key *key) +{ + int err; + unsigned char pubkey[2048], privkey[2048]; + ulong32 pubkeylen = sizeof(pubkey), privkeylen = sizeof(privkey); + + if ((err = ssh_decode_sequence_multi(in, inlen, + LTC_SSHDATA_STRING, pubkey, &pubkeylen, + LTC_SSHDATA_STRING, privkey, &privkeylen, + LTC_SSHDATA_EOL)) != CRYPT_OK) { + die(err); + } + + if ((err = ed25519_set_key(privkey, 32, &privkey[32], 32, &key->u.ed25519)) != CRYPT_OK) { + die(err); + } + + key->id = PKA_ED25519; + + zeromem(pubkey, sizeof(pubkey)); + zeromem(privkey, sizeof(privkey)); + + return err; +} + +int ssh_decode_rsa(const unsigned char *in, unsigned long *inlen, pka_key *key) +{ + int err; + void *tmp1, *tmp2; + if ((err = mp_init_multi(&tmp1, &tmp2, NULL)) != CRYPT_OK) { + die(err); + } + if ((err = rsa_init(&key->u.rsa)) != CRYPT_OK) { + die(err); + } + + if ((err = ssh_decode_sequence_multi(in, inlen, + LTC_SSHDATA_MPINT, key->u.rsa.N, + LTC_SSHDATA_MPINT, key->u.rsa.e, + LTC_SSHDATA_MPINT, key->u.rsa.d, + LTC_SSHDATA_MPINT, key->u.rsa.qP, + LTC_SSHDATA_MPINT, key->u.rsa.q, + LTC_SSHDATA_MPINT, key->u.rsa.p, + LTC_SSHDATA_EOL)) != CRYPT_OK) { + die(err); + } + + if ((err = mp_sub_d(key->u.rsa.p, 1, tmp1)) != CRYPT_OK) { die(err); } /* tmp1 = q-1 */ + if ((err = mp_sub_d(key->u.rsa.q, 1, tmp2)) != CRYPT_OK) { die(err); } /* tmp2 = p-1 */ + if ((err = mp_mod( key->u.rsa.d, tmp1, key->u.rsa.dP)) != CRYPT_OK) { die(err); } /* dP = d mod p-1 */ + if ((err = mp_mod( key->u.rsa.d, tmp2, key->u.rsa.dQ)) != CRYPT_OK) { die(err); } /* dQ = d mod q-1 */ + + key->id = PKA_RSA; + + mp_clear_multi(tmp2, tmp1, NULL); + + return err; +} + +struct ssh_pka { + const char *name; + int (*init)(const char*, pka_key*); + int (*decode)(const unsigned char*, unsigned long*, pka_key*); +}; + +struct ssh_pka ssh_pkas[] = { + { "ssh-ed25519", NULL, ssh_decode_ed25519 }, + { "ssh-rsa", NULL, ssh_decode_rsa }, + { NULL, ssh_find_init_ecc, ssh_decode_ecdsa }, +}; + int ssh_decode_private_key(const unsigned char *in, unsigned long *inlen, pka_key *key) { int err; @@ -143,7 +254,8 @@ int ssh_decode_private_key(const unsigned char *in, unsigned long *inlen, pka_ke ulong32 pkalen = sizeof(pka), pubkeylen = sizeof(pubkey); ulong32 privkeylen = sizeof(privkey), commentlen = sizeof(comment); unsigned long remaining, cur_len; - unsigned char *p; + const unsigned char *p; + size_t n; LTC_ARGCHK(in != NULL); LTC_ARGCHK(inlen != NULL); @@ -163,55 +275,26 @@ int ssh_decode_private_key(const unsigned char *in, unsigned long *inlen, pka_ke p += cur_len; remaining = *inlen - cur_len; + cur_len = remaining; - if (XSTRCMP(pka, "ssh-ed25519") == 0) { - cur_len = remaining; - if ((err = ssh_decode_sequence_multi(p, &cur_len, - LTC_SSHDATA_STRING, pubkey, &pubkeylen, - LTC_SSHDATA_STRING, privkey, &privkeylen, - LTC_SSHDATA_EOL)) != CRYPT_OK) { - die(err); - } - - if ((err = ed25519_set_key(privkey, 32, &privkey[32], 32, &key->u.ed25519)) != CRYPT_OK) { - die(err); - } - - key->id = PKA_ED25519; - } else if (XSTRCMP(pka, "ssh-rsa") == 0) { - void *tmp1, *tmp2; - if ((err = mp_init_multi(&tmp1, &tmp2, NULL)) != CRYPT_OK) { - die(err); - } - if ((err = rsa_init(&key->u.rsa)) != CRYPT_OK) { - die(err); + for (n = 0; n < sizeof(ssh_pkas)/sizeof(ssh_pkas[0]); ++n) { + if (ssh_pkas[n].name != NULL) { + if (XSTRCMP(pka, ssh_pkas[n].name) != 0) continue; + } else { + if ((ssh_pkas[n].init == NULL) || + (ssh_pkas[n].init((char*)pka, key) != CRYPT_OK)) continue; } - - cur_len = remaining; - if ((err = ssh_decode_sequence_multi(p, &cur_len, - LTC_SSHDATA_MPINT, key->u.rsa.N, - LTC_SSHDATA_MPINT, key->u.rsa.e, - LTC_SSHDATA_MPINT, key->u.rsa.d, - LTC_SSHDATA_MPINT, key->u.rsa.qP, - LTC_SSHDATA_MPINT, key->u.rsa.q, - LTC_SSHDATA_MPINT, key->u.rsa.p, - LTC_SSHDATA_EOL)) != CRYPT_OK) { + if ((err = ssh_pkas[n].decode(p, &cur_len, key)) != CRYPT_OK) { die(err); } - - if ((err = mp_sub_d(key->u.rsa.p, 1, tmp1)) != CRYPT_OK) { die(err); } /* tmp1 = q-1 */ - if ((err = mp_sub_d(key->u.rsa.q, 1, tmp2)) != CRYPT_OK) { die(err); } /* tmp2 = p-1 */ - if ((err = mp_mod( key->u.rsa.d, tmp1, key->u.rsa.dP)) != CRYPT_OK) { die(err); } /* dP = d mod p-1 */ - if ((err = mp_mod( key->u.rsa.d, tmp2, key->u.rsa.dQ)) != CRYPT_OK) { die(err); } /* dQ = d mod q-1 */ - - mp_clear_multi(tmp2, tmp1, NULL); - } else { - DIE("unsupported pka"); + break; } + if (n == sizeof(ssh_pkas)/sizeof(ssh_pkas[0])) DIE("unsupported pka %s", pka); + p += cur_len; remaining -= cur_len; - cur_len = remaining; + if ((err = ssh_decode_sequence_multi(p, &cur_len, LTC_SSHDATA_STRING, comment, &commentlen, LTC_SSHDATA_EOL)) != CRYPT_OK) { From 6ab370b62d4efd9240739d36d4fd9173ff74f222 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 2 Oct 2019 12:44:05 +0200 Subject: [PATCH 04/33] add ssh private testkeys Signed-off-by: Steffen Jaeckel --- tests/ssh/ssh-testkey-ecdsa-521 | 13 ++++ tests/ssh/ssh-testkey-ecdsa-521-plain | 12 ++++ tests/ssh/ssh-testkey-ed25519 | 8 +++ tests/ssh/ssh-testkey-ed25519-plain | 7 ++ tests/ssh/ssh-testkey-rsa | 28 ++++++++ tests/ssh/ssh-testkey-rsa-8192 | 94 +++++++++++++++++++++++++++ tests/ssh/ssh-testkey-rsa-8192-plain | 93 ++++++++++++++++++++++++++ tests/ssh/ssh-testkey-rsa-plain | 27 ++++++++ 8 files changed, 282 insertions(+) create mode 100644 tests/ssh/ssh-testkey-ecdsa-521 create mode 100644 tests/ssh/ssh-testkey-ecdsa-521-plain create mode 100644 tests/ssh/ssh-testkey-ed25519 create mode 100644 tests/ssh/ssh-testkey-ed25519-plain create mode 100644 tests/ssh/ssh-testkey-rsa create mode 100644 tests/ssh/ssh-testkey-rsa-8192 create mode 100644 tests/ssh/ssh-testkey-rsa-8192-plain create mode 100644 tests/ssh/ssh-testkey-rsa-plain diff --git a/tests/ssh/ssh-testkey-ecdsa-521 b/tests/ssh/ssh-testkey-ecdsa-521 new file mode 100644 index 000000000..838dc7e6a --- /dev/null +++ b/tests/ssh/ssh-testkey-ecdsa-521 @@ -0,0 +1,13 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABDPkTaUCD +8+sCQ1AWJVXCBTAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz +dHA1MjEAAACFBAAn3wQoJ/ZfNuF2xsfUh8kIZ+UXjzW1vOgTqMA6bpLYN6sVccJTFII4zO +RSM+gEFymy/P4INPTcwTc0B4zjpwzcmABsNnUTf/N6DZBmcFbM0zTuZij4Ck/rXRfrVfMI +kr2oVcvqj1lKZcfKwHwK1dTHy9xHveKB4LkPl7i/VrWNDbYxOQAAARC7v80llW0VqWeSp3 +VgKXZtdSXD1XW+NDYmmbwR5cBhqqnniBUqXb+hlPc/jFo/Cb3IaLzumY8C8X4+cjQZa7i4 +os69nB/mc1FpfQLmu/7nW16mN/a14VMrZS3Ub6eO4DUYxfuSgLZ6vgBc5CKpH609Z4cpnv +lONyI3dhwq+29ruFFrccerzMoYRBLDGis2MH/U+AJEABQlwNeMp3DCY1+yAKNjz6dmzyP0 +mzkUhlTgqXCrh5lGdImK5crb+A+8QJIGkZtXz+N7rhJxKqBudMyIWls9bS7eCTkoazM9IB +3tBZvpCl2msrGxemTaeUeFWoZjlALOXgKQKN7pBMJfyTLF5Q33GDU5ZFVtyq/V0kBsFg== + +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/ssh-testkey-ecdsa-521-plain b/tests/ssh/ssh-testkey-ecdsa-521-plain new file mode 100644 index 000000000..e404925f1 --- /dev/null +++ b/tests/ssh/ssh-testkey-ecdsa-521-plain @@ -0,0 +1,12 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAArAAAABNlY2RzYS +1zaGEyLW5pc3RwNTIxAAAACG5pc3RwNTIxAAAAhQQAk8/IJIoDcA9yeNTV52Em3IE+4e1G +nS8BHsmAbH48ESjQljooUWSl5ZER9zzr88nR8Sd/rpQNf3wtKvD7xqok8F8A+vp9pv8jd1 +RodyVHeLKjGkL6uNki3a8fvotA1hPBjEQa/19WaSmNk3CBdsBpqltXwYgQxZn3CwS51BPo +KsAj8bMAAAEQ5btEZ+W7RGcAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQ +AAAIUEAJPPyCSKA3APcnjU1edhJtyBPuHtRp0vAR7JgGx+PBEo0JY6KFFkpeWREfc86/PJ +0fEnf66UDX98LSrw+8aqJPBfAPr6fab/I3dUaHclR3iyoxpC+rjZIt2vH76LQNYTwYxEGv +9fVmkpjZNwgXbAaapbV8GIEMWZ9wsEudQT6CrAI/GzAAAAQgCRG0oaSe873pTZZRVmTaJm +1275E/qlCjN0eddd8osii6BPTICINvKU5C74bMkdR69NNxpWOxWfj3WE9grM6cVA1AAAAA +tsaWJ0b21jcnlwdAECAwQFBgc= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/ssh-testkey-ed25519 b/tests/ssh/ssh-testkey-ed25519 new file mode 100644 index 000000000..a9e02119f --- /dev/null +++ b/tests/ssh/ssh-testkey-ed25519 @@ -0,0 +1,8 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABAMGtBgdw +V5lwgRRqXm8vD/AAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAINmcW0NUcZtRAxOC +p99u1X65FTEP4rIyj6mp6NUxGXZuAAAAkKYfVXz5BP6ZUThjdsyEBPoeXTpKYD98yt28Ab +9kk3hSwgfK/7BWp4+Q9A6YK477kBfn8GRvfb9zHL2e/Td5Kx/hzrhjPWzfzGwaChDegWWv +yygQgdBV4ye7o7ir9KJpsqLxNQzKcy8DydcAJgVGkopFAhR77HuDTPymPFv7o+lyLIh7/v +wxHkZDd4TvKXzpGw== +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/ssh-testkey-ed25519-plain b/tests/ssh/ssh-testkey-ed25519-plain new file mode 100644 index 000000000..cec8acd9d --- /dev/null +++ b/tests/ssh/ssh-testkey-ed25519-plain @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACCgWG/eiYfhjT1VUcm+IEEsJPvkfPVQG4Pj1P5z8iwYGwAAAJCLGRhrixkY +awAAAAtzc2gtZWQyNTUxOQAAACCgWG/eiYfhjT1VUcm+IEEsJPvkfPVQG4Pj1P5z8iwYGw +AAAEARECjst66ZUM0FBOHx7Kjf4kqAvQupHtxkMhs02jNeHqBYb96Jh+GNPVVRyb4gQSwk +++R89VAbg+PU/nPyLBgbAAAAC2xpYnRvbWNyeXB0AQI= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/ssh-testkey-rsa b/tests/ssh/ssh-testkey-rsa new file mode 100644 index 000000000..e4edbb6bf --- /dev/null +++ b/tests/ssh/ssh-testkey-rsa @@ -0,0 +1,28 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABDFUUlb4r +0fS2eJ9gjh6F7ZAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQCmZaJtNXja +0l6Z7uE7htLM2Zt0vPHfskpu5WIRVVf+9zdfHEAdXjVIT4wVsbNggxDoWbNJWqBWeqCHhF +ZjMqmjvVhIFpiLqCgcaT3+ulPP2DLE7zkfqntvSYvV6BCCB3aYxfQnpm+WuX5z0NNF5xQk +IcrVHtB7gfLWYY1Ec5dQuWJIMwGnrd88zBfIiEkZGse10a3v4WSy4TPYQbopJ6AURqTS+B +n1/3ImeoMEL4bGP6Jq5mmMjgbc5JKRdDYNuMV+rcGuwppCWNQzZ8DGxalcFgdzKT/ZUrNh +oG65BxQKL9yP+Jp4n/RDXx/HXSpaSWIk4sU/zhD+dSqjTAi13qv1AAAD0Ma4eNxWrYu151 +H7ydn+uxN42VtDTLZEWFMLFLHyoj4ohyxSs5GrAAIRoD2iZHqit+Y8DYAGEhYOlwRSCuSi +z1j2JhYKq1QIcrw4rPj/FwkOYa9A/kcVUcWEoUBK0pAJZYXwo7UMeoO0YnCPWbn6sgQL1S +rxKM13s6M3HVz3jIaM4e7541TIGonR/5akn0pMNYeF/M5sZmLZI7ESNRRCw7AxNmMew9xy +RhhFs+XW81tb2c9gVs7Q9NARsY5OUPeABoq2LYWrjRlhTFhMwGEJITuWNtoll9GetdjZSy +95eNKLCazQwbvw4k2LWfMrJ4GakHV7MyrrZ/EeEi88eOII16MHYhmrMSPUkwXarGDLNkJl +pWAeA7T1L+R2BMRYf2tNT1201eKtG7SpUx2yqvA6gQGEBOAl5lRnQi3yRbhJgRHNu/7SaJ +s1xEw8Ok7kCcgJDeDZwoi1wc2F21jtYi0fj9kQaGeNGgE1/LE+pwTR+c4sIcK19IQZnx45 +HV/SBsbE5hN6Et5ubvkQzqfOnchYaUq2yUA4WHm1kT7eqE3Qzn6AH4IX2RgjCQIU7Hbg3n +0Gz31TYHEDfRdWbfr+RRXBMl6AYQ4P5ONH/0wNcC9bRkwcebaOlQszS6SnwpGqSOKprLww +y1nY8kCegoNhWvRfLU5XTcJ3AXikqVQtRUno6E7Rs5UfXP0Pz9hUUQywjvDAAGwJxHwzir +UNNowV35dWF75OHK5yiEl389qz17TA/s5ZmJrDSO0nZ83NqpyhUwi96Bv5yx4lAbmKUR3k +5l7o7PYp3GOl2nbk74U+R4g34aw14oIWDwmBD9tTisz95Eqv+6sNvxnNbOec4fRoqKBlen +1EQlKZxqgpxDOXRT9FHE6AIUqUxEyTsm5rIAg2WAnEVbEu81xliKm6pMN5v9Dkx6Hd/SRl +C2WLLY6WoS299QoEZwWGGI0Kt1jg0R2YL04fBwjwmf01XjlOcABBvK+SwTtqLtaU+AJOHN +Q5era02uih7b19QERjodOpkhiCz3Mq4CSgIkEJ0DrvP0yZZG2qQq2rh/Ha2z7Mtu8TR38g +mPbUMwbITiWBNvFlEKEM17oBixE4XTfJ4KwUgkjb/6REwh0nH6FXJeLMEhw1KChEuodwk/ +tXYrds+VleQsUy3o3+DPa4S0VeAaPCgg/UFST/pLp5Bo8IfL/Ka2udcaQo9lXj9do3wb6k +D6BpIsfBgmypZgd8Wms+HzKZDhK5MmODvI4EO+vWNTwZtXiMxFViywj/MHezMXOD1k7euf +b3OCjesmNXSqByr0tze5QvUxVlPEQ= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/ssh-testkey-rsa-8192 b/tests/ssh/ssh-testkey-rsa-8192 new file mode 100644 index 000000000..245ed5517 --- /dev/null +++ b/tests/ssh/ssh-testkey-rsa-8192 @@ -0,0 +1,94 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABCHAkaobc +xwD5tun8ONijynAAAAEAAAAAEAAAQXAAAAB3NzaC1yc2EAAAADAQABAAAEAQDHbsr1aosX +g7rGuFdUNDfChiGdQ11hJcCJIS3VB2ng4YFClK9a//pehFaorht+qTyJnvbmp0Xh+B3IUC +UNLxuNB5LcF7ODO2fgEQd82/LjWFKoDqE2TjIRvxWhMUGKUB74TqDUSQrJKJDnr8hD04Wp +QSY6Nl8KYlxEeXGnbt+F8UikyygNdNK5x8JxBk2dqsps1XrCZKex66rTe+tS/7xju3C8fE +qWzhPcnKWNoLT3Bjnzzh/zXqQn9kWE+JZqdz63mVHeQNgt2E5bYXylqR/IjBZXtnXWNDSA +tS41mmhGvmipEyoRUI136ajmrQSv/LoUcmRfcqLQvQqUshtMLdDR7/BLAnKVHPlkhrwX7x +b1f71Zqd7QnWN4lk1AfoZmqUjw2O3cCfM0DRGz+xjHnKM4z6hyGSQMrTdLYwY0hUjUO1gw +tQgYw5neJGHWf/3uFheuJbwAQOMiOFKpqS/+lnyBLsB5GoaHhGWitiuXzvgMw0e87RbQGW +JAZyHxdHRsGo+pllrpOH9qlXF0aSFO31baE9VXAD950C/HguIe6OXxRXFxV02iltjB47/3 +HawTrAiZSNYgkeitWEk4oOopYQnwIa41Z0/4eDhahpwY+YlkNj7X3SFpmAHSMreDkI5zIC +jHVPJ7zqXjO2cRFJxnl68n3JSNKgRFqsUOgiKYlU4VJUt8T0AYuVLdVBxQbE+gtMv23Cpm +4+JyMq+FvT6WMaPvjCKSBZG8dcGLjjA4x+4GitLoEkvUlgcgptPsgzXvTjCE7AK959IvkE +U1X81UscbZyuRw4HgsD/lveoZejvrLFchUetSeQ6PjAowl1zAmR5NJog/EolCy65cM9/RF +QYVUN1/gdRrXs3BhX7AP4M+kRcAbL9YonRq9ORT66QucnbDYSI0H4/S8GHkeyz4MHSGK7m +ER9d++vgLV40mPuzIwgWfon4DzyzeYYSUCFj2pD+uz5yK4V+RWVZI7raGpCp5QEYOOy8Uq +8GnjHBGBfYH4PpFxE2L3rt9YvR2cB3iVMbbq5rwVVEmCS0qdVkxofdR3hB/uJUqLfLEvVY +FzZ6rB1n9RxrFo4pU2A+JhNC0c7NQWHa9ZhprFBDD0TnIzNFEgQ6IijCrH7jIxWORc09wo +RuKVdf+bxNfPUFQ+RmCZFUma/a8rLAu6Kjx7txGLeHWNJrsVeEygjAhgHDVWtIRM/mO1Xq +/RXSrjdhbgfXr4QiEQbEyBBPzfTEn7IlXEp/errtCVbf6HZXtLm+aID2seNC6Zt1pwgZc4 +M/KpQGORe1jotZandtH4kK0mbq0kkO0WBwTB8ERDha/r0lP3q/0T14Y7AFPxyIIuN0M/jU +I/lx+kB808zwyXRU+bVEVIVzgzAAAOUEDzTAJR6VcHo4NBLbYf+duKxK0cs8BUfX60jOzW +Qtgp/CWVl4U4/mdLnambxR8id3BYziFXbt1OrkjRG/Jy33vXwooBJlDgdZfgXuNzMYv1bq +RHbckdcBO+DnBmIA0bqYJNjSx7AJQgNRGK565aadDZUCr84MXGjd8zrQWLvRmAaFuj2pHj +GGnmTIHGo54FvZBPDd6ls9BNvj818UAzZ0JEXl3ayM7jFAs00LS6JKV/Pk6xSo0L9XOLTC +NIAlTngFJHAo1lCiMg/Horv6v3HfD//B013o3ltD/Xw5Tm0A1Zxqvtu3SHsAFaO/iWAmuO +u/zNlcPuZNxhOHJccKiTtWXdMfnGNpoRcBn8puQ0FDHKDBeI19laFeT6cLwcq0n1ihrUX6 +psRsY668I5NA4GyeQ+eLiU6a9KgpWZDbd0f54azAeW8T1DW9K6xnqk38Jn94HjHp7QPcwS +MqbezpcmQZqJZkLUAqcqdsnJytWTGPqjJ5+S1nXSHp5d72pR1udgxa/S90t9f6HHPiX7MM +u3WKJZesYt7rTfeX5MxJ0ylnA1A0SJSoETUShFgQM5BG9PFys5ZiwnFIwgeal56ym6bClc +tWXZSb08gaH1Vw67I0IO2DeOepQaSCbJnGU/+jJpBac9iRYnKheI7Zb+nQdrHKUts+fALd +V3mxLXcMne/wVYjAKQItZVqMiTlPYzkROL54HFW0Qx4Kd1zGWZo30VoxMdNKRONjmXRdzH +4WmPyF/uMBKL6PoST1JCU+BZTbGLopz643uMtEyQDYAGAFW86Lg59ZuAnN6nR5/ZtHj4/o +myKcpctFgHOL6EyreIh7jxM3/1TxLfpoO7JJSaC98Amzo8/r7rkHOxXyoXeZnqWb1kKvqj +Ax/7dBEGSU3sYF+JGCBq5T7r73ihcPznPOJggSavGoV8K/gGsJTnNi6OiIrByuAgzFsRu3 +6+9Cew3mLmb6TIwXlG8qTR7NTrQn23IWpoWi9tQf7ARb1xo8s9qEQwveOtDRQLv2C8cuz4 +gtOAfVGrJ46sJozwof4P3ie6QaKukdVg7Ln8rnhhG3YJhZ22Q1yZRj1nEemD4Xgt5cMKbu +jw23838azWTtV4Ly8rqS6GETH856AZd+nBIUlOnGghypHQ0dhauTlluZwpr0oEdo1+tZ/w +hM5+QjQa3A1Jchk086333na9SvwpelAsM3dliElwNyT9Nk5fodLDzmAbL+THlcTd755cKL +PzulwtQllZ5qcjSYEuLYw9jLTpQVVoxmPTEFntYZiIKgecYB3EIM0fPNgc+s8nzXIb+IW3 +ssaaWkmkQheJRFU+E2h5ofzfffmmKv5BRE5W5070GC97h0GDcBGqIA8nlixowF83NzPY0X +CsxozFa8jYN22jqwaKU8UImAGmfHk+cebW92T4J++dzz+gZnLArcvplSpQIws77lagxfNp +tD1v80g0igr9woV75JzwrnQeigw/TdixSIia0gIBdlpx59UCEY7CRzEDx2mwkmyZqRS1P1 ++Bef7YDdHVRmGOuJ8ZV8fT66nyDt5Ac9nwT49ZE/Z8VaE9jMWihEGRdSUx+mK3115ciU0N +vqzQoWS4xXQLZi5cl1ZqqXNefyrtBIw7RWrx+vjIe/nmClOWzpL6jT45CK6UcyAutvSOLd +nY4APaQRswi6WupXrF/tIozoNyPJG1JFxYyivrIggF32kPmKL+3ftIFcOOSp9Ro01cwlxZ +JV5UVsI7N3V2qMs0i4yexAQSggS1QliM4DzWXbOhv1u8QS4hBQu/w5/P6itTIvWG/4vsRw +p119lRuOZREnNT77qSdvmXVXtktamBgbjFnTdMhNUt6lk1+9Zas0402BjFzDJgj2rlqAxr +Jq92P99cFvcDgpraGvodh52p3RGdkj0yyiXhSdqeZHWIcTLNSJ+Kq548cregsEgmmQHJr8 +OUO2W2KniYx0SW01CvDJl6PdmF02w3ta8RSB+/+83OI/+Hr1wwGFLacXZjgjF8C7c5IU7s +/zpGKchnTzZw5otZ0diZz4bkbPn79KejHYk68pNdFy4uG4RMUu9CaloZ5EaHKGXMwHTCZP +WoGVb+2q8ivzEcea3Bb+H7M5b3MXUXDIRw345y47r9qiYYy2m1G9ndr4CyfEvouDmdyKa9 +8QlHAvsJt0YPR84vHdhKnL+czrf4QyW3QBY7jKs6rXStBZ7y/F/KWp6bwqnf/XtCIIHnMW +HCHGqm9PkR6eUiU90OfSaOK3nXMVDJC0EflyFVW9mSkH53bVVJova+mmLbs7JsyspyB8iS +AdQ4YcjMgACsr7w+ZRPQMV8O5puGaQbMQpvpR9I5IkSdzusCTldQjomyrRwIbv4Kk+jnpf +uPzApWhkVPhRycbAVnHERCzxiLZJr1mxWjpjmkLs1jfDjMPO522wolrlOLgFr1Sj18flyf +0psQpFZqouw7oOCQ2YuXpgUe6+YRk8D2qSILtjRJAfV9x0MXFr3IqbizpdjPur6hbL9jKK +I+H0v5/h3xBRKVqTRU6n74VgImsYi5RFv5YcruQVnKPvw046NPTycA9te5vuqgTnpEhl6K +skrmcTwpk+tsdp17Y02FLbeKQ/PTV0cIsadwqDwPbvgbVTiAFeIVOATYnKN76AiHDU4uU6 +qR6eIUSmR7pNH/8rSu6sPaYjzp/uIrup7nTVtzIrlMWlVrZxPMyQ/fxWJ3V68aMVbb1HIq +5r3bURN6IwTEZugDzFlPkE6mk9WxJ72xMYzeC7m933OcbJVtWwTPou2C6SXI212sp8cvMG +2iiCaHQskAKCSApAZqwOEi9KsOB1ytFDAguTrlq9cbpLCa9hEdl5Wytsk8fgp78Gotg3qS +z5o/fOSEOnq9D8TJZBdJx/7phEIVtFG2IA1+a/XLaFInjmGjm+dd8oRhRB1ZWu4wjZhpUi +fekE1Ixf5aPcFtdDWErncrLtiddEkW4gMHK2QKoVxk7oWxBniLF3JTBpCyPtLgLGd84MJr +c4yiVKxsaMfURoijwJE75CRLM8At/Jq/ZbldM7adenhP+kPfTSXN3Ld4focD/rcBM/6zML +/yTb2GP/0kmN3qTgB6sNvFrMMpR5kYmX2jSvx/rrx9fzAvSuzH1b/1pQumsHqZh0zwT6RX +K0yMcQs+dbJtZzQ92TSyx1Rq95v54fYV4rYmpnnWbIywnJReXzOjNixculPpawetJK64a6 +6i3sOPMEPGBDZIO+Re6h4il8A3BxBAdX8dUgyT6XvW3Xp48VzXeTLaZrnXG0POVXlifrMh +0Si5pA3f/L5ygkgsc8zv14/wv/YmoqNmu6g36IrggCkK8tLi8DbeyFA3aFmcDQorMDMhvz +HkbyIN+RhPdNVVgkA6nScNNZs7V0n3+2tWnaMxFp+j/UH1YwqNrviBJqfrUBuMW804lDHa +YX2bs3tzq186fsMlTFOKjfiIRFLJTYD+zQNM+eTkAuTiQgxrTqAJi5zMZJuXvsO8k0CcHI +EVcHGaP9otDq/KhsyUs9/Qio/gfJbU2qh70ZxYwJWC/8DvdfRpsSoGWb6GLnq3GxyYlVnT +V8Ov/nMCIDH3gzc+2bBxuTwfLZ0dElOWFuEuzZj5enw4CF9+IQW3CM4EfqUf7Y1JIyZvKy +BL+plHJF08mHEqlzFYxoAHL1IpZdSMn5uldYaPeB5uHLZbyLu8eoI0WRQPE9smhxa1UERd +2mUJpsEMA+emZzIsPs0zRUicGeGZLX8ultN9KI/4zsRJE3GZzcT17HYoVpqKNxZHoUKpip +sNTi42ZV2if7f36wZmPoYu4mKqCXhjyJS+Yq5S6V/0U1YbqdLxWN6kDTKwu9/O02uL/Hb3 +h1ZLunheDBP4k/SwK6I745J/aEreVtLpzuJeE7rD6I0faC+lQymrN9WxTd6k7hcOElQkiA +8AgOeaaNG4r2IsSTACFzw98ip3c4Kt/GTcEamFB4Gp8MvcCO7bFovbEHGx0bKu40oD5m/I +ZV2PbEQgF7oeL14YxCHyfNS6GUSREF2VreymnopWKqTEs/Av8uOvGRf/XD3fbWCHnRmLl7 ++odQaeXVhs9MIBPcGDt+6PplCvhw6H+freu+hwDCWsVEU0EBWz6bJi5bkWozmfzTL77d21 +rgX9bnJ1554Cz41uEPP57iyAONKnHOP6UIBiGv4pex6dciJWnmPW4aw9Xu3sMFQxWTyjoC +ed+cVxtJerrS/D22zMvTISyx/9GnFuRyQwXOjyw8VVWb0j84ObEi7dGkE3Qfy2g28s05Gy +2tgIYYRAd8OUtqsjpeF1ggxn6T30Gmpc2DDC49FlTUU4DyjMHpUrX0qOg2HwygELNMEWg/ +tKdvWAD32ggIqM2q5QfMntA3pWKdSoTRYK2GpFfe7K3loB/9aXKQBnPMpqxBsuCL28ty/T +m2PN5iVDDpTn9+IwYIK4ifGKoU5zXYvoAmDTru97kkbb9+L7sxcRVNmdrC2Aod29epO4xQ +Owpzc9fViIXyv3pEImgxcgrI818rYoSg4qm1hKV8O6rBNmYJTCW+VIai0dfeoZ5RvjDk5p +C5PGO0qLvmr5vDo5IE/i3aoJlirm4KFErzbMpyjjVrrEfIZO78qX79ZUwRLw+3zjLZN5jk +X3T22nv46E43rt045+mHglNxD1jbseJlSXNWUHPfuyl7xgqKv/kdDCxXC7yxddtyB2ioWQ ++WjmV7dwdPApuO7E8SN4A4aIFOdVNN1EisPOZxOB5o4i06b7RTcAJdluTC8uvuSLS9pOaD +Dyp2MTyfzsihx4CD42e99ylGR6Vua5SGknGx8CgsePEy9tbVPQC21dXKS/F4J4RjiHMscf +rLiYk1I4SfXkb1vZqtOuNX4O38qB54FpojKL/iZxaEb/QscfgonSz9R2x4VhNqpt6HBHRC +etY+1RNqGPnkvl8Y0= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/ssh-testkey-rsa-8192-plain b/tests/ssh/ssh-testkey-rsa-8192-plain new file mode 100644 index 000000000..9590abea7 --- /dev/null +++ b/tests/ssh/ssh-testkey-rsa-8192-plain @@ -0,0 +1,93 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAEFwAAAAdzc2gtcn +NhAAAAAwEAAQAABAEA5ZPD0zgd3y6u+3X7ITKpFKcoQRS46rczXd0GtU1oM4/REZQVU1Pl +PxBEh4YpMbbIkmfWIV64tEM1me8PmhvE63k38Kft5x5gMiM/AVjbjfApNuj1jT/ABOS4wZ +cjYGEr0ajgeyyXqp5FdYO1pkISOfGnxpj8kLnF+Pcbj8r9Ukh5bfYgir5SjuytIhYQ+zy/ +mDoNtnhW967QY1RJOosqLS0ymJFC7cgEq0n5Goi2tdf2fM0xr469C0aHK92lvfAO1+LZ52 +Fge6YlHOpdcVaUAZJmc4uMsJveEQsxA/g3L47lJEpoLXT4GICmXFLn9o+SEnJdC69Xm5nY +hyrPWruXaGkGFmVQsTYdU8w7zVtGZ3+n7IR+v87ESIPoOs3h/h1lx9YbknNiEz8Wxb7va9 +iJVFLC4bNp9r7d4KIlAlfALYHMztBvmGayfX1tUFfr92MyXPqNqvtFK8+HDbhgV8AXuVCw +5ZGG/YYI5ws5hamiaRiiAjLD5Zk7CNkAhdi3fKruhU2NTdTmHB1PtAcTB9SNdu7H+fDimV +9Jp+3aL6jsuFKFgeSzitCwXZ1Yuh7nnt6JjBbib2xgqrxMbVTY1HVICLUEZh0QOmFLDEos +RZk9oC9S/VvSXPGi1vejGc2otL1nLPKA3V+hf9J1QvJQloeT9UKR0ATaawmLLIOKGE0vjh +83SSx2kwsOhv0YRwcb676EECCjnLr15mNCSO2NQbGIlJNx/sG+fCXvt/aWmtVKQdXW0PpL +uum63lCm4lgaKYGOaBIvFAiok9YvQS0sVPAhcAqKOWk2SFzyHC6EplnFBPGEggFFumMGrm +Gi0yU1eP2lMvY6OVNw4XnpleZhEBQ/aqM3CPgJZslamC/lBAWX5PSU0aHYUKGZEKulisbg +i90TMKxUFrjXtCHVlqqSSbtDwEFzliFDW0Usvgq2N32xthgdaruFjCwKo6c9inSSNdbpks +i8CmJR7ISCF4/RSxBZbKDS49aKooGO8vf04CkdhAeD9goBei8ARpmRrksSZbyjyj7LHeng +XvmnDUJcFQhzFkFudKwK5FsRL4xsSweRxK1SPWIRJ8qTNrBcNREVKvtVKXdEbRfgSxkHA5 +3yMWLeoqxBIb3UF6PqWuwoZkwUvz+fwGdWejhh0fBzOvHi61aM4KXHVxwLfyMfZkZLWbYs +c1V3/K5UFXzbxCMVKf5BpRPGpd54Ngnqdv0domMcAAO1E2OTXEo5pwgqjZ//UbC1NtRBpO +LDwuFsCZbTvOwzGjIh/Ss6NmibEeV/otVJlyzs/hEWXaLasqu8yw4gD1StX2EfRCAFrFiX +Au4NDgJXzGNi2UCJkX1HT53TfL4fNO3uuGIcJEzQ95bnNxSFwai0fQAADkjjnrv94567/Q +AAAAdzc2gtcnNhAAAEAQDlk8PTOB3fLq77dfshMqkUpyhBFLjqtzNd3Qa1TWgzj9ERlBVT +U+U/EESHhikxtsiSZ9YhXri0QzWZ7w+aG8TreTfwp+3nHmAyIz8BWNuN8Ck26PWNP8AE5L +jBlyNgYSvRqOB7LJeqnkV1g7WmQhI58afGmPyQucX49xuPyv1SSHlt9iCKvlKO7K0iFhD7 +PL+YOg22eFb3rtBjVEk6iyotLTKYkULtyASrSfkaiLa11/Z8zTGvjr0LRocr3aW98A7X4t +nnYWB7piUc6l1xVpQBkmZzi4ywm94RCzED+DcvjuUkSmgtdPgYgKZcUuf2j5IScl0Lr1eb +mdiHKs9au5doaQYWZVCxNh1TzDvNW0Znf6fshH6/zsRIg+g6zeH+HWXH1huSc2ITPxbFvu +9r2IlUUsLhs2n2vt3goiUCV8AtgczO0G+YZrJ9fW1QV+v3YzJc+o2q+0Urz4cNuGBXwBe5 +ULDlkYb9hgjnCzmFqaJpGKICMsPlmTsI2QCF2Ld8qu6FTY1N1OYcHU+0BxMH1I127sf58O +KZX0mn7dovqOy4UoWB5LOK0LBdnVi6Huee3omMFuJvbGCqvExtVNjUdUgItQRmHRA6YUsM +SixFmT2gL1L9W9Jc8aLW96MZzai0vWcs8oDdX6F/0nVC8lCWh5P1QpHQBNprCYssg4oYTS ++OHzdJLHaTCw6G/RhHBxvrvoQQIKOcuvXmY0JI7Y1BsYiUk3H+wb58Je+39paa1UpB1dbQ ++ku66breUKbiWBopgY5oEi8UCKiT1i9BLSxU8CFwCoo5aTZIXPIcLoSmWcUE8YSCAUW6Yw +auYaLTJTV4/aUy9jo5U3DheemV5mEQFD9qozcI+AlmyVqYL+UEBZfk9JTRodhQoZkQq6WK +xuCL3RMwrFQWuNe0IdWWqpJJu0PAQXOWIUNbRSy+CrY3fbG2GB1qu4WMLAqjpz2KdJI11u +mSyLwKYlHshIIXj9FLEFlsoNLj1oqigY7y9/TgKR2EB4P2CgF6LwBGmZGuSxJlvKPKPssd +6eBe+acNQlwVCHMWQW50rArkWxEvjGxLB5HErVI9YhEnypM2sFw1ERUq+1Upd0RtF+BLGQ +cDnfIxYt6irEEhvdQXo+pa7ChmTBS/P5/AZ1Z6OGHR8HM68eLrVozgpcdXHAt/Ix9mRktZ +tixzVXf8rlQVfNvEIxUp/kGlE8al3ng2Cep2/R2iYxwAA7UTY5NcSjmnCCqNn/9RsLU21E +Gk4sPC4WwJltO87DMaMiH9Kzo2aJsR5X+i1UmXLOz+ERZdotqyq7zLDiAPVK1fYR9EIAWs +WJcC7g0OAlfMY2LZQImRfUdPndN8vh807e64YhwkTND3luc3FIXBqLR9AAAAAwEAAQAABA +EAytBsumej9CwAyAOllOF1f9pgdIZDCpBIH88IgxjcSljuQRJKeK/wIXNUp0l9kP7CWJzF +DfvpPs71RoVsih+oKsKPCdrBEGHEZ+a9XYpLhCw7rNfHPj6oe2o4UkYcKaQOmw0PK6HsZv +2lrThrPHK4OVpkds1mqtCDtftP7QtOGegO5nb+rrOOqdcq6KcH33v+YxQ+UwojAnL8hBPN +EZwp6Xk5bpE9yGTgwxX5rFhE2Ybtqbl5AHggSBrJhZYtOwwdgNlW2dMr8nCH7vCZFmx/Gp +hkTAVniApa90GkzrX0wt4BTrsxJ59jIfpdfch8RlT1nbhMvOrtgXg7UsYeIzEAhGvrxdNB +oxyEcihGWJgfLYYYKpmug/K9cradbX2+/cioxw8+knW+mfQtQQr55pOIVuc6ZTwkC6j4yN +9VxKkTDODTt41qWP+5BaXN8aGKw6Vts7hheUC8DgUrcZKGAl+gVcWUUWrsD4Le0IYZDh0b +bq8lSL3iVC63eYyDqrsW9lrnlvo5MB46H3JBnHB3fn5nbz9piUQmW4pTvrgg/ePFJN06Nt +N9TdApTrqXzO1KgA5nA0ygRAFBsPPirN+9Ioxt08tfFHrugDS9oSDR1baYO7AzJ8J7qEKM +Mk7ZVw1Z0jpVMN8Xuvol6Y9aqob5bNJfgteJi3UOJGts+SlH0Uo3DdyXfMdsMSSTNgvIv7 +ri5o6zjL6T0CjqIGoPlmV77fB54b+X5+z/m9b8b99zLf7JxDxOwhefqwUPDmcySZCKvHHE +VABp2yYfMU0wtG10r/FKfpj1vLhJVw/7C6iqEXPphJiTxzhf1axJETQmQd3wl/bP45rcIY +zEglFRH7aRS8ZbAsvunusVuWO8NmBIji1NtPjX41QAED2RvYjChwsycIfdyC1iaKvT9MdE +PvaEr3XgcFVbGuNVbmJxNJL/mUEOu5MunqDsJhSy4wnRzl2O8pDd/MVr1fnePS3U3iS5e6 +Mr0h8q4+FtYlqu/L/ittlupWe90UHt5EncpE8aWxCWiW++xwTSi5z8zWhMTR1YM3zfpHjd +cacCeSxgYaOofa8Frf5spuSW3FnQHbJLrjROAp/kNRNCUmYYQ0qV30sPJWkf10dZb6kpup +2BQIDnZ2qCGGB3UYNP4jaGgYoCe2vXSm3r8MgIeWaAJyzLt30r5VSdgi9xfbaJ/pRTjKyz +fM087BgSi2ab3vIx8APwg75gfCmfLe86oZl63W28OvngX2VossnaCgpgFLg7E3RFe7FWYf +Me7uhlx+Yih8ZWRqScaHfnEAoGRcJpp3V6AKuj/FFbItj5KxTvYeKBlkuQ7Cy1AOuq6bUt +tpB5tv3zIF34sFag1LyyCcrHZr5F/k9Uu5t/XQAAAgAWlfEwj6m+UC1/D6xqf19NeenWim +IQ03YLGHuK8MwUzjIYWoK8W7zU6lIvRGn6XPdwYjQ4fmwvZUyR6nXoIB8PEgd4kBJHnxLL +qoAS5QO+GxVindsJmbwSioTlvyZ5+x0pjuAfCVQms5HWHENBwA/02Tpg9EgFu8AhIgMm45 +bZWRJl8tTErpzoB9U90Rr3aykPRquuCuYHvn4OadwLeqHWZ74X+hUcR2AcRP45dPiMF50I +WP1o1lIgp6a+Yf9DaqKQfAbE3dk/ZMGfxhFDCpVE3JG2SErdOgLX0kULzlT93SQFKDTO83 +3IY+e3drnJcaZiP4azwZpFYiR2qn2b0fUEQZP9pPCxz84cxZR2WfCugxEZkGuvfAiMk8P1 +Os+ttZhzTWtqsYFVOLfuNQI9Cdpi8eu/n/Om/1uhTkJQLS8voZJXMAXOw85uLg1Wy/r2+E +gbynZVxFly3GSdV6uzoHmSSdUi6glpr9C5aE0iV84nQM+zXkfAna61rnBWfaSOVv2DhNQa +VMliDk88ZgMX8He91H+FpYMAJu7p2JLYildYY36iZz5fFeX0dvU8BxG87sVY6SJ7Zs7Ov2 +j6R5AzCyByeJ4V3tU598civ2utInSNUq1faYbXKz8ajwauqaa6wyaPkyUMV+eJDnf0blUE ++h+x5sj31Ine9g7rfNXH2TMWRwAAAgEA+B/6a8y20hMg8rWyqa3WQXcDoR/pVR0ofYvst8 +fGOD0fN/QwohaZ23mTFiCvX2zceNi0aeJ2vlAS7D9RTVnpD69yLn7xeJnchvHRCKhDGssT +oIvNphdAJ6JVwjcE96BvRFamE5E4ADC/ohzLDwbzCT/vlgmnBMh2FU/8BqdXguX1c2JiNs +T5UEgQY/YruE4V11bbigifSaIkjo2MGpHRqFJbpcwChh16e3Bv9LHj0sQ5v95m9s4THAZD ++fuMzD6TDmtAL8JDQo8lKzf96Qu2uImn2AY7intmBJ5WscU9R3c+mFuUescEqv7XlhEtKX +5UQgIXZtd/IbkNg0LPgvEsFEasTH/BR0I2fn4I0QXxUU8/xYMAb3ihOhCFIP3g/Hxm8tCl +oyWEAilW9T22MeLL8MkFNmuBTyLjBc6NsCLiblZ+NyqGtzKs8cYPatUI3Hsoau6jOMBnc4 +H5RExmiIgIJVV82sAzo6qTSG+hrAgJX46dcH4oSwIf6/m9455liquHh/O1c0CM1ay2DxNZ +ofqTveH5gfZFi7Gu7yJ5mQ5tKSis9CSstRS4FcPn4CnJECJLx02HlBPX275iEfRZCLaouz +9qWXiphk66PxkeSKFRr+UWrA7GoJwt3/ahofOmJkDx8GV2wiKhYgGN4EoQCPsE6yviA41K +dmnWAdFTN8vJiEMAAAIBAOzdFgo5VAbZxABE0uFjAtRPuytktFQ4KdRE/ryRNw2Qn7BIWd +VlBLRrHljbc3Owypuy2fkXd7jHUs3RqHH6JJiJKOfoONbLX7IcLJstMy+Cfcjm49Wz9xiO +EpZFXrPXk8fkhVM8COHvUjrW1SrK2TBonKNTnPSALDbsnyZXvfLppbTICUqMpy5+rAUXW7 +TpD8W76jCsQhjWVRt0tmaBem4pj94zO3FdOpRePS6EXt4xm6qAfHX+EUWS+58v7u7mXcoC +BHSrYgg1WVTKuerEmMRyMZ12cqmSzYnXSoB5fVh+6QJZwjV6Sntv8SHBcKbJIp7FqJkqot +ACZifMoqLe5AgO0go8+Q8kWpZ60OdQGfqZnbWCD8QCvTLEwYmmREb8+UvTnQhfivjJPscf +HVHjxkAjF9exNasMa+0LjIopqsd7VxvCIpzGFlxh5c9IlrvK8aVS5uCZRD+oNwOcbbUMUp +3dZMvqgOoetWt0TWLQwVgTDtPdzRIKzkRuA0Mgwe4cepYhwwqw/Pkwdlt3P8F4/yDMWfUY +qBw+VF/NFsa4QLHYoanno/TxBjL3fU9XfFIjH6Q/tnJemBOZSHqVgy1waby9SgBWt73Wn1 +7CtbLKy0H6F/RsATP4bXLnC6Pq91XDmFcyE+Wv5EYEe7I1DLJPFYV6Ld4iMc5T6TWagiC8 +cmQ/AAAAC2xpYnRvbWNyeXB0AQIDBAUGBw== +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/ssh-testkey-rsa-plain b/tests/ssh/ssh-testkey-rsa-plain new file mode 100644 index 000000000..4407e6628 --- /dev/null +++ b/tests/ssh/ssh-testkey-rsa-plain @@ -0,0 +1,27 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn +NhAAAAAwEAAQAAAQEArh/LZSjfJRtM1LchVnOvA1++dE+sxzdLC9Mi2lC6bL1tGjRcl6WE +lVrjzaugTWDtZ1oCq+FmxHJg3CgHC6724GpCk+2qCBAuFvtmZIUozzx3vRFSGB2UTd2R9s +bTdqUKFk2iPYhjRv25wfuRQJzippLbaUpTqMFPywY41iwc4Zf0TWuyLyA12BVuDJSLJaKX +xIvPWNgo/P1zVaAEwi2cSPpJWnu3K9zvdPVd9nBpOENhEPJXx6lZwHJPWX20Xa/v6zezUX +L7dk29YBVYzaaalPMDOPxZfVMG20LsaP7w22m/nVS/Ucb0uTA3lfAcTmzT7eI79hIzM4zW +SkT2kXBybwAAA8CrA7O4qwOzuAAAAAdzc2gtcnNhAAABAQCuH8tlKN8lG0zUtyFWc68DX7 +50T6zHN0sL0yLaULpsvW0aNFyXpYSVWuPNq6BNYO1nWgKr4WbEcmDcKAcLrvbgakKT7aoI +EC4W+2ZkhSjPPHe9EVIYHZRN3ZH2xtN2pQoWTaI9iGNG/bnB+5FAnOKmkttpSlOowU/LBj +jWLBzhl/RNa7IvIDXYFW4MlIslopfEi89Y2Cj8/XNVoATCLZxI+klae7cr3O909V32cGk4 +Q2EQ8lfHqVnAck9ZfbRdr+/rN7NRcvt2Tb1gFVjNppqU8wM4/Fl9UwbbQuxo/vDbab+dVL +9RxvS5MDeV8BxObNPt4jv2EjMzjNZKRPaRcHJvAAAAAwEAAQAAAQBi46O8G+4/QLXtyOOi +Gak3nVSo8ecKbRit6odMvbRitWIVE8/SQCqAOFJQKDyuNXIe1DvYKfcXcm4YGpOFyyRiZ3 +bQVJXQZoAGhVitlgKLT6ghNIkPMR1c641OPbUzGKAV8plFoQPg+ZBZ3umrbG48dAMwVQoW +OVN71ljJKdxtMdOQ7BL2T9fcgki9dJ9ZNlR4YwJL9ZdC76l/KXvq0dsSy3/gUQeuXp26nL +bGQwWz92JAc6IeEsQ5hhSVQi6BBiCdwBMOor2Fd5epzMNYMhgk+ugt7o042esvIOaTMsgX +CaiSRI2zVf+mrrMobzJPtTRYYBl6Z2Rz+G/e95KfPPrhAAAAgF6U/FQHKYg+jMYJ214uRh +Z9VobWdvjrzYIRr5G/+i94+9/Z49PbtAwcK65BVigvrJmK4xl+oLtWWO3GiPCTSUuGuUrj +rAjNEkJQvS93PJMMOpLuQl7qoI92bbcJGLd7x5mR7saXwGJTfjFlTYeAS0kudRbirueQ6E +4sGDwIMRlzAAAAgQDa4nWkERpjPHWmfa2K5CHjMWwuUVbDoXCokdgRDv47IXNVT+o3XYQQ +iAzgBksyoqjFYitZYuKnnl9hLqQl4KVwgtZEpXXRsGGsjsO7GZ37Cff5YckrdrFhbLtAhY +ViW1zoa+d21q82V4YIWrPwExwPh2Z/KDiB+APDkzlAzypqzQAAAIEAy6ZVsB6b1Mdom/QO +EAkCRpcWwG1+WPIvohUdIr5XwRWndEbCMhapH3XYt82T7A+j3UzZTJI/YCUjsr7tq2i7lO +xL23aoetmO390ze3/HQIzNjZAP+Fqar3dqcR8/0EvuI8mIk0l2h6C00asxbJcLTH3koNyz +bkzOkdo8zuK2iisAAAALbGlidG9tY3J5cHQ= +-----END OPENSSH PRIVATE KEY----- From 74b618b45611d88b311222841d947804f9d833aa Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 2 Oct 2019 15:10:57 +0200 Subject: [PATCH 05/33] refactor & clean-up Signed-off-by: Steffen Jaeckel --- demos/openssh-privkey.c | 248 +++++++++++++++++++++------------------- 1 file changed, 131 insertions(+), 117 deletions(-) diff --git a/demos/openssh-privkey.c b/demos/openssh-privkey.c index dec65cf4a..697cd949b 100644 --- a/demos/openssh-privkey.c +++ b/demos/openssh-privkey.c @@ -10,6 +10,9 @@ /** @file openssh-privkey.c OpenSSH Private Key decryption demo, Steffen Jaeckel + + The basic format of the key is described here: + https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key */ #define _GNU_SOURCE @@ -77,7 +80,7 @@ static void die_(int err, int line) #define DIE(s, ...) do { verbose = 1; print_err("%3d: " s "\n", __LINE__, ##__VA_ARGS__); exit(EXIT_FAILURE); } while(0) -static void check_padding(unsigned char *p, unsigned long len) +static void check_padding(const unsigned char *p, unsigned long len) { unsigned char pad = 0x1u; while (len != 0) { @@ -117,12 +120,9 @@ const struct ssh_blockcipher ssh_ciphers[] = { 0 }, }; -struct ssh_kdf { - const char *name; -}; - struct kdf_options { - struct ssh_blockcipher *cipher; + const char *name; + const struct ssh_blockcipher *cipher; unsigned char salt[64]; ulong32 saltlen; ulong32 num_rounds; @@ -130,13 +130,6 @@ struct kdf_options { unsigned long passlen; }; -const struct ssh_kdf ssh_kdfs[] = -{ - { "bcrypt" }, - { "none" }, - { 0 }, -}; - int ssh_find_init_ecc(const char *pka, pka_key *key) { int err; @@ -152,10 +145,10 @@ int ssh_decode_ecdsa(const unsigned char *in, unsigned long *inlen, pka_key *key { int err; unsigned char groupname[64], group[512], privkey[512]; - ulong32 groupnamelen = sizeof(groupname), grouplen = sizeof(group), privkeylen = sizeof(privkey); + unsigned long groupnamelen = sizeof(groupname), grouplen = sizeof(group), privkeylen = sizeof(privkey); if ((err = ssh_decode_sequence_multi(in, inlen, - LTC_SSHDATA_STRING, group, &groupnamelen, + LTC_SSHDATA_STRING, groupname, &groupnamelen, LTC_SSHDATA_STRING, group, &grouplen, LTC_SSHDATA_STRING, privkey, &privkeylen, LTC_SSHDATA_EOL)) != CRYPT_OK) { @@ -179,7 +172,7 @@ int ssh_decode_ed25519(const unsigned char *in, unsigned long *inlen, pka_key *k { int err; unsigned char pubkey[2048], privkey[2048]; - ulong32 pubkeylen = sizeof(pubkey), privkeylen = sizeof(privkey); + unsigned long pubkeylen = sizeof(pubkey), privkeylen = sizeof(privkey); if ((err = ssh_decode_sequence_multi(in, inlen, LTC_SSHDATA_STRING, pubkey, &pubkeylen, @@ -250,9 +243,8 @@ int ssh_decode_private_key(const unsigned char *in, unsigned long *inlen, pka_ke { int err; ulong32 check1, check2; - unsigned char pka[64], pubkey[2048], privkey[2048], comment[256]; - ulong32 pkalen = sizeof(pka), pubkeylen = sizeof(pubkey); - ulong32 privkeylen = sizeof(privkey), commentlen = sizeof(comment); + unsigned char pka[64], comment[256]; + unsigned long pkalen = sizeof(pka), commentlen = sizeof(comment); unsigned long remaining, cur_len; const unsigned char *p; size_t n; @@ -279,7 +271,7 @@ int ssh_decode_private_key(const unsigned char *in, unsigned long *inlen, pka_ke for (n = 0; n < sizeof(ssh_pkas)/sizeof(ssh_pkas[0]); ++n) { if (ssh_pkas[n].name != NULL) { - if (XSTRCMP(pka, ssh_pkas[n].name) != 0) continue; + if (XSTRCMP((char*)pka, ssh_pkas[n].name) != 0) continue; } else { if ((ssh_pkas[n].init == NULL) || (ssh_pkas[n].init((char*)pka, key) != CRYPT_OK)) continue; @@ -315,7 +307,8 @@ int ssh_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struct kdf { int err, cipher; unsigned char symkey[128]; - unsigned long cur_len, symkey_len; + unsigned long symkey_len; + symmetric_CBC cbc_ctx; LTC_ARGCHK(in != NULL); LTC_ARGCHK(inlen != NULL); @@ -330,7 +323,6 @@ int ssh_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struct kdf die(err); } - symmetric_CBC cbc_ctx; if ((err = cbc_start(cipher, symkey + opts->cipher->len, symkey, opts->cipher->len, 0, &cbc_ctx)) != CRYPT_OK) { die(err); } @@ -339,152 +331,174 @@ int ssh_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struct kdf } print_hex("decrypted", in, *inlen); + zeromem(symkey, sizeof(symkey)); + zeromem(&cbc_ctx, sizeof(cbc_ctx)); + return err; } -/* The basic format of the key is described here: - * https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key - */ - -int main(int argc, char **argv) +int ssh_decode_header(unsigned char *in, unsigned long *inlen, struct kdf_options *opts) { int err; - if ((err = register_all_ciphers()) != CRYPT_OK) { + unsigned char ciphername[64], kdfname[64], kdfoptions[128], pubkey1[2048]; + unsigned long ciphernamelen = sizeof(ciphername), kdfnamelen = sizeof(kdfname); + unsigned long kdfoptionslen = sizeof(kdfoptions), pubkey1len = sizeof(pubkey1); + ulong32 num_keys; + size_t i; + + void *magic = strstr((const char*)in, "openssh-key-v1"); + size_t slen = strlen("openssh-key-v1"); + unsigned char *start = &in[slen + 1]; + unsigned long len = *inlen - slen - 1; + + if (magic == NULL) DIE("magic not found"); + if (magic != in) DIE("magic not at the beginning"); + + if ((err = ssh_decode_sequence_multi(start, &len, + LTC_SSHDATA_STRING, ciphername, &ciphernamelen, + LTC_SSHDATA_STRING, kdfname, &kdfnamelen, + LTC_SSHDATA_STRING, kdfoptions, &kdfoptionslen, + LTC_SSHDATA_UINT32, &num_keys, + LTC_SSHDATA_STRING, pubkey1, &pubkey1len, + LTC_SSHDATA_EOL)) != CRYPT_OK) { die(err); } - if ((err = register_all_hashes()) != CRYPT_OK) { - die(err); + if (num_keys != 1) DIE("more than 1 pubkey not supported"); + + print_hex("public key", pubkey1, pubkey1len); + + *inlen = len + slen + 1; + + for (i = 0; i < sizeof(ssh_ciphers)/sizeof(ssh_ciphers[0]); ++i) { + if (XSTRCMP((char*)ciphername, ssh_ciphers[i].name) == 0) { + opts->cipher = &ssh_ciphers[i]; + break; + } } - if ((err = crypt_mp_init("ltm")) != CRYPT_OK) { - die(err); + if (opts->cipher == NULL) DIE("can't find algo"); + + if (XSTRCMP((char*)kdfname, "none") == 0) { + /* NOP */ + opts->name = "none"; + } else if (XSTRCMP((char*)kdfname, "bcrypt") == 0) { + opts->name = "bcrypt"; + opts->saltlen = sizeof(opts->salt); + len = kdfoptionslen; + if ((err = ssh_decode_sequence_multi(kdfoptions, &len, + LTC_SSHDATA_STRING, opts->salt, &opts->saltlen, + LTC_SSHDATA_UINT32, &opts->num_rounds, + LTC_SSHDATA_EOL)) != CRYPT_OK) { + die(err); + } + if (len != kdfoptionslen) DIE("unused data %lu", kdfoptionslen-len); + } else { + DIE("unsupported kdf %s", kdfname); } - char pem[100 * 72]; - size_t w = 0; + return err; +} + + +void read_openssh_private_key(FILE *f, char *pem, size_t *w) +{ const char *openssh_privkey_start = "-----BEGIN OPENSSH PRIVATE KEY-----"; const char *openssh_privkey_end = "-----END OPENSSH PRIVATE KEY-----"; - char buf[72]; - FILE *f = NULL; - - if (argc > 1) f = fopen(argv[1], "r"); - else f = stdin; - if (f == NULL) DIE("fopen sez no"); + char buf[81]; + char *end; + size_t n = 0; while (fgets(buf, sizeof(buf), f)) { const char *start = strstr(buf, openssh_privkey_start); if (start != NULL) { + size_t l; start += strlen(openssh_privkey_start); - size_t l = strlcpy(pem + w, start, sizeof(pem) - w); - w += l; + l = strlcpy(pem + n, start, *w - n); + n += l; break; } } while (fgets(buf, sizeof(buf), f)) { - size_t l = strlcpy(pem + w, buf, sizeof(pem) - w); + size_t l = strlcpy(pem + n, buf, *w - n); if (l == 0) { DIE("strlcpy sez no"); } - w += l; + n += l; } - char *end = strstr(pem, openssh_privkey_end); + end = strstr(pem, openssh_privkey_end); if (end == NULL) DIE("could not find PEM end-tag"); *end = '\0'; - w = end - pem; + *w = end - pem; +} + +int main(int argc, char **argv) +{ + int err; + + char pem[100 * 72]; + size_t plen = sizeof(pem); + FILE *f = NULL; + unsigned char b64_decoded[sizeof(pem)], privkey[sizeof(pem)]; + unsigned long b64_decoded_len = sizeof(pem), privkey_len = sizeof(privkey); + struct kdf_options opts; + unsigned char *p; + unsigned long len; + pka_key k; - unsigned char b64_decoded[sizeof(pem)]; - unsigned long b64_decoded_len = sizeof(pem); - if ((err = base64_sane_decode(pem, w, b64_decoded, &b64_decoded_len)) != CRYPT_OK) { + if ((err = register_all_ciphers()) != CRYPT_OK) { + die(err); + } + if ((err = register_all_hashes()) != CRYPT_OK) { + die(err); + } + if ((err = crypt_mp_init("ltm")) != CRYPT_OK) { die(err); } - print_hex("decoded", b64_decoded, b64_decoded_len); - void *magic = strstr((const char*)b64_decoded, "openssh-key-v1"); - if (magic == NULL) DIE("magic not found"); - if (magic != b64_decoded) DIE("magic not at the beginning"); - - size_t nlen = strlen("openssh-key-v1"); - unsigned char *start = &b64_decoded[nlen + 1]; - unsigned long tot_len = b64_decoded_len - nlen - 1; - - unsigned char ciphername[64]; - ulong32 ciphernamelen = sizeof(ciphername); - unsigned char kdfname[64]; - ulong32 kdfnamelen = sizeof(kdfname); - unsigned char kdfoptions[128]; - ulong32 kdfoptionslen = sizeof(kdfoptions); - ulong32 num_keys; - unsigned char pubkey1[2048]; - ulong32 pubkey1len = sizeof(pubkey1); + if (argc > 1) f = fopen(argv[1], "r"); + else f = stdin; + if (f == NULL) DIE("fopen sez no"); - unsigned long cur_len = tot_len; + read_openssh_private_key(f, pem, &plen); - if ((err = ssh_decode_sequence_multi(start, &cur_len, - LTC_SSHDATA_STRING, ciphername, &ciphernamelen, - LTC_SSHDATA_STRING, kdfname, &kdfnamelen, - LTC_SSHDATA_STRING, kdfoptions, &kdfoptionslen, - LTC_SSHDATA_UINT32, &num_keys, - LTC_SSHDATA_STRING, pubkey1, &pubkey1len, - LTC_SSHDATA_EOL)) != CRYPT_OK) { + if ((err = base64_sane_decode(pem, plen, b64_decoded, &b64_decoded_len)) != CRYPT_OK) { die(err); } - if (num_keys != 1) DIE("more than 1 pubkey not supported"); - print_hex("public key", pubkey1, pubkey1len); + p = b64_decoded; + plen = b64_decoded_len; + len = plen; - start += cur_len; - tot_len -= cur_len; - cur_len = tot_len; + print_hex("decoded", p, plen); - const struct ssh_blockcipher *c = NULL; - for (size_t i = 0; i < sizeof(ssh_ciphers)/sizeof(ssh_ciphers[0]); ++i) { - nlen = strlen(ssh_ciphers[i].name); - if ((nlen == ciphernamelen) && (XMEMCMP(ciphername, ssh_ciphers[i].name, nlen) == 0)) { - c = &ssh_ciphers[i]; - break; - } + if ((err = ssh_decode_header(p, &len, &opts)) != CRYPT_OK) { + die(err); } - if (c == NULL) DIE("can't find algo"); + p += len; + plen -= len; + len = plen; - struct kdf_options opts; - opts.saltlen = sizeof(opts.salt); - opts.cipher = c; - opts.pass = "abc123"; - opts.passlen = 6; - - unsigned char privkey[sizeof(pem)]; - ulong32 privkey_len = sizeof(privkey); + print_hex("remaining", p, plen); - cur_len = tot_len; - if ((err = ssh_decode_sequence_multi(start, &cur_len, + if ((err = ssh_decode_sequence_multi(p, &len, LTC_SSHDATA_STRING, privkey, &privkey_len, LTC_SSHDATA_EOL)) != CRYPT_OK) { die(err); } + p += len; + plen -= len; - if (XSTRCMP(kdfname, "none") == 0) { - /* NOP */ - } else if (XSTRCMP(kdfname, "bcrypt") == 0) { - cur_len = kdfoptionslen; - if ((err = ssh_decode_sequence_multi(kdfoptions, &cur_len, - LTC_SSHDATA_STRING, opts.salt, &opts.saltlen, - LTC_SSHDATA_UINT32, &opts.num_rounds, - LTC_SSHDATA_EOL)) != CRYPT_OK) { - die(err); - } - if (cur_len != kdfoptionslen) DIE("unused data %lu", kdfoptionslen-cur_len); + opts.pass = "abc123"; + opts.passlen = 6; - cur_len = privkey_len; - if ((err = ssh_decrypt_private_keys(privkey, &cur_len, &opts)) != CRYPT_OK) { + if (XSTRCMP(opts.name, "none") != 0) { + len = privkey_len; + if ((err = ssh_decrypt_private_keys(privkey, &len, &opts)) != CRYPT_OK) { die(err); } - } else { - DIE("unsupported kdf %s", kdfname); } - pka_key k; - - cur_len = privkey_len; - if ((err = ssh_decode_private_key(privkey, &cur_len, &k)) != CRYPT_OK) { + len = privkey_len; + if ((err = ssh_decode_private_key(privkey, &len, &k)) != CRYPT_OK) { die(err); } From 016d9ac295776f2065998f5e145081649cfe7e77 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 21 Jan 2020 14:49:35 +0100 Subject: [PATCH 06/33] use updated API Signed-off-by: Steffen Jaeckel --- demos/openssh-privkey.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/demos/openssh-privkey.c b/demos/openssh-privkey.c index 697cd949b..24b6b98c8 100644 --- a/demos/openssh-privkey.c +++ b/demos/openssh-privkey.c @@ -181,7 +181,7 @@ int ssh_decode_ed25519(const unsigned char *in, unsigned long *inlen, pka_key *k die(err); } - if ((err = ed25519_set_key(privkey, 32, &privkey[32], 32, &key->u.ed25519)) != CRYPT_OK) { + if ((err = ed25519_import_raw(&privkey[32], 32, PK_PRIVATE, &key->u.ed25519)) != CRYPT_OK) { die(err); } From 94a1b0c181c2157203be6c1cedcdba46b021f307 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sun, 26 Dec 2021 18:13:56 +0100 Subject: [PATCH 07/33] re-factor openssh-privkey demo into library functions This adds two new API functions * `pem_decode_openssh()` * `pem_decode_openssh_filehandle()` It also introduces the following two new types: * a new union type `ltc_pka_key` which can hold any PKA key type. * a `password_ctx` type with a callback to retrieve a password if necessary. Signed-off-by: Steffen Jaeckel --- demos/openssh-privkey.c | 464 ++------------------------------- src/headers/tomcrypt_custom.h | 27 +- src/headers/tomcrypt_misc.h | 13 + src/headers/tomcrypt_pk.h | 32 +++ src/headers/tomcrypt_private.h | 53 ++++ src/misc/crypt/crypt.c | 4 + src/misc/pem/pem_decode.c | 129 +++++++++ src/misc/pem/pem_ssh.c | 426 ++++++++++++++++++++++++++++++ 8 files changed, 692 insertions(+), 456 deletions(-) create mode 100644 src/misc/pem/pem_decode.c create mode 100644 src/misc/pem/pem_ssh.c diff --git a/demos/openssh-privkey.c b/demos/openssh-privkey.c index 24b6b98c8..4fbe1bc00 100644 --- a/demos/openssh-privkey.c +++ b/demos/openssh-privkey.c @@ -1,64 +1,17 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ /** @file openssh-privkey.c OpenSSH Private Key decryption demo, Steffen Jaeckel - - The basic format of the key is described here: - https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key */ -#define _GNU_SOURCE - -#include -#include +#include #include static int verbose = 0; -static void print_hex(const char* what, const void* v, const unsigned long l) -{ - const unsigned char* p = v; - unsigned long x, y = 0, z; - - if (!verbose) return; - - fprintf(stderr, "%s contents: \n", what); - for (x = 0; x < l; ) { - fprintf(stderr, "%02X ", p[x]); - if (!(++x % 16) || x == l) { - if((x % 16) != 0) { - z = 16 - (x % 16); - if(z >= 8) - fprintf(stderr, " "); - for (; z != 0; --z) { - fprintf(stderr, " "); - } - } - fprintf(stderr, " | "); - for(; y < x; y++) { - if((y % 8) == 0) - fprintf(stderr, " "); - if(isgraph(p[y])) - fprintf(stderr, "%c", p[y]); - else - fprintf(stderr, "."); - } - fprintf(stderr, "\n"); - } - else if((x % 8) == 0) { - fprintf(stderr, " "); - } - } -} - +#if defined(LTC_PEM) && defined(LTC_SSH) static void print_err(const char *fmt, ...) { va_list args; @@ -79,370 +32,21 @@ static void die_(int err, int line) #define die(i) do { die_(i, __LINE__); } while(0) #define DIE(s, ...) do { verbose = 1; print_err("%3d: " s "\n", __LINE__, ##__VA_ARGS__); exit(EXIT_FAILURE); } while(0) - -static void check_padding(const unsigned char *p, unsigned long len) -{ - unsigned char pad = 0x1u; - while (len != 0) { - if (*p != pad) DIE("pad wrong 0x%02x != 0x%02x", *p, pad); - p++; - pad++; - len--; - } -} - -typedef struct pka_key_ { - enum ltc_oid_id id; - union { - curve25519_key ed25519; - ecc_key ecdsa; - rsa_key rsa; - } u; -} pka_key; - -enum blockcipher_mode { - none, cbc, ctr, stream, gcm -}; -struct ssh_blockcipher { - const char *name; - const char *algo; - int len; - enum blockcipher_mode mode; -}; - -/* Table as of - * https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-17 - */ -const struct ssh_blockcipher ssh_ciphers[] = +static int password_get(void **p, unsigned long *l, void *u) { - { "none", "", 0, none }, - { "aes256-cbc", "aes", 256 / 8, cbc }, - { 0 }, -}; - -struct kdf_options { - const char *name; - const struct ssh_blockcipher *cipher; - unsigned char salt[64]; - ulong32 saltlen; - ulong32 num_rounds; - const char *pass; - unsigned long passlen; -}; - -int ssh_find_init_ecc(const char *pka, pka_key *key) -{ - int err; - const char* prefix = "ecdsa-sha2-"; - size_t prefixlen = strlen(prefix); - const ltc_ecc_curve *cu; - if (strstr(pka, prefix) == NULL) return CRYPT_PK_INVALID_TYPE; - if ((err = ecc_find_curve(pka + prefixlen, &cu)) != CRYPT_OK) return err; - return ecc_set_curve(cu, &key->u.ecdsa); -} - -int ssh_decode_ecdsa(const unsigned char *in, unsigned long *inlen, pka_key *key) -{ - int err; - unsigned char groupname[64], group[512], privkey[512]; - unsigned long groupnamelen = sizeof(groupname), grouplen = sizeof(group), privkeylen = sizeof(privkey); - - if ((err = ssh_decode_sequence_multi(in, inlen, - LTC_SSHDATA_STRING, groupname, &groupnamelen, - LTC_SSHDATA_STRING, group, &grouplen, - LTC_SSHDATA_STRING, privkey, &privkeylen, - LTC_SSHDATA_EOL)) != CRYPT_OK) { - die(err); - } - - if ((err = ecc_set_key(privkey, privkeylen, PK_PRIVATE, &key->u.ecdsa)) != CRYPT_OK) { - die(err); - } - - key->id = PKA_EC; - - zeromem(groupname, sizeof(groupname)); - zeromem(group, sizeof(group)); - zeromem(privkey, sizeof(privkey)); - - return err; -} - -int ssh_decode_ed25519(const unsigned char *in, unsigned long *inlen, pka_key *key) -{ - int err; - unsigned char pubkey[2048], privkey[2048]; - unsigned long pubkeylen = sizeof(pubkey), privkeylen = sizeof(privkey); - - if ((err = ssh_decode_sequence_multi(in, inlen, - LTC_SSHDATA_STRING, pubkey, &pubkeylen, - LTC_SSHDATA_STRING, privkey, &privkeylen, - LTC_SSHDATA_EOL)) != CRYPT_OK) { - die(err); - } - - if ((err = ed25519_import_raw(&privkey[32], 32, PK_PRIVATE, &key->u.ed25519)) != CRYPT_OK) { - die(err); - } - - key->id = PKA_ED25519; - - zeromem(pubkey, sizeof(pubkey)); - zeromem(privkey, sizeof(privkey)); - - return err; -} - -int ssh_decode_rsa(const unsigned char *in, unsigned long *inlen, pka_key *key) -{ - int err; - void *tmp1, *tmp2; - if ((err = mp_init_multi(&tmp1, &tmp2, NULL)) != CRYPT_OK) { - die(err); - } - if ((err = rsa_init(&key->u.rsa)) != CRYPT_OK) { - die(err); - } - - if ((err = ssh_decode_sequence_multi(in, inlen, - LTC_SSHDATA_MPINT, key->u.rsa.N, - LTC_SSHDATA_MPINT, key->u.rsa.e, - LTC_SSHDATA_MPINT, key->u.rsa.d, - LTC_SSHDATA_MPINT, key->u.rsa.qP, - LTC_SSHDATA_MPINT, key->u.rsa.q, - LTC_SSHDATA_MPINT, key->u.rsa.p, - LTC_SSHDATA_EOL)) != CRYPT_OK) { - die(err); - } - - if ((err = mp_sub_d(key->u.rsa.p, 1, tmp1)) != CRYPT_OK) { die(err); } /* tmp1 = q-1 */ - if ((err = mp_sub_d(key->u.rsa.q, 1, tmp2)) != CRYPT_OK) { die(err); } /* tmp2 = p-1 */ - if ((err = mp_mod( key->u.rsa.d, tmp1, key->u.rsa.dP)) != CRYPT_OK) { die(err); } /* dP = d mod p-1 */ - if ((err = mp_mod( key->u.rsa.d, tmp2, key->u.rsa.dQ)) != CRYPT_OK) { die(err); } /* dQ = d mod q-1 */ - - key->id = PKA_RSA; - - mp_clear_multi(tmp2, tmp1, NULL); - - return err; -} - -struct ssh_pka { - const char *name; - int (*init)(const char*, pka_key*); - int (*decode)(const unsigned char*, unsigned long*, pka_key*); -}; - -struct ssh_pka ssh_pkas[] = { - { "ssh-ed25519", NULL, ssh_decode_ed25519 }, - { "ssh-rsa", NULL, ssh_decode_rsa }, - { NULL, ssh_find_init_ecc, ssh_decode_ecdsa }, -}; - -int ssh_decode_private_key(const unsigned char *in, unsigned long *inlen, pka_key *key) -{ - int err; - ulong32 check1, check2; - unsigned char pka[64], comment[256]; - unsigned long pkalen = sizeof(pka), commentlen = sizeof(comment); - unsigned long remaining, cur_len; - const unsigned char *p; - size_t n; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(inlen != NULL); - LTC_ARGCHK(key != NULL); - - p = in; - cur_len = *inlen; - - if ((err = ssh_decode_sequence_multi(p, &cur_len, - LTC_SSHDATA_UINT32, &check1, - LTC_SSHDATA_UINT32, &check2, - LTC_SSHDATA_STRING, pka, &pkalen, - LTC_SSHDATA_EOL)) != CRYPT_OK) { - die(err); - } - if (check1 != check2) DIE("decrypt failed"); - - p += cur_len; - remaining = *inlen - cur_len; - cur_len = remaining; - - for (n = 0; n < sizeof(ssh_pkas)/sizeof(ssh_pkas[0]); ++n) { - if (ssh_pkas[n].name != NULL) { - if (XSTRCMP((char*)pka, ssh_pkas[n].name) != 0) continue; - } else { - if ((ssh_pkas[n].init == NULL) || - (ssh_pkas[n].init((char*)pka, key) != CRYPT_OK)) continue; - } - if ((err = ssh_pkas[n].decode(p, &cur_len, key)) != CRYPT_OK) { - die(err); - } - break; - } - if (n == sizeof(ssh_pkas)/sizeof(ssh_pkas[0])) DIE("unsupported pka %s", pka); - - p += cur_len; - remaining -= cur_len; - cur_len = remaining; - - if ((err = ssh_decode_sequence_multi(p, &cur_len, - LTC_SSHDATA_STRING, comment, &commentlen, - LTC_SSHDATA_EOL)) != CRYPT_OK) { - die(err); - } - - printf("comment: %s\n", comment); - - p += cur_len; - remaining -= cur_len; - - check_padding(p, remaining); - - return err; -} - -int ssh_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struct kdf_options *opts) -{ - int err, cipher; - unsigned char symkey[128]; - unsigned long symkey_len; - symmetric_CBC cbc_ctx; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(inlen != NULL); - LTC_ARGCHK(opts != NULL); - - cipher = find_cipher(opts->cipher->algo); - symkey_len = opts->cipher->len + cipher_descriptor[cipher].block_length; - - if (sizeof(symkey) < symkey_len) DIE("too small"); - - if ((err = bcrypt_pbkdf_openbsd(opts->pass, opts->passlen, opts->salt, opts->saltlen, opts->num_rounds, find_hash("sha512"), symkey, &symkey_len)) != CRYPT_OK) { - die(err); - } - - if ((err = cbc_start(cipher, symkey + opts->cipher->len, symkey, opts->cipher->len, 0, &cbc_ctx)) != CRYPT_OK) { - die(err); - } - if ((err = cbc_decrypt(in, in, *inlen, &cbc_ctx)) != CRYPT_OK) { - die(err); - } - print_hex("decrypted", in, *inlen); - - zeromem(symkey, sizeof(symkey)); - zeromem(&cbc_ctx, sizeof(cbc_ctx)); - - return err; -} - -int ssh_decode_header(unsigned char *in, unsigned long *inlen, struct kdf_options *opts) -{ - int err; - unsigned char ciphername[64], kdfname[64], kdfoptions[128], pubkey1[2048]; - unsigned long ciphernamelen = sizeof(ciphername), kdfnamelen = sizeof(kdfname); - unsigned long kdfoptionslen = sizeof(kdfoptions), pubkey1len = sizeof(pubkey1); - ulong32 num_keys; - size_t i; - - void *magic = strstr((const char*)in, "openssh-key-v1"); - size_t slen = strlen("openssh-key-v1"); - unsigned char *start = &in[slen + 1]; - unsigned long len = *inlen - slen - 1; - - if (magic == NULL) DIE("magic not found"); - if (magic != in) DIE("magic not at the beginning"); - - if ((err = ssh_decode_sequence_multi(start, &len, - LTC_SSHDATA_STRING, ciphername, &ciphernamelen, - LTC_SSHDATA_STRING, kdfname, &kdfnamelen, - LTC_SSHDATA_STRING, kdfoptions, &kdfoptionslen, - LTC_SSHDATA_UINT32, &num_keys, - LTC_SSHDATA_STRING, pubkey1, &pubkey1len, - LTC_SSHDATA_EOL)) != CRYPT_OK) { - die(err); - } - if (num_keys != 1) DIE("more than 1 pubkey not supported"); - - print_hex("public key", pubkey1, pubkey1len); - - *inlen = len + slen + 1; - - for (i = 0; i < sizeof(ssh_ciphers)/sizeof(ssh_ciphers[0]); ++i) { - if (XSTRCMP((char*)ciphername, ssh_ciphers[i].name) == 0) { - opts->cipher = &ssh_ciphers[i]; - break; - } - } - if (opts->cipher == NULL) DIE("can't find algo"); - - if (XSTRCMP((char*)kdfname, "none") == 0) { - /* NOP */ - opts->name = "none"; - } else if (XSTRCMP((char*)kdfname, "bcrypt") == 0) { - opts->name = "bcrypt"; - opts->saltlen = sizeof(opts->salt); - len = kdfoptionslen; - if ((err = ssh_decode_sequence_multi(kdfoptions, &len, - LTC_SSHDATA_STRING, opts->salt, &opts->saltlen, - LTC_SSHDATA_UINT32, &opts->num_rounds, - LTC_SSHDATA_EOL)) != CRYPT_OK) { - die(err); - } - if (len != kdfoptionslen) DIE("unused data %lu", kdfoptionslen-len); - } else { - DIE("unsupported kdf %s", kdfname); - } - - return err; -} - - -void read_openssh_private_key(FILE *f, char *pem, size_t *w) -{ - const char *openssh_privkey_start = "-----BEGIN OPENSSH PRIVATE KEY-----"; - const char *openssh_privkey_end = "-----END OPENSSH PRIVATE KEY-----"; - char buf[81]; - char *end; - size_t n = 0; - - while (fgets(buf, sizeof(buf), f)) { - const char *start = strstr(buf, openssh_privkey_start); - if (start != NULL) { - size_t l; - start += strlen(openssh_privkey_start); - l = strlcpy(pem + n, start, *w - n); - n += l; - break; - } - } - while (fgets(buf, sizeof(buf), f)) { - size_t l = strlcpy(pem + n, buf, *w - n); - if (l == 0) { - DIE("strlcpy sez no"); - } - n += l; - } - end = strstr(pem, openssh_privkey_end); - if (end == NULL) DIE("could not find PEM end-tag"); - *end = '\0'; - *w = end - pem; + (void)u; + *p = strdup("abc123"); + *l = strlen(*p); + return 0; } int main(int argc, char **argv) { int err; - char pem[100 * 72]; - size_t plen = sizeof(pem); FILE *f = NULL; - unsigned char b64_decoded[sizeof(pem)], privkey[sizeof(pem)]; - unsigned long b64_decoded_len = sizeof(pem), privkey_len = sizeof(privkey); - struct kdf_options opts; - unsigned char *p; - unsigned long len; - pka_key k; + ltc_pka_key k; + password_ctx pw_ctx = { .callback = password_get }; if ((err = register_all_ciphers()) != CRYPT_OK) { die(err); @@ -458,52 +62,14 @@ int main(int argc, char **argv) else f = stdin; if (f == NULL) DIE("fopen sez no"); - read_openssh_private_key(f, pem, &plen); - - if ((err = base64_sane_decode(pem, plen, b64_decoded, &b64_decoded_len)) != CRYPT_OK) { + if ((err = pem_decode_openssh_filehandle(f, &k, &pw_ctx))) { die(err); } - - p = b64_decoded; - plen = b64_decoded_len; - len = plen; - - print_hex("decoded", p, plen); - - if ((err = ssh_decode_header(p, &len, &opts)) != CRYPT_OK) { - die(err); - } - p += len; - plen -= len; - len = plen; - - print_hex("remaining", p, plen); - - if ((err = ssh_decode_sequence_multi(p, &len, - LTC_SSHDATA_STRING, privkey, &privkey_len, - LTC_SSHDATA_EOL)) != CRYPT_OK) { - die(err); - } - p += len; - plen -= len; - - opts.pass = "abc123"; - opts.passlen = 6; - - if (XSTRCMP(opts.name, "none") != 0) { - len = privkey_len; - if ((err = ssh_decrypt_private_keys(privkey, &len, &opts)) != CRYPT_OK) { - die(err); - } - } - - len = privkey_len; - if ((err = ssh_decode_private_key(privkey, &len, &k)) != CRYPT_OK) { - die(err); - } - return EXIT_SUCCESS; } +#else +int main(void) { return EXIT_FAILURE; } +#endif /* ref: $Format:%D$ */ /* git commit: $Format:%H$ */ diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h index 129f0245f..e715a2991 100644 --- a/src/headers/tomcrypt_custom.h +++ b/src/headers/tomcrypt_custom.h @@ -517,6 +517,8 @@ #define LTC_PBES +#define LTC_PEM + #endif /* LTC_NO_MISC */ /* cleanup */ @@ -561,6 +563,24 @@ #endif #endif /* LTC_MECC */ +#ifndef LTC_NO_FILE + /* buffer size for reading from a file via fread(..) */ + #ifndef LTC_FILE_READ_BUFSIZE + #define LTC_FILE_READ_BUFSIZE 8192 + #endif +#endif + +#if defined(LTC_PEM) + /* Size of the decoded data buffer */ + #ifndef LTC_PEM_READ_BUFSIZE + #ifdef LTC_FILE_READ_BUFSIZE + #define LTC_PEM_READ_BUFSIZE LTC_FILE_READ_BUFSIZE + #else + #define LTC_PEM_READ_BUFSIZE 4096 + #endif + #endif +#endif + #if defined(LTC_DER) #ifndef LTC_DER_MAX_RECURSION /* Maximum recursion limit when processing nested ASN.1 types. */ @@ -703,13 +723,6 @@ /* define this if you use Valgrind, note: it CHANGES the way SOBER-128 and RC4 work (see the code) */ /* #define LTC_VALGRIND */ -#ifndef LTC_NO_FILE - /* buffer size for reading from a file via fread(..) */ - #ifndef LTC_FILE_READ_BUFSIZE - #define LTC_FILE_READ_BUFSIZE 8192 - #endif -#endif - /* ECC backwards compatibility */ #if !defined(LTC_ECC_SECP112R1) && defined(LTC_ECC112) #define LTC_ECC_SECP112R1 diff --git a/src/headers/tomcrypt_misc.h b/src/headers/tomcrypt_misc.h index 3a2b7b124..67b9a9ec8 100644 --- a/src/headers/tomcrypt_misc.h +++ b/src/headers/tomcrypt_misc.h @@ -159,6 +159,19 @@ int padding_pad(unsigned char *data, unsigned long length, unsigned long* padded int padding_depad(const unsigned char *data, unsigned long *length, unsigned long mode); #endif /* LTC_PADDING */ +#ifdef LTC_PEM +typedef struct { + int (*callback)(void **, unsigned long *, void *); + void *userdata; +} password_ctx; + +#ifdef LTC_SSH +int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx); +int pem_decode_openssh(void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx); +#endif + +#endif /* LTC_PEM */ + #ifdef LTC_SSH typedef enum ssh_data_type_ { LTC_SSHDATA_EOL, diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index d93323389..4d8e7fc1e 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -485,6 +485,38 @@ int dsa_shared_secret(void *private_key, void *base, unsigned char *out, unsigned long *outlen); #endif /* LTC_MDSA */ + +enum ltc_pka_id { + LTC_PKA_UNDEF = 0, + LTC_PKA_RSA, + LTC_PKA_DSA, + LTC_PKA_EC, + LTC_PKA_CURVE25519, + LTC_PKA_DH, +}; + +typedef struct { + union { +#ifdef LTC_CURVE25519 + curve25519_key curve25519; +#endif +#ifdef LTC_MDH + dh_key dh; +#endif +#ifdef LTC_MDSA + dsa_key dsa; +#endif +#ifdef LTC_MECC + ecc_key ecc; +#endif +#ifdef LTC_MRSA + rsa_key rsa; +#endif + } u; + enum ltc_pka_id id; +} ltc_pka_key; + + #ifdef LTC_DER /* DER handling */ diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 041bdd639..ace41d017 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -247,6 +247,56 @@ int base64_encode_pem(const unsigned char *in, unsigned long inlen, char *out, unsigned long *outlen, unsigned int flags); +/* PEM related */ + +struct password { + /* usually a `char*` but could also contain binary data + * so use a `void*` + length to be on the safe side. + */ + void *pw; + unsigned long l; +}; + +struct str { + char *p; + unsigned long len; +}; + +#define SET_STR(n, s) n.p = s, n.len = XSTRLEN(s) +#define SET_CSTR(n, s) n.p = (char*)s, n.len = XSTRLEN(s) + +enum more_headers { + no, + yes, + maybe +}; + +struct pem_headers { + const struct { + struct str start, end; + enum more_headers has_more_headers; + }; +}; + +struct bufp { + /* `end` points to one byte after the last + * element of the allocated buffer + */ + char *p, *r, *end; +}; + +#define SET_BUFP(n, d, l) n.p = d, n.r = d, n.end = (char*)d + l + 1 + +struct get_char { + int (*get)(struct get_char*); + union { + FILE *f; + struct bufp buf; + }; +}; + +/* others */ + void copy_or_zeromem(const unsigned char* src, unsigned char* dest, unsigned long len, int coz); int pbes_decrypt(const pbes_arg *arg, unsigned char *dec_data, unsigned long *dec_size); @@ -254,6 +304,9 @@ int pbes_decrypt(const pbes_arg *arg, unsigned char *dec_data, unsigned long *d int pbes1_extract(const ltc_asn1_list *s, pbes_arg *res); int pbes2_extract(const ltc_asn1_list *s, pbes_arg *res); +int pem_get_char_from_file(struct get_char *g); +int pem_get_char_from_buf(struct get_char *g); +int pem_read(void *pem, unsigned long *w, struct pem_headers *hdr, struct get_char *g); /* tomcrypt_pk.h */ diff --git a/src/misc/crypt/crypt.c b/src/misc/crypt/crypt.c index f91ae06ff..08554b106 100644 --- a/src/misc/crypt/crypt.c +++ b/src/misc/crypt/crypt.c @@ -467,6 +467,10 @@ const char *crypt_build_settings = " PBES1 " " PBES2 " #endif +#if defined(LTC_PEM) + " PEM " + " " NAME_VALUE(LTC_PEM_READ_BUFSIZE) " " +#endif #if defined(LTC_SSH) " SSH " #endif diff --git a/src/misc/pem/pem_decode.c b/src/misc/pem/pem_decode.c new file mode 100644 index 000000000..c30b8ad44 --- /dev/null +++ b/src/misc/pem/pem_decode.c @@ -0,0 +1,129 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + +/** + @file pem_decode.c + Decode and import a PEM file, Steffen Jaeckel +*/ + +#ifdef LTC_PEM + +/* Encrypted PEM files */ +#define PEM_DECODE_BUFSZ 72 + +int pem_get_char_from_file(struct get_char *g) +{ + return getc(g->f); +} + +int pem_get_char_from_buf(struct get_char *g) +{ + int ret; + if (g->buf.r == g->buf.end) { + return -1; + } + ret = *g->buf.r; + g->buf.r++; + return ret; +} + +static char* s_get_line(char *buf, unsigned long *buflen, struct get_char *g) +{ + unsigned long blen = 0; + int c = -1, c_; + while(blen < *buflen) { + c_ = c; + c = g->get(g); + if (c == '\n') { + buf[blen] = '\0'; + if (c_ == '\r') { + buf[--blen] = '\0'; + } + *buflen = blen; + return buf; + } + if (c == -1 || c == '\0') { + buf[blen] = '\0'; + *buflen = blen; + return buf; + } + buf[blen] = c; + blen++; + } + return NULL; +} + +static LTC_INLINE int s_fits_buf(void *dest, unsigned long to_write, void *end) +{ + unsigned char *d = dest; + unsigned char *e = end; + unsigned char *w = d + to_write; + if (w < d || w > e) + return 0; + return 1; +} + +static int s_pem_decode_headers(struct pem_headers *hdr, struct get_char *g) +{ + return CRYPT_OK; +} + +int pem_read(void *pem, unsigned long *w, struct pem_headers *hdr, struct get_char *g) +{ + char buf[PEM_DECODE_BUFSZ]; + char *wpem = pem; + char *end = wpem + *w; + unsigned long slen, linelen; + int err, hdr_ok = 0; + int would_overflow = 0; + + linelen = sizeof(buf); + if (s_get_line(buf, &linelen, g) == NULL) { + return CRYPT_INVALID_PACKET; + } + if (hdr->start.len != linelen || XMEMCMP(buf, hdr->start.p, hdr->start.len)) { + return CRYPT_INVALID_PACKET; + } + + if ((err = s_pem_decode_headers(hdr, g)) != CRYPT_OK) + return err; + + /* Read the base64 encoded part of the PEM */ + slen = sizeof(buf); + while (s_get_line(buf, &slen, g)) { + if (slen == hdr->end.len && !XMEMCMP(buf, hdr->end.p, slen)) { + hdr_ok = 1; + break; + } + if (!would_overflow && s_fits_buf(wpem, slen, end)) { + XMEMCPY(wpem, buf, slen); + } else { + would_overflow = 1; + } + wpem += slen; + slen = sizeof(buf); + } + if (!hdr_ok) + return CRYPT_INVALID_PACKET; + + if (would_overflow || !s_fits_buf(wpem, 1, end)) { + /* NUL termination */ + wpem++; + /* prevent a wrap-around */ + if (wpem < (char*)pem) + return CRYPT_OVERFLOW; + *w = wpem - (char*)pem; + return CRYPT_BUFFER_OVERFLOW; + } + + *w = wpem - (char*)pem; + *wpem++ = '\0'; + + if ((err = base64_strict_decode(pem, *w, pem, w)) != CRYPT_OK) { + return err; + } + return CRYPT_OK; +} + +#endif /* LTC_PEM */ diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c new file mode 100644 index 000000000..ce0d3fe67 --- /dev/null +++ b/src/misc/pem/pem_ssh.c @@ -0,0 +1,426 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + +/** + @file pem_ssh.c + SSH specific functionality to process PEM files, Steffen Jaeckel + + The basic format of the key is described here: + https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key +*/ + +#if defined(LTC_PEM) && defined(LTC_SSH) + +enum blockcipher_mode { + none, cbc, ctr, stream, gcm +}; +struct ssh_blockcipher { + const char *name; + const char *algo; + int len; + enum blockcipher_mode mode; +}; + +/* Table as of + * https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-17 + */ +const struct ssh_blockcipher ssh_ciphers[] = +{ + { "none", "", 0, none }, + { "aes256-cbc", "aes", 256 / 8, cbc }, + { 0 }, +}; + +struct kdf_options { + const char *name; + const struct ssh_blockcipher *cipher; + unsigned char salt[64]; + ulong32 saltlen; + ulong32 num_rounds; + struct password pw; +}; + +#ifdef LTC_MECC +int ssh_find_init_ecc(const char *pka, ltc_pka_key *key) +{ + int err; + const char* prefix = "ecdsa-sha2-"; + unsigned long prefixlen = XSTRLEN(prefix); + const ltc_ecc_curve *cu; + if (strstr(pka, prefix) == NULL) return CRYPT_PK_INVALID_TYPE; + if ((err = ecc_find_curve(pka + prefixlen, &cu)) != CRYPT_OK) return err; + return ecc_set_curve(cu, &key->u.ecc); +} + +int ssh_decode_ecdsa(const unsigned char *in, unsigned long *inlen, ltc_pka_key *key) +{ + int err; + unsigned char groupname[64], group[512], privkey[512]; + unsigned long groupnamelen = sizeof(groupname), grouplen = sizeof(group), privkeylen = sizeof(privkey); + + if ((err = ssh_decode_sequence_multi(in, inlen, + LTC_SSHDATA_STRING, groupname, &groupnamelen, + LTC_SSHDATA_STRING, group, &grouplen, + LTC_SSHDATA_STRING, privkey, &privkeylen, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { + goto cleanup; + } + + if ((err = ecc_set_key(privkey, privkeylen, PK_PRIVATE, &key->u.ecc)) != CRYPT_OK) { + goto cleanup; + } + + key->id = LTC_PKA_EC; + +cleanup: + zeromem(groupname, sizeof(groupname)); + zeromem(group, sizeof(group)); + zeromem(privkey, sizeof(privkey)); + + return err; +} +#endif + +#ifdef LTC_CURVE25519 +int ssh_decode_ed25519(const unsigned char *in, unsigned long *inlen, ltc_pka_key *key) +{ + int err; + unsigned char pubkey[2048], privkey[2048]; + unsigned long pubkeylen = sizeof(pubkey), privkeylen = sizeof(privkey); + + if ((err = ssh_decode_sequence_multi(in, inlen, + LTC_SSHDATA_STRING, pubkey, &pubkeylen, + LTC_SSHDATA_STRING, privkey, &privkeylen, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { + goto cleanup; + } + + if ((err = ed25519_import_raw(&privkey[32], 32, PK_PRIVATE, &key->u.curve25519)) != CRYPT_OK) { + goto cleanup; + } + + key->id = LTC_PKA_CURVE25519; + +cleanup: + zeromem(pubkey, sizeof(pubkey)); + zeromem(privkey, sizeof(privkey)); + + return err; +} +#endif + +#ifdef LTC_MRSA +int ssh_decode_rsa(const unsigned char *in, unsigned long *inlen, ltc_pka_key *key) +{ + int err; + void *tmp1, *tmp2; + if ((err = mp_init_multi(&tmp1, &tmp2, NULL)) != CRYPT_OK) { + goto cleanup; + } + if ((err = rsa_init(&key->u.rsa)) != CRYPT_OK) { + goto cleanup; + } + + if ((err = ssh_decode_sequence_multi(in, inlen, + LTC_SSHDATA_MPINT, key->u.rsa.N, + LTC_SSHDATA_MPINT, key->u.rsa.e, + LTC_SSHDATA_MPINT, key->u.rsa.d, + LTC_SSHDATA_MPINT, key->u.rsa.qP, + LTC_SSHDATA_MPINT, key->u.rsa.q, + LTC_SSHDATA_MPINT, key->u.rsa.p, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { + goto cleanup; + } + + if ((err = mp_sub_d(key->u.rsa.p, 1, tmp1)) != CRYPT_OK) { goto cleanup; } /* tmp1 = q-1 */ + if ((err = mp_sub_d(key->u.rsa.q, 1, tmp2)) != CRYPT_OK) { goto cleanup; } /* tmp2 = p-1 */ + if ((err = mp_mod( key->u.rsa.d, tmp1, key->u.rsa.dP)) != CRYPT_OK) { goto cleanup; } /* dP = d mod p-1 */ + if ((err = mp_mod( key->u.rsa.d, tmp2, key->u.rsa.dQ)) != CRYPT_OK) { goto cleanup; } /* dQ = d mod q-1 */ + + key->id = LTC_PKA_RSA; + +cleanup: + mp_clear_multi(tmp2, tmp1, NULL); + + return err; +} +#endif + +struct ssh_pka { + const char *name; + int (*init)(const char*, ltc_pka_key*); + int (*decode)(const unsigned char*, unsigned long*, ltc_pka_key*); +}; + +struct ssh_pka ssh_pkas[] = { +#ifdef LTC_CURVE25519 + { "ssh-ed25519", NULL, ssh_decode_ed25519 }, +#endif +#ifdef LTC_MRSA + { "ssh-rsa", NULL, ssh_decode_rsa }, +#endif +#ifdef LTC_MECC + { NULL, ssh_find_init_ecc, ssh_decode_ecdsa }, +#endif +}; + +static int s_decode_private_key(const unsigned char *in, unsigned long *inlen, ltc_pka_key *key) +{ + int err; + ulong32 check1, check2; + unsigned char pka[64], comment[256]; + unsigned long pkalen = sizeof(pka), commentlen = sizeof(comment); + unsigned long remaining, cur_len; + const unsigned char *p; + unsigned long n; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(inlen != NULL); + LTC_ARGCHK(key != NULL); + + p = in; + cur_len = *inlen; + + if ((err = ssh_decode_sequence_multi(p, &cur_len, + LTC_SSHDATA_UINT32, &check1, + LTC_SSHDATA_UINT32, &check2, + LTC_SSHDATA_STRING, pka, &pkalen, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { + return err; + } + if (check1 != check2) { + return CRYPT_INVALID_PACKET; + } + + p += cur_len; + remaining = *inlen - cur_len; + cur_len = remaining; + + for (n = 0; n < sizeof(ssh_pkas)/sizeof(ssh_pkas[0]); ++n) { + if (ssh_pkas[n].name != NULL) { + if (XSTRCMP((char*)pka, ssh_pkas[n].name) != 0) continue; + } else { + if ((ssh_pkas[n].init == NULL) || + (ssh_pkas[n].init((char*)pka, key) != CRYPT_OK)) continue; + } + if ((err = ssh_pkas[n].decode(p, &cur_len, key)) != CRYPT_OK) { + return err; + } + break; + } + if (n == sizeof(ssh_pkas)/sizeof(ssh_pkas[0])) { + return CRYPT_PK_INVALID_TYPE; + } + + p += cur_len; + remaining -= cur_len; + cur_len = remaining; + + if ((err = ssh_decode_sequence_multi(p, &cur_len, + LTC_SSHDATA_STRING, comment, &commentlen, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { + return err; + } + + p += cur_len; + remaining -= cur_len; + + return remaining ? padding_depad(p, &remaining, LTC_PAD_SSH) : CRYPT_OK; +} + +static int s_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struct kdf_options *opts) +{ + int err, cipher; + unsigned char symkey[128]; + unsigned long symkey_len; + symmetric_CBC cbc_ctx; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(inlen != NULL); + LTC_ARGCHK(opts != NULL); + + cipher = find_cipher(opts->cipher->algo); + if (cipher == -1) { + return CRYPT_INVALID_CIPHER; + } + symkey_len = opts->cipher->len + cipher_descriptor[cipher].block_length; + + if (sizeof(symkey) < symkey_len) { + return CRYPT_OVERFLOW; + } + + if ((err = bcrypt_pbkdf_openbsd(opts->pw.pw, opts->pw.l, opts->salt, opts->saltlen, opts->num_rounds, find_hash("sha512"), symkey, &symkey_len)) != CRYPT_OK) { + return err; + } + + if ((err = cbc_start(cipher, symkey + opts->cipher->len, symkey, opts->cipher->len, 0, &cbc_ctx)) != CRYPT_OK) { + goto cleanup; + } + if ((err = cbc_decrypt(in, in, *inlen, &cbc_ctx)) != CRYPT_OK) { + goto cleanup; + } + if ((err = cbc_done(&cbc_ctx)) != CRYPT_OK) { + goto cleanup; + } + +cleanup: + zeromem(symkey, sizeof(symkey)); + zeromem(&cbc_ctx, sizeof(cbc_ctx)); + + return err; +} + +static int s_decode_header(unsigned char *in, unsigned long *inlen, struct kdf_options *opts) +{ + int err; + unsigned char ciphername[64], kdfname[64], kdfoptions[128], pubkey1[2048]; + unsigned long ciphernamelen = sizeof(ciphername), kdfnamelen = sizeof(kdfname); + unsigned long kdfoptionslen = sizeof(kdfoptions), pubkey1len = sizeof(pubkey1); + ulong32 num_keys; + unsigned long i; + + void *magic = strstr((const char*)in, "openssh-key-v1"); + unsigned long slen = XSTRLEN("openssh-key-v1"); + unsigned char *start = &in[slen + 1]; + unsigned long len = *inlen - slen - 1; + + if (magic == NULL || magic != in) { + return CRYPT_INVALID_PACKET; + } + + if ((err = ssh_decode_sequence_multi(start, &len, + LTC_SSHDATA_STRING, ciphername, &ciphernamelen, + LTC_SSHDATA_STRING, kdfname, &kdfnamelen, + LTC_SSHDATA_STRING, kdfoptions, &kdfoptionslen, + LTC_SSHDATA_UINT32, &num_keys, + LTC_SSHDATA_STRING, pubkey1, &pubkey1len, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { + return err; + } + if (num_keys != 1) { + return CRYPT_INVALID_PACKET; + } + + *inlen = len + slen + 1; + + for (i = 0; i < sizeof(ssh_ciphers)/sizeof(ssh_ciphers[0]); ++i) { + if (XSTRCMP((char*)ciphername, ssh_ciphers[i].name) == 0) { + opts->cipher = &ssh_ciphers[i]; + break; + } + } + if (opts->cipher == NULL) { + return CRYPT_INVALID_CIPHER; + } + + if (XSTRCMP((char*)kdfname, "none") == 0) { + /* NOP */ + opts->name = "none"; + } else if (XSTRCMP((char*)kdfname, "bcrypt") == 0) { + opts->name = "bcrypt"; + opts->saltlen = sizeof(opts->salt); + len = kdfoptionslen; + if ((err = ssh_decode_sequence_multi(kdfoptions, &len, + LTC_SSHDATA_STRING, opts->salt, &opts->saltlen, + LTC_SSHDATA_UINT32, &opts->num_rounds, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { + return err; + } + if (len != kdfoptionslen) { + return CRYPT_INPUT_TOO_LONG; + } + } else { + return CRYPT_INVALID_PACKET; + } + + return err; +} + +static const struct pem_headers pem_openssh = + { + SET_CSTR(.start, "-----BEGIN OPENSSH PRIVATE KEY-----"), + SET_CSTR(.end, "-----END OPENSSH PRIVATE KEY-----"), + .has_more_headers = 0 + }; + +static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) +{ + unsigned char *pem = NULL, *p, *privkey = NULL; + unsigned long w, l, privkey_len; + int err; + struct pem_headers hdr = pem_openssh; + struct kdf_options opts = { 0 }; + w = LTC_PEM_READ_BUFSIZE * 2; +retry: + pem = XREALLOC(pem, w); + err = pem_read(pem, &w, &hdr, g); + if (err == CRYPT_BUFFER_OVERFLOW) { + goto retry; + } else if (err != CRYPT_OK) { + goto cleanup; + } + l = w; + if ((err = s_decode_header(pem, &w, &opts)) != CRYPT_OK) { + goto cleanup; + } + p = pem + w; + l -= w; + w = l; + + privkey_len = l; + privkey = XMALLOC(privkey_len); + + if ((err = ssh_decode_sequence_multi(p, &w, + LTC_SSHDATA_STRING, privkey, &privkey_len, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { + goto cleanup; + } + + if (XSTRCMP(opts.name, "none") != 0) { + /* hard-coded pass for demo keys */ + if (!pw_ctx || !pw_ctx->callback) { + err = CRYPT_INVALID_ARG; + goto cleanup; + } + if (pw_ctx->callback(&opts.pw.pw, &opts.pw.l, pw_ctx->userdata)) { + err = CRYPT_ERROR; + goto cleanup; + } + w = privkey_len; + if ((err = s_decrypt_private_keys(privkey, &privkey_len, &opts)) != CRYPT_OK) { + goto cleanup; + } + } + + w = privkey_len; + if ((err = s_decode_private_key(privkey, &w, k)) != CRYPT_OK) { + goto cleanup; + } + +cleanup: + if (opts.pw.pw) { + zeromem(opts.pw.pw, opts.pw.l); + XFREE(opts.pw.pw); + } + if (privkey) { + zeromem(privkey, privkey_len); + XFREE(privkey); + } + XFREE(pem); + return err; +} + +int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx) +{ + struct get_char g = { .get = pem_get_char_from_file, .f = f }; + return s_decode_openssh(&g, k, pw_ctx); +} + +int pem_decode_openssh(void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx) +{ + struct get_char g = { .get = pem_get_char_from_buf, SET_BUFP(.buf, buf, len) }; + return s_decode_openssh(&g, k, pw_ctx); +} + +#endif /* defined(LTC_PEM) && defined(LTC_SSH) */ From 20fc6efb331155b4e4287c80ba0e1795b0acd611 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 6 Jan 2022 03:30:09 +0100 Subject: [PATCH 08/33] rename file Signed-off-by: Steffen Jaeckel --- src/pk/asn1/oid/{pk_get_oid.c => pk_get.c} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename src/pk/asn1/oid/{pk_get_oid.c => pk_get.c} (100%) diff --git a/src/pk/asn1/oid/pk_get_oid.c b/src/pk/asn1/oid/pk_get.c similarity index 100% rename from src/pk/asn1/oid/pk_get_oid.c rename to src/pk/asn1/oid/pk_get.c From b5eb6b211aeed28ded25f573ef44a14b5395d5de Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 6 Jan 2022 03:31:12 +0100 Subject: [PATCH 09/33] add `pk_get_oid_from_asn1()` Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_private.h | 1 + src/pk/asn1/oid/pk_get.c | 42 +++++++++++++++++++++++++++++----- 2 files changed, 37 insertions(+), 6 deletions(-) diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index ace41d017..df57571aa 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -314,6 +314,7 @@ int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng); int rand_bn_upto(void *N, void *limit, prng_state *prng, int wprng); int pk_get_oid(enum ltc_oid_id id, const char **st); +int pk_get_oid_from_asn1(const ltc_asn1_list *oid, enum ltc_oid_id *id); int pk_oid_str_to_num(const char *OID, unsigned long *oid, unsigned long *oidlen); int pk_oid_num_to_str(const unsigned long *oid, unsigned long oidlen, char *OID, unsigned long *outlen); diff --git a/src/pk/asn1/oid/pk_get.c b/src/pk/asn1/oid/pk_get.c index b3e1ee26b..1fc72a130 100644 --- a/src/pk/asn1/oid/pk_get.c +++ b/src/pk/asn1/oid/pk_get.c @@ -6,16 +6,17 @@ typedef struct { enum ltc_oid_id id; + enum ltc_pka_id pka; const char* oid; } oid_table_entry; static const oid_table_entry pka_oids[] = { - { LTC_OID_RSA, "1.2.840.113549.1.1.1" }, - { LTC_OID_DSA, "1.2.840.10040.4.1" }, - { LTC_OID_EC, "1.2.840.10045.2.1" }, - { LTC_OID_EC_PRIMEF, "1.2.840.10045.1.1" }, - { LTC_OID_X25519, "1.3.101.110" }, - { LTC_OID_ED25519, "1.3.101.112" }, + { LTC_OID_RSA, LTC_PKA_RSA, "1.2.840.113549.1.1.1" }, + { LTC_OID_DSA, LTC_PKA_DSA, "1.2.840.10040.4.1" }, + { LTC_OID_EC, LTC_PKA_EC, "1.2.840.10045.2.1" }, + { LTC_OID_EC_PRIMEF, LTC_PKA_EC, "1.2.840.10045.1.1" }, + { LTC_OID_X25519, LTC_PKA_CURVE25519, "1.3.101.110" }, + { LTC_OID_ED25519, LTC_PKA_CURVE25519, "1.3.101.112" }, }; /* @@ -34,4 +35,33 @@ int pk_get_oid(enum ltc_oid_id id, const char **st) } return CRYPT_INVALID_ARG; } + +/* + Returns the PKA ID of an OID. + @return CRYPT_OK if valid +*/ +int pk_get_oid_from_asn1(const ltc_asn1_list *oid, enum ltc_oid_id *id) +{ + unsigned long i; + char tmp[LTC_OID_MAX_STRLEN] = { 0 }; + int err; + + LTC_ARGCHK(oid != NULL); + LTC_ARGCHK(id != NULL); + + if (oid->type != LTC_ASN1_OBJECT_IDENTIFIER) return CRYPT_INVALID_ARG; + + i = sizeof(tmp); + if ((err = pk_oid_num_to_str(oid->data, oid->size, tmp, &i)) != CRYPT_OK) { + return err; + } + + for (i = 0; i < sizeof(pka_oids)/sizeof(pka_oids[0]); ++i) { + if (XSTRCMP(pka_oids[i].oid, tmp) == 0) { + *id = pka_oids[i].id; + return CRYPT_OK; + } + } + return CRYPT_INVALID_ARG; +} #endif From 7d03f4e4931de82d544b0af33974b0bc5fdf2f6e Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 6 Jan 2022 03:32:19 +0100 Subject: [PATCH 10/33] add `der_flexi_sequence_cmp()` Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_private.h | 15 ++++++++ .../der/sequence/der_flexi_sequence_cmp.c | 38 +++++++++++++++++++ src/pk/ecc/ecc_import_pkcs8.c | 34 +---------------- 3 files changed, 55 insertions(+), 32 deletions(-) create mode 100644 src/pk/asn1/der/sequence/der_flexi_sequence_cmp.c diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index df57571aa..4d5701fc2 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -465,12 +465,27 @@ int der_length_asn1_length(unsigned long len, unsigned long *outlen); int der_length_sequence_ex(const ltc_asn1_list *list, unsigned long inlen, unsigned long *outlen, unsigned long *payloadlen); +typedef struct { + ltc_asn1_type t; + ltc_asn1_list **pp; +} der_flexi_check; + +#define LTC_SET_DER_FLEXI_CHECK(list, index, Type, P) \ + do { \ + int LTC_SDFC_temp##__LINE__ = (index); \ + list[LTC_SDFC_temp##__LINE__].t = Type; \ + list[LTC_SDFC_temp##__LINE__].pp = P; \ + } while (0) + + extern const ltc_asn1_type der_asn1_tag_to_type_map[]; extern const unsigned long der_asn1_tag_to_type_map_sz; extern const int der_asn1_type_to_identifier_map[]; extern const unsigned long der_asn1_type_to_identifier_map_sz; +int der_flexi_sequence_cmp(const ltc_asn1_list *flexi, der_flexi_check *check); + int der_decode_sequence_multi_ex(const unsigned char *in, unsigned long inlen, unsigned int flags, ...) LTC_NULL_TERMINATED; diff --git a/src/pk/asn1/der/sequence/der_flexi_sequence_cmp.c b/src/pk/asn1/der/sequence/der_flexi_sequence_cmp.c new file mode 100644 index 000000000..026eb504a --- /dev/null +++ b/src/pk/asn1/der/sequence/der_flexi_sequence_cmp.c @@ -0,0 +1,38 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + +/** + @file der_length_sequence.c + ASN.1 DER, length a SEQUENCE, Tom St Denis +*/ + +#ifdef LTC_DER + +/** + Get the length of a DER sequence + @param list The sequences of items in the SEQUENCE + @param inlen The number of items + @param outlen [out] The length required in octets to store it + @return CRYPT_OK on success +*/ + +int der_flexi_sequence_cmp(const ltc_asn1_list *flexi, der_flexi_check *check) +{ + ltc_asn1_list *cur; + if (flexi->type != LTC_ASN1_SEQUENCE) { + return CRYPT_INVALID_PACKET; + } + cur = flexi->child; + while(check->t != LTC_ASN1_EOL) { + if (!LTC_ASN1_IS_TYPE(cur, check->t)) { + return CRYPT_INVALID_PACKET; + } + if (check->pp != NULL) *check->pp = cur; + cur = cur->next; + check++; + } + return CRYPT_OK; +} + +#endif diff --git a/src/pk/ecc/ecc_import_pkcs8.c b/src/pk/ecc/ecc_import_pkcs8.c index 81ac6ed6b..ec5afc390 100644 --- a/src/pk/ecc/ecc_import_pkcs8.c +++ b/src/pk/ecc/ecc_import_pkcs8.c @@ -5,36 +5,6 @@ #ifdef LTC_MECC -typedef struct { - ltc_asn1_type t; - ltc_asn1_list **pp; -} der_flexi_check; - -#define LTC_SET_DER_FLEXI_CHECK(list, index, Type, P) \ - do { \ - int LTC_SDFC_temp##__LINE__ = (index); \ - list[LTC_SDFC_temp##__LINE__].t = Type; \ - list[LTC_SDFC_temp##__LINE__].pp = P; \ - } while (0) - -static int s_der_flexi_sequence_cmp(const ltc_asn1_list *flexi, der_flexi_check *check) -{ - const ltc_asn1_list *cur; - if (flexi->type != LTC_ASN1_SEQUENCE) { - return CRYPT_INVALID_PACKET; - } - cur = flexi->child; - while(check->t != LTC_ASN1_EOL) { - if (!LTC_ASN1_IS_TYPE(cur, check->t)) { - return CRYPT_INVALID_PACKET; - } - if (check->pp != NULL) *check->pp = (ltc_asn1_list*)cur; - cur = cur->next; - check++; - } - return CRYPT_OK; -} - /* NOTE: s_der_decode_pkcs8_flexi & related stuff can be shared with rsa_import_pkcs8() */ int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, @@ -73,7 +43,7 @@ int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_OCTET_STRING, &priv_key); LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL); - if ((s_der_flexi_sequence_cmp(l, flexi_should) == CRYPT_OK) && + if ((der_flexi_sequence_cmp(l, flexi_should) == CRYPT_OK) && (pk_oid_cmp_with_asn1(pka_ec_oid, seq->child) == CRYPT_OK)) { ltc_asn1_list *version, *field, *point, *point_g, *order, *p_cofactor; @@ -102,7 +72,7 @@ int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, if ((err = ecc_find_curve(OID, &curve)) != CRYPT_OK) { goto LBL_DONE; } if ((err = ecc_set_curve(curve, key)) != CRYPT_OK) { goto LBL_DONE; } } - else if ((err = s_der_flexi_sequence_cmp(seq->child->next, flexi_should)) == CRYPT_OK) { + else if ((err = der_flexi_sequence_cmp(seq->child->next, flexi_should)) == CRYPT_OK) { /* CASE 2: explicit curve parameters (AKA long variant): * 0:d=0 hl=3 l= 227 cons: SEQUENCE * 3:d=1 hl=2 l= 1 prim: INTEGER :00 From aea3ef49d689644ebc3da2d168ee8a891b4efdb9 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 6 Jan 2022 03:32:59 +0100 Subject: [PATCH 11/33] add `LTC_OID_MAX_STRLEN` Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_private.h | 3 +++ src/pk/asn1/oid/pk_oid_cmp.c | 2 +- src/pk/asn1/oid/pk_oid_str.c | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 4d5701fc2..b862be3a4 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -30,6 +30,8 @@ LTC_STATIC_ASSERT(correct_ltc_uintptr_size, sizeof(ltc_uintptr) == sizeof(void*) */ #define LTC_ALIGN_BUF(buf, n) ((void*)((ltc_uintptr)&((unsigned char*)(buf))[n - 1] & (~(CONSTPTR(n) - CONSTPTR(1))))) +#define LTC_OID_MAX_STRLEN 256 + /* `NULL` as defined by the standard is not guaranteed to be of a pointer * type. In order to make sure that in vararg API's a pointer type is used, * define our own version and use that one internally. @@ -43,6 +45,7 @@ LTC_STATIC_ASSERT(correct_ltc_uintptr_size, sizeof(ltc_uintptr) == sizeof(void*) */ enum ltc_oid_id { + LTC_OID_UNDEF, LTC_OID_RSA, LTC_OID_DSA, LTC_OID_EC, diff --git a/src/pk/asn1/oid/pk_oid_cmp.c b/src/pk/asn1/oid/pk_oid_cmp.c index f842bc587..04a379bff 100644 --- a/src/pk/asn1/oid/pk_oid_cmp.c +++ b/src/pk/asn1/oid/pk_oid_cmp.c @@ -11,7 +11,7 @@ int pk_oid_cmp_with_ulong(const char *o1, const unsigned long *o2, unsigned long o2size) { unsigned long i; - char tmp[256] = { 0 }; + char tmp[LTC_OID_MAX_STRLEN] = { 0 }; int err; if (o1 == NULL || o2 == NULL) return CRYPT_ERROR; diff --git a/src/pk/asn1/oid/pk_oid_str.c b/src/pk/asn1/oid/pk_oid_str.c index bc21a6f57..f670cd063 100644 --- a/src/pk/asn1/oid/pk_oid_str.c +++ b/src/pk/asn1/oid/pk_oid_str.c @@ -46,7 +46,7 @@ int pk_oid_num_to_str(const unsigned long *oid, unsigned long oidlen, char *OID, { int i; unsigned long j, k; - char tmp[256] = { 0 }; + char tmp[LTC_OID_MAX_STRLEN] = { 0 }; LTC_ARGCHK(oid != NULL); LTC_ARGCHK(oidlen < INT_MAX); From 5f8ff34c5517f81a065a0d4c24c3bae7816d8557 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 6 Jan 2022 04:00:02 +0100 Subject: [PATCH 12/33] add `pkcs8_get_children()` Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_private.h | 3 +++ src/pk/asn1/pkcs8/pkcs8_get.c | 48 ++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 src/pk/asn1/pkcs8/pkcs8_get.c diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index b862be3a4..1b1947d6f 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -526,6 +526,9 @@ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, const void *pwd, unsigned long pwdlen, ltc_asn1_list **decoded_list); +int pkcs8_get_children(const ltc_asn1_list *decoded_list, enum ltc_oid_id *pka, + ltc_asn1_list **seq, ltc_asn1_list **priv_key); + #endif /* LTC_PKCS_8 */ diff --git a/src/pk/asn1/pkcs8/pkcs8_get.c b/src/pk/asn1/pkcs8/pkcs8_get.c new file mode 100644 index 000000000..3ff74e2d7 --- /dev/null +++ b/src/pk/asn1/pkcs8/pkcs8_get.c @@ -0,0 +1,48 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + +/** + @file pkcs8_get.c + PKCS#8 utility functions +*/ + +#ifdef LTC_PKCS_8 + +int pkcs8_get_children(const ltc_asn1_list *decoded_list, enum ltc_oid_id *pka, ltc_asn1_list **alg_id, ltc_asn1_list **priv_key) +{ + int err; + unsigned long n; + der_flexi_check flexi_should[4]; + ltc_asn1_list *seq_l, *version; + + LTC_ARGCHK(ltc_mp.name != NULL); + + if (alg_id == NULL) alg_id = &seq_l; + + /* Setup for basic structure */ + n=0; + LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, &version); + LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_SEQUENCE, alg_id); + LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_OCTET_STRING, priv_key); + LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL); + + err = der_flexi_sequence_cmp(decoded_list, flexi_should); + switch (err) { + case CRYPT_OK: + case CRYPT_INPUT_TOO_LONG: + /* If there are attributes added after the private_key it is tagged with version 1 and + * we get an 'input too long' error but the rest is already decoded and can be + * handled the same as for version 0 + */ + if (mp_cmp_d(version->data, 0) != LTC_MP_EQ && mp_cmp_d(version->data, 1) != LTC_MP_EQ) { + return CRYPT_INVALID_PACKET; + } + break; + default: + return err; + } + return pk_get_oid_from_asn1((*alg_id)->child, pka); +} + +#endif /* LTC_PKCS_8 */ From dcc231c258561352b9e66d212c8973aa0effdba8 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 11 Jan 2022 19:55:44 +0100 Subject: [PATCH 13/33] re-factor PKCS#8 API a bit Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_misc.h | 4 - src/headers/tomcrypt_pk.h | 21 ++- src/headers/tomcrypt_private.h | 47 ++++- src/pk/asn1/pkcs8/pkcs8_decode_flexi.c | 20 +- src/pk/ec25519/ec25519_import_pkcs8.c | 119 ++++++------ src/pk/ecc/ecc_import_pkcs8.c | 241 +++++++++++++------------ src/pk/ed25519/ed25519_import_pkcs8.c | 23 ++- src/pk/rsa/rsa_import_pkcs8.c | 118 ++++-------- src/pk/x25519/x25519_import_pkcs8.c | 22 ++- tests/ecc_test.c | 45 +++-- tests/ed25519_test.c | 14 +- tests/rsa_test.c | 14 +- tests/x25519_test.c | 20 +- 13 files changed, 382 insertions(+), 326 deletions(-) diff --git a/src/headers/tomcrypt_misc.h b/src/headers/tomcrypt_misc.h index 67b9a9ec8..e722a0a26 100644 --- a/src/headers/tomcrypt_misc.h +++ b/src/headers/tomcrypt_misc.h @@ -160,10 +160,6 @@ int padding_depad(const unsigned char *data, unsigned long *length, unsigned lon #endif /* LTC_PADDING */ #ifdef LTC_PEM -typedef struct { - int (*callback)(void **, unsigned long *, void *); - void *userdata; -} password_ctx; #ifdef LTC_SSH int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx); diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 4d8e7fc1e..c0ead7c2c 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -1,6 +1,11 @@ /* LibTomCrypt, modular cryptographic library -- Tom St Denis */ /* SPDX-License-Identifier: Unlicense */ +typedef struct { + int (*callback)(void **, unsigned long *, void *); + void *userdata; +} password_ctx; + /* ---- NUMBER THEORY ---- */ enum public_key_type { @@ -108,7 +113,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key); int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key); int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *passwd, unsigned long passwdlen, rsa_key *key); + const password_ctx *pw_ctx, rsa_key *key); int rsa_set_key(const unsigned char *N, unsigned long Nlen, const unsigned char *e, unsigned long elen, @@ -280,7 +285,7 @@ int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_ke int ecc_export_openssl(unsigned char *out, unsigned long *outlen, int type, const ecc_key *key); int ecc_import_openssl(const unsigned char *in, unsigned long inlen, ecc_key *key); -int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, const void *pwd, unsigned long pwdlen, ecc_key *key); +int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, const password_ctx *pw_ctx, ecc_key *key); int ecc_import_x509(const unsigned char *in, unsigned long inlen, ecc_key *key); int ecc_shared_secret(const ecc_key *private_key, const ecc_key *public_key, @@ -353,9 +358,9 @@ int ed25519_export( unsigned char *out, unsigned long *outlen, int ed25519_import(const unsigned char *in, unsigned long inlen, curve25519_key *key); int ed25519_import_raw(const unsigned char *in, unsigned long inlen, int which, curve25519_key *key); int ed25519_import_x509(const unsigned char *in, unsigned long inlen, curve25519_key *key); -int ed25519_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, - curve25519_key *key); +int ed25519_import_pkcs8(const unsigned char *in, unsigned long inlen, + const password_ctx *pw_ctx, + curve25519_key *key); int ed25519_sign(const unsigned char *msg, unsigned long msglen, unsigned char *sig, unsigned long *siglen, @@ -393,9 +398,9 @@ int x25519_export( unsigned char *out, unsigned long *outlen, int x25519_import(const unsigned char *in, unsigned long inlen, curve25519_key *key); int x25519_import_raw(const unsigned char *in, unsigned long inlen, int which, curve25519_key *key); int x25519_import_x509(const unsigned char *in, unsigned long inlen, curve25519_key *key); -int x25519_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, - curve25519_key *key); +int x25519_import_pkcs8(const unsigned char *in, unsigned long inlen, + const password_ctx *pw_ctx, + curve25519_key *key); int x25519_shared_secret(const curve25519_key *private_key, const curve25519_key *public_key, diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 1b1947d6f..31ff7b524 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -84,7 +84,7 @@ typedef struct { typedef struct { pbes_properties type; - const void *pwd; + void *pwd; unsigned long pwdlen; ltc_asn1_list *enc_data; ltc_asn1_list *salt; @@ -343,6 +343,7 @@ int ecc_set_curve_from_mpis(void *a, void *b, void *prime, void *order, void *gx int ecc_copy_curve(const ecc_key *srckey, ecc_key *key); int ecc_set_curve_by_size(int size, ecc_key *key); int ecc_import_subject_public_key_info(const unsigned char *in, unsigned long inlen, ecc_key *key); +int ecc_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, ecc_key *key); #ifdef LTC_SSH int ecc_ssh_ecdsa_encode_name(char *buffer, unsigned long *buflen, const ecc_key *key); @@ -435,11 +436,18 @@ int tweetnacl_crypto_scalarmult(unsigned char *q, const unsigned char *n, const int tweetnacl_crypto_scalarmult_base(unsigned char *q,const unsigned char *n); int tweetnacl_crypto_ph(unsigned char *out, const unsigned char *msg, unsigned long long msglen); -typedef int (*sk_to_pk)(unsigned char *pk ,const unsigned char *sk); +int ed25519_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, + curve25519_key *key); +int x25519_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, + curve25519_key *key); + +int ec25519_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, + enum ltc_oid_id id, + curve25519_key *key); int ec25519_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, - enum ltc_oid_id id, sk_to_pk fp, - curve25519_key *key); + const password_ctx *pw_ctx, + enum ltc_oid_id id, + curve25519_key *key); int ec25519_export( unsigned char *out, unsigned long *outlen, int which, const curve25519_key *key); @@ -522,12 +530,35 @@ int pk_oid_cmp_with_asn1(const char *o1, const ltc_asn1_list *o2); #ifdef LTC_PKCS_8 +/* Public-Key Cryptography Standards (PKCS) #8: + * Private-Key Information Syntax Specification Version 1.2 + * https://tools.ietf.org/html/rfc5208 + * + * PrivateKeyInfo ::= SEQUENCE { + * version Version, + * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, + * privateKey PrivateKey, + * attributes [0] IMPLICIT Attributes OPTIONAL } + * where: + * - Version ::= INTEGER + * - PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier + * - PrivateKey ::= OCTET STRING + * - Attributes ::= SET OF Attribute + * + * EncryptedPrivateKeyInfo ::= SEQUENCE { + * encryptionAlgorithm EncryptionAlgorithmIdentifier, + * encryptedData EncryptedData } + * where: + * - EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + * - EncryptedData ::= OCTET STRING + */ + int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, - ltc_asn1_list **decoded_list); + const password_ctx *pw_ctx, + ltc_asn1_list **decoded_list); int pkcs8_get_children(const ltc_asn1_list *decoded_list, enum ltc_oid_id *pka, - ltc_asn1_list **seq, ltc_asn1_list **priv_key); + ltc_asn1_list **alg_id, ltc_asn1_list **priv_key); #endif /* LTC_PKCS_8 */ diff --git a/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c b/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c index e715f11ab..c8b4e11f9 100644 --- a/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c +++ b/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c @@ -15,7 +15,7 @@ @return CRYPT_OK on success */ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, + const password_ctx *pw_ctx, ltc_asn1_list **decoded_list) { unsigned long len = inlen; @@ -23,10 +23,13 @@ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, unsigned char *dec_data = NULL; ltc_asn1_list *l = NULL; int err; + pbes_arg pbes; LTC_ARGCHK(in != NULL); LTC_ARGCHK(decoded_list != NULL); + XMEMSET(&pbes, 0, sizeof(pbes)); + *decoded_list = NULL; if ((err = der_decode_sequence_flexi(in, &len, &l)) == CRYPT_OK) { /* the following "if" detects whether it is encrypted or not */ @@ -44,9 +47,9 @@ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, LTC_ASN1_IS_TYPE(l->child->child->next, LTC_ASN1_SEQUENCE) && LTC_ASN1_IS_TYPE(l->child->next, LTC_ASN1_OCTET_STRING)) { ltc_asn1_list *lalgoid = l->child->child; - pbes_arg pbes; - XMEMSET(&pbes, 0, sizeof(pbes)); + LTC_ARGCHK(pw_ctx != NULL); + LTC_ARGCHK(pw_ctx->callback != NULL); if (pbes1_extract(lalgoid, &pbes) == CRYPT_OK) { /* Successfully extracted PBES1 parameters */ @@ -58,9 +61,12 @@ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, goto LBL_DONE; } + if (pw_ctx->callback(&pbes.pwd, &pbes.pwdlen, pw_ctx->userdata)) { + err = CRYPT_ERROR; + goto LBL_DONE; + } + pbes.enc_data = l->child->next; - pbes.pwd = pwd; - pbes.pwdlen = pwdlen; dec_size = pbes.enc_data->size; if ((dec_data = XMALLOC(dec_size)) == NULL) { @@ -87,6 +93,10 @@ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, LBL_DONE: if (l) der_free_sequence_flexi(l); + if (pbes.pwd) { + zeromem(pbes.pwd, pbes.pwdlen); + XFREE(pbes.pwd); + } if (dec_data) { zeromem(dec_data, dec_size); XFREE(dec_data); diff --git a/src/pk/ec25519/ec25519_import_pkcs8.c b/src/pk/ec25519/ec25519_import_pkcs8.c index 13807abde..fa417bc90 100644 --- a/src/pk/ec25519/ec25519_import_pkcs8.c +++ b/src/pk/ec25519/ec25519_import_pkcs8.c @@ -9,78 +9,77 @@ #ifdef LTC_CURVE25519 +typedef int (*sk_to_pk)(unsigned char *pk , const unsigned char *sk); + +int ec25519_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, + enum ltc_oid_id id, + curve25519_key *key) +{ + int err; + unsigned long key_len; + sk_to_pk fp; + + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + + LTC_UNUSED_PARAM(alg_id); + + switch (id) { + case LTC_OID_ED25519: + fp = tweetnacl_crypto_sk_to_pk; + break; + case LTC_OID_X25519: + fp = tweetnacl_crypto_scalarmult_base; + break; + default: + return CRYPT_PK_INVALID_TYPE; + } + + key_len = sizeof(key->priv); + if ((err = der_decode_octet_string(priv_key->data, priv_key->size, key->priv, &key_len)) == CRYPT_OK) { + fp(key->pub, key->priv); + key->type = PK_PRIVATE; + key->algo = id; + } + return err; +} + /** Generic import of a Curve/Ed25519 private key in PKCS#8 format - @param in The DER-encoded PKCS#8-formatted private key - @param inlen The length of the input data - @param passwd The password to decrypt the private key - @param passwdlen Password's length (octets) - @param key [out] Where to import the key to + @param in The packet to import from + @param inlen It's length (octets) + @param pw_ctx The password context when decrypting the private key + @param id The type of the private key + @param key [out] Destination for newly imported key @return CRYPT_OK if successful, on error all allocated memory is freed automatically */ int ec25519_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, - enum ltc_oid_id id, sk_to_pk fp, - curve25519_key *key) + const password_ctx *pw_ctx, + enum ltc_oid_id id, + curve25519_key *key) { - int err; + int err; ltc_asn1_list *l = NULL; - const char *oid; - ltc_asn1_list alg_id[1]; - unsigned char private_key[34]; - unsigned long version, key_len; - unsigned long tmpoid[16]; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(fp != NULL); - - if ((err = pkcs8_decode_flexi(in, inlen, pwd, pwdlen, &l)) == CRYPT_OK) { + ltc_asn1_list *alg_id, *priv_key; + enum ltc_oid_id pka; - LTC_SET_ASN1(alg_id, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, sizeof(tmpoid) / sizeof(tmpoid[0])); + LTC_ARGCHK(in != NULL); - key_len = sizeof(private_key); - if ((err = der_decode_sequence_multi(l->data, l->size, - LTC_ASN1_SHORT_INTEGER, 1uL, &version, - LTC_ASN1_SEQUENCE, 1uL, alg_id, - LTC_ASN1_OCTET_STRING, key_len, private_key, - LTC_ASN1_EOL, 0uL, NULL)) - != CRYPT_OK) { - /* If there are attributes added after the private_key it is tagged with version 1 and - * we get an 'input too long' error but the rest is already decoded and can be - * handled the same as for version 0 - */ - if ((err == CRYPT_INPUT_TOO_LONG) && (version == 1)) { - version = 0; - } else { - goto out; - } - } + err = pkcs8_decode_flexi(in, inlen, pw_ctx, &l); + if (err != CRYPT_OK) return err; - if ((err = pk_get_oid(id, &oid)) != CRYPT_OK) { - goto out; - } - if ((err = pk_oid_cmp_with_asn1(oid, &alg_id[0])) != CRYPT_OK) { - goto out; - } - - if (version == 0) { - key_len = sizeof(key->priv); - if ((err = der_decode_octet_string(private_key, sizeof(private_key), key->priv, &key_len)) == CRYPT_OK) { - fp(key->pub, key->priv); - key->type = PK_PRIVATE; - key->algo = id; - } - } else { - err = CRYPT_PK_INVALID_TYPE; - } + if ((err = pkcs8_get_children(l, &pka, &alg_id, &priv_key)) != CRYPT_OK) { + goto LBL_DER_FREE; } -out: - if (l) der_free_sequence_flexi(l); -#ifdef LTC_CLEAN_STACK - zeromem(private_key, sizeof(private_key)); -#endif + if (pka != id) { + err = CRYPT_INVALID_PACKET; + goto LBL_DER_FREE; + } + + err = ec25519_import_pkcs8_asn1(alg_id, priv_key, id, key); +LBL_DER_FREE: + der_free_sequence_flexi(l); return err; } diff --git a/src/pk/ecc/ecc_import_pkcs8.c b/src/pk/ecc/ecc_import_pkcs8.c index ec5afc390..f073d9845 100644 --- a/src/pk/ecc/ecc_import_pkcs8.c +++ b/src/pk/ecc/ecc_import_pkcs8.c @@ -5,140 +5,113 @@ #ifdef LTC_MECC -/* NOTE: s_der_decode_pkcs8_flexi & related stuff can be shared with rsa_import_pkcs8() */ - -int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, - ecc_key *key) +int ecc_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, ecc_key *key) { void *a, *b, *gx, *gy; unsigned long len, cofactor, n; - const char *pka_ec_oid; int err; char OID[256]; const ltc_ecc_curve *curve; - ltc_asn1_list *p = NULL, *l = NULL; - der_flexi_check flexi_should[7]; - ltc_asn1_list *seq, *priv_key; + ltc_asn1_list *p = NULL; + der_flexi_check case2_should[7]; + ltc_asn1_list *version, *field, *point, *point_g, *order, *p_cofactor; - LTC_ARGCHK(in != NULL); LTC_ARGCHK(key != NULL); LTC_ARGCHK(ltc_mp.name != NULL); - /* get EC alg oid */ - err = pk_get_oid(LTC_OID_EC, &pka_ec_oid); - if (err != CRYPT_OK) return err; - /* init key */ err = mp_init_multi(&a, &b, &gx, &gy, LTC_NULL); - if (err != CRYPT_OK) return err; + if (err != CRYPT_OK) goto LBL_DER_FREE; + + /* Setup for CASE 2 */ + n=0; + LTC_SET_DER_FLEXI_CHECK(case2_should, n++, LTC_ASN1_INTEGER, &version); + LTC_SET_DER_FLEXI_CHECK(case2_should, n++, LTC_ASN1_SEQUENCE, &field); + LTC_SET_DER_FLEXI_CHECK(case2_should, n++, LTC_ASN1_SEQUENCE, &point); + LTC_SET_DER_FLEXI_CHECK(case2_should, n++, LTC_ASN1_OCTET_STRING, &point_g); + LTC_SET_DER_FLEXI_CHECK(case2_should, n++, LTC_ASN1_INTEGER, &order); + LTC_SET_DER_FLEXI_CHECK(case2_should, n++, LTC_ASN1_INTEGER, &p_cofactor); + LTC_SET_DER_FLEXI_CHECK(case2_should, n, LTC_ASN1_EOL, NULL); + + if (LTC_ASN1_IS_TYPE(alg_id->child->next, LTC_ASN1_OBJECT_IDENTIFIER)) { + /* CASE 1: curve by OID (AKA short variant): + * 0:d=0 hl=2 l= 100 cons: SEQUENCE + * 2:d=1 hl=2 l= 1 prim: INTEGER :00 + * 5:d=1 hl=2 l= 16 cons: SEQUENCE (== *seq) + * 7:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey + * 16:d=2 hl=2 l= 5 prim: OBJECT :(== *curve_oid (e.g. secp256k1 (== 1.3.132.0.10))) + * 23:d=1 hl=2 l= 77 prim: OCTET STRING :bytes (== *priv_key) + */ + ltc_asn1_list *curve_oid = alg_id->child->next; + len = sizeof(OID); + if ((err = pk_oid_num_to_str(curve_oid->data, curve_oid->size, OID, &len)) != CRYPT_OK) { goto LBL_DONE; } + if ((err = ecc_find_curve(OID, &curve)) != CRYPT_OK) { goto LBL_DONE; } + if ((err = ecc_set_curve(curve, key)) != CRYPT_OK) { goto LBL_DONE; } + } else if (der_flexi_sequence_cmp(alg_id->child->next, case2_should) == CRYPT_OK) { + + /* CASE 2: explicit curve parameters (AKA long variant): + * 0:d=0 hl=3 l= 227 cons: SEQUENCE + * 3:d=1 hl=2 l= 1 prim: INTEGER :00 + * 6:d=1 hl=3 l= 142 cons: SEQUENCE (== *seq) + * 9:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey + * 18:d=2 hl=3 l= 130 cons: SEQUENCE + * 21:d=3 hl=2 l= 1 prim: INTEGER :01 + * 24:d=3 hl=2 l= 44 cons: SEQUENCE (== *field) + * 26:d=4 hl=2 l= 7 prim: OBJECT :prime-field + * 35:d=4 hl=2 l= 33 prim: INTEGER :(== *prime / curve.prime) + * 70:d=3 hl=2 l= 6 cons: SEQUENCE (== *point) + * 72:d=4 hl=2 l= 1 prim: OCTET STRING :bytes (== curve.A) + * 75:d=4 hl=2 l= 1 prim: OCTET STRING :bytes (== curve.B) + * 78:d=3 hl=2 l= 33 prim: OCTET STRING :bytes (== *g_point / curve.G-point) + * 113:d=3 hl=2 l= 33 prim: INTEGER :(== *order / curve.order) + * 148:d=3 hl=2 l= 1 prim: INTEGER :(== curve.cofactor) + * 151:d=1 hl=2 l= 77 prim: OCTET STRING :bytes (== *priv_key) + */ + + if (mp_cmp_d(version->data, 1) != LTC_MP_EQ) { + goto LBL_DONE; + } + cofactor = mp_get_int(p_cofactor->data); + if (LTC_ASN1_IS_TYPE(field->child, LTC_ASN1_OBJECT_IDENTIFIER) && + LTC_ASN1_IS_TYPE(field->child->next, LTC_ASN1_INTEGER) && + LTC_ASN1_IS_TYPE(point->child, LTC_ASN1_OCTET_STRING) && + LTC_ASN1_IS_TYPE(point->child->next, LTC_ASN1_OCTET_STRING)) { - if (pkcs8_decode_flexi(in, inlen, pwd, pwdlen, &l) == CRYPT_OK) { - - /* Setup for basic structure */ - n=0; - LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, NULL); - LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_SEQUENCE, &seq); - LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_OCTET_STRING, &priv_key); - LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL); - - if ((der_flexi_sequence_cmp(l, flexi_should) == CRYPT_OK) && - (pk_oid_cmp_with_asn1(pka_ec_oid, seq->child) == CRYPT_OK)) { - ltc_asn1_list *version, *field, *point, *point_g, *order, *p_cofactor; - - /* Setup for CASE 2 */ - n=0; - LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, &version); - LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_SEQUENCE, &field); - LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_SEQUENCE, &point); - LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_OCTET_STRING, &point_g); - LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, &order); - LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, &p_cofactor); - LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL); - - if (LTC_ASN1_IS_TYPE(seq->child->next, LTC_ASN1_OBJECT_IDENTIFIER)) { - /* CASE 1: curve by OID (AKA short variant): - * 0:d=0 hl=2 l= 100 cons: SEQUENCE - * 2:d=1 hl=2 l= 1 prim: INTEGER :00 - * 5:d=1 hl=2 l= 16 cons: SEQUENCE (== *seq) - * 7:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey - * 16:d=2 hl=2 l= 5 prim: OBJECT :(== *curve_oid (e.g. secp256k1 (== 1.3.132.0.10))) - * 23:d=1 hl=2 l= 77 prim: OCTET STRING :bytes (== *priv_key) - */ - ltc_asn1_list *curve_oid = seq->child->next; - len = sizeof(OID); - if ((err = pk_oid_num_to_str(curve_oid->data, curve_oid->size, OID, &len)) != CRYPT_OK) { goto LBL_DONE; } - if ((err = ecc_find_curve(OID, &curve)) != CRYPT_OK) { goto LBL_DONE; } - if ((err = ecc_set_curve(curve, key)) != CRYPT_OK) { goto LBL_DONE; } + ltc_asn1_list *prime = field->child->next; + if ((err = mp_read_unsigned_bin(a, point->child->data, point->child->size)) != CRYPT_OK) { + goto LBL_DONE; } - else if ((err = der_flexi_sequence_cmp(seq->child->next, flexi_should)) == CRYPT_OK) { - /* CASE 2: explicit curve parameters (AKA long variant): - * 0:d=0 hl=3 l= 227 cons: SEQUENCE - * 3:d=1 hl=2 l= 1 prim: INTEGER :00 - * 6:d=1 hl=3 l= 142 cons: SEQUENCE (== *seq) - * 9:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey - * 18:d=2 hl=3 l= 130 cons: SEQUENCE - * 21:d=3 hl=2 l= 1 prim: INTEGER :01 - * 24:d=3 hl=2 l= 44 cons: SEQUENCE (== *field) - * 26:d=4 hl=2 l= 7 prim: OBJECT :prime-field - * 35:d=4 hl=2 l= 33 prim: INTEGER :(== *prime / curve.prime) - * 70:d=3 hl=2 l= 6 cons: SEQUENCE (== *point) - * 72:d=4 hl=2 l= 1 prim: OCTET STRING :bytes (== curve.A) - * 75:d=4 hl=2 l= 1 prim: OCTET STRING :bytes (== curve.B) - * 78:d=3 hl=2 l= 33 prim: OCTET STRING :bytes (== *g_point / curve.G-point) - * 113:d=3 hl=2 l= 33 prim: INTEGER :(== *order / curve.order) - * 148:d=3 hl=2 l= 1 prim: INTEGER :(== curve.cofactor) - * 151:d=1 hl=2 l= 77 prim: OCTET STRING :bytes (== *priv_key) - */ - - if (mp_get_int(version->data) != 1) { - goto LBL_DONE; - } - cofactor = mp_get_int(p_cofactor->data); - - if (LTC_ASN1_IS_TYPE(field->child, LTC_ASN1_OBJECT_IDENTIFIER) && - LTC_ASN1_IS_TYPE(field->child->next, LTC_ASN1_INTEGER) && - LTC_ASN1_IS_TYPE(point->child, LTC_ASN1_OCTET_STRING) && - LTC_ASN1_IS_TYPE(point->child->next, LTC_ASN1_OCTET_STRING)) { - - ltc_asn1_list *prime = field->child->next; - if ((err = mp_read_unsigned_bin(a, point->child->data, point->child->size)) != CRYPT_OK) { - goto LBL_DONE; - } - if ((err = mp_read_unsigned_bin(b, point->child->next->data, point->child->next->size)) != CRYPT_OK) { - goto LBL_DONE; - } - if ((err = ltc_ecc_import_point(point_g->data, point_g->size, prime->data, a, b, gx, gy)) != CRYPT_OK) { - goto LBL_DONE; - } - if ((err = ecc_set_curve_from_mpis(a, b, prime->data, order->data, gx, gy, cofactor, key)) != CRYPT_OK) { - goto LBL_DONE; - } - } + if ((err = mp_read_unsigned_bin(b, point->child->next->data, point->child->next->size)) != CRYPT_OK) { + goto LBL_DONE; } - else { - err = CRYPT_INVALID_PACKET; + if ((err = ltc_ecc_import_point(point_g->data, point_g->size, prime->data, a, b, gx, gy)) != CRYPT_OK) { + goto LBL_DONE; + } + if ((err = ecc_set_curve_from_mpis(a, b, prime->data, order->data, gx, gy, cofactor, key)) != CRYPT_OK) { goto LBL_DONE; } + } + } else { + err = CRYPT_INVALID_PACKET; + goto LBL_DONE; + } - /* load private key value 'k' */ - len = priv_key->size; - if (der_decode_sequence_flexi(priv_key->data, &len, &p) == CRYPT_OK) { - if (p->type == LTC_ASN1_SEQUENCE && - LTC_ASN1_IS_TYPE(p->child, LTC_ASN1_INTEGER) && - LTC_ASN1_IS_TYPE(p->child->next, LTC_ASN1_OCTET_STRING)) { - ltc_asn1_list *lk = p->child->next; - if (mp_cmp_d(p->child->data, 1) != LTC_MP_EQ) { - err = CRYPT_INVALID_PACKET; - goto LBL_ECCFREE; - } - if ((err = ecc_set_key(lk->data, lk->size, PK_PRIVATE, key)) != CRYPT_OK) { - goto LBL_ECCFREE; - } - goto LBL_DONE; /* success */ - } + /* load private key value 'k' */ + len = priv_key->size; + if (der_decode_sequence_flexi(priv_key->data, &len, &p) == CRYPT_OK) { + if (p->type == LTC_ASN1_SEQUENCE && + LTC_ASN1_IS_TYPE(p->child, LTC_ASN1_INTEGER) && + LTC_ASN1_IS_TYPE(p->child->next, LTC_ASN1_OCTET_STRING)) { + ltc_asn1_list *lk = p->child->next; + if (mp_cmp_d(p->child->data, 1) != LTC_MP_EQ) { + err = CRYPT_INVALID_PACKET; + goto LBL_ECCFREE; } + if ((err = ecc_set_key(lk->data, lk->size, PK_PRIVATE, key)) != CRYPT_OK) { + goto LBL_ECCFREE; + } + goto LBL_DONE; /* success */ } } err = CRYPT_INVALID_PACKET; @@ -148,9 +121,47 @@ int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, ecc_free(key); LBL_DONE: mp_clear_multi(a, b, gx, gy, LTC_NULL); - if (l) der_free_sequence_flexi(l); +LBL_DER_FREE: if (p) der_free_sequence_flexi(p); return err; } +/** + Import an ECC private from in PKCS#8 format + @param in The packet to import from + @param inlen It's length (octets) + @param pw_ctx The password context when decrypting the private key + @param key [out] Destination for newly imported key + @return CRYPT_OK if successful, upon error allocated memory is freed +*/ +int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, + const password_ctx *pw_ctx, + ecc_key *key) +{ + int err; + ltc_asn1_list *l = NULL; + ltc_asn1_list *alg_id, *priv_key; + enum ltc_oid_id pka; + + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + + err = pkcs8_decode_flexi(in, inlen, pw_ctx, &l); + if (err != CRYPT_OK) return err; + + if ((err = pkcs8_get_children(l, &pka, &alg_id, &priv_key)) != CRYPT_OK) { + goto LBL_DER_FREE; + } + if (pka != LTC_OID_EC) { + err = CRYPT_INVALID_PACKET; + goto LBL_DER_FREE; + } + + err = ecc_import_pkcs8_asn1(alg_id, priv_key, key); + +LBL_DER_FREE: + der_free_sequence_flexi(l); + return err; +} + #endif diff --git a/src/pk/ed25519/ed25519_import_pkcs8.c b/src/pk/ed25519/ed25519_import_pkcs8.c index 71f12de49..b1e68332f 100644 --- a/src/pk/ed25519/ed25519_import_pkcs8.c +++ b/src/pk/ed25519/ed25519_import_pkcs8.c @@ -9,20 +9,25 @@ #ifdef LTC_CURVE25519 +int ed25519_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, + curve25519_key *key) +{ + return ec25519_import_pkcs8_asn1(alg_id, priv_key, LTC_OID_ED25519, key); +} + /** Import an Ed25519 private key in PKCS#8 format - @param in The DER-encoded PKCS#8-formatted private key - @param inlen The length of the input data - @param passwd The password to decrypt the private key - @param passwdlen Password's length (octets) - @param key [out] Where to import the key to + @param in The packet to import from + @param inlen It's length (octets) + @param pw_ctx The password context when decrypting the private key + @param key [out] Destination for newly imported key @return CRYPT_OK if successful, on error all allocated memory is freed automatically */ -int ed25519_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, - curve25519_key *key) +int ed25519_import_pkcs8(const unsigned char *in, unsigned long inlen, + const password_ctx *pw_ctx, + curve25519_key *key) { - return ec25519_import_pkcs8(in, inlen, pwd, pwdlen, LTC_OID_ED25519, tweetnacl_crypto_sk_to_pk, key); + return ec25519_import_pkcs8(in, inlen, pw_ctx, LTC_OID_ED25519, key); } #endif diff --git a/src/pk/rsa/rsa_import_pkcs8.c b/src/pk/rsa/rsa_import_pkcs8.c index 9e02585cf..0a4570c03 100644 --- a/src/pk/rsa/rsa_import_pkcs8.c +++ b/src/pk/rsa/rsa_import_pkcs8.c @@ -9,107 +9,61 @@ #ifdef LTC_MRSA -/* Public-Key Cryptography Standards (PKCS) #8: - * Private-Key Information Syntax Specification Version 1.2 - * https://tools.ietf.org/html/rfc5208 - * - * PrivateKeyInfo ::= SEQUENCE { - * version Version, - * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, - * privateKey PrivateKey, - * attributes [0] IMPLICIT Attributes OPTIONAL } - * where: - * - Version ::= INTEGER - * - PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier - * - PrivateKey ::= OCTET STRING - * - Attributes ::= SET OF Attribute - * - * EncryptedPrivateKeyInfo ::= SEQUENCE { - * encryptionAlgorithm EncryptionAlgorithmIdentifier, - * encryptedData EncryptedData } - * where: - * - EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier - * - EncryptedData ::= OCTET STRING - */ +int rsa_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, rsa_key *key) +{ + int err; + + LTC_ARGCHK(key != NULL); + + LTC_UNUSED_PARAM(alg_id); + + if ((err = rsa_init(key)) != CRYPT_OK) { + return err; + } + + if ((err = rsa_import_pkcs1(priv_key->data, priv_key->size, key)) != CRYPT_OK) { + rsa_free(key); + return err; + } + key->type = PK_PRIVATE; + + return err; +} /** Import an RSAPrivateKey in PKCS#8 format @param in The packet to import from @param inlen It's length (octets) - @param passwd The password for decrypting privkey - @param passwdlen Password's length (octets) + @param pw_ctx The password context when decrypting the private key @param key [out] Destination for newly imported key @return CRYPT_OK if successful, upon error allocated memory is freed */ int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *passwd, unsigned long passwdlen, + const password_ctx *pw_ctx, rsa_key *key) { int err; - unsigned char *buf1 = NULL, *buf2 = NULL; - unsigned long buf1len, buf2len; - unsigned long oid[16], version; - const char *rsaoid; - ltc_asn1_list alg_seq[2], top_seq[3]; ltc_asn1_list *l = NULL; - unsigned char *decrypted = NULL; - unsigned long decryptedlen; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - /* get RSA alg oid */ - err = pk_get_oid(LTC_OID_RSA, &rsaoid); - if (err != CRYPT_OK) { goto LBL_NOFREE; } - - /* alloc buffers */ - buf1len = inlen; /* approx. */ - buf1 = XMALLOC(buf1len); - if (buf1 == NULL) { err = CRYPT_MEM; goto LBL_NOFREE; } - buf2len = inlen; /* approx. */ - buf2 = XMALLOC(buf2len); - if (buf2 == NULL) { err = CRYPT_MEM; goto LBL_FREE1; } + ltc_asn1_list *alg_id, *priv_key; + enum ltc_oid_id pka; - /* init key */ - if ((err = rsa_init(key)) != CRYPT_OK) { goto LBL_FREE2; } + LTC_ARGCHK(in != NULL); - /* try to decode encrypted priv key */ - if ((err = pkcs8_decode_flexi(in, inlen, passwd, passwdlen, &l)) != CRYPT_OK) { - goto LBL_ERR; + if ((err = pkcs8_decode_flexi(in, inlen, pw_ctx, &l)) != CRYPT_OK) { + return err; } - decrypted = l->data; - decryptedlen = l->size; - - /* try to decode unencrypted priv key */ - LTC_SET_ASN1(alg_seq, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, 16UL); - LTC_SET_ASN1(alg_seq, 1, LTC_ASN1_NULL, NULL, 0UL); - LTC_SET_ASN1(top_seq, 0, LTC_ASN1_SHORT_INTEGER, &version, 1UL); - LTC_SET_ASN1(top_seq, 1, LTC_ASN1_SEQUENCE, alg_seq, 2UL); - LTC_SET_ASN1(top_seq, 2, LTC_ASN1_OCTET_STRING, buf1, buf1len); - err=der_decode_sequence(decrypted, decryptedlen, top_seq, 3UL); - if (err != CRYPT_OK) { goto LBL_ERR; } - - /* check alg oid */ - if ((err = pk_oid_cmp_with_asn1(rsaoid, &alg_seq[0])) != CRYPT_OK) { - goto LBL_ERR; + if ((err = pkcs8_get_children(l, &pka, &alg_id, &priv_key)) != CRYPT_OK) { + goto LBL_DER_FREE; } - - if ((err = rsa_import_pkcs1(buf1, top_seq[2].size, key)) != CRYPT_OK) { - goto LBL_ERR; + if (pka != LTC_OID_RSA) { + err = CRYPT_INVALID_PACKET; + goto LBL_DER_FREE; } - key->type = PK_PRIVATE; - err = CRYPT_OK; - goto LBL_FREE2; -LBL_ERR: - rsa_free(key); -LBL_FREE2: - if (l) der_free_sequence_flexi(l); - XFREE(buf2); -LBL_FREE1: - XFREE(buf1); -LBL_NOFREE: + err = rsa_import_pkcs8_asn1(alg_id, priv_key, key); + +LBL_DER_FREE: + der_free_sequence_flexi(l); return err; } diff --git a/src/pk/x25519/x25519_import_pkcs8.c b/src/pk/x25519/x25519_import_pkcs8.c index 8b577c311..5c8e9b68c 100644 --- a/src/pk/x25519/x25519_import_pkcs8.c +++ b/src/pk/x25519/x25519_import_pkcs8.c @@ -9,20 +9,24 @@ #ifdef LTC_CURVE25519 +int x25519_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, + curve25519_key *key) +{ + return ec25519_import_pkcs8_asn1(alg_id, priv_key, LTC_OID_X25519, key); +} /** Import a X25519 private key in PKCS#8 format - @param in The DER-encoded PKCS#8-formatted private key - @param inlen The length of the input data - @param passwd The password to decrypt the private key - @param passwdlen Password's length (octets) - @param key [out] Where to import the key to + @param in The packet to import from + @param inlen It's length (octets) + @param pw_ctx The password context when decrypting the private key + @param key [out] Destination for newly imported key @return CRYPT_OK if successful, on error all allocated memory is freed automatically */ -int x25519_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, - curve25519_key *key) +int x25519_import_pkcs8(const unsigned char *in, unsigned long inlen, + const password_ctx *pw_ctx, + curve25519_key *key) { - return ec25519_import_pkcs8(in, inlen, pwd, pwdlen, LTC_OID_X25519, tweetnacl_crypto_scalarmult_base, key); + return ec25519_import_pkcs8(in, inlen, pw_ctx, LTC_OID_X25519, key); } #endif diff --git a/tests/ecc_test.c b/tests/ecc_test.c index 138834166..82bb79029 100644 --- a/tests/ecc_test.c +++ b/tests/ecc_test.c @@ -637,6 +637,15 @@ static int s_ecc_new_api(void) return CRYPT_OK; } + +static int password_get(void **p, unsigned long *l, void *u) +{ + LTC_UNUSED_PARAM(u); + *p = strdup("secret"); + *l = 6; + return 0; +} + static int s_ecc_import_export(void) { const ltc_ecc_curve *cu; ecc_key key, pri, pub; @@ -1317,6 +1326,8 @@ static int s_ecc_import_export(void) { 0x9d, 0x7b, 0x70, 0x3e, 0xf5, 0x7d, 0xa4, 0xfd, 0x3c, 0xc6, 0x49, 0x93, 0xd3, 0x5b, 0xef, 0xc9, 0xae, 0x97, 0xaf, 0x64, 0x64, 0xf9, 0x69, 0xd8 }; + password_ctx pw_ctx; + pw_ctx.callback = password_get; if (ltc_mp.sqrtmod_prime == NULL) return CRYPT_NOP; /* we need compressed points which requires sqrtmod_prime */ @@ -1365,84 +1376,84 @@ static int s_ecc_import_export(void) { ecc_free(&key); /* import - private PKCS8 format - no password */ - DO(ecc_import_pkcs8(long_pri_pkcs8, sizeof(long_pri_pkcs8), NULL, 0, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8, sizeof(long_pri_pkcs8), NULL, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); - DO(ecc_import_pkcs8(long_pric_pkcs8, sizeof(long_pric_pkcs8), NULL, 0, &key)); + DO(ecc_import_pkcs8(long_pric_pkcs8, sizeof(long_pric_pkcs8), NULL, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); - DO(ecc_import_pkcs8(short_pri_pkcs8, sizeof(short_pri_pkcs8), NULL, 0, &key)); + DO(ecc_import_pkcs8(short_pri_pkcs8, sizeof(short_pri_pkcs8), NULL, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); - DO(ecc_import_pkcs8(short_pric_pkcs8, sizeof(short_pric_pkcs8), NULL, 0, &key)); + DO(ecc_import_pkcs8(short_pric_pkcs8, sizeof(short_pric_pkcs8), NULL, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); /* import - private PKCS8 format - password protected (PBES1 algorithms) */ #ifdef LTC_MD2 - DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md2_des, sizeof(long_pri_pkcs8_pbe_md2_des), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md2_des, sizeof(long_pri_pkcs8_pbe_md2_des), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #ifdef LTC_MD5 - DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md5_des, sizeof(long_pri_pkcs8_pbe_md5_des), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md5_des, sizeof(long_pri_pkcs8_pbe_md5_des), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #ifdef LTC_SHA1 - DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_sha1_des, sizeof(long_pri_pkcs8_pbe_sha1_des), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_sha1_des, sizeof(long_pri_pkcs8_pbe_sha1_des), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_RC2) && defined(LTC_MD2) - DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md2_rc2_64, sizeof(long_pri_pkcs8_pbe_md2_rc2_64), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md2_rc2_64, sizeof(long_pri_pkcs8_pbe_md2_rc2_64), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_RC2) && defined(LTC_MD5) - DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md5_rc2_64, sizeof(long_pri_pkcs8_pbe_md5_rc2_64), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md5_rc2_64, sizeof(long_pri_pkcs8_pbe_md5_rc2_64), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_RC2) && defined(LTC_SHA1) - DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_sha1_rc2_64, sizeof(long_pri_pkcs8_pbe_sha1_rc2_64), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_sha1_rc2_64, sizeof(long_pri_pkcs8_pbe_sha1_rc2_64), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif /* import - private PKCS8 format - password protected (PBES2 algorithms) */ #if defined(LTC_RC2) - DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_rc2_cbc, sizeof(long_pri_pkcs8_pbkdf2_rc2_cbc), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_rc2_cbc, sizeof(long_pri_pkcs8_pbkdf2_rc2_cbc), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_DES) - DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_des_cbc, sizeof(long_pri_pkcs8_pbkdf2_des_cbc), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_des_cbc, sizeof(long_pri_pkcs8_pbkdf2_des_cbc), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_DES) - DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_des_ede3_cbc), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_des_ede3_cbc), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_SHA224) && defined(LTC_DES) - DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_SHA256) && defined(LTC_DES) - DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_SHA384) && defined(LTC_DES) - DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_SHA512) && defined(LTC_DES) - DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif diff --git a/tests/ed25519_test.c b/tests/ed25519_test.c index e59f35b73..580b98cae 100644 --- a/tests/ed25519_test.c +++ b/tests/ed25519_test.c @@ -16,6 +16,14 @@ static void xor_shuffle(unsigned char *buf, unsigned long size, unsigned char ch buf[i] ^= change; } +static int password_get(void **p, unsigned long *l, void *u) +{ + LTC_UNUSED_PARAM(u); + *p = strdup("123456"); + *l = 6; + return 0; +} + static int s_rfc_8410_10_test(void) { const struct { @@ -57,6 +65,8 @@ static int s_rfc_8410_10_test(void) unsigned char buf[1024]; char tmp[512]; unsigned long buflen, tmplen; + password_ctx pw_ctx; + pw_ctx.callback = password_get; for (n = 0; n < sizeof(rfc_8410_10)/sizeof(rfc_8410_10[0]); ++n) { buflen = sizeof(buf); DO(base64_decode(rfc_8410_10[n].b64, XSTRLEN(rfc_8410_10[n].b64), buf, &buflen)); @@ -69,10 +79,10 @@ static int s_rfc_8410_10_test(void) break; case 2: case 3: - DO(ed25519_import_pkcs8(buf, buflen, NULL, 0, &key)); + DO(ed25519_import_pkcs8(buf, buflen, NULL, &key)); break; case 4: - DO(ed25519_import_pkcs8(buf, buflen, "123456", 6, &key)); + DO(ed25519_import_pkcs8(buf, buflen, &pw_ctx, &key)); break; default: return CRYPT_FAIL_TESTVECTOR; diff --git a/tests/rsa_test.c b/tests/rsa_test.c index a3833ef0c..8abcf350d 100644 --- a/tests/rsa_test.c +++ b/tests/rsa_test.c @@ -227,7 +227,7 @@ static int rsa_compat_test(void) rsa_free(&key); /* try import private key in pkcs8 format */ - DO(rsa_import_pkcs8(pkcs8_private_rsa, sizeof(pkcs8_private_rsa), NULL, 0, &key)); + DO(rsa_import_pkcs8(pkcs8_private_rsa, sizeof(pkcs8_private_rsa), NULL, &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PRIVATE, &key)); DO(do_compare_testvector(buf, len, openssl_private_rsa, sizeof(openssl_private_rsa), "RSA private export (from PKCS#8)", 0)); @@ -430,9 +430,19 @@ static int s_rsa_import_x509(const void *in, unsigned long inlen, void *key) } #if defined(LTC_MD2) && defined(LTC_MD5) && defined(LTC_RC2) +static int password_get(void **p, unsigned long *l, void *u) +{ + LTC_UNUSED_PARAM(u); + *p = strdup("secret"); + *l = 6; + return 0; +} + static int s_rsa_import_pkcs8(const void *in, unsigned long inlen, void *key) { - return rsa_import_pkcs8(in, inlen, "secret", 6, key); + password_ctx pw_ctx; + pw_ctx.callback = password_get; + return rsa_import_pkcs8(in, inlen, &pw_ctx, key); } #endif #endif diff --git a/tests/x25519_test.c b/tests/x25519_test.c index 0d4423526..113b071b1 100644 --- a/tests/x25519_test.c +++ b/tests/x25519_test.c @@ -139,6 +139,13 @@ static int s_rfc_8410_10_test(void) return CRYPT_OK; } +static int password_get(void **p, unsigned long *l, void *u) +{ + *p = strdup(u); + *l = strlen(*p); + return 0; +} + static int s_x25519_pkcs8_test(void) { const struct { @@ -161,13 +168,16 @@ static int s_x25519_pkcs8_test(void) unsigned n; curve25519_key key; unsigned char buf[1024]; - unsigned long buflen, passlen; + unsigned long buflen; + password_ctx pw_ctx, *p_pw_ctx; + pw_ctx.callback = password_get; for (n = 0; n < sizeof(s_x25519_pkcs8)/sizeof(s_x25519_pkcs8[0]); ++n) { buflen = sizeof(buf); DO(base64_decode(s_x25519_pkcs8[n].b64, XSTRLEN(s_x25519_pkcs8[n].b64), buf, &buflen)); - if (s_x25519_pkcs8[n].pass != NULL) passlen = XSTRLEN(s_x25519_pkcs8[n].pass); - else passlen = 0; - DO(x25519_import_pkcs8(buf, buflen, s_x25519_pkcs8[n].pass, passlen, &key)); + pw_ctx.userdata = (void*)s_x25519_pkcs8[n].pass; + if (s_x25519_pkcs8[n].pass != NULL) p_pw_ctx = &pw_ctx; + else p_pw_ctx = NULL; + DO(x25519_import_pkcs8(buf, buflen, p_pw_ctx, &key)); zeromem(buf, sizeof(buf)); } return CRYPT_OK; @@ -187,7 +197,7 @@ static int s_x25519_compat_test(void) DO(x25519_make_key(&yarrow_prng, prng_idx, &priv)); DO(x25519_export(buf, &buflen, PK_PRIVATE | PK_STD, &priv)); - DO(x25519_import_pkcs8(buf, buflen, NULL, 0, &imported)); + DO(x25519_import_pkcs8(buf, buflen, NULL, &imported)); DO(do_compare_testvector(&priv, sizeof(priv), &imported, sizeof(imported), "priv after ex-&import", __LINE__)); XMEMSET(&imported, 0, sizeof(imported)); From b913bbe591e1b16eb3bf6452c390c5a9ac408092 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 12 Jan 2022 12:46:36 +0100 Subject: [PATCH 14/33] add support for regular PEM files This adds support to decode plain and encrypted PEM files. Either in OpenSSL specific format or PKCS#8 Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_custom.h | 8 + src/headers/tomcrypt_misc.h | 4 +- src/headers/tomcrypt_private.h | 31 +++- src/misc/crypt/crypt.c | 1 + src/misc/pem/pem_decode.c | 291 ++++++++++++++++++++++++++++++++- src/misc/pem/pem_ssh.c | 8 +- 6 files changed, 329 insertions(+), 14 deletions(-) diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h index e715a2991..265d1fd87 100644 --- a/src/headers/tomcrypt_custom.h +++ b/src/headers/tomcrypt_custom.h @@ -114,6 +114,8 @@ #define LTC_NO_MISC #define LTC_BASE64 + #define LTC_BASE16 + #define LTC_PEM #endif /* LTC_EASY */ /* The minimal set of functionality to run the tests */ @@ -571,6 +573,12 @@ #endif #if defined(LTC_PEM) + /* Size of the line-buffer */ + #ifndef LTC_PEM_DECODE_BUFSZ + #define LTC_PEM_DECODE_BUFSZ 72 + #elif LTC_PEM_DECODE_BUFSZ < 72 + #error "LTC_PEM_DECODE_BUFSZ shall not be < 72 bytes" + #endif /* Size of the decoded data buffer */ #ifndef LTC_PEM_READ_BUFSIZE #ifdef LTC_FILE_READ_BUFSIZE diff --git a/src/headers/tomcrypt_misc.h b/src/headers/tomcrypt_misc.h index e722a0a26..4fcdadd68 100644 --- a/src/headers/tomcrypt_misc.h +++ b/src/headers/tomcrypt_misc.h @@ -160,10 +160,12 @@ int padding_depad(const unsigned char *data, unsigned long *length, unsigned lon #endif /* LTC_PADDING */ #ifdef LTC_PEM +int pem_decode_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx); +int pem_decode(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx); #ifdef LTC_SSH int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx); -int pem_decode_openssh(void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx); +int pem_decode_openssh(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx); #endif #endif /* LTC_PEM */ diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 31ff7b524..082461f56 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -259,6 +259,13 @@ struct password { void *pw; unsigned long l; }; +struct dek_info { + const char *alg; + unsigned long keylen; + /* should use `MAXBLOCKSIZE` here, but all supported + * blockciphers require max 16 bytes IV */ + char iv[16 * 2 + 1]; +}; struct str { char *p; @@ -267,6 +274,8 @@ struct str { #define SET_STR(n, s) n.p = s, n.len = XSTRLEN(s) #define SET_CSTR(n, s) n.p = (char*)s, n.len = XSTRLEN(s) +#define COPY_STR(n, s, l) do { XMEMCPY(n.p, s, l); n.len = l; } while(0) +#define FREE_STR(n) do { n.p = NULL; n.len = 0; } while(0) enum more_headers { no, @@ -274,11 +283,20 @@ enum more_headers { maybe }; +struct pem_header_id { + struct str start, end; + enum more_headers has_more_headers; + int encrypted; + enum ltc_pka_id pka; + int pkcs8; + int (*decrypt)(void *, unsigned long *, void *); +}; + struct pem_headers { - const struct { - struct str start, end; - enum more_headers has_more_headers; - }; + const struct pem_header_id *id; + int encrypted; + struct dek_info info; + struct password *pw; }; struct bufp { @@ -288,7 +306,7 @@ struct bufp { char *p, *r, *end; }; -#define SET_BUFP(n, d, l) n.p = d, n.r = d, n.end = (char*)d + l + 1 +#define SET_BUFP(n, d, l) n.p = (char*)d, n.r = (char*)d, n.end = (char*)d + l + 1 struct get_char { int (*get)(struct get_char*); @@ -296,6 +314,8 @@ struct get_char { FILE *f; struct bufp buf; }; + struct str unget_buf; + char unget_buf_[LTC_PEM_DECODE_BUFSZ]; }; /* others */ @@ -328,6 +348,7 @@ void rsa_shrink_key(rsa_key *key); int rsa_make_key_bn_e(prng_state *prng, int wprng, int size, void *e, rsa_key *key); /* used by op-tee */ int rsa_import_pkcs1(const unsigned char *in, unsigned long inlen, rsa_key *key); +int rsa_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, rsa_key *key); #endif /* LTC_MRSA */ /* ---- DH Routines ---- */ diff --git a/src/misc/crypt/crypt.c b/src/misc/crypt/crypt.c index 08554b106..31c74a055 100644 --- a/src/misc/crypt/crypt.c +++ b/src/misc/crypt/crypt.c @@ -469,6 +469,7 @@ const char *crypt_build_settings = #endif #if defined(LTC_PEM) " PEM " + " " NAME_VALUE(LTC_PEM_DECODE_BUFSZ) " " " " NAME_VALUE(LTC_PEM_READ_BUFSIZE) " " #endif #if defined(LTC_SSH) diff --git a/src/misc/pem/pem_decode.c b/src/misc/pem/pem_decode.c index c30b8ad44..9520baead 100644 --- a/src/misc/pem/pem_decode.c +++ b/src/misc/pem/pem_decode.c @@ -9,8 +9,66 @@ #ifdef LTC_PEM +struct dek_info_from_str { + const struct str id; + struct dek_info info; +}; + /* Encrypted PEM files */ -#define PEM_DECODE_BUFSZ 72 +static const struct str proc_type_encrypted = { SET_CSTR(, "Proc-Type: 4,ENCRYPTED") }; +static const struct dek_info_from_str dek_infos[] = + { + { SET_CSTR(.id, "DEK-Info: AES-128-CBC,"), .info.alg = "aes", .info.keylen = 128 / 8, }, + { SET_CSTR(.id, "DEK-Info: AES-192-CBC,"), .info.alg = "aes", .info.keylen = 192 / 8, }, + { SET_CSTR(.id, "DEK-Info: AES-256-CBC,"), .info.alg = "aes", .info.keylen = 256 / 8, }, + { SET_CSTR(.id, "DEK-Info: CAMELLIA-128-CBC,"), .info.alg = "camellia", .info.keylen = 128 / 8, }, + { SET_CSTR(.id, "DEK-Info: CAMELLIA-192-CBC,"), .info.alg = "camellia", .info.keylen = 192 / 8, }, + { SET_CSTR(.id, "DEK-Info: CAMELLIA-256-CBC,"), .info.alg = "camellia", .info.keylen = 256 / 8, }, + { SET_CSTR(.id, "DEK-Info: DES-EDE3-CBC,"), .info.alg = "3des", .info.keylen = 192 / 8, }, + { SET_CSTR(.id, "DEK-Info: DES-CBC,"), .info.alg = "des", .info.keylen = 64 / 8, }, + }; + +static int s_decrypt_pem(unsigned char *pem, unsigned long *l, const struct pem_headers *hdr) +{ + unsigned char iv[MAXBLOCKSIZE], key[MAXBLOCKSIZE]; + unsigned long ivlen, klen; + int err; + symmetric_CBC cbc_ctx; + + if (hdr->info.keylen > sizeof(key)) { + return CRYPT_BUFFER_OVERFLOW; + } + if (!hdr->pw->pw) { + return CRYPT_INVALID_ARG; + } + + ivlen = sizeof(iv); + if ((err = base16_decode(hdr->info.iv, XSTRLEN(hdr->info.iv), iv, &ivlen)) != CRYPT_OK) { + return err; + } + klen = hdr->info.keylen; + if ((err = pkcs_5_alg1_openssl(hdr->pw->pw, hdr->pw->l, iv, 1, find_hash("md5"), key, &klen))) { + return err; + } + + if ((err = cbc_start(find_cipher(hdr->info.alg), iv, key, klen, 0, &cbc_ctx)) != CRYPT_OK) { + goto error_out; + } + if ((err = cbc_decrypt(pem, pem, *l, &cbc_ctx)) != CRYPT_OK) { + goto error_out; + } + if ((err = cbc_done(&cbc_ctx)) != CRYPT_OK) { + goto error_out; + } + if ((err = padding_depad(pem, l, LTC_PAD_PKCS7 | cbc_ctx.blocklen)) != CRYPT_OK) { + goto error_out; + } + +error_out: + zeromem(key, sizeof(key)); + zeromem(iv, sizeof(iv)); + return err; +} int pem_get_char_from_file(struct get_char *g) { @@ -28,10 +86,27 @@ int pem_get_char_from_buf(struct get_char *g) return ret; } +static void s_unget_line(char *buf, unsigned long buflen, struct get_char *g) +{ + if (buflen > sizeof(g->unget_buf_)) + return; + g->unget_buf.p = g->unget_buf_; + COPY_STR(g->unget_buf, buf, buflen); +} + static char* s_get_line(char *buf, unsigned long *buflen, struct get_char *g) { unsigned long blen = 0; int c = -1, c_; + if (g->unget_buf.p) { + if (*buflen < g->unget_buf.len) { + return NULL; + } + XMEMCPY(buf, g->unget_buf.p, g->unget_buf.len); + *buflen = g->unget_buf.len; + FREE_STR(g->unget_buf); + return buf; + } while(blen < *buflen) { c_ = c; c = g->get(g); @@ -66,12 +141,66 @@ static LTC_INLINE int s_fits_buf(void *dest, unsigned long to_write, void *end) static int s_pem_decode_headers(struct pem_headers *hdr, struct get_char *g) { + char buf[LTC_PEM_DECODE_BUFSZ]; + unsigned long slen, tmplen, n; + int has_more_headers = hdr->id->has_more_headers == no ? 0 : 3; + + /* Make sure the PEM has the appropriate extension headers if required. + * + * ``` + * Proc-Type: 4,ENCRYPTED[\r]\n + * DEK-Info: ,[\r]\n + * [\r]\n + * ``` + */ + while (has_more_headers) { + slen = sizeof(buf); + if (!s_get_line(buf, &slen, g) || (has_more_headers > 1 && slen == 0)) { + return CRYPT_INVALID_PACKET; + } + switch (has_more_headers) { + case 3: + if (XMEMCMP(buf, proc_type_encrypted.p, proc_type_encrypted.len)) { + s_unget_line(buf, slen, g); + if (hdr->id->has_more_headers == maybe) + return CRYPT_OK; + else + return CRYPT_INVALID_PACKET; + } + hdr->encrypted = 1; + break; + case 2: + hdr->info.alg = NULL; + for (n = 0; n < sizeof(dek_infos)/sizeof(dek_infos[0]); ++n) { + if (slen >= dek_infos[n].id.len && !XMEMCMP(buf, dek_infos[n].id.p, dek_infos[n].id.len)) { + hdr->info = dek_infos[n].info; + tmplen = XSTRLEN(buf + dek_infos[n].id.len); + if (tmplen > sizeof(hdr->info.iv)) + return CRYPT_INVALID_KEYSIZE; + XMEMCPY(hdr->info.iv, buf + dek_infos[n].id.len, tmplen); + break; + } + } + if (hdr->info.alg == NULL) { + return CRYPT_INVALID_CIPHER; + } + break; + case 1: + /* Make sure that there's an empty line in between */ + if (buf[0] != '\0') + return CRYPT_INVALID_PACKET; + break; + default: + return CRYPT_INVALID_CIPHER; + } + has_more_headers--; + } return CRYPT_OK; } int pem_read(void *pem, unsigned long *w, struct pem_headers *hdr, struct get_char *g) { - char buf[PEM_DECODE_BUFSZ]; + char buf[LTC_PEM_DECODE_BUFSZ]; char *wpem = pem; char *end = wpem + *w; unsigned long slen, linelen; @@ -82,17 +211,19 @@ int pem_read(void *pem, unsigned long *w, struct pem_headers *hdr, struct get_ch if (s_get_line(buf, &linelen, g) == NULL) { return CRYPT_INVALID_PACKET; } - if (hdr->start.len != linelen || XMEMCMP(buf, hdr->start.p, hdr->start.len)) { + if (hdr->id->start.len != linelen || XMEMCMP(buf, hdr->id->start.p, hdr->id->start.len)) { + s_unget_line(buf, linelen, g); return CRYPT_INVALID_PACKET; } + hdr->encrypted = hdr->id->encrypted; if ((err = s_pem_decode_headers(hdr, g)) != CRYPT_OK) return err; /* Read the base64 encoded part of the PEM */ slen = sizeof(buf); while (s_get_line(buf, &slen, g)) { - if (slen == hdr->end.len && !XMEMCMP(buf, hdr->end.p, slen)) { + if (slen == hdr->id->end.len && !XMEMCMP(buf, hdr->id->end.p, slen)) { hdr_ok = 1; break; } @@ -126,4 +257,156 @@ int pem_read(void *pem, unsigned long *w, struct pem_headers *hdr, struct get_ch return CRYPT_OK; } +static const struct pem_header_id pem_std_headers[] = { + { + /* PKCS#8 encrypted */ + SET_CSTR(.start, "-----BEGIN ENCRYPTED PRIVATE KEY-----"), + SET_CSTR(.end, "-----END ENCRYPTED PRIVATE KEY-----"), + .has_more_headers = no, + .encrypted = 1, + .pkcs8 = 1, + }, + { + /* PKCS#8 plain */ + SET_CSTR(.start, "-----BEGIN PRIVATE KEY-----"), + SET_CSTR(.end, "-----END PRIVATE KEY-----"), + .has_more_headers = no, + .pkcs8 = 1, + }, + /* Regular plain or encrypted private keys */ + { + SET_CSTR(.start, "-----BEGIN RSA PRIVATE KEY-----"), + SET_CSTR(.end, "-----END RSA PRIVATE KEY-----"), + .has_more_headers = maybe, + .pka = LTC_PKA_RSA, + }, + { + SET_CSTR(.start, "-----BEGIN EC PRIVATE KEY-----"), + SET_CSTR(.end, "-----END EC PRIVATE KEY-----"), + .has_more_headers = maybe, + .pka = LTC_PKA_EC, + }, + { + SET_CSTR(.start, "-----BEGIN DSA PRIVATE KEY-----"), + SET_CSTR(.end, "-----END DSA PRIVATE KEY-----"), + .has_more_headers = maybe, + .pka = LTC_PKA_DSA, + }, +}; +typedef int (*pkcs8_import)(const unsigned char *in, unsigned long inlen, + password_ctx *pw_ctx, + void *key); +typedef struct { + enum ltc_oid_id id; + pkcs8_import fn; +} p8_import_st; + +static int s_decode(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) +{ + unsigned char *pem = NULL; + unsigned long w, l, n; + int err = CRYPT_ERROR; + struct pem_headers hdr = { 0 }; + struct password pw; + ltc_asn1_list *p8_asn1 = NULL; + w = LTC_PEM_READ_BUFSIZE * 2; +retry: + pem = XREALLOC(pem, w); + for (n = 0; n < sizeof(pem_std_headers)/sizeof(pem_std_headers[0]); ++n) { + hdr.id = &pem_std_headers[n]; + err = pem_read(pem, &w, &hdr, g); + if (err == CRYPT_BUFFER_OVERFLOW) { + goto retry; + } else if (err == CRYPT_OK) { + break; + } + hdr.id = NULL; + } + /* id not found */ + if (hdr.id == NULL) + goto cleanup; + l = w; + if (hdr.id->pkcs8) { + enum ltc_oid_id pka; + ltc_asn1_list *alg_id, *priv_key; + if ((err = pkcs8_decode_flexi(pem, l, pw_ctx, &p8_asn1)) != CRYPT_OK) { + goto cleanup; + } + if ((err = pkcs8_get_children(p8_asn1, &pka, &alg_id, &priv_key)) != CRYPT_OK) { + goto cleanup; + } + switch (pka) { + case LTC_OID_RSA: + err = rsa_import_pkcs8_asn1(alg_id, priv_key, &k->u.rsa); + k->id = LTC_PKA_RSA; + break; + case LTC_OID_EC: + err = ecc_import_pkcs8_asn1(alg_id, priv_key, &k->u.ecc); + k->id = LTC_PKA_EC; + break; + case LTC_OID_ED25519: + err = ed25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.curve25519); + k->id = LTC_PKA_CURVE25519; + break; + case LTC_OID_X25519: + err = x25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.curve25519); + k->id = LTC_PKA_CURVE25519; + break; + default: + err = CRYPT_PK_INVALID_TYPE; + } + goto cleanup; + } else if (hdr.encrypted) { + LTC_ARGCHK(pw_ctx != NULL); + LTC_ARGCHK(pw_ctx->callback != NULL); + + hdr.pw = &pw; + if (pw_ctx->callback(&hdr.pw->pw, &hdr.pw->l, pw_ctx->userdata)) { + err = CRYPT_ERROR; + goto cleanup; + } + + if ((err = s_decrypt_pem(pem, &l, &hdr)) != CRYPT_OK) { + goto cleanup; + } + } + switch (hdr.id->pka) { + case LTC_OID_RSA: + err = rsa_import(pem, l, &k->u.rsa); + k->id = LTC_PKA_RSA; + break; + case LTC_OID_EC: + err = ecc_import_openssl(pem, l, &k->u.ecc); + k->id = LTC_PKA_EC; + break; + default: + err = CRYPT_PK_INVALID_TYPE; + goto cleanup; + } + +cleanup: + if (p8_asn1) { + der_sequence_free(p8_asn1); + } + if (hdr.pw) { + zeromem(hdr.pw->pw, hdr.pw->l); + XFREE(hdr.pw->pw); + } + XFREE(pem); + return err; +} + +int pem_decode_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx) +{ + struct get_char g = { .get = pem_get_char_from_file, .f = f }; + return s_decode(&g, k, pw_ctx); +} + +int pem_decode(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx) +{ + struct get_char g = { .get = pem_get_char_from_buf, SET_BUFP(.buf, buf, len) }; + return s_decode(&g, k, pw_ctx); + +} + #endif /* LTC_PEM */ diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c index ce0d3fe67..6c74585a1 100644 --- a/src/misc/pem/pem_ssh.c +++ b/src/misc/pem/pem_ssh.c @@ -337,7 +337,7 @@ static int s_decode_header(unsigned char *in, unsigned long *inlen, struct kdf_o return err; } -static const struct pem_headers pem_openssh = +static const struct pem_header_id pem_openssh = { SET_CSTR(.start, "-----BEGIN OPENSSH PRIVATE KEY-----"), SET_CSTR(.end, "-----END OPENSSH PRIVATE KEY-----"), @@ -349,7 +349,7 @@ static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, password_ctx *pw unsigned char *pem = NULL, *p, *privkey = NULL; unsigned long w, l, privkey_len; int err; - struct pem_headers hdr = pem_openssh; + struct pem_headers hdr = { .id = &pem_openssh }; struct kdf_options opts = { 0 }; w = LTC_PEM_READ_BUFSIZE * 2; retry: @@ -391,6 +391,7 @@ static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, password_ctx *pw if ((err = s_decrypt_private_keys(privkey, &privkey_len, &opts)) != CRYPT_OK) { goto cleanup; } + zeromem(opts.pw.pw, opts.pw.l); } w = privkey_len; @@ -400,7 +401,6 @@ static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, password_ctx *pw cleanup: if (opts.pw.pw) { - zeromem(opts.pw.pw, opts.pw.l); XFREE(opts.pw.pw); } if (privkey) { @@ -417,7 +417,7 @@ int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx) return s_decode_openssh(&g, k, pw_ctx); } -int pem_decode_openssh(void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx) +int pem_decode_openssh(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx) { struct get_char g = { .get = pem_get_char_from_buf, SET_BUFP(.buf, buf, len) }; return s_decode_openssh(&g, k, pw_ctx); From abcb9269d137e2b8d82d6172ecb6967350177a9f Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 12 Jan 2022 12:47:15 +0100 Subject: [PATCH 15/33] add PEM tests Signed-off-by: Steffen Jaeckel --- .../long_pri_pkcs8_pbe_md5_des.pem | 11 ++++ .../long_pri_pkcs8_pbe_md5_rc2_64.pem | 11 ++++ .../long_pri_pkcs8_pbe_sha1_des.pem | 11 ++++ .../long_pri_pkcs8_pbe_sha1_rc2_64.pem | 11 ++++ .../long_pri_pkcs8_pbkdf2_des_cbc.pem | 12 ++++ .../long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem | 12 ++++ .../long_pri_pkcs8_pbkdf2_rc2_cbc.pem | 12 ++++ ...g_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem | 12 ++++ ...g_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem | 12 ++++ ...g_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem | 12 ++++ ...g_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem | 12 ++++ tests/pem/ecc-encrypted.pem | 13 +++++ tests/pem/ecc-encrypted.pk8 | 12 ++++ tests/pem/ecc.pem | 10 ++++ tests/pem/ecc.pk8 | 10 ++++ tests/pem/ed25519.pem | 3 + tests/pem/ed25519_attrs.pem | 5 ++ tests/pem/rsa-encrypted-aes128.pem | 18 ++++++ tests/pem/rsa-encrypted-aes192.pem | 18 ++++++ tests/pem/rsa-encrypted-aes256.pem | 18 ++++++ tests/pem/rsa-encrypted-camellia128.pem | 18 ++++++ tests/pem/rsa-encrypted-camellia192.pem | 18 ++++++ tests/pem/rsa-encrypted-camellia256.pem | 18 ++++++ tests/pem/rsa-encrypted-des.pem | 18 ++++++ tests/pem/rsa-encrypted-des3.pem | 18 ++++++ tests/pem/rsa-encrypted.pem | 18 ++++++ tests/pem/rsa-encrypted.pk8 | 18 ++++++ tests/pem/rsa.pem | 15 +++++ tests/pem/rsa.pk8 | 16 ++++++ tests/pem/x25519-encrypted.pk8 | 6 ++ tests/pem_test.c | 55 +++++++++++++++++++ tests/test.c | 1 + tests/tomcrypt_test.h | 1 + 33 files changed, 455 insertions(+) create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_md5_des.pem create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_md5_rc2_64.pem create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_sha1_des.pem create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_sha1_rc2_64.pem create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_cbc.pem create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_rc2_cbc.pem create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem create mode 100644 tests/pem/ecc-encrypted.pem create mode 100644 tests/pem/ecc-encrypted.pk8 create mode 100644 tests/pem/ecc.pem create mode 100644 tests/pem/ecc.pk8 create mode 100644 tests/pem/ed25519.pem create mode 100644 tests/pem/ed25519_attrs.pem create mode 100644 tests/pem/rsa-encrypted-aes128.pem create mode 100644 tests/pem/rsa-encrypted-aes192.pem create mode 100644 tests/pem/rsa-encrypted-aes256.pem create mode 100644 tests/pem/rsa-encrypted-camellia128.pem create mode 100644 tests/pem/rsa-encrypted-camellia192.pem create mode 100644 tests/pem/rsa-encrypted-camellia256.pem create mode 100644 tests/pem/rsa-encrypted-des.pem create mode 100644 tests/pem/rsa-encrypted-des3.pem create mode 100644 tests/pem/rsa-encrypted.pem create mode 100644 tests/pem/rsa-encrypted.pk8 create mode 100644 tests/pem/rsa.pem create mode 100644 tests/pem/rsa.pk8 create mode 100644 tests/pem/x25519-encrypted.pk8 create mode 100644 tests/pem_test.c diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_md5_des.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_md5_des.pem new file mode 100644 index 000000000..ae7ec3126 --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_md5_des.pem @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBiTAbBgkqhkiG9w0BBQMwDgQIzN684k11RQMCAggABIIBaL9W5ZvbQUeDz4Zb +jISViw6ehWft1lmvZpqzA8Fik3zFIhxSZ9qr03mRdh9fU6VOfLX15NyMdFxwcYnR +c4a/CWz/tu7XTlY4sA0lvI0tJLrTOQNcZdNUlUTbnrQ1N1VaAVWbmP4m+r+NUivz +7ml0q3wcClRZmADg9NcTx1KnZQrbboGjIfG9mSNcpuN9OYa8muat9ytCRlBj43Fa +YKe6xYgKwWUzBdjArIufsdeCwDnfj5qFJ/7DUOgFaGS1mzCP/zJaZHWRd5ArchP/ +NVYwIonzPgmH7UP/VHJaFiKc7qmaHP7WHuGWMci8pMH1fnpCFDshQfwBHmCwCdar +lUy3Kwu4DUarhyde3jbDFyMwM/ffu9VJor+KZXokTYNjXPzuuM5ZBx7ZKYnFTuMJ +NpaH+chSxK3Peif03mWQMJZuiBNh3tAGfkFb+gMAdhxzgWpDhhtE1c8Zbnwyc+Sk +MMNju1uX2plDFluAxQ== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_md5_rc2_64.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_md5_rc2_64.pem new file mode 100644 index 000000000..0de458025 --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_md5_rc2_64.pem @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBiTAbBgkqhkiG9w0BBQYwDgQIUliSQEiAS8wCAggABIIBaMP+c+hNliY66qDg +33YhJJfuzxVkmW95vpDNw5UqF4jWBW+3xoJHpPJk2zON5nkENQkFU2B/7HY23tLT +lPuWoA5GDotPEMadDMLvxzuynRL9ywZjLVouKNngcLSgxZC5+LS5BqwBlfvcCqk6 +3d0XXB616f4CocTA9s6FHM24vgVEJujjj7K7V4otW7kYfLUTx8ZQ+YUNCCXI/2jB +c0UzHlCWFQ4oZuqINzc/W04HIOerjfGhK1SN/cUboN/PJ090wFzqEPE2MWf8/2ug +N5V2vMkrwwN5uIUumFGY7+vXWOdbs7TAplZQDGlS6I5hnJXqJMXysnweAmw/TOKl +UM25+LQSf6V5FeRh1q7cUzRtzahXX/YKICBYHgOChVj8B5QI31RNFRUpOYOFpjeo +fCMvNI6Qp3U9sW462xq4hvemBUUSOuM5P8M+mZxpAXxB56W5bfVTD8nWTzdMH38o +sfWwu/7anoMxI6YN8w== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_sha1_des.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_sha1_des.pem new file mode 100644 index 000000000..19826ead5 --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_sha1_des.pem @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBiTAbBgkqhkiG9w0BBQowDgQIT35B+lfH22gCAggABIIBaNDnpB3HZ1IxSmgD +9icYYXhKwHT9lpyAzlX8h43ccwROt/WR4N9+Q0Xcfdktv/5pVKkzkGsXD1u0x6OM +Oevtj/O7DbfzpW3pOUAB5aaA21QOksVAvjtjuwZ8eRGa4h6aXaMUQYOo5AQAHH8/ +Ev0MqqJucgEzONByZTp9B6FwWwbioEhap9h8qX6oQ09SXQnKCNi3KxD2IDAwMDMm +Ss+wMmq6xiGR2UUHg/+tiMHCmLTcCkvhTg6l7rsH6LEO4W3G0teholWSrke73yeO +NhU3O0AZjUCMXqli1WxeJByermRVAIY2lnMlG6+8sDQMEVePutd7x9Y7D223VwZR +ou59pwdJt+OHNKMCMiPIFNht5iir3zpJ+yP5wP5CDigb+RS5e03LGmT9An+8j/Kb +PZURQSa0aqQasn2QTAF7zRlLTOPpBlSPgmWuZolZbHqkDbX0xPJYO9BlfY5nX8hS +/18lPQ0wUIBYG19yuQ== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_sha1_rc2_64.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_sha1_rc2_64.pem new file mode 100644 index 000000000..62b66dd9f --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_sha1_rc2_64.pem @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBiTAbBgkqhkiG9w0BBQswDgQIh4GKHk4SmIcCAggABIIBaFWSw80nmDwiKdqt +u/t4WtFeyVbdtDZqX9pK1Um5lWVpdYNHBZFGtc+mQA4QTUGg7jCbOHC4YiO5FQtw +FVay9nMGd/MAfITULLUCNr7DERM9OgP3Iy8fvnloFV7DLafDeFGlreTrGVaEzb6+ +vHkys/Q107k3UpNNZl7LUSZ+u1olENDIkm/VhInmDS8fWgOt8KfKdmQB9hpnW3Q0 +WOiUBC/SEau/o0tLc9jqwXbkUxG4tYfFlQgA6ll1N7OPmX0XOleGsVJkeyakkkZm +78QQDDsEeDuS3Jk+L6VUbJimxUOFNzy27YhFYKFwvEoxVmAsKgBP+ycOQqIOM0Bu +NwtfNQm4gIySqfkMGnGIrOFpXT9nk2ouIoTnT1prGBHP7IosgJATlTytChhfXCj+ +pm119VBAHho+Rx0K7WPfWh6F7gBf8v+dtlPgYdtg9KgxsESkHqLQNAOxTgyw6Wv/ +f2Ma7GbDLKr98YTwEw== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_cbc.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_cbc.pem new file mode 100644 index 000000000..3a64eb1cd --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_cbc.pem @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBuTBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQISIYM8rI/jPMCAggA +MAwGCCqGSIb3DQIJBQAwEQYFKw4DAgcECDtoK11BLZ8yBIIBaBWpKqU/zd8dK45s +iC3X+IdPeXmg/tlJZyKJdlLgyZMzq2hwmqpNW6OqcVUf6vRJXrmUvLXdzbc8LmHi +hBUwtXAenYJHOt/dY2bQmHsh3UE6Rjo98CNUQkPY254kscMDCYIH2kYk5m7Axx9s +r/GSteJ73i1snCMlguBnAw4Hfn63aWJ+quu91lTupoZ5GzP2JmByNaobOzPbLj+o +RkQEdqjOCnRhnVKh6b7jJlJZjKC+pSrMovuVfrjfGk74MTnWDrYBBbM2whY2/1gV +JHjfI+2UUg2AJXqrZL6aNXgRAypWqEWm74quPzw1oED1xeBv3n3qTT8ibYHNXXcl +GGe8nduOm2sv+FZNx6LaKhutbSiCGW+TT14Rf7iYjDxDz2Zo+ngh9USb04VFhvN2 +rcdv3x2tetKqbQ6THhM9LfyArYpDF4tC2GRNCdmMcQClIMQIEwvabg14XORdYWBl +ETQPMiGjep69gcsCLg== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem new file mode 100644 index 000000000..2124806fe --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBvDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIuVWjGRuwrEYCAggA +MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECPNKy7KzuZplBIIBaMCytdZYGgmG +HnRqZZefHmq6QoFtPFy0UcUx/k4QyPX98gftQZsOMQUjK3SYb0E1stwvJyuOxMk2 +QAAkSvQgdB4/O9Bn+YcAr2yN1kQ3ZGs4GhKeFdCVzha6DFXPnfumxB7nqH1A7hvq +6e/DkOPnfcwfq7yy8ydmfubZ5ycdQmCn/s6UuxmipSG3viAWXOWxxj0ujOuwcti0 +UtVNDYfiat77khdEmkbTjWek/ClaQhbs8c0ihQ3VTjjzNumCjK95SDWzNfyXr1Cz +BOz940PYzy/CWJ9kcPHtAzF9ZKBCE0iDx6dlAqUpMr8+cUDGHtoxeMG0SEhuneEx ++2PyO8eHACl+UZ7gvMRvU0HikmIXLIDuE4W/5bFwLlwe+W0vWx+/RrxSUhotY2f3 +tIUMchZH0V9e2bjcZEpoOgAbJFwpv4BhSzPFGUtCvaW02GprDFbkvpdeVEAOeJCo +AERV4FOHuiQN5xICywgs8w== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_rc2_cbc.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_rc2_cbc.pem new file mode 100644 index 000000000..add39d146 --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_rc2_cbc.pem @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBxDBWBgkqhkiG9w0BBQ0wSTAsBgkqhkiG9w0BBQwwHwQID289hiP8sNACAggA +AgEQMAwGCCqGSIb3DQIJBQAwGQYIKoZIhvcNAwIwDQIBOgQIS6rg/BDDyx0EggFo ++EP7A0v/HXDb7sIKUaSRo31UgIvfB3ReCYvjl99OhGohyPKU5d0SG1P+a5qACAtM +9NOPIB8UdjjrKxz8i3hjpWEOCMQAdaXhkIiYaDbPvAVQwlfEA8LUlUoJce1JbyUy +O/BJx2FvSuQYMpzYdjj+PXifngb3qKAC7W+72D3d/npwCFMAfo/Bp9rCk/0MWakp +KpUspNT9b69YI0yGKxRpJNaX5B4FuaLe1O31Tveq0ImyiWEcSC6bsFfi8xWXmNMR +pw72Pv6FEgSc1aaSiViQVvkDaes1M4Po4K2geld07bnXn9e1JzInYquBnhFUe9Rs +HyGTqJp0S1Yyqdt46e13NIfM8knvapl9/0fZ/QJ9UIPbINpFRGeFBJY5pR1xEvNK +EST6HZIw84U0iMfGl2e9oyC4r+1hZfkELHSK3d/s/SRiRhw1yTOGU1dFMwUz8yif +CCNNR0cFDfSKHYQOu78bUZ+Nmt7ydzn5 +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem new file mode 100644 index 000000000..d77148418 --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBvDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIF1hZIYPOrdkCAggA +MAwGCCqGSIb3DQIIBQAwFAYIKoZIhvcNAwcECO1sfQDcxpkyBIIBaHKe707yztqL +ZqMI2BkJdLhNUeysatW7IP9WLN4+kM9IGx8d3jVthFK28kmQv2yHjFqbuTYnJJz+ +7sskqfbv+xO+LmSlppeD2XaolcoCCu0ic/JmE++CORaR/cswkjZD6dDaB3saZO/T +gKleto54fMnMNUAF43aIKZGr1xOv6utMqWXULCIMkk1RtqRv5l/bTavFnnoHfuUW ++eNH+z4yopTuJYMSvYcxcTFaTx+SpoR+Cyp9HJAGmNk4LS3abxIu/QtB3Is1QZpS +tBmizAv+5pmIshWIAsIXbgK3a6VboxzJI1Twt74pPYEv+OJbOtvmDNrM8Anqc6pk +gc+0W9/CZ+gL9Zo0MZFnehnuK2EwpPmzHrRoyCM762wcImyz+5EVVpJrixUGpq8F +wjtw1xOMhyQ3K5j/kQWdLgoR47s9fbkkgSxIggY9JrWA8VY6uqm/AWJKrITFM6hx +75lOxEX6Cw/B4y0V+xZ1rw== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem new file mode 100644 index 000000000..00ef04169 --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBvDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIqmXjSIb59wUCAggA +MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAhqA2qQFwcrBIIBaACt+al/ytm9 +NKroYGO1rExbTYC87yT9N4Q3im7IHTrUXrWxm12t8PHJCpr+2OIrCaTC6bcAMcRI +cJEgsp6MISxZQXkFFt8zauC6cegsBnIngi3lPzpo+66v+jq3F26XXE1E6jWexcev +osngyT8Ng1lddwSeUZ6qmIoajOdliaZKt9zEnNre9uGi1tqjXyAjtMzRNPOdj8qK +6LS8U8bZlhNk/5LQiYdq/s93oA4XvIZaiVmNDnirfqYLWXhpPuk6pinZZIf45bNj +WpHR6nlS6zrfMbu7OsOVMk1dYMS0wyWf4V7c33EUGq3V+UpCwf7lHiXpKHf3VUql +ATJLCH0rVpVtSLQKzu+AtQ5hXWM5L95eDgJH4cHMvUZyH5fXBD0XVwGwF6jl5Bgu +qpiQrk0N4SINtOTUz6cpkCg2i1rT/y1OFtfzlcaU2O73MlEcRSo9X1FFQuKSY978 +XJWKmss54p2ZDZXjI9hKIQ== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem new file mode 100644 index 000000000..5687c7287 --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBvDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIsCQVVRoBSP0CAggA +MAwGCCqGSIb3DQIKBQAwFAYIKoZIhvcNAwcECO8+o1eRBcmTBIIBaDM+16hmyXFa +Nh02rGpKlggDDWc/bcpLnmi0vEyHIG5wpwS8RYiKY7AlJv/soNuGh/62kFJzvJyl +gwhAdqE4Q8u1ECKvIz9VUJkY7etvSP3Pu2lNeE2wVPk6k36RjSib7cwefrawJrTQ +50J9gdxw2vl/vep7nZRPVerqod9Us2x1/M0DMYtcm9iWgNGXKnF1bXE/TzDaWmUG +4Isx49V4CaUSNbdP/Y9wfj1LARi/qZ8sIMQmi7rWFZJOutJ2HBJcvkiAOUWtxGrV +PTPkWsCk8MQ6gzi0RTcotqC3Z8cJm7TQ0kVpytNAGNavuK+VklApSEPwK1RiLL5a +04KuIyO0qf/Yh+e7i1miX9aNcA8U7XrgrgUguccFm+25JPhwvKerEvgbthQtd4DL +09z8ClPcOqarLRzbpswcVppBmfI27TbQC5HS+UjPGa4CSTgOjwFmoFoV8P06E7/J +DB2MLT7THaLfYdv+dewaLA== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem new file mode 100644 index 000000000..e1769fb7d --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBvDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIuyUx21YswXgCAggA +MAwGCCqGSIb3DQILBQAwFAYIKoZIhvcNAwcECHopIpIBxzQyBIIBaKCdLeYJSoYs +0tuuykMqh5YwG3yzsI5RoDHZVkuissmreb6AgFkwoH1PpvvbwY4NkAEZ3CADeeAr +R+CPBI2GZP83/VoJKgk4WZ3518FZPUks4obIE5/AVNjYTJXhfwPCXdf21h6DoAUr +OeSi4U72rsKTmNM/ARa44JJjkgC+77+Ith4+ayeq2h+v4ylRx533AkL8kbzBDVey +pyLENNSnwwZHUpAhV0ZlurXLHc0eNHyn6LzIXig1RawC0uuYKb+CxZrkbtX9R/HO +mTUf7EZrVvJb/G5H9Buhs8gi8Ul/C2LFnCdy2VbBkubnbK70mIyQ4HLY04NGpw+b +6TXHODwrSEwCHNdIyVEuIFW4TkQtWmKAqT2/wupJ8PWo83/mxlTb6NQlhSFFY/Tu +FiPRHi2q4rI3+283NJ/W624esG44u3+OBqHNZe1F7IXbEzM+iGo4osI7CXvvQrfo +PJAUlYc9TtaTQAqdJcVjdA== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem/ecc-encrypted.pem b/tests/pem/ecc-encrypted.pem new file mode 100644 index 000000000..9b6d11754 --- /dev/null +++ b/tests/pem/ecc-encrypted.pem @@ -0,0 +1,13 @@ +-----BEGIN EC PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,AB9C64372F927A0D0C27AFF8808FA408 + +7vsYSX4TxsNKVJ9rdDQ0KJV5fIjv8cmtm0hCfY3dXPaoBy7dnQmtoS1cB2L7/5lg +Qr/COJFKg0PY7y+aB+wK96rFZUvmHSwxjOUbz1/+e4PHbDaSJJCEJpqzS5Clo+nO +q/FKjfXmQ9yANLO0o4QcSRwSjxIuIK5KWG2EXWm9gCsR1tPW9UmSCSFOn02puF6e +HJZnrq7SHvTvuZ3Tbzzyhp7Z7LofSLPaHaCdWrGlY/AlsnUdOywHD3ATCvvjTVqJ +GelaUv12BEJK+B945LmgMkj+BRhKcLXmK5Q2am3ZdvwyZW7E9JcDLPjX08VEfxY3 +aOBv1mysIroniX3UEZmNR/gUnQTSGa9m+ZsQvZYoZsqK0dn9THf70fW6scmBvfR/ +wRnS1fe3WYsjkXAvAq/a/5Ev6go6G0xgKHI+TJMeFxC2v1r2aTlDKw8AcGwUzsll +HIbyabEaVwQviNuH6NHNpw== +-----END EC PRIVATE KEY----- diff --git a/tests/pem/ecc-encrypted.pk8 b/tests/pem/ecc-encrypted.pk8 new file mode 100644 index 000000000..f8c8d2fe8 --- /dev/null +++ b/tests/pem/ecc-encrypted.pk8 @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBzTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIDvEXvzqHE1ICAggA +MAwGCCqGSIb3DQILBQAwHQYJYIZIAWUDBAEqBBCj/pJclOyl8T9QLQ5hST9UBIIB +cAhS99K8b/rp2TaTvSSuwTS1qFcJ0O33zSSIprhVriNdArgQC0sX3XZKe5tyzWSD ++ZJZXJhcnQKRauDGhiF7dJWSgM0MbL90ZgwFyQvwzl1kxfKheaS8Hv/xGDvx+eAU +XwOAddifqcSediLUwtf5SRUmPy12gxcMFN0gY7fvjA0Wb/fDn6UuG0iu+y/msiu/ +S+dW+PbOZBDiQb1u/U+wKTdvQxowlu6zkapxRFRWC1i2S7vBtdK7aLTERUJwdEf/ +RdAMLXQdr5zhKHTjx7nQiPCksbNrpdTQHw/nsrNtE0pPvde3MCNIfvaDgHXyCV8F +Fo/fn97YhaKH8zCfvWhduuY2Bj3M1jBLRxGQZ2cs4hb6Ua3R2GiTD0h5zp9uNXRH +SrECToksdY5jNz1qMV6TA7gAOZ477sZCkJ0WU68B0jUVJKlEYCPzyTVcoy3a1hiF +Lx2H5WbsXSsZGaX+wyUUicYm8J+YnGtVd+FgS5e8Lh4w +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem/ecc.pem b/tests/pem/ecc.pem new file mode 100644 index 000000000..2cfd6c0d7 --- /dev/null +++ b/tests/pem/ecc.pem @@ -0,0 +1,10 @@ +-----BEGIN EC PRIVATE KEY----- +MIIBUQIBAQQgDPGtLwP3kRu6A88jN8jy9zbOZfGELX2fX54h2V5JvSOggeMwgeAC +AQEwLAYHKoZIzj0BAQIhAP////////////////////////////////////7///wv +MEQEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAABwRBBHm+Zn753LusVaBilc6HCwcCm/zbLc4o +2VnygVsW+BeYSDradyajxGVdpPv8DhEIqP0XtEimhVQZnEfQj/sQ1LgCIQD///// +///////////////+uq7c5q9IoDu/0l6M0DZBQQIBAaFEA0IABCr5C9q+cWae0c8S +0CSvurZ/+5YnPi+9HtX5jWxzncUWkb2yuRtAEFq3bG4yW/djYpQkJNvsP4vlbktk +NzEkeU0= +-----END EC PRIVATE KEY----- diff --git a/tests/pem/ecc.pk8 b/tests/pem/ecc.pk8 new file mode 100644 index 000000000..bb72e1b8c --- /dev/null +++ b/tests/pem/ecc.pk8 @@ -0,0 +1,10 @@ +-----BEGIN PRIVATE KEY----- +MIIBYQIBADCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEA//////////// +/////////////////////////v///C8wRAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBEEE +eb5mfvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5hIOtp3JqPEZV2k+/wOEQio +/Re0SKaFVBmcR9CP+xDUuAIhAP////////////////////66rtzmr0igO7/SXozQ +NkFBAgEBBG0wawIBAQQgDPGtLwP3kRu6A88jN8jy9zbOZfGELX2fX54h2V5JvSOh +RANCAAQq+QvavnFmntHPEtAkr7q2f/uWJz4vvR7V+Y1sc53FFpG9srkbQBBat2xu +Mlv3Y2KUJCTb7D+L5W5LZDcxJHlN +-----END PRIVATE KEY----- diff --git a/tests/pem/ed25519.pem b/tests/pem/ed25519.pem new file mode 100644 index 000000000..e447080ae --- /dev/null +++ b/tests/pem/ed25519.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC +-----END PRIVATE KEY----- diff --git a/tests/pem/ed25519_attrs.pem b/tests/pem/ed25519_attrs.pem new file mode 100644 index 000000000..84961082a --- /dev/null +++ b/tests/pem/ed25519_attrs.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MHICAQEwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC +oB8wHQYKKoZIhvcNAQkJFDEPDA1DdXJkbGUgQ2hhaXJzgSEAGb9ECWmEzf6FQbrB +Z9w7lshQhqowtrbLDFw4rXAxZuE= +-----END PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-aes128.pem b/tests/pem/rsa-encrypted-aes128.pem new file mode 100644 index 000000000..9fe278b8d --- /dev/null +++ b/tests/pem/rsa-encrypted-aes128.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,E34B30358A82741CC19E7D3B39F262F9 + +gBfy6bd92405991TDo1pT58ZimYUlsz6rXQkaM22TsMzKq56Bw0qz9h4JOJ6huKh +BQlHJ1Wn8m75J2dFPAX/Y1qTNzTufNIZ7iGsJnlagYV1P/ICN2kdDp5Qozz67n+v +N/S8S+42snqrL6Z3PsX31Mz0+bp+AX+IONEDJ+63ggOiMx5/eOh5fGVP/xovCAP8 +E4NYev1mDY/DQpsMhaiSedAU2rwbGZTLdyZbT5Nj8bWOiU8Co9B0MLrnwfjqS9w0 +gpeW2N8bW9WrXySePS5qJIVWs4FwC0OnU0oZ5h2oi1p0j9vJfOBTHOnLXgC/m8oR +tdDxHHUHrhBmLvMHnb5ZxMSGqYAB5CHt8TvGSYe+wUNdEV0bwWsgwDQp1DR9UKij +HKpMbemWzwueOeXvgwmziHOzxureE4vAEEv+rakxhbagkWpizyM1IxjxPa3A0ohY +THF/dq9PmDtyTtAKYcttRlqhPTOUIWHUu6rxqYpuXY8edqzALoC1dUI/WVJuMesf +JVcX4gL0FxtN/Cyd2j01AfrC5rBQuEwq2l5IEfdGKv1rsWH3lGpI+yv+l6yLrYT9 +Hfooeb1ZKx7kf3J4Yy7LObaMuCjPaYFGeAAwVP5OL/cSRwJsAgvpTmwM9k23+AAP +WS616Cl6FpKTFbJSDNrqfEAo4ghsbbrmuG/EzhqFNzYhCsX2GKRqp5Om5TBV+pSe +svP6HF2sh1bypDlFv6V+grUIU6FHHS8v+/XeO502VDMdMonuV3G9kiFvL7pXGZ3Z +iNFkdAUegliKvbkFg5DyHMYnAmYrj90BYaLQBPCVjFR8waxHLr/eFFaKTlvKT/T+ +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-aes192.pem b/tests/pem/rsa-encrypted-aes192.pem new file mode 100644 index 000000000..5c157b685 --- /dev/null +++ b/tests/pem/rsa-encrypted-aes192.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CBC,84225A437AB98BED8FB41AA30CEEF69C + +phaXiTpHZdPh9nB147D+IBIuWRLYueXgy1eqX1hFC/xskCRGQxwmhWhppGp6Evcu +PA9DywqHHrYPl5fZsSXjOpj3H1JU/4oP/q48Yz6832YxRZHblAZgVEvK+OqPFq1y +FVnL8JMXLZ7GNAvl9JNBfmL4kYJY1CwcLeplPXDfrAdrDt/974/jNB85qsyqVsQu +QNdLj3BRLJYWWv2MUIlfP2+Wef5pA4w+Aurv5evxcRZYSsqUhHwrBjfrXMumzjAi +7VHh71TyFJBbN/qiiBqaCLyG301HqUBdcpstlZ6GUU+dIg/QR+QrY2T5rRwmbp1T +RA96OSsXypEDz/35XMrcnFV7PyO1q+GueXTxnNH/a5SNKohaElxyn7suJ5nuoh/W +euUNeNFk6caq2wkCS7Ew5vvNqYbh6npKdrz1JzfsyjpwYkPdE0VXxEe5/Pcqhjpc +tKZ5Ej+nNYSCIDrmGd8PteoUWby3oeyS/K+8OofKu0nKexdJ69iY7bcMCu+WuM/K +flXCgQU1d2ClY6x7zFRjPjgI6NCiBlZ7ndx5NT5BLJfWA3VZRwMZsSYx04kUH+wJ +vkaBKUGpBQIvR5cNvPberc5Ckl4CdiFCGSGhREF6M+8sB9KzdVebrBX3ht/lE05v +m+4ekGz3O8tFFKEEnVHwdQw5aXGFc9TgS0gj6CVMl21lWHPKXAoaY0g0TRjc/rgE +c4US5mRzyE87juEX0dOhx2CcJ6q1/CWXIUV2CKFS/9ugOy9eaA0KdaC1r2Jec1bA +yxbM0eNXyckHhh062i+8sHLkWkRN34MPGp4p3Y8YT/iqPatKrcLOODm8NeJD69M8 +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-aes256.pem b/tests/pem/rsa-encrypted-aes256.pem new file mode 100644 index 000000000..6a7cd289c --- /dev/null +++ b/tests/pem/rsa-encrypted-aes256.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,D3DD9599A74A0A204325A4FC0104274E + +Cl//jk2w+X7KMvEoqvXlyz2n3DHqx1UKSHmK8ab+Gx5CRlbTeOkYseN75wx2Y3/B +WiJTFuKBFSjK9o0ts8Li3xQUnCP1huXq6pY8CIcEo7V7ZKe/7rWPwPtLflaPsSoz +4paXwqeUB61gS3qw6bxof3WFKN59lU+Xk0HsDOp/SK55ceA0j7vtOFm+pq+cqEwl +wy3ZGUJUDCZgYOuTNTfvDqoRK2OuH77fbQu27ck3eKUC5LZiDCQ+Aqm9k12gcCdF +tqqLZdZyQWJK/rpqY2rHZkLTkhou//Cs/15l3GLDO5P670aVEJb6vVNVJd5msu6b +JGWDb31McTwj7m3NsK2OSPVfhGuA+Hx24/ul7o615Bei4AsN3yAcm1bQeRKHyQoA +9LBZgyznt3NhEQ5RoXCR37HjwQheOoDcwgVh8uSJnKaD1dUMlIJYjW32kMbj6fxF +kAMm6JT4FU52jnpsar0+ADqrLst33IkXfiPWzHoUsh9hnTzDwqOR1oEbxAnBABkz +zkZPH818ENHsg6c/S2z9ZXyLxjqd+kh53cL36NiTZkCSJOfwuKWC9gnXsXgmpcV5 +BaOozzYLtW6OMsPWrledD5uV5EGBitLiNKBB4h22/AR5Br9Eo0csEJHkEfjd4hAh +J2iXj26j0QmsLJV2KNgi1q/b99r6vqQVuFEUVhBprrt+vMVRlTAs1gkPMhZHwC5Y +CP3w+d174aIURUeOqmTmlefP3ek74kKz+eUw5/KBq0yD2gWguuW7BzTF+GcP87Gs +nBoeIbAF+diy95F7y1zXLlYr6U+xMaizpDtYChDehUXd7Hd85AqjRNHDD3a09m8t +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-camellia128.pem b/tests/pem/rsa-encrypted-camellia128.pem new file mode 100644 index 000000000..f3ecd0474 --- /dev/null +++ b/tests/pem/rsa-encrypted-camellia128.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-128-CBC,0303625F03B4D00BCF0CF7C823F1E665 + +UGZaiZfZe69svZrpTL4oIuPgd6erA5Gmz7Yo8JJAcrmIRyLVaNeL4/FNQsstGyxv +nax0h5X4jLDZrFrbF305wbENCEoDffNzII8Ju/w1lVxpOdkQTJtKUtp2iOdFAMfq +BvmAVgjy2M0W++SluLXmop3fo6S4fxsOkLywKPLHFUZ8JwSg3I5LAMeCepbx2bG6 +NfozsjwVSVc3grs/FKHQlBhuXyUDJNJwXXA4hpBqoLPjBdOrYqjV0MA6D1csIRTu +G/gsmobtp9luWQD+dEtufLXvfxOlLnJCdWWS/lhwxY3Zym6juc917wNQoxgyQq2L ++53kX2VFFLM7g6ES0VTMF6oAbglqKLABJOZk0aSzLh/h6RKzh3WaT0yux9w1JmaL +0faIJDG2ZNroraOtAIDmc3Q4sfk2EcBxOFTRjKT/ypPcwOY2PWMRDAXpfHtAJrRx +H6GQsM+X04wahpQ/aHCtUu1EO6n8zEdej8XUu+Tcz8stO7h2zs7IOi+7NbqqvHYk +V09kX6FgSnUmzsV8DGcemEM2XkSbK6p+/b5EXHbvwkH65zjDNtfjloWgWd9B2nqv +unB3i9h1Kd145a8TsiNE7Z9QI5bIBXN7x/70SoO5/OJjjPczNSHkgsBEkIseyjkU +MuEQ6s9GFAOlw885ieUEJuEwyhVcA9ksCp5SuxVNEScMh3vZ2zK7reYsg8GC1Vx6 +2tw1HUzarDDgp5SWxjIFq14NWySZF3PTrlcmcaZkiepSprFGm3QZ29mXMpoCIpJW +344/5dM2kkRgWoZhJP0d52dX/D9lqYG3nD9vlQbOFKR4DyHW1yeTGFlheqOdwiU+ +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-camellia192.pem b/tests/pem/rsa-encrypted-camellia192.pem new file mode 100644 index 000000000..3f10b3440 --- /dev/null +++ b/tests/pem/rsa-encrypted-camellia192.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-192-CBC,FB1DE964D0983449CAC8D7608D0CFBEC + +bsqay1xsCDMwqFR6vThpD4mDycgkc6pB1W9nMbe81bmYWe04c9jDk44FlhyMEFq/ +fetzGn16A9YFJoX7M+myk2rRv2xhj+UA7+CS/CDHSuh74ZP/Ebj6nKgyzNJUpHqG +4QlUBwWGedkkkRCEV4w5cRMazXsclymENeAbee9s0PKAfso/w7Thvm2ET5Nuu6rq +aOQsk5pVjMtNQN4FFiFa+Qi4u+cmWACvLj2zETg4oL9tzbgwe1BGF6Js+6oqDQx9 +gwk3Gem+902PblqblH/4k7Z8VfuoDj/2vWC5azf4ndEef3sTfDR8X3DGbauUHyYI +gSiI7voaOESlRsWuuSVCH1SrgoNJZFY32wjVGOd7iDYkoybacJNQGRwu9oewd3IG +gAUY5OiEKUHDgc2rsR2ASN1UmAppnUZZbnQ3xNlnoE2N8OEkhykYJTeTC/k4scKx +hcw880ZfgYm1btw+W0UH2NPdNCIttahxUdTWqGBeTznuVDuVCYXX5HgPX1Ufp3D1 +eyJlUhzudJ2xl5z/qBf7ePzc9CgHqpq0nRGfEpS1fgHi2xRBF1JrYJXXAC61712Z +Z6hwjg/22YturTNAOQ719aXZ77Tx8n22A0wrUP3g1nHEICob9zyBum+ncjCRVR0w +ciu1iou7VYfr9B3nS9ECUZY5UmecWG0d+7ELXItZV5bP/wW3tKW54Vh5a22WDeO6 +B1R5MAEXPQ7qBrcNmwr1MEFG2WoucLBEJfHzrkJFIlhwvE8c2AXWZnk0jmPxOlUY +QfxHwWJ4/ufI/FRTwFlYwUohItBAq5j6ve7+StoM3P6qT+bnQcy01xOw3l6o0U6Y +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-camellia256.pem b/tests/pem/rsa-encrypted-camellia256.pem new file mode 100644 index 000000000..c96caca81 --- /dev/null +++ b/tests/pem/rsa-encrypted-camellia256.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-256-CBC,7F40CB6CF02BCE145875EA4A15132B93 + +GyycmUiMdO5AyYLtDy8eoSlcMBrk4vF+VfbPXLa8jz/qqglW25A+dMUw+B8DHox4 +x9t/IWs4Pq2MfNflct07wv6dnszTwVTpyhEOubRd//Q/HPjau5TAmQM7n0as4QHw +dfbCd4laS8siug/KHRPYUqdaiifBOlzpxREQnjYYfXG60KlZYyxIFTp72W9BurIn +BoHznYxQ16ZuID9R0eRgKQZok4If0cLt14z6n3fUw0LZeDEU8RFE5+2GfSgdghR6 +NPlZN7MlaZaVRx8ctFRROt9WXtCfvMSPBz7ua3qymuct76VrjzlYaxhr7nqf0RY9 +Tt2HXZLYzPvnKUA1hwJhbDXw9i0ahJ8lNDDQVEEy8UdiSqtWqjpAbOFuy1HXv86V +mCH4viGdxNqOIe7IMst6jwvnUSDDTFms0fRV9tv+JouKgQ5A/H+VrxKiHm8ZpZRK +yXrMusUMXFQ98u/u0vw1f/dn/dYocNBT0Dgxp3K8mmAuSX3XOupTtDfHJXM4I2Ur +tJfstBPD0Ne54k0aBQnOjeUUrtXvu3xgY4h/c80GvXLHsQv1lTQF3o5AEStUrl9B +KKAqb/E7AMr2a55RYl2rqV4QfL0rvhnTR7Os4ytjwerYmjaC4XvGP3omLWHhNqQJ +jmPnUzyYDKeN1w7nZvNjfrKZvDWW1WT/SJqXqh7tjWdOM/2LRAj3b4W6E5EJBTR5 +8W4REs3K1Hgaw5alVOLRr+tXTF67WTRxbMgmnF+JBmTccLG+Htql78HEPj9Gugf4 +qaOOCrJlSm/Dd2bgFo+FUwY8Plytp/Eh6vHPGrPEyNTfTSd5MKjEHDfhmNmODH42 +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-des.pem b/tests/pem/rsa-encrypted-des.pem new file mode 100644 index 000000000..64817d856 --- /dev/null +++ b/tests/pem/rsa-encrypted-des.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CBC,FF92A06E353260B5 + +hmY/YaeOr8rrGrakUk0/pk5R4aBsrl2EKP+i58ziIKzRI7yVGmTgGIr14ys3oWb3 +9ba6A3hOcQvKfIjI4JxbWQxawOm++Cfcyp+PR7nmIMK1BhKeLynrbuTm7BvPRlHc +APJxWA2OcwbSgnHRqcD4lZxVjX0JrM6w7axrs1/+K0A4NEhWDnWkHd2NHTgtlp9v +Imu8n/atzm5olxb5DFGdyEVR8neASxQ/8gN6jFVG1lcB2DbR+LsS6s3aqrKNMbVU +TKZteJh3Y/WWB1Qxo2Wi7QzjUx6GkFKPLQvLwtJldB218slNfRnlaE3+s/U8WOAL +NRhrLqUij/T0DwJDEywl6DX8uu0Nb1Ge6DD36dp/AZ/M8k5M22Sx8nk1IEEG48cU +TPF5r/WOKy2iSqBx33s9J/H8k65es/YRLv2fASW5mLySApbsKWrX7qgX0yeYa8qC +e2ORyMQNmcgMu+vkyhsRSROCpo03CwZXTugN2h04UdIYhwXgUpcUX4WT+P4L9fAW +pMIan8KRpIv2K4soz20rSCfhspk4tV4oSf165chzBHiw+5bELa3WkfyxowpN6FpD +l6w35mj5y2I4XJoG5OUn5F8P6Z7qw7bB7pevvFch7X1LR/5rjeeXFL2hHPOK0Z3h +kgXez7WcRlv26m8JPM+GfXrbx0qwcF7ApuGa20S3Y6MdMlvEpYzgG7eCNvNdgQqd +MqzVQNLyhVwf41ttAzFbWKJSLffC6Y7kzBRyTnGu3os2joLPWt4i5cc74PEB+Yxt +FY6XZFUeoK4BVVAQ0QRnDxqq9hciGIodiiJZpOiDS3tjxfEgk2wqgg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-des3.pem b/tests/pem/rsa-encrypted-des3.pem new file mode 100644 index 000000000..a48b94b6c --- /dev/null +++ b/tests/pem/rsa-encrypted-des3.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,107EB1F9974CA9E2 + +CKBun5ni3tE7KoHUhY85NnFsxoJqIonLtiDEQRPCNOzFlmxYNqI+hfsnjyQiMB+O +deqihKPEcU4lOFG/pXeMOjgsnqrRSLtpPce/1T0kQBuxjkSGwRDj7Kiyj4UInJTO +8z50k0cclcVveTuta+hsq0CTItu6RCl6kaimjixrYsfNd55ahcR7WjU5DL23DHDe +dJvPxXNcU6Kne0dIGm41uYTloleoe+f5Dvf27421sRlgltfA8M8KfaB5AKUOp/gA +DeQ9lcCwSpCfPavIWdpyW67v3NBoICPlmKUgg2EsxB6+nceHP1OcAAK4Sm083UBB +1uLcF08Yz2lMe7rHMieI8khZyjXI1A42M7wL3Yyl9m2/DvSuE5Xu6qyuEDDqNFbz +GHQ9YECQ6ykf/MQd3CeKUeDlCZ313Nmb6uqehbbpm9Yayr/M9rwpgVilJwyQhELO +gta3RozpQIqx3a8UXgUSXx1xckRdcbYitBGFgh3JpU4iaYyE2jFHkCrzUFt9Q3To +pe2MTutj1K7l1wxUVy47nfK1/3JLI4wiP0QbflZMDBGiCyMPmZpJWEVkCtH3f1QY +tFM+2TGkroQWOU1YaK9liqYtXQ8h5cjqSC273aMU21SK/FOEufpOUeWa8XCdOsNa +MQKfI/fDgmAmQFacy4RE5ICWx0s68qnQotvmdyaLDClVFha5jlAKufnee8T1L5BA +TV7HJci7h0wy8hTqZOiGpmDIG0UJXcD7sK+PeBKvte+wfaMVyM0Kq+j7DWCJRgw8 +xw8HpPDCVevr8tI94JszjiJhhRNuaHw0xiN8MRxf62MDEpw/NM0HFA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted.pem b/tests/pem/rsa-encrypted.pem new file mode 100644 index 000000000..888618c1c --- /dev/null +++ b/tests/pem/rsa-encrypted.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,79A277F758B09D047847C9C5F099B5D0 + +cbGjYcmMEdYJC76SMAi5cbiJ17tcR+swnKBKJ6Wz8TEUiG2WjhkzPcAiobJQMwNT +r47uhzyOD9SkhuXkMwB+EXaB8JSBOhqeLE5zmxQOedba5HHWUBGBHNa7FafgV+/H +RpLjaAsDkXTnmBTBbLpQmMP3zJRG2e8+G7/WFakzd0QcQcy4zWNH3WtBc207Oeup +WN8P2XA7KQkHnCdojfLD4JNJTosa+o9HphSRdRtTrzCCR6WMH3iUovnQCmSARUcm +7JmujGzOx/wuKDiC4HSZWYhOul0OSXrt25G42RJJu4v8bHgsKFeHp2/U2Zpkkd/b +96TtQ7Mo2lsuZzUEmb4kWO+2vVKy+0sPn8G7uOID3FZ8jmQZV4v1ASLGz6Mj2zJe +u0b0+UpSRB8eVwM3BL1oZxe3MSNynFgbPs53Q52zJGX8CFTxDNEPGYYRGFb1B5B8 +Hd6QTilegEbFStWLH2tv1IX/YeLNytd94+wMaqRmDv9huo9lushQ7pT4tMkntzte +vMkboFD/p83T2uHXMVfRthNKBWfLYgpAbwQ5UbfLjTIxZ6Jhr5hakMb2R28IaXj5 +5Ss85suLiY+RWnNCh/313ghuWvFC3Ixx1YVpVKdTIGRK/gLkSzXV8oA00yJm7RoW +WilXcXppWLIODkOn3VFsrQ9lerVWRX4emndP4drW5SnVCnkrlPDmE7joh2Mumjwl +vO0QMq1o8CZoWbxZ20qnqveoEH0Kw8qhsLScxs55LGgqGnf5G0AmVDh4mK6CyY1m +cXoqkJ2IpBmnMGNPKEKeuLGl1kRW7eyP0+xlGG8JtMpA/xRiSn3lRydAlCkxAZRq +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted.pk8 b/tests/pem/rsa-encrypted.pk8 new file mode 100644 index 000000000..c773664f2 --- /dev/null +++ b/tests/pem/rsa-encrypted.pk8 @@ -0,0 +1,18 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIC3TBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIzkqhs+PNHcUCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBBjfvDZNKdgUMcoi06nycWNBIIC +gCh5mBr0KtjS8A0X8pXZ3A2fFo33RNLmkASq3l4o+OyZx8o/LHqLV0EqYI3ovV/r +A6Z4Y6aPJwAmyRULc8us4E8pZLc5I8rSu9rlGnmSz1JDlFKy8xdo5+0oVE1uRmWe +NBhWjCUp1wu/tOavM59rVSXXV/HOe4K350ANkZgJTqUsuud4YabhlIwu6umi3Fam ++jjZtGu5K2t8HHKLTYANDHYiW5a+YnZ66sFw+Ny9K3oEBCMTc/flxZnraihg5NwP +bmqgH4y2FCpRIsTknmPnOXwTHgdjbNT3si5Ja38ztU5QnmITPk8RDApeihbMyfln +UhWvOTXOGF85msA5uAa5QHrtokFpIpyOzDZh/OTznAz2Pe7w6D0AbJU19ozGyHwR +IKg4qyG1dzLz8YhBtscei8yoWjhIFsRpjd87mEEs6dEomFGndkDse7IZvyjFG5Yy +iVejSKXv9n2aJy8GhWrIO2ucyQ0wRZ93WwCTO3p4//nqXB/BlImZBE3moUxKdT/2 +UYT9uhk5ZUOlWur77Q3wO6IM9KcEcgxSkFwTuh7cpawM4qG5HTzob/3OAr0gYx/2 +0UbhcTtRgavYXNaEVrgNc+fXc3iAt1w80E6oblUPSkg9fyorrbQb6IbEesLLjIi9 +7Tnvv25p8Rdq2i5dmCUtUmiYLYm9E3lO/HKOpMtvRT3srv7+L6GiyuzQ4j4oSLr/ +9ktc+vLJ7eSZ8i3KUJDPwNhU+HRsTVmAIs2dOQiHGBfpEoHgUMxT448LrmV2OYMr +NPYCZKHDIocBYgR4K6WXi48Ta3D7P+Y+qB2oiRyyEC0AZKfUHVKM6xF1SehV7HWV +VUpdx4blblYjMEmdY3BRG+Y= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem/rsa.pem b/tests/pem/rsa.pem new file mode 100644 index 000000000..e4996c35c --- /dev/null +++ b/tests/pem/rsa.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDPmt5kitrIMyCp14MxGVSymoWnobd1M7aprIQks97bfYUtlmXl +P3KVJJ8oaMpP20QcPmASit0mpev/C17UiDhJKm5bvxI3R70Fa7zb8+7kEY5BaHxh +E9dCyIC+No/cCItPrKTidgzJY2xJWJPtzKrcJTsKYD+LVDrDTTHnlKRE/QIDAQAB +AoGBAMhiuereRFMdVpfZl54azzAeCohFhikwo02fYWVz4NaHj7bzBqOC3Hys/pso +mq79+/4vDtiXBOO7H9HsDbqjSX9HrIpEBH6GtzlCP60etw6lUfRAYx79veqfQZ+o +kB1vClqVExENgK9fZJiKLHhoZbAri6JTh8rxZASr8nvbg8iBAkEA975eI8MyP7+L +jjru/PzL5ffxC7xCgq7Vej7K99VpP2Qloh+3dXUFkkLruPHzCgXjlNFVeDWgNqCb +fJKEbN3cTQJBANaGDoVCCwQIhCFg8A4NiP0eNhBlTx5TtAhygFw/WWYX5pjy6Wx6 +Bkysdj3tjKHOrRu9tH0ovOMOOI2Z2AW1o3ECQG3rwy0u8F6kiDEFKQCK0ZUpm4PP +ddsx43on3jp0MAx2TNRQKkAtOdmZY6ldgK5TypQ/BSMe+AUE4bg18hezoIkCQQCr +kIj6YAgpUJpDi6BQzNha/pdkY3F0IqMgAlrP68YWlVTRy6uNGsYA+giSnHHVUlI1 +lnFLi5IM0Om/rWMLpemxAkEA3MwnyOTcYkjVm6/1q2D2If1T4rddCckaoQSp/GEs +XQRYOlo58UohVmf9zCCjj3gYWnk9Lo5+hgrmqDPBBBdKnw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa.pk8 b/tests/pem/rsa.pk8 new file mode 100644 index 000000000..20747bd96 --- /dev/null +++ b/tests/pem/rsa.pk8 @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAM+a3mSK2sgzIKnX +gzEZVLKahaeht3UztqmshCSz3tt9hS2WZeU/cpUknyhoyk/bRBw+YBKK3Sal6/8L +XtSIOEkqblu/EjdHvQVrvNvz7uQRjkFofGET10LIgL42j9wIi0+spOJ2DMljbElY +k+3MqtwlOwpgP4tUOsNNMeeUpET9AgMBAAECgYEAyGK56t5EUx1Wl9mXnhrPMB4K +iEWGKTCjTZ9hZXPg1oePtvMGo4LcfKz+myiarv37/i8O2JcE47sf0ewNuqNJf0es +ikQEfoa3OUI/rR63DqVR9EBjHv296p9Bn6iQHW8KWpUTEQ2Ar19kmIoseGhlsCuL +olOHyvFkBKvye9uDyIECQQD3vl4jwzI/v4uOOu78/Mvl9/ELvEKCrtV6Psr31Wk/ +ZCWiH7d1dQWSQuu48fMKBeOU0VV4NaA2oJt8koRs3dxNAkEA1oYOhUILBAiEIWDw +Dg2I/R42EGVPHlO0CHKAXD9ZZhfmmPLpbHoGTKx2Pe2Moc6tG720fSi84w44jZnY +BbWjcQJAbevDLS7wXqSIMQUpAIrRlSmbg8912zHjeifeOnQwDHZM1FAqQC052Zlj +qV2ArlPKlD8FIx74BQThuDXyF7OgiQJBAKuQiPpgCClQmkOLoFDM2Fr+l2RjcXQi +oyACWs/rxhaVVNHLq40axgD6CJKccdVSUjWWcUuLkgzQ6b+tYwul6bECQQDczCfI +5NxiSNWbr/WrYPYh/VPit10JyRqhBKn8YSxdBFg6WjnxSiFWZ/3MIKOPeBhaeT0u +jn6GCuaoM8EEF0qf +-----END PRIVATE KEY----- diff --git a/tests/pem/x25519-encrypted.pk8 b/tests/pem/x25519-encrypted.pk8 new file mode 100644 index 000000000..29ea91d0c --- /dev/null +++ b/tests/pem/x25519-encrypted.pk8 @@ -0,0 +1,6 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIGbMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAjemFQzTzUb/QICCAAw +DAYIKoZIhvcNAgkFADAdBglghkgBZQMEAQIEEPhFOISMQdpDb6MkjW9pEkQEQP4C +Du/QGJw0fzI07h36dP6wSFeWj4Po0LD0AIcYpD8gsggm9H7huFuVv4MsXLFJWfZX +D4yrLu8Y1KC2Dc8kkZ4= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem_test.c b/tests/pem_test.c new file mode 100644 index 000000000..3c7837141 --- /dev/null +++ b/tests/pem_test.c @@ -0,0 +1,55 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include + +#if defined(LTC_PEM) && defined(LTC_TEST_READDIR) && !defined(LTC_EASY) + +static int password_get(void **p, unsigned long *l, void *u) +{ + LTC_UNUSED_PARAM(u); + *p = strdup("secret"); + *l = 6; + return 0; +} + +static int s_pem_decode_filehandle(const void *in, unsigned long inlen, void *key) +{ + password_ctx pw_ctx; + pw_ctx.callback = password_get; + return pem_decode(in, inlen, key, &pw_ctx); +} + +static void s_pem_free_key(ltc_pka_key *key) +{ + switch (key->id) { + case LTC_PKA_RSA: + rsa_free(&key->u.rsa); + break; + case LTC_PKA_EC: + ecc_free(&key->u.ecc); + break; + default: + break; + } +} + +int pem_test(void) +{ + ltc_pka_key key; + + if (ltc_mp.name == NULL) return CRYPT_NOP; + + DO(test_process_dir("tests/pem", &key, s_pem_decode_filehandle, (dir_cleanup_cb)s_pem_free_key, "pem_test")); + DO(test_process_dir("tests/pem-ecc-pkcs8", &key, s_pem_decode_filehandle, (dir_cleanup_cb)s_pem_free_key, "pem_test+ecc")); + + return 0; +} + +#else + +int pem_test(void) +{ + return CRYPT_NOP; +} + +#endif diff --git a/tests/test.c b/tests/test.c index 22848a968..264fdda9c 100644 --- a/tests/test.c +++ b/tests/test.c @@ -36,6 +36,7 @@ static const test_function test_functions[] = LTC_TEST_FN(x25519_test), LTC_TEST_FN(file_test), LTC_TEST_FN(multi_test), + LTC_TEST_FN(pem_test), /* keep the prng_test always at the end as * it has to be handled specially when * testing with LTC_PTHREAD enabled diff --git a/tests/tomcrypt_test.h b/tests/tomcrypt_test.h index 263c4e626..8d9b84710 100644 --- a/tests/tomcrypt_test.h +++ b/tests/tomcrypt_test.h @@ -35,6 +35,7 @@ int base32_test(void); int base16_test(void); int file_test(void); int multi_test(void); +int pem_test(void); int prng_test(void); int mpi_test(void); int padding_test(void); From 9f887cde997a09a206d74b2c3a4ea04cf9f7dc32 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Fri, 14 Jan 2022 14:55:23 +0100 Subject: [PATCH 16/33] add `dsa_import_pkcs8()` Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_pk.h | 3 ++ src/headers/tomcrypt_private.h | 4 ++ src/pk/dsa/dsa_generate_pqg.c | 9 +--- src/pk/dsa/dsa_import.c | 70 ++++++++++++------------ src/pk/dsa/dsa_import_pkcs8.c | 88 +++++++++++++++++++++++++++++++ src/pk/dsa/dsa_init.c | 22 ++++++++ src/pk/dsa/dsa_set.c | 5 +- src/pk/dsa/dsa_set_pqg_dsaparam.c | 3 +- src/pk/dsa/dsa_verify_key.c | 23 ++++++-- 9 files changed, 173 insertions(+), 54 deletions(-) create mode 100644 src/pk/dsa/dsa_import_pkcs8.c create mode 100644 src/pk/dsa/dsa_init.c diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index c0ead7c2c..2493561ad 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -483,6 +483,9 @@ int dsa_decrypt_key(const unsigned char *in, unsigned long inlen, const dsa_key *key); int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key); +int dsa_import_pkcs8(const unsigned char *in, unsigned long inlen, + const password_ctx *pw_ctx, + dsa_key *key); int dsa_export(unsigned char *out, unsigned long *outlen, int type, const dsa_key *key); int dsa_verify_key(const dsa_key *key, int *stat); int dsa_shared_secret(void *private_key, void *base, diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 082461f56..4848dff51 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -432,9 +432,13 @@ int ltc_ecc_map(ecc_point *P, void *modulus, void *mp); #endif /* LTC_MECC */ #ifdef LTC_MDSA +int dsa_int_init(dsa_key *key); +int dsa_int_validate(const dsa_key *key, int *stat); int dsa_int_validate_xy(const dsa_key *key, int *stat); int dsa_int_validate_pqg(const dsa_key *key, int *stat); int dsa_int_validate_primes(const dsa_key *key, int *stat); +int dsa_import_pkcs1(const unsigned char *in, unsigned long inlen, dsa_key *key); +int dsa_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, dsa_key *key); #endif /* LTC_MDSA */ diff --git a/src/pk/dsa/dsa_generate_pqg.c b/src/pk/dsa/dsa_generate_pqg.c index 22f4852b6..d607782fa 100644 --- a/src/pk/dsa/dsa_generate_pqg.c +++ b/src/pk/dsa/dsa_generate_pqg.c @@ -209,13 +209,8 @@ int dsa_generate_pqg(prng_state *prng, int wprng, int group_size, int modulus_si { int err; - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - /* init mp_ints */ - if ((err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, LTC_NULL)) != CRYPT_OK) { - return err; - } + /* init key */ + if ((err = dsa_int_init(key)) != CRYPT_OK) return err; /* generate params */ err = s_dsa_make_params(prng, wprng, group_size, modulus_size, key->p, key->q, key->g); if (err != CRYPT_OK) { diff --git a/src/pk/dsa/dsa_import.c b/src/pk/dsa/dsa_import.c index b5660d398..71619a556 100644 --- a/src/pk/dsa/dsa_import.c +++ b/src/pk/dsa/dsa_import.c @@ -9,6 +9,25 @@ #ifdef LTC_MDSA +int dsa_import_pkcs1(const unsigned char *in, unsigned long inlen, dsa_key *key) +{ + int err; + unsigned long zero = 0; + /* get key type */ + if ((err = der_decode_sequence_multi(in, inlen, + LTC_ASN1_SHORT_INTEGER, 1UL, &zero, + LTC_ASN1_INTEGER, 1UL, key->p, + LTC_ASN1_INTEGER, 1UL, key->q, + LTC_ASN1_INTEGER, 1UL, key->g, + LTC_ASN1_INTEGER, 1UL, key->y, + LTC_ASN1_INTEGER, 1UL, key->x, + LTC_ASN1_EOL, 0UL, NULL)) == CRYPT_OK) { + + key->type = PK_PRIVATE; + } + return err; +} + /** Import a DSA key @param in The binary packet to import from @@ -19,18 +38,13 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key) { int err, stat; - unsigned long zero = 0, len; unsigned char* tmpbuf = NULL; unsigned char flags[1]; LTC_ARGCHK(in != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); /* init key */ - if (mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, LTC_NULL) != CRYPT_OK) { - return CRYPT_MEM; - } + if ((err = dsa_int_init(key)) != CRYPT_OK) return err; /* try to match the old libtomcrypt format */ err = der_decode_sequence_multi(in, inlen, LTC_ASN1_BIT_STRING, 1UL, flags, @@ -71,62 +85,44 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key) goto LBL_ERR; } } - /* get key type */ - if (der_decode_sequence_multi(in, inlen, - LTC_ASN1_SHORT_INTEGER, 1UL, &zero, - LTC_ASN1_INTEGER, 1UL, key->p, - LTC_ASN1_INTEGER, 1UL, key->q, - LTC_ASN1_INTEGER, 1UL, key->g, - LTC_ASN1_INTEGER, 1UL, key->y, - LTC_ASN1_INTEGER, 1UL, key->x, - LTC_ASN1_EOL, 0UL, NULL) == CRYPT_OK) { - key->type = PK_PRIVATE; - } else { /* public */ + if (dsa_import_pkcs1(in, inlen, key) != CRYPT_OK) { ltc_asn1_list params[3]; - unsigned long tmpbuf_len = inlen; + unsigned long tmpbuf_len = inlen, len; LTC_SET_ASN1(params, 0, LTC_ASN1_INTEGER, key->p, 1UL); LTC_SET_ASN1(params, 1, LTC_ASN1_INTEGER, key->q, 1UL); LTC_SET_ASN1(params, 2, LTC_ASN1_INTEGER, key->g, 1UL); + len = 3; tmpbuf = XCALLOC(1, tmpbuf_len); if (tmpbuf == NULL) { - err = CRYPT_MEM; - goto LBL_ERR; + return CRYPT_MEM; } - len = 3; - err = x509_decode_subject_public_key_info(in, inlen, LTC_OID_DSA, - tmpbuf, &tmpbuf_len, - LTC_ASN1_SEQUENCE, params, &len); + err = x509_decode_subject_public_key_info(in, inlen, + LTC_OID_DSA, tmpbuf, &tmpbuf_len, + LTC_ASN1_SEQUENCE, params, &len); if (err != CRYPT_OK) { XFREE(tmpbuf); goto LBL_ERR; } - if ((err=der_decode_integer(tmpbuf, tmpbuf_len, key->y)) != CRYPT_OK) { + if ((err = der_decode_integer(tmpbuf, tmpbuf_len, key->y)) != CRYPT_OK) { XFREE(tmpbuf); goto LBL_ERR; } - XFREE(tmpbuf); key->type = PK_PUBLIC; + XFREE(tmpbuf); } LBL_OK: key->qord = mp_unsigned_bin_size(key->q); - /* quick p, q, g validation, without primality testing */ - if ((err = dsa_int_validate_pqg(key, &stat)) != CRYPT_OK) { - goto LBL_ERR; - } - if (stat == 0) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - /* validate x, y */ - if ((err = dsa_int_validate_xy(key, &stat)) != CRYPT_OK) { + /* quick p, q, g validation, without primality testing + * + x, y validation */ + if ((err = dsa_int_validate(key, &stat)) != CRYPT_OK) { goto LBL_ERR; } if (stat == 0) { @@ -134,7 +130,7 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key) goto LBL_ERR; } - return CRYPT_OK; + return CRYPT_OK; LBL_ERR: dsa_free(key); return err; diff --git a/src/pk/dsa/dsa_import_pkcs8.c b/src/pk/dsa/dsa_import_pkcs8.c new file mode 100644 index 000000000..f8a592a65 --- /dev/null +++ b/src/pk/dsa/dsa_import_pkcs8.c @@ -0,0 +1,88 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + +/** + @file dsa_import_pkcs8.c + Import a PKCS DSA key +*/ + +#ifdef LTC_MDSA + +int dsa_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, dsa_key *key) +{ + int err, stat; + + LTC_UNUSED_PARAM(alg_id); + + if (!alg_id->child + || !LTC_ASN1_IS_TYPE(alg_id->child->next, LTC_ASN1_SEQUENCE) + || !LTC_ASN1_IS_TYPE(priv_key, LTC_ASN1_OCTET_STRING)) { + return CRYPT_INVALID_PACKET; + } + if ((err = dsa_set_pqg_dsaparam(alg_id->child->next->data, alg_id->child->next->size, key)) != CRYPT_OK) { + return err; + } + if ((err = der_decode_integer(priv_key->data, priv_key->size, key->x)) != CRYPT_OK) { + goto LBL_ERR; + } + if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* quick p, q, g validation, without primality testing + * + x, y validation */ + if ((err = dsa_int_validate(key, &stat)) != CRYPT_OK) { + goto LBL_ERR; + } + if (stat == 0) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + + key->qord = mp_unsigned_bin_size(key->q); + key->type = PK_PRIVATE; + + return err; +LBL_ERR: + dsa_free(key); + return err; +} +/** + Import an RSAPrivateKey in PKCS#8 format + @param in The packet to import from + @param inlen It's length (octets) + @param pw_ctx The password context when decrypting the private key + @param key [out] Destination for newly imported key + @return CRYPT_OK if successful, upon error allocated memory is freed +*/ +int dsa_import_pkcs8(const unsigned char *in, unsigned long inlen, + const password_ctx *pw_ctx, + dsa_key *key) +{ + int err; + ltc_asn1_list *l = NULL; + ltc_asn1_list *alg_id, *priv_key; + enum ltc_oid_id pka; + + LTC_ARGCHK(in != NULL); + + if ((err = pkcs8_decode_flexi(in, inlen, pw_ctx, &l)) != CRYPT_OK) { + return err; + } + if ((err = pkcs8_get_children(l, &pka, &alg_id, &priv_key)) != CRYPT_OK) { + goto LBL_DER_FREE; + } + if (pka != LTC_OID_DSA) { + err = CRYPT_INVALID_PACKET; + goto LBL_DER_FREE; + } + + err = dsa_import_pkcs8_asn1(alg_id, priv_key, key); + +LBL_DER_FREE: + der_free_sequence_flexi(l); + return err; +} + +#endif /* LTC_MRSA */ diff --git a/src/pk/dsa/dsa_init.c b/src/pk/dsa/dsa_init.c new file mode 100644 index 000000000..e7952845e --- /dev/null +++ b/src/pk/dsa/dsa_init.c @@ -0,0 +1,22 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + + +#ifdef LTC_MDSA + +/** + Init DSA key + @param key [out] the key to init + @return CRYPT_OK if successful. +*/ +int dsa_int_init(dsa_key *key) +{ + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + + /* init key */ + return mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, LTC_NULL); +} + +#endif diff --git a/src/pk/dsa/dsa_set.c b/src/pk/dsa/dsa_set.c index 82b603330..af7fcaa70 100644 --- a/src/pk/dsa/dsa_set.c +++ b/src/pk/dsa/dsa_set.c @@ -26,12 +26,9 @@ int dsa_set_pqg(const unsigned char *p, unsigned long plen, LTC_ARGCHK(p != NULL); LTC_ARGCHK(q != NULL); LTC_ARGCHK(g != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); /* init key */ - err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, LTC_NULL); - if (err != CRYPT_OK) return err; + if ((err = dsa_int_init(key)) != CRYPT_OK) return err; if ((err = mp_read_unsigned_bin(key->p, (unsigned char *)p , plen)) != CRYPT_OK) { goto LBL_ERR; } if ((err = mp_read_unsigned_bin(key->g, (unsigned char *)g , glen)) != CRYPT_OK) { goto LBL_ERR; } diff --git a/src/pk/dsa/dsa_set_pqg_dsaparam.c b/src/pk/dsa/dsa_set_pqg_dsaparam.c index 97c71f10c..f269c4bb8 100644 --- a/src/pk/dsa/dsa_set_pqg_dsaparam.c +++ b/src/pk/dsa/dsa_set_pqg_dsaparam.c @@ -25,8 +25,7 @@ int dsa_set_pqg_dsaparam(const unsigned char *dsaparam, unsigned long dsaparamle LTC_ARGCHK(ltc_mp.name != NULL); /* init key */ - err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, LTC_NULL); - if (err != CRYPT_OK) return err; + if ((err = dsa_int_init(key)) != CRYPT_OK) return err; if ((err = der_decode_sequence_multi(dsaparam, dsaparamlen, LTC_ASN1_INTEGER, 1UL, key->p, diff --git a/src/pk/dsa/dsa_verify_key.c b/src/pk/dsa/dsa_verify_key.c index 50d566aec..ccf7c6a34 100644 --- a/src/pk/dsa/dsa_verify_key.c +++ b/src/pk/dsa/dsa_verify_key.c @@ -27,10 +27,7 @@ int dsa_verify_key(const dsa_key *key, int *stat) err = dsa_int_validate_primes(key, stat); if (err != CRYPT_OK || *stat == 0) return err; - err = dsa_int_validate_pqg(key, stat); - if (err != CRYPT_OK || *stat == 0) return err; - - return dsa_int_validate_xy(key, stat); + return dsa_int_validate(key, stat); } /** @@ -186,4 +183,22 @@ int dsa_int_validate_xy(const dsa_key *key, int *stat) return err; } +/** + Validation of DSA params (p, q, g) and DSA key (x and y) + + @param key The key to validate + @param stat [out] Result of test, 1==valid, 0==invalid + @return CRYPT_OK if successful +*/ +int dsa_int_validate(const dsa_key *key, int *stat) +{ + int err; + + err = dsa_int_validate_pqg(key, stat); + if (err != CRYPT_OK || *stat == 0) return err; + + return dsa_int_validate_xy(key, stat); + +} + #endif From f1f46973ee0cb52ef6b7c408264fc2c0a3b98354 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Fri, 14 Jan 2022 22:59:07 +0100 Subject: [PATCH 17/33] add DSA support to PEM decoder Signed-off-by: Steffen Jaeckel --- src/misc/pem/pem_decode.c | 8 ++++++++ tests/pem/dsa-encrypted.pem | 15 +++++++++++++++ tests/pem/dsa-encrypted.pk8 | 12 ++++++++++++ tests/pem/dsa.pem | 12 ++++++++++++ tests/pem/dsa.pk8 | 9 +++++++++ 5 files changed, 56 insertions(+) create mode 100644 tests/pem/dsa-encrypted.pem create mode 100644 tests/pem/dsa-encrypted.pk8 create mode 100644 tests/pem/dsa.pem create mode 100644 tests/pem/dsa.pk8 diff --git a/src/misc/pem/pem_decode.c b/src/misc/pem/pem_decode.c index 9520baead..cc6a35eb8 100644 --- a/src/misc/pem/pem_decode.c +++ b/src/misc/pem/pem_decode.c @@ -336,6 +336,10 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) goto cleanup; } switch (pka) { + case LTC_OID_DSA: + err = dsa_import_pkcs8_asn1(alg_id, priv_key, &k->u.dsa); + k->id = LTC_PKA_DSA; + break; case LTC_OID_RSA: err = rsa_import_pkcs8_asn1(alg_id, priv_key, &k->u.rsa); k->id = LTC_PKA_RSA; @@ -371,6 +375,10 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) } } switch (hdr.id->pka) { + case LTC_OID_DSA: + err = dsa_import(pem, l, &k->u.dsa); + k->id = LTC_PKA_DSA; + break; case LTC_OID_RSA: err = rsa_import(pem, l, &k->u.rsa); k->id = LTC_PKA_RSA; diff --git a/tests/pem/dsa-encrypted.pem b/tests/pem/dsa-encrypted.pem new file mode 100644 index 000000000..f969cf395 --- /dev/null +++ b/tests/pem/dsa-encrypted.pem @@ -0,0 +1,15 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,B2C493F67D2CD758E063D3F1CDB32CF1 + +RA0nxX4tNhRbTvuHOelQ7XftpZuAA0tb8htZykyIjlNnGVunWQi98pGSTMhGvbxE +qAD3HJMiVKYh8zcIiQs0stGd0ZwbTSX+U17eWYQuGGcDj0I4G9MW2A+jbi7qhaQV +Nv8J6KWxvdTPXxGZojePtwUF+b1YJ4aDBrdCtS4aRTmFy/mL8J5UXmP7agg+x1o3 +3BSXedVqhB/JTWiojk4XRnf+PiPRsQ9gZkbeI2d5IN+I3QEO06UQSJASxH0o58Oi +NrTTS7BZkrRCpC7ljFcMS/lRV0sSZ8kfY77/vuK/R87F7snIvSda6SgvWwQxqV/A +rd+Y2xlu7+2taIsCYm8fgHg+PpXUOe/PwfILp7JqP6PwTBAgXIr5i4xUhes1RNXI +zyytK5b2i5WoY7rb20duzm3lwLAf51hBJ87/T9AWar+j/+8VNw0OAv64Q+1G6SZ8 +B6fv3hllr9QVhkGxQgheNOh2yU/ztNGdnstfXFI896r8RC0SoDHdOW8aDu+tjqDZ +oVvGoeZ4ruWHUBV30Qiug5/1je48Pf/BRMHo74I0uK+IlTqU9INiYYO6fCUWU6yP +kulpB6DiO+77d1yWNSyP4g== +-----END DSA PRIVATE KEY----- diff --git a/tests/pem/dsa-encrypted.pk8 b/tests/pem/dsa-encrypted.pk8 new file mode 100644 index 000000000..d58865694 --- /dev/null +++ b/tests/pem/dsa-encrypted.pk8 @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIhl5UM+zVfdsCAggA +MAwGCCqGSIb3DQILBQAwHQYJYIZIAWUDBAEqBBCKg6jOje2Z2PFCPX+F4SLmBIIB +UDhr7k75REqmtbMaTF/cHI/CYCVmIv5TzQPz9qWF1nrKrZ705TIUTtEFiMZ9fArM +nRGUHURbTaCpD+wFVBuYDuoNLcgnxtjKWW7HIykGPY6imkJ3wYGUt7mVGd9uikly +3sLtG1fVfDH79ZqKoaFTxVL89H5HwluOSaYYghenLXxcieTJ23zgsXFYlw+mbNpd +NtYUje4rmgtYJoB28b/7NNhBVEXq0VvyuWW3paRRzkIsZo+6dAPLO45KPHSBpQCa +iRXB4Sikq0og9RJyrw2Nxcwipzs+s61gfEHxjBnn1ZbJSQJ3kmzA4r3QtypTbKDR +ay9VEgvQY3yu3I9yJmTqLKMDAad3zzvotULylUmAIhY1Ejek+Rt9BTseKMOz8nIA +sQgxXr02g2kMAba8HaDU1kaSNV8Tj5Bwrl2DeiKfZfxQcVo2v5TBvYwjHYqljloW +sA== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem/dsa.pem b/tests/pem/dsa.pem new file mode 100644 index 000000000..2f026694c --- /dev/null +++ b/tests/pem/dsa.pem @@ -0,0 +1,12 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBuwIBAAKBgQDFCjdRXKvWGNWicL1Kb2tK+eE5lQ8rmTh9mmTWTLWWetztrKis +xhtlWt7bAGElGhgs7qEHkGJeTRIxkMcDIfoJ57Fz146v2/2/s++t0aEqA23nBpJK +hSr/egFmUx/qxmdBhFrAbO1i+cJiYgWk+kigZuw1yagR/rmBq+6+Mba/zwIVAKpb +1/TlBiQT5Yg1ygDHpjVxYZTFAoGAO5Lk/1kpFQsImVp78q0UQFVvoEf/kJmzRLPU +/EUVBa5nIkOcujcQpYlHN+zM9a6tqLR6Ncudk1zt5rB+lpTEpgx91nCKCU+BSg7C +E/vrFr/qpPRW/3IwBd6KRD++xoUmVdYtHR7bFdqkRYM8F5eYC42H80kNkL2pq2du +h2hyI9wCgYBTFrD7v1mKXlWVwU+sQ7gIU+bPDZIj+rGEWVI5v8vyLTg63ZNSBUl+ +KxLEYXPjb1S9luWnqqlaWKS3Z9LAvcgesToST5jABe85XWq6tws72LeV3XluotKE +c0cDiLRk2bm4T/HJNLv5c2b1fC4R/sMx5gg4WWeB621BJ9cNdK+gNQIVAJk25eTp ++yi+kfUGX+jJNbP12B/F +-----END DSA PRIVATE KEY----- diff --git a/tests/pem/dsa.pk8 b/tests/pem/dsa.pk8 new file mode 100644 index 000000000..cca830cb1 --- /dev/null +++ b/tests/pem/dsa.pk8 @@ -0,0 +1,9 @@ +-----BEGIN PRIVATE KEY----- +MIIBSwIBADCCASsGByqGSM44BAEwggEeAoGBAMUKN1Fcq9YY1aJwvUpva0r54TmV +DyuZOH2aZNZMtZZ63O2sqKzGG2Va3tsAYSUaGCzuoQeQYl5NEjGQxwMh+gnnsXPX +jq/b/b+z763RoSoDbecGkkqFKv96AWZTH+rGZ0GEWsBs7WL5wmJiBaT6SKBm7DXJ +qBH+uYGr7r4xtr/PAhUAqlvX9OUGJBPliDXKAMemNXFhlMUCgYA7kuT/WSkVCwiZ +WnvyrRRAVW+gR/+QmbNEs9T8RRUFrmciQ5y6NxCliUc37Mz1rq2otHo1y52TXO3m +sH6WlMSmDH3WcIoJT4FKDsIT++sWv+qk9Fb/cjAF3opEP77GhSZV1i0dHtsV2qRF +gzwXl5gLjYfzSQ2QvamrZ26HaHIj3AQXAhUAmTbl5On7KL6R9QZf6Mk1s/XYH8U= +-----END PRIVATE KEY----- From 97a106a958e05647c29baeb1b1aa547ac213516a Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sun, 16 Jan 2022 12:39:55 +0100 Subject: [PATCH 18/33] Verify that the imported keys match Signed-off-by: Steffen Jaeckel --- tests/common.h | 15 +++++ tests/dsa_test.c | 25 +++++++-- tests/ecc_test.c | 143 ++++++++++++++++++++++++----------------------- tests/pem_test.c | 68 +++++++++++++++++++++- tests/rsa_test.c | 20 ++++--- 5 files changed, 186 insertions(+), 85 deletions(-) diff --git a/tests/common.h b/tests/common.h index 66c0f95d9..a2ffd0fd0 100644 --- a/tests/common.h +++ b/tests/common.h @@ -6,6 +6,21 @@ #include extern prng_state yarrow_prng; +#if defined(LTC_MDSA) +extern const unsigned char ltc_dsa_private_test_key[]; +extern const unsigned long ltc_dsa_private_test_key_sz; +int dsa_key_cmp(const int should_type, const dsa_key *should, const dsa_key *is); +#endif +#if defined(LTC_MRSA) +extern const unsigned char ltc_rsa_private_test_key[]; +extern const unsigned long ltc_rsa_private_test_key_sz; +int rsa_key_cmp(const int should_type, const rsa_key *should, const rsa_key *is); +#endif +#if defined(LTC_MECC) +extern const unsigned char ltc_ecc_long_pri_test_key[]; +extern const unsigned long ltc_ecc_long_pri_test_key_sz; +int ecc_key_cmp(const int should_type, const ecc_key *should, const ecc_key *is); +#endif #ifdef LTC_VERBOSE #define DO(x) do { fprintf(stderr, "%s:\n", #x); run_cmd((x), __LINE__, __FILE__, #x, NULL); } while (0) diff --git a/tests/dsa_test.c b/tests/dsa_test.c index 6a94a6380..18ade7e6f 100644 --- a/tests/dsa_test.c +++ b/tests/dsa_test.c @@ -5,7 +5,7 @@ #if defined(LTC_MDSA) /* This is the private key from test_dsa.key */ -static const unsigned char openssl_priv_dsa[] = { +const unsigned char ltc_dsa_private_test_key[] = { 0x30, 0x82, 0x01, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xc5, 0x0a, 0x37, 0x51, 0x5c, 0xab, 0xd6, 0x18, 0xd5, 0xa2, 0x70, 0xbd, 0x4a, 0x6f, 0x6b, 0x4a, 0xf9, 0xe1, 0x39, 0x95, 0x0f, 0x2b, 0x99, 0x38, 0x7d, @@ -45,6 +45,7 @@ static const unsigned char openssl_priv_dsa[] = { 0xfb, 0x28, 0xbe, 0x91, 0xf5, 0x06, 0x5f, 0xe8, 0xc9, 0x35, 0xb3, 0xf5, 0xd8, 0x1f, 0xc5 }; +const unsigned long ltc_dsa_private_test_key_sz = sizeof(ltc_dsa_private_test_key); /* private key - raw hexadecimal numbers */ static const char *hex_g = "3B92E4FF5929150B08995A7BF2AD1440556FA047FF9099B344B3D4FC451505AE6722439CBA3710A5894737ECCCF5AEADA8B47A35CB9D935CEDE6B07E9694C4A60C7DD6708A094F814A0EC213FBEB16BFEAA4F456FF723005DE8A443FBEC6852655D62D1D1EDB15DAA445833C1797980B8D87F3490D90BDA9AB676E87687223DC"; @@ -123,6 +124,20 @@ static unsigned char dsaparam_der[] = { }; +int dsa_key_cmp(const int should_type, const dsa_key *should, const dsa_key *is) +{ + if (should_type != is->type) return CRYPT_ERROR; + if (should_type == PK_PRIVATE) { + if (mp_cmp(should->x, is->x) != LTC_MP_EQ) return CRYPT_ERROR; + } + if (mp_cmp(should->y, is->y) != LTC_MP_EQ) return CRYPT_ERROR; + if (mp_cmp(should->g, is->g) != LTC_MP_EQ) return CRYPT_ERROR; + if (mp_cmp(should->p, is->p) != LTC_MP_EQ) return CRYPT_ERROR; + if (mp_cmp(should->q, is->q) != LTC_MP_EQ) return CRYPT_ERROR; + if (should->qord != is->qord) return CRYPT_ERROR; + return CRYPT_OK; +} + static int s_dsa_compat_test(void) { dsa_key key; @@ -132,11 +147,11 @@ static int s_dsa_compat_test(void) unsigned long key_lens[5]; int stat; - DO(dsa_import(openssl_priv_dsa, sizeof(openssl_priv_dsa), &key)); + DO(dsa_import(ltc_dsa_private_test_key, sizeof(ltc_dsa_private_test_key), &key)); x = sizeof(tmp); DO(dsa_export(tmp, &x, PK_PRIVATE | PK_STD, &key)); - DO(do_compare_testvector(tmp, x, openssl_priv_dsa, sizeof(openssl_priv_dsa), + DO(do_compare_testvector(tmp, x, ltc_dsa_private_test_key, sizeof(ltc_dsa_private_test_key), "DSA private export failed from dsa_import(priv_key)\n", __LINE__)); x = sizeof(tmp); @@ -172,7 +187,7 @@ static int s_dsa_compat_test(void) &key)); len = sizeof(buf); DO(dsa_export(buf, &len, PK_PRIVATE | PK_STD, &key)); - DO(do_compare_testvector(buf, len, openssl_priv_dsa, sizeof(openssl_priv_dsa), + DO(do_compare_testvector(buf, len, ltc_dsa_private_test_key, sizeof(ltc_dsa_private_test_key), "DSA private export failed from dsa_set_pqg() & dsa_set_key()\n", __LINE__)); dsa_free(&key); @@ -219,7 +234,7 @@ static int s_dsa_compat_test(void) &key)); len = sizeof(buf); DO(dsa_export(buf, &len, PK_PRIVATE | PK_STD, &key)); - DO(do_compare_testvector(buf, len, openssl_priv_dsa, sizeof(openssl_priv_dsa), + DO(do_compare_testvector(buf, len, ltc_dsa_private_test_key, sizeof(ltc_dsa_private_test_key), "DSA private export failed from dsa_set_pqg_dsaparam()\n", __LINE__)); dsa_free(&key); diff --git a/tests/ecc_test.c b/tests/ecc_test.c index 82bb79029..c31a50c03 100644 --- a/tests/ecc_test.c +++ b/tests/ecc_test.c @@ -4,6 +4,28 @@ #if defined(LTC_MECC) +const unsigned char ltc_ecc_long_pri_test_key[] = { /* private + long public, explicit curve params */ + 0x30, 0x82, 0x01, 0x13, 0x02, 0x01, 0x01, 0x04, 0x20, 0x0c, 0xf1, 0xad, 0x2f, 0x03, 0xf7, 0x91, + 0x1b, 0xba, 0x03, 0xcf, 0x23, 0x37, 0xc8, 0xf2, 0xf7, 0x36, 0xce, 0x65, 0xf1, 0x84, 0x2d, 0x7d, + 0x9f, 0x5f, 0x9e, 0x21, 0xd9, 0x5e, 0x49, 0xbd, 0x23, 0xa0, 0x81, 0xa5, 0x30, 0x81, 0xa2, 0x02, + 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2f, + 0x30, 0x06, 0x04, 0x01, 0x00, 0x04, 0x01, 0x07, 0x04, 0x41, 0x04, 0x79, 0xbe, 0x66, 0x7e, 0xf9, + 0xdc, 0xbb, 0xac, 0x55, 0xa0, 0x62, 0x95, 0xce, 0x87, 0x0b, 0x07, 0x02, 0x9b, 0xfc, 0xdb, 0x2d, + 0xce, 0x28, 0xd9, 0x59, 0xf2, 0x81, 0x5b, 0x16, 0xf8, 0x17, 0x98, 0x48, 0x3a, 0xda, 0x77, 0x26, + 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, + 0x85, 0x54, 0x19, 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, 0x02, 0x21, 0x00, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xba, 0xae, + 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41, 0x02, 0x01, + 0x01, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x2a, 0xf9, 0x0b, 0xda, 0xbe, 0x71, 0x66, 0x9e, 0xd1, + 0xcf, 0x12, 0xd0, 0x24, 0xaf, 0xba, 0xb6, 0x7f, 0xfb, 0x96, 0x27, 0x3e, 0x2f, 0xbd, 0x1e, 0xd5, + 0xf9, 0x8d, 0x6c, 0x73, 0x9d, 0xc5, 0x16, 0x91, 0xbd, 0xb2, 0xb9, 0x1b, 0x40, 0x10, 0x5a, 0xb7, + 0x6c, 0x6e, 0x32, 0x5b, 0xf7, 0x63, 0x62, 0x94, 0x24, 0x24, 0xdb, 0xec, 0x3f, 0x8b, 0xe5, 0x6e, + 0x4b, 0x64, 0x37, 0x31, 0x24, 0x79, 0x4d +}; +const unsigned long ltc_ecc_long_pri_test_key_sz = sizeof(ltc_ecc_long_pri_test_key); + static unsigned int sizes[] = { #ifdef LTC_ECC_SECP112R1 14, @@ -506,7 +528,7 @@ static int s_ecc_old_api(void) return CRYPT_OK; } -static int s_ecc_key_cmp(const int should_type, const ecc_key *should, const ecc_key *is) +int ecc_key_cmp(const int should_type, const ecc_key *should, const ecc_key *is) { if (should_type != is->type) return CRYPT_ERROR; if (should_type == PK_PRIVATE) { @@ -613,7 +635,7 @@ static int s_ecc_new_api(void) for (j = 0; j < 2*(1+(int)privkey.dp.cofactor); j++) { stat = ecc_recover_key(buf, len, data16, 16, j, LTC_ECCSIG_ANSIX962, &reckey); if (stat != CRYPT_OK) continue; /* last two will almost always fail, only possible if x<(prime mod order) */ - stat = s_ecc_key_cmp(PK_PUBLIC, &pubkey, &reckey); + stat = ecc_key_cmp(PK_PUBLIC, &pubkey, &reckey); if (stat == CRYPT_OK) found++; } if (found != 1) return CRYPT_FAIL_TESTVECTOR; /* unique match */ @@ -676,39 +698,20 @@ static int s_ecc_import_export(void) { # password protected - PBES1 openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v1 PBE-MD2-DES -out long_pri_pkcs8_pbe_md2_des.der openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v1 PBE-MD2-RC2-64 -out long_pri_pkcs8_pbe_md2_rc2_64.der - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v1 PBE-MD5-DES -out long_pri_pkcs8_pbe_md5_des.der - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v1 PBE-SHA1-RC2-64 -out long_pri_pkcs8_pbe_sha1_rc2_64.der - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v1 PBE-MD5-RC2-64 -out long_pri_pkcs8_pbe_md5_rc2_64.der - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v1 PBE-SHA1-DES -out long_pri_pkcs8_pbe_sha1_des.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v1 PBE-MD5-DES -out long_pri_pkcs8_pbe_md5_des.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v1 PBE-SHA1-RC2-64 -out long_pri_pkcs8_pbe_sha1_rc2_64.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v1 PBE-MD5-RC2-64 -out long_pri_pkcs8_pbe_md5_rc2_64.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v1 PBE-SHA1-DES -out long_pri_pkcs8_pbe_sha1_des.der # password protected - PBES2 - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v2 rc2 -out long_pri_pkcs8_pbkdf2_rc2_cbc.der - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v2 des -out long_pri_pkcs8_pbkdf2_des_cbc.der - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v2 des3 -out long_pri_pkcs8_pbkdf2_des_ede3_cbc.der - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v2 des3 -v2prf hmacWithSHA224 -out long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.der - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v2 des3 -v2prf hmacWithSHA256 -out long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.der - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v2 des3 -v2prf hmacWithSHA384 -out long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.der - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v2 des3 -v2prf hmacWithSHA512 -out long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v2 rc2 -out long_pri_pkcs8_pbkdf2_rc2_cbc.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v2 des -out long_pri_pkcs8_pbkdf2_des_cbc.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v2 des3 -out long_pri_pkcs8_pbkdf2_des_ede3_cbc.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v2 des3 -v2prf hmacWithSHA224 -out long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v2 des3 -v2prf hmacWithSHA256 -out long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v2 des3 -v2prf hmacWithSHA384 -out long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v2 des3 -v2prf hmacWithSHA512 -out long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.der */ - static const unsigned char long_pri[] = { /* private + long public, explicit curve params */ - 0x30, 0x82, 0x01, 0x13, 0x02, 0x01, 0x01, 0x04, 0x20, 0x0c, 0xf1, 0xad, 0x2f, 0x03, 0xf7, 0x91, - 0x1b, 0xba, 0x03, 0xcf, 0x23, 0x37, 0xc8, 0xf2, 0xf7, 0x36, 0xce, 0x65, 0xf1, 0x84, 0x2d, 0x7d, - 0x9f, 0x5f, 0x9e, 0x21, 0xd9, 0x5e, 0x49, 0xbd, 0x23, 0xa0, 0x81, 0xa5, 0x30, 0x81, 0xa2, 0x02, - 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2f, - 0x30, 0x06, 0x04, 0x01, 0x00, 0x04, 0x01, 0x07, 0x04, 0x41, 0x04, 0x79, 0xbe, 0x66, 0x7e, 0xf9, - 0xdc, 0xbb, 0xac, 0x55, 0xa0, 0x62, 0x95, 0xce, 0x87, 0x0b, 0x07, 0x02, 0x9b, 0xfc, 0xdb, 0x2d, - 0xce, 0x28, 0xd9, 0x59, 0xf2, 0x81, 0x5b, 0x16, 0xf8, 0x17, 0x98, 0x48, 0x3a, 0xda, 0x77, 0x26, - 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, - 0x85, 0x54, 0x19, 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, 0x02, 0x21, 0x00, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xba, 0xae, - 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41, 0x02, 0x01, - 0x01, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x2a, 0xf9, 0x0b, 0xda, 0xbe, 0x71, 0x66, 0x9e, 0xd1, - 0xcf, 0x12, 0xd0, 0x24, 0xaf, 0xba, 0xb6, 0x7f, 0xfb, 0x96, 0x27, 0x3e, 0x2f, 0xbd, 0x1e, 0xd5, - 0xf9, 0x8d, 0x6c, 0x73, 0x9d, 0xc5, 0x16, 0x91, 0xbd, 0xb2, 0xb9, 0x1b, 0x40, 0x10, 0x5a, 0xb7, - 0x6c, 0x6e, 0x32, 0x5b, 0xf7, 0x63, 0x62, 0x94, 0x24, 0x24, 0xdb, 0xec, 0x3f, 0x8b, 0xe5, 0x6e, - 0x4b, 0x64, 0x37, 0x31, 0x24, 0x79, 0x4d - }; + /* static const unsigned char ltc_ecc_long_pri_test_key[] defined globally */ static const unsigned char long_pri_pkcs8[] = { /* private + long public, explicit curve params, PKCS8 */ 0x30, 0x82, 0x01, 0x23, 0x02, 0x01, 0x00, 0x30, 0x81, 0xae, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x30, 0x81, 0xa2, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48, @@ -1338,144 +1341,144 @@ static int s_ecc_import_export(void) { /* import - raw keys */ DO(ecc_set_curve(cu, &key)); DO(ecc_set_key(raw_pri, sizeof(raw_pri), PK_PRIVATE, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); DO(ecc_set_curve(cu, &key)); DO(ecc_set_key(raw_pub, sizeof(raw_pub), PK_PUBLIC, &key)); - DO(s_ecc_key_cmp(PK_PUBLIC, &pub, &key)); + DO(ecc_key_cmp(PK_PUBLIC, &pub, &key)); ecc_free(&key); DO(ecc_set_curve(cu, &key)); DO(ecc_set_key(raw_pubc, sizeof(raw_pubc), PK_PUBLIC, &key)); - DO(s_ecc_key_cmp(PK_PUBLIC, &pub, &key)); + DO(ecc_key_cmp(PK_PUBLIC, &pub, &key)); ecc_free(&key); /* import - openssl compatible DER format */ - DO(ecc_import_openssl(long_pri, sizeof(long_pri), &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_import_openssl(ltc_ecc_long_pri_test_key, sizeof(ltc_ecc_long_pri_test_key), &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); DO(ecc_import_openssl(long_pric, sizeof(long_pric), &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); DO(ecc_import_openssl(long_pub, sizeof(long_pub), &key)); - DO(s_ecc_key_cmp(PK_PUBLIC, &pub, &key)); + DO(ecc_key_cmp(PK_PUBLIC, &pub, &key)); ecc_free(&key); DO(ecc_import_openssl(long_pubc, sizeof(long_pubc), &key)); - DO(s_ecc_key_cmp(PK_PUBLIC, &pub, &key)); + DO(ecc_key_cmp(PK_PUBLIC, &pub, &key)); ecc_free(&key); DO(ecc_import_openssl(short_pri, sizeof(short_pri), &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); DO(ecc_import_openssl(short_pric, sizeof(short_pric), &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); DO(ecc_import_openssl(short_pub, sizeof(short_pub), &key)); - DO(s_ecc_key_cmp(PK_PUBLIC, &pub, &key)); + DO(ecc_key_cmp(PK_PUBLIC, &pub, &key)); ecc_free(&key); DO(ecc_import_openssl(short_pubc, sizeof(short_pubc), &key)); - DO(s_ecc_key_cmp(PK_PUBLIC, &pub, &key)); + DO(ecc_key_cmp(PK_PUBLIC, &pub, &key)); ecc_free(&key); /* import - private PKCS8 format - no password */ DO(ecc_import_pkcs8(long_pri_pkcs8, sizeof(long_pri_pkcs8), NULL, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); DO(ecc_import_pkcs8(long_pric_pkcs8, sizeof(long_pric_pkcs8), NULL, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); DO(ecc_import_pkcs8(short_pri_pkcs8, sizeof(short_pri_pkcs8), NULL, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); DO(ecc_import_pkcs8(short_pric_pkcs8, sizeof(short_pric_pkcs8), NULL, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); /* import - private PKCS8 format - password protected (PBES1 algorithms) */ #ifdef LTC_MD2 DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md2_des, sizeof(long_pri_pkcs8_pbe_md2_des), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #ifdef LTC_MD5 DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md5_des, sizeof(long_pri_pkcs8_pbe_md5_des), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #ifdef LTC_SHA1 DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_sha1_des, sizeof(long_pri_pkcs8_pbe_sha1_des), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_RC2) && defined(LTC_MD2) DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md2_rc2_64, sizeof(long_pri_pkcs8_pbe_md2_rc2_64), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_RC2) && defined(LTC_MD5) DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md5_rc2_64, sizeof(long_pri_pkcs8_pbe_md5_rc2_64), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_RC2) && defined(LTC_SHA1) DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_sha1_rc2_64, sizeof(long_pri_pkcs8_pbe_sha1_rc2_64), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif /* import - private PKCS8 format - password protected (PBES2 algorithms) */ #if defined(LTC_RC2) DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_rc2_cbc, sizeof(long_pri_pkcs8_pbkdf2_rc2_cbc), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_DES) DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_des_cbc, sizeof(long_pri_pkcs8_pbkdf2_des_cbc), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_DES) DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_des_ede3_cbc), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_SHA224) && defined(LTC_DES) DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_SHA256) && defined(LTC_DES) DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_SHA384) && defined(LTC_DES) DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_SHA512) && defined(LTC_DES) DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif /* import - X.509 EC certificates */ DO(ecc_import_x509(x509_cert_long, sizeof(x509_cert_long), &key)); - DO(s_ecc_key_cmp(PK_PUBLIC, &pub, &key)); + DO(ecc_key_cmp(PK_PUBLIC, &pub, &key)); ecc_free(&key); DO(ecc_import_x509(x509_cert_longc, sizeof(x509_cert_longc), &key)); - DO(s_ecc_key_cmp(PK_PUBLIC, &pub, &key)); + DO(ecc_key_cmp(PK_PUBLIC, &pub, &key)); ecc_free(&key); DO(ecc_import_x509(x509_cert_short, sizeof(x509_cert_short), &key)); - DO(s_ecc_key_cmp(PK_PUBLIC, &pub, &key)); + DO(ecc_key_cmp(PK_PUBLIC, &pub, &key)); ecc_free(&key); DO(ecc_import_x509(x509_cert_shortc, sizeof(x509_cert_shortc), &key)); - DO(s_ecc_key_cmp(PK_PUBLIC, &pub, &key)); + DO(ecc_key_cmp(PK_PUBLIC, &pub, &key)); ecc_free(&key); /* export - openssl compatible DER format */ outlen = sizeof(out); DO(ecc_export_openssl(out, &outlen, PK_PRIVATE, &pri)); - if (compare_testvector(out, outlen, long_pri, sizeof(long_pri), "e-long_pri", 0)) return CRYPT_ERROR; + if (compare_testvector(out, outlen, ltc_ecc_long_pri_test_key, sizeof(ltc_ecc_long_pri_test_key), "e-ltc_ecc_long_pri_test_key", 0)) return CRYPT_ERROR; outlen = sizeof(out); DO(ecc_export_openssl(out, &outlen, PK_PRIVATE|PK_COMPRESSED, &pri)); if (compare_testvector(out, outlen, long_pric, sizeof(long_pric), "e-long_pric", 0)) return CRYPT_ERROR; @@ -1554,13 +1557,13 @@ static int s_ecc_test_recovery(void) DO(ecc_set_curve(dp, &reckey)); stat = ecc_recover_key(eth_sig, sizeof(eth_sig)-1, eth_hash, sizeof(eth_hash), 0, LTC_ECCSIG_RFC7518, &reckey); if (stat != CRYPT_OK) return CRYPT_FAIL_TESTVECTOR; - DO(s_ecc_key_cmp(PK_PUBLIC, &pubkey, &reckey)); + DO(ecc_key_cmp(PK_PUBLIC, &pubkey, &reckey)); ecc_free(&reckey); DO(ecc_set_curve(dp, &reckey)); stat = ecc_recover_key(eth_sig, sizeof(eth_sig), eth_hash, sizeof(eth_hash), -1, LTC_ECCSIG_ETH27, &reckey); if (stat != CRYPT_OK) return CRYPT_FAIL_TESTVECTOR; - DO(s_ecc_key_cmp(PK_PUBLIC, &pubkey, &reckey)); + DO(ecc_key_cmp(PK_PUBLIC, &pubkey, &reckey)); ecc_free(&reckey); ecc_free(&pubkey); @@ -1605,7 +1608,7 @@ static int s_ecc_test_recovery(void) DO(ecc_set_curve(dp, &reckey)); stat = ecc_recover_key(buf, len, data16, 16, recid, LTC_ECCSIG_RFC7518, &reckey); if (stat != CRYPT_OK) return CRYPT_FAIL_TESTVECTOR; - DO(s_ecc_key_cmp(PK_PUBLIC, &pubkey, &reckey)); + DO(ecc_key_cmp(PK_PUBLIC, &pubkey, &reckey)); /* cleanup */ ecc_free(&reckey); diff --git a/tests/pem_test.c b/tests/pem_test.c index 3c7837141..04f1e01b5 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -12,21 +12,66 @@ static int password_get(void **p, unsigned long *l, void *u) return 0; } +#if defined(LTC_MDSA) +static dsa_key s_dsa_key_should; +#endif +#if defined(LTC_MRSA) +static rsa_key s_rsa_key_should; +#endif +#if defined(LTC_MECC) +static ecc_key s_ecc_key_should; +#endif + static int s_pem_decode_filehandle(const void *in, unsigned long inlen, void *key) { password_ctx pw_ctx; + ltc_pka_key *key_ = key; + int err; pw_ctx.callback = password_get; - return pem_decode(in, inlen, key, &pw_ctx); + if ((err = pem_decode(in, inlen, key_, &pw_ctx)) != CRYPT_OK) { + return err; + } + switch (key_->id) { + case LTC_PKA_DSA: +#if defined(LTC_MDSA) + return dsa_key_cmp(PK_PRIVATE, &s_dsa_key_should, &key_->u.dsa); +#endif + break; + case LTC_PKA_RSA: +#if defined(LTC_MRSA) + return rsa_key_cmp(PK_PRIVATE, &s_rsa_key_should, &key_->u.rsa); +#endif + break; + case LTC_PKA_EC: +#if defined(LTC_MECC) + return ecc_key_cmp(PK_PRIVATE, &s_ecc_key_should, &key_->u.ecc); +#endif + break; + case LTC_PKA_CURVE25519: + return CRYPT_OK; + default: + return CRYPT_INVALID_ARG; + } + return CRYPT_INVALID_ARG; } static void s_pem_free_key(ltc_pka_key *key) { switch (key->id) { + case LTC_PKA_DSA: +#if defined(LTC_MDSA) + dsa_free(&key->u.dsa); +#endif + break; case LTC_PKA_RSA: +#if defined(LTC_MRSA) rsa_free(&key->u.rsa); +#endif break; case LTC_PKA_EC: +#if defined(LTC_MECC) ecc_free(&key->u.ecc); +#endif break; default: break; @@ -39,9 +84,30 @@ int pem_test(void) if (ltc_mp.name == NULL) return CRYPT_NOP; +#if defined(LTC_MDSA) + DO(dsa_import(ltc_dsa_private_test_key, ltc_dsa_private_test_key_sz, &s_dsa_key_should)); +#endif +#if defined(LTC_MRSA) + DO(rsa_import(ltc_rsa_private_test_key, ltc_rsa_private_test_key_sz, &s_rsa_key_should)); +#endif +#if defined(LTC_MECC) + DO(ecc_import_openssl(ltc_ecc_long_pri_test_key, ltc_ecc_long_pri_test_key_sz, &s_ecc_key_should)); +#endif + + DO(test_process_dir("tests/pem", &key, s_pem_decode_filehandle, (dir_cleanup_cb)s_pem_free_key, "pem_test")); DO(test_process_dir("tests/pem-ecc-pkcs8", &key, s_pem_decode_filehandle, (dir_cleanup_cb)s_pem_free_key, "pem_test+ecc")); +#if defined(LTC_MDSA) + dsa_free(&s_dsa_key_should); +#endif +#if defined(LTC_MRSA) + rsa_free(&s_rsa_key_should); +#endif +#if defined(LTC_MECC) + ecc_free(&s_ecc_key_should); +#endif + return 0; } diff --git a/tests/rsa_test.c b/tests/rsa_test.c index 8abcf350d..25f83def2 100644 --- a/tests/rsa_test.c +++ b/tests/rsa_test.c @@ -11,7 +11,7 @@ #endif /* These are test keys [see file test.key] that I use to test my import/export against */ -static const unsigned char openssl_private_rsa[] = { +const unsigned char ltc_rsa_private_test_key[] = { 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xcf, 0x9a, 0xde, 0x64, 0x8a, 0xda, 0xc8, 0x33, 0x20, 0xa9, 0xd7, 0x83, 0x31, 0x19, 0x54, 0xb2, 0x9a, 0x85, 0xa7, 0xa1, 0xb7, 0x75, 0x33, 0xb6, 0xa9, 0xac, 0x84, 0x24, 0xb3, 0xde, 0xdb, 0x7d, 0x85, 0x2d, 0x96, 0x65, 0xe5, @@ -52,6 +52,8 @@ static const unsigned char openssl_private_rsa[] = { 0x78, 0x18, 0x5a, 0x79, 0x3d, 0x2e, 0x8e, 0x7e, 0x86, 0x0a, 0xe6, 0xa8, 0x33, 0xc1, 0x04, 0x17, 0x4a, 0x9f, }; +const unsigned long ltc_rsa_private_test_key_sz = sizeof(ltc_rsa_private_test_key); + static const char x509_public_rsa[] = "MIICdTCCAd4CCQCYjCwz0l9JpjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJD\ WjEPMA0GA1UECAwGTW9yYXZhMQ0wCwYDVQQHDARCcm5vMRAwDgYDVQQKDAdMVEMg\ @@ -184,7 +186,7 @@ static int rsa_compat_test(void) unsigned long len, key_lens[8]; /* try reading the key */ - DO(rsa_import(openssl_private_rsa, sizeof(openssl_private_rsa), &key)); + DO(rsa_import(ltc_rsa_private_test_key, sizeof(ltc_rsa_private_test_key), &key)); DO(rsa_import(openssl_public_rsa, sizeof(openssl_public_rsa), &pubkey)); /* sign-verify a message with PKCS #1 v1.5 no ASN.1 */ @@ -205,7 +207,7 @@ static int rsa_compat_test(void) /* now try to export private/public and compare */ len = sizeof(buf); DO(rsa_export(buf, &len, PK_PRIVATE, &key)); - DO(do_compare_testvector(buf, len, openssl_private_rsa, sizeof(openssl_private_rsa), "RSA private export (from OpenSSL)", 0)); + DO(do_compare_testvector(buf, len, ltc_rsa_private_test_key, sizeof(ltc_rsa_private_test_key), "RSA private export (from OpenSSL)", 0)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PUBLIC, &key)); @@ -230,7 +232,7 @@ static int rsa_compat_test(void) DO(rsa_import_pkcs8(pkcs8_private_rsa, sizeof(pkcs8_private_rsa), NULL, &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PRIVATE, &key)); - DO(do_compare_testvector(buf, len, openssl_private_rsa, sizeof(openssl_private_rsa), "RSA private export (from PKCS#8)", 0)); + DO(do_compare_testvector(buf, len, ltc_rsa_private_test_key, sizeof(ltc_rsa_private_test_key), "RSA private export (from PKCS#8)", 0)); rsa_free(&key); /* convert raw hexadecimal numbers to binary */ @@ -244,7 +246,7 @@ static int rsa_compat_test(void) DO(rsa_set_crt_params(key_parts[pk_dP], key_lens[pk_dP], key_parts[pk_dQ], key_lens[pk_dQ], key_parts[pk_qP], key_lens[pk_qP], &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PRIVATE, &key)); - DO(do_compare_testvector(buf, len, openssl_private_rsa, sizeof(openssl_private_rsa), "RSA private export (from hex)", 0)); + DO(do_compare_testvector(buf, len, ltc_rsa_private_test_key, sizeof(ltc_rsa_private_test_key), "RSA private export (from hex)", 0)); rsa_free(&key); /* try import public key from converted raw hexadecimal numbers */ @@ -264,7 +266,7 @@ static int rsa_compat_test(void) return 0; } -static int s_rsa_key_cmp(const int should_type, const rsa_key *should, const rsa_key *is) +int rsa_key_cmp(const int should_type, const rsa_key *should, const rsa_key *is) { if(should_type != is->type) return CRYPT_ERROR; @@ -348,21 +350,21 @@ static int s_rsa_issue_301(int prng_idx) DO(rsa_export(buf, &len, PK_PRIVATE, &key)); DO(rsa_import(buf, len, &key_in)); - DO(s_rsa_key_cmp(PK_PRIVATE, &key, &key_in)); + DO(rsa_key_cmp(PK_PRIVATE, &key, &key_in)); rsa_free(&key_in); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PUBLIC, &key)); DO(rsa_import(buf, len, &key_in)); - DO(s_rsa_key_cmp(PK_PUBLIC, &key, &key_in)); + DO(rsa_key_cmp(PK_PUBLIC, &key, &key_in)); rsa_free(&key_in); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PUBLIC | PK_STD, &key)); DO(rsa_import(buf, len, &key_in)); - DO(s_rsa_key_cmp(PK_PUBLIC, &key, &key_in)); + DO(rsa_key_cmp(PK_PUBLIC, &key, &key_in)); rsa_free(&key_in); rsa_free(&key); From b7a3db07fa6a205a1201ef97c97572c2c6d6d2e2 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sun, 16 Jan 2022 16:21:44 +0100 Subject: [PATCH 19/33] add file-iterator to `test_process_dir()` Signed-off-by: Steffen Jaeckel --- tests/common.c | 39 +++++++++++++++++++++++++++------------ tests/common.h | 5 +++-- tests/der_test.c | 2 +- tests/pem_test.c | 33 +++++++++++++++++++-------------- tests/rsa_test.c | 4 ++-- 5 files changed, 52 insertions(+), 31 deletions(-) diff --git a/tests/common.c b/tests/common.c index 41ac7d08d..b61a350bc 100644 --- a/tests/common.c +++ b/tests/common.c @@ -95,16 +95,30 @@ static DIR *s_opendir(const char *path, char *mypath, unsigned long l) return d; } -int test_process_dir(const char *path, void *ctx, dir_iter_cb process, dir_cleanup_cb cleanup, const char *test) +static int s_read_and_process(FILE *f, unsigned long sz, void *ctx, dir_iter_cb process) +{ + int err = CRYPT_OK; + void* buf = XMALLOC(sz); + if (buf == NULL) + return CRYPT_MEM; + if (fread(buf, 1, sz, f) != sz) { + err = CRYPT_ERROR; + goto out; + } + err = process(buf, sz, ctx); +out: + XFREE(buf); + return err; +} + +int test_process_dir(const char *path, void *ctx, dir_iter_cb iter, dir_fiter_cb fiter, dir_cleanup_cb cleanup, const char *test) { char mypath[PATH_MAX]; DIR *d = s_opendir(path, mypath, sizeof(mypath)); struct dirent *de; char fname[PATH_MAX]; - void* buf = NULL; FILE *f = NULL; off_t fsz; - unsigned long sz; int err = CRYPT_FILE_NOTFOUND; if (d == NULL) return CRYPT_FILE_NOTFOUND; @@ -124,14 +138,18 @@ int test_process_dir(const char *path, void *ctx, dir_iter_cb process, dir_clean fprintf(stderr, "%s: Try to process %s\n", test, fname); #endif f = fopen(fname, "rb"); - sz = fsz; - buf = XMALLOC(fsz); - if (fread(buf, 1, sz, f) != sz) { - err = CRYPT_ERROR; - break; + + if (iter) { + err = s_read_and_process(f, fsz, ctx, iter); + } else if (fiter) { + err = fiter(f, ctx); + } else { + err = CRYPT_NOP; +#if defined(LTC_TEST_DBG) && LTC_TEST_DBG > 1 + fprintf(stderr, "%s: No call-back set for %s\n", test, fname); +#endif } - err = process(buf, sz, ctx); if (err == CRYPT_NOP) { #if defined(LTC_TEST_DBG) && LTC_TEST_DBG > 1 fprintf(stderr, "%s: Skip: %s\n", test, fname); @@ -150,12 +168,9 @@ int test_process_dir(const char *path, void *ctx, dir_iter_cb process, dir_clean } continue_loop: - XFREE(buf); - buf = NULL; fclose(f); f = NULL; } - if (buf != NULL) XFREE(buf); if (f != NULL) fclose(f); closedir(d); return err; diff --git a/tests/common.h b/tests/common.h index a2ffd0fd0..f8c38b732 100644 --- a/tests/common.h +++ b/tests/common.h @@ -40,13 +40,14 @@ int ecc_key_cmp(const int should_type, const ecc_key *should, const ecc_key *is) #define COMPARE_TESTVECTOR(i, il, s, sl, wa, wi) do { DO(do_compare_testvector((i), (il), (s), (sl), (wa), (wi))); } while(0) -#if !((defined(_WIN32) || defined(_WIN32_WCE)) && !defined(__GNUC__)) +#if !((defined(_WIN32) || defined(_WIN32_WCE)) && !defined(__GNUC__)) && !defined(LTC_NO_FILE) #define LTC_TEST_READDIR typedef int (*dir_iter_cb)(const void *d, unsigned long l, void* ctx); +typedef int (*dir_fiter_cb)(FILE *f, void* ctx); typedef void (*dir_cleanup_cb)(void* ctx); -int test_process_dir(const char *path, void *ctx, dir_iter_cb iter, dir_cleanup_cb cleanup, const char *test); +int test_process_dir(const char *path, void *ctx, dir_iter_cb iter, dir_fiter_cb fiter, dir_cleanup_cb cleanup, const char *test); #endif void run_cmd(int res, int line, const char *file, const char *cmd, const char *algorithm); diff --git a/tests/der_test.c b/tests/der_test.c index 86adbcda4..70ef19ac5 100644 --- a/tests/der_test.c +++ b/tests/der_test.c @@ -1664,7 +1664,7 @@ int der_test(void) der_Xcode_test(); #ifdef LTC_TEST_READDIR - DO(test_process_dir("tests/asn1", &list, s_der_decode_sequence_flexi, NULL, "DER ASN.1 special cases")); + DO(test_process_dir("tests/asn1", &list, s_der_decode_sequence_flexi, NULL, NULL, "DER ASN.1 special cases")); #endif der_custom_test(); diff --git a/tests/pem_test.c b/tests/pem_test.c index 04f1e01b5..6de338325 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -22,29 +22,22 @@ static rsa_key s_rsa_key_should; static ecc_key s_ecc_key_should; #endif -static int s_pem_decode_filehandle(const void *in, unsigned long inlen, void *key) +static int s_key_cmp(ltc_pka_key *key) { - password_ctx pw_ctx; - ltc_pka_key *key_ = key; - int err; - pw_ctx.callback = password_get; - if ((err = pem_decode(in, inlen, key_, &pw_ctx)) != CRYPT_OK) { - return err; - } - switch (key_->id) { + switch (key->id) { case LTC_PKA_DSA: #if defined(LTC_MDSA) - return dsa_key_cmp(PK_PRIVATE, &s_dsa_key_should, &key_->u.dsa); + return dsa_key_cmp(PK_PRIVATE, &s_dsa_key_should, &key->u.dsa); #endif break; case LTC_PKA_RSA: #if defined(LTC_MRSA) - return rsa_key_cmp(PK_PRIVATE, &s_rsa_key_should, &key_->u.rsa); + return rsa_key_cmp(PK_PRIVATE, &s_rsa_key_should, &key->u.rsa); #endif break; case LTC_PKA_EC: #if defined(LTC_MECC) - return ecc_key_cmp(PK_PRIVATE, &s_ecc_key_should, &key_->u.ecc); + return ecc_key_cmp(PK_PRIVATE, &s_ecc_key_should, &key->u.ecc); #endif break; case LTC_PKA_CURVE25519: @@ -55,6 +48,17 @@ static int s_pem_decode_filehandle(const void *in, unsigned long inlen, void *ke return CRYPT_INVALID_ARG; } +static int s_pem_decode(const void *in, unsigned long inlen, void *key) +{ + password_ctx pw_ctx; + int err; + pw_ctx.callback = password_get; + if ((err = pem_decode(in, inlen, key, &pw_ctx)) != CRYPT_OK) { + return err; + } + return s_key_cmp(key); +} + static void s_pem_free_key(ltc_pka_key *key) { switch (key->id) { @@ -95,8 +99,9 @@ int pem_test(void) #endif - DO(test_process_dir("tests/pem", &key, s_pem_decode_filehandle, (dir_cleanup_cb)s_pem_free_key, "pem_test")); - DO(test_process_dir("tests/pem-ecc-pkcs8", &key, s_pem_decode_filehandle, (dir_cleanup_cb)s_pem_free_key, "pem_test+ecc")); + DO(test_process_dir("tests/pem", &key, s_pem_decode, NULL, (dir_cleanup_cb)s_pem_free_key, "pem_test")); + DO(test_process_dir("tests/pem-ecc-pkcs8", &key, s_pem_decode, NULL, (dir_cleanup_cb)s_pem_free_key, "pem_test+ecc")); + DO(test_process_dir("tests/ssh", &key, s_pem_decode_ssh, NULL, (dir_cleanup_cb)s_pem_free_key, "pem_test+ssh")); #if defined(LTC_MDSA) dsa_free(&s_dsa_key_should); diff --git a/tests/rsa_test.c b/tests/rsa_test.c index 25f83def2..347093429 100644 --- a/tests/rsa_test.c +++ b/tests/rsa_test.c @@ -475,9 +475,9 @@ int rsa_test(void) } #ifdef LTC_TEST_READDIR - DO(test_process_dir("tests/rsa", &key, s_rsa_import_x509, (dir_cleanup_cb)rsa_free, "rsa_test")); + DO(test_process_dir("tests/rsa", &key, s_rsa_import_x509, NULL, (dir_cleanup_cb)rsa_free, "rsa_test")); #if defined(LTC_MD2) && defined(LTC_MD5) && defined(LTC_RC2) - DO(test_process_dir("tests/rsa-pkcs8", &key, s_rsa_import_pkcs8, (dir_cleanup_cb)rsa_free, "rsa_pkcs8_test")); + DO(test_process_dir("tests/rsa-pkcs8", &key, s_rsa_import_pkcs8, NULL, (dir_cleanup_cb)rsa_free, "rsa_pkcs8_test")); #endif #endif From c27a375845b33de449576731bf07cd41c875bcc3 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sun, 16 Jan 2022 16:22:04 +0100 Subject: [PATCH 20/33] also test FILE-based PEM API's Signed-off-by: Steffen Jaeckel --- tests/pem_test.c | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/tests/pem_test.c b/tests/pem_test.c index 6de338325..8e3b5a3af 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -4,6 +4,30 @@ #if defined(LTC_PEM) && defined(LTC_TEST_READDIR) && !defined(LTC_EASY) +#ifdef LTC_SSH + +static int password_get_ssh(void **p, unsigned long *l, void *u) +{ + LTC_UNUSED_PARAM(u); + *p = strdup("abc123"); + *l = 6; + return 0; +} +static int s_pem_decode_ssh(const void *in, unsigned long inlen, void *key) +{ + password_ctx pw_ctx; + pw_ctx.callback = password_get_ssh; + return pem_decode_openssh(in, inlen, key, &pw_ctx); +} +static int s_pem_decode_ssh_f(FILE *f, void *key) +{ + password_ctx pw_ctx; + pw_ctx.callback = password_get_ssh; + return pem_decode_openssh_filehandle(f, key, &pw_ctx); +} + +#endif + static int password_get(void **p, unsigned long *l, void *u) { LTC_UNUSED_PARAM(u); @@ -59,6 +83,17 @@ static int s_pem_decode(const void *in, unsigned long inlen, void *key) return s_key_cmp(key); } +static int s_pem_decode_f(FILE *f, void *key) +{ + password_ctx pw_ctx; + int err; + pw_ctx.callback = password_get; + if ((err = pem_decode_filehandle(f, key, &pw_ctx)) != CRYPT_OK) { + return err; + } + return s_key_cmp(key); +} + static void s_pem_free_key(ltc_pka_key *key) { switch (key->id) { @@ -100,8 +135,13 @@ int pem_test(void) DO(test_process_dir("tests/pem", &key, s_pem_decode, NULL, (dir_cleanup_cb)s_pem_free_key, "pem_test")); + DO(test_process_dir("tests/pem", &key, NULL, s_pem_decode_f, (dir_cleanup_cb)s_pem_free_key, "pem_test_filehandle")); DO(test_process_dir("tests/pem-ecc-pkcs8", &key, s_pem_decode, NULL, (dir_cleanup_cb)s_pem_free_key, "pem_test+ecc")); + DO(test_process_dir("tests/pem-ecc-pkcs8", &key, NULL, s_pem_decode_f, (dir_cleanup_cb)s_pem_free_key, "pem_test_filehandle+ecc")); +#ifdef LTC_SSH DO(test_process_dir("tests/ssh", &key, s_pem_decode_ssh, NULL, (dir_cleanup_cb)s_pem_free_key, "pem_test+ssh")); + DO(test_process_dir("tests/ssh", &key, NULL, s_pem_decode_ssh_f, (dir_cleanup_cb)s_pem_free_key, "pem_test_filehandle+ssh")); +#endif #if defined(LTC_MDSA) dsa_free(&s_dsa_key_should); From ad4e1411510a88c8f2750e8531b6332bad873d56 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sat, 22 Jan 2022 15:25:21 +0100 Subject: [PATCH 21/33] split-up into multiple C files ... and slightly optimize multiple things, e.g. `DEK-Info` decoding Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_misc.h | 4 +- src/headers/tomcrypt_private.h | 20 +- src/misc/pem/pem.c | 67 ++++++ src/misc/pem/pem_decode.c | 420 --------------------------------- src/misc/pem/pem_pkcs.c | 198 ++++++++++++++++ src/misc/pem/pem_read.c | 202 ++++++++++++++++ tests/pem_test.c | 4 +- 7 files changed, 488 insertions(+), 427 deletions(-) create mode 100644 src/misc/pem/pem.c delete mode 100644 src/misc/pem/pem_decode.c create mode 100644 src/misc/pem/pem_pkcs.c create mode 100644 src/misc/pem/pem_read.c diff --git a/src/headers/tomcrypt_misc.h b/src/headers/tomcrypt_misc.h index 4fcdadd68..ce81da8b0 100644 --- a/src/headers/tomcrypt_misc.h +++ b/src/headers/tomcrypt_misc.h @@ -160,8 +160,8 @@ int padding_depad(const unsigned char *data, unsigned long *length, unsigned lon #endif /* LTC_PADDING */ #ifdef LTC_PEM -int pem_decode_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx); -int pem_decode(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx); +int pem_decode_pkcs_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx); +int pem_decode_pkcs(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx); #ifdef LTC_SSH int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx); diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 4848dff51..ceb56d46b 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -252,6 +252,7 @@ int base64_encode_pem(const unsigned char *in, unsigned long inlen, /* PEM related */ +#ifdef LTC_PEM struct password { /* usually a `char*` but could also contain binary data * so use a `void*` + length to be on the safe side. @@ -275,7 +276,12 @@ struct str { #define SET_STR(n, s) n.p = s, n.len = XSTRLEN(s) #define SET_CSTR(n, s) n.p = (char*)s, n.len = XSTRLEN(s) #define COPY_STR(n, s, l) do { XMEMCPY(n.p, s, l); n.len = l; } while(0) -#define FREE_STR(n) do { n.p = NULL; n.len = 0; } while(0) +#define RESET_STR(n) do { n.p = NULL; n.len = 0; } while(0) + +struct dek_info_from_str { + const struct str id; + struct dek_info info; +}; enum more_headers { no, @@ -299,14 +305,21 @@ struct pem_headers { struct password *pw; }; +extern const struct pem_header_id pem_std_headers[]; +extern const unsigned long pem_std_headers_num; +extern const struct str pem_proc_type_encrypted; +extern const struct str pem_dek_info_start; +extern const struct dek_info_from_str pem_dek_infos[]; +extern const unsigned long pem_dek_infos_num; + struct bufp { /* `end` points to one byte after the last * element of the allocated buffer */ - char *p, *r, *end; + char *start, *work, *end; }; -#define SET_BUFP(n, d, l) n.p = (char*)d, n.r = (char*)d, n.end = (char*)d + l + 1 +#define SET_BUFP(n, d, l) n.start = (char*)d, n.work = (char*)d, n.end = (char*)d + l + 1 struct get_char { int (*get)(struct get_char*); @@ -317,6 +330,7 @@ struct get_char { struct str unget_buf; char unget_buf_[LTC_PEM_DECODE_BUFSZ]; }; +#endif /* others */ diff --git a/src/misc/pem/pem.c b/src/misc/pem/pem.c new file mode 100644 index 000000000..678590b41 --- /dev/null +++ b/src/misc/pem/pem.c @@ -0,0 +1,67 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + +/** + @file pem.c + Const declarations for PEM, Steffen Jaeckel +*/ + +#ifdef LTC_PEM + +const struct pem_header_id pem_std_headers[] = { + { + /* PKCS#8 encrypted */ + SET_CSTR(.start, "-----BEGIN ENCRYPTED PRIVATE KEY-----"), + SET_CSTR(.end, "-----END ENCRYPTED PRIVATE KEY-----"), + .has_more_headers = no, + .encrypted = 1, + .pkcs8 = 1, + }, + { + /* PKCS#8 plain */ + SET_CSTR(.start, "-----BEGIN PRIVATE KEY-----"), + SET_CSTR(.end, "-----END PRIVATE KEY-----"), + .has_more_headers = no, + .pkcs8 = 1, + }, + /* Regular plain or encrypted private keys */ + { + SET_CSTR(.start, "-----BEGIN RSA PRIVATE KEY-----"), + SET_CSTR(.end, "-----END RSA PRIVATE KEY-----"), + .has_more_headers = maybe, + .pka = LTC_PKA_RSA, + }, + { + SET_CSTR(.start, "-----BEGIN EC PRIVATE KEY-----"), + SET_CSTR(.end, "-----END EC PRIVATE KEY-----"), + .has_more_headers = maybe, + .pka = LTC_PKA_EC, + }, + { + SET_CSTR(.start, "-----BEGIN DSA PRIVATE KEY-----"), + SET_CSTR(.end, "-----END DSA PRIVATE KEY-----"), + .has_more_headers = maybe, + .pka = LTC_PKA_DSA, + }, +}; +const unsigned long pem_std_headers_num = sizeof(pem_std_headers)/sizeof(pem_std_headers[0]); + + +/* Encrypted PEM files */ +const struct str pem_proc_type_encrypted = { SET_CSTR(, "Proc-Type: 4,ENCRYPTED") }; +const struct str pem_dek_info_start = { SET_CSTR(, "DEK-Info: ") }; +const struct dek_info_from_str pem_dek_infos[] = + { + { SET_CSTR(.id, "AES-128-CBC,"), .info.alg = "aes", .info.keylen = 128 / 8, }, + { SET_CSTR(.id, "AES-192-CBC,"), .info.alg = "aes", .info.keylen = 192 / 8, }, + { SET_CSTR(.id, "AES-256-CBC,"), .info.alg = "aes", .info.keylen = 256 / 8, }, + { SET_CSTR(.id, "CAMELLIA-128-CBC,"), .info.alg = "camellia", .info.keylen = 128 / 8, }, + { SET_CSTR(.id, "CAMELLIA-192-CBC,"), .info.alg = "camellia", .info.keylen = 192 / 8, }, + { SET_CSTR(.id, "CAMELLIA-256-CBC,"), .info.alg = "camellia", .info.keylen = 256 / 8, }, + { SET_CSTR(.id, "DES-EDE3-CBC,"), .info.alg = "3des", .info.keylen = 192 / 8, }, + { SET_CSTR(.id, "DES-CBC,"), .info.alg = "des", .info.keylen = 64 / 8, }, + }; +const unsigned long pem_dek_infos_num = sizeof(pem_dek_infos)/sizeof(pem_dek_infos[0]); + +#endif /* LTC_PEM */ diff --git a/src/misc/pem/pem_decode.c b/src/misc/pem/pem_decode.c deleted file mode 100644 index cc6a35eb8..000000000 --- a/src/misc/pem/pem_decode.c +++ /dev/null @@ -1,420 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ -#include "tomcrypt_private.h" - -/** - @file pem_decode.c - Decode and import a PEM file, Steffen Jaeckel -*/ - -#ifdef LTC_PEM - -struct dek_info_from_str { - const struct str id; - struct dek_info info; -}; - -/* Encrypted PEM files */ -static const struct str proc_type_encrypted = { SET_CSTR(, "Proc-Type: 4,ENCRYPTED") }; -static const struct dek_info_from_str dek_infos[] = - { - { SET_CSTR(.id, "DEK-Info: AES-128-CBC,"), .info.alg = "aes", .info.keylen = 128 / 8, }, - { SET_CSTR(.id, "DEK-Info: AES-192-CBC,"), .info.alg = "aes", .info.keylen = 192 / 8, }, - { SET_CSTR(.id, "DEK-Info: AES-256-CBC,"), .info.alg = "aes", .info.keylen = 256 / 8, }, - { SET_CSTR(.id, "DEK-Info: CAMELLIA-128-CBC,"), .info.alg = "camellia", .info.keylen = 128 / 8, }, - { SET_CSTR(.id, "DEK-Info: CAMELLIA-192-CBC,"), .info.alg = "camellia", .info.keylen = 192 / 8, }, - { SET_CSTR(.id, "DEK-Info: CAMELLIA-256-CBC,"), .info.alg = "camellia", .info.keylen = 256 / 8, }, - { SET_CSTR(.id, "DEK-Info: DES-EDE3-CBC,"), .info.alg = "3des", .info.keylen = 192 / 8, }, - { SET_CSTR(.id, "DEK-Info: DES-CBC,"), .info.alg = "des", .info.keylen = 64 / 8, }, - }; - -static int s_decrypt_pem(unsigned char *pem, unsigned long *l, const struct pem_headers *hdr) -{ - unsigned char iv[MAXBLOCKSIZE], key[MAXBLOCKSIZE]; - unsigned long ivlen, klen; - int err; - symmetric_CBC cbc_ctx; - - if (hdr->info.keylen > sizeof(key)) { - return CRYPT_BUFFER_OVERFLOW; - } - if (!hdr->pw->pw) { - return CRYPT_INVALID_ARG; - } - - ivlen = sizeof(iv); - if ((err = base16_decode(hdr->info.iv, XSTRLEN(hdr->info.iv), iv, &ivlen)) != CRYPT_OK) { - return err; - } - klen = hdr->info.keylen; - if ((err = pkcs_5_alg1_openssl(hdr->pw->pw, hdr->pw->l, iv, 1, find_hash("md5"), key, &klen))) { - return err; - } - - if ((err = cbc_start(find_cipher(hdr->info.alg), iv, key, klen, 0, &cbc_ctx)) != CRYPT_OK) { - goto error_out; - } - if ((err = cbc_decrypt(pem, pem, *l, &cbc_ctx)) != CRYPT_OK) { - goto error_out; - } - if ((err = cbc_done(&cbc_ctx)) != CRYPT_OK) { - goto error_out; - } - if ((err = padding_depad(pem, l, LTC_PAD_PKCS7 | cbc_ctx.blocklen)) != CRYPT_OK) { - goto error_out; - } - -error_out: - zeromem(key, sizeof(key)); - zeromem(iv, sizeof(iv)); - return err; -} - -int pem_get_char_from_file(struct get_char *g) -{ - return getc(g->f); -} - -int pem_get_char_from_buf(struct get_char *g) -{ - int ret; - if (g->buf.r == g->buf.end) { - return -1; - } - ret = *g->buf.r; - g->buf.r++; - return ret; -} - -static void s_unget_line(char *buf, unsigned long buflen, struct get_char *g) -{ - if (buflen > sizeof(g->unget_buf_)) - return; - g->unget_buf.p = g->unget_buf_; - COPY_STR(g->unget_buf, buf, buflen); -} - -static char* s_get_line(char *buf, unsigned long *buflen, struct get_char *g) -{ - unsigned long blen = 0; - int c = -1, c_; - if (g->unget_buf.p) { - if (*buflen < g->unget_buf.len) { - return NULL; - } - XMEMCPY(buf, g->unget_buf.p, g->unget_buf.len); - *buflen = g->unget_buf.len; - FREE_STR(g->unget_buf); - return buf; - } - while(blen < *buflen) { - c_ = c; - c = g->get(g); - if (c == '\n') { - buf[blen] = '\0'; - if (c_ == '\r') { - buf[--blen] = '\0'; - } - *buflen = blen; - return buf; - } - if (c == -1 || c == '\0') { - buf[blen] = '\0'; - *buflen = blen; - return buf; - } - buf[blen] = c; - blen++; - } - return NULL; -} - -static LTC_INLINE int s_fits_buf(void *dest, unsigned long to_write, void *end) -{ - unsigned char *d = dest; - unsigned char *e = end; - unsigned char *w = d + to_write; - if (w < d || w > e) - return 0; - return 1; -} - -static int s_pem_decode_headers(struct pem_headers *hdr, struct get_char *g) -{ - char buf[LTC_PEM_DECODE_BUFSZ]; - unsigned long slen, tmplen, n; - int has_more_headers = hdr->id->has_more_headers == no ? 0 : 3; - - /* Make sure the PEM has the appropriate extension headers if required. - * - * ``` - * Proc-Type: 4,ENCRYPTED[\r]\n - * DEK-Info: ,[\r]\n - * [\r]\n - * ``` - */ - while (has_more_headers) { - slen = sizeof(buf); - if (!s_get_line(buf, &slen, g) || (has_more_headers > 1 && slen == 0)) { - return CRYPT_INVALID_PACKET; - } - switch (has_more_headers) { - case 3: - if (XMEMCMP(buf, proc_type_encrypted.p, proc_type_encrypted.len)) { - s_unget_line(buf, slen, g); - if (hdr->id->has_more_headers == maybe) - return CRYPT_OK; - else - return CRYPT_INVALID_PACKET; - } - hdr->encrypted = 1; - break; - case 2: - hdr->info.alg = NULL; - for (n = 0; n < sizeof(dek_infos)/sizeof(dek_infos[0]); ++n) { - if (slen >= dek_infos[n].id.len && !XMEMCMP(buf, dek_infos[n].id.p, dek_infos[n].id.len)) { - hdr->info = dek_infos[n].info; - tmplen = XSTRLEN(buf + dek_infos[n].id.len); - if (tmplen > sizeof(hdr->info.iv)) - return CRYPT_INVALID_KEYSIZE; - XMEMCPY(hdr->info.iv, buf + dek_infos[n].id.len, tmplen); - break; - } - } - if (hdr->info.alg == NULL) { - return CRYPT_INVALID_CIPHER; - } - break; - case 1: - /* Make sure that there's an empty line in between */ - if (buf[0] != '\0') - return CRYPT_INVALID_PACKET; - break; - default: - return CRYPT_INVALID_CIPHER; - } - has_more_headers--; - } - return CRYPT_OK; -} - -int pem_read(void *pem, unsigned long *w, struct pem_headers *hdr, struct get_char *g) -{ - char buf[LTC_PEM_DECODE_BUFSZ]; - char *wpem = pem; - char *end = wpem + *w; - unsigned long slen, linelen; - int err, hdr_ok = 0; - int would_overflow = 0; - - linelen = sizeof(buf); - if (s_get_line(buf, &linelen, g) == NULL) { - return CRYPT_INVALID_PACKET; - } - if (hdr->id->start.len != linelen || XMEMCMP(buf, hdr->id->start.p, hdr->id->start.len)) { - s_unget_line(buf, linelen, g); - return CRYPT_INVALID_PACKET; - } - - hdr->encrypted = hdr->id->encrypted; - if ((err = s_pem_decode_headers(hdr, g)) != CRYPT_OK) - return err; - - /* Read the base64 encoded part of the PEM */ - slen = sizeof(buf); - while (s_get_line(buf, &slen, g)) { - if (slen == hdr->id->end.len && !XMEMCMP(buf, hdr->id->end.p, slen)) { - hdr_ok = 1; - break; - } - if (!would_overflow && s_fits_buf(wpem, slen, end)) { - XMEMCPY(wpem, buf, slen); - } else { - would_overflow = 1; - } - wpem += slen; - slen = sizeof(buf); - } - if (!hdr_ok) - return CRYPT_INVALID_PACKET; - - if (would_overflow || !s_fits_buf(wpem, 1, end)) { - /* NUL termination */ - wpem++; - /* prevent a wrap-around */ - if (wpem < (char*)pem) - return CRYPT_OVERFLOW; - *w = wpem - (char*)pem; - return CRYPT_BUFFER_OVERFLOW; - } - - *w = wpem - (char*)pem; - *wpem++ = '\0'; - - if ((err = base64_strict_decode(pem, *w, pem, w)) != CRYPT_OK) { - return err; - } - return CRYPT_OK; -} - -static const struct pem_header_id pem_std_headers[] = { - { - /* PKCS#8 encrypted */ - SET_CSTR(.start, "-----BEGIN ENCRYPTED PRIVATE KEY-----"), - SET_CSTR(.end, "-----END ENCRYPTED PRIVATE KEY-----"), - .has_more_headers = no, - .encrypted = 1, - .pkcs8 = 1, - }, - { - /* PKCS#8 plain */ - SET_CSTR(.start, "-----BEGIN PRIVATE KEY-----"), - SET_CSTR(.end, "-----END PRIVATE KEY-----"), - .has_more_headers = no, - .pkcs8 = 1, - }, - /* Regular plain or encrypted private keys */ - { - SET_CSTR(.start, "-----BEGIN RSA PRIVATE KEY-----"), - SET_CSTR(.end, "-----END RSA PRIVATE KEY-----"), - .has_more_headers = maybe, - .pka = LTC_PKA_RSA, - }, - { - SET_CSTR(.start, "-----BEGIN EC PRIVATE KEY-----"), - SET_CSTR(.end, "-----END EC PRIVATE KEY-----"), - .has_more_headers = maybe, - .pka = LTC_PKA_EC, - }, - { - SET_CSTR(.start, "-----BEGIN DSA PRIVATE KEY-----"), - SET_CSTR(.end, "-----END DSA PRIVATE KEY-----"), - .has_more_headers = maybe, - .pka = LTC_PKA_DSA, - }, -}; -typedef int (*pkcs8_import)(const unsigned char *in, unsigned long inlen, - password_ctx *pw_ctx, - void *key); -typedef struct { - enum ltc_oid_id id; - pkcs8_import fn; -} p8_import_st; - -static int s_decode(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) -{ - unsigned char *pem = NULL; - unsigned long w, l, n; - int err = CRYPT_ERROR; - struct pem_headers hdr = { 0 }; - struct password pw; - ltc_asn1_list *p8_asn1 = NULL; - w = LTC_PEM_READ_BUFSIZE * 2; -retry: - pem = XREALLOC(pem, w); - for (n = 0; n < sizeof(pem_std_headers)/sizeof(pem_std_headers[0]); ++n) { - hdr.id = &pem_std_headers[n]; - err = pem_read(pem, &w, &hdr, g); - if (err == CRYPT_BUFFER_OVERFLOW) { - goto retry; - } else if (err == CRYPT_OK) { - break; - } - hdr.id = NULL; - } - /* id not found */ - if (hdr.id == NULL) - goto cleanup; - l = w; - if (hdr.id->pkcs8) { - enum ltc_oid_id pka; - ltc_asn1_list *alg_id, *priv_key; - if ((err = pkcs8_decode_flexi(pem, l, pw_ctx, &p8_asn1)) != CRYPT_OK) { - goto cleanup; - } - if ((err = pkcs8_get_children(p8_asn1, &pka, &alg_id, &priv_key)) != CRYPT_OK) { - goto cleanup; - } - switch (pka) { - case LTC_OID_DSA: - err = dsa_import_pkcs8_asn1(alg_id, priv_key, &k->u.dsa); - k->id = LTC_PKA_DSA; - break; - case LTC_OID_RSA: - err = rsa_import_pkcs8_asn1(alg_id, priv_key, &k->u.rsa); - k->id = LTC_PKA_RSA; - break; - case LTC_OID_EC: - err = ecc_import_pkcs8_asn1(alg_id, priv_key, &k->u.ecc); - k->id = LTC_PKA_EC; - break; - case LTC_OID_ED25519: - err = ed25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.curve25519); - k->id = LTC_PKA_CURVE25519; - break; - case LTC_OID_X25519: - err = x25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.curve25519); - k->id = LTC_PKA_CURVE25519; - break; - default: - err = CRYPT_PK_INVALID_TYPE; - } - goto cleanup; - } else if (hdr.encrypted) { - LTC_ARGCHK(pw_ctx != NULL); - LTC_ARGCHK(pw_ctx->callback != NULL); - - hdr.pw = &pw; - if (pw_ctx->callback(&hdr.pw->pw, &hdr.pw->l, pw_ctx->userdata)) { - err = CRYPT_ERROR; - goto cleanup; - } - - if ((err = s_decrypt_pem(pem, &l, &hdr)) != CRYPT_OK) { - goto cleanup; - } - } - switch (hdr.id->pka) { - case LTC_OID_DSA: - err = dsa_import(pem, l, &k->u.dsa); - k->id = LTC_PKA_DSA; - break; - case LTC_OID_RSA: - err = rsa_import(pem, l, &k->u.rsa); - k->id = LTC_PKA_RSA; - break; - case LTC_OID_EC: - err = ecc_import_openssl(pem, l, &k->u.ecc); - k->id = LTC_PKA_EC; - break; - default: - err = CRYPT_PK_INVALID_TYPE; - goto cleanup; - } - -cleanup: - if (p8_asn1) { - der_sequence_free(p8_asn1); - } - if (hdr.pw) { - zeromem(hdr.pw->pw, hdr.pw->l); - XFREE(hdr.pw->pw); - } - XFREE(pem); - return err; -} - -int pem_decode_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx) -{ - struct get_char g = { .get = pem_get_char_from_file, .f = f }; - return s_decode(&g, k, pw_ctx); -} - -int pem_decode(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx) -{ - struct get_char g = { .get = pem_get_char_from_buf, SET_BUFP(.buf, buf, len) }; - return s_decode(&g, k, pw_ctx); - -} - -#endif /* LTC_PEM */ diff --git a/src/misc/pem/pem_pkcs.c b/src/misc/pem/pem_pkcs.c new file mode 100644 index 000000000..8160f682d --- /dev/null +++ b/src/misc/pem/pem_pkcs.c @@ -0,0 +1,198 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + +/** + @file pem_decode.c + Decode a PEM file, Steffen Jaeckel +*/ + +#ifdef LTC_PEM + +static int s_decrypt_pem(unsigned char *pem, unsigned long *l, const struct pem_headers *hdr) +{ + unsigned char iv[MAXBLOCKSIZE], key[MAXBLOCKSIZE]; + unsigned long ivlen, klen; + int err; + symmetric_CBC cbc_ctx; + + if (hdr->info.keylen > sizeof(key)) { + return CRYPT_BUFFER_OVERFLOW; + } + if (!hdr->pw->pw) { + return CRYPT_INVALID_ARG; + } + + ivlen = sizeof(iv); + if ((err = base16_decode(hdr->info.iv, XSTRLEN(hdr->info.iv), iv, &ivlen)) != CRYPT_OK) { + return err; + } + klen = hdr->info.keylen; + if ((err = pkcs_5_alg1_openssl(hdr->pw->pw, hdr->pw->l, iv, 1, find_hash("md5"), key, &klen))) { + return err; + } + + if ((err = cbc_start(find_cipher(hdr->info.alg), iv, key, klen, 0, &cbc_ctx)) != CRYPT_OK) { + goto error_out; + } + if ((err = cbc_decrypt(pem, pem, *l, &cbc_ctx)) != CRYPT_OK) { + goto error_out; + } + if ((err = cbc_done(&cbc_ctx)) != CRYPT_OK) { + goto error_out; + } + if ((err = padding_depad(pem, l, LTC_PAD_PKCS7 | cbc_ctx.blocklen)) != CRYPT_OK) { + goto error_out; + } + +error_out: + zeromem(key, sizeof(key)); + zeromem(iv, sizeof(iv)); + return err; +} +typedef int (*pkcs8_import)(const unsigned char *in, unsigned long inlen, + password_ctx *pw_ctx, + void *key); +typedef struct { + enum ltc_oid_id id; + pkcs8_import fn; +} p8_import_st; + +static int s_decode(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) +{ + unsigned char *pem = NULL; + unsigned long w, l, n; + int err = CRYPT_ERROR; + struct pem_headers hdr = { 0 }; + struct password pw; + ltc_asn1_list *p8_asn1 = NULL; + w = LTC_PEM_READ_BUFSIZE * 2; +retry: + pem = XREALLOC(pem, w); + for (n = 0; n < pem_std_headers_num; ++n) { + hdr.id = &pem_std_headers[n]; + err = pem_read(pem, &w, &hdr, g); + if (err == CRYPT_BUFFER_OVERFLOW) { + goto retry; + } else if (err == CRYPT_OK) { + break; + } + hdr.id = NULL; + } + /* id not found */ + if (hdr.id == NULL) + goto cleanup; + l = w; + if (hdr.id->pkcs8) { + enum ltc_oid_id pka; + ltc_asn1_list *alg_id, *priv_key; + if ((err = pkcs8_decode_flexi(pem, l, pw_ctx, &p8_asn1)) != CRYPT_OK) { + goto cleanup; + } + if ((err = pkcs8_get_children(p8_asn1, &pka, &alg_id, &priv_key)) != CRYPT_OK) { + goto cleanup; + } + switch (pka) { +#ifdef LTC_MDSA + case LTC_OID_DSA: + err = dsa_import_pkcs8_asn1(alg_id, priv_key, &k->u.dsa); + k->id = LTC_PKA_DSA; + break; +#endif +#ifdef LTC_MRSA + case LTC_OID_RSA: + err = rsa_import_pkcs8_asn1(alg_id, priv_key, &k->u.rsa); + k->id = LTC_PKA_RSA; + break; +#endif +#ifdef LTC_MECC + case LTC_OID_EC: + err = ecc_import_pkcs8_asn1(alg_id, priv_key, &k->u.ecc); + k->id = LTC_PKA_EC; + break; +#endif +#ifdef LTC_CURVE25519 + case LTC_OID_ED25519: + err = ed25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.curve25519); + k->id = LTC_PKA_CURVE25519; + break; + case LTC_OID_X25519: + err = x25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.curve25519); + k->id = LTC_PKA_CURVE25519; + break; +#endif + default: + err = CRYPT_PK_INVALID_TYPE; + } + goto cleanup; + } else if (hdr.encrypted) { + LTC_ARGCHK(pw_ctx != NULL); + LTC_ARGCHK(pw_ctx->callback != NULL); + + hdr.pw = &pw; + if (pw_ctx->callback(&hdr.pw->pw, &hdr.pw->l, pw_ctx->userdata)) { + err = CRYPT_ERROR; + goto cleanup; + } + + if ((err = s_decrypt_pem(pem, &l, &hdr)) != CRYPT_OK) { + goto cleanup; + } + } + switch (hdr.id->pka) { +#ifdef LTC_MDSA + case LTC_OID_DSA: + err = dsa_import(pem, l, &k->u.dsa); + k->id = LTC_PKA_DSA; + break; +#endif +#ifdef LTC_MRSA + case LTC_OID_RSA: + err = rsa_import(pem, l, &k->u.rsa); + k->id = LTC_PKA_RSA; + break; +#endif +#ifdef LTC_MECC + case LTC_OID_EC: + err = ecc_import_openssl(pem, l, &k->u.ecc); + k->id = LTC_PKA_EC; + break; +#endif + default: + err = CRYPT_PK_INVALID_TYPE; + goto cleanup; + } + +cleanup: + if (p8_asn1) { + der_sequence_free(p8_asn1); + } + if (hdr.pw) { + zeromem(hdr.pw->pw, hdr.pw->l); + XFREE(hdr.pw->pw); + } + XFREE(pem); + return err; +} + +int pem_decode_pkcs_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx) +{ + LTC_ARGCHK(f != NULL); + LTC_ARGCHK(k != NULL); + { + struct get_char g = { .get = pem_get_char_from_file, .f = f }; + return s_decode(&g, k, pw_ctx); + } +} + +int pem_decode_pkcs(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx) +{ + LTC_ARGCHK(buf != NULL); + LTC_ARGCHK(k != NULL); + { + struct get_char g = { .get = pem_get_char_from_buf, SET_BUFP(.buf, buf, len) }; + return s_decode(&g, k, pw_ctx); + } +} + +#endif /* LTC_PEM */ diff --git a/src/misc/pem/pem_read.c b/src/misc/pem/pem_read.c new file mode 100644 index 000000000..a8183c245 --- /dev/null +++ b/src/misc/pem/pem_read.c @@ -0,0 +1,202 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + +/** + @file pem_read.c + Read and interpret a PEM file, Steffen Jaeckel +*/ + +#ifdef LTC_PEM + +int pem_get_char_from_file(struct get_char *g) +{ + return getc(g->f); +} + +int pem_get_char_from_buf(struct get_char *g) +{ + int ret; + if (g->buf.work == g->buf.end) { + return -1; + } + ret = *g->buf.work; + g->buf.work++; + return ret; +} + +static void s_unget_line(char *buf, unsigned long buflen, struct get_char *g) +{ + if (buflen > sizeof(g->unget_buf_)) + return; + g->unget_buf.p = g->unget_buf_; + COPY_STR(g->unget_buf, buf, buflen); +} + +static char* s_get_line(char *buf, unsigned long *buflen, struct get_char *g) +{ + unsigned long blen = 0; + int c = -1, c_; + if (g->unget_buf.p) { + if (*buflen < g->unget_buf.len) { + return NULL; + } + XMEMCPY(buf, g->unget_buf.p, g->unget_buf.len); + *buflen = g->unget_buf.len; + RESET_STR(g->unget_buf); + return buf; + } + while(blen < *buflen) { + c_ = c; + c = g->get(g); + if (c == '\n') { + buf[blen] = '\0'; + if (c_ == '\r') { + buf[--blen] = '\0'; + } + *buflen = blen; + return buf; + } + if (c == -1 || c == '\0') { + buf[blen] = '\0'; + *buflen = blen; + return buf; + } + buf[blen] = c; + blen++; + } + return NULL; +} + +static LTC_INLINE int s_fits_buf(void *dest, unsigned long to_write, void *end) +{ + unsigned char *d = dest; + unsigned char *e = end; + unsigned char *w = d + to_write; + if (w < d || w > e) + return 0; + return 1; +} + +static int s_pem_decode_headers(struct pem_headers *hdr, struct get_char *g) +{ + char buf[LTC_PEM_DECODE_BUFSZ], *alg_start; + unsigned long slen, tmplen, n; + int has_more_headers = hdr->id->has_more_headers == no ? 0 : 3; + + /* Make sure the PEM has the appropriate extension headers if required. + * + * ``` + * Proc-Type: 4,ENCRYPTED[\r]\n + * DEK-Info: ,[\r]\n + * [\r]\n + * ``` + */ + while (has_more_headers) { + slen = sizeof(buf); + if (!s_get_line(buf, &slen, g) || (has_more_headers > 1 && slen == 0)) { + return CRYPT_INVALID_PACKET; + } + switch (has_more_headers) { + case 3: + if (XMEMCMP(buf, pem_proc_type_encrypted.p, pem_proc_type_encrypted.len)) { + s_unget_line(buf, slen, g); + if (hdr->id->has_more_headers == maybe) + return CRYPT_OK; + else + return CRYPT_INVALID_PACKET; + } + hdr->encrypted = 1; + break; + case 2: + hdr->info.alg = NULL; + if (XMEMCMP(buf, pem_dek_info_start.p, pem_dek_info_start.len)) + return CRYPT_INVALID_PACKET; + alg_start = &buf[pem_dek_info_start.len]; + for (n = 0; n < pem_dek_infos_num; ++n) { + if (slen >= pem_dek_infos[n].id.len + pem_dek_info_start.len && !XMEMCMP(alg_start, pem_dek_infos[n].id.p, pem_dek_infos[n].id.len)) { + hdr->info = pem_dek_infos[n].info; + tmplen = XSTRLEN(alg_start + pem_dek_infos[n].id.len); + if (tmplen > sizeof(hdr->info.iv)) + return CRYPT_INVALID_KEYSIZE; + XMEMCPY(hdr->info.iv, alg_start + pem_dek_infos[n].id.len, tmplen); + break; + } + } + if (hdr->info.alg == NULL) { + return CRYPT_INVALID_CIPHER; + } + break; + case 1: + /* Make sure that there's an empty line in between */ + if (buf[0] != '\0') + return CRYPT_INVALID_PACKET; + break; + default: + return CRYPT_INVALID_CIPHER; + } + has_more_headers--; + } + return CRYPT_OK; +} + +int pem_read(void *pem, unsigned long *w, struct pem_headers *hdr, struct get_char *g) +{ + char buf[LTC_PEM_DECODE_BUFSZ]; + char *wpem = pem; + char *end = wpem + *w; + unsigned long slen, linelen; + int err, hdr_ok = 0; + int would_overflow = 0; + + linelen = sizeof(buf); + if (s_get_line(buf, &linelen, g) == NULL) { + return CRYPT_INVALID_PACKET; + } + if (hdr->id->start.len != linelen || XMEMCMP(buf, hdr->id->start.p, hdr->id->start.len)) { + s_unget_line(buf, linelen, g); + return CRYPT_INVALID_PACKET; + } + + hdr->encrypted = hdr->id->encrypted; + if ((err = s_pem_decode_headers(hdr, g)) != CRYPT_OK) + return err; + + /* Read the base64 encoded part of the PEM */ + slen = sizeof(buf); + while (s_get_line(buf, &slen, g)) { + if (slen == hdr->id->end.len && !XMEMCMP(buf, hdr->id->end.p, slen)) { + hdr_ok = 1; + break; + } + if (!would_overflow && s_fits_buf(wpem, slen, end)) { + XMEMCPY(wpem, buf, slen); + } else { + would_overflow = 1; + } + wpem += slen; + slen = sizeof(buf); + } + if (!hdr_ok) + return CRYPT_INVALID_PACKET; + + if (would_overflow || !s_fits_buf(wpem, 1, end)) { + /* NUL termination */ + wpem++; + /* prevent a wrap-around */ + if (wpem < (char*)pem) + return CRYPT_OVERFLOW; + *w = wpem - (char*)pem; + return CRYPT_BUFFER_OVERFLOW; + } + + *w = wpem - (char*)pem; + *wpem++ = '\0'; + + if ((err = base64_strict_decode(pem, *w, pem, w)) != CRYPT_OK) { + return err; + } + return CRYPT_OK; +} + +#endif /* LTC_PEM */ diff --git a/tests/pem_test.c b/tests/pem_test.c index 8e3b5a3af..e98660449 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -77,7 +77,7 @@ static int s_pem_decode(const void *in, unsigned long inlen, void *key) password_ctx pw_ctx; int err; pw_ctx.callback = password_get; - if ((err = pem_decode(in, inlen, key, &pw_ctx)) != CRYPT_OK) { + if ((err = pem_decode_pkcs(in, inlen, key, &pw_ctx)) != CRYPT_OK) { return err; } return s_key_cmp(key); @@ -88,7 +88,7 @@ static int s_pem_decode_f(FILE *f, void *key) password_ctx pw_ctx; int err; pw_ctx.callback = password_get; - if ((err = pem_decode_filehandle(f, key, &pw_ctx)) != CRYPT_OK) { + if ((err = pem_decode_pkcs_filehandle(f, key, &pw_ctx)) != CRYPT_OK) { return err; } return s_key_cmp(key); From 2016e3b2139dee359e86b0c3f114db499b2e6abd Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 13 Sep 2022 12:02:15 +0200 Subject: [PATCH 22/33] add support for DH keys Signed-off-by: Steffen Jaeckel # Conflicts: # src/pk/dh/dh_import.c # src/pk/dh/dh_set.c # src/pk/dh/dh_set_pg_dhparam.c --- src/headers/tomcrypt_pk.h | 2 + src/headers/tomcrypt_private.h | 3 ++ src/misc/pem/pem_pkcs.c | 6 +++ src/pk/asn1/oid/pk_get.c | 1 + src/pk/dh/dh.c | 15 ++++++ src/pk/dh/dh_import.c | 2 +- src/pk/dh/dh_import_pkcs8.c | 87 ++++++++++++++++++++++++++++++++++ src/pk/dh/dh_set.c | 5 +- src/pk/dh/dh_set_pg_dhparam.c | 2 +- tests/pem/dh-encrypted.pk8 | 11 +++++ tests/pem/dh.pk8 | 9 ++++ tests/pem_test.c | 6 +++ 12 files changed, 145 insertions(+), 4 deletions(-) create mode 100644 src/pk/dh/dh_import_pkcs8.c create mode 100644 tests/pem/dh-encrypted.pk8 create mode 100644 tests/pem/dh.pk8 diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 2493561ad..3cf0475e8 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -143,6 +143,8 @@ int dh_get_groupsize(const dh_key *key); int dh_export(unsigned char *out, unsigned long *outlen, int type, const dh_key *key); int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key); +int dh_import_pkcs8(const unsigned char *in, unsigned long inlen, + const password_ctx *pw_ctx, dh_key *key); int dh_set_pg(const unsigned char *p, unsigned long plen, const unsigned char *g, unsigned long glen, diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index ceb56d46b..9f99feb7a 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -52,6 +52,7 @@ enum ltc_oid_id { LTC_OID_EC_PRIMEF, LTC_OID_X25519, LTC_OID_ED25519, + LTC_OID_DH, }; /* @@ -369,7 +370,9 @@ int rsa_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, rsa_ke #ifdef LTC_MDH extern const ltc_dh_set_type ltc_dh_sets[]; +int dh_init(dh_key *key); int dh_check_pubkey(const dh_key *key); +int dh_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, dh_key *key); #endif /* LTC_MDH */ /* ---- ECC Routines ---- */ diff --git a/src/misc/pem/pem_pkcs.c b/src/misc/pem/pem_pkcs.c index 8160f682d..3c6522fad 100644 --- a/src/misc/pem/pem_pkcs.c +++ b/src/misc/pem/pem_pkcs.c @@ -93,6 +93,12 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) goto cleanup; } switch (pka) { +#ifdef LTC_MDH + case LTC_OID_DH: + err = dh_import_pkcs8_asn1(alg_id, priv_key, &k->u.dh); + k->id = LTC_PKA_DH; + break; +#endif #ifdef LTC_MDSA case LTC_OID_DSA: err = dsa_import_pkcs8_asn1(alg_id, priv_key, &k->u.dsa); diff --git a/src/pk/asn1/oid/pk_get.c b/src/pk/asn1/oid/pk_get.c index 1fc72a130..4d00d3d69 100644 --- a/src/pk/asn1/oid/pk_get.c +++ b/src/pk/asn1/oid/pk_get.c @@ -17,6 +17,7 @@ static const oid_table_entry pka_oids[] = { { LTC_OID_EC_PRIMEF, LTC_PKA_EC, "1.2.840.10045.1.1" }, { LTC_OID_X25519, LTC_PKA_CURVE25519, "1.3.101.110" }, { LTC_OID_ED25519, LTC_PKA_CURVE25519, "1.3.101.112" }, + { LTC_OID_DH, LTC_PKA_DH, "1.2.840.113549.1.3.1" }, }; /* diff --git a/src/pk/dh/dh.c b/src/pk/dh/dh.c index 277ce3026..471d215ce 100644 --- a/src/pk/dh/dh.c +++ b/src/pk/dh/dh.c @@ -224,4 +224,19 @@ int dh_get_groupsize(const dh_key *key) return mp_unsigned_bin_size(key->prime); } +/** + Init a DH key + @param key The DH key to initialize + @return CRYPT_OK if successful +*/ +int dh_init(dh_key *key) +{ + int err; + LTC_ARGCHK(key != NULL); + if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, LTC_NULL)) != CRYPT_OK) { + return err; + } + return CRYPT_OK; +} + #endif /* LTC_MDH */ diff --git a/src/pk/dh/dh_import.c b/src/pk/dh/dh_import.c index a067a3275..8be75e259 100644 --- a/src/pk/dh/dh_import.c +++ b/src/pk/dh/dh_import.c @@ -22,7 +22,7 @@ int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key) LTC_ARGCHK(key != NULL); /* init */ - if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, LTC_NULL)) != CRYPT_OK) { + if ((err = dh_init(key)) != CRYPT_OK) { return err; } diff --git a/src/pk/dh/dh_import_pkcs8.c b/src/pk/dh/dh_import_pkcs8.c new file mode 100644 index 000000000..431b05eea --- /dev/null +++ b/src/pk/dh/dh_import_pkcs8.c @@ -0,0 +1,87 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ + +#include "tomcrypt_private.h" + +#ifdef LTC_MDH + +int dh_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, dh_key *key) +{ + int err; + + LTC_ARGCHK(key != NULL); + + if (!alg_id->child || + !LTC_ASN1_IS_TYPE(alg_id->child->next, LTC_ASN1_SEQUENCE) || + !LTC_ASN1_IS_TYPE(alg_id->child->next->child, LTC_ASN1_INTEGER) || + !LTC_ASN1_IS_TYPE(alg_id->child->next->child->next, LTC_ASN1_INTEGER)) { + return CRYPT_PK_INVALID_TYPE; + } + + if ((err = dh_init(key)) != CRYPT_OK) { + return err; + } + + if ((err = mp_copy(alg_id->child->next->child->data, key->prime)) != CRYPT_OK) { + goto error; + } + if ((err = mp_copy(alg_id->child->next->child->next->data, key->base)) != CRYPT_OK) { + goto error; + } + + if ((err = der_decode_integer(priv_key->data, priv_key->size, key->x)) != CRYPT_OK) { + goto error; + } + /* compute public key: y = (base ^ x) mod prime */ + if ((err = mp_exptmod(key->base, key->x, key->prime, key->y)) != CRYPT_OK) { + goto error; + } + /* check public key */ + if ((err = dh_check_pubkey(key)) != CRYPT_OK) { + goto error; + } + key->type = PK_PRIVATE; + + return CRYPT_OK; +error: + dh_free(key); + return err; +} + +/** + Import a DH key in PKCS#8 format + @param in The packet to import from + @param inlen It's length (octets) + @param pw_ctx The password context when decrypting the private key + @param key [out] Destination for newly imported key + @return CRYPT_OK if successful, on error all allocated memory is freed automatically +*/ +int dh_import_pkcs8(const unsigned char *in, unsigned long inlen, + const password_ctx *pw_ctx, dh_key *key) +{ + int err; + ltc_asn1_list *l = NULL; + ltc_asn1_list *alg_id, *priv_key; + enum ltc_oid_id pka; + + LTC_ARGCHK(in != NULL); + + if ((err = pkcs8_decode_flexi(in, inlen, pw_ctx, &l)) != CRYPT_OK) { + return err; + } + if ((err = pkcs8_get_children(l, &pka, &alg_id, &priv_key)) != CRYPT_OK) { + goto LBL_DER_FREE; + } + if (pka != LTC_OID_DH) { + err = CRYPT_INVALID_PACKET; + goto LBL_DER_FREE; + } + + err = dh_import_pkcs8_asn1(alg_id, priv_key, key); + +LBL_DER_FREE: + der_free_sequence_flexi(l); + return err; +} + +#endif /* LTC_MDH */ diff --git a/src/pk/dh/dh_set.c b/src/pk/dh/dh_set.c index e25db0899..f81bf3810 100644 --- a/src/pk/dh/dh_set.c +++ b/src/pk/dh/dh_set.c @@ -26,7 +26,7 @@ int dh_set_pg(const unsigned char *p, unsigned long plen, LTC_ARGCHK(g != NULL); LTC_ARGCHK(ltc_mp.name != NULL); - if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, LTC_NULL)) != CRYPT_OK) { + if ((err = dh_init(key)) != CRYPT_OK) { return err; } @@ -58,9 +58,10 @@ int dh_set_pg_groupsize(int groupsize, dh_key *key) for (i = 0; (groupsize > ltc_dh_sets[i].size) && (ltc_dh_sets[i].size != 0); i++); if (ltc_dh_sets[i].size == 0) return CRYPT_INVALID_KEYSIZE; - if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, LTC_NULL)) != CRYPT_OK) { + if ((err = dh_init(key)) != CRYPT_OK) { return err; } + if ((err = mp_read_radix(key->base, ltc_dh_sets[i].base, 16)) != CRYPT_OK) { goto LBL_ERR; } if ((err = mp_read_radix(key->prime, ltc_dh_sets[i].prime, 16)) != CRYPT_OK) { goto LBL_ERR; } diff --git a/src/pk/dh/dh_set_pg_dhparam.c b/src/pk/dh/dh_set_pg_dhparam.c index 1f2fb3b93..4d254fd27 100644 --- a/src/pk/dh/dh_set_pg_dhparam.c +++ b/src/pk/dh/dh_set_pg_dhparam.c @@ -24,7 +24,7 @@ int dh_set_pg_dhparam(const unsigned char *dhparam, unsigned long dhparamlen, dh LTC_ARGCHK(dhparam != NULL); LTC_ARGCHK(dhparamlen > 0); - if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, LTC_NULL)) != CRYPT_OK) { + if ((err = dh_init(key)) != CRYPT_OK) { return err; } if ((err = der_decode_sequence_multi(dhparam, dhparamlen, diff --git a/tests/pem/dh-encrypted.pk8 b/tests/pem/dh-encrypted.pk8 new file mode 100644 index 000000000..a7e313fc4 --- /dev/null +++ b/tests/pem/dh-encrypted.pk8 @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBjTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI+JYkd4NoIU4CAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBCNnY9OuYIvCurJu9sEYkz6BIIB +MGzX4GwCvBQV/dOiy0PvbY443xkKZHPTtNbirE+9NLVVrTI7EUQv5UO5Xl0wVHje +R4hADBzpIKAd0zjsGYfMQ6rEabIdO4R+UBKoibTgyOzt7Y5Ge/4+pYy14bMFeZ44 +6OaP6jXRsn1/DIi0mxcBo9eDfZX3FzgANWiDvFA2VWC+qEbsm4JBB8uDJ+aWtjyR +mct/FXzGHwi+IGuPBzo9dIywisW4whmBwh1XpFBMxjmMLqWInuUailAkIARJ0w04 +GdGZ6HYlKmsTvAKv4WRK+EnwZ8JmBiVl6ulcX8k1zbrT2ElyBUCFneMktFKULE1l +myVMuAQCuuGfWdquegqLOyvgK6S9p3wfVyzkney8qBN07WZHE+UUW8AQrZS6J5nS +wSAjBu3wmDmDo7AWEQZFMK4= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem/dh.pk8 b/tests/pem/dh.pk8 new file mode 100644 index 000000000..0bd393f00 --- /dev/null +++ b/tests/pem/dh.pk8 @@ -0,0 +1,9 @@ +-----BEGIN PRIVATE KEY----- +MIIBIQIBADCBlQYJKoZIhvcNAQMBMIGHAoGBANL7HwrNQcDtDCkqzYxzMCFLFCdJ +qkp7v5RtqHzNM+5VQZp/xo2BzWF5PLJQ9ssE5QYtl7zQGM8eK1Z4/ACKwm2GJR4d +5kkr3SCbK2zoedDj/LJy1xBWjtRa81W6LtBAnEH7w5hgwJiPPFbc5X2i2uv6bcRk +wk7SBstON/Nn+7KLAgECBIGDAoGAceccNmflU1P1oAb6pyQoWKokZXdkwSepQo65 +Fub3B2YW9/qI7DHiSskfQptl4ifeQRFGwq11kqsNUI+mcdGODs1r5MUZ99g1Bh3u +X3XOfTgZoyDY5uHwBLl6HndN/QcJ+nq9y3URt4ltklQQ3WFPzHTdJNg9qBeLqNVe +GaFVEJo= +-----END PRIVATE KEY----- diff --git a/tests/pem_test.c b/tests/pem_test.c index e98660449..85bca1f0e 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -65,6 +65,7 @@ static int s_key_cmp(ltc_pka_key *key) #endif break; case LTC_PKA_CURVE25519: + case LTC_PKA_DH: return CRYPT_OK; default: return CRYPT_INVALID_ARG; @@ -97,6 +98,11 @@ static int s_pem_decode_f(FILE *f, void *key) static void s_pem_free_key(ltc_pka_key *key) { switch (key->id) { + case LTC_PKA_DH: +#if defined(LTC_MDH) + dh_free(&key->u.dh); +#endif + break; case LTC_PKA_DSA: #if defined(LTC_MDSA) dsa_free(&key->u.dsa); From de28bef5486db40addcf10ee846a09f805fce1c2 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 17 Mar 2022 11:56:12 +0100 Subject: [PATCH 23/33] disable PEM support on MSVC If someone wants to fix builds on MSVC, please step forward. Until then the library can still be used on Windows via `mingw-gcc`. Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_custom.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h index 265d1fd87..12881174a 100644 --- a/src/headers/tomcrypt_custom.h +++ b/src/headers/tomcrypt_custom.h @@ -765,4 +765,11 @@ #undef LTC_ECC521 #endif +/* MSVC can't build PEM */ +#if defined(LTC_PEM) && defined(_MSC_VER) +#undef LTC_PEM +#undef LTC_PEM_DECODE_BUFSZ +#undef LTC_PEM_READ_BUFSIZE +#endif + #endif /* TOMCRYPT_CUSTOM_H_ */ From 0876e564c9343951447fe9634befc18eedee7b0a Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 4 Aug 2022 15:11:23 +0200 Subject: [PATCH 24/33] clean-up a bit * more `const` correctness * take `LTC_NO_FILE` into account * only declare `extern` variables where they're required * ensure keys don't contain stale data * ensure input arguments are valid * add `CRYPT_PW_CTX_MISSING` error code * fix documentation Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt.h | 3 ++- src/headers/tomcrypt_misc.h | 8 +++---- src/headers/tomcrypt_private.h | 11 ++++----- src/misc/error_to_string.c | 2 ++ src/misc/pem/pem_pkcs.c | 19 +++++++++++----- src/misc/pem/pem_read.c | 7 ++++++ src/misc/pem/pem_ssh.c | 31 +++++++++++++++++--------- src/pk/asn1/pkcs8/pkcs8_decode_flexi.c | 6 +++-- src/pk/rsa/rsa_key.c | 2 +- 9 files changed, 59 insertions(+), 30 deletions(-) diff --git a/src/headers/tomcrypt.h b/src/headers/tomcrypt.h index c310a8ce4..05dedd37b 100644 --- a/src/headers/tomcrypt.h +++ b/src/headers/tomcrypt.h @@ -72,7 +72,8 @@ enum { CRYPT_INVALID_PRIME_SIZE,/* Invalid size of prime requested */ CRYPT_PK_INVALID_PADDING, /* Invalid padding on input */ - CRYPT_HASH_OVERFLOW /* Hash applied to too many bits */ + CRYPT_HASH_OVERFLOW, /* Hash applied to too many bits */ + CRYPT_PW_CTX_MISSING, /* Password context to decrypt key file is missing */ }; #include "tomcrypt_cfg.h" diff --git a/src/headers/tomcrypt_misc.h b/src/headers/tomcrypt_misc.h index ce81da8b0..7bd49d1af 100644 --- a/src/headers/tomcrypt_misc.h +++ b/src/headers/tomcrypt_misc.h @@ -160,12 +160,12 @@ int padding_depad(const unsigned char *data, unsigned long *length, unsigned lon #endif /* LTC_PADDING */ #ifdef LTC_PEM -int pem_decode_pkcs_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx); -int pem_decode_pkcs(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx); +int pem_decode_pkcs_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx); +int pem_decode_pkcs(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx); #ifdef LTC_SSH -int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx); -int pem_decode_openssh(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx); +int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx); +int pem_decode_openssh(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx); #endif #endif /* LTC_PEM */ diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 9f99feb7a..74c21f4e4 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -306,13 +306,6 @@ struct pem_headers { struct password *pw; }; -extern const struct pem_header_id pem_std_headers[]; -extern const unsigned long pem_std_headers_num; -extern const struct str pem_proc_type_encrypted; -extern const struct str pem_dek_info_start; -extern const struct dek_info_from_str pem_dek_infos[]; -extern const unsigned long pem_dek_infos_num; - struct bufp { /* `end` points to one byte after the last * element of the allocated buffer @@ -325,7 +318,9 @@ struct bufp { struct get_char { int (*get)(struct get_char*); union { +#ifndef LTC_NO_FILE FILE *f; +#endif /* LTC_NO_FILE */ struct bufp buf; }; struct str unget_buf; @@ -342,7 +337,9 @@ int pbes_decrypt(const pbes_arg *arg, unsigned char *dec_data, unsigned long *d int pbes1_extract(const ltc_asn1_list *s, pbes_arg *res); int pbes2_extract(const ltc_asn1_list *s, pbes_arg *res); +#ifndef LTC_NO_FILE int pem_get_char_from_file(struct get_char *g); +#endif /* LTC_NO_FILE */ int pem_get_char_from_buf(struct get_char *g); int pem_read(void *pem, unsigned long *w, struct pem_headers *hdr, struct get_char *g); diff --git a/src/misc/error_to_string.c b/src/misc/error_to_string.c index 5afac844a..8e43d702d 100644 --- a/src/misc/error_to_string.c +++ b/src/misc/error_to_string.c @@ -51,6 +51,8 @@ static const char * const err_2_str[] = "Invalid padding.", "Hash applied to too many bits.", + + "Password context to decrypt key file is missing.", }; /** diff --git a/src/misc/pem/pem_pkcs.c b/src/misc/pem/pem_pkcs.c index 3c6522fad..1dfaa7c92 100644 --- a/src/misc/pem/pem_pkcs.c +++ b/src/misc/pem/pem_pkcs.c @@ -9,6 +9,9 @@ #ifdef LTC_PEM +extern const struct pem_header_id pem_std_headers[]; +extern const unsigned long pem_std_headers_num; + static int s_decrypt_pem(unsigned char *pem, unsigned long *l, const struct pem_headers *hdr) { unsigned char iv[MAXBLOCKSIZE], key[MAXBLOCKSIZE]; @@ -58,7 +61,7 @@ typedef struct { pkcs8_import fn; } p8_import_st; -static int s_decode(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) +static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_ctx) { unsigned char *pem = NULL; unsigned long w, l, n; @@ -66,6 +69,7 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) struct pem_headers hdr = { 0 }; struct password pw; ltc_asn1_list *p8_asn1 = NULL; + XMEMSET(k, 0, sizeof(*k)); w = LTC_PEM_READ_BUFSIZE * 2; retry: pem = XREALLOC(pem, w); @@ -132,8 +136,10 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) } goto cleanup; } else if (hdr.encrypted) { - LTC_ARGCHK(pw_ctx != NULL); - LTC_ARGCHK(pw_ctx->callback != NULL); + if ((pw_ctx == NULL) || (pw_ctx->callback == NULL)) { + err = CRYPT_PW_CTX_MISSING; + goto cleanup; + } hdr.pw = &pw; if (pw_ctx->callback(&hdr.pw->pw, &hdr.pw->l, pw_ctx->userdata)) { @@ -181,7 +187,8 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) return err; } -int pem_decode_pkcs_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx) +#ifndef LTC_NO_FILE +int pem_decode_pkcs_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx) { LTC_ARGCHK(f != NULL); LTC_ARGCHK(k != NULL); @@ -190,10 +197,12 @@ int pem_decode_pkcs_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx) return s_decode(&g, k, pw_ctx); } } +#endif /* LTC_NO_FILE */ -int pem_decode_pkcs(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx) +int pem_decode_pkcs(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx) { LTC_ARGCHK(buf != NULL); + LTC_ARGCHK(len != 0); LTC_ARGCHK(k != NULL); { struct get_char g = { .get = pem_get_char_from_buf, SET_BUFP(.buf, buf, len) }; diff --git a/src/misc/pem/pem_read.c b/src/misc/pem/pem_read.c index a8183c245..cbad827ce 100644 --- a/src/misc/pem/pem_read.c +++ b/src/misc/pem/pem_read.c @@ -9,10 +9,17 @@ #ifdef LTC_PEM +extern const struct str pem_proc_type_encrypted; +extern const struct str pem_dek_info_start; +extern const struct dek_info_from_str pem_dek_infos[]; +extern const unsigned long pem_dek_infos_num; + +#ifndef LTC_NO_FILE int pem_get_char_from_file(struct get_char *g) { return getc(g->f); } +#endif /* LTC_NO_FILE */ int pem_get_char_from_buf(struct get_char *g) { diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c index 6c74585a1..6330f4c38 100644 --- a/src/misc/pem/pem_ssh.c +++ b/src/misc/pem/pem_ssh.c @@ -344,13 +344,14 @@ static const struct pem_header_id pem_openssh = .has_more_headers = 0 }; -static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) +static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_ctx) { unsigned char *pem = NULL, *p, *privkey = NULL; unsigned long w, l, privkey_len; int err; struct pem_headers hdr = { .id = &pem_openssh }; struct kdf_options opts = { 0 }; + XMEMSET(k, 0, sizeof(*k)); w = LTC_PEM_READ_BUFSIZE * 2; retry: pem = XREALLOC(pem, w); @@ -378,9 +379,8 @@ static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, password_ctx *pw } if (XSTRCMP(opts.name, "none") != 0) { - /* hard-coded pass for demo keys */ - if (!pw_ctx || !pw_ctx->callback) { - err = CRYPT_INVALID_ARG; + if ((pw_ctx == NULL) || (pw_ctx->callback == NULL)) { + err = CRYPT_PW_CTX_MISSING; goto cleanup; } if (pw_ctx->callback(&opts.pw.pw, &opts.pw.l, pw_ctx->userdata)) { @@ -411,16 +411,27 @@ static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, password_ctx *pw return err; } -int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx) +#ifndef LTC_NO_FILE +int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx) { - struct get_char g = { .get = pem_get_char_from_file, .f = f }; - return s_decode_openssh(&g, k, pw_ctx); + LTC_ARGCHK(f != NULL); + LTC_ARGCHK(k != NULL); + { + struct get_char g = { .get = pem_get_char_from_file, .f = f }; + return s_decode_openssh(&g, k, pw_ctx); + } } +#endif /* LTC_NO_FILE */ -int pem_decode_openssh(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx) +int pem_decode_openssh(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx) { - struct get_char g = { .get = pem_get_char_from_buf, SET_BUFP(.buf, buf, len) }; - return s_decode_openssh(&g, k, pw_ctx); + LTC_ARGCHK(buf != NULL); + LTC_ARGCHK(len != 0); + LTC_ARGCHK(k != NULL); + { + struct get_char g = { .get = pem_get_char_from_buf, SET_BUFP(.buf, buf, len) }; + return s_decode_openssh(&g, k, pw_ctx); + } } #endif /* defined(LTC_PEM) && defined(LTC_SSH) */ diff --git a/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c b/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c index c8b4e11f9..0256e7755 100644 --- a/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c +++ b/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c @@ -48,8 +48,10 @@ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, LTC_ASN1_IS_TYPE(l->child->next, LTC_ASN1_OCTET_STRING)) { ltc_asn1_list *lalgoid = l->child->child; - LTC_ARGCHK(pw_ctx != NULL); - LTC_ARGCHK(pw_ctx->callback != NULL); + if ((pw_ctx == NULL) || (pw_ctx->callback == NULL)) { + err = CRYPT_PW_CTX_MISSING; + goto LBL_DONE; + } if (pbes1_extract(lalgoid, &pbes) == CRYPT_OK) { /* Successfully extracted PBES1 parameters */ diff --git a/src/pk/rsa/rsa_key.c b/src/pk/rsa/rsa_key.c index 2d0712f23..425684fa0 100644 --- a/src/pk/rsa/rsa_key.c +++ b/src/pk/rsa/rsa_key.c @@ -81,7 +81,7 @@ void rsa_shrink_key(rsa_key *key) /** Init an RSA key - @param key The RSA key to free + @param key The RSA key to initialize @return CRYPT_OK if successful */ int rsa_init(rsa_key *key) From 88e1db933c3e5cb37ac32b9d480b95ffbc3b9348 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 4 Aug 2022 18:14:57 +0200 Subject: [PATCH 25/33] introduce `pka_key_free()` Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_pk.h | 1 + src/pk/pka_key_free.c | 32 +++++++++++++++++++++++++++++++ tests/pem_test.c | 40 ++++++--------------------------------- 3 files changed, 39 insertions(+), 34 deletions(-) create mode 100644 src/pk/pka_key_free.c diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 3cf0475e8..e4aa21aca 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -526,6 +526,7 @@ typedef struct { enum ltc_pka_id id; } ltc_pka_key; +void pka_key_free(ltc_pka_key *key); #ifdef LTC_DER /* DER handling */ diff --git a/src/pk/pka_key_free.c b/src/pk/pka_key_free.c new file mode 100644 index 000000000..479a933dd --- /dev/null +++ b/src/pk/pka_key_free.c @@ -0,0 +1,32 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + +void pka_key_free(ltc_pka_key *key) +{ + LTC_ARGCHKVD(key != NULL); + switch (key->id) { + case LTC_PKA_DH: +#if defined(LTC_MDH) + dh_free(&key->u.dh); +#endif + break; + case LTC_PKA_DSA: +#if defined(LTC_MDSA) + dsa_free(&key->u.dsa); +#endif + break; + case LTC_PKA_RSA: +#if defined(LTC_MRSA) + rsa_free(&key->u.rsa); +#endif + break; + case LTC_PKA_EC: +#if defined(LTC_MECC) + ecc_free(&key->u.ecc); +#endif + break; + default: + break; + } +} diff --git a/tests/pem_test.c b/tests/pem_test.c index 85bca1f0e..255f0fce3 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -95,34 +95,6 @@ static int s_pem_decode_f(FILE *f, void *key) return s_key_cmp(key); } -static void s_pem_free_key(ltc_pka_key *key) -{ - switch (key->id) { - case LTC_PKA_DH: -#if defined(LTC_MDH) - dh_free(&key->u.dh); -#endif - break; - case LTC_PKA_DSA: -#if defined(LTC_MDSA) - dsa_free(&key->u.dsa); -#endif - break; - case LTC_PKA_RSA: -#if defined(LTC_MRSA) - rsa_free(&key->u.rsa); -#endif - break; - case LTC_PKA_EC: -#if defined(LTC_MECC) - ecc_free(&key->u.ecc); -#endif - break; - default: - break; - } -} - int pem_test(void) { ltc_pka_key key; @@ -140,13 +112,13 @@ int pem_test(void) #endif - DO(test_process_dir("tests/pem", &key, s_pem_decode, NULL, (dir_cleanup_cb)s_pem_free_key, "pem_test")); - DO(test_process_dir("tests/pem", &key, NULL, s_pem_decode_f, (dir_cleanup_cb)s_pem_free_key, "pem_test_filehandle")); - DO(test_process_dir("tests/pem-ecc-pkcs8", &key, s_pem_decode, NULL, (dir_cleanup_cb)s_pem_free_key, "pem_test+ecc")); - DO(test_process_dir("tests/pem-ecc-pkcs8", &key, NULL, s_pem_decode_f, (dir_cleanup_cb)s_pem_free_key, "pem_test_filehandle+ecc")); + DO(test_process_dir("tests/pem", &key, s_pem_decode, NULL, (dir_cleanup_cb)pka_key_free, "pem_test")); + DO(test_process_dir("tests/pem", &key, NULL, s_pem_decode_f, (dir_cleanup_cb)pka_key_free, "pem_test_filehandle")); + DO(test_process_dir("tests/pem-ecc-pkcs8", &key, s_pem_decode, NULL, (dir_cleanup_cb)pka_key_free, "pem_test+ecc")); + DO(test_process_dir("tests/pem-ecc-pkcs8", &key, NULL, s_pem_decode_f, (dir_cleanup_cb)pka_key_free, "pem_test_filehandle+ecc")); #ifdef LTC_SSH - DO(test_process_dir("tests/ssh", &key, s_pem_decode_ssh, NULL, (dir_cleanup_cb)s_pem_free_key, "pem_test+ssh")); - DO(test_process_dir("tests/ssh", &key, NULL, s_pem_decode_ssh_f, (dir_cleanup_cb)s_pem_free_key, "pem_test_filehandle+ssh")); + DO(test_process_dir("tests/ssh", &key, s_pem_decode_ssh, NULL, (dir_cleanup_cb)pka_key_free, "pem_test+ssh")); + DO(test_process_dir("tests/ssh", &key, NULL, s_pem_decode_ssh_f, (dir_cleanup_cb)pka_key_free, "pem_test_filehandle+ssh")); #endif #if defined(LTC_MDSA) From 67c90652d9e930266c0bf9400b17054683eced24 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 4 Aug 2022 14:27:21 +0200 Subject: [PATCH 26/33] Update docs Signed-off-by: Steffen Jaeckel --- doc/crypt.tex | 346 ++++++++++++++++++++++++++++++++++---- src/headers/tomcrypt_pk.h | 19 ++- 2 files changed, 330 insertions(+), 35 deletions(-) diff --git a/doc/crypt.tex b/doc/crypt.tex index 87804cc60..540ba051e 100644 --- a/doc/crypt.tex +++ b/doc/crypt.tex @@ -4359,7 +4359,7 @@ \subsection{RSA Key Generation} \index{rsa\_free()} Note: the \textit{rsa\_make\_key()} and \textit{rsa\_make\_key\_ubin\_e()} functions allocates memory at run--time when you make the key. -Make sure to call \textit{rsa\_free()} (see below) when you are finished with the key. If \textit{rsa\_make\_key()} or \textit{rsa\_make\_key\_ubin\_e()} +Make sure to call \textit{rsa\_free()} (see below) when you are finished with the key. If \textit{rsa\_make\_key()} or \textit{rsa\_make\_key\_ubin\_e()} fails it will automatically free the memory allocated. \index{PK\_PRIVATE} \index{PK\_PUBLIC} @@ -4742,16 +4742,15 @@ \subsubsection{Import from standard formats} \index{rsa\_import\_pkcs8()} \begin{verbatim} int rsa_import_pkcs8(const unsigned char *in, - unsigned long inlen, - const void *passwd, - unsigned long passwdlen, - rsa_key *key); + unsigned long inlen, + const password_ctx *pw_ctx, + rsa_key *key); \end{verbatim} This function can import RSA private keys serialized in PKCS\#8 format. Where \textit{key} is the RSA key structure (uninitialized), \textit{inlen} bytes of \textit{in} buffer is the DER encoded key, -and \textit{pwdlen} bytes of \textit{pwd} is optional password/secret (use \textit{pwd = NULL} for keys without password protection). +and \textit{pw\_ctx} optionally points to a password-retrieval context, c.f. Ch. \ref{password-retrieval} for details. For password-protected files all supported encryption algorithms are listed in \ref{fig:pkcs8}. @@ -5054,6 +5053,7 @@ \chapter{Elliptic Curve Cryptography - $GF(p)$} analogy for digital signatures (also known as \textit{ECDSA}). \mysection{Supported Curves} +\label{supported-curvers} The following table \ref{fig:builtincurves} shows all built--in curves supported by the library. On top of that one can also use a custom curve defined by own parameters (the only limitation is that the curve must be based on equation \ref{ecc-gf-p-equation}). @@ -5423,14 +5423,13 @@ \subsection{Private Key Import -- PKCS\#8} \index{ecc\_import\_pkcs8()} \begin{verbatim} int ecc_import_pkcs8(const unsigned char *in, - unsigned long inlen, - const void *pwd, - unsigned long pwdlen, + unsigned long inlen, + const password_ctx *pw_ctx, ecc_key *key); \end{verbatim} Where \textit{key} is the ECC key structure (uninitialized), \textit{inlen} bytes of \textit{in} buffer is the DER encoded key, -and \textit{pwdlen} bytes of \textit{pwd} is optional password/secret (use \textit{pwd = NULL} for keys without password protection). +and \textit{pw\_ctx} optionally points to a password-retrieval context, c.f. Ch. \ref{password-retrieval} for details. For password-protected files all supported encryption algorithms are listed in \ref{fig:pkcs8}. @@ -5776,36 +5775,46 @@ \subsection{X25519 Key Operations} \index{x25519\_make\_key} \begin{verbatim} -int x25519_make_key(prng_state *prng, int wprng, curve25519_key *key); +int x25519_make_key( prng_state *prng, + int wprng, + curve25519_key *key); \end{verbatim} To generate a fresh X25529 key, one can use \textit{x25519\_make\_key} which will create a private\&public key-pair. \index{x25519\_import} \begin{verbatim} -int x25519_import(const unsigned char *in, unsigned long inlen, curve25519_key *key); +int x25519_import(const unsigned char *in, + unsigned long inlen, + curve25519_key *key); \end{verbatim} The \textit{x25519\_import} function can be used to import a public key in DER-encoded \textit{SubjectPublicKeyInfo} format. \index{x25519\_import\_raw} \begin{verbatim} -int x25519_import_raw(const unsigned char *in, unsigned long inlen, int which, curve25519_key *key); +int x25519_import_raw(const unsigned char *in, + unsigned long inlen, + int which, + curve25519_key *key); \end{verbatim} To import a public or private key in raw format, one can use the function \textit{x25519\_import\_raw}. \index{x25519\_import\_x509} \begin{verbatim} -int x25519_import_x509(const unsigned char *in, unsigned long inlen, curve25519_key *key); +int x25519_import_x509(const unsigned char *in, + unsigned long inlen, + curve25519_key *key); \end{verbatim} To import a public key from a DER-encoded \textit{X.509} certificate, one can use the function \textit{x25519\_import\_x509}. \index{x25519\_import\_pkcs8} \begin{verbatim} -int x25519_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, - curve25519_key *key); +int x25519_import_pkcs8(const unsigned char *in, + unsigned long inlen, + const password_ctx *pw_ctx, + curve25519_key *key); \end{verbatim} To import a private key in the \textit{OneAsymmetricKey} a.k.a \textit{PKCS \#8} format, either plain or PBES encrypted, @@ -5813,7 +5822,8 @@ \subsection{X25519 Key Operations} \index{x25519\_export} \begin{verbatim} -int x25519_export( unsigned char *out, unsigned long *outlen, +int x25519_export( unsigned char *out, + unsigned long *outlen, int which, const curve25519_key *key); \end{verbatim} @@ -5844,7 +5854,8 @@ \subsection{X25519 Cryptographic Operations} \begin{verbatim} int x25519_shared_secret(const curve25519_key *private_key, const curve25519_key *public_key, - unsigned char *out, unsigned long *outlen); + unsigned char *out, + unsigned long *outlen); \end{verbatim} This will construct the shared secret between the private- and the public-key and store the result in \textit{out} of length \textit{outlen}. @@ -5859,37 +5870,47 @@ \subsection{EdDSA Key Operations} \index{ed25519\_make\_key} \begin{verbatim} -int ed25519_make_key(prng_state *prng, int wprng, curve25519_key *key); +int ed25519_make_key( prng_state *prng, + int wprng, + curve25519_key *key); \end{verbatim} To generate a fresh Ed25529 key, one can use \textit{ed25519\_make\_key} which will create a private\&public key-pair. \index{ed25519\_import} \begin{verbatim} -int ed25519_import(const unsigned char *in, unsigned long inlen, curve25519_key *key); +int ed25519_import(const unsigned char *in, + unsigned long inlen, + curve25519_key *key); \end{verbatim} The \textit{ed25519\_import} function can be used to import a public key in DER-encoded \textit{SubjectPublicKeyInfo} format. \index{ed25519\_import\_raw} \begin{verbatim} -int ed25519_import_raw(const unsigned char *in, unsigned long inlen, int which, curve25519_key *key); +int ed25519_import_raw(const unsigned char *in, + unsigned long inlen, + int which, + curve25519_key *key); \end{verbatim} To import a public or private key in raw format, one can use the function \textit{ed25519\_import\_raw}. \index{ed25519\_import\_x509} \begin{verbatim} -int ed25519_import_x509(const unsigned char *in, unsigned long inlen, curve25519_key *key); +int ed25519_import_x509(const unsigned char *in, + unsigned long inlen, + curve25519_key *key); \end{verbatim} To import a public key from a DER-encoded \textit{X.509} certificate, one can use the function \textit{ed25519\_import\_x509}. \index{ed25519\_import\_pkcs8} \begin{verbatim} -int ed25519_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, - curve25519_key *key); +int ed25519_import_pkcs8(const unsigned char *in, + unsigned long inlen, + const password_ctx *pw_ctx, + curve25519_key *key); \end{verbatim} To import a private key in the \textit{OneAsymmetricKey} a.k.a \textit{PKCS \#8} format, either plain or PBES encrypted, @@ -5897,7 +5918,8 @@ \subsection{EdDSA Key Operations} \index{ed25519\_export} \begin{verbatim} -int ed25519_export( unsigned char *out, unsigned long *outlen, +int ed25519_export( unsigned char *out, + unsigned long *outlen, int which, const curve25519_key *key); \end{verbatim} @@ -7142,6 +7164,7 @@ \subsubsection{Algorithm Two} \subsection{bcrypt} \index{bcrypt} +\label{bcrypt} bcrypt is a password hashing function, similar to PKCS \#5, but it is based on the blowfish symmetric cipher. It is widely used in e.g. OpenBSD as default password hash algorithm, or in encrypted OpenSSH key files. @@ -7163,15 +7186,16 @@ \subsection{bcrypt} The \textit{secret} parameter is the secret of length \textit{secret\_len} (most of the time a utf-8 encoded user password). The \textit{salt} parameter is a pointer to the array of octets of length \textit{salt\_len} containing the salt. The \textit{rounds} parameter defines the number of iterations of the expensive key setup that shall be executed. -The \textit{hash\_idx} parameter defines the hash algorithm that shall be used. +The \textit{hash\_idx} parameter defines the hash algorithm that shall be used. The \textit{out} parameter shall be a pointer to a buffer of at least 32 octets, where \textit{outlen} contains the available buffer size on input and the written size after the invocation. \mysection{PKCS \#8} \index{PKCS \#8} +\label{pkcs8} -The library has built-in support for PKCS \#8 decoding as specified in RFC 5208. +The library has built-in support for PKCS \#8 decoding as specified in \href{https://datatracker.ietf.org/doc/html/rfc5208}{\texttt{RFC 5208}}. Encoding of private keys into PKCS \#8 is not supported. @@ -7201,8 +7225,8 @@ \subsection{bcrypt} \label{fig:pkcs8} \end{table} -The PKCS \#8 import has no direct API endpoints, but it is available through Public Key Algorithm-specific -\textit{pkaX\_import\_pkcs8()} functions. +The PKCS \#8 import has no direct API endpoints, but it is available either through Public Key Algorithm-specific +\textit{pkaX\_import\_pkcs8()} functions or the PEM decoding API (c.f. Ch. \ref{pem-files}). \mysection{Key Derviation Functions} @@ -7327,8 +7351,8 @@ \subsection{De- and Encoding with Multiple Argument Lists} int ssh_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...); \end{verbatim} -Where \texttt{out} points to the destination buffer and \texttt{outlen} points -on function invocation to the length of the destination buffer +Where \texttt{out} points to the destination buffer and \texttt{outlen} points +on function invocation to the length of the destination buffer and after returning it will be filled with the number of octets written to the buffer. The encoding function \texttt{ssh\_encode\_sequence\_multi()} expects its items to be a pair of \texttt{(type, data)}, @@ -7340,7 +7364,7 @@ \subsection{De- and Encoding with Multiple Argument Lists} int ssh_decode_sequence_multi(const unsigned char *in, unsigned long *inlen, ...); \end{verbatim} -Where \texttt{in} points to the buffer with the sequence to decode and \texttt{inlen} points +Where \texttt{in} points to the buffer with the sequence to decode and \texttt{inlen} points on function invocation to the length of the sequence and after returning it will be filled with the decoded number of octets. @@ -7348,6 +7372,166 @@ \subsection{De- and Encoding with Multiple Argument Lists} except for the \texttt{string} resp. \texttt{name-list} type, which expects the triple \texttt{(type, data, size*)} with \texttt{size*} being of type \texttt{unsigned long*}. + + + +\mysection{PEM Files} +\label{pem-files} +\subsection{Introduction} +LibTomCrypt supports reading of asymmetric cryptography private keys out of +PEM files in multiple formats. + +The library provides support for: +\begin{itemize} + \item OpenSSH - encrypted and plain files (if SSH support is enabled). + \item PEM - encrypted and plain files. + \item PKCS \#8 - encrypted and plain files. +\end{itemize} + +There is no support for PKCS \#12 containers/PFX files implemented. + +\subsection{The PKA Union} + +To be able to return all the potential public key algorithms via a central API, +a tagged union \texttt{ltc\_pka\_key} is used. + +\begin{verbatim} +enum ltc_pka_id { + LTC_PKA_UNDEF = 0, + LTC_PKA_RSA, + LTC_PKA_DSA, + LTC_PKA_EC, + LTC_PKA_CURVE25519, + LTC_PKA_DH, +}; + +typedef struct { + union { +#ifdef LTC_CURVE25519 + curve25519_key curve25519; +#endif +#ifdef LTC_MDH + dh_key dh; +#endif +#ifdef LTC_MDSA + dsa_key dsa; +#endif +#ifdef LTC_MECC + ecc_key ecc; +#endif +#ifdef LTC_MRSA + rsa_key rsa; +#endif + } u; + enum ltc_pka_id id; +} ltc_pka_key; +\end{verbatim} + +To free such a union the following API function is provided: + +\begin{verbatim} +void pka_key_free(ltc_pka_key *key); +\end{verbatim} + +\subsection{PKCS PEM files} + +The library supports the following types of PKCS PEM files: + +\begin{itemize} +\item PKCS \#8 private keys, c.f. Ch. \ref{pkcs8} for details. +\item PEM formatted private keys according to +\href{https://datatracker.ietf.org/doc/html/rfc1421}{\texttt{RFC 1421}}/ +\href{https://datatracker.ietf.org/doc/html/rfc1422}{\texttt{RFC 1422}}/ +\href{https://datatracker.ietf.org/doc/html/rfc1423}{\texttt{RFC 1423}}. +\end{itemize} + +The identifiers in the PEM headers recognized are as follows: + +\begin{table}[H] +\begin{center} +\begin{small} +\begin{tabular}{|l|l|l|l|} +\hline \textbf{Identifier} & \textbf{Encrypted} & \textbf{Standard} & \textbf{Type} \\ +\hline \texttt{BEGIN ENCRYPTED PRIVATE KEY} & Yes & \texttt{PKCS \#8} & DSA, ECC, Ed25519, RSA, X25519 \\ +\hline \texttt{BEGIN PRIVATE KEY} & No & \texttt{PKCS \#8} & DSA, ECC, Ed25519, RSA, X25519 \\ +\hline \texttt{BEGIN DSA PRIVATE KEY} & Maybe & \texttt{PKCS \#1} & DSA \\ +\hline \texttt{BEGIN EC PRIVATE KEY} & Maybe & \texttt{RFC 5915} & ECC \\ +\hline \texttt{BEGIN RSA PRIVATE KEY} & Maybe & \texttt{PKCS \#1} & RSA \\ +\hline +\end{tabular} +\end{small} +\end{center} +\caption{List of supported PKCS private key types} +\label{supported-pkcs-private-key-types} +\end{table} + +When dealing with PEM formatted private keys the following encryption algorithms are supported: + +\begin{table}[H] +\begin{center} +\begin{small} +\begin{tabular}{|l|l|l|l|} +\hline \textbf{Identifier} & \textbf{Cipher} & \textbf{Key size in bits} & \textbf{Mode} \\ +\hline \texttt{AES-128-CBC} & AES & 128 & CBC \\ +\hline \texttt{AES-192-CBC} & AES & 192 & CBC \\ +\hline \texttt{AES-256-CBC} & AES & 256 & CBC \\ +\hline \texttt{CAMELLIA-128-CBC} & Camellia & 128 & CBC \\ +\hline \texttt{CAMELLIA-192-CBC} & Camellia & 192 & CBC \\ +\hline \texttt{CAMELLIA-256-CBC} & Camellia & 256 & CBC \\ +\hline \texttt{DES-EDE3-CBC} & 3DES (EDE) & 192 & CBC \\ +\hline \texttt{DES-CBC} & DES & 64 & CBC \\ +\hline +\end{tabular} +\end{small} +\end{center} +\caption{List of supported PEM DEK algorithms} +\label{supported-pem-dek-algorithms} +\end{table} + +The API functions provided to decode a PEM file into the \texttt{ltc\_pka\_key} union are: + +\begin{verbatim} +int pem_decode_pkcs_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx); +int pem_decode_pkcs(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx); +\end{verbatim} + +\subsection{OpenSSH PEM files} + +OpenSSH PEM files can contain private keys of the following types: + +\begin{table}[H] +\begin{center} +\begin{small} +\begin{tabular}{|l|l|} +\hline \textbf{Identifier} & \textbf{Type} \\ +\hline \texttt{ecdsa-sha2-*} & ECC keys \\ +\hline \texttt{ssh-ed25519} & Curve25519 \\ +\hline \texttt{ssh-rsa} & RSA \\ +\hline +\end{tabular} +\end{small} +\end{center} +\caption{List of supported OpenSSH private key types} +\label{supported-openssh-private-key-types} +\end{table} + +C.f. \href{https://datatracker.ietf.org/doc/html/rfc5656}{\texttt{RFC 5656}} for details on ECC keys +in OpenSSH. LibTomCrypt should be able to handle all the ECC curves supported by the library, +c.f. Ch. \ref{supported-curvers} for details. + +OpenSSH PEM files can either not be encrypted, or the encryption is done via \texttt{aes256-cbc} +and key derivation via \texttt{bcrypt}, c.f. Ch. \ref{bcrypt}. + +The API functions provided to decode an OpenSSH PEM file into the \texttt{ltc\_pka\_key} union are: + +\begin{verbatim} +int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx); +int pem_decode_openssh(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx); +\end{verbatim} + + + + \chapter{Miscellaneous} \mysection{Base64 Encoding and Decoding} The library provides functions to encode and decode a RFC 4648 Base64 coding scheme. @@ -7571,6 +7755,100 @@ \subsection{Depadding} \textit{length} is a pointer that should contain the length of the padded data and will be updated to contain the length of the data after depadding. +\mysection{Password retrieval} +\label{password-retrieval} + +The following struct is used in various parts of the library that deals with user-passwords. + +\begin{verbatim} +typedef struct { + /** + Callback function that is called when a password is required. + + @param str Pointer to pointer where the password will be stored. + @param len Pointer to the length of the password. + @param userdata `userdata` that was passed in the `password_ctx` struct. + @return CRYPT_OK on success + */ + int (*callback)(void **str, unsigned long *len, void *userdata); + /** Opaque `userdata` pointer passed when the callback is called */ + void *userdata; +} password_ctx; +\end{verbatim} + +Always when this struct is used as input argument to an API function it can be treated as optional. +The library will return the error \texttt{CRYPT\_PW\_CTX\_MISSING} in case a user-password is expected +to be provided but this context is not given (passed a \textit{NULL} pointer instead) or +the \textit{callback} pointer inside is \textit{NULL}. + +The \textit{str} pointer is declared as a \textit{void} pointer, since passwords are not necessarily +always representable as a NUL-terminated C string. Therefor the user also has to provide the length of the +password via \textit{len}. + +In order to prevent arbitrary limitations of the length of a password, the user is responsible for the +dynamic allocation of the buffer that holds the password. The library takes ownership of said buffer +and will zeroize it and call \texttt{XFREE} on it as soon as it doesn't require it anymore. + +An example usage is as follows: + +\begin{small} +\begin{verbatim} +#include +#include + +static const char *pka_algos[] = { + "Undefined", + "RSA", + "DSA", + "ECC", + "Curve25519", + "DH", +}; + +static int password_get(void **p, unsigned long *l, void *u) +{ + char *pass; + (void)u; + /* In reality you should never use `getpass`. + * 1. it's insecure, 2. it's obsolete + */ + pass = getpass("Please enter password: "); + if (!pass) + return -1; + *p = strdup(pass); + *l = strlen(*p); + zeromem(pass, *l); + return 0; +} + +int main(int argc, char **argv) +{ + FILE *pem; + ltc_pka_key key; + password_ctx pw_ctx = { .callback = password_get }; + if (argc < 2) + return EXIT_FAILURE; + pem = fopen(argv[1], "rb"); + if (!pem) + return EXIT_FAILURE; + + if (register_all_ciphers() != CRYPT_OK) + return EXIT_FAILURE; + if (register_all_hashes() != CRYPT_OK) + return EXIT_FAILURE; + if (crypt_mp_init("ltm") != CRYPT_OK) + return EXIT_FAILURE; + if (pem_decode_pkcs_filehandle(pem, &key, &pw_ctx) != CRYPT_OK) + return EXIT_FAILURE; + if (key.id < sizeof(pka_algos)/sizeof(pka_algos[0])) + printf("key type: %s\n", pka_algos[key.id]); + pka_key_free(&key); + return EXIT_SUCCESS; +} + +\end{verbatim} +\end{small} + \mysection{Primality Testing} \index{Primality Testing} The library includes primality testing and random prime functions as well. The primality tester will perform the test in diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index e4aa21aca..b80fe6fe1 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -2,7 +2,21 @@ /* SPDX-License-Identifier: Unlicense */ typedef struct { - int (*callback)(void **, unsigned long *, void *); + /** + Callback function that is called when a password is required. + + Please be aware that the library takes ownership of the pointer that is + returned to the library via `str`. + `str` shall be allocated via the same function as `XMALLOC` points to. + The data will be zeroed and `XFREE`'d as soon as it isn't required anymore. + + @param str Pointer to pointer where the password will be stored. + @param len Pointer to the length of the password. + @param userdata `userdata` that was passed in the `password_ctx` struct. + @return CRYPT_OK on success + */ + int (*callback)(void **str, unsigned long *len, void *userdata); + /** Opaque `userdata` pointer passed when the callback is called */ void *userdata; } password_ctx; @@ -495,6 +509,9 @@ int dsa_shared_secret(void *private_key, void *base, unsigned char *out, unsigned long *outlen); #endif /* LTC_MDSA */ +/* + * LibTomCrypt Public Key Algorithm descriptor + */ enum ltc_pka_id { LTC_PKA_UNDEF = 0, From bdb07519012af21d78c8d42920ae8ee9bc8e5384 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Fri, 5 Aug 2022 19:16:37 +0200 Subject: [PATCH 27/33] distinguish between Ed25519 and X25519 Signed-off-by: Steffen Jaeckel --- doc/crypt.tex | 6 ++-- src/headers/tomcrypt_pk.h | 30 ++++++++-------- src/headers/tomcrypt_private.h | 3 ++ src/misc/pem/pem_pkcs.c | 12 +++---- src/misc/pem/pem_ssh.c | 4 +-- src/pk/asn1/oid/pk_get.c | 52 +++++++++++++++++++++++---- src/pk/ec25519/ec25519_export.c | 8 +++-- src/pk/ec25519/ec25519_import_pkcs8.c | 2 +- src/pk/ed25519/ed25519_export.c | 2 +- src/pk/ed25519/ed25519_import.c | 2 +- src/pk/ed25519/ed25519_import_raw.c | 2 +- src/pk/ed25519/ed25519_import_x509.c | 2 +- src/pk/ed25519/ed25519_make_key.c | 2 +- src/pk/ed25519/ed25519_sign.c | 2 +- src/pk/ed25519/ed25519_verify.c | 2 +- src/pk/x25519/x25519_export.c | 2 +- src/pk/x25519/x25519_import.c | 2 +- src/pk/x25519/x25519_import_raw.c | 2 +- src/pk/x25519/x25519_import_x509.c | 2 +- src/pk/x25519/x25519_make_key.c | 2 +- src/pk/x25519/x25519_shared_secret.c | 5 +-- tests/pem_test.c | 3 +- 22 files changed, 98 insertions(+), 51 deletions(-) diff --git a/doc/crypt.tex b/doc/crypt.tex index 540ba051e..0a54f2411 100644 --- a/doc/crypt.tex +++ b/doc/crypt.tex @@ -7401,14 +7401,16 @@ \subsection{The PKA Union} LTC_PKA_RSA, LTC_PKA_DSA, LTC_PKA_EC, - LTC_PKA_CURVE25519, + LTC_PKA_X25519, + LTC_PKA_ED25519, LTC_PKA_DH, }; typedef struct { union { #ifdef LTC_CURVE25519 - curve25519_key curve25519; + curve25519_key x25519; + curve25519_key ed25519; #endif #ifdef LTC_MDH dh_key dh; diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index b80fe6fe1..b03bc0b90 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -22,6 +22,16 @@ typedef struct { /* ---- NUMBER THEORY ---- */ +enum ltc_pka_id { + LTC_PKA_UNDEF = 0, + LTC_PKA_RSA, + LTC_PKA_DSA, + LTC_PKA_EC, + LTC_PKA_X25519, + LTC_PKA_ED25519, + LTC_PKA_DH, +}; + enum public_key_type { /* Refers to the public key */ PK_PUBLIC = 0x0000, @@ -349,12 +359,8 @@ typedef struct { /** The key type, PK_PRIVATE or PK_PUBLIC */ enum public_key_type type; - /** The PK-algorithm, PKA_ED25519 or PKA_X25519 */ - /** This was supposed to be: - * enum public_key_algorithms algo; - * but that enum is now in tomcrypt_private.h - */ - int algo; + /** The PK-algorithm, LTC_PKA_ED25519 or LTC_PKA_X25519 */ + enum ltc_pka_id pka; /** The private key */ unsigned char priv[32]; @@ -513,19 +519,11 @@ int dsa_shared_secret(void *private_key, void *base, * LibTomCrypt Public Key Algorithm descriptor */ -enum ltc_pka_id { - LTC_PKA_UNDEF = 0, - LTC_PKA_RSA, - LTC_PKA_DSA, - LTC_PKA_EC, - LTC_PKA_CURVE25519, - LTC_PKA_DH, -}; - typedef struct { union { #ifdef LTC_CURVE25519 - curve25519_key curve25519; + curve25519_key x25519; + curve25519_key ed25519; #endif #ifdef LTC_MDH dh_key dh; diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 74c21f4e4..0e57b37c1 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -53,6 +53,7 @@ enum ltc_oid_id { LTC_OID_X25519, LTC_OID_ED25519, LTC_OID_DH, + LTC_OID_NUM }; /* @@ -349,6 +350,8 @@ int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng); int rand_bn_upto(void *N, void *limit, prng_state *prng, int wprng); int pk_get_oid(enum ltc_oid_id id, const char **st); +int pk_get_pka_id(enum ltc_oid_id id, enum ltc_pka_id *pka); +int pk_get_oid_id(enum ltc_pka_id pka, enum ltc_oid_id *oid); int pk_get_oid_from_asn1(const ltc_asn1_list *oid, enum ltc_oid_id *id); int pk_oid_str_to_num(const char *OID, unsigned long *oid, unsigned long *oidlen); int pk_oid_num_to_str(const unsigned long *oid, unsigned long oidlen, char *OID, unsigned long *outlen); diff --git a/src/misc/pem/pem_pkcs.c b/src/misc/pem/pem_pkcs.c index 1dfaa7c92..9b634bc78 100644 --- a/src/misc/pem/pem_pkcs.c +++ b/src/misc/pem/pem_pkcs.c @@ -122,13 +122,13 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_c break; #endif #ifdef LTC_CURVE25519 - case LTC_OID_ED25519: - err = ed25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.curve25519); - k->id = LTC_PKA_CURVE25519; - break; case LTC_OID_X25519: - err = x25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.curve25519); - k->id = LTC_PKA_CURVE25519; + err = x25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.x25519); + k->id = LTC_PKA_X25519; + break; + case LTC_OID_ED25519: + err = ed25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.ed25519); + k->id = LTC_PKA_ED25519; break; #endif default: diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c index 6330f4c38..6c49f4104 100644 --- a/src/misc/pem/pem_ssh.c +++ b/src/misc/pem/pem_ssh.c @@ -96,11 +96,11 @@ int ssh_decode_ed25519(const unsigned char *in, unsigned long *inlen, ltc_pka_ke goto cleanup; } - if ((err = ed25519_import_raw(&privkey[32], 32, PK_PRIVATE, &key->u.curve25519)) != CRYPT_OK) { + if ((err = ed25519_import_raw(&privkey[32], 32, PK_PRIVATE, &key->u.ed25519)) != CRYPT_OK) { goto cleanup; } - key->id = LTC_PKA_CURVE25519; + key->id = LTC_PKA_ED25519; cleanup: zeromem(pubkey, sizeof(pubkey)); diff --git a/src/pk/asn1/oid/pk_get.c b/src/pk/asn1/oid/pk_get.c index 4d00d3d69..48a8a9840 100644 --- a/src/pk/asn1/oid/pk_get.c +++ b/src/pk/asn1/oid/pk_get.c @@ -11,26 +11,64 @@ typedef struct { } oid_table_entry; static const oid_table_entry pka_oids[] = { + { LTC_OID_UNDEF, LTC_PKA_UNDEF, NULL }, { LTC_OID_RSA, LTC_PKA_RSA, "1.2.840.113549.1.1.1" }, { LTC_OID_DSA, LTC_PKA_DSA, "1.2.840.10040.4.1" }, { LTC_OID_EC, LTC_PKA_EC, "1.2.840.10045.2.1" }, { LTC_OID_EC_PRIMEF, LTC_PKA_EC, "1.2.840.10045.1.1" }, - { LTC_OID_X25519, LTC_PKA_CURVE25519, "1.3.101.110" }, - { LTC_OID_ED25519, LTC_PKA_CURVE25519, "1.3.101.112" }, + { LTC_OID_X25519, LTC_PKA_X25519, "1.3.101.110" }, + { LTC_OID_ED25519, LTC_PKA_ED25519, "1.3.101.112" }, { LTC_OID_DH, LTC_PKA_DH, "1.2.840.113549.1.3.1" }, }; +static LTC_INLINE const oid_table_entry* s_get_entry(enum ltc_oid_id id) +{ + if (id < LTC_OID_NUM) + return &pka_oids[id]; + return NULL; +} + /* Returns the OID requested. @return CRYPT_OK if valid */ int pk_get_oid(enum ltc_oid_id id, const char **st) { - unsigned int i; + const oid_table_entry* e = s_get_entry(id); LTC_ARGCHK(st != NULL); - for (i = 0; i < sizeof(pka_oids)/sizeof(pka_oids[0]); ++i) { - if (pka_oids[i].id == id) { - *st = pka_oids[i].oid; + if (e != NULL) { + *st = e->oid; + return CRYPT_OK; + } + return CRYPT_INVALID_ARG; +} + +/* + Returns the PKA ID requested. + @return CRYPT_OK if valid +*/ +int pk_get_pka_id(enum ltc_oid_id id, enum ltc_pka_id *pka) +{ + const oid_table_entry* e = s_get_entry(id); + LTC_ARGCHK(pka != NULL); + if (e != NULL) { + *pka = e->pka; + return CRYPT_OK; + } + return CRYPT_INVALID_ARG; +} + +/* + Returns the OID ID requested. + @return CRYPT_OK if valid +*/ +int pk_get_oid_id(enum ltc_pka_id pka, enum ltc_oid_id *oid) +{ + unsigned int i; + LTC_ARGCHK(oid != NULL); + for (i = 1; i < sizeof(pka_oids)/sizeof(pka_oids[0]); ++i) { + if (pka_oids[i].pka == pka) { + *oid = pka_oids[i].id; return CRYPT_OK; } } @@ -57,7 +95,7 @@ int pk_get_oid_from_asn1(const ltc_asn1_list *oid, enum ltc_oid_id *id) return err; } - for (i = 0; i < sizeof(pka_oids)/sizeof(pka_oids[0]); ++i) { + for (i = 1; i < sizeof(pka_oids)/sizeof(pka_oids[0]); ++i) { if (XSTRCMP(pka_oids[i].oid, tmp) == 0) { *id = pka_oids[i].id; return CRYPT_OK; diff --git a/src/pk/ec25519/ec25519_export.c b/src/pk/ec25519/ec25519_export.c index 42f4c4b5d..a6dba677b 100644 --- a/src/pk/ec25519/ec25519_export.c +++ b/src/pk/ec25519/ec25519_export.c @@ -25,6 +25,7 @@ int ec25519_export( unsigned char *out, unsigned long *outlen, const char* OID; unsigned long oid[16], oidlen; ltc_asn1_list alg_id[1]; + enum ltc_oid_id oid_id; unsigned char private_key[34]; unsigned long version, private_key_len = sizeof(private_key); @@ -34,12 +35,15 @@ int ec25519_export( unsigned char *out, unsigned long *outlen, std = which & PK_STD; which &= ~PK_STD; + if ((err = pk_get_oid_id(key->pka, &oid_id)) != CRYPT_OK) { + return err; + } if (which == PK_PRIVATE) { if(key->type != PK_PRIVATE) return CRYPT_PK_INVALID_TYPE; if (std == PK_STD) { - if ((err = pk_get_oid(key->algo, &OID)) != CRYPT_OK) { + if ((err = pk_get_oid(oid_id, &OID)) != CRYPT_OK) { return err; } oidlen = sizeof(oid)/sizeof(oid[0]); @@ -72,7 +76,7 @@ int ec25519_export( unsigned char *out, unsigned long *outlen, } else { if (std == PK_STD) { /* encode public key as SubjectPublicKeyInfo */ - err = x509_encode_subject_public_key_info(out, outlen, key->algo, key->pub, 32uL, LTC_ASN1_EOL, NULL, 0); + err = x509_encode_subject_public_key_info(out, outlen, oid_id, key->pub, 32uL, LTC_ASN1_EOL, NULL, 0); } else { if (*outlen < sizeof(key->pub)) { err = CRYPT_BUFFER_OVERFLOW; diff --git a/src/pk/ec25519/ec25519_import_pkcs8.c b/src/pk/ec25519/ec25519_import_pkcs8.c index fa417bc90..4a7f9fb9f 100644 --- a/src/pk/ec25519/ec25519_import_pkcs8.c +++ b/src/pk/ec25519/ec25519_import_pkcs8.c @@ -39,7 +39,7 @@ int ec25519_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, if ((err = der_decode_octet_string(priv_key->data, priv_key->size, key->priv, &key_len)) == CRYPT_OK) { fp(key->pub, key->priv); key->type = PK_PRIVATE; - key->algo = id; + err = pk_get_pka_id(id, &key->pka); } return err; } diff --git a/src/pk/ed25519/ed25519_export.c b/src/pk/ed25519/ed25519_export.c index 2b710e58d..5ec68eb2e 100644 --- a/src/pk/ed25519/ed25519_export.c +++ b/src/pk/ed25519/ed25519_export.c @@ -23,7 +23,7 @@ int ed25519_export( unsigned char *out, unsigned long *outlen, { LTC_ARGCHK(key != NULL); - if (key->algo != LTC_OID_ED25519) return CRYPT_PK_INVALID_TYPE; + if (key->pka != LTC_PKA_ED25519) return CRYPT_PK_INVALID_TYPE; return ec25519_export(out, outlen, which, key); } diff --git a/src/pk/ed25519/ed25519_import.c b/src/pk/ed25519/ed25519_import.c index f197d59dc..634780c4f 100644 --- a/src/pk/ed25519/ed25519_import.c +++ b/src/pk/ed25519/ed25519_import.c @@ -27,7 +27,7 @@ int ed25519_import(const unsigned char *in, unsigned long inlen, curve25519_key key_len = sizeof(key->pub); if ((err = x509_decode_subject_public_key_info(in, inlen, LTC_OID_ED25519, key->pub, &key_len, LTC_ASN1_EOL, NULL, 0uL)) == CRYPT_OK) { key->type = PK_PUBLIC; - key->algo = LTC_OID_ED25519; + key->pka = LTC_PKA_ED25519; } return err; } diff --git a/src/pk/ed25519/ed25519_import_raw.c b/src/pk/ed25519/ed25519_import_raw.c index 19955d134..d62812282 100644 --- a/src/pk/ed25519/ed25519_import_raw.c +++ b/src/pk/ed25519/ed25519_import_raw.c @@ -32,7 +32,7 @@ int ed25519_import_raw(const unsigned char *in, unsigned long inlen, int which, } else { return CRYPT_INVALID_ARG; } - key->algo = LTC_OID_ED25519; + key->pka = LTC_PKA_ED25519; key->type = which; return CRYPT_OK; diff --git a/src/pk/ed25519/ed25519_import_x509.c b/src/pk/ed25519/ed25519_import_x509.c index 44978ac2e..306a0e1e0 100644 --- a/src/pk/ed25519/ed25519_import_x509.c +++ b/src/pk/ed25519/ed25519_import_x509.c @@ -37,7 +37,7 @@ int ed25519_import_x509(const unsigned char *in, unsigned long inlen, curve25519 return err; } key->type = PK_PUBLIC; - key->algo = LTC_OID_ED25519; + key->pka = LTC_PKA_ED25519; return err; } diff --git a/src/pk/ed25519/ed25519_make_key.c b/src/pk/ed25519/ed25519_make_key.c index 7cec1959d..289313b5c 100644 --- a/src/pk/ed25519/ed25519_make_key.c +++ b/src/pk/ed25519/ed25519_make_key.c @@ -28,7 +28,7 @@ int ed25519_make_key(prng_state *prng, int wprng, curve25519_key *key) } key->type = PK_PRIVATE; - key->algo = LTC_OID_ED25519; + key->pka = LTC_PKA_ED25519; return err; } diff --git a/src/pk/ed25519/ed25519_sign.c b/src/pk/ed25519/ed25519_sign.c index d5bf364ee..33c240566 100644 --- a/src/pk/ed25519/ed25519_sign.c +++ b/src/pk/ed25519/ed25519_sign.c @@ -23,7 +23,7 @@ static int s_ed25519_sign(const unsigned char *msg, unsigned long msglen, LTC_ARGCHK(siglen != NULL); LTC_ARGCHK(private_key != NULL); - if (private_key->algo != LTC_OID_ED25519) return CRYPT_PK_INVALID_TYPE; + if (private_key->pka != LTC_PKA_ED25519) return CRYPT_PK_INVALID_TYPE; if (private_key->type != PK_PRIVATE) return CRYPT_PK_INVALID_TYPE; if (*siglen < 64uL) { diff --git a/src/pk/ed25519/ed25519_verify.c b/src/pk/ed25519/ed25519_verify.c index e7dcc3077..7afab7cab 100644 --- a/src/pk/ed25519/ed25519_verify.c +++ b/src/pk/ed25519/ed25519_verify.c @@ -27,7 +27,7 @@ static int s_ed25519_verify(const unsigned char *msg, unsigned long msglen, *stat = 0; if (siglen != 64uL) return CRYPT_INVALID_ARG; - if (public_key->algo != LTC_OID_ED25519) return CRYPT_PK_INVALID_TYPE; + if (public_key->pka != LTC_PKA_ED25519) return CRYPT_PK_INVALID_TYPE; mlen = msglen + siglen; if ((mlen < msglen) || (mlen < siglen)) return CRYPT_OVERFLOW; diff --git a/src/pk/x25519/x25519_export.c b/src/pk/x25519/x25519_export.c index 0687c135f..fd9972238 100644 --- a/src/pk/x25519/x25519_export.c +++ b/src/pk/x25519/x25519_export.c @@ -23,7 +23,7 @@ int x25519_export( unsigned char *out, unsigned long *outlen, { LTC_ARGCHK(key != NULL); - if (key->algo != LTC_OID_X25519) return CRYPT_PK_INVALID_TYPE; + if (key->pka != LTC_PKA_X25519) return CRYPT_PK_INVALID_TYPE; return ec25519_export(out, outlen, which, key); } diff --git a/src/pk/x25519/x25519_import.c b/src/pk/x25519/x25519_import.c index 247885f93..a16c624d2 100644 --- a/src/pk/x25519/x25519_import.c +++ b/src/pk/x25519/x25519_import.c @@ -27,7 +27,7 @@ int x25519_import(const unsigned char *in, unsigned long inlen, curve25519_key * key_len = sizeof(key->pub); if ((err = x509_decode_subject_public_key_info(in, inlen, LTC_OID_X25519, key->pub, &key_len, LTC_ASN1_EOL, NULL, 0uL)) == CRYPT_OK) { key->type = PK_PUBLIC; - key->algo = LTC_OID_X25519; + key->pka = LTC_PKA_X25519; } return err; } diff --git a/src/pk/x25519/x25519_import_raw.c b/src/pk/x25519/x25519_import_raw.c index e86e8c6a2..da659201d 100644 --- a/src/pk/x25519/x25519_import_raw.c +++ b/src/pk/x25519/x25519_import_raw.c @@ -32,7 +32,7 @@ int x25519_import_raw(const unsigned char *in, unsigned long inlen, int which, c } else { return CRYPT_INVALID_ARG; } - key->algo = LTC_OID_X25519; + key->pka = LTC_PKA_X25519; key->type = which; return CRYPT_OK; diff --git a/src/pk/x25519/x25519_import_x509.c b/src/pk/x25519/x25519_import_x509.c index 043b6ad98..a3d90cdc5 100644 --- a/src/pk/x25519/x25519_import_x509.c +++ b/src/pk/x25519/x25519_import_x509.c @@ -37,7 +37,7 @@ int x25519_import_x509(const unsigned char *in, unsigned long inlen, curve25519_ return err; } key->type = PK_PUBLIC; - key->algo = LTC_OID_X25519; + key->pka = LTC_PKA_X25519; return err; } diff --git a/src/pk/x25519/x25519_make_key.c b/src/pk/x25519/x25519_make_key.c index 40276fe9e..a30003cc4 100644 --- a/src/pk/x25519/x25519_make_key.c +++ b/src/pk/x25519/x25519_make_key.c @@ -34,7 +34,7 @@ int x25519_make_key(prng_state *prng, int wprng, curve25519_key *key) tweetnacl_crypto_scalarmult_base(key->pub, key->priv); key->type = PK_PRIVATE; - key->algo = LTC_OID_X25519; + key->pka = LTC_PKA_X25519; return err; } diff --git a/src/pk/x25519/x25519_shared_secret.c b/src/pk/x25519/x25519_shared_secret.c index eaea1c0d8..d7e9ea8c1 100644 --- a/src/pk/x25519/x25519_shared_secret.c +++ b/src/pk/x25519/x25519_shared_secret.c @@ -26,9 +26,10 @@ int x25519_shared_secret(const curve25519_key *private_key, LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); - if(private_key->type != PK_PRIVATE) return CRYPT_PK_INVALID_TYPE; + if (public_key->pka != LTC_PKA_X25519) return CRYPT_PK_INVALID_TYPE; + if (private_key->type != PK_PRIVATE) return CRYPT_PK_INVALID_TYPE; - if(*outlen < 32uL) { + if (*outlen < 32uL) { *outlen = 32uL; return CRYPT_BUFFER_OVERFLOW; } diff --git a/tests/pem_test.c b/tests/pem_test.c index 255f0fce3..327ad7670 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -64,7 +64,8 @@ static int s_key_cmp(ltc_pka_key *key) return ecc_key_cmp(PK_PRIVATE, &s_ecc_key_should, &key->u.ecc); #endif break; - case LTC_PKA_CURVE25519: + case LTC_PKA_ED25519: + case LTC_PKA_X25519: case LTC_PKA_DH: return CRYPT_OK; default: From 71a1b56a2741a9e5639de8b0af3ab1d5b06909b3 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 13 Sep 2022 12:02:55 +0200 Subject: [PATCH 28/33] Update makefiles --- libtomcrypt_VS2008.vcproj | 46 ++++++++++++++++++++++++++++++++++++++- makefile.mingw | 32 +++++++++++++++------------ makefile.msvc | 32 +++++++++++++++------------ makefile.unix | 32 +++++++++++++++------------ makefile_include.mk | 32 +++++++++++++++------------ sources.cmake | 12 +++++++++- tests/sources.cmake | 1 + 7 files changed, 129 insertions(+), 58 deletions(-) diff --git a/libtomcrypt_VS2008.vcproj b/libtomcrypt_VS2008.vcproj index ff4cf5f96..49dd2ceff 100644 --- a/libtomcrypt_VS2008.vcproj +++ b/libtomcrypt_VS2008.vcproj @@ -1599,6 +1599,26 @@ > + + + + + + + + + + @@ -1879,6 +1899,10 @@ + + @@ -2100,6 +2124,10 @@ RelativePath="src\pk\asn1\der\sequence\der_encode_sequence_multi.c" > + + @@ -2190,7 +2218,7 @@ Name="oid" > + + + + @@ -2302,6 +2338,14 @@ RelativePath="src\pk\dsa\dsa_import.c" > + + + + diff --git a/makefile.mingw b/makefile.mingw index 4c9af5946..5a6a227bd 100644 --- a/makefile.mingw +++ b/makefile.mingw @@ -112,6 +112,7 @@ src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o src/misc/hkdf/hkdf.o \ src/misc/hkdf/hkdf_test.o src/misc/mem_neq.o src/misc/padding/padding_depad.o \ src/misc/padding/padding_pad.o src/misc/pbes/pbes.o src/misc/pbes/pbes1.o src/misc/pbes/pbes2.o \ +src/misc/pem/pem.o src/misc/pem/pem_pkcs.o src/misc/pem/pem_read.o src/misc/pem/pem_ssh.o \ src/misc/pkcs12/pkcs12_kdf.o src/misc/pkcs12/pkcs12_utf8_to_utf16.o src/misc/pkcs5/pkcs_5_1.o \ src/misc/pkcs5/pkcs_5_2.o src/misc/pkcs5/pkcs_5_test.o src/misc/ssh/ssh_decode_sequence_multi.o \ src/misc/ssh/ssh_encode_sequence_multi.o src/misc/zeromem.o src/modes/cbc/cbc_decrypt.o \ @@ -159,7 +160,8 @@ src/pk/asn1/der/sequence/der_decode_sequence_ex.o \ src/pk/asn1/der/sequence/der_decode_sequence_flexi.o \ src/pk/asn1/der/sequence/der_decode_sequence_multi.o \ src/pk/asn1/der/sequence/der_encode_sequence_ex.o \ -src/pk/asn1/der/sequence/der_encode_sequence_multi.o src/pk/asn1/der/sequence/der_length_sequence.o \ +src/pk/asn1/der/sequence/der_encode_sequence_multi.o \ +src/pk/asn1/der/sequence/der_flexi_sequence_cmp.o src/pk/asn1/der/sequence/der_length_sequence.o \ src/pk/asn1/der/sequence/der_sequence_free.o src/pk/asn1/der/sequence/der_sequence_shrink.o \ src/pk/asn1/der/set/der_encode_set.o src/pk/asn1/der/set/der_encode_setof.o \ src/pk/asn1/der/short_integer/der_decode_short_integer.o \ @@ -170,15 +172,17 @@ src/pk/asn1/der/teletex_string/der_length_teletex_string.o \ src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \ src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \ src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \ -src/pk/asn1/oid/pk_get_oid.o src/pk/asn1/oid/pk_oid_cmp.o src/pk/asn1/oid/pk_oid_str.o \ -src/pk/asn1/pkcs8/pkcs8_decode_flexi.o src/pk/asn1/x509/x509_decode_public_key_from_certificate.o \ +src/pk/asn1/oid/pk_get.o src/pk/asn1/oid/pk_oid_cmp.o src/pk/asn1/oid/pk_oid_str.o \ +src/pk/asn1/pkcs8/pkcs8_decode_flexi.o src/pk/asn1/pkcs8/pkcs8_get.o \ +src/pk/asn1/x509/x509_decode_public_key_from_certificate.o \ src/pk/asn1/x509/x509_decode_subject_public_key_info.o \ src/pk/asn1/x509/x509_encode_subject_public_key_info.o src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o \ src/pk/dh/dh_export.o src/pk/dh/dh_export_key.o src/pk/dh/dh_free.o src/pk/dh/dh_generate_key.o \ -src/pk/dh/dh_import.o src/pk/dh/dh_set.o src/pk/dh/dh_set_pg_dhparam.o src/pk/dh/dh_shared_secret.o \ -src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \ -src/pk/dsa/dsa_generate_key.o src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o \ -src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_set_pqg_dsaparam.o \ +src/pk/dh/dh_import.o src/pk/dh/dh_import_pkcs8.o src/pk/dh/dh_set.o src/pk/dh/dh_set_pg_dhparam.o \ +src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o \ +src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_generate_key.o \ +src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_import_pkcs8.o \ +src/pk/dsa/dsa_init.o src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_set_pqg_dsaparam.o \ src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \ src/pk/dsa/dsa_verify_key.o src/pk/ec25519/ec25519_crypto_ctx.o src/pk/ec25519/ec25519_export.o \ src/pk/ec25519/ec25519_import_pkcs8.o src/pk/ec25519/tweetnacl.o src/pk/ecc/ecc.o \ @@ -197,12 +201,12 @@ src/pk/ecc/ltc_ecc_projective_add_point.o src/pk/ecc/ltc_ecc_projective_dbl_poin src/pk/ecc/ltc_ecc_verify_key.o src/pk/ed25519/ed25519_export.o src/pk/ed25519/ed25519_import.o \ src/pk/ed25519/ed25519_import_pkcs8.o src/pk/ed25519/ed25519_import_raw.o \ src/pk/ed25519/ed25519_import_x509.o src/pk/ed25519/ed25519_make_key.o src/pk/ed25519/ed25519_sign.o \ -src/pk/ed25519/ed25519_verify.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \ -src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \ -src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \ -src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \ -src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_get_size.o src/pk/rsa/rsa_import.o \ -src/pk/rsa/rsa_import_pkcs8.o src/pk/rsa/rsa_import_x509.o src/pk/rsa/rsa_key.o \ +src/pk/ed25519/ed25519_verify.o src/pk/pka_key_free.o src/pk/pkcs1/pkcs_1_i2osp.o \ +src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o \ +src/pk/pkcs1/pkcs_1_os2ip.o src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \ +src/pk/pkcs1/pkcs_1_v1_5_decode.o src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o \ +src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_get_size.o \ +src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_pkcs8.o src/pk/rsa/rsa_import_x509.o src/pk/rsa/rsa_key.o \ src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_set.o src/pk/rsa/rsa_sign_hash.o \ src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o src/pk/x25519/x25519_export.o \ src/pk/x25519/x25519_import.o src/pk/x25519/x25519_import_pkcs8.o src/pk/x25519/x25519_import_raw.o \ @@ -228,7 +232,7 @@ TOBJECTS=tests/base16_test.o tests/base32_test.o tests/base64_test.o tests/bcryp tests/cipher_hash_test.o tests/common.o tests/der_test.o tests/dh_test.o tests/dsa_test.o \ tests/ecc_test.o tests/ed25519_test.o tests/file_test.o tests/mac_test.o tests/misc_test.o \ tests/modes_test.o tests/mpi_test.o tests/multi_test.o tests/no_null_termination_check_test.o \ -tests/no_prng.o tests/padding_test.o tests/pkcs_1_eme_test.o tests/pkcs_1_emsa_test.o \ +tests/no_prng.o tests/padding_test.o tests/pem_test.o tests/pkcs_1_eme_test.o tests/pkcs_1_emsa_test.o \ tests/pkcs_1_oaep_test.o tests/pkcs_1_pss_test.o tests/pkcs_1_test.o tests/prng_test.o \ tests/rotate_test.o tests/rsa_test.o tests/ssh_test.o tests/store_test.o tests/test.o tests/x25519_test.o diff --git a/makefile.msvc b/makefile.msvc index ad65eb698..f171c8473 100644 --- a/makefile.msvc +++ b/makefile.msvc @@ -105,6 +105,7 @@ src/misc/crypt/crypt_unregister_cipher.obj src/misc/crypt/crypt_unregister_hash. src/misc/crypt/crypt_unregister_prng.obj src/misc/error_to_string.obj src/misc/hkdf/hkdf.obj \ src/misc/hkdf/hkdf_test.obj src/misc/mem_neq.obj src/misc/padding/padding_depad.obj \ src/misc/padding/padding_pad.obj src/misc/pbes/pbes.obj src/misc/pbes/pbes1.obj src/misc/pbes/pbes2.obj \ +src/misc/pem/pem.obj src/misc/pem/pem_pkcs.obj src/misc/pem/pem_read.obj src/misc/pem/pem_ssh.obj \ src/misc/pkcs12/pkcs12_kdf.obj src/misc/pkcs12/pkcs12_utf8_to_utf16.obj src/misc/pkcs5/pkcs_5_1.obj \ src/misc/pkcs5/pkcs_5_2.obj src/misc/pkcs5/pkcs_5_test.obj src/misc/ssh/ssh_decode_sequence_multi.obj \ src/misc/ssh/ssh_encode_sequence_multi.obj src/misc/zeromem.obj src/modes/cbc/cbc_decrypt.obj \ @@ -152,7 +153,8 @@ src/pk/asn1/der/sequence/der_decode_sequence_ex.obj \ src/pk/asn1/der/sequence/der_decode_sequence_flexi.obj \ src/pk/asn1/der/sequence/der_decode_sequence_multi.obj \ src/pk/asn1/der/sequence/der_encode_sequence_ex.obj \ -src/pk/asn1/der/sequence/der_encode_sequence_multi.obj src/pk/asn1/der/sequence/der_length_sequence.obj \ +src/pk/asn1/der/sequence/der_encode_sequence_multi.obj \ +src/pk/asn1/der/sequence/der_flexi_sequence_cmp.obj src/pk/asn1/der/sequence/der_length_sequence.obj \ src/pk/asn1/der/sequence/der_sequence_free.obj src/pk/asn1/der/sequence/der_sequence_shrink.obj \ src/pk/asn1/der/set/der_encode_set.obj src/pk/asn1/der/set/der_encode_setof.obj \ src/pk/asn1/der/short_integer/der_decode_short_integer.obj \ @@ -163,15 +165,17 @@ src/pk/asn1/der/teletex_string/der_length_teletex_string.obj \ src/pk/asn1/der/utctime/der_decode_utctime.obj src/pk/asn1/der/utctime/der_encode_utctime.obj \ src/pk/asn1/der/utctime/der_length_utctime.obj src/pk/asn1/der/utf8/der_decode_utf8_string.obj \ src/pk/asn1/der/utf8/der_encode_utf8_string.obj src/pk/asn1/der/utf8/der_length_utf8_string.obj \ -src/pk/asn1/oid/pk_get_oid.obj src/pk/asn1/oid/pk_oid_cmp.obj src/pk/asn1/oid/pk_oid_str.obj \ -src/pk/asn1/pkcs8/pkcs8_decode_flexi.obj src/pk/asn1/x509/x509_decode_public_key_from_certificate.obj \ +src/pk/asn1/oid/pk_get.obj src/pk/asn1/oid/pk_oid_cmp.obj src/pk/asn1/oid/pk_oid_str.obj \ +src/pk/asn1/pkcs8/pkcs8_decode_flexi.obj src/pk/asn1/pkcs8/pkcs8_get.obj \ +src/pk/asn1/x509/x509_decode_public_key_from_certificate.obj \ src/pk/asn1/x509/x509_decode_subject_public_key_info.obj \ src/pk/asn1/x509/x509_encode_subject_public_key_info.obj src/pk/dh/dh.obj src/pk/dh/dh_check_pubkey.obj \ src/pk/dh/dh_export.obj src/pk/dh/dh_export_key.obj src/pk/dh/dh_free.obj src/pk/dh/dh_generate_key.obj \ -src/pk/dh/dh_import.obj src/pk/dh/dh_set.obj src/pk/dh/dh_set_pg_dhparam.obj src/pk/dh/dh_shared_secret.obj \ -src/pk/dsa/dsa_decrypt_key.obj src/pk/dsa/dsa_encrypt_key.obj src/pk/dsa/dsa_export.obj src/pk/dsa/dsa_free.obj \ -src/pk/dsa/dsa_generate_key.obj src/pk/dsa/dsa_generate_pqg.obj src/pk/dsa/dsa_import.obj \ -src/pk/dsa/dsa_make_key.obj src/pk/dsa/dsa_set.obj src/pk/dsa/dsa_set_pqg_dsaparam.obj \ +src/pk/dh/dh_import.obj src/pk/dh/dh_import_pkcs8.obj src/pk/dh/dh_set.obj src/pk/dh/dh_set_pg_dhparam.obj \ +src/pk/dh/dh_shared_secret.obj src/pk/dsa/dsa_decrypt_key.obj src/pk/dsa/dsa_encrypt_key.obj \ +src/pk/dsa/dsa_export.obj src/pk/dsa/dsa_free.obj src/pk/dsa/dsa_generate_key.obj \ +src/pk/dsa/dsa_generate_pqg.obj src/pk/dsa/dsa_import.obj src/pk/dsa/dsa_import_pkcs8.obj \ +src/pk/dsa/dsa_init.obj src/pk/dsa/dsa_make_key.obj src/pk/dsa/dsa_set.obj src/pk/dsa/dsa_set_pqg_dsaparam.obj \ src/pk/dsa/dsa_shared_secret.obj src/pk/dsa/dsa_sign_hash.obj src/pk/dsa/dsa_verify_hash.obj \ src/pk/dsa/dsa_verify_key.obj src/pk/ec25519/ec25519_crypto_ctx.obj src/pk/ec25519/ec25519_export.obj \ src/pk/ec25519/ec25519_import_pkcs8.obj src/pk/ec25519/tweetnacl.obj src/pk/ecc/ecc.obj \ @@ -190,12 +194,12 @@ src/pk/ecc/ltc_ecc_projective_add_point.obj src/pk/ecc/ltc_ecc_projective_dbl_po src/pk/ecc/ltc_ecc_verify_key.obj src/pk/ed25519/ed25519_export.obj src/pk/ed25519/ed25519_import.obj \ src/pk/ed25519/ed25519_import_pkcs8.obj src/pk/ed25519/ed25519_import_raw.obj \ src/pk/ed25519/ed25519_import_x509.obj src/pk/ed25519/ed25519_make_key.obj src/pk/ed25519/ed25519_sign.obj \ -src/pk/ed25519/ed25519_verify.obj src/pk/pkcs1/pkcs_1_i2osp.obj src/pk/pkcs1/pkcs_1_mgf1.obj \ -src/pk/pkcs1/pkcs_1_oaep_decode.obj src/pk/pkcs1/pkcs_1_oaep_encode.obj src/pk/pkcs1/pkcs_1_os2ip.obj \ -src/pk/pkcs1/pkcs_1_pss_decode.obj src/pk/pkcs1/pkcs_1_pss_encode.obj src/pk/pkcs1/pkcs_1_v1_5_decode.obj \ -src/pk/pkcs1/pkcs_1_v1_5_encode.obj src/pk/rsa/rsa_decrypt_key.obj src/pk/rsa/rsa_encrypt_key.obj \ -src/pk/rsa/rsa_export.obj src/pk/rsa/rsa_exptmod.obj src/pk/rsa/rsa_get_size.obj src/pk/rsa/rsa_import.obj \ -src/pk/rsa/rsa_import_pkcs8.obj src/pk/rsa/rsa_import_x509.obj src/pk/rsa/rsa_key.obj \ +src/pk/ed25519/ed25519_verify.obj src/pk/pka_key_free.obj src/pk/pkcs1/pkcs_1_i2osp.obj \ +src/pk/pkcs1/pkcs_1_mgf1.obj src/pk/pkcs1/pkcs_1_oaep_decode.obj src/pk/pkcs1/pkcs_1_oaep_encode.obj \ +src/pk/pkcs1/pkcs_1_os2ip.obj src/pk/pkcs1/pkcs_1_pss_decode.obj src/pk/pkcs1/pkcs_1_pss_encode.obj \ +src/pk/pkcs1/pkcs_1_v1_5_decode.obj src/pk/pkcs1/pkcs_1_v1_5_encode.obj src/pk/rsa/rsa_decrypt_key.obj \ +src/pk/rsa/rsa_encrypt_key.obj src/pk/rsa/rsa_export.obj src/pk/rsa/rsa_exptmod.obj src/pk/rsa/rsa_get_size.obj \ +src/pk/rsa/rsa_import.obj src/pk/rsa/rsa_import_pkcs8.obj src/pk/rsa/rsa_import_x509.obj src/pk/rsa/rsa_key.obj \ src/pk/rsa/rsa_make_key.obj src/pk/rsa/rsa_set.obj src/pk/rsa/rsa_sign_hash.obj \ src/pk/rsa/rsa_sign_saltlen_get.obj src/pk/rsa/rsa_verify_hash.obj src/pk/x25519/x25519_export.obj \ src/pk/x25519/x25519_import.obj src/pk/x25519/x25519_import_pkcs8.obj src/pk/x25519/x25519_import_raw.obj \ @@ -221,7 +225,7 @@ TOBJECTS=tests/base16_test.obj tests/base32_test.obj tests/base64_test.obj tests tests/cipher_hash_test.obj tests/common.obj tests/der_test.obj tests/dh_test.obj tests/dsa_test.obj \ tests/ecc_test.obj tests/ed25519_test.obj tests/file_test.obj tests/mac_test.obj tests/misc_test.obj \ tests/modes_test.obj tests/mpi_test.obj tests/multi_test.obj tests/no_null_termination_check_test.obj \ -tests/no_prng.obj tests/padding_test.obj tests/pkcs_1_eme_test.obj tests/pkcs_1_emsa_test.obj \ +tests/no_prng.obj tests/padding_test.obj tests/pem_test.obj tests/pkcs_1_eme_test.obj tests/pkcs_1_emsa_test.obj \ tests/pkcs_1_oaep_test.obj tests/pkcs_1_pss_test.obj tests/pkcs_1_test.obj tests/prng_test.obj \ tests/rotate_test.obj tests/rsa_test.obj tests/ssh_test.obj tests/store_test.obj tests/test.obj tests/x25519_test.obj diff --git a/makefile.unix b/makefile.unix index a46736c28..0a10d1f65 100644 --- a/makefile.unix +++ b/makefile.unix @@ -126,6 +126,7 @@ src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o src/misc/hkdf/hkdf.o \ src/misc/hkdf/hkdf_test.o src/misc/mem_neq.o src/misc/padding/padding_depad.o \ src/misc/padding/padding_pad.o src/misc/pbes/pbes.o src/misc/pbes/pbes1.o src/misc/pbes/pbes2.o \ +src/misc/pem/pem.o src/misc/pem/pem_pkcs.o src/misc/pem/pem_read.o src/misc/pem/pem_ssh.o \ src/misc/pkcs12/pkcs12_kdf.o src/misc/pkcs12/pkcs12_utf8_to_utf16.o src/misc/pkcs5/pkcs_5_1.o \ src/misc/pkcs5/pkcs_5_2.o src/misc/pkcs5/pkcs_5_test.o src/misc/ssh/ssh_decode_sequence_multi.o \ src/misc/ssh/ssh_encode_sequence_multi.o src/misc/zeromem.o src/modes/cbc/cbc_decrypt.o \ @@ -173,7 +174,8 @@ src/pk/asn1/der/sequence/der_decode_sequence_ex.o \ src/pk/asn1/der/sequence/der_decode_sequence_flexi.o \ src/pk/asn1/der/sequence/der_decode_sequence_multi.o \ src/pk/asn1/der/sequence/der_encode_sequence_ex.o \ -src/pk/asn1/der/sequence/der_encode_sequence_multi.o src/pk/asn1/der/sequence/der_length_sequence.o \ +src/pk/asn1/der/sequence/der_encode_sequence_multi.o \ +src/pk/asn1/der/sequence/der_flexi_sequence_cmp.o src/pk/asn1/der/sequence/der_length_sequence.o \ src/pk/asn1/der/sequence/der_sequence_free.o src/pk/asn1/der/sequence/der_sequence_shrink.o \ src/pk/asn1/der/set/der_encode_set.o src/pk/asn1/der/set/der_encode_setof.o \ src/pk/asn1/der/short_integer/der_decode_short_integer.o \ @@ -184,15 +186,17 @@ src/pk/asn1/der/teletex_string/der_length_teletex_string.o \ src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \ src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \ src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \ -src/pk/asn1/oid/pk_get_oid.o src/pk/asn1/oid/pk_oid_cmp.o src/pk/asn1/oid/pk_oid_str.o \ -src/pk/asn1/pkcs8/pkcs8_decode_flexi.o src/pk/asn1/x509/x509_decode_public_key_from_certificate.o \ +src/pk/asn1/oid/pk_get.o src/pk/asn1/oid/pk_oid_cmp.o src/pk/asn1/oid/pk_oid_str.o \ +src/pk/asn1/pkcs8/pkcs8_decode_flexi.o src/pk/asn1/pkcs8/pkcs8_get.o \ +src/pk/asn1/x509/x509_decode_public_key_from_certificate.o \ src/pk/asn1/x509/x509_decode_subject_public_key_info.o \ src/pk/asn1/x509/x509_encode_subject_public_key_info.o src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o \ src/pk/dh/dh_export.o src/pk/dh/dh_export_key.o src/pk/dh/dh_free.o src/pk/dh/dh_generate_key.o \ -src/pk/dh/dh_import.o src/pk/dh/dh_set.o src/pk/dh/dh_set_pg_dhparam.o src/pk/dh/dh_shared_secret.o \ -src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \ -src/pk/dsa/dsa_generate_key.o src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o \ -src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_set_pqg_dsaparam.o \ +src/pk/dh/dh_import.o src/pk/dh/dh_import_pkcs8.o src/pk/dh/dh_set.o src/pk/dh/dh_set_pg_dhparam.o \ +src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o \ +src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_generate_key.o \ +src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_import_pkcs8.o \ +src/pk/dsa/dsa_init.o src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_set_pqg_dsaparam.o \ src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \ src/pk/dsa/dsa_verify_key.o src/pk/ec25519/ec25519_crypto_ctx.o src/pk/ec25519/ec25519_export.o \ src/pk/ec25519/ec25519_import_pkcs8.o src/pk/ec25519/tweetnacl.o src/pk/ecc/ecc.o \ @@ -211,12 +215,12 @@ src/pk/ecc/ltc_ecc_projective_add_point.o src/pk/ecc/ltc_ecc_projective_dbl_poin src/pk/ecc/ltc_ecc_verify_key.o src/pk/ed25519/ed25519_export.o src/pk/ed25519/ed25519_import.o \ src/pk/ed25519/ed25519_import_pkcs8.o src/pk/ed25519/ed25519_import_raw.o \ src/pk/ed25519/ed25519_import_x509.o src/pk/ed25519/ed25519_make_key.o src/pk/ed25519/ed25519_sign.o \ -src/pk/ed25519/ed25519_verify.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \ -src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \ -src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \ -src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \ -src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_get_size.o src/pk/rsa/rsa_import.o \ -src/pk/rsa/rsa_import_pkcs8.o src/pk/rsa/rsa_import_x509.o src/pk/rsa/rsa_key.o \ +src/pk/ed25519/ed25519_verify.o src/pk/pka_key_free.o src/pk/pkcs1/pkcs_1_i2osp.o \ +src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o \ +src/pk/pkcs1/pkcs_1_os2ip.o src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \ +src/pk/pkcs1/pkcs_1_v1_5_decode.o src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o \ +src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_get_size.o \ +src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_pkcs8.o src/pk/rsa/rsa_import_x509.o src/pk/rsa/rsa_key.o \ src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_set.o src/pk/rsa/rsa_sign_hash.o \ src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o src/pk/x25519/x25519_export.o \ src/pk/x25519/x25519_import.o src/pk/x25519/x25519_import_pkcs8.o src/pk/x25519/x25519_import_raw.o \ @@ -242,7 +246,7 @@ TOBJECTS=tests/base16_test.o tests/base32_test.o tests/base64_test.o tests/bcryp tests/cipher_hash_test.o tests/common.o tests/der_test.o tests/dh_test.o tests/dsa_test.o \ tests/ecc_test.o tests/ed25519_test.o tests/file_test.o tests/mac_test.o tests/misc_test.o \ tests/modes_test.o tests/mpi_test.o tests/multi_test.o tests/no_null_termination_check_test.o \ -tests/no_prng.o tests/padding_test.o tests/pkcs_1_eme_test.o tests/pkcs_1_emsa_test.o \ +tests/no_prng.o tests/padding_test.o tests/pem_test.o tests/pkcs_1_eme_test.o tests/pkcs_1_emsa_test.o \ tests/pkcs_1_oaep_test.o tests/pkcs_1_pss_test.o tests/pkcs_1_test.o tests/prng_test.o \ tests/rotate_test.o tests/rsa_test.o tests/ssh_test.o tests/store_test.o tests/test.o tests/x25519_test.o diff --git a/makefile_include.mk b/makefile_include.mk index e7e3cf522..f10f0f294 100644 --- a/makefile_include.mk +++ b/makefile_include.mk @@ -291,6 +291,7 @@ src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o src/misc/hkdf/hkdf.o \ src/misc/hkdf/hkdf_test.o src/misc/mem_neq.o src/misc/padding/padding_depad.o \ src/misc/padding/padding_pad.o src/misc/pbes/pbes.o src/misc/pbes/pbes1.o src/misc/pbes/pbes2.o \ +src/misc/pem/pem.o src/misc/pem/pem_pkcs.o src/misc/pem/pem_read.o src/misc/pem/pem_ssh.o \ src/misc/pkcs12/pkcs12_kdf.o src/misc/pkcs12/pkcs12_utf8_to_utf16.o src/misc/pkcs5/pkcs_5_1.o \ src/misc/pkcs5/pkcs_5_2.o src/misc/pkcs5/pkcs_5_test.o src/misc/ssh/ssh_decode_sequence_multi.o \ src/misc/ssh/ssh_encode_sequence_multi.o src/misc/zeromem.o src/modes/cbc/cbc_decrypt.o \ @@ -338,7 +339,8 @@ src/pk/asn1/der/sequence/der_decode_sequence_ex.o \ src/pk/asn1/der/sequence/der_decode_sequence_flexi.o \ src/pk/asn1/der/sequence/der_decode_sequence_multi.o \ src/pk/asn1/der/sequence/der_encode_sequence_ex.o \ -src/pk/asn1/der/sequence/der_encode_sequence_multi.o src/pk/asn1/der/sequence/der_length_sequence.o \ +src/pk/asn1/der/sequence/der_encode_sequence_multi.o \ +src/pk/asn1/der/sequence/der_flexi_sequence_cmp.o src/pk/asn1/der/sequence/der_length_sequence.o \ src/pk/asn1/der/sequence/der_sequence_free.o src/pk/asn1/der/sequence/der_sequence_shrink.o \ src/pk/asn1/der/set/der_encode_set.o src/pk/asn1/der/set/der_encode_setof.o \ src/pk/asn1/der/short_integer/der_decode_short_integer.o \ @@ -349,15 +351,17 @@ src/pk/asn1/der/teletex_string/der_length_teletex_string.o \ src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \ src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \ src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \ -src/pk/asn1/oid/pk_get_oid.o src/pk/asn1/oid/pk_oid_cmp.o src/pk/asn1/oid/pk_oid_str.o \ -src/pk/asn1/pkcs8/pkcs8_decode_flexi.o src/pk/asn1/x509/x509_decode_public_key_from_certificate.o \ +src/pk/asn1/oid/pk_get.o src/pk/asn1/oid/pk_oid_cmp.o src/pk/asn1/oid/pk_oid_str.o \ +src/pk/asn1/pkcs8/pkcs8_decode_flexi.o src/pk/asn1/pkcs8/pkcs8_get.o \ +src/pk/asn1/x509/x509_decode_public_key_from_certificate.o \ src/pk/asn1/x509/x509_decode_subject_public_key_info.o \ src/pk/asn1/x509/x509_encode_subject_public_key_info.o src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o \ src/pk/dh/dh_export.o src/pk/dh/dh_export_key.o src/pk/dh/dh_free.o src/pk/dh/dh_generate_key.o \ -src/pk/dh/dh_import.o src/pk/dh/dh_set.o src/pk/dh/dh_set_pg_dhparam.o src/pk/dh/dh_shared_secret.o \ -src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \ -src/pk/dsa/dsa_generate_key.o src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o \ -src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_set_pqg_dsaparam.o \ +src/pk/dh/dh_import.o src/pk/dh/dh_import_pkcs8.o src/pk/dh/dh_set.o src/pk/dh/dh_set_pg_dhparam.o \ +src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o \ +src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_generate_key.o \ +src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_import_pkcs8.o \ +src/pk/dsa/dsa_init.o src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_set_pqg_dsaparam.o \ src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \ src/pk/dsa/dsa_verify_key.o src/pk/ec25519/ec25519_crypto_ctx.o src/pk/ec25519/ec25519_export.o \ src/pk/ec25519/ec25519_import_pkcs8.o src/pk/ec25519/tweetnacl.o src/pk/ecc/ecc.o \ @@ -376,12 +380,12 @@ src/pk/ecc/ltc_ecc_projective_add_point.o src/pk/ecc/ltc_ecc_projective_dbl_poin src/pk/ecc/ltc_ecc_verify_key.o src/pk/ed25519/ed25519_export.o src/pk/ed25519/ed25519_import.o \ src/pk/ed25519/ed25519_import_pkcs8.o src/pk/ed25519/ed25519_import_raw.o \ src/pk/ed25519/ed25519_import_x509.o src/pk/ed25519/ed25519_make_key.o src/pk/ed25519/ed25519_sign.o \ -src/pk/ed25519/ed25519_verify.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \ -src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \ -src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \ -src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \ -src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_get_size.o src/pk/rsa/rsa_import.o \ -src/pk/rsa/rsa_import_pkcs8.o src/pk/rsa/rsa_import_x509.o src/pk/rsa/rsa_key.o \ +src/pk/ed25519/ed25519_verify.o src/pk/pka_key_free.o src/pk/pkcs1/pkcs_1_i2osp.o \ +src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o \ +src/pk/pkcs1/pkcs_1_os2ip.o src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \ +src/pk/pkcs1/pkcs_1_v1_5_decode.o src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o \ +src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_get_size.o \ +src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_pkcs8.o src/pk/rsa/rsa_import_x509.o src/pk/rsa/rsa_key.o \ src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_set.o src/pk/rsa/rsa_sign_hash.o \ src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o src/pk/x25519/x25519_export.o \ src/pk/x25519/x25519_import.o src/pk/x25519/x25519_import_pkcs8.o src/pk/x25519/x25519_import_raw.o \ @@ -407,7 +411,7 @@ TOBJECTS=tests/base16_test.o tests/base32_test.o tests/base64_test.o tests/bcryp tests/cipher_hash_test.o tests/common.o tests/der_test.o tests/dh_test.o tests/dsa_test.o \ tests/ecc_test.o tests/ed25519_test.o tests/file_test.o tests/mac_test.o tests/misc_test.o \ tests/modes_test.o tests/mpi_test.o tests/multi_test.o tests/no_null_termination_check_test.o \ -tests/no_prng.o tests/padding_test.o tests/pkcs_1_eme_test.o tests/pkcs_1_emsa_test.o \ +tests/no_prng.o tests/padding_test.o tests/pem_test.o tests/pkcs_1_eme_test.o tests/pkcs_1_emsa_test.o \ tests/pkcs_1_oaep_test.o tests/pkcs_1_pss_test.o tests/pkcs_1_test.o tests/prng_test.o \ tests/rotate_test.o tests/rsa_test.o tests/ssh_test.o tests/store_test.o tests/test.o tests/x25519_test.o diff --git a/sources.cmake b/sources.cmake index 3e46235c6..e1b729efc 100644 --- a/sources.cmake +++ b/sources.cmake @@ -239,6 +239,10 @@ src/misc/padding/padding_pad.c src/misc/pbes/pbes.c src/misc/pbes/pbes1.c src/misc/pbes/pbes2.c +src/misc/pem/pem.c +src/misc/pem/pem_pkcs.c +src/misc/pem/pem_read.c +src/misc/pem/pem_ssh.c src/misc/pkcs12/pkcs12_kdf.c src/misc/pkcs12/pkcs12_utf8_to_utf16.c src/misc/pkcs5/pkcs_5_1.c @@ -339,6 +343,7 @@ src/pk/asn1/der/sequence/der_decode_sequence_flexi.c src/pk/asn1/der/sequence/der_decode_sequence_multi.c src/pk/asn1/der/sequence/der_encode_sequence_ex.c src/pk/asn1/der/sequence/der_encode_sequence_multi.c +src/pk/asn1/der/sequence/der_flexi_sequence_cmp.c src/pk/asn1/der/sequence/der_length_sequence.c src/pk/asn1/der/sequence/der_sequence_free.c src/pk/asn1/der/sequence/der_sequence_shrink.c @@ -355,10 +360,11 @@ src/pk/asn1/der/utctime/der_length_utctime.c src/pk/asn1/der/utf8/der_decode_utf8_string.c src/pk/asn1/der/utf8/der_encode_utf8_string.c src/pk/asn1/der/utf8/der_length_utf8_string.c -src/pk/asn1/oid/pk_get_oid.c +src/pk/asn1/oid/pk_get.c src/pk/asn1/oid/pk_oid_cmp.c src/pk/asn1/oid/pk_oid_str.c src/pk/asn1/pkcs8/pkcs8_decode_flexi.c +src/pk/asn1/pkcs8/pkcs8_get.c src/pk/asn1/x509/x509_decode_public_key_from_certificate.c src/pk/asn1/x509/x509_decode_subject_public_key_info.c src/pk/asn1/x509/x509_encode_subject_public_key_info.c @@ -369,6 +375,7 @@ src/pk/dh/dh_export_key.c src/pk/dh/dh_free.c src/pk/dh/dh_generate_key.c src/pk/dh/dh_import.c +src/pk/dh/dh_import_pkcs8.c src/pk/dh/dh_set.c src/pk/dh/dh_set_pg_dhparam.c src/pk/dh/dh_shared_secret.c @@ -379,6 +386,8 @@ src/pk/dsa/dsa_free.c src/pk/dsa/dsa_generate_key.c src/pk/dsa/dsa_generate_pqg.c src/pk/dsa/dsa_import.c +src/pk/dsa/dsa_import_pkcs8.c +src/pk/dsa/dsa_init.c src/pk/dsa/dsa_make_key.c src/pk/dsa/dsa_set.c src/pk/dsa/dsa_set_pqg_dsaparam.c @@ -436,6 +445,7 @@ src/pk/ed25519/ed25519_import_x509.c src/pk/ed25519/ed25519_make_key.c src/pk/ed25519/ed25519_sign.c src/pk/ed25519/ed25519_verify.c +src/pk/pka_key_free.c src/pk/pkcs1/pkcs_1_i2osp.c src/pk/pkcs1/pkcs_1_mgf1.c src/pk/pkcs1/pkcs_1_oaep_decode.c diff --git a/tests/sources.cmake b/tests/sources.cmake index d63a1cc47..b384305b0 100644 --- a/tests/sources.cmake +++ b/tests/sources.cmake @@ -19,6 +19,7 @@ multi_test.c no_null_termination_check_test.c no_prng.c padding_test.c +pem_test.c pkcs_1_eme_test.c pkcs_1_emsa_test.c pkcs_1_oaep_test.c From 9675bbddb9f06ff52811bee7d649fcb1e6a84179 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 10 Oct 2023 10:26:53 +0200 Subject: [PATCH 29/33] Add support for `aes256-ctr` encrypted SSH keys Signed-off-by: Steffen Jaeckel --- src/misc/pem/pem_ssh.c | 49 +++++++++++++++++++--------- tests/ssh/ssh-testkey-ed25519-aesctr | 8 +++++ 2 files changed, 42 insertions(+), 15 deletions(-) create mode 100644 tests/ssh/ssh-testkey-ed25519-aesctr diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c index 6c49f4104..e628bcd21 100644 --- a/src/misc/pem/pem_ssh.c +++ b/src/misc/pem/pem_ssh.c @@ -29,7 +29,7 @@ const struct ssh_blockcipher ssh_ciphers[] = { { "none", "", 0, none }, { "aes256-cbc", "aes", 256 / 8, cbc }, - { 0 }, + { "aes256-ctr", "aes", 256 / 8, ctr }, }; struct kdf_options { @@ -232,9 +232,14 @@ static int s_decode_private_key(const unsigned char *in, unsigned long *inlen, l static int s_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struct kdf_options *opts) { int err, cipher; - unsigned char symkey[128]; unsigned long symkey_len; - symmetric_CBC cbc_ctx; + struct { + unsigned char symkey[128]; + union { + symmetric_CBC cbc; + symmetric_CTR ctr; + } ctx; + } s; LTC_ARGCHK(in != NULL); LTC_ARGCHK(inlen != NULL); @@ -246,27 +251,41 @@ static int s_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struc } symkey_len = opts->cipher->len + cipher_descriptor[cipher].block_length; - if (sizeof(symkey) < symkey_len) { + if (sizeof(s.symkey) < symkey_len) { return CRYPT_OVERFLOW; } - if ((err = bcrypt_pbkdf_openbsd(opts->pw.pw, opts->pw.l, opts->salt, opts->saltlen, opts->num_rounds, find_hash("sha512"), symkey, &symkey_len)) != CRYPT_OK) { + if ((err = bcrypt_pbkdf_openbsd(opts->pw.pw, opts->pw.l, opts->salt, opts->saltlen, + opts->num_rounds, find_hash("sha512"), s.symkey, &symkey_len)) != CRYPT_OK) { return err; } - if ((err = cbc_start(cipher, symkey + opts->cipher->len, symkey, opts->cipher->len, 0, &cbc_ctx)) != CRYPT_OK) { - goto cleanup; - } - if ((err = cbc_decrypt(in, in, *inlen, &cbc_ctx)) != CRYPT_OK) { - goto cleanup; - } - if ((err = cbc_done(&cbc_ctx)) != CRYPT_OK) { - goto cleanup; + if (opts->cipher->mode == cbc) { + if ((err = cbc_start(cipher, s.symkey + opts->cipher->len, s.symkey, opts->cipher->len, + 0, &s.ctx.cbc)) != CRYPT_OK) { + goto cleanup; + } + if ((err = cbc_decrypt(in, in, *inlen, &s.ctx.cbc)) != CRYPT_OK) { + goto cleanup; + } + if ((err = cbc_done(&s.ctx.cbc)) != CRYPT_OK) { + goto cleanup; + } + } else if (opts->cipher->mode == ctr) { + if ((err = ctr_start(cipher, s.symkey + opts->cipher->len, s.symkey, opts->cipher->len, + 0, CTR_COUNTER_BIG_ENDIAN, &s.ctx.ctr)) != CRYPT_OK) { + goto cleanup; + } + if ((err = ctr_decrypt(in, in, *inlen, &s.ctx.ctr)) != CRYPT_OK) { + goto cleanup; + } + if ((err = ctr_done(&s.ctx.ctr)) != CRYPT_OK) { + goto cleanup; + } } cleanup: - zeromem(symkey, sizeof(symkey)); - zeromem(&cbc_ctx, sizeof(cbc_ctx)); + zeromem(&s, sizeof(s)); return err; } diff --git a/tests/ssh/ssh-testkey-ed25519-aesctr b/tests/ssh/ssh-testkey-ed25519-aesctr new file mode 100644 index 000000000..b7ddb839e --- /dev/null +++ b/tests/ssh/ssh-testkey-ed25519-aesctr @@ -0,0 +1,8 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBYWWGgpa ++aAsoGsV6JUqJ3AAAAGAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIEVemuQ8wNLBW205 +dbGF8l0DjxP7xLIWvmollyOm+9RoAAAAkK4XJkJqpHsZ0rYuwfnZu02gpmy3GnNmexMcyU +SEtgIJNuTJbIlIn0oGBNt5xIWN6hweHq34gPvb6q9nbxgb6eS5WBFJI7+4Xng2hOrZ8rTm +WR1YJLCnw4zk8dKKDehik+K6psMb5l7JqIUvu/F95NzO+LZXErhZ2/e6v2X2mqhSelg9fm +gSe+OOWNesOUNtCQ== +-----END OPENSSH PRIVATE KEY----- From 220bece8d167b351fc4eba53e7021df7d7e99313 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 10 Oct 2023 10:27:31 +0200 Subject: [PATCH 30/33] Use the public key contained within the ssh key Signed-off-by: Steffen Jaeckel --- src/misc/pem/pem_ssh.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c index e628bcd21..8b9f5db31 100644 --- a/src/misc/pem/pem_ssh.c +++ b/src/misc/pem/pem_ssh.c @@ -99,6 +99,9 @@ int ssh_decode_ed25519(const unsigned char *in, unsigned long *inlen, ltc_pka_ke if ((err = ed25519_import_raw(&privkey[32], 32, PK_PRIVATE, &key->u.ed25519)) != CRYPT_OK) { goto cleanup; } + if (pubkeylen == sizeof(key->u.ed25519.pub)) { + XMEMCPY(key->u.ed25519.pub, pubkey, pubkeylen); + } key->id = LTC_PKA_ED25519; From df73c1a20870dde92f63c1b77411ee83f702acb2 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 10 Oct 2023 10:41:45 +0200 Subject: [PATCH 31/33] Add "Enter passphrase" support to `openssh-privkey` Signed-off-by: Steffen Jaeckel --- demos/openssh-privkey.c | 73 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 66 insertions(+), 7 deletions(-) diff --git a/demos/openssh-privkey.c b/demos/openssh-privkey.c index 4fbe1bc00..2f47d62fc 100644 --- a/demos/openssh-privkey.c +++ b/demos/openssh-privkey.c @@ -8,38 +8,96 @@ #include #include - -static int verbose = 0; +#include #if defined(LTC_PEM) && defined(LTC_SSH) static void print_err(const char *fmt, ...) { va_list args; - if (!verbose) return; - va_start(args, fmt); vfprintf(stderr, fmt, args); + va_end(args); } static void die_(int err, int line) { - verbose = 1; print_err("%3d: LTC sez %s\n", line, error_to_string(err)); exit(EXIT_FAILURE); } #define die(i) do { die_(i, __LINE__); } while(0) -#define DIE(s, ...) do { verbose = 1; print_err("%3d: " s "\n", __LINE__, ##__VA_ARGS__); exit(EXIT_FAILURE); } while(0) +#define DIE(s, ...) do { print_err("%3d: " s "\n", __LINE__, ##__VA_ARGS__); exit(EXIT_FAILURE); } while(0) + +static char* getpassword(const char *prompt, size_t maxlen) +{ + char *wr, *end, *pass = XCALLOC(1, maxlen + 1); + struct termios tio; + tcflag_t c_lflag; + if (pass == NULL) + return NULL; + wr = pass; + end = pass + maxlen; + + tcgetattr(0, &tio); + c_lflag = tio.c_lflag; + tio.c_lflag &= ~ECHO; + tcsetattr(0, TCSANOW, &tio); + + printf("%s", prompt); + fflush(stdout); + while (pass < end) { + int c = getchar(); + if (c == '\r' || c == '\n' || c == -1) + break; + *wr++ = c; + } + tio.c_lflag = c_lflag; + tcsetattr(0, TCSAFLUSH, &tio); + printf("\n"); + return pass; +} static int password_get(void **p, unsigned long *l, void *u) { (void)u; - *p = strdup("abc123"); + *p = getpassword("Enter passphrase: ", 256); *l = strlen(*p); return 0; } +static void print(ltc_pka_key *k) +{ + int err = CRYPT_OK; + unsigned char buf[256]; + unsigned long lbuf = sizeof(buf); + char pubkey[256*4/3]; + unsigned long lpubkey = sizeof(pubkey); + void *mpint = NULL; + switch (k->id) { + case LTC_PKA_ED25519: + ltc_mp.init(&mpint); + ltc_mp.unsigned_read(mpint, k->u.ed25519.pub, sizeof(k->u.ed25519.pub)); + if ((err = ssh_encode_sequence_multi(buf, &lbuf, + LTC_SSHDATA_STRING, "ssh-ed25519", strlen("ssh-ed25519"), + LTC_SSHDATA_MPINT, mpint, + 0, NULL)) != CRYPT_OK) + goto errout; + if ((err = base64_encode(buf, lbuf, pubkey, &lpubkey)) != CRYPT_OK) + goto errout; + printf("\rssh-ed25519 %s\n", pubkey); + break; + default: + print_err("Unsupported key type: %d\n", k->id); + break; + } +errout: + if (mpint != NULL) + ltc_mp.deinit(mpint); + if (err != CRYPT_OK) + die(err); +} + int main(int argc, char **argv) { int err; @@ -65,6 +123,7 @@ int main(int argc, char **argv) if ((err = pem_decode_openssh_filehandle(f, &k, &pw_ctx))) { die(err); } + print(&k); return EXIT_SUCCESS; } #else From f1e5f4c2315fabdcd63064dde4a47d995905a7a3 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 4 Aug 2022 14:28:24 +0200 Subject: [PATCH 32/33] Refactor some of the ECC import internals Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_private.h | 2 + src/pk/ecc/ecc_import_openssl.c | 96 ++++++++++++++++++++------------- src/pk/ecc/ecc_import_x509.c | 70 ++---------------------- 3 files changed, 65 insertions(+), 103 deletions(-) diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 0e57b37c1..2135d8aa0 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -382,6 +382,8 @@ int ecc_copy_curve(const ecc_key *srckey, ecc_key *key); int ecc_set_curve_by_size(int size, ecc_key *key); int ecc_import_subject_public_key_info(const unsigned char *in, unsigned long inlen, ecc_key *key); int ecc_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, ecc_key *key); +int ecc_import_with_curve(const unsigned char *in, unsigned long inlen, int type, ecc_key *key); +int ecc_import_with_oid(const unsigned char *in, unsigned long inlen, unsigned long *oid, unsigned long oid_len, int type, ecc_key *key); #ifdef LTC_SSH int ecc_ssh_ecdsa_encode_name(char *buffer, unsigned long *buflen, const ecc_key *key); diff --git a/src/pk/ecc/ecc_import_openssl.c b/src/pk/ecc/ecc_import_openssl.c index 325b0b05a..9008c73a7 100644 --- a/src/pk/ecc/ecc_import_openssl.c +++ b/src/pk/ecc/ecc_import_openssl.c @@ -9,9 +9,7 @@ static int s_ecc_import_private_with_oid(const unsigned char *in, unsigned long { ltc_asn1_list seq_priv[4], custom[2]; unsigned char bin_xy[2*ECC_MAXSIZE+2], bin_k[ECC_MAXSIZE]; - unsigned long len, pkver = 0, curveoid[16]; - char OID[256]; - const ltc_ecc_curve *curve; + unsigned long pkver = 0, curveoid[16]; int err; /* ### try to load private key - no curve parameters just curve OID */ @@ -26,26 +24,37 @@ static int s_ecc_import_private_with_oid(const unsigned char *in, unsigned long /* try to load private key */ err = der_decode_sequence(in, inlen, seq_priv, 4); - if (err == CRYPT_OK) { - /* load curve parameters for given curve OID */ - len = sizeof(OID); - if ((err = pk_oid_num_to_str(curveoid, custom[0].size, OID, &len)) != CRYPT_OK) { goto error; } - if ((err = ecc_find_curve(OID, &curve)) != CRYPT_OK) { goto error; } - if ((err = ecc_set_curve(curve, key)) != CRYPT_OK) { goto error; } - /* load private+public key */ - err = ecc_set_key(bin_k, seq_priv[1].size, PK_PRIVATE, key); - } + if (err != CRYPT_OK) { goto error; } + err = ecc_import_with_oid(bin_k, seq_priv[1].size, curveoid, custom[0].size, PK_PRIVATE, key); error: return err; } -static int s_ecc_import_private_with_curve(const unsigned char *in, unsigned long inlen, ecc_key *key) +int ecc_import_with_oid(const unsigned char *in, unsigned long inlen, unsigned long *oid, unsigned long oid_len, int type, ecc_key *key) +{ + char OID[256]; + unsigned long len; + const ltc_ecc_curve *curve; + int err; + + /* load curve parameters for given curve OID */ + len = sizeof(OID); + if ((err = pk_oid_num_to_str(oid, oid_len, OID, &len)) != CRYPT_OK) { goto error; } + if ((err = ecc_find_curve(OID, &curve)) != CRYPT_OK) { goto error; } + if ((err = ecc_set_curve(curve, key)) != CRYPT_OK) { goto error; } + /* load public key */ + err = ecc_set_key(in, inlen, type, key); +error: + return err; +} + +int ecc_import_with_curve(const unsigned char *in, unsigned long inlen, int type, ecc_key *key) { void *prime, *order, *a, *b, *gx, *gy; ltc_asn1_list seq_fieldid[2], seq_curve[3], seq_ecparams[6], seq_priv[4], custom[2]; unsigned char bin_a[ECC_MAXSIZE], bin_b[ECC_MAXSIZE], bin_k[ECC_MAXSIZE]; unsigned char bin_g[2*ECC_MAXSIZE+1], bin_xy[2*ECC_MAXSIZE+2], bin_seed[128]; - unsigned long len_a, len_b, len_k, len_g; + unsigned long len_a, len_b, len_k, len_g, len_xy, len; unsigned long cofactor = 0, ecver = 0, pkver = 0, tmpoid[16]; int err; @@ -53,23 +62,6 @@ static int s_ecc_import_private_with_curve(const unsigned char *in, unsigned lon return err; } - /* ### try to load private key - curve parameters included */ - - /* ECPrivateKey SEQUENCE */ - LTC_SET_ASN1(custom, 0, LTC_ASN1_SEQUENCE, seq_ecparams, 6UL); - LTC_SET_ASN1(custom, 1, LTC_ASN1_RAW_BIT_STRING, bin_xy, 8UL*sizeof(bin_xy)); - LTC_SET_ASN1(seq_priv, 0, LTC_ASN1_SHORT_INTEGER, &pkver, 1UL); - LTC_SET_ASN1(seq_priv, 1, LTC_ASN1_OCTET_STRING, bin_k, sizeof(bin_k)); - LTC_SET_ASN1_CUSTOM_CONSTRUCTED(seq_priv, 2, LTC_ASN1_CL_CONTEXT_SPECIFIC, 0, custom); /* context specific 0 */ - LTC_SET_ASN1_CUSTOM_CONSTRUCTED(seq_priv, 3, LTC_ASN1_CL_CONTEXT_SPECIFIC, 1, custom + 1); /* context specific 1 */ - /* ECParameters SEQUENCE */ - LTC_SET_ASN1(seq_ecparams, 0, LTC_ASN1_SHORT_INTEGER, &ecver, 1UL); - LTC_SET_ASN1(seq_ecparams, 1, LTC_ASN1_SEQUENCE, seq_fieldid, 2UL); - LTC_SET_ASN1(seq_ecparams, 2, LTC_ASN1_SEQUENCE, seq_curve, 3UL); - LTC_SET_ASN1(seq_ecparams, 3, LTC_ASN1_OCTET_STRING, bin_g, sizeof(bin_g)); - LTC_SET_ASN1(seq_ecparams, 4, LTC_ASN1_INTEGER, order, 1UL); - LTC_SET_ASN1(seq_ecparams, 5, LTC_ASN1_SHORT_INTEGER, &cofactor, 1UL); - seq_ecparams[5].optional = 1; /* FieldID SEQUENCE */ LTC_SET_ASN1(seq_fieldid, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, 16UL); LTC_SET_ASN1(seq_fieldid, 1, LTC_ASN1_INTEGER, prime, 1UL); @@ -78,10 +70,33 @@ static int s_ecc_import_private_with_curve(const unsigned char *in, unsigned lon LTC_SET_ASN1(seq_curve, 1, LTC_ASN1_OCTET_STRING, bin_b, sizeof(bin_b)); LTC_SET_ASN1(seq_curve, 2, LTC_ASN1_RAW_BIT_STRING, bin_seed, 8UL*sizeof(bin_seed)); seq_curve[2].optional = 1; - /* try to load private key */ - err = der_decode_sequence(in, inlen, seq_priv, 4); + /* ECParameters SEQUENCE */ + LTC_SET_ASN1(seq_ecparams, 0, LTC_ASN1_SHORT_INTEGER, &ecver, 1UL); + LTC_SET_ASN1(seq_ecparams, 1, LTC_ASN1_SEQUENCE, seq_fieldid, 2UL); + LTC_SET_ASN1(seq_ecparams, 2, LTC_ASN1_SEQUENCE, seq_curve, 3UL); + LTC_SET_ASN1(seq_ecparams, 3, LTC_ASN1_OCTET_STRING, bin_g, sizeof(bin_g)); + LTC_SET_ASN1(seq_ecparams, 4, LTC_ASN1_INTEGER, order, 1UL); + LTC_SET_ASN1(seq_ecparams, 5, LTC_ASN1_SHORT_INTEGER, &cofactor, 1UL); + seq_ecparams[5].optional = 1; + if (type == PK_PRIVATE) { + /* ECPrivateKey SEQUENCE */ + LTC_SET_ASN1(custom, 0, LTC_ASN1_SEQUENCE, seq_ecparams, 6UL); + LTC_SET_ASN1(custom, 1, LTC_ASN1_RAW_BIT_STRING, bin_xy, 8UL*sizeof(bin_xy)); + LTC_SET_ASN1(seq_priv, 0, LTC_ASN1_SHORT_INTEGER, &pkver, 1UL); + LTC_SET_ASN1(seq_priv, 1, LTC_ASN1_OCTET_STRING, bin_k, sizeof(bin_k)); + LTC_SET_ASN1_CUSTOM_CONSTRUCTED(seq_priv, 2, LTC_ASN1_CL_CONTEXT_SPECIFIC, 0, custom); /* context specific 0 */ + LTC_SET_ASN1_CUSTOM_CONSTRUCTED(seq_priv, 3, LTC_ASN1_CL_CONTEXT_SPECIFIC, 1, custom + 1); /* context specific 1 */ + /* try to load private key */ + err = der_decode_sequence(in, inlen, seq_priv, 4); + } else if (type == PK_PUBLIC) { + /* try to load public key */ + len_xy = sizeof(bin_xy); + len = 6; + err = x509_decode_subject_public_key_info(in, inlen, LTC_OID_EC, bin_xy, &len_xy, LTC_ASN1_SEQUENCE, seq_ecparams, &len); + } else { + err = CRYPT_PK_INVALID_TYPE; + } if (err == CRYPT_OK) { - len_k = seq_priv[1].size; len_a = seq_curve[0].size; len_b = seq_curve[1].size; len_g = seq_ecparams[3].size; @@ -91,8 +106,15 @@ static int s_ecc_import_private_with_curve(const unsigned char *in, unsigned lon if ((err = ltc_ecc_import_point(bin_g, len_g, prime, a, b, gx, gy)) != CRYPT_OK) { goto error; } /* load curve parameters */ if ((err = ecc_set_curve_from_mpis(a, b, prime, order, gx, gy, cofactor, key)) != CRYPT_OK) { goto error; } - /* load private+public key */ - err = ecc_set_key(bin_k, len_k, PK_PRIVATE, key); + + if (type == PK_PRIVATE) { + len_k = seq_priv[1].size; + /* load private+public key */ + err = ecc_set_key(bin_k, len_k, PK_PRIVATE, key); + } else { + /* load public key */ + err = ecc_set_key(bin_xy, len_xy, PK_PUBLIC, key); + } } error: mp_clear_multi(prime, order, a, b, gx, gy, LTC_NULL); @@ -111,7 +133,7 @@ int ecc_import_openssl(const unsigned char *in, unsigned long inlen, ecc_key *ke goto success; } - err = s_ecc_import_private_with_curve(in, inlen, key); + err = ecc_import_with_curve(in, inlen, PK_PRIVATE, key); success: return err; diff --git a/src/pk/ecc/ecc_import_x509.c b/src/pk/ecc/ecc_import_x509.c index e4ba5e3af..5217c8508 100644 --- a/src/pk/ecc/ecc_import_x509.c +++ b/src/pk/ecc/ecc_import_x509.c @@ -8,78 +8,16 @@ static int s_ecc_import_x509_with_oid(const unsigned char *in, unsigned long inl { unsigned char bin_xy[2*ECC_MAXSIZE+2]; unsigned long curveoid[16]; - unsigned long len_xy, len_oid, len; - char OID[256]; - const ltc_ecc_curve *curve; + unsigned long len_xy, len_oid; int err; len_xy = sizeof(bin_xy); len_oid = 16; err = x509_decode_subject_public_key_info(in, inlen, LTC_OID_EC, bin_xy, &len_xy, LTC_ASN1_OBJECT_IDENTIFIER, (void *)curveoid, &len_oid); - if (err == CRYPT_OK) { - /* load curve parameters for given curve OID */ - len = sizeof(OID); - if ((err = pk_oid_num_to_str(curveoid, len_oid, OID, &len)) != CRYPT_OK) { goto error; } - if ((err = ecc_find_curve(OID, &curve)) != CRYPT_OK) { goto error; } - if ((err = ecc_set_curve(curve, key)) != CRYPT_OK) { goto error; } - /* load public key */ - err = ecc_set_key(bin_xy, len_xy, PK_PUBLIC, key); - } -error: - return err; -} - -static int s_ecc_import_x509_with_curve(const unsigned char *in, unsigned long inlen, ecc_key *key) -{ - void *prime, *order, *a, *b, *gx, *gy; - ltc_asn1_list seq_fieldid[2], seq_curve[3], seq_ecparams[6]; - unsigned char bin_a[ECC_MAXSIZE], bin_b[ECC_MAXSIZE]; - unsigned char bin_g[2*ECC_MAXSIZE+1], bin_xy[2*ECC_MAXSIZE+2], bin_seed[128]; - unsigned long len_a, len_b, len_g, len_xy, len; - unsigned long cofactor = 0, ecver = 0, tmpoid[16]; - int err; - - if ((err = mp_init_multi(&prime, &order, &a, &b, &gx, &gy, LTC_NULL)) != CRYPT_OK) { - return err; - } - - /* ECParameters SEQUENCE */ - LTC_SET_ASN1(seq_ecparams, 0, LTC_ASN1_SHORT_INTEGER, &ecver, 1UL); - LTC_SET_ASN1(seq_ecparams, 1, LTC_ASN1_SEQUENCE, seq_fieldid, 2UL); - LTC_SET_ASN1(seq_ecparams, 2, LTC_ASN1_SEQUENCE, seq_curve, 3UL); - LTC_SET_ASN1(seq_ecparams, 3, LTC_ASN1_OCTET_STRING, bin_g, sizeof(bin_g)); - LTC_SET_ASN1(seq_ecparams, 4, LTC_ASN1_INTEGER, order, 1UL); - LTC_SET_ASN1(seq_ecparams, 5, LTC_ASN1_SHORT_INTEGER, &cofactor, 1UL); - seq_ecparams[5].optional = 1; - /* FieldID SEQUENCE */ - LTC_SET_ASN1(seq_fieldid, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, 16UL); - LTC_SET_ASN1(seq_fieldid, 1, LTC_ASN1_INTEGER, prime, 1UL); - /* Curve SEQUENCE */ - LTC_SET_ASN1(seq_curve, 0, LTC_ASN1_OCTET_STRING, bin_a, sizeof(bin_a)); - LTC_SET_ASN1(seq_curve, 1, LTC_ASN1_OCTET_STRING, bin_b, sizeof(bin_b)); - LTC_SET_ASN1(seq_curve, 2, LTC_ASN1_RAW_BIT_STRING, bin_seed, 8u*sizeof(bin_seed)); - seq_curve[2].optional = 1; - /* try to load public key */ - len_xy = sizeof(bin_xy); - len = 6; - err = x509_decode_subject_public_key_info(in, inlen, LTC_OID_EC, bin_xy, &len_xy, LTC_ASN1_SEQUENCE, seq_ecparams, &len); - - if (err == CRYPT_OK) { - len_a = seq_curve[0].size; - len_b = seq_curve[1].size; - len_g = seq_ecparams[3].size; - /* create bignums */ - if ((err = mp_read_unsigned_bin(a, bin_a, len_a)) != CRYPT_OK) { goto error; } - if ((err = mp_read_unsigned_bin(b, bin_b, len_b)) != CRYPT_OK) { goto error; } - if ((err = ltc_ecc_import_point(bin_g, len_g, prime, a, b, gx, gy)) != CRYPT_OK) { goto error; } - /* load curve parameters */ - if ((err = ecc_set_curve_from_mpis(a, b, prime, order, gx, gy, cofactor, key)) != CRYPT_OK) { goto error; } - /* load public key */ - err = ecc_set_key(bin_xy, len_xy, PK_PUBLIC, key); - } + if (err != CRYPT_OK) { goto error; } + err = ecc_import_with_oid(bin_xy, len_xy, curveoid, len_oid, PK_PUBLIC, key); error: - mp_clear_multi(prime, order, a, b, gx, gy, LTC_NULL); return err; } @@ -91,7 +29,7 @@ int ecc_import_subject_public_key_info(const unsigned char *in, unsigned long in goto success; } - err = s_ecc_import_x509_with_curve(in, inlen, key); + err = ecc_import_with_curve(in, inlen, PK_PUBLIC, key); success: return err; From 48bdd0fd2a9809e60148e3dd4826c6a5b0084c78 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 10 Oct 2023 12:26:48 +0200 Subject: [PATCH 33/33] Add support for more algos of encrypted PEM files Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_private.h | 23 ++- src/misc/pem/pem.c | 163 ++++++++++++++++-- src/misc/pem/pem_pkcs.c | 21 +-- src/misc/pem/pem_read.c | 16 +- src/misc/pem/pem_ssh.c | 86 ++++----- tests/common.c | 9 +- tests/pem/rsa-aes-128-cbc.pem | 18 ++ tests/pem/rsa-aes-128-cfb.pem | 18 ++ tests/pem/rsa-aes-128-ctr.pem | 18 ++ tests/pem/rsa-aes-128-ofb.pem | 18 ++ tests/pem/rsa-aes-192-cbc.pem | 18 ++ tests/pem/rsa-aes-192-cfb.pem | 18 ++ tests/pem/rsa-aes-192-ctr.pem | 18 ++ tests/pem/rsa-aes-192-ofb.pem | 18 ++ tests/pem/rsa-aes-256-cbc.pem | 18 ++ tests/pem/rsa-aes-256-cfb.pem | 18 ++ tests/pem/rsa-aes-256-ctr.pem | 18 ++ tests/pem/rsa-aes-256-ofb.pem | 18 ++ tests/pem/rsa-bf-cbc.pem | 18 ++ tests/pem/rsa-bf-cfb.pem | 18 ++ tests/pem/rsa-bf-ofb.pem | 18 ++ tests/pem/rsa-camellia-128-cbc.pem | 18 ++ tests/pem/rsa-camellia-128-cfb.pem | 18 ++ tests/pem/rsa-camellia-128-ctr.pem | 18 ++ tests/pem/rsa-camellia-128-ofb.pem | 18 ++ tests/pem/rsa-camellia-192-cbc.pem | 18 ++ tests/pem/rsa-camellia-192-cfb.pem | 18 ++ tests/pem/rsa-camellia-192-ctr.pem | 18 ++ tests/pem/rsa-camellia-192-ofb.pem | 18 ++ tests/pem/rsa-camellia-256-cbc.pem | 18 ++ tests/pem/rsa-camellia-256-cfb.pem | 18 ++ tests/pem/rsa-camellia-256-ctr.pem | 18 ++ tests/pem/rsa-camellia-256-ofb.pem | 18 ++ tests/pem/rsa-cast5-cbc.pem | 18 ++ tests/pem/rsa-cast5-cfb.pem | 18 ++ tests/pem/rsa-cast5-ofb.pem | 18 ++ tests/pem/rsa-des-cbc.pem | 18 ++ tests/pem/rsa-des-cfb.pem | 18 ++ tests/pem/rsa-des-ede3-cbc.pem | 18 ++ tests/pem/rsa-des-ede3-cfb.pem | 18 ++ tests/pem/rsa-des-ede3-ofb.pem | 18 ++ tests/pem/rsa-des-ofb.pem | 18 ++ tests/pem/rsa-encrypted-aes128.pem | 18 -- tests/pem/rsa-encrypted-aes192.pem | 18 -- tests/pem/rsa-encrypted-aes256.pem | 18 -- tests/pem/rsa-encrypted-camellia128.pem | 18 -- tests/pem/rsa-encrypted-camellia192.pem | 18 -- tests/pem/rsa-encrypted-camellia256.pem | 18 -- tests/pem/rsa-encrypted-des.pem | 18 -- tests/pem/rsa-encrypted-des3.pem | 18 -- tests/pem/rsa-encrypted.pem | 18 -- tests/pem/rsa-idea-cbc.pem | 18 ++ tests/pem/rsa-idea-cfb.pem | 18 ++ tests/pem/rsa-idea-ofb.pem | 18 ++ tests/pem/rsa-rc2-40-cbc.pem | 18 ++ tests/pem/rsa-rc2-64-cbc.pem | 18 ++ tests/pem/rsa-rc2-cbc.pem | 18 ++ tests/pem/rsa-rc2-cfb.pem | 18 ++ tests/pem/rsa-rc2-ofb.pem | 18 ++ tests/pem/rsa-seed-cbc.pem | 18 ++ tests/pem/rsa-seed-cfb.pem | 18 ++ tests/pem/rsa-seed-ofb.pem | 18 ++ tests/pem/unsupported/rsa-aes-128-cfb1.pem | 18 ++ tests/pem/unsupported/rsa-aes-128-cfb8.pem | 18 ++ tests/pem/unsupported/rsa-aes-192-cfb1.pem | 18 ++ tests/pem/unsupported/rsa-aes-192-cfb8.pem | 18 ++ tests/pem/unsupported/rsa-aes-256-cfb1.pem | 18 ++ tests/pem/unsupported/rsa-aes-256-cfb8.pem | 18 ++ tests/pem/unsupported/rsa-aria-128-cbc.pem | 18 ++ tests/pem/unsupported/rsa-aria-128-cfb.pem | 18 ++ tests/pem/unsupported/rsa-aria-128-cfb1.pem | 18 ++ tests/pem/unsupported/rsa-aria-128-cfb8.pem | 18 ++ tests/pem/unsupported/rsa-aria-128-ctr.pem | 18 ++ tests/pem/unsupported/rsa-aria-128-ofb.pem | 18 ++ tests/pem/unsupported/rsa-aria-192-cbc.pem | 18 ++ tests/pem/unsupported/rsa-aria-192-cfb.pem | 18 ++ tests/pem/unsupported/rsa-aria-192-cfb1.pem | 18 ++ tests/pem/unsupported/rsa-aria-192-cfb8.pem | 18 ++ tests/pem/unsupported/rsa-aria-192-ctr.pem | 18 ++ tests/pem/unsupported/rsa-aria-192-ofb.pem | 18 ++ tests/pem/unsupported/rsa-aria-256-cbc.pem | 18 ++ tests/pem/unsupported/rsa-aria-256-cfb.pem | 18 ++ tests/pem/unsupported/rsa-aria-256-cfb1.pem | 18 ++ tests/pem/unsupported/rsa-aria-256-cfb8.pem | 18 ++ tests/pem/unsupported/rsa-aria-256-ctr.pem | 18 ++ tests/pem/unsupported/rsa-aria-256-ofb.pem | 18 ++ .../pem/unsupported/rsa-camellia-128-cfb1.pem | 18 ++ .../pem/unsupported/rsa-camellia-128-cfb8.pem | 18 ++ .../pem/unsupported/rsa-camellia-192-cfb1.pem | 18 ++ .../pem/unsupported/rsa-camellia-192-cfb8.pem | 18 ++ .../pem/unsupported/rsa-camellia-256-cfb1.pem | 18 ++ .../pem/unsupported/rsa-camellia-256-cfb8.pem | 18 ++ tests/pem/unsupported/rsa-chacha20.pem | 18 ++ tests/pem/unsupported/rsa-des-cfb1.pem | 18 ++ tests/pem/unsupported/rsa-des-cfb8.pem | 18 ++ tests/pem/unsupported/rsa-des-ede-cbc.pem | 18 ++ tests/pem/unsupported/rsa-des-ede-cfb.pem | 18 ++ tests/pem/unsupported/rsa-des-ede-ofb.pem | 18 ++ tests/pem/unsupported/rsa-des-ede3-cfb1.pem | 18 ++ tests/pem/unsupported/rsa-des-ede3-cfb8.pem | 18 ++ tests/pem/unsupported/rsa-desx-cbc.pem | 18 ++ 101 files changed, 1775 insertions(+), 253 deletions(-) create mode 100644 tests/pem/rsa-aes-128-cbc.pem create mode 100644 tests/pem/rsa-aes-128-cfb.pem create mode 100644 tests/pem/rsa-aes-128-ctr.pem create mode 100644 tests/pem/rsa-aes-128-ofb.pem create mode 100644 tests/pem/rsa-aes-192-cbc.pem create mode 100644 tests/pem/rsa-aes-192-cfb.pem create mode 100644 tests/pem/rsa-aes-192-ctr.pem create mode 100644 tests/pem/rsa-aes-192-ofb.pem create mode 100644 tests/pem/rsa-aes-256-cbc.pem create mode 100644 tests/pem/rsa-aes-256-cfb.pem create mode 100644 tests/pem/rsa-aes-256-ctr.pem create mode 100644 tests/pem/rsa-aes-256-ofb.pem create mode 100644 tests/pem/rsa-bf-cbc.pem create mode 100644 tests/pem/rsa-bf-cfb.pem create mode 100644 tests/pem/rsa-bf-ofb.pem create mode 100644 tests/pem/rsa-camellia-128-cbc.pem create mode 100644 tests/pem/rsa-camellia-128-cfb.pem create mode 100644 tests/pem/rsa-camellia-128-ctr.pem create mode 100644 tests/pem/rsa-camellia-128-ofb.pem create mode 100644 tests/pem/rsa-camellia-192-cbc.pem create mode 100644 tests/pem/rsa-camellia-192-cfb.pem create mode 100644 tests/pem/rsa-camellia-192-ctr.pem create mode 100644 tests/pem/rsa-camellia-192-ofb.pem create mode 100644 tests/pem/rsa-camellia-256-cbc.pem create mode 100644 tests/pem/rsa-camellia-256-cfb.pem create mode 100644 tests/pem/rsa-camellia-256-ctr.pem create mode 100644 tests/pem/rsa-camellia-256-ofb.pem create mode 100644 tests/pem/rsa-cast5-cbc.pem create mode 100644 tests/pem/rsa-cast5-cfb.pem create mode 100644 tests/pem/rsa-cast5-ofb.pem create mode 100644 tests/pem/rsa-des-cbc.pem create mode 100644 tests/pem/rsa-des-cfb.pem create mode 100644 tests/pem/rsa-des-ede3-cbc.pem create mode 100644 tests/pem/rsa-des-ede3-cfb.pem create mode 100644 tests/pem/rsa-des-ede3-ofb.pem create mode 100644 tests/pem/rsa-des-ofb.pem delete mode 100644 tests/pem/rsa-encrypted-aes128.pem delete mode 100644 tests/pem/rsa-encrypted-aes192.pem delete mode 100644 tests/pem/rsa-encrypted-aes256.pem delete mode 100644 tests/pem/rsa-encrypted-camellia128.pem delete mode 100644 tests/pem/rsa-encrypted-camellia192.pem delete mode 100644 tests/pem/rsa-encrypted-camellia256.pem delete mode 100644 tests/pem/rsa-encrypted-des.pem delete mode 100644 tests/pem/rsa-encrypted-des3.pem delete mode 100644 tests/pem/rsa-encrypted.pem create mode 100644 tests/pem/rsa-idea-cbc.pem create mode 100644 tests/pem/rsa-idea-cfb.pem create mode 100644 tests/pem/rsa-idea-ofb.pem create mode 100644 tests/pem/rsa-rc2-40-cbc.pem create mode 100644 tests/pem/rsa-rc2-64-cbc.pem create mode 100644 tests/pem/rsa-rc2-cbc.pem create mode 100644 tests/pem/rsa-rc2-cfb.pem create mode 100644 tests/pem/rsa-rc2-ofb.pem create mode 100644 tests/pem/rsa-seed-cbc.pem create mode 100644 tests/pem/rsa-seed-cfb.pem create mode 100644 tests/pem/rsa-seed-ofb.pem create mode 100644 tests/pem/unsupported/rsa-aes-128-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-aes-128-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-aes-192-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-aes-192-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-aes-256-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-aes-256-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-aria-128-cbc.pem create mode 100644 tests/pem/unsupported/rsa-aria-128-cfb.pem create mode 100644 tests/pem/unsupported/rsa-aria-128-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-aria-128-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-aria-128-ctr.pem create mode 100644 tests/pem/unsupported/rsa-aria-128-ofb.pem create mode 100644 tests/pem/unsupported/rsa-aria-192-cbc.pem create mode 100644 tests/pem/unsupported/rsa-aria-192-cfb.pem create mode 100644 tests/pem/unsupported/rsa-aria-192-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-aria-192-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-aria-192-ctr.pem create mode 100644 tests/pem/unsupported/rsa-aria-192-ofb.pem create mode 100644 tests/pem/unsupported/rsa-aria-256-cbc.pem create mode 100644 tests/pem/unsupported/rsa-aria-256-cfb.pem create mode 100644 tests/pem/unsupported/rsa-aria-256-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-aria-256-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-aria-256-ctr.pem create mode 100644 tests/pem/unsupported/rsa-aria-256-ofb.pem create mode 100644 tests/pem/unsupported/rsa-camellia-128-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-camellia-128-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-camellia-192-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-camellia-192-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-camellia-256-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-camellia-256-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-chacha20.pem create mode 100644 tests/pem/unsupported/rsa-des-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-des-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-des-ede-cbc.pem create mode 100644 tests/pem/unsupported/rsa-des-ede-cfb.pem create mode 100644 tests/pem/unsupported/rsa-des-ede-ofb.pem create mode 100644 tests/pem/unsupported/rsa-des-ede3-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-des-ede3-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-desx-cbc.pem diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 2135d8aa0..61e51f3e8 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -255,6 +255,10 @@ int base64_encode_pem(const unsigned char *in, unsigned long inlen, /* PEM related */ #ifdef LTC_PEM +enum cipher_mode { + cm_none, cm_cbc, cm_cfb, cm_ctr, cm_ofb, cm_stream, cm_gcm +}; + struct password { /* usually a `char*` but could also contain binary data * so use a `void*` + length to be on the safe side. @@ -262,9 +266,12 @@ struct password { void *pw; unsigned long l; }; -struct dek_info { - const char *alg; + +struct blockcipher_info { + const char *name; + const char *algo; unsigned long keylen; + enum cipher_mode mode; /* should use `MAXBLOCKSIZE` here, but all supported * blockciphers require max 16 bytes IV */ char iv[16 * 2 + 1]; @@ -280,11 +287,6 @@ struct str { #define COPY_STR(n, s, l) do { XMEMCPY(n.p, s, l); n.len = l; } while(0) #define RESET_STR(n) do { n.p = NULL; n.len = 0; } while(0) -struct dek_info_from_str { - const struct str id; - struct dek_info info; -}; - enum more_headers { no, yes, @@ -303,7 +305,7 @@ struct pem_header_id { struct pem_headers { const struct pem_header_id *id; int encrypted; - struct dek_info info; + struct blockcipher_info info; struct password *pw; }; @@ -338,6 +340,11 @@ int pbes_decrypt(const pbes_arg *arg, unsigned char *dec_data, unsigned long *d int pbes1_extract(const ltc_asn1_list *s, pbes_arg *res); int pbes2_extract(const ltc_asn1_list *s, pbes_arg *res); +int pem_decrypt(unsigned char *data, unsigned long *datalen, + unsigned char *key, unsigned long keylen, + unsigned char *iv, unsigned long ivlen, + const struct blockcipher_info *info, + enum padding_type padding); #ifndef LTC_NO_FILE int pem_get_char_from_file(struct get_char *g); #endif /* LTC_NO_FILE */ diff --git a/src/misc/pem/pem.c b/src/misc/pem/pem.c index 678590b41..529bf80e3 100644 --- a/src/misc/pem/pem.c +++ b/src/misc/pem/pem.c @@ -47,21 +47,164 @@ const struct pem_header_id pem_std_headers[] = { }; const unsigned long pem_std_headers_num = sizeof(pem_std_headers)/sizeof(pem_std_headers[0]); - /* Encrypted PEM files */ const struct str pem_proc_type_encrypted = { SET_CSTR(, "Proc-Type: 4,ENCRYPTED") }; const struct str pem_dek_info_start = { SET_CSTR(, "DEK-Info: ") }; -const struct dek_info_from_str pem_dek_infos[] = +const struct blockcipher_info pem_dek_infos[] = { - { SET_CSTR(.id, "AES-128-CBC,"), .info.alg = "aes", .info.keylen = 128 / 8, }, - { SET_CSTR(.id, "AES-192-CBC,"), .info.alg = "aes", .info.keylen = 192 / 8, }, - { SET_CSTR(.id, "AES-256-CBC,"), .info.alg = "aes", .info.keylen = 256 / 8, }, - { SET_CSTR(.id, "CAMELLIA-128-CBC,"), .info.alg = "camellia", .info.keylen = 128 / 8, }, - { SET_CSTR(.id, "CAMELLIA-192-CBC,"), .info.alg = "camellia", .info.keylen = 192 / 8, }, - { SET_CSTR(.id, "CAMELLIA-256-CBC,"), .info.alg = "camellia", .info.keylen = 256 / 8, }, - { SET_CSTR(.id, "DES-EDE3-CBC,"), .info.alg = "3des", .info.keylen = 192 / 8, }, - { SET_CSTR(.id, "DES-CBC,"), .info.alg = "des", .info.keylen = 64 / 8, }, + { .name = "AES-128-CBC,", .algo = "aes", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "AES-192-CBC,", .algo = "aes", .keylen = 192 / 8, .mode = cm_cbc, }, + { .name = "AES-256-CBC,", .algo = "aes", .keylen = 256 / 8, .mode = cm_cbc, }, + { .name = "AES-128-CFB,", .algo = "aes", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "AES-192-CFB,", .algo = "aes", .keylen = 192 / 8, .mode = cm_cfb, }, + { .name = "AES-256-CFB,", .algo = "aes", .keylen = 256 / 8, .mode = cm_cfb, }, + { .name = "AES-128-CTR,", .algo = "aes", .keylen = 128 / 8, .mode = cm_ctr, }, + { .name = "AES-192-CTR,", .algo = "aes", .keylen = 192 / 8, .mode = cm_ctr, }, + { .name = "AES-256-CTR,", .algo = "aes", .keylen = 256 / 8, .mode = cm_ctr, }, + { .name = "AES-128-OFB,", .algo = "aes", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "AES-192-OFB,", .algo = "aes", .keylen = 192 / 8, .mode = cm_ofb, }, + { .name = "AES-256-OFB,", .algo = "aes", .keylen = 256 / 8, .mode = cm_ofb, }, + { .name = "BF-CBC,", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "BF-CFB,", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "BF-OFB,", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "CAMELLIA-128-CBC,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "CAMELLIA-192-CBC,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_cbc, }, + { .name = "CAMELLIA-256-CBC,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_cbc, }, + { .name = "CAMELLIA-128-CFB,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "CAMELLIA-192-CFB,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_cfb, }, + { .name = "CAMELLIA-256-CFB,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_cfb, }, + { .name = "CAMELLIA-128-CTR,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_ctr, }, + { .name = "CAMELLIA-192-CTR,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_ctr, }, + { .name = "CAMELLIA-256-CTR,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_ctr, }, + { .name = "CAMELLIA-128-OFB,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "CAMELLIA-192-OFB,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_ofb, }, + { .name = "CAMELLIA-256-OFB,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_ofb, }, + { .name = "CAST5-CBC,", .algo = "cast5", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "CAST5-CFB,", .algo = "cast5", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "CAST5-OFB,", .algo = "cast5", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "DES-EDE3-CBC,", .algo = "3des", .keylen = 192 / 8, .mode = cm_cbc, }, + { .name = "DES-EDE3-CFB,", .algo = "3des", .keylen = 192 / 8, .mode = cm_cfb, }, + { .name = "DES-EDE3-OFB,", .algo = "3des", .keylen = 192 / 8, .mode = cm_ofb, }, + { .name = "DES-CBC,", .algo = "des", .keylen = 64 / 8, .mode = cm_cbc, }, + { .name = "DES-CFB,", .algo = "des", .keylen = 64 / 8, .mode = cm_cfb, }, + { .name = "DES-OFB,", .algo = "des", .keylen = 64 / 8, .mode = cm_ofb, }, + { .name = "IDEA-CBC,", .algo = "idea", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "IDEA-CFB,", .algo = "idea", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "IDEA-OFB,", .algo = "idea", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "RC2-40-CBC,", .algo = "rc2", .keylen = 40 / 8, .mode = cm_cbc, }, + { .name = "RC2-64-CBC,", .algo = "rc2", .keylen = 64 / 8, .mode = cm_cbc, }, + { .name = "RC2-CBC,", .algo = "rc2", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "RC2-CFB,", .algo = "rc2", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "RC2-OFB,", .algo = "rc2", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "SEED-CBC,", .algo = "seed", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "SEED-CFB,", .algo = "seed", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "SEED-OFB,", .algo = "seed", .keylen = 128 / 8, .mode = cm_ofb, }, }; const unsigned long pem_dek_infos_num = sizeof(pem_dek_infos)/sizeof(pem_dek_infos[0]); +int pem_decrypt(unsigned char *data, unsigned long *datalen, + unsigned char *key, unsigned long keylen, + unsigned char *iv, unsigned long ivlen, + const struct blockcipher_info *info, + enum padding_type padding) +{ + int err, cipher; + struct { + union { +#ifdef LTC_CBC_MODE + symmetric_CBC cbc; +#endif +#ifdef LTC_CFB_MODE + symmetric_CFB cfb; +#endif +#ifdef LTC_CTR_MODE + symmetric_CTR ctr; +#endif +#ifdef LTC_OFB_MODE + symmetric_OFB ofb; +#endif + } ctx; + } s; + + cipher = find_cipher(info->algo); + if (cipher == -1) { + return CRYPT_INVALID_CIPHER; + } + + switch (info->mode) { + case cm_cbc: +#ifdef LTC_CBC_MODE + LTC_ARGCHK(ivlen == (unsigned long)cipher_descriptor[cipher].block_length); + + if ((err = cbc_start(cipher, iv, key, keylen, 0, &s.ctx.cbc)) != CRYPT_OK) { + goto error_out; + } + if ((err = cbc_decrypt(data, data, *datalen, &s.ctx.cbc)) != CRYPT_OK) { + goto error_out; + } + if ((err = cbc_done(&s.ctx.cbc)) != CRYPT_OK) { + goto error_out; + } + + if ((err = padding_depad(data, datalen, padding | s.ctx.cbc.blocklen)) != CRYPT_OK) { + goto error_out; + } +#else + return CRYPT_INVALID_CIPHER; +#endif + break; + case cm_cfb: +#ifdef LTC_CFB_MODE + if ((err = cfb_start(cipher, iv, key, keylen, 0, &s.ctx.cfb)) != CRYPT_OK) { + goto error_out; + } + if ((err = cfb_decrypt(data, data, *datalen, &s.ctx.cfb)) != CRYPT_OK) { + goto error_out; + } + if ((err = cfb_done(&s.ctx.cfb)) != CRYPT_OK) { + goto error_out; + } +#else + return CRYPT_INVALID_CIPHER; +#endif + break; + case cm_ctr: +#ifdef LTC_CTR_MODE + if ((err = ctr_start(cipher, iv, key, keylen, 0, CTR_COUNTER_BIG_ENDIAN, &s.ctx.ctr)) != CRYPT_OK) { + goto error_out; + } + if ((err = ctr_decrypt(data, data, *datalen, &s.ctx.ctr)) != CRYPT_OK) { + goto error_out; + } + if ((err = ctr_done(&s.ctx.ctr)) != CRYPT_OK) { + goto error_out; + } +#else + return CRYPT_INVALID_CIPHER; +#endif + break; + case cm_ofb: +#ifdef LTC_OFB_MODE + if ((err = ofb_start(cipher, iv, key, keylen, 0, &s.ctx.ofb)) != CRYPT_OK) { + goto error_out; + } + if ((err = ofb_decrypt(data, data, *datalen, &s.ctx.ofb)) != CRYPT_OK) { + goto error_out; + } + if ((err = ofb_done(&s.ctx.ofb)) != CRYPT_OK) { + goto error_out; + } +#else + return CRYPT_INVALID_CIPHER; +#endif + break; + default: + err = CRYPT_INVALID_ARG; + break; + } + +error_out: + return err; +} + #endif /* LTC_PEM */ diff --git a/src/misc/pem/pem_pkcs.c b/src/misc/pem/pem_pkcs.c index 9b634bc78..1839a3b41 100644 --- a/src/misc/pem/pem_pkcs.c +++ b/src/misc/pem/pem_pkcs.c @@ -16,9 +16,12 @@ static int s_decrypt_pem(unsigned char *pem, unsigned long *l, const struct pem_ { unsigned char iv[MAXBLOCKSIZE], key[MAXBLOCKSIZE]; unsigned long ivlen, klen; - int err; - symmetric_CBC cbc_ctx; + int err, cipher; + cipher = find_cipher(hdr->info.algo); + if (cipher == -1) { + return CRYPT_INVALID_CIPHER; + } if (hdr->info.keylen > sizeof(key)) { return CRYPT_BUFFER_OVERFLOW; } @@ -35,20 +38,8 @@ static int s_decrypt_pem(unsigned char *pem, unsigned long *l, const struct pem_ return err; } - if ((err = cbc_start(find_cipher(hdr->info.alg), iv, key, klen, 0, &cbc_ctx)) != CRYPT_OK) { - goto error_out; - } - if ((err = cbc_decrypt(pem, pem, *l, &cbc_ctx)) != CRYPT_OK) { - goto error_out; - } - if ((err = cbc_done(&cbc_ctx)) != CRYPT_OK) { - goto error_out; - } - if ((err = padding_depad(pem, l, LTC_PAD_PKCS7 | cbc_ctx.blocklen)) != CRYPT_OK) { - goto error_out; - } + err = pem_decrypt(pem, l, key, klen, iv, ivlen, &hdr->info, LTC_PAD_PKCS7); -error_out: zeromem(key, sizeof(key)); zeromem(iv, sizeof(iv)); return err; diff --git a/src/misc/pem/pem_read.c b/src/misc/pem/pem_read.c index cbad827ce..9341b8bde 100644 --- a/src/misc/pem/pem_read.c +++ b/src/misc/pem/pem_read.c @@ -11,7 +11,7 @@ extern const struct str pem_proc_type_encrypted; extern const struct str pem_dek_info_start; -extern const struct dek_info_from_str pem_dek_infos[]; +extern const struct blockcipher_info pem_dek_infos[]; extern const unsigned long pem_dek_infos_num; #ifndef LTC_NO_FILE @@ -116,21 +116,23 @@ static int s_pem_decode_headers(struct pem_headers *hdr, struct get_char *g) hdr->encrypted = 1; break; case 2: - hdr->info.alg = NULL; + hdr->info.algo = NULL; if (XMEMCMP(buf, pem_dek_info_start.p, pem_dek_info_start.len)) return CRYPT_INVALID_PACKET; alg_start = &buf[pem_dek_info_start.len]; for (n = 0; n < pem_dek_infos_num; ++n) { - if (slen >= pem_dek_infos[n].id.len + pem_dek_info_start.len && !XMEMCMP(alg_start, pem_dek_infos[n].id.p, pem_dek_infos[n].id.len)) { - hdr->info = pem_dek_infos[n].info; - tmplen = XSTRLEN(alg_start + pem_dek_infos[n].id.len); + unsigned long namelen = XSTRLEN(pem_dek_infos[n].name); + if (slen >= namelen + pem_dek_info_start.len && !XMEMCMP(alg_start, pem_dek_infos[n].name, namelen)) { + char *iv = alg_start + namelen; + hdr->info = pem_dek_infos[n]; + tmplen = XSTRLEN(iv); if (tmplen > sizeof(hdr->info.iv)) return CRYPT_INVALID_KEYSIZE; - XMEMCPY(hdr->info.iv, alg_start + pem_dek_infos[n].id.len, tmplen); + XMEMCPY(hdr->info.iv, iv, tmplen); break; } } - if (hdr->info.alg == NULL) { + if (hdr->info.algo == NULL) { return CRYPT_INVALID_CIPHER; } break; diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c index 8b9f5db31..9347cf214 100644 --- a/src/misc/pem/pem_ssh.c +++ b/src/misc/pem/pem_ssh.c @@ -12,29 +12,41 @@ #if defined(LTC_PEM) && defined(LTC_SSH) -enum blockcipher_mode { - none, cbc, ctr, stream, gcm -}; -struct ssh_blockcipher { - const char *name; - const char *algo; - int len; - enum blockcipher_mode mode; -}; - /* Table as of * https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-17 */ -const struct ssh_blockcipher ssh_ciphers[] = +const struct blockcipher_info ssh_ciphers[] = { - { "none", "", 0, none }, - { "aes256-cbc", "aes", 256 / 8, cbc }, - { "aes256-ctr", "aes", 256 / 8, ctr }, + { .name = "none", .algo = "", .keylen = 0, .mode = cm_none }, + { .name = "aes128-cbc", .algo = "aes", .keylen = 128 / 8, .mode = cm_cbc }, + { .name = "aes128-ctr", .algo = "aes", .keylen = 128 / 8, .mode = cm_ctr }, + { .name = "aes192-cbc", .algo = "aes", .keylen = 192 / 8, .mode = cm_cbc }, + { .name = "aes192-ctr", .algo = "aes", .keylen = 192 / 8, .mode = cm_ctr }, + { .name = "aes256-cbc", .algo = "aes", .keylen = 256 / 8, .mode = cm_cbc }, + { .name = "aes256-ctr", .algo = "aes", .keylen = 256 / 8, .mode = cm_ctr }, + { .name = "blowfish128-cbc", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_cbc }, + { .name = "blowfish128-ctr", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_ctr }, + { .name = "des-cbc", .algo = "des", .keylen = 64 / 8, .mode = cm_cbc }, + { .name = "3des-cbc", .algo = "3des", .keylen = 192 / 8, .mode = cm_cbc }, + { .name = "3des-ctr", .algo = "3des", .keylen = 192 / 8, .mode = cm_ctr }, + { .name = "serpent128-cbc", .algo = "serpent", .keylen = 128 / 8, .mode = cm_cbc }, + { .name = "serpent128-ctr", .algo = "serpent", .keylen = 128 / 8, .mode = cm_ctr }, + { .name = "serpent192-cbc", .algo = "serpent", .keylen = 192 / 8, .mode = cm_cbc }, + { .name = "serpent192-ctr", .algo = "serpent", .keylen = 192 / 8, .mode = cm_ctr }, + { .name = "serpent256-cbc", .algo = "serpent", .keylen = 256 / 8, .mode = cm_cbc }, + { .name = "serpent256-ctr", .algo = "serpent", .keylen = 256 / 8, .mode = cm_ctr }, + { .name = "twofish128-cbc", .algo = "twofish", .keylen = 128 / 8, .mode = cm_cbc }, + { .name = "twofish128-ctr", .algo = "twofish", .keylen = 128 / 8, .mode = cm_ctr }, + { .name = "twofish192-cbc", .algo = "twofish", .keylen = 192 / 8, .mode = cm_cbc }, + { .name = "twofish192-ctr", .algo = "twofish", .keylen = 192 / 8, .mode = cm_ctr }, + { .name = "twofish-cbc", .algo = "twofish", .keylen = 256 / 8, .mode = cm_cbc }, + { .name = "twofish256-cbc", .algo = "twofish", .keylen = 256 / 8, .mode = cm_cbc }, + { .name = "twofish256-ctr", .algo = "twofish", .keylen = 256 / 8, .mode = cm_ctr }, }; struct kdf_options { const char *name; - const struct ssh_blockcipher *cipher; + const struct blockcipher_info *cipher; unsigned char salt[64]; ulong32 saltlen; ulong32 num_rounds; @@ -236,13 +248,7 @@ static int s_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struc { int err, cipher; unsigned long symkey_len; - struct { - unsigned char symkey[128]; - union { - symmetric_CBC cbc; - symmetric_CTR ctr; - } ctx; - } s; + unsigned char symkey[MAXBLOCKSIZE]; LTC_ARGCHK(in != NULL); LTC_ARGCHK(inlen != NULL); @@ -252,43 +258,23 @@ static int s_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struc if (cipher == -1) { return CRYPT_INVALID_CIPHER; } - symkey_len = opts->cipher->len + cipher_descriptor[cipher].block_length; + symkey_len = opts->cipher->keylen + cipher_descriptor[cipher].block_length; - if (sizeof(s.symkey) < symkey_len) { + if (sizeof(symkey) < symkey_len) { return CRYPT_OVERFLOW; } if ((err = bcrypt_pbkdf_openbsd(opts->pw.pw, opts->pw.l, opts->salt, opts->saltlen, - opts->num_rounds, find_hash("sha512"), s.symkey, &symkey_len)) != CRYPT_OK) { + opts->num_rounds, find_hash("sha512"), symkey, &symkey_len)) != CRYPT_OK) { return err; } - if (opts->cipher->mode == cbc) { - if ((err = cbc_start(cipher, s.symkey + opts->cipher->len, s.symkey, opts->cipher->len, - 0, &s.ctx.cbc)) != CRYPT_OK) { - goto cleanup; - } - if ((err = cbc_decrypt(in, in, *inlen, &s.ctx.cbc)) != CRYPT_OK) { - goto cleanup; - } - if ((err = cbc_done(&s.ctx.cbc)) != CRYPT_OK) { - goto cleanup; - } - } else if (opts->cipher->mode == ctr) { - if ((err = ctr_start(cipher, s.symkey + opts->cipher->len, s.symkey, opts->cipher->len, - 0, CTR_COUNTER_BIG_ENDIAN, &s.ctx.ctr)) != CRYPT_OK) { - goto cleanup; - } - if ((err = ctr_decrypt(in, in, *inlen, &s.ctx.ctr)) != CRYPT_OK) { - goto cleanup; - } - if ((err = ctr_done(&s.ctx.ctr)) != CRYPT_OK) { - goto cleanup; - } - } + err = pem_decrypt(in, inlen, + symkey, opts->cipher->keylen, + symkey + opts->cipher->keylen, cipher_descriptor[cipher].block_length, + opts->cipher, LTC_PAD_SSH); -cleanup: - zeromem(&s, sizeof(s)); + zeromem(symkey, sizeof(symkey)); return err; } diff --git a/tests/common.c b/tests/common.c index b61a350bc..492b4f12e 100644 --- a/tests/common.c +++ b/tests/common.c @@ -75,7 +75,12 @@ static off_t fsize(const char *filename) { struct stat st; - if (stat(filename, &st) == 0) return st.st_size; + if (stat(filename, &st) == 0) { + /* filename is no regular file */ + if (!S_ISREG(st.st_mode)) + return 0; + return st.st_size; + } return -1; } @@ -130,6 +135,8 @@ int test_process_dir(const char *path, void *ctx, dir_iter_cb iter, dir_fiter_cb strcat(fname, "/"); strcat(fname, de->d_name); fsz = fsize(fname); + if (fsz == 0) + continue; if (fsz == -1) { err = CRYPT_FILE_NOTFOUND; break; diff --git a/tests/pem/rsa-aes-128-cbc.pem b/tests/pem/rsa-aes-128-cbc.pem new file mode 100644 index 000000000..dc0deb465 --- /dev/null +++ b/tests/pem/rsa-aes-128-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,7CDEA083529E2DB403D7B23206005446 + +rPM4VF5wWyLzeE6L3CbjNSar+RrvIJdYPPVXuVc25BLXJycvDqSaYlnpndtxY8kM +UAI9pNWQT1Icyp7sEvk3nWs2bAxLiv8uKpgZbNjVbpHoCkZTBbKwlwQFoJL1HMP0 +eG2rwNSbdcqY3JxnAU/F4js7Gg3sqD2fVK/vn+8b7iumuiz/SMNzR+aZ7FQBfE++ +Hnu2jM67wxt/uHaTOZDtPwqZv8taiDv7SgILIMBCygIsukclGi29NMMEO5gUK5fq +jS3sC9V3rInFsl1BkJr2mnqR84TGMGjXLfT3cqLzjmkv6JTENMxsIhE7igg1DkuX +nsNf4oReA9xnDOBH24gG+lrVYJNtn7YFb2jrGM97kISGqjCqsg5K/hC7gSFoUSq8 +ek09eglkfg2m8JQ1nB6KvlBPPvyghRrdcmHud9BYmmUopB//1235TBx4eq5vyZlz +KBWc1zxsY14ux5kMu0fbsdcGufHrkOgOnNa4OcmqQ+gK0RjfJtzXvwYTt5Owpp1/ +9tu0yLBFtI+XRd2xGDjuWD0lWrAiDOwlririhkNS3JRNRwyZfSpoGGJPuKeG7nmR +ZtZoWigNo4oyZ+mGwKmv1z8NTNMwju06FeA6W+BJDgUHx2rybne09egc7uetmMv5 +abeYq7kAP7XwNA3yhSO+63H/QdBLWZ+iClfBT3bJwZ3wg3Tc4b1lwzpF/opS7vHO +NIg3DAxohSlM4xu4pfA00nuOLsU/GJ8LPxnmTFpHBZDxSRkMwZIG9nt0d/Rwxq4Z +rqR8THeUTUMcuIdQFhixgRewcZqLsomU3HZDoS67Mf9QP2wxJBpEq6m+alFBC/oC +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-128-cfb.pem b/tests/pem/rsa-aes-128-cfb.pem new file mode 100644 index 000000000..e275dcdcf --- /dev/null +++ b/tests/pem/rsa-aes-128-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CFB,7FAD08F428EB83172FBE8EB958139CAE + +y/2Can4r82eu9hayWp4zOo0kIhPYEnfLd5EDE9O5kqEOQwLuX0uLOY7pqBpiUJ5V +l5bbo/J4mVjxMAYD+tl4dCYH5nkKt6v8/g16dHVyNi2GnJLzsk3hP9neA6KOz+iE +ULdR0eYZ/lHw/o5nuLXOASccJ7/f2kvN2QMS/GtKPEwtHcl6/EVNOqUdCsDuv8Ks +cU746i11jMcL4Xtuj6beElXH/FR9xWFlnZU6sFe3tmd8KqEeeyXjE9IJg2voanmS +FwtjbPTuvu5DJf9P7QTAMar2TuZE2Yv9CcAXAw/LX30tviHFeqrVpOHc4WImcZ2P +LbraC3yI9mTwukqkmUSIZkBEvUw4bSEcBNyq8INqpuCfvNlNGPcpyX4shmJvGD5z +TLPMKfS6tPhLZUrrM/g8/aolkgxwUAKwGLYhzunTGZg9Hb3FMM3rnFxrPsbSVgn1 +pkrIQPOZObPZBo2c5cfpqmFYSs5VKpdTxX064efDDPAMf7EtKFGVFLansM6usCzA +IeiQEhrrfE4zDXKoqSzVj3FNN73PYF/AtkX24e1vDBiTA9PYNvBmwkJUeOKe0MK7 +/zt4bZPFIr87Mxy+PBX2niS8legDOCDJXUNf23FuR3F65KbbTVe+k+TcLS70SZvM +U12ilkgb5cls08vehvoEHfiCsXeSPPD9FD9CfFdihj+dZZ6MU7fRH0E80O7MGC2T +d2oOWYnLQ8rCuQLe4dXZyjmfLhoBIfs10OKJLnU82pxBrOxgN7QvfLEYi5Gz6SRf +Awaw0WMhYY+OmQQ/PuL9t8uEbSiDB/J/w8H61INZpbwmmA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-128-ctr.pem b/tests/pem/rsa-aes-128-ctr.pem new file mode 100644 index 000000000..f60df597c --- /dev/null +++ b/tests/pem/rsa-aes-128-ctr.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CTR,E154FC61A8B6417FB086540C1B16B9C9 + +3Nay1Oc0YF2zmh4zEXehb0qpwzv3FHKYKFZYIns7EXZ8gYzWEhCa+Q0nkaGzBcDn +jad4TXZDmdWJRh+3fDmV11pZ14iYjXoiBfPPAzJEbENr10puMG2iFJ7akuKBIzAu +DjP+3mY5EPqO/Tz69+Vu4loy/IRaPmXJxRb18kXnjaC2XoaBqdzIFG3fJg7O6k9H +LCA5lNud6VLXt7TRLWtjKQusZbX6Y3vUBZjLXSmHGzqh286wKD/sRROINopDdzv4 +6ooAdoy08MAXGekd740D7L0Sm3PkSVzm39byq0h1Ulyg6Dq57SkZRX+qLiiM9KZ1 +LuhywWN5ioAqfRD6xQsdT4PK/RM4sV3bpQD4kFLW9UkoEAnt1cql91RNsz/UIII6 +9kVwjCwJ4AGH0XwzbOTYm5UmcWLXhaW1Z9fAMsXST0CzMnLzzV1qPb/9JYZTEoE1 +8mqN7a/X2uXrb3IOLjpJeCi52EwMt4+fGIxh0+eyxUzV9mFIlTKVn+jvYhryzk9I +XmG+/fAzk2DvzgG8nHTwlo2cknfof71fDb/rcLN2NXMQlw7m2lfAli3h0zOaBmFo +KIH2aBX9emMHikXu9ubtfDOZUHptMbMHUOoVODd2rw8ZwJwdO3CkTG7ZBmU7FwZZ +sjtQPHO0x+XfQ78XGeZCZCLSOMWw+qf5/WhnJ/wiM88UH8M9S70OOcjJxkg30c9V +v2QRSkNKsrazfBDi2bLB57jKjnMi32e0yM6y8+GmiSJcL3+NzESBu2xYPzfW0eou +xeZGpvUOxcoP3I9I45nx3Q/hQVqPqvTU8h9KFbQoH1Yc+w== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-128-ofb.pem b/tests/pem/rsa-aes-128-ofb.pem new file mode 100644 index 000000000..40837cebb --- /dev/null +++ b/tests/pem/rsa-aes-128-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-OFB,3FBF6EDECB4C763D192AC4D9D1DD5E49 + +lcbgGFJBGIUaMCh/LEaK8bT8TwEmg7s6tLekeGvRvBG5QUOB8uf9OyzCJ5tK2OSg +SbS/tuVbibe+X4PIfm7pA9geX+3k3YCTNOHvlmjA1vgRFREb8fvhlOxF7ReGNOlN +lrNJVDD1xW07deC9MlCmqsl5NMNzSzfIxRjwxMx4mNyBRuaPqY5o2N/fDmKoahKG +HCT4VFMFtpp0E2v2SPc6iPbzqB9daak43vVU/8bpGvO1qRgV4cG/IN5U0WJGiDAD +1lR02gePO60jpm5aBhHX2INt4XVICuIFRXIJi31Bp+6Vzy79E98c9fbCX8/tBJH8 +nsq+HxtZdWHNrKFFXM9hYsDsjOQLDu6eek2oBwrSrgnRD44ki2MycehU2Db6gh66 +RTLvW+Oju/w/T3+K216r1qdzTQpNGeBmkU/Ecol3K+1y3dQNOKxF1hLUsturdFTM +XAaGo8eqDkDMyaDR8D90LDNh9S7h5UHf/W/5vglQQmrLmw5S51PU+y8k7aTuE/JO +1OB19BLbOXdESt4if04Po9q9Tdbm+I2kS9tCByyLDSYuLqbAXegqrFvJiCgmYlDv +qqCwdVjYpbOV11hxxs+AUjTyK6KXJMtLxZGTKqfDFDFmC3PcflXWh2dX4ImZnII1 +Dg1Flc/MvfbFhlcvk750BlwlIo83xOigbXXMwXTE8QE2Z3MqZvFzEKHKqcBBF++m +LKUdSddeSnEj41Zi8JvjdMzLFxyOtQgcZFYRHBIePN0xH2VuUHZ7vMsFJcHj0lla +7D5uhCoyjhGZsyq8Rnq2b5YwkVBkxq3g3jXDrWAUsKn11A== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-192-cbc.pem b/tests/pem/rsa-aes-192-cbc.pem new file mode 100644 index 000000000..751d6b128 --- /dev/null +++ b/tests/pem/rsa-aes-192-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CBC,A233ABD2273847D1CE439B454A86A341 + +dUXLQDH80/9PFA3yPpvdwtzhWBJsAUqg3yUak+Rupbm2z9ylJvqFooa7k5um2/GB +waEAmig8p8tqZqjMxn0QhSKVYlvtfmuh4I3jw2DwlI+nkng3947Rx8q/bqcmUgyU +gUZ1Q6ekYc5u7UMKzCxtxV9avZMIMDE9AczErvTVv1ZFLjqv+yzihbL+h7Mb2vxZ +axh/RRlbkDoX6IbdZxIDOvvoriCHnOML960QctzzCaZDcllLnAnRJWZ5B7byDzhw +ckATCU0wANbMkp/TkZLPaTc4nFKzbB+97+LocD29ZldLGThOotd2dOTIvvIdVYw+ +HsNOx5xldRMH68YFCeiSgVBOIZNwGo4166Lr9So7CtMooQNHWMTP+gk8vDOFzV89 +shs9lu6AtLPlxHR0o7SrbgioHPUEcZ4I9P89yCPgmsLm4q83jZF1Mv4s94hpiBcS +LKV9TIB2TpophHqlLjq34hKVcM40NXSwVNPJvmDuiCHkqfU39x1BGpBZZwT3Eajo +kiP3d/fuOlfBx2V417bloaZZF9cBUwILwJZvhy2BZ24G5em4so7pVdylb91GWz15 +5/6CaeYET7HdBVUU+mdkBQvOfUP2tt00+m8RsYNYr7ENbZ+9kMsuWgXAuFs+zvN6 +eeedQ8KrWFVzE8GmrQYpuh8bmH+QFCopQedhUn3ZZuYM8/a4OTfuTp5uPIJH7Bfh +54a2UPC4fIngz+LLyOypDlK2qIo9uwh3Gq1Ahnlxm9NL5DOAigG8w0qmgfaBif+h +lTnvsl1Spp/MlYdC26fRCHbe/lPkdyr/RNnZEXqRRypfPbfltQsAdKiQBEuaKdgm +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-192-cfb.pem b/tests/pem/rsa-aes-192-cfb.pem new file mode 100644 index 000000000..2f483f4c8 --- /dev/null +++ b/tests/pem/rsa-aes-192-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CFB,6058618498B8041B2005DE63098CA36D + +2AeE/YLJ8olm0ZVEACO7JThl3i/XznCha5Rf4w5RYeRAbjoDlw/YLllbySDkmmQq +DVj12Qwo7nX+F02GDiUM9QyoW3/B/rHOouF6TGBQNZTvCVSyJRTAE9Eil3G2e4LR +4bFvW9rDM2yFy3Ze6frBXfffHWOD2M23gREyKkkPFhkXLUbD3My4iHjeFERoIeHN +QfKEV/T5v7ARFCPZ+rdP4nf9d+qHG/4aumerkS7TOsS3BZHfLJp5zVO/blCVQ1Px +tvXMv2p6krsjgcTLDAC5eSK4wOHhN2MkrSa7ShU2+AylGj3D3IqFVSQRf4Dwk5tb +qwUNq0LtarbJdjvfffFgN2Vl4LEAluRbNasjs+3J8x69LgV5Au8HBwyY2W7UeRBX +zpURCZGt+s0pzX5SPrCg7f/9STHEjCop0ZJPHOHtuJZpshcqRLPxrSKAV27VhUj8 +T0YPbp0WTnzhIlcLWNhFnhP+yIhlC7QPdPqI4RwSx2kBaeVrmWsYzA8dgajoYXAU +PZAgw+JLYD+g2bPIKYyZLHUXmeJ40zLB64cSgKn3Bv2dKAE36yrzNtJB5YgjVWj3 +K+UUpDxA9GGEmar+LdlCRG+KQ9BvDWtfcQClvzUG2nKQc9QIa4wsXX7QHqaGHIk/ +5Lwl4xtHRiZLMVkSTVGUem1Kdd9k0U8ax40QewHW5Ea5pRRUj7B6+MKDgRDoc7YB +jn9UQzIzQ5TqTNLWdgZR6Qt5uLSrVg3S2Au23yEc6jh439kC0FZHrZnALdByuoCC +Cx9BpHM++7MjCQMxWzeqs7x0czgGSf2u+XHz2N1sbQhmUw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-192-ctr.pem b/tests/pem/rsa-aes-192-ctr.pem new file mode 100644 index 000000000..d575697c2 --- /dev/null +++ b/tests/pem/rsa-aes-192-ctr.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CTR,AC362D52E38D6A9216ED8297B189E40F + +GWGIYoBWv7LW6cvgscSDudBA8stXj7AOOnRRp1/LDaekqUQmEvp7e/roBuC5UvqZ +6SXdDGZ6dFtpYThDWJ5aD9cK4Bk9j0qe8nD97xKwQLIjVO0vkHmbuPzE4KJlHD9+ +4H9ooA4iH9jxdAc3y9TbALzydN8NNiDKMn72nfi6LF9c4L5Yxwf+mlnqRNmEt0pd +2XvAkslz70C4myer+I/KMyyNDLpwghvzdWh+TBlLPBV3entXbpUNYUT/HYZzzt7R +tuj4u0hg/378U9j1tpRvGXlx5wh1Besfy2x+bCc2Zw23/Ezj/dGrBGDpCOF6GjRB +wE0XkYgAgDn2O6akECoVNKI0zwwI6/I9PPj6Rnq/S8zJLmgLCgVxdDk466rCkcfY +fgQlSehYMxRRyvD3dE4TU7dQlm3tHzFFsGI3qHI1eu8O/GA8KfY6XQTp0X/rEuPj +n/qnuNirYboEYXbDm15QBDvUNJOYlseqcmFCz2SyE83GLabOrfivZpDXW4CF0plU +n40ilGWVCLpiIQqOhkufmFhvfQDZbwgnfhew3+fNxIc0a7Kd2uR1XTBA5tapiFBV +/qd9STIdW6PGCqptf2ag5wMNVpQNkGYexujR89Uqq6axBvLZRMY82JRd8jLQfDKK +cU4Rz+a7B1MwOF9itcDBQreYIjTBQGyV5xDF8Xrg8FQE9ATOWdDl8P2/z5AzCT6Y +TzjsM7fjdw3ac9mJZICY0++TbymUEAh6UqKhhn7R9TR0/WaPTdc0HHGip3t08fZA +ixdn0RHvV2QoWJiIv/AuntYb53bN2cQB1DB5W0NPrZQ6tw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-192-ofb.pem b/tests/pem/rsa-aes-192-ofb.pem new file mode 100644 index 000000000..a193ce103 --- /dev/null +++ b/tests/pem/rsa-aes-192-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-OFB,1E532FE273D9E016DAA31CB5A306DD19 + +G7dGS64FOLqwLg180YqKF79stjm+DuWgTL4HsoL/ZPRBQA0Km1t9onvwu5+60bo2 +VN14VGBulzGoGv2X6RiclMShUqpfD0TG+1zIpxQv1x1takw8vI3HFPRe6XnK0dOd +vofluqogbwM1+l9axD57l+v9kVhfG9z4QQsu75AIb0BLwUFIRSKK2kyu2BVhMbme +6iaBviv14w6SKhVChUNQOhiQ5pcvPx4OFmeTx5UxQCbS/cpJ9epH0hBKVo2mKH6V +BLLEP8gnqSPzunCaIwWlWy6IiNMySsAwlc81zUB5qGIWNGLthn/KzA9k2QwTKRQH +ZQ4LHr+l9grFyDEp0AqJgbHNmnUBqR+NHOsfZHrBuHmDGXaHS929TubEEzeP0+xg +ynYJyth91crnUWd5grJEDXyJJPFKhzWzdnEFpyNmC8UBpGyM0rWVDCVVta02E0LA +I8fKkc4q6VnlonbivlEBb0oSiW6Svb/MdXkzTvN/aDadYucSh8yNW2aDF6/GoWXt +57mGRQFEkMS8+C3QG0Mcv8Ij6l19kuTxR1VWEFFDIvHk/018gIiA15cZaJoiZQYQ +7rVNL6OSxjAryIR0e92bx9KoBN2hPy5iKkl4pZ3xy9ZKgFcvdhnXtbdQI/UxKCjO +JoLUsBEecnWC5hIsbmtYfzfsQ3DQBUoBEVq4+XMaF21EHYTixi3tV+Ya9CSWTw1V +UFbc1pNJ8P4cEFgiXPYsWcP2JwdABM3esXzwj3/Jxv11BUubHBCehHwxESSjkfMN +C+ua2QXGcvIziINZ407Mc+7HKXeDx/EHJwy6Jo838cgw+g== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-256-cbc.pem b/tests/pem/rsa-aes-256-cbc.pem new file mode 100644 index 000000000..198aa3a43 --- /dev/null +++ b/tests/pem/rsa-aes-256-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,610E0BE873DC7E35E19E8E8CE6F475F5 + +Z2SCHEfiMHHZ7GPuFFLVynP+hdzuRfGVTRKqNJG18f5/vDafYHcbd+RKWF9sVy7M +baORTuNarrrpw70NamFqHX+7UceFXeIdrRHcQN/HWwLtFaUWLFhAKjkc6NaoBK3b +xVvH7e8TkkKcDHJe5/PYTsqCmUHzGUFzOw5460oksWkURhmgS1blQJgROFGJ+h4w +T1nxmUoOKiKNLneyAgte4gSMM/FmgShcjw5e0vRIssLIWcP5U7kYLTIcsm8+qHzZ +fdXx35VUlR5J5EFP0txRWCEWOs4FqhOfJmmeeDOoMD7us4KL6TyPxdfxMfApDQJa +kiFU19Y/eRLvCaapD+x37H00iT6MXnRyn11zDvdLWbPB53ZZ7nT9xER9FzmGRBf9 +yhOdK4/ekC3oCdTzgHIz99iaAJE7HT10X9Yf4A5LXgr625HYoznDfmjDqIVynELu +9x9uwJ+XmfbqfDhop8YW9YJzVwNkeryouZbLF4On7pMvgqTdz7tokuo8hTX+0mc6 +HCItCPxALdA6HQYCZXbmDn1cQwc0yMLXC4fqipjOzd9/Ns0ApvdRkhrG9y6sKht3 +nh4xFPZ5yB0lIDScLY4Bhk1zvTaoOnrpY0K9r1WRysa2Xd9K7boRuK50P46lfXrW +eLJUI770NhqIHYnLDIY4p1jKPdBtRuMkqWvdLQq1McfnGpmFc9SnCLHCeNNWOFGP +20RFHPiQ98xPHnuMCVThiumewqBkMaPJ96nRjm6ZrJl7r/Oo9deFcQ2MR4N1rKNY +41ASM3Xn65BoUpEPS+MRP0lVVx+DF+6fs2NHGZS5J7VdlHoHEiCb+GnAwP7eGj2+ +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-256-cfb.pem b/tests/pem/rsa-aes-256-cfb.pem new file mode 100644 index 000000000..f56b3773f --- /dev/null +++ b/tests/pem/rsa-aes-256-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CFB,43D96087451881A68B7075CE32011024 + +KIRsgcI/JEhz2hht1AU77iMiUzW22AIIXYFMCelPkmkCA5E5kXGZz/l8L28L0A6c +DUVCQRlozlhLt2Ie48U86ph4IpW52bAiMvyUuZJNPFp3Am9zWujHf5BvS9QvBOM8 +Y8vdFcA2uJeVku0+vOQRBowEU0wg6FNAcJOjZiAzlKsjoVb++GqBC159MconYp5T +YqCbz3mUKF4nOR5NqiylgOeArQ1iNP/nf1C7uD1WPGZi1T71L5z95fll73yPmXkd +/uv5yak7DtNhh3Kh1xfw3ecHHCz2BRng/2pn5BjOo45g7BaTd0ejGUIN9iJ6FZdN +iOP/pzOvRU8gaJruFEpLtS0Y+HLPnoArwqYJHeGCH71QFDl8cVe3BjcWfhVYYbia +cGBxW3x9oy1Wc3queMuyv7M1IhYX+7QltcTKYQQuJd3yeioh/jfopLxtpuvNLWSP +Q2Vib421qnvjUrxn2EY6i87ten0Rzt8JqnzyVRsdtulAExARRTN8ggnPieSoGxwL +GXPwnZpRn4iAX2S6ETYWoPNtGeE54h+CmzidrqvrEk+8snyI7o+nhlPumbGvdTVx +ts9mI77065hxWUGa7o+dUN+28nFjfxdB35Zpt+/DPrc0VqvAkCefqNGE9JIFxXE8 +kKdLfXOwuiiz2xQcaYFVtbkw+LzbY4OFOKI47A92hqg357UbTdatjL4EQypPX6MY +CYe0XtPr5xAa5/D/j4HWYZ+Pa8I28G9EHxeGPFGZQOqFJFF8NaOrVSEHLLFhNDKr +CE7ZsOzGtsN6fJ+EoGTEHFVdNQpPZ0qVZDVc2bHmQ5WC2w== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-256-ctr.pem b/tests/pem/rsa-aes-256-ctr.pem new file mode 100644 index 000000000..5f49765d0 --- /dev/null +++ b/tests/pem/rsa-aes-256-ctr.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CTR,D351845764A2C771E9EFF37A07848AC8 + +HXul+T5A4PiaDtzR9ZK6pS1Kjks3ZM4Xl4yQVcu6JPhg68CKkBkMBDa8R6Ny6tdt +IaQ1dbLquS0KbTr438WBhFd4yTwSy2BS/hQv8JjK9t/WdrvlFvhLXqqNosk1ojmK +L03tyrB9FDfqaw36fc2zOTL0U2YiL+yc1jXOxV/KeLFZ5vMCBLIIlCmDyX09CERe +9M/KX2dCJInj14RqXjK4sM1SnaEYjRfZwUkiEzqpOc3pfnnblo65v79jooVHO2j9 +7d3Uu0I8Kbzz6Ss7QDQpUqSmS696XfVudMVJFfhGM5yvT2iWc5L59dZ6PNNY+gOA +A7Qr31uR3ufpmpSsjuzWqPO5PjG808P6wEEZosT/ESofmlR7H5mKAuifxzxzEzKV +MTT0KSLNh4mLJ+x23MHxWDQ1EWHKeAGNznYDrnFVDLgzX6qHHLGZFw8nGKb3cTYY +zjIbW30jQxfAJNPisdBPCvetTV+Fr9CtesyTNw6ZP7YxYqFcd0/ZI1GL4BMSfY5c +OClXyWakdwXdfL48T/dR8EKFvD2pAJRtbs+lF6xdTR5OIsek/uu6+LYiNa31ItHK +QogMjXcmUEAUJchRmpS8CDby8RonSCOiRop4/Ct30G5xTOWSKTMv3hWLgOlvcC9E ++j/OXqKeFJ6/P11skhDjDSUnPVJhLBWlQvae9zaQ7Xwg6llbko6EcUDaFJbVavwj +gWeYcIT582AlMnnSFSfMSs4YLB6h+GdG0Ta+mKddtvFtn1PlhF0aWxHFQs8Pkebz ++60Jx6qoH0+/ceKHLPbV11af8Mmi2gHifpeTYXMi1DzQ+g== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-256-ofb.pem b/tests/pem/rsa-aes-256-ofb.pem new file mode 100644 index 000000000..ff9e3cfd0 --- /dev/null +++ b/tests/pem/rsa-aes-256-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-OFB,864C72C0D617986401AB8B278EB9039F + +db6VKZnrNYiDaMmZ1fWYfwVkIPMS5OpTmlcw+dB3ReUpo0y+D8Bg9ro5q5vHNxns +jkQoLZLfoOFjU8TM5X95TQ9SuzyLun32SE31CE/yoFgQYaj8liQ+s8t6tcRl6NiZ +wQxjvCQBOzP0d+RjSxXdEm4kjIgArYX1c3prMYyARondJbQYrR1XzBKR4HruMb79 +3JpddbOR8TT4rojnNd4nQ3f32qkLQ7tesIv9pDPvH53VCivZTcaNgHsMF3o4qKEu +i/qsOJiqKkJsqX++MEIel11M0vkTe+BzPNiIHOKyUDhZyPZbot67ELH+lrS0z9rG +RCj8HUNRPwfuPJAq7zSjeaA75N9Ybslj1rgoRTRwriLKdJqhszjz4loU13mJb5Qz +oZPOOWYdseeWGunlWFIu4shXTprKuAfrYgFamJXglHVMDxwzoRVS5b/kAHu+Mq26 +bW+NO7L5VQtRfTuON+3uoVMYQqBw8CM9B5YB4LUbySXnlENkDRkJELLccql/OrIA +1LmgP9tHlVPwOLV/X1lSfKjvb2/OFxwKMjZfT5jjuX9FcOy/Ozm/uBVH4RoZkGN8 ++XekkhFTLfAb9i01fWkvGhVOWQGezoMGOxN0PyMUNm6UnN77hO2bQrTPgdlVgUMo +vP/mY5RbW+PoviZOQLjMmwRHeJ2Fc0V0GLMbW5H3Mkn7oUHEZdHtlPOKG9Yqt+08 +pFT/L/oRn/Zu/9RajPCCK659VEE/Tu89hUigHoQpcj6qkS8iG0qBy/uN3EIZhQhW +2l1Lp2Gr6GfzxyLy64+FREnaoWHUAc87V95GkV1epsq07g== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-bf-cbc.pem b/tests/pem/rsa-bf-cbc.pem new file mode 100644 index 000000000..f61fdbd6e --- /dev/null +++ b/tests/pem/rsa-bf-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: BF-CBC,A2E3F3B8C60F1B85 + +aCYCwYq5jG18juJP4JVrMg2+Wq6Crj/wI406D2c5W9TVe8siHY32uAbz6o59mjnE +cZTmm9CDXdKtPPEfdeU6Auh/ys6PFgQqCwTlZkiDvzTUxK4E/64feV9MfwRj9w9E +2xLPIUwS4LsC0CmJK5nk1tObvk/nOEzSieD+kq5oE50mAuMbUnBTCiAZt0/82oEg +3ASkenCuwk2NgHQXp19PCd6A6L1tDmP0AbMLz1Oe7SXUCboFh3RMaJfg9S8Kv0nP +lPty/okSQIOku5Ja0C5TXFsEXzmzn28Qu261H2OHoy56hyJmulaQCu6yNjrbHL0j +JnuE8mnSyHqSEq+2/R2VEof0uVfNUO7It93ODJDoFRqs219R9P3JEb46PttIJG5A +imutE6iASRdwq9Y0/UgPK1d7nSnWjG5bqBgzkomA2kkJXQave72LvnJ0zwgOSor1 +md3GifM7YW0VeCnW8Lh33/GI+qUPvhPlrR0fjDfYMEKLkNE5aI/iYcxa7/jR5nP5 +WbxLLQUPQ93kbcPQ5+2lBWxilqqpmFXhWpi1W4triT81EDFH9/szHTnaZ0nwja3K +/AUXMccrgTSYaD4pXPY1BXz9fn8ok/Rn0TbdqobnggVbjFoSvehWtyfsq+3lNetA +b7ENuQaUKxAFVuKOSrXzanvFFSs7l+TIglJXxu6Zerbn0/UH/LlGshrkLNwhv+ba +Whg77NM2jFs31WYyCiPzH1RuxQkdGe6rnm+aSeEYc0g9dHnCDApImChEuiOEA3wt +YjWyRgLjQPQGgEl6dfeBpwSzx7dXC8Bhvv3IZY58lvgTxArFWWATVA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-bf-cfb.pem b/tests/pem/rsa-bf-cfb.pem new file mode 100644 index 000000000..fd2e0c560 --- /dev/null +++ b/tests/pem/rsa-bf-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: BF-CFB,A1DD43A6698F0FDC + +mZV1GprXm3ZfUX3gSKoKrKf6OIfx3PuYoccsJQH1L+ftFpEpfFGMuPqG/6hLKPCg +Q4TYkL8HmP/b8RCTbGK0o3YsD5PdTygAsYP0VVbCmhzalcdUufI5ODeTZik/HF4S +3cszCR89IWEg1XK/ffa/0apB6nKAjzDTCVYUydGFwQ8gcwVKCz8gZVEc7Xk5XZJT +N9QWVLmrw/HGQfaImwpfMUi3hbhKGIYvQy3A40Ky4673IqcaTea99en4VeuAMrP5 +LjedSDu+tr8JB5XsjJj8bzCEyhMwbJyYiFBmRG421vocGResEwLhMLxc0VWIqHUN +KxGzlzQZPMIoF3bLOybtOYknxfIStRVuPhbdWZWOWPr+qe9NB+A1BESTM1huTVHp +ofgz1hggJtYrJqu5qKpURFIsRo0pOGadqbjYKV7ZrEBEmZsZXWbzWp69bVGbFwAj +ba4GExErLZBjwSvYXzusGgLv0HP4cECFbEOKGLIEHWm9pLXWFTTJBu2aSPp9P5RC +adrCDgb0zo9JtfQ/P8Bhk3EYd76GpMnJ/VIL3ID8IV7kD/EVOsGPSu1AtX/Zd/1y +BieSNSTL+WEil8YjzZ+Ijh75WYeFtQDn2x1LkpDDwFtZVXBjB4txGvHUQgwOcj6K +26Eng4rZtdDP3yu9txnNvrLVskBw823cuB9w91beq8Nzdk9A7QWdcNSH07evTUpQ +7mpWJQyU54TwG5Avsz//ErfpiwEIqXCtUWH5ROlCmyMboHDmiizsFdFJG1X72/fE +1oTOfDUbGb6aIAZQBD6axopqAPsIshHHR6CKPcMDMRvUww== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-bf-ofb.pem b/tests/pem/rsa-bf-ofb.pem new file mode 100644 index 000000000..6a45d1ba8 --- /dev/null +++ b/tests/pem/rsa-bf-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: BF-OFB,6FF31D757E4299BA + +YSeBBk0kGRtQHi71/k7+QQCJXKPX05derG0Y9qqKonereIBEp4ef8OVbghyx1JoC +bBj3wOZbaiQUCvV2u26kAQjvTALR1Tie6mJTXec+phPczPnbQY0r3r7uB0JLECr5 +sYwSPkdgDOQXLINy55MAjHbpxo7srZOD2OxuUzT5AbNMReflKOlBbyH9GDeFcCN4 +6loM/KrPbpBVsm/ZPdRdKdUerGIVl7IesVQSyF8x3+HCtgenWtIsJxCGXKUsEz36 +iDFdR5vPZ7dInWNnJzq+Ay6Ldz99O8WeTLUwp9SaMn0+grTn2R13d9nP5091YkgS +K6FlQkn9nHkKhJtY21WvRJ+1QWZb8PvPIElYG8AFDzcMjVbG163mC7JD5MTc08GG +jlegCYDnhWkahj4zv3DbELq5Ysiv6MNObDBaXAJQSKNNcdkq6m7Qx+48ehq8+F/d +h188DCR4hMp2aQ/LvGL9m6YEUPAclrC91lIZQG+ohgI+0ih6r+0SYokn6gzQ2Cz5 +1qMB60blEX6U/pgQ00iSluR55499rSS1F1BrBXQ5hjFELnZeMN63+nfquGJQZYa4 +G72ZxnctzTX/P4CyWrmIeYMdP4MayZg+BQGnP9hcY4WlcVHtN/XJnVh9WZu596nO +FMQaDjBK/ll8I2yMZTHKsW5FtDBL5cjv/Qd9DFC+Z0hwvY06Cx5UAMkTwn1g2dBy +lcDpPYHWf0wR91/W34EPdggA8sWnF0+XOk00whQdY9hAQPGT2qvu6LI2COalCG4X +9nJHc6exhTktatfBFn4TcXFk+TKS4+gbFTmB0DHXDLXl3g== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-128-cbc.pem b/tests/pem/rsa-camellia-128-cbc.pem new file mode 100644 index 000000000..ffe132979 --- /dev/null +++ b/tests/pem/rsa-camellia-128-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-128-CBC,94052F5E016AFF7E34BC3F724B0751CE + +UVk8DjmuP7e2Mq9g+QxNGoV6ZRMAFyDZPGCnUbE1kAAzMX7s1iY4jj+aHETeq6Uk +UIixuujCIanDwc6fTZUmhJOEKunAk4UsREa3SCxgqYy02oQxXsRXEwCbn1isI2EN +Fm0WiRvdsS+unuim97A6foCGiMksMNl/9fM2PUG7xl5E4Nj/tiv8ifAQnjAz0Na1 +fCUmDbPo+XJlDR5wmTup9ZEo3GfbF9lxBNsdVY5rW087aZm2Zn3I+mK/iL/9/oMj +kiXLS/kl9b+ahiYSuDKfbQQvM14i3r/XIl3sO81eT4NELTf3FZ/2W5V5tPp2SfFl +S9qtCkoey4r1c7iCB6iPOsvtSBqd8W3a44Z/ZcfYKbxQZpTiywpCz0AZ6TeUrhw6 +FC06tlU8mnwTlozS99ZFGdqiZoU/f4zZnHc12lSOrpUUZ1LPsY8C3a0LxEhBtkUn +/j0xgW6OlYZLqW+j4aOzKuzchCyfm01/x0NwBiT3eUbL8ZcD3dszNeu2S/MR07WJ +JcIh1jTNFrGV/kLNYSQbhw4F18oSbQ+tuS5E7De6BCK75TJtRNRTYHn2GBllN22a +GcOsW2VUNEdaT8/9Tt4Hv+gBM/oYsdIHqtiovcd0gNeJMUdZu5IJ7b3ob7ecbdjB +bDqVXzj/nUm9TjnyAFEk7IhvLV9kh0cWl4wxzIiVquAzBzg34WYj08+JM5QNEMrD +Aw/V03wSLfSKYfB8cuw6p4sH1LaDmMb/fumV1aM6uQWoP749vwKGCw4l8U/8PqNi +E9xiRjoO9ZFSpfEjPjlSVkoGBbXxKb5iyKEmNrP0aP5EqlAaFqftjhvEeOEIZ1+u +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-128-cfb.pem b/tests/pem/rsa-camellia-128-cfb.pem new file mode 100644 index 000000000..9144c8339 --- /dev/null +++ b/tests/pem/rsa-camellia-128-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-128-CFB,0808625D5BD35FB6E9E85ADA0060C9D4 + +0kdNZ22ybhdCrR6wK2Lv5yyB7FOCBxpXqVYn1937l92SelyWWQnPbTBDFJW9Uf8j +EZUw75FI6H/1iVjBrHgWc8oeQxG6E0/vm6/2+PwSpABzRiqfHcgerQT87+aQ9AJo +/v/LhPhYlFgFl4jx0wej/dWs9a1zNxW6ZtNtQGcugOyrVlaNkVtfVl9ADGtpHPJg +vvggNvJuq/7QW5n9bVfVk9DLFqgj4XjRBEnyB3kMRWAPLVgKIGax5gScbH2MTpzB +c9ju3EZ5/EUSvdCjnlFf85ERVlDA1dfoknFqem3BQ+E6nmfTQ3gJFpm79eGA5RNm +K7hggxjXPqH4y2MmyeT5hMSO2sTYpKG3S/OdE4R2S+pC2xxXJvppuSKqeuirgWgf +JSPsJrfNY3VYg83ZWuaVsAjXqujpUGSO/gCx51/YnEcgCKXs0fhRa3madR2ztaTY +/sTPJ81X13yAllxG31ZkTkelxjXqYWLAqjHEhsyMb+oyS9g/w3EmgKbhy2ZI/nP3 +mb6KeVDlyOUXegzlhc6R3xdItBZyiyHWbVh7frj4Nq58Xp3o6Qtu/MixotkqnPaU +DGDUu4D5BRmFizPFag8JGr/vT0co6OxM2XUHdTzuCNXd36pU+rxCLvDPKZrCR7Yn +q/4pz9DzuTa9HrUvjHHe1tX0jNv2VfbJHtHJpBk+mN4nQy42rzPIXJG1i37C/qCV +MDbQcb+slu2QKDj+hZbmUu+4NLyBla4n4lLNszKxpSuxcvhQKCGFk73AaNXy1Stw ++4ojsPGdAnI+5DVBLspoF98Zwfs2YPruEvdh/Owv9ad5JQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-128-ctr.pem b/tests/pem/rsa-camellia-128-ctr.pem new file mode 100644 index 000000000..f7ee63fa0 --- /dev/null +++ b/tests/pem/rsa-camellia-128-ctr.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-128-CTR,87CDF51FDA93F95AA505AD649897EB93 + +BMgD2+OliSyT2Zil46xcWmb422AULCwFSm3YA2TNRiYAwUMQFHAeTh/rBP2nOrGR +s9NDhLQo6YXvfCaZA/WNjffvCX2FQ9uSjJz18/iGmg2RGLo10FHYETpFtKTx6hua +3RqDSSpruOhV0ZGeloEmnLvgMTS3KGk5RKJE89j17NdyYK1YX22dXvr/KtmRvea6 +db0apZJV59eDI5kRLJSM+aGdbPelXCmVhnpJEBW6G53qU5IDmuupCZKnwhh/feZA +luLyRDlEK0+aOZQU0qhU7Mx8Jym11ukVXbKM2MzGB+JN24H+JOefwWIRPAd1hurU +4720UYOJ7mvW/1RLmuYBJDRDePYW6FYrEfhW+Gx5k79EDR8q487CHMxsKa2AlxvD +ug49TioXqHBL5GiDfdJiXYJ8kgGp7WonsC5p08DdxVCoFP6ksQza3iiVs8VH2en2 ++K1OABMkWojvDHdOYpLku1TZ+YxpCdgOZnEif/Ncd5Wp/z+w2RKDLHPeocxSd8Rv +/PoCTChCXemVrlFVO/wAMExmE5S+DcLCKFOuGBZHNdlaRGHpsbvhFyjM/PRU6Q09 +N2Y68b9UgfwVNMMvSCL/H3fNMmbtylQzD0KmSh2Zzpj/o/MSG+eCeK+xErRkuG0Y +PDzo52SHECiV7wPihj5Iku3Iojm69u/Vn7hmnogTLNSSLZxa1OJ3zhLc3n4/IBRN +Xbn8clIAGr/epW7rlTtjaKpN7I0Xj9cMUS4qKa2iiqgiwOpiEVOE6OLdzeJo2LBP +p/ocIIwMDehLo+dkHALGzo2ujWLOmyrD2yXX4YZKEmY9Rw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-128-ofb.pem b/tests/pem/rsa-camellia-128-ofb.pem new file mode 100644 index 000000000..5a12afa3f --- /dev/null +++ b/tests/pem/rsa-camellia-128-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-128-OFB,22FA90277FF97D814794E402F3B34894 + +NQD9PUwn2cDOXckZZBoqjvVWku8h4ksBxHUetaYCOwKqQ4j3duyL34s4R65h6tir +w2aX9S6YTjUrZBxEdxNA/ZXlW/Ks9rLu2+JBbfJFPFwf+5hF4ufYKtvyize49fYq +CoYMhRHUslQ26Aw1tSbAmEQ/PnSi+7Rm4vC++ELKIiSYfeYiMnWlruwv1GfgaLxz +A8+UDkUeL1bKwxOEtPkYpqGV7T3cNJG6hcac+MZ+YojqWGdLVVwuIzOfouvd5s5Y +5ri7QrB00noCc0EzqroMvosGRCrr+6OzrnVbZt1423FXasYBuPMzyAOGzFPLbfQH +Biotquz0YO26GbEn2ihSwijruQ1f9yp60YOoGgYSeDlX3TtJUodB++D0RG19ZUEF +U3cIqPQ4EWdAwPNshBSOgBSQknZopQq7M8dY4ctdWrXxzVjKbUBPJjHOsGPg9cs2 +7A9kjaaTGC5jpmKVrJGrGzxwtc13Pt1uCIyQtWoYZ78mv8V65cLeAYf70ntrnaYY +964WkNBuKOcTaEuLOQbGbq9LYYiNTYJ92mzoZwB0ziIz3bcKd91cQyWY1Cpb9/e9 +AwD8jlaqsEv1WN47Es1VFrKbgo84EGudaqVVHhmcbke1inegadV/xGaYM+TqhcZH +u3r66WO0VzmQOy8Df8yCQ+udRTXX77Ky5Q31bKB5FKa6XFxK7MzPW8rGU0ucupH6 +ZcJhbUQ+N1qeck5X5wwuDgxzANz2N0qv1H/lwcU/4GsEAU31E2UMbBMQQOqH+xiv +CFhXY3x34phyg23SrldYXay2h65DSm8bqoGROj6AGaByQg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-192-cbc.pem b/tests/pem/rsa-camellia-192-cbc.pem new file mode 100644 index 000000000..8be51beff --- /dev/null +++ b/tests/pem/rsa-camellia-192-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-192-CBC,1E22C96DA08A146D1F6B137A3F310C4E + +hPZhYCVz0hLPnFPznHhFUkO6bOhAwS+9UXKTnt1K6K4Lb8fec+8xGBCExGM67e60 +XeVkcDoecnK7OHwXhplKJ8y32TdUCjooowVixUseEkKXwJ7IMsxpqdtpe6p9i1SV +Ry2eu7Xle01FByz5FTD3iW9A1e3a2AvDdSMa+o+Beu73F2y4Ii8M6K1mFlQtakDq +xZgxOZZ/Qy2MRnNhDlBl0IzUZ92q0Sh9iUBD+dUgfP2iJw52bb1aOsOm4/xuDlRW +pgk31MMn95Rp51nkc6Q4Zcc4n1cJlZbyG/0C/w65uvP2UxrdSRcEYXJuHmqXZIKk +gYlv8ZKyChV0f0gZqPbWOTCVBg4okaFmAVOwdqffa+SKQwKN9IYzq92gTSS4KJqy +5/70PAoXInM7Uo4mJBjBlQLV442fKIyw/Xitl+MjiH7EY4mMIqHn66SBj0rAB88x +S1G8lFgR4RTGklxeNQ09SkwW3ene3ag/6YJ8VZzvpXZ4iOC0yc2bVTpYFZwyNHGd +iwrMZRTi2hGP06M/zL0MqMNgOEJAQKKd+DeummIwgPSSvQc60MxL1SyUnLk24lq9 +5yMYFImX4c7EED+2d9dtMRNdkT9ZnTcSN/Vtl1pGU7SFSI6VHBhvBXUP2kxiHQqm +CFnKi7goIXzoU4oQM50TilRnW4EWK9drbrJR5ViZLQUbuWjTLKpwCadyxJC1Jd+c +PyQqVGDBesUP6tgt5U++jSsQgvi2ALq1dtYTuO92p5aQ++8YurS2C66JuyEuC98E +jbtX7fVBt7YGE0hy7z04j+TjXP6w/2Y2KLnYyOFfERa1d/neQG+4++HgigPBY8H5 +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-192-cfb.pem b/tests/pem/rsa-camellia-192-cfb.pem new file mode 100644 index 000000000..63c2ef943 --- /dev/null +++ b/tests/pem/rsa-camellia-192-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-192-CFB,625881A70DC172071E98F5C6B38CCAC4 + +5sK5qRMqGpAYGVRQUwdYhyKcQeLoDhq6Rj6K6/rbgZBUBSXpa3AKNuN1LVnuuZsC +5U+PBBv1VNnO/+oL9hYyOItDwB5X9OKgoI31qf8O+l1LJpcoIIyxaTBR36Y/JcBL +3PXjiBS+Ux+2Q21pTueFjJW1iGoxSIaklXZgRv7bIZXm8+Bc6kcsB9HcYeL3dGfx +0OYHkrF1/3KIu8TgnP7URN0FMB49WS4mWS2yB8FwbbO+nO09Mohbemdp00bSehlr +PjzcNl8KT38oWk5Apase/3AYg3Q5XP5h/sacjUo5B/IBHrS3RbNGYc0yejovvwWx +tyQQls501FTfDcFW+XKRIzcRHjEVLqCECHnq7OTQjawuy06zlUz9H25nGfBZ6EkV +KSCAvk06guE6sREZiG3qOaNrp4v3YJMGjzOhCvy/HAuvUDEuY9nchL90NAhM6HjJ +j0XzOlzpT6J1crjhru9+mIPGg1R3o28M3rPh0Czv3O2lQoQSVpxw+h5+Xeg4Vj3H +taRrBRrUWUFUco8jaXvAoVIFSp65Mlr9g10c0dWVt4o9InxdslkmmEJ2NYqDx4ja +mW6EMu5LW67dXX0PglayQxTnu7E68qAjVMSe1fYfwZ7p1ZVhrq31T2X22IdmAedQ +nGBiMUyAAytr/UzUCrkQKorlAQMJhCLQco+wCs5Tny8kkYXi9fht725hXvX6vhxg +d7dfcKgSrUnYxu0Qcb1L4nQPjPPc6j7rpicVbE+TOyCASdMsKBGwQ6PIvexrImyl +ZGtkoeuEIHIlkbl/u8MFOSCXO7YipoMHrKk+uzdK1Xg+zA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-192-ctr.pem b/tests/pem/rsa-camellia-192-ctr.pem new file mode 100644 index 000000000..b76e162dc --- /dev/null +++ b/tests/pem/rsa-camellia-192-ctr.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-192-CTR,62E35C74BE30FE4769F3185166B5D237 + +cCPHKwYdF148WwKz2SERsqNFS4p5qyJMwyaUWT4OsOoOZRtUm8yesp9cWmDu7zyH +Y4LgDyK0Cll6XRbABwaLF0Vj/3S/tUBd5m45DNqGD1lfH+TNiJmA1/2m0qVojv+q +8gaN70Rbk16wuMLKnCbKQQSwnJxd5UO3scR+DK1XQO8K9ov4SMa8itJ/3iKSRbNt +R3b2+EDsOh1H3s49NUM4b7cZwdWIXwHxE0CupamFrX0/YykGD4IX/J5+rlGrx/FS +pRsJ2lsLR85ZfB1EqJ6s8PS7+tniya1h1vM5FzNlmIGT2OvbTn02xeK2OaY+0aLs +bHRy3jcgSGYUu/5EwZMzs82ipr4GM8h2z3J6UWci2jKUv1ndRboLRAJfa1Y50bJl +LDz/yrKDnyiFz+0I2fWUkiCsZstTxStSMva8fr/0s29DlduC/XUZRusumZMxrIFK +cj5ZH0EkcJa/zQ8NeYD6URx6KyYct8weg6pP8n7BV2V/n935zms8hv3pf+sEbIrI +xOO4eZOzJeHq7pARMzToOjPrQaZSOPh4jcAaFNZgsZlO5fMrhiXCPDjXvdZWOOSB +RSW48Z+U8rOSSVzwWhe6xz0ly+A+NvLNfBDxL+62rxUy/GJtDQR/B7jmlQ6LtCZL +vYsNDpHgAyoUEtKl0B8wAlnRpR51dHGzJap71TtVuMoprI1lPVC2g6xZgBXQ1bmT +nuKf22VKz2sd/IliGguiBp7mmYwQxlnyUs1hwlCftV9GVvXLisqct9LvacB32pBX +CZkKBpXs7231V61dZ/OINOUAUe+c0RTKf9RnQ4KRltUmqA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-192-ofb.pem b/tests/pem/rsa-camellia-192-ofb.pem new file mode 100644 index 000000000..fd31df476 --- /dev/null +++ b/tests/pem/rsa-camellia-192-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-192-OFB,20EE340E8F45AFD605A39206EA647C85 + +2JY2q74uHMaGiloog9f+Uq6ml5L6rm8YLSnw3erhbI5GzQuFdDojSIW0htjd2jnU +GJN+qPN4vSuHYRd03vu2OJwOwsNWiEmTBtaf975wlKM7tNPDiO47Hk95dh6ySFcL +gCxMUBO6xd8h9N4V9tzAtH14pcNdW2gkQE0YISqZE3AYF+jNwZXJl4CmkbuyGXqP +qNSamLTYXrI/7glI7KGCVaAkis5g7g31cmY84PDzRe3WdA97PtGU5zJu7ku7QOC/ +V+jlbiYoOrP1YvQY3y3Swk9Rwiqp3+vos0EAP9b49S6Xp7YADN7uYW15qysfDh91 +oSfgsOsP0U8yi9KSA6PofAYq76C+LrLFNqFzuC2XQcr2xuHD2vQp5G+nC8BRxnIi +eM687gfQHvtktZ2Z8dSGWpKV0MnmJDRp2UQ5jGegTWk/iho3t+fldEjqo3Kh3Z0f +fxNxjKgvudnPuCnYkNknjcXaWojgG8pv5Ly6vQeaedeGN0IRMrqcdv3Eh02OIgUq +0tEPaQN28C7a7mJ+RxtLQxy15xMQZC8Rp48OChCGvOYGidDR8YGUnXU4kwGk0Mix +kOM/4/qF9aLi/3gwLOkSUkYormO69PAiL3MQS77cmDBwHKpu/Kko4tJdxVH2hHKO +eCXHbr7dMQOcHzo1P9VZTujKNlbOPn4ByMunH8TDpBUVde8fG5jg/XgJondVWGTM +qWPT0Jl+1IBFl5SlTzBhXkNL8Z5nimI3Sb8UYykyRaE2d6+e/lXh4t7kes9w4pA8 +1HeGMBt+2MoPHmAgMYZqUUJiWfJIxy4Yr4NSyyYz21sK7A== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-256-cbc.pem b/tests/pem/rsa-camellia-256-cbc.pem new file mode 100644 index 000000000..2a0e51064 --- /dev/null +++ b/tests/pem/rsa-camellia-256-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-256-CBC,8D2AA51F99BC9D7ADB548EDC14813D4F + +BGwDYb24zW0EFwiuWJnCVDb3wWifiTy5h0nqsAuUiqidl8JT9aGRTeadCjE6w28B +VKlHBXhIlsLWcuRcT8zx03A0HJ7RpZI8PkQSqdyjRDZ5MB3M6Xzy6bNcoUQlbuEm +RjD33jnrMjTV7GzNu4W7hF60Jp5icQd5gffAGDIXo0LHVoZn3+JBdDcLS2UK7XJQ +kTZxxQOwHFYpuzX4kZccNhxim3NDb5uGnmJM5lZDo9O9NHL4kLEMXLATixEfbfw3 +nnsyjCeGaVEVuB4A/6y1/C8ts1SEQd5mVySlYK2c2LEz+oRWZFXxn/007V5KcgdF +wkfQ2Ytak6vmM9lFyogvasg6Ln6csHUbV/xNelnMUTvzWZwQ9cwoaK9nQpHFk20F +FP6HadCD4uQEYMbtRschupXOkwB7nsK65a6rUPDAiUxJAQ+GWlR3aJueFtF1kInF +jN6NCQZUyOy2nNnsvamnUrzmatAPNLYpvI98zNnM1s97ZoLB81dNs79x6x8tEaUi +3PyVqqpglfpLCLHwCd4BLm/zaweaXf/jKgsYEeGglQhFiSmYUN1z3IVXUwXCHAUs +cPUhkXDGZPyf5SSPQ987a+zP4w3xXDzylVw4dwgzCbjODB75oGEpbSy9RDuLQUAY +goLtQ0dCVBBdVBQxsWkVCqtWKG60YkPQDXBk0g4XMSsERDb/INY3VBqjGY1XLnKs +E1CG5vXDU0Oe5Q/3JirFxfbkGUq5feZfICIBRqm/CCQn4BiBtq3nt9CskFTYxhSi +xPm+VuTi++z9hQuv5vWfrBewZcYo4Qb8SPSWfoLx03W5McCL+An/mFP3vYXG+aY4 +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-256-cfb.pem b/tests/pem/rsa-camellia-256-cfb.pem new file mode 100644 index 000000000..269558ecb --- /dev/null +++ b/tests/pem/rsa-camellia-256-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-256-CFB,D5829150A05DB72A98D8DE4DB46EE72F + +f+eHANkwPjpRYXfh9vT/k/vkFddd6PNDFeqiR+kegXCfPzmKzAq4BaBY3wLWyAI+ +OBkTX6e1V+HjXT15N1pWIOjtdpBHMDCeoJCWE4dUdNg9FsVWOjipnjHSoVlZLbJx +flT7c2OMYuklA+YBVk0/V1/siS9y1zxGZD2hsyKIIdlYVln5SJAv1tIu2qt7BQOM +1xA1MbetuJ9TinwfXerX8Hdnx+XOBa0G6g35EHZ9hDPn7h5D5vY8tfd5H7k0so9U +AdqOdBExYSoghY+3LoiEh87V6bQEOtG178TXYT+QQQQEZwSvwYOKVLreDlTO4Zuq +wVIp2fOiN3VJXIwRgULh5/QEwWtPegHhXLh24UHzCsSyDKmnLSdRaIZQQscfIQeM +n7ms0arKDsVBQ9/wQjsa1DFJC8hPII6j66w6qY3Xj30UwL1QwTz7f6TqPxLk/PiH +nQEm7OJRJzuilfZAh9m2uNb7jQ3OzMrRvf/gbTyfYiNjMDLzVLyFPh4dm7a/ofV9 +bamsflg2uWNgeSkJwYNRuqLp+Una/xLhcPGeRDJeUbgBQCuudJ4LcMOT/Uac5ivf +lajPg6XiU9DWQMHtuJ/QF39m4i26ArNOoyUP1iWUAeThhTX+7D3e6CjYepLC5Mn2 +pSZtZHS55y7yo0ZHSzoYNqL95fDw4oUvvln06/8dsmzNBH3wOgBc4Kl7buJG7h5o +2fDryfsjiPij+/FCo+0ez4LdvZ3fMz9JbdOAGXq5Ha+drhldlQWXytvat4Nxq0wp +pZ5qcZrO2iSa10dJGXnbsfBlq6LtozWqh7ovG8Wj2rS2wQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-256-ctr.pem b/tests/pem/rsa-camellia-256-ctr.pem new file mode 100644 index 000000000..1f1624f81 --- /dev/null +++ b/tests/pem/rsa-camellia-256-ctr.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-256-CTR,BA614E4D3CBD5D006F3A9FDECB43E9F2 + ++C8UEHFN0kD3U9rIJokGJgvpAkEhzEvuI+fQrxyCRItVLUFvXR/T/LnNlfO58quA +COh19f0esntIFEuUoKIHtC+zkp9V6JbCxZOZWWIbs87adHh391IrJ4HVuobZwlJV +Erd9uZxJ0fCj3iaQe7sCJ5H6Dd7X88dDh4gQAYtggWb5/5njExqVINd3k8kj62VB +W4nW1KcE9Zzl2zCBhAyzAcgdP4mHHkNGICRP5bd0xh0J0CCNa9E2Eq7RFv9MuaJW +SqlZb/jqNmPRdaEEkPN6S9PQW7cx3ieyZSrMcqapSqi0R3Qnuug8kh+ugK+nncOy +TLwyJkALFvCfzaPF+Dm50UqYRyCcdHL+MfiDvI2F7XQEhfzcxA7LvP0HsRuRA1F4 +bYdQejOkB7HZovEdsyQO/3hMc+77KJ2X9UlW7NM5ezbdim4CdRe6sHY+vN9/lw7c +k9/yExP3KZ2LhvZROpXM9YyGxc3dYu6PlPARWr7xDXt2G7SxJRPwbHmTIw1z7726 +zj729K8c+p2RJ48/QKKIlRUu8oBRCHzFjNtpaOkV0ph6zCsiVRCtvh5LKI7/FJ/J +MWkgl1sES+V8HKck4VXCXrqbWSJUoMXvjRQKY554P32c3hmVR895OmOTUbKzO6wF +lrAng+ihdp76L3GCXgimZHrmzcqYjUw7eVBlMxaaKUNfL+PIxGGwEx1J9PKXSvw5 +iQoUIuD9WlVYM2UlvAHx5b5WnXzCsQOonROKnRmgLNEkeojpEw/tX+eQHnyLtfWf +riO4UaJeRW3LmBSmho3uv8dvYhuMFnsbjJR3qgOwfFlePQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-256-ofb.pem b/tests/pem/rsa-camellia-256-ofb.pem new file mode 100644 index 000000000..4dbc30358 --- /dev/null +++ b/tests/pem/rsa-camellia-256-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-256-OFB,68AC9278D459A0FE625854BCC9C9BB73 + +bA9raGY4hnnqsvvSAiQ2xqtgvQ0lna4IRSVEAsyhzNjmFg0Bqo1QMbqjhNYYyDbs +coxQlcH71o1VU2xyZ3Op+FmY00UEZwJhq4jSm/yUcJKZwY6v8vOKGPfUEOf31x5d +K1j7i3li7Zy2s+gPNmvwEsIEhTs0hzvRAI64GgRr3AlE4OoiJbLcTigEQMGWVrns +z/uLdPooeYUHjCF0rO7F2n6vmFvRPodxZ9p1mkTivGbZ0nqrtco7OwvFIFsMDoSj +eWvHNVyfz3Ulkwpd2o/txAO0KPyTPOoYdedGRbLsy61TG5Wq8i5RjtiqTZPXUC5E +b2r3Cs8rfxW3kww4hUW3cb34JtpEUGYnOUzYpXnOELAWaFaQyDlo1iEmug/HhSck +3eClO+tYj0Z4lnCBVNp+6aicpR8CZs/seAWBjWSLpciPCUs07mH9U9SMESHQsvRf +Yq93dTsJ/TwyksH5oJV8cHHqvzW2F5IVQknUe7nj6/VqzTyQpjryvzk7EKjpWNQZ +hFzJrpQBKuLt/apfSAaqTGY3pEbzg4gP0nMY3FdCL5BGftknyhsVAuR5qvC5AQjr +gbpHnJZKFdN1Szhzu5WNTFqCQ90d6do9oe8QOcmc4NNeheC3rrwfn6svwhJes+fA +G2dH4lcCnOcBLUATo7mgjCijMgF1zLkVmYaQ85pRi/75LyzcAk3XweobCXJf9GX5 +AvWU9c5IgdLQUZmYfx8ISyWZZdId1DDuU20MNf8UjeEyaHOGPwsaoKVesl1/xIQg +850vqhlD2gZcCrqsrlGoobYKIf+zWps6FTBubmvoYc1l2w== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-cast5-cbc.pem b/tests/pem/rsa-cast5-cbc.pem new file mode 100644 index 000000000..a169ad663 --- /dev/null +++ b/tests/pem/rsa-cast5-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAST5-CBC,1333844494EA1A4F + +sX7saRVhAgQPnj8aQWyxeqi6XPORizi+iOvXGAbrOnIl4dVflDkgyFrnKeedzfRh +ehAXwCJHJCnc7LWVHaCx7LnSHT3KxOzSaT18kxIpPu8BiuDAiO1Yz9x9BezKaTyH +4GlyE68zdNGHL8qkb0A8nHQig9uSeNDd4OV64MisJJKaulxqQfx+CotVHZchttZX +DCoD3+Qq3MDD8Yw6vkxQe/U2m3K71lenJuaVB0+60+jj4KweUfXT7GJsGKmT4G6l +L+SORqLGl8GcP7fSI/KmyOAcnQONuz854RtIC6el86/LFuC/IYISlAIo5lBhvwBd +pR1+jwyFsBv9wn4x1HiBl2TXQCvjaIviSAvIpQzpP/cbGG+5GszMUroRJgetw64D +dCVbvOxW/hsy08v5W/1zZzvZx3VRJXUmey7sF/OLjrjviTuN3ApEYaLKL9w3HZqf +Uw96GA7LPG+zWzyXdhEahy5IwRnK8N7TC8Um3b+bj/qLAq0PC7wOnzt/wOGV0SaL +jBg3GN8uGJdrunyNPCwq+LDXHVg3MSGI1UOT8mLnqp30fVx5zelD1Dm5qUq+RgPg +NgQW8A4mmrILUbIRYU+Ef+QaWXwmPSj2W6y1+0UBbugXTFE36kuUG2Kg1QIbVbfe +c7RGOYbPpYuvhSUJYXKQdNmKz8Rb4dpDJ16OtlozRLTvzekEyhXVSrSH/NgHZ31N +WNIFlSpdnQfIRgiCW88gQ9iZMwHcjGNlXdwO4KtHG/beKw9An424h51rLKs8eU3j +/e+YenlOjNg7ck3YMDgYg4uwswaBmK6akXTgjDKgcN+jQpZsD31whQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-cast5-cfb.pem b/tests/pem/rsa-cast5-cfb.pem new file mode 100644 index 000000000..e38c9c2e9 --- /dev/null +++ b/tests/pem/rsa-cast5-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAST5-CFB,D9A10C14570FD7DB + +IgrLkHZq1o5WFKcMR4wYNh11nWLTGuExAGChZ92oLLMnbIdYNN+kQvEzYH6q9eJD +MwzZ1M39ymsY5YzCzloN1r5U5OPvw5Bh6X1i/9zg+mT+TpXeppaZOYnDb5MYHvlV +/qRX0jdImuVTGtArNQaHnvpQVKi1elu1+Uifv+xW53BOUjKzRfV5lQqYeAzZzkAm +Tm+Olsj1RJvDPAE/269Xgm6/PMhLVH4Y35jkHqUh/Fes6JfWNgc4ZjAZH1xZybxA +k2edwsENkwwMfZjYnCjb9Lkw4GO74w6PT2t482A5yWx3BjvvcpRRvKAYExWXGd7P +R2pJXzu7OH+8yRnHp2x5P9OsGKUIoQyzvCvdB9owsVj50HZQ7C3hchmiS2bfOXUm +1IlDH76EjnuLOeDuPOaKMZa5lEge0JDu9wWgMrEfC+t/9xybQMekfTCGfzwz3Dnj +i0fNNqRGSRTPQJ/RhSrBL5IUNdaZvO0+49jdQ29GTnS1/zypPb2tchUwd8N/XK+f +tKJyoDwhgRTttuB6+xepFMgqQUZNa8/NlAS0kyX6UROsiuKjLS6nHBQ+QaS9c6Va +KZWZMMdV7l/NzXWrvF+Zr92QusMPbN7hHAfW5raGGlT0KCno62WpU1MaWszYS77P +uW0ndVlbOQYE3PnTe6hyHU0zlbSNb3DIpJ2B7gwhAwh/xk2Wl7b8pifBQMTYc+bU +HJLORpuFrNS9oCOBA5V27wfwkVXk7m7X1eZvqS9IypRz/aNvWIHkZyEgEyGN16/x +VriluGDqIQOPiS9RF88SfRFtmqczcB55e+gVmptoYNQcRw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-cast5-ofb.pem b/tests/pem/rsa-cast5-ofb.pem new file mode 100644 index 000000000..aecaf9e13 --- /dev/null +++ b/tests/pem/rsa-cast5-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAST5-OFB,5DDA6D06E3E7B3AF + +j5nKw8XtGUSba7pObNE2hiOpqJAblYVtNp6LwgssM27FU8iOZL1b3KKt6KxZD/Zw +cD0if7jta5pRP8javi8ceeQcnwhVYY+Iop0+LLhNMPWYnjrJsBgjYNrFcPMrZXQE +le3TaXgprSPPS0eBxO0MUXxnVHbLK+kMKdzRCl6o15TY8ALrdlWqThrnP03t8yN2 +k0FBBLxvNh41n4NQOwyP81NxKR9EksClDFBh8AckE1skvpjGbqXfcjaREwgKXbxo +NInk0M21ckyAWoiD8WZfwZPJxaC4Wmulb2s49yoD9ps+zzmYTod0oLFbgXPrj6Mc +QyXhtBfwq/nvVN15DkKE7KCeveBh5ZkDQsQaZtGMmDm4IfLQzQ83wV7BgOe1n19J +FUnWSUVs6ftq9Cm5QiHxQGTX5D/m89QJEDhmTX7uLQR7+0RgXQ+6a2on4nEGnNra +x5q50TdOvg93JP1z9K4PlVpvcXbEqqCkdiOtYlyVeLjVaulBUJB7Tw2xgs/bASla +xjJq7fma7LG8NM6adX3+zm80Rq+5UopwfJqov+NwjNXTwNaokdANbL8FiUJBvRur +jn7YCQENe3+1N6EamE9xBt3RElp/UWu37nlX3FSWhtC/ipjc2x2HClf3LzZlv4G/ +NqBLMAAEPIE6Kb7+EIhaxhHQ7otPy0BvVCiPmKeS9ZoMcdwmqJPsLR7ayCvtuETy +ew4TPVGyuomAo3uS96t9G2j6V1ufLKnTVw0gjwQzu4iQtgM8jOfeec9x+96hXcGq +MVf+tLo24RRkmpj+TS3yrw6p/Yl3fdLUQDGj/ZdNlGG8GQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-des-cbc.pem b/tests/pem/rsa-des-cbc.pem new file mode 100644 index 000000000..78c5d985d --- /dev/null +++ b/tests/pem/rsa-des-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CBC,DA8680AB93BE83A6 + +2c9R3NnVdmpJzxxm5es5QvX3vi0Du5e+QMSPHm0NRIsTRi4MQSm1GEq13J8SXOEU +UJ8zEYfZYQFcnqnvyg31yLYNBNLXdv8DRqIC8JQoGp19BY+sxojTMiG+Ac0CftWP +WGthPPaD73Gb/26YULMFfph4jl4RxjtnAN45WmajVRXWQtqdDFdnzJqLgDGKnrWf +vf9Im5YZcBqmEeEipdG6WUBIjbdAz5QATobo7zuxztbIJL+/r5PfidT2yyahgFLA +DPkoWggfO6aXorYO1o58pUsPjJDRz9ID/rH8ibkvrVKF8NchlyP81CneL9DTV//i +ZSwv3fcuZObDREPNqh5Rr4wJ1xcsqHh4KmUgnTcaU24kl8w6/v10FSVTS5bT9ces +TPkPL2GeqT9c+XKztyWUSlSheji4vS6YfjcXbGyNwMZ+2DBy6XzgZOYXj5fQrPG2 +ioKZYwrpUQuCYRLpdcghej2owKlwxE4A7MB+APZHaYP9ItwD6BD5YZHncXOa4XUU +87+e26FbFq3joI+2qWLy9+Nnvbh1M6RwP+zcDedhR+S5lh/SYlODZitlp/l2Re9N +IaRwbQdS5vqHKIYOkMELNK1Rty6G7fFDwevrI20mnb3mcwpOOtDqLbsJrNjVjvdl +Nn3QIeh4IE1qa0opnncOezJzNIniypLiS0o2MFmFSIhcwHTqBk6A8bAuQf4cUNvA +yGqvXDQdY0LPYMIqZe4hcVIq+qsUSWSjhPw6LEXeQ6u0q7CPOHo7DDrVL9ui5gKw +hf5g3fMe2ixrfTPbX2h/Le6Rxmj3hQD4L94qeYrcVqS8NOsypp/IZw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-des-cfb.pem b/tests/pem/rsa-des-cfb.pem new file mode 100644 index 000000000..59c707575 --- /dev/null +++ b/tests/pem/rsa-des-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CFB,376CF2DFB180933E + +xsTzYGzuTb8ZXsuNaQ9LHDkHLDRu9WdpQWzfb7BHqmjZppteaQGaULfdEMGvgxW/ +RhE9n41jMFanAHpWXmhfAYwnnEVW2Voy3TE4EXKTjRr0gWIHeplb25GOsnZipOgB +uT6x8GzdX02/xHpDMzDJXy3vuAiMLucy7dUD0bQgj7+c3elYTLRRUOH1SEXg7qRp +VIcYg4xAvVmmOCzX6Qg6jB/gnJNyu2LgfEhYQFt+uKi+STzbuCPS+Wms7wX6w8gG +Ve6Kjc/sr6EYjypk99j6wblJds0FwmXfwwKyOAjz+M6DTPxvYZ73hhsRjpOJmiW0 +Y3hqPoK6O5U9Zq7ZwkmsTezRASHv/OnJkNSjsWTiWqXYdgn9cfGhtiK1ed8jc4BU +KCAJfR0Xq3MJMoxi3X3NeBuaUXaFus+02scF8DwEaF508lxbRyqGng0xXLGnDznC +UCLdiq2IQyUQQxq05bNHXcbNqC65vrA1wVqVBRztI+jBLy8lDhMsV5PnFxM++c1u +XbNTKaJ7UczgX7/Digwpx55eyUQVpNU3hwuLW39sYysZchnEnUCP9RikyU8A3KUS +to4NwK9RtAtIfk6AYeKoDtTHX5ErHcBbUmQGArpsy/pyunfhNE5G9VPPa0QjnihU +2nQII/EGeNB4JN+/qY8mQRr9rYvIl/ecnkM8wSFN4RIsgV7tUQwKMZTvcAln6wUd +agdAkVr+uOdbPtsAiZ6lb87jGok2oo86dwJeLfTPoCrKblN/aCA6LB7jAU277xh+ +A1yPdRSvQp1R7f2hJXvpspYaozyxum2qAQcsmqs5Rtq04Q== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-des-ede3-cbc.pem b/tests/pem/rsa-des-ede3-cbc.pem new file mode 100644 index 000000000..5eae9b484 --- /dev/null +++ b/tests/pem/rsa-des-ede3-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,3DEAD22ADB3BD3C4 + +qJgIg8z1UdUEE6HOrwcYALUiYGIGYrmXJm2J3wxfdX9Km/2U9YVPR3sZv5V57gLb +xo9EpU+d0d5pmacbspGQeY9FtyXlkg5Y8TwaOTIfFs7EyBFj0BdsS0lXoIllIieg +ux3yHTYrA8lgXVMAdjOiFgJ7IMdGsKrxqz2TgZudz8hk6ErGQ1nI9Rh38tTiIqEO +tEBsxyEYFYLOy+RhTWw+OnELQZ8U4FtEjTYlfwfUIN+LZ2RBvJk2e8ndRpYYSsNY +Lc6rgEwFEJmooXqfHQuCRr7nC/pG95GaLqHRrWBHjK7dTRc8CmJ0t1CB9GQDCIv2 +9CnfrKcUWzXtfFkL7NjtYlz3B641pb1TsE/XPPqYnz6pi6cyApF1dpZvz1I2e/jW +H43Dun38wjPumJ7zd0YKh0waAaHpT197hM8BNyW51XSKAN3EFB3vhpZY6sgQyUQP +8PjCGkPEupCUloyGd/wK1gV5FTWl5Uv0vsrGlOJtdsDAV2LgzZ2n4Ho/KmuWfGUo +1CtfPejogme8pp5LlOEwGpr2ceb11U7CuplwjWs/Z7fo6kF+w6TQdA+f0FPBBZbF +b8K+vL4tYq9JgrtrUrgo04d8T9h/CMPJYJnytM5+0F2QiWlXGLvAi6gQIRnKL1qR +r/VGyVx2pVwL0TUAJpkYN9MHcdngVL8PmKYDs66b6zgLJxUxuhCb5Ps4xaqXzMhL +0QOtLUh3pMN3QD0yJOOcbNA1Pdbda+/7KIFLLuj0ouo5RQu/qz1WcREvXwiSvj4j +sB+X7S9GHFbytD6tO8Jj/YIgXBWeRHFeCXKcx6mLdXADlm+81qSqaA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-des-ede3-cfb.pem b/tests/pem/rsa-des-ede3-cfb.pem new file mode 100644 index 000000000..ca443f3aa --- /dev/null +++ b/tests/pem/rsa-des-ede3-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CFB,BCD5DC47A5C62CA6 + +BgN0xi5XHTlT3ZwAeVUWyE95ud/9GBW7ghC08yqp4FIYiN9j0OsiWM/4rWjSonDq +ZOyr2Aq7Tc6Yx+zv3VY/4bHs0sGh9YFdaU9GAlFUGeb4kxyeuHZ272+BRaGDOeaD +cpd+jSfJgCI5pNE1YBrJM6EjkrcUfLnMu0uxY0d2S2tYtocaIRhJVDWwUfpTdXCz +z4cVnGJAV8T+O//Q5njrWnSy1COAHqaJZpERt35EmnpR3p7L0qtLFDY3HhJZiYSt +IttaRNucVF3T1czWHLxsx0n3ObLQRD2I09i4qIq/N/ek9uamHX9eGyW6AiDpVhGj +f8gt4EmCOnGAy5xOo1UwYkc7HS+SwComsEqm8cPKyWrndCdctYU3viH2C2zussNY +o/YqVfjGE4tg0/m+PHUfeuiiVErFMewJUDQ9TIrubdI+W76qVh+5YWRTZa7zGpw+ ++doVqgJgsi0gAH/c/RSwOO+Os0aHCrJ8jDhQ/KcVlRg5hAozzOtWrslxnCZ3e6ar +7PuqvHjJ8UgS7ahvyQXTAhmjyPma1+2TAlu5K8Nsse9r3AA1ZrKnjXssqE2NHepC +1cOlfTZjVHWrMh2GOVLqIBU0jb08EWC4gnv3Wy48To/1v219uxfBZItH7HMijirp +ikOgX0YpYuKR+dgjmKfxTJR/tr3HRBbmXzIiJiRi5BWXpw8RsD9tZxXLmaPotz0Y +u87od428FOhwqhipKChtzv8rTK2OebWQ6iAfx/Fqd6YAwQWDbKjMGMnDSamYcGwt +cxZI2F68DZK7soNSWgdQgUW8edE+FWW2laGa9lD2Fey00g== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-des-ede3-ofb.pem b/tests/pem/rsa-des-ede3-ofb.pem new file mode 100644 index 000000000..1f10dac69 --- /dev/null +++ b/tests/pem/rsa-des-ede3-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-OFB,7B40A4B78B61CC27 + +iAoUqthNG7mdy4xupBkFsc2GD39Pm9yreaCDnj8G5zEzHKNddpkomod7IC0OOFqi +f92qtpmAlDfaS+vd3vcBicy6/Ki2Xl8jZhTsrVqNoDrQgMRNuniNgO5M0uMfyvUD +NATWulb40OPMy5qGbwSZ0kJJJzqw36L5pMGShmxRAd9QxRtrpn0v6lUUex0Rlt6T +ueqZnnmqq4OcN6WFWsIaHPVu/clwNyboXgMs8jEEGMXz+0/9DZVqAYlt7GBycLHQ +Nlr2y+1NruQZXsctZ+d4OMEEcG1R5+tZWjOEQf2T4ne/XOOnYEzj7vgCo/iN4xnF +zNf75U3X0gz/wFzGhOHw/HIX9ON9rEj8OdbsH+tZYu410Yp4jP3VN4cFPt2RFbuE +TXBfRfbOSd3GiGWSTEkukvjvl36Ig2XM25/6gGHQ4g0W0/A2XeQHwOyWaKAwPx2f +qUonclgL6/ASDoF80odedgbaZqw+gWm74BhNMXDzGPc+7EuKkFpvVhw7jSTvXwYu +XPM4Zk2+dusUkhxJ8n8RdPF/0GmjbPQ4APG7zFLaasi7448NV2z39ViYSBlvUwXv +Po6CPYIRvoKH285Ax0r10PT3U46pjuAa9e0Qadrux6hCLUx7iwludTsEEsrnEUQQ +Fyncv1JjSL4Ca46P08IsZLy+zZS0g06aIVPFpq/HsGZJ0k28z9cl5aFKlC5rFcfQ +x9PX3bkzEMV3qcm/Nc9wD3PDpiXwIP9pMI/JOZoWDsUMzFWshihWDRp5CpKJQ6ih +hYycIyxnSJ2k8f/N20Dkz82+zJXHA8ArYTyxrnKFW4Q8qg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-des-ofb.pem b/tests/pem/rsa-des-ofb.pem new file mode 100644 index 000000000..4eca3c788 --- /dev/null +++ b/tests/pem/rsa-des-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-OFB,D54F59B32E69FED6 + +kmgjwZgAfTs+sJ+bVuQmTxi3D3yrVHEoj/MCEVCizBvcaDQvcCIoeM8cr0kCZuVf +rwtW4j0tFPscjtsdf2qvAwpOmLbPtwp2QfEDZrYXjYo9Kc3V/1nb8eoKSrmpVwn1 +yNjM4+/ojNiP8cqfh7YfcSdnJnIzAS6Vp58WHxECTPNwAAqKH0C2ioN6IRkscz9j +h/PhTmpZkBGS5HwAX5sUSexa8VnzA+aSusrO2BNIRETEF7K7V9XTLTZQJKADNxC9 +aFGd7TH7rbbDZ435zmWwhZzbVxfZquFDWMTju2NxyvYJ9HvAq7COCiJ+TL70RRif +2tGX30aA4uUOTMIPgBM5TA/gm/iy7Z/InDU2urwN56syw0ot4IIs6n/lszWqhGZL +jEzbn6uiA1fq9Ln6Z6lQOLNkZOngtKrCztHmf3U5mUUHxp88UhH0G00bDlGAVFxa +HaY0kmk8mkDxHF0bnFNWE57KPqRGbFQdJR4n1qlW/FJ1rFfY/MUPw3ZAUYt5sHFB +5aEc5Dz6N48p3YiY9fYKqwSn8QbN1cKNC/+nh3Q20WeG2V8p7Qh4Cn+8lpE7kY7K +rFU1mwlC8WG4ggNwa5Pbn2aWX3cpIRhsd2VL4fJwOVmfIA4vmIKadva4UT48g3qU +ORT344NDyVHeewK3wI14FmpUkz8gK1mGXNMRIlsh+1658ghVoNueO5eYUDOaqqOV +eqTBLjHnhAz4RnIrUdTNRW9gcNzfJXey/rJmOWXqnutvExESA2e8gDqpdB9k5xA0 +PDkyFEsdtXjVxqFZ0Qrk5PgivCCXXlQKT52U4Gr2XLZ9LA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-aes128.pem b/tests/pem/rsa-encrypted-aes128.pem deleted file mode 100644 index 9fe278b8d..000000000 --- a/tests/pem/rsa-encrypted-aes128.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,E34B30358A82741CC19E7D3B39F262F9 - -gBfy6bd92405991TDo1pT58ZimYUlsz6rXQkaM22TsMzKq56Bw0qz9h4JOJ6huKh -BQlHJ1Wn8m75J2dFPAX/Y1qTNzTufNIZ7iGsJnlagYV1P/ICN2kdDp5Qozz67n+v -N/S8S+42snqrL6Z3PsX31Mz0+bp+AX+IONEDJ+63ggOiMx5/eOh5fGVP/xovCAP8 -E4NYev1mDY/DQpsMhaiSedAU2rwbGZTLdyZbT5Nj8bWOiU8Co9B0MLrnwfjqS9w0 -gpeW2N8bW9WrXySePS5qJIVWs4FwC0OnU0oZ5h2oi1p0j9vJfOBTHOnLXgC/m8oR -tdDxHHUHrhBmLvMHnb5ZxMSGqYAB5CHt8TvGSYe+wUNdEV0bwWsgwDQp1DR9UKij -HKpMbemWzwueOeXvgwmziHOzxureE4vAEEv+rakxhbagkWpizyM1IxjxPa3A0ohY -THF/dq9PmDtyTtAKYcttRlqhPTOUIWHUu6rxqYpuXY8edqzALoC1dUI/WVJuMesf -JVcX4gL0FxtN/Cyd2j01AfrC5rBQuEwq2l5IEfdGKv1rsWH3lGpI+yv+l6yLrYT9 -Hfooeb1ZKx7kf3J4Yy7LObaMuCjPaYFGeAAwVP5OL/cSRwJsAgvpTmwM9k23+AAP -WS616Cl6FpKTFbJSDNrqfEAo4ghsbbrmuG/EzhqFNzYhCsX2GKRqp5Om5TBV+pSe -svP6HF2sh1bypDlFv6V+grUIU6FHHS8v+/XeO502VDMdMonuV3G9kiFvL7pXGZ3Z -iNFkdAUegliKvbkFg5DyHMYnAmYrj90BYaLQBPCVjFR8waxHLr/eFFaKTlvKT/T+ ------END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-aes192.pem b/tests/pem/rsa-encrypted-aes192.pem deleted file mode 100644 index 5c157b685..000000000 --- a/tests/pem/rsa-encrypted-aes192.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-192-CBC,84225A437AB98BED8FB41AA30CEEF69C - -phaXiTpHZdPh9nB147D+IBIuWRLYueXgy1eqX1hFC/xskCRGQxwmhWhppGp6Evcu -PA9DywqHHrYPl5fZsSXjOpj3H1JU/4oP/q48Yz6832YxRZHblAZgVEvK+OqPFq1y -FVnL8JMXLZ7GNAvl9JNBfmL4kYJY1CwcLeplPXDfrAdrDt/974/jNB85qsyqVsQu -QNdLj3BRLJYWWv2MUIlfP2+Wef5pA4w+Aurv5evxcRZYSsqUhHwrBjfrXMumzjAi -7VHh71TyFJBbN/qiiBqaCLyG301HqUBdcpstlZ6GUU+dIg/QR+QrY2T5rRwmbp1T -RA96OSsXypEDz/35XMrcnFV7PyO1q+GueXTxnNH/a5SNKohaElxyn7suJ5nuoh/W -euUNeNFk6caq2wkCS7Ew5vvNqYbh6npKdrz1JzfsyjpwYkPdE0VXxEe5/Pcqhjpc -tKZ5Ej+nNYSCIDrmGd8PteoUWby3oeyS/K+8OofKu0nKexdJ69iY7bcMCu+WuM/K -flXCgQU1d2ClY6x7zFRjPjgI6NCiBlZ7ndx5NT5BLJfWA3VZRwMZsSYx04kUH+wJ -vkaBKUGpBQIvR5cNvPberc5Ckl4CdiFCGSGhREF6M+8sB9KzdVebrBX3ht/lE05v -m+4ekGz3O8tFFKEEnVHwdQw5aXGFc9TgS0gj6CVMl21lWHPKXAoaY0g0TRjc/rgE -c4US5mRzyE87juEX0dOhx2CcJ6q1/CWXIUV2CKFS/9ugOy9eaA0KdaC1r2Jec1bA -yxbM0eNXyckHhh062i+8sHLkWkRN34MPGp4p3Y8YT/iqPatKrcLOODm8NeJD69M8 ------END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-aes256.pem b/tests/pem/rsa-encrypted-aes256.pem deleted file mode 100644 index 6a7cd289c..000000000 --- a/tests/pem/rsa-encrypted-aes256.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,D3DD9599A74A0A204325A4FC0104274E - -Cl//jk2w+X7KMvEoqvXlyz2n3DHqx1UKSHmK8ab+Gx5CRlbTeOkYseN75wx2Y3/B -WiJTFuKBFSjK9o0ts8Li3xQUnCP1huXq6pY8CIcEo7V7ZKe/7rWPwPtLflaPsSoz -4paXwqeUB61gS3qw6bxof3WFKN59lU+Xk0HsDOp/SK55ceA0j7vtOFm+pq+cqEwl -wy3ZGUJUDCZgYOuTNTfvDqoRK2OuH77fbQu27ck3eKUC5LZiDCQ+Aqm9k12gcCdF -tqqLZdZyQWJK/rpqY2rHZkLTkhou//Cs/15l3GLDO5P670aVEJb6vVNVJd5msu6b -JGWDb31McTwj7m3NsK2OSPVfhGuA+Hx24/ul7o615Bei4AsN3yAcm1bQeRKHyQoA -9LBZgyznt3NhEQ5RoXCR37HjwQheOoDcwgVh8uSJnKaD1dUMlIJYjW32kMbj6fxF -kAMm6JT4FU52jnpsar0+ADqrLst33IkXfiPWzHoUsh9hnTzDwqOR1oEbxAnBABkz -zkZPH818ENHsg6c/S2z9ZXyLxjqd+kh53cL36NiTZkCSJOfwuKWC9gnXsXgmpcV5 -BaOozzYLtW6OMsPWrledD5uV5EGBitLiNKBB4h22/AR5Br9Eo0csEJHkEfjd4hAh -J2iXj26j0QmsLJV2KNgi1q/b99r6vqQVuFEUVhBprrt+vMVRlTAs1gkPMhZHwC5Y -CP3w+d174aIURUeOqmTmlefP3ek74kKz+eUw5/KBq0yD2gWguuW7BzTF+GcP87Gs -nBoeIbAF+diy95F7y1zXLlYr6U+xMaizpDtYChDehUXd7Hd85AqjRNHDD3a09m8t ------END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-camellia128.pem b/tests/pem/rsa-encrypted-camellia128.pem deleted file mode 100644 index f3ecd0474..000000000 --- a/tests/pem/rsa-encrypted-camellia128.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: CAMELLIA-128-CBC,0303625F03B4D00BCF0CF7C823F1E665 - -UGZaiZfZe69svZrpTL4oIuPgd6erA5Gmz7Yo8JJAcrmIRyLVaNeL4/FNQsstGyxv -nax0h5X4jLDZrFrbF305wbENCEoDffNzII8Ju/w1lVxpOdkQTJtKUtp2iOdFAMfq -BvmAVgjy2M0W++SluLXmop3fo6S4fxsOkLywKPLHFUZ8JwSg3I5LAMeCepbx2bG6 -NfozsjwVSVc3grs/FKHQlBhuXyUDJNJwXXA4hpBqoLPjBdOrYqjV0MA6D1csIRTu -G/gsmobtp9luWQD+dEtufLXvfxOlLnJCdWWS/lhwxY3Zym6juc917wNQoxgyQq2L -+53kX2VFFLM7g6ES0VTMF6oAbglqKLABJOZk0aSzLh/h6RKzh3WaT0yux9w1JmaL -0faIJDG2ZNroraOtAIDmc3Q4sfk2EcBxOFTRjKT/ypPcwOY2PWMRDAXpfHtAJrRx -H6GQsM+X04wahpQ/aHCtUu1EO6n8zEdej8XUu+Tcz8stO7h2zs7IOi+7NbqqvHYk -V09kX6FgSnUmzsV8DGcemEM2XkSbK6p+/b5EXHbvwkH65zjDNtfjloWgWd9B2nqv -unB3i9h1Kd145a8TsiNE7Z9QI5bIBXN7x/70SoO5/OJjjPczNSHkgsBEkIseyjkU -MuEQ6s9GFAOlw885ieUEJuEwyhVcA9ksCp5SuxVNEScMh3vZ2zK7reYsg8GC1Vx6 -2tw1HUzarDDgp5SWxjIFq14NWySZF3PTrlcmcaZkiepSprFGm3QZ29mXMpoCIpJW -344/5dM2kkRgWoZhJP0d52dX/D9lqYG3nD9vlQbOFKR4DyHW1yeTGFlheqOdwiU+ ------END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-camellia192.pem b/tests/pem/rsa-encrypted-camellia192.pem deleted file mode 100644 index 3f10b3440..000000000 --- a/tests/pem/rsa-encrypted-camellia192.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: CAMELLIA-192-CBC,FB1DE964D0983449CAC8D7608D0CFBEC - -bsqay1xsCDMwqFR6vThpD4mDycgkc6pB1W9nMbe81bmYWe04c9jDk44FlhyMEFq/ -fetzGn16A9YFJoX7M+myk2rRv2xhj+UA7+CS/CDHSuh74ZP/Ebj6nKgyzNJUpHqG -4QlUBwWGedkkkRCEV4w5cRMazXsclymENeAbee9s0PKAfso/w7Thvm2ET5Nuu6rq -aOQsk5pVjMtNQN4FFiFa+Qi4u+cmWACvLj2zETg4oL9tzbgwe1BGF6Js+6oqDQx9 -gwk3Gem+902PblqblH/4k7Z8VfuoDj/2vWC5azf4ndEef3sTfDR8X3DGbauUHyYI -gSiI7voaOESlRsWuuSVCH1SrgoNJZFY32wjVGOd7iDYkoybacJNQGRwu9oewd3IG -gAUY5OiEKUHDgc2rsR2ASN1UmAppnUZZbnQ3xNlnoE2N8OEkhykYJTeTC/k4scKx -hcw880ZfgYm1btw+W0UH2NPdNCIttahxUdTWqGBeTznuVDuVCYXX5HgPX1Ufp3D1 -eyJlUhzudJ2xl5z/qBf7ePzc9CgHqpq0nRGfEpS1fgHi2xRBF1JrYJXXAC61712Z -Z6hwjg/22YturTNAOQ719aXZ77Tx8n22A0wrUP3g1nHEICob9zyBum+ncjCRVR0w -ciu1iou7VYfr9B3nS9ECUZY5UmecWG0d+7ELXItZV5bP/wW3tKW54Vh5a22WDeO6 -B1R5MAEXPQ7qBrcNmwr1MEFG2WoucLBEJfHzrkJFIlhwvE8c2AXWZnk0jmPxOlUY -QfxHwWJ4/ufI/FRTwFlYwUohItBAq5j6ve7+StoM3P6qT+bnQcy01xOw3l6o0U6Y ------END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-camellia256.pem b/tests/pem/rsa-encrypted-camellia256.pem deleted file mode 100644 index c96caca81..000000000 --- a/tests/pem/rsa-encrypted-camellia256.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: CAMELLIA-256-CBC,7F40CB6CF02BCE145875EA4A15132B93 - -GyycmUiMdO5AyYLtDy8eoSlcMBrk4vF+VfbPXLa8jz/qqglW25A+dMUw+B8DHox4 -x9t/IWs4Pq2MfNflct07wv6dnszTwVTpyhEOubRd//Q/HPjau5TAmQM7n0as4QHw -dfbCd4laS8siug/KHRPYUqdaiifBOlzpxREQnjYYfXG60KlZYyxIFTp72W9BurIn -BoHznYxQ16ZuID9R0eRgKQZok4If0cLt14z6n3fUw0LZeDEU8RFE5+2GfSgdghR6 -NPlZN7MlaZaVRx8ctFRROt9WXtCfvMSPBz7ua3qymuct76VrjzlYaxhr7nqf0RY9 -Tt2HXZLYzPvnKUA1hwJhbDXw9i0ahJ8lNDDQVEEy8UdiSqtWqjpAbOFuy1HXv86V -mCH4viGdxNqOIe7IMst6jwvnUSDDTFms0fRV9tv+JouKgQ5A/H+VrxKiHm8ZpZRK -yXrMusUMXFQ98u/u0vw1f/dn/dYocNBT0Dgxp3K8mmAuSX3XOupTtDfHJXM4I2Ur -tJfstBPD0Ne54k0aBQnOjeUUrtXvu3xgY4h/c80GvXLHsQv1lTQF3o5AEStUrl9B -KKAqb/E7AMr2a55RYl2rqV4QfL0rvhnTR7Os4ytjwerYmjaC4XvGP3omLWHhNqQJ -jmPnUzyYDKeN1w7nZvNjfrKZvDWW1WT/SJqXqh7tjWdOM/2LRAj3b4W6E5EJBTR5 -8W4REs3K1Hgaw5alVOLRr+tXTF67WTRxbMgmnF+JBmTccLG+Htql78HEPj9Gugf4 -qaOOCrJlSm/Dd2bgFo+FUwY8Plytp/Eh6vHPGrPEyNTfTSd5MKjEHDfhmNmODH42 ------END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-des.pem b/tests/pem/rsa-encrypted-des.pem deleted file mode 100644 index 64817d856..000000000 --- a/tests/pem/rsa-encrypted-des.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-CBC,FF92A06E353260B5 - -hmY/YaeOr8rrGrakUk0/pk5R4aBsrl2EKP+i58ziIKzRI7yVGmTgGIr14ys3oWb3 -9ba6A3hOcQvKfIjI4JxbWQxawOm++Cfcyp+PR7nmIMK1BhKeLynrbuTm7BvPRlHc -APJxWA2OcwbSgnHRqcD4lZxVjX0JrM6w7axrs1/+K0A4NEhWDnWkHd2NHTgtlp9v -Imu8n/atzm5olxb5DFGdyEVR8neASxQ/8gN6jFVG1lcB2DbR+LsS6s3aqrKNMbVU -TKZteJh3Y/WWB1Qxo2Wi7QzjUx6GkFKPLQvLwtJldB218slNfRnlaE3+s/U8WOAL -NRhrLqUij/T0DwJDEywl6DX8uu0Nb1Ge6DD36dp/AZ/M8k5M22Sx8nk1IEEG48cU -TPF5r/WOKy2iSqBx33s9J/H8k65es/YRLv2fASW5mLySApbsKWrX7qgX0yeYa8qC -e2ORyMQNmcgMu+vkyhsRSROCpo03CwZXTugN2h04UdIYhwXgUpcUX4WT+P4L9fAW -pMIan8KRpIv2K4soz20rSCfhspk4tV4oSf165chzBHiw+5bELa3WkfyxowpN6FpD -l6w35mj5y2I4XJoG5OUn5F8P6Z7qw7bB7pevvFch7X1LR/5rjeeXFL2hHPOK0Z3h -kgXez7WcRlv26m8JPM+GfXrbx0qwcF7ApuGa20S3Y6MdMlvEpYzgG7eCNvNdgQqd -MqzVQNLyhVwf41ttAzFbWKJSLffC6Y7kzBRyTnGu3os2joLPWt4i5cc74PEB+Yxt -FY6XZFUeoK4BVVAQ0QRnDxqq9hciGIodiiJZpOiDS3tjxfEgk2wqgg== ------END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-des3.pem b/tests/pem/rsa-encrypted-des3.pem deleted file mode 100644 index a48b94b6c..000000000 --- a/tests/pem/rsa-encrypted-des3.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,107EB1F9974CA9E2 - -CKBun5ni3tE7KoHUhY85NnFsxoJqIonLtiDEQRPCNOzFlmxYNqI+hfsnjyQiMB+O -deqihKPEcU4lOFG/pXeMOjgsnqrRSLtpPce/1T0kQBuxjkSGwRDj7Kiyj4UInJTO -8z50k0cclcVveTuta+hsq0CTItu6RCl6kaimjixrYsfNd55ahcR7WjU5DL23DHDe -dJvPxXNcU6Kne0dIGm41uYTloleoe+f5Dvf27421sRlgltfA8M8KfaB5AKUOp/gA -DeQ9lcCwSpCfPavIWdpyW67v3NBoICPlmKUgg2EsxB6+nceHP1OcAAK4Sm083UBB -1uLcF08Yz2lMe7rHMieI8khZyjXI1A42M7wL3Yyl9m2/DvSuE5Xu6qyuEDDqNFbz -GHQ9YECQ6ykf/MQd3CeKUeDlCZ313Nmb6uqehbbpm9Yayr/M9rwpgVilJwyQhELO -gta3RozpQIqx3a8UXgUSXx1xckRdcbYitBGFgh3JpU4iaYyE2jFHkCrzUFt9Q3To -pe2MTutj1K7l1wxUVy47nfK1/3JLI4wiP0QbflZMDBGiCyMPmZpJWEVkCtH3f1QY -tFM+2TGkroQWOU1YaK9liqYtXQ8h5cjqSC273aMU21SK/FOEufpOUeWa8XCdOsNa -MQKfI/fDgmAmQFacy4RE5ICWx0s68qnQotvmdyaLDClVFha5jlAKufnee8T1L5BA -TV7HJci7h0wy8hTqZOiGpmDIG0UJXcD7sK+PeBKvte+wfaMVyM0Kq+j7DWCJRgw8 -xw8HpPDCVevr8tI94JszjiJhhRNuaHw0xiN8MRxf62MDEpw/NM0HFA== ------END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted.pem b/tests/pem/rsa-encrypted.pem deleted file mode 100644 index 888618c1c..000000000 --- a/tests/pem/rsa-encrypted.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,79A277F758B09D047847C9C5F099B5D0 - -cbGjYcmMEdYJC76SMAi5cbiJ17tcR+swnKBKJ6Wz8TEUiG2WjhkzPcAiobJQMwNT -r47uhzyOD9SkhuXkMwB+EXaB8JSBOhqeLE5zmxQOedba5HHWUBGBHNa7FafgV+/H -RpLjaAsDkXTnmBTBbLpQmMP3zJRG2e8+G7/WFakzd0QcQcy4zWNH3WtBc207Oeup -WN8P2XA7KQkHnCdojfLD4JNJTosa+o9HphSRdRtTrzCCR6WMH3iUovnQCmSARUcm -7JmujGzOx/wuKDiC4HSZWYhOul0OSXrt25G42RJJu4v8bHgsKFeHp2/U2Zpkkd/b -96TtQ7Mo2lsuZzUEmb4kWO+2vVKy+0sPn8G7uOID3FZ8jmQZV4v1ASLGz6Mj2zJe -u0b0+UpSRB8eVwM3BL1oZxe3MSNynFgbPs53Q52zJGX8CFTxDNEPGYYRGFb1B5B8 -Hd6QTilegEbFStWLH2tv1IX/YeLNytd94+wMaqRmDv9huo9lushQ7pT4tMkntzte -vMkboFD/p83T2uHXMVfRthNKBWfLYgpAbwQ5UbfLjTIxZ6Jhr5hakMb2R28IaXj5 -5Ss85suLiY+RWnNCh/313ghuWvFC3Ixx1YVpVKdTIGRK/gLkSzXV8oA00yJm7RoW -WilXcXppWLIODkOn3VFsrQ9lerVWRX4emndP4drW5SnVCnkrlPDmE7joh2Mumjwl -vO0QMq1o8CZoWbxZ20qnqveoEH0Kw8qhsLScxs55LGgqGnf5G0AmVDh4mK6CyY1m -cXoqkJ2IpBmnMGNPKEKeuLGl1kRW7eyP0+xlGG8JtMpA/xRiSn3lRydAlCkxAZRq ------END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-idea-cbc.pem b/tests/pem/rsa-idea-cbc.pem new file mode 100644 index 000000000..c9e1ec9c5 --- /dev/null +++ b/tests/pem/rsa-idea-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: IDEA-CBC,52254EE5ADBA46C4 + +3mltPg7ZYhnrVIUn1sy9D1DrE5q/vlYZoAsgUGIdI5UisVVR1XZIWxkxjVhQd240 +d7OImY9aLL9Lw4cQUuRk6+j++OlWw2K2oKatlCo1S3+Uh/lNcYgi44lDtcYbqOcy +qCLqqusyHKH7Bp/fMm3A5SaKMwcb27CkcW9eKsZRkgEoYHU+kddnjF0S3CSZEFX6 +/UT0bJOil1ca096EFeFJzEdKrsWPqNHlkgQvkEIp4ZZQG2vSo5AvLYykUbpxx3lL +ieEDPzPRl22EIO994gLckkovVIrv7X7UE/hGJ1LhaOAYFgfqhjowDQ6GngKKKaYY +4eviXS/ZxHzTYJYT2R/UtYbFrZiEAWO6wSddiMHY8mP769hqfZOdCBgkhlJBSzga +pKEFKM8TTcVUW09at+mWuyQsIE3vriqJGb3AQo2Tv0feDThwnUVYHzgHgWQIFpgB +amjAdHi2fw0bG09VIVyxKYs0cP4OzEtRCRhAmZ739ozlBTazihbDyFOF5a21HAAv +URWfleIU6cmk1TjH/20Aqx5vArL56+2gXf7JixZ0WT9yH/pqx1SgosoSW79UT74V +rPbIIKdaLg7xZ3Y5iSG+tvz+Gpe4RofjsfIIQ+qMkmGVr/qALt0HYdk3oRjeQpKF +nEcgM4W1c93x8eoKoJmx302PdUJqrsfKXDQMAGrAVEBtwbfSVFfWJxE1Jm1N+HiG +Ec7vaTRnaYbJpKxaAcah2roZiF/APR8RN5hq6V0sJNGlRIFK4FZGjJUpB3HVIGty +XRj1m3z9DWqLbC4hJoqEALrP4oGfGdW23VNNkjliOJyd+UpXmohc6Q== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-idea-cfb.pem b/tests/pem/rsa-idea-cfb.pem new file mode 100644 index 000000000..290a92e20 --- /dev/null +++ b/tests/pem/rsa-idea-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: IDEA-CFB,E870DDC34933C104 + +CzZsDfyRn8n/6ogbTDLibvmBelG2atvGG4aa2kqOV6DkM9q7zwvYEFO/CaDRLGD6 +1lq8HNf0di/UvxwafZlqc+JTwppZPmmIsm53YnN9JbRvRacA1FKkbN89/qQ6VZ6r +iYDF1U7KM+pMg1ieMUiQbaVDc30v0qokRJaURRaiIVB1tC7cb98gagY9kWAAYTli +wKc13VeSpldoFMwnGKNJZxhrLWXxIY5XsoPCb++3DZAcA3PJ+fIFmzhrieWddXpQ +3+3PcaSFySaY4WQkC49ibW3CZH5/kklmUa+CdLGgm2uEAGS/RxmUVU/Kw1nxfNN/ ++7CTD6S+rnEUUok/bPsQiRBgdxH8Qah5Rlfy5FSbYGnk6IUjqWhWaALWbMYsLfhe +Yabz0h8j+fG/hfy9QMaOMf0HDp1nchUe8MhLbpOAnYiQhnl+ypuz4bt1LYwE2xbA +cN0bSJ3+Nd1GQjMzNfBpI7rBQS/yccCUgdcnuAtGrCuctf2ZEWnZfR7r46DVKYgD +J+jcRpbpKyAkx0xNcIj96BwINbkxjSs2CCCvM+Xkwc5fHn1Ehqo+OUwqaEzv2+FP +LWrBdyKY4RQ/XTfiSuYgPxHL3tIZxwUi5Uhi0FaUyRWuR9vA8F9WQjxwKfsFVn7T +1zgOY59dSXKJRXKRt73VoVarypf6bkyGfdMygI2rvJ0g1VMxKkKu5NNZadO0O8UC +9t1vkKD5eaHB+qeuLkqyCG8RzFRYu8IHwmmDYaKkt7Mr1ciDryfCi8qfGOI46QML +ngVeR+Mt0j+YSWy6ucuZJTsPBFGyJo4RMTPC0i8Q58AgoQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-idea-ofb.pem b/tests/pem/rsa-idea-ofb.pem new file mode 100644 index 000000000..d1edefbe4 --- /dev/null +++ b/tests/pem/rsa-idea-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: IDEA-OFB,07F5E5868555E462 + +4STX7Z1jUIgBOvcBUJVcxMTjzGK9Mli/v425w/L3dRSFMHCnIBEwaFMk9Jg/V/Uy +qn9dTGyG2CQkR6R1HSvWLUZPTUYXtOmUvCI92t4w68x7N9BCJI2g1VUIe5Wrv4qv +vsWMDZKMUAp8DRTibFuy/l6UFKaTVG0ClRgkzhMV+Artls9CMQJLaukvgby18ATJ ++iDRoFzQwSZ6lxTQEMMN11DjUeal+8iYUdmmQXJgWaRf56B8iOQX9W8c52YIOrow +XqS1ft9hJLI2eft5DiPRPIfl77eJQdWL5Y+0M7ZDFOcKTtxkFP1gmk3m4j99vi9j +YnecbsB7J55x3Vbh4als/z5fVpIcwVuxuH2nGx6h4ayKQN00PeCY+xOSoyDCx8pD +SVpk/YpMfwoWVoIOId4AXjX4BSVuyi/2+0q0mj2aQXgJMw5g1xgd9ZscMJhc/naN +7xGYXPghBZLLwpqVyqiC9Z01cjhnX7opDFB4b2vBqInBLcTy740aOgtDSiR0RZNR +7zqy8og9Z59+O4+AprjmP65HlnnyPaOhGGwX1ibVXnk8mbczlB0gSnHu1ZHu7NBN +PZyj5wgnQisNtvvhuB6qkFZ8BVay0Oq/8ILybOBUzmDm+4JIT84he1F7txWX6/sj +pyDrxxIjw2vpGyjoj6J+yX1b+7Va+mTNI6nrNjNFBLDRpVMSM10mbNACSLnUaXlN +h1BzQaIpK5Ck3v/3T4DfI0hd0Apq51/YOEUUfsGuhs2/8AcQ8VQtg/y0ZMrOSwUJ +9unSbJij4e7g6vqV/ZzFGt0jBIbzhJCMYi0x9RvgVWZzmQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-rc2-40-cbc.pem b/tests/pem/rsa-rc2-40-cbc.pem new file mode 100644 index 000000000..3933307d3 --- /dev/null +++ b/tests/pem/rsa-rc2-40-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: RC2-40-CBC,B3B2E2267CBC8E5C + +rICswWUUfbNtNYdP0Ub9F9VgRu5HJTY4y22XGGTV/V0MlZPus6cu4oOIJmhFL77J +VM27qUwAFlsjvgNhxcKNrbdLt8jtaPE+y8T/hX0jTEd007SPpu2DyZG6GngVkq5j +6OjLiI2/wif5xxtZuooM4ZDX4VTHBbvL6fpnYbl9ETziSAiO2ulvy1n92+mjXebM +dw30V9AmqRwb6nXQYkikasQuuOpEjHn+Mg80jIiKtq2oXKmzC1CvFdO08KYu806i +FCKffXbW6hqFNQgFepE28u0FS/TxqismDlh1ytAlbMihGaXgLdRrdN7NQdUhmXL6 +rM+ZOps/2ff2HN2FA1Bc+YO1B9WEcRZCSrlmIaW5zwyHMRTJAoq8DmpgK9LuhPSS +aSUXeZpGWnGLzuInEDNHt0krCt+Z4HoLExPoZpw1ilkN4xZfuz1wD0aa8KegYdmL +eytqJ+jiq2UP92izUb4lQYJM3uBM/o5q+FgkfB1GZUhjLoMx8vDGOGY56JqFucy9 +0bsMvh1ibedSAkSnIEWpFKLLYf+MEi42DI0uDrZteuf8yCfdyZbzj/eKOCPtIq+a +oAMyALOPI01g+3WN0uxfL/vyEkB+8dKyTaPix02gDSSxmZI1JY/V4Q30EmUOYrQz +4EqpJEiRokuBDF6zXTLHAPQpsh1xBOLemtB/l+lNUd0tG7TVvgXbM3azh9UyvLnV +ZcWnNle/wAXHeOtgk81EXNhBWnTP4zRrS1ONaTC6A8MsY25HNbExr16rLg94s3ls +as/JrUSq6sd7w0BV2kLomwYkASBiEm+GAQCmP2dYbUO38Mly4Y38MA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-rc2-64-cbc.pem b/tests/pem/rsa-rc2-64-cbc.pem new file mode 100644 index 000000000..b1b1656cb --- /dev/null +++ b/tests/pem/rsa-rc2-64-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: RC2-64-CBC,09EB4FC3DA39725C + +jpPfTgJg2Go9eX1H/GqBM436WutjRhEQa6jiEG1w8LTGlhQPLc/xoYw64GChpZ/n +o94WvN/y0Jn+Rwo/Vwm2h36aY7BSSyBklZ57uejQ9ONeBj+Hk8Bm7QyxB/3jILnm +GEVDbzetmeDkGn39zTrxqKIpwiSiXPVhdg2dG0SA325kIf7tyPgRdBshlEylHoI3 +nFlhuBe2mxHOiaCB2ZqxhXwgxIxPcUnAWqBk6ezYx/xEvWOd2YiZcp9pLmiQp4s2 +Pf6Bew7bkcMaxmnHqVlJ5bColqh/g2voPpFIR69QNtGXmTpOb44Ml2uOanCS5L1f +XFeKl25Jnb4I3ql40eWtYxCcPVq2pqyeu+6o/eOS19v/Q9jCHbFxL0UIgaIm9qh5 +VUrWDYvOoaqFL8bA6hy3KnwECZUdc7OwOpi5B+56vffw+PJG7vIPwNhXsO+W+dIp +WR1UqMAztsh6jieVqOPaBc+X+QtRZ+mkAlo+apGkCynLQZN33ZCwpzWgiSBP06jq +G0t2bJkfPHi45FXgvJxv8OOOX27bkHU8CT0XfdnODD912GcVQaRrgirJXKIGCtS3 +qAX5HZ4aXhjGSq99f4V8FKbLeAIGEOUXrvuMmecxwsHpDnJ/s59pu8vHfU0s6UGF +S6hOLMfuIFxR8YnfzkCcDM9vudzXmkHv4zth8nTAEA26oOpfhn79RNBraG+nA/J9 +VP5r46gJxBWjLVXFiNDEWbdWn7HfJkAzdHIkdUT4Fn4lABZ4sUOZKLdzEmlwoBht +1463jKL4wIZnR/mZ40SVPQISjqmXucuFW5b2BizmbDLTaGqwD9EOHA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-rc2-cbc.pem b/tests/pem/rsa-rc2-cbc.pem new file mode 100644 index 000000000..c5b05632a --- /dev/null +++ b/tests/pem/rsa-rc2-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: RC2-CBC,E15277F46A0D4382 + ++K6qWzPBSC2XWsDthT7L6DUuad80lpVf+WV/LQM1wvSwrHejHtly/RaoPjJhjaz4 +0jzTya9Phpep2j7yflkLD397JmsJUHTbgSUpNg7X4g1QGO93w4726EVWtHljNcPf +vZzW+D0tsjQtmOPjnw0OhBaBuqyS+dGi78YhtD/gG1geNDzcKsM5lXUci7QiJD6m +69frJVTh9sIfijKU0CQ9I5x0Eu74fP3f/Y0jyLpVCYhzsXjS03gheGmIGnZjmrY8 +1SlZrUPxk0DTBjvOw2Tnepb38rA63xidQ1ilLHt02npUFpEvT3X1OJC3DCc7oys/ +F8iIl0PYniRaQU8RWnvE08ckZOKIV5Vw5dXC0nVYNIpu7LFghuUiqgUEMpsS5R/u +AUZRrNKUGhXLbo6IuyDAFKBHWgbiOa8WxR0meZkIU0JxXL9SjfQ/XbeSCCrQqC15 +OWPZUsn5p3KJjZEDpzBshgr1+PAwZntUsCzplhYv+swQqzMFkIvEZxQo4vytYas3 +nPWLidJL3T6n0Lc53zOuj9qfWETjcfGoJAHjG0pZoDbg4RMfKXSHH81SZMTwd8V4 +7JYS6d4avGLVb5TtI/6YtIAWLO3bmYBd0BdMLQDhPLjadnUv8/7SXyEouYiqJbfi +qU12DZli3snK0U5hLO51vpl6Gk4LHOtBJKbQNxK4flOTlAWQFx4vPLPZYPqrsVmQ +6qjN8Wour1F2hTcJcSDYILBZIUAzMNXF5/CWfZNQJeJ4rbHorKrjRazs2BK5GsHV +m4+TB1bNv2cGdRQTkN4ohzo8SNz4UMJv90G2uV7NMZuUcEUNaNSPDw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-rc2-cfb.pem b/tests/pem/rsa-rc2-cfb.pem new file mode 100644 index 000000000..47e368a28 --- /dev/null +++ b/tests/pem/rsa-rc2-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: RC2-CFB,70E45EC369F2C0D3 + +/Chxzf+eMWYQr1+GjTKQgFYLqMT8DLT5okfCfwa5C6Gg22/qzFLhXCfiY+PEwW+l +2cgKj9Dht0+EQr769DHiOtKUM9pB80u9AeWk1fnwwK37BPrL1ycvveMrqyHeevaa +i6V1t3BLVB0OVvq6c2g6q1Jvjip3ZUISF60ozlk58k5j+q3fmC0+tatUFouvk1dH +iwMVtLPPtR/bD+80IAuUAI8JYfvM3rFKcoO965STDQzIQlRoR2ea6E/4EFe3HzXZ +11wthzX+d85GLyEx/IfA2vFv45wznqGagIC43ZpB2JuvWatBV+ey5iaqxzophrX7 +9f7OLSo4AlYzR68Z8DneLGHuK2kag3JI2V1QJywz9EccLcdWqYWqm2bIMayV/Q4C +0QtIA2Uax+Y4FeUnDqdrTq3hhOk10Vg80ZHv4IkAj3LjcLQ8D1DX0XG+EFrmy2qR +RJEVXOYxuRDa1nZTRULVsEcVE8+giInooPxY39ozCykIhaYtswZpPtUx6x6AxMbp +ucXIAFrlN8l3Hg68q3X5iYJmJquSnxB+nI0eFG3oRPtwpTaCgodL4eB5BgIOCg56 +bk/dzrfrCZ9tB8ZAVEcsBsCXYI0eGpCdutOzE49FpKkJgESJ6Jhf9ijg9xf2bQ6m +rt2rm94CiaF+k5FUP/zdLJIRK/6nhaC3P2Ls2Y7RzcGrdxcSx2anm1Kp24A1kMnG +hlrbRzArX3U8wQ8jnoCUxBSYdXdhD7ruj07eZvKH4vR/ebGJboVhMFWN0DLi+MRm +mzwqwAS+L3nR8DQJHwikR+KV1u2OLRup1sPEcib4y5jmHQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-rc2-ofb.pem b/tests/pem/rsa-rc2-ofb.pem new file mode 100644 index 000000000..b84ca90bc --- /dev/null +++ b/tests/pem/rsa-rc2-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: RC2-OFB,C5B0AE4B71C5CA69 + +QQdY1zNfQ1i2FJKlnDouwSDAOXT9VV6dndgOrD+JqfDwSxMukZrSSfBExpaOtBTq +74vP8Ae39JLfAq4H/pZjngNIgbpcOmSFxBVucykqNMLj0j9qoZe7YPXaLeYc6BYv +NWRsf+LQvOxIPuLGNsUCANWwuowZiGDEBnheUy9pR5DCPe8rp+aYc+/s/3CysTse +WoBSwNV+oJlzx6FfwNGT3oULouwBPSFnMtJ096WbQ4qkQHh4ZVq8c00PMFACNqJw +b+LXKKXVf9DeUd78qZ5/08u7c/w5OLX5FxNMMKfkZ8pddSlw/W6NQzLAhWC2b/7p +aqmf2Bpz+o+cNOcYtBOvzD7ygY+MDMrJlup4HuIRTyzQ2nb6dWc0Q776c8/qJsKu +HWB5cxm3F0Jg/P8p/vKst87WQxGzytzMsHbYSxqz930TJlyGkVauxNvJ2o3VlZJ9 +JPjKVM58Ge1Y0Mpo5koTSBTEC70xqrlZSAQtUsI3wbDXb+w7rRmtxkr4atzKGH1c +4jVvRejGDmLF3bh0wOAwFZKK8DaUbg3nSiF+I3y1WZLn6dLsYCUx6WFt3u+BHsAO +y8SblBJ6RO2Nz8vtA97qizPzjcBdVUqte8BY0W9Py0B0pVr2JT8nZ91e6Z2GhipE +PFTLnDWxRUlCJZc0/CvX6VbjwwvDCnOW+HsRMAAWr/gChVvqiK6OXj12wmS5JI+r +Z6e6k3gF4PoZ7Ui3VSQ7FAgxxxonh5P/RbhWhXhejTToSB5AQhp9emGv7GkJMpw0 +wPY9hiIRIurDJX5MBZFXqMt/pCJ4f7LzV6wCfdp8Yq6gZA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-seed-cbc.pem b/tests/pem/rsa-seed-cbc.pem new file mode 100644 index 000000000..e2455e7c5 --- /dev/null +++ b/tests/pem/rsa-seed-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: SEED-CBC,31E608E58FA8E09419F928D79A55AC9B + +k7uI5nfTFUi9nNSxEco8j5uj/9o/pd0X/+tQnhUEc655AKFEfILy2JkKAYSBdKSd +tPol6AgZFtdTaRxMbnaf6VGVHyU9omnp7FMtRNY5EbQLwbhVKXQVLAoOp7wVfbJ9 +iSU5Uo5VWQGYCt0CsZseeibQL2tP21gmtZxqfp38zsUwF0HvcUg+JW0CxiMYQ/1N +T48DYFIuuKXDL4Fv5zKn0IjgZHJ7dOHd0NG72Xabmccxpl3WZNkgH0HJagWKZybT +1/6Az6sWLEBvgdgFVu+Y3dx6os7Tq19I60pD+bKtjZj9+xJoFu1srpESDa4vIiFl +EsNDDlXsOivSKGkm/+eX/Oc8ge+1QfhCMno1yvl/fqXdi2nAXhomNIaZQxS8tS+t +Ms3MgsHhfWD0CMViaqolHcaMZIs+gfGpvaViEU0oLb9QdMAc0mHPodd19thawrux +Lk33sjTs2hj9hGSsF56XmMdHPXGG/mteScBOAqzboM93StgN7wDCnjry7E3H7d2F +xG8OP7pxaLbSeIaaBWBk/pw4omAMhBxWeJ9Xo0Qc7LdmsVAikjPFyapw/39+4FXu +CIwGrIj0PPut/eFu6rYOJTHkozarewGCUiILU0rPuZkJo22XZ8D2ximd3JiyujVO +OI9Q8NwB+Ry1eo0IvSYdDhiUvIT9m0JxVaWiLhmpJ2KgEZ+f70ksvzAuHJcxoc3U +6egzAUOgbxU6nFLSRtIegtwIxPb2vfGNgflHS3kXtk6bs22NdkpxGJNYBeAExcTC +CL5JMY8ew0SdD+W6Jg3+Oc+/TrGoM5ogNoij9x+PXXZClL1lOHifOGf7PnjsrWzd +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-seed-cfb.pem b/tests/pem/rsa-seed-cfb.pem new file mode 100644 index 000000000..13bfb013c --- /dev/null +++ b/tests/pem/rsa-seed-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: SEED-CFB,8672C1DE1F4BA884DB37F0AF8A994FCC + ++vw6/VbJH5Of2S/afQyfQ2yz4MhyR82vyXf60vWH7qB5xuQjBUxyM+4ei8HeKTkC +5bKklX70v4oo0j8czzVZzkeSoH9ASisT1LTGomD6KwpiQhFVV7i+4aMADTuRlF10 +77hMInEXIDuS01N3/zTLJ+sEvm8nYej/BYJbyQhsQN3v/aY5AKQTyVtG2u+Qx4pq +wtDUDsmYFH/dfZJoikGlO1FQLKlIuWPIMXe2k8pV3kidMBfdeM8tyePI7YJXxDDr +0sc/nJAEbxjVsJaDOCUh3dqFQL0q6hYuyBeiY/PYvBrBzh7V+WxvhE0J3W6tlwZN +a4NDzZCnAmqKgLcfF9M+EUuLRoYv+0CBRQOuqwkhNjV5ytEObgOwEEFfCzWHGeID +/tRmfzWa5oqtbZACLtGnVm03NKRmF8OyKVHTKKh7FC11UdbWKFbkib8aNOafK10S +rTka7RGlTBh59F1MOp0Zt/siwUxyq4xqVT9R6K2GivTyijfl/iUiQlydkb+E+nwy +OghPqlb4Fz1RfW1l3fF5M2lv8+qmwkm3S7nta2iXVcdOWi6HlS3zVSN1mcZM5YQL +2JTTgNpxDTbLkQVMAroAdC08ZoLI9Ge5OXkDgpN+G1v79hcP6WvRtfbVsP0Gkqp6 +De4bG07wZBB9nCdxyxHwZRgff+0ZRAz9Jm/ezotjgrBSnh+g0gqAXGjfh3458d2a +6KEqm0RGaX9oZLRLcQhwQBbElRu+FJjhiC6X8Uik/AR5e/gMQq8l8Q3khl6vB57J +F9bNwo0dKHP6XFNA8BA/ivlnmGZKrv3j1rb6V7arQY/wpw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-seed-ofb.pem b/tests/pem/rsa-seed-ofb.pem new file mode 100644 index 000000000..07d4ada34 --- /dev/null +++ b/tests/pem/rsa-seed-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: SEED-OFB,28E4F629E7D1A0F23C9C80AF45928BB5 + +c8Cxs84U5Ton42kFOr5H/JWzQTMOWjDz7uGVR4AZMq5m9v+TjwN+jEL9Bwyo152c +x2sIdee34yAddLxZimopADlZKNbgAMP0j6P0idUvc4nKqDTv6DInwAdfnQBFqtIP +2P4lWobJRuqSS5EQV0eMQsaPgPL8XMyPINTJy/6+NizamyqA7FSkfvvniy9gE5ac +F2C0vU5j8B5uuctpCCRgkNbg7Bso02/aGiXgNLWkMs+XUX6vh6VmBnNsT06e+Lv7 +syrDDm39d1e/tvzA8rWXIEBiDEdfNj34kgmVbvpGzgwF0LhRnAjvPV6cOhumyGW2 +91Bw+vdLI6ngpIS0E1p0cBunHYFUVkxYpsoN/atUnk/qeKcNn4wTtn9mVfYE+/Ut +54ZU1sIBuULCKRhzzchl70iuYPsPenzY5WlEHkajVFbx1eqq7q9xRrhYFNvEriss +NPXfYZbYrBK09UDpIB8EM5pC1mjX9dyxFD+n9gLLT+wLmEx6Da37xevHwRA6ojsw +Yd2Rto/Bfk7FbBVKmv4IJDUG+xP964alQqmAk9G7xbc4D1PPHTG8p3gelRJXh+9i +s+igHv5sl2TCT5Aevo5Xmo0PqsEZuF7I3kC1QyyvWq6ui3ZQerdl95KblxdWCd8H +t8ETYzTdAEtV6ETO15RYCA/cw12oDQXZ/e2LKV8bwGCOF3BA2CMFRFq4ZPSRTnzQ +gnDcQEfcdiZm/KycfMZL74L0bTOAv1oG4vTbOTb8N/kdmHD6pV0ASh3fMMoGBCaU +i7jMzfc1QoOu5wC85dH0kuhCmD1TtAVFA3cbFXeSnAOmIw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aes-128-cfb1.pem b/tests/pem/unsupported/rsa-aes-128-cfb1.pem new file mode 100644 index 000000000..13f3bcf36 --- /dev/null +++ b/tests/pem/unsupported/rsa-aes-128-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CFB1,8CD93B961F5E3101C3F5991677ED7359 + +nrin8hgkJgqlLo0x3urxd6Dk3NXpB8K59toOVySzyMcDSzxvW6W/n5U0oirF9jzC +9CD81bgqDvw2hbceiaomGFoHbOlHxPk4YIyGRsgzjokB4QU6P85AOVBW5c2d2+vo +knIxlDwkuoKOYWN3P3wmtR0ScrynUGrcK0yZHOOXE7jw9n/XcU+YC/Yx/fkkqs71 +WqWIKIRFt8nT4orbvEQ5axk9ucYbtXt0/JVFE0PGSyFOPe8soh8pe9FQ1zvu7rhF +ttoxiZSlFN1CIJLSsNvEb4qN7Va3H+fP4cS+CUT4UgU4XvnrLKDQQhKQxXGcxSDD +fQ5WZqKQusP2qGhFFvZKS1pWJ2lrstPixUyOK/BpCeNVfuzHHGmw87cqnRl3q1i0 +uOUQjCjZR4TIHkxfT/9vZNxtEYCm9eGHpUqQYF6BMTQfNFQhuFTzdoOlPpgolcX1 +XIeDUCu7ciX1Yal4tHSRP9P6qLAi6OIDc1Grq7hdwfdhiR5eoJMxZZruLEAjCqMa +PsAufIEje4u86x/cUKi56hxJPdyqNbpSDwHouuTiiX9VFWrt3lhdAf3dItwj8yqZ +u6ybmleW7R4J/3x0UdKONMTwbzjbWXkgYhno2P3RAGspkUfv8nApwD+hsdMNDApK +iy/6WSiy9g6ibQUs4hlAqs5VtG06T5fPHV+NhKsV/fg1Ywat85GIsBeZCU4xmVda +4ikhicq4dCWsFcQ8f9CqpBtbXRqqxXEKZhvqORkhkhawg6XVcubyRa7ABB/SqmxX +oCohFeIvZ2vf9rPwvbfRZ2H1UIHa6ofccfKzG0ZaqaCFFQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aes-128-cfb8.pem b/tests/pem/unsupported/rsa-aes-128-cfb8.pem new file mode 100644 index 000000000..376d370b3 --- /dev/null +++ b/tests/pem/unsupported/rsa-aes-128-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CFB8,8A9BFE2A6218456CAEC2727E8EFFEC73 + +HzLoJ94JXSkbUKko7CO3M7b8lXYQwC4trhLyiZ8kTrYO+yr73SKiZL32zXkH0cRu +JBZrRf2VwfTs6y0iu1EEl8bocdjqDigntmpCCopac+IYQAmVOTQrEL4iVnQv3cXJ +rSVjqE6RgMB8hblHwUWi3DJpGhpbzEq6ztAwF3oTxldY6qe0XMd8zXglJhEsmDu9 +k6OBk7zVSdGn97TqGhgP4YmxUQVs5BZ3SNa2xyyLXxA7E/hgupeEKeY9fXNdKWzF +3LGJwq8zLAj7/unAta4ScUh+uBQKq82TdTpwkhLCHcdbIeB/xPtJsaOuivZ4G78C +bUJaddN7hmRe+plJdLHyMK6d27NyBd+eB58jNcjF/8P8o12jWAIGZ9DdG/L3+p7+ +/SBSLIIApX0M8HkrjzjYc65mj9KwV3jNEmggkvJtWqXrG0TkoX7rvB3zt0iXfTZQ +hKZvnP94Ki2nASy1jMIsr2MJ2ErxYwW3eM8eZdEdm3IlULgGSLSBalYJm5AkVbbs +xDY3gAykTjJ8R/2Kk2i7KlkEBoO/sS1jvz93WL7n5D1etXwAzPvPGLqrQslCkcSO +x3FaM15SYVMyHthOeQ0dKsikF78I8Rnc99y9xCBzP3VOwkhPiTcISxM7dq5JnSNK +gQI4NPie84lv8hsDU0Spguf6pUUaKQeQ4NqHBHxfBoH14BuyKrKs0T2Eeb1q68nt +6NIuLzeey02DkplAnD/WpmC9uF4Oe/Va7wOvLnhzOonUxGbaRTtpcB2Loc6cyt40 +ed+0E3RNzaZCjZOSBlrHYvDTFHXa1QUu6cnOkg6k7IcM2Q== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aes-192-cfb1.pem b/tests/pem/unsupported/rsa-aes-192-cfb1.pem new file mode 100644 index 000000000..22df3d937 --- /dev/null +++ b/tests/pem/unsupported/rsa-aes-192-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CFB1,756682AC3B191C82E8317DF6B71D8750 + +DqGTvVO1V75Q7nJe4bhM3x4HOUy9FUBl1lO5QfYxohUGzbzZelFLqj+25iYmYRCG +ebVAXWjhyl5fKZ1WCutQB5b1zQ5tSUdcB2q5KxzY4BvtUbYJXVQAtqbRU+xIi2ZJ +Xn7hw6fgGtwwQJpbS8VaZ2SnsKMMG7QqtY8+fblJQtvmU8IruKa12efS3YR8JvWy +e0eHdHY0b5XN53/ZjmySZHfegnXl6Hzgfx1TUb96dB9mP8hkjxkJfo0ow+k74rRS +BgbKxQAr1F9FdJuu1EsVuQgNZZIJKsi8HVwItXoxZEV1LHKfKL3J9VwUs9fFO6oB +KjQxW6qHYzHW/aMcsc3/zv38Uoq5Uz3hLbl6oFrd5w2cps5vd2Au33iPItC2CPKj +Yrh9jmYsboGclOcuqp8YmFdIzqszsJbraT3X1BaF5Oq5fcR1N6mh2pTiD+0jZ1gi +cIaJW/Z4M2gKAz/28X4peaaPB5gOHmabzMUme2Gl00UQdSZYVNo9N96MCjfYpVNW +0JHMQ2AsI8Cc5pd3L5q7Oi8/3W9ENWd3HrUsNgieryWdXCi2p3Tl/Zb/nb9R5MYR +aiQfQlOygw2OUHXnMU6SCD2w0MttCUatVGJ6w6DP9a1EkYzQw6nKqMM+K2qMyJEP +0j8K/4regxBOBhN9fDnmTxihUvGEfZNLou3zDOULOMkVnCezJJEJUUYwtFq5NM4m +nhgDLY+siE6e4kRWUVcHBDvHiZnt7JvK6jdfUiDyZrziyBTTkLLVBBrHXrNRJfV+ +zB4oQorUTiBKqhX01CJE/N1uymnOCUuYtmIz3ytU+/lZ4Q== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aes-192-cfb8.pem b/tests/pem/unsupported/rsa-aes-192-cfb8.pem new file mode 100644 index 000000000..be2979975 --- /dev/null +++ b/tests/pem/unsupported/rsa-aes-192-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CFB8,560B75E94CAE0D867F3516AD0F093CE3 + +R2X8uO7rpA19g6QZZ75kpKEadMnZSE4CMPgC5kxwSylHxs7x/tKWtYOYxAJFnVix +mSLI+5nFZpTqYPhvno5bK+EYJjdJuaI2stQ/SHaEB9tF556wZ1OtkwS1sK1a1J9R +lA/7zIahMOLjm3jWvgletItpT03n2rvr1SM69dRsqP3vFsTCAfWrjXQSnCdbnJZt +KaEXccYe50uUULdFbh9Tg+KchijY8f1QZ9qjEI5nYTYAOL2egQyJoxvBshrAAD+h +TKOxrAE8bVIr8Cc/3bK16HMdpPSfb+r8+aBGjq0Jbtr0ewxUP4kUfjBNJxsCZIcw +zsEjJrogLTvzTF2IaMuS86Roxo3SSLxbKSjf+JYpyhcJ2yKL3FjHoMLieYSfOppX +7zfLNAPe7nmxEMujQfdyxj1z7R/PjZU6alObSfVAP+OHzn7+lf7+hKNNqSobicx+ +oWjuyMlZV33YQq3Dl/UDeYrnGjkcm+5LOLWcd5cRSxslr/imIeqo3dgBvrfGLc66 +9Ybaw6kD91IBuAvJlNmLOhz0+cGjlIdXVXdUM2+RTeKkoJ0nFbMjMHxeCWVTjQc4 +yPWjTTy0YR0l/X7e072Q7e3PYvyljQE50GqVfaS45foJBia6EWT1tft6gPt2Nw/5 +hFiBFGSrgmO99/ptGbTLh/452bzzdcIYo3th+xtb45j9Z7uAO458XSSBmabw0XyE +famZ75NnTQlXeawakjYpFfbYCmBau+i6mBFXYKZqlfXnE9X6hNnPEX2tc7oqcYn/ +hkYwvC6AqVDK+TKROXdXyD33LAHY0KzxHdLriBUXSNDPUg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aes-256-cfb1.pem b/tests/pem/unsupported/rsa-aes-256-cfb1.pem new file mode 100644 index 000000000..ab48f91e1 --- /dev/null +++ b/tests/pem/unsupported/rsa-aes-256-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CFB1,0AF157DBDA6F41A19A44B06CEA3AF621 + +G/vEnqttynXwg0r5ywMjFpmIlZ443oqkYHklWtoHoHZu51FJgDQIWwDIu3O4Efun +FAOWLszC6K0prA57PqV3FB+z9ldiYVEcEecNPS+VIj8wjPVbgoyRSDes/4pKqjR2 +7/z6FlJjoowjDHglJXrL+u2utpvUWd/8pD9BJ6ii0auVsgG20v4AJ55PTqxQg6uI +/7GrIlQ+r0T9GJl+HHFYmK62bScrv1HOgUtrcj456j3TlszleCOKTsAQk7GT/y8G +uHihHzcDJUxaH9puAifnbjeKqOmZQvfnDf52+/hPz5hmWxt35K8JNqthQjk8w+fI +Lq30pCuRgjJzDgIjbpFKSSy4szHsPmSIDpVEGSTDGNCKyi1ZcEFFm9fZL63/qfY+ +j0wZqOyzeqlQHTVUqVjwT4xFhArvU5ZinheuX/cmlBe3N5gTDEDweRCp4edW9+it +InGa7uSgyoyHAIMw0Dyzd7cbBrfX98i/eldjrnwDvCmrILf/KgjLzWMBdYNSmCzW +hzwNek98INgIoSIs4DoRvryV9Ux2aQfiYGEOLqkiTOjYgtu2fGgQVz6lYNRUNKn4 +RUNcofDkWUmXjTm64yhon3RymLrZcgKNOQ9LWV5p9JtUhBasWVuZUhOqsRt6qiRP +myOQFLpk/PcMeOwjBpVZ0wxZ6NVC5KHys7wKXX5oJXPzquLMdAubpQco0N5nZOpa +Lrec7355alzWKfngnu0SScU00NDUq+z/IXznV3Yr+weFot7oargTEpryzsfdMdjn +vwHdVWb0txoXY3sgNkKf5cOOY08B+MnrutexoXhj7XiuFg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aes-256-cfb8.pem b/tests/pem/unsupported/rsa-aes-256-cfb8.pem new file mode 100644 index 000000000..3ebe8123e --- /dev/null +++ b/tests/pem/unsupported/rsa-aes-256-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CFB8,601BA164578A77F90131D15774EB5B76 + +32zECxJ94olMum3sLRALUPQT2U0M/Cd1cj+pVImgcWKoM/w0AL3XZhoBUXqT4VaK +SbERDE0v0ksKizpjytVRwIS9ufeahO1O2mRzHyeM21p1yEX9nlrKqzWco0FtzkCd +YntAoEDlASDFe6pVJjq6LKgcsq1CiwbbiUL21vHZsREcQwQvhr7+/WldnjBJ68MQ +aOVd1/YgoCNVnsK2NZ4lWlIvhVACsZ80aWSLftZg1f4W8lFetJWkYOjFll/k9FOA +xfavEHSZ+Bh8CF51I1izbDYL2qi0HQ+IoWkMqwUy+dM6Px2hAlM88gswKANu69+t +d9pFPKX29xOnWpA9nTyU4TDXgFEd9+1HZem424IQwQGuBlQ4tvqxQ6Yh8QUDbUCB +YqAaVM2N38cykw2uA44Pd+HRjYClNOcGmegXqWVaoOw+InvBweLV98POv1mRBMmT +lBzIPAHvf0Clkc9J8DV+Nfx0d7tfFlUK4J8j/zcZKLDe0AqwuMWFJDrZsDpACsPV +o3o/xrYlhuJjYcueRONlja92Jt/UPp9UZANguWLT3Q5GhmlDkKpzr1KVSebqCRDI +EuR55HR5PxGhPwXPukWMRYb/duQdZO7D0d0OHNkNJqSPhyWJx9FBnkzSRkhrz0cW +/hsOcPuab/KtRgI6IwEPGza36aNC7wfJ8ZUAzvC82emzaFWU3mHMHRZtzxXqQKT0 +yBtqd2XR0HqnAb1xEMy6QmLs4e/a88pRBBm/1gUeHyzjA+gFDJa0zIznLlQbXuPc +4LNyze+MB05WJQHjtKZG6X4wcu3q+H9mreD4cuTekwjicA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-128-cbc.pem b/tests/pem/unsupported/rsa-aria-128-cbc.pem new file mode 100644 index 000000000..0660b97c4 --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-128-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-128-CBC,C4CA616BC1D18B52D59AB804BF572664 + +BX+iYt9uGjvKyiNtZHy0hMgqbozKfUApbR+9q3y7fItEYcpzi/8DW6kvKx5q9Umr +CRSAMQGya5ucx/+XCJEV52xufh1X53E3J4m81EzDvni347fH0ptJyhUXT7IsXztN +whTKlhlODV2Ic78/uVh5xoA54pSZF+SXzo8OzqTUEhfUjPAWeRUi1vwquYYu02tI +RrSQfEytR+/CBWHgKZjk+5YsggD0o5CzTzgey5tYdeR+i6o+yweyndVtaqA8AXcB +tG1TVch2hjKEt5DMyEJcxYWPscKiP1UvUh4XCklaGxJYXDp9MKiTG2lTnbdmGkyJ +OLpNxKpAHYqWlGM0uX+rwq7pquiJO7LtpCktpgPbjz1esi/WDvVQiVBzSUwVcq0t +m9sTvTWWmAkgyNn/vPUGvIK7LeQxvfeACzWYOCTKgKNBjGdCqQGapY3i2cx5/3I7 +2RaKuyqlxMepV8d9jZ+fIn1sYQb0klJxK94RtZ1PSgE4X5bpVVX5nhEFxnTlT6S9 +tirdArAjEq8i5k9ndnLPz56CAw3bUy4T9aM0qzWClD0A2xhJn53wdrPz7gcHJzKX +3qGSfqrGO1qJlmjey4gQeo0nVOsvVgjehi5mu2oRQzCSnU2gQJVgDiJePr8gEgfB +wlLCUoC6rpqr6zpwH/zVXFI+AdZSfs6/LjHHXN7+73lknhHnul00SazAMB6Yjsd0 +2df3kk/ifbJAbmL/WoRcg4A90HNkLMFSRViPyeHIYk9XEmW24Uuso8GzO1QZpLTp +Fa4k9AnbiGIbnwvAj0NbAwDFGW/ypBCtNAnSCTsLaGzHR0fEvAiOagCOIfqmpXbu +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-128-cfb.pem b/tests/pem/unsupported/rsa-aria-128-cfb.pem new file mode 100644 index 000000000..501d3931c --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-128-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-128-CFB,2CACD00DD5C0671AD3065A1F8559BA90 + +74sBjYKQs7uued+LSGp0nnOLCEnjfXwxA1aDTmKDYC+dtn5CsX6dd0DI0m3FOy+q +zFbPJmslLPo3RH//pDDQhSS5HVKSPBRoh+Pg2Adp20y3Hzjc4kwzlfNkPmf/cH/w +qAvQyLNEA0NAnbpIunMCzs6zsdToCtausQcxr4sPUr4oxSLemJpC5Q5/Y7nVoclz +7jATzs6/c7OJcUUCKjbFbohdLzxFdu+kJ5VQAhDZQRPMWH114BOsMCbuchiZxaFw ++BayhQJUxXc9TcOwBrzOcHTRJXmNsBWZTwrLjcXO+Wo0OZE0s7uTv2jBHWDX4CtC +v8VN/lB/vanMTnRO1VCbFC/G9ghGSgbmiUFmR5XK4dTAlADKAlFnaY6DLuR9eI7g +pe2FF8mUHbc0p7IoZbGm470VYhF483EjtqvRUW6finn+oP9kZxnwZ76DFCXoHwlB +gmbZKPGSDXKI7TVJA4VplKbHAklfZ16fMAIfkbQ6IEf8IbXjgYVv3XYQAz5I1cWl +njgtjZKzhrldjgr4XPXyYFYpeun8qz/6yCDyIzvDxA2ZU8JT7Yl/+6/qAaiSYPxR +t1f1N7P8gHh0eiQ0rEw0TueEi/fN38ETGCArcbsPgRm8s9xjC1zCXUhdDWm5lSyI +6BqUtYLLTMyZjTC2ulmfcEG1jaZNIoIi6Bv2tCfRx8lQBxu3dBR51fg4GzmBs3pa +A+5ejFWr7cNemMbQ9Zsw50Bo+/ePseLP0Gv1bOxAwsa22xDq6/Pr7mwoD5tqoClL +BDAefg7Ojuq3NKkPdyhAQivgZgIk2fgBdItuzyv860ZSbA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-128-cfb1.pem b/tests/pem/unsupported/rsa-aria-128-cfb1.pem new file mode 100644 index 000000000..b3d890c38 --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-128-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-128-CFB1,5BE32C16538BC64259F7A9F4DE67B585 + +P8m8Xs/fsGxCNhAGl6uNmmVPn1AOBG0PSEosYzS7F3EBYqkYGXCiB/xY81vBqaIm +2m636Va/aTVJyTrVwJIWy7sUtMLjdcnJWsbbq1TAZxDF+ps6BKnDj4Sdb6tQiW7C +8xHImav3+5xax1xQP1trecO3+T5WliMIpt5HumA/8BxXNN0FWhvxCnwcLgi4uJnG +Ki0LubH9dLO4Uo2dbEQJq+PUJumTxhLoAFpXk6DHc07pTdm26Xa4YRmvI66Wko8J +trQu6wB7qLWOXYdi5+NwSvAQ1hRGSUzyAJh/bUJh9Do0foAP2bhmQHcLd4hCIwNp +gixLvqvVUuqg+6tqbYgmTnZGMZcf/Qi0fHSCCI+Py2EZAZrXufvuh+8/R2yiml3F +lhBZzab580yEfuUci/Wu/X1r7bRMBMifz2FUSKqVJ7b7vPWild5Hb5V/39VHuLpu +Txf0KGcLT5ODn/oO0DF0B2v/04Eh3tb0UX5ehhbk3SdiYJFERifV83VZoTSj96vu +rGcazNdY+bRVNUKHb9cnwhU9Ilo2hfGX5sDnnkfcsVSX9ZGawSdtBwOlpWoLPdcV +3BABOP/e2QM4R0u6DJtNu9TO4xGwbBng7G7a+u7fhKZ9fb2boOt/oFdYwYuG+lVb +CscQYl0wji0/wHWOkMD0YhPffnAKFYIzhM5HNjN+yfzQDO9dIJKkzxpRopdDhTJ4 +94cfF0pjauOzl4DmUeF0ZbkwSuulqiofB0ifFgPtT8NpkGySGu72q7RrBqYZtUsF +kzkSsOEQYkNJXJvWCz2kq9HwmcuBlIvwzX6QysgPqQQ6Pg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-128-cfb8.pem b/tests/pem/unsupported/rsa-aria-128-cfb8.pem new file mode 100644 index 000000000..76521825e --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-128-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-128-CFB8,88CBD4BF71D50C592BCD0A6A6B85E928 + +3oZ/8HV97F8q05OFGewJj4uzOK0MnL0bX92onJErzF6Ssq2/9be1p6WPxbelzf8s +mX35kT8qiSNHLETRMgoHBzFBhWApKUhMyS66ZFs/H+5ZU081/yiIGNg19oxaaNkb +QA/ib8HsZaN0ilON67tWkRGtR5XLCRUhTao/KzKAXU/U2Ex9UJUQggVNTIgBocVN +ogKRkhs7yZhZgMJfE/528u4iBuiYDRYX/IsUbAW6S5XgJq1f+qJAFgW1h8DVEhNs +PehsGaW4khlFWMogBfw80GOEATeKenysaax80axITEjOe8r2x4cxPcSsj6o0nsv5 +H+zBofd3KKGp9d1rdPdlRc2QMvI/afRyvHNmo1tAKbHMiMKNj4V4Js+eK5p53u1A +AbnkBwpSBwLQcKMu9Cg0SoMPUkYYJIPCxeQmBDhXyk6dYcZJQQTX6p3d3VvG/MqH +JjNxDlpzThWXX5bweDtlfIf3+FTsAChdV6UY3XUYqQu05cdHUj0YT9oaZga7gFyN +r5CvIhCzQPTSO0DhPau4pVsHphEIOCSWLvLfc3y9zA04t/Qhgf2BnuHXy//UL3sd +h4Lx46FFX4FZU9N27h+JJ8+sz9e5VxH321rL8QSUzkLMBv6OC48I4BLAVPSBBo3M +gTArbkDPDl9LcuKX434/h1toK1CHxTh4Zi69fYDRvCQrYljFiyponMC3SXU+elbe +yzyKup4475FQoTEd1z7uw4UvLDqefpmcWEIQVTx1XKRUql3LToBQP3yLTa5IA5iS +6zn49PJ9ce3HnAL8Ce3wUCPyRepqE4lAIP8udHkirMuKjA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-128-ctr.pem b/tests/pem/unsupported/rsa-aria-128-ctr.pem new file mode 100644 index 000000000..399c7eb6b --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-128-ctr.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-128-CTR,70AC12CC5DE2B0F5FBDBFB790550DE3D + +pi4mrhg3Cm9kSV0ae7iGVEp/Vh+7Rdo7EwTV9IHey8BrZYBtvJnUFLvhwjTwyoSs +mAQ+fwyjQayWn7LEfQ30F9tETerzKkKoeFg34DD6Visof8ZWtVhkzt26j0LsAn8V +kRg/x2w78BlZ6HBoQagKF/UJQ3v1jsmQqPJ3rr4YA3JGmncCtJDsfqj4uhO4X+wV +JCBOdSbE0jnwzmxZWwJxELwm8oInnOTUHV3nKHAtxfodpl5C7Mt8Qljl/FDr1FBB +FU6nM9IksuuSYiHjRCsbe/ba+C8g7dgDF+wGt7wunhE4ZaKgTVnr8yD7E+vVEWeB +Jx5x8I5M2xKkkUsTsZtTEBtNxQwEP1hHpRw+/XPJm4+TzNrgW/pH1ip2Vn5cPlZt +kelwFSnpC3qnUZ7w91wVsyW23OpPzuq1x5Vtc/gF+cJuCt4/NtJuIVrMoykMrXU2 +/TdrIcdmCFu75ZTcRmo2ZftRLCt9VCH8PXas4NjoKGWYtDf/UYiBKIDft5IwJKAQ +OiUYkrpXOLx0I+eXWSSOLXSxKHi8aknOYfxp4oosDmQpJlf4R7mJKtxWPMloqu4w +jUvScQK4HuRq2F7C/H0AAhZO6B0BJeyhg93bL0XFs+g/GbwdqT966kttILspcV1Y +cUoM+32cpN3azofUE/bp/d5Q9jsUUQ1jLmLR4HTopgo5XvO7T516whIrznMb1JZY +u8d50Cv4EFz0XFoaPziY/aPRIHP0iCbQ+LHpy/ODISi2ldjDhP2sjuulMq90Izxh +spywbZzJrd406q2OApWx7XsAFEhbqwIXfUmPBSKetsr0gA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-128-ofb.pem b/tests/pem/unsupported/rsa-aria-128-ofb.pem new file mode 100644 index 000000000..8f0d26d4c --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-128-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-128-OFB,36F3F3C0F7997750960FF93F9E0F7420 + +o2eCulHrodA4CKap2D8eIhN33Dg8t/2d+j2077vC0/fG99LSoasNZXLFD1Tc9t04 +8uWeXM6FuQXnbtAmxlCABmgpbV78+H5jBaVfQtYIUCZ1s5B/YhLhSk1hn6bAlrkb +Ab/sCaHqDy2VAftscHk8i7qGOk0qgFYNO/36TDQWUriQSxihBzVgc3xvxgu9N74X +D7Tl8bQFd7nGapmJPKiBMrH4cFMqB92MVvopPnAsx1TBRSyjxPf+uc3DOsOeXla4 +t9xLH2CXAgisra43vqgf5DDtef2TdsjH064fcdspZccVDcLKxzjPriInYXK5bwMQ +lT1Sw+J6z2GddetboZKDhzEROA/ihxna+SYfYdpgL3rwvkr2I35936Gxl8h+hebF +PEsE0BhiZowhjiMprM/6Ji4orxG2u/VubuW/vZxnG2RBsoSAF+ffN3hXB2B+lw+6 +pcPp8+FC06eHvkDylGcYrHfQGU0JDamhDkw7JiDdfE9n+IoT3GNHpfCzOxU9FxsX +6WpkW9weIgAyX6Q3UvOS+RzANNFw9Nx/52F/b4REv1KsuJyS0SeKfQr6oa0UrvWu +Rdna3u7Z9fNPw3EUe6IDD91co0iJLqVg375Tkd194RScVyGAfqIPS1Mj3tb8JHsA +QRZToK7hi4eLVK7WvVUaXTkj06xdMY/01yb+BtmX3m4fYdnez6h6Aw7cegvh7Sa/ +5IJI7QF3yghXpGkqhSJps01HNM9QNSwrQ2QkK40BG9hx4W1hextnTZicUC/XEuAK +reGbICAf68PC8GYjAnBWCZgQh3hiuFuOxD5uMmchF5jWEw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-192-cbc.pem b/tests/pem/unsupported/rsa-aria-192-cbc.pem new file mode 100644 index 000000000..b5e4003f7 --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-192-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-192-CBC,BA7EC51DDD5F82230DA5CA6A86A8A98D + +z9eXALlgsrjAbQ/oonXMxKTDNl8Xgujio5Yk3DqJtqhmKRHMAhESwPzF19FEDBXN +4W7knpCu9BnCkqI0aLCuaX56ABYq+ZZv1AGByLh/BFDTZth8YHccAxx/6tWYnmr1 +5NO+V1oDPY3tARJtd4ZD1fvQx/KZeAWxYuhKeqZbxcslDFZ47Rje7QkYFunHmX7H +F9WZGsh1XGYZ6pYu7BOC3x2wNpQW+tcEKG++bCtbcJwjklReDibX3xx7/791bEHF +6gRNsSIN+dc278iIfERpmQ8ANtowlaeyoLPElHn571EzhG+ZDwdYXCcREI4Pyy12 +6drxU/vRh9DuzFe2GAJtmx2dAN8/7JP/o1qV33MR2XXc6eEHQCIqT3npVn+bwaCO +SNyNW/N6KZQEEt7+wJZ0B49JMl0itBi5Mqosz4rBRNbaIlC0xGcHhyH306WKWguV +kWIi3fwgSb+zQCtSIsm9CPSYKAx69COvUbH7w3m2c5E3hYcdQGn3d9SP+W1TYmlU +K5oMyA5z9W2XUmcg3q6UB1qtmx7NhwnWT4/05vWKDwKvTURYp8dOFVc0OZfFfTt/ +bCAFZ5CwumYI+FMvPgGgjwMu9kTS5/VPQOHul1DumcPVk/rDRaJUtGxvm7XvnDi9 +u3ptnI8IBRqoIoY+FfBK4Dy9BlmkSQ3bencSgU4swmumZI6/PhTQdD1ZGqk4MKQ/ +a9PGd1P8H+4QuVcswPqoyl2XkVWbkdrjYZiiJOu3QnAGnwXU89uGeQ9Qe+hzG2L1 +lcNdpStu1AY+mU9MP6DD1kUMA7zrMg6n8gRs4JQ7XcY9jtjl5TeqZP/6u+XCOZ0D +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-192-cfb.pem b/tests/pem/unsupported/rsa-aria-192-cfb.pem new file mode 100644 index 000000000..5d1287adc --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-192-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-192-CFB,DCEFAEE0AF6131B664635EF73733478C + +rDzSZcCOkBjpNMKZ7Fg+qS0Ww3MA4+SxXw9IrfqKQGDq6HGBiw4PBLZL9WD4cqXV +BaFQ5wdO7UVzZrEJMCXj9S/AAWhCx02a4/uHGPUYW5Y6NkEgwqdoP8XMa2L86D78 +PCLXD4kaxZR7bmC47eK6XViZL40UVeUavLnFkErle4wDulkadSFwxe8AFimQN4+K +1Z/G7YZGbsiIA5rXaH42Ee89ZsVu77mkTeFABmM45g+TO7HoRGkk7sBHbGkX6wfP +G6cQHhSctrWQrDks1VbkZByWTzHhuGheAVwc+jtGmxje+C/LTKc0vJzu65lyasCS +CK2qTr6dU+BbMvcYjVtqH1+s38DmDxIxKAuYa+QSWSynrk33QJjdQu+4g7Cf9/vJ +7jBonUHT0GKueZL3w02X2p/6yIjmJ2NXM6+sSHQStWQbFEwxXkAzuekPx8fxiC1Y +Jh+OR8NbEOFiTKd6tk8hE8R1g0D+5JaXlA+C4nEYurt8UezkEdU22hFlYuqddLG2 +5hABmuakl1pECnpk4gY6LPUc+JJTsBCJx/NL3EmZXK7MHwoESLhs6NjmD18C4jej +q1Wseblc2G9Bq4uqz4Ta+0IOsBBpD4Ua45JtaCj3yPP+6wd3gFAHwtxjQ+9NPKkS +0887xZgV5K400Tmcv4or7I1B1f8IEUsqtk1qKNytJt0MQzkfB1nrNF0TjpBTtY+d +N7Es4Gk7CNCF3xw07wcLJygSp4KczN+RNOQoo3pjwJPKGafLjgMJ7ugS2FscgGvd +MOwQiPbxa07Yb+xL8pjZohQLWPCWfFPft6hi0TwMwpsNOg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-192-cfb1.pem b/tests/pem/unsupported/rsa-aria-192-cfb1.pem new file mode 100644 index 000000000..bcc469790 --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-192-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-192-CFB1,0540E76EA7E8A41210F498629963CECE + +7/gTJ4Ez++VZ+wdIZ6prnMXy8PedJs2gsMbqVtglFwohPfqMfpWknUj5EBX1QazT +NCflkxl/fmCl76zUJfeNUCdDrFfg0RIQUMPRanV7oPs/wNVhJH0ONTwYd85UbtPT +gx3C/S6j5m0hhoJtsL+u/BM3Pu6BkuU4tAI15JVI12k0ubm0z6pohXR29vNrPrif +Ahpp5X2zqTurPC9yjMWQcm5eVsSd1mFubeTohDhpnsrKLQCvq5rdveeyE5MMhZCk +rkz6NOHv3KBjQVKaDpABnOwi0O7kqzdvup1CmNaEd81ian+9d/18fObiG3gRdJz+ +ExgHFDqu/p6WMAtWAuKqWkmhOZ7PS8cln50n9h0cWqaGOtgDaT3La0Hs70bSRqH6 +kZetLaGlLZbOQH6j4CqvjkFcsv2SJDVru0pmhNsQnJxjq/97ssI8BmXFhctBP85M +GvyK5tepfiJiV0XbUjQ3o0ES0fwtP+kOsvCEjXMWQ+gQV3kAMfpbyZOZUiVGvuE/ +XjxHdFL/0Th0j+LhbOEVPRPa5EjGg6kYp+FKgASvjVQnSrKDdz/XONzb9la2k9Mm +xnUtWTrlCNIYlBS3TEzUU2BMpZXGlje8gqOtmQFKfAmxFi0MqpGDT+w2EvXGF302 +AgmGdKkC4lz7t+WC0uQyrwIpq2S2jxaPTXbOwXfnx0/otgFX0FKDGFslGTNaONPf +dcuQZJB2wkq486vy/zjdRXlKmei8LVLWlpxSV8Yd8ew+ZN4kUvpzVkTkJzYRq2ly +LP8FD0xwA0gl/6pPqPvbLCc95WfBZgusG/XGAskJ2FNl5A== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-192-cfb8.pem b/tests/pem/unsupported/rsa-aria-192-cfb8.pem new file mode 100644 index 000000000..7e082f9df --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-192-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-192-CFB8,703281E033037322BA489CF6DAAEBF29 + +oPrXoQ7AffyrRS4qFOGyw2Vjgyp+RYCsdQmBZIIS+WPBa5QyAVDQw0eaaRKAe7wg +BoDUoJeksVCDAxJIq1R9pcZHmoJGFXS8SIoABcE9Hl3MVIqMvzdoLxLnZMU/pcNx +6cHop68cDTpF4853t+tk9jiTRdbvPa+uJI+ntxVIWdTe1WHdzRFgsC//w6D0drbc +7VgBFzhFxy94/I9iYlJudUsEWfRBetveuHqfUc72W+3x26cdUAe1is6/tqVi9LD7 +cQRzYiENeCBch7M6RVNkEqCy56wh+CpmXHV1y4c4aiVqEsKVkXlXaUcIjylelVWp +yY+ZDMa0Z6rFlwHR3d6qYsjREqjPtTrirL+YeD3kXoQM3BLOly63MK22CYI60Kc7 +xu3fA6ABFot7XvJEOIW9hJy94wRSr/ekNokDfzvkv1V9sa11VCYG0zFendfbdLMX +yqInVcSh0U1vS6E/O2Odg37OoVl0TdAaDCx6w7NQUorbyKgTN1yUxgmHTTgAvgMh +nk2Uydh5wSUcBcTbS0d2nidFtuaDmZHyea6k6uea+rQRaksfy0r9yEeHhR2VmDav +ifbZ9hMISnhPZdibNL4T3jBjFpMgX3rVQQQhUPu0alg1465EMVSBgFMeSRj0G6sh +HLtJDo3aUZNCu9jn4IeDCtW3YvRGqnA8QaFyU50dZ0ODKXQX7vo39GFxR9Nd3wLl +Syg+oXQlwV0v/p+QneQgj2PSEBnufG2AMDq+G3qV7uL3aotp+QjLiY5b4Ll2BRU+ +k+Gr2D3FYMP83FhL2H17PmVKDN1rJ+wuElp75+A5SrWLTg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-192-ctr.pem b/tests/pem/unsupported/rsa-aria-192-ctr.pem new file mode 100644 index 000000000..3a1220c55 --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-192-ctr.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-192-CTR,01CBC64C88FA8A67BBB034B1BE3B7ACD + +cWTtf4fpNcew/IKzv/P6MjV/eFrEL6AL8WET/bglgTq5DovWosVWhJIVtZPtlLrQ +Gg5HH1BsDaw3ilqrsBT70LcBYmh5GyEhm12bSXMUQ7f6oZzW6h20SDsgbhd44GZq +/Rn/D3xz+4qRUj96R6NaIhx4wemAWZ+WydX5PAwgbfq2lY5pqW/94dRedncYLBGJ +y/NbDmVI6ssY5j06Y31Prm83aG2FCCaOvuczOk1D2Je7FrBaJDNpNnwH3VKp3icy +LMKxqnzTlkYnxNJWDLUIqIwQUBeuJD0jqwaGrho3PzkRg6DU9c149S0Ce7HKDA2t +7xoYhd7q0f/mhv6t33o0/fkSAexvjLPDuEaThgb6S+liXABx2M0TIEA3c2pWAROn +bX4xcROF3g/SjSacMPVklaV/hKBK3qKN7Krn68Cxzz5aBghrtk7AdV8N4CyrdwtM +6Dty1djDO3b8AF71nmPN1AuIW5zaLy8dOnqVyE+a1nLmJL9Cdx/MZEC1MzrWulMB +ZOmiPg3hVTyx8qH9BE//6FJ2yWzs4OatkyhmIF1vqRcKMfELOyv8+m6x2A+h97Lq +drcu0vuqiQE4p0dynDP2LTeBKQcJYWD+SdxoOxh+2frJ6QlJER4E824sK3va8Qm/ ++nEdehTNonp3f8SzYGBST9AAWzBtS1NphUIUyIB6yU+SMgaMEtg4IzMXVGvTBsrO +ZauXkuklm87wTEk+uH69j6tu0l6/k5jourVSoOT4SJZT0S2lApTrzTRVuTjXmg2e +g31Wxn7PfNIpKxPUiiNAeQwXbfMJINUSFxkvOTKe1Osd6g== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-192-ofb.pem b/tests/pem/unsupported/rsa-aria-192-ofb.pem new file mode 100644 index 000000000..bedfbe110 --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-192-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-192-OFB,1D7BBDB48B438FA5B42D877840745531 + +kAb70nTB6uj+8Kj1ZYQ6JyBxb3spXTapsDW+a+GZ9CERaonpiqHaRct03lWcR7dP +DN6VOvVP1x2l3OEmttlVWVKy00SjXzet1TY0c2VKFwS8yrES3BLZE16ORVaKJObN +e0sJUPDTlciLGwl7dNjtDTJEMnHQvwBrVx871RzawE3EiuWNMVfEjMEQFjxYzX3H +hnRxkn92JTdxDBNAc40skn0zKg0Q9dBSZjuKZQ+XOeQtyjYRwx2RZax+Gk5V9EmW +CdyNPlAAeC7KbaHSvBWrL8lPgRgIhggusgV23SG1AAyelTRUIAws3CmAxMjKYyDq +laOr3xAHrveHnZBRPLYwyrhxS04oMWO4nNO/HbAPheXf+sbRruoOtJdT4KDmTJch +PspuN1ADOG+MoDsHqWUaIRQ12DNtB3EIzjKLQXJgvTA2cRz0aWJCidi4DT5zmvZG +s37eDw5on0hipsoZVbePs1kRggauZ17by0hRmvqRJg8JvQ0VgkIEm+JSiQk9viX4 +H0Nba+KL0bYRue4OCJHzhWNa/Zpz76pVzQxQBt6bUVfdWg+pgWvX7scX/U/kPn0Y +hiC4TD3pTZJFO02uzGt0i1rsUZ0pJ51kDp3oBk7/6P0//QFeSwcsTIkpgkvDS4eG +HK/fCwMPHYYHk9uI/QdXaXhysFnf/dAM/ltpTVjWVv+0GMhEUlnY7eRXMKLcK9ga +aR+TLX3o+BZWglkyF2IFCuDUTwc6fXTlv0TFqMvSvgjH1DgMLVeBiAHSIz0ak73t +dDi4wRYHq+jwMOLpITSoOC9b+K8x2h0jLUhLAkDzncSQ1w== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-256-cbc.pem b/tests/pem/unsupported/rsa-aria-256-cbc.pem new file mode 100644 index 000000000..e5e0fbf1e --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-256-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-256-CBC,65AE2886CA6649A6EA4CC9E82CD73B39 + +wVbk5rkIPJv7HpRHA6psb8bXUbOLO6o73DxOw9jNJeuaXFxuGwh3lQclTPPB098B +3BRsuORRoeSEjHBXpMpMfybgmGYRPY2oTDY7JV2QtB9ubUzTkUOhqtXv/B3a7vkA +Jxi3uA7X3W8La0wBFQJWdJKgPvEeV3JaTWmrprtjk60YJeoFbQkKLHAqoJAHwHP2 +kBD+o/9GvDNIAIcWtRQuLRMX1gTs/lw/Ped9iPgJPSzKdu4h+yOJY8ASb+E33Rzb +GSn/eTL1TWQwlFhw94JRG0RCXYslj6IzVYK6i4nFdo+eA+ePrRVjM1zkI7ahWyz5 +N3wVpbW6rbOvX9mIhzqNoCgETL631z6dJu/1ZrnMa1dePHLF5GmIzX4VD1r0VbCI +qUjQdI4iJLtJ7QPKT6LdQ/EoxIdFNBdD4hHhHVcdLC2F9KCTC7ncooW8xm/bCRej +jROEwjIQffCJV0jPgn/l7PlhcFlmJj54OLHqoNo1Ijp5kAbc5mUia6Kdduf50LlD +gMIweQCqsNWgJLAWYWUcWRIhD7mi5R4n1iQjrGeVon5TvUyZ8YCQNe031cfB14c9 +1Lbj7qwPcZ3v15MX5OAlbS2Qjot3k8/a0YElEvffyjcv2PINX3DUX1CxywX2ofRO +CftJF+5tRmFgaUHnvvsNmCeO9kM5A4APAzaHtZPQ5/gyLcrKXHeJUT+Gm6OGUzy+ ++asXbiZMC7gEYTFnhxgfX+5V4LescNSqZNg4WGWMQFugv3s0ky2dkyWXwr8Ngn0k +o+Rqdd0lS1+vdOx6E7PKdXukn9IJXMqy0wfoIHkuYSRL5aTEUf4s0hIlORv8QzKv +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-256-cfb.pem b/tests/pem/unsupported/rsa-aria-256-cfb.pem new file mode 100644 index 000000000..9743df277 --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-256-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-256-CFB,2F31C3EC34318177E3C0F3B56F573666 + +vNS4psbIorG4NIfYEH1e5TVnIg2jPvOGwKXgOTEtXOXTN7dFenizoecfAkd558XL +EbW/ZAiFWyv+jLM1Ur5kx3gD6yM5nfs252p8fDK+eezYMxg64xQ51UAZazeFcpoy +8B8R7nFxyCr97kXLbYB8x2+L9+CQjVuxva9hwPE64h39kieL0jz/JLjJIpz4MCYq +Ju2pECfBzbu9MOI3taeJS6zd+0rS74WniIM5XQNifJkCFM6rytKxhf0KQA02X2Fm +wVC+WmnaK7v9HZrc1cs3u4JjQMLo/m/wMPMMDsQ2LYAeOkFKvUnqrwrjZoXv1NUW +qZq106uOPu+I5gHyDzPhuv7JEAGjw2ON1zP7DGir3xDDbOtyCfJYfu3VBykchMER +kG08LWwYa+cEr/4jUPpiHhu4tZX6iiJKNLxJZNleVinVCrQg8yHBfjgUo0RLKrm4 +QQXKMX2oLaBFwtfD/nAkxbTKSYePU5gavIrqqc9vSvDDknaMJbqOjgcyB5gd6B4N +3xTho/Aknm0q8QoalNzE+89zj8KyqOXMrN4+Czl4TMQlQZygElJaUKWpE4fTEynw +tY90XphfAN213hZnoBiqmV6ZOTSm/sxYZKv9phPTYVbniLJEn0d0KyVO/+XCYGhn +tnf358HL6Yj163Ucpa8n+aNna2vcJTlawedXaFr1+hzLCKQHYIOOgrK/kUCA9Fwb +dGQglvh69KsEX44ft7jXx31HqrJ1yAsVoj9rtrlBGhbrH2pmD9VpDjV3inbwGTrs +WJudMJGqLlGvhogpdWwSqIaPYlEZROVb/0WdpoWvV5RYUQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-256-cfb1.pem b/tests/pem/unsupported/rsa-aria-256-cfb1.pem new file mode 100644 index 000000000..db7bd4aa2 --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-256-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-256-CFB1,A570DFEDFC825F9F2688FCAAB3239432 + +9lUZCiEZuPPFXgNj6sn9eupe34xZRp75CwB5XnWF5satIlXHVZrfg9HheIm/00TE +iuzVIVaoA7wjqLbzQRjiZ5WPFUThaGf3RlkIDiSD/ckWGzf58y36fbcGQCGcP92a +ZyAS1jqSiozNa3Bl9yhapuL1VrLX4+ZDjgWV+AA/3XDjdGVm/U6dhSzqn7AY0LGH +vuD1mhSx1POw+UnF6wsXN7eSh9lQvS8ZumakgwPVU8U62XrRHLdyDzEvCP1isJHV +uLpRJyLQtV5BESLI5snuX2c7T+/dVw+S5X9+htgUYm7Zk071Xf+EMr6kNHs4VFLZ +XioR+/kReXXmmFPSLHMOwbxF+MJjgcM3vsw6d9IUOILuMtwz8Qn2kq6yCSBnzEcM +e/GhRe2+fTuHBTEptoQZr2BwRmotiSTxVEhbhtUfLvXRuEPJaxDoAJ36lC7zrJbH +WuwhOfIzroHoa+DiA76DiYRVjdFqfqxrPMrmRDKLDk9+tU19sqTUB4hXUaTVnxwn +sG2kvDBvU5/Nnpa2YqNFq/p5DVSz/vieEisBjcGvRbzMkpzBy+hGz3Bp5iard+GU +9LfeTalctevrLL+yPNmBZ3zxh8ICGXd2o6OzUW/hIS3A+8Ai9AiAQMumso489++8 +mPOZ90L3DkkUOSykUQHoB8kKAR7Mo3bMq4ci6wpbKHxcDs1UU7Gs7Hnnm2kz+UWy +qq0kOmq9ZW4EQ8DJL6Mrwt/yPniUopPp/AuTvg5kZ5epCBFsvgn+sYAEr2qpNeLT +Rg8lYhxJQH13R8vO7sEYMFLgvvrIOGx0MYUpwXZ0wT0ZHA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-256-cfb8.pem b/tests/pem/unsupported/rsa-aria-256-cfb8.pem new file mode 100644 index 000000000..9fdc30114 --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-256-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-256-CFB8,17C254E31F17EFEB81A06A97AD26C5D7 + +asUojDs9kmf05yEgPIB9c18hTjlqupLeqed7F/zK4gtZnQY3a6l1KOXORaHIZrmh +KlwdGcsZfS1/jfDeX5uCE1Lr0Mf+7z5oSR6xjSzjmDWhANJynV0VWy8dFUUVUYT7 +bKxWMXzqeEkt02T4HjBBs0JLEDCpQ0jBL9z8X/YbF0umlckR/kXSm6W+hOVUhg0z +tegmdUqYMRwJpP6CtWXUydpp9zVfdaS5IkItfkldJO+TtiuCZ68fFcXdYeBCYbyh +CaSH5dT275akoxBO0l6XEVrZPidiKU0pvMUPMAYfRNBvF5STLvWge2Uby4QLfOXt +Ry9psrwVVTOZqVd5IFzXS2+I0naNbeo+TbB+Ob43Vnq1O3uLFWwRh/gAyvL08ym1 +IcBhgjy+Zk+yNLgo1QgmOBqrKJm/8PkB0c1FxZ9c48jdCcCXnTWQwHcd8eyBOlMM +QCaFM9+lL7QR72D/DbkUbkdWV/0j/tk8ERVaTcWnmskOB9+1fo/PIm2I1r/cMGwQ +QRY0trKuW2avjKPqYrgiltowvM2zETRJDChl4LRvp11C1UzTwLFv98KpjC5ub5Ul +iH7aqB0UId7qmEUXNyQcq3WHax72Cc+WCHpJjpUVuLbJELnoxdrrf1i6+DGjr18M +qg5S78Wdj5Ic8uNQR6Ep7vF9RqMQT9g5Jv/A+d8XUZLg7ChpM3ixczlSHmTijVWo +znc73SoMdfxAYExZdicU4CV5eSBoPThhf7KhYhvOy0nv29L97dKWDfLTTetSfaWa +qLrOUJJnrjib4XO5qIE5z/x/M3+eOL/qdBe2X/Qx8d1ZLA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-256-ctr.pem b/tests/pem/unsupported/rsa-aria-256-ctr.pem new file mode 100644 index 000000000..da5fcd0b9 --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-256-ctr.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-256-CTR,AE393C1AA3678350154D9BF7B6CEDA53 + +Nm+j1abO5IDUDCyhI8ogLxr5fXUxhBys/vNO/88qcXbGqA7fNcqVqFEtYdftPASi +w3G18VmC5Yk9O+aMz9gEb+UemxuQzpJVvR+9iBXvkvvjAKGLXZMrCk5ugpQ8QLSi +qE7sQahRwvxj/e+eoRyHSAa17IIjH3jG1xFht7X1Qbuy/ZZEqNYGdasx59zCcrSm +4JmFAGToj88fjR5lQaBk3ADifuHyNbW4CW/Jj6T/S3224YyRtEZYTGxlc0iqgcN+ +2ExuDAEyYSGgaecTEbxtKa+RMGP6K6CKsgKiLHSDvZUElTeQxu8aYUV7y7lRtbUc +Ylbm1nOtOqZi9SrwSaK2cRN0Dw3ZtEJciak6UqFg0vfZ00Lvft6uRpEyJfoxMElI +jGjV75LTFl00SMXs+UFxox3J3NvVQQR+jnbgwJAqc8yF4ZXv6Ptl7vLWMDCJnEN8 +nHvJiQDKE2crvdA5B69HjtPmd4Txd8lBdPrw6eUCHyLwNeaB0NnvN2wuH1lAQzw0 +YdKkF8TWUCSRNza2iJe9sOzVg8+Lci8IyJTl6F++UqObjYIXossh5qCvxfIzpMmT +NzXZfD3BGeqP49BAVCIKI0AULu9c5c5n0enB0Pk97vJDtj1xKpQQKqyAGFnRjglG +hcS5iagBvHUXz6FL0BlDqvpPURBRWNUu+NwXVBFw88E6Xz/DEXUvzkDnUGK8m/Q3 +iaBt9bCVU5kQvr/jVTlYpHXeg7cj52A588sQ1SJ/y44M0oOyjj6zfOFiY589qwm+ +N1YJSEdDKs7QOKwF78qVIPqd5SeDDn/IzAgIjTfAK8yiIA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-256-ofb.pem b/tests/pem/unsupported/rsa-aria-256-ofb.pem new file mode 100644 index 000000000..d2127548d --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-256-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-256-OFB,6798508A2C71D072059504ACABCCB42D + +OUmKOC1QKC2ZdE7+1kGr0Vn+uvEvAs+KJAlmUlrOYOo5I9HVDlPd1Es1MQgr3i2B +ZsIstvYZhDNjvo4bZ/mgYiul9xISo4SRGfHIIIIhhSVjVJXHBy2ig11/yA9A5V5E +3AlRSRZSTJSgJd7Qonwe+RXCJYmdDnh0jTFFls6JlC/qxYaZiMmzxZQDpW8natkM +Bf0wPzIxX43uNv2VGfWTRwLKedS09GvInS/fxZ3Ehznv2/ihBtMISsVuXm2i3C2l +8qBw1suZ+fTZbFLj+gunxiTfd3LYxpR+1bynKPpJXcVZwhcHoLfbD09yPvlsqq77 +IoZeICkjW4WA2hi1UG5z6rYS2V9FcsPNTlmARWKMHH0rEPmVmBQ9qOxUzLZRud1q +1yPdy47PSneqC33X01XctJEPhoba+32rKBUEowHRTQY4EvbOxgjTNNtRCnw/FX3a +sbmRJHwIv2jRCOeE+8XlSSnmIVu2CfqkJoKsyrellRcRJtE+yYII9zjzsHA5DQAd +FeKpBQdwhKC+Q7uFcqNniBskJaboguUP0LRL7NQKDQDDaxhUrSay6CMNxoJ8TE6K +MP/Cdl/Na0GLRnxHW5+GmydAIpu+oqhxhICdfzgMzKaE1XFPf31vupTfmRRfQGC0 +MoVT4nEt/+GKMc8gL5LgOICSQpQkfnLRxftXm8IVYSLB+EyWMjwEGgSTpaLRfiSk +wvJA1wV/yxGWHQPhVGTgSMFaPMoBm/qSzRDcEqbgi5Y/HfRui7ppOVGnZQ7DVGvv +JuN21f3cVgZxq9Jw7WjpNGH7MURotxSglHkqLQzS4D1Fyw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-camellia-128-cfb1.pem b/tests/pem/unsupported/rsa-camellia-128-cfb1.pem new file mode 100644 index 000000000..bdaf7ee43 --- /dev/null +++ b/tests/pem/unsupported/rsa-camellia-128-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-128-CFB1,5CDE94606F26A3CEE27C797597BE100D + +yShn7gdjh4yv3ge6s84RwF8/j7lahTaba0j3AuzGuVosZZcZLoX5mzzW3kLe6HSA +0MBdPKmbvD1LQWNChOqWwvrnHuS8VyKVHba3u1L14gjwjICw9YNB6ABvyDvaStj0 +UW5CXTTTMRvwaf03ZU6GvFuHFu8qxRehpVJFYoGVqzyfRGnBrEPVWsz7TKmdZgS0 +0yzdoXAFl2Wp8gDgQj/4QU8dhbRrfI8JEdM1a/me3XnrD+NBlpyUAIMXFP9+TyCP +shWXmbUp8fAqPQ8zNAh18u/UW+K2j05YiWcC2U1UNeXM11intUMNx79xJzqWlytA +wfmU4tvHS0GCmEj6J6kkAuHxiSdtj2NeI3T1wPfaoSgjjGfHSv/wQqlpCoNH7pDL +1ofNLXBS8XqjdPz//ufh9w+4PyB3j4ctbPj7nzD4JRk1csLw/vKNSAtAo/+4xO+1 +6BP0DKSkjsC8Y+P1ix4Go9Zr6lsxfvbtY3dwmajeRyLRkSe9j1h0O6sIycSt5+aY +cwyxvbX4eToiEonB8NsVBSFyHmq5BUaNshQ1D3d1p5ppYA0CoCXWPxrEetPVxR8z +JBOEGK/hS/gxaU+DNtQeSNxH2Vr0Zr8XwNOwy7yQaZ2JngqhHtuc9JzmkKbZqSVx +M0k6qiadz7IZyicq++D/UT03deOi64dQHdHl48K7ZG8x5XnRYNt0vy5anpsoTE5a +5haDBav8C00KQJHj+feKtIdfgEbsYQyuufMJipXszUebN58pZAlKqS0ZO3cYMCyd +omEH73CzjUh3uwiEveXgw26X78YBqWHlGbguWguu4+jPgw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-camellia-128-cfb8.pem b/tests/pem/unsupported/rsa-camellia-128-cfb8.pem new file mode 100644 index 000000000..4b1c166a9 --- /dev/null +++ b/tests/pem/unsupported/rsa-camellia-128-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-128-CFB8,AD99550C04BC36C7895EDBB4CF1E4C4B + +IbCvKqil/QTa935W0p2i3pzo1ZQTAMYeS7kP5UOfBkZ7w744DOP5mQWuoGTblkSl +J781MP+0KE3hVRgrcrRwlBKu0CkyzwXeqqSql9ZPnZXKpkSmQl8naODDq2cdn/5K +3xaL52ot9ySCdY84HgyoIy11sdHdRvgUaTnFsFi64lirHPcyLAFmUdLsFXR1D9Yu +4bP+NqhjZcNJ41eSuVL+9F4QNGd+SZqAdSm1VVAjit7xgBp5ayFzmi36S2/Uc0Bf +BVSI06q/cC21yw68hdnAMHT5XeAhff1myRCGb41joIQH+qZFoBAC56TqKgJHVahR +V0JOGRq9Y8l0ZyOxmbtwdvG38b5Y5HCbb87FtK9xruxyz4juzHGD1MCCTqaFU7Ec +p1E1j73fpw2OwfTCe9pLM17aribXZThjgiykaE0pqkxl4PShvyIM/N6wCXg1yXgx +kgdEtcOdqcJv65M2ljjLB9MpDw3Z6Ntcmnrl4VzVG1Sl/LXn6hj8B/TC/MDv6UGs +Jgv/daG48qMV3XB0MOU0NF/xCjlDq79TDRImJHlzPVxy0RDIgbSR/F2gBsxgikfY +1JCRm+flE/tegmRKnnsv3ewkCW/oUd3LPzVe7reNN7tAf/VctxLcS3N6YU+o0NM0 +pSf/uzXE3Hj2NtPwJlWRRfgr9q7DMzQqyZHt1r05pYHTZuG+Iz0T68eUoJm+N13v +lNREl5QHEZRj4inHhhRSUxdZQ4hZ/8b0sUUpaYrbneQ2UuINzXYOzRxdX7gZin7V +uLdxB+l0cZ4MDNbhH+RaMkSyQmU1cbpGbZKfMrWtD38O6w== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-camellia-192-cfb1.pem b/tests/pem/unsupported/rsa-camellia-192-cfb1.pem new file mode 100644 index 000000000..3c2beb15a --- /dev/null +++ b/tests/pem/unsupported/rsa-camellia-192-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-192-CFB1,B8298D283C5EF29568B4F1238A4E3090 + +r6AvdtTUBhZKlhsjyj+eZ/GDuTciht2fBPGoIY4cwqdyh8BUrIOLhI5nYCfYTvLe +Ul4dc9A2b2JuwPguCBfV89SGvFEOnAib0Vf7K1VaNy68GccuBWfXyWkeKhMPFmt7 +EepKC3FZ3LvbHx6tWulYfgyr3nyCcwFpSENYgVTP15HkpvPfxCzM6u55khRpTIZv +JMpGglx3bwd46ylhiAOlkeZOA1fc5mlL/det4uL6O0zLUqvgrJtmTcM2Gbazz1+w +R3AVlgTDMOkdmTiVkCeLUWI36TCWubHKarhWKLNGN4G48tj07/+ippGrLSvs0Nfv +Udc+4imOxgWOYG5ZEH9UgbRDaRmZXwDvImaEs7V8/vaGZPEwapRIvKOZV0/KDiwA +5tmhRloVShAENqNsXJzHTPvVcoqzxiuc1Nww4o+Ik9X3w9jWXAmFiIDVyWU4gNwP +FZeorDEpKD3wu+WaLGo6SMANFbx6b8KYXRLxwgCcHHaS3bMHNk11jVRhEUwg9WBE +vYrExeLtwhuKt4SxgUHNd2mtrsS2TjzjUVsoAipSOQtD3XasjV5uSDNg2KDnc/oC +CZ/ROX+IHr0W0CrS+D8KtOAArPef1ciDbxR69QhMJo+MckZcGhre53BgyxCyzN2L +IUxj2AkDpUi9hsK3YPv9BnPPE3rCIiMtgYVnTUaGchs9EV3s5lSe2MDRVGu3rj1h +H1EyqCEPPnmpPP5OXCGpOQCuwgE0mNbYftkeRQ9BBZJrRinHRuo3C/sjWOb2D5Jq +zmEAi/CQZkA1PBi6XhTRaPheYz2TCvURNToTiBIuWDKNrQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-camellia-192-cfb8.pem b/tests/pem/unsupported/rsa-camellia-192-cfb8.pem new file mode 100644 index 000000000..e258564b3 --- /dev/null +++ b/tests/pem/unsupported/rsa-camellia-192-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-192-CFB8,08DA172F25F18F682007A54E53C45C37 + +inBfkD7OWHVVmQHRs7VklNyt6JdGnLzQvVklqCwelZEj7SOC9uzMaCBOUrJMGiwF +EkQRuMabF8pGed5kCq9JBO30ixKhhomKbVq/CiId4rn860NfL8qwQY7KHRnxKRGs +aBNdl2fpkGJGzr2MdedP81dyba5MS4D6hV6LJQtFcugy9wtuIk/iR6jB+qn26+le +8QKTxLGw999h+OXw4MX/EhMzT/ARGFZEp+xJew6KEYWSHxKkDiKpa7taFsqsWWyZ +JUOLBBU2QCp/pj5Ng4p216kvJdLtx3haxHUEFKBUqry06PRGVH5kL/WQ6Z6keT4w +ZOnU/2xG7WL6saU8LJFEFqjVry1QscKlO3lq2azUmmfEH3V+wN0dYB54aNYJcBYg +iOFURwRgjhAERZxke/lF7yDd20hbnt+rmCIYJpBl0xxpa298fiz266wrWTgI0p6d +LPuA+XOlZYCyLvzx11mClIR60Z2teEHjA51VVNlkmUNGqtd074eyTuLMH7SFOL3t +KApdsLQtEA4haAz/xWN4ORmbJSnbSTwIPq3sG7OQkPSYmvlihnpr6b0k6hAw0u/r +MWPZfV8q3HLEAET7Cn0lvDWn8ya5N4uqSqVSoojezlePimDZmXp/w5SGUlnMvqx0 +8gONwWKfVvUNbn/FNI2dyboQErp8JxaBLkj3qe/+7dlp9g0q3zHirBQVcQ8iHjBd +HXTvOyeU1QAgtVvmzF+02qKB/j2EctsSIqZRqJOEMdZZ07odgxE/icUnMy+1MRjB +y5TAXaBsF29qRi/+YFP/p/JwmmisIxrJn6HDtEtTVZYE2g== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-camellia-256-cfb1.pem b/tests/pem/unsupported/rsa-camellia-256-cfb1.pem new file mode 100644 index 000000000..e44cc11a0 --- /dev/null +++ b/tests/pem/unsupported/rsa-camellia-256-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-256-CFB1,CA5AE601415612BF933880E9E72B4C92 + +9iI6iMRbNnWCVYWYI44+dTBnZYuIaPnyRmOyoERHscBcsJQU1EEBLQxnxuZcmSM1 +yjrQokpQYb54JlxY+lzLLmtfnas3eLtUpSHePwqnpqs4D9odeju/pj5pmWFAB2Ug +GqLu33qUnzbBzMAntXVCJwSsOVjTLovCL5ErhN1FqJGxqNqSf4Ht0AXlvnrFRqam +Zc4+hQcMaZT/BLtUHmB9EmoKX94JlTdZy0Gz9+znXhCO3QgGy+VOiCMEfi8jpGmb +IUaf8aPzTzh7DfM+/TRHDKEvSYUW/x1cDDLZrHhecDFQT/IMcfYVtiGEslhdHAq9 +89M4EVIy/bbIgqUxAOP65HHZ8F1cpcRThInWFXvWMRrQso/7/pMwQolxfVYOjZfR +n4JjCX0xjqtTFGfF16CN+AOBul8vinWJa3yXtGInSO35PVte4IxK3EY1/YbgmWzk +mZgxrK59HqalNIc+yFPb7si6CRgygfWE9Vy449pqXAUADzD4RsdSjTFpTMt9zxm2 +M/Ej53AKfqmVdtb36PvphsvxvnwoducR/9adBbB8EJKSYo1cVTPXt+CHXB3th9fd +0pwB0t5JSXGHf1YWaXK2qmMDCXFEtOJVBvnuOdoxJuIyZRW6Z6SBC74twoeJTloG +EbRLnw8qVhITtllp3yiN7H6Y5vO3bIcZqb6ptLxBt492HOo5GdBPROL83vr9sb+E +7Jpf4ryDYBNjxit0UC578/UPYNsDk9Djb9flN9LmdEu7kBZp5nbZIeeeyntk42Zp +2mxUi+KflmR6/Umnv3IpHqYgNifSEJe87WknE86WMmZNVA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-camellia-256-cfb8.pem b/tests/pem/unsupported/rsa-camellia-256-cfb8.pem new file mode 100644 index 000000000..5b5a90132 --- /dev/null +++ b/tests/pem/unsupported/rsa-camellia-256-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-256-CFB8,5537C1FD001AA3A278D156C48FCBFAD8 + +vUwDIWFnm0CSBKxTtPLUqMB4JDraX7+OeHnu12VfBhjqtcfQHtxSST6vfx9osNg7 +T6Uxae11cHW4CqFbP41JZjdMLJPh8SYQ47IkpQuGEDMRcMzaJHF5KaSzCgs7JiFY +je4NrPq9Sm26PnNBZi4PAs/F5XcBXQ6wR7Pft8mvWsnFA3S1yn3ud0I/8F1kmiK7 +Kk+cFlWOV0PQ7OSsxbTleSqELQvr7x7CMqpteXjYzTInB9R5i9leoogAEsls7O/D +U8TLW7uutCIALV92AIG+EjhpWzwt4UGpRcn3UY5oUs9WUjXCnKdwDrRP3vy2e20+ +Ce5rh81Cizn2rXeXVnDt+IF1QtUbkBUvWgmE3VWkg9bDaIVOk0RjKt6iBxe4gWK2 +peT7Kgaa5udxBD1un3+XhPr8oQi5jRhqOD/6HStQ0bPXGGUcZrlTSlMv34KxklkO +/3qdK1CE3i/CccZgN1uhbPdaRn1Xs+2QS3b+9ZfokkxQVFMrsA/MyMAGqV7dFL/J +MPpVA3MatuxxBoQHzngOjK5+h8xHBisrrPAZAG/VkQBD/8oUlPwClEZH+s5DvAG8 +8v9eoV+kvUcEGAzaqURW37+VSqmmbiy6Jq4YhTl+FoSrerbB9XWO7UOvgNWs6YzG +lFLjw79074VHKrNd4pyD6zefFaZ0+LlLjFdDEb+W/Yfk5+gJvY0+E1OxmsyVzZny +I72sNJq8+m4EgIryAP3SFMElkkC9yuRnxTpTmLsVqmuNH/Oht6HoA00CpE6kQQUT +mFymc5VQI+7ClNIWylZwDflEUXmdioGKg2qxi0v63oVxYQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-chacha20.pem b/tests/pem/unsupported/rsa-chacha20.pem new file mode 100644 index 000000000..ad6f6d23b --- /dev/null +++ b/tests/pem/unsupported/rsa-chacha20.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ChaCha20,76D5D46424252459EF8D96B1119F49F3 + +joUj0jac3xH3O69VFpuogUKCf3neWW0AX43N6eJJQsPUXwC7TZ1TgJOUF/LZa6gl +i/5yAGOjovMyUGhVZVlxEQusYyOtiI8lol0AaEv1n+nvMHxn6px93+9DHEDD6XqV +c8e4mo/1aSbTH19sozD2Tt9xwUAMXpVEu8b9dts+lXE5MXAfwpok2W+kLLHL+5+8 +63pRot7CzIMOTY+Z4C5KtRI6Pgw9fmGDx0IC6CuAjsg2pzeLDngDIVcdDlfelHfy +KhpDnPUZeY+fQLqTDjllZa7l6rjjW9r7uAtOfpPkbV5e9+bMjhkCnrn5OUqlz0KA +2rC24wOnfQ5r3ILpZTkIx19baPr/mShz9Grb2+0+aJOEx3Vifk+h2q2igVut0Hzn +UHJzmreg8BXVEyZv5UcNDIfHmFwKnZQAdGhbbNSfHllFgorZ4DOn7Mcc2wR7m4Jh +v1Tkdjb4VtqOF5zTP2TbIGU1y8Umi+eXNtXUK6whAFPVlFhDrFfHpn1YBIsu9kcI +UjgY+VIcT8Jj7TrXYMPY8P59uXfta+07X+pkT4xkDbr6qjYwslllmPAMRbhS7xNM +8+y0QTeB5Z4txEywwjkFn67kXwnJj3lYNS0xZFsjCz3+6Sq75TwpMKN91CTK2cG3 +swT2CGHUk+l/ypec/5QpCdFS9N7MhAOZEJpmX2W/hnarYWI8UmohrqRtz1duM9QJ +PzLi3cgPzeN2Q7e70GDJ3x3JO6BObqXCtlmEdCIwmrPY1HZ1fgTwDJg/SYfnttl2 +3WmERtFppmbvtUBb+dahnQQdVU/Jw/t9WubmJF7VeHayPw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-des-cfb1.pem b/tests/pem/unsupported/rsa-des-cfb1.pem new file mode 100644 index 000000000..ff6f54f3c --- /dev/null +++ b/tests/pem/unsupported/rsa-des-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CFB1,6293609157F95999 + +oZByTXPct/RlUsozirjTviYda7DTEWSKD9TmuJ4wWKtk/mUnvWUXocUXlVB3DLQj +9JQiv2G5asaeKnJUI8LlKURctZ68n3uRfUX69izEGhawsbFqVujw9EyVM4/RwUf+ +vfUKThsgyBRGWltqQ/M5ntURKMDteOpwk+3legOYDjj+4qdKidggH1AK0qeHXdvq +LFhf+pxYk+uqhMpF+zI83iQW29KA5ogo3qdy/xabnRyiLhMuzEa9i51pJGL82I4z +jzWy/ntcV7+ok1VCPYwBLO8Kys7qs/awS4cDb9sd+Bv7xKBdTIJeqJv6cjtC0HZB +k893z5Jt5KOPzMWV6QsYjEAh59ov/2UXQTfaSLZcVA1fGdy1mNV4UjVfyOVhhesC +jrktiBa5k2TJK7Y42L9YVTNPgPOjV2/eeyCWZmvIJcn7n69NyFLYBdq6Cmm1Eys0 +EFDpVv7JOVFha1S0xZlJ79SAroaa+hSgltIblxbS2MyGLCCf3z2fZ4knkRC2a42e +LOfcPx9enLqFUXOUtckwRhG6As07u8waavRfFI7LVQfgEcVHBtK2K5dd2trguJ7f +WA92CWqE+yRvzz2hUS63u87u67nsZSLrqT9Dc4az50A12oQk6qwxFpMHTyo2joRA +T7vI8GLdtk43AGYceKZwhwTTFLwPa7caX5Kq4L3TPaU9B9tvriOqNFwqlLOC2sd6 +xhqF8OBdN76uapL1GMbpAxEp/cbFXj8hzbKppTnGsGyZU6wqqCUraETNFjkNX2YB +xLKfIDCwvNWFK/8qCO0L0XHaG5Y2sDX/Djit1cDhqtDD6Q== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-des-cfb8.pem b/tests/pem/unsupported/rsa-des-cfb8.pem new file mode 100644 index 000000000..23c58dc28 --- /dev/null +++ b/tests/pem/unsupported/rsa-des-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CFB8,D403C0C1F32C3152 + +vq1T+cbqR7fdU7qVO3pdk8mVuIJXsdfDx40me5Y20QBHGjrKN62YIgguEGRaGxwZ +mvAa5f4juiQ+T+5a7krNqmRbJcgTo1egWPoMR2iPsdrrMZbLRjcPuyXa+Moon3XY +Xg3OC+bOcn4NRPsnfm99J5aXzV2Qz92CU9eIsQbEgmtJoJRAcjElt50b2vAFC3qP +4WlyeYHH/0LD02yvWlCzOdgnvVAV1dvN6gTdpAYs9sl0MdSasHVl0M4cnR1yBnNh +qzNHV6tzijjrloFG+GNSEMDWY5dV+OFIA2lqfX0EQYbACbPHypEQ/ZK/SyFf7L84 +0G6zcfP6CktYDTxG1MJkXc69LWiO1O9/Voyu40eDruUjxpMJVCSIlQwI3mfNQA67 +BLe5TMku/+Xf0d/YcDp9pNU7/+TV9yJJCzxtuAp1qBa5XVCTMD87jQ5ZMCvPBGdz +i/DOygrL8tr4ASLqSbNZYoZPzSBNasj7ke5cmRBKZBtt7TMNYi6DOiZccRtivqPd +Y7BpPZ1BvgAO8bT3DPC//ojY+XHKQltgMGStGrJOTXhPyTrz4vEfPK+RE644VLNV +1SQ0EdzumkeQi6h13Q/gMowqqYCWGwIvT4O07E+Dra3fwHBV38t7W/DhtgJF9tHo +sT2p7LnYQxnw79brYeiEctIqLbmqizhW6VzvmbPFfMSy9o3QFjcZ4KGP18Mj1USR +TKCBfnbVqZLEIOq/rSVTiOFTHnN2l6KRbqEzy1itwR0bvfmeXN30B4eY66Lsr7g3 +BqoWYmRZHXvhCAwaF5XoVZBqG38C5Y1wOovK7dmf1jTPog== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-des-ede-cbc.pem b/tests/pem/unsupported/rsa-des-ede-cbc.pem new file mode 100644 index 000000000..a75d57559 --- /dev/null +++ b/tests/pem/unsupported/rsa-des-ede-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE-CBC,28FFB61FA9A6BB4B + +gQbFrtQNCdJ7vIPX/P3ZcQeeIusVjP8te7F5eRwX3WksJGnvpgVwiM2G9kphg2P+ +3AGBymUYON28CN8rpZWF5sEGo79Y0tBjAS1bK1RZJTdpJAc7yOeJsXqOFyfSLhJI +1qy6W6kaN4feoSNldNdEjmc7vq2rqGR2N5aunnljV2JBegnUgtuOUGpuD1ZZABhp +O4ay0fyfzKjdDTTmZBvepBlpNOCbkhYoVzOoLJRxvgCkot5ZE01ei6CYK0esT7DU +O/wZfq+XNpQjDvH3ZVEj1Km4cp2xa1m9a4XHMUyYuDkott/KhaHf4z9drjQ0c/VT +CvR8SXRjrQLpogDwZmooYb3OUkdvQpGCdnpGJlK2lixr22EMrBRqcdVPveakpX60 +hFJKBq/pue9Z8GdedBwczlHIsrpahD4wtEoBJrVvY2xwZQlBBg07lbaRJEzJFMjO +tXY+NwhpyRXJ+XpvSn3Z72MsCLJxJFssB+3DHYYeoBMYCXg6OZ5gSGPVQ7tbqCw8 +X6aDDYXN6iPh3hLSml/NFy6C44WNT8QsnBrrU+sxmCwMqi1BoJVFc74w42Bi5g1O +aIp6ja4cWU64PhQ5acoP6c2J5psr8+qoPvMwcV3DEGopRXuXOCJYjKB1vkt9gWfQ +7XNaUH/xEzkvPP4uh8da8925hO/3/IztMq8JoTbcUxwcqX6Cb4NrE25g9JmvfKWz +53G+ThNJ+MsVWqXam0uHk8XYrOYVtlx4KYe7A3Bw4XLqxpKbeo18zoOeBnIyPKYE +XRfdGUWVQTW10yXlkntEcQ7EuZmE4YsCaTVvw+klmHsLnbSzBpn/RA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-des-ede-cfb.pem b/tests/pem/unsupported/rsa-des-ede-cfb.pem new file mode 100644 index 000000000..071114375 --- /dev/null +++ b/tests/pem/unsupported/rsa-des-ede-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE-CFB,D2EC2E14E45CF3A5 + +w8ho8faFohU73C4+Khm1G6qHcCv3k5HuaC8e4gnXify76kDRMQtOLiDXR9bhUvC0 +LRsE9PQ/VV33posoTdwht7gvrDxGb/OPmynIuMBztwSCQ5M0Sy9cVmGIdSV7IqhY +q2UaL+vkoEH5tQs29IkUB1nDDJ2hMSk4C44edbDwc/qwhwsN/aQIj+v0GiH2N7F2 +9lpS4idwtERKWisaxWYo27D5K03AA4952Xinh2cVORcrV43Zky/XwxB3Kunshrl0 +w6vVRwgTLMVHxCe1mfM18lCp4hMRbJ4H/yKsOEPKj3QyvJEzTTicvD+v2IuvlaO2 +3ca5rOu/J48KK7q+dm5P+HDZkxMUejeVebvbnn+b4Wx4dhjbAIJqFJ8nTl25Ksk3 +R95FO6xPT5X8TQrrJWgi50cXx1Tx06eYuILG6nlN2Rb26DVuoaQHdrCQ9/22Zkbb +gHBtXbhCxTFWJENt6tiRFAlJ314KwVoTXOtwH2ILWGu1BsUBVzOnlA8WP5gAfzPp +/zj2ttbZ70YNdNTX25BpAO2klbzchu4d+RLGnhQH/GgRA0ilm8DJ5gpSMG239IJY +a3dHoraCPTYldcKv9tRbxIejlVZ/f/4uXh/YhkS9YL7q6TK5hoUK8gqa2k9HPeLL +S9h+c5v8sHWXBt7OQpSsi3uEHnwC7FhIMNwKjg4cPrGBuVzTaptIsdBTJyiLfD6S +PMFYaq1GUe5VRjjJqyl2Zm5uAWEnzxvP+arZIEBsYVsCFapmsP29SxKS2Ofn7Nlm +CYtJK936wPvqF30v6no9mxrPfYok1QttxZAr1PQT5e4ZLg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-des-ede-ofb.pem b/tests/pem/unsupported/rsa-des-ede-ofb.pem new file mode 100644 index 000000000..15879f746 --- /dev/null +++ b/tests/pem/unsupported/rsa-des-ede-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE-OFB,325013F43C2C8DFC + +o825cb02Mq6/X3ifbQxkLFHWO+hQQeuebohmv5Tw27EBmrAJ6eUBgNJGfrBzNnao +XLa15Ok1bmV0iEu8dn3kxb7vi9xNjqi6CXWrOcBVgesxPTGwPPAurHGK/tBG9Rf0 +jKAUS6i0cnAanACOO42P287Ll01ajyRv54lc6jpJP1CaEzsKSownSg/kKvILxgMx +4M6/LwgPzNXmyq/yDkW9EkulPT0BlvbWrl3WxlOCzzhlP3yN+yOF7+5vWXSnFOU1 +hk8SHEwRnIQEpXhCEVLMS47jaB9/SHfSfY1eS1tWVaV10tzSMuuSFC7jqhLJR8wo +KZdZV31w1lvAGfRHc7dl0KJx0H2UMgVCLl7XMErmf4Zug17RpgW86QHH09r4Z80a +uY96GHAJu4PF1EhNTjCjB6QQQruhwuJ8XWZutu3oOYSLr8/dBGnBOtvud07wwGPe +wkuXvknEvwBYfxv157LaKKeapvpBof9MvIqhGf153/xSPaQHUwKFovfwTiIDPDBh +e6TCsUHp2H68jbJyYD3PM8oeaah8oJsB3gwwD63stVnqSgU4gQhZd718r8ULLhUr +uoUtcxYVDThjvr/dxmOz4J6HYIosQrDSQmS2KYaCb4hO8NpuJFcy8u4x3kFbMRq8 +HPPbAOy87H7RwLRS4WapLxSxJmC05CalANXZrN591Uw8fHac96P2qG/Ma0lUCJWE ++2LnOK2pDRzAP1ZKC6ZhcuuqGTOB+940J+B00jyzlUjot4JMm4bvC+4CInNRThEF +7qhd2lOT6+BK1/6qYSVu/cHkp7Bo9vpmXZhztau2WznC0A== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-des-ede3-cfb1.pem b/tests/pem/unsupported/rsa-des-ede3-cfb1.pem new file mode 100644 index 000000000..24629569e --- /dev/null +++ b/tests/pem/unsupported/rsa-des-ede3-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CFB1,0419E39778AFC124 + +GEeMgB+RzmdnJx9i6qX3jmy4i2CyTvxbV/GlRwUPeuMRXLb31Yvc8R2FwKZ3rl/H +CRaMYGig/GelIdcOr5U6haOp57fTJ0BQIyYksTB4wi3fbVBVIl6xgMo1UWLT2IR2 +odu5d0Y+AAh+QzKHHYqnOguM3EmQ2rTGQFbzPWuRpMIu8TZjmsPWMgQlW6mDf90V +iCJfbuQPHmnUQH/pQPnxiSacsxBrxJkxCHEvgBrlRcG2z+ttDqhISBJQ0L2sDQuQ +2Ukab2bZxWdWR5d06X5lb8N+XB1vxIuhB7s/PgaOhus8Hf5OwUfYHN0w7v5aymyS +nBvQlF9CnsmGWjUVjqWWCNUtV5Ip/W7NGFbBPKDr6MeNTOEmTUS7m1XZt77AcC7L +8NWMaT3mAdixrgwTbwJj5Jn+IMR1UXBn0+az32+ttqIiOFp/NQk0VNayfUz4TBKg +PH1wUzBVRlCDks3pUguKuQh/AG9HWhqFGQLysXPtriVlud+ERQ0BeHnkAU4c2yFc +unEnyXiz60C68xCQsDvt//Meoft8DL8oyBe+qG/fYBj+jspuLorlAGFLChkhM8Ms +2t/RfNvAQlF4DZ9rBvMB1glpQX5OIwL10iqjD8OvMD8WG/MrP1ncoWuSqdrDSaXI +GZnIS75EDBcjJu7nW0p409XaGu5665G4k78zN6PHBNnf+WW7M7pNOFAjC638fFFO +3vD5DbWuWWsiu3+u3Qqg4c6HdpCVGUMgmODDH/VamYmas6eXJpumJ7ro2yZNmeBg +FIO5SdUJhnhiPW0fum1mV6vBvLeo3HhTPW03zq1eR4dczg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-des-ede3-cfb8.pem b/tests/pem/unsupported/rsa-des-ede3-cfb8.pem new file mode 100644 index 000000000..547e52a65 --- /dev/null +++ b/tests/pem/unsupported/rsa-des-ede3-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CFB8,2EAF80F254E8E368 + +FYxKFpbGlvyR3Fy4fbDFKxaSPibxBg444Qj9K/sN6vHsmJNCM8TiSKz3Rzz3pYlV +bGV6HCi/Rh5W3wFJpMjvyzqRfZnkUWo2u5ZwygoBA7qFaWfp5hJil201bV0DNx7b +c9yAQGGnoqsXw+brgrCoIIxUXnRAPNIVmJWKdvLn40ksfxbbk9z4/6xSyX90TpiD +oUY5v8zeereJgZN3FS0+DSY63oq8dM2oHtHYih0iO4m4G52Rf3xa9adZeFqObGXL +TMEVD1dwkxiYgkwKt/bNC1STBHxF/a++OreUKOMrHV5TLyIlQz9wnI94aTnO+3/m ++olRJJTLIt8uADWcyl3/RmiksIyxKosOZ1VKJy6dFG1EaGdqbWZEXfZZl6J+SVQj +TIifbvR56+6d8XzP6d+WSE5njIaXsQ3jWhn1EGzHCnPJ/Ed+6SCOpUbPig+TdoaR +EkwfhooOaodwJdu2TJfTsrydB++C9/uAxAP2zWjVWzKsot7f+nKah51Tbb2ILeB+ +PuQbt3q41iJPZvBmWhM+wCsu5nwMF/z8jMOF/gOiJYI/9k+XMDUc+kJ9d7lk3/Jt +aRQ7/DGJ22cgGbVor4jChTS1ZQyvlURhBsegBoGPZeOA/1/V/vKdqax4pK+icpQN ++cmfSxQQBqZl36xlSEH8KBnh5L7ZxSUTPfF7x+ooDK2e05LDZz5em2d5gLVIMzJf +/zbJES9R594RKBtOry3ePqa7yAgorbK70rHUu4pfmx3dRr+MefgeDrtyOmC0i5Oy +J9/pbFaX4pkBHoGWJExaYwbpJW/Iq9sGeb8WIwEvzEpEjg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-desx-cbc.pem b/tests/pem/unsupported/rsa-desx-cbc.pem new file mode 100644 index 000000000..ab15692e8 --- /dev/null +++ b/tests/pem/unsupported/rsa-desx-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DESX-CBC,7C6B3D1DF2ED3BE2 + +kib+IhIUbbFzTAWj1noqVveQDvmSdsaZsbGpn8+dGBvQid+0ktvurQptooMR0omH +8FvKLX7rQaVk5VejPzYAz9Qq+78JVDI+hxzdWEqSiRvuKDWKOssUa1m4k5pxxnJz +tC9WYREulZ8QLHHOeWNDK0WZWrLGNuXX6m6P5wZw68diBV9MQqxLvao69lJ1sVb2 +F8xRolutpVBVe5avHlV2U9KqA4Sz/L5276C0763/mXFRGOM+OZ8nQOmQbK5sziI9 +BzK3Tje4bLQ0rjDGERVseDHGUF85T+xwoRRBK6GH0RYDf3cHNRYYi0p+6XdfM45t +AOU6XXMrXQEBo7kpFcdg17JucHupBWvI40vlNuRxoHceT0GYv5kZQn0l0zP2qLF/ +G3HIo/LCTRSUD5QKccS7uS849RIgDatD+iebTTiHqbu+WfSkRX5/HWRKesRwT3wt +WOtwyMpXjRo4IT2Yfu1lD9+Xawwu5BuRPeLFadgf3XdwTHhmY9NL4oPSY5dCwcG8 +uvI0mG6tM87elUr8X85sQn9ipWEKBTo0fJZ9MXgAJSESjJ/Z1wQvx5qHHJGXB8/R +qt/ZIkNtaHZ6Qu+tcCbcz6waGxMXz2NjqDMYV3W4Pjm9+wn+OxHr7nZ+mwcRTHU5 +e8wn95JZCbbbJa9DodhhEbxDbIJ5NRd6GEYbk9q6CtnUpNIoN1jJ9mneBb0d0BI5 +t+pGbFxmoKVBt8AJ6Pi8pUQu7yokGiMsjoh4Me0UEFk0pEc2TZdb7v+HZPa+Wg1i +ZLmjVjlwlFMtwvAN+ihuO84d8pjuLnIJ06QmE9x5gh3xC7nkUCNMKQ== +-----END RSA PRIVATE KEY-----