From bee3ad2a2af95b9701496d66d5422e46ebad8f31 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 26 Sep 2019 16:23:18 +0200 Subject: [PATCH 01/51] add OpenSSH Private Key decryption demo Signed-off-by: Steffen Jaeckel --- .gitignore | 2 + demos/openssh-privkey.c | 272 ++++++++++++++++++++++++++++++++++++++++ makefile_include.mk | 9 +- 3 files changed, 279 insertions(+), 4 deletions(-) create mode 100644 demos/openssh-privkey.c diff --git a/.gitignore b/.gitignore index bd45adc96..217b03fdf 100644 --- a/.gitignore +++ b/.gitignore @@ -34,6 +34,8 @@ multi multi.exe openssl-enc openssl-enc.exe +openssh-privkey +openssh-privkey.exe sizes sizes.exe small diff --git a/demos/openssh-privkey.c b/demos/openssh-privkey.c new file mode 100644 index 000000000..b941ff3bf --- /dev/null +++ b/demos/openssh-privkey.c @@ -0,0 +1,272 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ + +/** + @file openssh-privkey.c + OpenSSH Private Key decryption demo, Steffen Jaeckel +*/ + +#include +#include +#include + +static int verbose = 1; + +static void print_hex(const char* what, const void* v, const unsigned long l) +{ + const unsigned char* p = v; + unsigned long x, y = 0, z; + + if (!verbose) return; + + fprintf(stderr, "%s contents: \n", what); + for (x = 0; x < l; ) { + fprintf(stderr, "%02X ", p[x]); + if (!(++x % 16) || x == l) { + if((x % 16) != 0) { + z = 16 - (x % 16); + if(z >= 8) + fprintf(stderr, " "); + for (; z != 0; --z) { + fprintf(stderr, " "); + } + } + fprintf(stderr, " | "); + for(; y < x; y++) { + if((y % 8) == 0) + fprintf(stderr, " "); + if(isgraph(p[y])) + fprintf(stderr, "%c", p[y]); + else + fprintf(stderr, "."); + } + fprintf(stderr, "\n"); + } + else if((x % 8) == 0) { + fprintf(stderr, " "); + } + } +} + +static void print_err(const char *fmt, ...) +{ + va_list args; + + if (!verbose) return; + + va_start(args, fmt); + vfprintf(stderr, fmt, args); +} + +static void die_(int err, int line) +{ + print_err("%3d: LTC sez %s\n", line, error_to_string(err)); + exit(EXIT_FAILURE); +} + +#define die(i) do { die_(i, __LINE__); } while(0) +#define DIE(s) do { print_err("%3d: " s "\n", __LINE__); exit(EXIT_FAILURE); } while(0) + + +enum blockcipher_mode { + none, cbc, ctr, stream, gcm +}; +struct ssh_blockcipher { + const char *name; + const char *cipher; + int len; + enum blockcipher_mode mode; +}; + +/* Table as of + * https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-17 + */ +const struct ssh_blockcipher ssh_ciphers[] = +{ + { "aes256-cbc", "aes", 256 / 8, cbc }, + { 0 }, +}; + + +struct ssh_decode_ctx { + unsigned char *orig; + size_t len, rd; + void *cur; +}; + +ulong32 read_length_and_advance(int is_length, struct ssh_decode_ctx *ctx) { + ulong32 r; + ctx->cur = &ctx->orig[ctx->rd]; + + LOAD32H(r, ctx->cur); + print_err("%u\n", r); + if (is_length && ctx->rd + r > ctx->len) DIE("too long"); + ctx->rd += 4; + + ctx->cur = &ctx->orig[ctx->rd]; + if (is_length) print_hex("next", ctx->cur, r); + return r; +} + +/* The basic format of the key is described here: + * https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key + */ + +int main(int argc, char **argv) +{ + if (argc < 2) return EXIT_FAILURE; + + int err; + if ((err = register_all_ciphers()) != CRYPT_OK) { + die(err); + } + if ((err = register_all_hashes()) != CRYPT_OK) { + die(err); + } + + char pem[100 * 72]; + size_t w = 0; + const char *b64_start = "-----BEGIN OPENSSH PRIVATE KEY-----"; + const char *b64_end = "-----END OPENSSH PRIVATE KEY-----"; + char buf[72]; + FILE *f = fopen(argv[1], "r"); + if (f == NULL) DIE("fopen sez no"); + while (fgets(buf, sizeof(buf), f)) { + const char *start = strstr(buf, b64_start); + if (start == buf) break; + } + while (fgets(buf, sizeof(buf), f)) { + char *end = strstr(buf, b64_end); + if (end != NULL) { + if (end == buf) break; + *end = '\0'; + } + size_t l = strlcpy(pem + w, buf, sizeof(pem) - w); + if (l == 0) { + DIE("strlcpy sez no"); + } + w += l; + } + + unsigned char b64_decoded[sizeof(pem)]; + unsigned long b64_decoded_len = sizeof(pem); + if ((err = base64_sane_decode(pem, w, b64_decoded, &b64_decoded_len)) != CRYPT_OK) { + die(err); + } + print_hex("decoded", b64_decoded, b64_decoded_len); + + void *magic = strstr((const char*)b64_decoded, "openssh-key-v1"); + if (magic == NULL) DIE("magic not found"); + if (magic != b64_decoded) DIE("magic not at the beginning"); + struct ssh_decode_ctx dec_ctx; + dec_ctx.orig = b64_decoded; + dec_ctx.len = b64_decoded_len; + dec_ctx.rd = strlen("openssh-key-v1") + 1; + + ulong32 l = read_length_and_advance(1, &dec_ctx); + + const struct ssh_blockcipher *c = NULL; + for (size_t i = 0; i < sizeof(ssh_ciphers)/sizeof(ssh_ciphers[0]); ++i) { + if (memcmp(dec_ctx.cur, ssh_ciphers[i].name, l) == 0) { + c = &ssh_ciphers[i]; + break; + } + } + if (c == NULL) DIE("can't find cipher"); + dec_ctx.rd += l; + + l = read_length_and_advance(1, &dec_ctx); + + if (memcmp(dec_ctx.cur, "bcrypt", l) != 0) DIE("unsupported kdf"); + dec_ctx.rd += l; + + l = read_length_and_advance(1, &dec_ctx); + + unsigned char salt[32]; + unsigned long salt_len = read_length_and_advance(1, &dec_ctx); + + memcpy(salt, dec_ctx.cur, salt_len); + dec_ctx.rd += salt_len; + + ulong32 rounds = read_length_and_advance(0, &dec_ctx); + + ulong32 num_pubkeys = read_length_and_advance(1, &dec_ctx); + + l = read_length_and_advance(1, &dec_ctx); + l = read_length_and_advance(1, &dec_ctx); + if (memcmp(dec_ctx.cur, "ssh-ed25519", l) != 0) DIE("unsupported pka"); + dec_ctx.rd += l; + + unsigned char pubkey[32]; + unsigned long pubkey_len = read_length_and_advance(1, &dec_ctx); + + memcpy(pubkey, dec_ctx.cur, pubkey_len); + dec_ctx.rd += pubkey_len; + + l = read_length_and_advance(1, &dec_ctx); + + unsigned char decrypted_privkey[sizeof(pem)]; + unsigned long decrypted_privkey_len = sizeof(decrypted_privkey); + + int cipher = find_cipher(c->cipher); + + unsigned char symkey[128]; + unsigned long symkey_len = c->len + cipher_descriptor[cipher].block_length; + + if (sizeof(symkey) < symkey_len) DIE("too small"); + + if ((err = bcrypt("abc123", 6, salt, salt_len, rounds, find_hash("sha512"), symkey, &symkey_len)) != CRYPT_OK) { + die(err); + } + + symmetric_CBC cbc_ctx; + if ((err = cbc_start(cipher, symkey + c->len, symkey, c->len, 0, &cbc_ctx)) != CRYPT_OK) { + die(err); + } + if ((err = cbc_decrypt(dec_ctx.cur, decrypted_privkey, l, &cbc_ctx)) != CRYPT_OK) { + die(err); + } + decrypted_privkey_len = l; + print_hex("decrypted", decrypted_privkey, decrypted_privkey_len); + + dec_ctx.orig = decrypted_privkey; + dec_ctx.len = decrypted_privkey_len; + dec_ctx.rd = 0; + + ulong32 check1 = read_length_and_advance(0, &dec_ctx); + ulong32 check2 = read_length_and_advance(0, &dec_ctx); + + if (check1 != check2) DIE("decrypt failed"); + + l = read_length_and_advance(1, &dec_ctx); + if (memcmp(dec_ctx.cur, "ssh-ed25519", l) != 0) DIE("unsupported pka"); + dec_ctx.rd += l; + + l = read_length_and_advance(1, &dec_ctx); + if (memcmp(dec_ctx.cur, pubkey, l) != 0) DIE("pubkey's don't match"); + dec_ctx.rd += l; + + unsigned char privkey[64]; + unsigned long privkey_len = read_length_and_advance(1, &dec_ctx); + + memcpy(privkey, dec_ctx.cur, privkey_len); + + if (memcmp(&privkey[32], pubkey, 32) != 0) DIE("pubkey in privkey doesn't match"); + + curve25519_key k; + if ((err = ed25519_set_key(privkey, 32, &privkey[32], 32, &k)) != CRYPT_OK) { + die(err); + } + + return EXIT_SUCCESS; +} + +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/makefile_include.mk b/makefile_include.mk index 414302632..62a340bdd 100644 --- a/makefile_include.mk +++ b/makefile_include.mk @@ -174,10 +174,11 @@ USEABLE_DEMOS = ltcrypt sizes constants TEST_DEMOS = small tv_gen # Demos that are in one config broken -# aesgcm - can't be built with LTC_EASY -# openssl-enc - can't be built with LTC_EASY -# timing - not really broken, but older gcc builds spit warnings -BROKEN_DEMOS = aesgcm openssl-enc timing +# aesgcm - can't be built with LTC_EASY +# openssl-enc - can't be built with LTC_EASY +# openssh-privkey - can't be built with LTC_EASY +# timing - not really broken, but older gcc builds spit warnings +BROKEN_DEMOS = aesgcm openssl-enc openssh-privkey timing # Combine demos in groups UNBROKEN_DEMOS = $(TEST_DEMOS) $(USEABLE_DEMOS) $(USEFUL_DEMOS) From fec3d45adc00332c811a84f1a8d9b1fdaa303a3d Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 2 Oct 2019 01:47:18 +0200 Subject: [PATCH 02/51] add rsa-support Signed-off-by: Steffen Jaeckel --- demos/openssh-privkey.c | 359 ++++++++++++++++++++++++++++------------ 1 file changed, 250 insertions(+), 109 deletions(-) diff --git a/demos/openssh-privkey.c b/demos/openssh-privkey.c index b941ff3bf..7a0923a3f 100644 --- a/demos/openssh-privkey.c +++ b/demos/openssh-privkey.c @@ -12,8 +12,10 @@ OpenSSH Private Key decryption demo, Steffen Jaeckel */ +#define _GNU_SOURCE + #include -#include +#include #include static int verbose = 1; @@ -71,15 +73,34 @@ static void die_(int err, int line) } #define die(i) do { die_(i, __LINE__); } while(0) -#define DIE(s) do { print_err("%3d: " s "\n", __LINE__); exit(EXIT_FAILURE); } while(0) +#define DIE(s, ...) do { print_err("%3d: " s "\n", __LINE__, ##__VA_ARGS__); exit(EXIT_FAILURE); } while(0) + + +static void check_padding(unsigned char *p, unsigned long len) +{ + unsigned char pad = 0x1u; + while (len != 0) { + if (*p != pad) DIE("pad wrong 0x%02x != 0x%02x", *p, pad); + p++; + pad++; + len--; + } +} +typedef struct pka_key_ { + enum ltc_oid_id id; + union { + curve25519_key ed25519; + rsa_key rsa; + } u; +} pka_key; enum blockcipher_mode { none, cbc, ctr, stream, gcm }; struct ssh_blockcipher { const char *name; - const char *cipher; + const char *algo; int len; enum blockcipher_mode mode; }; @@ -89,29 +110,153 @@ struct ssh_blockcipher { */ const struct ssh_blockcipher ssh_ciphers[] = { + { "none", "", 0, none }, { "aes256-cbc", "aes", 256 / 8, cbc }, { 0 }, }; +struct ssh_kdf { + const char *name; +}; + +struct kdf_options { + struct ssh_blockcipher *cipher; + unsigned char salt[64]; + ulong32 saltlen; + ulong32 num_rounds; + const char *pass; + unsigned long passlen; +}; -struct ssh_decode_ctx { - unsigned char *orig; - size_t len, rd; - void *cur; +const struct ssh_kdf ssh_kdfs[] = +{ + { "bcrypt" }, + { "none" }, + { 0 }, }; -ulong32 read_length_and_advance(int is_length, struct ssh_decode_ctx *ctx) { - ulong32 r; - ctx->cur = &ctx->orig[ctx->rd]; +int ssh_decode_private_key(const unsigned char *in, unsigned long *inlen, pka_key *key) +{ + int err; + ulong32 check1, check2; + unsigned char pka[64], pubkey[2048], privkey[2048], comment[256]; + ulong32 pkalen = sizeof(pka), pubkeylen = sizeof(pubkey); + ulong32 privkeylen = sizeof(privkey), commentlen = sizeof(comment); + unsigned long remaining, cur_len; + unsigned char *p; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(inlen != NULL); + LTC_ARGCHK(key != NULL); + + p = in; + cur_len = *inlen; + + if ((err = ssh_decode_sequence_multi(p, &cur_len, + LTC_SSHDATA_UINT32, &check1, + LTC_SSHDATA_UINT32, &check2, + LTC_SSHDATA_STRING, pka, &pkalen, + LTC_SSHDATA_EOL)) != CRYPT_OK) { + die(err); + } + if (check1 != check2) DIE("decrypt failed"); + + p += cur_len; + remaining = *inlen - cur_len; + + if (XSTRCMP(pka, "ssh-ed25519") == 0) { + cur_len = remaining; + if ((err = ssh_decode_sequence_multi(p, &cur_len, + LTC_SSHDATA_STRING, pubkey, &pubkeylen, + LTC_SSHDATA_STRING, privkey, &privkeylen, + LTC_SSHDATA_EOL)) != CRYPT_OK) { + die(err); + } + + if ((err = ed25519_set_key(privkey, 32, &privkey[32], 32, &key->u.ed25519)) != CRYPT_OK) { + die(err); + } + + key->id = PKA_ED25519; + } else if (XSTRCMP(pka, "ssh-rsa") == 0) { + void *tmp1, *tmp2; + if ((err = mp_init_multi(&tmp1, &tmp2, NULL)) != CRYPT_OK) { + die(err); + } + if ((err = rsa_init(&key->u.rsa)) != CRYPT_OK) { + die(err); + } + + cur_len = remaining; + if ((err = ssh_decode_sequence_multi(p, &cur_len, + LTC_SSHDATA_MPINT, key->u.rsa.N, + LTC_SSHDATA_MPINT, key->u.rsa.e, + LTC_SSHDATA_MPINT, key->u.rsa.d, + LTC_SSHDATA_MPINT, key->u.rsa.qP, + LTC_SSHDATA_MPINT, key->u.rsa.q, + LTC_SSHDATA_MPINT, key->u.rsa.p, + LTC_SSHDATA_EOL)) != CRYPT_OK) { + die(err); + } + + if ((err = mp_sub_d(key->u.rsa.p, 1, tmp1)) != CRYPT_OK) { die(err); } /* tmp1 = q-1 */ + if ((err = mp_sub_d(key->u.rsa.q, 1, tmp2)) != CRYPT_OK) { die(err); } /* tmp2 = p-1 */ + if ((err = mp_mod( key->u.rsa.d, tmp1, key->u.rsa.dP)) != CRYPT_OK) { die(err); } /* dP = d mod p-1 */ + if ((err = mp_mod( key->u.rsa.d, tmp2, key->u.rsa.dQ)) != CRYPT_OK) { die(err); } /* dQ = d mod q-1 */ + + mp_clear_multi(tmp2, tmp1, NULL); + } else { + DIE("unsupported pka"); + } + p += cur_len; + remaining -= cur_len; + + cur_len = remaining; + if ((err = ssh_decode_sequence_multi(p, &cur_len, + LTC_SSHDATA_STRING, comment, &commentlen, + LTC_SSHDATA_EOL)) != CRYPT_OK) { + die(err); + } + + printf("comment: %s\n", comment); + + p += cur_len; + remaining -= cur_len; - LOAD32H(r, ctx->cur); - print_err("%u\n", r); - if (is_length && ctx->rd + r > ctx->len) DIE("too long"); - ctx->rd += 4; + check_padding(p, remaining); - ctx->cur = &ctx->orig[ctx->rd]; - if (is_length) print_hex("next", ctx->cur, r); - return r; + return err; +} + +int ssh_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struct kdf_options *opts) +{ + int err, cipher; + unsigned char symkey[128]; + unsigned long cur_len, symkey_len; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(inlen != NULL); + LTC_ARGCHK(opts != NULL); + + cipher = find_cipher(opts->cipher->algo); + symkey_len = opts->cipher->len + cipher_descriptor[cipher].block_length; + + if (sizeof(symkey) < symkey_len) DIE("too small"); + + if ((err = bcrypt_pbkdf_openbsd(opts->pass, opts->passlen, opts->salt, opts->saltlen, opts->num_rounds, find_hash("sha512"), symkey, &symkey_len)) != CRYPT_OK) { + die(err); + } + + symmetric_CBC cbc_ctx; + if ((err = cbc_start(cipher, symkey + opts->cipher->len, symkey, opts->cipher->len, 0, &cbc_ctx)) != CRYPT_OK) { + die(err); + } + if ((err = cbc_decrypt(in, in, *inlen, &cbc_ctx)) != CRYPT_OK) { + die(err); + } + print_hex("decrypted", in, *inlen); + + return err; } /* The basic format of the key is described here: @@ -120,8 +265,6 @@ ulong32 read_length_and_advance(int is_length, struct ssh_decode_ctx *ctx) { int main(int argc, char **argv) { - if (argc < 2) return EXIT_FAILURE; - int err; if ((err = register_all_ciphers()) != CRYPT_OK) { die(err); @@ -129,30 +272,41 @@ int main(int argc, char **argv) if ((err = register_all_hashes()) != CRYPT_OK) { die(err); } + if ((err = crypt_mp_init("ltm")) != CRYPT_OK) { + die(err); + } char pem[100 * 72]; size_t w = 0; - const char *b64_start = "-----BEGIN OPENSSH PRIVATE KEY-----"; - const char *b64_end = "-----END OPENSSH PRIVATE KEY-----"; + const char *openssh_privkey_start = "-----BEGIN OPENSSH PRIVATE KEY-----"; + const char *openssh_privkey_end = "-----END OPENSSH PRIVATE KEY-----"; char buf[72]; - FILE *f = fopen(argv[1], "r"); + FILE *f = NULL; + + if (argc > 1) f = fopen(argv[1], "r"); + else f = stdin; if (f == NULL) DIE("fopen sez no"); + while (fgets(buf, sizeof(buf), f)) { - const char *start = strstr(buf, b64_start); - if (start == buf) break; + const char *start = strstr(buf, openssh_privkey_start); + if (start != NULL) { + start += strlen(openssh_privkey_start); + size_t l = strlcpy(pem + w, start, sizeof(pem) - w); + w += l; + break; + } } while (fgets(buf, sizeof(buf), f)) { - char *end = strstr(buf, b64_end); - if (end != NULL) { - if (end == buf) break; - *end = '\0'; - } size_t l = strlcpy(pem + w, buf, sizeof(pem) - w); if (l == 0) { DIE("strlcpy sez no"); } w += l; } + char *end = strstr(pem, openssh_privkey_end); + if (end == NULL) DIE("could not find PEM end-tag"); + *end = '\0'; + w = end - pem; unsigned char b64_decoded[sizeof(pem)]; unsigned long b64_decoded_len = sizeof(pem); @@ -164,103 +318,90 @@ int main(int argc, char **argv) void *magic = strstr((const char*)b64_decoded, "openssh-key-v1"); if (magic == NULL) DIE("magic not found"); if (magic != b64_decoded) DIE("magic not at the beginning"); - struct ssh_decode_ctx dec_ctx; - dec_ctx.orig = b64_decoded; - dec_ctx.len = b64_decoded_len; - dec_ctx.rd = strlen("openssh-key-v1") + 1; - ulong32 l = read_length_and_advance(1, &dec_ctx); + size_t nlen = strlen("openssh-key-v1"); + unsigned char *start = &b64_decoded[nlen + 1]; + unsigned long tot_len = b64_decoded_len - nlen - 1; + + unsigned char ciphername[64]; + ulong32 ciphernamelen = sizeof(ciphername); + unsigned char kdfname[64]; + ulong32 kdfnamelen = sizeof(kdfname); + unsigned char kdfoptions[128]; + ulong32 kdfoptionslen = sizeof(kdfoptions); + ulong32 num_keys; + unsigned char pubkey1[2048]; + ulong32 pubkey1len = sizeof(pubkey1); + + unsigned long cur_len = tot_len; + + if ((err = ssh_decode_sequence_multi(start, &cur_len, + LTC_SSHDATA_STRING, ciphername, &ciphernamelen, + LTC_SSHDATA_STRING, kdfname, &kdfnamelen, + LTC_SSHDATA_STRING, kdfoptions, &kdfoptionslen, + LTC_SSHDATA_UINT32, &num_keys, + LTC_SSHDATA_STRING, pubkey1, &pubkey1len, + LTC_SSHDATA_EOL)) != CRYPT_OK) { + die(err); + } + if (num_keys != 1) DIE("more than 1 pubkey not supported"); + + print_hex("public key", pubkey1, pubkey1len); + + start += cur_len; + tot_len -= cur_len; + cur_len = tot_len; const struct ssh_blockcipher *c = NULL; for (size_t i = 0; i < sizeof(ssh_ciphers)/sizeof(ssh_ciphers[0]); ++i) { - if (memcmp(dec_ctx.cur, ssh_ciphers[i].name, l) == 0) { + nlen = strlen(ssh_ciphers[i].name); + if ((nlen == ciphernamelen) && (XMEMCMP(ciphername, ssh_ciphers[i].name, nlen) == 0)) { c = &ssh_ciphers[i]; break; } } - if (c == NULL) DIE("can't find cipher"); - dec_ctx.rd += l; - - l = read_length_and_advance(1, &dec_ctx); - - if (memcmp(dec_ctx.cur, "bcrypt", l) != 0) DIE("unsupported kdf"); - dec_ctx.rd += l; - - l = read_length_and_advance(1, &dec_ctx); - - unsigned char salt[32]; - unsigned long salt_len = read_length_and_advance(1, &dec_ctx); - - memcpy(salt, dec_ctx.cur, salt_len); - dec_ctx.rd += salt_len; - - ulong32 rounds = read_length_and_advance(0, &dec_ctx); - - ulong32 num_pubkeys = read_length_and_advance(1, &dec_ctx); + if (c == NULL) DIE("can't find algo"); - l = read_length_and_advance(1, &dec_ctx); - l = read_length_and_advance(1, &dec_ctx); - if (memcmp(dec_ctx.cur, "ssh-ed25519", l) != 0) DIE("unsupported pka"); - dec_ctx.rd += l; + struct kdf_options opts; + opts.saltlen = sizeof(opts.salt); + opts.cipher = c; + opts.pass = "abc123"; + opts.passlen = 6; - unsigned char pubkey[32]; - unsigned long pubkey_len = read_length_and_advance(1, &dec_ctx); + unsigned char privkey[sizeof(pem)]; + ulong32 privkey_len = sizeof(privkey); - memcpy(pubkey, dec_ctx.cur, pubkey_len); - dec_ctx.rd += pubkey_len; - - l = read_length_and_advance(1, &dec_ctx); - - unsigned char decrypted_privkey[sizeof(pem)]; - unsigned long decrypted_privkey_len = sizeof(decrypted_privkey); - - int cipher = find_cipher(c->cipher); - - unsigned char symkey[128]; - unsigned long symkey_len = c->len + cipher_descriptor[cipher].block_length; - - if (sizeof(symkey) < symkey_len) DIE("too small"); - - if ((err = bcrypt("abc123", 6, salt, salt_len, rounds, find_hash("sha512"), symkey, &symkey_len)) != CRYPT_OK) { + cur_len = tot_len; + if ((err = ssh_decode_sequence_multi(start, &cur_len, + LTC_SSHDATA_STRING, privkey, &privkey_len, + LTC_SSHDATA_EOL)) != CRYPT_OK) { die(err); } - symmetric_CBC cbc_ctx; - if ((err = cbc_start(cipher, symkey + c->len, symkey, c->len, 0, &cbc_ctx)) != CRYPT_OK) { - die(err); - } - if ((err = cbc_decrypt(dec_ctx.cur, decrypted_privkey, l, &cbc_ctx)) != CRYPT_OK) { - die(err); - } - decrypted_privkey_len = l; - print_hex("decrypted", decrypted_privkey, decrypted_privkey_len); - - dec_ctx.orig = decrypted_privkey; - dec_ctx.len = decrypted_privkey_len; - dec_ctx.rd = 0; - - ulong32 check1 = read_length_and_advance(0, &dec_ctx); - ulong32 check2 = read_length_and_advance(0, &dec_ctx); - - if (check1 != check2) DIE("decrypt failed"); - - l = read_length_and_advance(1, &dec_ctx); - if (memcmp(dec_ctx.cur, "ssh-ed25519", l) != 0) DIE("unsupported pka"); - dec_ctx.rd += l; - - l = read_length_and_advance(1, &dec_ctx); - if (memcmp(dec_ctx.cur, pubkey, l) != 0) DIE("pubkey's don't match"); - dec_ctx.rd += l; - - unsigned char privkey[64]; - unsigned long privkey_len = read_length_and_advance(1, &dec_ctx); + if (XSTRCMP(kdfname, "none") == 0) { + /* NOP */ + } else if (XSTRCMP(kdfname, "bcrypt") == 0) { + cur_len = kdfoptionslen; + if ((err = ssh_decode_sequence_multi(kdfoptions, &cur_len, + LTC_SSHDATA_STRING, opts.salt, &opts.saltlen, + LTC_SSHDATA_UINT32, &opts.num_rounds, + LTC_SSHDATA_EOL)) != CRYPT_OK) { + die(err); + } + if (cur_len != kdfoptionslen) DIE("unused data %lu", kdfoptionslen-cur_len); - memcpy(privkey, dec_ctx.cur, privkey_len); + cur_len = privkey_len; + if ((err = ssh_decrypt_private_keys(privkey, &cur_len, &opts)) != CRYPT_OK) { + die(err); + } + } else { + DIE("unsupported kdf %s", kdfname); + } - if (memcmp(&privkey[32], pubkey, 32) != 0) DIE("pubkey in privkey doesn't match"); + pka_key k; - curve25519_key k; - if ((err = ed25519_set_key(privkey, 32, &privkey[32], 32, &k)) != CRYPT_OK) { + cur_len = privkey_len; + if ((err = ssh_decode_private_key(privkey, &cur_len, &k)) != CRYPT_OK) { die(err); } From 2ff20d7966f44444357dc598cae341c225a9ef8d Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 2 Oct 2019 12:42:49 +0200 Subject: [PATCH 03/51] add ecdsa key support Signed-off-by: Steffen Jaeckel --- demos/openssh-privkey.c | 171 +++++++++++++++++++++++++++++----------- 1 file changed, 127 insertions(+), 44 deletions(-) diff --git a/demos/openssh-privkey.c b/demos/openssh-privkey.c index 7a0923a3f..dec65cf4a 100644 --- a/demos/openssh-privkey.c +++ b/demos/openssh-privkey.c @@ -18,7 +18,7 @@ #include #include -static int verbose = 1; +static int verbose = 0; static void print_hex(const char* what, const void* v, const unsigned long l) { @@ -68,12 +68,13 @@ static void print_err(const char *fmt, ...) static void die_(int err, int line) { + verbose = 1; print_err("%3d: LTC sez %s\n", line, error_to_string(err)); exit(EXIT_FAILURE); } #define die(i) do { die_(i, __LINE__); } while(0) -#define DIE(s, ...) do { print_err("%3d: " s "\n", __LINE__, ##__VA_ARGS__); exit(EXIT_FAILURE); } while(0) +#define DIE(s, ...) do { verbose = 1; print_err("%3d: " s "\n", __LINE__, ##__VA_ARGS__); exit(EXIT_FAILURE); } while(0) static void check_padding(unsigned char *p, unsigned long len) @@ -91,6 +92,7 @@ typedef struct pka_key_ { enum ltc_oid_id id; union { curve25519_key ed25519; + ecc_key ecdsa; rsa_key rsa; } u; } pka_key; @@ -135,6 +137,115 @@ const struct ssh_kdf ssh_kdfs[] = { 0 }, }; +int ssh_find_init_ecc(const char *pka, pka_key *key) +{ + int err; + const char* prefix = "ecdsa-sha2-"; + size_t prefixlen = strlen(prefix); + const ltc_ecc_curve *cu; + if (strstr(pka, prefix) == NULL) return CRYPT_PK_INVALID_TYPE; + if ((err = ecc_find_curve(pka + prefixlen, &cu)) != CRYPT_OK) return err; + return ecc_set_curve(cu, &key->u.ecdsa); +} + +int ssh_decode_ecdsa(const unsigned char *in, unsigned long *inlen, pka_key *key) +{ + int err; + unsigned char groupname[64], group[512], privkey[512]; + ulong32 groupnamelen = sizeof(groupname), grouplen = sizeof(group), privkeylen = sizeof(privkey); + + if ((err = ssh_decode_sequence_multi(in, inlen, + LTC_SSHDATA_STRING, group, &groupnamelen, + LTC_SSHDATA_STRING, group, &grouplen, + LTC_SSHDATA_STRING, privkey, &privkeylen, + LTC_SSHDATA_EOL)) != CRYPT_OK) { + die(err); + } + + if ((err = ecc_set_key(privkey, privkeylen, PK_PRIVATE, &key->u.ecdsa)) != CRYPT_OK) { + die(err); + } + + key->id = PKA_EC; + + zeromem(groupname, sizeof(groupname)); + zeromem(group, sizeof(group)); + zeromem(privkey, sizeof(privkey)); + + return err; +} + +int ssh_decode_ed25519(const unsigned char *in, unsigned long *inlen, pka_key *key) +{ + int err; + unsigned char pubkey[2048], privkey[2048]; + ulong32 pubkeylen = sizeof(pubkey), privkeylen = sizeof(privkey); + + if ((err = ssh_decode_sequence_multi(in, inlen, + LTC_SSHDATA_STRING, pubkey, &pubkeylen, + LTC_SSHDATA_STRING, privkey, &privkeylen, + LTC_SSHDATA_EOL)) != CRYPT_OK) { + die(err); + } + + if ((err = ed25519_set_key(privkey, 32, &privkey[32], 32, &key->u.ed25519)) != CRYPT_OK) { + die(err); + } + + key->id = PKA_ED25519; + + zeromem(pubkey, sizeof(pubkey)); + zeromem(privkey, sizeof(privkey)); + + return err; +} + +int ssh_decode_rsa(const unsigned char *in, unsigned long *inlen, pka_key *key) +{ + int err; + void *tmp1, *tmp2; + if ((err = mp_init_multi(&tmp1, &tmp2, NULL)) != CRYPT_OK) { + die(err); + } + if ((err = rsa_init(&key->u.rsa)) != CRYPT_OK) { + die(err); + } + + if ((err = ssh_decode_sequence_multi(in, inlen, + LTC_SSHDATA_MPINT, key->u.rsa.N, + LTC_SSHDATA_MPINT, key->u.rsa.e, + LTC_SSHDATA_MPINT, key->u.rsa.d, + LTC_SSHDATA_MPINT, key->u.rsa.qP, + LTC_SSHDATA_MPINT, key->u.rsa.q, + LTC_SSHDATA_MPINT, key->u.rsa.p, + LTC_SSHDATA_EOL)) != CRYPT_OK) { + die(err); + } + + if ((err = mp_sub_d(key->u.rsa.p, 1, tmp1)) != CRYPT_OK) { die(err); } /* tmp1 = q-1 */ + if ((err = mp_sub_d(key->u.rsa.q, 1, tmp2)) != CRYPT_OK) { die(err); } /* tmp2 = p-1 */ + if ((err = mp_mod( key->u.rsa.d, tmp1, key->u.rsa.dP)) != CRYPT_OK) { die(err); } /* dP = d mod p-1 */ + if ((err = mp_mod( key->u.rsa.d, tmp2, key->u.rsa.dQ)) != CRYPT_OK) { die(err); } /* dQ = d mod q-1 */ + + key->id = PKA_RSA; + + mp_clear_multi(tmp2, tmp1, NULL); + + return err; +} + +struct ssh_pka { + const char *name; + int (*init)(const char*, pka_key*); + int (*decode)(const unsigned char*, unsigned long*, pka_key*); +}; + +struct ssh_pka ssh_pkas[] = { + { "ssh-ed25519", NULL, ssh_decode_ed25519 }, + { "ssh-rsa", NULL, ssh_decode_rsa }, + { NULL, ssh_find_init_ecc, ssh_decode_ecdsa }, +}; + int ssh_decode_private_key(const unsigned char *in, unsigned long *inlen, pka_key *key) { int err; @@ -143,7 +254,8 @@ int ssh_decode_private_key(const unsigned char *in, unsigned long *inlen, pka_ke ulong32 pkalen = sizeof(pka), pubkeylen = sizeof(pubkey); ulong32 privkeylen = sizeof(privkey), commentlen = sizeof(comment); unsigned long remaining, cur_len; - unsigned char *p; + const unsigned char *p; + size_t n; LTC_ARGCHK(in != NULL); LTC_ARGCHK(inlen != NULL); @@ -163,55 +275,26 @@ int ssh_decode_private_key(const unsigned char *in, unsigned long *inlen, pka_ke p += cur_len; remaining = *inlen - cur_len; + cur_len = remaining; - if (XSTRCMP(pka, "ssh-ed25519") == 0) { - cur_len = remaining; - if ((err = ssh_decode_sequence_multi(p, &cur_len, - LTC_SSHDATA_STRING, pubkey, &pubkeylen, - LTC_SSHDATA_STRING, privkey, &privkeylen, - LTC_SSHDATA_EOL)) != CRYPT_OK) { - die(err); - } - - if ((err = ed25519_set_key(privkey, 32, &privkey[32], 32, &key->u.ed25519)) != CRYPT_OK) { - die(err); - } - - key->id = PKA_ED25519; - } else if (XSTRCMP(pka, "ssh-rsa") == 0) { - void *tmp1, *tmp2; - if ((err = mp_init_multi(&tmp1, &tmp2, NULL)) != CRYPT_OK) { - die(err); - } - if ((err = rsa_init(&key->u.rsa)) != CRYPT_OK) { - die(err); + for (n = 0; n < sizeof(ssh_pkas)/sizeof(ssh_pkas[0]); ++n) { + if (ssh_pkas[n].name != NULL) { + if (XSTRCMP(pka, ssh_pkas[n].name) != 0) continue; + } else { + if ((ssh_pkas[n].init == NULL) || + (ssh_pkas[n].init((char*)pka, key) != CRYPT_OK)) continue; } - - cur_len = remaining; - if ((err = ssh_decode_sequence_multi(p, &cur_len, - LTC_SSHDATA_MPINT, key->u.rsa.N, - LTC_SSHDATA_MPINT, key->u.rsa.e, - LTC_SSHDATA_MPINT, key->u.rsa.d, - LTC_SSHDATA_MPINT, key->u.rsa.qP, - LTC_SSHDATA_MPINT, key->u.rsa.q, - LTC_SSHDATA_MPINT, key->u.rsa.p, - LTC_SSHDATA_EOL)) != CRYPT_OK) { + if ((err = ssh_pkas[n].decode(p, &cur_len, key)) != CRYPT_OK) { die(err); } - - if ((err = mp_sub_d(key->u.rsa.p, 1, tmp1)) != CRYPT_OK) { die(err); } /* tmp1 = q-1 */ - if ((err = mp_sub_d(key->u.rsa.q, 1, tmp2)) != CRYPT_OK) { die(err); } /* tmp2 = p-1 */ - if ((err = mp_mod( key->u.rsa.d, tmp1, key->u.rsa.dP)) != CRYPT_OK) { die(err); } /* dP = d mod p-1 */ - if ((err = mp_mod( key->u.rsa.d, tmp2, key->u.rsa.dQ)) != CRYPT_OK) { die(err); } /* dQ = d mod q-1 */ - - mp_clear_multi(tmp2, tmp1, NULL); - } else { - DIE("unsupported pka"); + break; } + if (n == sizeof(ssh_pkas)/sizeof(ssh_pkas[0])) DIE("unsupported pka %s", pka); + p += cur_len; remaining -= cur_len; - cur_len = remaining; + if ((err = ssh_decode_sequence_multi(p, &cur_len, LTC_SSHDATA_STRING, comment, &commentlen, LTC_SSHDATA_EOL)) != CRYPT_OK) { From e0046fbd7e33afea19d4537f61b3138f1d01b2fa Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 2 Oct 2019 12:44:05 +0200 Subject: [PATCH 04/51] add ssh private testkeys Signed-off-by: Steffen Jaeckel --- tests/ssh/ssh-testkey-ecdsa-521 | 13 ++++ tests/ssh/ssh-testkey-ecdsa-521-plain | 12 ++++ tests/ssh/ssh-testkey-ed25519 | 8 +++ tests/ssh/ssh-testkey-ed25519-plain | 7 ++ tests/ssh/ssh-testkey-rsa | 28 ++++++++ tests/ssh/ssh-testkey-rsa-8192 | 94 +++++++++++++++++++++++++++ tests/ssh/ssh-testkey-rsa-8192-plain | 93 ++++++++++++++++++++++++++ tests/ssh/ssh-testkey-rsa-plain | 27 ++++++++ 8 files changed, 282 insertions(+) create mode 100644 tests/ssh/ssh-testkey-ecdsa-521 create mode 100644 tests/ssh/ssh-testkey-ecdsa-521-plain create mode 100644 tests/ssh/ssh-testkey-ed25519 create mode 100644 tests/ssh/ssh-testkey-ed25519-plain create mode 100644 tests/ssh/ssh-testkey-rsa create mode 100644 tests/ssh/ssh-testkey-rsa-8192 create mode 100644 tests/ssh/ssh-testkey-rsa-8192-plain create mode 100644 tests/ssh/ssh-testkey-rsa-plain diff --git a/tests/ssh/ssh-testkey-ecdsa-521 b/tests/ssh/ssh-testkey-ecdsa-521 new file mode 100644 index 000000000..838dc7e6a --- /dev/null +++ b/tests/ssh/ssh-testkey-ecdsa-521 @@ -0,0 +1,13 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABDPkTaUCD +8+sCQ1AWJVXCBTAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz +dHA1MjEAAACFBAAn3wQoJ/ZfNuF2xsfUh8kIZ+UXjzW1vOgTqMA6bpLYN6sVccJTFII4zO +RSM+gEFymy/P4INPTcwTc0B4zjpwzcmABsNnUTf/N6DZBmcFbM0zTuZij4Ck/rXRfrVfMI +kr2oVcvqj1lKZcfKwHwK1dTHy9xHveKB4LkPl7i/VrWNDbYxOQAAARC7v80llW0VqWeSp3 +VgKXZtdSXD1XW+NDYmmbwR5cBhqqnniBUqXb+hlPc/jFo/Cb3IaLzumY8C8X4+cjQZa7i4 +os69nB/mc1FpfQLmu/7nW16mN/a14VMrZS3Ub6eO4DUYxfuSgLZ6vgBc5CKpH609Z4cpnv +lONyI3dhwq+29ruFFrccerzMoYRBLDGis2MH/U+AJEABQlwNeMp3DCY1+yAKNjz6dmzyP0 +mzkUhlTgqXCrh5lGdImK5crb+A+8QJIGkZtXz+N7rhJxKqBudMyIWls9bS7eCTkoazM9IB +3tBZvpCl2msrGxemTaeUeFWoZjlALOXgKQKN7pBMJfyTLF5Q33GDU5ZFVtyq/V0kBsFg== + +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/ssh-testkey-ecdsa-521-plain b/tests/ssh/ssh-testkey-ecdsa-521-plain new file mode 100644 index 000000000..e404925f1 --- /dev/null +++ b/tests/ssh/ssh-testkey-ecdsa-521-plain @@ -0,0 +1,12 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAArAAAABNlY2RzYS +1zaGEyLW5pc3RwNTIxAAAACG5pc3RwNTIxAAAAhQQAk8/IJIoDcA9yeNTV52Em3IE+4e1G +nS8BHsmAbH48ESjQljooUWSl5ZER9zzr88nR8Sd/rpQNf3wtKvD7xqok8F8A+vp9pv8jd1 +RodyVHeLKjGkL6uNki3a8fvotA1hPBjEQa/19WaSmNk3CBdsBpqltXwYgQxZn3CwS51BPo +KsAj8bMAAAEQ5btEZ+W7RGcAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQ +AAAIUEAJPPyCSKA3APcnjU1edhJtyBPuHtRp0vAR7JgGx+PBEo0JY6KFFkpeWREfc86/PJ +0fEnf66UDX98LSrw+8aqJPBfAPr6fab/I3dUaHclR3iyoxpC+rjZIt2vH76LQNYTwYxEGv +9fVmkpjZNwgXbAaapbV8GIEMWZ9wsEudQT6CrAI/GzAAAAQgCRG0oaSe873pTZZRVmTaJm +1275E/qlCjN0eddd8osii6BPTICINvKU5C74bMkdR69NNxpWOxWfj3WE9grM6cVA1AAAAA +tsaWJ0b21jcnlwdAECAwQFBgc= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/ssh-testkey-ed25519 b/tests/ssh/ssh-testkey-ed25519 new file mode 100644 index 000000000..a9e02119f --- /dev/null +++ b/tests/ssh/ssh-testkey-ed25519 @@ -0,0 +1,8 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABAMGtBgdw +V5lwgRRqXm8vD/AAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAINmcW0NUcZtRAxOC +p99u1X65FTEP4rIyj6mp6NUxGXZuAAAAkKYfVXz5BP6ZUThjdsyEBPoeXTpKYD98yt28Ab +9kk3hSwgfK/7BWp4+Q9A6YK477kBfn8GRvfb9zHL2e/Td5Kx/hzrhjPWzfzGwaChDegWWv +yygQgdBV4ye7o7ir9KJpsqLxNQzKcy8DydcAJgVGkopFAhR77HuDTPymPFv7o+lyLIh7/v +wxHkZDd4TvKXzpGw== +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/ssh-testkey-ed25519-plain b/tests/ssh/ssh-testkey-ed25519-plain new file mode 100644 index 000000000..cec8acd9d --- /dev/null +++ b/tests/ssh/ssh-testkey-ed25519-plain @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACCgWG/eiYfhjT1VUcm+IEEsJPvkfPVQG4Pj1P5z8iwYGwAAAJCLGRhrixkY +awAAAAtzc2gtZWQyNTUxOQAAACCgWG/eiYfhjT1VUcm+IEEsJPvkfPVQG4Pj1P5z8iwYGw +AAAEARECjst66ZUM0FBOHx7Kjf4kqAvQupHtxkMhs02jNeHqBYb96Jh+GNPVVRyb4gQSwk +++R89VAbg+PU/nPyLBgbAAAAC2xpYnRvbWNyeXB0AQI= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/ssh-testkey-rsa b/tests/ssh/ssh-testkey-rsa new file mode 100644 index 000000000..e4edbb6bf --- /dev/null +++ b/tests/ssh/ssh-testkey-rsa @@ -0,0 +1,28 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABDFUUlb4r +0fS2eJ9gjh6F7ZAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQCmZaJtNXja +0l6Z7uE7htLM2Zt0vPHfskpu5WIRVVf+9zdfHEAdXjVIT4wVsbNggxDoWbNJWqBWeqCHhF +ZjMqmjvVhIFpiLqCgcaT3+ulPP2DLE7zkfqntvSYvV6BCCB3aYxfQnpm+WuX5z0NNF5xQk +IcrVHtB7gfLWYY1Ec5dQuWJIMwGnrd88zBfIiEkZGse10a3v4WSy4TPYQbopJ6AURqTS+B +n1/3ImeoMEL4bGP6Jq5mmMjgbc5JKRdDYNuMV+rcGuwppCWNQzZ8DGxalcFgdzKT/ZUrNh +oG65BxQKL9yP+Jp4n/RDXx/HXSpaSWIk4sU/zhD+dSqjTAi13qv1AAAD0Ma4eNxWrYu151 +H7ydn+uxN42VtDTLZEWFMLFLHyoj4ohyxSs5GrAAIRoD2iZHqit+Y8DYAGEhYOlwRSCuSi +z1j2JhYKq1QIcrw4rPj/FwkOYa9A/kcVUcWEoUBK0pAJZYXwo7UMeoO0YnCPWbn6sgQL1S +rxKM13s6M3HVz3jIaM4e7541TIGonR/5akn0pMNYeF/M5sZmLZI7ESNRRCw7AxNmMew9xy +RhhFs+XW81tb2c9gVs7Q9NARsY5OUPeABoq2LYWrjRlhTFhMwGEJITuWNtoll9GetdjZSy +95eNKLCazQwbvw4k2LWfMrJ4GakHV7MyrrZ/EeEi88eOII16MHYhmrMSPUkwXarGDLNkJl +pWAeA7T1L+R2BMRYf2tNT1201eKtG7SpUx2yqvA6gQGEBOAl5lRnQi3yRbhJgRHNu/7SaJ +s1xEw8Ok7kCcgJDeDZwoi1wc2F21jtYi0fj9kQaGeNGgE1/LE+pwTR+c4sIcK19IQZnx45 +HV/SBsbE5hN6Et5ubvkQzqfOnchYaUq2yUA4WHm1kT7eqE3Qzn6AH4IX2RgjCQIU7Hbg3n +0Gz31TYHEDfRdWbfr+RRXBMl6AYQ4P5ONH/0wNcC9bRkwcebaOlQszS6SnwpGqSOKprLww +y1nY8kCegoNhWvRfLU5XTcJ3AXikqVQtRUno6E7Rs5UfXP0Pz9hUUQywjvDAAGwJxHwzir +UNNowV35dWF75OHK5yiEl389qz17TA/s5ZmJrDSO0nZ83NqpyhUwi96Bv5yx4lAbmKUR3k +5l7o7PYp3GOl2nbk74U+R4g34aw14oIWDwmBD9tTisz95Eqv+6sNvxnNbOec4fRoqKBlen +1EQlKZxqgpxDOXRT9FHE6AIUqUxEyTsm5rIAg2WAnEVbEu81xliKm6pMN5v9Dkx6Hd/SRl +C2WLLY6WoS299QoEZwWGGI0Kt1jg0R2YL04fBwjwmf01XjlOcABBvK+SwTtqLtaU+AJOHN +Q5era02uih7b19QERjodOpkhiCz3Mq4CSgIkEJ0DrvP0yZZG2qQq2rh/Ha2z7Mtu8TR38g +mPbUMwbITiWBNvFlEKEM17oBixE4XTfJ4KwUgkjb/6REwh0nH6FXJeLMEhw1KChEuodwk/ +tXYrds+VleQsUy3o3+DPa4S0VeAaPCgg/UFST/pLp5Bo8IfL/Ka2udcaQo9lXj9do3wb6k +D6BpIsfBgmypZgd8Wms+HzKZDhK5MmODvI4EO+vWNTwZtXiMxFViywj/MHezMXOD1k7euf +b3OCjesmNXSqByr0tze5QvUxVlPEQ= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/ssh-testkey-rsa-8192 b/tests/ssh/ssh-testkey-rsa-8192 new file mode 100644 index 000000000..245ed5517 --- /dev/null +++ b/tests/ssh/ssh-testkey-rsa-8192 @@ -0,0 +1,94 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABCHAkaobc +xwD5tun8ONijynAAAAEAAAAAEAAAQXAAAAB3NzaC1yc2EAAAADAQABAAAEAQDHbsr1aosX +g7rGuFdUNDfChiGdQ11hJcCJIS3VB2ng4YFClK9a//pehFaorht+qTyJnvbmp0Xh+B3IUC +UNLxuNB5LcF7ODO2fgEQd82/LjWFKoDqE2TjIRvxWhMUGKUB74TqDUSQrJKJDnr8hD04Wp +QSY6Nl8KYlxEeXGnbt+F8UikyygNdNK5x8JxBk2dqsps1XrCZKex66rTe+tS/7xju3C8fE +qWzhPcnKWNoLT3Bjnzzh/zXqQn9kWE+JZqdz63mVHeQNgt2E5bYXylqR/IjBZXtnXWNDSA +tS41mmhGvmipEyoRUI136ajmrQSv/LoUcmRfcqLQvQqUshtMLdDR7/BLAnKVHPlkhrwX7x +b1f71Zqd7QnWN4lk1AfoZmqUjw2O3cCfM0DRGz+xjHnKM4z6hyGSQMrTdLYwY0hUjUO1gw +tQgYw5neJGHWf/3uFheuJbwAQOMiOFKpqS/+lnyBLsB5GoaHhGWitiuXzvgMw0e87RbQGW +JAZyHxdHRsGo+pllrpOH9qlXF0aSFO31baE9VXAD950C/HguIe6OXxRXFxV02iltjB47/3 +HawTrAiZSNYgkeitWEk4oOopYQnwIa41Z0/4eDhahpwY+YlkNj7X3SFpmAHSMreDkI5zIC +jHVPJ7zqXjO2cRFJxnl68n3JSNKgRFqsUOgiKYlU4VJUt8T0AYuVLdVBxQbE+gtMv23Cpm +4+JyMq+FvT6WMaPvjCKSBZG8dcGLjjA4x+4GitLoEkvUlgcgptPsgzXvTjCE7AK959IvkE +U1X81UscbZyuRw4HgsD/lveoZejvrLFchUetSeQ6PjAowl1zAmR5NJog/EolCy65cM9/RF +QYVUN1/gdRrXs3BhX7AP4M+kRcAbL9YonRq9ORT66QucnbDYSI0H4/S8GHkeyz4MHSGK7m +ER9d++vgLV40mPuzIwgWfon4DzyzeYYSUCFj2pD+uz5yK4V+RWVZI7raGpCp5QEYOOy8Uq +8GnjHBGBfYH4PpFxE2L3rt9YvR2cB3iVMbbq5rwVVEmCS0qdVkxofdR3hB/uJUqLfLEvVY +FzZ6rB1n9RxrFo4pU2A+JhNC0c7NQWHa9ZhprFBDD0TnIzNFEgQ6IijCrH7jIxWORc09wo +RuKVdf+bxNfPUFQ+RmCZFUma/a8rLAu6Kjx7txGLeHWNJrsVeEygjAhgHDVWtIRM/mO1Xq +/RXSrjdhbgfXr4QiEQbEyBBPzfTEn7IlXEp/errtCVbf6HZXtLm+aID2seNC6Zt1pwgZc4 +M/KpQGORe1jotZandtH4kK0mbq0kkO0WBwTB8ERDha/r0lP3q/0T14Y7AFPxyIIuN0M/jU +I/lx+kB808zwyXRU+bVEVIVzgzAAAOUEDzTAJR6VcHo4NBLbYf+duKxK0cs8BUfX60jOzW +Qtgp/CWVl4U4/mdLnambxR8id3BYziFXbt1OrkjRG/Jy33vXwooBJlDgdZfgXuNzMYv1bq +RHbckdcBO+DnBmIA0bqYJNjSx7AJQgNRGK565aadDZUCr84MXGjd8zrQWLvRmAaFuj2pHj +GGnmTIHGo54FvZBPDd6ls9BNvj818UAzZ0JEXl3ayM7jFAs00LS6JKV/Pk6xSo0L9XOLTC +NIAlTngFJHAo1lCiMg/Horv6v3HfD//B013o3ltD/Xw5Tm0A1Zxqvtu3SHsAFaO/iWAmuO +u/zNlcPuZNxhOHJccKiTtWXdMfnGNpoRcBn8puQ0FDHKDBeI19laFeT6cLwcq0n1ihrUX6 +psRsY668I5NA4GyeQ+eLiU6a9KgpWZDbd0f54azAeW8T1DW9K6xnqk38Jn94HjHp7QPcwS +MqbezpcmQZqJZkLUAqcqdsnJytWTGPqjJ5+S1nXSHp5d72pR1udgxa/S90t9f6HHPiX7MM +u3WKJZesYt7rTfeX5MxJ0ylnA1A0SJSoETUShFgQM5BG9PFys5ZiwnFIwgeal56ym6bClc +tWXZSb08gaH1Vw67I0IO2DeOepQaSCbJnGU/+jJpBac9iRYnKheI7Zb+nQdrHKUts+fALd +V3mxLXcMne/wVYjAKQItZVqMiTlPYzkROL54HFW0Qx4Kd1zGWZo30VoxMdNKRONjmXRdzH +4WmPyF/uMBKL6PoST1JCU+BZTbGLopz643uMtEyQDYAGAFW86Lg59ZuAnN6nR5/ZtHj4/o +myKcpctFgHOL6EyreIh7jxM3/1TxLfpoO7JJSaC98Amzo8/r7rkHOxXyoXeZnqWb1kKvqj +Ax/7dBEGSU3sYF+JGCBq5T7r73ihcPznPOJggSavGoV8K/gGsJTnNi6OiIrByuAgzFsRu3 +6+9Cew3mLmb6TIwXlG8qTR7NTrQn23IWpoWi9tQf7ARb1xo8s9qEQwveOtDRQLv2C8cuz4 +gtOAfVGrJ46sJozwof4P3ie6QaKukdVg7Ln8rnhhG3YJhZ22Q1yZRj1nEemD4Xgt5cMKbu +jw23838azWTtV4Ly8rqS6GETH856AZd+nBIUlOnGghypHQ0dhauTlluZwpr0oEdo1+tZ/w +hM5+QjQa3A1Jchk086333na9SvwpelAsM3dliElwNyT9Nk5fodLDzmAbL+THlcTd755cKL +PzulwtQllZ5qcjSYEuLYw9jLTpQVVoxmPTEFntYZiIKgecYB3EIM0fPNgc+s8nzXIb+IW3 +ssaaWkmkQheJRFU+E2h5ofzfffmmKv5BRE5W5070GC97h0GDcBGqIA8nlixowF83NzPY0X +CsxozFa8jYN22jqwaKU8UImAGmfHk+cebW92T4J++dzz+gZnLArcvplSpQIws77lagxfNp +tD1v80g0igr9woV75JzwrnQeigw/TdixSIia0gIBdlpx59UCEY7CRzEDx2mwkmyZqRS1P1 ++Bef7YDdHVRmGOuJ8ZV8fT66nyDt5Ac9nwT49ZE/Z8VaE9jMWihEGRdSUx+mK3115ciU0N +vqzQoWS4xXQLZi5cl1ZqqXNefyrtBIw7RWrx+vjIe/nmClOWzpL6jT45CK6UcyAutvSOLd +nY4APaQRswi6WupXrF/tIozoNyPJG1JFxYyivrIggF32kPmKL+3ftIFcOOSp9Ro01cwlxZ +JV5UVsI7N3V2qMs0i4yexAQSggS1QliM4DzWXbOhv1u8QS4hBQu/w5/P6itTIvWG/4vsRw +p119lRuOZREnNT77qSdvmXVXtktamBgbjFnTdMhNUt6lk1+9Zas0402BjFzDJgj2rlqAxr +Jq92P99cFvcDgpraGvodh52p3RGdkj0yyiXhSdqeZHWIcTLNSJ+Kq548cregsEgmmQHJr8 +OUO2W2KniYx0SW01CvDJl6PdmF02w3ta8RSB+/+83OI/+Hr1wwGFLacXZjgjF8C7c5IU7s +/zpGKchnTzZw5otZ0diZz4bkbPn79KejHYk68pNdFy4uG4RMUu9CaloZ5EaHKGXMwHTCZP +WoGVb+2q8ivzEcea3Bb+H7M5b3MXUXDIRw345y47r9qiYYy2m1G9ndr4CyfEvouDmdyKa9 +8QlHAvsJt0YPR84vHdhKnL+czrf4QyW3QBY7jKs6rXStBZ7y/F/KWp6bwqnf/XtCIIHnMW +HCHGqm9PkR6eUiU90OfSaOK3nXMVDJC0EflyFVW9mSkH53bVVJova+mmLbs7JsyspyB8iS +AdQ4YcjMgACsr7w+ZRPQMV8O5puGaQbMQpvpR9I5IkSdzusCTldQjomyrRwIbv4Kk+jnpf +uPzApWhkVPhRycbAVnHERCzxiLZJr1mxWjpjmkLs1jfDjMPO522wolrlOLgFr1Sj18flyf +0psQpFZqouw7oOCQ2YuXpgUe6+YRk8D2qSILtjRJAfV9x0MXFr3IqbizpdjPur6hbL9jKK +I+H0v5/h3xBRKVqTRU6n74VgImsYi5RFv5YcruQVnKPvw046NPTycA9te5vuqgTnpEhl6K +skrmcTwpk+tsdp17Y02FLbeKQ/PTV0cIsadwqDwPbvgbVTiAFeIVOATYnKN76AiHDU4uU6 +qR6eIUSmR7pNH/8rSu6sPaYjzp/uIrup7nTVtzIrlMWlVrZxPMyQ/fxWJ3V68aMVbb1HIq +5r3bURN6IwTEZugDzFlPkE6mk9WxJ72xMYzeC7m933OcbJVtWwTPou2C6SXI212sp8cvMG +2iiCaHQskAKCSApAZqwOEi9KsOB1ytFDAguTrlq9cbpLCa9hEdl5Wytsk8fgp78Gotg3qS +z5o/fOSEOnq9D8TJZBdJx/7phEIVtFG2IA1+a/XLaFInjmGjm+dd8oRhRB1ZWu4wjZhpUi +fekE1Ixf5aPcFtdDWErncrLtiddEkW4gMHK2QKoVxk7oWxBniLF3JTBpCyPtLgLGd84MJr +c4yiVKxsaMfURoijwJE75CRLM8At/Jq/ZbldM7adenhP+kPfTSXN3Ld4focD/rcBM/6zML +/yTb2GP/0kmN3qTgB6sNvFrMMpR5kYmX2jSvx/rrx9fzAvSuzH1b/1pQumsHqZh0zwT6RX +K0yMcQs+dbJtZzQ92TSyx1Rq95v54fYV4rYmpnnWbIywnJReXzOjNixculPpawetJK64a6 +6i3sOPMEPGBDZIO+Re6h4il8A3BxBAdX8dUgyT6XvW3Xp48VzXeTLaZrnXG0POVXlifrMh +0Si5pA3f/L5ygkgsc8zv14/wv/YmoqNmu6g36IrggCkK8tLi8DbeyFA3aFmcDQorMDMhvz +HkbyIN+RhPdNVVgkA6nScNNZs7V0n3+2tWnaMxFp+j/UH1YwqNrviBJqfrUBuMW804lDHa +YX2bs3tzq186fsMlTFOKjfiIRFLJTYD+zQNM+eTkAuTiQgxrTqAJi5zMZJuXvsO8k0CcHI +EVcHGaP9otDq/KhsyUs9/Qio/gfJbU2qh70ZxYwJWC/8DvdfRpsSoGWb6GLnq3GxyYlVnT +V8Ov/nMCIDH3gzc+2bBxuTwfLZ0dElOWFuEuzZj5enw4CF9+IQW3CM4EfqUf7Y1JIyZvKy +BL+plHJF08mHEqlzFYxoAHL1IpZdSMn5uldYaPeB5uHLZbyLu8eoI0WRQPE9smhxa1UERd +2mUJpsEMA+emZzIsPs0zRUicGeGZLX8ultN9KI/4zsRJE3GZzcT17HYoVpqKNxZHoUKpip +sNTi42ZV2if7f36wZmPoYu4mKqCXhjyJS+Yq5S6V/0U1YbqdLxWN6kDTKwu9/O02uL/Hb3 +h1ZLunheDBP4k/SwK6I745J/aEreVtLpzuJeE7rD6I0faC+lQymrN9WxTd6k7hcOElQkiA +8AgOeaaNG4r2IsSTACFzw98ip3c4Kt/GTcEamFB4Gp8MvcCO7bFovbEHGx0bKu40oD5m/I +ZV2PbEQgF7oeL14YxCHyfNS6GUSREF2VreymnopWKqTEs/Av8uOvGRf/XD3fbWCHnRmLl7 ++odQaeXVhs9MIBPcGDt+6PplCvhw6H+freu+hwDCWsVEU0EBWz6bJi5bkWozmfzTL77d21 +rgX9bnJ1554Cz41uEPP57iyAONKnHOP6UIBiGv4pex6dciJWnmPW4aw9Xu3sMFQxWTyjoC +ed+cVxtJerrS/D22zMvTISyx/9GnFuRyQwXOjyw8VVWb0j84ObEi7dGkE3Qfy2g28s05Gy +2tgIYYRAd8OUtqsjpeF1ggxn6T30Gmpc2DDC49FlTUU4DyjMHpUrX0qOg2HwygELNMEWg/ +tKdvWAD32ggIqM2q5QfMntA3pWKdSoTRYK2GpFfe7K3loB/9aXKQBnPMpqxBsuCL28ty/T +m2PN5iVDDpTn9+IwYIK4ifGKoU5zXYvoAmDTru97kkbb9+L7sxcRVNmdrC2Aod29epO4xQ +Owpzc9fViIXyv3pEImgxcgrI818rYoSg4qm1hKV8O6rBNmYJTCW+VIai0dfeoZ5RvjDk5p +C5PGO0qLvmr5vDo5IE/i3aoJlirm4KFErzbMpyjjVrrEfIZO78qX79ZUwRLw+3zjLZN5jk +X3T22nv46E43rt045+mHglNxD1jbseJlSXNWUHPfuyl7xgqKv/kdDCxXC7yxddtyB2ioWQ ++WjmV7dwdPApuO7E8SN4A4aIFOdVNN1EisPOZxOB5o4i06b7RTcAJdluTC8uvuSLS9pOaD +Dyp2MTyfzsihx4CD42e99ylGR6Vua5SGknGx8CgsePEy9tbVPQC21dXKS/F4J4RjiHMscf +rLiYk1I4SfXkb1vZqtOuNX4O38qB54FpojKL/iZxaEb/QscfgonSz9R2x4VhNqpt6HBHRC +etY+1RNqGPnkvl8Y0= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/ssh-testkey-rsa-8192-plain b/tests/ssh/ssh-testkey-rsa-8192-plain new file mode 100644 index 000000000..9590abea7 --- /dev/null +++ b/tests/ssh/ssh-testkey-rsa-8192-plain @@ -0,0 +1,93 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAEFwAAAAdzc2gtcn +NhAAAAAwEAAQAABAEA5ZPD0zgd3y6u+3X7ITKpFKcoQRS46rczXd0GtU1oM4/REZQVU1Pl +PxBEh4YpMbbIkmfWIV64tEM1me8PmhvE63k38Kft5x5gMiM/AVjbjfApNuj1jT/ABOS4wZ +cjYGEr0ajgeyyXqp5FdYO1pkISOfGnxpj8kLnF+Pcbj8r9Ukh5bfYgir5SjuytIhYQ+zy/ +mDoNtnhW967QY1RJOosqLS0ymJFC7cgEq0n5Goi2tdf2fM0xr469C0aHK92lvfAO1+LZ52 +Fge6YlHOpdcVaUAZJmc4uMsJveEQsxA/g3L47lJEpoLXT4GICmXFLn9o+SEnJdC69Xm5nY +hyrPWruXaGkGFmVQsTYdU8w7zVtGZ3+n7IR+v87ESIPoOs3h/h1lx9YbknNiEz8Wxb7va9 +iJVFLC4bNp9r7d4KIlAlfALYHMztBvmGayfX1tUFfr92MyXPqNqvtFK8+HDbhgV8AXuVCw +5ZGG/YYI5ws5hamiaRiiAjLD5Zk7CNkAhdi3fKruhU2NTdTmHB1PtAcTB9SNdu7H+fDimV +9Jp+3aL6jsuFKFgeSzitCwXZ1Yuh7nnt6JjBbib2xgqrxMbVTY1HVICLUEZh0QOmFLDEos +RZk9oC9S/VvSXPGi1vejGc2otL1nLPKA3V+hf9J1QvJQloeT9UKR0ATaawmLLIOKGE0vjh +83SSx2kwsOhv0YRwcb676EECCjnLr15mNCSO2NQbGIlJNx/sG+fCXvt/aWmtVKQdXW0PpL +uum63lCm4lgaKYGOaBIvFAiok9YvQS0sVPAhcAqKOWk2SFzyHC6EplnFBPGEggFFumMGrm +Gi0yU1eP2lMvY6OVNw4XnpleZhEBQ/aqM3CPgJZslamC/lBAWX5PSU0aHYUKGZEKulisbg +i90TMKxUFrjXtCHVlqqSSbtDwEFzliFDW0Usvgq2N32xthgdaruFjCwKo6c9inSSNdbpks +i8CmJR7ISCF4/RSxBZbKDS49aKooGO8vf04CkdhAeD9goBei8ARpmRrksSZbyjyj7LHeng +XvmnDUJcFQhzFkFudKwK5FsRL4xsSweRxK1SPWIRJ8qTNrBcNREVKvtVKXdEbRfgSxkHA5 +3yMWLeoqxBIb3UF6PqWuwoZkwUvz+fwGdWejhh0fBzOvHi61aM4KXHVxwLfyMfZkZLWbYs +c1V3/K5UFXzbxCMVKf5BpRPGpd54Ngnqdv0domMcAAO1E2OTXEo5pwgqjZ//UbC1NtRBpO +LDwuFsCZbTvOwzGjIh/Ss6NmibEeV/otVJlyzs/hEWXaLasqu8yw4gD1StX2EfRCAFrFiX +Au4NDgJXzGNi2UCJkX1HT53TfL4fNO3uuGIcJEzQ95bnNxSFwai0fQAADkjjnrv94567/Q +AAAAdzc2gtcnNhAAAEAQDlk8PTOB3fLq77dfshMqkUpyhBFLjqtzNd3Qa1TWgzj9ERlBVT +U+U/EESHhikxtsiSZ9YhXri0QzWZ7w+aG8TreTfwp+3nHmAyIz8BWNuN8Ck26PWNP8AE5L +jBlyNgYSvRqOB7LJeqnkV1g7WmQhI58afGmPyQucX49xuPyv1SSHlt9iCKvlKO7K0iFhD7 +PL+YOg22eFb3rtBjVEk6iyotLTKYkULtyASrSfkaiLa11/Z8zTGvjr0LRocr3aW98A7X4t +nnYWB7piUc6l1xVpQBkmZzi4ywm94RCzED+DcvjuUkSmgtdPgYgKZcUuf2j5IScl0Lr1eb +mdiHKs9au5doaQYWZVCxNh1TzDvNW0Znf6fshH6/zsRIg+g6zeH+HWXH1huSc2ITPxbFvu +9r2IlUUsLhs2n2vt3goiUCV8AtgczO0G+YZrJ9fW1QV+v3YzJc+o2q+0Urz4cNuGBXwBe5 +ULDlkYb9hgjnCzmFqaJpGKICMsPlmTsI2QCF2Ld8qu6FTY1N1OYcHU+0BxMH1I127sf58O +KZX0mn7dovqOy4UoWB5LOK0LBdnVi6Huee3omMFuJvbGCqvExtVNjUdUgItQRmHRA6YUsM +SixFmT2gL1L9W9Jc8aLW96MZzai0vWcs8oDdX6F/0nVC8lCWh5P1QpHQBNprCYssg4oYTS ++OHzdJLHaTCw6G/RhHBxvrvoQQIKOcuvXmY0JI7Y1BsYiUk3H+wb58Je+39paa1UpB1dbQ ++ku66breUKbiWBopgY5oEi8UCKiT1i9BLSxU8CFwCoo5aTZIXPIcLoSmWcUE8YSCAUW6Yw +auYaLTJTV4/aUy9jo5U3DheemV5mEQFD9qozcI+AlmyVqYL+UEBZfk9JTRodhQoZkQq6WK +xuCL3RMwrFQWuNe0IdWWqpJJu0PAQXOWIUNbRSy+CrY3fbG2GB1qu4WMLAqjpz2KdJI11u +mSyLwKYlHshIIXj9FLEFlsoNLj1oqigY7y9/TgKR2EB4P2CgF6LwBGmZGuSxJlvKPKPssd +6eBe+acNQlwVCHMWQW50rArkWxEvjGxLB5HErVI9YhEnypM2sFw1ERUq+1Upd0RtF+BLGQ +cDnfIxYt6irEEhvdQXo+pa7ChmTBS/P5/AZ1Z6OGHR8HM68eLrVozgpcdXHAt/Ix9mRktZ +tixzVXf8rlQVfNvEIxUp/kGlE8al3ng2Cep2/R2iYxwAA7UTY5NcSjmnCCqNn/9RsLU21E +Gk4sPC4WwJltO87DMaMiH9Kzo2aJsR5X+i1UmXLOz+ERZdotqyq7zLDiAPVK1fYR9EIAWs +WJcC7g0OAlfMY2LZQImRfUdPndN8vh807e64YhwkTND3luc3FIXBqLR9AAAAAwEAAQAABA +EAytBsumej9CwAyAOllOF1f9pgdIZDCpBIH88IgxjcSljuQRJKeK/wIXNUp0l9kP7CWJzF +DfvpPs71RoVsih+oKsKPCdrBEGHEZ+a9XYpLhCw7rNfHPj6oe2o4UkYcKaQOmw0PK6HsZv +2lrThrPHK4OVpkds1mqtCDtftP7QtOGegO5nb+rrOOqdcq6KcH33v+YxQ+UwojAnL8hBPN +EZwp6Xk5bpE9yGTgwxX5rFhE2Ybtqbl5AHggSBrJhZYtOwwdgNlW2dMr8nCH7vCZFmx/Gp +hkTAVniApa90GkzrX0wt4BTrsxJ59jIfpdfch8RlT1nbhMvOrtgXg7UsYeIzEAhGvrxdNB +oxyEcihGWJgfLYYYKpmug/K9cradbX2+/cioxw8+knW+mfQtQQr55pOIVuc6ZTwkC6j4yN +9VxKkTDODTt41qWP+5BaXN8aGKw6Vts7hheUC8DgUrcZKGAl+gVcWUUWrsD4Le0IYZDh0b +bq8lSL3iVC63eYyDqrsW9lrnlvo5MB46H3JBnHB3fn5nbz9piUQmW4pTvrgg/ePFJN06Nt +N9TdApTrqXzO1KgA5nA0ygRAFBsPPirN+9Ioxt08tfFHrugDS9oSDR1baYO7AzJ8J7qEKM +Mk7ZVw1Z0jpVMN8Xuvol6Y9aqob5bNJfgteJi3UOJGts+SlH0Uo3DdyXfMdsMSSTNgvIv7 +ri5o6zjL6T0CjqIGoPlmV77fB54b+X5+z/m9b8b99zLf7JxDxOwhefqwUPDmcySZCKvHHE +VABp2yYfMU0wtG10r/FKfpj1vLhJVw/7C6iqEXPphJiTxzhf1axJETQmQd3wl/bP45rcIY +zEglFRH7aRS8ZbAsvunusVuWO8NmBIji1NtPjX41QAED2RvYjChwsycIfdyC1iaKvT9MdE +PvaEr3XgcFVbGuNVbmJxNJL/mUEOu5MunqDsJhSy4wnRzl2O8pDd/MVr1fnePS3U3iS5e6 +Mr0h8q4+FtYlqu/L/ittlupWe90UHt5EncpE8aWxCWiW++xwTSi5z8zWhMTR1YM3zfpHjd +cacCeSxgYaOofa8Frf5spuSW3FnQHbJLrjROAp/kNRNCUmYYQ0qV30sPJWkf10dZb6kpup +2BQIDnZ2qCGGB3UYNP4jaGgYoCe2vXSm3r8MgIeWaAJyzLt30r5VSdgi9xfbaJ/pRTjKyz +fM087BgSi2ab3vIx8APwg75gfCmfLe86oZl63W28OvngX2VossnaCgpgFLg7E3RFe7FWYf +Me7uhlx+Yih8ZWRqScaHfnEAoGRcJpp3V6AKuj/FFbItj5KxTvYeKBlkuQ7Cy1AOuq6bUt +tpB5tv3zIF34sFag1LyyCcrHZr5F/k9Uu5t/XQAAAgAWlfEwj6m+UC1/D6xqf19NeenWim +IQ03YLGHuK8MwUzjIYWoK8W7zU6lIvRGn6XPdwYjQ4fmwvZUyR6nXoIB8PEgd4kBJHnxLL +qoAS5QO+GxVindsJmbwSioTlvyZ5+x0pjuAfCVQms5HWHENBwA/02Tpg9EgFu8AhIgMm45 +bZWRJl8tTErpzoB9U90Rr3aykPRquuCuYHvn4OadwLeqHWZ74X+hUcR2AcRP45dPiMF50I +WP1o1lIgp6a+Yf9DaqKQfAbE3dk/ZMGfxhFDCpVE3JG2SErdOgLX0kULzlT93SQFKDTO83 +3IY+e3drnJcaZiP4azwZpFYiR2qn2b0fUEQZP9pPCxz84cxZR2WfCugxEZkGuvfAiMk8P1 +Os+ttZhzTWtqsYFVOLfuNQI9Cdpi8eu/n/Om/1uhTkJQLS8voZJXMAXOw85uLg1Wy/r2+E +gbynZVxFly3GSdV6uzoHmSSdUi6glpr9C5aE0iV84nQM+zXkfAna61rnBWfaSOVv2DhNQa +VMliDk88ZgMX8He91H+FpYMAJu7p2JLYildYY36iZz5fFeX0dvU8BxG87sVY6SJ7Zs7Ov2 +j6R5AzCyByeJ4V3tU598civ2utInSNUq1faYbXKz8ajwauqaa6wyaPkyUMV+eJDnf0blUE ++h+x5sj31Ine9g7rfNXH2TMWRwAAAgEA+B/6a8y20hMg8rWyqa3WQXcDoR/pVR0ofYvst8 +fGOD0fN/QwohaZ23mTFiCvX2zceNi0aeJ2vlAS7D9RTVnpD69yLn7xeJnchvHRCKhDGssT +oIvNphdAJ6JVwjcE96BvRFamE5E4ADC/ohzLDwbzCT/vlgmnBMh2FU/8BqdXguX1c2JiNs +T5UEgQY/YruE4V11bbigifSaIkjo2MGpHRqFJbpcwChh16e3Bv9LHj0sQ5v95m9s4THAZD ++fuMzD6TDmtAL8JDQo8lKzf96Qu2uImn2AY7intmBJ5WscU9R3c+mFuUescEqv7XlhEtKX +5UQgIXZtd/IbkNg0LPgvEsFEasTH/BR0I2fn4I0QXxUU8/xYMAb3ihOhCFIP3g/Hxm8tCl +oyWEAilW9T22MeLL8MkFNmuBTyLjBc6NsCLiblZ+NyqGtzKs8cYPatUI3Hsoau6jOMBnc4 +H5RExmiIgIJVV82sAzo6qTSG+hrAgJX46dcH4oSwIf6/m9455liquHh/O1c0CM1ay2DxNZ +ofqTveH5gfZFi7Gu7yJ5mQ5tKSis9CSstRS4FcPn4CnJECJLx02HlBPX275iEfRZCLaouz +9qWXiphk66PxkeSKFRr+UWrA7GoJwt3/ahofOmJkDx8GV2wiKhYgGN4EoQCPsE6yviA41K +dmnWAdFTN8vJiEMAAAIBAOzdFgo5VAbZxABE0uFjAtRPuytktFQ4KdRE/ryRNw2Qn7BIWd +VlBLRrHljbc3Owypuy2fkXd7jHUs3RqHH6JJiJKOfoONbLX7IcLJstMy+Cfcjm49Wz9xiO +EpZFXrPXk8fkhVM8COHvUjrW1SrK2TBonKNTnPSALDbsnyZXvfLppbTICUqMpy5+rAUXW7 +TpD8W76jCsQhjWVRt0tmaBem4pj94zO3FdOpRePS6EXt4xm6qAfHX+EUWS+58v7u7mXcoC +BHSrYgg1WVTKuerEmMRyMZ12cqmSzYnXSoB5fVh+6QJZwjV6Sntv8SHBcKbJIp7FqJkqot +ACZifMoqLe5AgO0go8+Q8kWpZ60OdQGfqZnbWCD8QCvTLEwYmmREb8+UvTnQhfivjJPscf +HVHjxkAjF9exNasMa+0LjIopqsd7VxvCIpzGFlxh5c9IlrvK8aVS5uCZRD+oNwOcbbUMUp +3dZMvqgOoetWt0TWLQwVgTDtPdzRIKzkRuA0Mgwe4cepYhwwqw/Pkwdlt3P8F4/yDMWfUY +qBw+VF/NFsa4QLHYoanno/TxBjL3fU9XfFIjH6Q/tnJemBOZSHqVgy1waby9SgBWt73Wn1 +7CtbLKy0H6F/RsATP4bXLnC6Pq91XDmFcyE+Wv5EYEe7I1DLJPFYV6Ld4iMc5T6TWagiC8 +cmQ/AAAAC2xpYnRvbWNyeXB0AQIDBAUGBw== +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/ssh-testkey-rsa-plain b/tests/ssh/ssh-testkey-rsa-plain new file mode 100644 index 000000000..4407e6628 --- /dev/null +++ b/tests/ssh/ssh-testkey-rsa-plain @@ -0,0 +1,27 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn +NhAAAAAwEAAQAAAQEArh/LZSjfJRtM1LchVnOvA1++dE+sxzdLC9Mi2lC6bL1tGjRcl6WE +lVrjzaugTWDtZ1oCq+FmxHJg3CgHC6724GpCk+2qCBAuFvtmZIUozzx3vRFSGB2UTd2R9s +bTdqUKFk2iPYhjRv25wfuRQJzippLbaUpTqMFPywY41iwc4Zf0TWuyLyA12BVuDJSLJaKX +xIvPWNgo/P1zVaAEwi2cSPpJWnu3K9zvdPVd9nBpOENhEPJXx6lZwHJPWX20Xa/v6zezUX +L7dk29YBVYzaaalPMDOPxZfVMG20LsaP7w22m/nVS/Ucb0uTA3lfAcTmzT7eI79hIzM4zW +SkT2kXBybwAAA8CrA7O4qwOzuAAAAAdzc2gtcnNhAAABAQCuH8tlKN8lG0zUtyFWc68DX7 +50T6zHN0sL0yLaULpsvW0aNFyXpYSVWuPNq6BNYO1nWgKr4WbEcmDcKAcLrvbgakKT7aoI +EC4W+2ZkhSjPPHe9EVIYHZRN3ZH2xtN2pQoWTaI9iGNG/bnB+5FAnOKmkttpSlOowU/LBj +jWLBzhl/RNa7IvIDXYFW4MlIslopfEi89Y2Cj8/XNVoATCLZxI+klae7cr3O909V32cGk4 +Q2EQ8lfHqVnAck9ZfbRdr+/rN7NRcvt2Tb1gFVjNppqU8wM4/Fl9UwbbQuxo/vDbab+dVL +9RxvS5MDeV8BxObNPt4jv2EjMzjNZKRPaRcHJvAAAAAwEAAQAAAQBi46O8G+4/QLXtyOOi +Gak3nVSo8ecKbRit6odMvbRitWIVE8/SQCqAOFJQKDyuNXIe1DvYKfcXcm4YGpOFyyRiZ3 +bQVJXQZoAGhVitlgKLT6ghNIkPMR1c641OPbUzGKAV8plFoQPg+ZBZ3umrbG48dAMwVQoW +OVN71ljJKdxtMdOQ7BL2T9fcgki9dJ9ZNlR4YwJL9ZdC76l/KXvq0dsSy3/gUQeuXp26nL +bGQwWz92JAc6IeEsQ5hhSVQi6BBiCdwBMOor2Fd5epzMNYMhgk+ugt7o042esvIOaTMsgX +CaiSRI2zVf+mrrMobzJPtTRYYBl6Z2Rz+G/e95KfPPrhAAAAgF6U/FQHKYg+jMYJ214uRh +Z9VobWdvjrzYIRr5G/+i94+9/Z49PbtAwcK65BVigvrJmK4xl+oLtWWO3GiPCTSUuGuUrj +rAjNEkJQvS93PJMMOpLuQl7qoI92bbcJGLd7x5mR7saXwGJTfjFlTYeAS0kudRbirueQ6E +4sGDwIMRlzAAAAgQDa4nWkERpjPHWmfa2K5CHjMWwuUVbDoXCokdgRDv47IXNVT+o3XYQQ +iAzgBksyoqjFYitZYuKnnl9hLqQl4KVwgtZEpXXRsGGsjsO7GZ37Cff5YckrdrFhbLtAhY +ViW1zoa+d21q82V4YIWrPwExwPh2Z/KDiB+APDkzlAzypqzQAAAIEAy6ZVsB6b1Mdom/QO +EAkCRpcWwG1+WPIvohUdIr5XwRWndEbCMhapH3XYt82T7A+j3UzZTJI/YCUjsr7tq2i7lO +xL23aoetmO390ze3/HQIzNjZAP+Fqar3dqcR8/0EvuI8mIk0l2h6C00asxbJcLTH3koNyz +bkzOkdo8zuK2iisAAAALbGlidG9tY3J5cHQ= +-----END OPENSSH PRIVATE KEY----- From 350fbc65465bbae78b55ab2b2afb1e14bb69b210 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 2 Oct 2019 15:10:57 +0200 Subject: [PATCH 05/51] refactor & clean-up Signed-off-by: Steffen Jaeckel --- demos/openssh-privkey.c | 248 +++++++++++++++++++++------------------- 1 file changed, 131 insertions(+), 117 deletions(-) diff --git a/demos/openssh-privkey.c b/demos/openssh-privkey.c index dec65cf4a..697cd949b 100644 --- a/demos/openssh-privkey.c +++ b/demos/openssh-privkey.c @@ -10,6 +10,9 @@ /** @file openssh-privkey.c OpenSSH Private Key decryption demo, Steffen Jaeckel + + The basic format of the key is described here: + https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key */ #define _GNU_SOURCE @@ -77,7 +80,7 @@ static void die_(int err, int line) #define DIE(s, ...) do { verbose = 1; print_err("%3d: " s "\n", __LINE__, ##__VA_ARGS__); exit(EXIT_FAILURE); } while(0) -static void check_padding(unsigned char *p, unsigned long len) +static void check_padding(const unsigned char *p, unsigned long len) { unsigned char pad = 0x1u; while (len != 0) { @@ -117,12 +120,9 @@ const struct ssh_blockcipher ssh_ciphers[] = { 0 }, }; -struct ssh_kdf { - const char *name; -}; - struct kdf_options { - struct ssh_blockcipher *cipher; + const char *name; + const struct ssh_blockcipher *cipher; unsigned char salt[64]; ulong32 saltlen; ulong32 num_rounds; @@ -130,13 +130,6 @@ struct kdf_options { unsigned long passlen; }; -const struct ssh_kdf ssh_kdfs[] = -{ - { "bcrypt" }, - { "none" }, - { 0 }, -}; - int ssh_find_init_ecc(const char *pka, pka_key *key) { int err; @@ -152,10 +145,10 @@ int ssh_decode_ecdsa(const unsigned char *in, unsigned long *inlen, pka_key *key { int err; unsigned char groupname[64], group[512], privkey[512]; - ulong32 groupnamelen = sizeof(groupname), grouplen = sizeof(group), privkeylen = sizeof(privkey); + unsigned long groupnamelen = sizeof(groupname), grouplen = sizeof(group), privkeylen = sizeof(privkey); if ((err = ssh_decode_sequence_multi(in, inlen, - LTC_SSHDATA_STRING, group, &groupnamelen, + LTC_SSHDATA_STRING, groupname, &groupnamelen, LTC_SSHDATA_STRING, group, &grouplen, LTC_SSHDATA_STRING, privkey, &privkeylen, LTC_SSHDATA_EOL)) != CRYPT_OK) { @@ -179,7 +172,7 @@ int ssh_decode_ed25519(const unsigned char *in, unsigned long *inlen, pka_key *k { int err; unsigned char pubkey[2048], privkey[2048]; - ulong32 pubkeylen = sizeof(pubkey), privkeylen = sizeof(privkey); + unsigned long pubkeylen = sizeof(pubkey), privkeylen = sizeof(privkey); if ((err = ssh_decode_sequence_multi(in, inlen, LTC_SSHDATA_STRING, pubkey, &pubkeylen, @@ -250,9 +243,8 @@ int ssh_decode_private_key(const unsigned char *in, unsigned long *inlen, pka_ke { int err; ulong32 check1, check2; - unsigned char pka[64], pubkey[2048], privkey[2048], comment[256]; - ulong32 pkalen = sizeof(pka), pubkeylen = sizeof(pubkey); - ulong32 privkeylen = sizeof(privkey), commentlen = sizeof(comment); + unsigned char pka[64], comment[256]; + unsigned long pkalen = sizeof(pka), commentlen = sizeof(comment); unsigned long remaining, cur_len; const unsigned char *p; size_t n; @@ -279,7 +271,7 @@ int ssh_decode_private_key(const unsigned char *in, unsigned long *inlen, pka_ke for (n = 0; n < sizeof(ssh_pkas)/sizeof(ssh_pkas[0]); ++n) { if (ssh_pkas[n].name != NULL) { - if (XSTRCMP(pka, ssh_pkas[n].name) != 0) continue; + if (XSTRCMP((char*)pka, ssh_pkas[n].name) != 0) continue; } else { if ((ssh_pkas[n].init == NULL) || (ssh_pkas[n].init((char*)pka, key) != CRYPT_OK)) continue; @@ -315,7 +307,8 @@ int ssh_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struct kdf { int err, cipher; unsigned char symkey[128]; - unsigned long cur_len, symkey_len; + unsigned long symkey_len; + symmetric_CBC cbc_ctx; LTC_ARGCHK(in != NULL); LTC_ARGCHK(inlen != NULL); @@ -330,7 +323,6 @@ int ssh_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struct kdf die(err); } - symmetric_CBC cbc_ctx; if ((err = cbc_start(cipher, symkey + opts->cipher->len, symkey, opts->cipher->len, 0, &cbc_ctx)) != CRYPT_OK) { die(err); } @@ -339,152 +331,174 @@ int ssh_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struct kdf } print_hex("decrypted", in, *inlen); + zeromem(symkey, sizeof(symkey)); + zeromem(&cbc_ctx, sizeof(cbc_ctx)); + return err; } -/* The basic format of the key is described here: - * https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key - */ - -int main(int argc, char **argv) +int ssh_decode_header(unsigned char *in, unsigned long *inlen, struct kdf_options *opts) { int err; - if ((err = register_all_ciphers()) != CRYPT_OK) { + unsigned char ciphername[64], kdfname[64], kdfoptions[128], pubkey1[2048]; + unsigned long ciphernamelen = sizeof(ciphername), kdfnamelen = sizeof(kdfname); + unsigned long kdfoptionslen = sizeof(kdfoptions), pubkey1len = sizeof(pubkey1); + ulong32 num_keys; + size_t i; + + void *magic = strstr((const char*)in, "openssh-key-v1"); + size_t slen = strlen("openssh-key-v1"); + unsigned char *start = &in[slen + 1]; + unsigned long len = *inlen - slen - 1; + + if (magic == NULL) DIE("magic not found"); + if (magic != in) DIE("magic not at the beginning"); + + if ((err = ssh_decode_sequence_multi(start, &len, + LTC_SSHDATA_STRING, ciphername, &ciphernamelen, + LTC_SSHDATA_STRING, kdfname, &kdfnamelen, + LTC_SSHDATA_STRING, kdfoptions, &kdfoptionslen, + LTC_SSHDATA_UINT32, &num_keys, + LTC_SSHDATA_STRING, pubkey1, &pubkey1len, + LTC_SSHDATA_EOL)) != CRYPT_OK) { die(err); } - if ((err = register_all_hashes()) != CRYPT_OK) { - die(err); + if (num_keys != 1) DIE("more than 1 pubkey not supported"); + + print_hex("public key", pubkey1, pubkey1len); + + *inlen = len + slen + 1; + + for (i = 0; i < sizeof(ssh_ciphers)/sizeof(ssh_ciphers[0]); ++i) { + if (XSTRCMP((char*)ciphername, ssh_ciphers[i].name) == 0) { + opts->cipher = &ssh_ciphers[i]; + break; + } } - if ((err = crypt_mp_init("ltm")) != CRYPT_OK) { - die(err); + if (opts->cipher == NULL) DIE("can't find algo"); + + if (XSTRCMP((char*)kdfname, "none") == 0) { + /* NOP */ + opts->name = "none"; + } else if (XSTRCMP((char*)kdfname, "bcrypt") == 0) { + opts->name = "bcrypt"; + opts->saltlen = sizeof(opts->salt); + len = kdfoptionslen; + if ((err = ssh_decode_sequence_multi(kdfoptions, &len, + LTC_SSHDATA_STRING, opts->salt, &opts->saltlen, + LTC_SSHDATA_UINT32, &opts->num_rounds, + LTC_SSHDATA_EOL)) != CRYPT_OK) { + die(err); + } + if (len != kdfoptionslen) DIE("unused data %lu", kdfoptionslen-len); + } else { + DIE("unsupported kdf %s", kdfname); } - char pem[100 * 72]; - size_t w = 0; + return err; +} + + +void read_openssh_private_key(FILE *f, char *pem, size_t *w) +{ const char *openssh_privkey_start = "-----BEGIN OPENSSH PRIVATE KEY-----"; const char *openssh_privkey_end = "-----END OPENSSH PRIVATE KEY-----"; - char buf[72]; - FILE *f = NULL; - - if (argc > 1) f = fopen(argv[1], "r"); - else f = stdin; - if (f == NULL) DIE("fopen sez no"); + char buf[81]; + char *end; + size_t n = 0; while (fgets(buf, sizeof(buf), f)) { const char *start = strstr(buf, openssh_privkey_start); if (start != NULL) { + size_t l; start += strlen(openssh_privkey_start); - size_t l = strlcpy(pem + w, start, sizeof(pem) - w); - w += l; + l = strlcpy(pem + n, start, *w - n); + n += l; break; } } while (fgets(buf, sizeof(buf), f)) { - size_t l = strlcpy(pem + w, buf, sizeof(pem) - w); + size_t l = strlcpy(pem + n, buf, *w - n); if (l == 0) { DIE("strlcpy sez no"); } - w += l; + n += l; } - char *end = strstr(pem, openssh_privkey_end); + end = strstr(pem, openssh_privkey_end); if (end == NULL) DIE("could not find PEM end-tag"); *end = '\0'; - w = end - pem; + *w = end - pem; +} + +int main(int argc, char **argv) +{ + int err; + + char pem[100 * 72]; + size_t plen = sizeof(pem); + FILE *f = NULL; + unsigned char b64_decoded[sizeof(pem)], privkey[sizeof(pem)]; + unsigned long b64_decoded_len = sizeof(pem), privkey_len = sizeof(privkey); + struct kdf_options opts; + unsigned char *p; + unsigned long len; + pka_key k; - unsigned char b64_decoded[sizeof(pem)]; - unsigned long b64_decoded_len = sizeof(pem); - if ((err = base64_sane_decode(pem, w, b64_decoded, &b64_decoded_len)) != CRYPT_OK) { + if ((err = register_all_ciphers()) != CRYPT_OK) { + die(err); + } + if ((err = register_all_hashes()) != CRYPT_OK) { + die(err); + } + if ((err = crypt_mp_init("ltm")) != CRYPT_OK) { die(err); } - print_hex("decoded", b64_decoded, b64_decoded_len); - void *magic = strstr((const char*)b64_decoded, "openssh-key-v1"); - if (magic == NULL) DIE("magic not found"); - if (magic != b64_decoded) DIE("magic not at the beginning"); - - size_t nlen = strlen("openssh-key-v1"); - unsigned char *start = &b64_decoded[nlen + 1]; - unsigned long tot_len = b64_decoded_len - nlen - 1; - - unsigned char ciphername[64]; - ulong32 ciphernamelen = sizeof(ciphername); - unsigned char kdfname[64]; - ulong32 kdfnamelen = sizeof(kdfname); - unsigned char kdfoptions[128]; - ulong32 kdfoptionslen = sizeof(kdfoptions); - ulong32 num_keys; - unsigned char pubkey1[2048]; - ulong32 pubkey1len = sizeof(pubkey1); + if (argc > 1) f = fopen(argv[1], "r"); + else f = stdin; + if (f == NULL) DIE("fopen sez no"); - unsigned long cur_len = tot_len; + read_openssh_private_key(f, pem, &plen); - if ((err = ssh_decode_sequence_multi(start, &cur_len, - LTC_SSHDATA_STRING, ciphername, &ciphernamelen, - LTC_SSHDATA_STRING, kdfname, &kdfnamelen, - LTC_SSHDATA_STRING, kdfoptions, &kdfoptionslen, - LTC_SSHDATA_UINT32, &num_keys, - LTC_SSHDATA_STRING, pubkey1, &pubkey1len, - LTC_SSHDATA_EOL)) != CRYPT_OK) { + if ((err = base64_sane_decode(pem, plen, b64_decoded, &b64_decoded_len)) != CRYPT_OK) { die(err); } - if (num_keys != 1) DIE("more than 1 pubkey not supported"); - print_hex("public key", pubkey1, pubkey1len); + p = b64_decoded; + plen = b64_decoded_len; + len = plen; - start += cur_len; - tot_len -= cur_len; - cur_len = tot_len; + print_hex("decoded", p, plen); - const struct ssh_blockcipher *c = NULL; - for (size_t i = 0; i < sizeof(ssh_ciphers)/sizeof(ssh_ciphers[0]); ++i) { - nlen = strlen(ssh_ciphers[i].name); - if ((nlen == ciphernamelen) && (XMEMCMP(ciphername, ssh_ciphers[i].name, nlen) == 0)) { - c = &ssh_ciphers[i]; - break; - } + if ((err = ssh_decode_header(p, &len, &opts)) != CRYPT_OK) { + die(err); } - if (c == NULL) DIE("can't find algo"); + p += len; + plen -= len; + len = plen; - struct kdf_options opts; - opts.saltlen = sizeof(opts.salt); - opts.cipher = c; - opts.pass = "abc123"; - opts.passlen = 6; - - unsigned char privkey[sizeof(pem)]; - ulong32 privkey_len = sizeof(privkey); + print_hex("remaining", p, plen); - cur_len = tot_len; - if ((err = ssh_decode_sequence_multi(start, &cur_len, + if ((err = ssh_decode_sequence_multi(p, &len, LTC_SSHDATA_STRING, privkey, &privkey_len, LTC_SSHDATA_EOL)) != CRYPT_OK) { die(err); } + p += len; + plen -= len; - if (XSTRCMP(kdfname, "none") == 0) { - /* NOP */ - } else if (XSTRCMP(kdfname, "bcrypt") == 0) { - cur_len = kdfoptionslen; - if ((err = ssh_decode_sequence_multi(kdfoptions, &cur_len, - LTC_SSHDATA_STRING, opts.salt, &opts.saltlen, - LTC_SSHDATA_UINT32, &opts.num_rounds, - LTC_SSHDATA_EOL)) != CRYPT_OK) { - die(err); - } - if (cur_len != kdfoptionslen) DIE("unused data %lu", kdfoptionslen-cur_len); + opts.pass = "abc123"; + opts.passlen = 6; - cur_len = privkey_len; - if ((err = ssh_decrypt_private_keys(privkey, &cur_len, &opts)) != CRYPT_OK) { + if (XSTRCMP(opts.name, "none") != 0) { + len = privkey_len; + if ((err = ssh_decrypt_private_keys(privkey, &len, &opts)) != CRYPT_OK) { die(err); } - } else { - DIE("unsupported kdf %s", kdfname); } - pka_key k; - - cur_len = privkey_len; - if ((err = ssh_decode_private_key(privkey, &cur_len, &k)) != CRYPT_OK) { + len = privkey_len; + if ((err = ssh_decode_private_key(privkey, &len, &k)) != CRYPT_OK) { die(err); } From a301ea1419a1f466893b330bd99c93f2d14f688b Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 21 Jan 2020 14:49:35 +0100 Subject: [PATCH 06/51] use updated API Signed-off-by: Steffen Jaeckel --- demos/openssh-privkey.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/demos/openssh-privkey.c b/demos/openssh-privkey.c index 697cd949b..24b6b98c8 100644 --- a/demos/openssh-privkey.c +++ b/demos/openssh-privkey.c @@ -181,7 +181,7 @@ int ssh_decode_ed25519(const unsigned char *in, unsigned long *inlen, pka_key *k die(err); } - if ((err = ed25519_set_key(privkey, 32, &privkey[32], 32, &key->u.ed25519)) != CRYPT_OK) { + if ((err = ed25519_import_raw(&privkey[32], 32, PK_PRIVATE, &key->u.ed25519)) != CRYPT_OK) { die(err); } From cf71fffbd90106be1299c4ce38bad589ac065d8a Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sun, 26 Dec 2021 18:13:56 +0100 Subject: [PATCH 07/51] re-factor openssh-privkey demo into library functions This adds two new API functions * `pem_decode_openssh()` * `pem_decode_openssh_filehandle()` It also introduces the following two new types: * a new union type `ltc_pka_key` which can hold any PKA key type. * a `password_ctx` type with a callback to retrieve a password if necessary. Signed-off-by: Steffen Jaeckel --- demos/openssh-privkey.c | 468 ++------------------------------- src/headers/tomcrypt_custom.h | 30 ++- src/headers/tomcrypt_misc.h | 13 + src/headers/tomcrypt_pk.h | 32 +++ src/headers/tomcrypt_private.h | 53 ++++ src/misc/crypt/crypt.c | 7 + src/misc/pem/pem_decode.c | 129 +++++++++ src/misc/pem/pem_ssh.c | 426 ++++++++++++++++++++++++++++++ 8 files changed, 698 insertions(+), 460 deletions(-) create mode 100644 src/misc/pem/pem_decode.c create mode 100644 src/misc/pem/pem_ssh.c diff --git a/demos/openssh-privkey.c b/demos/openssh-privkey.c index 24b6b98c8..f10427e06 100644 --- a/demos/openssh-privkey.c +++ b/demos/openssh-privkey.c @@ -1,64 +1,17 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ /** @file openssh-privkey.c OpenSSH Private Key decryption demo, Steffen Jaeckel - - The basic format of the key is described here: - https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key */ -#define _GNU_SOURCE - -#include -#include +#include #include static int verbose = 0; -static void print_hex(const char* what, const void* v, const unsigned long l) -{ - const unsigned char* p = v; - unsigned long x, y = 0, z; - - if (!verbose) return; - - fprintf(stderr, "%s contents: \n", what); - for (x = 0; x < l; ) { - fprintf(stderr, "%02X ", p[x]); - if (!(++x % 16) || x == l) { - if((x % 16) != 0) { - z = 16 - (x % 16); - if(z >= 8) - fprintf(stderr, " "); - for (; z != 0; --z) { - fprintf(stderr, " "); - } - } - fprintf(stderr, " | "); - for(; y < x; y++) { - if((y % 8) == 0) - fprintf(stderr, " "); - if(isgraph(p[y])) - fprintf(stderr, "%c", p[y]); - else - fprintf(stderr, "."); - } - fprintf(stderr, "\n"); - } - else if((x % 8) == 0) { - fprintf(stderr, " "); - } - } -} - +#if defined(LTC_PEM_SSH) static void print_err(const char *fmt, ...) { va_list args; @@ -79,370 +32,21 @@ static void die_(int err, int line) #define die(i) do { die_(i, __LINE__); } while(0) #define DIE(s, ...) do { verbose = 1; print_err("%3d: " s "\n", __LINE__, ##__VA_ARGS__); exit(EXIT_FAILURE); } while(0) - -static void check_padding(const unsigned char *p, unsigned long len) -{ - unsigned char pad = 0x1u; - while (len != 0) { - if (*p != pad) DIE("pad wrong 0x%02x != 0x%02x", *p, pad); - p++; - pad++; - len--; - } -} - -typedef struct pka_key_ { - enum ltc_oid_id id; - union { - curve25519_key ed25519; - ecc_key ecdsa; - rsa_key rsa; - } u; -} pka_key; - -enum blockcipher_mode { - none, cbc, ctr, stream, gcm -}; -struct ssh_blockcipher { - const char *name; - const char *algo; - int len; - enum blockcipher_mode mode; -}; - -/* Table as of - * https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-17 - */ -const struct ssh_blockcipher ssh_ciphers[] = -{ - { "none", "", 0, none }, - { "aes256-cbc", "aes", 256 / 8, cbc }, - { 0 }, -}; - -struct kdf_options { - const char *name; - const struct ssh_blockcipher *cipher; - unsigned char salt[64]; - ulong32 saltlen; - ulong32 num_rounds; - const char *pass; - unsigned long passlen; -}; - -int ssh_find_init_ecc(const char *pka, pka_key *key) -{ - int err; - const char* prefix = "ecdsa-sha2-"; - size_t prefixlen = strlen(prefix); - const ltc_ecc_curve *cu; - if (strstr(pka, prefix) == NULL) return CRYPT_PK_INVALID_TYPE; - if ((err = ecc_find_curve(pka + prefixlen, &cu)) != CRYPT_OK) return err; - return ecc_set_curve(cu, &key->u.ecdsa); -} - -int ssh_decode_ecdsa(const unsigned char *in, unsigned long *inlen, pka_key *key) -{ - int err; - unsigned char groupname[64], group[512], privkey[512]; - unsigned long groupnamelen = sizeof(groupname), grouplen = sizeof(group), privkeylen = sizeof(privkey); - - if ((err = ssh_decode_sequence_multi(in, inlen, - LTC_SSHDATA_STRING, groupname, &groupnamelen, - LTC_SSHDATA_STRING, group, &grouplen, - LTC_SSHDATA_STRING, privkey, &privkeylen, - LTC_SSHDATA_EOL)) != CRYPT_OK) { - die(err); - } - - if ((err = ecc_set_key(privkey, privkeylen, PK_PRIVATE, &key->u.ecdsa)) != CRYPT_OK) { - die(err); - } - - key->id = PKA_EC; - - zeromem(groupname, sizeof(groupname)); - zeromem(group, sizeof(group)); - zeromem(privkey, sizeof(privkey)); - - return err; -} - -int ssh_decode_ed25519(const unsigned char *in, unsigned long *inlen, pka_key *key) -{ - int err; - unsigned char pubkey[2048], privkey[2048]; - unsigned long pubkeylen = sizeof(pubkey), privkeylen = sizeof(privkey); - - if ((err = ssh_decode_sequence_multi(in, inlen, - LTC_SSHDATA_STRING, pubkey, &pubkeylen, - LTC_SSHDATA_STRING, privkey, &privkeylen, - LTC_SSHDATA_EOL)) != CRYPT_OK) { - die(err); - } - - if ((err = ed25519_import_raw(&privkey[32], 32, PK_PRIVATE, &key->u.ed25519)) != CRYPT_OK) { - die(err); - } - - key->id = PKA_ED25519; - - zeromem(pubkey, sizeof(pubkey)); - zeromem(privkey, sizeof(privkey)); - - return err; -} - -int ssh_decode_rsa(const unsigned char *in, unsigned long *inlen, pka_key *key) -{ - int err; - void *tmp1, *tmp2; - if ((err = mp_init_multi(&tmp1, &tmp2, NULL)) != CRYPT_OK) { - die(err); - } - if ((err = rsa_init(&key->u.rsa)) != CRYPT_OK) { - die(err); - } - - if ((err = ssh_decode_sequence_multi(in, inlen, - LTC_SSHDATA_MPINT, key->u.rsa.N, - LTC_SSHDATA_MPINT, key->u.rsa.e, - LTC_SSHDATA_MPINT, key->u.rsa.d, - LTC_SSHDATA_MPINT, key->u.rsa.qP, - LTC_SSHDATA_MPINT, key->u.rsa.q, - LTC_SSHDATA_MPINT, key->u.rsa.p, - LTC_SSHDATA_EOL)) != CRYPT_OK) { - die(err); - } - - if ((err = mp_sub_d(key->u.rsa.p, 1, tmp1)) != CRYPT_OK) { die(err); } /* tmp1 = q-1 */ - if ((err = mp_sub_d(key->u.rsa.q, 1, tmp2)) != CRYPT_OK) { die(err); } /* tmp2 = p-1 */ - if ((err = mp_mod( key->u.rsa.d, tmp1, key->u.rsa.dP)) != CRYPT_OK) { die(err); } /* dP = d mod p-1 */ - if ((err = mp_mod( key->u.rsa.d, tmp2, key->u.rsa.dQ)) != CRYPT_OK) { die(err); } /* dQ = d mod q-1 */ - - key->id = PKA_RSA; - - mp_clear_multi(tmp2, tmp1, NULL); - - return err; -} - -struct ssh_pka { - const char *name; - int (*init)(const char*, pka_key*); - int (*decode)(const unsigned char*, unsigned long*, pka_key*); -}; - -struct ssh_pka ssh_pkas[] = { - { "ssh-ed25519", NULL, ssh_decode_ed25519 }, - { "ssh-rsa", NULL, ssh_decode_rsa }, - { NULL, ssh_find_init_ecc, ssh_decode_ecdsa }, -}; - -int ssh_decode_private_key(const unsigned char *in, unsigned long *inlen, pka_key *key) -{ - int err; - ulong32 check1, check2; - unsigned char pka[64], comment[256]; - unsigned long pkalen = sizeof(pka), commentlen = sizeof(comment); - unsigned long remaining, cur_len; - const unsigned char *p; - size_t n; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(inlen != NULL); - LTC_ARGCHK(key != NULL); - - p = in; - cur_len = *inlen; - - if ((err = ssh_decode_sequence_multi(p, &cur_len, - LTC_SSHDATA_UINT32, &check1, - LTC_SSHDATA_UINT32, &check2, - LTC_SSHDATA_STRING, pka, &pkalen, - LTC_SSHDATA_EOL)) != CRYPT_OK) { - die(err); - } - if (check1 != check2) DIE("decrypt failed"); - - p += cur_len; - remaining = *inlen - cur_len; - cur_len = remaining; - - for (n = 0; n < sizeof(ssh_pkas)/sizeof(ssh_pkas[0]); ++n) { - if (ssh_pkas[n].name != NULL) { - if (XSTRCMP((char*)pka, ssh_pkas[n].name) != 0) continue; - } else { - if ((ssh_pkas[n].init == NULL) || - (ssh_pkas[n].init((char*)pka, key) != CRYPT_OK)) continue; - } - if ((err = ssh_pkas[n].decode(p, &cur_len, key)) != CRYPT_OK) { - die(err); - } - break; - } - if (n == sizeof(ssh_pkas)/sizeof(ssh_pkas[0])) DIE("unsupported pka %s", pka); - - p += cur_len; - remaining -= cur_len; - cur_len = remaining; - - if ((err = ssh_decode_sequence_multi(p, &cur_len, - LTC_SSHDATA_STRING, comment, &commentlen, - LTC_SSHDATA_EOL)) != CRYPT_OK) { - die(err); - } - - printf("comment: %s\n", comment); - - p += cur_len; - remaining -= cur_len; - - check_padding(p, remaining); - - return err; -} - -int ssh_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struct kdf_options *opts) +static int password_get(void **p, unsigned long *l, void *u) { - int err, cipher; - unsigned char symkey[128]; - unsigned long symkey_len; - symmetric_CBC cbc_ctx; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(inlen != NULL); - LTC_ARGCHK(opts != NULL); - - cipher = find_cipher(opts->cipher->algo); - symkey_len = opts->cipher->len + cipher_descriptor[cipher].block_length; - - if (sizeof(symkey) < symkey_len) DIE("too small"); - - if ((err = bcrypt_pbkdf_openbsd(opts->pass, opts->passlen, opts->salt, opts->saltlen, opts->num_rounds, find_hash("sha512"), symkey, &symkey_len)) != CRYPT_OK) { - die(err); - } - - if ((err = cbc_start(cipher, symkey + opts->cipher->len, symkey, opts->cipher->len, 0, &cbc_ctx)) != CRYPT_OK) { - die(err); - } - if ((err = cbc_decrypt(in, in, *inlen, &cbc_ctx)) != CRYPT_OK) { - die(err); - } - print_hex("decrypted", in, *inlen); - - zeromem(symkey, sizeof(symkey)); - zeromem(&cbc_ctx, sizeof(cbc_ctx)); - - return err; -} - -int ssh_decode_header(unsigned char *in, unsigned long *inlen, struct kdf_options *opts) -{ - int err; - unsigned char ciphername[64], kdfname[64], kdfoptions[128], pubkey1[2048]; - unsigned long ciphernamelen = sizeof(ciphername), kdfnamelen = sizeof(kdfname); - unsigned long kdfoptionslen = sizeof(kdfoptions), pubkey1len = sizeof(pubkey1); - ulong32 num_keys; - size_t i; - - void *magic = strstr((const char*)in, "openssh-key-v1"); - size_t slen = strlen("openssh-key-v1"); - unsigned char *start = &in[slen + 1]; - unsigned long len = *inlen - slen - 1; - - if (magic == NULL) DIE("magic not found"); - if (magic != in) DIE("magic not at the beginning"); - - if ((err = ssh_decode_sequence_multi(start, &len, - LTC_SSHDATA_STRING, ciphername, &ciphernamelen, - LTC_SSHDATA_STRING, kdfname, &kdfnamelen, - LTC_SSHDATA_STRING, kdfoptions, &kdfoptionslen, - LTC_SSHDATA_UINT32, &num_keys, - LTC_SSHDATA_STRING, pubkey1, &pubkey1len, - LTC_SSHDATA_EOL)) != CRYPT_OK) { - die(err); - } - if (num_keys != 1) DIE("more than 1 pubkey not supported"); - - print_hex("public key", pubkey1, pubkey1len); - - *inlen = len + slen + 1; - - for (i = 0; i < sizeof(ssh_ciphers)/sizeof(ssh_ciphers[0]); ++i) { - if (XSTRCMP((char*)ciphername, ssh_ciphers[i].name) == 0) { - opts->cipher = &ssh_ciphers[i]; - break; - } - } - if (opts->cipher == NULL) DIE("can't find algo"); - - if (XSTRCMP((char*)kdfname, "none") == 0) { - /* NOP */ - opts->name = "none"; - } else if (XSTRCMP((char*)kdfname, "bcrypt") == 0) { - opts->name = "bcrypt"; - opts->saltlen = sizeof(opts->salt); - len = kdfoptionslen; - if ((err = ssh_decode_sequence_multi(kdfoptions, &len, - LTC_SSHDATA_STRING, opts->salt, &opts->saltlen, - LTC_SSHDATA_UINT32, &opts->num_rounds, - LTC_SSHDATA_EOL)) != CRYPT_OK) { - die(err); - } - if (len != kdfoptionslen) DIE("unused data %lu", kdfoptionslen-len); - } else { - DIE("unsupported kdf %s", kdfname); - } - - return err; -} - - -void read_openssh_private_key(FILE *f, char *pem, size_t *w) -{ - const char *openssh_privkey_start = "-----BEGIN OPENSSH PRIVATE KEY-----"; - const char *openssh_privkey_end = "-----END OPENSSH PRIVATE KEY-----"; - char buf[81]; - char *end; - size_t n = 0; - - while (fgets(buf, sizeof(buf), f)) { - const char *start = strstr(buf, openssh_privkey_start); - if (start != NULL) { - size_t l; - start += strlen(openssh_privkey_start); - l = strlcpy(pem + n, start, *w - n); - n += l; - break; - } - } - while (fgets(buf, sizeof(buf), f)) { - size_t l = strlcpy(pem + n, buf, *w - n); - if (l == 0) { - DIE("strlcpy sez no"); - } - n += l; - } - end = strstr(pem, openssh_privkey_end); - if (end == NULL) DIE("could not find PEM end-tag"); - *end = '\0'; - *w = end - pem; + (void)u; + *p = strdup("abc123"); + *l = strlen(*p); + return 0; } int main(int argc, char **argv) { int err; - char pem[100 * 72]; - size_t plen = sizeof(pem); FILE *f = NULL; - unsigned char b64_decoded[sizeof(pem)], privkey[sizeof(pem)]; - unsigned long b64_decoded_len = sizeof(pem), privkey_len = sizeof(privkey); - struct kdf_options opts; - unsigned char *p; - unsigned long len; - pka_key k; + ltc_pka_key k; + password_ctx pw_ctx = { .callback = password_get }; if ((err = register_all_ciphers()) != CRYPT_OK) { die(err); @@ -458,53 +62,11 @@ int main(int argc, char **argv) else f = stdin; if (f == NULL) DIE("fopen sez no"); - read_openssh_private_key(f, pem, &plen); - - if ((err = base64_sane_decode(pem, plen, b64_decoded, &b64_decoded_len)) != CRYPT_OK) { + if ((err = pem_decode_openssh_filehandle(f, &k, &pw_ctx))) { die(err); } - - p = b64_decoded; - plen = b64_decoded_len; - len = plen; - - print_hex("decoded", p, plen); - - if ((err = ssh_decode_header(p, &len, &opts)) != CRYPT_OK) { - die(err); - } - p += len; - plen -= len; - len = plen; - - print_hex("remaining", p, plen); - - if ((err = ssh_decode_sequence_multi(p, &len, - LTC_SSHDATA_STRING, privkey, &privkey_len, - LTC_SSHDATA_EOL)) != CRYPT_OK) { - die(err); - } - p += len; - plen -= len; - - opts.pass = "abc123"; - opts.passlen = 6; - - if (XSTRCMP(opts.name, "none") != 0) { - len = privkey_len; - if ((err = ssh_decrypt_private_keys(privkey, &len, &opts)) != CRYPT_OK) { - die(err); - } - } - - len = privkey_len; - if ((err = ssh_decode_private_key(privkey, &len, &k)) != CRYPT_OK) { - die(err); - } - return EXIT_SUCCESS; } - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ +#else +int main(void) { return EXIT_FAILURE; } +#endif diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h index e10779280..66855145a 100644 --- a/src/headers/tomcrypt_custom.h +++ b/src/headers/tomcrypt_custom.h @@ -522,6 +522,8 @@ #define LTC_PBES +#define LTC_PEM + #endif /* LTC_NO_MISC */ /* cleanup */ @@ -566,6 +568,27 @@ #endif #endif /* LTC_MECC */ +#ifndef LTC_NO_FILE + /* buffer size for reading from a file via fread(..) */ + #ifndef LTC_FILE_READ_BUFSIZE + #define LTC_FILE_READ_BUFSIZE 8192 + #endif +#endif + +#if defined(LTC_PEM) + /* Size of the decoded data buffer */ + #ifndef LTC_PEM_READ_BUFSIZE + #ifdef LTC_FILE_READ_BUFSIZE + #define LTC_PEM_READ_BUFSIZE LTC_FILE_READ_BUFSIZE + #else + #define LTC_PEM_READ_BUFSIZE 4096 + #endif + #endif + #if defined(LTC_SSH) + #define LTC_PEM_SSH + #endif +#endif + #if defined(LTC_DER) #ifndef LTC_DER_MAX_RECURSION /* Maximum recursion limit when processing nested ASN.1 types. */ @@ -708,13 +731,6 @@ /* define this if you use Valgrind, note: it CHANGES the way SOBER-128 and RC4 work (see the code) */ /* #define LTC_VALGRIND */ -#ifndef LTC_NO_FILE - /* buffer size for reading from a file via fread(..) */ - #ifndef LTC_FILE_READ_BUFSIZE - #define LTC_FILE_READ_BUFSIZE 8192 - #endif -#endif - /* ECC backwards compatibility */ #if !defined(LTC_ECC_SECP112R1) && defined(LTC_ECC112) #define LTC_ECC_SECP112R1 diff --git a/src/headers/tomcrypt_misc.h b/src/headers/tomcrypt_misc.h index 3a2b7b124..67b9a9ec8 100644 --- a/src/headers/tomcrypt_misc.h +++ b/src/headers/tomcrypt_misc.h @@ -159,6 +159,19 @@ int padding_pad(unsigned char *data, unsigned long length, unsigned long* padded int padding_depad(const unsigned char *data, unsigned long *length, unsigned long mode); #endif /* LTC_PADDING */ +#ifdef LTC_PEM +typedef struct { + int (*callback)(void **, unsigned long *, void *); + void *userdata; +} password_ctx; + +#ifdef LTC_SSH +int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx); +int pem_decode_openssh(void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx); +#endif + +#endif /* LTC_PEM */ + #ifdef LTC_SSH typedef enum ssh_data_type_ { LTC_SSHDATA_EOL, diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index d93323389..4d8e7fc1e 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -485,6 +485,38 @@ int dsa_shared_secret(void *private_key, void *base, unsigned char *out, unsigned long *outlen); #endif /* LTC_MDSA */ + +enum ltc_pka_id { + LTC_PKA_UNDEF = 0, + LTC_PKA_RSA, + LTC_PKA_DSA, + LTC_PKA_EC, + LTC_PKA_CURVE25519, + LTC_PKA_DH, +}; + +typedef struct { + union { +#ifdef LTC_CURVE25519 + curve25519_key curve25519; +#endif +#ifdef LTC_MDH + dh_key dh; +#endif +#ifdef LTC_MDSA + dsa_key dsa; +#endif +#ifdef LTC_MECC + ecc_key ecc; +#endif +#ifdef LTC_MRSA + rsa_key rsa; +#endif + } u; + enum ltc_pka_id id; +} ltc_pka_key; + + #ifdef LTC_DER /* DER handling */ diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 041bdd639..ace41d017 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -247,6 +247,56 @@ int base64_encode_pem(const unsigned char *in, unsigned long inlen, char *out, unsigned long *outlen, unsigned int flags); +/* PEM related */ + +struct password { + /* usually a `char*` but could also contain binary data + * so use a `void*` + length to be on the safe side. + */ + void *pw; + unsigned long l; +}; + +struct str { + char *p; + unsigned long len; +}; + +#define SET_STR(n, s) n.p = s, n.len = XSTRLEN(s) +#define SET_CSTR(n, s) n.p = (char*)s, n.len = XSTRLEN(s) + +enum more_headers { + no, + yes, + maybe +}; + +struct pem_headers { + const struct { + struct str start, end; + enum more_headers has_more_headers; + }; +}; + +struct bufp { + /* `end` points to one byte after the last + * element of the allocated buffer + */ + char *p, *r, *end; +}; + +#define SET_BUFP(n, d, l) n.p = d, n.r = d, n.end = (char*)d + l + 1 + +struct get_char { + int (*get)(struct get_char*); + union { + FILE *f; + struct bufp buf; + }; +}; + +/* others */ + void copy_or_zeromem(const unsigned char* src, unsigned char* dest, unsigned long len, int coz); int pbes_decrypt(const pbes_arg *arg, unsigned char *dec_data, unsigned long *dec_size); @@ -254,6 +304,9 @@ int pbes_decrypt(const pbes_arg *arg, unsigned char *dec_data, unsigned long *d int pbes1_extract(const ltc_asn1_list *s, pbes_arg *res); int pbes2_extract(const ltc_asn1_list *s, pbes_arg *res); +int pem_get_char_from_file(struct get_char *g); +int pem_get_char_from_buf(struct get_char *g); +int pem_read(void *pem, unsigned long *w, struct pem_headers *hdr, struct get_char *g); /* tomcrypt_pk.h */ diff --git a/src/misc/crypt/crypt.c b/src/misc/crypt/crypt.c index 81f00dbf9..0022dfd90 100644 --- a/src/misc/crypt/crypt.c +++ b/src/misc/crypt/crypt.c @@ -470,9 +470,16 @@ const char *crypt_build_settings = " PBES1 " " PBES2 " #endif +#if defined(LTC_PEM) + " PEM " + " " NAME_VALUE(LTC_PEM_READ_BUFSIZE) " " +#endif #if defined(LTC_SSH) " SSH " #endif +#if defined(LTC_PEM_SSH) + " OpenSSH-PEM " +#endif #if defined(LTC_DEVRANDOM) " LTC_DEVRANDOM " #endif diff --git a/src/misc/pem/pem_decode.c b/src/misc/pem/pem_decode.c new file mode 100644 index 000000000..c30b8ad44 --- /dev/null +++ b/src/misc/pem/pem_decode.c @@ -0,0 +1,129 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + +/** + @file pem_decode.c + Decode and import a PEM file, Steffen Jaeckel +*/ + +#ifdef LTC_PEM + +/* Encrypted PEM files */ +#define PEM_DECODE_BUFSZ 72 + +int pem_get_char_from_file(struct get_char *g) +{ + return getc(g->f); +} + +int pem_get_char_from_buf(struct get_char *g) +{ + int ret; + if (g->buf.r == g->buf.end) { + return -1; + } + ret = *g->buf.r; + g->buf.r++; + return ret; +} + +static char* s_get_line(char *buf, unsigned long *buflen, struct get_char *g) +{ + unsigned long blen = 0; + int c = -1, c_; + while(blen < *buflen) { + c_ = c; + c = g->get(g); + if (c == '\n') { + buf[blen] = '\0'; + if (c_ == '\r') { + buf[--blen] = '\0'; + } + *buflen = blen; + return buf; + } + if (c == -1 || c == '\0') { + buf[blen] = '\0'; + *buflen = blen; + return buf; + } + buf[blen] = c; + blen++; + } + return NULL; +} + +static LTC_INLINE int s_fits_buf(void *dest, unsigned long to_write, void *end) +{ + unsigned char *d = dest; + unsigned char *e = end; + unsigned char *w = d + to_write; + if (w < d || w > e) + return 0; + return 1; +} + +static int s_pem_decode_headers(struct pem_headers *hdr, struct get_char *g) +{ + return CRYPT_OK; +} + +int pem_read(void *pem, unsigned long *w, struct pem_headers *hdr, struct get_char *g) +{ + char buf[PEM_DECODE_BUFSZ]; + char *wpem = pem; + char *end = wpem + *w; + unsigned long slen, linelen; + int err, hdr_ok = 0; + int would_overflow = 0; + + linelen = sizeof(buf); + if (s_get_line(buf, &linelen, g) == NULL) { + return CRYPT_INVALID_PACKET; + } + if (hdr->start.len != linelen || XMEMCMP(buf, hdr->start.p, hdr->start.len)) { + return CRYPT_INVALID_PACKET; + } + + if ((err = s_pem_decode_headers(hdr, g)) != CRYPT_OK) + return err; + + /* Read the base64 encoded part of the PEM */ + slen = sizeof(buf); + while (s_get_line(buf, &slen, g)) { + if (slen == hdr->end.len && !XMEMCMP(buf, hdr->end.p, slen)) { + hdr_ok = 1; + break; + } + if (!would_overflow && s_fits_buf(wpem, slen, end)) { + XMEMCPY(wpem, buf, slen); + } else { + would_overflow = 1; + } + wpem += slen; + slen = sizeof(buf); + } + if (!hdr_ok) + return CRYPT_INVALID_PACKET; + + if (would_overflow || !s_fits_buf(wpem, 1, end)) { + /* NUL termination */ + wpem++; + /* prevent a wrap-around */ + if (wpem < (char*)pem) + return CRYPT_OVERFLOW; + *w = wpem - (char*)pem; + return CRYPT_BUFFER_OVERFLOW; + } + + *w = wpem - (char*)pem; + *wpem++ = '\0'; + + if ((err = base64_strict_decode(pem, *w, pem, w)) != CRYPT_OK) { + return err; + } + return CRYPT_OK; +} + +#endif /* LTC_PEM */ diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c new file mode 100644 index 000000000..9ffbb0bb9 --- /dev/null +++ b/src/misc/pem/pem_ssh.c @@ -0,0 +1,426 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + +/** + @file pem_ssh.c + SSH specific functionality to process PEM files, Steffen Jaeckel + + The basic format of the key is described here: + https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key +*/ + +#if defined(LTC_PEM_SSH) + +enum blockcipher_mode { + none, cbc, ctr, stream, gcm +}; +struct ssh_blockcipher { + const char *name; + const char *algo; + int len; + enum blockcipher_mode mode; +}; + +/* Table as of + * https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-17 + */ +const struct ssh_blockcipher ssh_ciphers[] = +{ + { "none", "", 0, none }, + { "aes256-cbc", "aes", 256 / 8, cbc }, + { 0 }, +}; + +struct kdf_options { + const char *name; + const struct ssh_blockcipher *cipher; + unsigned char salt[64]; + ulong32 saltlen; + ulong32 num_rounds; + struct password pw; +}; + +#ifdef LTC_MECC +int ssh_find_init_ecc(const char *pka, ltc_pka_key *key) +{ + int err; + const char* prefix = "ecdsa-sha2-"; + unsigned long prefixlen = XSTRLEN(prefix); + const ltc_ecc_curve *cu; + if (strstr(pka, prefix) == NULL) return CRYPT_PK_INVALID_TYPE; + if ((err = ecc_find_curve(pka + prefixlen, &cu)) != CRYPT_OK) return err; + return ecc_set_curve(cu, &key->u.ecc); +} + +int ssh_decode_ecdsa(const unsigned char *in, unsigned long *inlen, ltc_pka_key *key) +{ + int err; + unsigned char groupname[64], group[512], privkey[512]; + unsigned long groupnamelen = sizeof(groupname), grouplen = sizeof(group), privkeylen = sizeof(privkey); + + if ((err = ssh_decode_sequence_multi(in, inlen, + LTC_SSHDATA_STRING, groupname, &groupnamelen, + LTC_SSHDATA_STRING, group, &grouplen, + LTC_SSHDATA_STRING, privkey, &privkeylen, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { + goto cleanup; + } + + if ((err = ecc_set_key(privkey, privkeylen, PK_PRIVATE, &key->u.ecc)) != CRYPT_OK) { + goto cleanup; + } + + key->id = LTC_PKA_EC; + +cleanup: + zeromem(groupname, sizeof(groupname)); + zeromem(group, sizeof(group)); + zeromem(privkey, sizeof(privkey)); + + return err; +} +#endif + +#ifdef LTC_CURVE25519 +int ssh_decode_ed25519(const unsigned char *in, unsigned long *inlen, ltc_pka_key *key) +{ + int err; + unsigned char pubkey[2048], privkey[2048]; + unsigned long pubkeylen = sizeof(pubkey), privkeylen = sizeof(privkey); + + if ((err = ssh_decode_sequence_multi(in, inlen, + LTC_SSHDATA_STRING, pubkey, &pubkeylen, + LTC_SSHDATA_STRING, privkey, &privkeylen, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { + goto cleanup; + } + + if ((err = ed25519_import_raw(&privkey[32], 32, PK_PRIVATE, &key->u.curve25519)) != CRYPT_OK) { + goto cleanup; + } + + key->id = LTC_PKA_CURVE25519; + +cleanup: + zeromem(pubkey, sizeof(pubkey)); + zeromem(privkey, sizeof(privkey)); + + return err; +} +#endif + +#ifdef LTC_MRSA +int ssh_decode_rsa(const unsigned char *in, unsigned long *inlen, ltc_pka_key *key) +{ + int err; + void *tmp1, *tmp2; + if ((err = mp_init_multi(&tmp1, &tmp2, NULL)) != CRYPT_OK) { + goto cleanup; + } + if ((err = rsa_init(&key->u.rsa)) != CRYPT_OK) { + goto cleanup; + } + + if ((err = ssh_decode_sequence_multi(in, inlen, + LTC_SSHDATA_MPINT, key->u.rsa.N, + LTC_SSHDATA_MPINT, key->u.rsa.e, + LTC_SSHDATA_MPINT, key->u.rsa.d, + LTC_SSHDATA_MPINT, key->u.rsa.qP, + LTC_SSHDATA_MPINT, key->u.rsa.q, + LTC_SSHDATA_MPINT, key->u.rsa.p, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { + goto cleanup; + } + + if ((err = mp_sub_d(key->u.rsa.p, 1, tmp1)) != CRYPT_OK) { goto cleanup; } /* tmp1 = q-1 */ + if ((err = mp_sub_d(key->u.rsa.q, 1, tmp2)) != CRYPT_OK) { goto cleanup; } /* tmp2 = p-1 */ + if ((err = mp_mod( key->u.rsa.d, tmp1, key->u.rsa.dP)) != CRYPT_OK) { goto cleanup; } /* dP = d mod p-1 */ + if ((err = mp_mod( key->u.rsa.d, tmp2, key->u.rsa.dQ)) != CRYPT_OK) { goto cleanup; } /* dQ = d mod q-1 */ + + key->id = LTC_PKA_RSA; + +cleanup: + mp_clear_multi(tmp2, tmp1, NULL); + + return err; +} +#endif + +struct ssh_pka { + const char *name; + int (*init)(const char*, ltc_pka_key*); + int (*decode)(const unsigned char*, unsigned long*, ltc_pka_key*); +}; + +struct ssh_pka ssh_pkas[] = { +#ifdef LTC_CURVE25519 + { "ssh-ed25519", NULL, ssh_decode_ed25519 }, +#endif +#ifdef LTC_MRSA + { "ssh-rsa", NULL, ssh_decode_rsa }, +#endif +#ifdef LTC_MECC + { NULL, ssh_find_init_ecc, ssh_decode_ecdsa }, +#endif +}; + +static int s_decode_private_key(const unsigned char *in, unsigned long *inlen, ltc_pka_key *key) +{ + int err; + ulong32 check1, check2; + unsigned char pka[64], comment[256]; + unsigned long pkalen = sizeof(pka), commentlen = sizeof(comment); + unsigned long remaining, cur_len; + const unsigned char *p; + unsigned long n; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(inlen != NULL); + LTC_ARGCHK(key != NULL); + + p = in; + cur_len = *inlen; + + if ((err = ssh_decode_sequence_multi(p, &cur_len, + LTC_SSHDATA_UINT32, &check1, + LTC_SSHDATA_UINT32, &check2, + LTC_SSHDATA_STRING, pka, &pkalen, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { + return err; + } + if (check1 != check2) { + return CRYPT_INVALID_PACKET; + } + + p += cur_len; + remaining = *inlen - cur_len; + cur_len = remaining; + + for (n = 0; n < sizeof(ssh_pkas)/sizeof(ssh_pkas[0]); ++n) { + if (ssh_pkas[n].name != NULL) { + if (XSTRCMP((char*)pka, ssh_pkas[n].name) != 0) continue; + } else { + if ((ssh_pkas[n].init == NULL) || + (ssh_pkas[n].init((char*)pka, key) != CRYPT_OK)) continue; + } + if ((err = ssh_pkas[n].decode(p, &cur_len, key)) != CRYPT_OK) { + return err; + } + break; + } + if (n == sizeof(ssh_pkas)/sizeof(ssh_pkas[0])) { + return CRYPT_PK_INVALID_TYPE; + } + + p += cur_len; + remaining -= cur_len; + cur_len = remaining; + + if ((err = ssh_decode_sequence_multi(p, &cur_len, + LTC_SSHDATA_STRING, comment, &commentlen, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { + return err; + } + + p += cur_len; + remaining -= cur_len; + + return remaining ? padding_depad(p, &remaining, LTC_PAD_SSH) : CRYPT_OK; +} + +static int s_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struct kdf_options *opts) +{ + int err, cipher; + unsigned char symkey[128]; + unsigned long symkey_len; + symmetric_CBC cbc_ctx; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(inlen != NULL); + LTC_ARGCHK(opts != NULL); + + cipher = find_cipher(opts->cipher->algo); + if (cipher == -1) { + return CRYPT_INVALID_CIPHER; + } + symkey_len = opts->cipher->len + cipher_descriptor[cipher].block_length; + + if (sizeof(symkey) < symkey_len) { + return CRYPT_OVERFLOW; + } + + if ((err = bcrypt_pbkdf_openbsd(opts->pw.pw, opts->pw.l, opts->salt, opts->saltlen, opts->num_rounds, find_hash("sha512"), symkey, &symkey_len)) != CRYPT_OK) { + return err; + } + + if ((err = cbc_start(cipher, symkey + opts->cipher->len, symkey, opts->cipher->len, 0, &cbc_ctx)) != CRYPT_OK) { + goto cleanup; + } + if ((err = cbc_decrypt(in, in, *inlen, &cbc_ctx)) != CRYPT_OK) { + goto cleanup; + } + if ((err = cbc_done(&cbc_ctx)) != CRYPT_OK) { + goto cleanup; + } + +cleanup: + zeromem(symkey, sizeof(symkey)); + zeromem(&cbc_ctx, sizeof(cbc_ctx)); + + return err; +} + +static int s_decode_header(unsigned char *in, unsigned long *inlen, struct kdf_options *opts) +{ + int err; + unsigned char ciphername[64], kdfname[64], kdfoptions[128], pubkey1[2048]; + unsigned long ciphernamelen = sizeof(ciphername), kdfnamelen = sizeof(kdfname); + unsigned long kdfoptionslen = sizeof(kdfoptions), pubkey1len = sizeof(pubkey1); + ulong32 num_keys; + unsigned long i; + + void *magic = strstr((const char*)in, "openssh-key-v1"); + unsigned long slen = XSTRLEN("openssh-key-v1"); + unsigned char *start = &in[slen + 1]; + unsigned long len = *inlen - slen - 1; + + if (magic == NULL || magic != in) { + return CRYPT_INVALID_PACKET; + } + + if ((err = ssh_decode_sequence_multi(start, &len, + LTC_SSHDATA_STRING, ciphername, &ciphernamelen, + LTC_SSHDATA_STRING, kdfname, &kdfnamelen, + LTC_SSHDATA_STRING, kdfoptions, &kdfoptionslen, + LTC_SSHDATA_UINT32, &num_keys, + LTC_SSHDATA_STRING, pubkey1, &pubkey1len, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { + return err; + } + if (num_keys != 1) { + return CRYPT_INVALID_PACKET; + } + + *inlen = len + slen + 1; + + for (i = 0; i < sizeof(ssh_ciphers)/sizeof(ssh_ciphers[0]); ++i) { + if (XSTRCMP((char*)ciphername, ssh_ciphers[i].name) == 0) { + opts->cipher = &ssh_ciphers[i]; + break; + } + } + if (opts->cipher == NULL) { + return CRYPT_INVALID_CIPHER; + } + + if (XSTRCMP((char*)kdfname, "none") == 0) { + /* NOP */ + opts->name = "none"; + } else if (XSTRCMP((char*)kdfname, "bcrypt") == 0) { + opts->name = "bcrypt"; + opts->saltlen = sizeof(opts->salt); + len = kdfoptionslen; + if ((err = ssh_decode_sequence_multi(kdfoptions, &len, + LTC_SSHDATA_STRING, opts->salt, &opts->saltlen, + LTC_SSHDATA_UINT32, &opts->num_rounds, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { + return err; + } + if (len != kdfoptionslen) { + return CRYPT_INPUT_TOO_LONG; + } + } else { + return CRYPT_INVALID_PACKET; + } + + return err; +} + +static const struct pem_headers pem_openssh = + { + SET_CSTR(.start, "-----BEGIN OPENSSH PRIVATE KEY-----"), + SET_CSTR(.end, "-----END OPENSSH PRIVATE KEY-----"), + .has_more_headers = 0 + }; + +static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) +{ + unsigned char *pem = NULL, *p, *privkey = NULL; + unsigned long w, l, privkey_len; + int err; + struct pem_headers hdr = pem_openssh; + struct kdf_options opts = { 0 }; + w = LTC_PEM_READ_BUFSIZE * 2; +retry: + pem = XREALLOC(pem, w); + err = pem_read(pem, &w, &hdr, g); + if (err == CRYPT_BUFFER_OVERFLOW) { + goto retry; + } else if (err != CRYPT_OK) { + goto cleanup; + } + l = w; + if ((err = s_decode_header(pem, &w, &opts)) != CRYPT_OK) { + goto cleanup; + } + p = pem + w; + l -= w; + w = l; + + privkey_len = l; + privkey = XMALLOC(privkey_len); + + if ((err = ssh_decode_sequence_multi(p, &w, + LTC_SSHDATA_STRING, privkey, &privkey_len, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { + goto cleanup; + } + + if (XSTRCMP(opts.name, "none") != 0) { + /* hard-coded pass for demo keys */ + if (!pw_ctx || !pw_ctx->callback) { + err = CRYPT_INVALID_ARG; + goto cleanup; + } + if (pw_ctx->callback(&opts.pw.pw, &opts.pw.l, pw_ctx->userdata)) { + err = CRYPT_ERROR; + goto cleanup; + } + w = privkey_len; + if ((err = s_decrypt_private_keys(privkey, &privkey_len, &opts)) != CRYPT_OK) { + goto cleanup; + } + } + + w = privkey_len; + if ((err = s_decode_private_key(privkey, &w, k)) != CRYPT_OK) { + goto cleanup; + } + +cleanup: + if (opts.pw.pw) { + zeromem(opts.pw.pw, opts.pw.l); + XFREE(opts.pw.pw); + } + if (privkey) { + zeromem(privkey, privkey_len); + XFREE(privkey); + } + XFREE(pem); + return err; +} + +int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx) +{ + struct get_char g = { .get = pem_get_char_from_file, .f = f }; + return s_decode_openssh(&g, k, pw_ctx); +} + +int pem_decode_openssh(void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx) +{ + struct get_char g = { .get = pem_get_char_from_buf, SET_BUFP(.buf, buf, len) }; + return s_decode_openssh(&g, k, pw_ctx); +} + +#endif /* defined(LTC_PEM_SSH) */ From 69c93a82a58a30c97853fd14fef6f2ccfe196710 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 6 Jan 2022 03:30:09 +0100 Subject: [PATCH 08/51] rename file Signed-off-by: Steffen Jaeckel --- src/pk/asn1/oid/{pk_get_oid.c => pk_get.c} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename src/pk/asn1/oid/{pk_get_oid.c => pk_get.c} (100%) diff --git a/src/pk/asn1/oid/pk_get_oid.c b/src/pk/asn1/oid/pk_get.c similarity index 100% rename from src/pk/asn1/oid/pk_get_oid.c rename to src/pk/asn1/oid/pk_get.c From 35c306feae12e48ea025df60cf1048012cda84bb Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 6 Jan 2022 03:31:12 +0100 Subject: [PATCH 09/51] add `pk_get_oid_from_asn1()` Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_private.h | 1 + src/pk/asn1/oid/pk_get.c | 42 +++++++++++++++++++++++++++++----- 2 files changed, 37 insertions(+), 6 deletions(-) diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index ace41d017..df57571aa 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -314,6 +314,7 @@ int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng); int rand_bn_upto(void *N, void *limit, prng_state *prng, int wprng); int pk_get_oid(enum ltc_oid_id id, const char **st); +int pk_get_oid_from_asn1(const ltc_asn1_list *oid, enum ltc_oid_id *id); int pk_oid_str_to_num(const char *OID, unsigned long *oid, unsigned long *oidlen); int pk_oid_num_to_str(const unsigned long *oid, unsigned long oidlen, char *OID, unsigned long *outlen); diff --git a/src/pk/asn1/oid/pk_get.c b/src/pk/asn1/oid/pk_get.c index b3e1ee26b..1fc72a130 100644 --- a/src/pk/asn1/oid/pk_get.c +++ b/src/pk/asn1/oid/pk_get.c @@ -6,16 +6,17 @@ typedef struct { enum ltc_oid_id id; + enum ltc_pka_id pka; const char* oid; } oid_table_entry; static const oid_table_entry pka_oids[] = { - { LTC_OID_RSA, "1.2.840.113549.1.1.1" }, - { LTC_OID_DSA, "1.2.840.10040.4.1" }, - { LTC_OID_EC, "1.2.840.10045.2.1" }, - { LTC_OID_EC_PRIMEF, "1.2.840.10045.1.1" }, - { LTC_OID_X25519, "1.3.101.110" }, - { LTC_OID_ED25519, "1.3.101.112" }, + { LTC_OID_RSA, LTC_PKA_RSA, "1.2.840.113549.1.1.1" }, + { LTC_OID_DSA, LTC_PKA_DSA, "1.2.840.10040.4.1" }, + { LTC_OID_EC, LTC_PKA_EC, "1.2.840.10045.2.1" }, + { LTC_OID_EC_PRIMEF, LTC_PKA_EC, "1.2.840.10045.1.1" }, + { LTC_OID_X25519, LTC_PKA_CURVE25519, "1.3.101.110" }, + { LTC_OID_ED25519, LTC_PKA_CURVE25519, "1.3.101.112" }, }; /* @@ -34,4 +35,33 @@ int pk_get_oid(enum ltc_oid_id id, const char **st) } return CRYPT_INVALID_ARG; } + +/* + Returns the PKA ID of an OID. + @return CRYPT_OK if valid +*/ +int pk_get_oid_from_asn1(const ltc_asn1_list *oid, enum ltc_oid_id *id) +{ + unsigned long i; + char tmp[LTC_OID_MAX_STRLEN] = { 0 }; + int err; + + LTC_ARGCHK(oid != NULL); + LTC_ARGCHK(id != NULL); + + if (oid->type != LTC_ASN1_OBJECT_IDENTIFIER) return CRYPT_INVALID_ARG; + + i = sizeof(tmp); + if ((err = pk_oid_num_to_str(oid->data, oid->size, tmp, &i)) != CRYPT_OK) { + return err; + } + + for (i = 0; i < sizeof(pka_oids)/sizeof(pka_oids[0]); ++i) { + if (XSTRCMP(pka_oids[i].oid, tmp) == 0) { + *id = pka_oids[i].id; + return CRYPT_OK; + } + } + return CRYPT_INVALID_ARG; +} #endif From 18baa1476cc0b3beadb8ae1dc6729272c337df3e Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 6 Jan 2022 03:32:19 +0100 Subject: [PATCH 10/51] add `der_flexi_sequence_cmp()` Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_private.h | 15 ++++++++ .../der/sequence/der_flexi_sequence_cmp.c | 38 +++++++++++++++++++ src/pk/ecc/ecc_import_pkcs8.c | 34 +---------------- 3 files changed, 55 insertions(+), 32 deletions(-) create mode 100644 src/pk/asn1/der/sequence/der_flexi_sequence_cmp.c diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index df57571aa..4d5701fc2 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -465,12 +465,27 @@ int der_length_asn1_length(unsigned long len, unsigned long *outlen); int der_length_sequence_ex(const ltc_asn1_list *list, unsigned long inlen, unsigned long *outlen, unsigned long *payloadlen); +typedef struct { + ltc_asn1_type t; + ltc_asn1_list **pp; +} der_flexi_check; + +#define LTC_SET_DER_FLEXI_CHECK(list, index, Type, P) \ + do { \ + int LTC_SDFC_temp##__LINE__ = (index); \ + list[LTC_SDFC_temp##__LINE__].t = Type; \ + list[LTC_SDFC_temp##__LINE__].pp = P; \ + } while (0) + + extern const ltc_asn1_type der_asn1_tag_to_type_map[]; extern const unsigned long der_asn1_tag_to_type_map_sz; extern const int der_asn1_type_to_identifier_map[]; extern const unsigned long der_asn1_type_to_identifier_map_sz; +int der_flexi_sequence_cmp(const ltc_asn1_list *flexi, der_flexi_check *check); + int der_decode_sequence_multi_ex(const unsigned char *in, unsigned long inlen, unsigned int flags, ...) LTC_NULL_TERMINATED; diff --git a/src/pk/asn1/der/sequence/der_flexi_sequence_cmp.c b/src/pk/asn1/der/sequence/der_flexi_sequence_cmp.c new file mode 100644 index 000000000..026eb504a --- /dev/null +++ b/src/pk/asn1/der/sequence/der_flexi_sequence_cmp.c @@ -0,0 +1,38 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + +/** + @file der_length_sequence.c + ASN.1 DER, length a SEQUENCE, Tom St Denis +*/ + +#ifdef LTC_DER + +/** + Get the length of a DER sequence + @param list The sequences of items in the SEQUENCE + @param inlen The number of items + @param outlen [out] The length required in octets to store it + @return CRYPT_OK on success +*/ + +int der_flexi_sequence_cmp(const ltc_asn1_list *flexi, der_flexi_check *check) +{ + ltc_asn1_list *cur; + if (flexi->type != LTC_ASN1_SEQUENCE) { + return CRYPT_INVALID_PACKET; + } + cur = flexi->child; + while(check->t != LTC_ASN1_EOL) { + if (!LTC_ASN1_IS_TYPE(cur, check->t)) { + return CRYPT_INVALID_PACKET; + } + if (check->pp != NULL) *check->pp = cur; + cur = cur->next; + check++; + } + return CRYPT_OK; +} + +#endif diff --git a/src/pk/ecc/ecc_import_pkcs8.c b/src/pk/ecc/ecc_import_pkcs8.c index 81ac6ed6b..ec5afc390 100644 --- a/src/pk/ecc/ecc_import_pkcs8.c +++ b/src/pk/ecc/ecc_import_pkcs8.c @@ -5,36 +5,6 @@ #ifdef LTC_MECC -typedef struct { - ltc_asn1_type t; - ltc_asn1_list **pp; -} der_flexi_check; - -#define LTC_SET_DER_FLEXI_CHECK(list, index, Type, P) \ - do { \ - int LTC_SDFC_temp##__LINE__ = (index); \ - list[LTC_SDFC_temp##__LINE__].t = Type; \ - list[LTC_SDFC_temp##__LINE__].pp = P; \ - } while (0) - -static int s_der_flexi_sequence_cmp(const ltc_asn1_list *flexi, der_flexi_check *check) -{ - const ltc_asn1_list *cur; - if (flexi->type != LTC_ASN1_SEQUENCE) { - return CRYPT_INVALID_PACKET; - } - cur = flexi->child; - while(check->t != LTC_ASN1_EOL) { - if (!LTC_ASN1_IS_TYPE(cur, check->t)) { - return CRYPT_INVALID_PACKET; - } - if (check->pp != NULL) *check->pp = (ltc_asn1_list*)cur; - cur = cur->next; - check++; - } - return CRYPT_OK; -} - /* NOTE: s_der_decode_pkcs8_flexi & related stuff can be shared with rsa_import_pkcs8() */ int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, @@ -73,7 +43,7 @@ int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_OCTET_STRING, &priv_key); LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL); - if ((s_der_flexi_sequence_cmp(l, flexi_should) == CRYPT_OK) && + if ((der_flexi_sequence_cmp(l, flexi_should) == CRYPT_OK) && (pk_oid_cmp_with_asn1(pka_ec_oid, seq->child) == CRYPT_OK)) { ltc_asn1_list *version, *field, *point, *point_g, *order, *p_cofactor; @@ -102,7 +72,7 @@ int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, if ((err = ecc_find_curve(OID, &curve)) != CRYPT_OK) { goto LBL_DONE; } if ((err = ecc_set_curve(curve, key)) != CRYPT_OK) { goto LBL_DONE; } } - else if ((err = s_der_flexi_sequence_cmp(seq->child->next, flexi_should)) == CRYPT_OK) { + else if ((err = der_flexi_sequence_cmp(seq->child->next, flexi_should)) == CRYPT_OK) { /* CASE 2: explicit curve parameters (AKA long variant): * 0:d=0 hl=3 l= 227 cons: SEQUENCE * 3:d=1 hl=2 l= 1 prim: INTEGER :00 From b8cb13f9987ee7de9f567da7fbb1879f8c6c804f Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 6 Jan 2022 03:32:59 +0100 Subject: [PATCH 11/51] add `LTC_OID_MAX_STRLEN` Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_private.h | 3 +++ src/pk/asn1/oid/pk_oid_cmp.c | 2 +- src/pk/asn1/oid/pk_oid_str.c | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 4d5701fc2..b862be3a4 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -30,6 +30,8 @@ LTC_STATIC_ASSERT(correct_ltc_uintptr_size, sizeof(ltc_uintptr) == sizeof(void*) */ #define LTC_ALIGN_BUF(buf, n) ((void*)((ltc_uintptr)&((unsigned char*)(buf))[n - 1] & (~(CONSTPTR(n) - CONSTPTR(1))))) +#define LTC_OID_MAX_STRLEN 256 + /* `NULL` as defined by the standard is not guaranteed to be of a pointer * type. In order to make sure that in vararg API's a pointer type is used, * define our own version and use that one internally. @@ -43,6 +45,7 @@ LTC_STATIC_ASSERT(correct_ltc_uintptr_size, sizeof(ltc_uintptr) == sizeof(void*) */ enum ltc_oid_id { + LTC_OID_UNDEF, LTC_OID_RSA, LTC_OID_DSA, LTC_OID_EC, diff --git a/src/pk/asn1/oid/pk_oid_cmp.c b/src/pk/asn1/oid/pk_oid_cmp.c index f842bc587..04a379bff 100644 --- a/src/pk/asn1/oid/pk_oid_cmp.c +++ b/src/pk/asn1/oid/pk_oid_cmp.c @@ -11,7 +11,7 @@ int pk_oid_cmp_with_ulong(const char *o1, const unsigned long *o2, unsigned long o2size) { unsigned long i; - char tmp[256] = { 0 }; + char tmp[LTC_OID_MAX_STRLEN] = { 0 }; int err; if (o1 == NULL || o2 == NULL) return CRYPT_ERROR; diff --git a/src/pk/asn1/oid/pk_oid_str.c b/src/pk/asn1/oid/pk_oid_str.c index bc21a6f57..f670cd063 100644 --- a/src/pk/asn1/oid/pk_oid_str.c +++ b/src/pk/asn1/oid/pk_oid_str.c @@ -46,7 +46,7 @@ int pk_oid_num_to_str(const unsigned long *oid, unsigned long oidlen, char *OID, { int i; unsigned long j, k; - char tmp[256] = { 0 }; + char tmp[LTC_OID_MAX_STRLEN] = { 0 }; LTC_ARGCHK(oid != NULL); LTC_ARGCHK(oidlen < INT_MAX); From e9f1db17420898f76b7f4c94bf19e8f5b93e6781 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 6 Jan 2022 04:00:02 +0100 Subject: [PATCH 12/51] add `pkcs8_get_children()` Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_private.h | 3 +++ src/pk/asn1/pkcs8/pkcs8_get.c | 48 ++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 src/pk/asn1/pkcs8/pkcs8_get.c diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index b862be3a4..1b1947d6f 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -526,6 +526,9 @@ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, const void *pwd, unsigned long pwdlen, ltc_asn1_list **decoded_list); +int pkcs8_get_children(const ltc_asn1_list *decoded_list, enum ltc_oid_id *pka, + ltc_asn1_list **seq, ltc_asn1_list **priv_key); + #endif /* LTC_PKCS_8 */ diff --git a/src/pk/asn1/pkcs8/pkcs8_get.c b/src/pk/asn1/pkcs8/pkcs8_get.c new file mode 100644 index 000000000..3ff74e2d7 --- /dev/null +++ b/src/pk/asn1/pkcs8/pkcs8_get.c @@ -0,0 +1,48 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + +/** + @file pkcs8_get.c + PKCS#8 utility functions +*/ + +#ifdef LTC_PKCS_8 + +int pkcs8_get_children(const ltc_asn1_list *decoded_list, enum ltc_oid_id *pka, ltc_asn1_list **alg_id, ltc_asn1_list **priv_key) +{ + int err; + unsigned long n; + der_flexi_check flexi_should[4]; + ltc_asn1_list *seq_l, *version; + + LTC_ARGCHK(ltc_mp.name != NULL); + + if (alg_id == NULL) alg_id = &seq_l; + + /* Setup for basic structure */ + n=0; + LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, &version); + LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_SEQUENCE, alg_id); + LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_OCTET_STRING, priv_key); + LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL); + + err = der_flexi_sequence_cmp(decoded_list, flexi_should); + switch (err) { + case CRYPT_OK: + case CRYPT_INPUT_TOO_LONG: + /* If there are attributes added after the private_key it is tagged with version 1 and + * we get an 'input too long' error but the rest is already decoded and can be + * handled the same as for version 0 + */ + if (mp_cmp_d(version->data, 0) != LTC_MP_EQ && mp_cmp_d(version->data, 1) != LTC_MP_EQ) { + return CRYPT_INVALID_PACKET; + } + break; + default: + return err; + } + return pk_get_oid_from_asn1((*alg_id)->child, pka); +} + +#endif /* LTC_PKCS_8 */ From 3f6f8858521f6f52f799bd29509163de13dc877e Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 11 Jan 2022 19:55:44 +0100 Subject: [PATCH 13/51] re-factor PKCS#8 API a bit Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_misc.h | 4 - src/headers/tomcrypt_pk.h | 21 ++- src/headers/tomcrypt_private.h | 47 ++++- src/pk/asn1/pkcs8/pkcs8_decode_flexi.c | 20 +- src/pk/ec25519/ec25519_import_pkcs8.c | 119 ++++++------ src/pk/ecc/ecc_import_pkcs8.c | 241 +++++++++++++------------ src/pk/ed25519/ed25519_import_pkcs8.c | 23 ++- src/pk/rsa/rsa_import_pkcs8.c | 118 ++++-------- src/pk/x25519/x25519_import_pkcs8.c | 22 ++- tests/ecc_test.c | 45 +++-- tests/ed25519_test.c | 14 +- tests/rsa_test.c | 14 +- tests/x25519_test.c | 20 +- 13 files changed, 382 insertions(+), 326 deletions(-) diff --git a/src/headers/tomcrypt_misc.h b/src/headers/tomcrypt_misc.h index 67b9a9ec8..e722a0a26 100644 --- a/src/headers/tomcrypt_misc.h +++ b/src/headers/tomcrypt_misc.h @@ -160,10 +160,6 @@ int padding_depad(const unsigned char *data, unsigned long *length, unsigned lon #endif /* LTC_PADDING */ #ifdef LTC_PEM -typedef struct { - int (*callback)(void **, unsigned long *, void *); - void *userdata; -} password_ctx; #ifdef LTC_SSH int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx); diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 4d8e7fc1e..c0ead7c2c 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -1,6 +1,11 @@ /* LibTomCrypt, modular cryptographic library -- Tom St Denis */ /* SPDX-License-Identifier: Unlicense */ +typedef struct { + int (*callback)(void **, unsigned long *, void *); + void *userdata; +} password_ctx; + /* ---- NUMBER THEORY ---- */ enum public_key_type { @@ -108,7 +113,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key); int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key); int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *passwd, unsigned long passwdlen, rsa_key *key); + const password_ctx *pw_ctx, rsa_key *key); int rsa_set_key(const unsigned char *N, unsigned long Nlen, const unsigned char *e, unsigned long elen, @@ -280,7 +285,7 @@ int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_ke int ecc_export_openssl(unsigned char *out, unsigned long *outlen, int type, const ecc_key *key); int ecc_import_openssl(const unsigned char *in, unsigned long inlen, ecc_key *key); -int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, const void *pwd, unsigned long pwdlen, ecc_key *key); +int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, const password_ctx *pw_ctx, ecc_key *key); int ecc_import_x509(const unsigned char *in, unsigned long inlen, ecc_key *key); int ecc_shared_secret(const ecc_key *private_key, const ecc_key *public_key, @@ -353,9 +358,9 @@ int ed25519_export( unsigned char *out, unsigned long *outlen, int ed25519_import(const unsigned char *in, unsigned long inlen, curve25519_key *key); int ed25519_import_raw(const unsigned char *in, unsigned long inlen, int which, curve25519_key *key); int ed25519_import_x509(const unsigned char *in, unsigned long inlen, curve25519_key *key); -int ed25519_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, - curve25519_key *key); +int ed25519_import_pkcs8(const unsigned char *in, unsigned long inlen, + const password_ctx *pw_ctx, + curve25519_key *key); int ed25519_sign(const unsigned char *msg, unsigned long msglen, unsigned char *sig, unsigned long *siglen, @@ -393,9 +398,9 @@ int x25519_export( unsigned char *out, unsigned long *outlen, int x25519_import(const unsigned char *in, unsigned long inlen, curve25519_key *key); int x25519_import_raw(const unsigned char *in, unsigned long inlen, int which, curve25519_key *key); int x25519_import_x509(const unsigned char *in, unsigned long inlen, curve25519_key *key); -int x25519_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, - curve25519_key *key); +int x25519_import_pkcs8(const unsigned char *in, unsigned long inlen, + const password_ctx *pw_ctx, + curve25519_key *key); int x25519_shared_secret(const curve25519_key *private_key, const curve25519_key *public_key, diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 1b1947d6f..31ff7b524 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -84,7 +84,7 @@ typedef struct { typedef struct { pbes_properties type; - const void *pwd; + void *pwd; unsigned long pwdlen; ltc_asn1_list *enc_data; ltc_asn1_list *salt; @@ -343,6 +343,7 @@ int ecc_set_curve_from_mpis(void *a, void *b, void *prime, void *order, void *gx int ecc_copy_curve(const ecc_key *srckey, ecc_key *key); int ecc_set_curve_by_size(int size, ecc_key *key); int ecc_import_subject_public_key_info(const unsigned char *in, unsigned long inlen, ecc_key *key); +int ecc_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, ecc_key *key); #ifdef LTC_SSH int ecc_ssh_ecdsa_encode_name(char *buffer, unsigned long *buflen, const ecc_key *key); @@ -435,11 +436,18 @@ int tweetnacl_crypto_scalarmult(unsigned char *q, const unsigned char *n, const int tweetnacl_crypto_scalarmult_base(unsigned char *q,const unsigned char *n); int tweetnacl_crypto_ph(unsigned char *out, const unsigned char *msg, unsigned long long msglen); -typedef int (*sk_to_pk)(unsigned char *pk ,const unsigned char *sk); +int ed25519_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, + curve25519_key *key); +int x25519_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, + curve25519_key *key); + +int ec25519_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, + enum ltc_oid_id id, + curve25519_key *key); int ec25519_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, - enum ltc_oid_id id, sk_to_pk fp, - curve25519_key *key); + const password_ctx *pw_ctx, + enum ltc_oid_id id, + curve25519_key *key); int ec25519_export( unsigned char *out, unsigned long *outlen, int which, const curve25519_key *key); @@ -522,12 +530,35 @@ int pk_oid_cmp_with_asn1(const char *o1, const ltc_asn1_list *o2); #ifdef LTC_PKCS_8 +/* Public-Key Cryptography Standards (PKCS) #8: + * Private-Key Information Syntax Specification Version 1.2 + * https://tools.ietf.org/html/rfc5208 + * + * PrivateKeyInfo ::= SEQUENCE { + * version Version, + * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, + * privateKey PrivateKey, + * attributes [0] IMPLICIT Attributes OPTIONAL } + * where: + * - Version ::= INTEGER + * - PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier + * - PrivateKey ::= OCTET STRING + * - Attributes ::= SET OF Attribute + * + * EncryptedPrivateKeyInfo ::= SEQUENCE { + * encryptionAlgorithm EncryptionAlgorithmIdentifier, + * encryptedData EncryptedData } + * where: + * - EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + * - EncryptedData ::= OCTET STRING + */ + int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, - ltc_asn1_list **decoded_list); + const password_ctx *pw_ctx, + ltc_asn1_list **decoded_list); int pkcs8_get_children(const ltc_asn1_list *decoded_list, enum ltc_oid_id *pka, - ltc_asn1_list **seq, ltc_asn1_list **priv_key); + ltc_asn1_list **alg_id, ltc_asn1_list **priv_key); #endif /* LTC_PKCS_8 */ diff --git a/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c b/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c index e715f11ab..c8b4e11f9 100644 --- a/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c +++ b/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c @@ -15,7 +15,7 @@ @return CRYPT_OK on success */ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, + const password_ctx *pw_ctx, ltc_asn1_list **decoded_list) { unsigned long len = inlen; @@ -23,10 +23,13 @@ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, unsigned char *dec_data = NULL; ltc_asn1_list *l = NULL; int err; + pbes_arg pbes; LTC_ARGCHK(in != NULL); LTC_ARGCHK(decoded_list != NULL); + XMEMSET(&pbes, 0, sizeof(pbes)); + *decoded_list = NULL; if ((err = der_decode_sequence_flexi(in, &len, &l)) == CRYPT_OK) { /* the following "if" detects whether it is encrypted or not */ @@ -44,9 +47,9 @@ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, LTC_ASN1_IS_TYPE(l->child->child->next, LTC_ASN1_SEQUENCE) && LTC_ASN1_IS_TYPE(l->child->next, LTC_ASN1_OCTET_STRING)) { ltc_asn1_list *lalgoid = l->child->child; - pbes_arg pbes; - XMEMSET(&pbes, 0, sizeof(pbes)); + LTC_ARGCHK(pw_ctx != NULL); + LTC_ARGCHK(pw_ctx->callback != NULL); if (pbes1_extract(lalgoid, &pbes) == CRYPT_OK) { /* Successfully extracted PBES1 parameters */ @@ -58,9 +61,12 @@ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, goto LBL_DONE; } + if (pw_ctx->callback(&pbes.pwd, &pbes.pwdlen, pw_ctx->userdata)) { + err = CRYPT_ERROR; + goto LBL_DONE; + } + pbes.enc_data = l->child->next; - pbes.pwd = pwd; - pbes.pwdlen = pwdlen; dec_size = pbes.enc_data->size; if ((dec_data = XMALLOC(dec_size)) == NULL) { @@ -87,6 +93,10 @@ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, LBL_DONE: if (l) der_free_sequence_flexi(l); + if (pbes.pwd) { + zeromem(pbes.pwd, pbes.pwdlen); + XFREE(pbes.pwd); + } if (dec_data) { zeromem(dec_data, dec_size); XFREE(dec_data); diff --git a/src/pk/ec25519/ec25519_import_pkcs8.c b/src/pk/ec25519/ec25519_import_pkcs8.c index 13807abde..fa417bc90 100644 --- a/src/pk/ec25519/ec25519_import_pkcs8.c +++ b/src/pk/ec25519/ec25519_import_pkcs8.c @@ -9,78 +9,77 @@ #ifdef LTC_CURVE25519 +typedef int (*sk_to_pk)(unsigned char *pk , const unsigned char *sk); + +int ec25519_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, + enum ltc_oid_id id, + curve25519_key *key) +{ + int err; + unsigned long key_len; + sk_to_pk fp; + + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + + LTC_UNUSED_PARAM(alg_id); + + switch (id) { + case LTC_OID_ED25519: + fp = tweetnacl_crypto_sk_to_pk; + break; + case LTC_OID_X25519: + fp = tweetnacl_crypto_scalarmult_base; + break; + default: + return CRYPT_PK_INVALID_TYPE; + } + + key_len = sizeof(key->priv); + if ((err = der_decode_octet_string(priv_key->data, priv_key->size, key->priv, &key_len)) == CRYPT_OK) { + fp(key->pub, key->priv); + key->type = PK_PRIVATE; + key->algo = id; + } + return err; +} + /** Generic import of a Curve/Ed25519 private key in PKCS#8 format - @param in The DER-encoded PKCS#8-formatted private key - @param inlen The length of the input data - @param passwd The password to decrypt the private key - @param passwdlen Password's length (octets) - @param key [out] Where to import the key to + @param in The packet to import from + @param inlen It's length (octets) + @param pw_ctx The password context when decrypting the private key + @param id The type of the private key + @param key [out] Destination for newly imported key @return CRYPT_OK if successful, on error all allocated memory is freed automatically */ int ec25519_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, - enum ltc_oid_id id, sk_to_pk fp, - curve25519_key *key) + const password_ctx *pw_ctx, + enum ltc_oid_id id, + curve25519_key *key) { - int err; + int err; ltc_asn1_list *l = NULL; - const char *oid; - ltc_asn1_list alg_id[1]; - unsigned char private_key[34]; - unsigned long version, key_len; - unsigned long tmpoid[16]; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(fp != NULL); - - if ((err = pkcs8_decode_flexi(in, inlen, pwd, pwdlen, &l)) == CRYPT_OK) { + ltc_asn1_list *alg_id, *priv_key; + enum ltc_oid_id pka; - LTC_SET_ASN1(alg_id, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, sizeof(tmpoid) / sizeof(tmpoid[0])); + LTC_ARGCHK(in != NULL); - key_len = sizeof(private_key); - if ((err = der_decode_sequence_multi(l->data, l->size, - LTC_ASN1_SHORT_INTEGER, 1uL, &version, - LTC_ASN1_SEQUENCE, 1uL, alg_id, - LTC_ASN1_OCTET_STRING, key_len, private_key, - LTC_ASN1_EOL, 0uL, NULL)) - != CRYPT_OK) { - /* If there are attributes added after the private_key it is tagged with version 1 and - * we get an 'input too long' error but the rest is already decoded and can be - * handled the same as for version 0 - */ - if ((err == CRYPT_INPUT_TOO_LONG) && (version == 1)) { - version = 0; - } else { - goto out; - } - } + err = pkcs8_decode_flexi(in, inlen, pw_ctx, &l); + if (err != CRYPT_OK) return err; - if ((err = pk_get_oid(id, &oid)) != CRYPT_OK) { - goto out; - } - if ((err = pk_oid_cmp_with_asn1(oid, &alg_id[0])) != CRYPT_OK) { - goto out; - } - - if (version == 0) { - key_len = sizeof(key->priv); - if ((err = der_decode_octet_string(private_key, sizeof(private_key), key->priv, &key_len)) == CRYPT_OK) { - fp(key->pub, key->priv); - key->type = PK_PRIVATE; - key->algo = id; - } - } else { - err = CRYPT_PK_INVALID_TYPE; - } + if ((err = pkcs8_get_children(l, &pka, &alg_id, &priv_key)) != CRYPT_OK) { + goto LBL_DER_FREE; } -out: - if (l) der_free_sequence_flexi(l); -#ifdef LTC_CLEAN_STACK - zeromem(private_key, sizeof(private_key)); -#endif + if (pka != id) { + err = CRYPT_INVALID_PACKET; + goto LBL_DER_FREE; + } + + err = ec25519_import_pkcs8_asn1(alg_id, priv_key, id, key); +LBL_DER_FREE: + der_free_sequence_flexi(l); return err; } diff --git a/src/pk/ecc/ecc_import_pkcs8.c b/src/pk/ecc/ecc_import_pkcs8.c index ec5afc390..f073d9845 100644 --- a/src/pk/ecc/ecc_import_pkcs8.c +++ b/src/pk/ecc/ecc_import_pkcs8.c @@ -5,140 +5,113 @@ #ifdef LTC_MECC -/* NOTE: s_der_decode_pkcs8_flexi & related stuff can be shared with rsa_import_pkcs8() */ - -int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, - ecc_key *key) +int ecc_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, ecc_key *key) { void *a, *b, *gx, *gy; unsigned long len, cofactor, n; - const char *pka_ec_oid; int err; char OID[256]; const ltc_ecc_curve *curve; - ltc_asn1_list *p = NULL, *l = NULL; - der_flexi_check flexi_should[7]; - ltc_asn1_list *seq, *priv_key; + ltc_asn1_list *p = NULL; + der_flexi_check case2_should[7]; + ltc_asn1_list *version, *field, *point, *point_g, *order, *p_cofactor; - LTC_ARGCHK(in != NULL); LTC_ARGCHK(key != NULL); LTC_ARGCHK(ltc_mp.name != NULL); - /* get EC alg oid */ - err = pk_get_oid(LTC_OID_EC, &pka_ec_oid); - if (err != CRYPT_OK) return err; - /* init key */ err = mp_init_multi(&a, &b, &gx, &gy, LTC_NULL); - if (err != CRYPT_OK) return err; + if (err != CRYPT_OK) goto LBL_DER_FREE; + + /* Setup for CASE 2 */ + n=0; + LTC_SET_DER_FLEXI_CHECK(case2_should, n++, LTC_ASN1_INTEGER, &version); + LTC_SET_DER_FLEXI_CHECK(case2_should, n++, LTC_ASN1_SEQUENCE, &field); + LTC_SET_DER_FLEXI_CHECK(case2_should, n++, LTC_ASN1_SEQUENCE, &point); + LTC_SET_DER_FLEXI_CHECK(case2_should, n++, LTC_ASN1_OCTET_STRING, &point_g); + LTC_SET_DER_FLEXI_CHECK(case2_should, n++, LTC_ASN1_INTEGER, &order); + LTC_SET_DER_FLEXI_CHECK(case2_should, n++, LTC_ASN1_INTEGER, &p_cofactor); + LTC_SET_DER_FLEXI_CHECK(case2_should, n, LTC_ASN1_EOL, NULL); + + if (LTC_ASN1_IS_TYPE(alg_id->child->next, LTC_ASN1_OBJECT_IDENTIFIER)) { + /* CASE 1: curve by OID (AKA short variant): + * 0:d=0 hl=2 l= 100 cons: SEQUENCE + * 2:d=1 hl=2 l= 1 prim: INTEGER :00 + * 5:d=1 hl=2 l= 16 cons: SEQUENCE (== *seq) + * 7:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey + * 16:d=2 hl=2 l= 5 prim: OBJECT :(== *curve_oid (e.g. secp256k1 (== 1.3.132.0.10))) + * 23:d=1 hl=2 l= 77 prim: OCTET STRING :bytes (== *priv_key) + */ + ltc_asn1_list *curve_oid = alg_id->child->next; + len = sizeof(OID); + if ((err = pk_oid_num_to_str(curve_oid->data, curve_oid->size, OID, &len)) != CRYPT_OK) { goto LBL_DONE; } + if ((err = ecc_find_curve(OID, &curve)) != CRYPT_OK) { goto LBL_DONE; } + if ((err = ecc_set_curve(curve, key)) != CRYPT_OK) { goto LBL_DONE; } + } else if (der_flexi_sequence_cmp(alg_id->child->next, case2_should) == CRYPT_OK) { + + /* CASE 2: explicit curve parameters (AKA long variant): + * 0:d=0 hl=3 l= 227 cons: SEQUENCE + * 3:d=1 hl=2 l= 1 prim: INTEGER :00 + * 6:d=1 hl=3 l= 142 cons: SEQUENCE (== *seq) + * 9:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey + * 18:d=2 hl=3 l= 130 cons: SEQUENCE + * 21:d=3 hl=2 l= 1 prim: INTEGER :01 + * 24:d=3 hl=2 l= 44 cons: SEQUENCE (== *field) + * 26:d=4 hl=2 l= 7 prim: OBJECT :prime-field + * 35:d=4 hl=2 l= 33 prim: INTEGER :(== *prime / curve.prime) + * 70:d=3 hl=2 l= 6 cons: SEQUENCE (== *point) + * 72:d=4 hl=2 l= 1 prim: OCTET STRING :bytes (== curve.A) + * 75:d=4 hl=2 l= 1 prim: OCTET STRING :bytes (== curve.B) + * 78:d=3 hl=2 l= 33 prim: OCTET STRING :bytes (== *g_point / curve.G-point) + * 113:d=3 hl=2 l= 33 prim: INTEGER :(== *order / curve.order) + * 148:d=3 hl=2 l= 1 prim: INTEGER :(== curve.cofactor) + * 151:d=1 hl=2 l= 77 prim: OCTET STRING :bytes (== *priv_key) + */ + + if (mp_cmp_d(version->data, 1) != LTC_MP_EQ) { + goto LBL_DONE; + } + cofactor = mp_get_int(p_cofactor->data); + if (LTC_ASN1_IS_TYPE(field->child, LTC_ASN1_OBJECT_IDENTIFIER) && + LTC_ASN1_IS_TYPE(field->child->next, LTC_ASN1_INTEGER) && + LTC_ASN1_IS_TYPE(point->child, LTC_ASN1_OCTET_STRING) && + LTC_ASN1_IS_TYPE(point->child->next, LTC_ASN1_OCTET_STRING)) { - if (pkcs8_decode_flexi(in, inlen, pwd, pwdlen, &l) == CRYPT_OK) { - - /* Setup for basic structure */ - n=0; - LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, NULL); - LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_SEQUENCE, &seq); - LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_OCTET_STRING, &priv_key); - LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL); - - if ((der_flexi_sequence_cmp(l, flexi_should) == CRYPT_OK) && - (pk_oid_cmp_with_asn1(pka_ec_oid, seq->child) == CRYPT_OK)) { - ltc_asn1_list *version, *field, *point, *point_g, *order, *p_cofactor; - - /* Setup for CASE 2 */ - n=0; - LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, &version); - LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_SEQUENCE, &field); - LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_SEQUENCE, &point); - LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_OCTET_STRING, &point_g); - LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, &order); - LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_INTEGER, &p_cofactor); - LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL); - - if (LTC_ASN1_IS_TYPE(seq->child->next, LTC_ASN1_OBJECT_IDENTIFIER)) { - /* CASE 1: curve by OID (AKA short variant): - * 0:d=0 hl=2 l= 100 cons: SEQUENCE - * 2:d=1 hl=2 l= 1 prim: INTEGER :00 - * 5:d=1 hl=2 l= 16 cons: SEQUENCE (== *seq) - * 7:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey - * 16:d=2 hl=2 l= 5 prim: OBJECT :(== *curve_oid (e.g. secp256k1 (== 1.3.132.0.10))) - * 23:d=1 hl=2 l= 77 prim: OCTET STRING :bytes (== *priv_key) - */ - ltc_asn1_list *curve_oid = seq->child->next; - len = sizeof(OID); - if ((err = pk_oid_num_to_str(curve_oid->data, curve_oid->size, OID, &len)) != CRYPT_OK) { goto LBL_DONE; } - if ((err = ecc_find_curve(OID, &curve)) != CRYPT_OK) { goto LBL_DONE; } - if ((err = ecc_set_curve(curve, key)) != CRYPT_OK) { goto LBL_DONE; } + ltc_asn1_list *prime = field->child->next; + if ((err = mp_read_unsigned_bin(a, point->child->data, point->child->size)) != CRYPT_OK) { + goto LBL_DONE; } - else if ((err = der_flexi_sequence_cmp(seq->child->next, flexi_should)) == CRYPT_OK) { - /* CASE 2: explicit curve parameters (AKA long variant): - * 0:d=0 hl=3 l= 227 cons: SEQUENCE - * 3:d=1 hl=2 l= 1 prim: INTEGER :00 - * 6:d=1 hl=3 l= 142 cons: SEQUENCE (== *seq) - * 9:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey - * 18:d=2 hl=3 l= 130 cons: SEQUENCE - * 21:d=3 hl=2 l= 1 prim: INTEGER :01 - * 24:d=3 hl=2 l= 44 cons: SEQUENCE (== *field) - * 26:d=4 hl=2 l= 7 prim: OBJECT :prime-field - * 35:d=4 hl=2 l= 33 prim: INTEGER :(== *prime / curve.prime) - * 70:d=3 hl=2 l= 6 cons: SEQUENCE (== *point) - * 72:d=4 hl=2 l= 1 prim: OCTET STRING :bytes (== curve.A) - * 75:d=4 hl=2 l= 1 prim: OCTET STRING :bytes (== curve.B) - * 78:d=3 hl=2 l= 33 prim: OCTET STRING :bytes (== *g_point / curve.G-point) - * 113:d=3 hl=2 l= 33 prim: INTEGER :(== *order / curve.order) - * 148:d=3 hl=2 l= 1 prim: INTEGER :(== curve.cofactor) - * 151:d=1 hl=2 l= 77 prim: OCTET STRING :bytes (== *priv_key) - */ - - if (mp_get_int(version->data) != 1) { - goto LBL_DONE; - } - cofactor = mp_get_int(p_cofactor->data); - - if (LTC_ASN1_IS_TYPE(field->child, LTC_ASN1_OBJECT_IDENTIFIER) && - LTC_ASN1_IS_TYPE(field->child->next, LTC_ASN1_INTEGER) && - LTC_ASN1_IS_TYPE(point->child, LTC_ASN1_OCTET_STRING) && - LTC_ASN1_IS_TYPE(point->child->next, LTC_ASN1_OCTET_STRING)) { - - ltc_asn1_list *prime = field->child->next; - if ((err = mp_read_unsigned_bin(a, point->child->data, point->child->size)) != CRYPT_OK) { - goto LBL_DONE; - } - if ((err = mp_read_unsigned_bin(b, point->child->next->data, point->child->next->size)) != CRYPT_OK) { - goto LBL_DONE; - } - if ((err = ltc_ecc_import_point(point_g->data, point_g->size, prime->data, a, b, gx, gy)) != CRYPT_OK) { - goto LBL_DONE; - } - if ((err = ecc_set_curve_from_mpis(a, b, prime->data, order->data, gx, gy, cofactor, key)) != CRYPT_OK) { - goto LBL_DONE; - } - } + if ((err = mp_read_unsigned_bin(b, point->child->next->data, point->child->next->size)) != CRYPT_OK) { + goto LBL_DONE; } - else { - err = CRYPT_INVALID_PACKET; + if ((err = ltc_ecc_import_point(point_g->data, point_g->size, prime->data, a, b, gx, gy)) != CRYPT_OK) { + goto LBL_DONE; + } + if ((err = ecc_set_curve_from_mpis(a, b, prime->data, order->data, gx, gy, cofactor, key)) != CRYPT_OK) { goto LBL_DONE; } + } + } else { + err = CRYPT_INVALID_PACKET; + goto LBL_DONE; + } - /* load private key value 'k' */ - len = priv_key->size; - if (der_decode_sequence_flexi(priv_key->data, &len, &p) == CRYPT_OK) { - if (p->type == LTC_ASN1_SEQUENCE && - LTC_ASN1_IS_TYPE(p->child, LTC_ASN1_INTEGER) && - LTC_ASN1_IS_TYPE(p->child->next, LTC_ASN1_OCTET_STRING)) { - ltc_asn1_list *lk = p->child->next; - if (mp_cmp_d(p->child->data, 1) != LTC_MP_EQ) { - err = CRYPT_INVALID_PACKET; - goto LBL_ECCFREE; - } - if ((err = ecc_set_key(lk->data, lk->size, PK_PRIVATE, key)) != CRYPT_OK) { - goto LBL_ECCFREE; - } - goto LBL_DONE; /* success */ - } + /* load private key value 'k' */ + len = priv_key->size; + if (der_decode_sequence_flexi(priv_key->data, &len, &p) == CRYPT_OK) { + if (p->type == LTC_ASN1_SEQUENCE && + LTC_ASN1_IS_TYPE(p->child, LTC_ASN1_INTEGER) && + LTC_ASN1_IS_TYPE(p->child->next, LTC_ASN1_OCTET_STRING)) { + ltc_asn1_list *lk = p->child->next; + if (mp_cmp_d(p->child->data, 1) != LTC_MP_EQ) { + err = CRYPT_INVALID_PACKET; + goto LBL_ECCFREE; } + if ((err = ecc_set_key(lk->data, lk->size, PK_PRIVATE, key)) != CRYPT_OK) { + goto LBL_ECCFREE; + } + goto LBL_DONE; /* success */ } } err = CRYPT_INVALID_PACKET; @@ -148,9 +121,47 @@ int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, ecc_free(key); LBL_DONE: mp_clear_multi(a, b, gx, gy, LTC_NULL); - if (l) der_free_sequence_flexi(l); +LBL_DER_FREE: if (p) der_free_sequence_flexi(p); return err; } +/** + Import an ECC private from in PKCS#8 format + @param in The packet to import from + @param inlen It's length (octets) + @param pw_ctx The password context when decrypting the private key + @param key [out] Destination for newly imported key + @return CRYPT_OK if successful, upon error allocated memory is freed +*/ +int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, + const password_ctx *pw_ctx, + ecc_key *key) +{ + int err; + ltc_asn1_list *l = NULL; + ltc_asn1_list *alg_id, *priv_key; + enum ltc_oid_id pka; + + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + + err = pkcs8_decode_flexi(in, inlen, pw_ctx, &l); + if (err != CRYPT_OK) return err; + + if ((err = pkcs8_get_children(l, &pka, &alg_id, &priv_key)) != CRYPT_OK) { + goto LBL_DER_FREE; + } + if (pka != LTC_OID_EC) { + err = CRYPT_INVALID_PACKET; + goto LBL_DER_FREE; + } + + err = ecc_import_pkcs8_asn1(alg_id, priv_key, key); + +LBL_DER_FREE: + der_free_sequence_flexi(l); + return err; +} + #endif diff --git a/src/pk/ed25519/ed25519_import_pkcs8.c b/src/pk/ed25519/ed25519_import_pkcs8.c index 71f12de49..b1e68332f 100644 --- a/src/pk/ed25519/ed25519_import_pkcs8.c +++ b/src/pk/ed25519/ed25519_import_pkcs8.c @@ -9,20 +9,25 @@ #ifdef LTC_CURVE25519 +int ed25519_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, + curve25519_key *key) +{ + return ec25519_import_pkcs8_asn1(alg_id, priv_key, LTC_OID_ED25519, key); +} + /** Import an Ed25519 private key in PKCS#8 format - @param in The DER-encoded PKCS#8-formatted private key - @param inlen The length of the input data - @param passwd The password to decrypt the private key - @param passwdlen Password's length (octets) - @param key [out] Where to import the key to + @param in The packet to import from + @param inlen It's length (octets) + @param pw_ctx The password context when decrypting the private key + @param key [out] Destination for newly imported key @return CRYPT_OK if successful, on error all allocated memory is freed automatically */ -int ed25519_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, - curve25519_key *key) +int ed25519_import_pkcs8(const unsigned char *in, unsigned long inlen, + const password_ctx *pw_ctx, + curve25519_key *key) { - return ec25519_import_pkcs8(in, inlen, pwd, pwdlen, LTC_OID_ED25519, tweetnacl_crypto_sk_to_pk, key); + return ec25519_import_pkcs8(in, inlen, pw_ctx, LTC_OID_ED25519, key); } #endif diff --git a/src/pk/rsa/rsa_import_pkcs8.c b/src/pk/rsa/rsa_import_pkcs8.c index 9e02585cf..0a4570c03 100644 --- a/src/pk/rsa/rsa_import_pkcs8.c +++ b/src/pk/rsa/rsa_import_pkcs8.c @@ -9,107 +9,61 @@ #ifdef LTC_MRSA -/* Public-Key Cryptography Standards (PKCS) #8: - * Private-Key Information Syntax Specification Version 1.2 - * https://tools.ietf.org/html/rfc5208 - * - * PrivateKeyInfo ::= SEQUENCE { - * version Version, - * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, - * privateKey PrivateKey, - * attributes [0] IMPLICIT Attributes OPTIONAL } - * where: - * - Version ::= INTEGER - * - PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier - * - PrivateKey ::= OCTET STRING - * - Attributes ::= SET OF Attribute - * - * EncryptedPrivateKeyInfo ::= SEQUENCE { - * encryptionAlgorithm EncryptionAlgorithmIdentifier, - * encryptedData EncryptedData } - * where: - * - EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier - * - EncryptedData ::= OCTET STRING - */ +int rsa_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, rsa_key *key) +{ + int err; + + LTC_ARGCHK(key != NULL); + + LTC_UNUSED_PARAM(alg_id); + + if ((err = rsa_init(key)) != CRYPT_OK) { + return err; + } + + if ((err = rsa_import_pkcs1(priv_key->data, priv_key->size, key)) != CRYPT_OK) { + rsa_free(key); + return err; + } + key->type = PK_PRIVATE; + + return err; +} /** Import an RSAPrivateKey in PKCS#8 format @param in The packet to import from @param inlen It's length (octets) - @param passwd The password for decrypting privkey - @param passwdlen Password's length (octets) + @param pw_ctx The password context when decrypting the private key @param key [out] Destination for newly imported key @return CRYPT_OK if successful, upon error allocated memory is freed */ int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *passwd, unsigned long passwdlen, + const password_ctx *pw_ctx, rsa_key *key) { int err; - unsigned char *buf1 = NULL, *buf2 = NULL; - unsigned long buf1len, buf2len; - unsigned long oid[16], version; - const char *rsaoid; - ltc_asn1_list alg_seq[2], top_seq[3]; ltc_asn1_list *l = NULL; - unsigned char *decrypted = NULL; - unsigned long decryptedlen; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - /* get RSA alg oid */ - err = pk_get_oid(LTC_OID_RSA, &rsaoid); - if (err != CRYPT_OK) { goto LBL_NOFREE; } - - /* alloc buffers */ - buf1len = inlen; /* approx. */ - buf1 = XMALLOC(buf1len); - if (buf1 == NULL) { err = CRYPT_MEM; goto LBL_NOFREE; } - buf2len = inlen; /* approx. */ - buf2 = XMALLOC(buf2len); - if (buf2 == NULL) { err = CRYPT_MEM; goto LBL_FREE1; } + ltc_asn1_list *alg_id, *priv_key; + enum ltc_oid_id pka; - /* init key */ - if ((err = rsa_init(key)) != CRYPT_OK) { goto LBL_FREE2; } + LTC_ARGCHK(in != NULL); - /* try to decode encrypted priv key */ - if ((err = pkcs8_decode_flexi(in, inlen, passwd, passwdlen, &l)) != CRYPT_OK) { - goto LBL_ERR; + if ((err = pkcs8_decode_flexi(in, inlen, pw_ctx, &l)) != CRYPT_OK) { + return err; } - decrypted = l->data; - decryptedlen = l->size; - - /* try to decode unencrypted priv key */ - LTC_SET_ASN1(alg_seq, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, 16UL); - LTC_SET_ASN1(alg_seq, 1, LTC_ASN1_NULL, NULL, 0UL); - LTC_SET_ASN1(top_seq, 0, LTC_ASN1_SHORT_INTEGER, &version, 1UL); - LTC_SET_ASN1(top_seq, 1, LTC_ASN1_SEQUENCE, alg_seq, 2UL); - LTC_SET_ASN1(top_seq, 2, LTC_ASN1_OCTET_STRING, buf1, buf1len); - err=der_decode_sequence(decrypted, decryptedlen, top_seq, 3UL); - if (err != CRYPT_OK) { goto LBL_ERR; } - - /* check alg oid */ - if ((err = pk_oid_cmp_with_asn1(rsaoid, &alg_seq[0])) != CRYPT_OK) { - goto LBL_ERR; + if ((err = pkcs8_get_children(l, &pka, &alg_id, &priv_key)) != CRYPT_OK) { + goto LBL_DER_FREE; } - - if ((err = rsa_import_pkcs1(buf1, top_seq[2].size, key)) != CRYPT_OK) { - goto LBL_ERR; + if (pka != LTC_OID_RSA) { + err = CRYPT_INVALID_PACKET; + goto LBL_DER_FREE; } - key->type = PK_PRIVATE; - err = CRYPT_OK; - goto LBL_FREE2; -LBL_ERR: - rsa_free(key); -LBL_FREE2: - if (l) der_free_sequence_flexi(l); - XFREE(buf2); -LBL_FREE1: - XFREE(buf1); -LBL_NOFREE: + err = rsa_import_pkcs8_asn1(alg_id, priv_key, key); + +LBL_DER_FREE: + der_free_sequence_flexi(l); return err; } diff --git a/src/pk/x25519/x25519_import_pkcs8.c b/src/pk/x25519/x25519_import_pkcs8.c index 8b577c311..5c8e9b68c 100644 --- a/src/pk/x25519/x25519_import_pkcs8.c +++ b/src/pk/x25519/x25519_import_pkcs8.c @@ -9,20 +9,24 @@ #ifdef LTC_CURVE25519 +int x25519_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, + curve25519_key *key) +{ + return ec25519_import_pkcs8_asn1(alg_id, priv_key, LTC_OID_X25519, key); +} /** Import a X25519 private key in PKCS#8 format - @param in The DER-encoded PKCS#8-formatted private key - @param inlen The length of the input data - @param passwd The password to decrypt the private key - @param passwdlen Password's length (octets) - @param key [out] Where to import the key to + @param in The packet to import from + @param inlen It's length (octets) + @param pw_ctx The password context when decrypting the private key + @param key [out] Destination for newly imported key @return CRYPT_OK if successful, on error all allocated memory is freed automatically */ -int x25519_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, - curve25519_key *key) +int x25519_import_pkcs8(const unsigned char *in, unsigned long inlen, + const password_ctx *pw_ctx, + curve25519_key *key) { - return ec25519_import_pkcs8(in, inlen, pwd, pwdlen, LTC_OID_X25519, tweetnacl_crypto_scalarmult_base, key); + return ec25519_import_pkcs8(in, inlen, pw_ctx, LTC_OID_X25519, key); } #endif diff --git a/tests/ecc_test.c b/tests/ecc_test.c index 138834166..82bb79029 100644 --- a/tests/ecc_test.c +++ b/tests/ecc_test.c @@ -637,6 +637,15 @@ static int s_ecc_new_api(void) return CRYPT_OK; } + +static int password_get(void **p, unsigned long *l, void *u) +{ + LTC_UNUSED_PARAM(u); + *p = strdup("secret"); + *l = 6; + return 0; +} + static int s_ecc_import_export(void) { const ltc_ecc_curve *cu; ecc_key key, pri, pub; @@ -1317,6 +1326,8 @@ static int s_ecc_import_export(void) { 0x9d, 0x7b, 0x70, 0x3e, 0xf5, 0x7d, 0xa4, 0xfd, 0x3c, 0xc6, 0x49, 0x93, 0xd3, 0x5b, 0xef, 0xc9, 0xae, 0x97, 0xaf, 0x64, 0x64, 0xf9, 0x69, 0xd8 }; + password_ctx pw_ctx; + pw_ctx.callback = password_get; if (ltc_mp.sqrtmod_prime == NULL) return CRYPT_NOP; /* we need compressed points which requires sqrtmod_prime */ @@ -1365,84 +1376,84 @@ static int s_ecc_import_export(void) { ecc_free(&key); /* import - private PKCS8 format - no password */ - DO(ecc_import_pkcs8(long_pri_pkcs8, sizeof(long_pri_pkcs8), NULL, 0, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8, sizeof(long_pri_pkcs8), NULL, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); - DO(ecc_import_pkcs8(long_pric_pkcs8, sizeof(long_pric_pkcs8), NULL, 0, &key)); + DO(ecc_import_pkcs8(long_pric_pkcs8, sizeof(long_pric_pkcs8), NULL, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); - DO(ecc_import_pkcs8(short_pri_pkcs8, sizeof(short_pri_pkcs8), NULL, 0, &key)); + DO(ecc_import_pkcs8(short_pri_pkcs8, sizeof(short_pri_pkcs8), NULL, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); - DO(ecc_import_pkcs8(short_pric_pkcs8, sizeof(short_pric_pkcs8), NULL, 0, &key)); + DO(ecc_import_pkcs8(short_pric_pkcs8, sizeof(short_pric_pkcs8), NULL, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); /* import - private PKCS8 format - password protected (PBES1 algorithms) */ #ifdef LTC_MD2 - DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md2_des, sizeof(long_pri_pkcs8_pbe_md2_des), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md2_des, sizeof(long_pri_pkcs8_pbe_md2_des), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #ifdef LTC_MD5 - DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md5_des, sizeof(long_pri_pkcs8_pbe_md5_des), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md5_des, sizeof(long_pri_pkcs8_pbe_md5_des), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #ifdef LTC_SHA1 - DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_sha1_des, sizeof(long_pri_pkcs8_pbe_sha1_des), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_sha1_des, sizeof(long_pri_pkcs8_pbe_sha1_des), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_RC2) && defined(LTC_MD2) - DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md2_rc2_64, sizeof(long_pri_pkcs8_pbe_md2_rc2_64), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md2_rc2_64, sizeof(long_pri_pkcs8_pbe_md2_rc2_64), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_RC2) && defined(LTC_MD5) - DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md5_rc2_64, sizeof(long_pri_pkcs8_pbe_md5_rc2_64), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md5_rc2_64, sizeof(long_pri_pkcs8_pbe_md5_rc2_64), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_RC2) && defined(LTC_SHA1) - DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_sha1_rc2_64, sizeof(long_pri_pkcs8_pbe_sha1_rc2_64), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_sha1_rc2_64, sizeof(long_pri_pkcs8_pbe_sha1_rc2_64), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif /* import - private PKCS8 format - password protected (PBES2 algorithms) */ #if defined(LTC_RC2) - DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_rc2_cbc, sizeof(long_pri_pkcs8_pbkdf2_rc2_cbc), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_rc2_cbc, sizeof(long_pri_pkcs8_pbkdf2_rc2_cbc), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_DES) - DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_des_cbc, sizeof(long_pri_pkcs8_pbkdf2_des_cbc), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_des_cbc, sizeof(long_pri_pkcs8_pbkdf2_des_cbc), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_DES) - DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_des_ede3_cbc), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_des_ede3_cbc), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_SHA224) && defined(LTC_DES) - DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_SHA256) && defined(LTC_DES) - DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_SHA384) && defined(LTC_DES) - DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_SHA512) && defined(LTC_DES) - DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc), "secret", 6, &key)); + DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc), &pw_ctx, &key)); DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif diff --git a/tests/ed25519_test.c b/tests/ed25519_test.c index e59f35b73..580b98cae 100644 --- a/tests/ed25519_test.c +++ b/tests/ed25519_test.c @@ -16,6 +16,14 @@ static void xor_shuffle(unsigned char *buf, unsigned long size, unsigned char ch buf[i] ^= change; } +static int password_get(void **p, unsigned long *l, void *u) +{ + LTC_UNUSED_PARAM(u); + *p = strdup("123456"); + *l = 6; + return 0; +} + static int s_rfc_8410_10_test(void) { const struct { @@ -57,6 +65,8 @@ static int s_rfc_8410_10_test(void) unsigned char buf[1024]; char tmp[512]; unsigned long buflen, tmplen; + password_ctx pw_ctx; + pw_ctx.callback = password_get; for (n = 0; n < sizeof(rfc_8410_10)/sizeof(rfc_8410_10[0]); ++n) { buflen = sizeof(buf); DO(base64_decode(rfc_8410_10[n].b64, XSTRLEN(rfc_8410_10[n].b64), buf, &buflen)); @@ -69,10 +79,10 @@ static int s_rfc_8410_10_test(void) break; case 2: case 3: - DO(ed25519_import_pkcs8(buf, buflen, NULL, 0, &key)); + DO(ed25519_import_pkcs8(buf, buflen, NULL, &key)); break; case 4: - DO(ed25519_import_pkcs8(buf, buflen, "123456", 6, &key)); + DO(ed25519_import_pkcs8(buf, buflen, &pw_ctx, &key)); break; default: return CRYPT_FAIL_TESTVECTOR; diff --git a/tests/rsa_test.c b/tests/rsa_test.c index a3833ef0c..8abcf350d 100644 --- a/tests/rsa_test.c +++ b/tests/rsa_test.c @@ -227,7 +227,7 @@ static int rsa_compat_test(void) rsa_free(&key); /* try import private key in pkcs8 format */ - DO(rsa_import_pkcs8(pkcs8_private_rsa, sizeof(pkcs8_private_rsa), NULL, 0, &key)); + DO(rsa_import_pkcs8(pkcs8_private_rsa, sizeof(pkcs8_private_rsa), NULL, &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PRIVATE, &key)); DO(do_compare_testvector(buf, len, openssl_private_rsa, sizeof(openssl_private_rsa), "RSA private export (from PKCS#8)", 0)); @@ -430,9 +430,19 @@ static int s_rsa_import_x509(const void *in, unsigned long inlen, void *key) } #if defined(LTC_MD2) && defined(LTC_MD5) && defined(LTC_RC2) +static int password_get(void **p, unsigned long *l, void *u) +{ + LTC_UNUSED_PARAM(u); + *p = strdup("secret"); + *l = 6; + return 0; +} + static int s_rsa_import_pkcs8(const void *in, unsigned long inlen, void *key) { - return rsa_import_pkcs8(in, inlen, "secret", 6, key); + password_ctx pw_ctx; + pw_ctx.callback = password_get; + return rsa_import_pkcs8(in, inlen, &pw_ctx, key); } #endif #endif diff --git a/tests/x25519_test.c b/tests/x25519_test.c index 0d4423526..113b071b1 100644 --- a/tests/x25519_test.c +++ b/tests/x25519_test.c @@ -139,6 +139,13 @@ static int s_rfc_8410_10_test(void) return CRYPT_OK; } +static int password_get(void **p, unsigned long *l, void *u) +{ + *p = strdup(u); + *l = strlen(*p); + return 0; +} + static int s_x25519_pkcs8_test(void) { const struct { @@ -161,13 +168,16 @@ static int s_x25519_pkcs8_test(void) unsigned n; curve25519_key key; unsigned char buf[1024]; - unsigned long buflen, passlen; + unsigned long buflen; + password_ctx pw_ctx, *p_pw_ctx; + pw_ctx.callback = password_get; for (n = 0; n < sizeof(s_x25519_pkcs8)/sizeof(s_x25519_pkcs8[0]); ++n) { buflen = sizeof(buf); DO(base64_decode(s_x25519_pkcs8[n].b64, XSTRLEN(s_x25519_pkcs8[n].b64), buf, &buflen)); - if (s_x25519_pkcs8[n].pass != NULL) passlen = XSTRLEN(s_x25519_pkcs8[n].pass); - else passlen = 0; - DO(x25519_import_pkcs8(buf, buflen, s_x25519_pkcs8[n].pass, passlen, &key)); + pw_ctx.userdata = (void*)s_x25519_pkcs8[n].pass; + if (s_x25519_pkcs8[n].pass != NULL) p_pw_ctx = &pw_ctx; + else p_pw_ctx = NULL; + DO(x25519_import_pkcs8(buf, buflen, p_pw_ctx, &key)); zeromem(buf, sizeof(buf)); } return CRYPT_OK; @@ -187,7 +197,7 @@ static int s_x25519_compat_test(void) DO(x25519_make_key(&yarrow_prng, prng_idx, &priv)); DO(x25519_export(buf, &buflen, PK_PRIVATE | PK_STD, &priv)); - DO(x25519_import_pkcs8(buf, buflen, NULL, 0, &imported)); + DO(x25519_import_pkcs8(buf, buflen, NULL, &imported)); DO(do_compare_testvector(&priv, sizeof(priv), &imported, sizeof(imported), "priv after ex-&import", __LINE__)); XMEMSET(&imported, 0, sizeof(imported)); From f036a471bd3642502b29bf9d68b0bd4718aa87a1 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 12 Jan 2022 12:46:36 +0100 Subject: [PATCH 14/51] add support for regular PEM files This adds support to decode plain and encrypted PEM files. Either in OpenSSL specific format or PKCS#8 Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_custom.h | 8 + src/headers/tomcrypt_misc.h | 4 +- src/headers/tomcrypt_private.h | 31 +++- src/misc/crypt/crypt.c | 1 + src/misc/pem/pem_decode.c | 291 ++++++++++++++++++++++++++++++++- src/misc/pem/pem_ssh.c | 8 +- 6 files changed, 329 insertions(+), 14 deletions(-) diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h index 66855145a..e57de3623 100644 --- a/src/headers/tomcrypt_custom.h +++ b/src/headers/tomcrypt_custom.h @@ -114,6 +114,8 @@ #define LTC_NO_MISC #define LTC_BASE64 + #define LTC_BASE16 + #define LTC_PEM #endif /* LTC_EASY */ /* The minimal set of functionality to run the tests */ @@ -576,6 +578,12 @@ #endif #if defined(LTC_PEM) + /* Size of the line-buffer */ + #ifndef LTC_PEM_DECODE_BUFSZ + #define LTC_PEM_DECODE_BUFSZ 72 + #elif LTC_PEM_DECODE_BUFSZ < 72 + #error "LTC_PEM_DECODE_BUFSZ shall not be < 72 bytes" + #endif /* Size of the decoded data buffer */ #ifndef LTC_PEM_READ_BUFSIZE #ifdef LTC_FILE_READ_BUFSIZE diff --git a/src/headers/tomcrypt_misc.h b/src/headers/tomcrypt_misc.h index e722a0a26..4fcdadd68 100644 --- a/src/headers/tomcrypt_misc.h +++ b/src/headers/tomcrypt_misc.h @@ -160,10 +160,12 @@ int padding_depad(const unsigned char *data, unsigned long *length, unsigned lon #endif /* LTC_PADDING */ #ifdef LTC_PEM +int pem_decode_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx); +int pem_decode(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx); #ifdef LTC_SSH int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx); -int pem_decode_openssh(void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx); +int pem_decode_openssh(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx); #endif #endif /* LTC_PEM */ diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 31ff7b524..082461f56 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -259,6 +259,13 @@ struct password { void *pw; unsigned long l; }; +struct dek_info { + const char *alg; + unsigned long keylen; + /* should use `MAXBLOCKSIZE` here, but all supported + * blockciphers require max 16 bytes IV */ + char iv[16 * 2 + 1]; +}; struct str { char *p; @@ -267,6 +274,8 @@ struct str { #define SET_STR(n, s) n.p = s, n.len = XSTRLEN(s) #define SET_CSTR(n, s) n.p = (char*)s, n.len = XSTRLEN(s) +#define COPY_STR(n, s, l) do { XMEMCPY(n.p, s, l); n.len = l; } while(0) +#define FREE_STR(n) do { n.p = NULL; n.len = 0; } while(0) enum more_headers { no, @@ -274,11 +283,20 @@ enum more_headers { maybe }; +struct pem_header_id { + struct str start, end; + enum more_headers has_more_headers; + int encrypted; + enum ltc_pka_id pka; + int pkcs8; + int (*decrypt)(void *, unsigned long *, void *); +}; + struct pem_headers { - const struct { - struct str start, end; - enum more_headers has_more_headers; - }; + const struct pem_header_id *id; + int encrypted; + struct dek_info info; + struct password *pw; }; struct bufp { @@ -288,7 +306,7 @@ struct bufp { char *p, *r, *end; }; -#define SET_BUFP(n, d, l) n.p = d, n.r = d, n.end = (char*)d + l + 1 +#define SET_BUFP(n, d, l) n.p = (char*)d, n.r = (char*)d, n.end = (char*)d + l + 1 struct get_char { int (*get)(struct get_char*); @@ -296,6 +314,8 @@ struct get_char { FILE *f; struct bufp buf; }; + struct str unget_buf; + char unget_buf_[LTC_PEM_DECODE_BUFSZ]; }; /* others */ @@ -328,6 +348,7 @@ void rsa_shrink_key(rsa_key *key); int rsa_make_key_bn_e(prng_state *prng, int wprng, int size, void *e, rsa_key *key); /* used by op-tee */ int rsa_import_pkcs1(const unsigned char *in, unsigned long inlen, rsa_key *key); +int rsa_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, rsa_key *key); #endif /* LTC_MRSA */ /* ---- DH Routines ---- */ diff --git a/src/misc/crypt/crypt.c b/src/misc/crypt/crypt.c index 0022dfd90..bf2c3ecf3 100644 --- a/src/misc/crypt/crypt.c +++ b/src/misc/crypt/crypt.c @@ -472,6 +472,7 @@ const char *crypt_build_settings = #endif #if defined(LTC_PEM) " PEM " + " " NAME_VALUE(LTC_PEM_DECODE_BUFSZ) " " " " NAME_VALUE(LTC_PEM_READ_BUFSIZE) " " #endif #if defined(LTC_SSH) diff --git a/src/misc/pem/pem_decode.c b/src/misc/pem/pem_decode.c index c30b8ad44..9520baead 100644 --- a/src/misc/pem/pem_decode.c +++ b/src/misc/pem/pem_decode.c @@ -9,8 +9,66 @@ #ifdef LTC_PEM +struct dek_info_from_str { + const struct str id; + struct dek_info info; +}; + /* Encrypted PEM files */ -#define PEM_DECODE_BUFSZ 72 +static const struct str proc_type_encrypted = { SET_CSTR(, "Proc-Type: 4,ENCRYPTED") }; +static const struct dek_info_from_str dek_infos[] = + { + { SET_CSTR(.id, "DEK-Info: AES-128-CBC,"), .info.alg = "aes", .info.keylen = 128 / 8, }, + { SET_CSTR(.id, "DEK-Info: AES-192-CBC,"), .info.alg = "aes", .info.keylen = 192 / 8, }, + { SET_CSTR(.id, "DEK-Info: AES-256-CBC,"), .info.alg = "aes", .info.keylen = 256 / 8, }, + { SET_CSTR(.id, "DEK-Info: CAMELLIA-128-CBC,"), .info.alg = "camellia", .info.keylen = 128 / 8, }, + { SET_CSTR(.id, "DEK-Info: CAMELLIA-192-CBC,"), .info.alg = "camellia", .info.keylen = 192 / 8, }, + { SET_CSTR(.id, "DEK-Info: CAMELLIA-256-CBC,"), .info.alg = "camellia", .info.keylen = 256 / 8, }, + { SET_CSTR(.id, "DEK-Info: DES-EDE3-CBC,"), .info.alg = "3des", .info.keylen = 192 / 8, }, + { SET_CSTR(.id, "DEK-Info: DES-CBC,"), .info.alg = "des", .info.keylen = 64 / 8, }, + }; + +static int s_decrypt_pem(unsigned char *pem, unsigned long *l, const struct pem_headers *hdr) +{ + unsigned char iv[MAXBLOCKSIZE], key[MAXBLOCKSIZE]; + unsigned long ivlen, klen; + int err; + symmetric_CBC cbc_ctx; + + if (hdr->info.keylen > sizeof(key)) { + return CRYPT_BUFFER_OVERFLOW; + } + if (!hdr->pw->pw) { + return CRYPT_INVALID_ARG; + } + + ivlen = sizeof(iv); + if ((err = base16_decode(hdr->info.iv, XSTRLEN(hdr->info.iv), iv, &ivlen)) != CRYPT_OK) { + return err; + } + klen = hdr->info.keylen; + if ((err = pkcs_5_alg1_openssl(hdr->pw->pw, hdr->pw->l, iv, 1, find_hash("md5"), key, &klen))) { + return err; + } + + if ((err = cbc_start(find_cipher(hdr->info.alg), iv, key, klen, 0, &cbc_ctx)) != CRYPT_OK) { + goto error_out; + } + if ((err = cbc_decrypt(pem, pem, *l, &cbc_ctx)) != CRYPT_OK) { + goto error_out; + } + if ((err = cbc_done(&cbc_ctx)) != CRYPT_OK) { + goto error_out; + } + if ((err = padding_depad(pem, l, LTC_PAD_PKCS7 | cbc_ctx.blocklen)) != CRYPT_OK) { + goto error_out; + } + +error_out: + zeromem(key, sizeof(key)); + zeromem(iv, sizeof(iv)); + return err; +} int pem_get_char_from_file(struct get_char *g) { @@ -28,10 +86,27 @@ int pem_get_char_from_buf(struct get_char *g) return ret; } +static void s_unget_line(char *buf, unsigned long buflen, struct get_char *g) +{ + if (buflen > sizeof(g->unget_buf_)) + return; + g->unget_buf.p = g->unget_buf_; + COPY_STR(g->unget_buf, buf, buflen); +} + static char* s_get_line(char *buf, unsigned long *buflen, struct get_char *g) { unsigned long blen = 0; int c = -1, c_; + if (g->unget_buf.p) { + if (*buflen < g->unget_buf.len) { + return NULL; + } + XMEMCPY(buf, g->unget_buf.p, g->unget_buf.len); + *buflen = g->unget_buf.len; + FREE_STR(g->unget_buf); + return buf; + } while(blen < *buflen) { c_ = c; c = g->get(g); @@ -66,12 +141,66 @@ static LTC_INLINE int s_fits_buf(void *dest, unsigned long to_write, void *end) static int s_pem_decode_headers(struct pem_headers *hdr, struct get_char *g) { + char buf[LTC_PEM_DECODE_BUFSZ]; + unsigned long slen, tmplen, n; + int has_more_headers = hdr->id->has_more_headers == no ? 0 : 3; + + /* Make sure the PEM has the appropriate extension headers if required. + * + * ``` + * Proc-Type: 4,ENCRYPTED[\r]\n + * DEK-Info: ,[\r]\n + * [\r]\n + * ``` + */ + while (has_more_headers) { + slen = sizeof(buf); + if (!s_get_line(buf, &slen, g) || (has_more_headers > 1 && slen == 0)) { + return CRYPT_INVALID_PACKET; + } + switch (has_more_headers) { + case 3: + if (XMEMCMP(buf, proc_type_encrypted.p, proc_type_encrypted.len)) { + s_unget_line(buf, slen, g); + if (hdr->id->has_more_headers == maybe) + return CRYPT_OK; + else + return CRYPT_INVALID_PACKET; + } + hdr->encrypted = 1; + break; + case 2: + hdr->info.alg = NULL; + for (n = 0; n < sizeof(dek_infos)/sizeof(dek_infos[0]); ++n) { + if (slen >= dek_infos[n].id.len && !XMEMCMP(buf, dek_infos[n].id.p, dek_infos[n].id.len)) { + hdr->info = dek_infos[n].info; + tmplen = XSTRLEN(buf + dek_infos[n].id.len); + if (tmplen > sizeof(hdr->info.iv)) + return CRYPT_INVALID_KEYSIZE; + XMEMCPY(hdr->info.iv, buf + dek_infos[n].id.len, tmplen); + break; + } + } + if (hdr->info.alg == NULL) { + return CRYPT_INVALID_CIPHER; + } + break; + case 1: + /* Make sure that there's an empty line in between */ + if (buf[0] != '\0') + return CRYPT_INVALID_PACKET; + break; + default: + return CRYPT_INVALID_CIPHER; + } + has_more_headers--; + } return CRYPT_OK; } int pem_read(void *pem, unsigned long *w, struct pem_headers *hdr, struct get_char *g) { - char buf[PEM_DECODE_BUFSZ]; + char buf[LTC_PEM_DECODE_BUFSZ]; char *wpem = pem; char *end = wpem + *w; unsigned long slen, linelen; @@ -82,17 +211,19 @@ int pem_read(void *pem, unsigned long *w, struct pem_headers *hdr, struct get_ch if (s_get_line(buf, &linelen, g) == NULL) { return CRYPT_INVALID_PACKET; } - if (hdr->start.len != linelen || XMEMCMP(buf, hdr->start.p, hdr->start.len)) { + if (hdr->id->start.len != linelen || XMEMCMP(buf, hdr->id->start.p, hdr->id->start.len)) { + s_unget_line(buf, linelen, g); return CRYPT_INVALID_PACKET; } + hdr->encrypted = hdr->id->encrypted; if ((err = s_pem_decode_headers(hdr, g)) != CRYPT_OK) return err; /* Read the base64 encoded part of the PEM */ slen = sizeof(buf); while (s_get_line(buf, &slen, g)) { - if (slen == hdr->end.len && !XMEMCMP(buf, hdr->end.p, slen)) { + if (slen == hdr->id->end.len && !XMEMCMP(buf, hdr->id->end.p, slen)) { hdr_ok = 1; break; } @@ -126,4 +257,156 @@ int pem_read(void *pem, unsigned long *w, struct pem_headers *hdr, struct get_ch return CRYPT_OK; } +static const struct pem_header_id pem_std_headers[] = { + { + /* PKCS#8 encrypted */ + SET_CSTR(.start, "-----BEGIN ENCRYPTED PRIVATE KEY-----"), + SET_CSTR(.end, "-----END ENCRYPTED PRIVATE KEY-----"), + .has_more_headers = no, + .encrypted = 1, + .pkcs8 = 1, + }, + { + /* PKCS#8 plain */ + SET_CSTR(.start, "-----BEGIN PRIVATE KEY-----"), + SET_CSTR(.end, "-----END PRIVATE KEY-----"), + .has_more_headers = no, + .pkcs8 = 1, + }, + /* Regular plain or encrypted private keys */ + { + SET_CSTR(.start, "-----BEGIN RSA PRIVATE KEY-----"), + SET_CSTR(.end, "-----END RSA PRIVATE KEY-----"), + .has_more_headers = maybe, + .pka = LTC_PKA_RSA, + }, + { + SET_CSTR(.start, "-----BEGIN EC PRIVATE KEY-----"), + SET_CSTR(.end, "-----END EC PRIVATE KEY-----"), + .has_more_headers = maybe, + .pka = LTC_PKA_EC, + }, + { + SET_CSTR(.start, "-----BEGIN DSA PRIVATE KEY-----"), + SET_CSTR(.end, "-----END DSA PRIVATE KEY-----"), + .has_more_headers = maybe, + .pka = LTC_PKA_DSA, + }, +}; +typedef int (*pkcs8_import)(const unsigned char *in, unsigned long inlen, + password_ctx *pw_ctx, + void *key); +typedef struct { + enum ltc_oid_id id; + pkcs8_import fn; +} p8_import_st; + +static int s_decode(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) +{ + unsigned char *pem = NULL; + unsigned long w, l, n; + int err = CRYPT_ERROR; + struct pem_headers hdr = { 0 }; + struct password pw; + ltc_asn1_list *p8_asn1 = NULL; + w = LTC_PEM_READ_BUFSIZE * 2; +retry: + pem = XREALLOC(pem, w); + for (n = 0; n < sizeof(pem_std_headers)/sizeof(pem_std_headers[0]); ++n) { + hdr.id = &pem_std_headers[n]; + err = pem_read(pem, &w, &hdr, g); + if (err == CRYPT_BUFFER_OVERFLOW) { + goto retry; + } else if (err == CRYPT_OK) { + break; + } + hdr.id = NULL; + } + /* id not found */ + if (hdr.id == NULL) + goto cleanup; + l = w; + if (hdr.id->pkcs8) { + enum ltc_oid_id pka; + ltc_asn1_list *alg_id, *priv_key; + if ((err = pkcs8_decode_flexi(pem, l, pw_ctx, &p8_asn1)) != CRYPT_OK) { + goto cleanup; + } + if ((err = pkcs8_get_children(p8_asn1, &pka, &alg_id, &priv_key)) != CRYPT_OK) { + goto cleanup; + } + switch (pka) { + case LTC_OID_RSA: + err = rsa_import_pkcs8_asn1(alg_id, priv_key, &k->u.rsa); + k->id = LTC_PKA_RSA; + break; + case LTC_OID_EC: + err = ecc_import_pkcs8_asn1(alg_id, priv_key, &k->u.ecc); + k->id = LTC_PKA_EC; + break; + case LTC_OID_ED25519: + err = ed25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.curve25519); + k->id = LTC_PKA_CURVE25519; + break; + case LTC_OID_X25519: + err = x25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.curve25519); + k->id = LTC_PKA_CURVE25519; + break; + default: + err = CRYPT_PK_INVALID_TYPE; + } + goto cleanup; + } else if (hdr.encrypted) { + LTC_ARGCHK(pw_ctx != NULL); + LTC_ARGCHK(pw_ctx->callback != NULL); + + hdr.pw = &pw; + if (pw_ctx->callback(&hdr.pw->pw, &hdr.pw->l, pw_ctx->userdata)) { + err = CRYPT_ERROR; + goto cleanup; + } + + if ((err = s_decrypt_pem(pem, &l, &hdr)) != CRYPT_OK) { + goto cleanup; + } + } + switch (hdr.id->pka) { + case LTC_OID_RSA: + err = rsa_import(pem, l, &k->u.rsa); + k->id = LTC_PKA_RSA; + break; + case LTC_OID_EC: + err = ecc_import_openssl(pem, l, &k->u.ecc); + k->id = LTC_PKA_EC; + break; + default: + err = CRYPT_PK_INVALID_TYPE; + goto cleanup; + } + +cleanup: + if (p8_asn1) { + der_sequence_free(p8_asn1); + } + if (hdr.pw) { + zeromem(hdr.pw->pw, hdr.pw->l); + XFREE(hdr.pw->pw); + } + XFREE(pem); + return err; +} + +int pem_decode_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx) +{ + struct get_char g = { .get = pem_get_char_from_file, .f = f }; + return s_decode(&g, k, pw_ctx); +} + +int pem_decode(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx) +{ + struct get_char g = { .get = pem_get_char_from_buf, SET_BUFP(.buf, buf, len) }; + return s_decode(&g, k, pw_ctx); + +} + #endif /* LTC_PEM */ diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c index 9ffbb0bb9..3ce53d18c 100644 --- a/src/misc/pem/pem_ssh.c +++ b/src/misc/pem/pem_ssh.c @@ -337,7 +337,7 @@ static int s_decode_header(unsigned char *in, unsigned long *inlen, struct kdf_o return err; } -static const struct pem_headers pem_openssh = +static const struct pem_header_id pem_openssh = { SET_CSTR(.start, "-----BEGIN OPENSSH PRIVATE KEY-----"), SET_CSTR(.end, "-----END OPENSSH PRIVATE KEY-----"), @@ -349,7 +349,7 @@ static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, password_ctx *pw unsigned char *pem = NULL, *p, *privkey = NULL; unsigned long w, l, privkey_len; int err; - struct pem_headers hdr = pem_openssh; + struct pem_headers hdr = { .id = &pem_openssh }; struct kdf_options opts = { 0 }; w = LTC_PEM_READ_BUFSIZE * 2; retry: @@ -391,6 +391,7 @@ static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, password_ctx *pw if ((err = s_decrypt_private_keys(privkey, &privkey_len, &opts)) != CRYPT_OK) { goto cleanup; } + zeromem(opts.pw.pw, opts.pw.l); } w = privkey_len; @@ -400,7 +401,6 @@ static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, password_ctx *pw cleanup: if (opts.pw.pw) { - zeromem(opts.pw.pw, opts.pw.l); XFREE(opts.pw.pw); } if (privkey) { @@ -417,7 +417,7 @@ int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx) return s_decode_openssh(&g, k, pw_ctx); } -int pem_decode_openssh(void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx) +int pem_decode_openssh(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx) { struct get_char g = { .get = pem_get_char_from_buf, SET_BUFP(.buf, buf, len) }; return s_decode_openssh(&g, k, pw_ctx); From 370457f405c8d1e2e740d7e424ff5d8f9c0285d3 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 12 Jan 2022 12:47:15 +0100 Subject: [PATCH 15/51] add PEM tests Signed-off-by: Steffen Jaeckel --- .../long_pri_pkcs8_pbe_md5_des.pem | 11 ++++ .../long_pri_pkcs8_pbe_md5_rc2_64.pem | 11 ++++ .../long_pri_pkcs8_pbe_sha1_des.pem | 11 ++++ .../long_pri_pkcs8_pbe_sha1_rc2_64.pem | 11 ++++ .../long_pri_pkcs8_pbkdf2_des_cbc.pem | 12 ++++ .../long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem | 12 ++++ .../long_pri_pkcs8_pbkdf2_rc2_cbc.pem | 12 ++++ ...g_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem | 12 ++++ ...g_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem | 12 ++++ ...g_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem | 12 ++++ ...g_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem | 12 ++++ tests/pem/ecc-encrypted.pem | 13 +++++ tests/pem/ecc-encrypted.pk8 | 12 ++++ tests/pem/ecc.pem | 10 ++++ tests/pem/ecc.pk8 | 10 ++++ tests/pem/ed25519.pem | 3 + tests/pem/ed25519_attrs.pem | 5 ++ tests/pem/rsa-encrypted-aes128.pem | 18 ++++++ tests/pem/rsa-encrypted-aes192.pem | 18 ++++++ tests/pem/rsa-encrypted-aes256.pem | 18 ++++++ tests/pem/rsa-encrypted-camellia128.pem | 18 ++++++ tests/pem/rsa-encrypted-camellia192.pem | 18 ++++++ tests/pem/rsa-encrypted-camellia256.pem | 18 ++++++ tests/pem/rsa-encrypted-des.pem | 18 ++++++ tests/pem/rsa-encrypted-des3.pem | 18 ++++++ tests/pem/rsa-encrypted.pem | 18 ++++++ tests/pem/rsa-encrypted.pk8 | 18 ++++++ tests/pem/rsa.pem | 15 +++++ tests/pem/rsa.pk8 | 16 ++++++ tests/pem/x25519-encrypted.pk8 | 6 ++ tests/pem_test.c | 55 +++++++++++++++++++ tests/test.c | 1 + tests/tomcrypt_test.h | 1 + 33 files changed, 455 insertions(+) create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_md5_des.pem create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_md5_rc2_64.pem create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_sha1_des.pem create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_sha1_rc2_64.pem create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_cbc.pem create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_rc2_cbc.pem create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem create mode 100644 tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem create mode 100644 tests/pem/ecc-encrypted.pem create mode 100644 tests/pem/ecc-encrypted.pk8 create mode 100644 tests/pem/ecc.pem create mode 100644 tests/pem/ecc.pk8 create mode 100644 tests/pem/ed25519.pem create mode 100644 tests/pem/ed25519_attrs.pem create mode 100644 tests/pem/rsa-encrypted-aes128.pem create mode 100644 tests/pem/rsa-encrypted-aes192.pem create mode 100644 tests/pem/rsa-encrypted-aes256.pem create mode 100644 tests/pem/rsa-encrypted-camellia128.pem create mode 100644 tests/pem/rsa-encrypted-camellia192.pem create mode 100644 tests/pem/rsa-encrypted-camellia256.pem create mode 100644 tests/pem/rsa-encrypted-des.pem create mode 100644 tests/pem/rsa-encrypted-des3.pem create mode 100644 tests/pem/rsa-encrypted.pem create mode 100644 tests/pem/rsa-encrypted.pk8 create mode 100644 tests/pem/rsa.pem create mode 100644 tests/pem/rsa.pk8 create mode 100644 tests/pem/x25519-encrypted.pk8 create mode 100644 tests/pem_test.c diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_md5_des.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_md5_des.pem new file mode 100644 index 000000000..ae7ec3126 --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_md5_des.pem @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBiTAbBgkqhkiG9w0BBQMwDgQIzN684k11RQMCAggABIIBaL9W5ZvbQUeDz4Zb +jISViw6ehWft1lmvZpqzA8Fik3zFIhxSZ9qr03mRdh9fU6VOfLX15NyMdFxwcYnR +c4a/CWz/tu7XTlY4sA0lvI0tJLrTOQNcZdNUlUTbnrQ1N1VaAVWbmP4m+r+NUivz +7ml0q3wcClRZmADg9NcTx1KnZQrbboGjIfG9mSNcpuN9OYa8muat9ytCRlBj43Fa +YKe6xYgKwWUzBdjArIufsdeCwDnfj5qFJ/7DUOgFaGS1mzCP/zJaZHWRd5ArchP/ +NVYwIonzPgmH7UP/VHJaFiKc7qmaHP7WHuGWMci8pMH1fnpCFDshQfwBHmCwCdar +lUy3Kwu4DUarhyde3jbDFyMwM/ffu9VJor+KZXokTYNjXPzuuM5ZBx7ZKYnFTuMJ +NpaH+chSxK3Peif03mWQMJZuiBNh3tAGfkFb+gMAdhxzgWpDhhtE1c8Zbnwyc+Sk +MMNju1uX2plDFluAxQ== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_md5_rc2_64.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_md5_rc2_64.pem new file mode 100644 index 000000000..0de458025 --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_md5_rc2_64.pem @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBiTAbBgkqhkiG9w0BBQYwDgQIUliSQEiAS8wCAggABIIBaMP+c+hNliY66qDg +33YhJJfuzxVkmW95vpDNw5UqF4jWBW+3xoJHpPJk2zON5nkENQkFU2B/7HY23tLT +lPuWoA5GDotPEMadDMLvxzuynRL9ywZjLVouKNngcLSgxZC5+LS5BqwBlfvcCqk6 +3d0XXB616f4CocTA9s6FHM24vgVEJujjj7K7V4otW7kYfLUTx8ZQ+YUNCCXI/2jB +c0UzHlCWFQ4oZuqINzc/W04HIOerjfGhK1SN/cUboN/PJ090wFzqEPE2MWf8/2ug +N5V2vMkrwwN5uIUumFGY7+vXWOdbs7TAplZQDGlS6I5hnJXqJMXysnweAmw/TOKl +UM25+LQSf6V5FeRh1q7cUzRtzahXX/YKICBYHgOChVj8B5QI31RNFRUpOYOFpjeo +fCMvNI6Qp3U9sW462xq4hvemBUUSOuM5P8M+mZxpAXxB56W5bfVTD8nWTzdMH38o +sfWwu/7anoMxI6YN8w== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_sha1_des.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_sha1_des.pem new file mode 100644 index 000000000..19826ead5 --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_sha1_des.pem @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBiTAbBgkqhkiG9w0BBQowDgQIT35B+lfH22gCAggABIIBaNDnpB3HZ1IxSmgD +9icYYXhKwHT9lpyAzlX8h43ccwROt/WR4N9+Q0Xcfdktv/5pVKkzkGsXD1u0x6OM +Oevtj/O7DbfzpW3pOUAB5aaA21QOksVAvjtjuwZ8eRGa4h6aXaMUQYOo5AQAHH8/ +Ev0MqqJucgEzONByZTp9B6FwWwbioEhap9h8qX6oQ09SXQnKCNi3KxD2IDAwMDMm +Ss+wMmq6xiGR2UUHg/+tiMHCmLTcCkvhTg6l7rsH6LEO4W3G0teholWSrke73yeO +NhU3O0AZjUCMXqli1WxeJByermRVAIY2lnMlG6+8sDQMEVePutd7x9Y7D223VwZR +ou59pwdJt+OHNKMCMiPIFNht5iir3zpJ+yP5wP5CDigb+RS5e03LGmT9An+8j/Kb +PZURQSa0aqQasn2QTAF7zRlLTOPpBlSPgmWuZolZbHqkDbX0xPJYO9BlfY5nX8hS +/18lPQ0wUIBYG19yuQ== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_sha1_rc2_64.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_sha1_rc2_64.pem new file mode 100644 index 000000000..62b66dd9f --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_sha1_rc2_64.pem @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBiTAbBgkqhkiG9w0BBQswDgQIh4GKHk4SmIcCAggABIIBaFWSw80nmDwiKdqt +u/t4WtFeyVbdtDZqX9pK1Um5lWVpdYNHBZFGtc+mQA4QTUGg7jCbOHC4YiO5FQtw +FVay9nMGd/MAfITULLUCNr7DERM9OgP3Iy8fvnloFV7DLafDeFGlreTrGVaEzb6+ +vHkys/Q107k3UpNNZl7LUSZ+u1olENDIkm/VhInmDS8fWgOt8KfKdmQB9hpnW3Q0 +WOiUBC/SEau/o0tLc9jqwXbkUxG4tYfFlQgA6ll1N7OPmX0XOleGsVJkeyakkkZm +78QQDDsEeDuS3Jk+L6VUbJimxUOFNzy27YhFYKFwvEoxVmAsKgBP+ycOQqIOM0Bu +NwtfNQm4gIySqfkMGnGIrOFpXT9nk2ouIoTnT1prGBHP7IosgJATlTytChhfXCj+ +pm119VBAHho+Rx0K7WPfWh6F7gBf8v+dtlPgYdtg9KgxsESkHqLQNAOxTgyw6Wv/ +f2Ma7GbDLKr98YTwEw== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_cbc.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_cbc.pem new file mode 100644 index 000000000..3a64eb1cd --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_cbc.pem @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBuTBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQISIYM8rI/jPMCAggA +MAwGCCqGSIb3DQIJBQAwEQYFKw4DAgcECDtoK11BLZ8yBIIBaBWpKqU/zd8dK45s +iC3X+IdPeXmg/tlJZyKJdlLgyZMzq2hwmqpNW6OqcVUf6vRJXrmUvLXdzbc8LmHi +hBUwtXAenYJHOt/dY2bQmHsh3UE6Rjo98CNUQkPY254kscMDCYIH2kYk5m7Axx9s +r/GSteJ73i1snCMlguBnAw4Hfn63aWJ+quu91lTupoZ5GzP2JmByNaobOzPbLj+o +RkQEdqjOCnRhnVKh6b7jJlJZjKC+pSrMovuVfrjfGk74MTnWDrYBBbM2whY2/1gV +JHjfI+2UUg2AJXqrZL6aNXgRAypWqEWm74quPzw1oED1xeBv3n3qTT8ibYHNXXcl +GGe8nduOm2sv+FZNx6LaKhutbSiCGW+TT14Rf7iYjDxDz2Zo+ngh9USb04VFhvN2 +rcdv3x2tetKqbQ6THhM9LfyArYpDF4tC2GRNCdmMcQClIMQIEwvabg14XORdYWBl +ETQPMiGjep69gcsCLg== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem new file mode 100644 index 000000000..2124806fe --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBvDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIuVWjGRuwrEYCAggA +MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECPNKy7KzuZplBIIBaMCytdZYGgmG +HnRqZZefHmq6QoFtPFy0UcUx/k4QyPX98gftQZsOMQUjK3SYb0E1stwvJyuOxMk2 +QAAkSvQgdB4/O9Bn+YcAr2yN1kQ3ZGs4GhKeFdCVzha6DFXPnfumxB7nqH1A7hvq +6e/DkOPnfcwfq7yy8ydmfubZ5ycdQmCn/s6UuxmipSG3viAWXOWxxj0ujOuwcti0 +UtVNDYfiat77khdEmkbTjWek/ClaQhbs8c0ihQ3VTjjzNumCjK95SDWzNfyXr1Cz +BOz940PYzy/CWJ9kcPHtAzF9ZKBCE0iDx6dlAqUpMr8+cUDGHtoxeMG0SEhuneEx ++2PyO8eHACl+UZ7gvMRvU0HikmIXLIDuE4W/5bFwLlwe+W0vWx+/RrxSUhotY2f3 +tIUMchZH0V9e2bjcZEpoOgAbJFwpv4BhSzPFGUtCvaW02GprDFbkvpdeVEAOeJCo +AERV4FOHuiQN5xICywgs8w== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_rc2_cbc.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_rc2_cbc.pem new file mode 100644 index 000000000..add39d146 --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_rc2_cbc.pem @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBxDBWBgkqhkiG9w0BBQ0wSTAsBgkqhkiG9w0BBQwwHwQID289hiP8sNACAggA +AgEQMAwGCCqGSIb3DQIJBQAwGQYIKoZIhvcNAwIwDQIBOgQIS6rg/BDDyx0EggFo ++EP7A0v/HXDb7sIKUaSRo31UgIvfB3ReCYvjl99OhGohyPKU5d0SG1P+a5qACAtM +9NOPIB8UdjjrKxz8i3hjpWEOCMQAdaXhkIiYaDbPvAVQwlfEA8LUlUoJce1JbyUy +O/BJx2FvSuQYMpzYdjj+PXifngb3qKAC7W+72D3d/npwCFMAfo/Bp9rCk/0MWakp +KpUspNT9b69YI0yGKxRpJNaX5B4FuaLe1O31Tveq0ImyiWEcSC6bsFfi8xWXmNMR +pw72Pv6FEgSc1aaSiViQVvkDaes1M4Po4K2geld07bnXn9e1JzInYquBnhFUe9Rs +HyGTqJp0S1Yyqdt46e13NIfM8knvapl9/0fZ/QJ9UIPbINpFRGeFBJY5pR1xEvNK +EST6HZIw84U0iMfGl2e9oyC4r+1hZfkELHSK3d/s/SRiRhw1yTOGU1dFMwUz8yif +CCNNR0cFDfSKHYQOu78bUZ+Nmt7ydzn5 +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem new file mode 100644 index 000000000..d77148418 --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBvDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIF1hZIYPOrdkCAggA +MAwGCCqGSIb3DQIIBQAwFAYIKoZIhvcNAwcECO1sfQDcxpkyBIIBaHKe707yztqL +ZqMI2BkJdLhNUeysatW7IP9WLN4+kM9IGx8d3jVthFK28kmQv2yHjFqbuTYnJJz+ +7sskqfbv+xO+LmSlppeD2XaolcoCCu0ic/JmE++CORaR/cswkjZD6dDaB3saZO/T +gKleto54fMnMNUAF43aIKZGr1xOv6utMqWXULCIMkk1RtqRv5l/bTavFnnoHfuUW ++eNH+z4yopTuJYMSvYcxcTFaTx+SpoR+Cyp9HJAGmNk4LS3abxIu/QtB3Is1QZpS +tBmizAv+5pmIshWIAsIXbgK3a6VboxzJI1Twt74pPYEv+OJbOtvmDNrM8Anqc6pk +gc+0W9/CZ+gL9Zo0MZFnehnuK2EwpPmzHrRoyCM762wcImyz+5EVVpJrixUGpq8F +wjtw1xOMhyQ3K5j/kQWdLgoR47s9fbkkgSxIggY9JrWA8VY6uqm/AWJKrITFM6hx +75lOxEX6Cw/B4y0V+xZ1rw== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem new file mode 100644 index 000000000..00ef04169 --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBvDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIqmXjSIb59wUCAggA +MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAhqA2qQFwcrBIIBaACt+al/ytm9 +NKroYGO1rExbTYC87yT9N4Q3im7IHTrUXrWxm12t8PHJCpr+2OIrCaTC6bcAMcRI +cJEgsp6MISxZQXkFFt8zauC6cegsBnIngi3lPzpo+66v+jq3F26XXE1E6jWexcev +osngyT8Ng1lddwSeUZ6qmIoajOdliaZKt9zEnNre9uGi1tqjXyAjtMzRNPOdj8qK +6LS8U8bZlhNk/5LQiYdq/s93oA4XvIZaiVmNDnirfqYLWXhpPuk6pinZZIf45bNj +WpHR6nlS6zrfMbu7OsOVMk1dYMS0wyWf4V7c33EUGq3V+UpCwf7lHiXpKHf3VUql +ATJLCH0rVpVtSLQKzu+AtQ5hXWM5L95eDgJH4cHMvUZyH5fXBD0XVwGwF6jl5Bgu +qpiQrk0N4SINtOTUz6cpkCg2i1rT/y1OFtfzlcaU2O73MlEcRSo9X1FFQuKSY978 +XJWKmss54p2ZDZXjI9hKIQ== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem new file mode 100644 index 000000000..5687c7287 --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBvDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIsCQVVRoBSP0CAggA +MAwGCCqGSIb3DQIKBQAwFAYIKoZIhvcNAwcECO8+o1eRBcmTBIIBaDM+16hmyXFa +Nh02rGpKlggDDWc/bcpLnmi0vEyHIG5wpwS8RYiKY7AlJv/soNuGh/62kFJzvJyl +gwhAdqE4Q8u1ECKvIz9VUJkY7etvSP3Pu2lNeE2wVPk6k36RjSib7cwefrawJrTQ +50J9gdxw2vl/vep7nZRPVerqod9Us2x1/M0DMYtcm9iWgNGXKnF1bXE/TzDaWmUG +4Isx49V4CaUSNbdP/Y9wfj1LARi/qZ8sIMQmi7rWFZJOutJ2HBJcvkiAOUWtxGrV +PTPkWsCk8MQ6gzi0RTcotqC3Z8cJm7TQ0kVpytNAGNavuK+VklApSEPwK1RiLL5a +04KuIyO0qf/Yh+e7i1miX9aNcA8U7XrgrgUguccFm+25JPhwvKerEvgbthQtd4DL +09z8ClPcOqarLRzbpswcVppBmfI27TbQC5HS+UjPGa4CSTgOjwFmoFoV8P06E7/J +DB2MLT7THaLfYdv+dewaLA== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem new file mode 100644 index 000000000..e1769fb7d --- /dev/null +++ b/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBvDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIuyUx21YswXgCAggA +MAwGCCqGSIb3DQILBQAwFAYIKoZIhvcNAwcECHopIpIBxzQyBIIBaKCdLeYJSoYs +0tuuykMqh5YwG3yzsI5RoDHZVkuissmreb6AgFkwoH1PpvvbwY4NkAEZ3CADeeAr +R+CPBI2GZP83/VoJKgk4WZ3518FZPUks4obIE5/AVNjYTJXhfwPCXdf21h6DoAUr +OeSi4U72rsKTmNM/ARa44JJjkgC+77+Ith4+ayeq2h+v4ylRx533AkL8kbzBDVey +pyLENNSnwwZHUpAhV0ZlurXLHc0eNHyn6LzIXig1RawC0uuYKb+CxZrkbtX9R/HO +mTUf7EZrVvJb/G5H9Buhs8gi8Ul/C2LFnCdy2VbBkubnbK70mIyQ4HLY04NGpw+b +6TXHODwrSEwCHNdIyVEuIFW4TkQtWmKAqT2/wupJ8PWo83/mxlTb6NQlhSFFY/Tu +FiPRHi2q4rI3+283NJ/W624esG44u3+OBqHNZe1F7IXbEzM+iGo4osI7CXvvQrfo +PJAUlYc9TtaTQAqdJcVjdA== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem/ecc-encrypted.pem b/tests/pem/ecc-encrypted.pem new file mode 100644 index 000000000..9b6d11754 --- /dev/null +++ b/tests/pem/ecc-encrypted.pem @@ -0,0 +1,13 @@ +-----BEGIN EC PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,AB9C64372F927A0D0C27AFF8808FA408 + +7vsYSX4TxsNKVJ9rdDQ0KJV5fIjv8cmtm0hCfY3dXPaoBy7dnQmtoS1cB2L7/5lg +Qr/COJFKg0PY7y+aB+wK96rFZUvmHSwxjOUbz1/+e4PHbDaSJJCEJpqzS5Clo+nO +q/FKjfXmQ9yANLO0o4QcSRwSjxIuIK5KWG2EXWm9gCsR1tPW9UmSCSFOn02puF6e +HJZnrq7SHvTvuZ3Tbzzyhp7Z7LofSLPaHaCdWrGlY/AlsnUdOywHD3ATCvvjTVqJ +GelaUv12BEJK+B945LmgMkj+BRhKcLXmK5Q2am3ZdvwyZW7E9JcDLPjX08VEfxY3 +aOBv1mysIroniX3UEZmNR/gUnQTSGa9m+ZsQvZYoZsqK0dn9THf70fW6scmBvfR/ +wRnS1fe3WYsjkXAvAq/a/5Ev6go6G0xgKHI+TJMeFxC2v1r2aTlDKw8AcGwUzsll +HIbyabEaVwQviNuH6NHNpw== +-----END EC PRIVATE KEY----- diff --git a/tests/pem/ecc-encrypted.pk8 b/tests/pem/ecc-encrypted.pk8 new file mode 100644 index 000000000..f8c8d2fe8 --- /dev/null +++ b/tests/pem/ecc-encrypted.pk8 @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBzTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIDvEXvzqHE1ICAggA +MAwGCCqGSIb3DQILBQAwHQYJYIZIAWUDBAEqBBCj/pJclOyl8T9QLQ5hST9UBIIB +cAhS99K8b/rp2TaTvSSuwTS1qFcJ0O33zSSIprhVriNdArgQC0sX3XZKe5tyzWSD ++ZJZXJhcnQKRauDGhiF7dJWSgM0MbL90ZgwFyQvwzl1kxfKheaS8Hv/xGDvx+eAU +XwOAddifqcSediLUwtf5SRUmPy12gxcMFN0gY7fvjA0Wb/fDn6UuG0iu+y/msiu/ +S+dW+PbOZBDiQb1u/U+wKTdvQxowlu6zkapxRFRWC1i2S7vBtdK7aLTERUJwdEf/ +RdAMLXQdr5zhKHTjx7nQiPCksbNrpdTQHw/nsrNtE0pPvde3MCNIfvaDgHXyCV8F +Fo/fn97YhaKH8zCfvWhduuY2Bj3M1jBLRxGQZ2cs4hb6Ua3R2GiTD0h5zp9uNXRH +SrECToksdY5jNz1qMV6TA7gAOZ477sZCkJ0WU68B0jUVJKlEYCPzyTVcoy3a1hiF +Lx2H5WbsXSsZGaX+wyUUicYm8J+YnGtVd+FgS5e8Lh4w +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem/ecc.pem b/tests/pem/ecc.pem new file mode 100644 index 000000000..2cfd6c0d7 --- /dev/null +++ b/tests/pem/ecc.pem @@ -0,0 +1,10 @@ +-----BEGIN EC PRIVATE KEY----- +MIIBUQIBAQQgDPGtLwP3kRu6A88jN8jy9zbOZfGELX2fX54h2V5JvSOggeMwgeAC +AQEwLAYHKoZIzj0BAQIhAP////////////////////////////////////7///wv +MEQEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAABwRBBHm+Zn753LusVaBilc6HCwcCm/zbLc4o +2VnygVsW+BeYSDradyajxGVdpPv8DhEIqP0XtEimhVQZnEfQj/sQ1LgCIQD///// +///////////////+uq7c5q9IoDu/0l6M0DZBQQIBAaFEA0IABCr5C9q+cWae0c8S +0CSvurZ/+5YnPi+9HtX5jWxzncUWkb2yuRtAEFq3bG4yW/djYpQkJNvsP4vlbktk +NzEkeU0= +-----END EC PRIVATE KEY----- diff --git a/tests/pem/ecc.pk8 b/tests/pem/ecc.pk8 new file mode 100644 index 000000000..bb72e1b8c --- /dev/null +++ b/tests/pem/ecc.pk8 @@ -0,0 +1,10 @@ +-----BEGIN PRIVATE KEY----- +MIIBYQIBADCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEA//////////// +/////////////////////////v///C8wRAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBEEE +eb5mfvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5hIOtp3JqPEZV2k+/wOEQio +/Re0SKaFVBmcR9CP+xDUuAIhAP////////////////////66rtzmr0igO7/SXozQ +NkFBAgEBBG0wawIBAQQgDPGtLwP3kRu6A88jN8jy9zbOZfGELX2fX54h2V5JvSOh +RANCAAQq+QvavnFmntHPEtAkr7q2f/uWJz4vvR7V+Y1sc53FFpG9srkbQBBat2xu +Mlv3Y2KUJCTb7D+L5W5LZDcxJHlN +-----END PRIVATE KEY----- diff --git a/tests/pem/ed25519.pem b/tests/pem/ed25519.pem new file mode 100644 index 000000000..e447080ae --- /dev/null +++ b/tests/pem/ed25519.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC +-----END PRIVATE KEY----- diff --git a/tests/pem/ed25519_attrs.pem b/tests/pem/ed25519_attrs.pem new file mode 100644 index 000000000..84961082a --- /dev/null +++ b/tests/pem/ed25519_attrs.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MHICAQEwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC +oB8wHQYKKoZIhvcNAQkJFDEPDA1DdXJkbGUgQ2hhaXJzgSEAGb9ECWmEzf6FQbrB +Z9w7lshQhqowtrbLDFw4rXAxZuE= +-----END PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-aes128.pem b/tests/pem/rsa-encrypted-aes128.pem new file mode 100644 index 000000000..9fe278b8d --- /dev/null +++ b/tests/pem/rsa-encrypted-aes128.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,E34B30358A82741CC19E7D3B39F262F9 + +gBfy6bd92405991TDo1pT58ZimYUlsz6rXQkaM22TsMzKq56Bw0qz9h4JOJ6huKh +BQlHJ1Wn8m75J2dFPAX/Y1qTNzTufNIZ7iGsJnlagYV1P/ICN2kdDp5Qozz67n+v +N/S8S+42snqrL6Z3PsX31Mz0+bp+AX+IONEDJ+63ggOiMx5/eOh5fGVP/xovCAP8 +E4NYev1mDY/DQpsMhaiSedAU2rwbGZTLdyZbT5Nj8bWOiU8Co9B0MLrnwfjqS9w0 +gpeW2N8bW9WrXySePS5qJIVWs4FwC0OnU0oZ5h2oi1p0j9vJfOBTHOnLXgC/m8oR +tdDxHHUHrhBmLvMHnb5ZxMSGqYAB5CHt8TvGSYe+wUNdEV0bwWsgwDQp1DR9UKij +HKpMbemWzwueOeXvgwmziHOzxureE4vAEEv+rakxhbagkWpizyM1IxjxPa3A0ohY +THF/dq9PmDtyTtAKYcttRlqhPTOUIWHUu6rxqYpuXY8edqzALoC1dUI/WVJuMesf +JVcX4gL0FxtN/Cyd2j01AfrC5rBQuEwq2l5IEfdGKv1rsWH3lGpI+yv+l6yLrYT9 +Hfooeb1ZKx7kf3J4Yy7LObaMuCjPaYFGeAAwVP5OL/cSRwJsAgvpTmwM9k23+AAP +WS616Cl6FpKTFbJSDNrqfEAo4ghsbbrmuG/EzhqFNzYhCsX2GKRqp5Om5TBV+pSe +svP6HF2sh1bypDlFv6V+grUIU6FHHS8v+/XeO502VDMdMonuV3G9kiFvL7pXGZ3Z +iNFkdAUegliKvbkFg5DyHMYnAmYrj90BYaLQBPCVjFR8waxHLr/eFFaKTlvKT/T+ +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-aes192.pem b/tests/pem/rsa-encrypted-aes192.pem new file mode 100644 index 000000000..5c157b685 --- /dev/null +++ b/tests/pem/rsa-encrypted-aes192.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CBC,84225A437AB98BED8FB41AA30CEEF69C + +phaXiTpHZdPh9nB147D+IBIuWRLYueXgy1eqX1hFC/xskCRGQxwmhWhppGp6Evcu +PA9DywqHHrYPl5fZsSXjOpj3H1JU/4oP/q48Yz6832YxRZHblAZgVEvK+OqPFq1y +FVnL8JMXLZ7GNAvl9JNBfmL4kYJY1CwcLeplPXDfrAdrDt/974/jNB85qsyqVsQu +QNdLj3BRLJYWWv2MUIlfP2+Wef5pA4w+Aurv5evxcRZYSsqUhHwrBjfrXMumzjAi +7VHh71TyFJBbN/qiiBqaCLyG301HqUBdcpstlZ6GUU+dIg/QR+QrY2T5rRwmbp1T +RA96OSsXypEDz/35XMrcnFV7PyO1q+GueXTxnNH/a5SNKohaElxyn7suJ5nuoh/W +euUNeNFk6caq2wkCS7Ew5vvNqYbh6npKdrz1JzfsyjpwYkPdE0VXxEe5/Pcqhjpc +tKZ5Ej+nNYSCIDrmGd8PteoUWby3oeyS/K+8OofKu0nKexdJ69iY7bcMCu+WuM/K +flXCgQU1d2ClY6x7zFRjPjgI6NCiBlZ7ndx5NT5BLJfWA3VZRwMZsSYx04kUH+wJ +vkaBKUGpBQIvR5cNvPberc5Ckl4CdiFCGSGhREF6M+8sB9KzdVebrBX3ht/lE05v +m+4ekGz3O8tFFKEEnVHwdQw5aXGFc9TgS0gj6CVMl21lWHPKXAoaY0g0TRjc/rgE +c4US5mRzyE87juEX0dOhx2CcJ6q1/CWXIUV2CKFS/9ugOy9eaA0KdaC1r2Jec1bA +yxbM0eNXyckHhh062i+8sHLkWkRN34MPGp4p3Y8YT/iqPatKrcLOODm8NeJD69M8 +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-aes256.pem b/tests/pem/rsa-encrypted-aes256.pem new file mode 100644 index 000000000..6a7cd289c --- /dev/null +++ b/tests/pem/rsa-encrypted-aes256.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,D3DD9599A74A0A204325A4FC0104274E + +Cl//jk2w+X7KMvEoqvXlyz2n3DHqx1UKSHmK8ab+Gx5CRlbTeOkYseN75wx2Y3/B +WiJTFuKBFSjK9o0ts8Li3xQUnCP1huXq6pY8CIcEo7V7ZKe/7rWPwPtLflaPsSoz +4paXwqeUB61gS3qw6bxof3WFKN59lU+Xk0HsDOp/SK55ceA0j7vtOFm+pq+cqEwl +wy3ZGUJUDCZgYOuTNTfvDqoRK2OuH77fbQu27ck3eKUC5LZiDCQ+Aqm9k12gcCdF +tqqLZdZyQWJK/rpqY2rHZkLTkhou//Cs/15l3GLDO5P670aVEJb6vVNVJd5msu6b +JGWDb31McTwj7m3NsK2OSPVfhGuA+Hx24/ul7o615Bei4AsN3yAcm1bQeRKHyQoA +9LBZgyznt3NhEQ5RoXCR37HjwQheOoDcwgVh8uSJnKaD1dUMlIJYjW32kMbj6fxF +kAMm6JT4FU52jnpsar0+ADqrLst33IkXfiPWzHoUsh9hnTzDwqOR1oEbxAnBABkz +zkZPH818ENHsg6c/S2z9ZXyLxjqd+kh53cL36NiTZkCSJOfwuKWC9gnXsXgmpcV5 +BaOozzYLtW6OMsPWrledD5uV5EGBitLiNKBB4h22/AR5Br9Eo0csEJHkEfjd4hAh +J2iXj26j0QmsLJV2KNgi1q/b99r6vqQVuFEUVhBprrt+vMVRlTAs1gkPMhZHwC5Y +CP3w+d174aIURUeOqmTmlefP3ek74kKz+eUw5/KBq0yD2gWguuW7BzTF+GcP87Gs +nBoeIbAF+diy95F7y1zXLlYr6U+xMaizpDtYChDehUXd7Hd85AqjRNHDD3a09m8t +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-camellia128.pem b/tests/pem/rsa-encrypted-camellia128.pem new file mode 100644 index 000000000..f3ecd0474 --- /dev/null +++ b/tests/pem/rsa-encrypted-camellia128.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-128-CBC,0303625F03B4D00BCF0CF7C823F1E665 + +UGZaiZfZe69svZrpTL4oIuPgd6erA5Gmz7Yo8JJAcrmIRyLVaNeL4/FNQsstGyxv +nax0h5X4jLDZrFrbF305wbENCEoDffNzII8Ju/w1lVxpOdkQTJtKUtp2iOdFAMfq +BvmAVgjy2M0W++SluLXmop3fo6S4fxsOkLywKPLHFUZ8JwSg3I5LAMeCepbx2bG6 +NfozsjwVSVc3grs/FKHQlBhuXyUDJNJwXXA4hpBqoLPjBdOrYqjV0MA6D1csIRTu +G/gsmobtp9luWQD+dEtufLXvfxOlLnJCdWWS/lhwxY3Zym6juc917wNQoxgyQq2L ++53kX2VFFLM7g6ES0VTMF6oAbglqKLABJOZk0aSzLh/h6RKzh3WaT0yux9w1JmaL +0faIJDG2ZNroraOtAIDmc3Q4sfk2EcBxOFTRjKT/ypPcwOY2PWMRDAXpfHtAJrRx +H6GQsM+X04wahpQ/aHCtUu1EO6n8zEdej8XUu+Tcz8stO7h2zs7IOi+7NbqqvHYk +V09kX6FgSnUmzsV8DGcemEM2XkSbK6p+/b5EXHbvwkH65zjDNtfjloWgWd9B2nqv +unB3i9h1Kd145a8TsiNE7Z9QI5bIBXN7x/70SoO5/OJjjPczNSHkgsBEkIseyjkU +MuEQ6s9GFAOlw885ieUEJuEwyhVcA9ksCp5SuxVNEScMh3vZ2zK7reYsg8GC1Vx6 +2tw1HUzarDDgp5SWxjIFq14NWySZF3PTrlcmcaZkiepSprFGm3QZ29mXMpoCIpJW +344/5dM2kkRgWoZhJP0d52dX/D9lqYG3nD9vlQbOFKR4DyHW1yeTGFlheqOdwiU+ +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-camellia192.pem b/tests/pem/rsa-encrypted-camellia192.pem new file mode 100644 index 000000000..3f10b3440 --- /dev/null +++ b/tests/pem/rsa-encrypted-camellia192.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-192-CBC,FB1DE964D0983449CAC8D7608D0CFBEC + +bsqay1xsCDMwqFR6vThpD4mDycgkc6pB1W9nMbe81bmYWe04c9jDk44FlhyMEFq/ +fetzGn16A9YFJoX7M+myk2rRv2xhj+UA7+CS/CDHSuh74ZP/Ebj6nKgyzNJUpHqG +4QlUBwWGedkkkRCEV4w5cRMazXsclymENeAbee9s0PKAfso/w7Thvm2ET5Nuu6rq +aOQsk5pVjMtNQN4FFiFa+Qi4u+cmWACvLj2zETg4oL9tzbgwe1BGF6Js+6oqDQx9 +gwk3Gem+902PblqblH/4k7Z8VfuoDj/2vWC5azf4ndEef3sTfDR8X3DGbauUHyYI +gSiI7voaOESlRsWuuSVCH1SrgoNJZFY32wjVGOd7iDYkoybacJNQGRwu9oewd3IG +gAUY5OiEKUHDgc2rsR2ASN1UmAppnUZZbnQ3xNlnoE2N8OEkhykYJTeTC/k4scKx +hcw880ZfgYm1btw+W0UH2NPdNCIttahxUdTWqGBeTznuVDuVCYXX5HgPX1Ufp3D1 +eyJlUhzudJ2xl5z/qBf7ePzc9CgHqpq0nRGfEpS1fgHi2xRBF1JrYJXXAC61712Z +Z6hwjg/22YturTNAOQ719aXZ77Tx8n22A0wrUP3g1nHEICob9zyBum+ncjCRVR0w +ciu1iou7VYfr9B3nS9ECUZY5UmecWG0d+7ELXItZV5bP/wW3tKW54Vh5a22WDeO6 +B1R5MAEXPQ7qBrcNmwr1MEFG2WoucLBEJfHzrkJFIlhwvE8c2AXWZnk0jmPxOlUY +QfxHwWJ4/ufI/FRTwFlYwUohItBAq5j6ve7+StoM3P6qT+bnQcy01xOw3l6o0U6Y +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-camellia256.pem b/tests/pem/rsa-encrypted-camellia256.pem new file mode 100644 index 000000000..c96caca81 --- /dev/null +++ b/tests/pem/rsa-encrypted-camellia256.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-256-CBC,7F40CB6CF02BCE145875EA4A15132B93 + +GyycmUiMdO5AyYLtDy8eoSlcMBrk4vF+VfbPXLa8jz/qqglW25A+dMUw+B8DHox4 +x9t/IWs4Pq2MfNflct07wv6dnszTwVTpyhEOubRd//Q/HPjau5TAmQM7n0as4QHw +dfbCd4laS8siug/KHRPYUqdaiifBOlzpxREQnjYYfXG60KlZYyxIFTp72W9BurIn +BoHznYxQ16ZuID9R0eRgKQZok4If0cLt14z6n3fUw0LZeDEU8RFE5+2GfSgdghR6 +NPlZN7MlaZaVRx8ctFRROt9WXtCfvMSPBz7ua3qymuct76VrjzlYaxhr7nqf0RY9 +Tt2HXZLYzPvnKUA1hwJhbDXw9i0ahJ8lNDDQVEEy8UdiSqtWqjpAbOFuy1HXv86V +mCH4viGdxNqOIe7IMst6jwvnUSDDTFms0fRV9tv+JouKgQ5A/H+VrxKiHm8ZpZRK +yXrMusUMXFQ98u/u0vw1f/dn/dYocNBT0Dgxp3K8mmAuSX3XOupTtDfHJXM4I2Ur +tJfstBPD0Ne54k0aBQnOjeUUrtXvu3xgY4h/c80GvXLHsQv1lTQF3o5AEStUrl9B +KKAqb/E7AMr2a55RYl2rqV4QfL0rvhnTR7Os4ytjwerYmjaC4XvGP3omLWHhNqQJ +jmPnUzyYDKeN1w7nZvNjfrKZvDWW1WT/SJqXqh7tjWdOM/2LRAj3b4W6E5EJBTR5 +8W4REs3K1Hgaw5alVOLRr+tXTF67WTRxbMgmnF+JBmTccLG+Htql78HEPj9Gugf4 +qaOOCrJlSm/Dd2bgFo+FUwY8Plytp/Eh6vHPGrPEyNTfTSd5MKjEHDfhmNmODH42 +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-des.pem b/tests/pem/rsa-encrypted-des.pem new file mode 100644 index 000000000..64817d856 --- /dev/null +++ b/tests/pem/rsa-encrypted-des.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CBC,FF92A06E353260B5 + +hmY/YaeOr8rrGrakUk0/pk5R4aBsrl2EKP+i58ziIKzRI7yVGmTgGIr14ys3oWb3 +9ba6A3hOcQvKfIjI4JxbWQxawOm++Cfcyp+PR7nmIMK1BhKeLynrbuTm7BvPRlHc +APJxWA2OcwbSgnHRqcD4lZxVjX0JrM6w7axrs1/+K0A4NEhWDnWkHd2NHTgtlp9v +Imu8n/atzm5olxb5DFGdyEVR8neASxQ/8gN6jFVG1lcB2DbR+LsS6s3aqrKNMbVU +TKZteJh3Y/WWB1Qxo2Wi7QzjUx6GkFKPLQvLwtJldB218slNfRnlaE3+s/U8WOAL +NRhrLqUij/T0DwJDEywl6DX8uu0Nb1Ge6DD36dp/AZ/M8k5M22Sx8nk1IEEG48cU +TPF5r/WOKy2iSqBx33s9J/H8k65es/YRLv2fASW5mLySApbsKWrX7qgX0yeYa8qC +e2ORyMQNmcgMu+vkyhsRSROCpo03CwZXTugN2h04UdIYhwXgUpcUX4WT+P4L9fAW +pMIan8KRpIv2K4soz20rSCfhspk4tV4oSf165chzBHiw+5bELa3WkfyxowpN6FpD +l6w35mj5y2I4XJoG5OUn5F8P6Z7qw7bB7pevvFch7X1LR/5rjeeXFL2hHPOK0Z3h +kgXez7WcRlv26m8JPM+GfXrbx0qwcF7ApuGa20S3Y6MdMlvEpYzgG7eCNvNdgQqd +MqzVQNLyhVwf41ttAzFbWKJSLffC6Y7kzBRyTnGu3os2joLPWt4i5cc74PEB+Yxt +FY6XZFUeoK4BVVAQ0QRnDxqq9hciGIodiiJZpOiDS3tjxfEgk2wqgg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-des3.pem b/tests/pem/rsa-encrypted-des3.pem new file mode 100644 index 000000000..a48b94b6c --- /dev/null +++ b/tests/pem/rsa-encrypted-des3.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,107EB1F9974CA9E2 + +CKBun5ni3tE7KoHUhY85NnFsxoJqIonLtiDEQRPCNOzFlmxYNqI+hfsnjyQiMB+O +deqihKPEcU4lOFG/pXeMOjgsnqrRSLtpPce/1T0kQBuxjkSGwRDj7Kiyj4UInJTO +8z50k0cclcVveTuta+hsq0CTItu6RCl6kaimjixrYsfNd55ahcR7WjU5DL23DHDe +dJvPxXNcU6Kne0dIGm41uYTloleoe+f5Dvf27421sRlgltfA8M8KfaB5AKUOp/gA +DeQ9lcCwSpCfPavIWdpyW67v3NBoICPlmKUgg2EsxB6+nceHP1OcAAK4Sm083UBB +1uLcF08Yz2lMe7rHMieI8khZyjXI1A42M7wL3Yyl9m2/DvSuE5Xu6qyuEDDqNFbz +GHQ9YECQ6ykf/MQd3CeKUeDlCZ313Nmb6uqehbbpm9Yayr/M9rwpgVilJwyQhELO +gta3RozpQIqx3a8UXgUSXx1xckRdcbYitBGFgh3JpU4iaYyE2jFHkCrzUFt9Q3To +pe2MTutj1K7l1wxUVy47nfK1/3JLI4wiP0QbflZMDBGiCyMPmZpJWEVkCtH3f1QY +tFM+2TGkroQWOU1YaK9liqYtXQ8h5cjqSC273aMU21SK/FOEufpOUeWa8XCdOsNa +MQKfI/fDgmAmQFacy4RE5ICWx0s68qnQotvmdyaLDClVFha5jlAKufnee8T1L5BA +TV7HJci7h0wy8hTqZOiGpmDIG0UJXcD7sK+PeBKvte+wfaMVyM0Kq+j7DWCJRgw8 +xw8HpPDCVevr8tI94JszjiJhhRNuaHw0xiN8MRxf62MDEpw/NM0HFA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted.pem b/tests/pem/rsa-encrypted.pem new file mode 100644 index 000000000..888618c1c --- /dev/null +++ b/tests/pem/rsa-encrypted.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,79A277F758B09D047847C9C5F099B5D0 + +cbGjYcmMEdYJC76SMAi5cbiJ17tcR+swnKBKJ6Wz8TEUiG2WjhkzPcAiobJQMwNT +r47uhzyOD9SkhuXkMwB+EXaB8JSBOhqeLE5zmxQOedba5HHWUBGBHNa7FafgV+/H +RpLjaAsDkXTnmBTBbLpQmMP3zJRG2e8+G7/WFakzd0QcQcy4zWNH3WtBc207Oeup +WN8P2XA7KQkHnCdojfLD4JNJTosa+o9HphSRdRtTrzCCR6WMH3iUovnQCmSARUcm +7JmujGzOx/wuKDiC4HSZWYhOul0OSXrt25G42RJJu4v8bHgsKFeHp2/U2Zpkkd/b +96TtQ7Mo2lsuZzUEmb4kWO+2vVKy+0sPn8G7uOID3FZ8jmQZV4v1ASLGz6Mj2zJe +u0b0+UpSRB8eVwM3BL1oZxe3MSNynFgbPs53Q52zJGX8CFTxDNEPGYYRGFb1B5B8 +Hd6QTilegEbFStWLH2tv1IX/YeLNytd94+wMaqRmDv9huo9lushQ7pT4tMkntzte +vMkboFD/p83T2uHXMVfRthNKBWfLYgpAbwQ5UbfLjTIxZ6Jhr5hakMb2R28IaXj5 +5Ss85suLiY+RWnNCh/313ghuWvFC3Ixx1YVpVKdTIGRK/gLkSzXV8oA00yJm7RoW +WilXcXppWLIODkOn3VFsrQ9lerVWRX4emndP4drW5SnVCnkrlPDmE7joh2Mumjwl +vO0QMq1o8CZoWbxZ20qnqveoEH0Kw8qhsLScxs55LGgqGnf5G0AmVDh4mK6CyY1m +cXoqkJ2IpBmnMGNPKEKeuLGl1kRW7eyP0+xlGG8JtMpA/xRiSn3lRydAlCkxAZRq +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted.pk8 b/tests/pem/rsa-encrypted.pk8 new file mode 100644 index 000000000..c773664f2 --- /dev/null +++ b/tests/pem/rsa-encrypted.pk8 @@ -0,0 +1,18 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIC3TBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIzkqhs+PNHcUCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBBjfvDZNKdgUMcoi06nycWNBIIC +gCh5mBr0KtjS8A0X8pXZ3A2fFo33RNLmkASq3l4o+OyZx8o/LHqLV0EqYI3ovV/r +A6Z4Y6aPJwAmyRULc8us4E8pZLc5I8rSu9rlGnmSz1JDlFKy8xdo5+0oVE1uRmWe +NBhWjCUp1wu/tOavM59rVSXXV/HOe4K350ANkZgJTqUsuud4YabhlIwu6umi3Fam ++jjZtGu5K2t8HHKLTYANDHYiW5a+YnZ66sFw+Ny9K3oEBCMTc/flxZnraihg5NwP +bmqgH4y2FCpRIsTknmPnOXwTHgdjbNT3si5Ja38ztU5QnmITPk8RDApeihbMyfln +UhWvOTXOGF85msA5uAa5QHrtokFpIpyOzDZh/OTznAz2Pe7w6D0AbJU19ozGyHwR +IKg4qyG1dzLz8YhBtscei8yoWjhIFsRpjd87mEEs6dEomFGndkDse7IZvyjFG5Yy +iVejSKXv9n2aJy8GhWrIO2ucyQ0wRZ93WwCTO3p4//nqXB/BlImZBE3moUxKdT/2 +UYT9uhk5ZUOlWur77Q3wO6IM9KcEcgxSkFwTuh7cpawM4qG5HTzob/3OAr0gYx/2 +0UbhcTtRgavYXNaEVrgNc+fXc3iAt1w80E6oblUPSkg9fyorrbQb6IbEesLLjIi9 +7Tnvv25p8Rdq2i5dmCUtUmiYLYm9E3lO/HKOpMtvRT3srv7+L6GiyuzQ4j4oSLr/ +9ktc+vLJ7eSZ8i3KUJDPwNhU+HRsTVmAIs2dOQiHGBfpEoHgUMxT448LrmV2OYMr +NPYCZKHDIocBYgR4K6WXi48Ta3D7P+Y+qB2oiRyyEC0AZKfUHVKM6xF1SehV7HWV +VUpdx4blblYjMEmdY3BRG+Y= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem/rsa.pem b/tests/pem/rsa.pem new file mode 100644 index 000000000..e4996c35c --- /dev/null +++ b/tests/pem/rsa.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDPmt5kitrIMyCp14MxGVSymoWnobd1M7aprIQks97bfYUtlmXl +P3KVJJ8oaMpP20QcPmASit0mpev/C17UiDhJKm5bvxI3R70Fa7zb8+7kEY5BaHxh +E9dCyIC+No/cCItPrKTidgzJY2xJWJPtzKrcJTsKYD+LVDrDTTHnlKRE/QIDAQAB +AoGBAMhiuereRFMdVpfZl54azzAeCohFhikwo02fYWVz4NaHj7bzBqOC3Hys/pso +mq79+/4vDtiXBOO7H9HsDbqjSX9HrIpEBH6GtzlCP60etw6lUfRAYx79veqfQZ+o +kB1vClqVExENgK9fZJiKLHhoZbAri6JTh8rxZASr8nvbg8iBAkEA975eI8MyP7+L +jjru/PzL5ffxC7xCgq7Vej7K99VpP2Qloh+3dXUFkkLruPHzCgXjlNFVeDWgNqCb +fJKEbN3cTQJBANaGDoVCCwQIhCFg8A4NiP0eNhBlTx5TtAhygFw/WWYX5pjy6Wx6 +Bkysdj3tjKHOrRu9tH0ovOMOOI2Z2AW1o3ECQG3rwy0u8F6kiDEFKQCK0ZUpm4PP +ddsx43on3jp0MAx2TNRQKkAtOdmZY6ldgK5TypQ/BSMe+AUE4bg18hezoIkCQQCr +kIj6YAgpUJpDi6BQzNha/pdkY3F0IqMgAlrP68YWlVTRy6uNGsYA+giSnHHVUlI1 +lnFLi5IM0Om/rWMLpemxAkEA3MwnyOTcYkjVm6/1q2D2If1T4rddCckaoQSp/GEs +XQRYOlo58UohVmf9zCCjj3gYWnk9Lo5+hgrmqDPBBBdKnw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa.pk8 b/tests/pem/rsa.pk8 new file mode 100644 index 000000000..20747bd96 --- /dev/null +++ b/tests/pem/rsa.pk8 @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAM+a3mSK2sgzIKnX +gzEZVLKahaeht3UztqmshCSz3tt9hS2WZeU/cpUknyhoyk/bRBw+YBKK3Sal6/8L +XtSIOEkqblu/EjdHvQVrvNvz7uQRjkFofGET10LIgL42j9wIi0+spOJ2DMljbElY +k+3MqtwlOwpgP4tUOsNNMeeUpET9AgMBAAECgYEAyGK56t5EUx1Wl9mXnhrPMB4K +iEWGKTCjTZ9hZXPg1oePtvMGo4LcfKz+myiarv37/i8O2JcE47sf0ewNuqNJf0es +ikQEfoa3OUI/rR63DqVR9EBjHv296p9Bn6iQHW8KWpUTEQ2Ar19kmIoseGhlsCuL +olOHyvFkBKvye9uDyIECQQD3vl4jwzI/v4uOOu78/Mvl9/ELvEKCrtV6Psr31Wk/ +ZCWiH7d1dQWSQuu48fMKBeOU0VV4NaA2oJt8koRs3dxNAkEA1oYOhUILBAiEIWDw +Dg2I/R42EGVPHlO0CHKAXD9ZZhfmmPLpbHoGTKx2Pe2Moc6tG720fSi84w44jZnY +BbWjcQJAbevDLS7wXqSIMQUpAIrRlSmbg8912zHjeifeOnQwDHZM1FAqQC052Zlj +qV2ArlPKlD8FIx74BQThuDXyF7OgiQJBAKuQiPpgCClQmkOLoFDM2Fr+l2RjcXQi +oyACWs/rxhaVVNHLq40axgD6CJKccdVSUjWWcUuLkgzQ6b+tYwul6bECQQDczCfI +5NxiSNWbr/WrYPYh/VPit10JyRqhBKn8YSxdBFg6WjnxSiFWZ/3MIKOPeBhaeT0u +jn6GCuaoM8EEF0qf +-----END PRIVATE KEY----- diff --git a/tests/pem/x25519-encrypted.pk8 b/tests/pem/x25519-encrypted.pk8 new file mode 100644 index 000000000..29ea91d0c --- /dev/null +++ b/tests/pem/x25519-encrypted.pk8 @@ -0,0 +1,6 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIGbMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAjemFQzTzUb/QICCAAw +DAYIKoZIhvcNAgkFADAdBglghkgBZQMEAQIEEPhFOISMQdpDb6MkjW9pEkQEQP4C +Du/QGJw0fzI07h36dP6wSFeWj4Po0LD0AIcYpD8gsggm9H7huFuVv4MsXLFJWfZX +D4yrLu8Y1KC2Dc8kkZ4= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem_test.c b/tests/pem_test.c new file mode 100644 index 000000000..3c7837141 --- /dev/null +++ b/tests/pem_test.c @@ -0,0 +1,55 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include + +#if defined(LTC_PEM) && defined(LTC_TEST_READDIR) && !defined(LTC_EASY) + +static int password_get(void **p, unsigned long *l, void *u) +{ + LTC_UNUSED_PARAM(u); + *p = strdup("secret"); + *l = 6; + return 0; +} + +static int s_pem_decode_filehandle(const void *in, unsigned long inlen, void *key) +{ + password_ctx pw_ctx; + pw_ctx.callback = password_get; + return pem_decode(in, inlen, key, &pw_ctx); +} + +static void s_pem_free_key(ltc_pka_key *key) +{ + switch (key->id) { + case LTC_PKA_RSA: + rsa_free(&key->u.rsa); + break; + case LTC_PKA_EC: + ecc_free(&key->u.ecc); + break; + default: + break; + } +} + +int pem_test(void) +{ + ltc_pka_key key; + + if (ltc_mp.name == NULL) return CRYPT_NOP; + + DO(test_process_dir("tests/pem", &key, s_pem_decode_filehandle, (dir_cleanup_cb)s_pem_free_key, "pem_test")); + DO(test_process_dir("tests/pem-ecc-pkcs8", &key, s_pem_decode_filehandle, (dir_cleanup_cb)s_pem_free_key, "pem_test+ecc")); + + return 0; +} + +#else + +int pem_test(void) +{ + return CRYPT_NOP; +} + +#endif diff --git a/tests/test.c b/tests/test.c index ccd6051b9..3db5c8a2d 100644 --- a/tests/test.c +++ b/tests/test.c @@ -36,6 +36,7 @@ static const test_function test_functions[] = LTC_TEST_FN(x25519_test), LTC_TEST_FN(file_test), LTC_TEST_FN(multi_test), + LTC_TEST_FN(pem_test), /* keep the prng_test always at the end as * it has to be handled specially when * testing with LTC_PTHREAD enabled diff --git a/tests/tomcrypt_test.h b/tests/tomcrypt_test.h index 263c4e626..8d9b84710 100644 --- a/tests/tomcrypt_test.h +++ b/tests/tomcrypt_test.h @@ -35,6 +35,7 @@ int base32_test(void); int base16_test(void); int file_test(void); int multi_test(void); +int pem_test(void); int prng_test(void); int mpi_test(void); int padding_test(void); From 464c9b1986cd91ded19fd5029f0b484e54a55e87 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Fri, 14 Jan 2022 14:55:23 +0100 Subject: [PATCH 16/51] add `dsa_import_pkcs8()` Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_pk.h | 3 ++ src/headers/tomcrypt_private.h | 4 ++ src/pk/dsa/dsa_generate_pqg.c | 9 +--- src/pk/dsa/dsa_import.c | 70 ++++++++++++------------ src/pk/dsa/dsa_import_pkcs8.c | 88 +++++++++++++++++++++++++++++++ src/pk/dsa/dsa_init.c | 22 ++++++++ src/pk/dsa/dsa_set.c | 5 +- src/pk/dsa/dsa_set_pqg_dsaparam.c | 3 +- src/pk/dsa/dsa_verify_key.c | 23 ++++++-- 9 files changed, 173 insertions(+), 54 deletions(-) create mode 100644 src/pk/dsa/dsa_import_pkcs8.c create mode 100644 src/pk/dsa/dsa_init.c diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index c0ead7c2c..2493561ad 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -483,6 +483,9 @@ int dsa_decrypt_key(const unsigned char *in, unsigned long inlen, const dsa_key *key); int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key); +int dsa_import_pkcs8(const unsigned char *in, unsigned long inlen, + const password_ctx *pw_ctx, + dsa_key *key); int dsa_export(unsigned char *out, unsigned long *outlen, int type, const dsa_key *key); int dsa_verify_key(const dsa_key *key, int *stat); int dsa_shared_secret(void *private_key, void *base, diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 082461f56..4848dff51 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -432,9 +432,13 @@ int ltc_ecc_map(ecc_point *P, void *modulus, void *mp); #endif /* LTC_MECC */ #ifdef LTC_MDSA +int dsa_int_init(dsa_key *key); +int dsa_int_validate(const dsa_key *key, int *stat); int dsa_int_validate_xy(const dsa_key *key, int *stat); int dsa_int_validate_pqg(const dsa_key *key, int *stat); int dsa_int_validate_primes(const dsa_key *key, int *stat); +int dsa_import_pkcs1(const unsigned char *in, unsigned long inlen, dsa_key *key); +int dsa_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, dsa_key *key); #endif /* LTC_MDSA */ diff --git a/src/pk/dsa/dsa_generate_pqg.c b/src/pk/dsa/dsa_generate_pqg.c index 22f4852b6..d607782fa 100644 --- a/src/pk/dsa/dsa_generate_pqg.c +++ b/src/pk/dsa/dsa_generate_pqg.c @@ -209,13 +209,8 @@ int dsa_generate_pqg(prng_state *prng, int wprng, int group_size, int modulus_si { int err; - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - /* init mp_ints */ - if ((err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, LTC_NULL)) != CRYPT_OK) { - return err; - } + /* init key */ + if ((err = dsa_int_init(key)) != CRYPT_OK) return err; /* generate params */ err = s_dsa_make_params(prng, wprng, group_size, modulus_size, key->p, key->q, key->g); if (err != CRYPT_OK) { diff --git a/src/pk/dsa/dsa_import.c b/src/pk/dsa/dsa_import.c index b5660d398..71619a556 100644 --- a/src/pk/dsa/dsa_import.c +++ b/src/pk/dsa/dsa_import.c @@ -9,6 +9,25 @@ #ifdef LTC_MDSA +int dsa_import_pkcs1(const unsigned char *in, unsigned long inlen, dsa_key *key) +{ + int err; + unsigned long zero = 0; + /* get key type */ + if ((err = der_decode_sequence_multi(in, inlen, + LTC_ASN1_SHORT_INTEGER, 1UL, &zero, + LTC_ASN1_INTEGER, 1UL, key->p, + LTC_ASN1_INTEGER, 1UL, key->q, + LTC_ASN1_INTEGER, 1UL, key->g, + LTC_ASN1_INTEGER, 1UL, key->y, + LTC_ASN1_INTEGER, 1UL, key->x, + LTC_ASN1_EOL, 0UL, NULL)) == CRYPT_OK) { + + key->type = PK_PRIVATE; + } + return err; +} + /** Import a DSA key @param in The binary packet to import from @@ -19,18 +38,13 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key) { int err, stat; - unsigned long zero = 0, len; unsigned char* tmpbuf = NULL; unsigned char flags[1]; LTC_ARGCHK(in != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); /* init key */ - if (mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, LTC_NULL) != CRYPT_OK) { - return CRYPT_MEM; - } + if ((err = dsa_int_init(key)) != CRYPT_OK) return err; /* try to match the old libtomcrypt format */ err = der_decode_sequence_multi(in, inlen, LTC_ASN1_BIT_STRING, 1UL, flags, @@ -71,62 +85,44 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key) goto LBL_ERR; } } - /* get key type */ - if (der_decode_sequence_multi(in, inlen, - LTC_ASN1_SHORT_INTEGER, 1UL, &zero, - LTC_ASN1_INTEGER, 1UL, key->p, - LTC_ASN1_INTEGER, 1UL, key->q, - LTC_ASN1_INTEGER, 1UL, key->g, - LTC_ASN1_INTEGER, 1UL, key->y, - LTC_ASN1_INTEGER, 1UL, key->x, - LTC_ASN1_EOL, 0UL, NULL) == CRYPT_OK) { - key->type = PK_PRIVATE; - } else { /* public */ + if (dsa_import_pkcs1(in, inlen, key) != CRYPT_OK) { ltc_asn1_list params[3]; - unsigned long tmpbuf_len = inlen; + unsigned long tmpbuf_len = inlen, len; LTC_SET_ASN1(params, 0, LTC_ASN1_INTEGER, key->p, 1UL); LTC_SET_ASN1(params, 1, LTC_ASN1_INTEGER, key->q, 1UL); LTC_SET_ASN1(params, 2, LTC_ASN1_INTEGER, key->g, 1UL); + len = 3; tmpbuf = XCALLOC(1, tmpbuf_len); if (tmpbuf == NULL) { - err = CRYPT_MEM; - goto LBL_ERR; + return CRYPT_MEM; } - len = 3; - err = x509_decode_subject_public_key_info(in, inlen, LTC_OID_DSA, - tmpbuf, &tmpbuf_len, - LTC_ASN1_SEQUENCE, params, &len); + err = x509_decode_subject_public_key_info(in, inlen, + LTC_OID_DSA, tmpbuf, &tmpbuf_len, + LTC_ASN1_SEQUENCE, params, &len); if (err != CRYPT_OK) { XFREE(tmpbuf); goto LBL_ERR; } - if ((err=der_decode_integer(tmpbuf, tmpbuf_len, key->y)) != CRYPT_OK) { + if ((err = der_decode_integer(tmpbuf, tmpbuf_len, key->y)) != CRYPT_OK) { XFREE(tmpbuf); goto LBL_ERR; } - XFREE(tmpbuf); key->type = PK_PUBLIC; + XFREE(tmpbuf); } LBL_OK: key->qord = mp_unsigned_bin_size(key->q); - /* quick p, q, g validation, without primality testing */ - if ((err = dsa_int_validate_pqg(key, &stat)) != CRYPT_OK) { - goto LBL_ERR; - } - if (stat == 0) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - /* validate x, y */ - if ((err = dsa_int_validate_xy(key, &stat)) != CRYPT_OK) { + /* quick p, q, g validation, without primality testing + * + x, y validation */ + if ((err = dsa_int_validate(key, &stat)) != CRYPT_OK) { goto LBL_ERR; } if (stat == 0) { @@ -134,7 +130,7 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key) goto LBL_ERR; } - return CRYPT_OK; + return CRYPT_OK; LBL_ERR: dsa_free(key); return err; diff --git a/src/pk/dsa/dsa_import_pkcs8.c b/src/pk/dsa/dsa_import_pkcs8.c new file mode 100644 index 000000000..f8a592a65 --- /dev/null +++ b/src/pk/dsa/dsa_import_pkcs8.c @@ -0,0 +1,88 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + +/** + @file dsa_import_pkcs8.c + Import a PKCS DSA key +*/ + +#ifdef LTC_MDSA + +int dsa_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, dsa_key *key) +{ + int err, stat; + + LTC_UNUSED_PARAM(alg_id); + + if (!alg_id->child + || !LTC_ASN1_IS_TYPE(alg_id->child->next, LTC_ASN1_SEQUENCE) + || !LTC_ASN1_IS_TYPE(priv_key, LTC_ASN1_OCTET_STRING)) { + return CRYPT_INVALID_PACKET; + } + if ((err = dsa_set_pqg_dsaparam(alg_id->child->next->data, alg_id->child->next->size, key)) != CRYPT_OK) { + return err; + } + if ((err = der_decode_integer(priv_key->data, priv_key->size, key->x)) != CRYPT_OK) { + goto LBL_ERR; + } + if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK) { + goto LBL_ERR; + } + + /* quick p, q, g validation, without primality testing + * + x, y validation */ + if ((err = dsa_int_validate(key, &stat)) != CRYPT_OK) { + goto LBL_ERR; + } + if (stat == 0) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + + key->qord = mp_unsigned_bin_size(key->q); + key->type = PK_PRIVATE; + + return err; +LBL_ERR: + dsa_free(key); + return err; +} +/** + Import an RSAPrivateKey in PKCS#8 format + @param in The packet to import from + @param inlen It's length (octets) + @param pw_ctx The password context when decrypting the private key + @param key [out] Destination for newly imported key + @return CRYPT_OK if successful, upon error allocated memory is freed +*/ +int dsa_import_pkcs8(const unsigned char *in, unsigned long inlen, + const password_ctx *pw_ctx, + dsa_key *key) +{ + int err; + ltc_asn1_list *l = NULL; + ltc_asn1_list *alg_id, *priv_key; + enum ltc_oid_id pka; + + LTC_ARGCHK(in != NULL); + + if ((err = pkcs8_decode_flexi(in, inlen, pw_ctx, &l)) != CRYPT_OK) { + return err; + } + if ((err = pkcs8_get_children(l, &pka, &alg_id, &priv_key)) != CRYPT_OK) { + goto LBL_DER_FREE; + } + if (pka != LTC_OID_DSA) { + err = CRYPT_INVALID_PACKET; + goto LBL_DER_FREE; + } + + err = dsa_import_pkcs8_asn1(alg_id, priv_key, key); + +LBL_DER_FREE: + der_free_sequence_flexi(l); + return err; +} + +#endif /* LTC_MRSA */ diff --git a/src/pk/dsa/dsa_init.c b/src/pk/dsa/dsa_init.c new file mode 100644 index 000000000..e7952845e --- /dev/null +++ b/src/pk/dsa/dsa_init.c @@ -0,0 +1,22 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + + +#ifdef LTC_MDSA + +/** + Init DSA key + @param key [out] the key to init + @return CRYPT_OK if successful. +*/ +int dsa_int_init(dsa_key *key) +{ + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + + /* init key */ + return mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, LTC_NULL); +} + +#endif diff --git a/src/pk/dsa/dsa_set.c b/src/pk/dsa/dsa_set.c index 82b603330..af7fcaa70 100644 --- a/src/pk/dsa/dsa_set.c +++ b/src/pk/dsa/dsa_set.c @@ -26,12 +26,9 @@ int dsa_set_pqg(const unsigned char *p, unsigned long plen, LTC_ARGCHK(p != NULL); LTC_ARGCHK(q != NULL); LTC_ARGCHK(g != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); /* init key */ - err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, LTC_NULL); - if (err != CRYPT_OK) return err; + if ((err = dsa_int_init(key)) != CRYPT_OK) return err; if ((err = mp_read_unsigned_bin(key->p, (unsigned char *)p , plen)) != CRYPT_OK) { goto LBL_ERR; } if ((err = mp_read_unsigned_bin(key->g, (unsigned char *)g , glen)) != CRYPT_OK) { goto LBL_ERR; } diff --git a/src/pk/dsa/dsa_set_pqg_dsaparam.c b/src/pk/dsa/dsa_set_pqg_dsaparam.c index 97c71f10c..f269c4bb8 100644 --- a/src/pk/dsa/dsa_set_pqg_dsaparam.c +++ b/src/pk/dsa/dsa_set_pqg_dsaparam.c @@ -25,8 +25,7 @@ int dsa_set_pqg_dsaparam(const unsigned char *dsaparam, unsigned long dsaparamle LTC_ARGCHK(ltc_mp.name != NULL); /* init key */ - err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, LTC_NULL); - if (err != CRYPT_OK) return err; + if ((err = dsa_int_init(key)) != CRYPT_OK) return err; if ((err = der_decode_sequence_multi(dsaparam, dsaparamlen, LTC_ASN1_INTEGER, 1UL, key->p, diff --git a/src/pk/dsa/dsa_verify_key.c b/src/pk/dsa/dsa_verify_key.c index 50d566aec..ccf7c6a34 100644 --- a/src/pk/dsa/dsa_verify_key.c +++ b/src/pk/dsa/dsa_verify_key.c @@ -27,10 +27,7 @@ int dsa_verify_key(const dsa_key *key, int *stat) err = dsa_int_validate_primes(key, stat); if (err != CRYPT_OK || *stat == 0) return err; - err = dsa_int_validate_pqg(key, stat); - if (err != CRYPT_OK || *stat == 0) return err; - - return dsa_int_validate_xy(key, stat); + return dsa_int_validate(key, stat); } /** @@ -186,4 +183,22 @@ int dsa_int_validate_xy(const dsa_key *key, int *stat) return err; } +/** + Validation of DSA params (p, q, g) and DSA key (x and y) + + @param key The key to validate + @param stat [out] Result of test, 1==valid, 0==invalid + @return CRYPT_OK if successful +*/ +int dsa_int_validate(const dsa_key *key, int *stat) +{ + int err; + + err = dsa_int_validate_pqg(key, stat); + if (err != CRYPT_OK || *stat == 0) return err; + + return dsa_int_validate_xy(key, stat); + +} + #endif From 22a952b81324732e6874a87d2e9929100ce73c6f Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Fri, 14 Jan 2022 22:59:07 +0100 Subject: [PATCH 17/51] add DSA support to PEM decoder Signed-off-by: Steffen Jaeckel --- src/misc/pem/pem_decode.c | 8 ++++++++ tests/pem/dsa-encrypted.pem | 15 +++++++++++++++ tests/pem/dsa-encrypted.pk8 | 12 ++++++++++++ tests/pem/dsa.pem | 12 ++++++++++++ tests/pem/dsa.pk8 | 9 +++++++++ 5 files changed, 56 insertions(+) create mode 100644 tests/pem/dsa-encrypted.pem create mode 100644 tests/pem/dsa-encrypted.pk8 create mode 100644 tests/pem/dsa.pem create mode 100644 tests/pem/dsa.pk8 diff --git a/src/misc/pem/pem_decode.c b/src/misc/pem/pem_decode.c index 9520baead..cc6a35eb8 100644 --- a/src/misc/pem/pem_decode.c +++ b/src/misc/pem/pem_decode.c @@ -336,6 +336,10 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) goto cleanup; } switch (pka) { + case LTC_OID_DSA: + err = dsa_import_pkcs8_asn1(alg_id, priv_key, &k->u.dsa); + k->id = LTC_PKA_DSA; + break; case LTC_OID_RSA: err = rsa_import_pkcs8_asn1(alg_id, priv_key, &k->u.rsa); k->id = LTC_PKA_RSA; @@ -371,6 +375,10 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) } } switch (hdr.id->pka) { + case LTC_OID_DSA: + err = dsa_import(pem, l, &k->u.dsa); + k->id = LTC_PKA_DSA; + break; case LTC_OID_RSA: err = rsa_import(pem, l, &k->u.rsa); k->id = LTC_PKA_RSA; diff --git a/tests/pem/dsa-encrypted.pem b/tests/pem/dsa-encrypted.pem new file mode 100644 index 000000000..f969cf395 --- /dev/null +++ b/tests/pem/dsa-encrypted.pem @@ -0,0 +1,15 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,B2C493F67D2CD758E063D3F1CDB32CF1 + +RA0nxX4tNhRbTvuHOelQ7XftpZuAA0tb8htZykyIjlNnGVunWQi98pGSTMhGvbxE +qAD3HJMiVKYh8zcIiQs0stGd0ZwbTSX+U17eWYQuGGcDj0I4G9MW2A+jbi7qhaQV +Nv8J6KWxvdTPXxGZojePtwUF+b1YJ4aDBrdCtS4aRTmFy/mL8J5UXmP7agg+x1o3 +3BSXedVqhB/JTWiojk4XRnf+PiPRsQ9gZkbeI2d5IN+I3QEO06UQSJASxH0o58Oi +NrTTS7BZkrRCpC7ljFcMS/lRV0sSZ8kfY77/vuK/R87F7snIvSda6SgvWwQxqV/A +rd+Y2xlu7+2taIsCYm8fgHg+PpXUOe/PwfILp7JqP6PwTBAgXIr5i4xUhes1RNXI +zyytK5b2i5WoY7rb20duzm3lwLAf51hBJ87/T9AWar+j/+8VNw0OAv64Q+1G6SZ8 +B6fv3hllr9QVhkGxQgheNOh2yU/ztNGdnstfXFI896r8RC0SoDHdOW8aDu+tjqDZ +oVvGoeZ4ruWHUBV30Qiug5/1je48Pf/BRMHo74I0uK+IlTqU9INiYYO6fCUWU6yP +kulpB6DiO+77d1yWNSyP4g== +-----END DSA PRIVATE KEY----- diff --git a/tests/pem/dsa-encrypted.pk8 b/tests/pem/dsa-encrypted.pk8 new file mode 100644 index 000000000..d58865694 --- /dev/null +++ b/tests/pem/dsa-encrypted.pk8 @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIhl5UM+zVfdsCAggA +MAwGCCqGSIb3DQILBQAwHQYJYIZIAWUDBAEqBBCKg6jOje2Z2PFCPX+F4SLmBIIB +UDhr7k75REqmtbMaTF/cHI/CYCVmIv5TzQPz9qWF1nrKrZ705TIUTtEFiMZ9fArM +nRGUHURbTaCpD+wFVBuYDuoNLcgnxtjKWW7HIykGPY6imkJ3wYGUt7mVGd9uikly +3sLtG1fVfDH79ZqKoaFTxVL89H5HwluOSaYYghenLXxcieTJ23zgsXFYlw+mbNpd +NtYUje4rmgtYJoB28b/7NNhBVEXq0VvyuWW3paRRzkIsZo+6dAPLO45KPHSBpQCa +iRXB4Sikq0og9RJyrw2Nxcwipzs+s61gfEHxjBnn1ZbJSQJ3kmzA4r3QtypTbKDR +ay9VEgvQY3yu3I9yJmTqLKMDAad3zzvotULylUmAIhY1Ejek+Rt9BTseKMOz8nIA +sQgxXr02g2kMAba8HaDU1kaSNV8Tj5Bwrl2DeiKfZfxQcVo2v5TBvYwjHYqljloW +sA== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem/dsa.pem b/tests/pem/dsa.pem new file mode 100644 index 000000000..2f026694c --- /dev/null +++ b/tests/pem/dsa.pem @@ -0,0 +1,12 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBuwIBAAKBgQDFCjdRXKvWGNWicL1Kb2tK+eE5lQ8rmTh9mmTWTLWWetztrKis +xhtlWt7bAGElGhgs7qEHkGJeTRIxkMcDIfoJ57Fz146v2/2/s++t0aEqA23nBpJK +hSr/egFmUx/qxmdBhFrAbO1i+cJiYgWk+kigZuw1yagR/rmBq+6+Mba/zwIVAKpb +1/TlBiQT5Yg1ygDHpjVxYZTFAoGAO5Lk/1kpFQsImVp78q0UQFVvoEf/kJmzRLPU +/EUVBa5nIkOcujcQpYlHN+zM9a6tqLR6Ncudk1zt5rB+lpTEpgx91nCKCU+BSg7C +E/vrFr/qpPRW/3IwBd6KRD++xoUmVdYtHR7bFdqkRYM8F5eYC42H80kNkL2pq2du +h2hyI9wCgYBTFrD7v1mKXlWVwU+sQ7gIU+bPDZIj+rGEWVI5v8vyLTg63ZNSBUl+ +KxLEYXPjb1S9luWnqqlaWKS3Z9LAvcgesToST5jABe85XWq6tws72LeV3XluotKE +c0cDiLRk2bm4T/HJNLv5c2b1fC4R/sMx5gg4WWeB621BJ9cNdK+gNQIVAJk25eTp ++yi+kfUGX+jJNbP12B/F +-----END DSA PRIVATE KEY----- diff --git a/tests/pem/dsa.pk8 b/tests/pem/dsa.pk8 new file mode 100644 index 000000000..cca830cb1 --- /dev/null +++ b/tests/pem/dsa.pk8 @@ -0,0 +1,9 @@ +-----BEGIN PRIVATE KEY----- +MIIBSwIBADCCASsGByqGSM44BAEwggEeAoGBAMUKN1Fcq9YY1aJwvUpva0r54TmV +DyuZOH2aZNZMtZZ63O2sqKzGG2Va3tsAYSUaGCzuoQeQYl5NEjGQxwMh+gnnsXPX +jq/b/b+z763RoSoDbecGkkqFKv96AWZTH+rGZ0GEWsBs7WL5wmJiBaT6SKBm7DXJ +qBH+uYGr7r4xtr/PAhUAqlvX9OUGJBPliDXKAMemNXFhlMUCgYA7kuT/WSkVCwiZ +WnvyrRRAVW+gR/+QmbNEs9T8RRUFrmciQ5y6NxCliUc37Mz1rq2otHo1y52TXO3m +sH6WlMSmDH3WcIoJT4FKDsIT++sWv+qk9Fb/cjAF3opEP77GhSZV1i0dHtsV2qRF +gzwXl5gLjYfzSQ2QvamrZ26HaHIj3AQXAhUAmTbl5On7KL6R9QZf6Mk1s/XYH8U= +-----END PRIVATE KEY----- From d1e48df763ab9c59f79687d9eb21522154fe04d1 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sun, 16 Jan 2022 12:39:55 +0100 Subject: [PATCH 18/51] Verify that the imported keys match Signed-off-by: Steffen Jaeckel --- tests/common.h | 15 +++++ tests/dsa_test.c | 25 +++++++-- tests/ecc_test.c | 143 ++++++++++++++++++++++++----------------------- tests/pem_test.c | 68 +++++++++++++++++++++- tests/rsa_test.c | 20 ++++--- 5 files changed, 186 insertions(+), 85 deletions(-) diff --git a/tests/common.h b/tests/common.h index 66c0f95d9..a2ffd0fd0 100644 --- a/tests/common.h +++ b/tests/common.h @@ -6,6 +6,21 @@ #include extern prng_state yarrow_prng; +#if defined(LTC_MDSA) +extern const unsigned char ltc_dsa_private_test_key[]; +extern const unsigned long ltc_dsa_private_test_key_sz; +int dsa_key_cmp(const int should_type, const dsa_key *should, const dsa_key *is); +#endif +#if defined(LTC_MRSA) +extern const unsigned char ltc_rsa_private_test_key[]; +extern const unsigned long ltc_rsa_private_test_key_sz; +int rsa_key_cmp(const int should_type, const rsa_key *should, const rsa_key *is); +#endif +#if defined(LTC_MECC) +extern const unsigned char ltc_ecc_long_pri_test_key[]; +extern const unsigned long ltc_ecc_long_pri_test_key_sz; +int ecc_key_cmp(const int should_type, const ecc_key *should, const ecc_key *is); +#endif #ifdef LTC_VERBOSE #define DO(x) do { fprintf(stderr, "%s:\n", #x); run_cmd((x), __LINE__, __FILE__, #x, NULL); } while (0) diff --git a/tests/dsa_test.c b/tests/dsa_test.c index 6a94a6380..18ade7e6f 100644 --- a/tests/dsa_test.c +++ b/tests/dsa_test.c @@ -5,7 +5,7 @@ #if defined(LTC_MDSA) /* This is the private key from test_dsa.key */ -static const unsigned char openssl_priv_dsa[] = { +const unsigned char ltc_dsa_private_test_key[] = { 0x30, 0x82, 0x01, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xc5, 0x0a, 0x37, 0x51, 0x5c, 0xab, 0xd6, 0x18, 0xd5, 0xa2, 0x70, 0xbd, 0x4a, 0x6f, 0x6b, 0x4a, 0xf9, 0xe1, 0x39, 0x95, 0x0f, 0x2b, 0x99, 0x38, 0x7d, @@ -45,6 +45,7 @@ static const unsigned char openssl_priv_dsa[] = { 0xfb, 0x28, 0xbe, 0x91, 0xf5, 0x06, 0x5f, 0xe8, 0xc9, 0x35, 0xb3, 0xf5, 0xd8, 0x1f, 0xc5 }; +const unsigned long ltc_dsa_private_test_key_sz = sizeof(ltc_dsa_private_test_key); /* private key - raw hexadecimal numbers */ static const char *hex_g = "3B92E4FF5929150B08995A7BF2AD1440556FA047FF9099B344B3D4FC451505AE6722439CBA3710A5894737ECCCF5AEADA8B47A35CB9D935CEDE6B07E9694C4A60C7DD6708A094F814A0EC213FBEB16BFEAA4F456FF723005DE8A443FBEC6852655D62D1D1EDB15DAA445833C1797980B8D87F3490D90BDA9AB676E87687223DC"; @@ -123,6 +124,20 @@ static unsigned char dsaparam_der[] = { }; +int dsa_key_cmp(const int should_type, const dsa_key *should, const dsa_key *is) +{ + if (should_type != is->type) return CRYPT_ERROR; + if (should_type == PK_PRIVATE) { + if (mp_cmp(should->x, is->x) != LTC_MP_EQ) return CRYPT_ERROR; + } + if (mp_cmp(should->y, is->y) != LTC_MP_EQ) return CRYPT_ERROR; + if (mp_cmp(should->g, is->g) != LTC_MP_EQ) return CRYPT_ERROR; + if (mp_cmp(should->p, is->p) != LTC_MP_EQ) return CRYPT_ERROR; + if (mp_cmp(should->q, is->q) != LTC_MP_EQ) return CRYPT_ERROR; + if (should->qord != is->qord) return CRYPT_ERROR; + return CRYPT_OK; +} + static int s_dsa_compat_test(void) { dsa_key key; @@ -132,11 +147,11 @@ static int s_dsa_compat_test(void) unsigned long key_lens[5]; int stat; - DO(dsa_import(openssl_priv_dsa, sizeof(openssl_priv_dsa), &key)); + DO(dsa_import(ltc_dsa_private_test_key, sizeof(ltc_dsa_private_test_key), &key)); x = sizeof(tmp); DO(dsa_export(tmp, &x, PK_PRIVATE | PK_STD, &key)); - DO(do_compare_testvector(tmp, x, openssl_priv_dsa, sizeof(openssl_priv_dsa), + DO(do_compare_testvector(tmp, x, ltc_dsa_private_test_key, sizeof(ltc_dsa_private_test_key), "DSA private export failed from dsa_import(priv_key)\n", __LINE__)); x = sizeof(tmp); @@ -172,7 +187,7 @@ static int s_dsa_compat_test(void) &key)); len = sizeof(buf); DO(dsa_export(buf, &len, PK_PRIVATE | PK_STD, &key)); - DO(do_compare_testvector(buf, len, openssl_priv_dsa, sizeof(openssl_priv_dsa), + DO(do_compare_testvector(buf, len, ltc_dsa_private_test_key, sizeof(ltc_dsa_private_test_key), "DSA private export failed from dsa_set_pqg() & dsa_set_key()\n", __LINE__)); dsa_free(&key); @@ -219,7 +234,7 @@ static int s_dsa_compat_test(void) &key)); len = sizeof(buf); DO(dsa_export(buf, &len, PK_PRIVATE | PK_STD, &key)); - DO(do_compare_testvector(buf, len, openssl_priv_dsa, sizeof(openssl_priv_dsa), + DO(do_compare_testvector(buf, len, ltc_dsa_private_test_key, sizeof(ltc_dsa_private_test_key), "DSA private export failed from dsa_set_pqg_dsaparam()\n", __LINE__)); dsa_free(&key); diff --git a/tests/ecc_test.c b/tests/ecc_test.c index 82bb79029..c31a50c03 100644 --- a/tests/ecc_test.c +++ b/tests/ecc_test.c @@ -4,6 +4,28 @@ #if defined(LTC_MECC) +const unsigned char ltc_ecc_long_pri_test_key[] = { /* private + long public, explicit curve params */ + 0x30, 0x82, 0x01, 0x13, 0x02, 0x01, 0x01, 0x04, 0x20, 0x0c, 0xf1, 0xad, 0x2f, 0x03, 0xf7, 0x91, + 0x1b, 0xba, 0x03, 0xcf, 0x23, 0x37, 0xc8, 0xf2, 0xf7, 0x36, 0xce, 0x65, 0xf1, 0x84, 0x2d, 0x7d, + 0x9f, 0x5f, 0x9e, 0x21, 0xd9, 0x5e, 0x49, 0xbd, 0x23, 0xa0, 0x81, 0xa5, 0x30, 0x81, 0xa2, 0x02, + 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2f, + 0x30, 0x06, 0x04, 0x01, 0x00, 0x04, 0x01, 0x07, 0x04, 0x41, 0x04, 0x79, 0xbe, 0x66, 0x7e, 0xf9, + 0xdc, 0xbb, 0xac, 0x55, 0xa0, 0x62, 0x95, 0xce, 0x87, 0x0b, 0x07, 0x02, 0x9b, 0xfc, 0xdb, 0x2d, + 0xce, 0x28, 0xd9, 0x59, 0xf2, 0x81, 0x5b, 0x16, 0xf8, 0x17, 0x98, 0x48, 0x3a, 0xda, 0x77, 0x26, + 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, + 0x85, 0x54, 0x19, 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, 0x02, 0x21, 0x00, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xba, 0xae, + 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41, 0x02, 0x01, + 0x01, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x2a, 0xf9, 0x0b, 0xda, 0xbe, 0x71, 0x66, 0x9e, 0xd1, + 0xcf, 0x12, 0xd0, 0x24, 0xaf, 0xba, 0xb6, 0x7f, 0xfb, 0x96, 0x27, 0x3e, 0x2f, 0xbd, 0x1e, 0xd5, + 0xf9, 0x8d, 0x6c, 0x73, 0x9d, 0xc5, 0x16, 0x91, 0xbd, 0xb2, 0xb9, 0x1b, 0x40, 0x10, 0x5a, 0xb7, + 0x6c, 0x6e, 0x32, 0x5b, 0xf7, 0x63, 0x62, 0x94, 0x24, 0x24, 0xdb, 0xec, 0x3f, 0x8b, 0xe5, 0x6e, + 0x4b, 0x64, 0x37, 0x31, 0x24, 0x79, 0x4d +}; +const unsigned long ltc_ecc_long_pri_test_key_sz = sizeof(ltc_ecc_long_pri_test_key); + static unsigned int sizes[] = { #ifdef LTC_ECC_SECP112R1 14, @@ -506,7 +528,7 @@ static int s_ecc_old_api(void) return CRYPT_OK; } -static int s_ecc_key_cmp(const int should_type, const ecc_key *should, const ecc_key *is) +int ecc_key_cmp(const int should_type, const ecc_key *should, const ecc_key *is) { if (should_type != is->type) return CRYPT_ERROR; if (should_type == PK_PRIVATE) { @@ -613,7 +635,7 @@ static int s_ecc_new_api(void) for (j = 0; j < 2*(1+(int)privkey.dp.cofactor); j++) { stat = ecc_recover_key(buf, len, data16, 16, j, LTC_ECCSIG_ANSIX962, &reckey); if (stat != CRYPT_OK) continue; /* last two will almost always fail, only possible if x<(prime mod order) */ - stat = s_ecc_key_cmp(PK_PUBLIC, &pubkey, &reckey); + stat = ecc_key_cmp(PK_PUBLIC, &pubkey, &reckey); if (stat == CRYPT_OK) found++; } if (found != 1) return CRYPT_FAIL_TESTVECTOR; /* unique match */ @@ -676,39 +698,20 @@ static int s_ecc_import_export(void) { # password protected - PBES1 openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v1 PBE-MD2-DES -out long_pri_pkcs8_pbe_md2_des.der openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v1 PBE-MD2-RC2-64 -out long_pri_pkcs8_pbe_md2_rc2_64.der - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v1 PBE-MD5-DES -out long_pri_pkcs8_pbe_md5_des.der - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v1 PBE-SHA1-RC2-64 -out long_pri_pkcs8_pbe_sha1_rc2_64.der - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v1 PBE-MD5-RC2-64 -out long_pri_pkcs8_pbe_md5_rc2_64.der - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v1 PBE-SHA1-DES -out long_pri_pkcs8_pbe_sha1_des.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v1 PBE-MD5-DES -out long_pri_pkcs8_pbe_md5_des.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v1 PBE-SHA1-RC2-64 -out long_pri_pkcs8_pbe_sha1_rc2_64.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v1 PBE-MD5-RC2-64 -out long_pri_pkcs8_pbe_md5_rc2_64.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v1 PBE-SHA1-DES -out long_pri_pkcs8_pbe_sha1_des.der # password protected - PBES2 - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v2 rc2 -out long_pri_pkcs8_pbkdf2_rc2_cbc.der - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v2 des -out long_pri_pkcs8_pbkdf2_des_cbc.der - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v2 des3 -out long_pri_pkcs8_pbkdf2_des_ede3_cbc.der - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v2 des3 -v2prf hmacWithSHA224 -out long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.der - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v2 des3 -v2prf hmacWithSHA256 -out long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.der - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v2 des3 -v2prf hmacWithSHA384 -out long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.der - openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in long_pri.der -v2 des3 -v2prf hmacWithSHA512 -out long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v2 rc2 -out long_pri_pkcs8_pbkdf2_rc2_cbc.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v2 des -out long_pri_pkcs8_pbkdf2_des_cbc.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v2 des3 -out long_pri_pkcs8_pbkdf2_des_ede3_cbc.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v2 des3 -v2prf hmacWithSHA224 -out long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v2 des3 -v2prf hmacWithSHA256 -out long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v2 des3 -v2prf hmacWithSHA384 -out long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.der + openssl pkcs8 -topk8 -inform DER -outform DER -passout pass:secret -in ltc_ecc_long_pri_test_key.der -v2 des3 -v2prf hmacWithSHA512 -out long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.der */ - static const unsigned char long_pri[] = { /* private + long public, explicit curve params */ - 0x30, 0x82, 0x01, 0x13, 0x02, 0x01, 0x01, 0x04, 0x20, 0x0c, 0xf1, 0xad, 0x2f, 0x03, 0xf7, 0x91, - 0x1b, 0xba, 0x03, 0xcf, 0x23, 0x37, 0xc8, 0xf2, 0xf7, 0x36, 0xce, 0x65, 0xf1, 0x84, 0x2d, 0x7d, - 0x9f, 0x5f, 0x9e, 0x21, 0xd9, 0x5e, 0x49, 0xbd, 0x23, 0xa0, 0x81, 0xa5, 0x30, 0x81, 0xa2, 0x02, - 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2f, - 0x30, 0x06, 0x04, 0x01, 0x00, 0x04, 0x01, 0x07, 0x04, 0x41, 0x04, 0x79, 0xbe, 0x66, 0x7e, 0xf9, - 0xdc, 0xbb, 0xac, 0x55, 0xa0, 0x62, 0x95, 0xce, 0x87, 0x0b, 0x07, 0x02, 0x9b, 0xfc, 0xdb, 0x2d, - 0xce, 0x28, 0xd9, 0x59, 0xf2, 0x81, 0x5b, 0x16, 0xf8, 0x17, 0x98, 0x48, 0x3a, 0xda, 0x77, 0x26, - 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, - 0x85, 0x54, 0x19, 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, 0x02, 0x21, 0x00, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xba, 0xae, - 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41, 0x02, 0x01, - 0x01, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x2a, 0xf9, 0x0b, 0xda, 0xbe, 0x71, 0x66, 0x9e, 0xd1, - 0xcf, 0x12, 0xd0, 0x24, 0xaf, 0xba, 0xb6, 0x7f, 0xfb, 0x96, 0x27, 0x3e, 0x2f, 0xbd, 0x1e, 0xd5, - 0xf9, 0x8d, 0x6c, 0x73, 0x9d, 0xc5, 0x16, 0x91, 0xbd, 0xb2, 0xb9, 0x1b, 0x40, 0x10, 0x5a, 0xb7, - 0x6c, 0x6e, 0x32, 0x5b, 0xf7, 0x63, 0x62, 0x94, 0x24, 0x24, 0xdb, 0xec, 0x3f, 0x8b, 0xe5, 0x6e, - 0x4b, 0x64, 0x37, 0x31, 0x24, 0x79, 0x4d - }; + /* static const unsigned char ltc_ecc_long_pri_test_key[] defined globally */ static const unsigned char long_pri_pkcs8[] = { /* private + long public, explicit curve params, PKCS8 */ 0x30, 0x82, 0x01, 0x23, 0x02, 0x01, 0x00, 0x30, 0x81, 0xae, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x30, 0x81, 0xa2, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48, @@ -1338,144 +1341,144 @@ static int s_ecc_import_export(void) { /* import - raw keys */ DO(ecc_set_curve(cu, &key)); DO(ecc_set_key(raw_pri, sizeof(raw_pri), PK_PRIVATE, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); DO(ecc_set_curve(cu, &key)); DO(ecc_set_key(raw_pub, sizeof(raw_pub), PK_PUBLIC, &key)); - DO(s_ecc_key_cmp(PK_PUBLIC, &pub, &key)); + DO(ecc_key_cmp(PK_PUBLIC, &pub, &key)); ecc_free(&key); DO(ecc_set_curve(cu, &key)); DO(ecc_set_key(raw_pubc, sizeof(raw_pubc), PK_PUBLIC, &key)); - DO(s_ecc_key_cmp(PK_PUBLIC, &pub, &key)); + DO(ecc_key_cmp(PK_PUBLIC, &pub, &key)); ecc_free(&key); /* import - openssl compatible DER format */ - DO(ecc_import_openssl(long_pri, sizeof(long_pri), &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_import_openssl(ltc_ecc_long_pri_test_key, sizeof(ltc_ecc_long_pri_test_key), &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); DO(ecc_import_openssl(long_pric, sizeof(long_pric), &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); DO(ecc_import_openssl(long_pub, sizeof(long_pub), &key)); - DO(s_ecc_key_cmp(PK_PUBLIC, &pub, &key)); + DO(ecc_key_cmp(PK_PUBLIC, &pub, &key)); ecc_free(&key); DO(ecc_import_openssl(long_pubc, sizeof(long_pubc), &key)); - DO(s_ecc_key_cmp(PK_PUBLIC, &pub, &key)); + DO(ecc_key_cmp(PK_PUBLIC, &pub, &key)); ecc_free(&key); DO(ecc_import_openssl(short_pri, sizeof(short_pri), &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); DO(ecc_import_openssl(short_pric, sizeof(short_pric), &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); DO(ecc_import_openssl(short_pub, sizeof(short_pub), &key)); - DO(s_ecc_key_cmp(PK_PUBLIC, &pub, &key)); + DO(ecc_key_cmp(PK_PUBLIC, &pub, &key)); ecc_free(&key); DO(ecc_import_openssl(short_pubc, sizeof(short_pubc), &key)); - DO(s_ecc_key_cmp(PK_PUBLIC, &pub, &key)); + DO(ecc_key_cmp(PK_PUBLIC, &pub, &key)); ecc_free(&key); /* import - private PKCS8 format - no password */ DO(ecc_import_pkcs8(long_pri_pkcs8, sizeof(long_pri_pkcs8), NULL, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); DO(ecc_import_pkcs8(long_pric_pkcs8, sizeof(long_pric_pkcs8), NULL, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); DO(ecc_import_pkcs8(short_pri_pkcs8, sizeof(short_pri_pkcs8), NULL, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); DO(ecc_import_pkcs8(short_pric_pkcs8, sizeof(short_pric_pkcs8), NULL, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); /* import - private PKCS8 format - password protected (PBES1 algorithms) */ #ifdef LTC_MD2 DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md2_des, sizeof(long_pri_pkcs8_pbe_md2_des), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #ifdef LTC_MD5 DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md5_des, sizeof(long_pri_pkcs8_pbe_md5_des), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #ifdef LTC_SHA1 DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_sha1_des, sizeof(long_pri_pkcs8_pbe_sha1_des), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_RC2) && defined(LTC_MD2) DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md2_rc2_64, sizeof(long_pri_pkcs8_pbe_md2_rc2_64), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_RC2) && defined(LTC_MD5) DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_md5_rc2_64, sizeof(long_pri_pkcs8_pbe_md5_rc2_64), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_RC2) && defined(LTC_SHA1) DO(ecc_import_pkcs8(long_pri_pkcs8_pbe_sha1_rc2_64, sizeof(long_pri_pkcs8_pbe_sha1_rc2_64), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif /* import - private PKCS8 format - password protected (PBES2 algorithms) */ #if defined(LTC_RC2) DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_rc2_cbc, sizeof(long_pri_pkcs8_pbkdf2_rc2_cbc), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_DES) DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_des_cbc, sizeof(long_pri_pkcs8_pbkdf2_des_cbc), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_DES) DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_des_ede3_cbc), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_SHA224) && defined(LTC_DES) DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_SHA256) && defined(LTC_DES) DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_SHA384) && defined(LTC_DES) DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif #if defined(LTC_SHA512) && defined(LTC_DES) DO(ecc_import_pkcs8(long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc, sizeof(long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc), &pw_ctx, &key)); - DO(s_ecc_key_cmp(PK_PRIVATE, &pri, &key)); + DO(ecc_key_cmp(PK_PRIVATE, &pri, &key)); ecc_free(&key); #endif /* import - X.509 EC certificates */ DO(ecc_import_x509(x509_cert_long, sizeof(x509_cert_long), &key)); - DO(s_ecc_key_cmp(PK_PUBLIC, &pub, &key)); + DO(ecc_key_cmp(PK_PUBLIC, &pub, &key)); ecc_free(&key); DO(ecc_import_x509(x509_cert_longc, sizeof(x509_cert_longc), &key)); - DO(s_ecc_key_cmp(PK_PUBLIC, &pub, &key)); + DO(ecc_key_cmp(PK_PUBLIC, &pub, &key)); ecc_free(&key); DO(ecc_import_x509(x509_cert_short, sizeof(x509_cert_short), &key)); - DO(s_ecc_key_cmp(PK_PUBLIC, &pub, &key)); + DO(ecc_key_cmp(PK_PUBLIC, &pub, &key)); ecc_free(&key); DO(ecc_import_x509(x509_cert_shortc, sizeof(x509_cert_shortc), &key)); - DO(s_ecc_key_cmp(PK_PUBLIC, &pub, &key)); + DO(ecc_key_cmp(PK_PUBLIC, &pub, &key)); ecc_free(&key); /* export - openssl compatible DER format */ outlen = sizeof(out); DO(ecc_export_openssl(out, &outlen, PK_PRIVATE, &pri)); - if (compare_testvector(out, outlen, long_pri, sizeof(long_pri), "e-long_pri", 0)) return CRYPT_ERROR; + if (compare_testvector(out, outlen, ltc_ecc_long_pri_test_key, sizeof(ltc_ecc_long_pri_test_key), "e-ltc_ecc_long_pri_test_key", 0)) return CRYPT_ERROR; outlen = sizeof(out); DO(ecc_export_openssl(out, &outlen, PK_PRIVATE|PK_COMPRESSED, &pri)); if (compare_testvector(out, outlen, long_pric, sizeof(long_pric), "e-long_pric", 0)) return CRYPT_ERROR; @@ -1554,13 +1557,13 @@ static int s_ecc_test_recovery(void) DO(ecc_set_curve(dp, &reckey)); stat = ecc_recover_key(eth_sig, sizeof(eth_sig)-1, eth_hash, sizeof(eth_hash), 0, LTC_ECCSIG_RFC7518, &reckey); if (stat != CRYPT_OK) return CRYPT_FAIL_TESTVECTOR; - DO(s_ecc_key_cmp(PK_PUBLIC, &pubkey, &reckey)); + DO(ecc_key_cmp(PK_PUBLIC, &pubkey, &reckey)); ecc_free(&reckey); DO(ecc_set_curve(dp, &reckey)); stat = ecc_recover_key(eth_sig, sizeof(eth_sig), eth_hash, sizeof(eth_hash), -1, LTC_ECCSIG_ETH27, &reckey); if (stat != CRYPT_OK) return CRYPT_FAIL_TESTVECTOR; - DO(s_ecc_key_cmp(PK_PUBLIC, &pubkey, &reckey)); + DO(ecc_key_cmp(PK_PUBLIC, &pubkey, &reckey)); ecc_free(&reckey); ecc_free(&pubkey); @@ -1605,7 +1608,7 @@ static int s_ecc_test_recovery(void) DO(ecc_set_curve(dp, &reckey)); stat = ecc_recover_key(buf, len, data16, 16, recid, LTC_ECCSIG_RFC7518, &reckey); if (stat != CRYPT_OK) return CRYPT_FAIL_TESTVECTOR; - DO(s_ecc_key_cmp(PK_PUBLIC, &pubkey, &reckey)); + DO(ecc_key_cmp(PK_PUBLIC, &pubkey, &reckey)); /* cleanup */ ecc_free(&reckey); diff --git a/tests/pem_test.c b/tests/pem_test.c index 3c7837141..04f1e01b5 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -12,21 +12,66 @@ static int password_get(void **p, unsigned long *l, void *u) return 0; } +#if defined(LTC_MDSA) +static dsa_key s_dsa_key_should; +#endif +#if defined(LTC_MRSA) +static rsa_key s_rsa_key_should; +#endif +#if defined(LTC_MECC) +static ecc_key s_ecc_key_should; +#endif + static int s_pem_decode_filehandle(const void *in, unsigned long inlen, void *key) { password_ctx pw_ctx; + ltc_pka_key *key_ = key; + int err; pw_ctx.callback = password_get; - return pem_decode(in, inlen, key, &pw_ctx); + if ((err = pem_decode(in, inlen, key_, &pw_ctx)) != CRYPT_OK) { + return err; + } + switch (key_->id) { + case LTC_PKA_DSA: +#if defined(LTC_MDSA) + return dsa_key_cmp(PK_PRIVATE, &s_dsa_key_should, &key_->u.dsa); +#endif + break; + case LTC_PKA_RSA: +#if defined(LTC_MRSA) + return rsa_key_cmp(PK_PRIVATE, &s_rsa_key_should, &key_->u.rsa); +#endif + break; + case LTC_PKA_EC: +#if defined(LTC_MECC) + return ecc_key_cmp(PK_PRIVATE, &s_ecc_key_should, &key_->u.ecc); +#endif + break; + case LTC_PKA_CURVE25519: + return CRYPT_OK; + default: + return CRYPT_INVALID_ARG; + } + return CRYPT_INVALID_ARG; } static void s_pem_free_key(ltc_pka_key *key) { switch (key->id) { + case LTC_PKA_DSA: +#if defined(LTC_MDSA) + dsa_free(&key->u.dsa); +#endif + break; case LTC_PKA_RSA: +#if defined(LTC_MRSA) rsa_free(&key->u.rsa); +#endif break; case LTC_PKA_EC: +#if defined(LTC_MECC) ecc_free(&key->u.ecc); +#endif break; default: break; @@ -39,9 +84,30 @@ int pem_test(void) if (ltc_mp.name == NULL) return CRYPT_NOP; +#if defined(LTC_MDSA) + DO(dsa_import(ltc_dsa_private_test_key, ltc_dsa_private_test_key_sz, &s_dsa_key_should)); +#endif +#if defined(LTC_MRSA) + DO(rsa_import(ltc_rsa_private_test_key, ltc_rsa_private_test_key_sz, &s_rsa_key_should)); +#endif +#if defined(LTC_MECC) + DO(ecc_import_openssl(ltc_ecc_long_pri_test_key, ltc_ecc_long_pri_test_key_sz, &s_ecc_key_should)); +#endif + + DO(test_process_dir("tests/pem", &key, s_pem_decode_filehandle, (dir_cleanup_cb)s_pem_free_key, "pem_test")); DO(test_process_dir("tests/pem-ecc-pkcs8", &key, s_pem_decode_filehandle, (dir_cleanup_cb)s_pem_free_key, "pem_test+ecc")); +#if defined(LTC_MDSA) + dsa_free(&s_dsa_key_should); +#endif +#if defined(LTC_MRSA) + rsa_free(&s_rsa_key_should); +#endif +#if defined(LTC_MECC) + ecc_free(&s_ecc_key_should); +#endif + return 0; } diff --git a/tests/rsa_test.c b/tests/rsa_test.c index 8abcf350d..25f83def2 100644 --- a/tests/rsa_test.c +++ b/tests/rsa_test.c @@ -11,7 +11,7 @@ #endif /* These are test keys [see file test.key] that I use to test my import/export against */ -static const unsigned char openssl_private_rsa[] = { +const unsigned char ltc_rsa_private_test_key[] = { 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xcf, 0x9a, 0xde, 0x64, 0x8a, 0xda, 0xc8, 0x33, 0x20, 0xa9, 0xd7, 0x83, 0x31, 0x19, 0x54, 0xb2, 0x9a, 0x85, 0xa7, 0xa1, 0xb7, 0x75, 0x33, 0xb6, 0xa9, 0xac, 0x84, 0x24, 0xb3, 0xde, 0xdb, 0x7d, 0x85, 0x2d, 0x96, 0x65, 0xe5, @@ -52,6 +52,8 @@ static const unsigned char openssl_private_rsa[] = { 0x78, 0x18, 0x5a, 0x79, 0x3d, 0x2e, 0x8e, 0x7e, 0x86, 0x0a, 0xe6, 0xa8, 0x33, 0xc1, 0x04, 0x17, 0x4a, 0x9f, }; +const unsigned long ltc_rsa_private_test_key_sz = sizeof(ltc_rsa_private_test_key); + static const char x509_public_rsa[] = "MIICdTCCAd4CCQCYjCwz0l9JpjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJD\ WjEPMA0GA1UECAwGTW9yYXZhMQ0wCwYDVQQHDARCcm5vMRAwDgYDVQQKDAdMVEMg\ @@ -184,7 +186,7 @@ static int rsa_compat_test(void) unsigned long len, key_lens[8]; /* try reading the key */ - DO(rsa_import(openssl_private_rsa, sizeof(openssl_private_rsa), &key)); + DO(rsa_import(ltc_rsa_private_test_key, sizeof(ltc_rsa_private_test_key), &key)); DO(rsa_import(openssl_public_rsa, sizeof(openssl_public_rsa), &pubkey)); /* sign-verify a message with PKCS #1 v1.5 no ASN.1 */ @@ -205,7 +207,7 @@ static int rsa_compat_test(void) /* now try to export private/public and compare */ len = sizeof(buf); DO(rsa_export(buf, &len, PK_PRIVATE, &key)); - DO(do_compare_testvector(buf, len, openssl_private_rsa, sizeof(openssl_private_rsa), "RSA private export (from OpenSSL)", 0)); + DO(do_compare_testvector(buf, len, ltc_rsa_private_test_key, sizeof(ltc_rsa_private_test_key), "RSA private export (from OpenSSL)", 0)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PUBLIC, &key)); @@ -230,7 +232,7 @@ static int rsa_compat_test(void) DO(rsa_import_pkcs8(pkcs8_private_rsa, sizeof(pkcs8_private_rsa), NULL, &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PRIVATE, &key)); - DO(do_compare_testvector(buf, len, openssl_private_rsa, sizeof(openssl_private_rsa), "RSA private export (from PKCS#8)", 0)); + DO(do_compare_testvector(buf, len, ltc_rsa_private_test_key, sizeof(ltc_rsa_private_test_key), "RSA private export (from PKCS#8)", 0)); rsa_free(&key); /* convert raw hexadecimal numbers to binary */ @@ -244,7 +246,7 @@ static int rsa_compat_test(void) DO(rsa_set_crt_params(key_parts[pk_dP], key_lens[pk_dP], key_parts[pk_dQ], key_lens[pk_dQ], key_parts[pk_qP], key_lens[pk_qP], &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PRIVATE, &key)); - DO(do_compare_testvector(buf, len, openssl_private_rsa, sizeof(openssl_private_rsa), "RSA private export (from hex)", 0)); + DO(do_compare_testvector(buf, len, ltc_rsa_private_test_key, sizeof(ltc_rsa_private_test_key), "RSA private export (from hex)", 0)); rsa_free(&key); /* try import public key from converted raw hexadecimal numbers */ @@ -264,7 +266,7 @@ static int rsa_compat_test(void) return 0; } -static int s_rsa_key_cmp(const int should_type, const rsa_key *should, const rsa_key *is) +int rsa_key_cmp(const int should_type, const rsa_key *should, const rsa_key *is) { if(should_type != is->type) return CRYPT_ERROR; @@ -348,21 +350,21 @@ static int s_rsa_issue_301(int prng_idx) DO(rsa_export(buf, &len, PK_PRIVATE, &key)); DO(rsa_import(buf, len, &key_in)); - DO(s_rsa_key_cmp(PK_PRIVATE, &key, &key_in)); + DO(rsa_key_cmp(PK_PRIVATE, &key, &key_in)); rsa_free(&key_in); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PUBLIC, &key)); DO(rsa_import(buf, len, &key_in)); - DO(s_rsa_key_cmp(PK_PUBLIC, &key, &key_in)); + DO(rsa_key_cmp(PK_PUBLIC, &key, &key_in)); rsa_free(&key_in); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PUBLIC | PK_STD, &key)); DO(rsa_import(buf, len, &key_in)); - DO(s_rsa_key_cmp(PK_PUBLIC, &key, &key_in)); + DO(rsa_key_cmp(PK_PUBLIC, &key, &key_in)); rsa_free(&key_in); rsa_free(&key); From a76447f7aa7c78c173bede539f8669a468b21d78 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sun, 16 Jan 2022 16:21:44 +0100 Subject: [PATCH 19/51] add file-iterator to `test_process_dir()` Signed-off-by: Steffen Jaeckel --- tests/common.c | 39 +++++++++++++++++++++++++++------------ tests/common.h | 5 +++-- tests/der_test.c | 2 +- tests/pem_test.c | 33 +++++++++++++++++++-------------- tests/rsa_test.c | 4 ++-- 5 files changed, 52 insertions(+), 31 deletions(-) diff --git a/tests/common.c b/tests/common.c index 41ac7d08d..b61a350bc 100644 --- a/tests/common.c +++ b/tests/common.c @@ -95,16 +95,30 @@ static DIR *s_opendir(const char *path, char *mypath, unsigned long l) return d; } -int test_process_dir(const char *path, void *ctx, dir_iter_cb process, dir_cleanup_cb cleanup, const char *test) +static int s_read_and_process(FILE *f, unsigned long sz, void *ctx, dir_iter_cb process) +{ + int err = CRYPT_OK; + void* buf = XMALLOC(sz); + if (buf == NULL) + return CRYPT_MEM; + if (fread(buf, 1, sz, f) != sz) { + err = CRYPT_ERROR; + goto out; + } + err = process(buf, sz, ctx); +out: + XFREE(buf); + return err; +} + +int test_process_dir(const char *path, void *ctx, dir_iter_cb iter, dir_fiter_cb fiter, dir_cleanup_cb cleanup, const char *test) { char mypath[PATH_MAX]; DIR *d = s_opendir(path, mypath, sizeof(mypath)); struct dirent *de; char fname[PATH_MAX]; - void* buf = NULL; FILE *f = NULL; off_t fsz; - unsigned long sz; int err = CRYPT_FILE_NOTFOUND; if (d == NULL) return CRYPT_FILE_NOTFOUND; @@ -124,14 +138,18 @@ int test_process_dir(const char *path, void *ctx, dir_iter_cb process, dir_clean fprintf(stderr, "%s: Try to process %s\n", test, fname); #endif f = fopen(fname, "rb"); - sz = fsz; - buf = XMALLOC(fsz); - if (fread(buf, 1, sz, f) != sz) { - err = CRYPT_ERROR; - break; + + if (iter) { + err = s_read_and_process(f, fsz, ctx, iter); + } else if (fiter) { + err = fiter(f, ctx); + } else { + err = CRYPT_NOP; +#if defined(LTC_TEST_DBG) && LTC_TEST_DBG > 1 + fprintf(stderr, "%s: No call-back set for %s\n", test, fname); +#endif } - err = process(buf, sz, ctx); if (err == CRYPT_NOP) { #if defined(LTC_TEST_DBG) && LTC_TEST_DBG > 1 fprintf(stderr, "%s: Skip: %s\n", test, fname); @@ -150,12 +168,9 @@ int test_process_dir(const char *path, void *ctx, dir_iter_cb process, dir_clean } continue_loop: - XFREE(buf); - buf = NULL; fclose(f); f = NULL; } - if (buf != NULL) XFREE(buf); if (f != NULL) fclose(f); closedir(d); return err; diff --git a/tests/common.h b/tests/common.h index a2ffd0fd0..f8c38b732 100644 --- a/tests/common.h +++ b/tests/common.h @@ -40,13 +40,14 @@ int ecc_key_cmp(const int should_type, const ecc_key *should, const ecc_key *is) #define COMPARE_TESTVECTOR(i, il, s, sl, wa, wi) do { DO(do_compare_testvector((i), (il), (s), (sl), (wa), (wi))); } while(0) -#if !((defined(_WIN32) || defined(_WIN32_WCE)) && !defined(__GNUC__)) +#if !((defined(_WIN32) || defined(_WIN32_WCE)) && !defined(__GNUC__)) && !defined(LTC_NO_FILE) #define LTC_TEST_READDIR typedef int (*dir_iter_cb)(const void *d, unsigned long l, void* ctx); +typedef int (*dir_fiter_cb)(FILE *f, void* ctx); typedef void (*dir_cleanup_cb)(void* ctx); -int test_process_dir(const char *path, void *ctx, dir_iter_cb iter, dir_cleanup_cb cleanup, const char *test); +int test_process_dir(const char *path, void *ctx, dir_iter_cb iter, dir_fiter_cb fiter, dir_cleanup_cb cleanup, const char *test); #endif void run_cmd(int res, int line, const char *file, const char *cmd, const char *algorithm); diff --git a/tests/der_test.c b/tests/der_test.c index 86adbcda4..70ef19ac5 100644 --- a/tests/der_test.c +++ b/tests/der_test.c @@ -1664,7 +1664,7 @@ int der_test(void) der_Xcode_test(); #ifdef LTC_TEST_READDIR - DO(test_process_dir("tests/asn1", &list, s_der_decode_sequence_flexi, NULL, "DER ASN.1 special cases")); + DO(test_process_dir("tests/asn1", &list, s_der_decode_sequence_flexi, NULL, NULL, "DER ASN.1 special cases")); #endif der_custom_test(); diff --git a/tests/pem_test.c b/tests/pem_test.c index 04f1e01b5..6de338325 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -22,29 +22,22 @@ static rsa_key s_rsa_key_should; static ecc_key s_ecc_key_should; #endif -static int s_pem_decode_filehandle(const void *in, unsigned long inlen, void *key) +static int s_key_cmp(ltc_pka_key *key) { - password_ctx pw_ctx; - ltc_pka_key *key_ = key; - int err; - pw_ctx.callback = password_get; - if ((err = pem_decode(in, inlen, key_, &pw_ctx)) != CRYPT_OK) { - return err; - } - switch (key_->id) { + switch (key->id) { case LTC_PKA_DSA: #if defined(LTC_MDSA) - return dsa_key_cmp(PK_PRIVATE, &s_dsa_key_should, &key_->u.dsa); + return dsa_key_cmp(PK_PRIVATE, &s_dsa_key_should, &key->u.dsa); #endif break; case LTC_PKA_RSA: #if defined(LTC_MRSA) - return rsa_key_cmp(PK_PRIVATE, &s_rsa_key_should, &key_->u.rsa); + return rsa_key_cmp(PK_PRIVATE, &s_rsa_key_should, &key->u.rsa); #endif break; case LTC_PKA_EC: #if defined(LTC_MECC) - return ecc_key_cmp(PK_PRIVATE, &s_ecc_key_should, &key_->u.ecc); + return ecc_key_cmp(PK_PRIVATE, &s_ecc_key_should, &key->u.ecc); #endif break; case LTC_PKA_CURVE25519: @@ -55,6 +48,17 @@ static int s_pem_decode_filehandle(const void *in, unsigned long inlen, void *ke return CRYPT_INVALID_ARG; } +static int s_pem_decode(const void *in, unsigned long inlen, void *key) +{ + password_ctx pw_ctx; + int err; + pw_ctx.callback = password_get; + if ((err = pem_decode(in, inlen, key, &pw_ctx)) != CRYPT_OK) { + return err; + } + return s_key_cmp(key); +} + static void s_pem_free_key(ltc_pka_key *key) { switch (key->id) { @@ -95,8 +99,9 @@ int pem_test(void) #endif - DO(test_process_dir("tests/pem", &key, s_pem_decode_filehandle, (dir_cleanup_cb)s_pem_free_key, "pem_test")); - DO(test_process_dir("tests/pem-ecc-pkcs8", &key, s_pem_decode_filehandle, (dir_cleanup_cb)s_pem_free_key, "pem_test+ecc")); + DO(test_process_dir("tests/pem", &key, s_pem_decode, NULL, (dir_cleanup_cb)s_pem_free_key, "pem_test")); + DO(test_process_dir("tests/pem-ecc-pkcs8", &key, s_pem_decode, NULL, (dir_cleanup_cb)s_pem_free_key, "pem_test+ecc")); + DO(test_process_dir("tests/ssh", &key, s_pem_decode_ssh, NULL, (dir_cleanup_cb)s_pem_free_key, "pem_test+ssh")); #if defined(LTC_MDSA) dsa_free(&s_dsa_key_should); diff --git a/tests/rsa_test.c b/tests/rsa_test.c index 25f83def2..347093429 100644 --- a/tests/rsa_test.c +++ b/tests/rsa_test.c @@ -475,9 +475,9 @@ int rsa_test(void) } #ifdef LTC_TEST_READDIR - DO(test_process_dir("tests/rsa", &key, s_rsa_import_x509, (dir_cleanup_cb)rsa_free, "rsa_test")); + DO(test_process_dir("tests/rsa", &key, s_rsa_import_x509, NULL, (dir_cleanup_cb)rsa_free, "rsa_test")); #if defined(LTC_MD2) && defined(LTC_MD5) && defined(LTC_RC2) - DO(test_process_dir("tests/rsa-pkcs8", &key, s_rsa_import_pkcs8, (dir_cleanup_cb)rsa_free, "rsa_pkcs8_test")); + DO(test_process_dir("tests/rsa-pkcs8", &key, s_rsa_import_pkcs8, NULL, (dir_cleanup_cb)rsa_free, "rsa_pkcs8_test")); #endif #endif From 3e981af4c4b51100bf2bc630db9e9a3063931242 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sun, 16 Jan 2022 16:22:04 +0100 Subject: [PATCH 20/51] also test FILE-based PEM API's Signed-off-by: Steffen Jaeckel --- tests/pem_test.c | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/tests/pem_test.c b/tests/pem_test.c index 6de338325..8e3b5a3af 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -4,6 +4,30 @@ #if defined(LTC_PEM) && defined(LTC_TEST_READDIR) && !defined(LTC_EASY) +#ifdef LTC_SSH + +static int password_get_ssh(void **p, unsigned long *l, void *u) +{ + LTC_UNUSED_PARAM(u); + *p = strdup("abc123"); + *l = 6; + return 0; +} +static int s_pem_decode_ssh(const void *in, unsigned long inlen, void *key) +{ + password_ctx pw_ctx; + pw_ctx.callback = password_get_ssh; + return pem_decode_openssh(in, inlen, key, &pw_ctx); +} +static int s_pem_decode_ssh_f(FILE *f, void *key) +{ + password_ctx pw_ctx; + pw_ctx.callback = password_get_ssh; + return pem_decode_openssh_filehandle(f, key, &pw_ctx); +} + +#endif + static int password_get(void **p, unsigned long *l, void *u) { LTC_UNUSED_PARAM(u); @@ -59,6 +83,17 @@ static int s_pem_decode(const void *in, unsigned long inlen, void *key) return s_key_cmp(key); } +static int s_pem_decode_f(FILE *f, void *key) +{ + password_ctx pw_ctx; + int err; + pw_ctx.callback = password_get; + if ((err = pem_decode_filehandle(f, key, &pw_ctx)) != CRYPT_OK) { + return err; + } + return s_key_cmp(key); +} + static void s_pem_free_key(ltc_pka_key *key) { switch (key->id) { @@ -100,8 +135,13 @@ int pem_test(void) DO(test_process_dir("tests/pem", &key, s_pem_decode, NULL, (dir_cleanup_cb)s_pem_free_key, "pem_test")); + DO(test_process_dir("tests/pem", &key, NULL, s_pem_decode_f, (dir_cleanup_cb)s_pem_free_key, "pem_test_filehandle")); DO(test_process_dir("tests/pem-ecc-pkcs8", &key, s_pem_decode, NULL, (dir_cleanup_cb)s_pem_free_key, "pem_test+ecc")); + DO(test_process_dir("tests/pem-ecc-pkcs8", &key, NULL, s_pem_decode_f, (dir_cleanup_cb)s_pem_free_key, "pem_test_filehandle+ecc")); +#ifdef LTC_SSH DO(test_process_dir("tests/ssh", &key, s_pem_decode_ssh, NULL, (dir_cleanup_cb)s_pem_free_key, "pem_test+ssh")); + DO(test_process_dir("tests/ssh", &key, NULL, s_pem_decode_ssh_f, (dir_cleanup_cb)s_pem_free_key, "pem_test_filehandle+ssh")); +#endif #if defined(LTC_MDSA) dsa_free(&s_dsa_key_should); From 87a1758f2fc8c2320b1ed75f5d35b0d3514b70ba Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sat, 22 Jan 2022 15:25:21 +0100 Subject: [PATCH 21/51] split-up into multiple C files ... and slightly optimize multiple things, e.g. `DEK-Info` decoding Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_misc.h | 4 +- src/headers/tomcrypt_private.h | 20 +- src/misc/pem/pem.c | 67 ++++++ src/misc/pem/pem_decode.c | 420 --------------------------------- src/misc/pem/pem_pkcs.c | 198 ++++++++++++++++ src/misc/pem/pem_read.c | 202 ++++++++++++++++ tests/pem_test.c | 4 +- 7 files changed, 488 insertions(+), 427 deletions(-) create mode 100644 src/misc/pem/pem.c delete mode 100644 src/misc/pem/pem_decode.c create mode 100644 src/misc/pem/pem_pkcs.c create mode 100644 src/misc/pem/pem_read.c diff --git a/src/headers/tomcrypt_misc.h b/src/headers/tomcrypt_misc.h index 4fcdadd68..ce81da8b0 100644 --- a/src/headers/tomcrypt_misc.h +++ b/src/headers/tomcrypt_misc.h @@ -160,8 +160,8 @@ int padding_depad(const unsigned char *data, unsigned long *length, unsigned lon #endif /* LTC_PADDING */ #ifdef LTC_PEM -int pem_decode_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx); -int pem_decode(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx); +int pem_decode_pkcs_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx); +int pem_decode_pkcs(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx); #ifdef LTC_SSH int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx); diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 4848dff51..ceb56d46b 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -252,6 +252,7 @@ int base64_encode_pem(const unsigned char *in, unsigned long inlen, /* PEM related */ +#ifdef LTC_PEM struct password { /* usually a `char*` but could also contain binary data * so use a `void*` + length to be on the safe side. @@ -275,7 +276,12 @@ struct str { #define SET_STR(n, s) n.p = s, n.len = XSTRLEN(s) #define SET_CSTR(n, s) n.p = (char*)s, n.len = XSTRLEN(s) #define COPY_STR(n, s, l) do { XMEMCPY(n.p, s, l); n.len = l; } while(0) -#define FREE_STR(n) do { n.p = NULL; n.len = 0; } while(0) +#define RESET_STR(n) do { n.p = NULL; n.len = 0; } while(0) + +struct dek_info_from_str { + const struct str id; + struct dek_info info; +}; enum more_headers { no, @@ -299,14 +305,21 @@ struct pem_headers { struct password *pw; }; +extern const struct pem_header_id pem_std_headers[]; +extern const unsigned long pem_std_headers_num; +extern const struct str pem_proc_type_encrypted; +extern const struct str pem_dek_info_start; +extern const struct dek_info_from_str pem_dek_infos[]; +extern const unsigned long pem_dek_infos_num; + struct bufp { /* `end` points to one byte after the last * element of the allocated buffer */ - char *p, *r, *end; + char *start, *work, *end; }; -#define SET_BUFP(n, d, l) n.p = (char*)d, n.r = (char*)d, n.end = (char*)d + l + 1 +#define SET_BUFP(n, d, l) n.start = (char*)d, n.work = (char*)d, n.end = (char*)d + l + 1 struct get_char { int (*get)(struct get_char*); @@ -317,6 +330,7 @@ struct get_char { struct str unget_buf; char unget_buf_[LTC_PEM_DECODE_BUFSZ]; }; +#endif /* others */ diff --git a/src/misc/pem/pem.c b/src/misc/pem/pem.c new file mode 100644 index 000000000..678590b41 --- /dev/null +++ b/src/misc/pem/pem.c @@ -0,0 +1,67 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + +/** + @file pem.c + Const declarations for PEM, Steffen Jaeckel +*/ + +#ifdef LTC_PEM + +const struct pem_header_id pem_std_headers[] = { + { + /* PKCS#8 encrypted */ + SET_CSTR(.start, "-----BEGIN ENCRYPTED PRIVATE KEY-----"), + SET_CSTR(.end, "-----END ENCRYPTED PRIVATE KEY-----"), + .has_more_headers = no, + .encrypted = 1, + .pkcs8 = 1, + }, + { + /* PKCS#8 plain */ + SET_CSTR(.start, "-----BEGIN PRIVATE KEY-----"), + SET_CSTR(.end, "-----END PRIVATE KEY-----"), + .has_more_headers = no, + .pkcs8 = 1, + }, + /* Regular plain or encrypted private keys */ + { + SET_CSTR(.start, "-----BEGIN RSA PRIVATE KEY-----"), + SET_CSTR(.end, "-----END RSA PRIVATE KEY-----"), + .has_more_headers = maybe, + .pka = LTC_PKA_RSA, + }, + { + SET_CSTR(.start, "-----BEGIN EC PRIVATE KEY-----"), + SET_CSTR(.end, "-----END EC PRIVATE KEY-----"), + .has_more_headers = maybe, + .pka = LTC_PKA_EC, + }, + { + SET_CSTR(.start, "-----BEGIN DSA PRIVATE KEY-----"), + SET_CSTR(.end, "-----END DSA PRIVATE KEY-----"), + .has_more_headers = maybe, + .pka = LTC_PKA_DSA, + }, +}; +const unsigned long pem_std_headers_num = sizeof(pem_std_headers)/sizeof(pem_std_headers[0]); + + +/* Encrypted PEM files */ +const struct str pem_proc_type_encrypted = { SET_CSTR(, "Proc-Type: 4,ENCRYPTED") }; +const struct str pem_dek_info_start = { SET_CSTR(, "DEK-Info: ") }; +const struct dek_info_from_str pem_dek_infos[] = + { + { SET_CSTR(.id, "AES-128-CBC,"), .info.alg = "aes", .info.keylen = 128 / 8, }, + { SET_CSTR(.id, "AES-192-CBC,"), .info.alg = "aes", .info.keylen = 192 / 8, }, + { SET_CSTR(.id, "AES-256-CBC,"), .info.alg = "aes", .info.keylen = 256 / 8, }, + { SET_CSTR(.id, "CAMELLIA-128-CBC,"), .info.alg = "camellia", .info.keylen = 128 / 8, }, + { SET_CSTR(.id, "CAMELLIA-192-CBC,"), .info.alg = "camellia", .info.keylen = 192 / 8, }, + { SET_CSTR(.id, "CAMELLIA-256-CBC,"), .info.alg = "camellia", .info.keylen = 256 / 8, }, + { SET_CSTR(.id, "DES-EDE3-CBC,"), .info.alg = "3des", .info.keylen = 192 / 8, }, + { SET_CSTR(.id, "DES-CBC,"), .info.alg = "des", .info.keylen = 64 / 8, }, + }; +const unsigned long pem_dek_infos_num = sizeof(pem_dek_infos)/sizeof(pem_dek_infos[0]); + +#endif /* LTC_PEM */ diff --git a/src/misc/pem/pem_decode.c b/src/misc/pem/pem_decode.c deleted file mode 100644 index cc6a35eb8..000000000 --- a/src/misc/pem/pem_decode.c +++ /dev/null @@ -1,420 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ -#include "tomcrypt_private.h" - -/** - @file pem_decode.c - Decode and import a PEM file, Steffen Jaeckel -*/ - -#ifdef LTC_PEM - -struct dek_info_from_str { - const struct str id; - struct dek_info info; -}; - -/* Encrypted PEM files */ -static const struct str proc_type_encrypted = { SET_CSTR(, "Proc-Type: 4,ENCRYPTED") }; -static const struct dek_info_from_str dek_infos[] = - { - { SET_CSTR(.id, "DEK-Info: AES-128-CBC,"), .info.alg = "aes", .info.keylen = 128 / 8, }, - { SET_CSTR(.id, "DEK-Info: AES-192-CBC,"), .info.alg = "aes", .info.keylen = 192 / 8, }, - { SET_CSTR(.id, "DEK-Info: AES-256-CBC,"), .info.alg = "aes", .info.keylen = 256 / 8, }, - { SET_CSTR(.id, "DEK-Info: CAMELLIA-128-CBC,"), .info.alg = "camellia", .info.keylen = 128 / 8, }, - { SET_CSTR(.id, "DEK-Info: CAMELLIA-192-CBC,"), .info.alg = "camellia", .info.keylen = 192 / 8, }, - { SET_CSTR(.id, "DEK-Info: CAMELLIA-256-CBC,"), .info.alg = "camellia", .info.keylen = 256 / 8, }, - { SET_CSTR(.id, "DEK-Info: DES-EDE3-CBC,"), .info.alg = "3des", .info.keylen = 192 / 8, }, - { SET_CSTR(.id, "DEK-Info: DES-CBC,"), .info.alg = "des", .info.keylen = 64 / 8, }, - }; - -static int s_decrypt_pem(unsigned char *pem, unsigned long *l, const struct pem_headers *hdr) -{ - unsigned char iv[MAXBLOCKSIZE], key[MAXBLOCKSIZE]; - unsigned long ivlen, klen; - int err; - symmetric_CBC cbc_ctx; - - if (hdr->info.keylen > sizeof(key)) { - return CRYPT_BUFFER_OVERFLOW; - } - if (!hdr->pw->pw) { - return CRYPT_INVALID_ARG; - } - - ivlen = sizeof(iv); - if ((err = base16_decode(hdr->info.iv, XSTRLEN(hdr->info.iv), iv, &ivlen)) != CRYPT_OK) { - return err; - } - klen = hdr->info.keylen; - if ((err = pkcs_5_alg1_openssl(hdr->pw->pw, hdr->pw->l, iv, 1, find_hash("md5"), key, &klen))) { - return err; - } - - if ((err = cbc_start(find_cipher(hdr->info.alg), iv, key, klen, 0, &cbc_ctx)) != CRYPT_OK) { - goto error_out; - } - if ((err = cbc_decrypt(pem, pem, *l, &cbc_ctx)) != CRYPT_OK) { - goto error_out; - } - if ((err = cbc_done(&cbc_ctx)) != CRYPT_OK) { - goto error_out; - } - if ((err = padding_depad(pem, l, LTC_PAD_PKCS7 | cbc_ctx.blocklen)) != CRYPT_OK) { - goto error_out; - } - -error_out: - zeromem(key, sizeof(key)); - zeromem(iv, sizeof(iv)); - return err; -} - -int pem_get_char_from_file(struct get_char *g) -{ - return getc(g->f); -} - -int pem_get_char_from_buf(struct get_char *g) -{ - int ret; - if (g->buf.r == g->buf.end) { - return -1; - } - ret = *g->buf.r; - g->buf.r++; - return ret; -} - -static void s_unget_line(char *buf, unsigned long buflen, struct get_char *g) -{ - if (buflen > sizeof(g->unget_buf_)) - return; - g->unget_buf.p = g->unget_buf_; - COPY_STR(g->unget_buf, buf, buflen); -} - -static char* s_get_line(char *buf, unsigned long *buflen, struct get_char *g) -{ - unsigned long blen = 0; - int c = -1, c_; - if (g->unget_buf.p) { - if (*buflen < g->unget_buf.len) { - return NULL; - } - XMEMCPY(buf, g->unget_buf.p, g->unget_buf.len); - *buflen = g->unget_buf.len; - FREE_STR(g->unget_buf); - return buf; - } - while(blen < *buflen) { - c_ = c; - c = g->get(g); - if (c == '\n') { - buf[blen] = '\0'; - if (c_ == '\r') { - buf[--blen] = '\0'; - } - *buflen = blen; - return buf; - } - if (c == -1 || c == '\0') { - buf[blen] = '\0'; - *buflen = blen; - return buf; - } - buf[blen] = c; - blen++; - } - return NULL; -} - -static LTC_INLINE int s_fits_buf(void *dest, unsigned long to_write, void *end) -{ - unsigned char *d = dest; - unsigned char *e = end; - unsigned char *w = d + to_write; - if (w < d || w > e) - return 0; - return 1; -} - -static int s_pem_decode_headers(struct pem_headers *hdr, struct get_char *g) -{ - char buf[LTC_PEM_DECODE_BUFSZ]; - unsigned long slen, tmplen, n; - int has_more_headers = hdr->id->has_more_headers == no ? 0 : 3; - - /* Make sure the PEM has the appropriate extension headers if required. - * - * ``` - * Proc-Type: 4,ENCRYPTED[\r]\n - * DEK-Info: ,[\r]\n - * [\r]\n - * ``` - */ - while (has_more_headers) { - slen = sizeof(buf); - if (!s_get_line(buf, &slen, g) || (has_more_headers > 1 && slen == 0)) { - return CRYPT_INVALID_PACKET; - } - switch (has_more_headers) { - case 3: - if (XMEMCMP(buf, proc_type_encrypted.p, proc_type_encrypted.len)) { - s_unget_line(buf, slen, g); - if (hdr->id->has_more_headers == maybe) - return CRYPT_OK; - else - return CRYPT_INVALID_PACKET; - } - hdr->encrypted = 1; - break; - case 2: - hdr->info.alg = NULL; - for (n = 0; n < sizeof(dek_infos)/sizeof(dek_infos[0]); ++n) { - if (slen >= dek_infos[n].id.len && !XMEMCMP(buf, dek_infos[n].id.p, dek_infos[n].id.len)) { - hdr->info = dek_infos[n].info; - tmplen = XSTRLEN(buf + dek_infos[n].id.len); - if (tmplen > sizeof(hdr->info.iv)) - return CRYPT_INVALID_KEYSIZE; - XMEMCPY(hdr->info.iv, buf + dek_infos[n].id.len, tmplen); - break; - } - } - if (hdr->info.alg == NULL) { - return CRYPT_INVALID_CIPHER; - } - break; - case 1: - /* Make sure that there's an empty line in between */ - if (buf[0] != '\0') - return CRYPT_INVALID_PACKET; - break; - default: - return CRYPT_INVALID_CIPHER; - } - has_more_headers--; - } - return CRYPT_OK; -} - -int pem_read(void *pem, unsigned long *w, struct pem_headers *hdr, struct get_char *g) -{ - char buf[LTC_PEM_DECODE_BUFSZ]; - char *wpem = pem; - char *end = wpem + *w; - unsigned long slen, linelen; - int err, hdr_ok = 0; - int would_overflow = 0; - - linelen = sizeof(buf); - if (s_get_line(buf, &linelen, g) == NULL) { - return CRYPT_INVALID_PACKET; - } - if (hdr->id->start.len != linelen || XMEMCMP(buf, hdr->id->start.p, hdr->id->start.len)) { - s_unget_line(buf, linelen, g); - return CRYPT_INVALID_PACKET; - } - - hdr->encrypted = hdr->id->encrypted; - if ((err = s_pem_decode_headers(hdr, g)) != CRYPT_OK) - return err; - - /* Read the base64 encoded part of the PEM */ - slen = sizeof(buf); - while (s_get_line(buf, &slen, g)) { - if (slen == hdr->id->end.len && !XMEMCMP(buf, hdr->id->end.p, slen)) { - hdr_ok = 1; - break; - } - if (!would_overflow && s_fits_buf(wpem, slen, end)) { - XMEMCPY(wpem, buf, slen); - } else { - would_overflow = 1; - } - wpem += slen; - slen = sizeof(buf); - } - if (!hdr_ok) - return CRYPT_INVALID_PACKET; - - if (would_overflow || !s_fits_buf(wpem, 1, end)) { - /* NUL termination */ - wpem++; - /* prevent a wrap-around */ - if (wpem < (char*)pem) - return CRYPT_OVERFLOW; - *w = wpem - (char*)pem; - return CRYPT_BUFFER_OVERFLOW; - } - - *w = wpem - (char*)pem; - *wpem++ = '\0'; - - if ((err = base64_strict_decode(pem, *w, pem, w)) != CRYPT_OK) { - return err; - } - return CRYPT_OK; -} - -static const struct pem_header_id pem_std_headers[] = { - { - /* PKCS#8 encrypted */ - SET_CSTR(.start, "-----BEGIN ENCRYPTED PRIVATE KEY-----"), - SET_CSTR(.end, "-----END ENCRYPTED PRIVATE KEY-----"), - .has_more_headers = no, - .encrypted = 1, - .pkcs8 = 1, - }, - { - /* PKCS#8 plain */ - SET_CSTR(.start, "-----BEGIN PRIVATE KEY-----"), - SET_CSTR(.end, "-----END PRIVATE KEY-----"), - .has_more_headers = no, - .pkcs8 = 1, - }, - /* Regular plain or encrypted private keys */ - { - SET_CSTR(.start, "-----BEGIN RSA PRIVATE KEY-----"), - SET_CSTR(.end, "-----END RSA PRIVATE KEY-----"), - .has_more_headers = maybe, - .pka = LTC_PKA_RSA, - }, - { - SET_CSTR(.start, "-----BEGIN EC PRIVATE KEY-----"), - SET_CSTR(.end, "-----END EC PRIVATE KEY-----"), - .has_more_headers = maybe, - .pka = LTC_PKA_EC, - }, - { - SET_CSTR(.start, "-----BEGIN DSA PRIVATE KEY-----"), - SET_CSTR(.end, "-----END DSA PRIVATE KEY-----"), - .has_more_headers = maybe, - .pka = LTC_PKA_DSA, - }, -}; -typedef int (*pkcs8_import)(const unsigned char *in, unsigned long inlen, - password_ctx *pw_ctx, - void *key); -typedef struct { - enum ltc_oid_id id; - pkcs8_import fn; -} p8_import_st; - -static int s_decode(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) -{ - unsigned char *pem = NULL; - unsigned long w, l, n; - int err = CRYPT_ERROR; - struct pem_headers hdr = { 0 }; - struct password pw; - ltc_asn1_list *p8_asn1 = NULL; - w = LTC_PEM_READ_BUFSIZE * 2; -retry: - pem = XREALLOC(pem, w); - for (n = 0; n < sizeof(pem_std_headers)/sizeof(pem_std_headers[0]); ++n) { - hdr.id = &pem_std_headers[n]; - err = pem_read(pem, &w, &hdr, g); - if (err == CRYPT_BUFFER_OVERFLOW) { - goto retry; - } else if (err == CRYPT_OK) { - break; - } - hdr.id = NULL; - } - /* id not found */ - if (hdr.id == NULL) - goto cleanup; - l = w; - if (hdr.id->pkcs8) { - enum ltc_oid_id pka; - ltc_asn1_list *alg_id, *priv_key; - if ((err = pkcs8_decode_flexi(pem, l, pw_ctx, &p8_asn1)) != CRYPT_OK) { - goto cleanup; - } - if ((err = pkcs8_get_children(p8_asn1, &pka, &alg_id, &priv_key)) != CRYPT_OK) { - goto cleanup; - } - switch (pka) { - case LTC_OID_DSA: - err = dsa_import_pkcs8_asn1(alg_id, priv_key, &k->u.dsa); - k->id = LTC_PKA_DSA; - break; - case LTC_OID_RSA: - err = rsa_import_pkcs8_asn1(alg_id, priv_key, &k->u.rsa); - k->id = LTC_PKA_RSA; - break; - case LTC_OID_EC: - err = ecc_import_pkcs8_asn1(alg_id, priv_key, &k->u.ecc); - k->id = LTC_PKA_EC; - break; - case LTC_OID_ED25519: - err = ed25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.curve25519); - k->id = LTC_PKA_CURVE25519; - break; - case LTC_OID_X25519: - err = x25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.curve25519); - k->id = LTC_PKA_CURVE25519; - break; - default: - err = CRYPT_PK_INVALID_TYPE; - } - goto cleanup; - } else if (hdr.encrypted) { - LTC_ARGCHK(pw_ctx != NULL); - LTC_ARGCHK(pw_ctx->callback != NULL); - - hdr.pw = &pw; - if (pw_ctx->callback(&hdr.pw->pw, &hdr.pw->l, pw_ctx->userdata)) { - err = CRYPT_ERROR; - goto cleanup; - } - - if ((err = s_decrypt_pem(pem, &l, &hdr)) != CRYPT_OK) { - goto cleanup; - } - } - switch (hdr.id->pka) { - case LTC_OID_DSA: - err = dsa_import(pem, l, &k->u.dsa); - k->id = LTC_PKA_DSA; - break; - case LTC_OID_RSA: - err = rsa_import(pem, l, &k->u.rsa); - k->id = LTC_PKA_RSA; - break; - case LTC_OID_EC: - err = ecc_import_openssl(pem, l, &k->u.ecc); - k->id = LTC_PKA_EC; - break; - default: - err = CRYPT_PK_INVALID_TYPE; - goto cleanup; - } - -cleanup: - if (p8_asn1) { - der_sequence_free(p8_asn1); - } - if (hdr.pw) { - zeromem(hdr.pw->pw, hdr.pw->l); - XFREE(hdr.pw->pw); - } - XFREE(pem); - return err; -} - -int pem_decode_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx) -{ - struct get_char g = { .get = pem_get_char_from_file, .f = f }; - return s_decode(&g, k, pw_ctx); -} - -int pem_decode(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx) -{ - struct get_char g = { .get = pem_get_char_from_buf, SET_BUFP(.buf, buf, len) }; - return s_decode(&g, k, pw_ctx); - -} - -#endif /* LTC_PEM */ diff --git a/src/misc/pem/pem_pkcs.c b/src/misc/pem/pem_pkcs.c new file mode 100644 index 000000000..8160f682d --- /dev/null +++ b/src/misc/pem/pem_pkcs.c @@ -0,0 +1,198 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + +/** + @file pem_decode.c + Decode a PEM file, Steffen Jaeckel +*/ + +#ifdef LTC_PEM + +static int s_decrypt_pem(unsigned char *pem, unsigned long *l, const struct pem_headers *hdr) +{ + unsigned char iv[MAXBLOCKSIZE], key[MAXBLOCKSIZE]; + unsigned long ivlen, klen; + int err; + symmetric_CBC cbc_ctx; + + if (hdr->info.keylen > sizeof(key)) { + return CRYPT_BUFFER_OVERFLOW; + } + if (!hdr->pw->pw) { + return CRYPT_INVALID_ARG; + } + + ivlen = sizeof(iv); + if ((err = base16_decode(hdr->info.iv, XSTRLEN(hdr->info.iv), iv, &ivlen)) != CRYPT_OK) { + return err; + } + klen = hdr->info.keylen; + if ((err = pkcs_5_alg1_openssl(hdr->pw->pw, hdr->pw->l, iv, 1, find_hash("md5"), key, &klen))) { + return err; + } + + if ((err = cbc_start(find_cipher(hdr->info.alg), iv, key, klen, 0, &cbc_ctx)) != CRYPT_OK) { + goto error_out; + } + if ((err = cbc_decrypt(pem, pem, *l, &cbc_ctx)) != CRYPT_OK) { + goto error_out; + } + if ((err = cbc_done(&cbc_ctx)) != CRYPT_OK) { + goto error_out; + } + if ((err = padding_depad(pem, l, LTC_PAD_PKCS7 | cbc_ctx.blocklen)) != CRYPT_OK) { + goto error_out; + } + +error_out: + zeromem(key, sizeof(key)); + zeromem(iv, sizeof(iv)); + return err; +} +typedef int (*pkcs8_import)(const unsigned char *in, unsigned long inlen, + password_ctx *pw_ctx, + void *key); +typedef struct { + enum ltc_oid_id id; + pkcs8_import fn; +} p8_import_st; + +static int s_decode(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) +{ + unsigned char *pem = NULL; + unsigned long w, l, n; + int err = CRYPT_ERROR; + struct pem_headers hdr = { 0 }; + struct password pw; + ltc_asn1_list *p8_asn1 = NULL; + w = LTC_PEM_READ_BUFSIZE * 2; +retry: + pem = XREALLOC(pem, w); + for (n = 0; n < pem_std_headers_num; ++n) { + hdr.id = &pem_std_headers[n]; + err = pem_read(pem, &w, &hdr, g); + if (err == CRYPT_BUFFER_OVERFLOW) { + goto retry; + } else if (err == CRYPT_OK) { + break; + } + hdr.id = NULL; + } + /* id not found */ + if (hdr.id == NULL) + goto cleanup; + l = w; + if (hdr.id->pkcs8) { + enum ltc_oid_id pka; + ltc_asn1_list *alg_id, *priv_key; + if ((err = pkcs8_decode_flexi(pem, l, pw_ctx, &p8_asn1)) != CRYPT_OK) { + goto cleanup; + } + if ((err = pkcs8_get_children(p8_asn1, &pka, &alg_id, &priv_key)) != CRYPT_OK) { + goto cleanup; + } + switch (pka) { +#ifdef LTC_MDSA + case LTC_OID_DSA: + err = dsa_import_pkcs8_asn1(alg_id, priv_key, &k->u.dsa); + k->id = LTC_PKA_DSA; + break; +#endif +#ifdef LTC_MRSA + case LTC_OID_RSA: + err = rsa_import_pkcs8_asn1(alg_id, priv_key, &k->u.rsa); + k->id = LTC_PKA_RSA; + break; +#endif +#ifdef LTC_MECC + case LTC_OID_EC: + err = ecc_import_pkcs8_asn1(alg_id, priv_key, &k->u.ecc); + k->id = LTC_PKA_EC; + break; +#endif +#ifdef LTC_CURVE25519 + case LTC_OID_ED25519: + err = ed25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.curve25519); + k->id = LTC_PKA_CURVE25519; + break; + case LTC_OID_X25519: + err = x25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.curve25519); + k->id = LTC_PKA_CURVE25519; + break; +#endif + default: + err = CRYPT_PK_INVALID_TYPE; + } + goto cleanup; + } else if (hdr.encrypted) { + LTC_ARGCHK(pw_ctx != NULL); + LTC_ARGCHK(pw_ctx->callback != NULL); + + hdr.pw = &pw; + if (pw_ctx->callback(&hdr.pw->pw, &hdr.pw->l, pw_ctx->userdata)) { + err = CRYPT_ERROR; + goto cleanup; + } + + if ((err = s_decrypt_pem(pem, &l, &hdr)) != CRYPT_OK) { + goto cleanup; + } + } + switch (hdr.id->pka) { +#ifdef LTC_MDSA + case LTC_OID_DSA: + err = dsa_import(pem, l, &k->u.dsa); + k->id = LTC_PKA_DSA; + break; +#endif +#ifdef LTC_MRSA + case LTC_OID_RSA: + err = rsa_import(pem, l, &k->u.rsa); + k->id = LTC_PKA_RSA; + break; +#endif +#ifdef LTC_MECC + case LTC_OID_EC: + err = ecc_import_openssl(pem, l, &k->u.ecc); + k->id = LTC_PKA_EC; + break; +#endif + default: + err = CRYPT_PK_INVALID_TYPE; + goto cleanup; + } + +cleanup: + if (p8_asn1) { + der_sequence_free(p8_asn1); + } + if (hdr.pw) { + zeromem(hdr.pw->pw, hdr.pw->l); + XFREE(hdr.pw->pw); + } + XFREE(pem); + return err; +} + +int pem_decode_pkcs_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx) +{ + LTC_ARGCHK(f != NULL); + LTC_ARGCHK(k != NULL); + { + struct get_char g = { .get = pem_get_char_from_file, .f = f }; + return s_decode(&g, k, pw_ctx); + } +} + +int pem_decode_pkcs(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx) +{ + LTC_ARGCHK(buf != NULL); + LTC_ARGCHK(k != NULL); + { + struct get_char g = { .get = pem_get_char_from_buf, SET_BUFP(.buf, buf, len) }; + return s_decode(&g, k, pw_ctx); + } +} + +#endif /* LTC_PEM */ diff --git a/src/misc/pem/pem_read.c b/src/misc/pem/pem_read.c new file mode 100644 index 000000000..a8183c245 --- /dev/null +++ b/src/misc/pem/pem_read.c @@ -0,0 +1,202 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + +/** + @file pem_read.c + Read and interpret a PEM file, Steffen Jaeckel +*/ + +#ifdef LTC_PEM + +int pem_get_char_from_file(struct get_char *g) +{ + return getc(g->f); +} + +int pem_get_char_from_buf(struct get_char *g) +{ + int ret; + if (g->buf.work == g->buf.end) { + return -1; + } + ret = *g->buf.work; + g->buf.work++; + return ret; +} + +static void s_unget_line(char *buf, unsigned long buflen, struct get_char *g) +{ + if (buflen > sizeof(g->unget_buf_)) + return; + g->unget_buf.p = g->unget_buf_; + COPY_STR(g->unget_buf, buf, buflen); +} + +static char* s_get_line(char *buf, unsigned long *buflen, struct get_char *g) +{ + unsigned long blen = 0; + int c = -1, c_; + if (g->unget_buf.p) { + if (*buflen < g->unget_buf.len) { + return NULL; + } + XMEMCPY(buf, g->unget_buf.p, g->unget_buf.len); + *buflen = g->unget_buf.len; + RESET_STR(g->unget_buf); + return buf; + } + while(blen < *buflen) { + c_ = c; + c = g->get(g); + if (c == '\n') { + buf[blen] = '\0'; + if (c_ == '\r') { + buf[--blen] = '\0'; + } + *buflen = blen; + return buf; + } + if (c == -1 || c == '\0') { + buf[blen] = '\0'; + *buflen = blen; + return buf; + } + buf[blen] = c; + blen++; + } + return NULL; +} + +static LTC_INLINE int s_fits_buf(void *dest, unsigned long to_write, void *end) +{ + unsigned char *d = dest; + unsigned char *e = end; + unsigned char *w = d + to_write; + if (w < d || w > e) + return 0; + return 1; +} + +static int s_pem_decode_headers(struct pem_headers *hdr, struct get_char *g) +{ + char buf[LTC_PEM_DECODE_BUFSZ], *alg_start; + unsigned long slen, tmplen, n; + int has_more_headers = hdr->id->has_more_headers == no ? 0 : 3; + + /* Make sure the PEM has the appropriate extension headers if required. + * + * ``` + * Proc-Type: 4,ENCRYPTED[\r]\n + * DEK-Info: ,[\r]\n + * [\r]\n + * ``` + */ + while (has_more_headers) { + slen = sizeof(buf); + if (!s_get_line(buf, &slen, g) || (has_more_headers > 1 && slen == 0)) { + return CRYPT_INVALID_PACKET; + } + switch (has_more_headers) { + case 3: + if (XMEMCMP(buf, pem_proc_type_encrypted.p, pem_proc_type_encrypted.len)) { + s_unget_line(buf, slen, g); + if (hdr->id->has_more_headers == maybe) + return CRYPT_OK; + else + return CRYPT_INVALID_PACKET; + } + hdr->encrypted = 1; + break; + case 2: + hdr->info.alg = NULL; + if (XMEMCMP(buf, pem_dek_info_start.p, pem_dek_info_start.len)) + return CRYPT_INVALID_PACKET; + alg_start = &buf[pem_dek_info_start.len]; + for (n = 0; n < pem_dek_infos_num; ++n) { + if (slen >= pem_dek_infos[n].id.len + pem_dek_info_start.len && !XMEMCMP(alg_start, pem_dek_infos[n].id.p, pem_dek_infos[n].id.len)) { + hdr->info = pem_dek_infos[n].info; + tmplen = XSTRLEN(alg_start + pem_dek_infos[n].id.len); + if (tmplen > sizeof(hdr->info.iv)) + return CRYPT_INVALID_KEYSIZE; + XMEMCPY(hdr->info.iv, alg_start + pem_dek_infos[n].id.len, tmplen); + break; + } + } + if (hdr->info.alg == NULL) { + return CRYPT_INVALID_CIPHER; + } + break; + case 1: + /* Make sure that there's an empty line in between */ + if (buf[0] != '\0') + return CRYPT_INVALID_PACKET; + break; + default: + return CRYPT_INVALID_CIPHER; + } + has_more_headers--; + } + return CRYPT_OK; +} + +int pem_read(void *pem, unsigned long *w, struct pem_headers *hdr, struct get_char *g) +{ + char buf[LTC_PEM_DECODE_BUFSZ]; + char *wpem = pem; + char *end = wpem + *w; + unsigned long slen, linelen; + int err, hdr_ok = 0; + int would_overflow = 0; + + linelen = sizeof(buf); + if (s_get_line(buf, &linelen, g) == NULL) { + return CRYPT_INVALID_PACKET; + } + if (hdr->id->start.len != linelen || XMEMCMP(buf, hdr->id->start.p, hdr->id->start.len)) { + s_unget_line(buf, linelen, g); + return CRYPT_INVALID_PACKET; + } + + hdr->encrypted = hdr->id->encrypted; + if ((err = s_pem_decode_headers(hdr, g)) != CRYPT_OK) + return err; + + /* Read the base64 encoded part of the PEM */ + slen = sizeof(buf); + while (s_get_line(buf, &slen, g)) { + if (slen == hdr->id->end.len && !XMEMCMP(buf, hdr->id->end.p, slen)) { + hdr_ok = 1; + break; + } + if (!would_overflow && s_fits_buf(wpem, slen, end)) { + XMEMCPY(wpem, buf, slen); + } else { + would_overflow = 1; + } + wpem += slen; + slen = sizeof(buf); + } + if (!hdr_ok) + return CRYPT_INVALID_PACKET; + + if (would_overflow || !s_fits_buf(wpem, 1, end)) { + /* NUL termination */ + wpem++; + /* prevent a wrap-around */ + if (wpem < (char*)pem) + return CRYPT_OVERFLOW; + *w = wpem - (char*)pem; + return CRYPT_BUFFER_OVERFLOW; + } + + *w = wpem - (char*)pem; + *wpem++ = '\0'; + + if ((err = base64_strict_decode(pem, *w, pem, w)) != CRYPT_OK) { + return err; + } + return CRYPT_OK; +} + +#endif /* LTC_PEM */ diff --git a/tests/pem_test.c b/tests/pem_test.c index 8e3b5a3af..e98660449 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -77,7 +77,7 @@ static int s_pem_decode(const void *in, unsigned long inlen, void *key) password_ctx pw_ctx; int err; pw_ctx.callback = password_get; - if ((err = pem_decode(in, inlen, key, &pw_ctx)) != CRYPT_OK) { + if ((err = pem_decode_pkcs(in, inlen, key, &pw_ctx)) != CRYPT_OK) { return err; } return s_key_cmp(key); @@ -88,7 +88,7 @@ static int s_pem_decode_f(FILE *f, void *key) password_ctx pw_ctx; int err; pw_ctx.callback = password_get; - if ((err = pem_decode_filehandle(f, key, &pw_ctx)) != CRYPT_OK) { + if ((err = pem_decode_pkcs_filehandle(f, key, &pw_ctx)) != CRYPT_OK) { return err; } return s_key_cmp(key); From 26fbebb9d06a896f89ac9a02a386e84745bcef67 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 13 Sep 2022 12:02:15 +0200 Subject: [PATCH 22/51] add support for DH keys Signed-off-by: Steffen Jaeckel # Conflicts: # src/pk/dh/dh_import.c # src/pk/dh/dh_set.c # src/pk/dh/dh_set_pg_dhparam.c --- src/headers/tomcrypt_pk.h | 2 + src/headers/tomcrypt_private.h | 3 ++ src/misc/pem/pem_pkcs.c | 6 +++ src/pk/asn1/oid/pk_get.c | 1 + src/pk/dh/dh.c | 15 ++++++ src/pk/dh/dh_import.c | 2 +- src/pk/dh/dh_import_pkcs8.c | 87 ++++++++++++++++++++++++++++++++++ src/pk/dh/dh_set.c | 5 +- src/pk/dh/dh_set_pg_dhparam.c | 2 +- tests/pem/dh-encrypted.pk8 | 11 +++++ tests/pem/dh.pk8 | 9 ++++ tests/pem_test.c | 6 +++ 12 files changed, 145 insertions(+), 4 deletions(-) create mode 100644 src/pk/dh/dh_import_pkcs8.c create mode 100644 tests/pem/dh-encrypted.pk8 create mode 100644 tests/pem/dh.pk8 diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 2493561ad..3cf0475e8 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -143,6 +143,8 @@ int dh_get_groupsize(const dh_key *key); int dh_export(unsigned char *out, unsigned long *outlen, int type, const dh_key *key); int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key); +int dh_import_pkcs8(const unsigned char *in, unsigned long inlen, + const password_ctx *pw_ctx, dh_key *key); int dh_set_pg(const unsigned char *p, unsigned long plen, const unsigned char *g, unsigned long glen, diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index ceb56d46b..9f99feb7a 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -52,6 +52,7 @@ enum ltc_oid_id { LTC_OID_EC_PRIMEF, LTC_OID_X25519, LTC_OID_ED25519, + LTC_OID_DH, }; /* @@ -369,7 +370,9 @@ int rsa_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, rsa_ke #ifdef LTC_MDH extern const ltc_dh_set_type ltc_dh_sets[]; +int dh_init(dh_key *key); int dh_check_pubkey(const dh_key *key); +int dh_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, dh_key *key); #endif /* LTC_MDH */ /* ---- ECC Routines ---- */ diff --git a/src/misc/pem/pem_pkcs.c b/src/misc/pem/pem_pkcs.c index 8160f682d..3c6522fad 100644 --- a/src/misc/pem/pem_pkcs.c +++ b/src/misc/pem/pem_pkcs.c @@ -93,6 +93,12 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) goto cleanup; } switch (pka) { +#ifdef LTC_MDH + case LTC_OID_DH: + err = dh_import_pkcs8_asn1(alg_id, priv_key, &k->u.dh); + k->id = LTC_PKA_DH; + break; +#endif #ifdef LTC_MDSA case LTC_OID_DSA: err = dsa_import_pkcs8_asn1(alg_id, priv_key, &k->u.dsa); diff --git a/src/pk/asn1/oid/pk_get.c b/src/pk/asn1/oid/pk_get.c index 1fc72a130..4d00d3d69 100644 --- a/src/pk/asn1/oid/pk_get.c +++ b/src/pk/asn1/oid/pk_get.c @@ -17,6 +17,7 @@ static const oid_table_entry pka_oids[] = { { LTC_OID_EC_PRIMEF, LTC_PKA_EC, "1.2.840.10045.1.1" }, { LTC_OID_X25519, LTC_PKA_CURVE25519, "1.3.101.110" }, { LTC_OID_ED25519, LTC_PKA_CURVE25519, "1.3.101.112" }, + { LTC_OID_DH, LTC_PKA_DH, "1.2.840.113549.1.3.1" }, }; /* diff --git a/src/pk/dh/dh.c b/src/pk/dh/dh.c index 277ce3026..471d215ce 100644 --- a/src/pk/dh/dh.c +++ b/src/pk/dh/dh.c @@ -224,4 +224,19 @@ int dh_get_groupsize(const dh_key *key) return mp_unsigned_bin_size(key->prime); } +/** + Init a DH key + @param key The DH key to initialize + @return CRYPT_OK if successful +*/ +int dh_init(dh_key *key) +{ + int err; + LTC_ARGCHK(key != NULL); + if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, LTC_NULL)) != CRYPT_OK) { + return err; + } + return CRYPT_OK; +} + #endif /* LTC_MDH */ diff --git a/src/pk/dh/dh_import.c b/src/pk/dh/dh_import.c index a067a3275..8be75e259 100644 --- a/src/pk/dh/dh_import.c +++ b/src/pk/dh/dh_import.c @@ -22,7 +22,7 @@ int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key) LTC_ARGCHK(key != NULL); /* init */ - if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, LTC_NULL)) != CRYPT_OK) { + if ((err = dh_init(key)) != CRYPT_OK) { return err; } diff --git a/src/pk/dh/dh_import_pkcs8.c b/src/pk/dh/dh_import_pkcs8.c new file mode 100644 index 000000000..431b05eea --- /dev/null +++ b/src/pk/dh/dh_import_pkcs8.c @@ -0,0 +1,87 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ + +#include "tomcrypt_private.h" + +#ifdef LTC_MDH + +int dh_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, dh_key *key) +{ + int err; + + LTC_ARGCHK(key != NULL); + + if (!alg_id->child || + !LTC_ASN1_IS_TYPE(alg_id->child->next, LTC_ASN1_SEQUENCE) || + !LTC_ASN1_IS_TYPE(alg_id->child->next->child, LTC_ASN1_INTEGER) || + !LTC_ASN1_IS_TYPE(alg_id->child->next->child->next, LTC_ASN1_INTEGER)) { + return CRYPT_PK_INVALID_TYPE; + } + + if ((err = dh_init(key)) != CRYPT_OK) { + return err; + } + + if ((err = mp_copy(alg_id->child->next->child->data, key->prime)) != CRYPT_OK) { + goto error; + } + if ((err = mp_copy(alg_id->child->next->child->next->data, key->base)) != CRYPT_OK) { + goto error; + } + + if ((err = der_decode_integer(priv_key->data, priv_key->size, key->x)) != CRYPT_OK) { + goto error; + } + /* compute public key: y = (base ^ x) mod prime */ + if ((err = mp_exptmod(key->base, key->x, key->prime, key->y)) != CRYPT_OK) { + goto error; + } + /* check public key */ + if ((err = dh_check_pubkey(key)) != CRYPT_OK) { + goto error; + } + key->type = PK_PRIVATE; + + return CRYPT_OK; +error: + dh_free(key); + return err; +} + +/** + Import a DH key in PKCS#8 format + @param in The packet to import from + @param inlen It's length (octets) + @param pw_ctx The password context when decrypting the private key + @param key [out] Destination for newly imported key + @return CRYPT_OK if successful, on error all allocated memory is freed automatically +*/ +int dh_import_pkcs8(const unsigned char *in, unsigned long inlen, + const password_ctx *pw_ctx, dh_key *key) +{ + int err; + ltc_asn1_list *l = NULL; + ltc_asn1_list *alg_id, *priv_key; + enum ltc_oid_id pka; + + LTC_ARGCHK(in != NULL); + + if ((err = pkcs8_decode_flexi(in, inlen, pw_ctx, &l)) != CRYPT_OK) { + return err; + } + if ((err = pkcs8_get_children(l, &pka, &alg_id, &priv_key)) != CRYPT_OK) { + goto LBL_DER_FREE; + } + if (pka != LTC_OID_DH) { + err = CRYPT_INVALID_PACKET; + goto LBL_DER_FREE; + } + + err = dh_import_pkcs8_asn1(alg_id, priv_key, key); + +LBL_DER_FREE: + der_free_sequence_flexi(l); + return err; +} + +#endif /* LTC_MDH */ diff --git a/src/pk/dh/dh_set.c b/src/pk/dh/dh_set.c index e25db0899..f81bf3810 100644 --- a/src/pk/dh/dh_set.c +++ b/src/pk/dh/dh_set.c @@ -26,7 +26,7 @@ int dh_set_pg(const unsigned char *p, unsigned long plen, LTC_ARGCHK(g != NULL); LTC_ARGCHK(ltc_mp.name != NULL); - if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, LTC_NULL)) != CRYPT_OK) { + if ((err = dh_init(key)) != CRYPT_OK) { return err; } @@ -58,9 +58,10 @@ int dh_set_pg_groupsize(int groupsize, dh_key *key) for (i = 0; (groupsize > ltc_dh_sets[i].size) && (ltc_dh_sets[i].size != 0); i++); if (ltc_dh_sets[i].size == 0) return CRYPT_INVALID_KEYSIZE; - if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, LTC_NULL)) != CRYPT_OK) { + if ((err = dh_init(key)) != CRYPT_OK) { return err; } + if ((err = mp_read_radix(key->base, ltc_dh_sets[i].base, 16)) != CRYPT_OK) { goto LBL_ERR; } if ((err = mp_read_radix(key->prime, ltc_dh_sets[i].prime, 16)) != CRYPT_OK) { goto LBL_ERR; } diff --git a/src/pk/dh/dh_set_pg_dhparam.c b/src/pk/dh/dh_set_pg_dhparam.c index 1f2fb3b93..4d254fd27 100644 --- a/src/pk/dh/dh_set_pg_dhparam.c +++ b/src/pk/dh/dh_set_pg_dhparam.c @@ -24,7 +24,7 @@ int dh_set_pg_dhparam(const unsigned char *dhparam, unsigned long dhparamlen, dh LTC_ARGCHK(dhparam != NULL); LTC_ARGCHK(dhparamlen > 0); - if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, LTC_NULL)) != CRYPT_OK) { + if ((err = dh_init(key)) != CRYPT_OK) { return err; } if ((err = der_decode_sequence_multi(dhparam, dhparamlen, diff --git a/tests/pem/dh-encrypted.pk8 b/tests/pem/dh-encrypted.pk8 new file mode 100644 index 000000000..a7e313fc4 --- /dev/null +++ b/tests/pem/dh-encrypted.pk8 @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBjTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI+JYkd4NoIU4CAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBCNnY9OuYIvCurJu9sEYkz6BIIB +MGzX4GwCvBQV/dOiy0PvbY443xkKZHPTtNbirE+9NLVVrTI7EUQv5UO5Xl0wVHje +R4hADBzpIKAd0zjsGYfMQ6rEabIdO4R+UBKoibTgyOzt7Y5Ge/4+pYy14bMFeZ44 +6OaP6jXRsn1/DIi0mxcBo9eDfZX3FzgANWiDvFA2VWC+qEbsm4JBB8uDJ+aWtjyR +mct/FXzGHwi+IGuPBzo9dIywisW4whmBwh1XpFBMxjmMLqWInuUailAkIARJ0w04 +GdGZ6HYlKmsTvAKv4WRK+EnwZ8JmBiVl6ulcX8k1zbrT2ElyBUCFneMktFKULE1l +myVMuAQCuuGfWdquegqLOyvgK6S9p3wfVyzkney8qBN07WZHE+UUW8AQrZS6J5nS +wSAjBu3wmDmDo7AWEQZFMK4= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem/dh.pk8 b/tests/pem/dh.pk8 new file mode 100644 index 000000000..0bd393f00 --- /dev/null +++ b/tests/pem/dh.pk8 @@ -0,0 +1,9 @@ +-----BEGIN PRIVATE KEY----- +MIIBIQIBADCBlQYJKoZIhvcNAQMBMIGHAoGBANL7HwrNQcDtDCkqzYxzMCFLFCdJ +qkp7v5RtqHzNM+5VQZp/xo2BzWF5PLJQ9ssE5QYtl7zQGM8eK1Z4/ACKwm2GJR4d +5kkr3SCbK2zoedDj/LJy1xBWjtRa81W6LtBAnEH7w5hgwJiPPFbc5X2i2uv6bcRk +wk7SBstON/Nn+7KLAgECBIGDAoGAceccNmflU1P1oAb6pyQoWKokZXdkwSepQo65 +Fub3B2YW9/qI7DHiSskfQptl4ifeQRFGwq11kqsNUI+mcdGODs1r5MUZ99g1Bh3u +X3XOfTgZoyDY5uHwBLl6HndN/QcJ+nq9y3URt4ltklQQ3WFPzHTdJNg9qBeLqNVe +GaFVEJo= +-----END PRIVATE KEY----- diff --git a/tests/pem_test.c b/tests/pem_test.c index e98660449..85bca1f0e 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -65,6 +65,7 @@ static int s_key_cmp(ltc_pka_key *key) #endif break; case LTC_PKA_CURVE25519: + case LTC_PKA_DH: return CRYPT_OK; default: return CRYPT_INVALID_ARG; @@ -97,6 +98,11 @@ static int s_pem_decode_f(FILE *f, void *key) static void s_pem_free_key(ltc_pka_key *key) { switch (key->id) { + case LTC_PKA_DH: +#if defined(LTC_MDH) + dh_free(&key->u.dh); +#endif + break; case LTC_PKA_DSA: #if defined(LTC_MDSA) dsa_free(&key->u.dsa); From 5523eadc1346abc6f4e20f8a11a80fcf0293a347 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 17 Mar 2022 11:56:12 +0100 Subject: [PATCH 23/51] disable PEM support on MSVC If someone wants to fix builds on MSVC, please step forward. Until then the library can still be used on Windows via `mingw-gcc`. Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_custom.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h index e57de3623..5b57cb8e6 100644 --- a/src/headers/tomcrypt_custom.h +++ b/src/headers/tomcrypt_custom.h @@ -773,4 +773,11 @@ #undef LTC_ECC521 #endif +/* MSVC can't build PEM */ +#if defined(LTC_PEM) && defined(_MSC_VER) +#undef LTC_PEM +#undef LTC_PEM_DECODE_BUFSZ +#undef LTC_PEM_READ_BUFSIZE +#endif + #endif /* TOMCRYPT_CUSTOM_H_ */ From 4e46f823df8ad636ed001c3df7bc9e2943010c0a Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 4 Aug 2022 15:11:23 +0200 Subject: [PATCH 24/51] clean-up a bit * more `const` correctness * take `LTC_NO_FILE` into account * only declare `extern` variables where they're required * ensure keys don't contain stale data * ensure input arguments are valid * add `CRYPT_PW_CTX_MISSING` error code * fix documentation Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt.h | 3 ++- src/headers/tomcrypt_misc.h | 8 +++---- src/headers/tomcrypt_private.h | 11 ++++----- src/misc/error_to_string.c | 2 ++ src/misc/pem/pem_pkcs.c | 19 +++++++++++----- src/misc/pem/pem_read.c | 7 ++++++ src/misc/pem/pem_ssh.c | 31 +++++++++++++++++--------- src/pk/asn1/pkcs8/pkcs8_decode_flexi.c | 6 +++-- src/pk/rsa/rsa_key.c | 2 +- 9 files changed, 59 insertions(+), 30 deletions(-) diff --git a/src/headers/tomcrypt.h b/src/headers/tomcrypt.h index 8efdc8a98..79514cedf 100644 --- a/src/headers/tomcrypt.h +++ b/src/headers/tomcrypt.h @@ -72,7 +72,8 @@ enum { CRYPT_INVALID_PRIME_SIZE,/* Invalid size of prime requested */ CRYPT_PK_INVALID_PADDING, /* Invalid padding on input */ - CRYPT_HASH_OVERFLOW /* Hash applied to too many bits */ + CRYPT_HASH_OVERFLOW, /* Hash applied to too many bits */ + CRYPT_PW_CTX_MISSING, /* Password context to decrypt key file is missing */ }; #include "tomcrypt_cfg.h" diff --git a/src/headers/tomcrypt_misc.h b/src/headers/tomcrypt_misc.h index ce81da8b0..7bd49d1af 100644 --- a/src/headers/tomcrypt_misc.h +++ b/src/headers/tomcrypt_misc.h @@ -160,12 +160,12 @@ int padding_depad(const unsigned char *data, unsigned long *length, unsigned lon #endif /* LTC_PADDING */ #ifdef LTC_PEM -int pem_decode_pkcs_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx); -int pem_decode_pkcs(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx); +int pem_decode_pkcs_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx); +int pem_decode_pkcs(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx); #ifdef LTC_SSH -int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx); -int pem_decode_openssh(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx); +int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx); +int pem_decode_openssh(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx); #endif #endif /* LTC_PEM */ diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 9f99feb7a..74c21f4e4 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -306,13 +306,6 @@ struct pem_headers { struct password *pw; }; -extern const struct pem_header_id pem_std_headers[]; -extern const unsigned long pem_std_headers_num; -extern const struct str pem_proc_type_encrypted; -extern const struct str pem_dek_info_start; -extern const struct dek_info_from_str pem_dek_infos[]; -extern const unsigned long pem_dek_infos_num; - struct bufp { /* `end` points to one byte after the last * element of the allocated buffer @@ -325,7 +318,9 @@ struct bufp { struct get_char { int (*get)(struct get_char*); union { +#ifndef LTC_NO_FILE FILE *f; +#endif /* LTC_NO_FILE */ struct bufp buf; }; struct str unget_buf; @@ -342,7 +337,9 @@ int pbes_decrypt(const pbes_arg *arg, unsigned char *dec_data, unsigned long *d int pbes1_extract(const ltc_asn1_list *s, pbes_arg *res); int pbes2_extract(const ltc_asn1_list *s, pbes_arg *res); +#ifndef LTC_NO_FILE int pem_get_char_from_file(struct get_char *g); +#endif /* LTC_NO_FILE */ int pem_get_char_from_buf(struct get_char *g); int pem_read(void *pem, unsigned long *w, struct pem_headers *hdr, struct get_char *g); diff --git a/src/misc/error_to_string.c b/src/misc/error_to_string.c index 5afac844a..8e43d702d 100644 --- a/src/misc/error_to_string.c +++ b/src/misc/error_to_string.c @@ -51,6 +51,8 @@ static const char * const err_2_str[] = "Invalid padding.", "Hash applied to too many bits.", + + "Password context to decrypt key file is missing.", }; /** diff --git a/src/misc/pem/pem_pkcs.c b/src/misc/pem/pem_pkcs.c index 3c6522fad..1dfaa7c92 100644 --- a/src/misc/pem/pem_pkcs.c +++ b/src/misc/pem/pem_pkcs.c @@ -9,6 +9,9 @@ #ifdef LTC_PEM +extern const struct pem_header_id pem_std_headers[]; +extern const unsigned long pem_std_headers_num; + static int s_decrypt_pem(unsigned char *pem, unsigned long *l, const struct pem_headers *hdr) { unsigned char iv[MAXBLOCKSIZE], key[MAXBLOCKSIZE]; @@ -58,7 +61,7 @@ typedef struct { pkcs8_import fn; } p8_import_st; -static int s_decode(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) +static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_ctx) { unsigned char *pem = NULL; unsigned long w, l, n; @@ -66,6 +69,7 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) struct pem_headers hdr = { 0 }; struct password pw; ltc_asn1_list *p8_asn1 = NULL; + XMEMSET(k, 0, sizeof(*k)); w = LTC_PEM_READ_BUFSIZE * 2; retry: pem = XREALLOC(pem, w); @@ -132,8 +136,10 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) } goto cleanup; } else if (hdr.encrypted) { - LTC_ARGCHK(pw_ctx != NULL); - LTC_ARGCHK(pw_ctx->callback != NULL); + if ((pw_ctx == NULL) || (pw_ctx->callback == NULL)) { + err = CRYPT_PW_CTX_MISSING; + goto cleanup; + } hdr.pw = &pw; if (pw_ctx->callback(&hdr.pw->pw, &hdr.pw->l, pw_ctx->userdata)) { @@ -181,7 +187,8 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) return err; } -int pem_decode_pkcs_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx) +#ifndef LTC_NO_FILE +int pem_decode_pkcs_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx) { LTC_ARGCHK(f != NULL); LTC_ARGCHK(k != NULL); @@ -190,10 +197,12 @@ int pem_decode_pkcs_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx) return s_decode(&g, k, pw_ctx); } } +#endif /* LTC_NO_FILE */ -int pem_decode_pkcs(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx) +int pem_decode_pkcs(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx) { LTC_ARGCHK(buf != NULL); + LTC_ARGCHK(len != 0); LTC_ARGCHK(k != NULL); { struct get_char g = { .get = pem_get_char_from_buf, SET_BUFP(.buf, buf, len) }; diff --git a/src/misc/pem/pem_read.c b/src/misc/pem/pem_read.c index a8183c245..cbad827ce 100644 --- a/src/misc/pem/pem_read.c +++ b/src/misc/pem/pem_read.c @@ -9,10 +9,17 @@ #ifdef LTC_PEM +extern const struct str pem_proc_type_encrypted; +extern const struct str pem_dek_info_start; +extern const struct dek_info_from_str pem_dek_infos[]; +extern const unsigned long pem_dek_infos_num; + +#ifndef LTC_NO_FILE int pem_get_char_from_file(struct get_char *g) { return getc(g->f); } +#endif /* LTC_NO_FILE */ int pem_get_char_from_buf(struct get_char *g) { diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c index 3ce53d18c..369a14abf 100644 --- a/src/misc/pem/pem_ssh.c +++ b/src/misc/pem/pem_ssh.c @@ -344,13 +344,14 @@ static const struct pem_header_id pem_openssh = .has_more_headers = 0 }; -static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, password_ctx *pw_ctx) +static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_ctx) { unsigned char *pem = NULL, *p, *privkey = NULL; unsigned long w, l, privkey_len; int err; struct pem_headers hdr = { .id = &pem_openssh }; struct kdf_options opts = { 0 }; + XMEMSET(k, 0, sizeof(*k)); w = LTC_PEM_READ_BUFSIZE * 2; retry: pem = XREALLOC(pem, w); @@ -378,9 +379,8 @@ static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, password_ctx *pw } if (XSTRCMP(opts.name, "none") != 0) { - /* hard-coded pass for demo keys */ - if (!pw_ctx || !pw_ctx->callback) { - err = CRYPT_INVALID_ARG; + if ((pw_ctx == NULL) || (pw_ctx->callback == NULL)) { + err = CRYPT_PW_CTX_MISSING; goto cleanup; } if (pw_ctx->callback(&opts.pw.pw, &opts.pw.l, pw_ctx->userdata)) { @@ -411,16 +411,27 @@ static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, password_ctx *pw return err; } -int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx) +#ifndef LTC_NO_FILE +int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx) { - struct get_char g = { .get = pem_get_char_from_file, .f = f }; - return s_decode_openssh(&g, k, pw_ctx); + LTC_ARGCHK(f != NULL); + LTC_ARGCHK(k != NULL); + { + struct get_char g = { .get = pem_get_char_from_file, .f = f }; + return s_decode_openssh(&g, k, pw_ctx); + } } +#endif /* LTC_NO_FILE */ -int pem_decode_openssh(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx) +int pem_decode_openssh(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx) { - struct get_char g = { .get = pem_get_char_from_buf, SET_BUFP(.buf, buf, len) }; - return s_decode_openssh(&g, k, pw_ctx); + LTC_ARGCHK(buf != NULL); + LTC_ARGCHK(len != 0); + LTC_ARGCHK(k != NULL); + { + struct get_char g = { .get = pem_get_char_from_buf, SET_BUFP(.buf, buf, len) }; + return s_decode_openssh(&g, k, pw_ctx); + } } #endif /* defined(LTC_PEM_SSH) */ diff --git a/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c b/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c index c8b4e11f9..0256e7755 100644 --- a/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c +++ b/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c @@ -48,8 +48,10 @@ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, LTC_ASN1_IS_TYPE(l->child->next, LTC_ASN1_OCTET_STRING)) { ltc_asn1_list *lalgoid = l->child->child; - LTC_ARGCHK(pw_ctx != NULL); - LTC_ARGCHK(pw_ctx->callback != NULL); + if ((pw_ctx == NULL) || (pw_ctx->callback == NULL)) { + err = CRYPT_PW_CTX_MISSING; + goto LBL_DONE; + } if (pbes1_extract(lalgoid, &pbes) == CRYPT_OK) { /* Successfully extracted PBES1 parameters */ diff --git a/src/pk/rsa/rsa_key.c b/src/pk/rsa/rsa_key.c index 2d0712f23..425684fa0 100644 --- a/src/pk/rsa/rsa_key.c +++ b/src/pk/rsa/rsa_key.c @@ -81,7 +81,7 @@ void rsa_shrink_key(rsa_key *key) /** Init an RSA key - @param key The RSA key to free + @param key The RSA key to initialize @return CRYPT_OK if successful */ int rsa_init(rsa_key *key) From 651582254b91a8907191f575d89d26261ecef194 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 4 Aug 2022 18:14:57 +0200 Subject: [PATCH 25/51] introduce `pka_key_free()` Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_pk.h | 1 + src/pk/pka_key_free.c | 32 +++++++++++++++++++++++++++++++ tests/pem_test.c | 40 ++++++--------------------------------- 3 files changed, 39 insertions(+), 34 deletions(-) create mode 100644 src/pk/pka_key_free.c diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 3cf0475e8..e4aa21aca 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -526,6 +526,7 @@ typedef struct { enum ltc_pka_id id; } ltc_pka_key; +void pka_key_free(ltc_pka_key *key); #ifdef LTC_DER /* DER handling */ diff --git a/src/pk/pka_key_free.c b/src/pk/pka_key_free.c new file mode 100644 index 000000000..479a933dd --- /dev/null +++ b/src/pk/pka_key_free.c @@ -0,0 +1,32 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + +void pka_key_free(ltc_pka_key *key) +{ + LTC_ARGCHKVD(key != NULL); + switch (key->id) { + case LTC_PKA_DH: +#if defined(LTC_MDH) + dh_free(&key->u.dh); +#endif + break; + case LTC_PKA_DSA: +#if defined(LTC_MDSA) + dsa_free(&key->u.dsa); +#endif + break; + case LTC_PKA_RSA: +#if defined(LTC_MRSA) + rsa_free(&key->u.rsa); +#endif + break; + case LTC_PKA_EC: +#if defined(LTC_MECC) + ecc_free(&key->u.ecc); +#endif + break; + default: + break; + } +} diff --git a/tests/pem_test.c b/tests/pem_test.c index 85bca1f0e..255f0fce3 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -95,34 +95,6 @@ static int s_pem_decode_f(FILE *f, void *key) return s_key_cmp(key); } -static void s_pem_free_key(ltc_pka_key *key) -{ - switch (key->id) { - case LTC_PKA_DH: -#if defined(LTC_MDH) - dh_free(&key->u.dh); -#endif - break; - case LTC_PKA_DSA: -#if defined(LTC_MDSA) - dsa_free(&key->u.dsa); -#endif - break; - case LTC_PKA_RSA: -#if defined(LTC_MRSA) - rsa_free(&key->u.rsa); -#endif - break; - case LTC_PKA_EC: -#if defined(LTC_MECC) - ecc_free(&key->u.ecc); -#endif - break; - default: - break; - } -} - int pem_test(void) { ltc_pka_key key; @@ -140,13 +112,13 @@ int pem_test(void) #endif - DO(test_process_dir("tests/pem", &key, s_pem_decode, NULL, (dir_cleanup_cb)s_pem_free_key, "pem_test")); - DO(test_process_dir("tests/pem", &key, NULL, s_pem_decode_f, (dir_cleanup_cb)s_pem_free_key, "pem_test_filehandle")); - DO(test_process_dir("tests/pem-ecc-pkcs8", &key, s_pem_decode, NULL, (dir_cleanup_cb)s_pem_free_key, "pem_test+ecc")); - DO(test_process_dir("tests/pem-ecc-pkcs8", &key, NULL, s_pem_decode_f, (dir_cleanup_cb)s_pem_free_key, "pem_test_filehandle+ecc")); + DO(test_process_dir("tests/pem", &key, s_pem_decode, NULL, (dir_cleanup_cb)pka_key_free, "pem_test")); + DO(test_process_dir("tests/pem", &key, NULL, s_pem_decode_f, (dir_cleanup_cb)pka_key_free, "pem_test_filehandle")); + DO(test_process_dir("tests/pem-ecc-pkcs8", &key, s_pem_decode, NULL, (dir_cleanup_cb)pka_key_free, "pem_test+ecc")); + DO(test_process_dir("tests/pem-ecc-pkcs8", &key, NULL, s_pem_decode_f, (dir_cleanup_cb)pka_key_free, "pem_test_filehandle+ecc")); #ifdef LTC_SSH - DO(test_process_dir("tests/ssh", &key, s_pem_decode_ssh, NULL, (dir_cleanup_cb)s_pem_free_key, "pem_test+ssh")); - DO(test_process_dir("tests/ssh", &key, NULL, s_pem_decode_ssh_f, (dir_cleanup_cb)s_pem_free_key, "pem_test_filehandle+ssh")); + DO(test_process_dir("tests/ssh", &key, s_pem_decode_ssh, NULL, (dir_cleanup_cb)pka_key_free, "pem_test+ssh")); + DO(test_process_dir("tests/ssh", &key, NULL, s_pem_decode_ssh_f, (dir_cleanup_cb)pka_key_free, "pem_test_filehandle+ssh")); #endif #if defined(LTC_MDSA) From 39d4b089acb63d9c2de7727feae015f4f495d231 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 4 Aug 2022 14:27:21 +0200 Subject: [PATCH 26/51] Update docs Signed-off-by: Steffen Jaeckel --- doc/crypt.tex | 346 ++++++++++++++++++++++++++++++++++---- src/headers/tomcrypt_pk.h | 19 ++- 2 files changed, 330 insertions(+), 35 deletions(-) diff --git a/doc/crypt.tex b/doc/crypt.tex index eaf8822c2..a6f5a3f6f 100644 --- a/doc/crypt.tex +++ b/doc/crypt.tex @@ -4423,7 +4423,7 @@ \subsection{RSA Key Generation} \index{rsa\_free()} Note: the \textit{rsa\_make\_key()} and \textit{rsa\_make\_key\_ubin\_e()} functions allocates memory at run--time when you make the key. -Make sure to call \textit{rsa\_free()} (see below) when you are finished with the key. If \textit{rsa\_make\_key()} or \textit{rsa\_make\_key\_ubin\_e()} +Make sure to call \textit{rsa\_free()} (see below) when you are finished with the key. If \textit{rsa\_make\_key()} or \textit{rsa\_make\_key\_ubin\_e()} fails it will automatically free the memory allocated. \index{PK\_PRIVATE} \index{PK\_PUBLIC} @@ -4806,16 +4806,15 @@ \subsubsection{Import from standard formats} \index{rsa\_import\_pkcs8()} \begin{verbatim} int rsa_import_pkcs8(const unsigned char *in, - unsigned long inlen, - const void *passwd, - unsigned long passwdlen, - rsa_key *key); + unsigned long inlen, + const password_ctx *pw_ctx, + rsa_key *key); \end{verbatim} This function can import RSA private keys serialized in PKCS\#8 format. Where \textit{key} is the RSA key structure (uninitialized), \textit{inlen} bytes of \textit{in} buffer is the DER encoded key, -and \textit{pwdlen} bytes of \textit{pwd} is optional password/secret (use \textit{pwd = NULL} for keys without password protection). +and \textit{pw\_ctx} optionally points to a password-retrieval context, c.f. Ch. \ref{password-retrieval} for details. For password-protected files all supported encryption algorithms are listed in \ref{fig:pkcs8}. @@ -5118,6 +5117,7 @@ \chapter{Elliptic Curve Cryptography - $GF(p)$} analogy for digital signatures (also known as \textit{ECDSA}). \mysection{Supported Curves} +\label{supported-curvers} The following table \ref{fig:builtincurves} shows all built--in curves supported by the library. On top of that one can also use a custom curve defined by own parameters (the only limitation is that the curve must be based on equation \ref{ecc-gf-p-equation}). @@ -5487,14 +5487,13 @@ \subsection{Private Key Import -- PKCS\#8} \index{ecc\_import\_pkcs8()} \begin{verbatim} int ecc_import_pkcs8(const unsigned char *in, - unsigned long inlen, - const void *pwd, - unsigned long pwdlen, + unsigned long inlen, + const password_ctx *pw_ctx, ecc_key *key); \end{verbatim} Where \textit{key} is the ECC key structure (uninitialized), \textit{inlen} bytes of \textit{in} buffer is the DER encoded key, -and \textit{pwdlen} bytes of \textit{pwd} is optional password/secret (use \textit{pwd = NULL} for keys without password protection). +and \textit{pw\_ctx} optionally points to a password-retrieval context, c.f. Ch. \ref{password-retrieval} for details. For password-protected files all supported encryption algorithms are listed in \ref{fig:pkcs8}. @@ -5840,36 +5839,46 @@ \subsection{X25519 Key Operations} \index{x25519\_make\_key} \begin{verbatim} -int x25519_make_key(prng_state *prng, int wprng, curve25519_key *key); +int x25519_make_key( prng_state *prng, + int wprng, + curve25519_key *key); \end{verbatim} To generate a fresh X25529 key, one can use \textit{x25519\_make\_key} which will create a private\&public key-pair. \index{x25519\_import} \begin{verbatim} -int x25519_import(const unsigned char *in, unsigned long inlen, curve25519_key *key); +int x25519_import(const unsigned char *in, + unsigned long inlen, + curve25519_key *key); \end{verbatim} The \textit{x25519\_import} function can be used to import a public key in DER-encoded \textit{SubjectPublicKeyInfo} format. \index{x25519\_import\_raw} \begin{verbatim} -int x25519_import_raw(const unsigned char *in, unsigned long inlen, int which, curve25519_key *key); +int x25519_import_raw(const unsigned char *in, + unsigned long inlen, + int which, + curve25519_key *key); \end{verbatim} To import a public or private key in raw format, one can use the function \textit{x25519\_import\_raw}. \index{x25519\_import\_x509} \begin{verbatim} -int x25519_import_x509(const unsigned char *in, unsigned long inlen, curve25519_key *key); +int x25519_import_x509(const unsigned char *in, + unsigned long inlen, + curve25519_key *key); \end{verbatim} To import a public key from a DER-encoded \textit{X.509} certificate, one can use the function \textit{x25519\_import\_x509}. \index{x25519\_import\_pkcs8} \begin{verbatim} -int x25519_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, - curve25519_key *key); +int x25519_import_pkcs8(const unsigned char *in, + unsigned long inlen, + const password_ctx *pw_ctx, + curve25519_key *key); \end{verbatim} To import a private key in the \textit{OneAsymmetricKey} a.k.a \textit{PKCS \#8} format, either plain or PBES encrypted, @@ -5877,7 +5886,8 @@ \subsection{X25519 Key Operations} \index{x25519\_export} \begin{verbatim} -int x25519_export( unsigned char *out, unsigned long *outlen, +int x25519_export( unsigned char *out, + unsigned long *outlen, int which, const curve25519_key *key); \end{verbatim} @@ -5908,7 +5918,8 @@ \subsection{X25519 Cryptographic Operations} \begin{verbatim} int x25519_shared_secret(const curve25519_key *private_key, const curve25519_key *public_key, - unsigned char *out, unsigned long *outlen); + unsigned char *out, + unsigned long *outlen); \end{verbatim} This will construct the shared secret between the private- and the public-key and store the result in \textit{out} of length \textit{outlen}. @@ -5923,37 +5934,47 @@ \subsection{EdDSA Key Operations} \index{ed25519\_make\_key} \begin{verbatim} -int ed25519_make_key(prng_state *prng, int wprng, curve25519_key *key); +int ed25519_make_key( prng_state *prng, + int wprng, + curve25519_key *key); \end{verbatim} To generate a fresh Ed25529 key, one can use \textit{ed25519\_make\_key} which will create a private\&public key-pair. \index{ed25519\_import} \begin{verbatim} -int ed25519_import(const unsigned char *in, unsigned long inlen, curve25519_key *key); +int ed25519_import(const unsigned char *in, + unsigned long inlen, + curve25519_key *key); \end{verbatim} The \textit{ed25519\_import} function can be used to import a public key in DER-encoded \textit{SubjectPublicKeyInfo} format. \index{ed25519\_import\_raw} \begin{verbatim} -int ed25519_import_raw(const unsigned char *in, unsigned long inlen, int which, curve25519_key *key); +int ed25519_import_raw(const unsigned char *in, + unsigned long inlen, + int which, + curve25519_key *key); \end{verbatim} To import a public or private key in raw format, one can use the function \textit{ed25519\_import\_raw}. \index{ed25519\_import\_x509} \begin{verbatim} -int ed25519_import_x509(const unsigned char *in, unsigned long inlen, curve25519_key *key); +int ed25519_import_x509(const unsigned char *in, + unsigned long inlen, + curve25519_key *key); \end{verbatim} To import a public key from a DER-encoded \textit{X.509} certificate, one can use the function \textit{ed25519\_import\_x509}. \index{ed25519\_import\_pkcs8} \begin{verbatim} -int ed25519_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *pwd, unsigned long pwdlen, - curve25519_key *key); +int ed25519_import_pkcs8(const unsigned char *in, + unsigned long inlen, + const password_ctx *pw_ctx, + curve25519_key *key); \end{verbatim} To import a private key in the \textit{OneAsymmetricKey} a.k.a \textit{PKCS \#8} format, either plain or PBES encrypted, @@ -5961,7 +5982,8 @@ \subsection{EdDSA Key Operations} \index{ed25519\_export} \begin{verbatim} -int ed25519_export( unsigned char *out, unsigned long *outlen, +int ed25519_export( unsigned char *out, + unsigned long *outlen, int which, const curve25519_key *key); \end{verbatim} @@ -7206,6 +7228,7 @@ \subsubsection{Algorithm Two} \subsection{bcrypt} \index{bcrypt} +\label{bcrypt} bcrypt is a password hashing function, similar to PKCS \#5, but it is based on the blowfish symmetric cipher. It is widely used in e.g. OpenBSD as default password hash algorithm, or in encrypted OpenSSH key files. @@ -7227,15 +7250,16 @@ \subsection{bcrypt} The \textit{secret} parameter is the secret of length \textit{secret\_len} (most of the time a utf-8 encoded user password). The \textit{salt} parameter is a pointer to the array of octets of length \textit{salt\_len} containing the salt. The \textit{rounds} parameter defines the number of iterations of the expensive key setup that shall be executed. -The \textit{hash\_idx} parameter defines the hash algorithm that shall be used. +The \textit{hash\_idx} parameter defines the hash algorithm that shall be used. The \textit{out} parameter shall be a pointer to a buffer of at least 32 octets, where \textit{outlen} contains the available buffer size on input and the written size after the invocation. \mysection{PKCS \#8} \index{PKCS \#8} +\label{pkcs8} -The library has built-in support for PKCS \#8 decoding as specified in RFC 5208. +The library has built-in support for PKCS \#8 decoding as specified in \href{https://datatracker.ietf.org/doc/html/rfc5208}{\texttt{RFC 5208}}. Encoding of private keys into PKCS \#8 is not supported. @@ -7265,8 +7289,8 @@ \subsection{bcrypt} \label{fig:pkcs8} \end{table} -The PKCS \#8 import has no direct API endpoints, but it is available through Public Key Algorithm-specific -\textit{pkaX\_import\_pkcs8()} functions. +The PKCS \#8 import has no direct API endpoints, but it is available either through Public Key Algorithm-specific +\textit{pkaX\_import\_pkcs8()} functions or the PEM decoding API (c.f. Ch. \ref{pem-files}). \mysection{Key Derviation Functions} @@ -7391,8 +7415,8 @@ \subsection{De- and Encoding with Multiple Argument Lists} int ssh_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...); \end{verbatim} -Where \texttt{out} points to the destination buffer and \texttt{outlen} points -on function invocation to the length of the destination buffer +Where \texttt{out} points to the destination buffer and \texttt{outlen} points +on function invocation to the length of the destination buffer and after returning it will be filled with the number of octets written to the buffer. The encoding function \texttt{ssh\_encode\_sequence\_multi()} expects its items to be a pair of \texttt{(type, data)}, @@ -7404,7 +7428,7 @@ \subsection{De- and Encoding with Multiple Argument Lists} int ssh_decode_sequence_multi(const unsigned char *in, unsigned long *inlen, ...); \end{verbatim} -Where \texttt{in} points to the buffer with the sequence to decode and \texttt{inlen} points +Where \texttt{in} points to the buffer with the sequence to decode and \texttt{inlen} points on function invocation to the length of the sequence and after returning it will be filled with the decoded number of octets. @@ -7412,6 +7436,166 @@ \subsection{De- and Encoding with Multiple Argument Lists} except for the \texttt{string} resp. \texttt{name-list} type, which expects the triple \texttt{(type, data, size*)} with \texttt{size*} being of type \texttt{unsigned long*}. + + + +\mysection{PEM Files} +\label{pem-files} +\subsection{Introduction} +LibTomCrypt supports reading of asymmetric cryptography private keys out of +PEM files in multiple formats. + +The library provides support for: +\begin{itemize} + \item OpenSSH - encrypted and plain files (if SSH support is enabled). + \item PEM - encrypted and plain files. + \item PKCS \#8 - encrypted and plain files. +\end{itemize} + +There is no support for PKCS \#12 containers/PFX files implemented. + +\subsection{The PKA Union} + +To be able to return all the potential public key algorithms via a central API, +a tagged union \texttt{ltc\_pka\_key} is used. + +\begin{verbatim} +enum ltc_pka_id { + LTC_PKA_UNDEF = 0, + LTC_PKA_RSA, + LTC_PKA_DSA, + LTC_PKA_EC, + LTC_PKA_CURVE25519, + LTC_PKA_DH, +}; + +typedef struct { + union { +#ifdef LTC_CURVE25519 + curve25519_key curve25519; +#endif +#ifdef LTC_MDH + dh_key dh; +#endif +#ifdef LTC_MDSA + dsa_key dsa; +#endif +#ifdef LTC_MECC + ecc_key ecc; +#endif +#ifdef LTC_MRSA + rsa_key rsa; +#endif + } u; + enum ltc_pka_id id; +} ltc_pka_key; +\end{verbatim} + +To free such a union the following API function is provided: + +\begin{verbatim} +void pka_key_free(ltc_pka_key *key); +\end{verbatim} + +\subsection{PKCS PEM files} + +The library supports the following types of PKCS PEM files: + +\begin{itemize} +\item PKCS \#8 private keys, c.f. Ch. \ref{pkcs8} for details. +\item PEM formatted private keys according to +\href{https://datatracker.ietf.org/doc/html/rfc1421}{\texttt{RFC 1421}}/ +\href{https://datatracker.ietf.org/doc/html/rfc1422}{\texttt{RFC 1422}}/ +\href{https://datatracker.ietf.org/doc/html/rfc1423}{\texttt{RFC 1423}}. +\end{itemize} + +The identifiers in the PEM headers recognized are as follows: + +\begin{table}[H] +\begin{center} +\begin{small} +\begin{tabular}{|l|l|l|l|} +\hline \textbf{Identifier} & \textbf{Encrypted} & \textbf{Standard} & \textbf{Type} \\ +\hline \texttt{BEGIN ENCRYPTED PRIVATE KEY} & Yes & \texttt{PKCS \#8} & DSA, ECC, Ed25519, RSA, X25519 \\ +\hline \texttt{BEGIN PRIVATE KEY} & No & \texttt{PKCS \#8} & DSA, ECC, Ed25519, RSA, X25519 \\ +\hline \texttt{BEGIN DSA PRIVATE KEY} & Maybe & \texttt{PKCS \#1} & DSA \\ +\hline \texttt{BEGIN EC PRIVATE KEY} & Maybe & \texttt{RFC 5915} & ECC \\ +\hline \texttt{BEGIN RSA PRIVATE KEY} & Maybe & \texttt{PKCS \#1} & RSA \\ +\hline +\end{tabular} +\end{small} +\end{center} +\caption{List of supported PKCS private key types} +\label{supported-pkcs-private-key-types} +\end{table} + +When dealing with PEM formatted private keys the following encryption algorithms are supported: + +\begin{table}[H] +\begin{center} +\begin{small} +\begin{tabular}{|l|l|l|l|} +\hline \textbf{Identifier} & \textbf{Cipher} & \textbf{Key size in bits} & \textbf{Mode} \\ +\hline \texttt{AES-128-CBC} & AES & 128 & CBC \\ +\hline \texttt{AES-192-CBC} & AES & 192 & CBC \\ +\hline \texttt{AES-256-CBC} & AES & 256 & CBC \\ +\hline \texttt{CAMELLIA-128-CBC} & Camellia & 128 & CBC \\ +\hline \texttt{CAMELLIA-192-CBC} & Camellia & 192 & CBC \\ +\hline \texttt{CAMELLIA-256-CBC} & Camellia & 256 & CBC \\ +\hline \texttt{DES-EDE3-CBC} & 3DES (EDE) & 192 & CBC \\ +\hline \texttt{DES-CBC} & DES & 64 & CBC \\ +\hline +\end{tabular} +\end{small} +\end{center} +\caption{List of supported PEM DEK algorithms} +\label{supported-pem-dek-algorithms} +\end{table} + +The API functions provided to decode a PEM file into the \texttt{ltc\_pka\_key} union are: + +\begin{verbatim} +int pem_decode_pkcs_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx); +int pem_decode_pkcs(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx); +\end{verbatim} + +\subsection{OpenSSH PEM files} + +OpenSSH PEM files can contain private keys of the following types: + +\begin{table}[H] +\begin{center} +\begin{small} +\begin{tabular}{|l|l|} +\hline \textbf{Identifier} & \textbf{Type} \\ +\hline \texttt{ecdsa-sha2-*} & ECC keys \\ +\hline \texttt{ssh-ed25519} & Curve25519 \\ +\hline \texttt{ssh-rsa} & RSA \\ +\hline +\end{tabular} +\end{small} +\end{center} +\caption{List of supported OpenSSH private key types} +\label{supported-openssh-private-key-types} +\end{table} + +C.f. \href{https://datatracker.ietf.org/doc/html/rfc5656}{\texttt{RFC 5656}} for details on ECC keys +in OpenSSH. LibTomCrypt should be able to handle all the ECC curves supported by the library, +c.f. Ch. \ref{supported-curvers} for details. + +OpenSSH PEM files can either not be encrypted, or the encryption is done via \texttt{aes256-cbc} +and key derivation via \texttt{bcrypt}, c.f. Ch. \ref{bcrypt}. + +The API functions provided to decode an OpenSSH PEM file into the \texttt{ltc\_pka\_key} union are: + +\begin{verbatim} +int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx); +int pem_decode_openssh(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx); +\end{verbatim} + + + + \chapter{Miscellaneous} \mysection{Base64 Encoding and Decoding} The library provides functions to encode and decode a RFC 4648 Base64 coding scheme. @@ -7635,6 +7819,100 @@ \subsection{Depadding} \textit{length} is a pointer that should contain the length of the padded data and will be updated to contain the length of the data after depadding. +\mysection{Password retrieval} +\label{password-retrieval} + +The following struct is used in various parts of the library that deals with user-passwords. + +\begin{verbatim} +typedef struct { + /** + Callback function that is called when a password is required. + + @param str Pointer to pointer where the password will be stored. + @param len Pointer to the length of the password. + @param userdata `userdata` that was passed in the `password_ctx` struct. + @return CRYPT_OK on success + */ + int (*callback)(void **str, unsigned long *len, void *userdata); + /** Opaque `userdata` pointer passed when the callback is called */ + void *userdata; +} password_ctx; +\end{verbatim} + +Always when this struct is used as input argument to an API function it can be treated as optional. +The library will return the error \texttt{CRYPT\_PW\_CTX\_MISSING} in case a user-password is expected +to be provided but this context is not given (passed a \textit{NULL} pointer instead) or +the \textit{callback} pointer inside is \textit{NULL}. + +The \textit{str} pointer is declared as a \textit{void} pointer, since passwords are not necessarily +always representable as a NUL-terminated C string. Therefor the user also has to provide the length of the +password via \textit{len}. + +In order to prevent arbitrary limitations of the length of a password, the user is responsible for the +dynamic allocation of the buffer that holds the password. The library takes ownership of said buffer +and will zeroize it and call \texttt{XFREE} on it as soon as it doesn't require it anymore. + +An example usage is as follows: + +\begin{small} +\begin{verbatim} +#include +#include + +static const char *pka_algos[] = { + "Undefined", + "RSA", + "DSA", + "ECC", + "Curve25519", + "DH", +}; + +static int password_get(void **p, unsigned long *l, void *u) +{ + char *pass; + (void)u; + /* In reality you should never use `getpass`. + * 1. it's insecure, 2. it's obsolete + */ + pass = getpass("Please enter password: "); + if (!pass) + return -1; + *p = strdup(pass); + *l = strlen(*p); + zeromem(pass, *l); + return 0; +} + +int main(int argc, char **argv) +{ + FILE *pem; + ltc_pka_key key; + password_ctx pw_ctx = { .callback = password_get }; + if (argc < 2) + return EXIT_FAILURE; + pem = fopen(argv[1], "rb"); + if (!pem) + return EXIT_FAILURE; + + if (register_all_ciphers() != CRYPT_OK) + return EXIT_FAILURE; + if (register_all_hashes() != CRYPT_OK) + return EXIT_FAILURE; + if (crypt_mp_init("ltm") != CRYPT_OK) + return EXIT_FAILURE; + if (pem_decode_pkcs_filehandle(pem, &key, &pw_ctx) != CRYPT_OK) + return EXIT_FAILURE; + if (key.id < sizeof(pka_algos)/sizeof(pka_algos[0])) + printf("key type: %s\n", pka_algos[key.id]); + pka_key_free(&key); + return EXIT_SUCCESS; +} + +\end{verbatim} +\end{small} + \mysection{Primality Testing} \index{Primality Testing} The library includes primality testing and random prime functions as well. The primality tester will perform the test in diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index e4aa21aca..b80fe6fe1 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -2,7 +2,21 @@ /* SPDX-License-Identifier: Unlicense */ typedef struct { - int (*callback)(void **, unsigned long *, void *); + /** + Callback function that is called when a password is required. + + Please be aware that the library takes ownership of the pointer that is + returned to the library via `str`. + `str` shall be allocated via the same function as `XMALLOC` points to. + The data will be zeroed and `XFREE`'d as soon as it isn't required anymore. + + @param str Pointer to pointer where the password will be stored. + @param len Pointer to the length of the password. + @param userdata `userdata` that was passed in the `password_ctx` struct. + @return CRYPT_OK on success + */ + int (*callback)(void **str, unsigned long *len, void *userdata); + /** Opaque `userdata` pointer passed when the callback is called */ void *userdata; } password_ctx; @@ -495,6 +509,9 @@ int dsa_shared_secret(void *private_key, void *base, unsigned char *out, unsigned long *outlen); #endif /* LTC_MDSA */ +/* + * LibTomCrypt Public Key Algorithm descriptor + */ enum ltc_pka_id { LTC_PKA_UNDEF = 0, From 661f5845fe60e23c6ab1c9ae5123f23b699ace5e Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Fri, 5 Aug 2022 19:16:37 +0200 Subject: [PATCH 27/51] distinguish between Ed25519 and X25519 Signed-off-by: Steffen Jaeckel --- doc/crypt.tex | 6 ++-- src/headers/tomcrypt_pk.h | 30 ++++++++-------- src/headers/tomcrypt_private.h | 3 ++ src/misc/pem/pem_pkcs.c | 12 +++---- src/misc/pem/pem_ssh.c | 4 +-- src/pk/asn1/oid/pk_get.c | 52 +++++++++++++++++++++++---- src/pk/ec25519/ec25519_export.c | 8 +++-- src/pk/ec25519/ec25519_import_pkcs8.c | 2 +- src/pk/ed25519/ed25519_export.c | 2 +- src/pk/ed25519/ed25519_import.c | 2 +- src/pk/ed25519/ed25519_import_raw.c | 2 +- src/pk/ed25519/ed25519_import_x509.c | 2 +- src/pk/ed25519/ed25519_make_key.c | 2 +- src/pk/ed25519/ed25519_sign.c | 2 +- src/pk/ed25519/ed25519_verify.c | 2 +- src/pk/x25519/x25519_export.c | 2 +- src/pk/x25519/x25519_import.c | 2 +- src/pk/x25519/x25519_import_raw.c | 2 +- src/pk/x25519/x25519_import_x509.c | 2 +- src/pk/x25519/x25519_make_key.c | 2 +- src/pk/x25519/x25519_shared_secret.c | 5 +-- tests/pem_test.c | 3 +- 22 files changed, 98 insertions(+), 51 deletions(-) diff --git a/doc/crypt.tex b/doc/crypt.tex index a6f5a3f6f..d7d625887 100644 --- a/doc/crypt.tex +++ b/doc/crypt.tex @@ -7465,14 +7465,16 @@ \subsection{The PKA Union} LTC_PKA_RSA, LTC_PKA_DSA, LTC_PKA_EC, - LTC_PKA_CURVE25519, + LTC_PKA_X25519, + LTC_PKA_ED25519, LTC_PKA_DH, }; typedef struct { union { #ifdef LTC_CURVE25519 - curve25519_key curve25519; + curve25519_key x25519; + curve25519_key ed25519; #endif #ifdef LTC_MDH dh_key dh; diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index b80fe6fe1..b03bc0b90 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -22,6 +22,16 @@ typedef struct { /* ---- NUMBER THEORY ---- */ +enum ltc_pka_id { + LTC_PKA_UNDEF = 0, + LTC_PKA_RSA, + LTC_PKA_DSA, + LTC_PKA_EC, + LTC_PKA_X25519, + LTC_PKA_ED25519, + LTC_PKA_DH, +}; + enum public_key_type { /* Refers to the public key */ PK_PUBLIC = 0x0000, @@ -349,12 +359,8 @@ typedef struct { /** The key type, PK_PRIVATE or PK_PUBLIC */ enum public_key_type type; - /** The PK-algorithm, PKA_ED25519 or PKA_X25519 */ - /** This was supposed to be: - * enum public_key_algorithms algo; - * but that enum is now in tomcrypt_private.h - */ - int algo; + /** The PK-algorithm, LTC_PKA_ED25519 or LTC_PKA_X25519 */ + enum ltc_pka_id pka; /** The private key */ unsigned char priv[32]; @@ -513,19 +519,11 @@ int dsa_shared_secret(void *private_key, void *base, * LibTomCrypt Public Key Algorithm descriptor */ -enum ltc_pka_id { - LTC_PKA_UNDEF = 0, - LTC_PKA_RSA, - LTC_PKA_DSA, - LTC_PKA_EC, - LTC_PKA_CURVE25519, - LTC_PKA_DH, -}; - typedef struct { union { #ifdef LTC_CURVE25519 - curve25519_key curve25519; + curve25519_key x25519; + curve25519_key ed25519; #endif #ifdef LTC_MDH dh_key dh; diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 74c21f4e4..0e57b37c1 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -53,6 +53,7 @@ enum ltc_oid_id { LTC_OID_X25519, LTC_OID_ED25519, LTC_OID_DH, + LTC_OID_NUM }; /* @@ -349,6 +350,8 @@ int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng); int rand_bn_upto(void *N, void *limit, prng_state *prng, int wprng); int pk_get_oid(enum ltc_oid_id id, const char **st); +int pk_get_pka_id(enum ltc_oid_id id, enum ltc_pka_id *pka); +int pk_get_oid_id(enum ltc_pka_id pka, enum ltc_oid_id *oid); int pk_get_oid_from_asn1(const ltc_asn1_list *oid, enum ltc_oid_id *id); int pk_oid_str_to_num(const char *OID, unsigned long *oid, unsigned long *oidlen); int pk_oid_num_to_str(const unsigned long *oid, unsigned long oidlen, char *OID, unsigned long *outlen); diff --git a/src/misc/pem/pem_pkcs.c b/src/misc/pem/pem_pkcs.c index 1dfaa7c92..9b634bc78 100644 --- a/src/misc/pem/pem_pkcs.c +++ b/src/misc/pem/pem_pkcs.c @@ -122,13 +122,13 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_c break; #endif #ifdef LTC_CURVE25519 - case LTC_OID_ED25519: - err = ed25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.curve25519); - k->id = LTC_PKA_CURVE25519; - break; case LTC_OID_X25519: - err = x25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.curve25519); - k->id = LTC_PKA_CURVE25519; + err = x25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.x25519); + k->id = LTC_PKA_X25519; + break; + case LTC_OID_ED25519: + err = ed25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.ed25519); + k->id = LTC_PKA_ED25519; break; #endif default: diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c index 369a14abf..e7e023a59 100644 --- a/src/misc/pem/pem_ssh.c +++ b/src/misc/pem/pem_ssh.c @@ -96,11 +96,11 @@ int ssh_decode_ed25519(const unsigned char *in, unsigned long *inlen, ltc_pka_ke goto cleanup; } - if ((err = ed25519_import_raw(&privkey[32], 32, PK_PRIVATE, &key->u.curve25519)) != CRYPT_OK) { + if ((err = ed25519_import_raw(&privkey[32], 32, PK_PRIVATE, &key->u.ed25519)) != CRYPT_OK) { goto cleanup; } - key->id = LTC_PKA_CURVE25519; + key->id = LTC_PKA_ED25519; cleanup: zeromem(pubkey, sizeof(pubkey)); diff --git a/src/pk/asn1/oid/pk_get.c b/src/pk/asn1/oid/pk_get.c index 4d00d3d69..48a8a9840 100644 --- a/src/pk/asn1/oid/pk_get.c +++ b/src/pk/asn1/oid/pk_get.c @@ -11,26 +11,64 @@ typedef struct { } oid_table_entry; static const oid_table_entry pka_oids[] = { + { LTC_OID_UNDEF, LTC_PKA_UNDEF, NULL }, { LTC_OID_RSA, LTC_PKA_RSA, "1.2.840.113549.1.1.1" }, { LTC_OID_DSA, LTC_PKA_DSA, "1.2.840.10040.4.1" }, { LTC_OID_EC, LTC_PKA_EC, "1.2.840.10045.2.1" }, { LTC_OID_EC_PRIMEF, LTC_PKA_EC, "1.2.840.10045.1.1" }, - { LTC_OID_X25519, LTC_PKA_CURVE25519, "1.3.101.110" }, - { LTC_OID_ED25519, LTC_PKA_CURVE25519, "1.3.101.112" }, + { LTC_OID_X25519, LTC_PKA_X25519, "1.3.101.110" }, + { LTC_OID_ED25519, LTC_PKA_ED25519, "1.3.101.112" }, { LTC_OID_DH, LTC_PKA_DH, "1.2.840.113549.1.3.1" }, }; +static LTC_INLINE const oid_table_entry* s_get_entry(enum ltc_oid_id id) +{ + if (id < LTC_OID_NUM) + return &pka_oids[id]; + return NULL; +} + /* Returns the OID requested. @return CRYPT_OK if valid */ int pk_get_oid(enum ltc_oid_id id, const char **st) { - unsigned int i; + const oid_table_entry* e = s_get_entry(id); LTC_ARGCHK(st != NULL); - for (i = 0; i < sizeof(pka_oids)/sizeof(pka_oids[0]); ++i) { - if (pka_oids[i].id == id) { - *st = pka_oids[i].oid; + if (e != NULL) { + *st = e->oid; + return CRYPT_OK; + } + return CRYPT_INVALID_ARG; +} + +/* + Returns the PKA ID requested. + @return CRYPT_OK if valid +*/ +int pk_get_pka_id(enum ltc_oid_id id, enum ltc_pka_id *pka) +{ + const oid_table_entry* e = s_get_entry(id); + LTC_ARGCHK(pka != NULL); + if (e != NULL) { + *pka = e->pka; + return CRYPT_OK; + } + return CRYPT_INVALID_ARG; +} + +/* + Returns the OID ID requested. + @return CRYPT_OK if valid +*/ +int pk_get_oid_id(enum ltc_pka_id pka, enum ltc_oid_id *oid) +{ + unsigned int i; + LTC_ARGCHK(oid != NULL); + for (i = 1; i < sizeof(pka_oids)/sizeof(pka_oids[0]); ++i) { + if (pka_oids[i].pka == pka) { + *oid = pka_oids[i].id; return CRYPT_OK; } } @@ -57,7 +95,7 @@ int pk_get_oid_from_asn1(const ltc_asn1_list *oid, enum ltc_oid_id *id) return err; } - for (i = 0; i < sizeof(pka_oids)/sizeof(pka_oids[0]); ++i) { + for (i = 1; i < sizeof(pka_oids)/sizeof(pka_oids[0]); ++i) { if (XSTRCMP(pka_oids[i].oid, tmp) == 0) { *id = pka_oids[i].id; return CRYPT_OK; diff --git a/src/pk/ec25519/ec25519_export.c b/src/pk/ec25519/ec25519_export.c index 42f4c4b5d..a6dba677b 100644 --- a/src/pk/ec25519/ec25519_export.c +++ b/src/pk/ec25519/ec25519_export.c @@ -25,6 +25,7 @@ int ec25519_export( unsigned char *out, unsigned long *outlen, const char* OID; unsigned long oid[16], oidlen; ltc_asn1_list alg_id[1]; + enum ltc_oid_id oid_id; unsigned char private_key[34]; unsigned long version, private_key_len = sizeof(private_key); @@ -34,12 +35,15 @@ int ec25519_export( unsigned char *out, unsigned long *outlen, std = which & PK_STD; which &= ~PK_STD; + if ((err = pk_get_oid_id(key->pka, &oid_id)) != CRYPT_OK) { + return err; + } if (which == PK_PRIVATE) { if(key->type != PK_PRIVATE) return CRYPT_PK_INVALID_TYPE; if (std == PK_STD) { - if ((err = pk_get_oid(key->algo, &OID)) != CRYPT_OK) { + if ((err = pk_get_oid(oid_id, &OID)) != CRYPT_OK) { return err; } oidlen = sizeof(oid)/sizeof(oid[0]); @@ -72,7 +76,7 @@ int ec25519_export( unsigned char *out, unsigned long *outlen, } else { if (std == PK_STD) { /* encode public key as SubjectPublicKeyInfo */ - err = x509_encode_subject_public_key_info(out, outlen, key->algo, key->pub, 32uL, LTC_ASN1_EOL, NULL, 0); + err = x509_encode_subject_public_key_info(out, outlen, oid_id, key->pub, 32uL, LTC_ASN1_EOL, NULL, 0); } else { if (*outlen < sizeof(key->pub)) { err = CRYPT_BUFFER_OVERFLOW; diff --git a/src/pk/ec25519/ec25519_import_pkcs8.c b/src/pk/ec25519/ec25519_import_pkcs8.c index fa417bc90..4a7f9fb9f 100644 --- a/src/pk/ec25519/ec25519_import_pkcs8.c +++ b/src/pk/ec25519/ec25519_import_pkcs8.c @@ -39,7 +39,7 @@ int ec25519_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, if ((err = der_decode_octet_string(priv_key->data, priv_key->size, key->priv, &key_len)) == CRYPT_OK) { fp(key->pub, key->priv); key->type = PK_PRIVATE; - key->algo = id; + err = pk_get_pka_id(id, &key->pka); } return err; } diff --git a/src/pk/ed25519/ed25519_export.c b/src/pk/ed25519/ed25519_export.c index 2b710e58d..5ec68eb2e 100644 --- a/src/pk/ed25519/ed25519_export.c +++ b/src/pk/ed25519/ed25519_export.c @@ -23,7 +23,7 @@ int ed25519_export( unsigned char *out, unsigned long *outlen, { LTC_ARGCHK(key != NULL); - if (key->algo != LTC_OID_ED25519) return CRYPT_PK_INVALID_TYPE; + if (key->pka != LTC_PKA_ED25519) return CRYPT_PK_INVALID_TYPE; return ec25519_export(out, outlen, which, key); } diff --git a/src/pk/ed25519/ed25519_import.c b/src/pk/ed25519/ed25519_import.c index f197d59dc..634780c4f 100644 --- a/src/pk/ed25519/ed25519_import.c +++ b/src/pk/ed25519/ed25519_import.c @@ -27,7 +27,7 @@ int ed25519_import(const unsigned char *in, unsigned long inlen, curve25519_key key_len = sizeof(key->pub); if ((err = x509_decode_subject_public_key_info(in, inlen, LTC_OID_ED25519, key->pub, &key_len, LTC_ASN1_EOL, NULL, 0uL)) == CRYPT_OK) { key->type = PK_PUBLIC; - key->algo = LTC_OID_ED25519; + key->pka = LTC_PKA_ED25519; } return err; } diff --git a/src/pk/ed25519/ed25519_import_raw.c b/src/pk/ed25519/ed25519_import_raw.c index 19955d134..d62812282 100644 --- a/src/pk/ed25519/ed25519_import_raw.c +++ b/src/pk/ed25519/ed25519_import_raw.c @@ -32,7 +32,7 @@ int ed25519_import_raw(const unsigned char *in, unsigned long inlen, int which, } else { return CRYPT_INVALID_ARG; } - key->algo = LTC_OID_ED25519; + key->pka = LTC_PKA_ED25519; key->type = which; return CRYPT_OK; diff --git a/src/pk/ed25519/ed25519_import_x509.c b/src/pk/ed25519/ed25519_import_x509.c index 44978ac2e..306a0e1e0 100644 --- a/src/pk/ed25519/ed25519_import_x509.c +++ b/src/pk/ed25519/ed25519_import_x509.c @@ -37,7 +37,7 @@ int ed25519_import_x509(const unsigned char *in, unsigned long inlen, curve25519 return err; } key->type = PK_PUBLIC; - key->algo = LTC_OID_ED25519; + key->pka = LTC_PKA_ED25519; return err; } diff --git a/src/pk/ed25519/ed25519_make_key.c b/src/pk/ed25519/ed25519_make_key.c index 7cec1959d..289313b5c 100644 --- a/src/pk/ed25519/ed25519_make_key.c +++ b/src/pk/ed25519/ed25519_make_key.c @@ -28,7 +28,7 @@ int ed25519_make_key(prng_state *prng, int wprng, curve25519_key *key) } key->type = PK_PRIVATE; - key->algo = LTC_OID_ED25519; + key->pka = LTC_PKA_ED25519; return err; } diff --git a/src/pk/ed25519/ed25519_sign.c b/src/pk/ed25519/ed25519_sign.c index d5bf364ee..33c240566 100644 --- a/src/pk/ed25519/ed25519_sign.c +++ b/src/pk/ed25519/ed25519_sign.c @@ -23,7 +23,7 @@ static int s_ed25519_sign(const unsigned char *msg, unsigned long msglen, LTC_ARGCHK(siglen != NULL); LTC_ARGCHK(private_key != NULL); - if (private_key->algo != LTC_OID_ED25519) return CRYPT_PK_INVALID_TYPE; + if (private_key->pka != LTC_PKA_ED25519) return CRYPT_PK_INVALID_TYPE; if (private_key->type != PK_PRIVATE) return CRYPT_PK_INVALID_TYPE; if (*siglen < 64uL) { diff --git a/src/pk/ed25519/ed25519_verify.c b/src/pk/ed25519/ed25519_verify.c index e7dcc3077..7afab7cab 100644 --- a/src/pk/ed25519/ed25519_verify.c +++ b/src/pk/ed25519/ed25519_verify.c @@ -27,7 +27,7 @@ static int s_ed25519_verify(const unsigned char *msg, unsigned long msglen, *stat = 0; if (siglen != 64uL) return CRYPT_INVALID_ARG; - if (public_key->algo != LTC_OID_ED25519) return CRYPT_PK_INVALID_TYPE; + if (public_key->pka != LTC_PKA_ED25519) return CRYPT_PK_INVALID_TYPE; mlen = msglen + siglen; if ((mlen < msglen) || (mlen < siglen)) return CRYPT_OVERFLOW; diff --git a/src/pk/x25519/x25519_export.c b/src/pk/x25519/x25519_export.c index 0687c135f..fd9972238 100644 --- a/src/pk/x25519/x25519_export.c +++ b/src/pk/x25519/x25519_export.c @@ -23,7 +23,7 @@ int x25519_export( unsigned char *out, unsigned long *outlen, { LTC_ARGCHK(key != NULL); - if (key->algo != LTC_OID_X25519) return CRYPT_PK_INVALID_TYPE; + if (key->pka != LTC_PKA_X25519) return CRYPT_PK_INVALID_TYPE; return ec25519_export(out, outlen, which, key); } diff --git a/src/pk/x25519/x25519_import.c b/src/pk/x25519/x25519_import.c index 247885f93..a16c624d2 100644 --- a/src/pk/x25519/x25519_import.c +++ b/src/pk/x25519/x25519_import.c @@ -27,7 +27,7 @@ int x25519_import(const unsigned char *in, unsigned long inlen, curve25519_key * key_len = sizeof(key->pub); if ((err = x509_decode_subject_public_key_info(in, inlen, LTC_OID_X25519, key->pub, &key_len, LTC_ASN1_EOL, NULL, 0uL)) == CRYPT_OK) { key->type = PK_PUBLIC; - key->algo = LTC_OID_X25519; + key->pka = LTC_PKA_X25519; } return err; } diff --git a/src/pk/x25519/x25519_import_raw.c b/src/pk/x25519/x25519_import_raw.c index e86e8c6a2..da659201d 100644 --- a/src/pk/x25519/x25519_import_raw.c +++ b/src/pk/x25519/x25519_import_raw.c @@ -32,7 +32,7 @@ int x25519_import_raw(const unsigned char *in, unsigned long inlen, int which, c } else { return CRYPT_INVALID_ARG; } - key->algo = LTC_OID_X25519; + key->pka = LTC_PKA_X25519; key->type = which; return CRYPT_OK; diff --git a/src/pk/x25519/x25519_import_x509.c b/src/pk/x25519/x25519_import_x509.c index 043b6ad98..a3d90cdc5 100644 --- a/src/pk/x25519/x25519_import_x509.c +++ b/src/pk/x25519/x25519_import_x509.c @@ -37,7 +37,7 @@ int x25519_import_x509(const unsigned char *in, unsigned long inlen, curve25519_ return err; } key->type = PK_PUBLIC; - key->algo = LTC_OID_X25519; + key->pka = LTC_PKA_X25519; return err; } diff --git a/src/pk/x25519/x25519_make_key.c b/src/pk/x25519/x25519_make_key.c index 40276fe9e..a30003cc4 100644 --- a/src/pk/x25519/x25519_make_key.c +++ b/src/pk/x25519/x25519_make_key.c @@ -34,7 +34,7 @@ int x25519_make_key(prng_state *prng, int wprng, curve25519_key *key) tweetnacl_crypto_scalarmult_base(key->pub, key->priv); key->type = PK_PRIVATE; - key->algo = LTC_OID_X25519; + key->pka = LTC_PKA_X25519; return err; } diff --git a/src/pk/x25519/x25519_shared_secret.c b/src/pk/x25519/x25519_shared_secret.c index eaea1c0d8..d7e9ea8c1 100644 --- a/src/pk/x25519/x25519_shared_secret.c +++ b/src/pk/x25519/x25519_shared_secret.c @@ -26,9 +26,10 @@ int x25519_shared_secret(const curve25519_key *private_key, LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); - if(private_key->type != PK_PRIVATE) return CRYPT_PK_INVALID_TYPE; + if (public_key->pka != LTC_PKA_X25519) return CRYPT_PK_INVALID_TYPE; + if (private_key->type != PK_PRIVATE) return CRYPT_PK_INVALID_TYPE; - if(*outlen < 32uL) { + if (*outlen < 32uL) { *outlen = 32uL; return CRYPT_BUFFER_OVERFLOW; } diff --git a/tests/pem_test.c b/tests/pem_test.c index 255f0fce3..327ad7670 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -64,7 +64,8 @@ static int s_key_cmp(ltc_pka_key *key) return ecc_key_cmp(PK_PRIVATE, &s_ecc_key_should, &key->u.ecc); #endif break; - case LTC_PKA_CURVE25519: + case LTC_PKA_ED25519: + case LTC_PKA_X25519: case LTC_PKA_DH: return CRYPT_OK; default: From 6c24c5c06dc22cd8ebdbac7ad30ced992c6f4bca Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 10 Oct 2023 10:26:53 +0200 Subject: [PATCH 28/51] Add support for `aes256-ctr` encrypted SSH keys Signed-off-by: Steffen Jaeckel --- src/misc/pem/pem_ssh.c | 49 +++++++++++++++++++--------- tests/ssh/ssh-testkey-ed25519-aesctr | 8 +++++ 2 files changed, 42 insertions(+), 15 deletions(-) create mode 100644 tests/ssh/ssh-testkey-ed25519-aesctr diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c index e7e023a59..0809ac5b3 100644 --- a/src/misc/pem/pem_ssh.c +++ b/src/misc/pem/pem_ssh.c @@ -29,7 +29,7 @@ const struct ssh_blockcipher ssh_ciphers[] = { { "none", "", 0, none }, { "aes256-cbc", "aes", 256 / 8, cbc }, - { 0 }, + { "aes256-ctr", "aes", 256 / 8, ctr }, }; struct kdf_options { @@ -232,9 +232,14 @@ static int s_decode_private_key(const unsigned char *in, unsigned long *inlen, l static int s_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struct kdf_options *opts) { int err, cipher; - unsigned char symkey[128]; unsigned long symkey_len; - symmetric_CBC cbc_ctx; + struct { + unsigned char symkey[128]; + union { + symmetric_CBC cbc; + symmetric_CTR ctr; + } ctx; + } s; LTC_ARGCHK(in != NULL); LTC_ARGCHK(inlen != NULL); @@ -246,27 +251,41 @@ static int s_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struc } symkey_len = opts->cipher->len + cipher_descriptor[cipher].block_length; - if (sizeof(symkey) < symkey_len) { + if (sizeof(s.symkey) < symkey_len) { return CRYPT_OVERFLOW; } - if ((err = bcrypt_pbkdf_openbsd(opts->pw.pw, opts->pw.l, opts->salt, opts->saltlen, opts->num_rounds, find_hash("sha512"), symkey, &symkey_len)) != CRYPT_OK) { + if ((err = bcrypt_pbkdf_openbsd(opts->pw.pw, opts->pw.l, opts->salt, opts->saltlen, + opts->num_rounds, find_hash("sha512"), s.symkey, &symkey_len)) != CRYPT_OK) { return err; } - if ((err = cbc_start(cipher, symkey + opts->cipher->len, symkey, opts->cipher->len, 0, &cbc_ctx)) != CRYPT_OK) { - goto cleanup; - } - if ((err = cbc_decrypt(in, in, *inlen, &cbc_ctx)) != CRYPT_OK) { - goto cleanup; - } - if ((err = cbc_done(&cbc_ctx)) != CRYPT_OK) { - goto cleanup; + if (opts->cipher->mode == cbc) { + if ((err = cbc_start(cipher, s.symkey + opts->cipher->len, s.symkey, opts->cipher->len, + 0, &s.ctx.cbc)) != CRYPT_OK) { + goto cleanup; + } + if ((err = cbc_decrypt(in, in, *inlen, &s.ctx.cbc)) != CRYPT_OK) { + goto cleanup; + } + if ((err = cbc_done(&s.ctx.cbc)) != CRYPT_OK) { + goto cleanup; + } + } else if (opts->cipher->mode == ctr) { + if ((err = ctr_start(cipher, s.symkey + opts->cipher->len, s.symkey, opts->cipher->len, + 0, CTR_COUNTER_BIG_ENDIAN, &s.ctx.ctr)) != CRYPT_OK) { + goto cleanup; + } + if ((err = ctr_decrypt(in, in, *inlen, &s.ctx.ctr)) != CRYPT_OK) { + goto cleanup; + } + if ((err = ctr_done(&s.ctx.ctr)) != CRYPT_OK) { + goto cleanup; + } } cleanup: - zeromem(symkey, sizeof(symkey)); - zeromem(&cbc_ctx, sizeof(cbc_ctx)); + zeromem(&s, sizeof(s)); return err; } diff --git a/tests/ssh/ssh-testkey-ed25519-aesctr b/tests/ssh/ssh-testkey-ed25519-aesctr new file mode 100644 index 000000000..b7ddb839e --- /dev/null +++ b/tests/ssh/ssh-testkey-ed25519-aesctr @@ -0,0 +1,8 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBYWWGgpa ++aAsoGsV6JUqJ3AAAAGAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIEVemuQ8wNLBW205 +dbGF8l0DjxP7xLIWvmollyOm+9RoAAAAkK4XJkJqpHsZ0rYuwfnZu02gpmy3GnNmexMcyU +SEtgIJNuTJbIlIn0oGBNt5xIWN6hweHq34gPvb6q9nbxgb6eS5WBFJI7+4Xng2hOrZ8rTm +WR1YJLCnw4zk8dKKDehik+K6psMb5l7JqIUvu/F95NzO+LZXErhZ2/e6v2X2mqhSelg9fm +gSe+OOWNesOUNtCQ== +-----END OPENSSH PRIVATE KEY----- From 9333d5c8a14368f6e07c95f81bc0af5317dfc93d Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 10 Oct 2023 10:27:31 +0200 Subject: [PATCH 29/51] Use the public key contained within the ssh key Signed-off-by: Steffen Jaeckel --- src/misc/pem/pem_ssh.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c index 0809ac5b3..2f2ae8b22 100644 --- a/src/misc/pem/pem_ssh.c +++ b/src/misc/pem/pem_ssh.c @@ -99,6 +99,9 @@ int ssh_decode_ed25519(const unsigned char *in, unsigned long *inlen, ltc_pka_ke if ((err = ed25519_import_raw(&privkey[32], 32, PK_PRIVATE, &key->u.ed25519)) != CRYPT_OK) { goto cleanup; } + if (pubkeylen == sizeof(key->u.ed25519.pub)) { + XMEMCPY(key->u.ed25519.pub, pubkey, pubkeylen); + } key->id = LTC_PKA_ED25519; From 934abdd82fde662164a07763cc88c4ca776ca5f9 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 10 Oct 2023 10:41:45 +0200 Subject: [PATCH 30/51] Add "Enter passphrase" support to `openssh-privkey` Signed-off-by: Steffen Jaeckel --- demos/openssh-privkey.c | 73 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 66 insertions(+), 7 deletions(-) diff --git a/demos/openssh-privkey.c b/demos/openssh-privkey.c index f10427e06..9a2aca0ff 100644 --- a/demos/openssh-privkey.c +++ b/demos/openssh-privkey.c @@ -8,38 +8,96 @@ #include #include - -static int verbose = 0; +#include #if defined(LTC_PEM_SSH) static void print_err(const char *fmt, ...) { va_list args; - if (!verbose) return; - va_start(args, fmt); vfprintf(stderr, fmt, args); + va_end(args); } static void die_(int err, int line) { - verbose = 1; print_err("%3d: LTC sez %s\n", line, error_to_string(err)); exit(EXIT_FAILURE); } #define die(i) do { die_(i, __LINE__); } while(0) -#define DIE(s, ...) do { verbose = 1; print_err("%3d: " s "\n", __LINE__, ##__VA_ARGS__); exit(EXIT_FAILURE); } while(0) +#define DIE(s, ...) do { print_err("%3d: " s "\n", __LINE__, ##__VA_ARGS__); exit(EXIT_FAILURE); } while(0) + +static char* getpassword(const char *prompt, size_t maxlen) +{ + char *wr, *end, *pass = XCALLOC(1, maxlen + 1); + struct termios tio; + tcflag_t c_lflag; + if (pass == NULL) + return NULL; + wr = pass; + end = pass + maxlen; + + tcgetattr(0, &tio); + c_lflag = tio.c_lflag; + tio.c_lflag &= ~ECHO; + tcsetattr(0, TCSANOW, &tio); + + printf("%s", prompt); + fflush(stdout); + while (pass < end) { + int c = getchar(); + if (c == '\r' || c == '\n' || c == -1) + break; + *wr++ = c; + } + tio.c_lflag = c_lflag; + tcsetattr(0, TCSAFLUSH, &tio); + printf("\n"); + return pass; +} static int password_get(void **p, unsigned long *l, void *u) { (void)u; - *p = strdup("abc123"); + *p = getpassword("Enter passphrase: ", 256); *l = strlen(*p); return 0; } +static void print(ltc_pka_key *k) +{ + int err = CRYPT_OK; + unsigned char buf[256]; + unsigned long lbuf = sizeof(buf); + char pubkey[256*4/3]; + unsigned long lpubkey = sizeof(pubkey); + void *mpint = NULL; + switch (k->id) { + case LTC_PKA_ED25519: + ltc_mp.init(&mpint); + ltc_mp.unsigned_read(mpint, k->u.ed25519.pub, sizeof(k->u.ed25519.pub)); + if ((err = ssh_encode_sequence_multi(buf, &lbuf, + LTC_SSHDATA_STRING, "ssh-ed25519", strlen("ssh-ed25519"), + LTC_SSHDATA_MPINT, mpint, + 0, NULL)) != CRYPT_OK) + goto errout; + if ((err = base64_encode(buf, lbuf, pubkey, &lpubkey)) != CRYPT_OK) + goto errout; + printf("\rssh-ed25519 %s\n", pubkey); + break; + default: + print_err("Unsupported key type: %d\n", k->id); + break; + } +errout: + if (mpint != NULL) + ltc_mp.deinit(mpint); + if (err != CRYPT_OK) + die(err); +} + int main(int argc, char **argv) { int err; @@ -65,6 +123,7 @@ int main(int argc, char **argv) if ((err = pem_decode_openssh_filehandle(f, &k, &pw_ctx))) { die(err); } + print(&k); return EXIT_SUCCESS; } #else From 5d8658946b945d9ac30d7471e98247f227d85080 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 4 Aug 2022 14:28:24 +0200 Subject: [PATCH 31/51] Refactor some of the ECC import internals Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_private.h | 2 + src/pk/ecc/ecc_import_openssl.c | 96 ++++++++++++++++++++------------- src/pk/ecc/ecc_import_x509.c | 70 ++---------------------- 3 files changed, 65 insertions(+), 103 deletions(-) diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 0e57b37c1..2135d8aa0 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -382,6 +382,8 @@ int ecc_copy_curve(const ecc_key *srckey, ecc_key *key); int ecc_set_curve_by_size(int size, ecc_key *key); int ecc_import_subject_public_key_info(const unsigned char *in, unsigned long inlen, ecc_key *key); int ecc_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, ecc_key *key); +int ecc_import_with_curve(const unsigned char *in, unsigned long inlen, int type, ecc_key *key); +int ecc_import_with_oid(const unsigned char *in, unsigned long inlen, unsigned long *oid, unsigned long oid_len, int type, ecc_key *key); #ifdef LTC_SSH int ecc_ssh_ecdsa_encode_name(char *buffer, unsigned long *buflen, const ecc_key *key); diff --git a/src/pk/ecc/ecc_import_openssl.c b/src/pk/ecc/ecc_import_openssl.c index 325b0b05a..9008c73a7 100644 --- a/src/pk/ecc/ecc_import_openssl.c +++ b/src/pk/ecc/ecc_import_openssl.c @@ -9,9 +9,7 @@ static int s_ecc_import_private_with_oid(const unsigned char *in, unsigned long { ltc_asn1_list seq_priv[4], custom[2]; unsigned char bin_xy[2*ECC_MAXSIZE+2], bin_k[ECC_MAXSIZE]; - unsigned long len, pkver = 0, curveoid[16]; - char OID[256]; - const ltc_ecc_curve *curve; + unsigned long pkver = 0, curveoid[16]; int err; /* ### try to load private key - no curve parameters just curve OID */ @@ -26,26 +24,37 @@ static int s_ecc_import_private_with_oid(const unsigned char *in, unsigned long /* try to load private key */ err = der_decode_sequence(in, inlen, seq_priv, 4); - if (err == CRYPT_OK) { - /* load curve parameters for given curve OID */ - len = sizeof(OID); - if ((err = pk_oid_num_to_str(curveoid, custom[0].size, OID, &len)) != CRYPT_OK) { goto error; } - if ((err = ecc_find_curve(OID, &curve)) != CRYPT_OK) { goto error; } - if ((err = ecc_set_curve(curve, key)) != CRYPT_OK) { goto error; } - /* load private+public key */ - err = ecc_set_key(bin_k, seq_priv[1].size, PK_PRIVATE, key); - } + if (err != CRYPT_OK) { goto error; } + err = ecc_import_with_oid(bin_k, seq_priv[1].size, curveoid, custom[0].size, PK_PRIVATE, key); error: return err; } -static int s_ecc_import_private_with_curve(const unsigned char *in, unsigned long inlen, ecc_key *key) +int ecc_import_with_oid(const unsigned char *in, unsigned long inlen, unsigned long *oid, unsigned long oid_len, int type, ecc_key *key) +{ + char OID[256]; + unsigned long len; + const ltc_ecc_curve *curve; + int err; + + /* load curve parameters for given curve OID */ + len = sizeof(OID); + if ((err = pk_oid_num_to_str(oid, oid_len, OID, &len)) != CRYPT_OK) { goto error; } + if ((err = ecc_find_curve(OID, &curve)) != CRYPT_OK) { goto error; } + if ((err = ecc_set_curve(curve, key)) != CRYPT_OK) { goto error; } + /* load public key */ + err = ecc_set_key(in, inlen, type, key); +error: + return err; +} + +int ecc_import_with_curve(const unsigned char *in, unsigned long inlen, int type, ecc_key *key) { void *prime, *order, *a, *b, *gx, *gy; ltc_asn1_list seq_fieldid[2], seq_curve[3], seq_ecparams[6], seq_priv[4], custom[2]; unsigned char bin_a[ECC_MAXSIZE], bin_b[ECC_MAXSIZE], bin_k[ECC_MAXSIZE]; unsigned char bin_g[2*ECC_MAXSIZE+1], bin_xy[2*ECC_MAXSIZE+2], bin_seed[128]; - unsigned long len_a, len_b, len_k, len_g; + unsigned long len_a, len_b, len_k, len_g, len_xy, len; unsigned long cofactor = 0, ecver = 0, pkver = 0, tmpoid[16]; int err; @@ -53,23 +62,6 @@ static int s_ecc_import_private_with_curve(const unsigned char *in, unsigned lon return err; } - /* ### try to load private key - curve parameters included */ - - /* ECPrivateKey SEQUENCE */ - LTC_SET_ASN1(custom, 0, LTC_ASN1_SEQUENCE, seq_ecparams, 6UL); - LTC_SET_ASN1(custom, 1, LTC_ASN1_RAW_BIT_STRING, bin_xy, 8UL*sizeof(bin_xy)); - LTC_SET_ASN1(seq_priv, 0, LTC_ASN1_SHORT_INTEGER, &pkver, 1UL); - LTC_SET_ASN1(seq_priv, 1, LTC_ASN1_OCTET_STRING, bin_k, sizeof(bin_k)); - LTC_SET_ASN1_CUSTOM_CONSTRUCTED(seq_priv, 2, LTC_ASN1_CL_CONTEXT_SPECIFIC, 0, custom); /* context specific 0 */ - LTC_SET_ASN1_CUSTOM_CONSTRUCTED(seq_priv, 3, LTC_ASN1_CL_CONTEXT_SPECIFIC, 1, custom + 1); /* context specific 1 */ - /* ECParameters SEQUENCE */ - LTC_SET_ASN1(seq_ecparams, 0, LTC_ASN1_SHORT_INTEGER, &ecver, 1UL); - LTC_SET_ASN1(seq_ecparams, 1, LTC_ASN1_SEQUENCE, seq_fieldid, 2UL); - LTC_SET_ASN1(seq_ecparams, 2, LTC_ASN1_SEQUENCE, seq_curve, 3UL); - LTC_SET_ASN1(seq_ecparams, 3, LTC_ASN1_OCTET_STRING, bin_g, sizeof(bin_g)); - LTC_SET_ASN1(seq_ecparams, 4, LTC_ASN1_INTEGER, order, 1UL); - LTC_SET_ASN1(seq_ecparams, 5, LTC_ASN1_SHORT_INTEGER, &cofactor, 1UL); - seq_ecparams[5].optional = 1; /* FieldID SEQUENCE */ LTC_SET_ASN1(seq_fieldid, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, 16UL); LTC_SET_ASN1(seq_fieldid, 1, LTC_ASN1_INTEGER, prime, 1UL); @@ -78,10 +70,33 @@ static int s_ecc_import_private_with_curve(const unsigned char *in, unsigned lon LTC_SET_ASN1(seq_curve, 1, LTC_ASN1_OCTET_STRING, bin_b, sizeof(bin_b)); LTC_SET_ASN1(seq_curve, 2, LTC_ASN1_RAW_BIT_STRING, bin_seed, 8UL*sizeof(bin_seed)); seq_curve[2].optional = 1; - /* try to load private key */ - err = der_decode_sequence(in, inlen, seq_priv, 4); + /* ECParameters SEQUENCE */ + LTC_SET_ASN1(seq_ecparams, 0, LTC_ASN1_SHORT_INTEGER, &ecver, 1UL); + LTC_SET_ASN1(seq_ecparams, 1, LTC_ASN1_SEQUENCE, seq_fieldid, 2UL); + LTC_SET_ASN1(seq_ecparams, 2, LTC_ASN1_SEQUENCE, seq_curve, 3UL); + LTC_SET_ASN1(seq_ecparams, 3, LTC_ASN1_OCTET_STRING, bin_g, sizeof(bin_g)); + LTC_SET_ASN1(seq_ecparams, 4, LTC_ASN1_INTEGER, order, 1UL); + LTC_SET_ASN1(seq_ecparams, 5, LTC_ASN1_SHORT_INTEGER, &cofactor, 1UL); + seq_ecparams[5].optional = 1; + if (type == PK_PRIVATE) { + /* ECPrivateKey SEQUENCE */ + LTC_SET_ASN1(custom, 0, LTC_ASN1_SEQUENCE, seq_ecparams, 6UL); + LTC_SET_ASN1(custom, 1, LTC_ASN1_RAW_BIT_STRING, bin_xy, 8UL*sizeof(bin_xy)); + LTC_SET_ASN1(seq_priv, 0, LTC_ASN1_SHORT_INTEGER, &pkver, 1UL); + LTC_SET_ASN1(seq_priv, 1, LTC_ASN1_OCTET_STRING, bin_k, sizeof(bin_k)); + LTC_SET_ASN1_CUSTOM_CONSTRUCTED(seq_priv, 2, LTC_ASN1_CL_CONTEXT_SPECIFIC, 0, custom); /* context specific 0 */ + LTC_SET_ASN1_CUSTOM_CONSTRUCTED(seq_priv, 3, LTC_ASN1_CL_CONTEXT_SPECIFIC, 1, custom + 1); /* context specific 1 */ + /* try to load private key */ + err = der_decode_sequence(in, inlen, seq_priv, 4); + } else if (type == PK_PUBLIC) { + /* try to load public key */ + len_xy = sizeof(bin_xy); + len = 6; + err = x509_decode_subject_public_key_info(in, inlen, LTC_OID_EC, bin_xy, &len_xy, LTC_ASN1_SEQUENCE, seq_ecparams, &len); + } else { + err = CRYPT_PK_INVALID_TYPE; + } if (err == CRYPT_OK) { - len_k = seq_priv[1].size; len_a = seq_curve[0].size; len_b = seq_curve[1].size; len_g = seq_ecparams[3].size; @@ -91,8 +106,15 @@ static int s_ecc_import_private_with_curve(const unsigned char *in, unsigned lon if ((err = ltc_ecc_import_point(bin_g, len_g, prime, a, b, gx, gy)) != CRYPT_OK) { goto error; } /* load curve parameters */ if ((err = ecc_set_curve_from_mpis(a, b, prime, order, gx, gy, cofactor, key)) != CRYPT_OK) { goto error; } - /* load private+public key */ - err = ecc_set_key(bin_k, len_k, PK_PRIVATE, key); + + if (type == PK_PRIVATE) { + len_k = seq_priv[1].size; + /* load private+public key */ + err = ecc_set_key(bin_k, len_k, PK_PRIVATE, key); + } else { + /* load public key */ + err = ecc_set_key(bin_xy, len_xy, PK_PUBLIC, key); + } } error: mp_clear_multi(prime, order, a, b, gx, gy, LTC_NULL); @@ -111,7 +133,7 @@ int ecc_import_openssl(const unsigned char *in, unsigned long inlen, ecc_key *ke goto success; } - err = s_ecc_import_private_with_curve(in, inlen, key); + err = ecc_import_with_curve(in, inlen, PK_PRIVATE, key); success: return err; diff --git a/src/pk/ecc/ecc_import_x509.c b/src/pk/ecc/ecc_import_x509.c index e4ba5e3af..5217c8508 100644 --- a/src/pk/ecc/ecc_import_x509.c +++ b/src/pk/ecc/ecc_import_x509.c @@ -8,78 +8,16 @@ static int s_ecc_import_x509_with_oid(const unsigned char *in, unsigned long inl { unsigned char bin_xy[2*ECC_MAXSIZE+2]; unsigned long curveoid[16]; - unsigned long len_xy, len_oid, len; - char OID[256]; - const ltc_ecc_curve *curve; + unsigned long len_xy, len_oid; int err; len_xy = sizeof(bin_xy); len_oid = 16; err = x509_decode_subject_public_key_info(in, inlen, LTC_OID_EC, bin_xy, &len_xy, LTC_ASN1_OBJECT_IDENTIFIER, (void *)curveoid, &len_oid); - if (err == CRYPT_OK) { - /* load curve parameters for given curve OID */ - len = sizeof(OID); - if ((err = pk_oid_num_to_str(curveoid, len_oid, OID, &len)) != CRYPT_OK) { goto error; } - if ((err = ecc_find_curve(OID, &curve)) != CRYPT_OK) { goto error; } - if ((err = ecc_set_curve(curve, key)) != CRYPT_OK) { goto error; } - /* load public key */ - err = ecc_set_key(bin_xy, len_xy, PK_PUBLIC, key); - } -error: - return err; -} - -static int s_ecc_import_x509_with_curve(const unsigned char *in, unsigned long inlen, ecc_key *key) -{ - void *prime, *order, *a, *b, *gx, *gy; - ltc_asn1_list seq_fieldid[2], seq_curve[3], seq_ecparams[6]; - unsigned char bin_a[ECC_MAXSIZE], bin_b[ECC_MAXSIZE]; - unsigned char bin_g[2*ECC_MAXSIZE+1], bin_xy[2*ECC_MAXSIZE+2], bin_seed[128]; - unsigned long len_a, len_b, len_g, len_xy, len; - unsigned long cofactor = 0, ecver = 0, tmpoid[16]; - int err; - - if ((err = mp_init_multi(&prime, &order, &a, &b, &gx, &gy, LTC_NULL)) != CRYPT_OK) { - return err; - } - - /* ECParameters SEQUENCE */ - LTC_SET_ASN1(seq_ecparams, 0, LTC_ASN1_SHORT_INTEGER, &ecver, 1UL); - LTC_SET_ASN1(seq_ecparams, 1, LTC_ASN1_SEQUENCE, seq_fieldid, 2UL); - LTC_SET_ASN1(seq_ecparams, 2, LTC_ASN1_SEQUENCE, seq_curve, 3UL); - LTC_SET_ASN1(seq_ecparams, 3, LTC_ASN1_OCTET_STRING, bin_g, sizeof(bin_g)); - LTC_SET_ASN1(seq_ecparams, 4, LTC_ASN1_INTEGER, order, 1UL); - LTC_SET_ASN1(seq_ecparams, 5, LTC_ASN1_SHORT_INTEGER, &cofactor, 1UL); - seq_ecparams[5].optional = 1; - /* FieldID SEQUENCE */ - LTC_SET_ASN1(seq_fieldid, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, 16UL); - LTC_SET_ASN1(seq_fieldid, 1, LTC_ASN1_INTEGER, prime, 1UL); - /* Curve SEQUENCE */ - LTC_SET_ASN1(seq_curve, 0, LTC_ASN1_OCTET_STRING, bin_a, sizeof(bin_a)); - LTC_SET_ASN1(seq_curve, 1, LTC_ASN1_OCTET_STRING, bin_b, sizeof(bin_b)); - LTC_SET_ASN1(seq_curve, 2, LTC_ASN1_RAW_BIT_STRING, bin_seed, 8u*sizeof(bin_seed)); - seq_curve[2].optional = 1; - /* try to load public key */ - len_xy = sizeof(bin_xy); - len = 6; - err = x509_decode_subject_public_key_info(in, inlen, LTC_OID_EC, bin_xy, &len_xy, LTC_ASN1_SEQUENCE, seq_ecparams, &len); - - if (err == CRYPT_OK) { - len_a = seq_curve[0].size; - len_b = seq_curve[1].size; - len_g = seq_ecparams[3].size; - /* create bignums */ - if ((err = mp_read_unsigned_bin(a, bin_a, len_a)) != CRYPT_OK) { goto error; } - if ((err = mp_read_unsigned_bin(b, bin_b, len_b)) != CRYPT_OK) { goto error; } - if ((err = ltc_ecc_import_point(bin_g, len_g, prime, a, b, gx, gy)) != CRYPT_OK) { goto error; } - /* load curve parameters */ - if ((err = ecc_set_curve_from_mpis(a, b, prime, order, gx, gy, cofactor, key)) != CRYPT_OK) { goto error; } - /* load public key */ - err = ecc_set_key(bin_xy, len_xy, PK_PUBLIC, key); - } + if (err != CRYPT_OK) { goto error; } + err = ecc_import_with_oid(bin_xy, len_xy, curveoid, len_oid, PK_PUBLIC, key); error: - mp_clear_multi(prime, order, a, b, gx, gy, LTC_NULL); return err; } @@ -91,7 +29,7 @@ int ecc_import_subject_public_key_info(const unsigned char *in, unsigned long in goto success; } - err = s_ecc_import_x509_with_curve(in, inlen, key); + err = ecc_import_with_curve(in, inlen, PK_PUBLIC, key); success: return err; From f6497d22ce32a3f4205f967a40e63c9d0e84046a Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 10 Oct 2023 12:26:48 +0200 Subject: [PATCH 32/51] Add support for more algos of encrypted PEM files Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_private.h | 23 ++- src/misc/pem/pem.c | 163 ++++++++++++++++-- src/misc/pem/pem_pkcs.c | 21 +-- src/misc/pem/pem_read.c | 16 +- src/misc/pem/pem_ssh.c | 86 ++++----- tests/common.c | 9 +- tests/pem/rsa-aes-128-cbc.pem | 18 ++ tests/pem/rsa-aes-128-cfb.pem | 18 ++ tests/pem/rsa-aes-128-ctr.pem | 18 ++ tests/pem/rsa-aes-128-ofb.pem | 18 ++ tests/pem/rsa-aes-192-cbc.pem | 18 ++ tests/pem/rsa-aes-192-cfb.pem | 18 ++ tests/pem/rsa-aes-192-ctr.pem | 18 ++ tests/pem/rsa-aes-192-ofb.pem | 18 ++ tests/pem/rsa-aes-256-cbc.pem | 18 ++ tests/pem/rsa-aes-256-cfb.pem | 18 ++ tests/pem/rsa-aes-256-ctr.pem | 18 ++ tests/pem/rsa-aes-256-ofb.pem | 18 ++ tests/pem/rsa-bf-cbc.pem | 18 ++ tests/pem/rsa-bf-cfb.pem | 18 ++ tests/pem/rsa-bf-ofb.pem | 18 ++ tests/pem/rsa-camellia-128-cbc.pem | 18 ++ tests/pem/rsa-camellia-128-cfb.pem | 18 ++ tests/pem/rsa-camellia-128-ctr.pem | 18 ++ tests/pem/rsa-camellia-128-ofb.pem | 18 ++ tests/pem/rsa-camellia-192-cbc.pem | 18 ++ tests/pem/rsa-camellia-192-cfb.pem | 18 ++ tests/pem/rsa-camellia-192-ctr.pem | 18 ++ tests/pem/rsa-camellia-192-ofb.pem | 18 ++ tests/pem/rsa-camellia-256-cbc.pem | 18 ++ tests/pem/rsa-camellia-256-cfb.pem | 18 ++ tests/pem/rsa-camellia-256-ctr.pem | 18 ++ tests/pem/rsa-camellia-256-ofb.pem | 18 ++ tests/pem/rsa-cast5-cbc.pem | 18 ++ tests/pem/rsa-cast5-cfb.pem | 18 ++ tests/pem/rsa-cast5-ofb.pem | 18 ++ tests/pem/rsa-des-cbc.pem | 18 ++ tests/pem/rsa-des-cfb.pem | 18 ++ tests/pem/rsa-des-ede3-cbc.pem | 18 ++ tests/pem/rsa-des-ede3-cfb.pem | 18 ++ tests/pem/rsa-des-ede3-ofb.pem | 18 ++ tests/pem/rsa-des-ofb.pem | 18 ++ tests/pem/rsa-encrypted-aes128.pem | 18 -- tests/pem/rsa-encrypted-aes192.pem | 18 -- tests/pem/rsa-encrypted-aes256.pem | 18 -- tests/pem/rsa-encrypted-camellia128.pem | 18 -- tests/pem/rsa-encrypted-camellia192.pem | 18 -- tests/pem/rsa-encrypted-camellia256.pem | 18 -- tests/pem/rsa-encrypted-des.pem | 18 -- tests/pem/rsa-encrypted-des3.pem | 18 -- tests/pem/rsa-encrypted.pem | 18 -- tests/pem/rsa-idea-cbc.pem | 18 ++ tests/pem/rsa-idea-cfb.pem | 18 ++ tests/pem/rsa-idea-ofb.pem | 18 ++ tests/pem/rsa-rc2-40-cbc.pem | 18 ++ tests/pem/rsa-rc2-64-cbc.pem | 18 ++ tests/pem/rsa-rc2-cbc.pem | 18 ++ tests/pem/rsa-rc2-cfb.pem | 18 ++ tests/pem/rsa-rc2-ofb.pem | 18 ++ tests/pem/rsa-seed-cbc.pem | 18 ++ tests/pem/rsa-seed-cfb.pem | 18 ++ tests/pem/rsa-seed-ofb.pem | 18 ++ tests/pem/unsupported/rsa-aes-128-cfb1.pem | 18 ++ tests/pem/unsupported/rsa-aes-128-cfb8.pem | 18 ++ tests/pem/unsupported/rsa-aes-192-cfb1.pem | 18 ++ tests/pem/unsupported/rsa-aes-192-cfb8.pem | 18 ++ tests/pem/unsupported/rsa-aes-256-cfb1.pem | 18 ++ tests/pem/unsupported/rsa-aes-256-cfb8.pem | 18 ++ tests/pem/unsupported/rsa-aria-128-cbc.pem | 18 ++ tests/pem/unsupported/rsa-aria-128-cfb.pem | 18 ++ tests/pem/unsupported/rsa-aria-128-cfb1.pem | 18 ++ tests/pem/unsupported/rsa-aria-128-cfb8.pem | 18 ++ tests/pem/unsupported/rsa-aria-128-ctr.pem | 18 ++ tests/pem/unsupported/rsa-aria-128-ofb.pem | 18 ++ tests/pem/unsupported/rsa-aria-192-cbc.pem | 18 ++ tests/pem/unsupported/rsa-aria-192-cfb.pem | 18 ++ tests/pem/unsupported/rsa-aria-192-cfb1.pem | 18 ++ tests/pem/unsupported/rsa-aria-192-cfb8.pem | 18 ++ tests/pem/unsupported/rsa-aria-192-ctr.pem | 18 ++ tests/pem/unsupported/rsa-aria-192-ofb.pem | 18 ++ tests/pem/unsupported/rsa-aria-256-cbc.pem | 18 ++ tests/pem/unsupported/rsa-aria-256-cfb.pem | 18 ++ tests/pem/unsupported/rsa-aria-256-cfb1.pem | 18 ++ tests/pem/unsupported/rsa-aria-256-cfb8.pem | 18 ++ tests/pem/unsupported/rsa-aria-256-ctr.pem | 18 ++ tests/pem/unsupported/rsa-aria-256-ofb.pem | 18 ++ .../pem/unsupported/rsa-camellia-128-cfb1.pem | 18 ++ .../pem/unsupported/rsa-camellia-128-cfb8.pem | 18 ++ .../pem/unsupported/rsa-camellia-192-cfb1.pem | 18 ++ .../pem/unsupported/rsa-camellia-192-cfb8.pem | 18 ++ .../pem/unsupported/rsa-camellia-256-cfb1.pem | 18 ++ .../pem/unsupported/rsa-camellia-256-cfb8.pem | 18 ++ tests/pem/unsupported/rsa-chacha20.pem | 18 ++ tests/pem/unsupported/rsa-des-cfb1.pem | 18 ++ tests/pem/unsupported/rsa-des-cfb8.pem | 18 ++ tests/pem/unsupported/rsa-des-ede-cbc.pem | 18 ++ tests/pem/unsupported/rsa-des-ede-cfb.pem | 18 ++ tests/pem/unsupported/rsa-des-ede-ofb.pem | 18 ++ tests/pem/unsupported/rsa-des-ede3-cfb1.pem | 18 ++ tests/pem/unsupported/rsa-des-ede3-cfb8.pem | 18 ++ tests/pem/unsupported/rsa-desx-cbc.pem | 18 ++ 101 files changed, 1775 insertions(+), 253 deletions(-) create mode 100644 tests/pem/rsa-aes-128-cbc.pem create mode 100644 tests/pem/rsa-aes-128-cfb.pem create mode 100644 tests/pem/rsa-aes-128-ctr.pem create mode 100644 tests/pem/rsa-aes-128-ofb.pem create mode 100644 tests/pem/rsa-aes-192-cbc.pem create mode 100644 tests/pem/rsa-aes-192-cfb.pem create mode 100644 tests/pem/rsa-aes-192-ctr.pem create mode 100644 tests/pem/rsa-aes-192-ofb.pem create mode 100644 tests/pem/rsa-aes-256-cbc.pem create mode 100644 tests/pem/rsa-aes-256-cfb.pem create mode 100644 tests/pem/rsa-aes-256-ctr.pem create mode 100644 tests/pem/rsa-aes-256-ofb.pem create mode 100644 tests/pem/rsa-bf-cbc.pem create mode 100644 tests/pem/rsa-bf-cfb.pem create mode 100644 tests/pem/rsa-bf-ofb.pem create mode 100644 tests/pem/rsa-camellia-128-cbc.pem create mode 100644 tests/pem/rsa-camellia-128-cfb.pem create mode 100644 tests/pem/rsa-camellia-128-ctr.pem create mode 100644 tests/pem/rsa-camellia-128-ofb.pem create mode 100644 tests/pem/rsa-camellia-192-cbc.pem create mode 100644 tests/pem/rsa-camellia-192-cfb.pem create mode 100644 tests/pem/rsa-camellia-192-ctr.pem create mode 100644 tests/pem/rsa-camellia-192-ofb.pem create mode 100644 tests/pem/rsa-camellia-256-cbc.pem create mode 100644 tests/pem/rsa-camellia-256-cfb.pem create mode 100644 tests/pem/rsa-camellia-256-ctr.pem create mode 100644 tests/pem/rsa-camellia-256-ofb.pem create mode 100644 tests/pem/rsa-cast5-cbc.pem create mode 100644 tests/pem/rsa-cast5-cfb.pem create mode 100644 tests/pem/rsa-cast5-ofb.pem create mode 100644 tests/pem/rsa-des-cbc.pem create mode 100644 tests/pem/rsa-des-cfb.pem create mode 100644 tests/pem/rsa-des-ede3-cbc.pem create mode 100644 tests/pem/rsa-des-ede3-cfb.pem create mode 100644 tests/pem/rsa-des-ede3-ofb.pem create mode 100644 tests/pem/rsa-des-ofb.pem delete mode 100644 tests/pem/rsa-encrypted-aes128.pem delete mode 100644 tests/pem/rsa-encrypted-aes192.pem delete mode 100644 tests/pem/rsa-encrypted-aes256.pem delete mode 100644 tests/pem/rsa-encrypted-camellia128.pem delete mode 100644 tests/pem/rsa-encrypted-camellia192.pem delete mode 100644 tests/pem/rsa-encrypted-camellia256.pem delete mode 100644 tests/pem/rsa-encrypted-des.pem delete mode 100644 tests/pem/rsa-encrypted-des3.pem delete mode 100644 tests/pem/rsa-encrypted.pem create mode 100644 tests/pem/rsa-idea-cbc.pem create mode 100644 tests/pem/rsa-idea-cfb.pem create mode 100644 tests/pem/rsa-idea-ofb.pem create mode 100644 tests/pem/rsa-rc2-40-cbc.pem create mode 100644 tests/pem/rsa-rc2-64-cbc.pem create mode 100644 tests/pem/rsa-rc2-cbc.pem create mode 100644 tests/pem/rsa-rc2-cfb.pem create mode 100644 tests/pem/rsa-rc2-ofb.pem create mode 100644 tests/pem/rsa-seed-cbc.pem create mode 100644 tests/pem/rsa-seed-cfb.pem create mode 100644 tests/pem/rsa-seed-ofb.pem create mode 100644 tests/pem/unsupported/rsa-aes-128-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-aes-128-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-aes-192-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-aes-192-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-aes-256-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-aes-256-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-aria-128-cbc.pem create mode 100644 tests/pem/unsupported/rsa-aria-128-cfb.pem create mode 100644 tests/pem/unsupported/rsa-aria-128-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-aria-128-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-aria-128-ctr.pem create mode 100644 tests/pem/unsupported/rsa-aria-128-ofb.pem create mode 100644 tests/pem/unsupported/rsa-aria-192-cbc.pem create mode 100644 tests/pem/unsupported/rsa-aria-192-cfb.pem create mode 100644 tests/pem/unsupported/rsa-aria-192-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-aria-192-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-aria-192-ctr.pem create mode 100644 tests/pem/unsupported/rsa-aria-192-ofb.pem create mode 100644 tests/pem/unsupported/rsa-aria-256-cbc.pem create mode 100644 tests/pem/unsupported/rsa-aria-256-cfb.pem create mode 100644 tests/pem/unsupported/rsa-aria-256-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-aria-256-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-aria-256-ctr.pem create mode 100644 tests/pem/unsupported/rsa-aria-256-ofb.pem create mode 100644 tests/pem/unsupported/rsa-camellia-128-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-camellia-128-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-camellia-192-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-camellia-192-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-camellia-256-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-camellia-256-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-chacha20.pem create mode 100644 tests/pem/unsupported/rsa-des-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-des-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-des-ede-cbc.pem create mode 100644 tests/pem/unsupported/rsa-des-ede-cfb.pem create mode 100644 tests/pem/unsupported/rsa-des-ede-ofb.pem create mode 100644 tests/pem/unsupported/rsa-des-ede3-cfb1.pem create mode 100644 tests/pem/unsupported/rsa-des-ede3-cfb8.pem create mode 100644 tests/pem/unsupported/rsa-desx-cbc.pem diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 2135d8aa0..61e51f3e8 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -255,6 +255,10 @@ int base64_encode_pem(const unsigned char *in, unsigned long inlen, /* PEM related */ #ifdef LTC_PEM +enum cipher_mode { + cm_none, cm_cbc, cm_cfb, cm_ctr, cm_ofb, cm_stream, cm_gcm +}; + struct password { /* usually a `char*` but could also contain binary data * so use a `void*` + length to be on the safe side. @@ -262,9 +266,12 @@ struct password { void *pw; unsigned long l; }; -struct dek_info { - const char *alg; + +struct blockcipher_info { + const char *name; + const char *algo; unsigned long keylen; + enum cipher_mode mode; /* should use `MAXBLOCKSIZE` here, but all supported * blockciphers require max 16 bytes IV */ char iv[16 * 2 + 1]; @@ -280,11 +287,6 @@ struct str { #define COPY_STR(n, s, l) do { XMEMCPY(n.p, s, l); n.len = l; } while(0) #define RESET_STR(n) do { n.p = NULL; n.len = 0; } while(0) -struct dek_info_from_str { - const struct str id; - struct dek_info info; -}; - enum more_headers { no, yes, @@ -303,7 +305,7 @@ struct pem_header_id { struct pem_headers { const struct pem_header_id *id; int encrypted; - struct dek_info info; + struct blockcipher_info info; struct password *pw; }; @@ -338,6 +340,11 @@ int pbes_decrypt(const pbes_arg *arg, unsigned char *dec_data, unsigned long *d int pbes1_extract(const ltc_asn1_list *s, pbes_arg *res); int pbes2_extract(const ltc_asn1_list *s, pbes_arg *res); +int pem_decrypt(unsigned char *data, unsigned long *datalen, + unsigned char *key, unsigned long keylen, + unsigned char *iv, unsigned long ivlen, + const struct blockcipher_info *info, + enum padding_type padding); #ifndef LTC_NO_FILE int pem_get_char_from_file(struct get_char *g); #endif /* LTC_NO_FILE */ diff --git a/src/misc/pem/pem.c b/src/misc/pem/pem.c index 678590b41..529bf80e3 100644 --- a/src/misc/pem/pem.c +++ b/src/misc/pem/pem.c @@ -47,21 +47,164 @@ const struct pem_header_id pem_std_headers[] = { }; const unsigned long pem_std_headers_num = sizeof(pem_std_headers)/sizeof(pem_std_headers[0]); - /* Encrypted PEM files */ const struct str pem_proc_type_encrypted = { SET_CSTR(, "Proc-Type: 4,ENCRYPTED") }; const struct str pem_dek_info_start = { SET_CSTR(, "DEK-Info: ") }; -const struct dek_info_from_str pem_dek_infos[] = +const struct blockcipher_info pem_dek_infos[] = { - { SET_CSTR(.id, "AES-128-CBC,"), .info.alg = "aes", .info.keylen = 128 / 8, }, - { SET_CSTR(.id, "AES-192-CBC,"), .info.alg = "aes", .info.keylen = 192 / 8, }, - { SET_CSTR(.id, "AES-256-CBC,"), .info.alg = "aes", .info.keylen = 256 / 8, }, - { SET_CSTR(.id, "CAMELLIA-128-CBC,"), .info.alg = "camellia", .info.keylen = 128 / 8, }, - { SET_CSTR(.id, "CAMELLIA-192-CBC,"), .info.alg = "camellia", .info.keylen = 192 / 8, }, - { SET_CSTR(.id, "CAMELLIA-256-CBC,"), .info.alg = "camellia", .info.keylen = 256 / 8, }, - { SET_CSTR(.id, "DES-EDE3-CBC,"), .info.alg = "3des", .info.keylen = 192 / 8, }, - { SET_CSTR(.id, "DES-CBC,"), .info.alg = "des", .info.keylen = 64 / 8, }, + { .name = "AES-128-CBC,", .algo = "aes", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "AES-192-CBC,", .algo = "aes", .keylen = 192 / 8, .mode = cm_cbc, }, + { .name = "AES-256-CBC,", .algo = "aes", .keylen = 256 / 8, .mode = cm_cbc, }, + { .name = "AES-128-CFB,", .algo = "aes", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "AES-192-CFB,", .algo = "aes", .keylen = 192 / 8, .mode = cm_cfb, }, + { .name = "AES-256-CFB,", .algo = "aes", .keylen = 256 / 8, .mode = cm_cfb, }, + { .name = "AES-128-CTR,", .algo = "aes", .keylen = 128 / 8, .mode = cm_ctr, }, + { .name = "AES-192-CTR,", .algo = "aes", .keylen = 192 / 8, .mode = cm_ctr, }, + { .name = "AES-256-CTR,", .algo = "aes", .keylen = 256 / 8, .mode = cm_ctr, }, + { .name = "AES-128-OFB,", .algo = "aes", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "AES-192-OFB,", .algo = "aes", .keylen = 192 / 8, .mode = cm_ofb, }, + { .name = "AES-256-OFB,", .algo = "aes", .keylen = 256 / 8, .mode = cm_ofb, }, + { .name = "BF-CBC,", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "BF-CFB,", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "BF-OFB,", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "CAMELLIA-128-CBC,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "CAMELLIA-192-CBC,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_cbc, }, + { .name = "CAMELLIA-256-CBC,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_cbc, }, + { .name = "CAMELLIA-128-CFB,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "CAMELLIA-192-CFB,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_cfb, }, + { .name = "CAMELLIA-256-CFB,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_cfb, }, + { .name = "CAMELLIA-128-CTR,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_ctr, }, + { .name = "CAMELLIA-192-CTR,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_ctr, }, + { .name = "CAMELLIA-256-CTR,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_ctr, }, + { .name = "CAMELLIA-128-OFB,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "CAMELLIA-192-OFB,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_ofb, }, + { .name = "CAMELLIA-256-OFB,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_ofb, }, + { .name = "CAST5-CBC,", .algo = "cast5", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "CAST5-CFB,", .algo = "cast5", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "CAST5-OFB,", .algo = "cast5", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "DES-EDE3-CBC,", .algo = "3des", .keylen = 192 / 8, .mode = cm_cbc, }, + { .name = "DES-EDE3-CFB,", .algo = "3des", .keylen = 192 / 8, .mode = cm_cfb, }, + { .name = "DES-EDE3-OFB,", .algo = "3des", .keylen = 192 / 8, .mode = cm_ofb, }, + { .name = "DES-CBC,", .algo = "des", .keylen = 64 / 8, .mode = cm_cbc, }, + { .name = "DES-CFB,", .algo = "des", .keylen = 64 / 8, .mode = cm_cfb, }, + { .name = "DES-OFB,", .algo = "des", .keylen = 64 / 8, .mode = cm_ofb, }, + { .name = "IDEA-CBC,", .algo = "idea", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "IDEA-CFB,", .algo = "idea", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "IDEA-OFB,", .algo = "idea", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "RC2-40-CBC,", .algo = "rc2", .keylen = 40 / 8, .mode = cm_cbc, }, + { .name = "RC2-64-CBC,", .algo = "rc2", .keylen = 64 / 8, .mode = cm_cbc, }, + { .name = "RC2-CBC,", .algo = "rc2", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "RC2-CFB,", .algo = "rc2", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "RC2-OFB,", .algo = "rc2", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "SEED-CBC,", .algo = "seed", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "SEED-CFB,", .algo = "seed", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "SEED-OFB,", .algo = "seed", .keylen = 128 / 8, .mode = cm_ofb, }, }; const unsigned long pem_dek_infos_num = sizeof(pem_dek_infos)/sizeof(pem_dek_infos[0]); +int pem_decrypt(unsigned char *data, unsigned long *datalen, + unsigned char *key, unsigned long keylen, + unsigned char *iv, unsigned long ivlen, + const struct blockcipher_info *info, + enum padding_type padding) +{ + int err, cipher; + struct { + union { +#ifdef LTC_CBC_MODE + symmetric_CBC cbc; +#endif +#ifdef LTC_CFB_MODE + symmetric_CFB cfb; +#endif +#ifdef LTC_CTR_MODE + symmetric_CTR ctr; +#endif +#ifdef LTC_OFB_MODE + symmetric_OFB ofb; +#endif + } ctx; + } s; + + cipher = find_cipher(info->algo); + if (cipher == -1) { + return CRYPT_INVALID_CIPHER; + } + + switch (info->mode) { + case cm_cbc: +#ifdef LTC_CBC_MODE + LTC_ARGCHK(ivlen == (unsigned long)cipher_descriptor[cipher].block_length); + + if ((err = cbc_start(cipher, iv, key, keylen, 0, &s.ctx.cbc)) != CRYPT_OK) { + goto error_out; + } + if ((err = cbc_decrypt(data, data, *datalen, &s.ctx.cbc)) != CRYPT_OK) { + goto error_out; + } + if ((err = cbc_done(&s.ctx.cbc)) != CRYPT_OK) { + goto error_out; + } + + if ((err = padding_depad(data, datalen, padding | s.ctx.cbc.blocklen)) != CRYPT_OK) { + goto error_out; + } +#else + return CRYPT_INVALID_CIPHER; +#endif + break; + case cm_cfb: +#ifdef LTC_CFB_MODE + if ((err = cfb_start(cipher, iv, key, keylen, 0, &s.ctx.cfb)) != CRYPT_OK) { + goto error_out; + } + if ((err = cfb_decrypt(data, data, *datalen, &s.ctx.cfb)) != CRYPT_OK) { + goto error_out; + } + if ((err = cfb_done(&s.ctx.cfb)) != CRYPT_OK) { + goto error_out; + } +#else + return CRYPT_INVALID_CIPHER; +#endif + break; + case cm_ctr: +#ifdef LTC_CTR_MODE + if ((err = ctr_start(cipher, iv, key, keylen, 0, CTR_COUNTER_BIG_ENDIAN, &s.ctx.ctr)) != CRYPT_OK) { + goto error_out; + } + if ((err = ctr_decrypt(data, data, *datalen, &s.ctx.ctr)) != CRYPT_OK) { + goto error_out; + } + if ((err = ctr_done(&s.ctx.ctr)) != CRYPT_OK) { + goto error_out; + } +#else + return CRYPT_INVALID_CIPHER; +#endif + break; + case cm_ofb: +#ifdef LTC_OFB_MODE + if ((err = ofb_start(cipher, iv, key, keylen, 0, &s.ctx.ofb)) != CRYPT_OK) { + goto error_out; + } + if ((err = ofb_decrypt(data, data, *datalen, &s.ctx.ofb)) != CRYPT_OK) { + goto error_out; + } + if ((err = ofb_done(&s.ctx.ofb)) != CRYPT_OK) { + goto error_out; + } +#else + return CRYPT_INVALID_CIPHER; +#endif + break; + default: + err = CRYPT_INVALID_ARG; + break; + } + +error_out: + return err; +} + #endif /* LTC_PEM */ diff --git a/src/misc/pem/pem_pkcs.c b/src/misc/pem/pem_pkcs.c index 9b634bc78..1839a3b41 100644 --- a/src/misc/pem/pem_pkcs.c +++ b/src/misc/pem/pem_pkcs.c @@ -16,9 +16,12 @@ static int s_decrypt_pem(unsigned char *pem, unsigned long *l, const struct pem_ { unsigned char iv[MAXBLOCKSIZE], key[MAXBLOCKSIZE]; unsigned long ivlen, klen; - int err; - symmetric_CBC cbc_ctx; + int err, cipher; + cipher = find_cipher(hdr->info.algo); + if (cipher == -1) { + return CRYPT_INVALID_CIPHER; + } if (hdr->info.keylen > sizeof(key)) { return CRYPT_BUFFER_OVERFLOW; } @@ -35,20 +38,8 @@ static int s_decrypt_pem(unsigned char *pem, unsigned long *l, const struct pem_ return err; } - if ((err = cbc_start(find_cipher(hdr->info.alg), iv, key, klen, 0, &cbc_ctx)) != CRYPT_OK) { - goto error_out; - } - if ((err = cbc_decrypt(pem, pem, *l, &cbc_ctx)) != CRYPT_OK) { - goto error_out; - } - if ((err = cbc_done(&cbc_ctx)) != CRYPT_OK) { - goto error_out; - } - if ((err = padding_depad(pem, l, LTC_PAD_PKCS7 | cbc_ctx.blocklen)) != CRYPT_OK) { - goto error_out; - } + err = pem_decrypt(pem, l, key, klen, iv, ivlen, &hdr->info, LTC_PAD_PKCS7); -error_out: zeromem(key, sizeof(key)); zeromem(iv, sizeof(iv)); return err; diff --git a/src/misc/pem/pem_read.c b/src/misc/pem/pem_read.c index cbad827ce..9341b8bde 100644 --- a/src/misc/pem/pem_read.c +++ b/src/misc/pem/pem_read.c @@ -11,7 +11,7 @@ extern const struct str pem_proc_type_encrypted; extern const struct str pem_dek_info_start; -extern const struct dek_info_from_str pem_dek_infos[]; +extern const struct blockcipher_info pem_dek_infos[]; extern const unsigned long pem_dek_infos_num; #ifndef LTC_NO_FILE @@ -116,21 +116,23 @@ static int s_pem_decode_headers(struct pem_headers *hdr, struct get_char *g) hdr->encrypted = 1; break; case 2: - hdr->info.alg = NULL; + hdr->info.algo = NULL; if (XMEMCMP(buf, pem_dek_info_start.p, pem_dek_info_start.len)) return CRYPT_INVALID_PACKET; alg_start = &buf[pem_dek_info_start.len]; for (n = 0; n < pem_dek_infos_num; ++n) { - if (slen >= pem_dek_infos[n].id.len + pem_dek_info_start.len && !XMEMCMP(alg_start, pem_dek_infos[n].id.p, pem_dek_infos[n].id.len)) { - hdr->info = pem_dek_infos[n].info; - tmplen = XSTRLEN(alg_start + pem_dek_infos[n].id.len); + unsigned long namelen = XSTRLEN(pem_dek_infos[n].name); + if (slen >= namelen + pem_dek_info_start.len && !XMEMCMP(alg_start, pem_dek_infos[n].name, namelen)) { + char *iv = alg_start + namelen; + hdr->info = pem_dek_infos[n]; + tmplen = XSTRLEN(iv); if (tmplen > sizeof(hdr->info.iv)) return CRYPT_INVALID_KEYSIZE; - XMEMCPY(hdr->info.iv, alg_start + pem_dek_infos[n].id.len, tmplen); + XMEMCPY(hdr->info.iv, iv, tmplen); break; } } - if (hdr->info.alg == NULL) { + if (hdr->info.algo == NULL) { return CRYPT_INVALID_CIPHER; } break; diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c index 2f2ae8b22..51410ea8c 100644 --- a/src/misc/pem/pem_ssh.c +++ b/src/misc/pem/pem_ssh.c @@ -12,29 +12,41 @@ #if defined(LTC_PEM_SSH) -enum blockcipher_mode { - none, cbc, ctr, stream, gcm -}; -struct ssh_blockcipher { - const char *name; - const char *algo; - int len; - enum blockcipher_mode mode; -}; - /* Table as of * https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-17 */ -const struct ssh_blockcipher ssh_ciphers[] = +const struct blockcipher_info ssh_ciphers[] = { - { "none", "", 0, none }, - { "aes256-cbc", "aes", 256 / 8, cbc }, - { "aes256-ctr", "aes", 256 / 8, ctr }, + { .name = "none", .algo = "", .keylen = 0, .mode = cm_none }, + { .name = "aes128-cbc", .algo = "aes", .keylen = 128 / 8, .mode = cm_cbc }, + { .name = "aes128-ctr", .algo = "aes", .keylen = 128 / 8, .mode = cm_ctr }, + { .name = "aes192-cbc", .algo = "aes", .keylen = 192 / 8, .mode = cm_cbc }, + { .name = "aes192-ctr", .algo = "aes", .keylen = 192 / 8, .mode = cm_ctr }, + { .name = "aes256-cbc", .algo = "aes", .keylen = 256 / 8, .mode = cm_cbc }, + { .name = "aes256-ctr", .algo = "aes", .keylen = 256 / 8, .mode = cm_ctr }, + { .name = "blowfish128-cbc", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_cbc }, + { .name = "blowfish128-ctr", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_ctr }, + { .name = "des-cbc", .algo = "des", .keylen = 64 / 8, .mode = cm_cbc }, + { .name = "3des-cbc", .algo = "3des", .keylen = 192 / 8, .mode = cm_cbc }, + { .name = "3des-ctr", .algo = "3des", .keylen = 192 / 8, .mode = cm_ctr }, + { .name = "serpent128-cbc", .algo = "serpent", .keylen = 128 / 8, .mode = cm_cbc }, + { .name = "serpent128-ctr", .algo = "serpent", .keylen = 128 / 8, .mode = cm_ctr }, + { .name = "serpent192-cbc", .algo = "serpent", .keylen = 192 / 8, .mode = cm_cbc }, + { .name = "serpent192-ctr", .algo = "serpent", .keylen = 192 / 8, .mode = cm_ctr }, + { .name = "serpent256-cbc", .algo = "serpent", .keylen = 256 / 8, .mode = cm_cbc }, + { .name = "serpent256-ctr", .algo = "serpent", .keylen = 256 / 8, .mode = cm_ctr }, + { .name = "twofish128-cbc", .algo = "twofish", .keylen = 128 / 8, .mode = cm_cbc }, + { .name = "twofish128-ctr", .algo = "twofish", .keylen = 128 / 8, .mode = cm_ctr }, + { .name = "twofish192-cbc", .algo = "twofish", .keylen = 192 / 8, .mode = cm_cbc }, + { .name = "twofish192-ctr", .algo = "twofish", .keylen = 192 / 8, .mode = cm_ctr }, + { .name = "twofish-cbc", .algo = "twofish", .keylen = 256 / 8, .mode = cm_cbc }, + { .name = "twofish256-cbc", .algo = "twofish", .keylen = 256 / 8, .mode = cm_cbc }, + { .name = "twofish256-ctr", .algo = "twofish", .keylen = 256 / 8, .mode = cm_ctr }, }; struct kdf_options { const char *name; - const struct ssh_blockcipher *cipher; + const struct blockcipher_info *cipher; unsigned char salt[64]; ulong32 saltlen; ulong32 num_rounds; @@ -236,13 +248,7 @@ static int s_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struc { int err, cipher; unsigned long symkey_len; - struct { - unsigned char symkey[128]; - union { - symmetric_CBC cbc; - symmetric_CTR ctr; - } ctx; - } s; + unsigned char symkey[MAXBLOCKSIZE]; LTC_ARGCHK(in != NULL); LTC_ARGCHK(inlen != NULL); @@ -252,43 +258,23 @@ static int s_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struc if (cipher == -1) { return CRYPT_INVALID_CIPHER; } - symkey_len = opts->cipher->len + cipher_descriptor[cipher].block_length; + symkey_len = opts->cipher->keylen + cipher_descriptor[cipher].block_length; - if (sizeof(s.symkey) < symkey_len) { + if (sizeof(symkey) < symkey_len) { return CRYPT_OVERFLOW; } if ((err = bcrypt_pbkdf_openbsd(opts->pw.pw, opts->pw.l, opts->salt, opts->saltlen, - opts->num_rounds, find_hash("sha512"), s.symkey, &symkey_len)) != CRYPT_OK) { + opts->num_rounds, find_hash("sha512"), symkey, &symkey_len)) != CRYPT_OK) { return err; } - if (opts->cipher->mode == cbc) { - if ((err = cbc_start(cipher, s.symkey + opts->cipher->len, s.symkey, opts->cipher->len, - 0, &s.ctx.cbc)) != CRYPT_OK) { - goto cleanup; - } - if ((err = cbc_decrypt(in, in, *inlen, &s.ctx.cbc)) != CRYPT_OK) { - goto cleanup; - } - if ((err = cbc_done(&s.ctx.cbc)) != CRYPT_OK) { - goto cleanup; - } - } else if (opts->cipher->mode == ctr) { - if ((err = ctr_start(cipher, s.symkey + opts->cipher->len, s.symkey, opts->cipher->len, - 0, CTR_COUNTER_BIG_ENDIAN, &s.ctx.ctr)) != CRYPT_OK) { - goto cleanup; - } - if ((err = ctr_decrypt(in, in, *inlen, &s.ctx.ctr)) != CRYPT_OK) { - goto cleanup; - } - if ((err = ctr_done(&s.ctx.ctr)) != CRYPT_OK) { - goto cleanup; - } - } + err = pem_decrypt(in, inlen, + symkey, opts->cipher->keylen, + symkey + opts->cipher->keylen, cipher_descriptor[cipher].block_length, + opts->cipher, LTC_PAD_SSH); -cleanup: - zeromem(&s, sizeof(s)); + zeromem(symkey, sizeof(symkey)); return err; } diff --git a/tests/common.c b/tests/common.c index b61a350bc..492b4f12e 100644 --- a/tests/common.c +++ b/tests/common.c @@ -75,7 +75,12 @@ static off_t fsize(const char *filename) { struct stat st; - if (stat(filename, &st) == 0) return st.st_size; + if (stat(filename, &st) == 0) { + /* filename is no regular file */ + if (!S_ISREG(st.st_mode)) + return 0; + return st.st_size; + } return -1; } @@ -130,6 +135,8 @@ int test_process_dir(const char *path, void *ctx, dir_iter_cb iter, dir_fiter_cb strcat(fname, "/"); strcat(fname, de->d_name); fsz = fsize(fname); + if (fsz == 0) + continue; if (fsz == -1) { err = CRYPT_FILE_NOTFOUND; break; diff --git a/tests/pem/rsa-aes-128-cbc.pem b/tests/pem/rsa-aes-128-cbc.pem new file mode 100644 index 000000000..dc0deb465 --- /dev/null +++ b/tests/pem/rsa-aes-128-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,7CDEA083529E2DB403D7B23206005446 + +rPM4VF5wWyLzeE6L3CbjNSar+RrvIJdYPPVXuVc25BLXJycvDqSaYlnpndtxY8kM +UAI9pNWQT1Icyp7sEvk3nWs2bAxLiv8uKpgZbNjVbpHoCkZTBbKwlwQFoJL1HMP0 +eG2rwNSbdcqY3JxnAU/F4js7Gg3sqD2fVK/vn+8b7iumuiz/SMNzR+aZ7FQBfE++ +Hnu2jM67wxt/uHaTOZDtPwqZv8taiDv7SgILIMBCygIsukclGi29NMMEO5gUK5fq +jS3sC9V3rInFsl1BkJr2mnqR84TGMGjXLfT3cqLzjmkv6JTENMxsIhE7igg1DkuX +nsNf4oReA9xnDOBH24gG+lrVYJNtn7YFb2jrGM97kISGqjCqsg5K/hC7gSFoUSq8 +ek09eglkfg2m8JQ1nB6KvlBPPvyghRrdcmHud9BYmmUopB//1235TBx4eq5vyZlz +KBWc1zxsY14ux5kMu0fbsdcGufHrkOgOnNa4OcmqQ+gK0RjfJtzXvwYTt5Owpp1/ +9tu0yLBFtI+XRd2xGDjuWD0lWrAiDOwlririhkNS3JRNRwyZfSpoGGJPuKeG7nmR +ZtZoWigNo4oyZ+mGwKmv1z8NTNMwju06FeA6W+BJDgUHx2rybne09egc7uetmMv5 +abeYq7kAP7XwNA3yhSO+63H/QdBLWZ+iClfBT3bJwZ3wg3Tc4b1lwzpF/opS7vHO +NIg3DAxohSlM4xu4pfA00nuOLsU/GJ8LPxnmTFpHBZDxSRkMwZIG9nt0d/Rwxq4Z +rqR8THeUTUMcuIdQFhixgRewcZqLsomU3HZDoS67Mf9QP2wxJBpEq6m+alFBC/oC +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-128-cfb.pem b/tests/pem/rsa-aes-128-cfb.pem new file mode 100644 index 000000000..e275dcdcf --- /dev/null +++ b/tests/pem/rsa-aes-128-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CFB,7FAD08F428EB83172FBE8EB958139CAE + +y/2Can4r82eu9hayWp4zOo0kIhPYEnfLd5EDE9O5kqEOQwLuX0uLOY7pqBpiUJ5V +l5bbo/J4mVjxMAYD+tl4dCYH5nkKt6v8/g16dHVyNi2GnJLzsk3hP9neA6KOz+iE +ULdR0eYZ/lHw/o5nuLXOASccJ7/f2kvN2QMS/GtKPEwtHcl6/EVNOqUdCsDuv8Ks +cU746i11jMcL4Xtuj6beElXH/FR9xWFlnZU6sFe3tmd8KqEeeyXjE9IJg2voanmS +FwtjbPTuvu5DJf9P7QTAMar2TuZE2Yv9CcAXAw/LX30tviHFeqrVpOHc4WImcZ2P +LbraC3yI9mTwukqkmUSIZkBEvUw4bSEcBNyq8INqpuCfvNlNGPcpyX4shmJvGD5z +TLPMKfS6tPhLZUrrM/g8/aolkgxwUAKwGLYhzunTGZg9Hb3FMM3rnFxrPsbSVgn1 +pkrIQPOZObPZBo2c5cfpqmFYSs5VKpdTxX064efDDPAMf7EtKFGVFLansM6usCzA +IeiQEhrrfE4zDXKoqSzVj3FNN73PYF/AtkX24e1vDBiTA9PYNvBmwkJUeOKe0MK7 +/zt4bZPFIr87Mxy+PBX2niS8legDOCDJXUNf23FuR3F65KbbTVe+k+TcLS70SZvM +U12ilkgb5cls08vehvoEHfiCsXeSPPD9FD9CfFdihj+dZZ6MU7fRH0E80O7MGC2T +d2oOWYnLQ8rCuQLe4dXZyjmfLhoBIfs10OKJLnU82pxBrOxgN7QvfLEYi5Gz6SRf +Awaw0WMhYY+OmQQ/PuL9t8uEbSiDB/J/w8H61INZpbwmmA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-128-ctr.pem b/tests/pem/rsa-aes-128-ctr.pem new file mode 100644 index 000000000..f60df597c --- /dev/null +++ b/tests/pem/rsa-aes-128-ctr.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CTR,E154FC61A8B6417FB086540C1B16B9C9 + +3Nay1Oc0YF2zmh4zEXehb0qpwzv3FHKYKFZYIns7EXZ8gYzWEhCa+Q0nkaGzBcDn +jad4TXZDmdWJRh+3fDmV11pZ14iYjXoiBfPPAzJEbENr10puMG2iFJ7akuKBIzAu +DjP+3mY5EPqO/Tz69+Vu4loy/IRaPmXJxRb18kXnjaC2XoaBqdzIFG3fJg7O6k9H +LCA5lNud6VLXt7TRLWtjKQusZbX6Y3vUBZjLXSmHGzqh286wKD/sRROINopDdzv4 +6ooAdoy08MAXGekd740D7L0Sm3PkSVzm39byq0h1Ulyg6Dq57SkZRX+qLiiM9KZ1 +LuhywWN5ioAqfRD6xQsdT4PK/RM4sV3bpQD4kFLW9UkoEAnt1cql91RNsz/UIII6 +9kVwjCwJ4AGH0XwzbOTYm5UmcWLXhaW1Z9fAMsXST0CzMnLzzV1qPb/9JYZTEoE1 +8mqN7a/X2uXrb3IOLjpJeCi52EwMt4+fGIxh0+eyxUzV9mFIlTKVn+jvYhryzk9I +XmG+/fAzk2DvzgG8nHTwlo2cknfof71fDb/rcLN2NXMQlw7m2lfAli3h0zOaBmFo +KIH2aBX9emMHikXu9ubtfDOZUHptMbMHUOoVODd2rw8ZwJwdO3CkTG7ZBmU7FwZZ +sjtQPHO0x+XfQ78XGeZCZCLSOMWw+qf5/WhnJ/wiM88UH8M9S70OOcjJxkg30c9V +v2QRSkNKsrazfBDi2bLB57jKjnMi32e0yM6y8+GmiSJcL3+NzESBu2xYPzfW0eou +xeZGpvUOxcoP3I9I45nx3Q/hQVqPqvTU8h9KFbQoH1Yc+w== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-128-ofb.pem b/tests/pem/rsa-aes-128-ofb.pem new file mode 100644 index 000000000..40837cebb --- /dev/null +++ b/tests/pem/rsa-aes-128-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-OFB,3FBF6EDECB4C763D192AC4D9D1DD5E49 + +lcbgGFJBGIUaMCh/LEaK8bT8TwEmg7s6tLekeGvRvBG5QUOB8uf9OyzCJ5tK2OSg +SbS/tuVbibe+X4PIfm7pA9geX+3k3YCTNOHvlmjA1vgRFREb8fvhlOxF7ReGNOlN +lrNJVDD1xW07deC9MlCmqsl5NMNzSzfIxRjwxMx4mNyBRuaPqY5o2N/fDmKoahKG +HCT4VFMFtpp0E2v2SPc6iPbzqB9daak43vVU/8bpGvO1qRgV4cG/IN5U0WJGiDAD +1lR02gePO60jpm5aBhHX2INt4XVICuIFRXIJi31Bp+6Vzy79E98c9fbCX8/tBJH8 +nsq+HxtZdWHNrKFFXM9hYsDsjOQLDu6eek2oBwrSrgnRD44ki2MycehU2Db6gh66 +RTLvW+Oju/w/T3+K216r1qdzTQpNGeBmkU/Ecol3K+1y3dQNOKxF1hLUsturdFTM +XAaGo8eqDkDMyaDR8D90LDNh9S7h5UHf/W/5vglQQmrLmw5S51PU+y8k7aTuE/JO +1OB19BLbOXdESt4if04Po9q9Tdbm+I2kS9tCByyLDSYuLqbAXegqrFvJiCgmYlDv +qqCwdVjYpbOV11hxxs+AUjTyK6KXJMtLxZGTKqfDFDFmC3PcflXWh2dX4ImZnII1 +Dg1Flc/MvfbFhlcvk750BlwlIo83xOigbXXMwXTE8QE2Z3MqZvFzEKHKqcBBF++m +LKUdSddeSnEj41Zi8JvjdMzLFxyOtQgcZFYRHBIePN0xH2VuUHZ7vMsFJcHj0lla +7D5uhCoyjhGZsyq8Rnq2b5YwkVBkxq3g3jXDrWAUsKn11A== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-192-cbc.pem b/tests/pem/rsa-aes-192-cbc.pem new file mode 100644 index 000000000..751d6b128 --- /dev/null +++ b/tests/pem/rsa-aes-192-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CBC,A233ABD2273847D1CE439B454A86A341 + +dUXLQDH80/9PFA3yPpvdwtzhWBJsAUqg3yUak+Rupbm2z9ylJvqFooa7k5um2/GB +waEAmig8p8tqZqjMxn0QhSKVYlvtfmuh4I3jw2DwlI+nkng3947Rx8q/bqcmUgyU +gUZ1Q6ekYc5u7UMKzCxtxV9avZMIMDE9AczErvTVv1ZFLjqv+yzihbL+h7Mb2vxZ +axh/RRlbkDoX6IbdZxIDOvvoriCHnOML960QctzzCaZDcllLnAnRJWZ5B7byDzhw +ckATCU0wANbMkp/TkZLPaTc4nFKzbB+97+LocD29ZldLGThOotd2dOTIvvIdVYw+ +HsNOx5xldRMH68YFCeiSgVBOIZNwGo4166Lr9So7CtMooQNHWMTP+gk8vDOFzV89 +shs9lu6AtLPlxHR0o7SrbgioHPUEcZ4I9P89yCPgmsLm4q83jZF1Mv4s94hpiBcS +LKV9TIB2TpophHqlLjq34hKVcM40NXSwVNPJvmDuiCHkqfU39x1BGpBZZwT3Eajo +kiP3d/fuOlfBx2V417bloaZZF9cBUwILwJZvhy2BZ24G5em4so7pVdylb91GWz15 +5/6CaeYET7HdBVUU+mdkBQvOfUP2tt00+m8RsYNYr7ENbZ+9kMsuWgXAuFs+zvN6 +eeedQ8KrWFVzE8GmrQYpuh8bmH+QFCopQedhUn3ZZuYM8/a4OTfuTp5uPIJH7Bfh +54a2UPC4fIngz+LLyOypDlK2qIo9uwh3Gq1Ahnlxm9NL5DOAigG8w0qmgfaBif+h +lTnvsl1Spp/MlYdC26fRCHbe/lPkdyr/RNnZEXqRRypfPbfltQsAdKiQBEuaKdgm +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-192-cfb.pem b/tests/pem/rsa-aes-192-cfb.pem new file mode 100644 index 000000000..2f483f4c8 --- /dev/null +++ b/tests/pem/rsa-aes-192-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CFB,6058618498B8041B2005DE63098CA36D + +2AeE/YLJ8olm0ZVEACO7JThl3i/XznCha5Rf4w5RYeRAbjoDlw/YLllbySDkmmQq +DVj12Qwo7nX+F02GDiUM9QyoW3/B/rHOouF6TGBQNZTvCVSyJRTAE9Eil3G2e4LR +4bFvW9rDM2yFy3Ze6frBXfffHWOD2M23gREyKkkPFhkXLUbD3My4iHjeFERoIeHN +QfKEV/T5v7ARFCPZ+rdP4nf9d+qHG/4aumerkS7TOsS3BZHfLJp5zVO/blCVQ1Px +tvXMv2p6krsjgcTLDAC5eSK4wOHhN2MkrSa7ShU2+AylGj3D3IqFVSQRf4Dwk5tb +qwUNq0LtarbJdjvfffFgN2Vl4LEAluRbNasjs+3J8x69LgV5Au8HBwyY2W7UeRBX +zpURCZGt+s0pzX5SPrCg7f/9STHEjCop0ZJPHOHtuJZpshcqRLPxrSKAV27VhUj8 +T0YPbp0WTnzhIlcLWNhFnhP+yIhlC7QPdPqI4RwSx2kBaeVrmWsYzA8dgajoYXAU +PZAgw+JLYD+g2bPIKYyZLHUXmeJ40zLB64cSgKn3Bv2dKAE36yrzNtJB5YgjVWj3 +K+UUpDxA9GGEmar+LdlCRG+KQ9BvDWtfcQClvzUG2nKQc9QIa4wsXX7QHqaGHIk/ +5Lwl4xtHRiZLMVkSTVGUem1Kdd9k0U8ax40QewHW5Ea5pRRUj7B6+MKDgRDoc7YB +jn9UQzIzQ5TqTNLWdgZR6Qt5uLSrVg3S2Au23yEc6jh439kC0FZHrZnALdByuoCC +Cx9BpHM++7MjCQMxWzeqs7x0czgGSf2u+XHz2N1sbQhmUw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-192-ctr.pem b/tests/pem/rsa-aes-192-ctr.pem new file mode 100644 index 000000000..d575697c2 --- /dev/null +++ b/tests/pem/rsa-aes-192-ctr.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CTR,AC362D52E38D6A9216ED8297B189E40F + +GWGIYoBWv7LW6cvgscSDudBA8stXj7AOOnRRp1/LDaekqUQmEvp7e/roBuC5UvqZ +6SXdDGZ6dFtpYThDWJ5aD9cK4Bk9j0qe8nD97xKwQLIjVO0vkHmbuPzE4KJlHD9+ +4H9ooA4iH9jxdAc3y9TbALzydN8NNiDKMn72nfi6LF9c4L5Yxwf+mlnqRNmEt0pd +2XvAkslz70C4myer+I/KMyyNDLpwghvzdWh+TBlLPBV3entXbpUNYUT/HYZzzt7R +tuj4u0hg/378U9j1tpRvGXlx5wh1Besfy2x+bCc2Zw23/Ezj/dGrBGDpCOF6GjRB +wE0XkYgAgDn2O6akECoVNKI0zwwI6/I9PPj6Rnq/S8zJLmgLCgVxdDk466rCkcfY +fgQlSehYMxRRyvD3dE4TU7dQlm3tHzFFsGI3qHI1eu8O/GA8KfY6XQTp0X/rEuPj +n/qnuNirYboEYXbDm15QBDvUNJOYlseqcmFCz2SyE83GLabOrfivZpDXW4CF0plU +n40ilGWVCLpiIQqOhkufmFhvfQDZbwgnfhew3+fNxIc0a7Kd2uR1XTBA5tapiFBV +/qd9STIdW6PGCqptf2ag5wMNVpQNkGYexujR89Uqq6axBvLZRMY82JRd8jLQfDKK +cU4Rz+a7B1MwOF9itcDBQreYIjTBQGyV5xDF8Xrg8FQE9ATOWdDl8P2/z5AzCT6Y +TzjsM7fjdw3ac9mJZICY0++TbymUEAh6UqKhhn7R9TR0/WaPTdc0HHGip3t08fZA +ixdn0RHvV2QoWJiIv/AuntYb53bN2cQB1DB5W0NPrZQ6tw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-192-ofb.pem b/tests/pem/rsa-aes-192-ofb.pem new file mode 100644 index 000000000..a193ce103 --- /dev/null +++ b/tests/pem/rsa-aes-192-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-OFB,1E532FE273D9E016DAA31CB5A306DD19 + +G7dGS64FOLqwLg180YqKF79stjm+DuWgTL4HsoL/ZPRBQA0Km1t9onvwu5+60bo2 +VN14VGBulzGoGv2X6RiclMShUqpfD0TG+1zIpxQv1x1takw8vI3HFPRe6XnK0dOd +vofluqogbwM1+l9axD57l+v9kVhfG9z4QQsu75AIb0BLwUFIRSKK2kyu2BVhMbme +6iaBviv14w6SKhVChUNQOhiQ5pcvPx4OFmeTx5UxQCbS/cpJ9epH0hBKVo2mKH6V +BLLEP8gnqSPzunCaIwWlWy6IiNMySsAwlc81zUB5qGIWNGLthn/KzA9k2QwTKRQH +ZQ4LHr+l9grFyDEp0AqJgbHNmnUBqR+NHOsfZHrBuHmDGXaHS929TubEEzeP0+xg +ynYJyth91crnUWd5grJEDXyJJPFKhzWzdnEFpyNmC8UBpGyM0rWVDCVVta02E0LA +I8fKkc4q6VnlonbivlEBb0oSiW6Svb/MdXkzTvN/aDadYucSh8yNW2aDF6/GoWXt +57mGRQFEkMS8+C3QG0Mcv8Ij6l19kuTxR1VWEFFDIvHk/018gIiA15cZaJoiZQYQ +7rVNL6OSxjAryIR0e92bx9KoBN2hPy5iKkl4pZ3xy9ZKgFcvdhnXtbdQI/UxKCjO +JoLUsBEecnWC5hIsbmtYfzfsQ3DQBUoBEVq4+XMaF21EHYTixi3tV+Ya9CSWTw1V +UFbc1pNJ8P4cEFgiXPYsWcP2JwdABM3esXzwj3/Jxv11BUubHBCehHwxESSjkfMN +C+ua2QXGcvIziINZ407Mc+7HKXeDx/EHJwy6Jo838cgw+g== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-256-cbc.pem b/tests/pem/rsa-aes-256-cbc.pem new file mode 100644 index 000000000..198aa3a43 --- /dev/null +++ b/tests/pem/rsa-aes-256-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,610E0BE873DC7E35E19E8E8CE6F475F5 + +Z2SCHEfiMHHZ7GPuFFLVynP+hdzuRfGVTRKqNJG18f5/vDafYHcbd+RKWF9sVy7M +baORTuNarrrpw70NamFqHX+7UceFXeIdrRHcQN/HWwLtFaUWLFhAKjkc6NaoBK3b +xVvH7e8TkkKcDHJe5/PYTsqCmUHzGUFzOw5460oksWkURhmgS1blQJgROFGJ+h4w +T1nxmUoOKiKNLneyAgte4gSMM/FmgShcjw5e0vRIssLIWcP5U7kYLTIcsm8+qHzZ +fdXx35VUlR5J5EFP0txRWCEWOs4FqhOfJmmeeDOoMD7us4KL6TyPxdfxMfApDQJa +kiFU19Y/eRLvCaapD+x37H00iT6MXnRyn11zDvdLWbPB53ZZ7nT9xER9FzmGRBf9 +yhOdK4/ekC3oCdTzgHIz99iaAJE7HT10X9Yf4A5LXgr625HYoznDfmjDqIVynELu +9x9uwJ+XmfbqfDhop8YW9YJzVwNkeryouZbLF4On7pMvgqTdz7tokuo8hTX+0mc6 +HCItCPxALdA6HQYCZXbmDn1cQwc0yMLXC4fqipjOzd9/Ns0ApvdRkhrG9y6sKht3 +nh4xFPZ5yB0lIDScLY4Bhk1zvTaoOnrpY0K9r1WRysa2Xd9K7boRuK50P46lfXrW +eLJUI770NhqIHYnLDIY4p1jKPdBtRuMkqWvdLQq1McfnGpmFc9SnCLHCeNNWOFGP +20RFHPiQ98xPHnuMCVThiumewqBkMaPJ96nRjm6ZrJl7r/Oo9deFcQ2MR4N1rKNY +41ASM3Xn65BoUpEPS+MRP0lVVx+DF+6fs2NHGZS5J7VdlHoHEiCb+GnAwP7eGj2+ +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-256-cfb.pem b/tests/pem/rsa-aes-256-cfb.pem new file mode 100644 index 000000000..f56b3773f --- /dev/null +++ b/tests/pem/rsa-aes-256-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CFB,43D96087451881A68B7075CE32011024 + +KIRsgcI/JEhz2hht1AU77iMiUzW22AIIXYFMCelPkmkCA5E5kXGZz/l8L28L0A6c +DUVCQRlozlhLt2Ie48U86ph4IpW52bAiMvyUuZJNPFp3Am9zWujHf5BvS9QvBOM8 +Y8vdFcA2uJeVku0+vOQRBowEU0wg6FNAcJOjZiAzlKsjoVb++GqBC159MconYp5T +YqCbz3mUKF4nOR5NqiylgOeArQ1iNP/nf1C7uD1WPGZi1T71L5z95fll73yPmXkd +/uv5yak7DtNhh3Kh1xfw3ecHHCz2BRng/2pn5BjOo45g7BaTd0ejGUIN9iJ6FZdN +iOP/pzOvRU8gaJruFEpLtS0Y+HLPnoArwqYJHeGCH71QFDl8cVe3BjcWfhVYYbia +cGBxW3x9oy1Wc3queMuyv7M1IhYX+7QltcTKYQQuJd3yeioh/jfopLxtpuvNLWSP +Q2Vib421qnvjUrxn2EY6i87ten0Rzt8JqnzyVRsdtulAExARRTN8ggnPieSoGxwL +GXPwnZpRn4iAX2S6ETYWoPNtGeE54h+CmzidrqvrEk+8snyI7o+nhlPumbGvdTVx +ts9mI77065hxWUGa7o+dUN+28nFjfxdB35Zpt+/DPrc0VqvAkCefqNGE9JIFxXE8 +kKdLfXOwuiiz2xQcaYFVtbkw+LzbY4OFOKI47A92hqg357UbTdatjL4EQypPX6MY +CYe0XtPr5xAa5/D/j4HWYZ+Pa8I28G9EHxeGPFGZQOqFJFF8NaOrVSEHLLFhNDKr +CE7ZsOzGtsN6fJ+EoGTEHFVdNQpPZ0qVZDVc2bHmQ5WC2w== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-256-ctr.pem b/tests/pem/rsa-aes-256-ctr.pem new file mode 100644 index 000000000..5f49765d0 --- /dev/null +++ b/tests/pem/rsa-aes-256-ctr.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CTR,D351845764A2C771E9EFF37A07848AC8 + +HXul+T5A4PiaDtzR9ZK6pS1Kjks3ZM4Xl4yQVcu6JPhg68CKkBkMBDa8R6Ny6tdt +IaQ1dbLquS0KbTr438WBhFd4yTwSy2BS/hQv8JjK9t/WdrvlFvhLXqqNosk1ojmK +L03tyrB9FDfqaw36fc2zOTL0U2YiL+yc1jXOxV/KeLFZ5vMCBLIIlCmDyX09CERe +9M/KX2dCJInj14RqXjK4sM1SnaEYjRfZwUkiEzqpOc3pfnnblo65v79jooVHO2j9 +7d3Uu0I8Kbzz6Ss7QDQpUqSmS696XfVudMVJFfhGM5yvT2iWc5L59dZ6PNNY+gOA +A7Qr31uR3ufpmpSsjuzWqPO5PjG808P6wEEZosT/ESofmlR7H5mKAuifxzxzEzKV +MTT0KSLNh4mLJ+x23MHxWDQ1EWHKeAGNznYDrnFVDLgzX6qHHLGZFw8nGKb3cTYY +zjIbW30jQxfAJNPisdBPCvetTV+Fr9CtesyTNw6ZP7YxYqFcd0/ZI1GL4BMSfY5c +OClXyWakdwXdfL48T/dR8EKFvD2pAJRtbs+lF6xdTR5OIsek/uu6+LYiNa31ItHK +QogMjXcmUEAUJchRmpS8CDby8RonSCOiRop4/Ct30G5xTOWSKTMv3hWLgOlvcC9E ++j/OXqKeFJ6/P11skhDjDSUnPVJhLBWlQvae9zaQ7Xwg6llbko6EcUDaFJbVavwj +gWeYcIT582AlMnnSFSfMSs4YLB6h+GdG0Ta+mKddtvFtn1PlhF0aWxHFQs8Pkebz ++60Jx6qoH0+/ceKHLPbV11af8Mmi2gHifpeTYXMi1DzQ+g== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-aes-256-ofb.pem b/tests/pem/rsa-aes-256-ofb.pem new file mode 100644 index 000000000..ff9e3cfd0 --- /dev/null +++ b/tests/pem/rsa-aes-256-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-OFB,864C72C0D617986401AB8B278EB9039F + +db6VKZnrNYiDaMmZ1fWYfwVkIPMS5OpTmlcw+dB3ReUpo0y+D8Bg9ro5q5vHNxns +jkQoLZLfoOFjU8TM5X95TQ9SuzyLun32SE31CE/yoFgQYaj8liQ+s8t6tcRl6NiZ +wQxjvCQBOzP0d+RjSxXdEm4kjIgArYX1c3prMYyARondJbQYrR1XzBKR4HruMb79 +3JpddbOR8TT4rojnNd4nQ3f32qkLQ7tesIv9pDPvH53VCivZTcaNgHsMF3o4qKEu +i/qsOJiqKkJsqX++MEIel11M0vkTe+BzPNiIHOKyUDhZyPZbot67ELH+lrS0z9rG +RCj8HUNRPwfuPJAq7zSjeaA75N9Ybslj1rgoRTRwriLKdJqhszjz4loU13mJb5Qz +oZPOOWYdseeWGunlWFIu4shXTprKuAfrYgFamJXglHVMDxwzoRVS5b/kAHu+Mq26 +bW+NO7L5VQtRfTuON+3uoVMYQqBw8CM9B5YB4LUbySXnlENkDRkJELLccql/OrIA +1LmgP9tHlVPwOLV/X1lSfKjvb2/OFxwKMjZfT5jjuX9FcOy/Ozm/uBVH4RoZkGN8 ++XekkhFTLfAb9i01fWkvGhVOWQGezoMGOxN0PyMUNm6UnN77hO2bQrTPgdlVgUMo +vP/mY5RbW+PoviZOQLjMmwRHeJ2Fc0V0GLMbW5H3Mkn7oUHEZdHtlPOKG9Yqt+08 +pFT/L/oRn/Zu/9RajPCCK659VEE/Tu89hUigHoQpcj6qkS8iG0qBy/uN3EIZhQhW +2l1Lp2Gr6GfzxyLy64+FREnaoWHUAc87V95GkV1epsq07g== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-bf-cbc.pem b/tests/pem/rsa-bf-cbc.pem new file mode 100644 index 000000000..f61fdbd6e --- /dev/null +++ b/tests/pem/rsa-bf-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: BF-CBC,A2E3F3B8C60F1B85 + +aCYCwYq5jG18juJP4JVrMg2+Wq6Crj/wI406D2c5W9TVe8siHY32uAbz6o59mjnE +cZTmm9CDXdKtPPEfdeU6Auh/ys6PFgQqCwTlZkiDvzTUxK4E/64feV9MfwRj9w9E +2xLPIUwS4LsC0CmJK5nk1tObvk/nOEzSieD+kq5oE50mAuMbUnBTCiAZt0/82oEg +3ASkenCuwk2NgHQXp19PCd6A6L1tDmP0AbMLz1Oe7SXUCboFh3RMaJfg9S8Kv0nP +lPty/okSQIOku5Ja0C5TXFsEXzmzn28Qu261H2OHoy56hyJmulaQCu6yNjrbHL0j +JnuE8mnSyHqSEq+2/R2VEof0uVfNUO7It93ODJDoFRqs219R9P3JEb46PttIJG5A +imutE6iASRdwq9Y0/UgPK1d7nSnWjG5bqBgzkomA2kkJXQave72LvnJ0zwgOSor1 +md3GifM7YW0VeCnW8Lh33/GI+qUPvhPlrR0fjDfYMEKLkNE5aI/iYcxa7/jR5nP5 +WbxLLQUPQ93kbcPQ5+2lBWxilqqpmFXhWpi1W4triT81EDFH9/szHTnaZ0nwja3K +/AUXMccrgTSYaD4pXPY1BXz9fn8ok/Rn0TbdqobnggVbjFoSvehWtyfsq+3lNetA +b7ENuQaUKxAFVuKOSrXzanvFFSs7l+TIglJXxu6Zerbn0/UH/LlGshrkLNwhv+ba +Whg77NM2jFs31WYyCiPzH1RuxQkdGe6rnm+aSeEYc0g9dHnCDApImChEuiOEA3wt +YjWyRgLjQPQGgEl6dfeBpwSzx7dXC8Bhvv3IZY58lvgTxArFWWATVA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-bf-cfb.pem b/tests/pem/rsa-bf-cfb.pem new file mode 100644 index 000000000..fd2e0c560 --- /dev/null +++ b/tests/pem/rsa-bf-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: BF-CFB,A1DD43A6698F0FDC + +mZV1GprXm3ZfUX3gSKoKrKf6OIfx3PuYoccsJQH1L+ftFpEpfFGMuPqG/6hLKPCg +Q4TYkL8HmP/b8RCTbGK0o3YsD5PdTygAsYP0VVbCmhzalcdUufI5ODeTZik/HF4S +3cszCR89IWEg1XK/ffa/0apB6nKAjzDTCVYUydGFwQ8gcwVKCz8gZVEc7Xk5XZJT +N9QWVLmrw/HGQfaImwpfMUi3hbhKGIYvQy3A40Ky4673IqcaTea99en4VeuAMrP5 +LjedSDu+tr8JB5XsjJj8bzCEyhMwbJyYiFBmRG421vocGResEwLhMLxc0VWIqHUN +KxGzlzQZPMIoF3bLOybtOYknxfIStRVuPhbdWZWOWPr+qe9NB+A1BESTM1huTVHp +ofgz1hggJtYrJqu5qKpURFIsRo0pOGadqbjYKV7ZrEBEmZsZXWbzWp69bVGbFwAj +ba4GExErLZBjwSvYXzusGgLv0HP4cECFbEOKGLIEHWm9pLXWFTTJBu2aSPp9P5RC +adrCDgb0zo9JtfQ/P8Bhk3EYd76GpMnJ/VIL3ID8IV7kD/EVOsGPSu1AtX/Zd/1y +BieSNSTL+WEil8YjzZ+Ijh75WYeFtQDn2x1LkpDDwFtZVXBjB4txGvHUQgwOcj6K +26Eng4rZtdDP3yu9txnNvrLVskBw823cuB9w91beq8Nzdk9A7QWdcNSH07evTUpQ +7mpWJQyU54TwG5Avsz//ErfpiwEIqXCtUWH5ROlCmyMboHDmiizsFdFJG1X72/fE +1oTOfDUbGb6aIAZQBD6axopqAPsIshHHR6CKPcMDMRvUww== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-bf-ofb.pem b/tests/pem/rsa-bf-ofb.pem new file mode 100644 index 000000000..6a45d1ba8 --- /dev/null +++ b/tests/pem/rsa-bf-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: BF-OFB,6FF31D757E4299BA + +YSeBBk0kGRtQHi71/k7+QQCJXKPX05derG0Y9qqKonereIBEp4ef8OVbghyx1JoC +bBj3wOZbaiQUCvV2u26kAQjvTALR1Tie6mJTXec+phPczPnbQY0r3r7uB0JLECr5 +sYwSPkdgDOQXLINy55MAjHbpxo7srZOD2OxuUzT5AbNMReflKOlBbyH9GDeFcCN4 +6loM/KrPbpBVsm/ZPdRdKdUerGIVl7IesVQSyF8x3+HCtgenWtIsJxCGXKUsEz36 +iDFdR5vPZ7dInWNnJzq+Ay6Ldz99O8WeTLUwp9SaMn0+grTn2R13d9nP5091YkgS +K6FlQkn9nHkKhJtY21WvRJ+1QWZb8PvPIElYG8AFDzcMjVbG163mC7JD5MTc08GG +jlegCYDnhWkahj4zv3DbELq5Ysiv6MNObDBaXAJQSKNNcdkq6m7Qx+48ehq8+F/d +h188DCR4hMp2aQ/LvGL9m6YEUPAclrC91lIZQG+ohgI+0ih6r+0SYokn6gzQ2Cz5 +1qMB60blEX6U/pgQ00iSluR55499rSS1F1BrBXQ5hjFELnZeMN63+nfquGJQZYa4 +G72ZxnctzTX/P4CyWrmIeYMdP4MayZg+BQGnP9hcY4WlcVHtN/XJnVh9WZu596nO +FMQaDjBK/ll8I2yMZTHKsW5FtDBL5cjv/Qd9DFC+Z0hwvY06Cx5UAMkTwn1g2dBy +lcDpPYHWf0wR91/W34EPdggA8sWnF0+XOk00whQdY9hAQPGT2qvu6LI2COalCG4X +9nJHc6exhTktatfBFn4TcXFk+TKS4+gbFTmB0DHXDLXl3g== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-128-cbc.pem b/tests/pem/rsa-camellia-128-cbc.pem new file mode 100644 index 000000000..ffe132979 --- /dev/null +++ b/tests/pem/rsa-camellia-128-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-128-CBC,94052F5E016AFF7E34BC3F724B0751CE + +UVk8DjmuP7e2Mq9g+QxNGoV6ZRMAFyDZPGCnUbE1kAAzMX7s1iY4jj+aHETeq6Uk +UIixuujCIanDwc6fTZUmhJOEKunAk4UsREa3SCxgqYy02oQxXsRXEwCbn1isI2EN +Fm0WiRvdsS+unuim97A6foCGiMksMNl/9fM2PUG7xl5E4Nj/tiv8ifAQnjAz0Na1 +fCUmDbPo+XJlDR5wmTup9ZEo3GfbF9lxBNsdVY5rW087aZm2Zn3I+mK/iL/9/oMj +kiXLS/kl9b+ahiYSuDKfbQQvM14i3r/XIl3sO81eT4NELTf3FZ/2W5V5tPp2SfFl +S9qtCkoey4r1c7iCB6iPOsvtSBqd8W3a44Z/ZcfYKbxQZpTiywpCz0AZ6TeUrhw6 +FC06tlU8mnwTlozS99ZFGdqiZoU/f4zZnHc12lSOrpUUZ1LPsY8C3a0LxEhBtkUn +/j0xgW6OlYZLqW+j4aOzKuzchCyfm01/x0NwBiT3eUbL8ZcD3dszNeu2S/MR07WJ +JcIh1jTNFrGV/kLNYSQbhw4F18oSbQ+tuS5E7De6BCK75TJtRNRTYHn2GBllN22a +GcOsW2VUNEdaT8/9Tt4Hv+gBM/oYsdIHqtiovcd0gNeJMUdZu5IJ7b3ob7ecbdjB +bDqVXzj/nUm9TjnyAFEk7IhvLV9kh0cWl4wxzIiVquAzBzg34WYj08+JM5QNEMrD +Aw/V03wSLfSKYfB8cuw6p4sH1LaDmMb/fumV1aM6uQWoP749vwKGCw4l8U/8PqNi +E9xiRjoO9ZFSpfEjPjlSVkoGBbXxKb5iyKEmNrP0aP5EqlAaFqftjhvEeOEIZ1+u +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-128-cfb.pem b/tests/pem/rsa-camellia-128-cfb.pem new file mode 100644 index 000000000..9144c8339 --- /dev/null +++ b/tests/pem/rsa-camellia-128-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-128-CFB,0808625D5BD35FB6E9E85ADA0060C9D4 + +0kdNZ22ybhdCrR6wK2Lv5yyB7FOCBxpXqVYn1937l92SelyWWQnPbTBDFJW9Uf8j +EZUw75FI6H/1iVjBrHgWc8oeQxG6E0/vm6/2+PwSpABzRiqfHcgerQT87+aQ9AJo +/v/LhPhYlFgFl4jx0wej/dWs9a1zNxW6ZtNtQGcugOyrVlaNkVtfVl9ADGtpHPJg +vvggNvJuq/7QW5n9bVfVk9DLFqgj4XjRBEnyB3kMRWAPLVgKIGax5gScbH2MTpzB +c9ju3EZ5/EUSvdCjnlFf85ERVlDA1dfoknFqem3BQ+E6nmfTQ3gJFpm79eGA5RNm +K7hggxjXPqH4y2MmyeT5hMSO2sTYpKG3S/OdE4R2S+pC2xxXJvppuSKqeuirgWgf +JSPsJrfNY3VYg83ZWuaVsAjXqujpUGSO/gCx51/YnEcgCKXs0fhRa3madR2ztaTY +/sTPJ81X13yAllxG31ZkTkelxjXqYWLAqjHEhsyMb+oyS9g/w3EmgKbhy2ZI/nP3 +mb6KeVDlyOUXegzlhc6R3xdItBZyiyHWbVh7frj4Nq58Xp3o6Qtu/MixotkqnPaU +DGDUu4D5BRmFizPFag8JGr/vT0co6OxM2XUHdTzuCNXd36pU+rxCLvDPKZrCR7Yn +q/4pz9DzuTa9HrUvjHHe1tX0jNv2VfbJHtHJpBk+mN4nQy42rzPIXJG1i37C/qCV +MDbQcb+slu2QKDj+hZbmUu+4NLyBla4n4lLNszKxpSuxcvhQKCGFk73AaNXy1Stw ++4ojsPGdAnI+5DVBLspoF98Zwfs2YPruEvdh/Owv9ad5JQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-128-ctr.pem b/tests/pem/rsa-camellia-128-ctr.pem new file mode 100644 index 000000000..f7ee63fa0 --- /dev/null +++ b/tests/pem/rsa-camellia-128-ctr.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-128-CTR,87CDF51FDA93F95AA505AD649897EB93 + +BMgD2+OliSyT2Zil46xcWmb422AULCwFSm3YA2TNRiYAwUMQFHAeTh/rBP2nOrGR +s9NDhLQo6YXvfCaZA/WNjffvCX2FQ9uSjJz18/iGmg2RGLo10FHYETpFtKTx6hua +3RqDSSpruOhV0ZGeloEmnLvgMTS3KGk5RKJE89j17NdyYK1YX22dXvr/KtmRvea6 +db0apZJV59eDI5kRLJSM+aGdbPelXCmVhnpJEBW6G53qU5IDmuupCZKnwhh/feZA +luLyRDlEK0+aOZQU0qhU7Mx8Jym11ukVXbKM2MzGB+JN24H+JOefwWIRPAd1hurU +4720UYOJ7mvW/1RLmuYBJDRDePYW6FYrEfhW+Gx5k79EDR8q487CHMxsKa2AlxvD +ug49TioXqHBL5GiDfdJiXYJ8kgGp7WonsC5p08DdxVCoFP6ksQza3iiVs8VH2en2 ++K1OABMkWojvDHdOYpLku1TZ+YxpCdgOZnEif/Ncd5Wp/z+w2RKDLHPeocxSd8Rv +/PoCTChCXemVrlFVO/wAMExmE5S+DcLCKFOuGBZHNdlaRGHpsbvhFyjM/PRU6Q09 +N2Y68b9UgfwVNMMvSCL/H3fNMmbtylQzD0KmSh2Zzpj/o/MSG+eCeK+xErRkuG0Y +PDzo52SHECiV7wPihj5Iku3Iojm69u/Vn7hmnogTLNSSLZxa1OJ3zhLc3n4/IBRN +Xbn8clIAGr/epW7rlTtjaKpN7I0Xj9cMUS4qKa2iiqgiwOpiEVOE6OLdzeJo2LBP +p/ocIIwMDehLo+dkHALGzo2ujWLOmyrD2yXX4YZKEmY9Rw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-128-ofb.pem b/tests/pem/rsa-camellia-128-ofb.pem new file mode 100644 index 000000000..5a12afa3f --- /dev/null +++ b/tests/pem/rsa-camellia-128-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-128-OFB,22FA90277FF97D814794E402F3B34894 + +NQD9PUwn2cDOXckZZBoqjvVWku8h4ksBxHUetaYCOwKqQ4j3duyL34s4R65h6tir +w2aX9S6YTjUrZBxEdxNA/ZXlW/Ks9rLu2+JBbfJFPFwf+5hF4ufYKtvyize49fYq +CoYMhRHUslQ26Aw1tSbAmEQ/PnSi+7Rm4vC++ELKIiSYfeYiMnWlruwv1GfgaLxz +A8+UDkUeL1bKwxOEtPkYpqGV7T3cNJG6hcac+MZ+YojqWGdLVVwuIzOfouvd5s5Y +5ri7QrB00noCc0EzqroMvosGRCrr+6OzrnVbZt1423FXasYBuPMzyAOGzFPLbfQH +Biotquz0YO26GbEn2ihSwijruQ1f9yp60YOoGgYSeDlX3TtJUodB++D0RG19ZUEF +U3cIqPQ4EWdAwPNshBSOgBSQknZopQq7M8dY4ctdWrXxzVjKbUBPJjHOsGPg9cs2 +7A9kjaaTGC5jpmKVrJGrGzxwtc13Pt1uCIyQtWoYZ78mv8V65cLeAYf70ntrnaYY +964WkNBuKOcTaEuLOQbGbq9LYYiNTYJ92mzoZwB0ziIz3bcKd91cQyWY1Cpb9/e9 +AwD8jlaqsEv1WN47Es1VFrKbgo84EGudaqVVHhmcbke1inegadV/xGaYM+TqhcZH +u3r66WO0VzmQOy8Df8yCQ+udRTXX77Ky5Q31bKB5FKa6XFxK7MzPW8rGU0ucupH6 +ZcJhbUQ+N1qeck5X5wwuDgxzANz2N0qv1H/lwcU/4GsEAU31E2UMbBMQQOqH+xiv +CFhXY3x34phyg23SrldYXay2h65DSm8bqoGROj6AGaByQg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-192-cbc.pem b/tests/pem/rsa-camellia-192-cbc.pem new file mode 100644 index 000000000..8be51beff --- /dev/null +++ b/tests/pem/rsa-camellia-192-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-192-CBC,1E22C96DA08A146D1F6B137A3F310C4E + +hPZhYCVz0hLPnFPznHhFUkO6bOhAwS+9UXKTnt1K6K4Lb8fec+8xGBCExGM67e60 +XeVkcDoecnK7OHwXhplKJ8y32TdUCjooowVixUseEkKXwJ7IMsxpqdtpe6p9i1SV +Ry2eu7Xle01FByz5FTD3iW9A1e3a2AvDdSMa+o+Beu73F2y4Ii8M6K1mFlQtakDq +xZgxOZZ/Qy2MRnNhDlBl0IzUZ92q0Sh9iUBD+dUgfP2iJw52bb1aOsOm4/xuDlRW +pgk31MMn95Rp51nkc6Q4Zcc4n1cJlZbyG/0C/w65uvP2UxrdSRcEYXJuHmqXZIKk +gYlv8ZKyChV0f0gZqPbWOTCVBg4okaFmAVOwdqffa+SKQwKN9IYzq92gTSS4KJqy +5/70PAoXInM7Uo4mJBjBlQLV442fKIyw/Xitl+MjiH7EY4mMIqHn66SBj0rAB88x +S1G8lFgR4RTGklxeNQ09SkwW3ene3ag/6YJ8VZzvpXZ4iOC0yc2bVTpYFZwyNHGd +iwrMZRTi2hGP06M/zL0MqMNgOEJAQKKd+DeummIwgPSSvQc60MxL1SyUnLk24lq9 +5yMYFImX4c7EED+2d9dtMRNdkT9ZnTcSN/Vtl1pGU7SFSI6VHBhvBXUP2kxiHQqm +CFnKi7goIXzoU4oQM50TilRnW4EWK9drbrJR5ViZLQUbuWjTLKpwCadyxJC1Jd+c +PyQqVGDBesUP6tgt5U++jSsQgvi2ALq1dtYTuO92p5aQ++8YurS2C66JuyEuC98E +jbtX7fVBt7YGE0hy7z04j+TjXP6w/2Y2KLnYyOFfERa1d/neQG+4++HgigPBY8H5 +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-192-cfb.pem b/tests/pem/rsa-camellia-192-cfb.pem new file mode 100644 index 000000000..63c2ef943 --- /dev/null +++ b/tests/pem/rsa-camellia-192-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-192-CFB,625881A70DC172071E98F5C6B38CCAC4 + +5sK5qRMqGpAYGVRQUwdYhyKcQeLoDhq6Rj6K6/rbgZBUBSXpa3AKNuN1LVnuuZsC +5U+PBBv1VNnO/+oL9hYyOItDwB5X9OKgoI31qf8O+l1LJpcoIIyxaTBR36Y/JcBL +3PXjiBS+Ux+2Q21pTueFjJW1iGoxSIaklXZgRv7bIZXm8+Bc6kcsB9HcYeL3dGfx +0OYHkrF1/3KIu8TgnP7URN0FMB49WS4mWS2yB8FwbbO+nO09Mohbemdp00bSehlr +PjzcNl8KT38oWk5Apase/3AYg3Q5XP5h/sacjUo5B/IBHrS3RbNGYc0yejovvwWx +tyQQls501FTfDcFW+XKRIzcRHjEVLqCECHnq7OTQjawuy06zlUz9H25nGfBZ6EkV +KSCAvk06guE6sREZiG3qOaNrp4v3YJMGjzOhCvy/HAuvUDEuY9nchL90NAhM6HjJ +j0XzOlzpT6J1crjhru9+mIPGg1R3o28M3rPh0Czv3O2lQoQSVpxw+h5+Xeg4Vj3H +taRrBRrUWUFUco8jaXvAoVIFSp65Mlr9g10c0dWVt4o9InxdslkmmEJ2NYqDx4ja +mW6EMu5LW67dXX0PglayQxTnu7E68qAjVMSe1fYfwZ7p1ZVhrq31T2X22IdmAedQ +nGBiMUyAAytr/UzUCrkQKorlAQMJhCLQco+wCs5Tny8kkYXi9fht725hXvX6vhxg +d7dfcKgSrUnYxu0Qcb1L4nQPjPPc6j7rpicVbE+TOyCASdMsKBGwQ6PIvexrImyl +ZGtkoeuEIHIlkbl/u8MFOSCXO7YipoMHrKk+uzdK1Xg+zA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-192-ctr.pem b/tests/pem/rsa-camellia-192-ctr.pem new file mode 100644 index 000000000..b76e162dc --- /dev/null +++ b/tests/pem/rsa-camellia-192-ctr.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-192-CTR,62E35C74BE30FE4769F3185166B5D237 + +cCPHKwYdF148WwKz2SERsqNFS4p5qyJMwyaUWT4OsOoOZRtUm8yesp9cWmDu7zyH +Y4LgDyK0Cll6XRbABwaLF0Vj/3S/tUBd5m45DNqGD1lfH+TNiJmA1/2m0qVojv+q +8gaN70Rbk16wuMLKnCbKQQSwnJxd5UO3scR+DK1XQO8K9ov4SMa8itJ/3iKSRbNt +R3b2+EDsOh1H3s49NUM4b7cZwdWIXwHxE0CupamFrX0/YykGD4IX/J5+rlGrx/FS +pRsJ2lsLR85ZfB1EqJ6s8PS7+tniya1h1vM5FzNlmIGT2OvbTn02xeK2OaY+0aLs +bHRy3jcgSGYUu/5EwZMzs82ipr4GM8h2z3J6UWci2jKUv1ndRboLRAJfa1Y50bJl +LDz/yrKDnyiFz+0I2fWUkiCsZstTxStSMva8fr/0s29DlduC/XUZRusumZMxrIFK +cj5ZH0EkcJa/zQ8NeYD6URx6KyYct8weg6pP8n7BV2V/n935zms8hv3pf+sEbIrI +xOO4eZOzJeHq7pARMzToOjPrQaZSOPh4jcAaFNZgsZlO5fMrhiXCPDjXvdZWOOSB +RSW48Z+U8rOSSVzwWhe6xz0ly+A+NvLNfBDxL+62rxUy/GJtDQR/B7jmlQ6LtCZL +vYsNDpHgAyoUEtKl0B8wAlnRpR51dHGzJap71TtVuMoprI1lPVC2g6xZgBXQ1bmT +nuKf22VKz2sd/IliGguiBp7mmYwQxlnyUs1hwlCftV9GVvXLisqct9LvacB32pBX +CZkKBpXs7231V61dZ/OINOUAUe+c0RTKf9RnQ4KRltUmqA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-192-ofb.pem b/tests/pem/rsa-camellia-192-ofb.pem new file mode 100644 index 000000000..fd31df476 --- /dev/null +++ b/tests/pem/rsa-camellia-192-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-192-OFB,20EE340E8F45AFD605A39206EA647C85 + +2JY2q74uHMaGiloog9f+Uq6ml5L6rm8YLSnw3erhbI5GzQuFdDojSIW0htjd2jnU +GJN+qPN4vSuHYRd03vu2OJwOwsNWiEmTBtaf975wlKM7tNPDiO47Hk95dh6ySFcL +gCxMUBO6xd8h9N4V9tzAtH14pcNdW2gkQE0YISqZE3AYF+jNwZXJl4CmkbuyGXqP +qNSamLTYXrI/7glI7KGCVaAkis5g7g31cmY84PDzRe3WdA97PtGU5zJu7ku7QOC/ +V+jlbiYoOrP1YvQY3y3Swk9Rwiqp3+vos0EAP9b49S6Xp7YADN7uYW15qysfDh91 +oSfgsOsP0U8yi9KSA6PofAYq76C+LrLFNqFzuC2XQcr2xuHD2vQp5G+nC8BRxnIi +eM687gfQHvtktZ2Z8dSGWpKV0MnmJDRp2UQ5jGegTWk/iho3t+fldEjqo3Kh3Z0f +fxNxjKgvudnPuCnYkNknjcXaWojgG8pv5Ly6vQeaedeGN0IRMrqcdv3Eh02OIgUq +0tEPaQN28C7a7mJ+RxtLQxy15xMQZC8Rp48OChCGvOYGidDR8YGUnXU4kwGk0Mix +kOM/4/qF9aLi/3gwLOkSUkYormO69PAiL3MQS77cmDBwHKpu/Kko4tJdxVH2hHKO +eCXHbr7dMQOcHzo1P9VZTujKNlbOPn4ByMunH8TDpBUVde8fG5jg/XgJondVWGTM +qWPT0Jl+1IBFl5SlTzBhXkNL8Z5nimI3Sb8UYykyRaE2d6+e/lXh4t7kes9w4pA8 +1HeGMBt+2MoPHmAgMYZqUUJiWfJIxy4Yr4NSyyYz21sK7A== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-256-cbc.pem b/tests/pem/rsa-camellia-256-cbc.pem new file mode 100644 index 000000000..2a0e51064 --- /dev/null +++ b/tests/pem/rsa-camellia-256-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-256-CBC,8D2AA51F99BC9D7ADB548EDC14813D4F + +BGwDYb24zW0EFwiuWJnCVDb3wWifiTy5h0nqsAuUiqidl8JT9aGRTeadCjE6w28B +VKlHBXhIlsLWcuRcT8zx03A0HJ7RpZI8PkQSqdyjRDZ5MB3M6Xzy6bNcoUQlbuEm +RjD33jnrMjTV7GzNu4W7hF60Jp5icQd5gffAGDIXo0LHVoZn3+JBdDcLS2UK7XJQ +kTZxxQOwHFYpuzX4kZccNhxim3NDb5uGnmJM5lZDo9O9NHL4kLEMXLATixEfbfw3 +nnsyjCeGaVEVuB4A/6y1/C8ts1SEQd5mVySlYK2c2LEz+oRWZFXxn/007V5KcgdF +wkfQ2Ytak6vmM9lFyogvasg6Ln6csHUbV/xNelnMUTvzWZwQ9cwoaK9nQpHFk20F +FP6HadCD4uQEYMbtRschupXOkwB7nsK65a6rUPDAiUxJAQ+GWlR3aJueFtF1kInF +jN6NCQZUyOy2nNnsvamnUrzmatAPNLYpvI98zNnM1s97ZoLB81dNs79x6x8tEaUi +3PyVqqpglfpLCLHwCd4BLm/zaweaXf/jKgsYEeGglQhFiSmYUN1z3IVXUwXCHAUs +cPUhkXDGZPyf5SSPQ987a+zP4w3xXDzylVw4dwgzCbjODB75oGEpbSy9RDuLQUAY +goLtQ0dCVBBdVBQxsWkVCqtWKG60YkPQDXBk0g4XMSsERDb/INY3VBqjGY1XLnKs +E1CG5vXDU0Oe5Q/3JirFxfbkGUq5feZfICIBRqm/CCQn4BiBtq3nt9CskFTYxhSi +xPm+VuTi++z9hQuv5vWfrBewZcYo4Qb8SPSWfoLx03W5McCL+An/mFP3vYXG+aY4 +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-256-cfb.pem b/tests/pem/rsa-camellia-256-cfb.pem new file mode 100644 index 000000000..269558ecb --- /dev/null +++ b/tests/pem/rsa-camellia-256-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-256-CFB,D5829150A05DB72A98D8DE4DB46EE72F + +f+eHANkwPjpRYXfh9vT/k/vkFddd6PNDFeqiR+kegXCfPzmKzAq4BaBY3wLWyAI+ +OBkTX6e1V+HjXT15N1pWIOjtdpBHMDCeoJCWE4dUdNg9FsVWOjipnjHSoVlZLbJx +flT7c2OMYuklA+YBVk0/V1/siS9y1zxGZD2hsyKIIdlYVln5SJAv1tIu2qt7BQOM +1xA1MbetuJ9TinwfXerX8Hdnx+XOBa0G6g35EHZ9hDPn7h5D5vY8tfd5H7k0so9U +AdqOdBExYSoghY+3LoiEh87V6bQEOtG178TXYT+QQQQEZwSvwYOKVLreDlTO4Zuq +wVIp2fOiN3VJXIwRgULh5/QEwWtPegHhXLh24UHzCsSyDKmnLSdRaIZQQscfIQeM +n7ms0arKDsVBQ9/wQjsa1DFJC8hPII6j66w6qY3Xj30UwL1QwTz7f6TqPxLk/PiH +nQEm7OJRJzuilfZAh9m2uNb7jQ3OzMrRvf/gbTyfYiNjMDLzVLyFPh4dm7a/ofV9 +bamsflg2uWNgeSkJwYNRuqLp+Una/xLhcPGeRDJeUbgBQCuudJ4LcMOT/Uac5ivf +lajPg6XiU9DWQMHtuJ/QF39m4i26ArNOoyUP1iWUAeThhTX+7D3e6CjYepLC5Mn2 +pSZtZHS55y7yo0ZHSzoYNqL95fDw4oUvvln06/8dsmzNBH3wOgBc4Kl7buJG7h5o +2fDryfsjiPij+/FCo+0ez4LdvZ3fMz9JbdOAGXq5Ha+drhldlQWXytvat4Nxq0wp +pZ5qcZrO2iSa10dJGXnbsfBlq6LtozWqh7ovG8Wj2rS2wQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-256-ctr.pem b/tests/pem/rsa-camellia-256-ctr.pem new file mode 100644 index 000000000..1f1624f81 --- /dev/null +++ b/tests/pem/rsa-camellia-256-ctr.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-256-CTR,BA614E4D3CBD5D006F3A9FDECB43E9F2 + ++C8UEHFN0kD3U9rIJokGJgvpAkEhzEvuI+fQrxyCRItVLUFvXR/T/LnNlfO58quA +COh19f0esntIFEuUoKIHtC+zkp9V6JbCxZOZWWIbs87adHh391IrJ4HVuobZwlJV +Erd9uZxJ0fCj3iaQe7sCJ5H6Dd7X88dDh4gQAYtggWb5/5njExqVINd3k8kj62VB +W4nW1KcE9Zzl2zCBhAyzAcgdP4mHHkNGICRP5bd0xh0J0CCNa9E2Eq7RFv9MuaJW +SqlZb/jqNmPRdaEEkPN6S9PQW7cx3ieyZSrMcqapSqi0R3Qnuug8kh+ugK+nncOy +TLwyJkALFvCfzaPF+Dm50UqYRyCcdHL+MfiDvI2F7XQEhfzcxA7LvP0HsRuRA1F4 +bYdQejOkB7HZovEdsyQO/3hMc+77KJ2X9UlW7NM5ezbdim4CdRe6sHY+vN9/lw7c +k9/yExP3KZ2LhvZROpXM9YyGxc3dYu6PlPARWr7xDXt2G7SxJRPwbHmTIw1z7726 +zj729K8c+p2RJ48/QKKIlRUu8oBRCHzFjNtpaOkV0ph6zCsiVRCtvh5LKI7/FJ/J +MWkgl1sES+V8HKck4VXCXrqbWSJUoMXvjRQKY554P32c3hmVR895OmOTUbKzO6wF +lrAng+ihdp76L3GCXgimZHrmzcqYjUw7eVBlMxaaKUNfL+PIxGGwEx1J9PKXSvw5 +iQoUIuD9WlVYM2UlvAHx5b5WnXzCsQOonROKnRmgLNEkeojpEw/tX+eQHnyLtfWf +riO4UaJeRW3LmBSmho3uv8dvYhuMFnsbjJR3qgOwfFlePQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-camellia-256-ofb.pem b/tests/pem/rsa-camellia-256-ofb.pem new file mode 100644 index 000000000..4dbc30358 --- /dev/null +++ b/tests/pem/rsa-camellia-256-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-256-OFB,68AC9278D459A0FE625854BCC9C9BB73 + +bA9raGY4hnnqsvvSAiQ2xqtgvQ0lna4IRSVEAsyhzNjmFg0Bqo1QMbqjhNYYyDbs +coxQlcH71o1VU2xyZ3Op+FmY00UEZwJhq4jSm/yUcJKZwY6v8vOKGPfUEOf31x5d +K1j7i3li7Zy2s+gPNmvwEsIEhTs0hzvRAI64GgRr3AlE4OoiJbLcTigEQMGWVrns +z/uLdPooeYUHjCF0rO7F2n6vmFvRPodxZ9p1mkTivGbZ0nqrtco7OwvFIFsMDoSj +eWvHNVyfz3Ulkwpd2o/txAO0KPyTPOoYdedGRbLsy61TG5Wq8i5RjtiqTZPXUC5E +b2r3Cs8rfxW3kww4hUW3cb34JtpEUGYnOUzYpXnOELAWaFaQyDlo1iEmug/HhSck +3eClO+tYj0Z4lnCBVNp+6aicpR8CZs/seAWBjWSLpciPCUs07mH9U9SMESHQsvRf +Yq93dTsJ/TwyksH5oJV8cHHqvzW2F5IVQknUe7nj6/VqzTyQpjryvzk7EKjpWNQZ +hFzJrpQBKuLt/apfSAaqTGY3pEbzg4gP0nMY3FdCL5BGftknyhsVAuR5qvC5AQjr +gbpHnJZKFdN1Szhzu5WNTFqCQ90d6do9oe8QOcmc4NNeheC3rrwfn6svwhJes+fA +G2dH4lcCnOcBLUATo7mgjCijMgF1zLkVmYaQ85pRi/75LyzcAk3XweobCXJf9GX5 +AvWU9c5IgdLQUZmYfx8ISyWZZdId1DDuU20MNf8UjeEyaHOGPwsaoKVesl1/xIQg +850vqhlD2gZcCrqsrlGoobYKIf+zWps6FTBubmvoYc1l2w== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-cast5-cbc.pem b/tests/pem/rsa-cast5-cbc.pem new file mode 100644 index 000000000..a169ad663 --- /dev/null +++ b/tests/pem/rsa-cast5-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAST5-CBC,1333844494EA1A4F + +sX7saRVhAgQPnj8aQWyxeqi6XPORizi+iOvXGAbrOnIl4dVflDkgyFrnKeedzfRh +ehAXwCJHJCnc7LWVHaCx7LnSHT3KxOzSaT18kxIpPu8BiuDAiO1Yz9x9BezKaTyH +4GlyE68zdNGHL8qkb0A8nHQig9uSeNDd4OV64MisJJKaulxqQfx+CotVHZchttZX +DCoD3+Qq3MDD8Yw6vkxQe/U2m3K71lenJuaVB0+60+jj4KweUfXT7GJsGKmT4G6l +L+SORqLGl8GcP7fSI/KmyOAcnQONuz854RtIC6el86/LFuC/IYISlAIo5lBhvwBd +pR1+jwyFsBv9wn4x1HiBl2TXQCvjaIviSAvIpQzpP/cbGG+5GszMUroRJgetw64D +dCVbvOxW/hsy08v5W/1zZzvZx3VRJXUmey7sF/OLjrjviTuN3ApEYaLKL9w3HZqf +Uw96GA7LPG+zWzyXdhEahy5IwRnK8N7TC8Um3b+bj/qLAq0PC7wOnzt/wOGV0SaL +jBg3GN8uGJdrunyNPCwq+LDXHVg3MSGI1UOT8mLnqp30fVx5zelD1Dm5qUq+RgPg +NgQW8A4mmrILUbIRYU+Ef+QaWXwmPSj2W6y1+0UBbugXTFE36kuUG2Kg1QIbVbfe +c7RGOYbPpYuvhSUJYXKQdNmKz8Rb4dpDJ16OtlozRLTvzekEyhXVSrSH/NgHZ31N +WNIFlSpdnQfIRgiCW88gQ9iZMwHcjGNlXdwO4KtHG/beKw9An424h51rLKs8eU3j +/e+YenlOjNg7ck3YMDgYg4uwswaBmK6akXTgjDKgcN+jQpZsD31whQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-cast5-cfb.pem b/tests/pem/rsa-cast5-cfb.pem new file mode 100644 index 000000000..e38c9c2e9 --- /dev/null +++ b/tests/pem/rsa-cast5-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAST5-CFB,D9A10C14570FD7DB + +IgrLkHZq1o5WFKcMR4wYNh11nWLTGuExAGChZ92oLLMnbIdYNN+kQvEzYH6q9eJD +MwzZ1M39ymsY5YzCzloN1r5U5OPvw5Bh6X1i/9zg+mT+TpXeppaZOYnDb5MYHvlV +/qRX0jdImuVTGtArNQaHnvpQVKi1elu1+Uifv+xW53BOUjKzRfV5lQqYeAzZzkAm +Tm+Olsj1RJvDPAE/269Xgm6/PMhLVH4Y35jkHqUh/Fes6JfWNgc4ZjAZH1xZybxA +k2edwsENkwwMfZjYnCjb9Lkw4GO74w6PT2t482A5yWx3BjvvcpRRvKAYExWXGd7P +R2pJXzu7OH+8yRnHp2x5P9OsGKUIoQyzvCvdB9owsVj50HZQ7C3hchmiS2bfOXUm +1IlDH76EjnuLOeDuPOaKMZa5lEge0JDu9wWgMrEfC+t/9xybQMekfTCGfzwz3Dnj +i0fNNqRGSRTPQJ/RhSrBL5IUNdaZvO0+49jdQ29GTnS1/zypPb2tchUwd8N/XK+f +tKJyoDwhgRTttuB6+xepFMgqQUZNa8/NlAS0kyX6UROsiuKjLS6nHBQ+QaS9c6Va +KZWZMMdV7l/NzXWrvF+Zr92QusMPbN7hHAfW5raGGlT0KCno62WpU1MaWszYS77P +uW0ndVlbOQYE3PnTe6hyHU0zlbSNb3DIpJ2B7gwhAwh/xk2Wl7b8pifBQMTYc+bU +HJLORpuFrNS9oCOBA5V27wfwkVXk7m7X1eZvqS9IypRz/aNvWIHkZyEgEyGN16/x +VriluGDqIQOPiS9RF88SfRFtmqczcB55e+gVmptoYNQcRw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-cast5-ofb.pem b/tests/pem/rsa-cast5-ofb.pem new file mode 100644 index 000000000..aecaf9e13 --- /dev/null +++ b/tests/pem/rsa-cast5-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAST5-OFB,5DDA6D06E3E7B3AF + +j5nKw8XtGUSba7pObNE2hiOpqJAblYVtNp6LwgssM27FU8iOZL1b3KKt6KxZD/Zw +cD0if7jta5pRP8javi8ceeQcnwhVYY+Iop0+LLhNMPWYnjrJsBgjYNrFcPMrZXQE +le3TaXgprSPPS0eBxO0MUXxnVHbLK+kMKdzRCl6o15TY8ALrdlWqThrnP03t8yN2 +k0FBBLxvNh41n4NQOwyP81NxKR9EksClDFBh8AckE1skvpjGbqXfcjaREwgKXbxo +NInk0M21ckyAWoiD8WZfwZPJxaC4Wmulb2s49yoD9ps+zzmYTod0oLFbgXPrj6Mc +QyXhtBfwq/nvVN15DkKE7KCeveBh5ZkDQsQaZtGMmDm4IfLQzQ83wV7BgOe1n19J +FUnWSUVs6ftq9Cm5QiHxQGTX5D/m89QJEDhmTX7uLQR7+0RgXQ+6a2on4nEGnNra +x5q50TdOvg93JP1z9K4PlVpvcXbEqqCkdiOtYlyVeLjVaulBUJB7Tw2xgs/bASla +xjJq7fma7LG8NM6adX3+zm80Rq+5UopwfJqov+NwjNXTwNaokdANbL8FiUJBvRur +jn7YCQENe3+1N6EamE9xBt3RElp/UWu37nlX3FSWhtC/ipjc2x2HClf3LzZlv4G/ +NqBLMAAEPIE6Kb7+EIhaxhHQ7otPy0BvVCiPmKeS9ZoMcdwmqJPsLR7ayCvtuETy +ew4TPVGyuomAo3uS96t9G2j6V1ufLKnTVw0gjwQzu4iQtgM8jOfeec9x+96hXcGq +MVf+tLo24RRkmpj+TS3yrw6p/Yl3fdLUQDGj/ZdNlGG8GQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-des-cbc.pem b/tests/pem/rsa-des-cbc.pem new file mode 100644 index 000000000..78c5d985d --- /dev/null +++ b/tests/pem/rsa-des-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CBC,DA8680AB93BE83A6 + +2c9R3NnVdmpJzxxm5es5QvX3vi0Du5e+QMSPHm0NRIsTRi4MQSm1GEq13J8SXOEU +UJ8zEYfZYQFcnqnvyg31yLYNBNLXdv8DRqIC8JQoGp19BY+sxojTMiG+Ac0CftWP +WGthPPaD73Gb/26YULMFfph4jl4RxjtnAN45WmajVRXWQtqdDFdnzJqLgDGKnrWf +vf9Im5YZcBqmEeEipdG6WUBIjbdAz5QATobo7zuxztbIJL+/r5PfidT2yyahgFLA +DPkoWggfO6aXorYO1o58pUsPjJDRz9ID/rH8ibkvrVKF8NchlyP81CneL9DTV//i +ZSwv3fcuZObDREPNqh5Rr4wJ1xcsqHh4KmUgnTcaU24kl8w6/v10FSVTS5bT9ces +TPkPL2GeqT9c+XKztyWUSlSheji4vS6YfjcXbGyNwMZ+2DBy6XzgZOYXj5fQrPG2 +ioKZYwrpUQuCYRLpdcghej2owKlwxE4A7MB+APZHaYP9ItwD6BD5YZHncXOa4XUU +87+e26FbFq3joI+2qWLy9+Nnvbh1M6RwP+zcDedhR+S5lh/SYlODZitlp/l2Re9N +IaRwbQdS5vqHKIYOkMELNK1Rty6G7fFDwevrI20mnb3mcwpOOtDqLbsJrNjVjvdl +Nn3QIeh4IE1qa0opnncOezJzNIniypLiS0o2MFmFSIhcwHTqBk6A8bAuQf4cUNvA +yGqvXDQdY0LPYMIqZe4hcVIq+qsUSWSjhPw6LEXeQ6u0q7CPOHo7DDrVL9ui5gKw +hf5g3fMe2ixrfTPbX2h/Le6Rxmj3hQD4L94qeYrcVqS8NOsypp/IZw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-des-cfb.pem b/tests/pem/rsa-des-cfb.pem new file mode 100644 index 000000000..59c707575 --- /dev/null +++ b/tests/pem/rsa-des-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CFB,376CF2DFB180933E + +xsTzYGzuTb8ZXsuNaQ9LHDkHLDRu9WdpQWzfb7BHqmjZppteaQGaULfdEMGvgxW/ +RhE9n41jMFanAHpWXmhfAYwnnEVW2Voy3TE4EXKTjRr0gWIHeplb25GOsnZipOgB +uT6x8GzdX02/xHpDMzDJXy3vuAiMLucy7dUD0bQgj7+c3elYTLRRUOH1SEXg7qRp +VIcYg4xAvVmmOCzX6Qg6jB/gnJNyu2LgfEhYQFt+uKi+STzbuCPS+Wms7wX6w8gG +Ve6Kjc/sr6EYjypk99j6wblJds0FwmXfwwKyOAjz+M6DTPxvYZ73hhsRjpOJmiW0 +Y3hqPoK6O5U9Zq7ZwkmsTezRASHv/OnJkNSjsWTiWqXYdgn9cfGhtiK1ed8jc4BU +KCAJfR0Xq3MJMoxi3X3NeBuaUXaFus+02scF8DwEaF508lxbRyqGng0xXLGnDznC +UCLdiq2IQyUQQxq05bNHXcbNqC65vrA1wVqVBRztI+jBLy8lDhMsV5PnFxM++c1u +XbNTKaJ7UczgX7/Digwpx55eyUQVpNU3hwuLW39sYysZchnEnUCP9RikyU8A3KUS +to4NwK9RtAtIfk6AYeKoDtTHX5ErHcBbUmQGArpsy/pyunfhNE5G9VPPa0QjnihU +2nQII/EGeNB4JN+/qY8mQRr9rYvIl/ecnkM8wSFN4RIsgV7tUQwKMZTvcAln6wUd +agdAkVr+uOdbPtsAiZ6lb87jGok2oo86dwJeLfTPoCrKblN/aCA6LB7jAU277xh+ +A1yPdRSvQp1R7f2hJXvpspYaozyxum2qAQcsmqs5Rtq04Q== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-des-ede3-cbc.pem b/tests/pem/rsa-des-ede3-cbc.pem new file mode 100644 index 000000000..5eae9b484 --- /dev/null +++ b/tests/pem/rsa-des-ede3-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,3DEAD22ADB3BD3C4 + +qJgIg8z1UdUEE6HOrwcYALUiYGIGYrmXJm2J3wxfdX9Km/2U9YVPR3sZv5V57gLb +xo9EpU+d0d5pmacbspGQeY9FtyXlkg5Y8TwaOTIfFs7EyBFj0BdsS0lXoIllIieg +ux3yHTYrA8lgXVMAdjOiFgJ7IMdGsKrxqz2TgZudz8hk6ErGQ1nI9Rh38tTiIqEO +tEBsxyEYFYLOy+RhTWw+OnELQZ8U4FtEjTYlfwfUIN+LZ2RBvJk2e8ndRpYYSsNY +Lc6rgEwFEJmooXqfHQuCRr7nC/pG95GaLqHRrWBHjK7dTRc8CmJ0t1CB9GQDCIv2 +9CnfrKcUWzXtfFkL7NjtYlz3B641pb1TsE/XPPqYnz6pi6cyApF1dpZvz1I2e/jW +H43Dun38wjPumJ7zd0YKh0waAaHpT197hM8BNyW51XSKAN3EFB3vhpZY6sgQyUQP +8PjCGkPEupCUloyGd/wK1gV5FTWl5Uv0vsrGlOJtdsDAV2LgzZ2n4Ho/KmuWfGUo +1CtfPejogme8pp5LlOEwGpr2ceb11U7CuplwjWs/Z7fo6kF+w6TQdA+f0FPBBZbF +b8K+vL4tYq9JgrtrUrgo04d8T9h/CMPJYJnytM5+0F2QiWlXGLvAi6gQIRnKL1qR +r/VGyVx2pVwL0TUAJpkYN9MHcdngVL8PmKYDs66b6zgLJxUxuhCb5Ps4xaqXzMhL +0QOtLUh3pMN3QD0yJOOcbNA1Pdbda+/7KIFLLuj0ouo5RQu/qz1WcREvXwiSvj4j +sB+X7S9GHFbytD6tO8Jj/YIgXBWeRHFeCXKcx6mLdXADlm+81qSqaA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-des-ede3-cfb.pem b/tests/pem/rsa-des-ede3-cfb.pem new file mode 100644 index 000000000..ca443f3aa --- /dev/null +++ b/tests/pem/rsa-des-ede3-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CFB,BCD5DC47A5C62CA6 + +BgN0xi5XHTlT3ZwAeVUWyE95ud/9GBW7ghC08yqp4FIYiN9j0OsiWM/4rWjSonDq +ZOyr2Aq7Tc6Yx+zv3VY/4bHs0sGh9YFdaU9GAlFUGeb4kxyeuHZ272+BRaGDOeaD +cpd+jSfJgCI5pNE1YBrJM6EjkrcUfLnMu0uxY0d2S2tYtocaIRhJVDWwUfpTdXCz +z4cVnGJAV8T+O//Q5njrWnSy1COAHqaJZpERt35EmnpR3p7L0qtLFDY3HhJZiYSt +IttaRNucVF3T1czWHLxsx0n3ObLQRD2I09i4qIq/N/ek9uamHX9eGyW6AiDpVhGj +f8gt4EmCOnGAy5xOo1UwYkc7HS+SwComsEqm8cPKyWrndCdctYU3viH2C2zussNY +o/YqVfjGE4tg0/m+PHUfeuiiVErFMewJUDQ9TIrubdI+W76qVh+5YWRTZa7zGpw+ ++doVqgJgsi0gAH/c/RSwOO+Os0aHCrJ8jDhQ/KcVlRg5hAozzOtWrslxnCZ3e6ar +7PuqvHjJ8UgS7ahvyQXTAhmjyPma1+2TAlu5K8Nsse9r3AA1ZrKnjXssqE2NHepC +1cOlfTZjVHWrMh2GOVLqIBU0jb08EWC4gnv3Wy48To/1v219uxfBZItH7HMijirp +ikOgX0YpYuKR+dgjmKfxTJR/tr3HRBbmXzIiJiRi5BWXpw8RsD9tZxXLmaPotz0Y +u87od428FOhwqhipKChtzv8rTK2OebWQ6iAfx/Fqd6YAwQWDbKjMGMnDSamYcGwt +cxZI2F68DZK7soNSWgdQgUW8edE+FWW2laGa9lD2Fey00g== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-des-ede3-ofb.pem b/tests/pem/rsa-des-ede3-ofb.pem new file mode 100644 index 000000000..1f10dac69 --- /dev/null +++ b/tests/pem/rsa-des-ede3-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-OFB,7B40A4B78B61CC27 + +iAoUqthNG7mdy4xupBkFsc2GD39Pm9yreaCDnj8G5zEzHKNddpkomod7IC0OOFqi +f92qtpmAlDfaS+vd3vcBicy6/Ki2Xl8jZhTsrVqNoDrQgMRNuniNgO5M0uMfyvUD +NATWulb40OPMy5qGbwSZ0kJJJzqw36L5pMGShmxRAd9QxRtrpn0v6lUUex0Rlt6T +ueqZnnmqq4OcN6WFWsIaHPVu/clwNyboXgMs8jEEGMXz+0/9DZVqAYlt7GBycLHQ +Nlr2y+1NruQZXsctZ+d4OMEEcG1R5+tZWjOEQf2T4ne/XOOnYEzj7vgCo/iN4xnF +zNf75U3X0gz/wFzGhOHw/HIX9ON9rEj8OdbsH+tZYu410Yp4jP3VN4cFPt2RFbuE +TXBfRfbOSd3GiGWSTEkukvjvl36Ig2XM25/6gGHQ4g0W0/A2XeQHwOyWaKAwPx2f +qUonclgL6/ASDoF80odedgbaZqw+gWm74BhNMXDzGPc+7EuKkFpvVhw7jSTvXwYu +XPM4Zk2+dusUkhxJ8n8RdPF/0GmjbPQ4APG7zFLaasi7448NV2z39ViYSBlvUwXv +Po6CPYIRvoKH285Ax0r10PT3U46pjuAa9e0Qadrux6hCLUx7iwludTsEEsrnEUQQ +Fyncv1JjSL4Ca46P08IsZLy+zZS0g06aIVPFpq/HsGZJ0k28z9cl5aFKlC5rFcfQ +x9PX3bkzEMV3qcm/Nc9wD3PDpiXwIP9pMI/JOZoWDsUMzFWshihWDRp5CpKJQ6ih +hYycIyxnSJ2k8f/N20Dkz82+zJXHA8ArYTyxrnKFW4Q8qg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-des-ofb.pem b/tests/pem/rsa-des-ofb.pem new file mode 100644 index 000000000..4eca3c788 --- /dev/null +++ b/tests/pem/rsa-des-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-OFB,D54F59B32E69FED6 + +kmgjwZgAfTs+sJ+bVuQmTxi3D3yrVHEoj/MCEVCizBvcaDQvcCIoeM8cr0kCZuVf +rwtW4j0tFPscjtsdf2qvAwpOmLbPtwp2QfEDZrYXjYo9Kc3V/1nb8eoKSrmpVwn1 +yNjM4+/ojNiP8cqfh7YfcSdnJnIzAS6Vp58WHxECTPNwAAqKH0C2ioN6IRkscz9j +h/PhTmpZkBGS5HwAX5sUSexa8VnzA+aSusrO2BNIRETEF7K7V9XTLTZQJKADNxC9 +aFGd7TH7rbbDZ435zmWwhZzbVxfZquFDWMTju2NxyvYJ9HvAq7COCiJ+TL70RRif +2tGX30aA4uUOTMIPgBM5TA/gm/iy7Z/InDU2urwN56syw0ot4IIs6n/lszWqhGZL +jEzbn6uiA1fq9Ln6Z6lQOLNkZOngtKrCztHmf3U5mUUHxp88UhH0G00bDlGAVFxa +HaY0kmk8mkDxHF0bnFNWE57KPqRGbFQdJR4n1qlW/FJ1rFfY/MUPw3ZAUYt5sHFB +5aEc5Dz6N48p3YiY9fYKqwSn8QbN1cKNC/+nh3Q20WeG2V8p7Qh4Cn+8lpE7kY7K +rFU1mwlC8WG4ggNwa5Pbn2aWX3cpIRhsd2VL4fJwOVmfIA4vmIKadva4UT48g3qU +ORT344NDyVHeewK3wI14FmpUkz8gK1mGXNMRIlsh+1658ghVoNueO5eYUDOaqqOV +eqTBLjHnhAz4RnIrUdTNRW9gcNzfJXey/rJmOWXqnutvExESA2e8gDqpdB9k5xA0 +PDkyFEsdtXjVxqFZ0Qrk5PgivCCXXlQKT52U4Gr2XLZ9LA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-aes128.pem b/tests/pem/rsa-encrypted-aes128.pem deleted file mode 100644 index 9fe278b8d..000000000 --- a/tests/pem/rsa-encrypted-aes128.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,E34B30358A82741CC19E7D3B39F262F9 - -gBfy6bd92405991TDo1pT58ZimYUlsz6rXQkaM22TsMzKq56Bw0qz9h4JOJ6huKh -BQlHJ1Wn8m75J2dFPAX/Y1qTNzTufNIZ7iGsJnlagYV1P/ICN2kdDp5Qozz67n+v -N/S8S+42snqrL6Z3PsX31Mz0+bp+AX+IONEDJ+63ggOiMx5/eOh5fGVP/xovCAP8 -E4NYev1mDY/DQpsMhaiSedAU2rwbGZTLdyZbT5Nj8bWOiU8Co9B0MLrnwfjqS9w0 -gpeW2N8bW9WrXySePS5qJIVWs4FwC0OnU0oZ5h2oi1p0j9vJfOBTHOnLXgC/m8oR -tdDxHHUHrhBmLvMHnb5ZxMSGqYAB5CHt8TvGSYe+wUNdEV0bwWsgwDQp1DR9UKij -HKpMbemWzwueOeXvgwmziHOzxureE4vAEEv+rakxhbagkWpizyM1IxjxPa3A0ohY -THF/dq9PmDtyTtAKYcttRlqhPTOUIWHUu6rxqYpuXY8edqzALoC1dUI/WVJuMesf -JVcX4gL0FxtN/Cyd2j01AfrC5rBQuEwq2l5IEfdGKv1rsWH3lGpI+yv+l6yLrYT9 -Hfooeb1ZKx7kf3J4Yy7LObaMuCjPaYFGeAAwVP5OL/cSRwJsAgvpTmwM9k23+AAP -WS616Cl6FpKTFbJSDNrqfEAo4ghsbbrmuG/EzhqFNzYhCsX2GKRqp5Om5TBV+pSe -svP6HF2sh1bypDlFv6V+grUIU6FHHS8v+/XeO502VDMdMonuV3G9kiFvL7pXGZ3Z -iNFkdAUegliKvbkFg5DyHMYnAmYrj90BYaLQBPCVjFR8waxHLr/eFFaKTlvKT/T+ ------END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-aes192.pem b/tests/pem/rsa-encrypted-aes192.pem deleted file mode 100644 index 5c157b685..000000000 --- a/tests/pem/rsa-encrypted-aes192.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-192-CBC,84225A437AB98BED8FB41AA30CEEF69C - -phaXiTpHZdPh9nB147D+IBIuWRLYueXgy1eqX1hFC/xskCRGQxwmhWhppGp6Evcu -PA9DywqHHrYPl5fZsSXjOpj3H1JU/4oP/q48Yz6832YxRZHblAZgVEvK+OqPFq1y -FVnL8JMXLZ7GNAvl9JNBfmL4kYJY1CwcLeplPXDfrAdrDt/974/jNB85qsyqVsQu -QNdLj3BRLJYWWv2MUIlfP2+Wef5pA4w+Aurv5evxcRZYSsqUhHwrBjfrXMumzjAi -7VHh71TyFJBbN/qiiBqaCLyG301HqUBdcpstlZ6GUU+dIg/QR+QrY2T5rRwmbp1T -RA96OSsXypEDz/35XMrcnFV7PyO1q+GueXTxnNH/a5SNKohaElxyn7suJ5nuoh/W -euUNeNFk6caq2wkCS7Ew5vvNqYbh6npKdrz1JzfsyjpwYkPdE0VXxEe5/Pcqhjpc -tKZ5Ej+nNYSCIDrmGd8PteoUWby3oeyS/K+8OofKu0nKexdJ69iY7bcMCu+WuM/K -flXCgQU1d2ClY6x7zFRjPjgI6NCiBlZ7ndx5NT5BLJfWA3VZRwMZsSYx04kUH+wJ -vkaBKUGpBQIvR5cNvPberc5Ckl4CdiFCGSGhREF6M+8sB9KzdVebrBX3ht/lE05v -m+4ekGz3O8tFFKEEnVHwdQw5aXGFc9TgS0gj6CVMl21lWHPKXAoaY0g0TRjc/rgE -c4US5mRzyE87juEX0dOhx2CcJ6q1/CWXIUV2CKFS/9ugOy9eaA0KdaC1r2Jec1bA -yxbM0eNXyckHhh062i+8sHLkWkRN34MPGp4p3Y8YT/iqPatKrcLOODm8NeJD69M8 ------END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-aes256.pem b/tests/pem/rsa-encrypted-aes256.pem deleted file mode 100644 index 6a7cd289c..000000000 --- a/tests/pem/rsa-encrypted-aes256.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,D3DD9599A74A0A204325A4FC0104274E - -Cl//jk2w+X7KMvEoqvXlyz2n3DHqx1UKSHmK8ab+Gx5CRlbTeOkYseN75wx2Y3/B -WiJTFuKBFSjK9o0ts8Li3xQUnCP1huXq6pY8CIcEo7V7ZKe/7rWPwPtLflaPsSoz -4paXwqeUB61gS3qw6bxof3WFKN59lU+Xk0HsDOp/SK55ceA0j7vtOFm+pq+cqEwl -wy3ZGUJUDCZgYOuTNTfvDqoRK2OuH77fbQu27ck3eKUC5LZiDCQ+Aqm9k12gcCdF -tqqLZdZyQWJK/rpqY2rHZkLTkhou//Cs/15l3GLDO5P670aVEJb6vVNVJd5msu6b -JGWDb31McTwj7m3NsK2OSPVfhGuA+Hx24/ul7o615Bei4AsN3yAcm1bQeRKHyQoA -9LBZgyznt3NhEQ5RoXCR37HjwQheOoDcwgVh8uSJnKaD1dUMlIJYjW32kMbj6fxF -kAMm6JT4FU52jnpsar0+ADqrLst33IkXfiPWzHoUsh9hnTzDwqOR1oEbxAnBABkz -zkZPH818ENHsg6c/S2z9ZXyLxjqd+kh53cL36NiTZkCSJOfwuKWC9gnXsXgmpcV5 -BaOozzYLtW6OMsPWrledD5uV5EGBitLiNKBB4h22/AR5Br9Eo0csEJHkEfjd4hAh -J2iXj26j0QmsLJV2KNgi1q/b99r6vqQVuFEUVhBprrt+vMVRlTAs1gkPMhZHwC5Y -CP3w+d174aIURUeOqmTmlefP3ek74kKz+eUw5/KBq0yD2gWguuW7BzTF+GcP87Gs -nBoeIbAF+diy95F7y1zXLlYr6U+xMaizpDtYChDehUXd7Hd85AqjRNHDD3a09m8t ------END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-camellia128.pem b/tests/pem/rsa-encrypted-camellia128.pem deleted file mode 100644 index f3ecd0474..000000000 --- a/tests/pem/rsa-encrypted-camellia128.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: CAMELLIA-128-CBC,0303625F03B4D00BCF0CF7C823F1E665 - -UGZaiZfZe69svZrpTL4oIuPgd6erA5Gmz7Yo8JJAcrmIRyLVaNeL4/FNQsstGyxv -nax0h5X4jLDZrFrbF305wbENCEoDffNzII8Ju/w1lVxpOdkQTJtKUtp2iOdFAMfq -BvmAVgjy2M0W++SluLXmop3fo6S4fxsOkLywKPLHFUZ8JwSg3I5LAMeCepbx2bG6 -NfozsjwVSVc3grs/FKHQlBhuXyUDJNJwXXA4hpBqoLPjBdOrYqjV0MA6D1csIRTu -G/gsmobtp9luWQD+dEtufLXvfxOlLnJCdWWS/lhwxY3Zym6juc917wNQoxgyQq2L -+53kX2VFFLM7g6ES0VTMF6oAbglqKLABJOZk0aSzLh/h6RKzh3WaT0yux9w1JmaL -0faIJDG2ZNroraOtAIDmc3Q4sfk2EcBxOFTRjKT/ypPcwOY2PWMRDAXpfHtAJrRx -H6GQsM+X04wahpQ/aHCtUu1EO6n8zEdej8XUu+Tcz8stO7h2zs7IOi+7NbqqvHYk -V09kX6FgSnUmzsV8DGcemEM2XkSbK6p+/b5EXHbvwkH65zjDNtfjloWgWd9B2nqv -unB3i9h1Kd145a8TsiNE7Z9QI5bIBXN7x/70SoO5/OJjjPczNSHkgsBEkIseyjkU -MuEQ6s9GFAOlw885ieUEJuEwyhVcA9ksCp5SuxVNEScMh3vZ2zK7reYsg8GC1Vx6 -2tw1HUzarDDgp5SWxjIFq14NWySZF3PTrlcmcaZkiepSprFGm3QZ29mXMpoCIpJW -344/5dM2kkRgWoZhJP0d52dX/D9lqYG3nD9vlQbOFKR4DyHW1yeTGFlheqOdwiU+ ------END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-camellia192.pem b/tests/pem/rsa-encrypted-camellia192.pem deleted file mode 100644 index 3f10b3440..000000000 --- a/tests/pem/rsa-encrypted-camellia192.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: CAMELLIA-192-CBC,FB1DE964D0983449CAC8D7608D0CFBEC - -bsqay1xsCDMwqFR6vThpD4mDycgkc6pB1W9nMbe81bmYWe04c9jDk44FlhyMEFq/ -fetzGn16A9YFJoX7M+myk2rRv2xhj+UA7+CS/CDHSuh74ZP/Ebj6nKgyzNJUpHqG -4QlUBwWGedkkkRCEV4w5cRMazXsclymENeAbee9s0PKAfso/w7Thvm2ET5Nuu6rq -aOQsk5pVjMtNQN4FFiFa+Qi4u+cmWACvLj2zETg4oL9tzbgwe1BGF6Js+6oqDQx9 -gwk3Gem+902PblqblH/4k7Z8VfuoDj/2vWC5azf4ndEef3sTfDR8X3DGbauUHyYI -gSiI7voaOESlRsWuuSVCH1SrgoNJZFY32wjVGOd7iDYkoybacJNQGRwu9oewd3IG -gAUY5OiEKUHDgc2rsR2ASN1UmAppnUZZbnQ3xNlnoE2N8OEkhykYJTeTC/k4scKx -hcw880ZfgYm1btw+W0UH2NPdNCIttahxUdTWqGBeTznuVDuVCYXX5HgPX1Ufp3D1 -eyJlUhzudJ2xl5z/qBf7ePzc9CgHqpq0nRGfEpS1fgHi2xRBF1JrYJXXAC61712Z -Z6hwjg/22YturTNAOQ719aXZ77Tx8n22A0wrUP3g1nHEICob9zyBum+ncjCRVR0w -ciu1iou7VYfr9B3nS9ECUZY5UmecWG0d+7ELXItZV5bP/wW3tKW54Vh5a22WDeO6 -B1R5MAEXPQ7qBrcNmwr1MEFG2WoucLBEJfHzrkJFIlhwvE8c2AXWZnk0jmPxOlUY -QfxHwWJ4/ufI/FRTwFlYwUohItBAq5j6ve7+StoM3P6qT+bnQcy01xOw3l6o0U6Y ------END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-camellia256.pem b/tests/pem/rsa-encrypted-camellia256.pem deleted file mode 100644 index c96caca81..000000000 --- a/tests/pem/rsa-encrypted-camellia256.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: CAMELLIA-256-CBC,7F40CB6CF02BCE145875EA4A15132B93 - -GyycmUiMdO5AyYLtDy8eoSlcMBrk4vF+VfbPXLa8jz/qqglW25A+dMUw+B8DHox4 -x9t/IWs4Pq2MfNflct07wv6dnszTwVTpyhEOubRd//Q/HPjau5TAmQM7n0as4QHw -dfbCd4laS8siug/KHRPYUqdaiifBOlzpxREQnjYYfXG60KlZYyxIFTp72W9BurIn -BoHznYxQ16ZuID9R0eRgKQZok4If0cLt14z6n3fUw0LZeDEU8RFE5+2GfSgdghR6 -NPlZN7MlaZaVRx8ctFRROt9WXtCfvMSPBz7ua3qymuct76VrjzlYaxhr7nqf0RY9 -Tt2HXZLYzPvnKUA1hwJhbDXw9i0ahJ8lNDDQVEEy8UdiSqtWqjpAbOFuy1HXv86V -mCH4viGdxNqOIe7IMst6jwvnUSDDTFms0fRV9tv+JouKgQ5A/H+VrxKiHm8ZpZRK -yXrMusUMXFQ98u/u0vw1f/dn/dYocNBT0Dgxp3K8mmAuSX3XOupTtDfHJXM4I2Ur -tJfstBPD0Ne54k0aBQnOjeUUrtXvu3xgY4h/c80GvXLHsQv1lTQF3o5AEStUrl9B -KKAqb/E7AMr2a55RYl2rqV4QfL0rvhnTR7Os4ytjwerYmjaC4XvGP3omLWHhNqQJ -jmPnUzyYDKeN1w7nZvNjfrKZvDWW1WT/SJqXqh7tjWdOM/2LRAj3b4W6E5EJBTR5 -8W4REs3K1Hgaw5alVOLRr+tXTF67WTRxbMgmnF+JBmTccLG+Htql78HEPj9Gugf4 -qaOOCrJlSm/Dd2bgFo+FUwY8Plytp/Eh6vHPGrPEyNTfTSd5MKjEHDfhmNmODH42 ------END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-des.pem b/tests/pem/rsa-encrypted-des.pem deleted file mode 100644 index 64817d856..000000000 --- a/tests/pem/rsa-encrypted-des.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-CBC,FF92A06E353260B5 - -hmY/YaeOr8rrGrakUk0/pk5R4aBsrl2EKP+i58ziIKzRI7yVGmTgGIr14ys3oWb3 -9ba6A3hOcQvKfIjI4JxbWQxawOm++Cfcyp+PR7nmIMK1BhKeLynrbuTm7BvPRlHc -APJxWA2OcwbSgnHRqcD4lZxVjX0JrM6w7axrs1/+K0A4NEhWDnWkHd2NHTgtlp9v -Imu8n/atzm5olxb5DFGdyEVR8neASxQ/8gN6jFVG1lcB2DbR+LsS6s3aqrKNMbVU -TKZteJh3Y/WWB1Qxo2Wi7QzjUx6GkFKPLQvLwtJldB218slNfRnlaE3+s/U8WOAL -NRhrLqUij/T0DwJDEywl6DX8uu0Nb1Ge6DD36dp/AZ/M8k5M22Sx8nk1IEEG48cU -TPF5r/WOKy2iSqBx33s9J/H8k65es/YRLv2fASW5mLySApbsKWrX7qgX0yeYa8qC -e2ORyMQNmcgMu+vkyhsRSROCpo03CwZXTugN2h04UdIYhwXgUpcUX4WT+P4L9fAW -pMIan8KRpIv2K4soz20rSCfhspk4tV4oSf165chzBHiw+5bELa3WkfyxowpN6FpD -l6w35mj5y2I4XJoG5OUn5F8P6Z7qw7bB7pevvFch7X1LR/5rjeeXFL2hHPOK0Z3h -kgXez7WcRlv26m8JPM+GfXrbx0qwcF7ApuGa20S3Y6MdMlvEpYzgG7eCNvNdgQqd -MqzVQNLyhVwf41ttAzFbWKJSLffC6Y7kzBRyTnGu3os2joLPWt4i5cc74PEB+Yxt -FY6XZFUeoK4BVVAQ0QRnDxqq9hciGIodiiJZpOiDS3tjxfEgk2wqgg== ------END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted-des3.pem b/tests/pem/rsa-encrypted-des3.pem deleted file mode 100644 index a48b94b6c..000000000 --- a/tests/pem/rsa-encrypted-des3.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,107EB1F9974CA9E2 - -CKBun5ni3tE7KoHUhY85NnFsxoJqIonLtiDEQRPCNOzFlmxYNqI+hfsnjyQiMB+O -deqihKPEcU4lOFG/pXeMOjgsnqrRSLtpPce/1T0kQBuxjkSGwRDj7Kiyj4UInJTO -8z50k0cclcVveTuta+hsq0CTItu6RCl6kaimjixrYsfNd55ahcR7WjU5DL23DHDe -dJvPxXNcU6Kne0dIGm41uYTloleoe+f5Dvf27421sRlgltfA8M8KfaB5AKUOp/gA -DeQ9lcCwSpCfPavIWdpyW67v3NBoICPlmKUgg2EsxB6+nceHP1OcAAK4Sm083UBB -1uLcF08Yz2lMe7rHMieI8khZyjXI1A42M7wL3Yyl9m2/DvSuE5Xu6qyuEDDqNFbz -GHQ9YECQ6ykf/MQd3CeKUeDlCZ313Nmb6uqehbbpm9Yayr/M9rwpgVilJwyQhELO -gta3RozpQIqx3a8UXgUSXx1xckRdcbYitBGFgh3JpU4iaYyE2jFHkCrzUFt9Q3To -pe2MTutj1K7l1wxUVy47nfK1/3JLI4wiP0QbflZMDBGiCyMPmZpJWEVkCtH3f1QY -tFM+2TGkroQWOU1YaK9liqYtXQ8h5cjqSC273aMU21SK/FOEufpOUeWa8XCdOsNa -MQKfI/fDgmAmQFacy4RE5ICWx0s68qnQotvmdyaLDClVFha5jlAKufnee8T1L5BA -TV7HJci7h0wy8hTqZOiGpmDIG0UJXcD7sK+PeBKvte+wfaMVyM0Kq+j7DWCJRgw8 -xw8HpPDCVevr8tI94JszjiJhhRNuaHw0xiN8MRxf62MDEpw/NM0HFA== ------END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-encrypted.pem b/tests/pem/rsa-encrypted.pem deleted file mode 100644 index 888618c1c..000000000 --- a/tests/pem/rsa-encrypted.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,79A277F758B09D047847C9C5F099B5D0 - -cbGjYcmMEdYJC76SMAi5cbiJ17tcR+swnKBKJ6Wz8TEUiG2WjhkzPcAiobJQMwNT -r47uhzyOD9SkhuXkMwB+EXaB8JSBOhqeLE5zmxQOedba5HHWUBGBHNa7FafgV+/H -RpLjaAsDkXTnmBTBbLpQmMP3zJRG2e8+G7/WFakzd0QcQcy4zWNH3WtBc207Oeup -WN8P2XA7KQkHnCdojfLD4JNJTosa+o9HphSRdRtTrzCCR6WMH3iUovnQCmSARUcm -7JmujGzOx/wuKDiC4HSZWYhOul0OSXrt25G42RJJu4v8bHgsKFeHp2/U2Zpkkd/b -96TtQ7Mo2lsuZzUEmb4kWO+2vVKy+0sPn8G7uOID3FZ8jmQZV4v1ASLGz6Mj2zJe -u0b0+UpSRB8eVwM3BL1oZxe3MSNynFgbPs53Q52zJGX8CFTxDNEPGYYRGFb1B5B8 -Hd6QTilegEbFStWLH2tv1IX/YeLNytd94+wMaqRmDv9huo9lushQ7pT4tMkntzte -vMkboFD/p83T2uHXMVfRthNKBWfLYgpAbwQ5UbfLjTIxZ6Jhr5hakMb2R28IaXj5 -5Ss85suLiY+RWnNCh/313ghuWvFC3Ixx1YVpVKdTIGRK/gLkSzXV8oA00yJm7RoW -WilXcXppWLIODkOn3VFsrQ9lerVWRX4emndP4drW5SnVCnkrlPDmE7joh2Mumjwl -vO0QMq1o8CZoWbxZ20qnqveoEH0Kw8qhsLScxs55LGgqGnf5G0AmVDh4mK6CyY1m -cXoqkJ2IpBmnMGNPKEKeuLGl1kRW7eyP0+xlGG8JtMpA/xRiSn3lRydAlCkxAZRq ------END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-idea-cbc.pem b/tests/pem/rsa-idea-cbc.pem new file mode 100644 index 000000000..c9e1ec9c5 --- /dev/null +++ b/tests/pem/rsa-idea-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: IDEA-CBC,52254EE5ADBA46C4 + +3mltPg7ZYhnrVIUn1sy9D1DrE5q/vlYZoAsgUGIdI5UisVVR1XZIWxkxjVhQd240 +d7OImY9aLL9Lw4cQUuRk6+j++OlWw2K2oKatlCo1S3+Uh/lNcYgi44lDtcYbqOcy +qCLqqusyHKH7Bp/fMm3A5SaKMwcb27CkcW9eKsZRkgEoYHU+kddnjF0S3CSZEFX6 +/UT0bJOil1ca096EFeFJzEdKrsWPqNHlkgQvkEIp4ZZQG2vSo5AvLYykUbpxx3lL +ieEDPzPRl22EIO994gLckkovVIrv7X7UE/hGJ1LhaOAYFgfqhjowDQ6GngKKKaYY +4eviXS/ZxHzTYJYT2R/UtYbFrZiEAWO6wSddiMHY8mP769hqfZOdCBgkhlJBSzga +pKEFKM8TTcVUW09at+mWuyQsIE3vriqJGb3AQo2Tv0feDThwnUVYHzgHgWQIFpgB +amjAdHi2fw0bG09VIVyxKYs0cP4OzEtRCRhAmZ739ozlBTazihbDyFOF5a21HAAv +URWfleIU6cmk1TjH/20Aqx5vArL56+2gXf7JixZ0WT9yH/pqx1SgosoSW79UT74V +rPbIIKdaLg7xZ3Y5iSG+tvz+Gpe4RofjsfIIQ+qMkmGVr/qALt0HYdk3oRjeQpKF +nEcgM4W1c93x8eoKoJmx302PdUJqrsfKXDQMAGrAVEBtwbfSVFfWJxE1Jm1N+HiG +Ec7vaTRnaYbJpKxaAcah2roZiF/APR8RN5hq6V0sJNGlRIFK4FZGjJUpB3HVIGty +XRj1m3z9DWqLbC4hJoqEALrP4oGfGdW23VNNkjliOJyd+UpXmohc6Q== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-idea-cfb.pem b/tests/pem/rsa-idea-cfb.pem new file mode 100644 index 000000000..290a92e20 --- /dev/null +++ b/tests/pem/rsa-idea-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: IDEA-CFB,E870DDC34933C104 + +CzZsDfyRn8n/6ogbTDLibvmBelG2atvGG4aa2kqOV6DkM9q7zwvYEFO/CaDRLGD6 +1lq8HNf0di/UvxwafZlqc+JTwppZPmmIsm53YnN9JbRvRacA1FKkbN89/qQ6VZ6r +iYDF1U7KM+pMg1ieMUiQbaVDc30v0qokRJaURRaiIVB1tC7cb98gagY9kWAAYTli +wKc13VeSpldoFMwnGKNJZxhrLWXxIY5XsoPCb++3DZAcA3PJ+fIFmzhrieWddXpQ +3+3PcaSFySaY4WQkC49ibW3CZH5/kklmUa+CdLGgm2uEAGS/RxmUVU/Kw1nxfNN/ ++7CTD6S+rnEUUok/bPsQiRBgdxH8Qah5Rlfy5FSbYGnk6IUjqWhWaALWbMYsLfhe +Yabz0h8j+fG/hfy9QMaOMf0HDp1nchUe8MhLbpOAnYiQhnl+ypuz4bt1LYwE2xbA +cN0bSJ3+Nd1GQjMzNfBpI7rBQS/yccCUgdcnuAtGrCuctf2ZEWnZfR7r46DVKYgD +J+jcRpbpKyAkx0xNcIj96BwINbkxjSs2CCCvM+Xkwc5fHn1Ehqo+OUwqaEzv2+FP +LWrBdyKY4RQ/XTfiSuYgPxHL3tIZxwUi5Uhi0FaUyRWuR9vA8F9WQjxwKfsFVn7T +1zgOY59dSXKJRXKRt73VoVarypf6bkyGfdMygI2rvJ0g1VMxKkKu5NNZadO0O8UC +9t1vkKD5eaHB+qeuLkqyCG8RzFRYu8IHwmmDYaKkt7Mr1ciDryfCi8qfGOI46QML +ngVeR+Mt0j+YSWy6ucuZJTsPBFGyJo4RMTPC0i8Q58AgoQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-idea-ofb.pem b/tests/pem/rsa-idea-ofb.pem new file mode 100644 index 000000000..d1edefbe4 --- /dev/null +++ b/tests/pem/rsa-idea-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: IDEA-OFB,07F5E5868555E462 + +4STX7Z1jUIgBOvcBUJVcxMTjzGK9Mli/v425w/L3dRSFMHCnIBEwaFMk9Jg/V/Uy +qn9dTGyG2CQkR6R1HSvWLUZPTUYXtOmUvCI92t4w68x7N9BCJI2g1VUIe5Wrv4qv +vsWMDZKMUAp8DRTibFuy/l6UFKaTVG0ClRgkzhMV+Artls9CMQJLaukvgby18ATJ ++iDRoFzQwSZ6lxTQEMMN11DjUeal+8iYUdmmQXJgWaRf56B8iOQX9W8c52YIOrow +XqS1ft9hJLI2eft5DiPRPIfl77eJQdWL5Y+0M7ZDFOcKTtxkFP1gmk3m4j99vi9j +YnecbsB7J55x3Vbh4als/z5fVpIcwVuxuH2nGx6h4ayKQN00PeCY+xOSoyDCx8pD +SVpk/YpMfwoWVoIOId4AXjX4BSVuyi/2+0q0mj2aQXgJMw5g1xgd9ZscMJhc/naN +7xGYXPghBZLLwpqVyqiC9Z01cjhnX7opDFB4b2vBqInBLcTy740aOgtDSiR0RZNR +7zqy8og9Z59+O4+AprjmP65HlnnyPaOhGGwX1ibVXnk8mbczlB0gSnHu1ZHu7NBN +PZyj5wgnQisNtvvhuB6qkFZ8BVay0Oq/8ILybOBUzmDm+4JIT84he1F7txWX6/sj +pyDrxxIjw2vpGyjoj6J+yX1b+7Va+mTNI6nrNjNFBLDRpVMSM10mbNACSLnUaXlN +h1BzQaIpK5Ck3v/3T4DfI0hd0Apq51/YOEUUfsGuhs2/8AcQ8VQtg/y0ZMrOSwUJ +9unSbJij4e7g6vqV/ZzFGt0jBIbzhJCMYi0x9RvgVWZzmQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-rc2-40-cbc.pem b/tests/pem/rsa-rc2-40-cbc.pem new file mode 100644 index 000000000..3933307d3 --- /dev/null +++ b/tests/pem/rsa-rc2-40-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: RC2-40-CBC,B3B2E2267CBC8E5C + +rICswWUUfbNtNYdP0Ub9F9VgRu5HJTY4y22XGGTV/V0MlZPus6cu4oOIJmhFL77J +VM27qUwAFlsjvgNhxcKNrbdLt8jtaPE+y8T/hX0jTEd007SPpu2DyZG6GngVkq5j +6OjLiI2/wif5xxtZuooM4ZDX4VTHBbvL6fpnYbl9ETziSAiO2ulvy1n92+mjXebM +dw30V9AmqRwb6nXQYkikasQuuOpEjHn+Mg80jIiKtq2oXKmzC1CvFdO08KYu806i +FCKffXbW6hqFNQgFepE28u0FS/TxqismDlh1ytAlbMihGaXgLdRrdN7NQdUhmXL6 +rM+ZOps/2ff2HN2FA1Bc+YO1B9WEcRZCSrlmIaW5zwyHMRTJAoq8DmpgK9LuhPSS +aSUXeZpGWnGLzuInEDNHt0krCt+Z4HoLExPoZpw1ilkN4xZfuz1wD0aa8KegYdmL +eytqJ+jiq2UP92izUb4lQYJM3uBM/o5q+FgkfB1GZUhjLoMx8vDGOGY56JqFucy9 +0bsMvh1ibedSAkSnIEWpFKLLYf+MEi42DI0uDrZteuf8yCfdyZbzj/eKOCPtIq+a +oAMyALOPI01g+3WN0uxfL/vyEkB+8dKyTaPix02gDSSxmZI1JY/V4Q30EmUOYrQz +4EqpJEiRokuBDF6zXTLHAPQpsh1xBOLemtB/l+lNUd0tG7TVvgXbM3azh9UyvLnV +ZcWnNle/wAXHeOtgk81EXNhBWnTP4zRrS1ONaTC6A8MsY25HNbExr16rLg94s3ls +as/JrUSq6sd7w0BV2kLomwYkASBiEm+GAQCmP2dYbUO38Mly4Y38MA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-rc2-64-cbc.pem b/tests/pem/rsa-rc2-64-cbc.pem new file mode 100644 index 000000000..b1b1656cb --- /dev/null +++ b/tests/pem/rsa-rc2-64-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: RC2-64-CBC,09EB4FC3DA39725C + +jpPfTgJg2Go9eX1H/GqBM436WutjRhEQa6jiEG1w8LTGlhQPLc/xoYw64GChpZ/n +o94WvN/y0Jn+Rwo/Vwm2h36aY7BSSyBklZ57uejQ9ONeBj+Hk8Bm7QyxB/3jILnm +GEVDbzetmeDkGn39zTrxqKIpwiSiXPVhdg2dG0SA325kIf7tyPgRdBshlEylHoI3 +nFlhuBe2mxHOiaCB2ZqxhXwgxIxPcUnAWqBk6ezYx/xEvWOd2YiZcp9pLmiQp4s2 +Pf6Bew7bkcMaxmnHqVlJ5bColqh/g2voPpFIR69QNtGXmTpOb44Ml2uOanCS5L1f +XFeKl25Jnb4I3ql40eWtYxCcPVq2pqyeu+6o/eOS19v/Q9jCHbFxL0UIgaIm9qh5 +VUrWDYvOoaqFL8bA6hy3KnwECZUdc7OwOpi5B+56vffw+PJG7vIPwNhXsO+W+dIp +WR1UqMAztsh6jieVqOPaBc+X+QtRZ+mkAlo+apGkCynLQZN33ZCwpzWgiSBP06jq +G0t2bJkfPHi45FXgvJxv8OOOX27bkHU8CT0XfdnODD912GcVQaRrgirJXKIGCtS3 +qAX5HZ4aXhjGSq99f4V8FKbLeAIGEOUXrvuMmecxwsHpDnJ/s59pu8vHfU0s6UGF +S6hOLMfuIFxR8YnfzkCcDM9vudzXmkHv4zth8nTAEA26oOpfhn79RNBraG+nA/J9 +VP5r46gJxBWjLVXFiNDEWbdWn7HfJkAzdHIkdUT4Fn4lABZ4sUOZKLdzEmlwoBht +1463jKL4wIZnR/mZ40SVPQISjqmXucuFW5b2BizmbDLTaGqwD9EOHA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-rc2-cbc.pem b/tests/pem/rsa-rc2-cbc.pem new file mode 100644 index 000000000..c5b05632a --- /dev/null +++ b/tests/pem/rsa-rc2-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: RC2-CBC,E15277F46A0D4382 + ++K6qWzPBSC2XWsDthT7L6DUuad80lpVf+WV/LQM1wvSwrHejHtly/RaoPjJhjaz4 +0jzTya9Phpep2j7yflkLD397JmsJUHTbgSUpNg7X4g1QGO93w4726EVWtHljNcPf +vZzW+D0tsjQtmOPjnw0OhBaBuqyS+dGi78YhtD/gG1geNDzcKsM5lXUci7QiJD6m +69frJVTh9sIfijKU0CQ9I5x0Eu74fP3f/Y0jyLpVCYhzsXjS03gheGmIGnZjmrY8 +1SlZrUPxk0DTBjvOw2Tnepb38rA63xidQ1ilLHt02npUFpEvT3X1OJC3DCc7oys/ +F8iIl0PYniRaQU8RWnvE08ckZOKIV5Vw5dXC0nVYNIpu7LFghuUiqgUEMpsS5R/u +AUZRrNKUGhXLbo6IuyDAFKBHWgbiOa8WxR0meZkIU0JxXL9SjfQ/XbeSCCrQqC15 +OWPZUsn5p3KJjZEDpzBshgr1+PAwZntUsCzplhYv+swQqzMFkIvEZxQo4vytYas3 +nPWLidJL3T6n0Lc53zOuj9qfWETjcfGoJAHjG0pZoDbg4RMfKXSHH81SZMTwd8V4 +7JYS6d4avGLVb5TtI/6YtIAWLO3bmYBd0BdMLQDhPLjadnUv8/7SXyEouYiqJbfi +qU12DZli3snK0U5hLO51vpl6Gk4LHOtBJKbQNxK4flOTlAWQFx4vPLPZYPqrsVmQ +6qjN8Wour1F2hTcJcSDYILBZIUAzMNXF5/CWfZNQJeJ4rbHorKrjRazs2BK5GsHV +m4+TB1bNv2cGdRQTkN4ohzo8SNz4UMJv90G2uV7NMZuUcEUNaNSPDw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-rc2-cfb.pem b/tests/pem/rsa-rc2-cfb.pem new file mode 100644 index 000000000..47e368a28 --- /dev/null +++ b/tests/pem/rsa-rc2-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: RC2-CFB,70E45EC369F2C0D3 + +/Chxzf+eMWYQr1+GjTKQgFYLqMT8DLT5okfCfwa5C6Gg22/qzFLhXCfiY+PEwW+l +2cgKj9Dht0+EQr769DHiOtKUM9pB80u9AeWk1fnwwK37BPrL1ycvveMrqyHeevaa +i6V1t3BLVB0OVvq6c2g6q1Jvjip3ZUISF60ozlk58k5j+q3fmC0+tatUFouvk1dH +iwMVtLPPtR/bD+80IAuUAI8JYfvM3rFKcoO965STDQzIQlRoR2ea6E/4EFe3HzXZ +11wthzX+d85GLyEx/IfA2vFv45wznqGagIC43ZpB2JuvWatBV+ey5iaqxzophrX7 +9f7OLSo4AlYzR68Z8DneLGHuK2kag3JI2V1QJywz9EccLcdWqYWqm2bIMayV/Q4C +0QtIA2Uax+Y4FeUnDqdrTq3hhOk10Vg80ZHv4IkAj3LjcLQ8D1DX0XG+EFrmy2qR +RJEVXOYxuRDa1nZTRULVsEcVE8+giInooPxY39ozCykIhaYtswZpPtUx6x6AxMbp +ucXIAFrlN8l3Hg68q3X5iYJmJquSnxB+nI0eFG3oRPtwpTaCgodL4eB5BgIOCg56 +bk/dzrfrCZ9tB8ZAVEcsBsCXYI0eGpCdutOzE49FpKkJgESJ6Jhf9ijg9xf2bQ6m +rt2rm94CiaF+k5FUP/zdLJIRK/6nhaC3P2Ls2Y7RzcGrdxcSx2anm1Kp24A1kMnG +hlrbRzArX3U8wQ8jnoCUxBSYdXdhD7ruj07eZvKH4vR/ebGJboVhMFWN0DLi+MRm +mzwqwAS+L3nR8DQJHwikR+KV1u2OLRup1sPEcib4y5jmHQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-rc2-ofb.pem b/tests/pem/rsa-rc2-ofb.pem new file mode 100644 index 000000000..b84ca90bc --- /dev/null +++ b/tests/pem/rsa-rc2-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: RC2-OFB,C5B0AE4B71C5CA69 + +QQdY1zNfQ1i2FJKlnDouwSDAOXT9VV6dndgOrD+JqfDwSxMukZrSSfBExpaOtBTq +74vP8Ae39JLfAq4H/pZjngNIgbpcOmSFxBVucykqNMLj0j9qoZe7YPXaLeYc6BYv +NWRsf+LQvOxIPuLGNsUCANWwuowZiGDEBnheUy9pR5DCPe8rp+aYc+/s/3CysTse +WoBSwNV+oJlzx6FfwNGT3oULouwBPSFnMtJ096WbQ4qkQHh4ZVq8c00PMFACNqJw +b+LXKKXVf9DeUd78qZ5/08u7c/w5OLX5FxNMMKfkZ8pddSlw/W6NQzLAhWC2b/7p +aqmf2Bpz+o+cNOcYtBOvzD7ygY+MDMrJlup4HuIRTyzQ2nb6dWc0Q776c8/qJsKu +HWB5cxm3F0Jg/P8p/vKst87WQxGzytzMsHbYSxqz930TJlyGkVauxNvJ2o3VlZJ9 +JPjKVM58Ge1Y0Mpo5koTSBTEC70xqrlZSAQtUsI3wbDXb+w7rRmtxkr4atzKGH1c +4jVvRejGDmLF3bh0wOAwFZKK8DaUbg3nSiF+I3y1WZLn6dLsYCUx6WFt3u+BHsAO +y8SblBJ6RO2Nz8vtA97qizPzjcBdVUqte8BY0W9Py0B0pVr2JT8nZ91e6Z2GhipE +PFTLnDWxRUlCJZc0/CvX6VbjwwvDCnOW+HsRMAAWr/gChVvqiK6OXj12wmS5JI+r +Z6e6k3gF4PoZ7Ui3VSQ7FAgxxxonh5P/RbhWhXhejTToSB5AQhp9emGv7GkJMpw0 +wPY9hiIRIurDJX5MBZFXqMt/pCJ4f7LzV6wCfdp8Yq6gZA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-seed-cbc.pem b/tests/pem/rsa-seed-cbc.pem new file mode 100644 index 000000000..e2455e7c5 --- /dev/null +++ b/tests/pem/rsa-seed-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: SEED-CBC,31E608E58FA8E09419F928D79A55AC9B + +k7uI5nfTFUi9nNSxEco8j5uj/9o/pd0X/+tQnhUEc655AKFEfILy2JkKAYSBdKSd +tPol6AgZFtdTaRxMbnaf6VGVHyU9omnp7FMtRNY5EbQLwbhVKXQVLAoOp7wVfbJ9 +iSU5Uo5VWQGYCt0CsZseeibQL2tP21gmtZxqfp38zsUwF0HvcUg+JW0CxiMYQ/1N +T48DYFIuuKXDL4Fv5zKn0IjgZHJ7dOHd0NG72Xabmccxpl3WZNkgH0HJagWKZybT +1/6Az6sWLEBvgdgFVu+Y3dx6os7Tq19I60pD+bKtjZj9+xJoFu1srpESDa4vIiFl +EsNDDlXsOivSKGkm/+eX/Oc8ge+1QfhCMno1yvl/fqXdi2nAXhomNIaZQxS8tS+t +Ms3MgsHhfWD0CMViaqolHcaMZIs+gfGpvaViEU0oLb9QdMAc0mHPodd19thawrux +Lk33sjTs2hj9hGSsF56XmMdHPXGG/mteScBOAqzboM93StgN7wDCnjry7E3H7d2F +xG8OP7pxaLbSeIaaBWBk/pw4omAMhBxWeJ9Xo0Qc7LdmsVAikjPFyapw/39+4FXu +CIwGrIj0PPut/eFu6rYOJTHkozarewGCUiILU0rPuZkJo22XZ8D2ximd3JiyujVO +OI9Q8NwB+Ry1eo0IvSYdDhiUvIT9m0JxVaWiLhmpJ2KgEZ+f70ksvzAuHJcxoc3U +6egzAUOgbxU6nFLSRtIegtwIxPb2vfGNgflHS3kXtk6bs22NdkpxGJNYBeAExcTC +CL5JMY8ew0SdD+W6Jg3+Oc+/TrGoM5ogNoij9x+PXXZClL1lOHifOGf7PnjsrWzd +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-seed-cfb.pem b/tests/pem/rsa-seed-cfb.pem new file mode 100644 index 000000000..13bfb013c --- /dev/null +++ b/tests/pem/rsa-seed-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: SEED-CFB,8672C1DE1F4BA884DB37F0AF8A994FCC + ++vw6/VbJH5Of2S/afQyfQ2yz4MhyR82vyXf60vWH7qB5xuQjBUxyM+4ei8HeKTkC +5bKklX70v4oo0j8czzVZzkeSoH9ASisT1LTGomD6KwpiQhFVV7i+4aMADTuRlF10 +77hMInEXIDuS01N3/zTLJ+sEvm8nYej/BYJbyQhsQN3v/aY5AKQTyVtG2u+Qx4pq +wtDUDsmYFH/dfZJoikGlO1FQLKlIuWPIMXe2k8pV3kidMBfdeM8tyePI7YJXxDDr +0sc/nJAEbxjVsJaDOCUh3dqFQL0q6hYuyBeiY/PYvBrBzh7V+WxvhE0J3W6tlwZN +a4NDzZCnAmqKgLcfF9M+EUuLRoYv+0CBRQOuqwkhNjV5ytEObgOwEEFfCzWHGeID +/tRmfzWa5oqtbZACLtGnVm03NKRmF8OyKVHTKKh7FC11UdbWKFbkib8aNOafK10S +rTka7RGlTBh59F1MOp0Zt/siwUxyq4xqVT9R6K2GivTyijfl/iUiQlydkb+E+nwy +OghPqlb4Fz1RfW1l3fF5M2lv8+qmwkm3S7nta2iXVcdOWi6HlS3zVSN1mcZM5YQL +2JTTgNpxDTbLkQVMAroAdC08ZoLI9Ge5OXkDgpN+G1v79hcP6WvRtfbVsP0Gkqp6 +De4bG07wZBB9nCdxyxHwZRgff+0ZRAz9Jm/ezotjgrBSnh+g0gqAXGjfh3458d2a +6KEqm0RGaX9oZLRLcQhwQBbElRu+FJjhiC6X8Uik/AR5e/gMQq8l8Q3khl6vB57J +F9bNwo0dKHP6XFNA8BA/ivlnmGZKrv3j1rb6V7arQY/wpw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-seed-ofb.pem b/tests/pem/rsa-seed-ofb.pem new file mode 100644 index 000000000..07d4ada34 --- /dev/null +++ b/tests/pem/rsa-seed-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: SEED-OFB,28E4F629E7D1A0F23C9C80AF45928BB5 + +c8Cxs84U5Ton42kFOr5H/JWzQTMOWjDz7uGVR4AZMq5m9v+TjwN+jEL9Bwyo152c +x2sIdee34yAddLxZimopADlZKNbgAMP0j6P0idUvc4nKqDTv6DInwAdfnQBFqtIP +2P4lWobJRuqSS5EQV0eMQsaPgPL8XMyPINTJy/6+NizamyqA7FSkfvvniy9gE5ac +F2C0vU5j8B5uuctpCCRgkNbg7Bso02/aGiXgNLWkMs+XUX6vh6VmBnNsT06e+Lv7 +syrDDm39d1e/tvzA8rWXIEBiDEdfNj34kgmVbvpGzgwF0LhRnAjvPV6cOhumyGW2 +91Bw+vdLI6ngpIS0E1p0cBunHYFUVkxYpsoN/atUnk/qeKcNn4wTtn9mVfYE+/Ut +54ZU1sIBuULCKRhzzchl70iuYPsPenzY5WlEHkajVFbx1eqq7q9xRrhYFNvEriss +NPXfYZbYrBK09UDpIB8EM5pC1mjX9dyxFD+n9gLLT+wLmEx6Da37xevHwRA6ojsw +Yd2Rto/Bfk7FbBVKmv4IJDUG+xP964alQqmAk9G7xbc4D1PPHTG8p3gelRJXh+9i +s+igHv5sl2TCT5Aevo5Xmo0PqsEZuF7I3kC1QyyvWq6ui3ZQerdl95KblxdWCd8H +t8ETYzTdAEtV6ETO15RYCA/cw12oDQXZ/e2LKV8bwGCOF3BA2CMFRFq4ZPSRTnzQ +gnDcQEfcdiZm/KycfMZL74L0bTOAv1oG4vTbOTb8N/kdmHD6pV0ASh3fMMoGBCaU +i7jMzfc1QoOu5wC85dH0kuhCmD1TtAVFA3cbFXeSnAOmIw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aes-128-cfb1.pem b/tests/pem/unsupported/rsa-aes-128-cfb1.pem new file mode 100644 index 000000000..13f3bcf36 --- /dev/null +++ b/tests/pem/unsupported/rsa-aes-128-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CFB1,8CD93B961F5E3101C3F5991677ED7359 + +nrin8hgkJgqlLo0x3urxd6Dk3NXpB8K59toOVySzyMcDSzxvW6W/n5U0oirF9jzC +9CD81bgqDvw2hbceiaomGFoHbOlHxPk4YIyGRsgzjokB4QU6P85AOVBW5c2d2+vo +knIxlDwkuoKOYWN3P3wmtR0ScrynUGrcK0yZHOOXE7jw9n/XcU+YC/Yx/fkkqs71 +WqWIKIRFt8nT4orbvEQ5axk9ucYbtXt0/JVFE0PGSyFOPe8soh8pe9FQ1zvu7rhF +ttoxiZSlFN1CIJLSsNvEb4qN7Va3H+fP4cS+CUT4UgU4XvnrLKDQQhKQxXGcxSDD +fQ5WZqKQusP2qGhFFvZKS1pWJ2lrstPixUyOK/BpCeNVfuzHHGmw87cqnRl3q1i0 +uOUQjCjZR4TIHkxfT/9vZNxtEYCm9eGHpUqQYF6BMTQfNFQhuFTzdoOlPpgolcX1 +XIeDUCu7ciX1Yal4tHSRP9P6qLAi6OIDc1Grq7hdwfdhiR5eoJMxZZruLEAjCqMa +PsAufIEje4u86x/cUKi56hxJPdyqNbpSDwHouuTiiX9VFWrt3lhdAf3dItwj8yqZ +u6ybmleW7R4J/3x0UdKONMTwbzjbWXkgYhno2P3RAGspkUfv8nApwD+hsdMNDApK +iy/6WSiy9g6ibQUs4hlAqs5VtG06T5fPHV+NhKsV/fg1Ywat85GIsBeZCU4xmVda +4ikhicq4dCWsFcQ8f9CqpBtbXRqqxXEKZhvqORkhkhawg6XVcubyRa7ABB/SqmxX +oCohFeIvZ2vf9rPwvbfRZ2H1UIHa6ofccfKzG0ZaqaCFFQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aes-128-cfb8.pem b/tests/pem/unsupported/rsa-aes-128-cfb8.pem new file mode 100644 index 000000000..376d370b3 --- /dev/null +++ b/tests/pem/unsupported/rsa-aes-128-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CFB8,8A9BFE2A6218456CAEC2727E8EFFEC73 + +HzLoJ94JXSkbUKko7CO3M7b8lXYQwC4trhLyiZ8kTrYO+yr73SKiZL32zXkH0cRu +JBZrRf2VwfTs6y0iu1EEl8bocdjqDigntmpCCopac+IYQAmVOTQrEL4iVnQv3cXJ +rSVjqE6RgMB8hblHwUWi3DJpGhpbzEq6ztAwF3oTxldY6qe0XMd8zXglJhEsmDu9 +k6OBk7zVSdGn97TqGhgP4YmxUQVs5BZ3SNa2xyyLXxA7E/hgupeEKeY9fXNdKWzF +3LGJwq8zLAj7/unAta4ScUh+uBQKq82TdTpwkhLCHcdbIeB/xPtJsaOuivZ4G78C +bUJaddN7hmRe+plJdLHyMK6d27NyBd+eB58jNcjF/8P8o12jWAIGZ9DdG/L3+p7+ +/SBSLIIApX0M8HkrjzjYc65mj9KwV3jNEmggkvJtWqXrG0TkoX7rvB3zt0iXfTZQ +hKZvnP94Ki2nASy1jMIsr2MJ2ErxYwW3eM8eZdEdm3IlULgGSLSBalYJm5AkVbbs +xDY3gAykTjJ8R/2Kk2i7KlkEBoO/sS1jvz93WL7n5D1etXwAzPvPGLqrQslCkcSO +x3FaM15SYVMyHthOeQ0dKsikF78I8Rnc99y9xCBzP3VOwkhPiTcISxM7dq5JnSNK +gQI4NPie84lv8hsDU0Spguf6pUUaKQeQ4NqHBHxfBoH14BuyKrKs0T2Eeb1q68nt +6NIuLzeey02DkplAnD/WpmC9uF4Oe/Va7wOvLnhzOonUxGbaRTtpcB2Loc6cyt40 +ed+0E3RNzaZCjZOSBlrHYvDTFHXa1QUu6cnOkg6k7IcM2Q== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aes-192-cfb1.pem b/tests/pem/unsupported/rsa-aes-192-cfb1.pem new file mode 100644 index 000000000..22df3d937 --- /dev/null +++ b/tests/pem/unsupported/rsa-aes-192-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CFB1,756682AC3B191C82E8317DF6B71D8750 + +DqGTvVO1V75Q7nJe4bhM3x4HOUy9FUBl1lO5QfYxohUGzbzZelFLqj+25iYmYRCG +ebVAXWjhyl5fKZ1WCutQB5b1zQ5tSUdcB2q5KxzY4BvtUbYJXVQAtqbRU+xIi2ZJ +Xn7hw6fgGtwwQJpbS8VaZ2SnsKMMG7QqtY8+fblJQtvmU8IruKa12efS3YR8JvWy +e0eHdHY0b5XN53/ZjmySZHfegnXl6Hzgfx1TUb96dB9mP8hkjxkJfo0ow+k74rRS +BgbKxQAr1F9FdJuu1EsVuQgNZZIJKsi8HVwItXoxZEV1LHKfKL3J9VwUs9fFO6oB +KjQxW6qHYzHW/aMcsc3/zv38Uoq5Uz3hLbl6oFrd5w2cps5vd2Au33iPItC2CPKj +Yrh9jmYsboGclOcuqp8YmFdIzqszsJbraT3X1BaF5Oq5fcR1N6mh2pTiD+0jZ1gi +cIaJW/Z4M2gKAz/28X4peaaPB5gOHmabzMUme2Gl00UQdSZYVNo9N96MCjfYpVNW +0JHMQ2AsI8Cc5pd3L5q7Oi8/3W9ENWd3HrUsNgieryWdXCi2p3Tl/Zb/nb9R5MYR +aiQfQlOygw2OUHXnMU6SCD2w0MttCUatVGJ6w6DP9a1EkYzQw6nKqMM+K2qMyJEP +0j8K/4regxBOBhN9fDnmTxihUvGEfZNLou3zDOULOMkVnCezJJEJUUYwtFq5NM4m +nhgDLY+siE6e4kRWUVcHBDvHiZnt7JvK6jdfUiDyZrziyBTTkLLVBBrHXrNRJfV+ +zB4oQorUTiBKqhX01CJE/N1uymnOCUuYtmIz3ytU+/lZ4Q== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aes-192-cfb8.pem b/tests/pem/unsupported/rsa-aes-192-cfb8.pem new file mode 100644 index 000000000..be2979975 --- /dev/null +++ b/tests/pem/unsupported/rsa-aes-192-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CFB8,560B75E94CAE0D867F3516AD0F093CE3 + +R2X8uO7rpA19g6QZZ75kpKEadMnZSE4CMPgC5kxwSylHxs7x/tKWtYOYxAJFnVix +mSLI+5nFZpTqYPhvno5bK+EYJjdJuaI2stQ/SHaEB9tF556wZ1OtkwS1sK1a1J9R +lA/7zIahMOLjm3jWvgletItpT03n2rvr1SM69dRsqP3vFsTCAfWrjXQSnCdbnJZt +KaEXccYe50uUULdFbh9Tg+KchijY8f1QZ9qjEI5nYTYAOL2egQyJoxvBshrAAD+h +TKOxrAE8bVIr8Cc/3bK16HMdpPSfb+r8+aBGjq0Jbtr0ewxUP4kUfjBNJxsCZIcw +zsEjJrogLTvzTF2IaMuS86Roxo3SSLxbKSjf+JYpyhcJ2yKL3FjHoMLieYSfOppX +7zfLNAPe7nmxEMujQfdyxj1z7R/PjZU6alObSfVAP+OHzn7+lf7+hKNNqSobicx+ +oWjuyMlZV33YQq3Dl/UDeYrnGjkcm+5LOLWcd5cRSxslr/imIeqo3dgBvrfGLc66 +9Ybaw6kD91IBuAvJlNmLOhz0+cGjlIdXVXdUM2+RTeKkoJ0nFbMjMHxeCWVTjQc4 +yPWjTTy0YR0l/X7e072Q7e3PYvyljQE50GqVfaS45foJBia6EWT1tft6gPt2Nw/5 +hFiBFGSrgmO99/ptGbTLh/452bzzdcIYo3th+xtb45j9Z7uAO458XSSBmabw0XyE +famZ75NnTQlXeawakjYpFfbYCmBau+i6mBFXYKZqlfXnE9X6hNnPEX2tc7oqcYn/ +hkYwvC6AqVDK+TKROXdXyD33LAHY0KzxHdLriBUXSNDPUg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aes-256-cfb1.pem b/tests/pem/unsupported/rsa-aes-256-cfb1.pem new file mode 100644 index 000000000..ab48f91e1 --- /dev/null +++ b/tests/pem/unsupported/rsa-aes-256-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CFB1,0AF157DBDA6F41A19A44B06CEA3AF621 + +G/vEnqttynXwg0r5ywMjFpmIlZ443oqkYHklWtoHoHZu51FJgDQIWwDIu3O4Efun +FAOWLszC6K0prA57PqV3FB+z9ldiYVEcEecNPS+VIj8wjPVbgoyRSDes/4pKqjR2 +7/z6FlJjoowjDHglJXrL+u2utpvUWd/8pD9BJ6ii0auVsgG20v4AJ55PTqxQg6uI +/7GrIlQ+r0T9GJl+HHFYmK62bScrv1HOgUtrcj456j3TlszleCOKTsAQk7GT/y8G +uHihHzcDJUxaH9puAifnbjeKqOmZQvfnDf52+/hPz5hmWxt35K8JNqthQjk8w+fI +Lq30pCuRgjJzDgIjbpFKSSy4szHsPmSIDpVEGSTDGNCKyi1ZcEFFm9fZL63/qfY+ +j0wZqOyzeqlQHTVUqVjwT4xFhArvU5ZinheuX/cmlBe3N5gTDEDweRCp4edW9+it +InGa7uSgyoyHAIMw0Dyzd7cbBrfX98i/eldjrnwDvCmrILf/KgjLzWMBdYNSmCzW +hzwNek98INgIoSIs4DoRvryV9Ux2aQfiYGEOLqkiTOjYgtu2fGgQVz6lYNRUNKn4 +RUNcofDkWUmXjTm64yhon3RymLrZcgKNOQ9LWV5p9JtUhBasWVuZUhOqsRt6qiRP +myOQFLpk/PcMeOwjBpVZ0wxZ6NVC5KHys7wKXX5oJXPzquLMdAubpQco0N5nZOpa +Lrec7355alzWKfngnu0SScU00NDUq+z/IXznV3Yr+weFot7oargTEpryzsfdMdjn +vwHdVWb0txoXY3sgNkKf5cOOY08B+MnrutexoXhj7XiuFg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aes-256-cfb8.pem b/tests/pem/unsupported/rsa-aes-256-cfb8.pem new file mode 100644 index 000000000..3ebe8123e --- /dev/null +++ b/tests/pem/unsupported/rsa-aes-256-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CFB8,601BA164578A77F90131D15774EB5B76 + +32zECxJ94olMum3sLRALUPQT2U0M/Cd1cj+pVImgcWKoM/w0AL3XZhoBUXqT4VaK +SbERDE0v0ksKizpjytVRwIS9ufeahO1O2mRzHyeM21p1yEX9nlrKqzWco0FtzkCd +YntAoEDlASDFe6pVJjq6LKgcsq1CiwbbiUL21vHZsREcQwQvhr7+/WldnjBJ68MQ +aOVd1/YgoCNVnsK2NZ4lWlIvhVACsZ80aWSLftZg1f4W8lFetJWkYOjFll/k9FOA +xfavEHSZ+Bh8CF51I1izbDYL2qi0HQ+IoWkMqwUy+dM6Px2hAlM88gswKANu69+t +d9pFPKX29xOnWpA9nTyU4TDXgFEd9+1HZem424IQwQGuBlQ4tvqxQ6Yh8QUDbUCB +YqAaVM2N38cykw2uA44Pd+HRjYClNOcGmegXqWVaoOw+InvBweLV98POv1mRBMmT +lBzIPAHvf0Clkc9J8DV+Nfx0d7tfFlUK4J8j/zcZKLDe0AqwuMWFJDrZsDpACsPV +o3o/xrYlhuJjYcueRONlja92Jt/UPp9UZANguWLT3Q5GhmlDkKpzr1KVSebqCRDI +EuR55HR5PxGhPwXPukWMRYb/duQdZO7D0d0OHNkNJqSPhyWJx9FBnkzSRkhrz0cW +/hsOcPuab/KtRgI6IwEPGza36aNC7wfJ8ZUAzvC82emzaFWU3mHMHRZtzxXqQKT0 +yBtqd2XR0HqnAb1xEMy6QmLs4e/a88pRBBm/1gUeHyzjA+gFDJa0zIznLlQbXuPc +4LNyze+MB05WJQHjtKZG6X4wcu3q+H9mreD4cuTekwjicA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-128-cbc.pem b/tests/pem/unsupported/rsa-aria-128-cbc.pem new file mode 100644 index 000000000..0660b97c4 --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-128-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-128-CBC,C4CA616BC1D18B52D59AB804BF572664 + +BX+iYt9uGjvKyiNtZHy0hMgqbozKfUApbR+9q3y7fItEYcpzi/8DW6kvKx5q9Umr +CRSAMQGya5ucx/+XCJEV52xufh1X53E3J4m81EzDvni347fH0ptJyhUXT7IsXztN +whTKlhlODV2Ic78/uVh5xoA54pSZF+SXzo8OzqTUEhfUjPAWeRUi1vwquYYu02tI +RrSQfEytR+/CBWHgKZjk+5YsggD0o5CzTzgey5tYdeR+i6o+yweyndVtaqA8AXcB +tG1TVch2hjKEt5DMyEJcxYWPscKiP1UvUh4XCklaGxJYXDp9MKiTG2lTnbdmGkyJ +OLpNxKpAHYqWlGM0uX+rwq7pquiJO7LtpCktpgPbjz1esi/WDvVQiVBzSUwVcq0t +m9sTvTWWmAkgyNn/vPUGvIK7LeQxvfeACzWYOCTKgKNBjGdCqQGapY3i2cx5/3I7 +2RaKuyqlxMepV8d9jZ+fIn1sYQb0klJxK94RtZ1PSgE4X5bpVVX5nhEFxnTlT6S9 +tirdArAjEq8i5k9ndnLPz56CAw3bUy4T9aM0qzWClD0A2xhJn53wdrPz7gcHJzKX +3qGSfqrGO1qJlmjey4gQeo0nVOsvVgjehi5mu2oRQzCSnU2gQJVgDiJePr8gEgfB +wlLCUoC6rpqr6zpwH/zVXFI+AdZSfs6/LjHHXN7+73lknhHnul00SazAMB6Yjsd0 +2df3kk/ifbJAbmL/WoRcg4A90HNkLMFSRViPyeHIYk9XEmW24Uuso8GzO1QZpLTp +Fa4k9AnbiGIbnwvAj0NbAwDFGW/ypBCtNAnSCTsLaGzHR0fEvAiOagCOIfqmpXbu +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-128-cfb.pem b/tests/pem/unsupported/rsa-aria-128-cfb.pem new file mode 100644 index 000000000..501d3931c --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-128-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-128-CFB,2CACD00DD5C0671AD3065A1F8559BA90 + +74sBjYKQs7uued+LSGp0nnOLCEnjfXwxA1aDTmKDYC+dtn5CsX6dd0DI0m3FOy+q +zFbPJmslLPo3RH//pDDQhSS5HVKSPBRoh+Pg2Adp20y3Hzjc4kwzlfNkPmf/cH/w +qAvQyLNEA0NAnbpIunMCzs6zsdToCtausQcxr4sPUr4oxSLemJpC5Q5/Y7nVoclz +7jATzs6/c7OJcUUCKjbFbohdLzxFdu+kJ5VQAhDZQRPMWH114BOsMCbuchiZxaFw ++BayhQJUxXc9TcOwBrzOcHTRJXmNsBWZTwrLjcXO+Wo0OZE0s7uTv2jBHWDX4CtC +v8VN/lB/vanMTnRO1VCbFC/G9ghGSgbmiUFmR5XK4dTAlADKAlFnaY6DLuR9eI7g +pe2FF8mUHbc0p7IoZbGm470VYhF483EjtqvRUW6finn+oP9kZxnwZ76DFCXoHwlB +gmbZKPGSDXKI7TVJA4VplKbHAklfZ16fMAIfkbQ6IEf8IbXjgYVv3XYQAz5I1cWl +njgtjZKzhrldjgr4XPXyYFYpeun8qz/6yCDyIzvDxA2ZU8JT7Yl/+6/qAaiSYPxR +t1f1N7P8gHh0eiQ0rEw0TueEi/fN38ETGCArcbsPgRm8s9xjC1zCXUhdDWm5lSyI +6BqUtYLLTMyZjTC2ulmfcEG1jaZNIoIi6Bv2tCfRx8lQBxu3dBR51fg4GzmBs3pa +A+5ejFWr7cNemMbQ9Zsw50Bo+/ePseLP0Gv1bOxAwsa22xDq6/Pr7mwoD5tqoClL +BDAefg7Ojuq3NKkPdyhAQivgZgIk2fgBdItuzyv860ZSbA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-128-cfb1.pem b/tests/pem/unsupported/rsa-aria-128-cfb1.pem new file mode 100644 index 000000000..b3d890c38 --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-128-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-128-CFB1,5BE32C16538BC64259F7A9F4DE67B585 + +P8m8Xs/fsGxCNhAGl6uNmmVPn1AOBG0PSEosYzS7F3EBYqkYGXCiB/xY81vBqaIm +2m636Va/aTVJyTrVwJIWy7sUtMLjdcnJWsbbq1TAZxDF+ps6BKnDj4Sdb6tQiW7C +8xHImav3+5xax1xQP1trecO3+T5WliMIpt5HumA/8BxXNN0FWhvxCnwcLgi4uJnG +Ki0LubH9dLO4Uo2dbEQJq+PUJumTxhLoAFpXk6DHc07pTdm26Xa4YRmvI66Wko8J +trQu6wB7qLWOXYdi5+NwSvAQ1hRGSUzyAJh/bUJh9Do0foAP2bhmQHcLd4hCIwNp +gixLvqvVUuqg+6tqbYgmTnZGMZcf/Qi0fHSCCI+Py2EZAZrXufvuh+8/R2yiml3F +lhBZzab580yEfuUci/Wu/X1r7bRMBMifz2FUSKqVJ7b7vPWild5Hb5V/39VHuLpu +Txf0KGcLT5ODn/oO0DF0B2v/04Eh3tb0UX5ehhbk3SdiYJFERifV83VZoTSj96vu +rGcazNdY+bRVNUKHb9cnwhU9Ilo2hfGX5sDnnkfcsVSX9ZGawSdtBwOlpWoLPdcV +3BABOP/e2QM4R0u6DJtNu9TO4xGwbBng7G7a+u7fhKZ9fb2boOt/oFdYwYuG+lVb +CscQYl0wji0/wHWOkMD0YhPffnAKFYIzhM5HNjN+yfzQDO9dIJKkzxpRopdDhTJ4 +94cfF0pjauOzl4DmUeF0ZbkwSuulqiofB0ifFgPtT8NpkGySGu72q7RrBqYZtUsF +kzkSsOEQYkNJXJvWCz2kq9HwmcuBlIvwzX6QysgPqQQ6Pg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-128-cfb8.pem b/tests/pem/unsupported/rsa-aria-128-cfb8.pem new file mode 100644 index 000000000..76521825e --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-128-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-128-CFB8,88CBD4BF71D50C592BCD0A6A6B85E928 + +3oZ/8HV97F8q05OFGewJj4uzOK0MnL0bX92onJErzF6Ssq2/9be1p6WPxbelzf8s +mX35kT8qiSNHLETRMgoHBzFBhWApKUhMyS66ZFs/H+5ZU081/yiIGNg19oxaaNkb +QA/ib8HsZaN0ilON67tWkRGtR5XLCRUhTao/KzKAXU/U2Ex9UJUQggVNTIgBocVN +ogKRkhs7yZhZgMJfE/528u4iBuiYDRYX/IsUbAW6S5XgJq1f+qJAFgW1h8DVEhNs +PehsGaW4khlFWMogBfw80GOEATeKenysaax80axITEjOe8r2x4cxPcSsj6o0nsv5 +H+zBofd3KKGp9d1rdPdlRc2QMvI/afRyvHNmo1tAKbHMiMKNj4V4Js+eK5p53u1A +AbnkBwpSBwLQcKMu9Cg0SoMPUkYYJIPCxeQmBDhXyk6dYcZJQQTX6p3d3VvG/MqH +JjNxDlpzThWXX5bweDtlfIf3+FTsAChdV6UY3XUYqQu05cdHUj0YT9oaZga7gFyN +r5CvIhCzQPTSO0DhPau4pVsHphEIOCSWLvLfc3y9zA04t/Qhgf2BnuHXy//UL3sd +h4Lx46FFX4FZU9N27h+JJ8+sz9e5VxH321rL8QSUzkLMBv6OC48I4BLAVPSBBo3M +gTArbkDPDl9LcuKX434/h1toK1CHxTh4Zi69fYDRvCQrYljFiyponMC3SXU+elbe +yzyKup4475FQoTEd1z7uw4UvLDqefpmcWEIQVTx1XKRUql3LToBQP3yLTa5IA5iS +6zn49PJ9ce3HnAL8Ce3wUCPyRepqE4lAIP8udHkirMuKjA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-128-ctr.pem b/tests/pem/unsupported/rsa-aria-128-ctr.pem new file mode 100644 index 000000000..399c7eb6b --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-128-ctr.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-128-CTR,70AC12CC5DE2B0F5FBDBFB790550DE3D + +pi4mrhg3Cm9kSV0ae7iGVEp/Vh+7Rdo7EwTV9IHey8BrZYBtvJnUFLvhwjTwyoSs +mAQ+fwyjQayWn7LEfQ30F9tETerzKkKoeFg34DD6Visof8ZWtVhkzt26j0LsAn8V +kRg/x2w78BlZ6HBoQagKF/UJQ3v1jsmQqPJ3rr4YA3JGmncCtJDsfqj4uhO4X+wV +JCBOdSbE0jnwzmxZWwJxELwm8oInnOTUHV3nKHAtxfodpl5C7Mt8Qljl/FDr1FBB +FU6nM9IksuuSYiHjRCsbe/ba+C8g7dgDF+wGt7wunhE4ZaKgTVnr8yD7E+vVEWeB +Jx5x8I5M2xKkkUsTsZtTEBtNxQwEP1hHpRw+/XPJm4+TzNrgW/pH1ip2Vn5cPlZt +kelwFSnpC3qnUZ7w91wVsyW23OpPzuq1x5Vtc/gF+cJuCt4/NtJuIVrMoykMrXU2 +/TdrIcdmCFu75ZTcRmo2ZftRLCt9VCH8PXas4NjoKGWYtDf/UYiBKIDft5IwJKAQ +OiUYkrpXOLx0I+eXWSSOLXSxKHi8aknOYfxp4oosDmQpJlf4R7mJKtxWPMloqu4w +jUvScQK4HuRq2F7C/H0AAhZO6B0BJeyhg93bL0XFs+g/GbwdqT966kttILspcV1Y +cUoM+32cpN3azofUE/bp/d5Q9jsUUQ1jLmLR4HTopgo5XvO7T516whIrznMb1JZY +u8d50Cv4EFz0XFoaPziY/aPRIHP0iCbQ+LHpy/ODISi2ldjDhP2sjuulMq90Izxh +spywbZzJrd406q2OApWx7XsAFEhbqwIXfUmPBSKetsr0gA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-128-ofb.pem b/tests/pem/unsupported/rsa-aria-128-ofb.pem new file mode 100644 index 000000000..8f0d26d4c --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-128-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-128-OFB,36F3F3C0F7997750960FF93F9E0F7420 + +o2eCulHrodA4CKap2D8eIhN33Dg8t/2d+j2077vC0/fG99LSoasNZXLFD1Tc9t04 +8uWeXM6FuQXnbtAmxlCABmgpbV78+H5jBaVfQtYIUCZ1s5B/YhLhSk1hn6bAlrkb +Ab/sCaHqDy2VAftscHk8i7qGOk0qgFYNO/36TDQWUriQSxihBzVgc3xvxgu9N74X +D7Tl8bQFd7nGapmJPKiBMrH4cFMqB92MVvopPnAsx1TBRSyjxPf+uc3DOsOeXla4 +t9xLH2CXAgisra43vqgf5DDtef2TdsjH064fcdspZccVDcLKxzjPriInYXK5bwMQ +lT1Sw+J6z2GddetboZKDhzEROA/ihxna+SYfYdpgL3rwvkr2I35936Gxl8h+hebF +PEsE0BhiZowhjiMprM/6Ji4orxG2u/VubuW/vZxnG2RBsoSAF+ffN3hXB2B+lw+6 +pcPp8+FC06eHvkDylGcYrHfQGU0JDamhDkw7JiDdfE9n+IoT3GNHpfCzOxU9FxsX +6WpkW9weIgAyX6Q3UvOS+RzANNFw9Nx/52F/b4REv1KsuJyS0SeKfQr6oa0UrvWu +Rdna3u7Z9fNPw3EUe6IDD91co0iJLqVg375Tkd194RScVyGAfqIPS1Mj3tb8JHsA +QRZToK7hi4eLVK7WvVUaXTkj06xdMY/01yb+BtmX3m4fYdnez6h6Aw7cegvh7Sa/ +5IJI7QF3yghXpGkqhSJps01HNM9QNSwrQ2QkK40BG9hx4W1hextnTZicUC/XEuAK +reGbICAf68PC8GYjAnBWCZgQh3hiuFuOxD5uMmchF5jWEw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-192-cbc.pem b/tests/pem/unsupported/rsa-aria-192-cbc.pem new file mode 100644 index 000000000..b5e4003f7 --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-192-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-192-CBC,BA7EC51DDD5F82230DA5CA6A86A8A98D + +z9eXALlgsrjAbQ/oonXMxKTDNl8Xgujio5Yk3DqJtqhmKRHMAhESwPzF19FEDBXN +4W7knpCu9BnCkqI0aLCuaX56ABYq+ZZv1AGByLh/BFDTZth8YHccAxx/6tWYnmr1 +5NO+V1oDPY3tARJtd4ZD1fvQx/KZeAWxYuhKeqZbxcslDFZ47Rje7QkYFunHmX7H +F9WZGsh1XGYZ6pYu7BOC3x2wNpQW+tcEKG++bCtbcJwjklReDibX3xx7/791bEHF +6gRNsSIN+dc278iIfERpmQ8ANtowlaeyoLPElHn571EzhG+ZDwdYXCcREI4Pyy12 +6drxU/vRh9DuzFe2GAJtmx2dAN8/7JP/o1qV33MR2XXc6eEHQCIqT3npVn+bwaCO +SNyNW/N6KZQEEt7+wJZ0B49JMl0itBi5Mqosz4rBRNbaIlC0xGcHhyH306WKWguV +kWIi3fwgSb+zQCtSIsm9CPSYKAx69COvUbH7w3m2c5E3hYcdQGn3d9SP+W1TYmlU +K5oMyA5z9W2XUmcg3q6UB1qtmx7NhwnWT4/05vWKDwKvTURYp8dOFVc0OZfFfTt/ +bCAFZ5CwumYI+FMvPgGgjwMu9kTS5/VPQOHul1DumcPVk/rDRaJUtGxvm7XvnDi9 +u3ptnI8IBRqoIoY+FfBK4Dy9BlmkSQ3bencSgU4swmumZI6/PhTQdD1ZGqk4MKQ/ +a9PGd1P8H+4QuVcswPqoyl2XkVWbkdrjYZiiJOu3QnAGnwXU89uGeQ9Qe+hzG2L1 +lcNdpStu1AY+mU9MP6DD1kUMA7zrMg6n8gRs4JQ7XcY9jtjl5TeqZP/6u+XCOZ0D +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-192-cfb.pem b/tests/pem/unsupported/rsa-aria-192-cfb.pem new file mode 100644 index 000000000..5d1287adc --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-192-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-192-CFB,DCEFAEE0AF6131B664635EF73733478C + +rDzSZcCOkBjpNMKZ7Fg+qS0Ww3MA4+SxXw9IrfqKQGDq6HGBiw4PBLZL9WD4cqXV +BaFQ5wdO7UVzZrEJMCXj9S/AAWhCx02a4/uHGPUYW5Y6NkEgwqdoP8XMa2L86D78 +PCLXD4kaxZR7bmC47eK6XViZL40UVeUavLnFkErle4wDulkadSFwxe8AFimQN4+K +1Z/G7YZGbsiIA5rXaH42Ee89ZsVu77mkTeFABmM45g+TO7HoRGkk7sBHbGkX6wfP +G6cQHhSctrWQrDks1VbkZByWTzHhuGheAVwc+jtGmxje+C/LTKc0vJzu65lyasCS +CK2qTr6dU+BbMvcYjVtqH1+s38DmDxIxKAuYa+QSWSynrk33QJjdQu+4g7Cf9/vJ +7jBonUHT0GKueZL3w02X2p/6yIjmJ2NXM6+sSHQStWQbFEwxXkAzuekPx8fxiC1Y +Jh+OR8NbEOFiTKd6tk8hE8R1g0D+5JaXlA+C4nEYurt8UezkEdU22hFlYuqddLG2 +5hABmuakl1pECnpk4gY6LPUc+JJTsBCJx/NL3EmZXK7MHwoESLhs6NjmD18C4jej +q1Wseblc2G9Bq4uqz4Ta+0IOsBBpD4Ua45JtaCj3yPP+6wd3gFAHwtxjQ+9NPKkS +0887xZgV5K400Tmcv4or7I1B1f8IEUsqtk1qKNytJt0MQzkfB1nrNF0TjpBTtY+d +N7Es4Gk7CNCF3xw07wcLJygSp4KczN+RNOQoo3pjwJPKGafLjgMJ7ugS2FscgGvd +MOwQiPbxa07Yb+xL8pjZohQLWPCWfFPft6hi0TwMwpsNOg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-192-cfb1.pem b/tests/pem/unsupported/rsa-aria-192-cfb1.pem new file mode 100644 index 000000000..bcc469790 --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-192-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-192-CFB1,0540E76EA7E8A41210F498629963CECE + +7/gTJ4Ez++VZ+wdIZ6prnMXy8PedJs2gsMbqVtglFwohPfqMfpWknUj5EBX1QazT +NCflkxl/fmCl76zUJfeNUCdDrFfg0RIQUMPRanV7oPs/wNVhJH0ONTwYd85UbtPT +gx3C/S6j5m0hhoJtsL+u/BM3Pu6BkuU4tAI15JVI12k0ubm0z6pohXR29vNrPrif +Ahpp5X2zqTurPC9yjMWQcm5eVsSd1mFubeTohDhpnsrKLQCvq5rdveeyE5MMhZCk +rkz6NOHv3KBjQVKaDpABnOwi0O7kqzdvup1CmNaEd81ian+9d/18fObiG3gRdJz+ +ExgHFDqu/p6WMAtWAuKqWkmhOZ7PS8cln50n9h0cWqaGOtgDaT3La0Hs70bSRqH6 +kZetLaGlLZbOQH6j4CqvjkFcsv2SJDVru0pmhNsQnJxjq/97ssI8BmXFhctBP85M +GvyK5tepfiJiV0XbUjQ3o0ES0fwtP+kOsvCEjXMWQ+gQV3kAMfpbyZOZUiVGvuE/ +XjxHdFL/0Th0j+LhbOEVPRPa5EjGg6kYp+FKgASvjVQnSrKDdz/XONzb9la2k9Mm +xnUtWTrlCNIYlBS3TEzUU2BMpZXGlje8gqOtmQFKfAmxFi0MqpGDT+w2EvXGF302 +AgmGdKkC4lz7t+WC0uQyrwIpq2S2jxaPTXbOwXfnx0/otgFX0FKDGFslGTNaONPf +dcuQZJB2wkq486vy/zjdRXlKmei8LVLWlpxSV8Yd8ew+ZN4kUvpzVkTkJzYRq2ly +LP8FD0xwA0gl/6pPqPvbLCc95WfBZgusG/XGAskJ2FNl5A== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-192-cfb8.pem b/tests/pem/unsupported/rsa-aria-192-cfb8.pem new file mode 100644 index 000000000..7e082f9df --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-192-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-192-CFB8,703281E033037322BA489CF6DAAEBF29 + +oPrXoQ7AffyrRS4qFOGyw2Vjgyp+RYCsdQmBZIIS+WPBa5QyAVDQw0eaaRKAe7wg +BoDUoJeksVCDAxJIq1R9pcZHmoJGFXS8SIoABcE9Hl3MVIqMvzdoLxLnZMU/pcNx +6cHop68cDTpF4853t+tk9jiTRdbvPa+uJI+ntxVIWdTe1WHdzRFgsC//w6D0drbc +7VgBFzhFxy94/I9iYlJudUsEWfRBetveuHqfUc72W+3x26cdUAe1is6/tqVi9LD7 +cQRzYiENeCBch7M6RVNkEqCy56wh+CpmXHV1y4c4aiVqEsKVkXlXaUcIjylelVWp +yY+ZDMa0Z6rFlwHR3d6qYsjREqjPtTrirL+YeD3kXoQM3BLOly63MK22CYI60Kc7 +xu3fA6ABFot7XvJEOIW9hJy94wRSr/ekNokDfzvkv1V9sa11VCYG0zFendfbdLMX +yqInVcSh0U1vS6E/O2Odg37OoVl0TdAaDCx6w7NQUorbyKgTN1yUxgmHTTgAvgMh +nk2Uydh5wSUcBcTbS0d2nidFtuaDmZHyea6k6uea+rQRaksfy0r9yEeHhR2VmDav +ifbZ9hMISnhPZdibNL4T3jBjFpMgX3rVQQQhUPu0alg1465EMVSBgFMeSRj0G6sh +HLtJDo3aUZNCu9jn4IeDCtW3YvRGqnA8QaFyU50dZ0ODKXQX7vo39GFxR9Nd3wLl +Syg+oXQlwV0v/p+QneQgj2PSEBnufG2AMDq+G3qV7uL3aotp+QjLiY5b4Ll2BRU+ +k+Gr2D3FYMP83FhL2H17PmVKDN1rJ+wuElp75+A5SrWLTg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-192-ctr.pem b/tests/pem/unsupported/rsa-aria-192-ctr.pem new file mode 100644 index 000000000..3a1220c55 --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-192-ctr.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-192-CTR,01CBC64C88FA8A67BBB034B1BE3B7ACD + +cWTtf4fpNcew/IKzv/P6MjV/eFrEL6AL8WET/bglgTq5DovWosVWhJIVtZPtlLrQ +Gg5HH1BsDaw3ilqrsBT70LcBYmh5GyEhm12bSXMUQ7f6oZzW6h20SDsgbhd44GZq +/Rn/D3xz+4qRUj96R6NaIhx4wemAWZ+WydX5PAwgbfq2lY5pqW/94dRedncYLBGJ +y/NbDmVI6ssY5j06Y31Prm83aG2FCCaOvuczOk1D2Je7FrBaJDNpNnwH3VKp3icy +LMKxqnzTlkYnxNJWDLUIqIwQUBeuJD0jqwaGrho3PzkRg6DU9c149S0Ce7HKDA2t +7xoYhd7q0f/mhv6t33o0/fkSAexvjLPDuEaThgb6S+liXABx2M0TIEA3c2pWAROn +bX4xcROF3g/SjSacMPVklaV/hKBK3qKN7Krn68Cxzz5aBghrtk7AdV8N4CyrdwtM +6Dty1djDO3b8AF71nmPN1AuIW5zaLy8dOnqVyE+a1nLmJL9Cdx/MZEC1MzrWulMB +ZOmiPg3hVTyx8qH9BE//6FJ2yWzs4OatkyhmIF1vqRcKMfELOyv8+m6x2A+h97Lq +drcu0vuqiQE4p0dynDP2LTeBKQcJYWD+SdxoOxh+2frJ6QlJER4E824sK3va8Qm/ ++nEdehTNonp3f8SzYGBST9AAWzBtS1NphUIUyIB6yU+SMgaMEtg4IzMXVGvTBsrO +ZauXkuklm87wTEk+uH69j6tu0l6/k5jourVSoOT4SJZT0S2lApTrzTRVuTjXmg2e +g31Wxn7PfNIpKxPUiiNAeQwXbfMJINUSFxkvOTKe1Osd6g== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-192-ofb.pem b/tests/pem/unsupported/rsa-aria-192-ofb.pem new file mode 100644 index 000000000..bedfbe110 --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-192-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-192-OFB,1D7BBDB48B438FA5B42D877840745531 + +kAb70nTB6uj+8Kj1ZYQ6JyBxb3spXTapsDW+a+GZ9CERaonpiqHaRct03lWcR7dP +DN6VOvVP1x2l3OEmttlVWVKy00SjXzet1TY0c2VKFwS8yrES3BLZE16ORVaKJObN +e0sJUPDTlciLGwl7dNjtDTJEMnHQvwBrVx871RzawE3EiuWNMVfEjMEQFjxYzX3H +hnRxkn92JTdxDBNAc40skn0zKg0Q9dBSZjuKZQ+XOeQtyjYRwx2RZax+Gk5V9EmW +CdyNPlAAeC7KbaHSvBWrL8lPgRgIhggusgV23SG1AAyelTRUIAws3CmAxMjKYyDq +laOr3xAHrveHnZBRPLYwyrhxS04oMWO4nNO/HbAPheXf+sbRruoOtJdT4KDmTJch +PspuN1ADOG+MoDsHqWUaIRQ12DNtB3EIzjKLQXJgvTA2cRz0aWJCidi4DT5zmvZG +s37eDw5on0hipsoZVbePs1kRggauZ17by0hRmvqRJg8JvQ0VgkIEm+JSiQk9viX4 +H0Nba+KL0bYRue4OCJHzhWNa/Zpz76pVzQxQBt6bUVfdWg+pgWvX7scX/U/kPn0Y +hiC4TD3pTZJFO02uzGt0i1rsUZ0pJ51kDp3oBk7/6P0//QFeSwcsTIkpgkvDS4eG +HK/fCwMPHYYHk9uI/QdXaXhysFnf/dAM/ltpTVjWVv+0GMhEUlnY7eRXMKLcK9ga +aR+TLX3o+BZWglkyF2IFCuDUTwc6fXTlv0TFqMvSvgjH1DgMLVeBiAHSIz0ak73t +dDi4wRYHq+jwMOLpITSoOC9b+K8x2h0jLUhLAkDzncSQ1w== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-256-cbc.pem b/tests/pem/unsupported/rsa-aria-256-cbc.pem new file mode 100644 index 000000000..e5e0fbf1e --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-256-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-256-CBC,65AE2886CA6649A6EA4CC9E82CD73B39 + +wVbk5rkIPJv7HpRHA6psb8bXUbOLO6o73DxOw9jNJeuaXFxuGwh3lQclTPPB098B +3BRsuORRoeSEjHBXpMpMfybgmGYRPY2oTDY7JV2QtB9ubUzTkUOhqtXv/B3a7vkA +Jxi3uA7X3W8La0wBFQJWdJKgPvEeV3JaTWmrprtjk60YJeoFbQkKLHAqoJAHwHP2 +kBD+o/9GvDNIAIcWtRQuLRMX1gTs/lw/Ped9iPgJPSzKdu4h+yOJY8ASb+E33Rzb +GSn/eTL1TWQwlFhw94JRG0RCXYslj6IzVYK6i4nFdo+eA+ePrRVjM1zkI7ahWyz5 +N3wVpbW6rbOvX9mIhzqNoCgETL631z6dJu/1ZrnMa1dePHLF5GmIzX4VD1r0VbCI +qUjQdI4iJLtJ7QPKT6LdQ/EoxIdFNBdD4hHhHVcdLC2F9KCTC7ncooW8xm/bCRej +jROEwjIQffCJV0jPgn/l7PlhcFlmJj54OLHqoNo1Ijp5kAbc5mUia6Kdduf50LlD +gMIweQCqsNWgJLAWYWUcWRIhD7mi5R4n1iQjrGeVon5TvUyZ8YCQNe031cfB14c9 +1Lbj7qwPcZ3v15MX5OAlbS2Qjot3k8/a0YElEvffyjcv2PINX3DUX1CxywX2ofRO +CftJF+5tRmFgaUHnvvsNmCeO9kM5A4APAzaHtZPQ5/gyLcrKXHeJUT+Gm6OGUzy+ ++asXbiZMC7gEYTFnhxgfX+5V4LescNSqZNg4WGWMQFugv3s0ky2dkyWXwr8Ngn0k +o+Rqdd0lS1+vdOx6E7PKdXukn9IJXMqy0wfoIHkuYSRL5aTEUf4s0hIlORv8QzKv +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-256-cfb.pem b/tests/pem/unsupported/rsa-aria-256-cfb.pem new file mode 100644 index 000000000..9743df277 --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-256-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-256-CFB,2F31C3EC34318177E3C0F3B56F573666 + +vNS4psbIorG4NIfYEH1e5TVnIg2jPvOGwKXgOTEtXOXTN7dFenizoecfAkd558XL +EbW/ZAiFWyv+jLM1Ur5kx3gD6yM5nfs252p8fDK+eezYMxg64xQ51UAZazeFcpoy +8B8R7nFxyCr97kXLbYB8x2+L9+CQjVuxva9hwPE64h39kieL0jz/JLjJIpz4MCYq +Ju2pECfBzbu9MOI3taeJS6zd+0rS74WniIM5XQNifJkCFM6rytKxhf0KQA02X2Fm +wVC+WmnaK7v9HZrc1cs3u4JjQMLo/m/wMPMMDsQ2LYAeOkFKvUnqrwrjZoXv1NUW +qZq106uOPu+I5gHyDzPhuv7JEAGjw2ON1zP7DGir3xDDbOtyCfJYfu3VBykchMER +kG08LWwYa+cEr/4jUPpiHhu4tZX6iiJKNLxJZNleVinVCrQg8yHBfjgUo0RLKrm4 +QQXKMX2oLaBFwtfD/nAkxbTKSYePU5gavIrqqc9vSvDDknaMJbqOjgcyB5gd6B4N +3xTho/Aknm0q8QoalNzE+89zj8KyqOXMrN4+Czl4TMQlQZygElJaUKWpE4fTEynw +tY90XphfAN213hZnoBiqmV6ZOTSm/sxYZKv9phPTYVbniLJEn0d0KyVO/+XCYGhn +tnf358HL6Yj163Ucpa8n+aNna2vcJTlawedXaFr1+hzLCKQHYIOOgrK/kUCA9Fwb +dGQglvh69KsEX44ft7jXx31HqrJ1yAsVoj9rtrlBGhbrH2pmD9VpDjV3inbwGTrs +WJudMJGqLlGvhogpdWwSqIaPYlEZROVb/0WdpoWvV5RYUQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-256-cfb1.pem b/tests/pem/unsupported/rsa-aria-256-cfb1.pem new file mode 100644 index 000000000..db7bd4aa2 --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-256-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-256-CFB1,A570DFEDFC825F9F2688FCAAB3239432 + +9lUZCiEZuPPFXgNj6sn9eupe34xZRp75CwB5XnWF5satIlXHVZrfg9HheIm/00TE +iuzVIVaoA7wjqLbzQRjiZ5WPFUThaGf3RlkIDiSD/ckWGzf58y36fbcGQCGcP92a +ZyAS1jqSiozNa3Bl9yhapuL1VrLX4+ZDjgWV+AA/3XDjdGVm/U6dhSzqn7AY0LGH +vuD1mhSx1POw+UnF6wsXN7eSh9lQvS8ZumakgwPVU8U62XrRHLdyDzEvCP1isJHV +uLpRJyLQtV5BESLI5snuX2c7T+/dVw+S5X9+htgUYm7Zk071Xf+EMr6kNHs4VFLZ +XioR+/kReXXmmFPSLHMOwbxF+MJjgcM3vsw6d9IUOILuMtwz8Qn2kq6yCSBnzEcM +e/GhRe2+fTuHBTEptoQZr2BwRmotiSTxVEhbhtUfLvXRuEPJaxDoAJ36lC7zrJbH +WuwhOfIzroHoa+DiA76DiYRVjdFqfqxrPMrmRDKLDk9+tU19sqTUB4hXUaTVnxwn +sG2kvDBvU5/Nnpa2YqNFq/p5DVSz/vieEisBjcGvRbzMkpzBy+hGz3Bp5iard+GU +9LfeTalctevrLL+yPNmBZ3zxh8ICGXd2o6OzUW/hIS3A+8Ai9AiAQMumso489++8 +mPOZ90L3DkkUOSykUQHoB8kKAR7Mo3bMq4ci6wpbKHxcDs1UU7Gs7Hnnm2kz+UWy +qq0kOmq9ZW4EQ8DJL6Mrwt/yPniUopPp/AuTvg5kZ5epCBFsvgn+sYAEr2qpNeLT +Rg8lYhxJQH13R8vO7sEYMFLgvvrIOGx0MYUpwXZ0wT0ZHA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-256-cfb8.pem b/tests/pem/unsupported/rsa-aria-256-cfb8.pem new file mode 100644 index 000000000..9fdc30114 --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-256-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-256-CFB8,17C254E31F17EFEB81A06A97AD26C5D7 + +asUojDs9kmf05yEgPIB9c18hTjlqupLeqed7F/zK4gtZnQY3a6l1KOXORaHIZrmh +KlwdGcsZfS1/jfDeX5uCE1Lr0Mf+7z5oSR6xjSzjmDWhANJynV0VWy8dFUUVUYT7 +bKxWMXzqeEkt02T4HjBBs0JLEDCpQ0jBL9z8X/YbF0umlckR/kXSm6W+hOVUhg0z +tegmdUqYMRwJpP6CtWXUydpp9zVfdaS5IkItfkldJO+TtiuCZ68fFcXdYeBCYbyh +CaSH5dT275akoxBO0l6XEVrZPidiKU0pvMUPMAYfRNBvF5STLvWge2Uby4QLfOXt +Ry9psrwVVTOZqVd5IFzXS2+I0naNbeo+TbB+Ob43Vnq1O3uLFWwRh/gAyvL08ym1 +IcBhgjy+Zk+yNLgo1QgmOBqrKJm/8PkB0c1FxZ9c48jdCcCXnTWQwHcd8eyBOlMM +QCaFM9+lL7QR72D/DbkUbkdWV/0j/tk8ERVaTcWnmskOB9+1fo/PIm2I1r/cMGwQ +QRY0trKuW2avjKPqYrgiltowvM2zETRJDChl4LRvp11C1UzTwLFv98KpjC5ub5Ul +iH7aqB0UId7qmEUXNyQcq3WHax72Cc+WCHpJjpUVuLbJELnoxdrrf1i6+DGjr18M +qg5S78Wdj5Ic8uNQR6Ep7vF9RqMQT9g5Jv/A+d8XUZLg7ChpM3ixczlSHmTijVWo +znc73SoMdfxAYExZdicU4CV5eSBoPThhf7KhYhvOy0nv29L97dKWDfLTTetSfaWa +qLrOUJJnrjib4XO5qIE5z/x/M3+eOL/qdBe2X/Qx8d1ZLA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-256-ctr.pem b/tests/pem/unsupported/rsa-aria-256-ctr.pem new file mode 100644 index 000000000..da5fcd0b9 --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-256-ctr.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-256-CTR,AE393C1AA3678350154D9BF7B6CEDA53 + +Nm+j1abO5IDUDCyhI8ogLxr5fXUxhBys/vNO/88qcXbGqA7fNcqVqFEtYdftPASi +w3G18VmC5Yk9O+aMz9gEb+UemxuQzpJVvR+9iBXvkvvjAKGLXZMrCk5ugpQ8QLSi +qE7sQahRwvxj/e+eoRyHSAa17IIjH3jG1xFht7X1Qbuy/ZZEqNYGdasx59zCcrSm +4JmFAGToj88fjR5lQaBk3ADifuHyNbW4CW/Jj6T/S3224YyRtEZYTGxlc0iqgcN+ +2ExuDAEyYSGgaecTEbxtKa+RMGP6K6CKsgKiLHSDvZUElTeQxu8aYUV7y7lRtbUc +Ylbm1nOtOqZi9SrwSaK2cRN0Dw3ZtEJciak6UqFg0vfZ00Lvft6uRpEyJfoxMElI +jGjV75LTFl00SMXs+UFxox3J3NvVQQR+jnbgwJAqc8yF4ZXv6Ptl7vLWMDCJnEN8 +nHvJiQDKE2crvdA5B69HjtPmd4Txd8lBdPrw6eUCHyLwNeaB0NnvN2wuH1lAQzw0 +YdKkF8TWUCSRNza2iJe9sOzVg8+Lci8IyJTl6F++UqObjYIXossh5qCvxfIzpMmT +NzXZfD3BGeqP49BAVCIKI0AULu9c5c5n0enB0Pk97vJDtj1xKpQQKqyAGFnRjglG +hcS5iagBvHUXz6FL0BlDqvpPURBRWNUu+NwXVBFw88E6Xz/DEXUvzkDnUGK8m/Q3 +iaBt9bCVU5kQvr/jVTlYpHXeg7cj52A588sQ1SJ/y44M0oOyjj6zfOFiY589qwm+ +N1YJSEdDKs7QOKwF78qVIPqd5SeDDn/IzAgIjTfAK8yiIA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-aria-256-ofb.pem b/tests/pem/unsupported/rsa-aria-256-ofb.pem new file mode 100644 index 000000000..d2127548d --- /dev/null +++ b/tests/pem/unsupported/rsa-aria-256-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ARIA-256-OFB,6798508A2C71D072059504ACABCCB42D + +OUmKOC1QKC2ZdE7+1kGr0Vn+uvEvAs+KJAlmUlrOYOo5I9HVDlPd1Es1MQgr3i2B +ZsIstvYZhDNjvo4bZ/mgYiul9xISo4SRGfHIIIIhhSVjVJXHBy2ig11/yA9A5V5E +3AlRSRZSTJSgJd7Qonwe+RXCJYmdDnh0jTFFls6JlC/qxYaZiMmzxZQDpW8natkM +Bf0wPzIxX43uNv2VGfWTRwLKedS09GvInS/fxZ3Ehznv2/ihBtMISsVuXm2i3C2l +8qBw1suZ+fTZbFLj+gunxiTfd3LYxpR+1bynKPpJXcVZwhcHoLfbD09yPvlsqq77 +IoZeICkjW4WA2hi1UG5z6rYS2V9FcsPNTlmARWKMHH0rEPmVmBQ9qOxUzLZRud1q +1yPdy47PSneqC33X01XctJEPhoba+32rKBUEowHRTQY4EvbOxgjTNNtRCnw/FX3a +sbmRJHwIv2jRCOeE+8XlSSnmIVu2CfqkJoKsyrellRcRJtE+yYII9zjzsHA5DQAd +FeKpBQdwhKC+Q7uFcqNniBskJaboguUP0LRL7NQKDQDDaxhUrSay6CMNxoJ8TE6K +MP/Cdl/Na0GLRnxHW5+GmydAIpu+oqhxhICdfzgMzKaE1XFPf31vupTfmRRfQGC0 +MoVT4nEt/+GKMc8gL5LgOICSQpQkfnLRxftXm8IVYSLB+EyWMjwEGgSTpaLRfiSk +wvJA1wV/yxGWHQPhVGTgSMFaPMoBm/qSzRDcEqbgi5Y/HfRui7ppOVGnZQ7DVGvv +JuN21f3cVgZxq9Jw7WjpNGH7MURotxSglHkqLQzS4D1Fyw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-camellia-128-cfb1.pem b/tests/pem/unsupported/rsa-camellia-128-cfb1.pem new file mode 100644 index 000000000..bdaf7ee43 --- /dev/null +++ b/tests/pem/unsupported/rsa-camellia-128-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-128-CFB1,5CDE94606F26A3CEE27C797597BE100D + +yShn7gdjh4yv3ge6s84RwF8/j7lahTaba0j3AuzGuVosZZcZLoX5mzzW3kLe6HSA +0MBdPKmbvD1LQWNChOqWwvrnHuS8VyKVHba3u1L14gjwjICw9YNB6ABvyDvaStj0 +UW5CXTTTMRvwaf03ZU6GvFuHFu8qxRehpVJFYoGVqzyfRGnBrEPVWsz7TKmdZgS0 +0yzdoXAFl2Wp8gDgQj/4QU8dhbRrfI8JEdM1a/me3XnrD+NBlpyUAIMXFP9+TyCP +shWXmbUp8fAqPQ8zNAh18u/UW+K2j05YiWcC2U1UNeXM11intUMNx79xJzqWlytA +wfmU4tvHS0GCmEj6J6kkAuHxiSdtj2NeI3T1wPfaoSgjjGfHSv/wQqlpCoNH7pDL +1ofNLXBS8XqjdPz//ufh9w+4PyB3j4ctbPj7nzD4JRk1csLw/vKNSAtAo/+4xO+1 +6BP0DKSkjsC8Y+P1ix4Go9Zr6lsxfvbtY3dwmajeRyLRkSe9j1h0O6sIycSt5+aY +cwyxvbX4eToiEonB8NsVBSFyHmq5BUaNshQ1D3d1p5ppYA0CoCXWPxrEetPVxR8z +JBOEGK/hS/gxaU+DNtQeSNxH2Vr0Zr8XwNOwy7yQaZ2JngqhHtuc9JzmkKbZqSVx +M0k6qiadz7IZyicq++D/UT03deOi64dQHdHl48K7ZG8x5XnRYNt0vy5anpsoTE5a +5haDBav8C00KQJHj+feKtIdfgEbsYQyuufMJipXszUebN58pZAlKqS0ZO3cYMCyd +omEH73CzjUh3uwiEveXgw26X78YBqWHlGbguWguu4+jPgw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-camellia-128-cfb8.pem b/tests/pem/unsupported/rsa-camellia-128-cfb8.pem new file mode 100644 index 000000000..4b1c166a9 --- /dev/null +++ b/tests/pem/unsupported/rsa-camellia-128-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-128-CFB8,AD99550C04BC36C7895EDBB4CF1E4C4B + +IbCvKqil/QTa935W0p2i3pzo1ZQTAMYeS7kP5UOfBkZ7w744DOP5mQWuoGTblkSl +J781MP+0KE3hVRgrcrRwlBKu0CkyzwXeqqSql9ZPnZXKpkSmQl8naODDq2cdn/5K +3xaL52ot9ySCdY84HgyoIy11sdHdRvgUaTnFsFi64lirHPcyLAFmUdLsFXR1D9Yu +4bP+NqhjZcNJ41eSuVL+9F4QNGd+SZqAdSm1VVAjit7xgBp5ayFzmi36S2/Uc0Bf +BVSI06q/cC21yw68hdnAMHT5XeAhff1myRCGb41joIQH+qZFoBAC56TqKgJHVahR +V0JOGRq9Y8l0ZyOxmbtwdvG38b5Y5HCbb87FtK9xruxyz4juzHGD1MCCTqaFU7Ec +p1E1j73fpw2OwfTCe9pLM17aribXZThjgiykaE0pqkxl4PShvyIM/N6wCXg1yXgx +kgdEtcOdqcJv65M2ljjLB9MpDw3Z6Ntcmnrl4VzVG1Sl/LXn6hj8B/TC/MDv6UGs +Jgv/daG48qMV3XB0MOU0NF/xCjlDq79TDRImJHlzPVxy0RDIgbSR/F2gBsxgikfY +1JCRm+flE/tegmRKnnsv3ewkCW/oUd3LPzVe7reNN7tAf/VctxLcS3N6YU+o0NM0 +pSf/uzXE3Hj2NtPwJlWRRfgr9q7DMzQqyZHt1r05pYHTZuG+Iz0T68eUoJm+N13v +lNREl5QHEZRj4inHhhRSUxdZQ4hZ/8b0sUUpaYrbneQ2UuINzXYOzRxdX7gZin7V +uLdxB+l0cZ4MDNbhH+RaMkSyQmU1cbpGbZKfMrWtD38O6w== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-camellia-192-cfb1.pem b/tests/pem/unsupported/rsa-camellia-192-cfb1.pem new file mode 100644 index 000000000..3c2beb15a --- /dev/null +++ b/tests/pem/unsupported/rsa-camellia-192-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-192-CFB1,B8298D283C5EF29568B4F1238A4E3090 + +r6AvdtTUBhZKlhsjyj+eZ/GDuTciht2fBPGoIY4cwqdyh8BUrIOLhI5nYCfYTvLe +Ul4dc9A2b2JuwPguCBfV89SGvFEOnAib0Vf7K1VaNy68GccuBWfXyWkeKhMPFmt7 +EepKC3FZ3LvbHx6tWulYfgyr3nyCcwFpSENYgVTP15HkpvPfxCzM6u55khRpTIZv +JMpGglx3bwd46ylhiAOlkeZOA1fc5mlL/det4uL6O0zLUqvgrJtmTcM2Gbazz1+w +R3AVlgTDMOkdmTiVkCeLUWI36TCWubHKarhWKLNGN4G48tj07/+ippGrLSvs0Nfv +Udc+4imOxgWOYG5ZEH9UgbRDaRmZXwDvImaEs7V8/vaGZPEwapRIvKOZV0/KDiwA +5tmhRloVShAENqNsXJzHTPvVcoqzxiuc1Nww4o+Ik9X3w9jWXAmFiIDVyWU4gNwP +FZeorDEpKD3wu+WaLGo6SMANFbx6b8KYXRLxwgCcHHaS3bMHNk11jVRhEUwg9WBE +vYrExeLtwhuKt4SxgUHNd2mtrsS2TjzjUVsoAipSOQtD3XasjV5uSDNg2KDnc/oC +CZ/ROX+IHr0W0CrS+D8KtOAArPef1ciDbxR69QhMJo+MckZcGhre53BgyxCyzN2L +IUxj2AkDpUi9hsK3YPv9BnPPE3rCIiMtgYVnTUaGchs9EV3s5lSe2MDRVGu3rj1h +H1EyqCEPPnmpPP5OXCGpOQCuwgE0mNbYftkeRQ9BBZJrRinHRuo3C/sjWOb2D5Jq +zmEAi/CQZkA1PBi6XhTRaPheYz2TCvURNToTiBIuWDKNrQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-camellia-192-cfb8.pem b/tests/pem/unsupported/rsa-camellia-192-cfb8.pem new file mode 100644 index 000000000..e258564b3 --- /dev/null +++ b/tests/pem/unsupported/rsa-camellia-192-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-192-CFB8,08DA172F25F18F682007A54E53C45C37 + +inBfkD7OWHVVmQHRs7VklNyt6JdGnLzQvVklqCwelZEj7SOC9uzMaCBOUrJMGiwF +EkQRuMabF8pGed5kCq9JBO30ixKhhomKbVq/CiId4rn860NfL8qwQY7KHRnxKRGs +aBNdl2fpkGJGzr2MdedP81dyba5MS4D6hV6LJQtFcugy9wtuIk/iR6jB+qn26+le +8QKTxLGw999h+OXw4MX/EhMzT/ARGFZEp+xJew6KEYWSHxKkDiKpa7taFsqsWWyZ +JUOLBBU2QCp/pj5Ng4p216kvJdLtx3haxHUEFKBUqry06PRGVH5kL/WQ6Z6keT4w +ZOnU/2xG7WL6saU8LJFEFqjVry1QscKlO3lq2azUmmfEH3V+wN0dYB54aNYJcBYg +iOFURwRgjhAERZxke/lF7yDd20hbnt+rmCIYJpBl0xxpa298fiz266wrWTgI0p6d +LPuA+XOlZYCyLvzx11mClIR60Z2teEHjA51VVNlkmUNGqtd074eyTuLMH7SFOL3t +KApdsLQtEA4haAz/xWN4ORmbJSnbSTwIPq3sG7OQkPSYmvlihnpr6b0k6hAw0u/r +MWPZfV8q3HLEAET7Cn0lvDWn8ya5N4uqSqVSoojezlePimDZmXp/w5SGUlnMvqx0 +8gONwWKfVvUNbn/FNI2dyboQErp8JxaBLkj3qe/+7dlp9g0q3zHirBQVcQ8iHjBd +HXTvOyeU1QAgtVvmzF+02qKB/j2EctsSIqZRqJOEMdZZ07odgxE/icUnMy+1MRjB +y5TAXaBsF29qRi/+YFP/p/JwmmisIxrJn6HDtEtTVZYE2g== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-camellia-256-cfb1.pem b/tests/pem/unsupported/rsa-camellia-256-cfb1.pem new file mode 100644 index 000000000..e44cc11a0 --- /dev/null +++ b/tests/pem/unsupported/rsa-camellia-256-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-256-CFB1,CA5AE601415612BF933880E9E72B4C92 + +9iI6iMRbNnWCVYWYI44+dTBnZYuIaPnyRmOyoERHscBcsJQU1EEBLQxnxuZcmSM1 +yjrQokpQYb54JlxY+lzLLmtfnas3eLtUpSHePwqnpqs4D9odeju/pj5pmWFAB2Ug +GqLu33qUnzbBzMAntXVCJwSsOVjTLovCL5ErhN1FqJGxqNqSf4Ht0AXlvnrFRqam +Zc4+hQcMaZT/BLtUHmB9EmoKX94JlTdZy0Gz9+znXhCO3QgGy+VOiCMEfi8jpGmb +IUaf8aPzTzh7DfM+/TRHDKEvSYUW/x1cDDLZrHhecDFQT/IMcfYVtiGEslhdHAq9 +89M4EVIy/bbIgqUxAOP65HHZ8F1cpcRThInWFXvWMRrQso/7/pMwQolxfVYOjZfR +n4JjCX0xjqtTFGfF16CN+AOBul8vinWJa3yXtGInSO35PVte4IxK3EY1/YbgmWzk +mZgxrK59HqalNIc+yFPb7si6CRgygfWE9Vy449pqXAUADzD4RsdSjTFpTMt9zxm2 +M/Ej53AKfqmVdtb36PvphsvxvnwoducR/9adBbB8EJKSYo1cVTPXt+CHXB3th9fd +0pwB0t5JSXGHf1YWaXK2qmMDCXFEtOJVBvnuOdoxJuIyZRW6Z6SBC74twoeJTloG +EbRLnw8qVhITtllp3yiN7H6Y5vO3bIcZqb6ptLxBt492HOo5GdBPROL83vr9sb+E +7Jpf4ryDYBNjxit0UC578/UPYNsDk9Djb9flN9LmdEu7kBZp5nbZIeeeyntk42Zp +2mxUi+KflmR6/Umnv3IpHqYgNifSEJe87WknE86WMmZNVA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-camellia-256-cfb8.pem b/tests/pem/unsupported/rsa-camellia-256-cfb8.pem new file mode 100644 index 000000000..5b5a90132 --- /dev/null +++ b/tests/pem/unsupported/rsa-camellia-256-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: CAMELLIA-256-CFB8,5537C1FD001AA3A278D156C48FCBFAD8 + +vUwDIWFnm0CSBKxTtPLUqMB4JDraX7+OeHnu12VfBhjqtcfQHtxSST6vfx9osNg7 +T6Uxae11cHW4CqFbP41JZjdMLJPh8SYQ47IkpQuGEDMRcMzaJHF5KaSzCgs7JiFY +je4NrPq9Sm26PnNBZi4PAs/F5XcBXQ6wR7Pft8mvWsnFA3S1yn3ud0I/8F1kmiK7 +Kk+cFlWOV0PQ7OSsxbTleSqELQvr7x7CMqpteXjYzTInB9R5i9leoogAEsls7O/D +U8TLW7uutCIALV92AIG+EjhpWzwt4UGpRcn3UY5oUs9WUjXCnKdwDrRP3vy2e20+ +Ce5rh81Cizn2rXeXVnDt+IF1QtUbkBUvWgmE3VWkg9bDaIVOk0RjKt6iBxe4gWK2 +peT7Kgaa5udxBD1un3+XhPr8oQi5jRhqOD/6HStQ0bPXGGUcZrlTSlMv34KxklkO +/3qdK1CE3i/CccZgN1uhbPdaRn1Xs+2QS3b+9ZfokkxQVFMrsA/MyMAGqV7dFL/J +MPpVA3MatuxxBoQHzngOjK5+h8xHBisrrPAZAG/VkQBD/8oUlPwClEZH+s5DvAG8 +8v9eoV+kvUcEGAzaqURW37+VSqmmbiy6Jq4YhTl+FoSrerbB9XWO7UOvgNWs6YzG +lFLjw79074VHKrNd4pyD6zefFaZ0+LlLjFdDEb+W/Yfk5+gJvY0+E1OxmsyVzZny +I72sNJq8+m4EgIryAP3SFMElkkC9yuRnxTpTmLsVqmuNH/Oht6HoA00CpE6kQQUT +mFymc5VQI+7ClNIWylZwDflEUXmdioGKg2qxi0v63oVxYQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-chacha20.pem b/tests/pem/unsupported/rsa-chacha20.pem new file mode 100644 index 000000000..ad6f6d23b --- /dev/null +++ b/tests/pem/unsupported/rsa-chacha20.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: ChaCha20,76D5D46424252459EF8D96B1119F49F3 + +joUj0jac3xH3O69VFpuogUKCf3neWW0AX43N6eJJQsPUXwC7TZ1TgJOUF/LZa6gl +i/5yAGOjovMyUGhVZVlxEQusYyOtiI8lol0AaEv1n+nvMHxn6px93+9DHEDD6XqV +c8e4mo/1aSbTH19sozD2Tt9xwUAMXpVEu8b9dts+lXE5MXAfwpok2W+kLLHL+5+8 +63pRot7CzIMOTY+Z4C5KtRI6Pgw9fmGDx0IC6CuAjsg2pzeLDngDIVcdDlfelHfy +KhpDnPUZeY+fQLqTDjllZa7l6rjjW9r7uAtOfpPkbV5e9+bMjhkCnrn5OUqlz0KA +2rC24wOnfQ5r3ILpZTkIx19baPr/mShz9Grb2+0+aJOEx3Vifk+h2q2igVut0Hzn +UHJzmreg8BXVEyZv5UcNDIfHmFwKnZQAdGhbbNSfHllFgorZ4DOn7Mcc2wR7m4Jh +v1Tkdjb4VtqOF5zTP2TbIGU1y8Umi+eXNtXUK6whAFPVlFhDrFfHpn1YBIsu9kcI +UjgY+VIcT8Jj7TrXYMPY8P59uXfta+07X+pkT4xkDbr6qjYwslllmPAMRbhS7xNM +8+y0QTeB5Z4txEywwjkFn67kXwnJj3lYNS0xZFsjCz3+6Sq75TwpMKN91CTK2cG3 +swT2CGHUk+l/ypec/5QpCdFS9N7MhAOZEJpmX2W/hnarYWI8UmohrqRtz1duM9QJ +PzLi3cgPzeN2Q7e70GDJ3x3JO6BObqXCtlmEdCIwmrPY1HZ1fgTwDJg/SYfnttl2 +3WmERtFppmbvtUBb+dahnQQdVU/Jw/t9WubmJF7VeHayPw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-des-cfb1.pem b/tests/pem/unsupported/rsa-des-cfb1.pem new file mode 100644 index 000000000..ff6f54f3c --- /dev/null +++ b/tests/pem/unsupported/rsa-des-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CFB1,6293609157F95999 + +oZByTXPct/RlUsozirjTviYda7DTEWSKD9TmuJ4wWKtk/mUnvWUXocUXlVB3DLQj +9JQiv2G5asaeKnJUI8LlKURctZ68n3uRfUX69izEGhawsbFqVujw9EyVM4/RwUf+ +vfUKThsgyBRGWltqQ/M5ntURKMDteOpwk+3legOYDjj+4qdKidggH1AK0qeHXdvq +LFhf+pxYk+uqhMpF+zI83iQW29KA5ogo3qdy/xabnRyiLhMuzEa9i51pJGL82I4z +jzWy/ntcV7+ok1VCPYwBLO8Kys7qs/awS4cDb9sd+Bv7xKBdTIJeqJv6cjtC0HZB +k893z5Jt5KOPzMWV6QsYjEAh59ov/2UXQTfaSLZcVA1fGdy1mNV4UjVfyOVhhesC +jrktiBa5k2TJK7Y42L9YVTNPgPOjV2/eeyCWZmvIJcn7n69NyFLYBdq6Cmm1Eys0 +EFDpVv7JOVFha1S0xZlJ79SAroaa+hSgltIblxbS2MyGLCCf3z2fZ4knkRC2a42e +LOfcPx9enLqFUXOUtckwRhG6As07u8waavRfFI7LVQfgEcVHBtK2K5dd2trguJ7f +WA92CWqE+yRvzz2hUS63u87u67nsZSLrqT9Dc4az50A12oQk6qwxFpMHTyo2joRA +T7vI8GLdtk43AGYceKZwhwTTFLwPa7caX5Kq4L3TPaU9B9tvriOqNFwqlLOC2sd6 +xhqF8OBdN76uapL1GMbpAxEp/cbFXj8hzbKppTnGsGyZU6wqqCUraETNFjkNX2YB +xLKfIDCwvNWFK/8qCO0L0XHaG5Y2sDX/Djit1cDhqtDD6Q== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-des-cfb8.pem b/tests/pem/unsupported/rsa-des-cfb8.pem new file mode 100644 index 000000000..23c58dc28 --- /dev/null +++ b/tests/pem/unsupported/rsa-des-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CFB8,D403C0C1F32C3152 + +vq1T+cbqR7fdU7qVO3pdk8mVuIJXsdfDx40me5Y20QBHGjrKN62YIgguEGRaGxwZ +mvAa5f4juiQ+T+5a7krNqmRbJcgTo1egWPoMR2iPsdrrMZbLRjcPuyXa+Moon3XY +Xg3OC+bOcn4NRPsnfm99J5aXzV2Qz92CU9eIsQbEgmtJoJRAcjElt50b2vAFC3qP +4WlyeYHH/0LD02yvWlCzOdgnvVAV1dvN6gTdpAYs9sl0MdSasHVl0M4cnR1yBnNh +qzNHV6tzijjrloFG+GNSEMDWY5dV+OFIA2lqfX0EQYbACbPHypEQ/ZK/SyFf7L84 +0G6zcfP6CktYDTxG1MJkXc69LWiO1O9/Voyu40eDruUjxpMJVCSIlQwI3mfNQA67 +BLe5TMku/+Xf0d/YcDp9pNU7/+TV9yJJCzxtuAp1qBa5XVCTMD87jQ5ZMCvPBGdz +i/DOygrL8tr4ASLqSbNZYoZPzSBNasj7ke5cmRBKZBtt7TMNYi6DOiZccRtivqPd +Y7BpPZ1BvgAO8bT3DPC//ojY+XHKQltgMGStGrJOTXhPyTrz4vEfPK+RE644VLNV +1SQ0EdzumkeQi6h13Q/gMowqqYCWGwIvT4O07E+Dra3fwHBV38t7W/DhtgJF9tHo +sT2p7LnYQxnw79brYeiEctIqLbmqizhW6VzvmbPFfMSy9o3QFjcZ4KGP18Mj1USR +TKCBfnbVqZLEIOq/rSVTiOFTHnN2l6KRbqEzy1itwR0bvfmeXN30B4eY66Lsr7g3 +BqoWYmRZHXvhCAwaF5XoVZBqG38C5Y1wOovK7dmf1jTPog== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-des-ede-cbc.pem b/tests/pem/unsupported/rsa-des-ede-cbc.pem new file mode 100644 index 000000000..a75d57559 --- /dev/null +++ b/tests/pem/unsupported/rsa-des-ede-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE-CBC,28FFB61FA9A6BB4B + +gQbFrtQNCdJ7vIPX/P3ZcQeeIusVjP8te7F5eRwX3WksJGnvpgVwiM2G9kphg2P+ +3AGBymUYON28CN8rpZWF5sEGo79Y0tBjAS1bK1RZJTdpJAc7yOeJsXqOFyfSLhJI +1qy6W6kaN4feoSNldNdEjmc7vq2rqGR2N5aunnljV2JBegnUgtuOUGpuD1ZZABhp +O4ay0fyfzKjdDTTmZBvepBlpNOCbkhYoVzOoLJRxvgCkot5ZE01ei6CYK0esT7DU +O/wZfq+XNpQjDvH3ZVEj1Km4cp2xa1m9a4XHMUyYuDkott/KhaHf4z9drjQ0c/VT +CvR8SXRjrQLpogDwZmooYb3OUkdvQpGCdnpGJlK2lixr22EMrBRqcdVPveakpX60 +hFJKBq/pue9Z8GdedBwczlHIsrpahD4wtEoBJrVvY2xwZQlBBg07lbaRJEzJFMjO +tXY+NwhpyRXJ+XpvSn3Z72MsCLJxJFssB+3DHYYeoBMYCXg6OZ5gSGPVQ7tbqCw8 +X6aDDYXN6iPh3hLSml/NFy6C44WNT8QsnBrrU+sxmCwMqi1BoJVFc74w42Bi5g1O +aIp6ja4cWU64PhQ5acoP6c2J5psr8+qoPvMwcV3DEGopRXuXOCJYjKB1vkt9gWfQ +7XNaUH/xEzkvPP4uh8da8925hO/3/IztMq8JoTbcUxwcqX6Cb4NrE25g9JmvfKWz +53G+ThNJ+MsVWqXam0uHk8XYrOYVtlx4KYe7A3Bw4XLqxpKbeo18zoOeBnIyPKYE +XRfdGUWVQTW10yXlkntEcQ7EuZmE4YsCaTVvw+klmHsLnbSzBpn/RA== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-des-ede-cfb.pem b/tests/pem/unsupported/rsa-des-ede-cfb.pem new file mode 100644 index 000000000..071114375 --- /dev/null +++ b/tests/pem/unsupported/rsa-des-ede-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE-CFB,D2EC2E14E45CF3A5 + +w8ho8faFohU73C4+Khm1G6qHcCv3k5HuaC8e4gnXify76kDRMQtOLiDXR9bhUvC0 +LRsE9PQ/VV33posoTdwht7gvrDxGb/OPmynIuMBztwSCQ5M0Sy9cVmGIdSV7IqhY +q2UaL+vkoEH5tQs29IkUB1nDDJ2hMSk4C44edbDwc/qwhwsN/aQIj+v0GiH2N7F2 +9lpS4idwtERKWisaxWYo27D5K03AA4952Xinh2cVORcrV43Zky/XwxB3Kunshrl0 +w6vVRwgTLMVHxCe1mfM18lCp4hMRbJ4H/yKsOEPKj3QyvJEzTTicvD+v2IuvlaO2 +3ca5rOu/J48KK7q+dm5P+HDZkxMUejeVebvbnn+b4Wx4dhjbAIJqFJ8nTl25Ksk3 +R95FO6xPT5X8TQrrJWgi50cXx1Tx06eYuILG6nlN2Rb26DVuoaQHdrCQ9/22Zkbb +gHBtXbhCxTFWJENt6tiRFAlJ314KwVoTXOtwH2ILWGu1BsUBVzOnlA8WP5gAfzPp +/zj2ttbZ70YNdNTX25BpAO2klbzchu4d+RLGnhQH/GgRA0ilm8DJ5gpSMG239IJY +a3dHoraCPTYldcKv9tRbxIejlVZ/f/4uXh/YhkS9YL7q6TK5hoUK8gqa2k9HPeLL +S9h+c5v8sHWXBt7OQpSsi3uEHnwC7FhIMNwKjg4cPrGBuVzTaptIsdBTJyiLfD6S +PMFYaq1GUe5VRjjJqyl2Zm5uAWEnzxvP+arZIEBsYVsCFapmsP29SxKS2Ofn7Nlm +CYtJK936wPvqF30v6no9mxrPfYok1QttxZAr1PQT5e4ZLg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-des-ede-ofb.pem b/tests/pem/unsupported/rsa-des-ede-ofb.pem new file mode 100644 index 000000000..15879f746 --- /dev/null +++ b/tests/pem/unsupported/rsa-des-ede-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE-OFB,325013F43C2C8DFC + +o825cb02Mq6/X3ifbQxkLFHWO+hQQeuebohmv5Tw27EBmrAJ6eUBgNJGfrBzNnao +XLa15Ok1bmV0iEu8dn3kxb7vi9xNjqi6CXWrOcBVgesxPTGwPPAurHGK/tBG9Rf0 +jKAUS6i0cnAanACOO42P287Ll01ajyRv54lc6jpJP1CaEzsKSownSg/kKvILxgMx +4M6/LwgPzNXmyq/yDkW9EkulPT0BlvbWrl3WxlOCzzhlP3yN+yOF7+5vWXSnFOU1 +hk8SHEwRnIQEpXhCEVLMS47jaB9/SHfSfY1eS1tWVaV10tzSMuuSFC7jqhLJR8wo +KZdZV31w1lvAGfRHc7dl0KJx0H2UMgVCLl7XMErmf4Zug17RpgW86QHH09r4Z80a +uY96GHAJu4PF1EhNTjCjB6QQQruhwuJ8XWZutu3oOYSLr8/dBGnBOtvud07wwGPe +wkuXvknEvwBYfxv157LaKKeapvpBof9MvIqhGf153/xSPaQHUwKFovfwTiIDPDBh +e6TCsUHp2H68jbJyYD3PM8oeaah8oJsB3gwwD63stVnqSgU4gQhZd718r8ULLhUr +uoUtcxYVDThjvr/dxmOz4J6HYIosQrDSQmS2KYaCb4hO8NpuJFcy8u4x3kFbMRq8 +HPPbAOy87H7RwLRS4WapLxSxJmC05CalANXZrN591Uw8fHac96P2qG/Ma0lUCJWE ++2LnOK2pDRzAP1ZKC6ZhcuuqGTOB+940J+B00jyzlUjot4JMm4bvC+4CInNRThEF +7qhd2lOT6+BK1/6qYSVu/cHkp7Bo9vpmXZhztau2WznC0A== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-des-ede3-cfb1.pem b/tests/pem/unsupported/rsa-des-ede3-cfb1.pem new file mode 100644 index 000000000..24629569e --- /dev/null +++ b/tests/pem/unsupported/rsa-des-ede3-cfb1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CFB1,0419E39778AFC124 + +GEeMgB+RzmdnJx9i6qX3jmy4i2CyTvxbV/GlRwUPeuMRXLb31Yvc8R2FwKZ3rl/H +CRaMYGig/GelIdcOr5U6haOp57fTJ0BQIyYksTB4wi3fbVBVIl6xgMo1UWLT2IR2 +odu5d0Y+AAh+QzKHHYqnOguM3EmQ2rTGQFbzPWuRpMIu8TZjmsPWMgQlW6mDf90V +iCJfbuQPHmnUQH/pQPnxiSacsxBrxJkxCHEvgBrlRcG2z+ttDqhISBJQ0L2sDQuQ +2Ukab2bZxWdWR5d06X5lb8N+XB1vxIuhB7s/PgaOhus8Hf5OwUfYHN0w7v5aymyS +nBvQlF9CnsmGWjUVjqWWCNUtV5Ip/W7NGFbBPKDr6MeNTOEmTUS7m1XZt77AcC7L +8NWMaT3mAdixrgwTbwJj5Jn+IMR1UXBn0+az32+ttqIiOFp/NQk0VNayfUz4TBKg +PH1wUzBVRlCDks3pUguKuQh/AG9HWhqFGQLysXPtriVlud+ERQ0BeHnkAU4c2yFc +unEnyXiz60C68xCQsDvt//Meoft8DL8oyBe+qG/fYBj+jspuLorlAGFLChkhM8Ms +2t/RfNvAQlF4DZ9rBvMB1glpQX5OIwL10iqjD8OvMD8WG/MrP1ncoWuSqdrDSaXI +GZnIS75EDBcjJu7nW0p409XaGu5665G4k78zN6PHBNnf+WW7M7pNOFAjC638fFFO +3vD5DbWuWWsiu3+u3Qqg4c6HdpCVGUMgmODDH/VamYmas6eXJpumJ7ro2yZNmeBg +FIO5SdUJhnhiPW0fum1mV6vBvLeo3HhTPW03zq1eR4dczg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-des-ede3-cfb8.pem b/tests/pem/unsupported/rsa-des-ede3-cfb8.pem new file mode 100644 index 000000000..547e52a65 --- /dev/null +++ b/tests/pem/unsupported/rsa-des-ede3-cfb8.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CFB8,2EAF80F254E8E368 + +FYxKFpbGlvyR3Fy4fbDFKxaSPibxBg444Qj9K/sN6vHsmJNCM8TiSKz3Rzz3pYlV +bGV6HCi/Rh5W3wFJpMjvyzqRfZnkUWo2u5ZwygoBA7qFaWfp5hJil201bV0DNx7b +c9yAQGGnoqsXw+brgrCoIIxUXnRAPNIVmJWKdvLn40ksfxbbk9z4/6xSyX90TpiD +oUY5v8zeereJgZN3FS0+DSY63oq8dM2oHtHYih0iO4m4G52Rf3xa9adZeFqObGXL +TMEVD1dwkxiYgkwKt/bNC1STBHxF/a++OreUKOMrHV5TLyIlQz9wnI94aTnO+3/m ++olRJJTLIt8uADWcyl3/RmiksIyxKosOZ1VKJy6dFG1EaGdqbWZEXfZZl6J+SVQj +TIifbvR56+6d8XzP6d+WSE5njIaXsQ3jWhn1EGzHCnPJ/Ed+6SCOpUbPig+TdoaR +EkwfhooOaodwJdu2TJfTsrydB++C9/uAxAP2zWjVWzKsot7f+nKah51Tbb2ILeB+ +PuQbt3q41iJPZvBmWhM+wCsu5nwMF/z8jMOF/gOiJYI/9k+XMDUc+kJ9d7lk3/Jt +aRQ7/DGJ22cgGbVor4jChTS1ZQyvlURhBsegBoGPZeOA/1/V/vKdqax4pK+icpQN ++cmfSxQQBqZl36xlSEH8KBnh5L7ZxSUTPfF7x+ooDK2e05LDZz5em2d5gLVIMzJf +/zbJES9R594RKBtOry3ePqa7yAgorbK70rHUu4pfmx3dRr+MefgeDrtyOmC0i5Oy +J9/pbFaX4pkBHoGWJExaYwbpJW/Iq9sGeb8WIwEvzEpEjg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/unsupported/rsa-desx-cbc.pem b/tests/pem/unsupported/rsa-desx-cbc.pem new file mode 100644 index 000000000..ab15692e8 --- /dev/null +++ b/tests/pem/unsupported/rsa-desx-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DESX-CBC,7C6B3D1DF2ED3BE2 + +kib+IhIUbbFzTAWj1noqVveQDvmSdsaZsbGpn8+dGBvQid+0ktvurQptooMR0omH +8FvKLX7rQaVk5VejPzYAz9Qq+78JVDI+hxzdWEqSiRvuKDWKOssUa1m4k5pxxnJz +tC9WYREulZ8QLHHOeWNDK0WZWrLGNuXX6m6P5wZw68diBV9MQqxLvao69lJ1sVb2 +F8xRolutpVBVe5avHlV2U9KqA4Sz/L5276C0763/mXFRGOM+OZ8nQOmQbK5sziI9 +BzK3Tje4bLQ0rjDGERVseDHGUF85T+xwoRRBK6GH0RYDf3cHNRYYi0p+6XdfM45t +AOU6XXMrXQEBo7kpFcdg17JucHupBWvI40vlNuRxoHceT0GYv5kZQn0l0zP2qLF/ +G3HIo/LCTRSUD5QKccS7uS849RIgDatD+iebTTiHqbu+WfSkRX5/HWRKesRwT3wt +WOtwyMpXjRo4IT2Yfu1lD9+Xawwu5BuRPeLFadgf3XdwTHhmY9NL4oPSY5dCwcG8 +uvI0mG6tM87elUr8X85sQn9ipWEKBTo0fJZ9MXgAJSESjJ/Z1wQvx5qHHJGXB8/R +qt/ZIkNtaHZ6Qu+tcCbcz6waGxMXz2NjqDMYV3W4Pjm9+wn+OxHr7nZ+mwcRTHU5 +e8wn95JZCbbbJa9DodhhEbxDbIJ5NRd6GEYbk9q6CtnUpNIoN1jJ9mneBb0d0BI5 +t+pGbFxmoKVBt8AJ6Pi8pUQu7yokGiMsjoh4Me0UEFk0pEc2TZdb7v+HZPa+Wg1i +ZLmjVjlwlFMtwvAN+ihuO84d8pjuLnIJ06QmE9x5gh3xC7nkUCNMKQ== +-----END RSA PRIVATE KEY----- From cda6211712665e53bc2eb0ce2f3fc729b9b39b7e Mon Sep 17 00:00:00 2001 From: Karel Miko Date: Thu, 12 Oct 2023 19:00:21 +0200 Subject: [PATCH 33/51] pem: support for RC5-CBC, RC5-CFB, RC5-OFB --- src/misc/pem/pem.c | 3 +++ tests/pem/rsa-rc5-cbc.pem | 18 ++++++++++++++++++ tests/pem/rsa-rc5-cfb.pem | 18 ++++++++++++++++++ tests/pem/rsa-rc5-ofb.pem | 18 ++++++++++++++++++ 4 files changed, 57 insertions(+) create mode 100644 tests/pem/rsa-rc5-cbc.pem create mode 100644 tests/pem/rsa-rc5-cfb.pem create mode 100644 tests/pem/rsa-rc5-ofb.pem diff --git a/src/misc/pem/pem.c b/src/misc/pem/pem.c index 529bf80e3..fb5932981 100644 --- a/src/misc/pem/pem.c +++ b/src/misc/pem/pem.c @@ -91,6 +91,9 @@ const struct blockcipher_info pem_dek_infos[] = { .name = "IDEA-CBC,", .algo = "idea", .keylen = 128 / 8, .mode = cm_cbc, }, { .name = "IDEA-CFB,", .algo = "idea", .keylen = 128 / 8, .mode = cm_cfb, }, { .name = "IDEA-OFB,", .algo = "idea", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "RC5-CBC,", .algo = "rc5", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "RC5-CFB,", .algo = "rc5", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "RC5-OFB,", .algo = "rc5", .keylen = 128 / 8, .mode = cm_ofb, }, { .name = "RC2-40-CBC,", .algo = "rc2", .keylen = 40 / 8, .mode = cm_cbc, }, { .name = "RC2-64-CBC,", .algo = "rc2", .keylen = 64 / 8, .mode = cm_cbc, }, { .name = "RC2-CBC,", .algo = "rc2", .keylen = 128 / 8, .mode = cm_cbc, }, diff --git a/tests/pem/rsa-rc5-cbc.pem b/tests/pem/rsa-rc5-cbc.pem new file mode 100644 index 000000000..bfa956cb0 --- /dev/null +++ b/tests/pem/rsa-rc5-cbc.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: RC5-CBC,0F357D2C058DFC7D + +7R9clYlXUzb8YN+pmbAZVq/Z+v3HfcvaICjvia4Y8Yu6SzARsx3xlgVtv3SjWlPw +OyKV85M9WhaEVoRR149s0q7jlechbotUQxYhbtY+2xb9/JQBVWQWNHMiAiEILAjU +CH4aQjcKFlrDCzgts12DmHOmy+8KkKimvD4vjEezYRW83CQugcq15F8M34Jdhbjx +8drEjtAAC5QBllqaXmytLc9ON9HJLeN7+pao58lmYEV+/9aN8Kqtc05MPhkscpz4 +sT1APYt3vPy1nmzxLfQDfH+eYSt82ad47Btjvqa7lBGI2zvUTQOe1nUQHzqtXGDD +1CvtaioEsKFHUhZ/v+TpzNEsxXjpcmyuBR299h501O3D71r507JqGKZhz70aJxvV +gHh/4TDvdddQzx6Jm4jU4dj9XYqFber/IeYsCk1IIeLFZg6MVdebI4nS0Fe6pO8C +GUT4M3oiJu1/+1ztvbSsXkAO/l7a1c+Ww8hbQDiZJc+R398dUibcaU+rW9e14uu0 +dGFuLUZrIl6/26u5oiOA7nP2aGWZzAtwewY1TEWA//etdp6LxZoCchumLuUij3Wk +LZZCucFwWIURCf7iMmOJhNBu7laEZUyzO8r0bUNSiKeKjmxGsdSxunBM59yCtQbK +utrGyg8T7vk8gPjXPwco98XfN9f3ijlSB2Djkz4YpGt0OzPxd6ussq4PEWtZzY+k +cARtW3sBqk3ZOGXbsZDX8yGKlZQ31+++x4+2Vbnkbq0uSvo4ppKVpPYqG+am11wL +aS/2MAGDgO9HwRO2GklUKgRNTeBYMu9RaJYic1kPcPXf4X9lolMM0Q== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-rc5-cfb.pem b/tests/pem/rsa-rc5-cfb.pem new file mode 100644 index 000000000..11b2700da --- /dev/null +++ b/tests/pem/rsa-rc5-cfb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: RC5-CFB,45BBB5113B6228E9 + +hYBLZX2gE1Bgx93IvKmqxmgyHubVzuVNx1eL9JVS+fhJBh4Zy142QNaT4hHbt9mL +E6LTc/myv2uBCrROWHkL66irVyBIWRRRiwSC1jhkiA5xFLvCrKBM6tHqvQ9Ag60e +hrsQI2lbEyy8pQcAfMkI496jyTSHDuJWHT5HnMODk5rPNGpXmx1iq9bnNd+xU76I +JV+v+gHrZiMY+JwVWTxBf8aVtxHGqXiYp5wP5cjaQwsYjEypCwlqdrwChBH194Xo +bsxS0O1ms3lyIEDL04Thm7GVxIHohzkGUjCoYI8crk7sIFhf70ARqSbe33fIyLLq +2W1Ha598OXpDkpnk76NiHmTRmpl3mSOD1/ek1ZgTTyYjHg5/iOfqIY42MiwW99sp +Da0ObP3ZAM5VN2N2UtjO0RnpAUk2GGrRaMdco6GzsXALQJdKCJUSBMZjLMUfyMas +XEcRm54r1YpzobM8nglm1Jwg+h0ksUpkAHLQyguVknHn11rqTrPPBSbNDd48v/wG +OF3qQwWWreOy4VQ3aPVoOUiFyswHKTtvwqnnqeMxsa3dr3d3XSk6LNrLZ+hVJf9x +5L3MElYMZ/vKFnpbStgyEHo/vbkkT7jKWMQ6HWlRnoikPBFCwokYy/XSW4BJxD8r +tbj3JK4eqXVjXn6ZajDZEzVE9T3PEjz3kt21N2RQq5Z5keVpfDAhqvaszASkwu6u +FgSG3ugJXT/tldlmQzc0BdKsmWD++1s+fP/LmO5QTWG4mjCainSVthEeg17h8cC3 +AsHR4YOlSimlHehNh7jLRBKY0IhrxBLJQyEObN6HN8hUqw== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/rsa-rc5-ofb.pem b/tests/pem/rsa-rc5-ofb.pem new file mode 100644 index 000000000..1169a1aa6 --- /dev/null +++ b/tests/pem/rsa-rc5-ofb.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: RC5-OFB,10777ECDF98A48B0 + +e8Qi/eDAgoqpYdYGHLKHrsHIoTYG0n27BYf6n7DUn9G4ngcoyQL6s3goOh08g8LV +5RyvDi9U7ZUEAGVzM1e8wpjil9FAbfCMTs5am+9u2WPNWWI7miuEPxhbxkvQ0GZJ +0TuFMybFXw4DTgjdcjcllwnKfDjXIs+RGPbzJlZC3PTgiicgm+w5/lZ3B3rPw/t/ +UK6Rk/7QNz/RglXKnzTpuaIabLOxNzZvpqcVWW96FILHOe1Yb+HJ1JkytMRe0XKf +Ck4p6WEKF8GnE/wrt3CpibGWQnwzNcSmJzJLUuJ7uLyyUtAzP0goM+Ir3weyNJuw +lFHbi71//IjccrHvWKK3J2uCnUemxuvXzsBw/1bQiR4AmpFc6wSMJnjJK6ALZ55W +IYPVz99L7lWzyF8Y3O5KLHwEeMlqZ1ny8Aa13r76UR4wZmXVRrsp2MRudtSLrqUU +W1VanZCHku143qNbrZeDMyYGY6YnZ+kCtngZg7fxims+2Hum1HP9aqTlxoA34IiQ +tXcDHn6Ftdpo2ZwwfswP49rkBbHKs6WAKc4AEFuHTbF0lLCBuf6fY6Nli3oYbO+B +MqZ9mRoVNGl65F5U2ToCVvVJ5i19oAJx8ylfUyDYra7w2Yo06dmg7UGImaEX3FTW +pvoDZmE/WOv+OFuD+yNzScMPHfP/mDuoXMertzNrZJJYTogT1xeXBtKWc1qieBrk +HF4oIW6UEJI+rv0f8HMjS+SLNZOXlZodiBVdkwZBbZ75h7ZoDbsFAAnEqcQ/YAge +PFTpcMxFiB45J3LAtIQthZRJgpHgfSuOBpwDS970erZB1w== +-----END RSA PRIVATE KEY----- From 23eb8f97bcb7ab39214d69f3ebe3188656d4ddee Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Fri, 13 Oct 2023 12:14:35 +0200 Subject: [PATCH 34/51] Add support for importing PEM public keys Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_private.h | 10 ++- src/misc/pem/pem.c | 12 ++- src/misc/pem/pem_pkcs.c | 154 +++++++++++++++++++++------------ src/misc/pem/pem_read.c | 2 +- tests/pem/dsa-pub.pem | 12 +++ tests/pem/ecc-pub.pem | 9 ++ tests/pem/ed25519-pub.pem | 3 + tests/pem/rsa-pub.pem | 6 ++ tests/pem/x25519-pub.pem | 3 + tests/pem_test.c | 6 +- 10 files changed, 154 insertions(+), 63 deletions(-) create mode 100644 tests/pem/dsa-pub.pem create mode 100644 tests/pem/ecc-pub.pem create mode 100644 tests/pem/ed25519-pub.pem create mode 100644 tests/pem/rsa-pub.pem create mode 100644 tests/pem/x25519-pub.pem diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 61e51f3e8..9d6b5f630 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -293,12 +293,18 @@ enum more_headers { maybe }; +enum pem_flags { + pf_encrypted = 0x01u, + pf_pkcs8 = 0x02u, + pf_public = 0x04u, + pf_encrypted_pkcs8 = pf_encrypted | pf_pkcs8, +}; + struct pem_header_id { struct str start, end; enum more_headers has_more_headers; - int encrypted; + enum pem_flags flags; enum ltc_pka_id pka; - int pkcs8; int (*decrypt)(void *, unsigned long *, void *); }; diff --git a/src/misc/pem/pem.c b/src/misc/pem/pem.c index fb5932981..fb1f412a9 100644 --- a/src/misc/pem/pem.c +++ b/src/misc/pem/pem.c @@ -15,15 +15,21 @@ const struct pem_header_id pem_std_headers[] = { SET_CSTR(.start, "-----BEGIN ENCRYPTED PRIVATE KEY-----"), SET_CSTR(.end, "-----END ENCRYPTED PRIVATE KEY-----"), .has_more_headers = no, - .encrypted = 1, - .pkcs8 = 1, + .flags = pf_encrypted_pkcs8, }, { /* PKCS#8 plain */ SET_CSTR(.start, "-----BEGIN PRIVATE KEY-----"), SET_CSTR(.end, "-----END PRIVATE KEY-----"), .has_more_headers = no, - .pkcs8 = 1, + .flags = pf_pkcs8, + }, + { + /* Regular (plain) public keys */ + SET_CSTR(.start, "-----BEGIN PUBLIC KEY-----"), + SET_CSTR(.end, "-----END PUBLIC KEY-----"), + .has_more_headers = no, + .flags = pf_public, }, /* Regular plain or encrypted private keys */ { diff --git a/src/misc/pem/pem_pkcs.c b/src/misc/pem/pem_pkcs.c index 1839a3b41..b38a2b1c6 100644 --- a/src/misc/pem/pem_pkcs.c +++ b/src/misc/pem/pem_pkcs.c @@ -44,13 +44,64 @@ static int s_decrypt_pem(unsigned char *pem, unsigned long *l, const struct pem_ zeromem(iv, sizeof(iv)); return err; } -typedef int (*pkcs8_import)(const unsigned char *in, unsigned long inlen, - password_ctx *pw_ctx, - void *key); -typedef struct { - enum ltc_oid_id id; - pkcs8_import fn; -} p8_import_st; + +static int s_import_pkcs8(unsigned char *pem, unsigned long l, ltc_pka_key *k, const password_ctx *pw_ctx) +{ + int err; + enum ltc_oid_id pka; + ltc_asn1_list *alg_id, *priv_key; + ltc_asn1_list *p8_asn1 = NULL; + if ((err = pkcs8_decode_flexi(pem, l, pw_ctx, &p8_asn1)) != CRYPT_OK) { + goto cleanup; + } + if ((err = pkcs8_get_children(p8_asn1, &pka, &alg_id, &priv_key)) != CRYPT_OK) { + goto cleanup; + } + switch (pka) { +#ifdef LTC_MDH + case LTC_OID_DH: + err = dh_import_pkcs8_asn1(alg_id, priv_key, &k->u.dh); + k->id = LTC_PKA_DH; + break; +#endif +#ifdef LTC_MDSA + case LTC_OID_DSA: + err = dsa_import_pkcs8_asn1(alg_id, priv_key, &k->u.dsa); + k->id = LTC_PKA_DSA; + break; +#endif +#ifdef LTC_MRSA + case LTC_OID_RSA: + err = rsa_import_pkcs8_asn1(alg_id, priv_key, &k->u.rsa); + k->id = LTC_PKA_RSA; + break; +#endif +#ifdef LTC_MECC + case LTC_OID_EC: + err = ecc_import_pkcs8_asn1(alg_id, priv_key, &k->u.ecc); + k->id = LTC_PKA_EC; + break; +#endif +#ifdef LTC_CURVE25519 + case LTC_OID_X25519: + err = x25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.x25519); + k->id = LTC_PKA_X25519; + break; + case LTC_OID_ED25519: + err = ed25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.ed25519); + k->id = LTC_PKA_ED25519; + break; +#endif + default: + err = CRYPT_PK_INVALID_TYPE; + } + +cleanup: + if (p8_asn1) { + der_sequence_free(p8_asn1); + } + return err; +} static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_ctx) { @@ -59,7 +110,10 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_c int err = CRYPT_ERROR; struct pem_headers hdr = { 0 }; struct password pw; - ltc_asn1_list *p8_asn1 = NULL; + ltc_asn1_list *pub = NULL, *seqid, *id; + der_flexi_check flexi_should[4]; + enum ltc_oid_id oid_id; + enum ltc_pka_id pka; XMEMSET(k, 0, sizeof(*k)); w = LTC_PEM_READ_BUFSIZE * 2; retry: @@ -78,54 +132,33 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_c if (hdr.id == NULL) goto cleanup; l = w; - if (hdr.id->pkcs8) { - enum ltc_oid_id pka; - ltc_asn1_list *alg_id, *priv_key; - if ((err = pkcs8_decode_flexi(pem, l, pw_ctx, &p8_asn1)) != CRYPT_OK) { + if (hdr.id->flags & pf_pkcs8) { + err = s_import_pkcs8(pem, l, k, pw_ctx); + goto cleanup; + } else if (hdr.id->flags & pf_public) { + if ((err = der_decode_sequence_flexi(pem, &w, &pub)) != CRYPT_OK) { goto cleanup; } - if ((err = pkcs8_get_children(p8_asn1, &pka, &alg_id, &priv_key)) != CRYPT_OK) { + n = 0; + LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_SEQUENCE, &seqid); + LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_BIT_STRING, NULL); + LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL); + if ((err = der_flexi_sequence_cmp(pub, flexi_should)) != CRYPT_OK) { goto cleanup; } - switch (pka) { -#ifdef LTC_MDH - case LTC_OID_DH: - err = dh_import_pkcs8_asn1(alg_id, priv_key, &k->u.dh); - k->id = LTC_PKA_DH; - break; -#endif -#ifdef LTC_MDSA - case LTC_OID_DSA: - err = dsa_import_pkcs8_asn1(alg_id, priv_key, &k->u.dsa); - k->id = LTC_PKA_DSA; - break; -#endif -#ifdef LTC_MRSA - case LTC_OID_RSA: - err = rsa_import_pkcs8_asn1(alg_id, priv_key, &k->u.rsa); - k->id = LTC_PKA_RSA; - break; -#endif -#ifdef LTC_MECC - case LTC_OID_EC: - err = ecc_import_pkcs8_asn1(alg_id, priv_key, &k->u.ecc); - k->id = LTC_PKA_EC; - break; -#endif -#ifdef LTC_CURVE25519 - case LTC_OID_X25519: - err = x25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.x25519); - k->id = LTC_PKA_X25519; - break; - case LTC_OID_ED25519: - err = ed25519_import_pkcs8_asn1(alg_id, priv_key, &k->u.ed25519); - k->id = LTC_PKA_ED25519; - break; -#endif - default: - err = CRYPT_PK_INVALID_TYPE; + n = 0; + LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_OBJECT_IDENTIFIER, &id); + LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL); + err = der_flexi_sequence_cmp(seqid, flexi_should); + if (err != CRYPT_OK && err != CRYPT_INPUT_TOO_LONG) { + goto cleanup; + } + if ((err = pk_get_oid_from_asn1(id, &oid_id)) != CRYPT_OK) { + goto cleanup; + } + if ((err = pk_get_pka_id(oid_id, &pka)) != CRYPT_OK) { + goto cleanup; } - goto cleanup; } else if (hdr.encrypted) { if ((pw_ctx == NULL) || (pw_ctx->callback == NULL)) { err = CRYPT_PW_CTX_MISSING; @@ -141,8 +174,11 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_c if ((err = s_decrypt_pem(pem, &l, &hdr)) != CRYPT_OK) { goto cleanup; } + pka = hdr.id->pka; + } else { + pka = hdr.id->pka; } - switch (hdr.id->pka) { + switch (pka) { #ifdef LTC_MDSA case LTC_OID_DSA: err = dsa_import(pem, l, &k->u.dsa); @@ -160,6 +196,16 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_c err = ecc_import_openssl(pem, l, &k->u.ecc); k->id = LTC_PKA_EC; break; +#endif +#ifdef LTC_CURVE25519 + case LTC_PKA_ED25519: + err = ed25519_import(pem, l, &k->u.ed25519); + k->id = LTC_PKA_ED25519; + break; + case LTC_PKA_X25519: + err = x25519_import(pem, l, &k->u.x25519); + k->id = LTC_PKA_X25519; + break; #endif default: err = CRYPT_PK_INVALID_TYPE; @@ -167,8 +213,8 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_c } cleanup: - if (p8_asn1) { - der_sequence_free(p8_asn1); + if (pub) { + der_sequence_free(pub); } if (hdr.pw) { zeromem(hdr.pw->pw, hdr.pw->l); diff --git a/src/misc/pem/pem_read.c b/src/misc/pem/pem_read.c index 9341b8bde..2a8271f6d 100644 --- a/src/misc/pem/pem_read.c +++ b/src/misc/pem/pem_read.c @@ -167,7 +167,7 @@ int pem_read(void *pem, unsigned long *w, struct pem_headers *hdr, struct get_ch return CRYPT_INVALID_PACKET; } - hdr->encrypted = hdr->id->encrypted; + hdr->encrypted = hdr->id->flags & pf_encrypted; if ((err = s_pem_decode_headers(hdr, g)) != CRYPT_OK) return err; diff --git a/tests/pem/dsa-pub.pem b/tests/pem/dsa-pub.pem new file mode 100644 index 000000000..e792f802f --- /dev/null +++ b/tests/pem/dsa-pub.pem @@ -0,0 +1,12 @@ +-----BEGIN PUBLIC KEY----- +MIIBtjCCASsGByqGSM44BAEwggEeAoGBAMUKN1Fcq9YY1aJwvUpva0r54TmVDyuZ +OH2aZNZMtZZ63O2sqKzGG2Va3tsAYSUaGCzuoQeQYl5NEjGQxwMh+gnnsXPXjq/b +/b+z763RoSoDbecGkkqFKv96AWZTH+rGZ0GEWsBs7WL5wmJiBaT6SKBm7DXJqBH+ +uYGr7r4xtr/PAhUAqlvX9OUGJBPliDXKAMemNXFhlMUCgYA7kuT/WSkVCwiZWnvy +rRRAVW+gR/+QmbNEs9T8RRUFrmciQ5y6NxCliUc37Mz1rq2otHo1y52TXO3msH6W +lMSmDH3WcIoJT4FKDsIT++sWv+qk9Fb/cjAF3opEP77GhSZV1i0dHtsV2qRFgzwX +l5gLjYfzSQ2QvamrZ26HaHIj3AOBhAACgYBTFrD7v1mKXlWVwU+sQ7gIU+bPDZIj ++rGEWVI5v8vyLTg63ZNSBUl+KxLEYXPjb1S9luWnqqlaWKS3Z9LAvcgesToST5jA +Be85XWq6tws72LeV3XluotKEc0cDiLRk2bm4T/HJNLv5c2b1fC4R/sMx5gg4WWeB +621BJ9cNdK+gNQ== +-----END PUBLIC KEY----- diff --git a/tests/pem/ecc-pub.pem b/tests/pem/ecc-pub.pem new file mode 100644 index 000000000..99e2a9efd --- /dev/null +++ b/tests/pem/ecc-pub.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEA//////////////// +/////////////////////v///C8wRAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBEEEeb5m +fvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5hIOtp3JqPEZV2k+/wOEQio/Re0 +SKaFVBmcR9CP+xDUuAIhAP////////////////////66rtzmr0igO7/SXozQNkFB +AgEBA0IABCr5C9q+cWae0c8S0CSvurZ/+5YnPi+9HtX5jWxzncUWkb2yuRtAEFq3 +bG4yW/djYpQkJNvsP4vlbktkNzEkeU0= +-----END PUBLIC KEY----- diff --git a/tests/pem/ed25519-pub.pem b/tests/pem/ed25519-pub.pem new file mode 100644 index 000000000..41b0218e9 --- /dev/null +++ b/tests/pem/ed25519-pub.pem @@ -0,0 +1,3 @@ +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEAGb9ECWmEzf6FQbrBZ9w7lshQhqowtrbLDFw4rXAxZuE= +-----END PUBLIC KEY----- diff --git a/tests/pem/rsa-pub.pem b/tests/pem/rsa-pub.pem new file mode 100644 index 000000000..e4518fa98 --- /dev/null +++ b/tests/pem/rsa-pub.pem @@ -0,0 +1,6 @@ +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPmt5kitrIMyCp14MxGVSymoWn +obd1M7aprIQks97bfYUtlmXlP3KVJJ8oaMpP20QcPmASit0mpev/C17UiDhJKm5b +vxI3R70Fa7zb8+7kEY5BaHxhE9dCyIC+No/cCItPrKTidgzJY2xJWJPtzKrcJTsK +YD+LVDrDTTHnlKRE/QIDAQAB +-----END PUBLIC KEY----- diff --git a/tests/pem/x25519-pub.pem b/tests/pem/x25519-pub.pem new file mode 100644 index 000000000..67d5d88f8 --- /dev/null +++ b/tests/pem/x25519-pub.pem @@ -0,0 +1,3 @@ +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VuAyEAk4OBwskGGOapbeWgTLKCz4XM2PzZorXOuyJQEbMmVmk= +-----END PUBLIC KEY----- diff --git a/tests/pem_test.c b/tests/pem_test.c index 327ad7670..54622804d 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -51,17 +51,17 @@ static int s_key_cmp(ltc_pka_key *key) switch (key->id) { case LTC_PKA_DSA: #if defined(LTC_MDSA) - return dsa_key_cmp(PK_PRIVATE, &s_dsa_key_should, &key->u.dsa); + return dsa_key_cmp(key->u.dsa.type, &s_dsa_key_should, &key->u.dsa); #endif break; case LTC_PKA_RSA: #if defined(LTC_MRSA) - return rsa_key_cmp(PK_PRIVATE, &s_rsa_key_should, &key->u.rsa); + return rsa_key_cmp(key->u.rsa.type, &s_rsa_key_should, &key->u.rsa); #endif break; case LTC_PKA_EC: #if defined(LTC_MECC) - return ecc_key_cmp(PK_PRIVATE, &s_ecc_key_should, &key->u.ecc); + return ecc_key_cmp(key->u.ecc.type, &s_ecc_key_should, &key->u.ecc); #endif break; case LTC_PKA_ED25519: From 928c476734ba9c37c2a9c3739bb157a79a3b37a9 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Fri, 13 Oct 2023 13:35:13 +0200 Subject: [PATCH 35/51] Per default support PEM line lengths up to 80 chars Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_custom.h | 2 +- .../ecc-pkcs8}/long_pri_pkcs8_pbe_md5_des.pem | 0 .../long_pri_pkcs8_pbe_md5_rc2_64.pem | 0 .../long_pri_pkcs8_pbe_sha1_des.pem | 0 .../long_pri_pkcs8_pbe_sha1_rc2_64.pem | 0 .../long_pri_pkcs8_pbkdf2_des_cbc.pem | 0 .../long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem | 0 .../long_pri_pkcs8_pbkdf2_rc2_cbc.pem | 0 ...g_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem | 0 ...g_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem | 0 ...g_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem | 0 ...g_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem | 0 tests/pem/extra/rsa.pem | 23 +++++++++++++++++++ tests/pem_test.c | 16 +++++++++---- 14 files changed, 35 insertions(+), 6 deletions(-) rename tests/{pem-ecc-pkcs8 => pem/ecc-pkcs8}/long_pri_pkcs8_pbe_md5_des.pem (100%) rename tests/{pem-ecc-pkcs8 => pem/ecc-pkcs8}/long_pri_pkcs8_pbe_md5_rc2_64.pem (100%) rename tests/{pem-ecc-pkcs8 => pem/ecc-pkcs8}/long_pri_pkcs8_pbe_sha1_des.pem (100%) rename tests/{pem-ecc-pkcs8 => pem/ecc-pkcs8}/long_pri_pkcs8_pbe_sha1_rc2_64.pem (100%) rename tests/{pem-ecc-pkcs8 => pem/ecc-pkcs8}/long_pri_pkcs8_pbkdf2_des_cbc.pem (100%) rename tests/{pem-ecc-pkcs8 => pem/ecc-pkcs8}/long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem (100%) rename tests/{pem-ecc-pkcs8 => pem/ecc-pkcs8}/long_pri_pkcs8_pbkdf2_rc2_cbc.pem (100%) rename tests/{pem-ecc-pkcs8 => pem/ecc-pkcs8}/long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem (100%) rename tests/{pem-ecc-pkcs8 => pem/ecc-pkcs8}/long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem (100%) rename tests/{pem-ecc-pkcs8 => pem/ecc-pkcs8}/long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem (100%) rename tests/{pem-ecc-pkcs8 => pem/ecc-pkcs8}/long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem (100%) create mode 100644 tests/pem/extra/rsa.pem diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h index 5b57cb8e6..7dd17c3e2 100644 --- a/src/headers/tomcrypt_custom.h +++ b/src/headers/tomcrypt_custom.h @@ -580,7 +580,7 @@ #if defined(LTC_PEM) /* Size of the line-buffer */ #ifndef LTC_PEM_DECODE_BUFSZ - #define LTC_PEM_DECODE_BUFSZ 72 + #define LTC_PEM_DECODE_BUFSZ 80 #elif LTC_PEM_DECODE_BUFSZ < 72 #error "LTC_PEM_DECODE_BUFSZ shall not be < 72 bytes" #endif diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_md5_des.pem b/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbe_md5_des.pem similarity index 100% rename from tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_md5_des.pem rename to tests/pem/ecc-pkcs8/long_pri_pkcs8_pbe_md5_des.pem diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_md5_rc2_64.pem b/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbe_md5_rc2_64.pem similarity index 100% rename from tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_md5_rc2_64.pem rename to tests/pem/ecc-pkcs8/long_pri_pkcs8_pbe_md5_rc2_64.pem diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_sha1_des.pem b/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbe_sha1_des.pem similarity index 100% rename from tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_sha1_des.pem rename to tests/pem/ecc-pkcs8/long_pri_pkcs8_pbe_sha1_des.pem diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_sha1_rc2_64.pem b/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbe_sha1_rc2_64.pem similarity index 100% rename from tests/pem-ecc-pkcs8/long_pri_pkcs8_pbe_sha1_rc2_64.pem rename to tests/pem/ecc-pkcs8/long_pri_pkcs8_pbe_sha1_rc2_64.pem diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_cbc.pem b/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_cbc.pem similarity index 100% rename from tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_cbc.pem rename to tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_cbc.pem diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem b/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem similarity index 100% rename from tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem rename to tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_rc2_cbc.pem b/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_rc2_cbc.pem similarity index 100% rename from tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_rc2_cbc.pem rename to tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_rc2_cbc.pem diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem b/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem similarity index 100% rename from tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem rename to tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem b/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem similarity index 100% rename from tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem rename to tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem b/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem similarity index 100% rename from tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem rename to tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem diff --git a/tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem b/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem similarity index 100% rename from tests/pem-ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem rename to tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem diff --git a/tests/pem/extra/rsa.pem b/tests/pem/extra/rsa.pem new file mode 100644 index 000000000..017f88774 --- /dev/null +++ b/tests/pem/extra/rsa.pem @@ -0,0 +1,23 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEA0KXMyuA9+cL1xMjAzoQNYs3ieZkNxnJxXvgDYx+vb+K30DiBdQyM5i7nCUcQ +oMPswnNTCx4NBJX4km0pp53NsqGIcT+OM0URPWMaCfVeAvYFPYe5BBxtVKQit0qOD95Mb13oxr3m +LKC1VKHsvbNSexlkjebq61lhirBlDGla6d1t9XElkLnZ+Z/H+BCPgGpKEriSQAcp27Ke6EbHlVNo +l25lnV6Z3pZkmeAv9SSWEnw/MHrG64AM7e0izOaNtPheLp1PGqp5vD2HgMD7L6VZn+PsZ4RPskd1 +bVaxfsbdvgUD6C2hhrxle9QUtzhfi0MO1sq5+B4wJ6yT1jd3n9uujwIDAQABAoIBAAntXD0/hm4G +lXyg6UeKJzw5u9pO6sWz4UAEVd5BU4QOdJzJa3i/DvR5a9BYW2qtbRY4DXiccUB0GukV8jhBklgQ +RnZ48Hzw/tJ9uhnvh4262IymaKpQ6Job2x5UbkZEAef/PwQ3DydgGBs9lGQsOYhA24oYNWTa56ta +cYcHJju1PCMF23rNVx49hSbG/H3TNRAAqOjmYsnvoG+w62Si1np7IBdlIbSdnTYC27kqRIBTIhMW +xkdWSChsgIbrNA5iYtOOeJ4yq17oAikEpUiDwMYqd522WXVRHvleHJQ9CnneOiTuRvnWHTrjeeS+ +lW1lPWQMTzdaTVLV0i+5+F5MIP0CgYEA0+8AKP+rUI4nc8ZZ5CioD7DpIRNGtD8/86QAv4w49nmX +P+g9TBmItLD7mQzjOGxrbe8Stt4hALUIb2Oe5beJQDlKJpe1Y6sSk9+Tx6IdgY75NWjvhQCnJu28 +QQXbO8Q/Eapqz/VH18cXLYfZnScI2toJXC8GwghQM8NYTwdimmUCgYEA/AfkaxY8q2qDuORn0WlT +SyB33N7sro/PwMOtLrosSwLSNyNpmQxiqSPSLhBxnO0ZHiMcSDL7SJbs3C4fOWiNImx7RuNfk8vY +Ox9WowtmYOC+5D5xnJ9TPvuKBhjsLRZMwK5k8gr7iIwU6v+Mjoif8SJ6MRUrPiNDK0ChHGVBu+MC +gYBIbxQv7wofUyaaxD0u5NJj4oQbYNo2erOh0vjKfuNtIiuWlQp2OvflQeQL8EKsoymofiB4Tb0b +38PNRlAllTAcujfkrs85DFwiHDUG8xqAkFwObBoI7Cs0++Xul1DRwYYIxKUTBHMUhaAfWKIAuzmk +iwbN8eiuYmb++hHxmMWTnQKBgEWXKEspaLcsQhLbfo8kNguYe4BRTaklrIfdgARXA8Pyk3kGHjJU +aSmq6m4tvDFIhpb7uuN0sE3q3pwtYBHJ/K50pdV9EvcMYjhw/ssmaq51YEBFvbkxhRru+b2VRCFu +9uJ9RQJQZgPeKih5R6ZTs1Yx3uuOnNIbioB26AWfL/dhAoGACIxtQG+DPfc8i3NFSOA4UmGtUfQY +fP4V9/26RAZ0o5PM9arVxp6gIZzU5++83DFCmlPjvN7cbSQmQgkjn7I5KJkiUEB0i95hDRISgaNl +QsvXdLhE3x77KR/76AAxv+4VxK6y4rrbi1MQwRCEVjp6BVzvdyT+2lMexhLmzucpP3w= +-----END RSA PRIVATE KEY----- diff --git a/tests/pem_test.c b/tests/pem_test.c index 54622804d..256f2d33f 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -74,12 +74,17 @@ static int s_key_cmp(ltc_pka_key *key) return CRYPT_INVALID_ARG; } -static int s_pem_decode(const void *in, unsigned long inlen, void *key) +static int s_pem_only_decode(const void *in, unsigned long inlen, void *key) { password_ctx pw_ctx; - int err; pw_ctx.callback = password_get; - if ((err = pem_decode_pkcs(in, inlen, key, &pw_ctx)) != CRYPT_OK) { + return pem_decode_pkcs(in, inlen, key, &pw_ctx); +} + +static int s_pem_decode(const void *in, unsigned long inlen, void *key) +{ + int err; + if ((err = s_pem_only_decode(in, inlen, key)) != CRYPT_OK) { return err; } return s_key_cmp(key); @@ -115,8 +120,9 @@ int pem_test(void) DO(test_process_dir("tests/pem", &key, s_pem_decode, NULL, (dir_cleanup_cb)pka_key_free, "pem_test")); DO(test_process_dir("tests/pem", &key, NULL, s_pem_decode_f, (dir_cleanup_cb)pka_key_free, "pem_test_filehandle")); - DO(test_process_dir("tests/pem-ecc-pkcs8", &key, s_pem_decode, NULL, (dir_cleanup_cb)pka_key_free, "pem_test+ecc")); - DO(test_process_dir("tests/pem-ecc-pkcs8", &key, NULL, s_pem_decode_f, (dir_cleanup_cb)pka_key_free, "pem_test_filehandle+ecc")); + DO(test_process_dir("tests/pem/ecc-pkcs8", &key, s_pem_decode, NULL, (dir_cleanup_cb)pka_key_free, "pem_test+ecc")); + DO(test_process_dir("tests/pem/ecc-pkcs8", &key, NULL, s_pem_decode_f, (dir_cleanup_cb)pka_key_free, "pem_test_filehandle+ecc")); + DO(test_process_dir("tests/pem/extra", &key, s_pem_only_decode, NULL, (dir_cleanup_cb)pka_key_free, "pem_test+extra")); #ifdef LTC_SSH DO(test_process_dir("tests/ssh", &key, s_pem_decode_ssh, NULL, (dir_cleanup_cb)pka_key_free, "pem_test+ssh")); DO(test_process_dir("tests/ssh", &key, NULL, s_pem_decode_ssh_f, (dir_cleanup_cb)pka_key_free, "pem_test_filehandle+ssh")); From ca7b4ee3541796a978bc44552104f72891fd6b04 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Fri, 13 Oct 2023 13:37:13 +0200 Subject: [PATCH 36/51] Add more SSH key tests Signed-off-by: Steffen Jaeckel --- tests/ssh/ssh-rsa-3des-cbc | 39 +++++++++++++++++++ tests/ssh/ssh-rsa-aes128-cbc | 39 +++++++++++++++++++ tests/ssh/ssh-rsa-aes128-ctr | 39 +++++++++++++++++++ tests/ssh/ssh-rsa-aes192-cbc | 39 +++++++++++++++++++ tests/ssh/ssh-rsa-aes192-ctr | 39 +++++++++++++++++++ tests/ssh/ssh-rsa-aes256-cbc | 39 +++++++++++++++++++ tests/ssh/ssh-rsa-aes256-ctr | 39 +++++++++++++++++++ tests/ssh/unsupported/ssh-rsa-3des-cbc.pub | 1 + tests/ssh/unsupported/ssh-rsa-aes128-cbc.pub | 1 + tests/ssh/unsupported/ssh-rsa-aes128-ctr.pub | 1 + tests/ssh/unsupported/ssh-rsa-aes128-gcm | 39 +++++++++++++++++++ tests/ssh/unsupported/ssh-rsa-aes128-gcm.pub | 1 + tests/ssh/unsupported/ssh-rsa-aes192-cbc.pub | 1 + tests/ssh/unsupported/ssh-rsa-aes192-ctr.pub | 1 + tests/ssh/unsupported/ssh-rsa-aes256-cbc.pub | 1 + tests/ssh/unsupported/ssh-rsa-aes256-ctr.pub | 1 + tests/ssh/unsupported/ssh-rsa-aes256-gcm | 39 +++++++++++++++++++ tests/ssh/unsupported/ssh-rsa-aes256-gcm.pub | 1 + .../ssh/unsupported/ssh-rsa-chacha20-poly1305 | 39 +++++++++++++++++++ .../unsupported/ssh-rsa-chacha20-poly1305.pub | 1 + 20 files changed, 400 insertions(+) create mode 100644 tests/ssh/ssh-rsa-3des-cbc create mode 100644 tests/ssh/ssh-rsa-aes128-cbc create mode 100644 tests/ssh/ssh-rsa-aes128-ctr create mode 100644 tests/ssh/ssh-rsa-aes192-cbc create mode 100644 tests/ssh/ssh-rsa-aes192-ctr create mode 100644 tests/ssh/ssh-rsa-aes256-cbc create mode 100644 tests/ssh/ssh-rsa-aes256-ctr create mode 100644 tests/ssh/unsupported/ssh-rsa-3des-cbc.pub create mode 100644 tests/ssh/unsupported/ssh-rsa-aes128-cbc.pub create mode 100644 tests/ssh/unsupported/ssh-rsa-aes128-ctr.pub create mode 100644 tests/ssh/unsupported/ssh-rsa-aes128-gcm create mode 100644 tests/ssh/unsupported/ssh-rsa-aes128-gcm.pub create mode 100644 tests/ssh/unsupported/ssh-rsa-aes192-cbc.pub create mode 100644 tests/ssh/unsupported/ssh-rsa-aes192-ctr.pub create mode 100644 tests/ssh/unsupported/ssh-rsa-aes256-cbc.pub create mode 100644 tests/ssh/unsupported/ssh-rsa-aes256-ctr.pub create mode 100644 tests/ssh/unsupported/ssh-rsa-aes256-gcm create mode 100644 tests/ssh/unsupported/ssh-rsa-aes256-gcm.pub create mode 100644 tests/ssh/unsupported/ssh-rsa-chacha20-poly1305 create mode 100644 tests/ssh/unsupported/ssh-rsa-chacha20-poly1305.pub diff --git a/tests/ssh/ssh-rsa-3des-cbc b/tests/ssh/ssh-rsa-3des-cbc new file mode 100644 index 000000000..bad201f64 --- /dev/null +++ b/tests/ssh/ssh-rsa-3des-cbc @@ -0,0 +1,39 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACDNkZXMtY2JjAAAABmJjcnlwdAAAABgAAAAQKPktUV4Cvg +CBrkttDwMiXwAAABgAAAABAAABlwAAAAdzc2gtcnNhAAAAAwEAAQAAAYEAzsZq20neLcOK +/lzV+lz84hDGeOzVq+NOSfNcmRnaoaqX7b5k2nTFwlIt0aq2FXkQEpi0Mk49jQCgeIZtNu +IAezm5GA965HgztOCe2hhMxwygkiB/7kWrxTsfUqzlcsY9g+qwS69+SjqqvFcOp5D05axI +rdflSufuoUtHtTSR5taNqPw0k0Mg1f6eLabne1SEf62XxwXkosGNQH4ciRcez4jVtXJg3k ++Pghq9IiHoUuo9GUi2zUAbfJ4BbXLOIoZO6wdFrKU0hRRdjowILr9JcUWpSEMUxW/30KYI +oXUk9nQi/xmf5Ddhfoktxq5RFvASSHIUaYJjWulApycT3VbvosAkogRG9IAa1gt6nVaSfu +Uv80SVn7IiHckbzUMcYYujpPBVhJMa0V80mx0QRK2DuEcy2dIXYJUVguSWRhp8wocWRZy3 +/Ygs2H59pFej2ugYxdJ5OFylBvFob6bxFRvX3B+gW/VGugVhhirfJSAYWjabQJmBJjLx8d +ubdH+srLDBAAAFiJy39dzBrApRitaRntn9ZMWIfdUeQeQh6tisJGwS4X394IkncfmvQ3TH +dtnRb/YCk7Rwpu1/p4cpgczfynob2PUM2Uwl0PnV784eiAyGtwI8mCyMV26GqbZsqm6vSt +KjX+1k8XuXee7beECUuNKaMBn966ZcDRKaVlEeo5JzvvzGfXV0cWtqFYonwbZ4MAnMg2iv +v2YXhHhnNwXAoUnkyznsmLUSmR4RXcEBAwKwFYbypP/u3PLrEqg1HwEZTiyx2yJqRxuH/Q +esOFkwWr6uOh1Rv9ZgXDAswsRHVC0V2wHL0yN+hZk04eiOweIDa4vrz9R5IYEzwP7iidAr +m5FNxVCb5w0af5/2OwJPwjM3APV7QAj0JW0cfulsHdGaRFpJOWRFXM6adQInw7G0kpI7Nj +HGj3udqaQz/T2joLH5wCPL3oog3VQmyP8xeSNgobPZIRDV15dMyTILs+6pq9plvMmtb2Ud +idU+P6ClVh536WsV5R1t54bETXau3vHXuvcLRmSWFfWpgvk88teP30w6IKqQcE7qvjHJo8 +jT1es+fxwxjArW44HvDJgyzOvwowP81yKxTbuSKaJS3ZMFZ1j6O2FGaDXBiohU06h2WSwv +JYoLdkLUsPyF4pWVLW/aXBLho/rPDsd5MnRA1xaLARVoLBULi4axyotg/cysmWchduO8tE +0Uwh18LJcYsdGqEsxyMx6kZimKanRi8SBoH2YvGQywyshamUIlq45CwizlkKf2CD7Ld0NF +0kNMrZnWtmCMfH0aqvbsWBZwBFdb25PoxyBt8oVcskWgjgC1W+6D6nEAM1ZqWHETUSS+Fr +UxwXApoOp1C7LT+B+W67qPZVC+ZmA52fxfSCSbErdqEohTHU0lC62LkU5aW9AKxfib0Tw2 +2Us6HkuhIez/5bNtCI9N5sRvmarKRoQJT8isE31Yh+SQSIDUPXFmT5fJP5/J+XG5pATCwI +p/PM2DNw9LGQno2sPKFAvstbSHWhl0lPSzbYdDi0gwdyZyAsdyWSsdZgBWobH//vD1t2xL +05MTlfkZX4XBmTDECxWw5rNwV1DBraq6YfBdUxFGOx0wvGR/9Xebk7lDCoLeSAs8LhYxP0 +XH/MBVGkO+SovW7iI7Itgyer6XTdVmPid6UrCqmx51LLSgK9QqvLd2eyAejpA35Os+Lqpx +iZZ3jzbVfmYbDLgsTs9UI65a+/McGPrqZkp6zyjfM/l9SEZGreBMZfD5tjVYtQBE7Y6jGz +LqyeQTsWHH6EoyIX8k9l6FAi3pdrCY6vHrkb3WKuWLkQ5KKYcNu773fkYA/S8//XYdNIg/ +pkQ3F7x6Lemjd/spyfGnc06Z1SeEAbAJg17YHERl6LTIwuUjvr7UHNpCXERT7PfTpT2+kg +yuATsVT86YCboBd4/ZV02hY1f15c1de+qNym49GzNHdhc4O+S7keD11V9gHEGw6N9EZYNK +FkwRYhQQ5ZoN8bQKAyotLAaiUetlewZ9/SZCAek8tg57h6KCGbVaGKtTVZjEZzMlIVJLH3 +AfaYUokbGoa+74VyYQlLRDrfTMPWQHjgFl7pOIXFxrwoULExi4MA5DbsJskP/OLFbHPu6P +psGkIOewNkZ1O2tZ7+5HM2A5AUjcCcPFMVizapC0rOOXY++xadBM8tLkjiSuffnkar+sTj +xEbj/hDqcLCskKSAk3ggnB8dj/ioJFh4WzjEIun+pEofGh4AIZ796TgS4wChZ66ii0i8kA +mZw7gXPxBMG/fO5DYq0S2OQiK4JKdD1igzuW5zHG+pz4as8CigtRM0RvqLm6IzoRBA9jR4 +IR/9q22S5NFllbXA8tqe1Hg9fxdbDvj2mWhrY/Pc3HiUsFKAI4JdHVMlUPa4TSQETfSTz0 +j2GoBjHI742bRQ== +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/ssh-rsa-aes128-cbc b/tests/ssh/ssh-rsa-aes128-cbc new file mode 100644 index 000000000..e8a1cf415 --- /dev/null +++ b/tests/ssh/ssh-rsa-aes128-cbc @@ -0,0 +1,39 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczEyOC1jYmMAAAAGYmNyeXB0AAAAGAAAABAVV+dV9h +ZkJrhUeTxZmjrbAAAAGAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQCxRCdPxlhZ +hS03U/Y6Fv5vR/AaBpGi1UKaH5cyfNGp75ywZJYWcXzp7fCesPwdTzDakqK31XMGQqGlav +fj7AkW++iXC9aVmACg/RQeoSHCJotSeBnJZH+MTGJ1iskcfmzDiEOAqzWegh8hakj4RQQK +znvhqoZ31B4K+4g7Hwu+srnPjQabDDmV2JoF8Ns7kAA4Uq+dJTaRJasJmPR5Kz3Gy1hWwT +Z92LWdhCiNAM2bLLcERpTaB8FG+J8qNqrUp41I4u4B8zZPPZVK0NnYqAZt472CywnfRRFo +ZgM0zBw01w26manTvyFOadFngPOlvmu9smioKVU3FIlz/GKQn9U9WqMRURu7Vw2W7FwSBf +q/ssfXAa8OkQIQHaq/+MOSt7hwkXKY9XgmHlN6ob6hoIql+rEHjxnpwXzl9aNiSEqqFMGB +pvyXeUhjcCYFPsNyxshjNdMcKk9MrRQLPrSWP8uNTO7UZxktSBAgIoRJt3LZjkNm/2zzR1 +icP6NeJZLe+H0AAAWQ8CTj1156lRSjdFzkpPZwCg7/4uhJSJWvQesMHmK2K0JzrPxZoqXd +2iY3jFk9PtqH6tp+M2NfD/bqvoZiDH2KceXKq0WJ5ccFbki2eO17j87R0VzuTJ2NThaayk +9BQKG0USwbWpUBc0BDFwg8WLtt+EjrtrNbkibXjMmkr62kTvFwM1bg4fW76fUNfkj4QIeS +kM+1yTu/k7KWoBeiyPn3+6Wjb93alvVHpBMB76JcrRuMANhYJn/+wlnKVwGl9hFVnzu9S+ +hTDORL3I1Wj5ANEENU9hf2Totc9pteXOjCdnNPbZPjMPZZDqHLOm1QBN7u+OosQsp9p7ej +aEeOVB7pbY0GyDzW9w3VhQ7d4xMCI2NnqEvKt6FOy8YolGITal7lqvup4OfKGW+uT1bubD +O9Yjgt7embVQhFagfzj/tTJ+pHzSYpm6cAdT+fRTmIyccOD/NyE7dgUiJpo5TPpZeBcvHS +XbcKGLKcDmHXsTjuBExT8ONT9xvintfORjAX7ghZHzr06UGokSnIfpxOjzReO89VQmO32B +CnChSj56T0+Gv9rn2miViech8VDTbaqbYuL9rX+4p5h9DRoDPPkTUb0MSPQpqa4bwcgN7F +oB4W9QlfZKbkjj8d3ZTCsIIN243Wv3ITLyKRe+WzYcf+dMzfd6qwJuescF18Vb1OYLKazr +QCCYuzOvTWhhEJuVR/NJnFrnQCOAwZfVKLcV+PVgJgvUhToN+fXdtPzzuLrI7dxy/bxC8x +C97gDCz4TAUpsbDbnFpCbKZowyVS23pAgZn0kPl+3WTbWYc+As8oIcFiUSFW/qKtK70/3O +seBkwKMa/TGMzffxc5QSH07pjgvTKnhBpHwG29PJvKzxXR9nAuGTFopCwE8ceOx5i9OkQY +0hg88fedkNqGxdccyY1hY+8h2ou7GAXxQ+bnSKDBLexJQQ6izHkgMh8iem596gjSKV0QLI +USNelPsnFe26FL9a7xB7joqRZ6nPymYmw6J68bJCNlfhRXeVvJD3b0+tz/tjoWuuzRZijM +Y5PkKLlfgtAHcGtiwRGyLrovh08w+UjJdxrz81gk2ZLqUyBKqTc4GP6L7Paf8iTiyF/mb4 +SELfUu1cqYhlbwaAdhduwqxSwH6MfI9wfNIgsawA160zfhk8eUdqwjOwb9mkLALUD0muZ3 +0ewZkx8sUYNT8E8VoFxTNmZHoc4cb6eJKfLSgMQUqH0RPI1pM17TdhSSngnUNcx0BAeXk+ +tSVmHwk4W6N0yI5BmWkwJ05x/oWG+YUIamZJMNs/k1IPsquKXXpavTBYhYu3k2sP4V7DL/ +/alCv5AXVjT1MCy7OXHDCcwAFKj38jfIzpyl6Lc3x4x5fenYZFlzAsJUSfq2Qpl3o2AzL0 +y1CxmtU8H9yyYJGP5F6AkthqppjhOJoBucEnxFsc8PWvdBVyjEdFSVZqBSWqnhNcGYFS2X +ai5R/jLSX6KZETz2pDWjNSxuIDOPfxrg/nXIxy6otRHAZ0uIBavDxoyIgzLMRwHQ1BkVMS +SX67GiwqQZiqF8SeUE7oeRJtTOvxrE0jGYogXcr4Qbr598xF3L/T4xa0qHY/43LmpMPmxo +a1vvxy5N+5JUkSYwe6MYj/w7eANuxrRcStmUY15ekH9a/NXJcRcqA3ef4PW8PxoiEMXXJu +e3dvJU/8kZxCt+WdLh+kICmsJe7jy+xEZUAH5ihfQDSOF0ZOqmv5EjzK3Gmo1GdHB92deo +Gr/MMxUPiUiOpCgq7Kgati/QYv0Ds51GcTTcAg1RVxf7U+pYtsf/FgJ2FE2x8/1sug/OE5 +vZq6csDJbr8MVbCxvFwgKsJrvR7ZYqiwyYzcJM9jMsxR4Qjwch0CIDz9LGxHQnZFGJWPab +ux81voaC7xf25eHHFV5vVvzqxwQ= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/ssh-rsa-aes128-ctr b/tests/ssh/ssh-rsa-aes128-ctr new file mode 100644 index 000000000..27d7f3be8 --- /dev/null +++ b/tests/ssh/ssh-rsa-aes128-ctr @@ -0,0 +1,39 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczEyOC1jdHIAAAAGYmNyeXB0AAAAGAAAABDzq5OQvu +zc3rEi/10AsEmjAAAAGAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQC4y4UcYFe6 +sz/jLqBIgCoZWTneQ+NCOHz7+r6AgY8CJdt+osvXEv3FzpuSjrMkkY9ftcn/NWv3r6EFD4 +JuNzPecjqiSnunCM6v1+uOAsmYI8S3YmUoRAZOWhEgWsf/4QWj3cjNcJo0MPTYfJsM1LgX +t/g85tRy1KsdifHSiJcgyK4piGqJYdw0BiUKd1Gj+KwglddbVEVqZDoaUYo/Wun10RAVzc +gAWhglrbQLc1/U9VgY9zFIy5HOjJ1g87DQg2ZycP3clyLbR/RuHK6zyfuXna7yAqG4Eddt +r1JBYWqCndBik5+unzD0vP2nNVHlvnQjzYfVxHcsP5X52LhI45GDfJZtbLsT14DYe9tXia +DIyMUpuuE7s0n2M+NI+5YOoDq8hzJwY+31T4/ZybIqs6HJve8XDFD7SwbUnYTlRO31AAEL +xTaq/t+oCCi0fHDfw+ugFYcEVb1yjpUghKMJsH21JNVYor0wxjX0Onq1Y109bQn6lMB5iB +8cMheRiz/PYmUAAAWQWEuXZ1W1qMXpHxOe/MjemXgxnij8gzg3474OtWiaE7q48SERJCoK +EYeMvj+1ztzAY5ExoS/YVRR/f6/qMJnkxXUazqIn3n4SkAcFmnE0GWjwchkjmrD4ZnLrX8 +0CiK2+0WvxCGnIaKRE9DyADm2J5AaYayTGcG/4nC3XFUF1TA+EjUvvN+08LhHg26VKmTFS ++iMj1PXlkvqevRdIqhOQt6xFWwaNVRkdwdSx3qwbf/P3lKxljToeEvJaz9qpurXCEeD6DW +0MAseoQpDwkJobzEemQqb7MgY41IiR8qArE8FyZr/YZVc9XvIIwAMWvCWkNguuXLFSQDUy +htcaEpNJOmpdZw9BbJyGsvc9TJad3naxHjxIfiR64ujV/DAoxO8AC8K8+1djBZ8rM5jcwa +DohEIVZJRMzHiiW1lXi3L/m09g+PJGXF+uE7RkoewHRxpWT5guEkNrAhV350b0BQDBy+E6 +7G+VL8CF+3Oj9IaKfBIBZYiXHWs2wc8u/bGNXoxkmI05P1zA84tH0l5YPBYoau7xlDNv5d +Q4DjHQKfQwn/JLA8rEaCAngh9qppc4QtHn8v0Jf/bREGCK1/z34eq9G3RTpwDUpuZmD18R +yfKXlJxexluMWCgv5Kxl4Vs/bdne7tZolN5UNgB26d9Yoql+mh59C4ZKVleR2AfblJsaDb +J4tV7k7udDwa5pwM5Bgixr2uNu55in/np8KAXQsyTQgmunqv29qm9JHVdnJ1+h+MJ2WJP7 +JiloCGCi1HjXIq7OtioNKXxO0ZgPhlzPeyx8yx2GFDYqKk/x7vComsAnY9PPM2BV+taobH +hIx2WEXAASYgF+5gJmEyMBcrG7zhYTqGN6u/EF2VvXdiseurCqeJzsUyrQ/IMOJ2ujG9MI +m+YhNF1M1aixV4o4Tx8QhVP0+JYab0sSAikO5rqfDO8F/dbErWPVU4FEo0Er/lX8f6uCXJ +eETvic6pfpUgQWLQDvdbWOeJ1lwUckEyUg6I8FlP9L7oWmXVH74rK9wb0ypoG50SugFtsN +bstu02bIlO+KKTQsw3PXvImC6NXExlU/pRyXs4qjZBry08PVraxYQsdE4SqIuVs1Hm1bHp +QCgCv6q2fdjwA09tjNmEGqJxBR6xGdAOb2VAksjedxFJreTkiB0yDYSSctHK2ikRd6YdKn +5uNLTIyEujv0Ja5ctyzghTpU16Fz21eRcENzGopn5/hX9Pb9hsgY+0sgokfqvSj8LdYB1/ +l9yO2RcuS6i/wuzmNCgI9XNjsctPOz+I8PlmnTALUms7Hpo+r4Yg9RzZ8ieAcHCumBvG4C +G/vqB1sFk4lp4eoUOl/NBf0SMqDe7e+6zzBZ2wqvaxEEU5f5kDxDLGnkMMZanCcVHdy/Zd +lXvtsXPJnBgApayCjE++o8br/3g8yG3RrGRUxPiZlaTfKSWcanqlPo6VHdJKk5cCgiF5yL +VF+tXF+h/dorwHXjin0Uh4lt33E+IevOenCnt24VLAacbo3eced+kQSgwv4+VcILZ6d5Yn +NfIcJEapYbEVOIhZ62LK5ValvshLy4+WLGtXC6PaQspZoU18v1+RzEsloEki9xVlnGeeXv +D5KoZ4LmEuhciXqK1pW+7HgdEKGrLzwv4Io8T2UyluMko9LedNPGl4LPLGkHsO1LQfblvQ +g7FJ3Sr7EswmcKIayPngzHtQsD0ertPa4ugBnBCeti3owzkrJmkAetezBp0TyBjqotbru7 +0F2ls+tKR1IpcMWTM/JoWD1pyFyUvP+OtFb8TFeDTL6l8fp/KuXKZ8wsiI2Dv+2HyHZ6uC +0Q27tMNM+nFkUpBNNCSi/g6cqlJYn03vn3VB3QJ7/oLkuXVhBjlwGQSo4VHD4MzNsVtEZZ +BBQmxT0HymwCBJvqJmNzcng4psM= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/ssh-rsa-aes192-cbc b/tests/ssh/ssh-rsa-aes192-cbc new file mode 100644 index 000000000..5589157a3 --- /dev/null +++ b/tests/ssh/ssh-rsa-aes192-cbc @@ -0,0 +1,39 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczE5Mi1jYmMAAAAGYmNyeXB0AAAAGAAAABDB9xo8KN +JMTqh/FKp7SfngAAAAGAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDtWi3Z2q4/ +wtt8vjC9dN4Ma20U+rjD1uxalqmWpSPRpxGi/cB0qvGz0KhvGLbQrU/8djSkjCrN3Wj+Ay +WMnmMEedPM7ezD/F6B2I57QnKkv8J3rEq+0gKAo+W1FsFc08m9rHDxvoSVHv+OlWtk+IU1 +vn6eFmptfax+1ZMlBjwwbr0MCoarP9UzXhP1wCPUGZqIJJlJxu3IR3YE/1qJ/TQtxJaMyU +rMwRdH9bjjMWEhobkmLOuM2kiuMXRbolwHXsvSPwfhvDWkqzdTK07xyet5B4RJJwAVolUT +turkp9jbHkv4nXhrcM22D6NoP/h5GpgraGmU+SdALypWilArhU+uRROEQFXdabMhqKkzRN +l8oDG2lIv5lYjkQ2RhEvREdA+PnSwtjpjtdBxZesvdu1cQqE5MvAzlqCTqf+oNE/8AqRgE +evyLwamjkOPTz+IhyQs/m9uUrY4otje8kF8RJLYhH0QCR7Tk+uHD2Gbk+MghCMnlklaGlX +aXm/+Pp6i+yncAAAWQyh/VzfS9ScFptUfDeJ1S5l5kiMkKuI7syfL5Y5T0DGdTTWEjYn8k +NCuNS2bgu399Ui2scGiTTWAg8zfFNFg22bg9NZT6QvNEnsFAolxgVJX2TyGBeoDor3BR2v +L1A/eVZuopBhSUxnZd7gV1UYrSoMavKHjSO2iQUVLugwSwgB4aiNACtpIQUiOCx5dsNnmz +DJj8f7vKsPJgELNHi1Ol3254I/b0qPlrO97FcW1rR4jwI6rY8JO9TfLCIVFq3aXZACPgCv +XRJFNtvnLFmfLGgccZxpdD5OD1NG11izktyNZ0VIR63fe5FepO8QeKexynxPMWaEoiWEIw ++hAXsF2Tw5coiNMVMn2jSTUKvhatO7K1hO3ugNWpEsMWDxCCxzTPSZpRw86ORvcXH4Pa6Q +zzl9y4zWuUqyqGeq/0Pl88vRlD+dkUusZ6axuZeZe/dN3/HWxhR+i3uNdLHvSsCwG0TfGR +xoS2iNfDt2M7/jcTwNO6xT3P8izLp1RmdZNfOF03MjPpGoS+WHfgNqt8QhBTMp7P71igwV +BlSGTWvQC0RbyP5E3pjo+CpMkSf5Yu68mtN82JZH6hI4Lxwboytbu7JVNcpYa6g5O1Y2I6 ++C9SwD4jneoam/kIRwuY5TfRGN/N2rzUfE07hvW10l67SbG/8+4k87o0nOnWlSaq4Rz/u3 +EORE/PeLcNZC7ztIeo83Ows6pT44TAwCjPhAzwC0vzjgyKd48AZLZ8hCSVIJm7BLQsnK4W +wB93WOWSAaxQlW7uelrIBffX2hWs3ElZaGp57bcIBJYqNG9klBUEQtkWGWkGwEdlnhrfWz +SMaTLF71v13I9u/5xx/Voaj4Ftjh42uE/+PJpyRoaf+16gCw0TWf1ouVK5OeU+EEmWC9Em +ZnUVmDiRVsSFqTOdDwzB3dhZL1gUM2HA3HdMyzcelFv+BZklXDL2Bvi3lAwpyk7gnNnwn0 +nsxFlMysP89TidlJjLfmwuFEE/J9lKRupFKQEP3wFf1jFiROKyKnQoy4xwnReaD79L83Br +RX5yquNB7DLYQWLI+n0JyllkYILgDHXmxYmAUxk0WRS/lpFzd8nnszhskyTSeGMK13HgRp +2EgVLud4w6FZg6aKaLjPogQCv/GmHQNIF4BPRuzdjYfkHIbxrrQ1TAqdy2Clnp99Ib8sRp +MmmySHjFR7vtuXeoX7fJF5NNaSoyg7b/VFpOt0B8bhQiZQvwDKs3K+7sLq77OvfBv1lO9h +UXsjL+9h2mjSWOdlg6OyG8ZG+33lrZnw/NL15mWu/pW9ME49fIeG4ohzrSlBpNGd66TWp3 +Cx46dQoc9Y2KrZ1lT+PUJQUVCj/H6+ZkZMiypL/rOW00UnPRbLIlXb5FKVey7LgKOL2mUx +JzFT8I9/QxbgbOhfjhRfMgl68D+26AYQ3ZNTM2sH6gW7Hbyzb+p/fMxJMGfZEEqdivcTL3 +HemMZDYZtf+2XJRFavMIEj6i/muTf1Qk79BDiu9YPVPx9y6cKLtNEIzR28lz0hJqvKQkc6 +XkVAUbIojWpte+raVuIrcf871jf5rDn4SHk1DiHD75qTl+8+H6ywFD/pkjU/+0fAhWzXBc +/1+xefUYLpKf46jmvA18BsjN/LZjQw5t3AOgWXW4TeKup2Itw6/XNY/Unry4wq4TcymDsx +hy6C+FpDEiEmIaLOCwDmHFulRRfaq0TMzA0ePeVUQdyCBp1uE73J453ztDa0ex9WgTug9s +Xu0AAGIfTs4LIA5btGIHrywYCraN58U6rGW0v+ZWyjVMnPRFxRRnkTUwgc/rbypJ7eouRb +hyA15qlbqc4k4Bap6+AxMj5/MdaBqA7rzOr5rNQpK4YP7Pt7JtEcyA4a1LFjHjH47u5X54 ++rgDaLZCGc+P3k4moHJXnOLPFT4= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/ssh-rsa-aes192-ctr b/tests/ssh/ssh-rsa-aes192-ctr new file mode 100644 index 000000000..215d2ec28 --- /dev/null +++ b/tests/ssh/ssh-rsa-aes192-ctr @@ -0,0 +1,39 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczE5Mi1jdHIAAAAGYmNyeXB0AAAAGAAAABBW/O0h0S +KVx2abU99tL1gHAAAAGAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDQD6r3dSEi +cm7KBlQpO4xF+ZCthECwvuKaIOU3QU2VWqSsq5YpxnJbhba8NLZuc73mS1D8t2xGQHkjYO +7pWzcsa3YJAKL5NC+qtc98Pi/bbW6BrXfqnajU1IVyOXtKJUclG6TFYMk/3xgkGqeu7NXE +aUUjJNWqNnU4Gr4FHzK7vK2IGidi0SCt2Q5OypGB31/pgI9nR2tn8oFkl21911tQ5rOiM6 +jBEQmMgIY7Bua8ocQm+TBTHaQDA8tATQdbkqMpBjl/VaA4mByomdj6exk+/RDIwp4wg0ka +CcxZq9696xy2Yq1fZx/nS5Un+lVQZc8FJ8tCGofPobjTiDiFUS5+rbbeSmVZepBgbjTuFs +UndWqZ/tGbrp5tGMqz89M76yAZoOvC2z6SVzbC2JItWYAfaZHrB1THunWr9XFDrB0a+EaM +u9zcab7uVuZvfSPyLWb7mjvCRZxc6WEsFSTHZfEa4yPLWTC3D9Y2SfT+P1Vj2OEIYw955D +eOboJhjjmghTMAAAWQse0NSR5VmqhugQbrkk7ZmhNlp9WnBn7R9ptJ1muZvCHxbTSOCEmw +rrl5vgKzQ37P1J8rn0iE1N6h1epDFOkBLuFi1tBOM1vFFHyhPXPZKwuGM2haYTeeXAuYrT +rpO/IXC9UXHU+S/eRUZg4rE1PUQH4v/f6946nNDse6v7uUreZVzO4DsdwykfnHU3zYMj8+ +MdEan3wh1jL3vPLH1dJZxQqYV+3LcJvRLBrFbSv91oyMVIr2dFitKcF5K2WvZI8zUwZ3i3 +F2yLw4eSxADn9gLT9KEzzTJ4l99oM9UPsWVZQzWJLhmQ6sLoG5cW0Roi2JlfgdqExxBQmu +6rnCI6NhiaoCUAC9GQcPAgAR17bBONB3EZJL6KWYNoHvTD97nKoCrFITXjjwprjVZS6bO1 +/oEUo+nhPkvEDzPeAugwOOFPdrKL26stJpLG+xr330I/CU95qpR2QradI0b81YnXSZqTIV +UyiiJ/rQBx60kPpO/biR26oPxF7x6n9iVLmJ0iqfdCsgQGkxsPbNwVizjBSqF4Sv/02WV8 +fyx3vDYJdDwfDBOQY091ncJlh+Snil1nnxM1pNuYOVjMadFbgexExb5kvGz1Tb+U95Twz3 +aGolD0koliRpNVUwylsdlDMqiJLD8xfg89nkEloCCwVDhF1Yym6hLf7uWnvVJIGLiaMT/N +rTbV/ywsf9rwrBCZRp3GDpEp/y1wRC7o4yYhzViI4TunUb1bJ4Pc37zeAE1fyIipo/EmwN +EbeBmCMz1QbKaE+CL+hUd5RA/LAg+CNP0WN/HSk9lWojqK5o2NWfpmeOC5THJJiZYFEDtO +RZtodlPj7x8pvAw1a8QnctZg5gzN8ac7ge3TY/eENQEHOxdB1YEkhriksL0WPgagO5j+dM +Rp/oQaXqEu4xsIhJiIEF2TRHtYtqJxXj0JYED58NoG3KsYjaHUhC/R284BZfdCT1lj1bWu +Y1zZfWVrKDpJiLs+50SO7sP7g+BDtnwnk5ZZr2oHnYrFurWAICsGbPGpx76LqfrSYpLDfr +9ElOA/OghUfs0AZuNyeDgGlhj+bLtP6pIxgb+RwqOOtyMB2pQN5hgadDf5yAVYi5CsLb32 +zgASwDOWPihZIqfwn5y+fHXjhEsRZkKkTC3iFVA/HbvZw4mrMYdt24IiurEwDYqJGULxmt +W2afy5xBLlz40FV5Mubpk6/6idnGRQD/B96aUJQ4CNKSMG3utihqqlpuK+s6yXo0furpRa +9GRM12KVqi7On//1ZKVJOMlakhtzZSXbfc3mqG02V96/yZ9L3UOo1oVi5WHkm6D+z0OEUX +XdBRyn8WUbdq1UdcEiKE1undnZwk1ndAP0Du/SdQ9GIRfyEcyPRlWdMyuSB24eCoS9RfY8 +vdzzbsOfmBiWD/QZQvYlOUuPlSgDEfqPgLyM9VK58ic19Ih78ZulLrh8acTMUwlGT+0GQX +C7i1VSGEzJTfxr+rH9qa9WN5c4zNawFOH81ScQ8D3ieq7OxDHU1mU6DbLAq1ZveCs2VQR2 +qTms8mcOViLGU9lbWWFCIEkWGWVQMxkDRf6+W80QQKUhshlq9JtEbxByj5zhzhjkhygkor +CuMOBfpim5aXJFmjqMaIFBb+alhdY/YSRDPRFzXdYQqy3jaILE33uVNYIc6ehECYDAF0kz +2cEf6WolHvzM8n9q3LEIquJXPkj3+qYVsqNm8CIMgiPuXTfyEx7uCPvKW1wwxvdIBqAP0w +qnzDd441zfFD6uUguKp/AkWLDH5rE9b8A6CYWAjh00rFaLsJkLIyrWqY+xHPExSQ90Kaae +iXS76q8dFDaroGhrsLv3aCsPS+eqVDtYDSHNYoEWFziB0apuz78KnbvmuqIW80FV+7VpqG +6yQOvj6Y6UdsGovdp3KhlLJghmQ= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/ssh-rsa-aes256-cbc b/tests/ssh/ssh-rsa-aes256-cbc new file mode 100644 index 000000000..963a33f05 --- /dev/null +++ b/tests/ssh/ssh-rsa-aes256-cbc @@ -0,0 +1,39 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABCWmdLDLN +f7X95ZBwizPe89AAAAGAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQC9fAOIIsW2 +S5tTCLh/Bd/9v7fQBZ673gXHHk5PyGilWchnLM2RRX4xgJ3lf+iHYdHHcHJo3w3d+48iO2 +2tdplKOmsuje2wETxQVLTQ7pOlMRDXZXA1Vnia33d9GHFoas682FXGOtzEu6lVXM6U9Ksv +M9JA9CD1ddHg4XhVDXrDPgrs0Dvf3GyxuUkmFioKVIh8cj20AXLiaEhMjEygs0gOwEoPAm +Zyswe3Kjf2muOsEqErGYZajPKG2lBJUehlBMfDEcZTsqo9lG/7HszNTXDVJ2wMTEir7S7w +tcB1qO23hwfT5IC6Lz/WhLFNt6x66OzL0S5j8zjLqkQvriwMQAIj20LjUs8yvvUtcYLPXB +S9G4krkUwZ8LVrZfFPOOYcY0ssJj77hIzwe3AEJ0R24guG8aYz9ZeYzmIVW7yjIS+SYNhN +ky+AbsKaK52ZLaeruqnU39z3diojVTNeBdG/7wPgRye09bSsgTvRSMtYqbQY1ZyE8Wb4Qt +x3kNT2bs1DL3EAAAWQ3QlhjB3uDww9gIt8DEeBqDTe4FH1sSPr+eoRfbC4H58amBatwt64 +aYTDEguvZDjtJfaQj+ntgfbKOXKAkAn/UHncVgLk5xywyp14yGcdS3+Sk6gN1/Kicn9YlG +xLChge+O/hzIsNchii3ZkKTpe7O7rN16Td+OgDAGyF+4oVoGxZb5DMuYz4w3Q5L/fv0xYN +84twd9L20clrul3JirM/6MjVb40Wzn0ZT/I4ImhAXhCbGsKT8xx0nfBlNLcPM+toUNz28D +zsgW0IaqX51lG9rpr54g5NwZpihRxp9gxZnyAoMFm8ymhDCXszb07vZ9ezAsxbmcP2T0JA +POxsE6q7cuTVthG9yJUkNswFUTNPPWP0m0XFXv8lxtxuMrCQJLFLIBXd2tjf6l/Kjx9laI +MHDe6SYQKFAw2H2gIThqBKL7ylNx/5MbtU5xkr0iP+coSgTD21C7q7QieSSdMRnqByLTB1 +XnQnuJRRApDIqyW6lAUAMTxix/dSEOGHnyhpyrp8QR6/Wj37ld8hNqlQ3i87mr26W3Bt2Q +5PLHmInnJUzI5kRzEevNhe+LVOskX35BOP+EEYm2JMXireCF0vzqew8Ld5WQ/KdQ+fTNjI +3SF/q5YKttNehWft4USPVzog3skS+TCAKk03kE+4svdLWX6gzjL+r0woMEPZCLlu7x93cW +I3bfMta+l4nS1sDoDpVto3yHFMqEUdE98n10euUyXyHSjn7423+ZwyswLi1DMrpf56ob6y +m9TF0jLRvTTYgx62EDnrA108/pni52NmomyrhmD90NA8oRFmRum9Q5vZb/00TxlCYGL4Lt +zcEW9V9l6ChLCbXi7P8F2GPqeux54hIp/KVBdwlZjyZ2uFvT2Q5vYUQs689rg2BAocfZ6V +Ao8m5IcI3H9/3CpwggvzjROXrR4Y1cMH2af2BiPLU8n1nAiNPqfW3EJUaeLC/SJnbzUxK1 +nfvn7dmJpGz/aks34eoWtvcY+nsG1Rp2Dhk64c3CwbeCxEkUgaxDmGHc7HuMKkYZlIhRSO +b3P3/QTWklqGOEzQrvhaY1RaNsdRODHYkfyp6UYxltuiTOLazeqJZOeQNF0cuFxDzsuryN +18AwEegd3xLyiiW2TQTF8XSaOCwk+OJeapaZsffv4jVjN9VmCwkqVwNumoGHGU2aOdH/HC +fGvIwjDtlisG7ZKESTTO45c3rbCJpazt/rOVdhh7+1SXh1+4RU6rCkh3QtDptPyez7UOSc +YNt+aewwxDTgSiEofFyBb4Fq9Rj2GdkbmU9duAyc/PPfCRZO21VnERkLuBOdQKgowCv3Ah +4yxdcErNqcWs2wjdn2wpSxAipGkBSHg/R8BLsVqXs4bAm3KqzZ4dycLI0tFapuS9hX1P9n +SoD44xK+lMd0mE+XUXvVqEWF3Gq58NfA9KunejmbyHHmCh+yOzrmC1bOybnJJRTp8KjlCP +aMWrxPrsx2tKbP4dasg8T9uEORdQkl65Al4UgYkxBLVOopCIDKYk89UxR+jB3nusbe6bTO +8mdYk9hZCvpghlkutdBiOjleBOehufFkKifNgphvebngLx3dX91lorltd6kdfLptKXrj0i +SkSFiAbpwegcuV2HRpdVFWinT9DKzulEjCRuvUzxc8lpmTfYI3Vgyr65iL1tenRtj6axf4 +qHJABZR259Ne/xNjOS2aMcp/FF0SGY1vfO+6vtTfwvwCwjx8zlKRDE3jPS+NmduK+QRJM8 ++q6cnRRWDU1XZQAy3B0ApxgihvOjm/ELQ6QuOs5pNzVbOutmpKGM3t0QdrU1Ypzo130F/M +tMODrGgnU4AVkjTHmjlmBloEi4+MmDh066Z7kxfHPceUgKWe65ZKwd6yh1PLDWjZqQdFWx +eWCjUisXuycPXKv3NwZF4Q4OaKM= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/ssh-rsa-aes256-ctr b/tests/ssh/ssh-rsa-aes256-ctr new file mode 100644 index 000000000..55d4221fa --- /dev/null +++ b/tests/ssh/ssh-rsa-aes256-ctr @@ -0,0 +1,39 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBvGz8ruh +raz2/OX5A1AWiAAAAAGAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQC1U21x/saM +fUgICTl0ZFkK5KDq3eeKHtR44xkkbcSmC5zxXxUO4c0EofKLx0YMDp3U+ozUydc0ZJwVF5 +iXVsiGlPSkgmGntrCeT3nA9YC8rEx/EE60DPSOU7we9eG8GmR2DL5uM2bmU9kx+Bh7Q9sn +o7PpUufBS8CLAADdv6Dro/pVTI7FIkrNGY/SD0DQtGm0cBjM2fA1b/1lUdQdznM5T/1Yn7 +fx84oxhJaJHsIXpU58lovieWPq/NT7rTG34Lz+MU/Ng31mFyamsY4IFFeq9AlDNWLtjOeE +MRdNxDUbTGjT4ZjZrA7SuL/fGhl++rrGLpFw0f3dnR9AdbGu5UlM+6Kg3adlCkypVgPmhF +6FVpgqWsMabC/tCeuMI8ajKizPRdGxvxr2DTkTCkJEtzdLUk7ifImIdL4m1OM3NnDpjZ/W +JTlkU1x75T0QIy8HafrpRIRphXrpdwyt1E/OVWEb7suhWaYKxE9xXPTsFPDJi20/rGRup+ +jQ78JdDm8t8vEAAAWQwVUSf4kf2qrekAw1uJJldgePvdD2LfTwOC/tpkbPgu84kRXKpm5O +GfUiwrKi48kBhRjXrN7HH+7rpMRXDA7zGdaGU2GZwDJJi1xaacblc0/0WWYFrkmP/wdZGb +DsNllO3XFVRqnAOEot7HLx+tGFFKSlBWNj1n93LGjF3vF7lx0mejtv//8jrH3pWYeC99T3 +6WPIn+bPcwqftfuCAFyVbizr8yGJN38aHAG/1xJPQvuYzn6lJdguDXPbL0cjNTTFNerzEO +rxcipaFA2R6M+9fQDMItPEk3GhyDc1lVaOTIYpWgNB1UpMdvrnbaGQH66A9fRhmpMDVn0Z +3hM0F/Q0tZN7ZKcZuFpDmAIciCIkNuqeyUdR3CBUXHYOGLOnSBEaEyV0vOF20Don+GsuY6 +GLax/JfmmSfvV5YJ3q4/icuvctE+HQcxiHlQc45BVgMfL4MYbPR1D9T3Xz107wGON0Kiz0 +F2BvBbaBKRIyPHoagcIsaDa+eYGAp55Xw4xpq3r1g7eMwv0kc0PrTIIZXU8yP7NOS5ILEX +ryY6Zt6ymYBwj9eKLgKsUsKaTvujLfYtWJKhhyNn4Hbrgu7UVnFSraxWXZX6rlaFKl8wc7 +yUq9/H2GHGq8lJz2FhPReouD9skTL30LGaSKvCWAttVs6k89IL90j3rCxxowMrMWcl3WMI +hQjvxLrAM54rF3CncwcFvZkQtu08dmdWTr2uiT1rQqkuRAhQwvCoIth9mFzsVR621/mJWa +GtXvyyCBze9kRKv32WrkOid+kMUX4rL3wE9+C4g6oKxMDV7zIvFM3naBGAxr7Mw3veFdZr +Tt3KyaBPvWQDTDmOWKrSyjv0ttnnphjxVgMFmAledZ1ujmErbjHXdW87PLgA/F1eqwQNEY +emyM/ekhgUoN/y//RMB4XEvfWZbd9hdGzjcQ6c6gjGnOO5Mn6xg5YDduwuKTVr59BmXKTK +/nj3NYrHD7FtZUarNFKX77YvTDmyK0m7XpwgHRLfzxV7N/sJ5JxrZUDzsAvvh8ibj5pASM +2aAk2Wj3MBuMYGi9kvkIlqk66WV+z16DVncWZvkiLP67sqzZebGmB4cYP8b0EQe/7cWQFM ++gD8KtbQ6XBrZASSAyykd69UeqVhQFwqTV0rRBsJSHcDbKVKNBhjvgpwsh8rie4J4q5L1O +Tj8rXbJqMZGnIvXmrpv0OSr4PBHVOx1yypIUlmkGDznTMlFqIclxfThehZ+2TWG/ZYJ8Km +eYXw6l0BX21UQaPT0iOOYJpPvSxP+iKrS2yavyX5QW6djuPtJE/Yhlgmkyqvx5Xuso6YNg +AaDsNJt5JnVrN8n7HKf00jpgD4Ou2Cvw1mvlDqlyUiLiM7jV6IF0atsVhHgjil8IPp5aig +yjv7Z/UzXVncQTuDV0wRx8MbPUldcnLwMyDAD+gfPtsbU187zZrUPbBB8w0StRpCNrCrS3 +Iu8xBycJOYQPLaxaQ8SgTQqBwYS/YMi1B8FZTJFkbxPB5IeRfIj+IooipDLC9FV1KV1WaO +C+FKaJkiwRyrGkjwl3B9Zbw9A73B/JZxtOEd147NIQJ38RalQaGF7jW/9JuVTDRkGX2k+N +32SWHmFB9A721s8Str1h6owH/3/CQV+OSqSK2pdI913naziOf59ahGEjFwqvjiVU5yANqH +hQZ/1HlmS6Hit35Myp81ZO8w8bYNJsKrhqyfnmCjvmWHJ0ZcBZPV14tbsusPpfZK+mxrKC +dnLCqJ7bcasKjAf5HJbKSZ4yA0QeXTxtxAIjBAFNRqlD5fJ5QtjuhNlze5jWYGFxDMnLAB +BCGlFwC4LQbREXYgof6zo2mu9pQ+aSnunwp8lQVQHBUZ/769pGKFaq4sC8fjaJl7J/aQaH +b8bgRSmFf3x6gsxQzglpjC8ZIlQ= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/unsupported/ssh-rsa-3des-cbc.pub b/tests/ssh/unsupported/ssh-rsa-3des-cbc.pub new file mode 100644 index 000000000..3fa62405f --- /dev/null +++ b/tests/ssh/unsupported/ssh-rsa-3des-cbc.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOxmrbSd4tw4r+XNX6XPziEMZ47NWr405J81yZGdqhqpftvmTadMXCUi3RqrYVeRASmLQyTj2NAKB4hm024gB7ObkYD3rkeDO04J7aGEzHDKCSIH/uRavFOx9SrOVyxj2D6rBLr35KOqq8Vw6nkPTlrEit1+VK5+6hS0e1NJHm1o2o/DSTQyDV/p4tpud7VIR/rZfHBeSiwY1AfhyJFx7PiNW1cmDeT4+CGr0iIehS6j0ZSLbNQBt8ngFtcs4ihk7rB0WspTSFFF2OjAguv0lxRalIQxTFb/fQpgihdST2dCL/GZ/kN2F+iS3GrlEW8BJIchRpgmNa6UCnJxPdVu+iwCSiBEb0gBrWC3qdVpJ+5S/zRJWfsiIdyRvNQxxhi6Ok8FWEkxrRXzSbHRBErYO4RzLZ0hdglRWC5JZGGnzChxZFnLf9iCzYfn2kV6Pa6BjF0nk4XKUG8WhvpvEVG9fcH6Bb9Ua6BWGGKt8lIBhaNptAmYEmMvHx25t0f6yssME= jaeckel@draupnir diff --git a/tests/ssh/unsupported/ssh-rsa-aes128-cbc.pub b/tests/ssh/unsupported/ssh-rsa-aes128-cbc.pub new file mode 100644 index 000000000..88864aa12 --- /dev/null +++ b/tests/ssh/unsupported/ssh-rsa-aes128-cbc.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxRCdPxlhZhS03U/Y6Fv5vR/AaBpGi1UKaH5cyfNGp75ywZJYWcXzp7fCesPwdTzDakqK31XMGQqGlavfj7AkW++iXC9aVmACg/RQeoSHCJotSeBnJZH+MTGJ1iskcfmzDiEOAqzWegh8hakj4RQQKznvhqoZ31B4K+4g7Hwu+srnPjQabDDmV2JoF8Ns7kAA4Uq+dJTaRJasJmPR5Kz3Gy1hWwTZ92LWdhCiNAM2bLLcERpTaB8FG+J8qNqrUp41I4u4B8zZPPZVK0NnYqAZt472CywnfRRFoZgM0zBw01w26manTvyFOadFngPOlvmu9smioKVU3FIlz/GKQn9U9WqMRURu7Vw2W7FwSBfq/ssfXAa8OkQIQHaq/+MOSt7hwkXKY9XgmHlN6ob6hoIql+rEHjxnpwXzl9aNiSEqqFMGBpvyXeUhjcCYFPsNyxshjNdMcKk9MrRQLPrSWP8uNTO7UZxktSBAgIoRJt3LZjkNm/2zzR1icP6NeJZLe+H0= jaeckel@draupnir diff --git a/tests/ssh/unsupported/ssh-rsa-aes128-ctr.pub b/tests/ssh/unsupported/ssh-rsa-aes128-ctr.pub new file mode 100644 index 000000000..270b6dffd --- /dev/null +++ b/tests/ssh/unsupported/ssh-rsa-aes128-ctr.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4y4UcYFe6sz/jLqBIgCoZWTneQ+NCOHz7+r6AgY8CJdt+osvXEv3FzpuSjrMkkY9ftcn/NWv3r6EFD4JuNzPecjqiSnunCM6v1+uOAsmYI8S3YmUoRAZOWhEgWsf/4QWj3cjNcJo0MPTYfJsM1LgXt/g85tRy1KsdifHSiJcgyK4piGqJYdw0BiUKd1Gj+KwglddbVEVqZDoaUYo/Wun10RAVzcgAWhglrbQLc1/U9VgY9zFIy5HOjJ1g87DQg2ZycP3clyLbR/RuHK6zyfuXna7yAqG4Eddtr1JBYWqCndBik5+unzD0vP2nNVHlvnQjzYfVxHcsP5X52LhI45GDfJZtbLsT14DYe9tXiaDIyMUpuuE7s0n2M+NI+5YOoDq8hzJwY+31T4/ZybIqs6HJve8XDFD7SwbUnYTlRO31AAELxTaq/t+oCCi0fHDfw+ugFYcEVb1yjpUghKMJsH21JNVYor0wxjX0Onq1Y109bQn6lMB5iB8cMheRiz/PYmU= jaeckel@draupnir diff --git a/tests/ssh/unsupported/ssh-rsa-aes128-gcm b/tests/ssh/unsupported/ssh-rsa-aes128-gcm new file mode 100644 index 000000000..8ee1f94f0 --- /dev/null +++ b/tests/ssh/unsupported/ssh-rsa-aes128-gcm @@ -0,0 +1,39 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAAFmFlczEyOC1nY21Ab3BlbnNzaC5jb20AAAAGYmNyeXB0AA +AAGAAAABB5ei8OkMkrusZkgWjbqCYuAAAAGAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQAB +AAABgQCp8bq6umYo3MZaQ1hg2kxJgWTA0O66Gq7ynGRtdm7xsSQX18QqXikKqqhez8z5fj +h1gHVT8TyLFdIFJieSvKjIAQRDOw/cWGQpfbnPzr89ePuCY6Nzu37EvrN2W7ymVfOxvAYU +kS0THv1/UoY3rC++1bX2P2cgOrZMp9ITrZfzXFxaOLuB34T+Qm1seUWJJJtSJqrxrAAXYY +S/xDLx7AiD1zRjjwvBoIHZO2mpLz2YeB/6XrFWREIDaicUYrCXNBwZwV5nevaGgCjHCFKs +jcQIzXFV/bcppwkaPSOgNfZCS9oDKUx1wj+yuhjCVydC4q3WJzwPK3ctN2wAqJAMR7TWih +3j1kfHkDbV5vOFX4QYwqEZNTi8BWblGowhRdqINzIC+tret0VcojAWuvKt1p3q53k0YvCx +Sp7S78duv+NfoOHEorWQuXo+5RajQ3n2j1icRa0JxVDe7e/OnxY2Xzg5RISGV2JwqX9XTj +fJCF64ytCneEc8Gqnf53aFAKFH4R0AAAWQ5y9EHIAXpjEmJgkT3EBZoRbJNUx7iN1WGbsZ +MwEbnaOPAd0InVZegth+fdNvh8tz2v8s/X/ITbskdIuLof7OCslm+J+eRJfS6ba8t8/JGD +RNxTUKZHkyrDifBJyFLuL6m36WIcimLhjNHflauwe9HzhGh+CinuyKFHuM7mhEQK42vQ4h +QTs8nisnnnL2Q2NMxpP8ZON23CPD+fxmARFaBcMpN9OhZ62NmI8TEs25Xsss6VdLAWQ4Ey +dlFss5HQvWVB/t+uyNpcLPNpIkam16l6XuX/Iesa7dRtfi67vCLswFc8F5BQF3Tzbz1LY2 +37YdMF8o3Gpt9fP2Ym93ewqMthFww0mU3S3dK45qxSsjyg2bPbjomnSQmvyAfABpc9wNLr +ixY/lgrGiYKFpanHB2K2Y+xfkP1lzuf6sJ04t54bHF/ULk+tX4W9P/4rSLmgkEgmAfphAn +0l1fkgOBXL3LLFuRhazWICa0hCmlZbJOsSut1fq5i5mzdowzdVHic3DVXJKtQIZWbwoo5g +qeelAcLgqo0JCp+kSShs6EPQR9PIhzC9PunXreT+WgFHQi4X8SbTG1NIbZu6Y9tpw+a89t +zTTWsjK95zvjeg7wIPq/G9N43bB4CYHbisVQK7E/B/bPTfTkEMra7adP/ArpyeTAyMhwY6 +4nARR5tphzq+YKbOP8RSWkDEDf0qzw2tur5SY7N9N0ay7RTnP96vIt9+47RC3dm/buRaZ6 +nGKQKgzlL4U5eVdv2pdme1HguCyZrSyBRQbxYFUNBe51QDlmOGxmG6WyFDsbOeqpFkAAMv +YVj/6S0gqZmKrt0WihIartU0TQj+uZUoYbXQ3JnnDCD8I3Wu2cGbtTPQpE1egreNt10JXh +8phGVcHhvHBPk3bNS6hMDkqQJD9a4WhaBDkTnqPPRa2UlShvKOKAMcUIfaqgNWYqZ2kGAV +OlldnEqZ+/zaPKF4a8PvVt0ZNuBJo5D6SZ9571XA+ltoCCiHQChjZv/2NQlqeaIAri9Iua +j+0ZYIlGktYdbpqOxLtB2FdgFgnE2JIAhtqLMmzTZzcIuZwrKki99wYuVGN0h9YY7gItzt +dNPbG0IwXEr+YgrBW1dMI2kpgf6cPFtW/SrhUba6RohELpdOsxv2BhV7xRN7wUxgany9qL +w7JdngbG8+q1bQl9dMDLo/bChucln4t96qCKRPTJqaRFZX48awwTmboBMRDTN/+S/5pBrm +AUDn9+RUfqe8dFsS2t1LQi/7JfQnvJKcPwtKBV6m1ZdPt3oV30MokJkiVnyWa4139ZZzD8 +bRakFze4/sxRZI1Zkj0Ahc+M9eoN5mA6/aulUdPd2H69OKrSqp9xamm9iDVJckawxdgESr +sV5FBbBBM5+99HlPfGupQXr2Su27sxnUCa86RE+JtAkk171jy8qHJ3apWHdXQyU7P52A10 +igrVQydOTAlAFR5F3KsHdngHPrgI5H2RmQiveSrxQxqBT9LtV5IcFr7tcIcBPpvy7aXnzx +wgs3WwPrRx2jXRi3avclmXkVfxc4P+IE4zhhSysYs+sQHOMcfq5UHBVo6/LSD61800GKRC +AJKQp/hpoYo54GBF9a5ZvgosCyj7ZMUY3srpf7loXPI/mW9V+iq9BYHMHaDU4m2LDWjTko +NpkHCIA1OtyTW2jbSKD9eKUMvM+bAKEFGRDQZGvqhgHoHsgZlL6MxmzfinSlaAVILF+atx +97gLXTnqa8Rxku+i9meyNIBiUdMgOj+DSQ31GM0GDud2ra/c6POaEuHJMDU80262DjCXBy +vkaLcPZD6PGncIw/x+NkG4W5dufYtxF1AgfNaRENCdwWkEA2TsnIlnittWBj22iXCKM2qd +GCJuOJJHFAqy3WClGHib+S80rZ3Wh9Rkk2ugMZnzW0WNk8U2BIiE+Wgsr+2ezBeQ +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/unsupported/ssh-rsa-aes128-gcm.pub b/tests/ssh/unsupported/ssh-rsa-aes128-gcm.pub new file mode 100644 index 000000000..9d190917e --- /dev/null +++ b/tests/ssh/unsupported/ssh-rsa-aes128-gcm.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCp8bq6umYo3MZaQ1hg2kxJgWTA0O66Gq7ynGRtdm7xsSQX18QqXikKqqhez8z5fjh1gHVT8TyLFdIFJieSvKjIAQRDOw/cWGQpfbnPzr89ePuCY6Nzu37EvrN2W7ymVfOxvAYUkS0THv1/UoY3rC++1bX2P2cgOrZMp9ITrZfzXFxaOLuB34T+Qm1seUWJJJtSJqrxrAAXYYS/xDLx7AiD1zRjjwvBoIHZO2mpLz2YeB/6XrFWREIDaicUYrCXNBwZwV5nevaGgCjHCFKsjcQIzXFV/bcppwkaPSOgNfZCS9oDKUx1wj+yuhjCVydC4q3WJzwPK3ctN2wAqJAMR7TWih3j1kfHkDbV5vOFX4QYwqEZNTi8BWblGowhRdqINzIC+tret0VcojAWuvKt1p3q53k0YvCxSp7S78duv+NfoOHEorWQuXo+5RajQ3n2j1icRa0JxVDe7e/OnxY2Xzg5RISGV2JwqX9XTjfJCF64ytCneEc8Gqnf53aFAKFH4R0= jaeckel@draupnir diff --git a/tests/ssh/unsupported/ssh-rsa-aes192-cbc.pub b/tests/ssh/unsupported/ssh-rsa-aes192-cbc.pub new file mode 100644 index 000000000..c2204186b --- /dev/null +++ b/tests/ssh/unsupported/ssh-rsa-aes192-cbc.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDtWi3Z2q4/wtt8vjC9dN4Ma20U+rjD1uxalqmWpSPRpxGi/cB0qvGz0KhvGLbQrU/8djSkjCrN3Wj+AyWMnmMEedPM7ezD/F6B2I57QnKkv8J3rEq+0gKAo+W1FsFc08m9rHDxvoSVHv+OlWtk+IU1vn6eFmptfax+1ZMlBjwwbr0MCoarP9UzXhP1wCPUGZqIJJlJxu3IR3YE/1qJ/TQtxJaMyUrMwRdH9bjjMWEhobkmLOuM2kiuMXRbolwHXsvSPwfhvDWkqzdTK07xyet5B4RJJwAVolUTturkp9jbHkv4nXhrcM22D6NoP/h5GpgraGmU+SdALypWilArhU+uRROEQFXdabMhqKkzRNl8oDG2lIv5lYjkQ2RhEvREdA+PnSwtjpjtdBxZesvdu1cQqE5MvAzlqCTqf+oNE/8AqRgEevyLwamjkOPTz+IhyQs/m9uUrY4otje8kF8RJLYhH0QCR7Tk+uHD2Gbk+MghCMnlklaGlXaXm/+Pp6i+ync= jaeckel@draupnir diff --git a/tests/ssh/unsupported/ssh-rsa-aes192-ctr.pub b/tests/ssh/unsupported/ssh-rsa-aes192-ctr.pub new file mode 100644 index 000000000..481bb9d43 --- /dev/null +++ b/tests/ssh/unsupported/ssh-rsa-aes192-ctr.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQD6r3dSEicm7KBlQpO4xF+ZCthECwvuKaIOU3QU2VWqSsq5YpxnJbhba8NLZuc73mS1D8t2xGQHkjYO7pWzcsa3YJAKL5NC+qtc98Pi/bbW6BrXfqnajU1IVyOXtKJUclG6TFYMk/3xgkGqeu7NXEaUUjJNWqNnU4Gr4FHzK7vK2IGidi0SCt2Q5OypGB31/pgI9nR2tn8oFkl21911tQ5rOiM6jBEQmMgIY7Bua8ocQm+TBTHaQDA8tATQdbkqMpBjl/VaA4mByomdj6exk+/RDIwp4wg0kaCcxZq9696xy2Yq1fZx/nS5Un+lVQZc8FJ8tCGofPobjTiDiFUS5+rbbeSmVZepBgbjTuFsUndWqZ/tGbrp5tGMqz89M76yAZoOvC2z6SVzbC2JItWYAfaZHrB1THunWr9XFDrB0a+EaMu9zcab7uVuZvfSPyLWb7mjvCRZxc6WEsFSTHZfEa4yPLWTC3D9Y2SfT+P1Vj2OEIYw955DeOboJhjjmghTM= jaeckel@draupnir diff --git a/tests/ssh/unsupported/ssh-rsa-aes256-cbc.pub b/tests/ssh/unsupported/ssh-rsa-aes256-cbc.pub new file mode 100644 index 000000000..32aadb942 --- /dev/null +++ b/tests/ssh/unsupported/ssh-rsa-aes256-cbc.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9fAOIIsW2S5tTCLh/Bd/9v7fQBZ673gXHHk5PyGilWchnLM2RRX4xgJ3lf+iHYdHHcHJo3w3d+48iO22tdplKOmsuje2wETxQVLTQ7pOlMRDXZXA1Vnia33d9GHFoas682FXGOtzEu6lVXM6U9KsvM9JA9CD1ddHg4XhVDXrDPgrs0Dvf3GyxuUkmFioKVIh8cj20AXLiaEhMjEygs0gOwEoPAmZyswe3Kjf2muOsEqErGYZajPKG2lBJUehlBMfDEcZTsqo9lG/7HszNTXDVJ2wMTEir7S7wtcB1qO23hwfT5IC6Lz/WhLFNt6x66OzL0S5j8zjLqkQvriwMQAIj20LjUs8yvvUtcYLPXBS9G4krkUwZ8LVrZfFPOOYcY0ssJj77hIzwe3AEJ0R24guG8aYz9ZeYzmIVW7yjIS+SYNhNky+AbsKaK52ZLaeruqnU39z3diojVTNeBdG/7wPgRye09bSsgTvRSMtYqbQY1ZyE8Wb4Qtx3kNT2bs1DL3E= jaeckel@draupnir diff --git a/tests/ssh/unsupported/ssh-rsa-aes256-ctr.pub b/tests/ssh/unsupported/ssh-rsa-aes256-ctr.pub new file mode 100644 index 000000000..a5ae07da4 --- /dev/null +++ b/tests/ssh/unsupported/ssh-rsa-aes256-ctr.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC1U21x/saMfUgICTl0ZFkK5KDq3eeKHtR44xkkbcSmC5zxXxUO4c0EofKLx0YMDp3U+ozUydc0ZJwVF5iXVsiGlPSkgmGntrCeT3nA9YC8rEx/EE60DPSOU7we9eG8GmR2DL5uM2bmU9kx+Bh7Q9sno7PpUufBS8CLAADdv6Dro/pVTI7FIkrNGY/SD0DQtGm0cBjM2fA1b/1lUdQdznM5T/1Yn7fx84oxhJaJHsIXpU58lovieWPq/NT7rTG34Lz+MU/Ng31mFyamsY4IFFeq9AlDNWLtjOeEMRdNxDUbTGjT4ZjZrA7SuL/fGhl++rrGLpFw0f3dnR9AdbGu5UlM+6Kg3adlCkypVgPmhF6FVpgqWsMabC/tCeuMI8ajKizPRdGxvxr2DTkTCkJEtzdLUk7ifImIdL4m1OM3NnDpjZ/WJTlkU1x75T0QIy8HafrpRIRphXrpdwyt1E/OVWEb7suhWaYKxE9xXPTsFPDJi20/rGRup+jQ78JdDm8t8vE= jaeckel@draupnir diff --git a/tests/ssh/unsupported/ssh-rsa-aes256-gcm b/tests/ssh/unsupported/ssh-rsa-aes256-gcm new file mode 100644 index 000000000..a5a06864f --- /dev/null +++ b/tests/ssh/unsupported/ssh-rsa-aes256-gcm @@ -0,0 +1,39 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAAFmFlczI1Ni1nY21Ab3BlbnNzaC5jb20AAAAGYmNyeXB0AA +AAGAAAABBT0YuZQhdh8Ee6y+RJqE8KAAAAGAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQAB +AAABgQCodvU8nAv6a9nBw2XgPchNvzcx+ITion2Xm8uo+TKetw4k99Q04iT6MT4qzhjwkU +HlIA4lfSLXRphSoy27oBpYwqctveZ4i/xR3+tt0WpGDHXLrB9EiCH1nbO0jRdl0cUDArNc +XvAEI1T9C88Eqh37JULulgEYjdhsE2gNirXqlDBqj/9kVjULC57YTVrz8P0H3hwMcAqXXa +fTm136kTNJij1itVlWDeev7EAcysNTnhKgNRLhtE+3SvWUxEBb/oV4nSWeSKFnP1vpk0fa +E8H2norYDJEy7NxPSIF7z57WRiRU7NnuURHSpWPVJnyf0x1lq8OrRWEf1zqPR6bkgsJ2Ny +ovR+KQIdd73+CDWbMHza+acDjWLfWIfpMmRE5T1UlcGZnUS8j3xQ09szuJdeSVOgGUQNb3 +m+ixGrXMyYonMiS+9BHqVxFnJZyGCDw4l/BCM5ERLrtMQsaNo+ZTy1nm9roSt/GtMgdlom +/ZOqurouWwH5oT7DjiH3mta6TBCa0AAAWQMLl0uEJubwi1IQjSY15Hx/1i4apvTa3gXlGS +nncXIXXhf/RolrM9zUdeByb6X8f5r4nDsiRSY96efbe1TZXJY2lIUY4fvjvtgi1hPoH6T5 +HoYezrLMj8xtUnJUdkfMoYRFZp4Miw2rR9GJc7eXGjxK1QsXbAqpK7dO8EKVuYmoOI28wj +Kmy4qfp8FCKiBQHhEkF1CouALNBpQJ6hmvWVDIoGkgW/BUTcNPAcrjx81OXb5Cwo8BHsrs +nWjcJWLPj9HimOlgT3fs+AnOwwj1MXzRM2fikJm2hcgXmvTpgvUcy0wXUXwx6oU0VkXhaD +g767QaDN4Sl1rgOzlWlS0nj6QAAZHO2+hXFzOhP2auXdvvkzNCsT/hLhYqJsWc7iE19s0o +E/CuKVOvONkI1ZBU+K41YBQawOHNqRadaVhHp9AnzKAotbqvkZWz4GWd2FwyHupjKBm9Ga +opZHmu2sO2MLZsx0q0xQfqj9SrV0uXxkgCE328sh7O/ziy/2W9CdHjJketx9MxzwKyp1IG +Fwc6VoIF9O0nWmEqsZY07Ps1SFotpt3IvRofP2hzcURw6w6yykkjLjRkmpcU3xJR4QwhkR +dQk87dFA2Xfmlu6jxLnEVaubP3oz4aqG5eKOC3zbxq3ufg9KIA83ykcoji6Q1lupKBlCCQ +CXiDOIRTapsECwY3d9+1jpaItah9kehFvocfGibme8Df2u3j12GdrRCD+3RY16ss4F9YrW +KxnecwwWKl07ytWhuB4QeeaHVq+T1Y9q484rbuYXDnUflTSwY0djKLkrIAcXToqinJFC2h +XGKlIAkxPnt2UYmZpKbkd/UFMhJZx63rdPAOigNmLoMNsCUcGPBeV7C7pgzxtfsWFs1DLg +fKk6sYGyEpZbJ7NqpArYe2qCdH/uRVy8mkf6BJKxPFHd3kTsqjgOqw9d06FgpFmzhEIV5B +RWPF6sBrbTEVL75ksS/76Lth+bP7wEbNzJBxpLyL4jYUOX5qy9klhIH37JOC8M4ZFIXqOV +CT5objs1bgrginVhlkK1ZW3xpdO2VnMg9H1tEs2fb8wu71A8Sty26pwdST1eiijqtCXJ6t +xWdM/NFBPVMCmZgHUM00WQnQCHin3SpcGzBIOTevqeUs5PHoAwEhyNS5BIOpIKEsh0/9sv +jWYr8BlXgpWRsLlVuNC/AQLnZUQhn57ENGudeNSUk4GH/3feZ3Z8f9ZcgkiZnEmDRaL0L9 +IBlxxAb4i1iddlGbxEVgRGJT/3lp75s1ZiVaZvEWgT1iQdT0GV3/zS8/6w9f6+YUpH0A05 +dfTtevqoOjWT8ZIoPGGkPGrbYdD7ztCvVeTPpKxeOABh4qYvZIvQpN2KgyTweCHtKF8OQZ +DrJujGGZ+4mDi2c5I/958jMdsxnE4fBF1gB8a2QeVI74LnHIrSSv02SmFAO7uQbNv7S+uZ +e9oHVf9xvtbNDZpR6on/oedSXDBVuqO89L26D3PMTwyBpA9qncc89uDIqmcCp4bC15Cqq4 +HcE9/lDPz7y8qqaNHn/jqGl4UPl4LhlUrOBqdq9YyAWzJqZeKB091OXEoP9AMB5NG61+gn +Zvp8j9zWTSlp8JvziCE3DiSq6bcNG4QsAUpwYV6XAf9kGz03h7kYepAiIFjykReKbKBsTE +g7WzsqmU50+EBDXntOBtkR88SVetD1JsruPqJuPTTBIpiFMcRjFzERQejW53wIQhRcuqzd +7UlRBNzF5BprJftiu7cdSENWtJGdt/fGMnGTU0x55FeHVku7Le7vFZ5t8W4DyEsqoDROEK +ZL+q6zIPod3LvvikndEuiVmapF9TCQimz2+z6J/iR6htom3IsVFZq3NeAXVwxzb1WilQhv +inXXeZiypHxIvnOyPg5OaXJkNbrZYhzg2ZKQq4kTOMnJF1WX01DyGo8hSsiRaIDw +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/unsupported/ssh-rsa-aes256-gcm.pub b/tests/ssh/unsupported/ssh-rsa-aes256-gcm.pub new file mode 100644 index 000000000..3f952599d --- /dev/null +++ b/tests/ssh/unsupported/ssh-rsa-aes256-gcm.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCodvU8nAv6a9nBw2XgPchNvzcx+ITion2Xm8uo+TKetw4k99Q04iT6MT4qzhjwkUHlIA4lfSLXRphSoy27oBpYwqctveZ4i/xR3+tt0WpGDHXLrB9EiCH1nbO0jRdl0cUDArNcXvAEI1T9C88Eqh37JULulgEYjdhsE2gNirXqlDBqj/9kVjULC57YTVrz8P0H3hwMcAqXXafTm136kTNJij1itVlWDeev7EAcysNTnhKgNRLhtE+3SvWUxEBb/oV4nSWeSKFnP1vpk0faE8H2norYDJEy7NxPSIF7z57WRiRU7NnuURHSpWPVJnyf0x1lq8OrRWEf1zqPR6bkgsJ2NyovR+KQIdd73+CDWbMHza+acDjWLfWIfpMmRE5T1UlcGZnUS8j3xQ09szuJdeSVOgGUQNb3m+ixGrXMyYonMiS+9BHqVxFnJZyGCDw4l/BCM5ERLrtMQsaNo+ZTy1nm9roSt/GtMgdlom/ZOqurouWwH5oT7DjiH3mta6TBCa0= jaeckel@draupnir diff --git a/tests/ssh/unsupported/ssh-rsa-chacha20-poly1305 b/tests/ssh/unsupported/ssh-rsa-chacha20-poly1305 new file mode 100644 index 000000000..e15a89f9e --- /dev/null +++ b/tests/ssh/unsupported/ssh-rsa-chacha20-poly1305 @@ -0,0 +1,39 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAAHWNoYWNoYTIwLXBvbHkxMzA1QG9wZW5zc2guY29tAAAABm +JjcnlwdAAAABgAAAAQxKLOSJ712VTf1CDMVxIv0AAAABgAAAABAAABlwAAAAdzc2gtcnNh +AAAAAwEAAQAAAYEAi/j+jjsT7IQbR+2dlLmMjwLcYypGO4jTUJJE69TAz6cZqE+WdsIQEg +EpTGkmMcofF7hKBYOtGrW3dC2hRCwC2RQWimtfNzYWKA1lUTs6xxaGF5sEOD/ox26FFnG2 +OgNGNlg8dEbmGiigz33/MCWcR8m4wfWLQpvsCo2SezvJNrBWvlSGTs2C+5m59t8OicleAR +fE/r52ESTFyPEj+UvCq4tLgatnTrQ3dxYNBZggTfSaol3/w8Hctq0NGicj3/H+Hk58XrFG +hJJIbdS1GS0uLcS13yjni+nXc01bJlf7sp4GwvUXf0qtoyFOKH5YplvXHYTGT/1gZVSdhT +uTTNVMAHPKOed70CBbe3F+kuCDyI2cRnp1uNzCfaazhRsDmOyZPzo6/KU5tQ8TYmEPktB7 +slCcPbG241p3wNLohEejaSZKHZpK2Zr/IJg6Oj1lDqS45JA6i/4Th7xOzUPuIGGIyZgTfj +tRJGBtf5jClbITRSG0dPgjJIVxavNvMizNQuanAAAFiNVsgHXksE3imH1jLIDUxpuRnEim +hIN8Pp7FCyKuNWirTRtopbxoutW6mxzJe7tWuuivjeK5MnPj5697HLtingE7fQEt1K8UfM +6HDQSG/MJdVrxey98FCw9FmNyIfSI3E1yUvtnoQ6FpgtWuqx3hU/gvoyzI2oIMZTOStQD0 +i21iy8IwMde0piMony+QaCZ6vq7jkCEgwzzydOIRGI3XgfbUAsgSLKRco+JH2oe+bpARs1 +bQk9EZMQSNjtl2pBfhVOaKTU9v0Q0EfeUkeu6uL6Wvp9G+C8wMmNEI84Perq8QlLA0oBIk +UvYURMHwvVX2SaToKgh4LxLVZVgxyRpxFj81sb+QV3uXOnqjaKjB6fUDdueDnQ4lEmbk/P +u04WZwbYDvaaACqAPKbRnhXXZwcCCq5u+upuMil3xW1PAM6SkB+Y/ftF35jo1mzDEELsyC +a1E0Hqoz0VZCBUUjHQFZAzA66T8TT/dokTD+mgz3EB5LvvVfsW3Fu6f+KDW7tSnQKMftTb +HV4eh1tVQTlMTO3i1kHNhrTdHU94Wp3bOVBkAWZXnLT/xXAukkaK5Z7xv2t4i/9EfT5jIJ +DE4PH60s7M2IF9pjP6GxoUFEr2w5TUGZ8d0nF/a3nqmCrLo36pm9YdD0DIsZwa1Sl3xh2a +5erjondHe9Nztl+AVqT0jjyDi8WZFYcq99rMG6gCBSwPQgJsXO8B1mS71xV1YgFmnw4os9 +sFrB2cbiuSaZa6ZEA7/ekoJ4eQA7TJJ+DfFQAEy9YjLImKWcsb2g5kNp/iTqfZCf3zvT7Y +fo49oeT7y3gepzLqD7Qq/aH39JVCQdZLwyz2dZq/OoPyzzM9X9IbGCYO7MncB92TzGD9P1 +M62nJbYDqSvhy2XMU4znv39F4GFsD+QRoMsLSpBUfWSE/2sYCxda+2i8Lt4GFcGZ+xIH+5 +5jbFx1sE4VNclxSeRl99/kmc2XOARp1p+SN7wKEXWVsp+ZyIcm9Ex/TDW2yeLR+1xg1n3K +oPsVQg4vX+JyNnlhtWqW8maBpRrJBbVWtEf2Iwa2ImSlSHI8D/KvvP/uTliu99sb/QFrzh +MBT6PC4GLgVYvfiU0ikq6W3N0ef47iuhoYzqMZzOEfujtjPhIcV5YpBwETbmm3SB96HKAe +melGalgOutWb8bbvJspuG1H9Pej7sq+RGDb+cDtTwx/NwODCB8TFmQb7ztc6hDdxVrRW2f +NREHOceRoA3N8q9XIOtwYMXxtt+3jCLWslVRGni52r8pgzjsg7g/X44h8Sgo4NEcmgnUV0 +8VGUSQ/Nm54pYZEvruiocpg8Mj+QLMzMZ5qG1RLl/gwU2se0Vh5g72o0IpiAaErVp1cMD7 +/e89SIxxa4ea5k90PYbBPOXEk6oaSs+ZTMu7MNm1Jb4+KV6SSYYqshs6c6V9PYR3Mc8bte +AN3XNSko03UWPS1AkqUemSuKhzIdI4WsuYmsS8CfuJXtfrBe1OBaOMPKOvnFS9Zq38ddV/ +DdgiY0ux1zQYXETl/ol6b/34qXuCh/7r4aIQATit5r2T6NtaCCkSK5yEwJYeO4+Zlnedxc +6kReDwwkRHjDt34p3xTh+ncdbjBrYfn5hvYOIPwvc0EqWPHb01Xc/rw87mlKV6jl8qROox +vmygQfmxJ0m2sFpDdP5EYe4n923Ssf8EuoGfLGghPZW4Q6rr2BJY2H2DAKxLorOk8o3hvQ +sJ6hd6mHhnpLaUACInjEcAjopMhbEwa2gnUDo7UeXiAve7Jtz2b5QGsMmEVsScOC+K0S1C ++FsAQrd4+QSmc4kKy7iGewFI0NZYoc86yXdabvH97VrmKoYn/Ry8xpD7TnQh6+WybF15sr +YyxZ8M85kY+unmOVE5u5featGysG8OvbmJtOG/YQj8d8sHWKS6EnXbITlJe0v9Q= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/unsupported/ssh-rsa-chacha20-poly1305.pub b/tests/ssh/unsupported/ssh-rsa-chacha20-poly1305.pub new file mode 100644 index 000000000..cd583c346 --- /dev/null +++ b/tests/ssh/unsupported/ssh-rsa-chacha20-poly1305.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCL+P6OOxPshBtH7Z2UuYyPAtxjKkY7iNNQkkTr1MDPpxmoT5Z2whASASlMaSYxyh8XuEoFg60atbd0LaFELALZFBaKa183NhYoDWVROzrHFoYXmwQ4P+jHboUWcbY6A0Y2WDx0RuYaKKDPff8wJZxHybjB9YtCm+wKjZJ7O8k2sFa+VIZOzYL7mbn23w6JyV4BF8T+vnYRJMXI8SP5S8Kri0uBq2dOtDd3Fg0FmCBN9JqiXf/Dwdy2rQ0aJyPf8f4eTnxesUaEkkht1LUZLS4txLXfKOeL6ddzTVsmV/uyngbC9Rd/Sq2jIU4oflimW9cdhMZP/WBlVJ2FO5NM1UwAc8o553vQIFt7cX6S4IPIjZxGenW43MJ9prOFGwOY7Jk/Ojr8pTm1DxNiYQ+S0HuyUJw9sbbjWnfA0uiER6NpJkodmkrZmv8gmDo6PWUOpLjkkDqL/hOHvE7NQ+4gYYjJmBN+O1EkYG1/mMKVshNFIbR0+CMkhXFq828yLM1C5qc= jaeckel@draupnir From 7b5d85d735e5ee5573b37cb0bc3ed9b1425796ed Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sat, 14 Oct 2023 10:51:03 +0200 Subject: [PATCH 37/51] Calm old Valgrind ... Valgrind 3.15.0 on Ubuntu 20.04 reports a false positive [0] ``` ==7922== Conditional jump or move depends on uninitialised value(s) ==7922== at 0x461F0C: s_decode_header (pem_ssh.c:316) [...] ``` Simply suppress this false positive. [0] https://github.com/libtom/libtomcrypt/actions/runs/6507805191/job/17676616149?pr=587 Signed-off-by: Steffen Jaeckel --- .ci/Valgrind-Ubuntu_focal.supp | 6 ++++++ .ci/valgrind.sh | 9 ++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 .ci/Valgrind-Ubuntu_focal.supp diff --git a/.ci/Valgrind-Ubuntu_focal.supp b/.ci/Valgrind-Ubuntu_focal.supp new file mode 100644 index 000000000..cb9d14494 --- /dev/null +++ b/.ci/Valgrind-Ubuntu_focal.supp @@ -0,0 +1,6 @@ +{ + + Memcheck:Cond + ... + fun:s_decode_header +} diff --git a/.ci/valgrind.sh b/.ci/valgrind.sh index e813f367e..861b03d25 100755 --- a/.ci/valgrind.sh +++ b/.ci/valgrind.sh @@ -31,7 +31,14 @@ echo "Run tests with valgrind..." for i in `seq 1 10` ; do sleep 300 && echo "Valgrind tests in Progress..."; done & alive_pid=$! -valgrind --error-exitcode=666 --leak-check=full --show-leak-kinds=all --errors-for-leak-kinds=all ./test >test_std.txt 2> >(tee -a test_err.txt >&2) || { kill $alive_pid; echo "Valgrind failed"; exit 1; } +readonly VALGRIND_OPTS="--error-exitcode=666 --leak-check=full --show-leak-kinds=all --errors-for-leak-kinds=all" + +readonly distro="$(lsb_release -si)_$(lsb_release -sc)" +readonly suppfile=".ci/Valgrind-${distro}.supp" +function get_suppfile() { [ -f "$suppfile" ] && echo "--suppressions=$suppfile" || echo ""; } +readonly VALGRIND_EXTRA_OPTS=$(get_suppfile) + +valgrind $VALGRIND_OPTS $VALGRIND_EXTRA_OPTS ./test >test_std.txt 2> >(tee -a test_err.txt >&2) || { kill $alive_pid; echo "Valgrind failed"; exit 1; } kill $alive_pid From 8d190473364e4e58eb8340f8e7ed7f2ba7829e03 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Mon, 16 Oct 2023 12:07:55 +0200 Subject: [PATCH 38/51] Add support for more PEM file types + some fixes Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_pk.h | 1 + src/headers/tomcrypt_private.h | 6 +- src/misc/pem/pem.c | 17 + src/misc/pem/pem_pkcs.c | 167 ++++++--- src/misc/pem/pem_read.c | 8 +- src/misc/pem/pem_ssh.c | 353 +++++++++++++----- .../x509_decode_public_key_from_certificate.c | 84 ++--- src/pk/asn1/x509/x509_decode_spki.c | 82 ++++ .../x509_decode_subject_public_key_info.c | 2 +- .../x509_encode_subject_public_key_info.c | 2 +- src/pk/ed25519/ed25519_import_raw.c | 9 +- src/pk/rsa/rsa_import_x509.c | 4 +- tests/pem/extra/ed25519-cryptx.pem | 9 + tests/pem/extra/ed25519-selfsigned.pem | 11 + tests/pem_test.c | 1 + tests/ssh/extra/dsa-private.pem | 21 ++ tests/ssh/extra/dsa-public.pem | 12 + tests/ssh/extra/ecdsa256-public.pem | 5 + tests/ssh/extra/rsa-public.pem | 6 + tests/ssh/ssh-testkey-ed25519-pub | 4 + 20 files changed, 587 insertions(+), 217 deletions(-) create mode 100644 src/pk/asn1/x509/x509_decode_spki.c create mode 100644 tests/pem/extra/ed25519-cryptx.pem create mode 100644 tests/pem/extra/ed25519-selfsigned.pem create mode 100644 tests/ssh/extra/dsa-private.pem create mode 100644 tests/ssh/extra/dsa-public.pem create mode 100644 tests/ssh/extra/ecdsa256-public.pem create mode 100644 tests/ssh/extra/rsa-public.pem create mode 100644 tests/ssh/ssh-testkey-ed25519-pub diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index b03bc0b90..cb309618d 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -30,6 +30,7 @@ enum ltc_pka_id { LTC_PKA_X25519, LTC_PKA_ED25519, LTC_PKA_DH, + LTC_PKA_NUM }; enum public_key_type { diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 9d6b5f630..69d405929 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -297,6 +297,7 @@ enum pem_flags { pf_encrypted = 0x01u, pf_pkcs8 = 0x02u, pf_public = 0x04u, + pf_x509 = 0x08u, pf_encrypted_pkcs8 = pf_encrypted | pf_pkcs8, }; @@ -568,14 +569,15 @@ int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned lo enum ltc_oid_id algorithm, ltc_asn1_type param_type, ltc_asn1_list* parameters, unsigned long *parameters_len, public_key_decode_cb callback, void *ctx); +int x509_decode_spki(const unsigned char *in, unsigned long inlen, ltc_asn1_list **out, ltc_asn1_list **spki); /* SUBJECT PUBLIC KEY INFO */ int x509_encode_subject_public_key_info(unsigned char *out, unsigned long *outlen, - unsigned int algorithm, const void* public_key, unsigned long public_key_len, + enum ltc_oid_id algorithm, const void* public_key, unsigned long public_key_len, ltc_asn1_type parameters_type, ltc_asn1_list* parameters, unsigned long parameters_len); int x509_decode_subject_public_key_info(const unsigned char *in, unsigned long inlen, - unsigned int algorithm, void* public_key, unsigned long* public_key_len, + enum ltc_oid_id algorithm, void *public_key, unsigned long *public_key_len, ltc_asn1_type parameters_type, ltc_asn1_list* parameters, unsigned long *parameters_len); int pk_oid_cmp_with_ulong(const char *o1, const unsigned long *o2, unsigned long o2size); diff --git a/src/misc/pem/pem.c b/src/misc/pem/pem.c index fb1f412a9..727de8b20 100644 --- a/src/misc/pem/pem.c +++ b/src/misc/pem/pem.c @@ -24,6 +24,13 @@ const struct pem_header_id pem_std_headers[] = { .has_more_headers = no, .flags = pf_pkcs8, }, + { + /* X.509 Certificates */ + SET_CSTR(.start, "-----BEGIN CERTIFICATE-----"), + SET_CSTR(.end, "-----END CERTIFICATE-----"), + .has_more_headers = no, + .flags = pf_x509, + }, { /* Regular (plain) public keys */ SET_CSTR(.start, "-----BEGIN PUBLIC KEY-----"), @@ -31,6 +38,13 @@ const struct pem_header_id pem_std_headers[] = { .has_more_headers = no, .flags = pf_public, }, + { + SET_CSTR(.start, "-----BEGIN RSA PUBLIC KEY-----"), + SET_CSTR(.end, "-----END RSA PUBLIC KEY-----"), + .has_more_headers = no, + .pka = LTC_PKA_RSA, + .flags = pf_public, + }, /* Regular plain or encrypted private keys */ { SET_CSTR(.start, "-----BEGIN RSA PRIVATE KEY-----"), @@ -55,6 +69,9 @@ const unsigned long pem_std_headers_num = sizeof(pem_std_headers)/sizeof(pem_std /* Encrypted PEM files */ const struct str pem_proc_type_encrypted = { SET_CSTR(, "Proc-Type: 4,ENCRYPTED") }; +#if defined(LTC_SSH) +const struct str pem_ssh_comment = { SET_CSTR(, "Comment: ") }; +#endif const struct str pem_dek_info_start = { SET_CSTR(, "DEK-Info: ") }; const struct blockcipher_info pem_dek_infos[] = { diff --git a/src/misc/pem/pem_pkcs.c b/src/misc/pem/pem_pkcs.c index b38a2b1c6..f02c46407 100644 --- a/src/misc/pem/pem_pkcs.c +++ b/src/misc/pem/pem_pkcs.c @@ -45,6 +45,71 @@ static int s_decrypt_pem(unsigned char *pem, unsigned long *l, const struct pem_ return err; } +static int s_get_pka(ltc_asn1_list *pub, enum ltc_pka_id *pka) +{ + der_flexi_check flexi_should[4]; + ltc_asn1_list *seqid, *id; + enum ltc_oid_id oid_id; + int err; + unsigned long n = 0; + LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_SEQUENCE, &seqid); + LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_BIT_STRING, NULL); + LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL); + if ((err = der_flexi_sequence_cmp(pub, flexi_should)) != CRYPT_OK) { + return err; + } + n = 0; + LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_OBJECT_IDENTIFIER, &id); + LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL); + err = der_flexi_sequence_cmp(seqid, flexi_should); + if (err != CRYPT_OK && err != CRYPT_INPUT_TOO_LONG) { + return err; + } + if ((err = pk_get_oid_from_asn1(id, &oid_id)) != CRYPT_OK) { + return err; + } + return pk_get_pka_id(oid_id, pka); +} + +typedef int (*import_fn)(const unsigned char *, unsigned long, void*); + +static import_fn s_import_x509_fns[LTC_PKA_NUM] = { +#ifdef LTC_MRSA + [LTC_PKA_RSA] = (import_fn)rsa_import_x509, +#endif +#ifdef LTC_MECC + [LTC_PKA_EC] = (import_fn)ecc_import_x509, +#endif +#ifdef LTC_CURVE25519 + [LTC_PKA_X25519] = (import_fn)x25519_import_x509, + [LTC_PKA_ED25519] = (import_fn)ed25519_import_x509, +#endif +}; + +static int s_import_x509(unsigned char *pem, unsigned long l, ltc_pka_key *k) +{ + enum ltc_pka_id pka = LTC_PKA_UNDEF; + ltc_asn1_list *d, *spki; + int err; + if ((err = x509_decode_spki(pem, l, &d, &spki)) != CRYPT_OK) { + return err; + } + err = s_get_pka(spki, &pka); + der_free_sequence_flexi(d); + if (err != CRYPT_OK) { + return err; + } + if (pka < 0 + || pka > sizeof(s_import_x509_fns)/sizeof(s_import_x509_fns[0]) + || s_import_x509_fns[pka] == NULL) { + return CRYPT_PK_INVALID_TYPE; + } + if ((err = s_import_x509_fns[pka](pem, l, &k->u)) == CRYPT_OK) { + k->id = pka; + } + return err; +} + static int s_import_pkcs8(unsigned char *pem, unsigned long l, ltc_pka_key *k, const password_ctx *pw_ctx) { int err; @@ -103,6 +168,34 @@ static int s_import_pkcs8(unsigned char *pem, unsigned long l, ltc_pka_key *k, c return err; } +int s_extract_pka(unsigned char *pem, unsigned long w, enum ltc_pka_id *pka) +{ + ltc_asn1_list *pub; + int err = CRYPT_ERROR; + if ((err = der_decode_sequence_flexi(pem, &w, &pub)) != CRYPT_OK) { + return err; + } + err = s_get_pka(pub, pka); + der_sequence_free(pub); + return err; +} + +static import_fn s_import_openssl_fns[LTC_PKA_NUM] = { +#ifdef LTC_MRSA + [LTC_PKA_RSA] = (import_fn)rsa_import, +#endif +#ifdef LTC_MDSA + [LTC_PKA_DSA] = (import_fn)dsa_import, +#endif +#ifdef LTC_MECC + [LTC_PKA_EC] = (import_fn)ecc_import_openssl, +#endif +#ifdef LTC_CURVE25519 + [LTC_PKA_X25519] = (import_fn)x25519_import, + [LTC_PKA_ED25519] = (import_fn)ed25519_import, +#endif +}; + static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_ctx) { unsigned char *pem = NULL; @@ -110,9 +203,6 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_c int err = CRYPT_ERROR; struct pem_headers hdr = { 0 }; struct password pw; - ltc_asn1_list *pub = NULL, *seqid, *id; - der_flexi_check flexi_should[4]; - enum ltc_oid_id oid_id; enum ltc_pka_id pka; XMEMSET(k, 0, sizeof(*k)); w = LTC_PEM_READ_BUFSIZE * 2; @@ -135,28 +225,11 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_c if (hdr.id->flags & pf_pkcs8) { err = s_import_pkcs8(pem, l, k, pw_ctx); goto cleanup; - } else if (hdr.id->flags & pf_public) { - if ((err = der_decode_sequence_flexi(pem, &w, &pub)) != CRYPT_OK) { - goto cleanup; - } - n = 0; - LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_SEQUENCE, &seqid); - LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_BIT_STRING, NULL); - LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL); - if ((err = der_flexi_sequence_cmp(pub, flexi_should)) != CRYPT_OK) { - goto cleanup; - } - n = 0; - LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_OBJECT_IDENTIFIER, &id); - LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL); - err = der_flexi_sequence_cmp(seqid, flexi_should); - if (err != CRYPT_OK && err != CRYPT_INPUT_TOO_LONG) { - goto cleanup; - } - if ((err = pk_get_oid_from_asn1(id, &oid_id)) != CRYPT_OK) { - goto cleanup; - } - if ((err = pk_get_pka_id(oid_id, &pka)) != CRYPT_OK) { + } else if (hdr.id->flags == pf_x509) { + err = s_import_x509(pem, l, k); + goto cleanup; + } else if ((hdr.id->flags & pf_public) && hdr.id->pka == LTC_PKA_UNDEF) { + if ((err = s_extract_pka(pem, w, &pka)) != CRYPT_OK) { goto cleanup; } } else if (hdr.encrypted) { @@ -178,44 +251,18 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_c } else { pka = hdr.id->pka; } - switch (pka) { -#ifdef LTC_MDSA - case LTC_OID_DSA: - err = dsa_import(pem, l, &k->u.dsa); - k->id = LTC_PKA_DSA; - break; -#endif -#ifdef LTC_MRSA - case LTC_OID_RSA: - err = rsa_import(pem, l, &k->u.rsa); - k->id = LTC_PKA_RSA; - break; -#endif -#ifdef LTC_MECC - case LTC_OID_EC: - err = ecc_import_openssl(pem, l, &k->u.ecc); - k->id = LTC_PKA_EC; - break; -#endif -#ifdef LTC_CURVE25519 - case LTC_PKA_ED25519: - err = ed25519_import(pem, l, &k->u.ed25519); - k->id = LTC_PKA_ED25519; - break; - case LTC_PKA_X25519: - err = x25519_import(pem, l, &k->u.x25519); - k->id = LTC_PKA_X25519; - break; -#endif - default: - err = CRYPT_PK_INVALID_TYPE; - goto cleanup; + + if (pka < 0 + || pka > sizeof(s_import_openssl_fns)/sizeof(s_import_openssl_fns[0]) + || s_import_openssl_fns[pka] == NULL) { + err = CRYPT_PK_INVALID_TYPE; + goto cleanup; + } + if ((err = s_import_openssl_fns[pka](pem, l, &k->u)) == CRYPT_OK) { + k->id = pka; } cleanup: - if (pub) { - der_sequence_free(pub); - } if (hdr.pw) { zeromem(hdr.pw->pw, hdr.pw->l); XFREE(hdr.pw->pw); diff --git a/src/misc/pem/pem_read.c b/src/misc/pem/pem_read.c index 2a8271f6d..dd3e02043 100644 --- a/src/misc/pem/pem_read.c +++ b/src/misc/pem/pem_read.c @@ -10,6 +10,9 @@ #ifdef LTC_PEM extern const struct str pem_proc_type_encrypted; +#ifdef LTC_SSH +extern const struct str pem_ssh_comment; +#endif extern const struct str pem_dek_info_start; extern const struct blockcipher_info pem_dek_infos[]; extern const unsigned long pem_dek_infos_num; @@ -107,7 +110,10 @@ static int s_pem_decode_headers(struct pem_headers *hdr, struct get_char *g) switch (has_more_headers) { case 3: if (XMEMCMP(buf, pem_proc_type_encrypted.p, pem_proc_type_encrypted.len)) { - s_unget_line(buf, slen, g); +#ifdef LTC_SSH + if (XMEMCMP(buf, pem_ssh_comment.p, pem_ssh_comment.len)) +#endif + s_unget_line(buf, slen, g); if (hdr->id->has_more_headers == maybe) return CRYPT_OK; else diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c index 51410ea8c..3039bb455 100644 --- a/src/misc/pem/pem_ssh.c +++ b/src/misc/pem/pem_ssh.c @@ -54,7 +54,7 @@ struct kdf_options { }; #ifdef LTC_MECC -int ssh_find_init_ecc(const char *pka, ltc_pka_key *key) +static int s_ssh_find_init_ecc(const char *pka, ltc_pka_key *key) { int err; const char* prefix = "ecdsa-sha2-"; @@ -65,54 +65,89 @@ int ssh_find_init_ecc(const char *pka, ltc_pka_key *key) return ecc_set_curve(cu, &key->u.ecc); } -int ssh_decode_ecdsa(const unsigned char *in, unsigned long *inlen, ltc_pka_key *key) +static int s_ssh_decode_ecdsa(const unsigned char *in, unsigned long *inlen, ltc_pka_key *pka_key, enum pem_flags type) { int err; - unsigned char groupname[64], group[512], privkey[512]; - unsigned long groupnamelen = sizeof(groupname), grouplen = sizeof(group), privkeylen = sizeof(privkey); + unsigned char groupname[64], buf0[512], buf1[512]; + unsigned long groupnamelen = sizeof(groupname), buf0len = sizeof(buf0), buf1len = sizeof(buf1); + unsigned long remaining, cur_len, keylen; + const unsigned char *p, *key; - if ((err = ssh_decode_sequence_multi(in, inlen, - LTC_SSHDATA_STRING, groupname, &groupnamelen, - LTC_SSHDATA_STRING, group, &grouplen, - LTC_SSHDATA_STRING, privkey, &privkeylen, - LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { + p = in; + cur_len = *inlen; + remaining = *inlen; + + err = ssh_decode_sequence_multi(p, &cur_len, + LTC_SSHDATA_STRING, groupname, &groupnamelen, + LTC_SSHDATA_STRING, buf0, &buf0len, + LTC_SSHDATA_STRING, buf1, &buf1len, + LTC_SSHDATA_EOL, NULL); + if (err == CRYPT_OK) { + key = buf1; + keylen = buf1len; + } else if (err == CRYPT_BUFFER_OVERFLOW && buf0len != sizeof(buf0) && buf1len == sizeof(buf1)) { + key = buf0; + keylen = buf0len; + } else { goto cleanup; } - if ((err = ecc_set_key(privkey, privkeylen, PK_PRIVATE, &key->u.ecc)) != CRYPT_OK) { - goto cleanup; - } + remaining -= cur_len; + cur_len = remaining; - key->id = LTC_PKA_EC; + err = ecc_set_key(key, keylen, type == pf_public ? PK_PUBLIC : PK_PRIVATE, &pka_key->u.ecc); cleanup: zeromem(groupname, sizeof(groupname)); - zeromem(group, sizeof(group)); - zeromem(privkey, sizeof(privkey)); + zeromem(buf0, sizeof(buf0)); + zeromem(buf1, sizeof(buf1)); + if (err == CRYPT_OK) { + pka_key->id = LTC_PKA_EC; + *inlen -= remaining; + } return err; } #endif #ifdef LTC_CURVE25519 -int ssh_decode_ed25519(const unsigned char *in, unsigned long *inlen, ltc_pka_key *key) +static int s_ssh_decode_ed25519(const unsigned char *in, unsigned long *inlen, ltc_pka_key *key, enum pem_flags type) { int err; - unsigned char pubkey[2048], privkey[2048]; + unsigned char pubkey[64], privkey[96]; unsigned long pubkeylen = sizeof(pubkey), privkeylen = sizeof(privkey); + unsigned long remaining, cur_len; + const unsigned char *p; - if ((err = ssh_decode_sequence_multi(in, inlen, + p = in; + cur_len = *inlen; + remaining = *inlen; + + if ((err = ssh_decode_sequence_multi(p, &cur_len, LTC_SSHDATA_STRING, pubkey, &pubkeylen, - LTC_SSHDATA_STRING, privkey, &privkeylen, LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { goto cleanup; } - if ((err = ed25519_import_raw(&privkey[32], 32, PK_PRIVATE, &key->u.ed25519)) != CRYPT_OK) { + if (type == pf_public) { + if ((err = ed25519_import_raw(pubkey, pubkeylen, PK_PUBLIC, &key->u.ed25519)) != CRYPT_OK) { + goto cleanup; + } + key->id = LTC_PKA_ED25519; + goto cleanup; + } + + p += cur_len; + remaining -= cur_len; + cur_len = remaining; + + if ((err = ssh_decode_sequence_multi(p, &cur_len, + LTC_SSHDATA_STRING, privkey, &privkeylen, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { goto cleanup; } - if (pubkeylen == sizeof(key->u.ed25519.pub)) { - XMEMCPY(key->u.ed25519.pub, pubkey, pubkeylen); + if ((err = ed25519_import_raw(privkey, privkeylen, PK_PRIVATE, &key->u.ed25519)) != CRYPT_OK) { + goto cleanup; } key->id = LTC_PKA_ED25519; @@ -120,43 +155,150 @@ int ssh_decode_ed25519(const unsigned char *in, unsigned long *inlen, ltc_pka_ke cleanup: zeromem(pubkey, sizeof(pubkey)); zeromem(privkey, sizeof(privkey)); + if (err == CRYPT_OK) { + remaining -= cur_len; + *inlen -= remaining; + } return err; } #endif #ifdef LTC_MRSA -int ssh_decode_rsa(const unsigned char *in, unsigned long *inlen, ltc_pka_key *key) +static int s_ssh_decode_dsa(const unsigned char *in, unsigned long *inlen, ltc_pka_key *key, enum pem_flags type) { - int err; - void *tmp1, *tmp2; - if ((err = mp_init_multi(&tmp1, &tmp2, NULL)) != CRYPT_OK) { + int err, stat; + unsigned long remaining, cur_len; + const unsigned char *p; + if ((err = dsa_int_init(&key->u.dsa)) != CRYPT_OK) { + return err; + } + + p = in; + cur_len = *inlen; + remaining = *inlen; + + if ((err = ssh_decode_sequence_multi(p, &cur_len, + LTC_SSHDATA_MPINT, key->u.dsa.p, + LTC_SSHDATA_MPINT, key->u.dsa.q, + LTC_SSHDATA_MPINT, key->u.dsa.g, + LTC_SSHDATA_MPINT, key->u.dsa.y, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { goto cleanup; } - if ((err = rsa_init(&key->u.rsa)) != CRYPT_OK) { + key->u.dsa.qord = mp_unsigned_bin_size(key->u.dsa.q); + if ((err = dsa_int_validate_pqg(&key->u.dsa, &stat)) != CRYPT_OK) { + goto cleanup; + } + if (stat == 0) { + err = CRYPT_INVALID_PACKET; + goto cleanup; + } + + if (type == pf_public) { + key->id = LTC_PKA_DSA; + key->u.dsa.type = PK_PUBLIC; + goto cleanup; + } + + p += cur_len; + remaining -= cur_len; + cur_len = remaining; + + if ((err = ssh_decode_sequence_multi(p, &cur_len, + LTC_SSHDATA_MPINT, key->u.dsa.x, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { goto cleanup; } - if ((err = ssh_decode_sequence_multi(in, inlen, + key->id = LTC_PKA_DSA; + key->u.dsa.type = PK_PRIVATE; + +cleanup: + if (err != CRYPT_OK) { + dsa_free(&key->u.dsa); + } else { + remaining -= cur_len; + *inlen -= remaining; + } + + return err; + +} +#endif + +#ifdef LTC_MRSA +static int s_ssh_decode_rsa(const unsigned char *in, unsigned long *inlen, ltc_pka_key *key, enum pem_flags type) +{ + int err; + void *tmp1, *tmp2; + unsigned long remaining, cur_len; + const unsigned char *p; + + if ((err = rsa_init(&key->u.rsa)) != CRYPT_OK) { + return err; + } + + p = in; + cur_len = *inlen; + remaining = *inlen; + + /* ssh-rsa public and private keys contain `e` and `N` in a different order + * public contains `e`, then `N` + * private contains `N`, then `e` + * change the order later on if we import a public key */ + if ((err = ssh_decode_sequence_multi(p, &cur_len, LTC_SSHDATA_MPINT, key->u.rsa.N, LTC_SSHDATA_MPINT, key->u.rsa.e, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { + goto cleanup; + } + + p += cur_len; + remaining -= cur_len; + cur_len = remaining; + + if (type == pf_public) { + /* c.f. comment above */ + void *exch = key->u.rsa.N; + key->u.rsa.N = key->u.rsa.e; + key->u.rsa.e = exch; + key->id = LTC_PKA_RSA; + key->u.rsa.type = PK_PUBLIC; + *inlen -= remaining; + goto cleanup; + } + + if ((err = mp_init_multi(&tmp1, &tmp2, NULL)) != CRYPT_OK) { + goto cleanup; + } + + if ((err = ssh_decode_sequence_multi(p, &cur_len, LTC_SSHDATA_MPINT, key->u.rsa.d, LTC_SSHDATA_MPINT, key->u.rsa.qP, - LTC_SSHDATA_MPINT, key->u.rsa.q, LTC_SSHDATA_MPINT, key->u.rsa.p, + LTC_SSHDATA_MPINT, key->u.rsa.q, LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { - goto cleanup; + goto cleanup_tmps; } - if ((err = mp_sub_d(key->u.rsa.p, 1, tmp1)) != CRYPT_OK) { goto cleanup; } /* tmp1 = q-1 */ - if ((err = mp_sub_d(key->u.rsa.q, 1, tmp2)) != CRYPT_OK) { goto cleanup; } /* tmp2 = p-1 */ - if ((err = mp_mod( key->u.rsa.d, tmp1, key->u.rsa.dP)) != CRYPT_OK) { goto cleanup; } /* dP = d mod p-1 */ - if ((err = mp_mod( key->u.rsa.d, tmp2, key->u.rsa.dQ)) != CRYPT_OK) { goto cleanup; } /* dQ = d mod q-1 */ + if ((err = mp_sub_d(key->u.rsa.p, 1, tmp1)) != CRYPT_OK) { goto cleanup_tmps; } /* tmp1 = q-1 */ + if ((err = mp_sub_d(key->u.rsa.q, 1, tmp2)) != CRYPT_OK) { goto cleanup_tmps; } /* tmp2 = p-1 */ + if ((err = mp_mod(key->u.rsa.d, tmp1, key->u.rsa.dP)) != CRYPT_OK) { goto cleanup_tmps; } /* dP = d mod p-1 */ + if ((err = mp_mod(key->u.rsa.d, tmp2, key->u.rsa.dQ)) != CRYPT_OK) { goto cleanup_tmps; } /* dQ = d mod q-1 */ key->id = LTC_PKA_RSA; + key->u.rsa.type = PK_PRIVATE; -cleanup: +cleanup_tmps: mp_clear_multi(tmp2, tmp1, NULL); +cleanup: + if (err != CRYPT_OK) { + rsa_free(&key->u.rsa); + } else { + remaining -= cur_len; + *inlen -= remaining; + } return err; } @@ -165,22 +307,25 @@ int ssh_decode_rsa(const unsigned char *in, unsigned long *inlen, ltc_pka_key *k struct ssh_pka { const char *name; int (*init)(const char*, ltc_pka_key*); - int (*decode)(const unsigned char*, unsigned long*, ltc_pka_key*); + int (*decode)(const unsigned char*, unsigned long*, ltc_pka_key*, enum pem_flags); }; struct ssh_pka ssh_pkas[] = { #ifdef LTC_CURVE25519 - { "ssh-ed25519", NULL, ssh_decode_ed25519 }, + { "ssh-ed25519", NULL, s_ssh_decode_ed25519 }, #endif #ifdef LTC_MRSA - { "ssh-rsa", NULL, ssh_decode_rsa }, + { "ssh-rsa", NULL, s_ssh_decode_rsa }, +#endif +#ifdef LTC_MDSA + { "ssh-dss", NULL, s_ssh_decode_dsa }, #endif #ifdef LTC_MECC - { NULL, ssh_find_init_ecc, ssh_decode_ecdsa }, + { NULL, s_ssh_find_init_ecc, s_ssh_decode_ecdsa }, #endif }; -static int s_decode_private_key(const unsigned char *in, unsigned long *inlen, ltc_pka_key *key) +static int s_decode_key(const unsigned char *in, unsigned long *inlen, ltc_pka_key *key, enum pem_flags type) { int err; ulong32 check1, check2; @@ -196,20 +341,31 @@ static int s_decode_private_key(const unsigned char *in, unsigned long *inlen, l p = in; cur_len = *inlen; + remaining = *inlen; + if (type != pf_public) { + if ((err = ssh_decode_sequence_multi(p, &cur_len, + LTC_SSHDATA_UINT32, &check1, + LTC_SSHDATA_UINT32, &check2, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { + return err; + } + if (check1 != check2) { + return CRYPT_INVALID_PACKET; + } + + p += cur_len; + remaining -= cur_len; + cur_len = remaining; + } if ((err = ssh_decode_sequence_multi(p, &cur_len, - LTC_SSHDATA_UINT32, &check1, - LTC_SSHDATA_UINT32, &check2, LTC_SSHDATA_STRING, pka, &pkalen, LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { return err; } - if (check1 != check2) { - return CRYPT_INVALID_PACKET; - } p += cur_len; - remaining = *inlen - cur_len; + remaining -= cur_len; cur_len = remaining; for (n = 0; n < sizeof(ssh_pkas)/sizeof(ssh_pkas[0]); ++n) { @@ -219,7 +375,7 @@ static int s_decode_private_key(const unsigned char *in, unsigned long *inlen, l if ((ssh_pkas[n].init == NULL) || (ssh_pkas[n].init((char*)pka, key) != CRYPT_OK)) continue; } - if ((err = ssh_pkas[n].decode(p, &cur_len, key)) != CRYPT_OK) { + if ((err = ssh_pkas[n].decode(p, &cur_len, key, type)) != CRYPT_OK) { return err; } break; @@ -232,10 +388,12 @@ static int s_decode_private_key(const unsigned char *in, unsigned long *inlen, l remaining -= cur_len; cur_len = remaining; - if ((err = ssh_decode_sequence_multi(p, &cur_len, - LTC_SSHDATA_STRING, comment, &commentlen, - LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { - return err; + if (cur_len != 0) { + if ((err = ssh_decode_sequence_multi(p, &cur_len, + LTC_SSHDATA_STRING, comment, &commentlen, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { + return err; + } } p += cur_len; @@ -345,65 +503,86 @@ static int s_decode_header(unsigned char *in, unsigned long *inlen, struct kdf_o return err; } -static const struct pem_header_id pem_openssh = + +static const struct pem_header_id pem_openssh[] = { { SET_CSTR(.start, "-----BEGIN OPENSSH PRIVATE KEY-----"), SET_CSTR(.end, "-----END OPENSSH PRIVATE KEY-----"), - .has_more_headers = 0 - }; + .has_more_headers = no + }, + { + SET_CSTR(.start, "---- BEGIN SSH2 PUBLIC KEY ----"), + SET_CSTR(.end, "---- END SSH2 PUBLIC KEY ----"), + .has_more_headers = maybe, + .flags = pf_public + }, +}; +static const unsigned long pem_openssh_num = sizeof(pem_openssh)/sizeof(pem_openssh[0]); static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_ctx) { unsigned char *pem = NULL, *p, *privkey = NULL; - unsigned long w, l, privkey_len; + unsigned long n, w, l, privkey_len; int err; - struct pem_headers hdr = { .id = &pem_openssh }; + struct pem_headers hdr; struct kdf_options opts = { 0 }; XMEMSET(k, 0, sizeof(*k)); w = LTC_PEM_READ_BUFSIZE * 2; retry: pem = XREALLOC(pem, w); - err = pem_read(pem, &w, &hdr, g); - if (err == CRYPT_BUFFER_OVERFLOW) { - goto retry; - } else if (err != CRYPT_OK) { - goto cleanup; + for (n = 0; n < pem_openssh_num; ++n) { + hdr.id = &pem_openssh[n]; + err = pem_read(pem, &w, &hdr, g); + if (err == CRYPT_BUFFER_OVERFLOW) { + goto retry; + } else if (err == CRYPT_OK) { + break; + } + hdr.id = NULL; } - l = w; - if ((err = s_decode_header(pem, &w, &opts)) != CRYPT_OK) { + /* id not found */ + if (hdr.id == NULL) { goto cleanup; } - p = pem + w; - l -= w; - w = l; - - privkey_len = l; - privkey = XMALLOC(privkey_len); + p = pem; + l = w; + if (hdr.id->flags != pf_public) { + if ((err = s_decode_header(pem, &w, &opts)) != CRYPT_OK) { + goto cleanup; + } + p = pem + w; + l -= w; + w = l; - if ((err = ssh_decode_sequence_multi(p, &w, - LTC_SSHDATA_STRING, privkey, &privkey_len, - LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { - goto cleanup; - } + privkey_len = l; + privkey = XMALLOC(privkey_len); - if (XSTRCMP(opts.name, "none") != 0) { - if ((pw_ctx == NULL) || (pw_ctx->callback == NULL)) { - err = CRYPT_PW_CTX_MISSING; + if ((err = ssh_decode_sequence_multi(p, &w, + LTC_SSHDATA_STRING, privkey, &privkey_len, + LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { goto cleanup; } - if (pw_ctx->callback(&opts.pw.pw, &opts.pw.l, pw_ctx->userdata)) { - err = CRYPT_ERROR; - goto cleanup; + + if (XSTRCMP(opts.name, "none") != 0) { + if ((pw_ctx == NULL) || (pw_ctx->callback == NULL)) { + err = CRYPT_PW_CTX_MISSING; + goto cleanup; + } + if (pw_ctx->callback(&opts.pw.pw, &opts.pw.l, pw_ctx->userdata)) { + err = CRYPT_ERROR; + goto cleanup; + } + w = privkey_len; + if ((err = s_decrypt_private_keys(privkey, &privkey_len, &opts)) != CRYPT_OK) { + goto cleanup; + } + zeromem(opts.pw.pw, opts.pw.l); } + + p = privkey; w = privkey_len; - if ((err = s_decrypt_private_keys(privkey, &privkey_len, &opts)) != CRYPT_OK) { - goto cleanup; - } - zeromem(opts.pw.pw, opts.pw.l); } - - w = privkey_len; - if ((err = s_decode_private_key(privkey, &w, k)) != CRYPT_OK) { + if ((err = s_decode_key(p, &w, k, hdr.id->flags)) != CRYPT_OK) { goto cleanup; } diff --git a/src/pk/asn1/x509/x509_decode_public_key_from_certificate.c b/src/pk/asn1/x509/x509_decode_public_key_from_certificate.c index feff868fa..45a1c6f60 100644 --- a/src/pk/asn1/x509/x509_decode_public_key_from_certificate.c +++ b/src/pk/asn1/x509/x509_decode_public_key_from_certificate.c @@ -9,14 +9,6 @@ #ifdef LTC_DER -/* Check if it looks like a SubjectPublicKeyInfo */ -#define LOOKS_LIKE_SPKI(l) ((l) != NULL) \ -&& ((l)->type == LTC_ASN1_SEQUENCE) \ -&& ((l)->child != NULL) \ -&& ((l)->child->type == LTC_ASN1_OBJECT_IDENTIFIER) \ -&& ((l)->next != NULL) \ -&& ((l)->next->type == LTC_ASN1_BIT_STRING) - /** Try to decode the public key from a X.509 certificate @param in The input buffer @@ -27,7 +19,9 @@ @param parameters_len [in/out] The number of parameters to include @param callback The callback @param ctx The context passed to the callback - @return CRYPT_OK on success, CRYPT_NOP if no SubjectPublicKeyInfo was found + @return CRYPT_OK on success, + CRYPT_NOP if no SubjectPublicKeyInfo was found, + another error if decoding or memory allocation failed */ int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned long inlen, enum ltc_oid_id algorithm, ltc_asn1_type param_type, @@ -35,67 +29,35 @@ int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned lo public_key_decode_cb callback, void *ctx) { int err; - unsigned char *tmpbuf; - unsigned long tmpbuf_len, tmp_inlen; - ltc_asn1_list *decoded_list = NULL, *l; + unsigned char *tmpbuf = NULL; + unsigned long tmpbuf_len; + ltc_asn1_list *decoded_list = NULL, *spki; LTC_ARGCHK(in != NULL); LTC_ARGCHK(inlen != 0); LTC_ARGCHK(callback != NULL); - tmpbuf_len = inlen; - tmpbuf = XCALLOC(1, tmpbuf_len); - if (tmpbuf == NULL) { - err = CRYPT_MEM; - goto LBL_OUT; + if ((err = x509_decode_spki(in, inlen, &decoded_list, &spki)) != CRYPT_OK) { + return err; } - tmp_inlen = inlen; - if ((err = der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list)) == CRYPT_OK) { - l = decoded_list; - - err = CRYPT_NOP; + if (algorithm == LTC_OID_EC) { + err = callback(spki->data, spki->size, ctx); + } else { - /* Move 2 levels up in the tree - SEQUENCE - SEQUENCE - ... - */ - if ((l->type == LTC_ASN1_SEQUENCE) && (l->child != NULL)) { - l = l->child; - if ((l->type == LTC_ASN1_SEQUENCE) && (l->child != NULL)) { - l = l->child; + tmpbuf_len = inlen; + tmpbuf = XCALLOC(1, tmpbuf_len); + if (tmpbuf == NULL) { + err = CRYPT_MEM; + goto LBL_OUT; + } - /* Move forward in the tree until we find this combination - ... - SEQUENCE - SEQUENCE - OBJECT IDENTIFIER - NULL - BIT STRING - */ - do { - /* The additional check for l->data is there to make sure - * we won't try to decode a list that has been 'shrunk' - */ - if ((l->type == LTC_ASN1_SEQUENCE) - && (l->data != NULL) - && LOOKS_LIKE_SPKI(l->child)) { - if (algorithm == LTC_OID_EC) { - err = callback(l->data, l->size, ctx); - } else { - err = x509_decode_subject_public_key_info(l->data, l->size, - algorithm, tmpbuf, &tmpbuf_len, - param_type, parameters, parameters_len); - if (err == CRYPT_OK) { - err = callback(tmpbuf, tmpbuf_len, ctx); - goto LBL_OUT; - } - } - } - l = l->next; - } while(l); - } + err = x509_decode_subject_public_key_info(spki->data, spki->size, + algorithm, tmpbuf, &tmpbuf_len, + param_type, parameters, parameters_len); + if (err == CRYPT_OK) { + err = callback(tmpbuf, tmpbuf_len, ctx); + goto LBL_OUT; } } diff --git a/src/pk/asn1/x509/x509_decode_spki.c b/src/pk/asn1/x509/x509_decode_spki.c new file mode 100644 index 000000000..147aaf1c6 --- /dev/null +++ b/src/pk/asn1/x509/x509_decode_spki.c @@ -0,0 +1,82 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + +/** + @file x509_decode_public_key_from_certificate.c + ASN.1 DER/X.509, decode a SubjectPublicKeyInfo +*/ + +#ifdef LTC_DER + +/* Check if it looks like a SubjectPublicKeyInfo */ +#define LOOKS_LIKE_SPKI(l) ((l) != NULL) \ +&& ((l)->type == LTC_ASN1_SEQUENCE) \ +&& ((l)->child != NULL) \ +&& ((l)->child->type == LTC_ASN1_OBJECT_IDENTIFIER) \ +&& ((l)->next != NULL) \ +&& ((l)->next->type == LTC_ASN1_BIT_STRING) + +/** + DER decode a X.509 certificate and return the SubjectPublicKeyInfo + @param in The input buffer + @param inlen The length of the input buffer + @param out [out] A pointer to the decoded linked list (you take ownership of this one and + `der_free_sequence_flexi()` it when you're done) + @param spki [out] A pointer to the SubjectPublicKeyInfo + @return CRYPT_OK on success, CRYPT_NOP if no SubjectPublicKeyInfo was found, another error if decoding failed +*/ +int x509_decode_spki(const unsigned char *in, unsigned long inlen, ltc_asn1_list **out, ltc_asn1_list **spki) +{ + int err; + unsigned long tmp_inlen; + ltc_asn1_list *decoded_list = NULL, *l; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(inlen != 0); + + tmp_inlen = inlen; + if ((err = der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list)) == CRYPT_OK) { + l = decoded_list; + + err = CRYPT_NOP; + + /* Move 2 levels up in the tree + SEQUENCE + SEQUENCE + ... + */ + if ((l->type == LTC_ASN1_SEQUENCE) && (l->child != NULL)) { + l = l->child; + if ((l->type == LTC_ASN1_SEQUENCE) && (l->child != NULL)) { + l = l->child; + + /* Move forward in the tree until we find this combination + ... + SEQUENCE + SEQUENCE + OBJECT IDENTIFIER + NULL + BIT STRING + */ + do { + /* The additional check for l->data is there to make sure + * we won't try to decode a list that has been 'shrunk' + */ + if ((l->type == LTC_ASN1_SEQUENCE) + && (l->data != NULL) + && LOOKS_LIKE_SPKI(l->child)) { + *out = decoded_list; + *spki = l; + return CRYPT_OK; + } + l = l->next; + } while(l); + } + } + } + if (decoded_list) der_free_sequence_flexi(decoded_list); + return err; +} + +#endif diff --git a/src/pk/asn1/x509/x509_decode_subject_public_key_info.c b/src/pk/asn1/x509/x509_decode_subject_public_key_info.c index a94362d7b..f958825df 100644 --- a/src/pk/asn1/x509/x509_decode_subject_public_key_info.c +++ b/src/pk/asn1/x509/x509_decode_subject_public_key_info.c @@ -32,7 +32,7 @@ @return CRYPT_OK on success */ int x509_decode_subject_public_key_info(const unsigned char *in, unsigned long inlen, - unsigned int algorithm, void* public_key, unsigned long* public_key_len, + enum ltc_oid_id algorithm, void *public_key, unsigned long *public_key_len, ltc_asn1_type parameters_type, ltc_asn1_list* parameters, unsigned long *parameters_len) { int err; diff --git a/src/pk/asn1/x509/x509_encode_subject_public_key_info.c b/src/pk/asn1/x509/x509_encode_subject_public_key_info.c index fd0a5d061..874574d05 100644 --- a/src/pk/asn1/x509/x509_encode_subject_public_key_info.c +++ b/src/pk/asn1/x509/x509_encode_subject_public_key_info.c @@ -32,7 +32,7 @@ @return CRYPT_OK on success */ int x509_encode_subject_public_key_info(unsigned char *out, unsigned long *outlen, - unsigned int algorithm, const void* public_key, unsigned long public_key_len, + enum ltc_oid_id algorithm, const void* public_key, unsigned long public_key_len, ltc_asn1_type parameters_type, ltc_asn1_list* parameters, unsigned long parameters_len) { int err; diff --git a/src/pk/ed25519/ed25519_import_raw.c b/src/pk/ed25519/ed25519_import_raw.c index d62812282..6d470739d 100644 --- a/src/pk/ed25519/ed25519_import_raw.c +++ b/src/pk/ed25519/ed25519_import_raw.c @@ -21,13 +21,18 @@ int ed25519_import_raw(const unsigned char *in, unsigned long inlen, int which, curve25519_key *key) { LTC_ARGCHK(in != NULL); - LTC_ARGCHK(inlen == 32uL); LTC_ARGCHK(key != NULL); if (which == PK_PRIVATE) { + LTC_ARGCHK(inlen == 32uL || inlen == 64uL); XMEMCPY(key->priv, in, sizeof(key->priv)); - tweetnacl_crypto_sk_to_pk(key->pub, key->priv); + if (inlen == 32) { + tweetnacl_crypto_sk_to_pk(key->pub, key->priv); + } else { + XMEMCPY(key->pub, in + 32, sizeof(key->pub)); + } } else if (which == PK_PUBLIC) { + LTC_ARGCHK(inlen == 32uL); XMEMCPY(key->pub, in, sizeof(key->pub)); } else { return CRYPT_INVALID_ARG; diff --git a/src/pk/rsa/rsa_import_x509.c b/src/pk/rsa/rsa_import_x509.c index e921aae07..4d157ead4 100644 --- a/src/pk/rsa/rsa_import_x509.c +++ b/src/pk/rsa/rsa_import_x509.c @@ -39,8 +39,8 @@ int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key) } if ((err = x509_decode_public_key_from_certificate(in, inlen, - LTC_OID_RSA, LTC_ASN1_NULL, - NULL, NULL, + LTC_OID_RSA, + LTC_ASN1_NULL, NULL, NULL, (public_key_decode_cb)s_rsa_decode, key)) != CRYPT_OK) { rsa_free(key); } else { diff --git a/tests/pem/extra/ed25519-cryptx.pem b/tests/pem/extra/ed25519-cryptx.pem new file mode 100644 index 000000000..771c68eec --- /dev/null +++ b/tests/pem/extra/ed25519-cryptx.pem @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE----- +MIIBODCB66ADAgECAhRWDU9FZBBUZ7KTdX8f7Bco8jsoaTAFBgMrZXAwETEPMA0G +A1UEAwwGQ3J5cHRYMCAXDTIwMDExOTEzMDIwMloYDzIyOTMxMTAyMTMwMjAyWjAR +MQ8wDQYDVQQDDAZDcnlwdFgwKjAFBgMrZXADIQCgXRrqWDCsmmXN+zhGYNSX42l8 +RrQZzyzshd6L0kVFnaNTMFEwHQYDVR0OBBYEFHCGFtVibAxxWYyRt5wazMpqSZDV +MB8GA1UdIwQYMBaAFHCGFtVibAxxWYyRt5wazMpqSZDVMA8GA1UdEwEB/wQFMAMB +Af8wBQYDK2VwA0EAqG/+98smzqF/wmFX3zHXSaA67as202HnBJod1Tiurw1f+lr3 +BX6OMtsDpgRq9O77IF1Qyx/MdJEwwErczOIbAA== +-----END CERTIFICATE----- diff --git a/tests/pem/extra/ed25519-selfsigned.pem b/tests/pem/extra/ed25519-selfsigned.pem new file mode 100644 index 000000000..64ac14144 --- /dev/null +++ b/tests/pem/extra/ed25519-selfsigned.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBhDCCATagAwIBAgIUHDa8kJUZeCuIhknPJ/wDeBW6gZgwBQYDK2VwMDgxNjA0 +BgNVBAMMLVB1YmxpYyBkb21haW4gZWQyNTUxOSBzZWxmLXNpZ25lZCBjZXJ0aWZp +Y2F0ZTAgFw0xOTA1MjMyMTAxMTZaGA8yMTE5MDUyNDIxMDExNlowODE2MDQGA1UE +AwwtUHVibGljIGRvbWFpbiBlZDI1NTE5IHNlbGYtc2lnbmVkIGNlcnRpZmljYXRl +MCowBQYDK2VwAyEAUEiKvHT0KHXOtNjIhaImokxbiog+Ki6lcgce05tf9UKjUDBO +MB0GA1UdDgQWBBS3fmpWaPK2fNpblEmg4tG4ZHO2BDAfBgNVHSMEGDAWgBS3fmpW +aPK2fNpblEmg4tG4ZHO2BDAMBgNVHRMEBTADAQH/MAUGAytlcANBADOnwkj8etmx +mTaXUP29RaenxpN8dQoQ4wnnIJwxQxTcVWOt2PlUxCFoB9gs0+YZOzhXnQg4hfqk +t/HPExwoZQg= +-----END CERTIFICATE----- diff --git a/tests/pem_test.c b/tests/pem_test.c index 256f2d33f..eea300046 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -126,6 +126,7 @@ int pem_test(void) #ifdef LTC_SSH DO(test_process_dir("tests/ssh", &key, s_pem_decode_ssh, NULL, (dir_cleanup_cb)pka_key_free, "pem_test+ssh")); DO(test_process_dir("tests/ssh", &key, NULL, s_pem_decode_ssh_f, (dir_cleanup_cb)pka_key_free, "pem_test_filehandle+ssh")); + DO(test_process_dir("tests/ssh/extra", &key, s_pem_decode_ssh, NULL, (dir_cleanup_cb)pka_key_free, "pem_test+ssh+extra")); #endif #if defined(LTC_MDSA) diff --git a/tests/ssh/extra/dsa-private.pem b/tests/ssh/extra/dsa-private.pem new file mode 100644 index 000000000..6b4efa4b0 --- /dev/null +++ b/tests/ssh/extra/dsa-private.pem @@ -0,0 +1,21 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABsQAAAAdzc2gtZH +NzAAAAgQClPP2r5pBXhp0qsGBu3WZ0JRvtNUDWsbtxeb9DXC/0kVFuyHaVKvLdeLIitJgO +so6YS4Tn+bfILoExFQZZT/OgDUmxYoB+1jd7+snSVqputKTYTRzf/+dHJzbSLF28Xqt1bb +COuKZB9TianmQxy5ru95OE9BCjs7MpUnxf8LVQSQAAABUAoabmyx1YsDwfo0r1G/HuEx0u +zwUAAACACQ9TzAokwkGtccg/zQljmowrn0ziMygIZupfp5QVT4iiPtutl6WLdduynuJjy/ +FyQYs6E40kDdPLhzIP/C+lv3HTtmmfpoZAZ0tcQJvNwwMKi6w62kdcP+EERca+VW8svKp3 +o6z40yaGwTdQRrL/OMB5I5qAp+qRSH5BmHgE5SYAAACAB2D1NczFQUw1q7u0jQuBtlMlhl +mGC4y8rQVR30JgWudQpqq0rNpAnxixgNcp32BDbMXCavZ7F62+Itex+QRyRZB9IOwVA6Xg +Xi6/ILCt1oH6lsLWbA5JbTm8PXIVA/7Iiuqv3ZP30iAdh6NIp3r+5OvGeWZDSOFzsLhLLA +FYZsAAAAHwKUeNkClHjZAAAAAHc3NoLWRzcwAAAIEApTz9q+aQV4adKrBgbt1mdCUb7TVA +1rG7cXm/Q1wv9JFRbsh2lSry3XiyIrSYDrKOmEuE5/m3yC6BMRUGWU/zoA1JsWKAftY3e/ +rJ0laqbrSk2E0c3//nRyc20ixdvF6rdW2wjrimQfU4mp5kMcua7veThPQQo7OzKVJ8X/C1 +UEkAAAAVAKGm5ssdWLA8H6NK9Rvx7hMdLs8FAAAAgAkPU8wKJMJBrXHIP80JY5qMK59M4j +MoCGbqX6eUFU+Ioj7brZeli3Xbsp7iY8vxckGLOhONJA3Ty4cyD/wvpb9x07Zpn6aGQGdL +XECbzcMDCousOtpHXD/hBEXGvlVvLLyqd6Os+NMmhsE3UEay/zjAeSOagKfqkUh+QZh4BO +UmAAAAgAdg9TXMxUFMNau7tI0LgbZTJYZZhguMvK0FUd9CYFrnUKaqtKzaQJ8YsYDXKd9g +Q2zFwmr2exetviLXsfkEckWQfSDsFQOl4F4uvyCwrdaB+pbC1mwOSW05vD1yFQP+yIrqr9 +2T99IgHYejSKd6/uTrxnlmQ0jhc7C4SywBWGbAAAAAFQCYwb2dlv1ktqrIWBTO+Hn+CJ4w +RAAAABNUaGlzIGlzIGEgdGVzdCBrZXkhAQIDBAUGBw== +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/ssh/extra/dsa-public.pem b/tests/ssh/extra/dsa-public.pem new file mode 100644 index 000000000..3367b2848 --- /dev/null +++ b/tests/ssh/extra/dsa-public.pem @@ -0,0 +1,12 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +Comment: "1024-bit DSA, converted by user@machine from OpenSSH" +AAAAB3NzaC1kc3MAAACBAKU8/avmkFeGnSqwYG7dZnQlG+01QNaxu3F5v0NcL/SRUW7Idp +Uq8t14siK0mA6yjphLhOf5t8gugTEVBllP86ANSbFigH7WN3v6ydJWqm60pNhNHN//50cn +NtIsXbxeq3VtsI64pkH1OJqeZDHLmu73k4T0EKOzsylSfF/wtVBJAAAAFQChpubLHViwPB ++jSvUb8e4THS7PBQAAAIAJD1PMCiTCQa1xyD/NCWOajCufTOIzKAhm6l+nlBVPiKI+262X +pYt127Ke4mPL8XJBizoTjSQN08uHMg/8L6W/cdO2aZ+mhkBnS1xAm83DAwqLrDraR1w/4Q +RFxr5Vbyy8qnejrPjTJobBN1BGsv84wHkjmoCn6pFIfkGYeATlJgAAAIAHYPU1zMVBTDWr +u7SNC4G2UyWGWYYLjLytBVHfQmBa51CmqrSs2kCfGLGA1ynfYENsxcJq9nsXrb4i17H5BH +JFkH0g7BUDpeBeLr8gsK3WgfqWwtZsDkltObw9chUD/siK6q/dk/fSIB2Ho0inev7k68Z5 +ZkNI4XOwuEssAVhmwA== +---- END SSH2 PUBLIC KEY ---- diff --git a/tests/ssh/extra/ecdsa256-public.pem b/tests/ssh/extra/ecdsa256-public.pem new file mode 100644 index 000000000..f7c3e9b94 --- /dev/null +++ b/tests/ssh/extra/ecdsa256-public.pem @@ -0,0 +1,5 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +Comment: "256-bit ECDSA, converted by miko@YUE from OpenSSH" +AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI4QIXX6Mg0NWD6OvW +qb/L88sTs56hqs5sXkAh6vr9NleFczaijCUyn/9qLz/CfWg1pqj3KgOiFZ4ByT3xYfJIs= +---- END SSH2 PUBLIC KEY ---- diff --git a/tests/ssh/extra/rsa-public.pem b/tests/ssh/extra/rsa-public.pem new file mode 100644 index 000000000..cb051bb4f --- /dev/null +++ b/tests/ssh/extra/rsa-public.pem @@ -0,0 +1,6 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +Comment: "1024-bit RSA, converted by miko@YUE from OpenSSH" +AAAAB3NzaC1yc2EAAAADAQABAAAAgQC458k0igFgcvkrDjUKo0gIgPW0+7QEPck7/DXIpG +AkHzHDTQLu7/IzxBDCL7iQhF2eQwaR/s9SXjs2DV/OT3SXM3QjJO4PS3nHkzfP7Zjqm9LG +SicBgR8x5LPmxoNVA3qOInMP5xhhgbKYYusuBMAlpEgq/T9uCvLIuvRnGhBTDw== +---- END SSH2 PUBLIC KEY ---- diff --git a/tests/ssh/ssh-testkey-ed25519-pub b/tests/ssh/ssh-testkey-ed25519-pub new file mode 100644 index 000000000..92bbf5b3f --- /dev/null +++ b/tests/ssh/ssh-testkey-ed25519-pub @@ -0,0 +1,4 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +Comment: "256-bit ED25519, converted by root@b9ac43ae19a4 from OpenSSH" +AAAAC3NzaC1lZDI1NTE5AAAAIKBYb96Jh+GNPVVRyb4gQSwk++R89VAbg+PU/nPyLBgb +---- END SSH2 PUBLIC KEY ---- From fe3b3e627b0e4e5ba507f4c44334e5a8b822ec1e Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Mon, 16 Oct 2023 19:17:31 +0200 Subject: [PATCH 39/51] Add generic PEM decode APIs Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt.h | 3 +- src/headers/tomcrypt_misc.h | 3 + src/misc/error_to_string.c | 2 + src/misc/pem/pem.c | 23 ++++ src/misc/pem/pem_pkcs.c | 2 + src/misc/pem/pem_read.c | 2 +- src/misc/pem/pem_ssh.c | 2 + tests/common.c | 3 +- tests/pem/non-tfm/ssh_rsa_4096_openssh | 49 +++++++++ tests/pem/non-tfm/ssh_rsa_4096_openssh_pw | 50 +++++++++ tests/pem/non-tfm/ssh_rsa_4096_pem | 51 +++++++++ tests/pem/non-tfm/ssh_rsa_4096_pem.pub | 13 +++ tests/pem/non-tfm/ssh_rsa_4096_pem_pw | 54 ++++++++++ tests/pem/non-tfm/ssh_rsa_4096_pkcs8 | 52 +++++++++ tests/pem/non-tfm/ssh_rsa_4096_pkcs8.pub | 14 +++ tests/pem/non-tfm/ssh_rsa_4096_pkcs8_pw | 54 ++++++++++ tests/pem/non-tfm/ssh_rsa_4096_rfc4716.pub | 14 +++ tests/pem/non-tfm/ssh_rsa_8192_openssh | 93 ++++++++++++++++ tests/pem/non-tfm/ssh_rsa_8192_openssh_pw | 94 ++++++++++++++++ tests/pem/non-tfm/ssh_rsa_8192_pem | 99 +++++++++++++++++ tests/pem/non-tfm/ssh_rsa_8192_pem.pub | 24 +++++ tests/pem/non-tfm/ssh_rsa_8192_pem_pw | 102 ++++++++++++++++++ tests/pem/non-tfm/ssh_rsa_8192_pkcs8 | 100 +++++++++++++++++ tests/pem/non-tfm/ssh_rsa_8192_pkcs8.pub | 25 +++++ tests/pem/non-tfm/ssh_rsa_8192_pkcs8_pw | 102 ++++++++++++++++++ tests/pem/non-tfm/ssh_rsa_8192_rfc4716.pub | 23 ++++ tests/pem/{ => pkcs}/dh-encrypted.pk8 | 0 tests/pem/{ => pkcs}/dh.pk8 | 0 tests/pem/{ => pkcs}/dsa-encrypted.pem | 0 tests/pem/{ => pkcs}/dsa-encrypted.pk8 | 0 tests/pem/{ => pkcs}/dsa-pub.pem | 0 tests/pem/{ => pkcs}/dsa.pem | 0 tests/pem/{ => pkcs}/dsa.pk8 | 0 tests/pem/{ => pkcs}/ecc-encrypted.pem | 0 tests/pem/{ => pkcs}/ecc-encrypted.pk8 | 0 .../ecc-pkcs8/long_pri_pkcs8_pbe_md5_des.pem | 0 .../long_pri_pkcs8_pbe_md5_rc2_64.pem | 0 .../ecc-pkcs8/long_pri_pkcs8_pbe_sha1_des.pem | 0 .../long_pri_pkcs8_pbe_sha1_rc2_64.pem | 0 .../long_pri_pkcs8_pbkdf2_des_cbc.pem | 0 .../long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem | 0 .../long_pri_pkcs8_pbkdf2_rc2_cbc.pem | 0 ...g_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem | 0 ...g_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem | 0 ...g_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem | 0 ...g_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem | 0 tests/pem/{ => pkcs}/ecc-pub.pem | 0 tests/pem/{ => pkcs}/ecc.pem | 0 tests/pem/{ => pkcs}/ecc.pk8 | 0 tests/pem/{ => pkcs}/ed25519-pub.pem | 0 tests/pem/{ => pkcs}/ed25519.pem | 0 tests/pem/{ => pkcs}/ed25519_attrs.pem | 0 tests/pem/{ => pkcs}/extra/ed25519-cryptx.pem | 0 .../{ => pkcs}/extra/ed25519-selfsigned.pem | 0 tests/pem/{ => pkcs}/extra/rsa.pem | 0 tests/pem/{ => pkcs}/rsa-aes-128-cbc.pem | 0 tests/pem/{ => pkcs}/rsa-aes-128-cfb.pem | 0 tests/pem/{ => pkcs}/rsa-aes-128-ctr.pem | 0 tests/pem/{ => pkcs}/rsa-aes-128-ofb.pem | 0 tests/pem/{ => pkcs}/rsa-aes-192-cbc.pem | 0 tests/pem/{ => pkcs}/rsa-aes-192-cfb.pem | 0 tests/pem/{ => pkcs}/rsa-aes-192-ctr.pem | 0 tests/pem/{ => pkcs}/rsa-aes-192-ofb.pem | 0 tests/pem/{ => pkcs}/rsa-aes-256-cbc.pem | 0 tests/pem/{ => pkcs}/rsa-aes-256-cfb.pem | 0 tests/pem/{ => pkcs}/rsa-aes-256-ctr.pem | 0 tests/pem/{ => pkcs}/rsa-aes-256-ofb.pem | 0 tests/pem/{ => pkcs}/rsa-bf-cbc.pem | 0 tests/pem/{ => pkcs}/rsa-bf-cfb.pem | 0 tests/pem/{ => pkcs}/rsa-bf-ofb.pem | 0 tests/pem/{ => pkcs}/rsa-camellia-128-cbc.pem | 0 tests/pem/{ => pkcs}/rsa-camellia-128-cfb.pem | 0 tests/pem/{ => pkcs}/rsa-camellia-128-ctr.pem | 0 tests/pem/{ => pkcs}/rsa-camellia-128-ofb.pem | 0 tests/pem/{ => pkcs}/rsa-camellia-192-cbc.pem | 0 tests/pem/{ => pkcs}/rsa-camellia-192-cfb.pem | 0 tests/pem/{ => pkcs}/rsa-camellia-192-ctr.pem | 0 tests/pem/{ => pkcs}/rsa-camellia-192-ofb.pem | 0 tests/pem/{ => pkcs}/rsa-camellia-256-cbc.pem | 0 tests/pem/{ => pkcs}/rsa-camellia-256-cfb.pem | 0 tests/pem/{ => pkcs}/rsa-camellia-256-ctr.pem | 0 tests/pem/{ => pkcs}/rsa-camellia-256-ofb.pem | 0 tests/pem/{ => pkcs}/rsa-cast5-cbc.pem | 0 tests/pem/{ => pkcs}/rsa-cast5-cfb.pem | 0 tests/pem/{ => pkcs}/rsa-cast5-ofb.pem | 0 tests/pem/{ => pkcs}/rsa-des-cbc.pem | 0 tests/pem/{ => pkcs}/rsa-des-cfb.pem | 0 tests/pem/{ => pkcs}/rsa-des-ede3-cbc.pem | 0 tests/pem/{ => pkcs}/rsa-des-ede3-cfb.pem | 0 tests/pem/{ => pkcs}/rsa-des-ede3-ofb.pem | 0 tests/pem/{ => pkcs}/rsa-des-ofb.pem | 0 tests/pem/{ => pkcs}/rsa-encrypted.pk8 | 0 tests/pem/{ => pkcs}/rsa-idea-cbc.pem | 0 tests/pem/{ => pkcs}/rsa-idea-cfb.pem | 0 tests/pem/{ => pkcs}/rsa-idea-ofb.pem | 0 tests/pem/{ => pkcs}/rsa-pub.pem | 0 tests/pem/{ => pkcs}/rsa-rc2-40-cbc.pem | 0 tests/pem/{ => pkcs}/rsa-rc2-64-cbc.pem | 0 tests/pem/{ => pkcs}/rsa-rc2-cbc.pem | 0 tests/pem/{ => pkcs}/rsa-rc2-cfb.pem | 0 tests/pem/{ => pkcs}/rsa-rc2-ofb.pem | 0 tests/pem/{ => pkcs}/rsa-rc5-cbc.pem | 0 tests/pem/{ => pkcs}/rsa-rc5-cfb.pem | 0 tests/pem/{ => pkcs}/rsa-rc5-ofb.pem | 0 tests/pem/{ => pkcs}/rsa-seed-cbc.pem | 0 tests/pem/{ => pkcs}/rsa-seed-cfb.pem | 0 tests/pem/{ => pkcs}/rsa-seed-ofb.pem | 0 tests/pem/{ => pkcs}/rsa.pem | 0 tests/pem/{ => pkcs}/rsa.pk8 | 0 .../unsupported/rsa-aes-128-cfb1.pem | 0 .../unsupported/rsa-aes-128-cfb8.pem | 0 .../unsupported/rsa-aes-192-cfb1.pem | 0 .../unsupported/rsa-aes-192-cfb8.pem | 0 .../unsupported/rsa-aes-256-cfb1.pem | 0 .../unsupported/rsa-aes-256-cfb8.pem | 0 .../unsupported/rsa-aria-128-cbc.pem | 0 .../unsupported/rsa-aria-128-cfb.pem | 0 .../unsupported/rsa-aria-128-cfb1.pem | 0 .../unsupported/rsa-aria-128-cfb8.pem | 0 .../unsupported/rsa-aria-128-ctr.pem | 0 .../unsupported/rsa-aria-128-ofb.pem | 0 .../unsupported/rsa-aria-192-cbc.pem | 0 .../unsupported/rsa-aria-192-cfb.pem | 0 .../unsupported/rsa-aria-192-cfb1.pem | 0 .../unsupported/rsa-aria-192-cfb8.pem | 0 .../unsupported/rsa-aria-192-ctr.pem | 0 .../unsupported/rsa-aria-192-ofb.pem | 0 .../unsupported/rsa-aria-256-cbc.pem | 0 .../unsupported/rsa-aria-256-cfb.pem | 0 .../unsupported/rsa-aria-256-cfb1.pem | 0 .../unsupported/rsa-aria-256-cfb8.pem | 0 .../unsupported/rsa-aria-256-ctr.pem | 0 .../unsupported/rsa-aria-256-ofb.pem | 0 .../unsupported/rsa-camellia-128-cfb1.pem | 0 .../unsupported/rsa-camellia-128-cfb8.pem | 0 .../unsupported/rsa-camellia-192-cfb1.pem | 0 .../unsupported/rsa-camellia-192-cfb8.pem | 0 .../unsupported/rsa-camellia-256-cfb1.pem | 0 .../unsupported/rsa-camellia-256-cfb8.pem | 0 .../{ => pkcs}/unsupported/rsa-chacha20.pem | 0 .../{ => pkcs}/unsupported/rsa-des-cfb1.pem | 0 .../{ => pkcs}/unsupported/rsa-des-cfb8.pem | 0 .../unsupported/rsa-des-ede-cbc.pem | 0 .../unsupported/rsa-des-ede-cfb.pem | 0 .../unsupported/rsa-des-ede-ofb.pem | 0 .../unsupported/rsa-des-ede3-cfb1.pem | 0 .../unsupported/rsa-des-ede3-cfb8.pem | 0 .../{ => pkcs}/unsupported/rsa-desx-cbc.pem | 0 tests/pem/{ => pkcs}/x25519-encrypted.pk8 | 0 tests/pem/{ => pkcs}/x25519-pub.pem | 0 tests/pem/pubkeys/ssh_dsa_1024_openssh.pub | 1 + tests/pem/pubkeys/ssh_dsa_1024_pkcs8.pub | 12 +++ tests/pem/pubkeys/ssh_dsa_1024_rfc4716.pub | 12 +++ tests/pem/pubkeys/ssh_ecdsa_256_openssh.pub | 1 + tests/pem/pubkeys/ssh_ecdsa_256_pkcs8.pub | 4 + .../pubkeys/ssh_ecdsa_256_rfc4716.pub} | 0 tests/pem/pubkeys/ssh_ecdsa_384_openssh.pub | 1 + tests/pem/pubkeys/ssh_ecdsa_384_pkcs8.pub | 5 + tests/pem/pubkeys/ssh_ecdsa_384_rfc4716.pub | 6 ++ tests/pem/pubkeys/ssh_ecdsa_521_openssh.pub | 1 + tests/pem/pubkeys/ssh_ecdsa_521_pkcs8.pub | 6 ++ tests/pem/pubkeys/ssh_ecdsa_521_rfc4716.pub | 7 ++ tests/pem/pubkeys/ssh_ed25519_openssh.pub | 1 + tests/pem/pubkeys/ssh_ed25519_rfc4716.pub | 4 + tests/pem/pubkeys/ssh_rsa_1024_openssh.pub | 1 + tests/pem/pubkeys/ssh_rsa_1024_pkcs8.pub | 6 ++ .../pubkeys/ssh_rsa_1024_rfc4716.pub} | 0 tests/pem/pubkeys/ssh_rsa_1536_openssh.pub | 1 + tests/pem/pubkeys/ssh_rsa_1536_pkcs8.pub | 7 ++ tests/pem/pubkeys/ssh_rsa_1536_rfc4716.pub | 8 ++ tests/pem/pubkeys/ssh_rsa_2048_openssh.pub | 1 + tests/pem/pubkeys/ssh_rsa_2048_pkcs8.pub | 9 ++ tests/pem/pubkeys/ssh_rsa_2048_rfc4716.pub | 9 ++ tests/pem/pubkeys/ssh_rsa_4096_openssh.pub | 1 + tests/pem/pubkeys/ssh_rsa_768_openssh.pub | 1 + tests/pem/pubkeys/ssh_rsa_768_pkcs8.pub | 5 + tests/pem/pubkeys/ssh_rsa_768_rfc4716.pub | 6 ++ tests/pem/pubkeys/ssh_rsa_8192_openssh.pub | 1 + tests/{ => pem}/ssh/extra/dsa-private.pem | 0 tests/{ => pem}/ssh/extra/dsa-public.pem | 0 tests/pem/ssh/extra/ecdsa256-public.pem | 5 + tests/pem/ssh/extra/rsa-public.pem | 6 ++ tests/{ => pem}/ssh/ssh-rsa-3des-cbc | 0 tests/{ => pem}/ssh/ssh-rsa-aes128-cbc | 0 tests/{ => pem}/ssh/ssh-rsa-aes128-ctr | 0 tests/{ => pem}/ssh/ssh-rsa-aes192-cbc | 0 tests/{ => pem}/ssh/ssh-rsa-aes192-ctr | 0 tests/{ => pem}/ssh/ssh-rsa-aes256-cbc | 0 tests/{ => pem}/ssh/ssh-rsa-aes256-ctr | 0 tests/{ => pem}/ssh/ssh-testkey-ecdsa-521 | 0 .../{ => pem}/ssh/ssh-testkey-ecdsa-521-plain | 0 tests/{ => pem}/ssh/ssh-testkey-ed25519 | 0 .../{ => pem}/ssh/ssh-testkey-ed25519-aesctr | 0 tests/{ => pem}/ssh/ssh-testkey-ed25519-plain | 0 tests/{ => pem}/ssh/ssh-testkey-ed25519-pub | 0 tests/{ => pem}/ssh/ssh-testkey-rsa | 0 tests/{ => pem}/ssh/ssh-testkey-rsa-8192 | 0 .../{ => pem}/ssh/ssh-testkey-rsa-8192-plain | 0 tests/{ => pem}/ssh/ssh-testkey-rsa-plain | 0 .../ssh/unsupported/ssh-rsa-3des-cbc.pub | 0 .../ssh/unsupported/ssh-rsa-aes128-cbc.pub | 0 .../ssh/unsupported/ssh-rsa-aes128-ctr.pub | 0 .../ssh/unsupported/ssh-rsa-aes128-gcm | 0 .../ssh/unsupported/ssh-rsa-aes128-gcm.pub | 0 .../ssh/unsupported/ssh-rsa-aes192-cbc.pub | 0 .../ssh/unsupported/ssh-rsa-aes192-ctr.pub | 0 .../ssh/unsupported/ssh-rsa-aes256-cbc.pub | 0 .../ssh/unsupported/ssh-rsa-aes256-ctr.pub | 0 .../ssh/unsupported/ssh-rsa-aes256-gcm | 0 .../ssh/unsupported/ssh-rsa-aes256-gcm.pub | 0 .../ssh/unsupported/ssh-rsa-chacha20-poly1305 | 0 .../unsupported/ssh-rsa-chacha20-poly1305.pub | 0 tests/pem/ssh_dsa_1024_openssh | 21 ++++ tests/pem/ssh_dsa_1024_openssh_pw | 22 ++++ tests/pem/ssh_dsa_1024_pem | 12 +++ tests/pem/ssh_dsa_1024_pem_pw | 15 +++ tests/pem/ssh_dsa_1024_pkcs8 | 9 ++ tests/pem/ssh_dsa_1024_pkcs8_pw | 12 +++ tests/pem/ssh_ecdsa_256_openssh | 9 ++ tests/pem/ssh_ecdsa_256_openssh_pw | 9 ++ tests/pem/ssh_ecdsa_256_pem | 5 + tests/pem/ssh_ecdsa_256_pem_pw | 8 ++ tests/pem/ssh_ecdsa_256_pkcs8 | 5 + tests/pem/ssh_ecdsa_256_pkcs8_pw | 7 ++ tests/pem/ssh_ecdsa_384_openssh | 10 ++ tests/pem/ssh_ecdsa_384_openssh_pw | 11 ++ tests/pem/ssh_ecdsa_384_pem | 6 ++ tests/pem/ssh_ecdsa_384_pem_pw | 9 ++ tests/pem/ssh_ecdsa_384_pkcs8 | 6 ++ tests/pem/ssh_ecdsa_384_pkcs8_pw | 8 ++ tests/pem/ssh_ecdsa_521_openssh | 12 +++ tests/pem/ssh_ecdsa_521_openssh_pw | 13 +++ tests/pem/ssh_ecdsa_521_pem | 7 ++ tests/pem/ssh_ecdsa_521_pem_pw | 10 ++ tests/pem/ssh_ecdsa_521_pkcs8 | 8 ++ tests/pem/ssh_ecdsa_521_pkcs8_pw | 10 ++ tests/pem/ssh_ed25519_openssh | 7 ++ tests/pem/ssh_ed25519_openssh_pw | 8 ++ tests/pem/ssh_rsa_1024_openssh | 16 +++ tests/pem/ssh_rsa_1024_openssh_pw | 17 +++ tests/pem/ssh_rsa_1024_pem | 15 +++ tests/pem/ssh_rsa_1024_pem.pub | 5 + tests/pem/ssh_rsa_1024_pem_pw | 18 ++++ tests/pem/ssh_rsa_1024_pkcs8 | 16 +++ tests/pem/ssh_rsa_1024_pkcs8_pw | 18 ++++ tests/pem/ssh_rsa_1536_openssh | 22 ++++ tests/pem/ssh_rsa_1536_openssh_pw | 22 ++++ tests/pem/ssh_rsa_1536_pem | 21 ++++ tests/pem/ssh_rsa_1536_pem.pub | 7 ++ tests/pem/ssh_rsa_1536_pem_pw | 24 +++++ tests/pem/ssh_rsa_1536_pkcs8 | 22 ++++ tests/pem/ssh_rsa_1536_pkcs8_pw | 24 +++++ tests/pem/ssh_rsa_2048_openssh | 27 +++++ tests/pem/ssh_rsa_2048_openssh_pw | 28 +++++ tests/pem/ssh_rsa_2048_pem | 27 +++++ tests/pem/ssh_rsa_2048_pem.pub | 8 ++ tests/pem/ssh_rsa_2048_pem_pw | 30 ++++++ tests/pem/ssh_rsa_2048_pkcs8 | 28 +++++ tests/pem/ssh_rsa_2048_pkcs8_pw | 30 ++++++ tests/pem/ssh_rsa_768_openssh | 15 +++ tests/pem/ssh_rsa_768_openssh_pw | 15 +++ tests/pem/ssh_rsa_768_pem | 12 +++ tests/pem/ssh_rsa_768_pem.pub | 5 + tests/pem/ssh_rsa_768_pem_pw | 15 +++ tests/pem/ssh_rsa_768_pkcs8 | 13 +++ tests/pem/ssh_rsa_768_pkcs8_pw | 15 +++ tests/pem_test.c | 50 ++++++--- 267 files changed, 1990 insertions(+), 15 deletions(-) create mode 100755 tests/pem/non-tfm/ssh_rsa_4096_openssh create mode 100755 tests/pem/non-tfm/ssh_rsa_4096_openssh_pw create mode 100755 tests/pem/non-tfm/ssh_rsa_4096_pem create mode 100755 tests/pem/non-tfm/ssh_rsa_4096_pem.pub create mode 100755 tests/pem/non-tfm/ssh_rsa_4096_pem_pw create mode 100755 tests/pem/non-tfm/ssh_rsa_4096_pkcs8 create mode 100755 tests/pem/non-tfm/ssh_rsa_4096_pkcs8.pub create mode 100755 tests/pem/non-tfm/ssh_rsa_4096_pkcs8_pw create mode 100755 tests/pem/non-tfm/ssh_rsa_4096_rfc4716.pub create mode 100755 tests/pem/non-tfm/ssh_rsa_8192_openssh create mode 100755 tests/pem/non-tfm/ssh_rsa_8192_openssh_pw create mode 100755 tests/pem/non-tfm/ssh_rsa_8192_pem create mode 100755 tests/pem/non-tfm/ssh_rsa_8192_pem.pub create mode 100755 tests/pem/non-tfm/ssh_rsa_8192_pem_pw create mode 100755 tests/pem/non-tfm/ssh_rsa_8192_pkcs8 create mode 100755 tests/pem/non-tfm/ssh_rsa_8192_pkcs8.pub create mode 100755 tests/pem/non-tfm/ssh_rsa_8192_pkcs8_pw create mode 100755 tests/pem/non-tfm/ssh_rsa_8192_rfc4716.pub rename tests/pem/{ => pkcs}/dh-encrypted.pk8 (100%) rename tests/pem/{ => pkcs}/dh.pk8 (100%) rename tests/pem/{ => pkcs}/dsa-encrypted.pem (100%) rename tests/pem/{ => pkcs}/dsa-encrypted.pk8 (100%) rename tests/pem/{ => pkcs}/dsa-pub.pem (100%) rename tests/pem/{ => pkcs}/dsa.pem (100%) rename tests/pem/{ => pkcs}/dsa.pk8 (100%) rename tests/pem/{ => pkcs}/ecc-encrypted.pem (100%) rename tests/pem/{ => pkcs}/ecc-encrypted.pk8 (100%) rename tests/pem/{ => pkcs}/ecc-pkcs8/long_pri_pkcs8_pbe_md5_des.pem (100%) rename tests/pem/{ => pkcs}/ecc-pkcs8/long_pri_pkcs8_pbe_md5_rc2_64.pem (100%) rename tests/pem/{ => pkcs}/ecc-pkcs8/long_pri_pkcs8_pbe_sha1_des.pem (100%) rename tests/pem/{ => pkcs}/ecc-pkcs8/long_pri_pkcs8_pbe_sha1_rc2_64.pem (100%) rename tests/pem/{ => pkcs}/ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_cbc.pem (100%) rename tests/pem/{ => pkcs}/ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem (100%) rename tests/pem/{ => pkcs}/ecc-pkcs8/long_pri_pkcs8_pbkdf2_rc2_cbc.pem (100%) rename tests/pem/{ => pkcs}/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem (100%) rename tests/pem/{ => pkcs}/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem (100%) rename tests/pem/{ => pkcs}/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem (100%) rename tests/pem/{ => pkcs}/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem (100%) rename tests/pem/{ => pkcs}/ecc-pub.pem (100%) rename tests/pem/{ => pkcs}/ecc.pem (100%) rename tests/pem/{ => pkcs}/ecc.pk8 (100%) rename tests/pem/{ => pkcs}/ed25519-pub.pem (100%) rename tests/pem/{ => pkcs}/ed25519.pem (100%) rename tests/pem/{ => pkcs}/ed25519_attrs.pem (100%) rename tests/pem/{ => pkcs}/extra/ed25519-cryptx.pem (100%) rename tests/pem/{ => pkcs}/extra/ed25519-selfsigned.pem (100%) rename tests/pem/{ => pkcs}/extra/rsa.pem (100%) rename tests/pem/{ => pkcs}/rsa-aes-128-cbc.pem (100%) rename tests/pem/{ => pkcs}/rsa-aes-128-cfb.pem (100%) rename tests/pem/{ => pkcs}/rsa-aes-128-ctr.pem (100%) rename tests/pem/{ => pkcs}/rsa-aes-128-ofb.pem (100%) rename tests/pem/{ => pkcs}/rsa-aes-192-cbc.pem (100%) rename tests/pem/{ => pkcs}/rsa-aes-192-cfb.pem (100%) rename tests/pem/{ => pkcs}/rsa-aes-192-ctr.pem (100%) rename tests/pem/{ => pkcs}/rsa-aes-192-ofb.pem (100%) rename tests/pem/{ => pkcs}/rsa-aes-256-cbc.pem (100%) rename tests/pem/{ => pkcs}/rsa-aes-256-cfb.pem (100%) rename tests/pem/{ => pkcs}/rsa-aes-256-ctr.pem (100%) rename tests/pem/{ => pkcs}/rsa-aes-256-ofb.pem (100%) rename tests/pem/{ => pkcs}/rsa-bf-cbc.pem (100%) rename tests/pem/{ => pkcs}/rsa-bf-cfb.pem (100%) rename tests/pem/{ => pkcs}/rsa-bf-ofb.pem (100%) rename tests/pem/{ => pkcs}/rsa-camellia-128-cbc.pem (100%) rename tests/pem/{ => pkcs}/rsa-camellia-128-cfb.pem (100%) rename tests/pem/{ => pkcs}/rsa-camellia-128-ctr.pem (100%) rename tests/pem/{ => pkcs}/rsa-camellia-128-ofb.pem (100%) rename tests/pem/{ => pkcs}/rsa-camellia-192-cbc.pem (100%) rename tests/pem/{ => pkcs}/rsa-camellia-192-cfb.pem (100%) rename tests/pem/{ => pkcs}/rsa-camellia-192-ctr.pem (100%) rename tests/pem/{ => pkcs}/rsa-camellia-192-ofb.pem (100%) rename tests/pem/{ => pkcs}/rsa-camellia-256-cbc.pem (100%) rename tests/pem/{ => pkcs}/rsa-camellia-256-cfb.pem (100%) rename tests/pem/{ => pkcs}/rsa-camellia-256-ctr.pem (100%) rename tests/pem/{ => pkcs}/rsa-camellia-256-ofb.pem (100%) rename tests/pem/{ => pkcs}/rsa-cast5-cbc.pem (100%) rename tests/pem/{ => pkcs}/rsa-cast5-cfb.pem (100%) rename tests/pem/{ => pkcs}/rsa-cast5-ofb.pem (100%) rename tests/pem/{ => pkcs}/rsa-des-cbc.pem (100%) rename tests/pem/{ => pkcs}/rsa-des-cfb.pem (100%) rename tests/pem/{ => pkcs}/rsa-des-ede3-cbc.pem (100%) rename tests/pem/{ => pkcs}/rsa-des-ede3-cfb.pem (100%) rename tests/pem/{ => pkcs}/rsa-des-ede3-ofb.pem (100%) rename tests/pem/{ => pkcs}/rsa-des-ofb.pem (100%) rename tests/pem/{ => pkcs}/rsa-encrypted.pk8 (100%) rename tests/pem/{ => pkcs}/rsa-idea-cbc.pem (100%) rename tests/pem/{ => pkcs}/rsa-idea-cfb.pem (100%) rename tests/pem/{ => pkcs}/rsa-idea-ofb.pem (100%) rename tests/pem/{ => pkcs}/rsa-pub.pem (100%) rename tests/pem/{ => pkcs}/rsa-rc2-40-cbc.pem (100%) rename tests/pem/{ => pkcs}/rsa-rc2-64-cbc.pem (100%) rename tests/pem/{ => pkcs}/rsa-rc2-cbc.pem (100%) rename tests/pem/{ => pkcs}/rsa-rc2-cfb.pem (100%) rename tests/pem/{ => pkcs}/rsa-rc2-ofb.pem (100%) rename tests/pem/{ => pkcs}/rsa-rc5-cbc.pem (100%) rename tests/pem/{ => pkcs}/rsa-rc5-cfb.pem (100%) rename tests/pem/{ => pkcs}/rsa-rc5-ofb.pem (100%) rename tests/pem/{ => pkcs}/rsa-seed-cbc.pem (100%) rename tests/pem/{ => pkcs}/rsa-seed-cfb.pem (100%) rename tests/pem/{ => pkcs}/rsa-seed-ofb.pem (100%) rename tests/pem/{ => pkcs}/rsa.pem (100%) rename tests/pem/{ => pkcs}/rsa.pk8 (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aes-128-cfb1.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aes-128-cfb8.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aes-192-cfb1.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aes-192-cfb8.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aes-256-cfb1.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aes-256-cfb8.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aria-128-cbc.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aria-128-cfb.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aria-128-cfb1.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aria-128-cfb8.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aria-128-ctr.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aria-128-ofb.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aria-192-cbc.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aria-192-cfb.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aria-192-cfb1.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aria-192-cfb8.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aria-192-ctr.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aria-192-ofb.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aria-256-cbc.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aria-256-cfb.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aria-256-cfb1.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aria-256-cfb8.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aria-256-ctr.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-aria-256-ofb.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-camellia-128-cfb1.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-camellia-128-cfb8.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-camellia-192-cfb1.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-camellia-192-cfb8.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-camellia-256-cfb1.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-camellia-256-cfb8.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-chacha20.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-des-cfb1.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-des-cfb8.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-des-ede-cbc.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-des-ede-cfb.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-des-ede-ofb.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-des-ede3-cfb1.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-des-ede3-cfb8.pem (100%) rename tests/pem/{ => pkcs}/unsupported/rsa-desx-cbc.pem (100%) rename tests/pem/{ => pkcs}/x25519-encrypted.pk8 (100%) rename tests/pem/{ => pkcs}/x25519-pub.pem (100%) create mode 100755 tests/pem/pubkeys/ssh_dsa_1024_openssh.pub create mode 100755 tests/pem/pubkeys/ssh_dsa_1024_pkcs8.pub create mode 100755 tests/pem/pubkeys/ssh_dsa_1024_rfc4716.pub create mode 100755 tests/pem/pubkeys/ssh_ecdsa_256_openssh.pub create mode 100755 tests/pem/pubkeys/ssh_ecdsa_256_pkcs8.pub rename tests/{ssh/extra/ecdsa256-public.pem => pem/pubkeys/ssh_ecdsa_256_rfc4716.pub} (100%) mode change 100644 => 100755 create mode 100755 tests/pem/pubkeys/ssh_ecdsa_384_openssh.pub create mode 100755 tests/pem/pubkeys/ssh_ecdsa_384_pkcs8.pub create mode 100755 tests/pem/pubkeys/ssh_ecdsa_384_rfc4716.pub create mode 100755 tests/pem/pubkeys/ssh_ecdsa_521_openssh.pub create mode 100755 tests/pem/pubkeys/ssh_ecdsa_521_pkcs8.pub create mode 100755 tests/pem/pubkeys/ssh_ecdsa_521_rfc4716.pub create mode 100755 tests/pem/pubkeys/ssh_ed25519_openssh.pub create mode 100755 tests/pem/pubkeys/ssh_ed25519_rfc4716.pub create mode 100755 tests/pem/pubkeys/ssh_rsa_1024_openssh.pub create mode 100755 tests/pem/pubkeys/ssh_rsa_1024_pkcs8.pub rename tests/{ssh/extra/rsa-public.pem => pem/pubkeys/ssh_rsa_1024_rfc4716.pub} (100%) mode change 100644 => 100755 create mode 100755 tests/pem/pubkeys/ssh_rsa_1536_openssh.pub create mode 100755 tests/pem/pubkeys/ssh_rsa_1536_pkcs8.pub create mode 100755 tests/pem/pubkeys/ssh_rsa_1536_rfc4716.pub create mode 100755 tests/pem/pubkeys/ssh_rsa_2048_openssh.pub create mode 100755 tests/pem/pubkeys/ssh_rsa_2048_pkcs8.pub create mode 100755 tests/pem/pubkeys/ssh_rsa_2048_rfc4716.pub create mode 100755 tests/pem/pubkeys/ssh_rsa_4096_openssh.pub create mode 100644 tests/pem/pubkeys/ssh_rsa_768_openssh.pub create mode 100644 tests/pem/pubkeys/ssh_rsa_768_pkcs8.pub create mode 100644 tests/pem/pubkeys/ssh_rsa_768_rfc4716.pub create mode 100755 tests/pem/pubkeys/ssh_rsa_8192_openssh.pub rename tests/{ => pem}/ssh/extra/dsa-private.pem (100%) rename tests/{ => pem}/ssh/extra/dsa-public.pem (100%) create mode 100644 tests/pem/ssh/extra/ecdsa256-public.pem create mode 100644 tests/pem/ssh/extra/rsa-public.pem rename tests/{ => pem}/ssh/ssh-rsa-3des-cbc (100%) rename tests/{ => pem}/ssh/ssh-rsa-aes128-cbc (100%) rename tests/{ => pem}/ssh/ssh-rsa-aes128-ctr (100%) rename tests/{ => pem}/ssh/ssh-rsa-aes192-cbc (100%) rename tests/{ => pem}/ssh/ssh-rsa-aes192-ctr (100%) rename tests/{ => pem}/ssh/ssh-rsa-aes256-cbc (100%) rename tests/{ => pem}/ssh/ssh-rsa-aes256-ctr (100%) rename tests/{ => pem}/ssh/ssh-testkey-ecdsa-521 (100%) rename tests/{ => pem}/ssh/ssh-testkey-ecdsa-521-plain (100%) rename tests/{ => pem}/ssh/ssh-testkey-ed25519 (100%) rename tests/{ => pem}/ssh/ssh-testkey-ed25519-aesctr (100%) rename tests/{ => pem}/ssh/ssh-testkey-ed25519-plain (100%) rename tests/{ => pem}/ssh/ssh-testkey-ed25519-pub (100%) rename tests/{ => pem}/ssh/ssh-testkey-rsa (100%) rename tests/{ => pem}/ssh/ssh-testkey-rsa-8192 (100%) rename tests/{ => pem}/ssh/ssh-testkey-rsa-8192-plain (100%) rename tests/{ => pem}/ssh/ssh-testkey-rsa-plain (100%) rename tests/{ => pem}/ssh/unsupported/ssh-rsa-3des-cbc.pub (100%) rename tests/{ => pem}/ssh/unsupported/ssh-rsa-aes128-cbc.pub (100%) rename tests/{ => pem}/ssh/unsupported/ssh-rsa-aes128-ctr.pub (100%) rename tests/{ => pem}/ssh/unsupported/ssh-rsa-aes128-gcm (100%) rename tests/{ => pem}/ssh/unsupported/ssh-rsa-aes128-gcm.pub (100%) rename tests/{ => pem}/ssh/unsupported/ssh-rsa-aes192-cbc.pub (100%) rename tests/{ => pem}/ssh/unsupported/ssh-rsa-aes192-ctr.pub (100%) rename tests/{ => pem}/ssh/unsupported/ssh-rsa-aes256-cbc.pub (100%) rename tests/{ => pem}/ssh/unsupported/ssh-rsa-aes256-ctr.pub (100%) rename tests/{ => pem}/ssh/unsupported/ssh-rsa-aes256-gcm (100%) rename tests/{ => pem}/ssh/unsupported/ssh-rsa-aes256-gcm.pub (100%) rename tests/{ => pem}/ssh/unsupported/ssh-rsa-chacha20-poly1305 (100%) rename tests/{ => pem}/ssh/unsupported/ssh-rsa-chacha20-poly1305.pub (100%) create mode 100755 tests/pem/ssh_dsa_1024_openssh create mode 100755 tests/pem/ssh_dsa_1024_openssh_pw create mode 100755 tests/pem/ssh_dsa_1024_pem create mode 100755 tests/pem/ssh_dsa_1024_pem_pw create mode 100755 tests/pem/ssh_dsa_1024_pkcs8 create mode 100755 tests/pem/ssh_dsa_1024_pkcs8_pw create mode 100755 tests/pem/ssh_ecdsa_256_openssh create mode 100755 tests/pem/ssh_ecdsa_256_openssh_pw create mode 100755 tests/pem/ssh_ecdsa_256_pem create mode 100755 tests/pem/ssh_ecdsa_256_pem_pw create mode 100755 tests/pem/ssh_ecdsa_256_pkcs8 create mode 100755 tests/pem/ssh_ecdsa_256_pkcs8_pw create mode 100755 tests/pem/ssh_ecdsa_384_openssh create mode 100755 tests/pem/ssh_ecdsa_384_openssh_pw create mode 100755 tests/pem/ssh_ecdsa_384_pem create mode 100755 tests/pem/ssh_ecdsa_384_pem_pw create mode 100755 tests/pem/ssh_ecdsa_384_pkcs8 create mode 100755 tests/pem/ssh_ecdsa_384_pkcs8_pw create mode 100755 tests/pem/ssh_ecdsa_521_openssh create mode 100755 tests/pem/ssh_ecdsa_521_openssh_pw create mode 100755 tests/pem/ssh_ecdsa_521_pem create mode 100755 tests/pem/ssh_ecdsa_521_pem_pw create mode 100755 tests/pem/ssh_ecdsa_521_pkcs8 create mode 100755 tests/pem/ssh_ecdsa_521_pkcs8_pw create mode 100755 tests/pem/ssh_ed25519_openssh create mode 100755 tests/pem/ssh_ed25519_openssh_pw create mode 100755 tests/pem/ssh_rsa_1024_openssh create mode 100755 tests/pem/ssh_rsa_1024_openssh_pw create mode 100755 tests/pem/ssh_rsa_1024_pem create mode 100755 tests/pem/ssh_rsa_1024_pem.pub create mode 100755 tests/pem/ssh_rsa_1024_pem_pw create mode 100755 tests/pem/ssh_rsa_1024_pkcs8 create mode 100755 tests/pem/ssh_rsa_1024_pkcs8_pw create mode 100755 tests/pem/ssh_rsa_1536_openssh create mode 100755 tests/pem/ssh_rsa_1536_openssh_pw create mode 100755 tests/pem/ssh_rsa_1536_pem create mode 100755 tests/pem/ssh_rsa_1536_pem.pub create mode 100755 tests/pem/ssh_rsa_1536_pem_pw create mode 100755 tests/pem/ssh_rsa_1536_pkcs8 create mode 100755 tests/pem/ssh_rsa_1536_pkcs8_pw create mode 100755 tests/pem/ssh_rsa_2048_openssh create mode 100755 tests/pem/ssh_rsa_2048_openssh_pw create mode 100755 tests/pem/ssh_rsa_2048_pem create mode 100755 tests/pem/ssh_rsa_2048_pem.pub create mode 100755 tests/pem/ssh_rsa_2048_pem_pw create mode 100755 tests/pem/ssh_rsa_2048_pkcs8 create mode 100755 tests/pem/ssh_rsa_2048_pkcs8_pw create mode 100755 tests/pem/ssh_rsa_768_openssh create mode 100755 tests/pem/ssh_rsa_768_openssh_pw create mode 100644 tests/pem/ssh_rsa_768_pem create mode 100644 tests/pem/ssh_rsa_768_pem.pub create mode 100644 tests/pem/ssh_rsa_768_pem_pw create mode 100644 tests/pem/ssh_rsa_768_pkcs8 create mode 100644 tests/pem/ssh_rsa_768_pkcs8_pw diff --git a/src/headers/tomcrypt.h b/src/headers/tomcrypt.h index 79514cedf..5d44c961f 100644 --- a/src/headers/tomcrypt.h +++ b/src/headers/tomcrypt.h @@ -69,11 +69,12 @@ enum { CRYPT_PK_INVALID_SIZE, /* Invalid size input for PK parameters */ - CRYPT_INVALID_PRIME_SIZE,/* Invalid size of prime requested */ + CRYPT_INVALID_PRIME_SIZE, /* Invalid size of prime requested */ CRYPT_PK_INVALID_PADDING, /* Invalid padding on input */ CRYPT_HASH_OVERFLOW, /* Hash applied to too many bits */ CRYPT_PW_CTX_MISSING, /* Password context to decrypt key file is missing */ + CRYPT_UNKNOWN_PEM, /* The PEM header was not recognized */ }; #include "tomcrypt_cfg.h" diff --git a/src/headers/tomcrypt_misc.h b/src/headers/tomcrypt_misc.h index 7bd49d1af..e65148741 100644 --- a/src/headers/tomcrypt_misc.h +++ b/src/headers/tomcrypt_misc.h @@ -160,6 +160,9 @@ int padding_depad(const unsigned char *data, unsigned long *length, unsigned lon #endif /* LTC_PADDING */ #ifdef LTC_PEM +int pem_decode_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx); +int pem_decode(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx); + int pem_decode_pkcs_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx); int pem_decode_pkcs(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx); diff --git a/src/misc/error_to_string.c b/src/misc/error_to_string.c index 8e43d702d..923636e56 100644 --- a/src/misc/error_to_string.c +++ b/src/misc/error_to_string.c @@ -53,6 +53,8 @@ static const char * const err_2_str[] = "Hash applied to too many bits.", "Password context to decrypt key file is missing.", + + "The PEM header was not recognized", }; /** diff --git a/src/misc/pem/pem.c b/src/misc/pem/pem.c index 727de8b20..5a14a2c76 100644 --- a/src/misc/pem/pem.c +++ b/src/misc/pem/pem.c @@ -233,4 +233,27 @@ int pem_decrypt(unsigned char *data, unsigned long *datalen, return err; } +int pem_decode_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx) +{ + int err = pem_decode_pkcs_filehandle(f, k, pw_ctx); + if (err == CRYPT_OK || err != CRYPT_UNKNOWN_PEM) + return err; +#if defined(LTC_SSH) + rewind(f); + err = pem_decode_openssh_filehandle(f, k, pw_ctx); +#endif + return err; +} + +int pem_decode(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx) +{ + int err = pem_decode_pkcs(buf, len, k, pw_ctx); + if (err == CRYPT_OK || err != CRYPT_UNKNOWN_PEM) + return err; +#if defined(LTC_SSH) + err = pem_decode_openssh(buf, len, k, pw_ctx); +#endif + return err; +} + #endif /* LTC_PEM */ diff --git a/src/misc/pem/pem_pkcs.c b/src/misc/pem/pem_pkcs.c index f02c46407..f189faf2e 100644 --- a/src/misc/pem/pem_pkcs.c +++ b/src/misc/pem/pem_pkcs.c @@ -215,6 +215,8 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_c goto retry; } else if (err == CRYPT_OK) { break; + } else if (err != CRYPT_UNKNOWN_PEM) { + goto cleanup; } hdr.id = NULL; } diff --git a/src/misc/pem/pem_read.c b/src/misc/pem/pem_read.c index dd3e02043..d9ebb9cc5 100644 --- a/src/misc/pem/pem_read.c +++ b/src/misc/pem/pem_read.c @@ -170,7 +170,7 @@ int pem_read(void *pem, unsigned long *w, struct pem_headers *hdr, struct get_ch } if (hdr->id->start.len != linelen || XMEMCMP(buf, hdr->id->start.p, hdr->id->start.len)) { s_unget_line(buf, linelen, g); - return CRYPT_INVALID_PACKET; + return CRYPT_UNKNOWN_PEM; } hdr->encrypted = hdr->id->flags & pf_encrypted; diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c index 3039bb455..ca423a086 100644 --- a/src/misc/pem/pem_ssh.c +++ b/src/misc/pem/pem_ssh.c @@ -537,6 +537,8 @@ static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, const password_c goto retry; } else if (err == CRYPT_OK) { break; + } else if (err != CRYPT_UNKNOWN_PEM) { + goto cleanup; } hdr.id = NULL; } diff --git a/tests/common.c b/tests/common.c index 492b4f12e..9d6a5dcf6 100644 --- a/tests/common.c +++ b/tests/common.c @@ -161,6 +161,7 @@ int test_process_dir(const char *path, void *ctx, dir_iter_cb iter, dir_fiter_cb #if defined(LTC_TEST_DBG) && LTC_TEST_DBG > 1 fprintf(stderr, "%s: Skip: %s\n", test, fname); #endif + err = CRYPT_OK; goto continue_loop; } else if (err != CRYPT_OK) { #if defined(LTC_TEST_DBG) @@ -170,7 +171,7 @@ int test_process_dir(const char *path, void *ctx, dir_iter_cb iter, dir_fiter_cb #endif break; } - if ((err != CRYPT_NOP) && (cleanup != NULL)) { + if (cleanup != NULL) { cleanup(ctx); } diff --git a/tests/pem/non-tfm/ssh_rsa_4096_openssh b/tests/pem/non-tfm/ssh_rsa_4096_openssh new file mode 100755 index 000000000..2f069eab2 --- /dev/null +++ b/tests/pem/non-tfm/ssh_rsa_4096_openssh @@ -0,0 +1,49 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn +NhAAAAAwEAAQAAAgEAo6FKkV/bSemFY/hO2NA/aMtkglLaC5jaqLzDnP21gfhYPBoBEDaf +fV7x+qfv1wyGODJvdUPaNa8nVpwJxyrP/SzskqTlDW235Q7BbLTfGa6qsrj4iKGamsEL2H +sZNP9GcjXJAPX1gCmQyaJtTeQ7rQSueQ4KuNMh5KQAep5anVi2PCGm9FeCyk7TQRsna3T0 +fANdCOeJA5BccfNjTmTSfYau0GGCQ7C+S3v3wfj6iJLD+aqNpX2jyXvcbce5uPhSCUUEDi +6xXn/ytLTtWb9FOXVTR5llockzeLZ8KBF+KWe2JBx3pnARYl+Mbe9P86bxuXLiDzMCSAOT ++9sOwOYnykqEy65EBsu8lv3s8sa5uNjYOYzUG/o7IrkIXJ1PyCoqe8TtSts8Uj4XMA0USD +xhsJAnzK6+TxuBFZ/TyQnlv8nUKTpuMrCWsvAGcckKIT9Y0WrLrPqlBqLzhw+q44g64NJQ +6SWOwn+hLT1P2dBhcn+VmOPedpUYmsCFy4tFTgHsRv7P5/niIsE4hTrZ5lEY0Yyyd05ZFc +vwvSMOkwWibBfQ1vzDeAXmDEgFaHVY6lici0HO7pW8poLjLjZ5IQ40NV0dElzcPX80/ZRP +jQvhDsMcrDrvsvRK1epQPJhMcLZrv2vcx1J8rp11M/GVRYeplIT9E3O1/xf0Nl008c8wuI +8AAAdQ1ei8ZNXovGQAAAAHc3NoLXJzYQAAAgEAo6FKkV/bSemFY/hO2NA/aMtkglLaC5ja +qLzDnP21gfhYPBoBEDaffV7x+qfv1wyGODJvdUPaNa8nVpwJxyrP/SzskqTlDW235Q7BbL +TfGa6qsrj4iKGamsEL2HsZNP9GcjXJAPX1gCmQyaJtTeQ7rQSueQ4KuNMh5KQAep5anVi2 +PCGm9FeCyk7TQRsna3T0fANdCOeJA5BccfNjTmTSfYau0GGCQ7C+S3v3wfj6iJLD+aqNpX +2jyXvcbce5uPhSCUUEDi6xXn/ytLTtWb9FOXVTR5llockzeLZ8KBF+KWe2JBx3pnARYl+M +be9P86bxuXLiDzMCSAOT+9sOwOYnykqEy65EBsu8lv3s8sa5uNjYOYzUG/o7IrkIXJ1PyC +oqe8TtSts8Uj4XMA0USDxhsJAnzK6+TxuBFZ/TyQnlv8nUKTpuMrCWsvAGcckKIT9Y0WrL +rPqlBqLzhw+q44g64NJQ6SWOwn+hLT1P2dBhcn+VmOPedpUYmsCFy4tFTgHsRv7P5/niIs +E4hTrZ5lEY0Yyyd05ZFcvwvSMOkwWibBfQ1vzDeAXmDEgFaHVY6lici0HO7pW8poLjLjZ5 +IQ40NV0dElzcPX80/ZRPjQvhDsMcrDrvsvRK1epQPJhMcLZrv2vcx1J8rp11M/GVRYeplI +T9E3O1/xf0Nl008c8wuI8AAAADAQABAAACAHAjDAg+qfioSZruQ5LAfIQjx1is0PNbqJY0 +7tW65VYRzN47b/kdhgWUOL7vsiUtVxpSLiIuAvABfjMTsnvEsk8uJ16EFNk0FO+sQhBuj+ +p40lCzBNgV7+8YVzbffbHdM/j3NS4sYTeYxLn6T3Au9lqnN66MWfq57qNTZWSi+zST5Cen +ZFRVWLOue4ZFxqkUuKv4XhzJGBPSLhiFlMvXuoz97PWvrWcYTAFNDsjnCULpWdbS9Emypb +lh4fl2A6hovUfO/W1+wF0j0D/ZMkPsGdO7vPv3ezf5vAWBAesvucdEZQWwYKs2aCODmaiJ +dcBj64qM2bFS4sBZe2QBhsXZtPALnv+Ro0O/t+OUebPHCDIur9KC41TdzvZjuu+jPiOaiL +3v3g19xSiPxFPIF+8gHqu1FVfexM6HPw/d3guHzF6mK0TnKxThN0Ixa+wDQhf+vXKKWaP4 +I8RIzfOJLBR3fVAeQGANgXFF+QOnSKV1NR8Nh/q0uzuTnl6OwIV12fw+9vMy+FEMuZK2N1 +QEJ8YO44CGOaKCG7CRLbrD8BD2d1nqIABWAMSTVmAxCF9XV1pY03mLGHrRBVmBc/9zkinK +KQ8pQy3aqZ6aaUkO7K43msAecU+emX80a+UtpC0WcXFefbg2wy6zeodJ8vxMmRcRXxleIF +dHuqxoxn+bnEH9vP2RAAABAQDCfrnajeYRIgxxOcDIKyPQ8HZ/SMxxXzff4J/330b7CDfT +L2MXCtFITz0Pzx/hl4D2CQxGK0QvfhyZpCLPsf8c1srH7dPj8hZpQOQRIPLV7D6gaQ5Si6 +XfD1qJsHzePe2S3b94HhB83HWTnPu4rF+tEPYdESdBR/aQsAF07oYoXW0Sp0aBSFckksWG +yuuOJOk1udyzv48Ruq6URyM49p9kzLPZEcKeQNzjdgzO5/YEu3yPJOPl/WBpUwX7DtFSdm +OGUhWW1d3ACukSFPHKQLP9ncMnrdU4ytyfPC03MK77uEObwUY48oOLf8Ec6vqkgnwtQSr8 +GKPy03Vy+L9E+aFwAAABAQDTbPuTCLj8ayEZlxJnkhSTY6fEGfCYialihwbeQQtkDCgsap +h6tXDwkW8aY+QbCVduseDfi2Y4KY/Glx3oDyUGG5OYM7w5b5LWtaou5iF9X/U9g5aPVh62 +coChGYSprs+c9k9/a6R5irSAPMI5Di0HAoGqnBrSusbFqEgbAJaHzjIqCif+lnq2ObiGvQ +ZpkX7IrXcLLvgiIA5VdigLeqxW+O7lCqXrOTg2xfWmPwSQuZBzjhPndEGjCyQGVf97r8fj +bNLFsWeudmr5wSH1tNhwdk+HIyCDN63HXx2VmKXkHWAqG8OkqjldiIUa5zxLz/ghfF2wo3 +BLYGIo0IHo6yuZAAABAQDGILE58ZcsZ81t1qRDENuhJlZLuTI4gEEPCymPQmhvKJ+j9L0P +SEmZpThDBPtzfNcIHOOJxSaMoyAz19543usM5Z0GJGR2o5kAYLbThV/2MqZcB/2DBuzSj/ +flfLu3tBmUD48lDGvnq+KuWw+IQ0gZwxmFusL0+e+m/Z02HwFsFsMCaJ/s01t7pHL0q9DT +CjmdEjcF2XbJsWzCmeltNjr3K3Ec3Ni3KpgHJPbtxixj59KRF9rzl71NzEgLwE9NBOhOeb +va6HVQ1s/L+GbPX9OSIgtJDPE1dvERDbUtRCYz7BoF5Cm+sr667sX+doVXSdf1B1+tBoe8 +AK2Ko29NEF5nAAAAE1RoaXMgaXMgYSB0ZXN0IGtleSEBAgMEBQYH +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/non-tfm/ssh_rsa_4096_openssh_pw b/tests/pem/non-tfm/ssh_rsa_4096_openssh_pw new file mode 100755 index 000000000..2484fb043 --- /dev/null +++ b/tests/pem/non-tfm/ssh_rsa_4096_openssh_pw @@ -0,0 +1,50 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDsZi+Ml8 +cPCAbWmdYXbDrmAAAAEAAAAAEAAAIXAAAAB3NzaC1yc2EAAAADAQABAAACAQCjoUqRX9tJ +6YVj+E7Y0D9oy2SCUtoLmNqovMOc/bWB+Fg8GgEQNp99XvH6p+/XDIY4Mm91Q9o1rydWnA +nHKs/9LOySpOUNbbflDsFstN8ZrqqyuPiIoZqawQvYexk0/0ZyNckA9fWAKZDJom1N5Dut +BK55Dgq40yHkpAB6nlqdWLY8Iab0V4LKTtNBGydrdPR8A10I54kDkFxx82NOZNJ9hq7QYY +JDsL5Le/fB+PqIksP5qo2lfaPJe9xtx7m4+FIJRQQOLrFef/K0tO1Zv0U5dVNHmWWhyTN4 +tnwoEX4pZ7YkHHemcBFiX4xt70/zpvG5cuIPMwJIA5P72w7A5ifKSoTLrkQGy7yW/ezyxr +m42Ng5jNQb+jsiuQhcnU/IKip7xO1K2zxSPhcwDRRIPGGwkCfMrr5PG4EVn9PJCeW/ydQp +Om4ysJay8AZxyQohP1jRasus+qUGovOHD6rjiDrg0lDpJY7Cf6EtPU/Z0GFyf5WY4952lR +iawIXLi0VOAexG/s/n+eIiwTiFOtnmURjRjLJ3TlkVy/C9Iw6TBaJsF9DW/MN4BeYMSAVo +dVjqWJyLQc7ulbymguMuNnkhDjQ1XR0SXNw9fzT9lE+NC+EOwxysOu+y9ErV6lA8mExwtm +u/a9zHUnyunXUz8ZVFh6mUhP0Tc7X/F/Q2XTTxzzC4jwAAB1CnkBRGe3lBHJvgjlhTh6MO +XwJ8EPoynE5uj4qWWdnZFgJll/m0fUbzPsTyXjOtxfQcfVuJf94plfKbP860JvJ0i7qaSC +MimbiWFqH/kyzK7qhHXcV6PRRjCXc41LsfRwT95JrLK8UFkfHAih6bKw2vwuxRwDtsNDHH +Tmr9i3KYg18RSfwMYJ2mdxRq8zRweHvJdXFezjUv6r4mtGPEVYWoGTcWCthwXm8RV76LzB +e89RuSxSS0cDlr+VY3bjckgsMR1WPwXPjO81VvZl/SAo2zjiTeGoH9x81v8WXoQtlSZp1p +O2O3VOfOEEpWmJUjqbbaiQXqEt9upEjYlPQJQwYU2O95ZjIr3hRzuHpbUIAwtoBaB67UCU +nxUGgPWtiIyHyUb2rSveQU8liU6vzImYyxUPSV7NUoZf2GgWpg3hNoWbtYYZPsHOYHoTTp +0GlQitJ6gFM5KxRJia5cTatkORe0/2M3TmhR9ZvJ2xvmjEi3DNxBC5YzRx3nBg2LLwZywS +fTw9KTEs9X99v84cUMVi/KD5jueNx/RnYisUj+hGPKQQnL6kbnSdSkW0m3SGDSCkLgLrwh +f5WWX9hOhpeUWLIawECrjR/+LvxWlpfjA3vaF4JSqua9vB47+c24H/p7Ugtn6CBW2GQKL7 +CqLgct+FNV8kuRCjXnZrSPRkTI9Z/K5wDcQjqtzw9ry6LiQIzTqOgqUFNNnUrp/NgoQs+H +l0+0ju8wKGrgH+3xCBBsEajD5a3M/D1BnvrezBGzzbM2pyT3fYgR8kib+XqGdEFBs73rVu +p94ZZ7YiXRwc7ylIpeNu903Kn4wqbu5fP90Qr5b5S5v5ohJYG/l19gq8u5sHsZTp8B4LZ/ +ifXQutxZafjfZHjqCgRVbSFGJQKmtfl0NVboBG3WlUUHaWHrT8TvhVj/5ZeHJjBbLxPD6l +09pajclzNCNKwgWpuDZOGn7FGAqjlzpZ0UQ1VIvAIUzscAUgolgleY8yuhMsc8V7l68mu1 +X/datYqzqer2iyMTn1W1L8aDlF/lxOOY8myF7d4KlW/G+Fh2BmxhNKDuaGFjdBcY0YYOwT +M7dJU6dtRhs9SnKqIyon7h1O4HXpQVYEatLf2UHECpMPCfq2WSFbhf9+Ml6AyRdPIecpKo +zB6fPbWivhYH9smUK0qvPcqbQAW6luxw1YWMMRjNpgtWqhpknTonlHOoe3daO+TESpmIX1 +CUalDlJVkwl4kY2Kveg0i0KiBh7aGVY42oYZiMq9YMDLyyWofgdX4zv6lqvw+1kyom4gLf +IeRIicTO/nLyrksiDFr3G7J/4+lzx0Jvicgt3Db7d2gKthod1W1Gi0cfYrDT4ZfFbaJH+W +QH39tFsF8HHO4OQ14DWC9fKdNpGEZrnMRHbCPmd1VHoRNlgAt8kyLNOdLV7zw//mqBIIUL +mUE4XniI++MNTDVeO6LsXFHFb3McwnqS7dRKkefCdIujc1T2j6UdsoJZR6pGgZqgMTnB0Z +rNk5bN1B8V8qw1gi/jz03wCBBEvEJ1oZtAtbTQ8NfmiaFC3LGzaFyKeOus5o7P+7RSJkwG +t/d/QT8CqCdVIidRllLxaBEOnndEHUqQkhGuQMEolO4C2TtTixbiMeJOt/KWOIf2KxIR4P +vZSx70SEmIW1bEeQK+kQt5lYTr0ytxG2ELUuIz5UaFzisUP0WwtVgnMJBatIEjWWR1n3kD +GwG73dzBCVSV6ccdTPMifMNGBdveRgrtNKWDD0vv8uBLpiGGdaqUHFCdPkTqMUJJwqwyBl +MrHxg5N+eJx+Qvz6lWEw1oxnKLLTATMCSoxa2zvBJo28d8EXVuUoOerNqb4MoBkVu1t3BS +QlhtfNGJuQfe2DUkheOVmDds4uO8QHSr8d52rvaYMulYJsbDotQOim/xuGNH9CG7OAJ9LP +5rZ9oF8YELcnrmImuxkLeIRmLcLK6v967Rn9iex6Jxa2iXbdJQPCJmNYMcZlgjLFY8YWCS +c5XqV7UAM10I0NjYwBVkKyEQb0uoegmYzntDJYGFym4A2gbC9oCQG+Lyqgswsvzwt92yOW +h39QtlU+HvJE/PkyIEmykfbaFRpzNwxprmEy0UcIPLH3xMgOzNxsnrZtcBKMNS6oRXXMVe +UnzLxlYv2ZLJLMqqyjNWWg0vMA2dVBVW3JuHXUfCWIbPDCZFvRs/xQcMEjscHxGU8G804p +9GOwuypOZWuCMAByuAigL6cm732fA4neu2zHxFpo1cA5PIaba1hotyYxJYeuuT02XiK9Jx +WNzvHHKTHHYjCqeydvEKPx0H3s7HxUnT3J1BqcerHcXmpCLqJ/ukMvmrxkHWbE6mstRwvD +9cVW0WqSGoV0eJtomjXZmPpi2571mKkY4KiSRbizXV3113Pen6xIWOUgd1RqB9WkElix52 +JUkyBItXIKvvsqQGECpD8yrwxOQRqm4MMUMTMhXBCSAMT56mAfC50iTHVjGmY+t9tfJ1LL +eF7XqLa7SIo0XBe/NQOsuEVlQ= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/non-tfm/ssh_rsa_4096_pem b/tests/pem/non-tfm/ssh_rsa_4096_pem new file mode 100755 index 000000000..0ec9e29ab --- /dev/null +++ b/tests/pem/non-tfm/ssh_rsa_4096_pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAo6FKkV/bSemFY/hO2NA/aMtkglLaC5jaqLzDnP21gfhYPBoB +EDaffV7x+qfv1wyGODJvdUPaNa8nVpwJxyrP/SzskqTlDW235Q7BbLTfGa6qsrj4 +iKGamsEL2HsZNP9GcjXJAPX1gCmQyaJtTeQ7rQSueQ4KuNMh5KQAep5anVi2PCGm +9FeCyk7TQRsna3T0fANdCOeJA5BccfNjTmTSfYau0GGCQ7C+S3v3wfj6iJLD+aqN +pX2jyXvcbce5uPhSCUUEDi6xXn/ytLTtWb9FOXVTR5llockzeLZ8KBF+KWe2JBx3 +pnARYl+Mbe9P86bxuXLiDzMCSAOT+9sOwOYnykqEy65EBsu8lv3s8sa5uNjYOYzU +G/o7IrkIXJ1PyCoqe8TtSts8Uj4XMA0USDxhsJAnzK6+TxuBFZ/TyQnlv8nUKTpu +MrCWsvAGcckKIT9Y0WrLrPqlBqLzhw+q44g64NJQ6SWOwn+hLT1P2dBhcn+VmOPe +dpUYmsCFy4tFTgHsRv7P5/niIsE4hTrZ5lEY0Yyyd05ZFcvwvSMOkwWibBfQ1vzD +eAXmDEgFaHVY6lici0HO7pW8poLjLjZ5IQ40NV0dElzcPX80/ZRPjQvhDsMcrDrv +svRK1epQPJhMcLZrv2vcx1J8rp11M/GVRYeplIT9E3O1/xf0Nl008c8wuI8CAwEA +AQKCAgBwIwwIPqn4qEma7kOSwHyEI8dYrNDzW6iWNO7VuuVWEczeO2/5HYYFlDi+ +77IlLVcaUi4iLgLwAX4zE7J7xLJPLidehBTZNBTvrEIQbo/qeNJQswTYFe/vGFc2 +332x3TP49zUuLGE3mMS5+k9wLvZapzeujFn6ue6jU2Vkovs0k+Qnp2RUVVizrnuG +RcapFLir+F4cyRgT0i4YhZTL17qM/ez1r61nGEwBTQ7I5wlC6VnW0vRJsqW5YeH5 +dgOoaL1Hzv1tfsBdI9A/2TJD7BnTu7z793s3+bwFgQHrL7nHRGUFsGCrNmgjg5mo +iXXAY+uKjNmxUuLAWXtkAYbF2bTwC57/kaNDv7fjlHmzxwgyLq/SguNU3c72Y7rv +oz4jmoi9794NfcUoj8RTyBfvIB6rtRVX3sTOhz8P3d4Lh8xepitE5ysU4TdCMWvs +A0IX/r1yilmj+CPESM3ziSwUd31QHkBgDYFxRfkDp0ildTUfDYf6tLs7k55ejsCF +ddn8PvbzMvhRDLmStjdUBCfGDuOAhjmighuwkS26w/AQ9ndZ6iAAVgDEk1ZgMQhf +V1daWNN5ixh60QVZgXP/c5IpyikPKUMt2qmemmlJDuyuN5rAHnFPnpl/NGvlLaQt +FnFxXn24NsMus3qHSfL8TJkXEV8ZXiBXR7qsaMZ/m5xB/bz9kQKCAQEA02z7kwi4 +/GshGZcSZ5IUk2OnxBnwmImpYocG3kELZAwoLGqYerVw8JFvGmPkGwlXbrHg34tm +OCmPxpcd6A8lBhuTmDO8OW+S1rWqLuYhfV/1PYOWj1YetnKAoRmEqa7PnPZPf2uk +eYq0gDzCOQ4tBwKBqpwa0rrGxahIGwCWh84yKgon/pZ6tjm4hr0GaZF+yK13Cy74 +IiAOVXYoC3qsVvju5Qql6zk4NsX1pj8EkLmQc44T53RBowskBlX/e6/H42zSxbFn +rnZq+cEh9bTYcHZPhyMggzetx18dlZil5B1gKhvDpKo5XYiFGuc8S8/4IXxdsKNw +S2BiKNCB6OsrmQKCAQEAxiCxOfGXLGfNbdakQxDboSZWS7kyOIBBDwspj0Jobyif +o/S9D0hJmaU4QwT7c3zXCBzjicUmjKMgM9feeN7rDOWdBiRkdqOZAGC204Vf9jKm +XAf9gwbs0o/35Xy7t7QZlA+PJQxr56virlsPiENIGcMZhbrC9Pnvpv2dNh8BbBbD +Amif7NNbe6Ry9KvQ0wo5nRI3Bdl2ybFswpnpbTY69ytxHNzYtyqYByT27cYsY+fS +kRfa85e9TcxIC8BPTQToTnm72uh1UNbPy/hmz1/TkiILSQzxNXbxEQ21LUQmM+wa +BeQpvrK+uu7F/naFV0nX9QdfrQaHvACtiqNvTRBeZwKCAQAr5m02UpFWmEf/MEc6 +CjMLh53GMjyq76qkMrVSYN8knwGYd2nB0PrqeMhBCozKsF3fNkAjKqbG8ppP+gDT +tpFRe1hiOhvTMT+kJYR4yIAbsFkTtMcGbDNkXtImoU3SjeG+DcbkBk3Yjtx75CHQ +BwmCcxrJejB3oSC02gRe1vhqqn3wDLvROR2xyLpv/7/dG8DfmmUlhVMwgsd3J1mZ +SJeQV5ADLvrUpMTvWptvMZaZFm7QD6hCXvliCWYpiqHJ5O30YxxAwF1u9FeyFFAg +3LQ0ZdyNitWtaVpEE5PpBBEuFItrMuikwFO5ACfjNjBm7X/wNAqgKs+eVx0KrIDN +BEfBAoIBADsszIIX7CTxI+QodYsqX86z2pZnS96gP840cUc+eF6q7XNUx5rm5kSj +mjg6JrgJk1fy+OrPHYJnvlh9ow7K1b1WXx3UhMUCe9InELQAY/bujc1y/X7C9Ly3 +Dz1VkeN+QR19wC06loftSJj2zZ7PKZu4L8lHTK9Kbw+bM/dUL2KPMdNoWEutnOdC +6Kq3HnnJ1gdZx2FR4C7BdVByE8vwpI/qQ7BxLbEXYazQl4fQ5rU4KiX30AdtTLcN +yn7oA0dnrdKyfS8WuuNYJVwwZtSNNG2zCVfaK7jiO4HybCiG8DoVzHfx+53fWSQP +6Mbls1Gs1nlyqFrPVn8KXMrJoZaMywUCggEBAMJ+udqN5hEiDHE5wMgrI9Dwdn9I +zHFfN9/gn/ffRvsIN9MvYxcK0UhPPQ/PH+GXgPYJDEYrRC9+HJmkIs+x/xzWysft +0+PyFmlA5BEg8tXsPqBpDlKLpd8PWomwfN497ZLdv3geEHzcdZOc+7isX60Q9h0R +J0FH9pCwAXTuhihdbRKnRoFIVySSxYbK644k6TW53LO/jxG6rpRHIzj2n2TMs9kR +wp5A3ON2DM7n9gS7fI8k4+X9YGlTBfsO0VJ2Y4ZSFZbV3cAK6RIU8cpAs/2dwyet +1TjK3J88LTcwrvu4Q5vBRjjyg4t/wRzq+qSCfC1BKvwYo/LTdXL4v0T5oXA= +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/non-tfm/ssh_rsa_4096_pem.pub b/tests/pem/non-tfm/ssh_rsa_4096_pem.pub new file mode 100755 index 000000000..3d189b1d8 --- /dev/null +++ b/tests/pem/non-tfm/ssh_rsa_4096_pem.pub @@ -0,0 +1,13 @@ +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEAo6FKkV/bSemFY/hO2NA/aMtkglLaC5jaqLzDnP21gfhYPBoBEDaf +fV7x+qfv1wyGODJvdUPaNa8nVpwJxyrP/SzskqTlDW235Q7BbLTfGa6qsrj4iKGa +msEL2HsZNP9GcjXJAPX1gCmQyaJtTeQ7rQSueQ4KuNMh5KQAep5anVi2PCGm9FeC +yk7TQRsna3T0fANdCOeJA5BccfNjTmTSfYau0GGCQ7C+S3v3wfj6iJLD+aqNpX2j +yXvcbce5uPhSCUUEDi6xXn/ytLTtWb9FOXVTR5llockzeLZ8KBF+KWe2JBx3pnAR +Yl+Mbe9P86bxuXLiDzMCSAOT+9sOwOYnykqEy65EBsu8lv3s8sa5uNjYOYzUG/o7 +IrkIXJ1PyCoqe8TtSts8Uj4XMA0USDxhsJAnzK6+TxuBFZ/TyQnlv8nUKTpuMrCW +svAGcckKIT9Y0WrLrPqlBqLzhw+q44g64NJQ6SWOwn+hLT1P2dBhcn+VmOPedpUY +msCFy4tFTgHsRv7P5/niIsE4hTrZ5lEY0Yyyd05ZFcvwvSMOkwWibBfQ1vzDeAXm +DEgFaHVY6lici0HO7pW8poLjLjZ5IQ40NV0dElzcPX80/ZRPjQvhDsMcrDrvsvRK +1epQPJhMcLZrv2vcx1J8rp11M/GVRYeplIT9E3O1/xf0Nl008c8wuI8CAwEAAQ== +-----END RSA PUBLIC KEY----- diff --git a/tests/pem/non-tfm/ssh_rsa_4096_pem_pw b/tests/pem/non-tfm/ssh_rsa_4096_pem_pw new file mode 100755 index 000000000..527163ff2 --- /dev/null +++ b/tests/pem/non-tfm/ssh_rsa_4096_pem_pw @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,E8CCE89C1882B2018C2B6C62759562F5 + +t86bjSrE+zRoSSlM5nIpX9zOnPvctVGKm52+SrwIyI/1A3xH9MfJ2ATwmgRR5bRe +1v+855s3K1M6S8cn9wpoih4I71tVPQ0oIBgQa8/jUam7cI+Ye0BDx5r124B2PVsu +QtFVPAMvUfZ7LXAwnPHxfMznJXmW2nhI86rYZYbhOFv+63F1KI4goBdlkAtNPtnW +NiMHWfUQQ0a02IngWxniIbcQ74ZgGYvsgs3ogeMBZ2QHjXakIizLpFndCoUu39z+ +UfrG7d+6D3azJW4/d1AUpKkNxyiVAJ8/sVkwIM6CcnCfWPhakWMcqOMyelBxAd2B +WOQnHqSIbPgAO4iGvImAaRQSEKh4ZZb2Ulb0Ol7TaU3LAUIdbYs2Q5IhmvaoXWsa +8LTBE8VmQ5Duaf38353ZmqMADne/yClaoW0DQJy8tbgbUuQK2DgUg1CFitT6zAoV +UFjVOPTBFiYyWlO9igdajm2deSWFbaJCtqvGMvP/oCiFDCQU8EELRVDIxRKzdKFK +mt5crHdhqqUChq7TYzDLqPeCWixi2tFQImp/1XGFloEmpQs50wEFChXMxCMwso24 +Ic7F2xByMdlWM3IM1/523QQ4urqEKeyd9o7j+rF/EUdtx+0PLhCjgxgvs8ZAzdkZ +nUh97ec0ttPCCYgorvFUMIlbWy9cLWA9Viq2NlHB14wy2+draSjGl9qY0q5ecieh +/ih04So8YDGf10R7WH+UFCwXEN4gDrtzAbnx3eIY36q96Y14QjS6rssC/AlQJk0B +M48WOndoa0fdOXvSjStkjTd+zHfs5dr1hYBuZLfI49/TpobysPjK8V+farhi4aWd +peCOcbUbmU9+Y49t1sxuDpINXs9tqJ40wuaSe4k2n0Qn8yt3Ud7tJLtVmvZ1Gg1g +BMouWXbT+lD0P1CDlkl4lzAXJSTigkXMFEt2HoxaY98seJCzXFNcZTqgHl/ATxHC +PGYF3KteOALZsnmBExm8HGE0doUSmo+20W5Uh67Wy8/9A8g7EyQ4IoFECf5gqdw8 +MFLEdkEgWxiANzb/Ksp0RzlmKhdNBpfglOV156Vt2r/uTDGpdoqvML7jT+OG+4Cm +K1kAfV4PGslNXTl/ziErlJ4pxOZJL+OpxpiYs2b7VUWVLo5Sa4N/6Y+lope4o9Y7 +mg38oiNOL2zRhRaC4rfEQyvrEFeES4xBZiiUQd07JzwxHD+YtXLcei7bwi3YVBDA +WTK5oCyIWvuslIFcqoCKlLh0+yOfjF+ecyBxIb8PF7ISdoWRYQWeJhFeVIJR09zU +FYv8GVKihHrG48J4Vy28wDPE9XH8TDzuELyVLLwev9h8CftblxYGDZLvHwhEuR6N +GqxuuLaOZcxuLFV/C0hPedfW0FVYG9OG45r617lWN3l1plH44d7PaKvFQpI3FauC +wWIPmkD6Romi2oBC2LvbZcNf52a29oAp3SyB0XXbTMkHqUqFShRJ4ohUUsDOU1N9 +3aKwLVcZoOb1yCynP3TBUA9//t+cRH1ihbfLs38AYZsk7W72vQ5P8w2hknWQmNyJ +QA0a2xMPHPeUA/j+NIofa+RRxR+J4yl+sY4t8qdtwFfvZuI9Bn301WF1KcXn4VER +Y+5vE6cObaLGu5xbbpgbPaHDOjW8pDQZ0qhIouQQIhZEqkJqGhtopjjfJfxvWyrk +4lusaOjg8KWzTMSEqS+Wc5AiaigM4ZfutHPjvynPPnIw47ersZwxTfvWv0zEyNve +xJluj2CBOxuG+B6zt8AKJmBGJrehpZ+b0UFiHqosgZHXleW4ruVPnYUIwD7outhr +BrSR3pFwIWJHAmI71UCJm9SjU6psl+WyV46O2BWX+D55QGg8GQTbob2UVsW8v/KB +2/A92GQR1Ozrl+TXNYTVWGu73mDC3l2ZmNaFeYP4OyVJ5GtYORq8FuEGgtezE1tD +RlBMgkOeS6X4ThGnwqYRJrIgjHOhpk8LPvFzSHjjfDMmWwns9bdnV6zXsrZowGnv +tsYtMEzuaMt/xFQQRUcUHmrVHdkH1O7TM5uR3+8c7Z9X/gxWCswXqifku6NS3wAR +q8uLholVN3lvEailMzU+1/WLGkDBHYqhfMB6gQB7qigdAhcjemqNgc9qHAMs3kz/ +iYMI1j2xamCwzR6CjV1P+O1aSzWdzrlzzPWQoSH9xq3TN4urAGHKTU0Vy0oawya+ +ifsyderqNiww+3d4MpGcgj9nQM0O9xJSdVHB50M9TwfZiAh6UzyfIkMGeizJ38q2 +Z0itpoR0fdP/LqBXNzYwc38YH8+xw6pERH3cPPUAn0sMp0+u+90ce7lW5dCCwl3J +UBUv5NdM2hGvUTwoGYRKW28mss+zwqeq+lB9aJD5q+UDO/xEgm1LgpXHnxPiq0vw +IFo/pOjUn61encDN3vfG7Srk+CMuNAaZN6CFvdj5eEFBfAQ7c0epO0ZGBBGZboWn +W/9amLGlLLjMpKSXqYZO7fezCUWKmfq1qQAZI9lF2zlBra4e/4RAx/EvqY8K85Sd +m3Ye98I36onVSOXakCk4D+YPi7rzXPO0RnuWSjv3RpEu9tpV/E2Dc8bYjmXRKUw9 +icF3IeTmKuV2ByzyaZOR0YLFdePeQa6rQVPNJ52XwolUDhwcQjmqjGdwW9lz2RBS +t3EBOJVgdilCmkInXVWMInqXdAa/5CQ5zqSnFlW+LoIFcbIguTAfU7U4SFu7CPBA +xEXBVPvHCdgnbgceg4aCZkTZS5TLTkUj+cDyscZGpXoy/MGer5VcxxGMXHInW4wf +USuHKpg3+kb7rfR8HUPaHh76/GifFWurkE2I/J5C1jKXHtTSlC30i4xmFAWRY9W8 +XbApcRQK3K5WV39S2HSEGa0ZWofl1L8hN9SOvt8lQ6iAcggRWcdw8S3cjQMe/z0m +QHTCMpyorxFht8Q0qqw+Pex+8P7QMjjG3f3jDlQCsN9qTM4kQk7esHjAppQ9qttU +749ZJjbP91n9eAo8C4BASuIve+ACGQZg7vBvUy+qdumyzFDDc78hpvwhHk4uQ9u2 +Vlx2/KbrQv5snYVCHN76P6Rj0UpMpUA9ujZIhQPcjH8RWf17sQ8zXtcssD30AelR +scrfgKLK4Wjxbez2r2oMQQTWV64o4GuYJx/8m/j1NLOlkdC8QyyQ3L+l9Bba2jDK +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/non-tfm/ssh_rsa_4096_pkcs8 b/tests/pem/non-tfm/ssh_rsa_4096_pkcs8 new file mode 100755 index 000000000..a5cfe2f52 --- /dev/null +++ b/tests/pem/non-tfm/ssh_rsa_4096_pkcs8 @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCjoUqRX9tJ6YVj ++E7Y0D9oy2SCUtoLmNqovMOc/bWB+Fg8GgEQNp99XvH6p+/XDIY4Mm91Q9o1rydW +nAnHKs/9LOySpOUNbbflDsFstN8ZrqqyuPiIoZqawQvYexk0/0ZyNckA9fWAKZDJ +om1N5DutBK55Dgq40yHkpAB6nlqdWLY8Iab0V4LKTtNBGydrdPR8A10I54kDkFxx +82NOZNJ9hq7QYYJDsL5Le/fB+PqIksP5qo2lfaPJe9xtx7m4+FIJRQQOLrFef/K0 +tO1Zv0U5dVNHmWWhyTN4tnwoEX4pZ7YkHHemcBFiX4xt70/zpvG5cuIPMwJIA5P7 +2w7A5ifKSoTLrkQGy7yW/ezyxrm42Ng5jNQb+jsiuQhcnU/IKip7xO1K2zxSPhcw +DRRIPGGwkCfMrr5PG4EVn9PJCeW/ydQpOm4ysJay8AZxyQohP1jRasus+qUGovOH +D6rjiDrg0lDpJY7Cf6EtPU/Z0GFyf5WY4952lRiawIXLi0VOAexG/s/n+eIiwTiF +OtnmURjRjLJ3TlkVy/C9Iw6TBaJsF9DW/MN4BeYMSAVodVjqWJyLQc7ulbymguMu +NnkhDjQ1XR0SXNw9fzT9lE+NC+EOwxysOu+y9ErV6lA8mExwtmu/a9zHUnyunXUz +8ZVFh6mUhP0Tc7X/F/Q2XTTxzzC4jwIDAQABAoICAHAjDAg+qfioSZruQ5LAfIQj +x1is0PNbqJY07tW65VYRzN47b/kdhgWUOL7vsiUtVxpSLiIuAvABfjMTsnvEsk8u +J16EFNk0FO+sQhBuj+p40lCzBNgV7+8YVzbffbHdM/j3NS4sYTeYxLn6T3Au9lqn +N66MWfq57qNTZWSi+zST5CenZFRVWLOue4ZFxqkUuKv4XhzJGBPSLhiFlMvXuoz9 +7PWvrWcYTAFNDsjnCULpWdbS9Emypblh4fl2A6hovUfO/W1+wF0j0D/ZMkPsGdO7 +vPv3ezf5vAWBAesvucdEZQWwYKs2aCODmaiJdcBj64qM2bFS4sBZe2QBhsXZtPAL +nv+Ro0O/t+OUebPHCDIur9KC41TdzvZjuu+jPiOaiL3v3g19xSiPxFPIF+8gHqu1 +FVfexM6HPw/d3guHzF6mK0TnKxThN0Ixa+wDQhf+vXKKWaP4I8RIzfOJLBR3fVAe +QGANgXFF+QOnSKV1NR8Nh/q0uzuTnl6OwIV12fw+9vMy+FEMuZK2N1QEJ8YO44CG +OaKCG7CRLbrD8BD2d1nqIABWAMSTVmAxCF9XV1pY03mLGHrRBVmBc/9zkinKKQ8p +Qy3aqZ6aaUkO7K43msAecU+emX80a+UtpC0WcXFefbg2wy6zeodJ8vxMmRcRXxle +IFdHuqxoxn+bnEH9vP2RAoIBAQDTbPuTCLj8ayEZlxJnkhSTY6fEGfCYialihwbe +QQtkDCgsaph6tXDwkW8aY+QbCVduseDfi2Y4KY/Glx3oDyUGG5OYM7w5b5LWtaou +5iF9X/U9g5aPVh62coChGYSprs+c9k9/a6R5irSAPMI5Di0HAoGqnBrSusbFqEgb +AJaHzjIqCif+lnq2ObiGvQZpkX7IrXcLLvgiIA5VdigLeqxW+O7lCqXrOTg2xfWm +PwSQuZBzjhPndEGjCyQGVf97r8fjbNLFsWeudmr5wSH1tNhwdk+HIyCDN63HXx2V +mKXkHWAqG8OkqjldiIUa5zxLz/ghfF2wo3BLYGIo0IHo6yuZAoIBAQDGILE58Zcs +Z81t1qRDENuhJlZLuTI4gEEPCymPQmhvKJ+j9L0PSEmZpThDBPtzfNcIHOOJxSaM +oyAz19543usM5Z0GJGR2o5kAYLbThV/2MqZcB/2DBuzSj/flfLu3tBmUD48lDGvn +q+KuWw+IQ0gZwxmFusL0+e+m/Z02HwFsFsMCaJ/s01t7pHL0q9DTCjmdEjcF2XbJ +sWzCmeltNjr3K3Ec3Ni3KpgHJPbtxixj59KRF9rzl71NzEgLwE9NBOhOebva6HVQ +1s/L+GbPX9OSIgtJDPE1dvERDbUtRCYz7BoF5Cm+sr667sX+doVXSdf1B1+tBoe8 +AK2Ko29NEF5nAoIBACvmbTZSkVaYR/8wRzoKMwuHncYyPKrvqqQytVJg3ySfAZh3 +acHQ+up4yEEKjMqwXd82QCMqpsbymk/6ANO2kVF7WGI6G9MxP6QlhHjIgBuwWRO0 +xwZsM2Re0iahTdKN4b4NxuQGTdiO3HvkIdAHCYJzGsl6MHehILTaBF7W+GqqffAM +u9E5HbHIum//v90bwN+aZSWFUzCCx3cnWZlIl5BXkAMu+tSkxO9am28xlpkWbtAP +qEJe+WIJZimKocnk7fRjHEDAXW70V7IUUCDctDRl3I2K1a1pWkQTk+kEES4Ui2sy +6KTAU7kAJ+M2MGbtf/A0CqAqz55XHQqsgM0ER8ECggEAOyzMghfsJPEj5Ch1iypf +zrPalmdL3qA/zjRxRz54Xqrtc1THmubmRKOaODomuAmTV/L46s8dgme+WH2jDsrV +vVZfHdSExQJ70icQtABj9u6NzXL9fsL0vLcPPVWR435BHX3ALTqWh+1ImPbNns8p +m7gvyUdMr0pvD5sz91QvYo8x02hYS62c50LoqrceecnWB1nHYVHgLsF1UHITy/Ck +j+pDsHEtsRdhrNCXh9DmtTgqJffQB21Mtw3KfugDR2et0rJ9Lxa641glXDBm1I00 +bbMJV9oruOI7gfJsKIbwOhXMd/H7nd9ZJA/oxuWzUazWeXKoWs9WfwpcysmhlozL +BQKCAQEAwn652o3mESIMcTnAyCsj0PB2f0jMcV833+Cf999G+wg30y9jFwrRSE89 +D88f4ZeA9gkMRitEL34cmaQiz7H/HNbKx+3T4/IWaUDkESDy1ew+oGkOUoul3w9a +ibB83j3tkt2/eB4QfNx1k5z7uKxfrRD2HREnQUf2kLABdO6GKF1tEqdGgUhXJJLF +hsrrjiTpNbncs7+PEbqulEcjOPafZMyz2RHCnkDc43YMzuf2BLt8jyTj5f1gaVMF ++w7RUnZjhlIVltXdwArpEhTxykCz/Z3DJ63VOMrcnzwtNzCu+7hDm8FGOPKDi3/B +HOr6pIJ8LUEq/Bij8tN1cvi/RPmhcA== +-----END PRIVATE KEY----- diff --git a/tests/pem/non-tfm/ssh_rsa_4096_pkcs8.pub b/tests/pem/non-tfm/ssh_rsa_4096_pkcs8.pub new file mode 100755 index 000000000..8cff43fc8 --- /dev/null +++ b/tests/pem/non-tfm/ssh_rsa_4096_pkcs8.pub @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo6FKkV/bSemFY/hO2NA/ +aMtkglLaC5jaqLzDnP21gfhYPBoBEDaffV7x+qfv1wyGODJvdUPaNa8nVpwJxyrP +/SzskqTlDW235Q7BbLTfGa6qsrj4iKGamsEL2HsZNP9GcjXJAPX1gCmQyaJtTeQ7 +rQSueQ4KuNMh5KQAep5anVi2PCGm9FeCyk7TQRsna3T0fANdCOeJA5BccfNjTmTS +fYau0GGCQ7C+S3v3wfj6iJLD+aqNpX2jyXvcbce5uPhSCUUEDi6xXn/ytLTtWb9F +OXVTR5llockzeLZ8KBF+KWe2JBx3pnARYl+Mbe9P86bxuXLiDzMCSAOT+9sOwOYn +ykqEy65EBsu8lv3s8sa5uNjYOYzUG/o7IrkIXJ1PyCoqe8TtSts8Uj4XMA0USDxh +sJAnzK6+TxuBFZ/TyQnlv8nUKTpuMrCWsvAGcckKIT9Y0WrLrPqlBqLzhw+q44g6 +4NJQ6SWOwn+hLT1P2dBhcn+VmOPedpUYmsCFy4tFTgHsRv7P5/niIsE4hTrZ5lEY +0Yyyd05ZFcvwvSMOkwWibBfQ1vzDeAXmDEgFaHVY6lici0HO7pW8poLjLjZ5IQ40 +NV0dElzcPX80/ZRPjQvhDsMcrDrvsvRK1epQPJhMcLZrv2vcx1J8rp11M/GVRYep +lIT9E3O1/xf0Nl008c8wuI8CAwEAAQ== +-----END PUBLIC KEY----- diff --git a/tests/pem/non-tfm/ssh_rsa_4096_pkcs8_pw b/tests/pem/non-tfm/ssh_rsa_4096_pkcs8_pw new file mode 100755 index 000000000..369b66323 --- /dev/null +++ b/tests/pem/non-tfm/ssh_rsa_4096_pkcs8_pw @@ -0,0 +1,54 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIZ8W+TB/w4sACAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAECBBCcYoqV6gW8tDWp961nIwJ7BIIJ +UEdTApSDv5zLAnIofC+EsQ9csDFqwmnInKZynQAk3yrxAznTLmigv5mzSVV1Ixyo +ZH8XnQIxB/9HIpLUt/mBgmuLn0pbIrpOojS4lqM0o5P6ZhFJVJHp3ggdQ21B7pkB +Oce6dJFh0iRNra/dytyd3VpZdIxIuoGYBfgUP3b4+UhsHgRt5oUs/82veiQXA4QM +oqTWa5qSX/TMBNER3SQcsmsjmsOL5m0wnRAdJ+OYidhRqyOJfJLgtlA70o5HgHVm +83XqYS3zPqwNzFQq/sCZkW75NKoSKUlIDHDVu91NpAREk0P79vJjhaAhS69dd2tS ++1nte1Uie9vnDwYbBf/56RcjU7aQIcgePisFLM1pblJiJlCF6SU323hU20vxTXF1 +eyiM08AQBnlRJZYSArv/jJk8psT7oqqbEm05JF5oq/+nZqm6lYpP7YJ8j3n0x42V +Nc2Nilf0xdR5d2Cf4jhreiLFI7windxf/pk3veGjDUZfv26EBhiQRRs0pbLe+GoD +NbwREhaueHUTfz01EoswFmJ5cUiI1p2P6xGFyzaXaRJmAK35Rtk7/NWo9DHKfQt4 +VnijFYT5qf/ctkWMcMIyC/86QCM6u5VTN00obszfA8usF2rslg2mbqwmnHn+kmLo ++9jodEbVz406NooMr8gsgLVFhjQ+nSG3JIJPeTv58L0rIryE7ps+JsABUBDkqr2g +99aY6H9WVgiS5w4RF5hwW/UzRcT/ll+yYzwA/4D4m3P+XQX/Yk3EfQtRpihUWAPO +VQbJprMTRIrzr/od8BGizT7fJrlqxTkSoFf0tCd2RpmIWC7Uo/0joSG8ri0qrYb/ +5WehgmOu5bkSn4Na5dpnOqRiu2dVKfJ7l9STQluf2NQ/HNd3b6t1ynQRCSXu/+QA +eLqWEyRde6XIeom41BOvKbnlTr2Am1sNCBcNr/G/Ryjt5JwHUq/VrU8AIhOUlqQG +s8XQ27Nkfbn4X4/Yc8k3S0F+S/sguhh2NMLrz3BmVKa8+s0zLfOi7z2fCLcwzE6O +vwnyIsp7t8Y+D7sOzK01XPeONecy0QNNdgre4Q7BYMCCYjjsxK/d1HL5iaBUS+o5 +mb2poBtHoQtl9IMsbwWuDZwWsAdouGj97timoXORoqt/585ckuthN5NGQhJErjNU +5ueGoPXLKENWA1ZrPPPVgZfwAyiBoOsmrn9QcTki9+/byt1S5LcVGQabt5nCReVg +oecS4u4As410+vaul/0oLXu0xnMJ15PJw5Jbfq/bViyEdIqA/ZVMaXv2Ws4hXeuR +HMwWfJwLxHLPp1fPXTvIOW/URgtqZkR2a44xP6NuKvAIAIdifqag+BBs3D/MRMkD +rkDKOHXC2Yu82xfpOl5Zs+ptLggEYhzEiYQcmlW9jHG0bqxIiU5lTzb0WisAy76H +VnTxz3jvJyIhsTAooXQ8kehlwXATLkJLXePyhnUtOzAGoTqJy40kfcd9OHiRQB6q +WrlgS4BvV4eW5FnrNVN2M6zGWIzaPdB42+QVDHsrlOEqqmOd9SNfWrVVDw/bUCQv +zD6DVxa3WJm9mMrlmxEEi8MT2wzEiEuI4NygezDlFhsF9AB3VyjavIJdncB50x+m +Oj00idvZbQHHtizQIhBJPSqYVwUha0kw+lf4sUmaaJR2fklwIUiqhhBm1hdoB4ed +xdLfpmC8tQXk3HqLIs+lkQZpHUeAJq5+c3PTAERow6SznFUr/0Vh/Fd2hvrFRYOe +Yv1epzDP2od77l5ujaUACijAV3T2+voapcrjMoC1RYIlacVwZ7DLZfAt2gskP62/ +XJQInkORYMdHRMucYiYiSbTvhm/HpqValbqVvH/hjLjVkcbrttsuW/R9diMoB9Ug +owTqdCOriH1o0ARVdA99gykotIq8s2Lzjxr6V7H1AmLKOifhis2laz6NlI0V2yyr +pmaKabrYbHLdh/FKpbUacP3ZZgJrZx/9XA0gD/cxg8iMEHjlzqY+TvGLS3xJVQmD +VE7QSUDi9Xc6QY+tNz/PK8QDvxDJAnhV6aUC+xeAjW3v77iai+bX94Mg9N0Z9Z0C +x6Kz/0gk7jI3YP9dfF3SjItBfTB7/iz4gAU5EpJkZAIuTdrpQbHM6xbdzl77oIsq +AuQ9rncnvuQkOewiu9nURy8YFNfqmgsdFkoxc4XQr8RC0vPJkfo2IYto0p13dT+v +xJ/Z9UcGRYzBbDNlJcE8KRFpHVKukUbtc+wwOCDj0dSy4rrKo4Fwo6DO5/KFNM+S +3RZQc9kFCE0EO5qqdoiprc07fDhQxruvrO9D9axeGxlyno+bBW+8+zubX7dlrxst +EKPDxWECRMi7Q5eeCOhoODchiyFsJEv8/Sa2v+CRvvlLVF5arB3XGbCK1sHepjdg +z+RXplEUFe13Pu+lV1nwlZ5RYxKb25oLXB72JZdc2R9ymFuHJF2AcGFosi/kxwkY +4WXgz4uV1bfCvpEqG92xj8+R6VSogcS3H/g0GgT1rBhLqgnwXAT93c3wtlB7V2YJ +b0mYXJFBYzVoOqf6TzKXSYHJseftU5Z+Jw4hoqMUE+ksiIG7tRnn81P0+gHVUeuG +mMNWd7lr2UsTgbVVrHlgQ8GXqkwzOcoexiWZ972fRRwowcYaCEN80aNty5wDtmWf +sE50JPeam18JyBs6qvtikNJnfnDQ6XyRjOg73MxWmcWX7z4rmtJmi1VjpwUvxalT +1T8ectGTzCw0ss8rlNm0Yb0s3uysdO7Z+kLwdDLN/46ph3Vn6UAJtOkodUlqe1QK +dSiKlY5H6AsO5wWgxvmEen/Z/Q/bZGhVqKjAZclRYbH03QL60nYQaaTaBBhXdpQf +HAkK7x+lFJ3I+x/SmSKuAv45uZF5pRbSWUBI0QDsB3fs3kJlaagR5iaZydUnXjzk +JymhcjdpYsfyfCrV/qoD0yJ1F/13TnPuEBp8k2XEL3DEqQO2bylUtAdoIx72Ru2/ +SPmEwiuptZYA4iKJPKgrWMPyoxaEWU77apUlwx6Hg7VlpYhoWDoKhnmnIQVQuJn1 +1Q2YNKbeyM5JAHmFgK4wel9PE60QNyqKLch6hMc780kfbmOTkaEqYVsj1aBB5b9k +RJLD4S6SbsYkax+aU741EaI9ItajJsjG0hCo8AK41wDHhVKofmCoUbeMCziXi91f +NnmYJEiXd0J6RWdJ1d4eWGu2g3t6+fv1BnmnTHc8EpGu +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem/non-tfm/ssh_rsa_4096_rfc4716.pub b/tests/pem/non-tfm/ssh_rsa_4096_rfc4716.pub new file mode 100755 index 000000000..162452850 --- /dev/null +++ b/tests/pem/non-tfm/ssh_rsa_4096_rfc4716.pub @@ -0,0 +1,14 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +Comment: "4096-bit RSA, converted by miko@YUE from OpenSSH" +AAAAB3NzaC1yc2EAAAADAQABAAACAQCjoUqRX9tJ6YVj+E7Y0D9oy2SCUtoLmNqovMOc/b +WB+Fg8GgEQNp99XvH6p+/XDIY4Mm91Q9o1rydWnAnHKs/9LOySpOUNbbflDsFstN8Zrqqy +uPiIoZqawQvYexk0/0ZyNckA9fWAKZDJom1N5DutBK55Dgq40yHkpAB6nlqdWLY8Iab0V4 +LKTtNBGydrdPR8A10I54kDkFxx82NOZNJ9hq7QYYJDsL5Le/fB+PqIksP5qo2lfaPJe9xt +x7m4+FIJRQQOLrFef/K0tO1Zv0U5dVNHmWWhyTN4tnwoEX4pZ7YkHHemcBFiX4xt70/zpv +G5cuIPMwJIA5P72w7A5ifKSoTLrkQGy7yW/ezyxrm42Ng5jNQb+jsiuQhcnU/IKip7xO1K +2zxSPhcwDRRIPGGwkCfMrr5PG4EVn9PJCeW/ydQpOm4ysJay8AZxyQohP1jRasus+qUGov +OHD6rjiDrg0lDpJY7Cf6EtPU/Z0GFyf5WY4952lRiawIXLi0VOAexG/s/n+eIiwTiFOtnm +URjRjLJ3TlkVy/C9Iw6TBaJsF9DW/MN4BeYMSAVodVjqWJyLQc7ulbymguMuNnkhDjQ1XR +0SXNw9fzT9lE+NC+EOwxysOu+y9ErV6lA8mExwtmu/a9zHUnyunXUz8ZVFh6mUhP0Tc7X/ +F/Q2XTTxzzC4jw== +---- END SSH2 PUBLIC KEY ---- diff --git a/tests/pem/non-tfm/ssh_rsa_8192_openssh b/tests/pem/non-tfm/ssh_rsa_8192_openssh new file mode 100755 index 000000000..f48702502 --- /dev/null +++ b/tests/pem/non-tfm/ssh_rsa_8192_openssh @@ -0,0 +1,93 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAEFwAAAAdzc2gtcn +NhAAAAAwEAAQAABAEAqV97tjVnMe5+B6Hu/wGKiyLWEcHLLW07r3tMk2ehx3MCrOkQoQob +p0lZ3tn5MXnLi3aYgGTa3Y2u7EMai9MA4vr41rnC5pdIQ0NoqT8uP/OPQ5kHjVYddaEaFJ +AOh6SOaEq+S0yRqV4p0/wkTD95VOKDOxl8MjrJRwSbEM98cImYIwvXbFNOha2S8W8tJ6Ae +RJBmB1iFO0wAaIFa5fqvGqohSJYuqFFuEBpXn0DW79cp/z9cZJPyQ6TewWVu119XGwHNfa +fjKlbjHpCN+G4xzKFVOXr2OFqprX1kSKKLpwHJQrojrnv6q2DKF8KOuCazGl9fZyJeuY6w +6n4wrUULVquovQ/6Uxdi8xEYBJC1PcVerLSFypHKY8hKwa75SpUR3V1oZBjdV6J0yt9hkj +zsbA5EbMozgq3zJU5HLjrpyASs6RVhdDfZuh+o4f5g3Wrb0Nbe9nJYE4ECNa67cYeEc24i +k4auxhLkJ+WlY7I/2dKvqnmO9be5TRdZGmi2uOJD1nJkjKr/brNFPdJoEp/ifyrRZwQQ87 +OIELJ+eARMmVIRf6jpeBX6YM0evis3UEX15RmNixR05T23ciZ7AZUbN5Xdlt5YIWzTYuFW +bC7dLMg3cmltsK92rVpRbKuV8ZBmO/5ckcx5VkQiAG0kmYA8/2lgQXab4OeALSL0ScrDtZ +2XXw9G9TS4w/KBrd4X7VslJ/+v1IoFt+gH6oLCYx5ctpqUlud5WCR5LbKz360AzU9yf0n7 +SqRk41OUcMc+NSUkMBInzOS6JhvzBq8OfpCRnaeBoZUUqn9uZUdwUUo0iOq+6H2DxjgknP +U1o5xIn79R7XB9PJs3fdgbullwlhaV8Xq3/aC0lmJWQy1JfZ8XaXJRmqkMslV8BViilInr +tPsIP7tmK8q0NSYE7AJVhWIfP0qPclsql3MBZCqS9HFn9bEW0U7i84VCMnN9TDVslTdT/o +9RxihL3ilXxk8YmjcfKsRBZbLLDVZhcB7ywe7F+z/ITF42cXr03pCi5Ckfv/xBEKfKsIxw +5Tj1ptbUD7ijB7Gw3I8cl6hTuhzBCYX3ldDliurQTJcqUozPPvH5qhQUoiRplzNUtL//Eu +g9kP9zq5xQ+VyzrLrm02HkqiTcyGi0jbx7xpNbSUanOKkIw0VyPGUPkBmSQZd3ox1DPX9X +DTAKQqJuEX3GarytDU3rG+DoRReyt1fAW+g32Glu+k7SUGLTf7BgMHkq4n812d12gR3pQq +4fdZKM8yqxHCWHhrVH0faPNt1N6U5OW1+0LxAoC7j+huS/C3OlfFSPIl4VeknxFTfXnMIe +py7FB4pqkuSL3cp26kPa49/mYWlUIh5qxdZ9468ZxCGNCFklHVMB+QAADlCJUCAtiVAgLQ +AAAAdzc2gtcnNhAAAEAQCpX3u2NWcx7n4Hoe7/AYqLItYRwcstbTuve0yTZ6HHcwKs6RCh +ChunSVne2fkxecuLdpiAZNrdja7sQxqL0wDi+vjWucLml0hDQ2ipPy4/849DmQeNVh11oR +oUkA6HpI5oSr5LTJGpXinT/CRMP3lU4oM7GXwyOslHBJsQz3xwiZgjC9dsU06FrZLxby0n +oB5EkGYHWIU7TABogVrl+q8aqiFIli6oUW4QGlefQNbv1yn/P1xkk/JDpN7BZW7XX1cbAc +19p+MqVuMekI34bjHMoVU5evY4WqmtfWRIoounAclCuiOue/qrYMoXwo64JrMaX19nIl65 +jrDqfjCtRQtWq6i9D/pTF2LzERgEkLU9xV6stIXKkcpjyErBrvlKlRHdXWhkGN1XonTK32 +GSPOxsDkRsyjOCrfMlTkcuOunIBKzpFWF0N9m6H6jh/mDdatvQ1t72clgTgQI1rrtxh4Rz +biKThq7GEuQn5aVjsj/Z0q+qeY71t7lNF1kaaLa44kPWcmSMqv9us0U90mgSn+J/KtFnBB +Dzs4gQsn54BEyZUhF/qOl4FfpgzR6+KzdQRfXlGY2LFHTlPbdyJnsBlRs3ld2W3lghbNNi +4VZsLt0syDdyaW2wr3atWlFsq5XxkGY7/lyRzHlWRCIAbSSZgDz/aWBBdpvg54AtIvRJys +O1nZdfD0b1NLjD8oGt3hftWyUn/6/UigW36AfqgsJjHly2mpSW53lYJHktsrPfrQDNT3J/ +SftKpGTjU5Rwxz41JSQwEifM5LomG/MGrw5+kJGdp4GhlRSqf25lR3BRSjSI6r7ofYPGOC +Sc9TWjnEifv1HtcH08mzd92Bu6WXCWFpXxerf9oLSWYlZDLUl9nxdpclGaqQyyVXwFWKKU +ieu0+wg/u2YryrQ1JgTsAlWFYh8/So9yWyqXcwFkKpL0cWf1sRbRTuLzhUIyc31MNWyVN1 +P+j1HGKEveKVfGTxiaNx8qxEFlsssNVmFwHvLB7sX7P8hMXjZxevTekKLkKR+//EEQp8qw +jHDlOPWm1tQPuKMHsbDcjxyXqFO6HMEJhfeV0OWK6tBMlypSjM8+8fmqFBSiJGmXM1S0v/ +8S6D2Q/3OrnFD5XLOsuubTYeSqJNzIaLSNvHvGk1tJRqc4qQjDRXI8ZQ+QGZJBl3ejHUM9 +f1cNMApCom4RfcZqvK0NTesb4OhFF7K3V8Bb6DfYaW76TtJQYtN/sGAweSrifzXZ3XaBHe +lCrh91kozzKrEcJYeGtUfR9o823U3pTk5bX7QvECgLuP6G5L8Lc6V8VI8iXhV6SfEVN9ec +wh6nLsUHimqS5IvdynbqQ9rj3+ZhaVQiHmrF1n3jrxnEIY0IWSUdUwH5AAAAAwEAAQAABA +BFJTD5IvYdIVMcRJSwUG3B/ZfNKgOLaRO7wSdy6hTWuvI1qvRZ+ilt8vkYjH46H5HkPqdl +i0b6ufPWilKVELBE+daKus2Bm/MpWqSoq51zCDjNjPTTU3u1YO6nxGPaJmjo1NK5JOo2bb +W/0Cj1Y9hhuhN/Fhlo3Cz9rDit9TbFLrcIX7YziBL/aewaWpvhmHGi5hxxFUdW/OERyPVV +/DBuP1RVMNKdbpjzQ/3PiwX0Zi/D/5b1jJyT1wQFiiZlEIwb/3FnwhlwWIZiHPuIl1wHQT +nsvHE2cnTg2dcN/CXtKUKD1j/o5L5iJqJ6brgbH9lwg80L6rEnKcS6BohSxGQrnurFPHei +YmLH/ouCmZ0UObY75XrVRw2MDOHQDmHBe/gOGisa6je6phzuEaHgtLSELJLsouPCjsc7zK +gsjGqSeK4qfcsKSh696Fzm3hWnbw+MQ5xEmkuwsrM3PT1SzNNa2HSPK6XAQUgZrZwGhmeg +wm1quDOPxtCEU2rR6DvoYJ73Nj4sW0bqZ491/Kb2K4WpCs7wMm3FP97liiktT/wBf8qbBl +dB6h8MU9EgK75qLBWF0RfC1rgeOkLg/Cqta7TvzWPoSp9KDgaCUKIaiktLE/Xm5HmebxOR +E9U3+xi8xImoJmCeOQ60FB6Zc/VEIWFFmDxunUBn4bqnMqTuVzPsuV5d4ik0MIeWAAPprf +i7WXYMhSRE8gN8InkEnzRjVdxKeouEKFzFB6jTesmbmj6q/hl6mw4rS7oP+J/pEcVZYI3A +5itEDNZGb4iijXz7aCNW0Gd5Tb5vD2YF4OVGFx0pDmJnBCBfLpLFgB7PoVx8V2fGNzDF90 +15Ti2H2oAR6UY2Bnt9m9i5DYNM9LR8DwU0o333+uFRaprAjCcm/G3GOSSUabTiwupg4W1p +t+QFXCyuoHPqHLrMyTzUe9S7Z9JhqsVyUW4oTBoRIiraJ8OAe88FRrsIT9lMLGkLN+obCw +W/JGqhf/i2MK8K+ZnYeO6czdCDFU000V8/VK8S5hDL40ubaSpRQNkc5sOhtd4h1/KLSzvP +TjSgbwSR41Jb5fzJF33wC6uLFfFmFk9ILNKwQJhGTrQsH1wVz75xGfTC0CQh5p+VXwbIBF +J0Hlvpjza91R9KETCin42vlOipkviH8sJIYznR/oB2Uu0dAQeBxYDxwfpSffgEqo9dCeEy +Djf7k+j4fkyeHx+Arr2/vPbAtAZkKdo8S27QNZbBCW0vVr7v39ZSZ7GeIa6jR4caX0x0nE +s6weM2pXwK8322aiQMsy9ExCucq17ylIMgQjOfcDzu4kHduQArGY4hA5Tfc1cpCwSev0aB +RBH9ypOh8S1SNLMq/fp6HFQJ6nQx0gglBMSxAAACAQC+CnJGv2gCGMSdle2NtwmRBPdV6W +yzwR1EDsRBxuVqVdOTHM8vswxyGa/w6l7Mxj+71fStj5qZd2KHbNdLEnqOYJDbMxNn5j/n +uEVXf+c9M7JhvR2KkCyqMpzDhRppxR00Y/v1PFQwJCuJTH+D8geT0ltHxuiwZZb42KbYOm +Pz80BoLqhoubQMJ8C3JHzs8ERnp6zQoej3MtTfq7iGah0AjdeebKOt40O9AuysCarZUlKf +pM9g8UgOQXBYHX1S4HJQ0IgcSaXVPWxc6ov1F4bfcJkKq1omfS08OTVk5/LIhiYrk5uY46 +fdi+BXVggPQWU5trnnWB+zaaSQSccU1zAzySvydyFvjuUWzbW7iN95pZU985X9mcCkvGcx +LtFP9DOua3Ege0eYAi7diACinG4WPQ9hMLqNu9ZTwKr6u4/OLiofGY2ysI8ITKEW7bdO+O +cS8LviGLZVCOe73R/EuBNZxvOthBtxudZXc4gDxfyRJk7dELZMfzwsRLFJOzBvZMm2e1s7 +5Cv49oLsz98EMuoq0zuFlhUDWV7/avagU9ILq7Nxs6F5vB9zrX+220pDHvMht9Csgq7HWD +k+sawTejznTm2pCYDYMkTN5ginY0M7wpm2hJyiUtBZcW7BNTBjrQaK0lxLL11vw0rkXksr +J1UQzZEbu2OWNKBgMEEOCeT34wAAAgEA0/9ojqvDrJ5Bd+bpm2jXiRa4BuLJe+Za8uFX4b +q3Waaqw05EVkGhHKwM6kYJV7+ZPHCi9oBlEAE80W1wltIT3T2jArYOCigqqIqeNThqRkA6 +zEbrD8DMRdSpsdQk+Dd0d3y+DT6kPfI0Y0f/FCfdAt+SV+WPFbcimsOjPRGgZ1g+Msya+f +mKtbS2xGrNB4ShvRHtZ3lS2Yj/Mx1SiPu1f0GCbNhzDslmSPdTUI+NQM7E/cBaZRtutyrZ +ZNLqY55rugfRDKsIFwNivEJ1b1WFvSybUFmM8y1GrnB6KSY+8v3x5hz77OOpEI4dzKvw// +zsguUaG7AHVGQWfyommNHSdcOL78gUJFRbIzXjuQU4K27UJ3az+uNsK3TFSE26ntgI1ve5 +7GP58bRv3U+oq/XfumGW6jFk8jWqRCg4LUOwvTZsJAxivSd4RiBo7hZ5KjOW84P5MS4x7U +9NkkvzThRuzLKBc3f4VpFTXa7T/td5X5rnzOkOXOcDH9o5fN7/74I1qKDC2fvt4qKTan58 +38HQOclQRtH6+IevoiBlMj7PnzMINQ2JWwBaT0n2PgJu/LT3pNKr3S1IrBbEEphCu8qXS7 +L5ASD58pnk6LLCjJprnbHimA4U/jjRaEXjlNKjfW3Cx6k9GFkIFopHUvwEotsLdeOg4MDc +Gp1Hi/Gyk2mx2kUAAAIBAMyHMSc80tP+z023DblBELWps4GeJq96XXgE3oNI/pPWR53HyD +STNnZW61RAL8aqSivBRypj3hXg9n0vvQzDAoMR5T6xIGYJMlrRIHpsprtwX1HRYEJ3uUp7 +XaKPIVHdSbvwm7syyLCYhtDPaHad6NVR/B+ba/kzZhG7W/aaBnr/ph7nyvxnwU0KM0KOkn +ppVEDfuEssK504wn+O6VbaT9A5SPM8UqtYevHhoVlIib9rxkskjuPqkY9gb4J5KvPoTkxU +KBdGENBPuEas7nc+CRE8eEtDL8/foR3SyOBOiXgi42PszhQZCLDnbuE7T1BOSwefL1uPhz +3D22qpEphdPac40Q194J5qYkpFJpWpX4n3SZwW1MncYxJSc4h4qOddoH3gvu+JVn9HfnYx +WExh/ayZEb8E3VaIztOavaICpZzS6X1it9gyu46Z6jfX0KDcQfNp19tFEUrF+5Exc7xR5h +P+ZcF+ocndm0OzkJgQ0URfgonfasPvHxJ15pJrVj1pu5YFTboK4XureVlUuzEenUfMS/v3 +Uh0T63HTma6OJadmcDL3V3+TzBBWFVvIj3eKP7DNxlF4DyNanYRM5e3Puwaesxt2mEt2mv +CaGU6N/uJOO9fTxlWTku5oFwhV0KLLr4idumBVD/1SLNUk/asELBk3qZ2OYiWMCo/1tG8X +tv4lAAAAE1RoaXMgaXMgYSB0ZXN0IGtleSEBAgMEBQYH +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/non-tfm/ssh_rsa_8192_openssh_pw b/tests/pem/non-tfm/ssh_rsa_8192_openssh_pw new file mode 100755 index 000000000..d6462022f --- /dev/null +++ b/tests/pem/non-tfm/ssh_rsa_8192_openssh_pw @@ -0,0 +1,94 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCpjAMtPM +6khm1juMb40RR7AAAAEAAAAAEAAAQXAAAAB3NzaC1yc2EAAAADAQABAAAEAQCpX3u2NWcx +7n4Hoe7/AYqLItYRwcstbTuve0yTZ6HHcwKs6RChChunSVne2fkxecuLdpiAZNrdja7sQx +qL0wDi+vjWucLml0hDQ2ipPy4/849DmQeNVh11oRoUkA6HpI5oSr5LTJGpXinT/CRMP3lU +4oM7GXwyOslHBJsQz3xwiZgjC9dsU06FrZLxby0noB5EkGYHWIU7TABogVrl+q8aqiFIli +6oUW4QGlefQNbv1yn/P1xkk/JDpN7BZW7XX1cbAc19p+MqVuMekI34bjHMoVU5evY4Wqmt +fWRIoounAclCuiOue/qrYMoXwo64JrMaX19nIl65jrDqfjCtRQtWq6i9D/pTF2LzERgEkL +U9xV6stIXKkcpjyErBrvlKlRHdXWhkGN1XonTK32GSPOxsDkRsyjOCrfMlTkcuOunIBKzp +FWF0N9m6H6jh/mDdatvQ1t72clgTgQI1rrtxh4RzbiKThq7GEuQn5aVjsj/Z0q+qeY71t7 +lNF1kaaLa44kPWcmSMqv9us0U90mgSn+J/KtFnBBDzs4gQsn54BEyZUhF/qOl4FfpgzR6+ +KzdQRfXlGY2LFHTlPbdyJnsBlRs3ld2W3lghbNNi4VZsLt0syDdyaW2wr3atWlFsq5XxkG +Y7/lyRzHlWRCIAbSSZgDz/aWBBdpvg54AtIvRJysO1nZdfD0b1NLjD8oGt3hftWyUn/6/U +igW36AfqgsJjHly2mpSW53lYJHktsrPfrQDNT3J/SftKpGTjU5Rwxz41JSQwEifM5LomG/ +MGrw5+kJGdp4GhlRSqf25lR3BRSjSI6r7ofYPGOCSc9TWjnEifv1HtcH08mzd92Bu6WXCW +FpXxerf9oLSWYlZDLUl9nxdpclGaqQyyVXwFWKKUieu0+wg/u2YryrQ1JgTsAlWFYh8/So +9yWyqXcwFkKpL0cWf1sRbRTuLzhUIyc31MNWyVN1P+j1HGKEveKVfGTxiaNx8qxEFlsssN +VmFwHvLB7sX7P8hMXjZxevTekKLkKR+//EEQp8qwjHDlOPWm1tQPuKMHsbDcjxyXqFO6HM +EJhfeV0OWK6tBMlypSjM8+8fmqFBSiJGmXM1S0v/8S6D2Q/3OrnFD5XLOsuubTYeSqJNzI +aLSNvHvGk1tJRqc4qQjDRXI8ZQ+QGZJBl3ejHUM9f1cNMApCom4RfcZqvK0NTesb4OhFF7 +K3V8Bb6DfYaW76TtJQYtN/sGAweSrifzXZ3XaBHelCrh91kozzKrEcJYeGtUfR9o823U3p +Tk5bX7QvECgLuP6G5L8Lc6V8VI8iXhV6SfEVN9ecwh6nLsUHimqS5IvdynbqQ9rj3+ZhaV +QiHmrF1n3jrxnEIY0IWSUdUwH5AAAOUNVLHPxiTuOI9j6kj65yesPyWia9GyrXt1BPMmAY +YC7icvfJtN/QsxxxPumhjTh/dRlBktNns05MHcNTC8fOUtL5fciFzPAPQlb9qRFTM/aDes +dQIfP1VPw2YMaWojMwX6/Fd1PWrosISKdzy1XT+lPIGZ8WGoSLKXtMwbwb4ZptEkGqgkGz +tW6zAYIR08jGzRMku4sgucQ8GfRxhxrOrERRv1PEdSE6vOVzb8V6CZj+O5yxnZ/gVW7UGu +cztgaZJ/lh7gfXvuwSMiQNuyVa5DTbQcmVe0aiWHSgugBAM34n89f7JJbbEJ0Y2Xympr4c +/e0tx55yMwfFwhD0vdqrP5n2PWQVQsVNnZomnruPRv4gkDsjDv7Q7i0KzZu3aFXK1uba89 +lZ8mxMJq5xzrLQiDUe1/GTU+GUjU+16zn/bFLiufV8svFqGIhr2vusRlC2NXTbYjd6GIis +RqGp7BNQ3FwAAZhlMCT3WOrq9WvpwNQ3wSOOnhLa29pqiKf0G7G//K65oZ0LdvD7NKed50 +pLv1XmF3w2iseTMnzyT4ncnsYWs/wZO4kmhbCFMuJeQ5I12iQIJaoLWGlbEUB262q0qe/+ +SPYbWLFtl7kYX/fZNKwF7G8xAwIX3uL0ahMKCuvsHwgaDnjYBFZhnlYRp+dATVugBirhDr +cePTZoyCv3OsU+IxDDmLOq0QMo0RbYutIO1/kq53iN5BvIxdnd7ccJh61hksEYts0KjydZ +IByK+gKU0tVWnQ/33x8UoLoRfKmOLoy4KIYOQpgKxgLk1lb96/5QxhP3oeYpjgbsMTzd6h +0F7rlqf/MrobH12xc2dSkk2/JKFMqJY8hYgW0IPD3gCP8qi2Dv4q4gwyKM5toUi42uy4XR +oWiHm9DxxSPzBqPlEN5Ip+gfY/8nSFedHvXR9d0xS2vxg5TbOB2rxPk9fXVG+w2oiIl9Em +MjipLbkgwL1HTuesjD2O0Gu8psyB7nBRyEHESTZVeiWml7RFbS4vjrV+X38/s0pgzSuQDh +67BBERtGbKjO1OXMj7NTw/Bx8sMYiF0v2vgK5dbJ6PUi4IQLiL8YCyzJqRD3ShFgC5vNiv +a3jnAt+nMV8wZTF9s03CgpiagDs2B9CLNX5ZFcV6dSMyhZVHyLmZ1A9usFPWi92zS1b+tQ +eirvinpTiSPffZK2667XwuLYOkjCguW6so9icsi5OZkk5kgC6eOfbYjhqs2I9h2EOpGz7P +UPkSbugoI24DnfjYtbnpQfcC85Rx2bO7j1OEqF5yFoYrnebuxoCCqx2opOgAUXScSLicji +7pOl/2qoFbyJ2Zq4JPzxatfcJKUForkaIp17trQHPuknn5jduB51PcrlrNTblnAiN/P7gg +OjPBKXKEsyFLRGXplScVC5vXdu6icm3acgLMMA/aLKXSVZ87MdJwla2Tr/mNynCikxaBIC +Ju7GnfhC6WCvEWV6tBHZbaubdFhDvoKIudzWHcYAylHnZG9vhsd2eXa9c6jbuyTRi/w+im +J7xtp/0olupqIXiu+RXk6xcvb1di0SkEjtnaS3HwGsmgb2BQh69Fg7ZJBxPMKkDQekuG97 +lF1U1RQssOrekMtnjNSZpfxgVw5SU6ITpnI93OU4RgA9VCS/lnY0Rzxxu4mhHyQPG427Es +ZFpqQHph766VtwgozgxjFtqYljgiLFsE67enFAA/zlRxW69Cwb/1ly1txKxJl1sdcyQ/Dl +m3X0sI7H2GQibP25mgrEGqiHeeKDQvwraGwEpyKyg+VoUo+STz8W1ruxPnDVg7DO7vhko2 +tyEq0N3x9gGhtj0GT6PFKpn8yUyWMD2z6zLjfL8jqDREWka8j2bGxEn9X/7uUwilkLaTXs +3/ajpPMa3+rd18DfEIy3HZ01xbO8Mi0FKCCbsWJ43qWpFYuogv0Yq57K6QUKv5AASfWrzg +WUJkHOoZ+2glnNHuR65kYRSm/eHxmD8SgUTWAFkQ4WRD0+fqUYf/wOZgVMHxEiwTQUs4zs +Zd8WRDweUz3i1P4VDZT6Kg8B/rX40UZxxQVZlIwZEOnAqgvOfJlR4WlRi/W7ti1WTZcmMb +l6dVDQWZTqnIBnNeyysPFRhXVOSMQv2FyKOJh/TVbrH/Ko4AMFQ/YiUsdjGyUv8EXUPB5B +HPBmBCb5GbnKTyTMIPyTxyK25Yt5mk5dt/37Fq+FY7i+973jsxalTLQsN6UiEiznYyZdwF +AsDzN1OnwchUf4Qh+iCcmT5j/8muYbvOM547PU9n8e1Fo8xaGoT60mBV8i1I/SBxhQFr7x +2jtKB1fjM0+a3j/ZTS8O7NTAF/TOtycQuQBTQR9VWv4c/Cw9smhW9ECeEXVJ7TA2xi7pxI +eLKwEYC6UwZ8HmkTswZKXLN+wpdEyY3/2jhEJPefk3d11PaBP9L2O6nBQIqMon2u255lG3 +AOhJ0/hirimuiyR9cbeIOlluc3w66+HUoqOLHh+49Sd0A40MZkf51wLHEiTZMlcQbzZwqW +kXWeNok2lWSWPns7nLoZa/gzqdXGGMWeC2iRHourdBVEgsuhFc+KSW3zePFoVXbrRXTU7V +0dHncHjiA3j444an+S9iFAJJFsALMUbFAlGu0nXlqX54qDN+sWaDD3fJwAWwCdmUlkHSQD +fDnpgtzU90XA0nyvg8UHBTqDpz9mPhdVxtM8wCc+CGiAeARL6mshnVdltt1T4gHdEd2+7O +LzSnEVdIwGgq9c5lLllirZcjlrk3i4j1sR6s56I9UklutvdU1g6+a1cPyWMtUQmYRjFWz4 +Raa++6kmKJtqxZ2r5cWEMQPtTcUKm7MDJ90bsf2UHAzlg7b5BfeDIWcDj9QMSiMJpne6Ga +fx40/WhUg/TYpJVjjzeYRseSIvCcSjF/qh07M0N1txHj83EXsB6i7xZU5GJuFVuhfQaYHA +rKiJdrpsulhyVOKbQFrGTGNfo3WCcT/fTJEw5LI7VJKHkgRVs/ZTDqbjGQR5q/tZdQiM3W +fZZhgwTrb6X+wQ8Yib1oYcTnByZU0gaFlGUkt3VQXtk7CEJGM/LsfOnqw6nSStCgtv6gRM +eWdk6DXBydPvlTMTofFeEwPwzlswJ/44OIYZKGroes4K8fzsaHyx9DZ1OspGfr9Wd/D7Aj +I9Y1UPb15/rj5Z3FLOOZ3oHAGI6t9FHlBiHa3uao2DNoJD0NtTqc5H/3MaLvObZkt1oAnj +7K8Eor7IM8LmD6UzQuzR0FjoqA7Wt+4UqEIx9KFX+hOJpF7nuWIQEncwdUaary6DZsZJyi +P8Spy0YPXCo09hCP9VgSlF0rjduqOFPmle6GViy1GjLPuzUWqugzdNTymQgTFnjfzz9EFC +V6heUrI8NXiWB64c0SYyzcwFSNyORmK03Q5dZL/NVOLnacmoE7nR45UhbcLC8pNFa/rFdD +6SHD+N4W8npp5IRI7b6zpe0lOsOitEdd9/F3Xc2acFAraqEr/uZwE0csxZhJGdhn7G8ARx +lZ6LHzCx66Y+j+0VnM3TaMeqBZtAfFe7ClpUaXJ/e5aXxROFpc02FPaMZigl/xtoHnv7SH +VluAIn4jaOAfZ4nGYwJrX6KPW740Iy+1rtmuBykbDBYAdD+as+MJbW2y94uNBRbGfwJjRS +PjYKu2Wu1koq9ASyXk2t0pZ6MEoco4JNZVrpUvlSwgyCjMMU85jD1JK0L7Whe9YMd25pTu +IMOFLt2oxeOc91maHHdE47wrvhVtmTt2ro/imO20QJU4sg/IJz9NEIXdkHGQ4sdlQhdopR +8UVrghWl3HRe1CAwsVDVIbYHP0XQvR76ciUPPPj41itaxKFLFDBv6LGhGyedm+gLMOYuB9 +KxUd9p9DVQh93ujH+G6fttWWynFs31SAG2sozaj3Wk/eSXx3KIzww1XK6LeeIyRr/5zm/h +vj3syU6BI48G+hNcxly+i1aX0MUQD8QaL1/FPqvqoIGQdWLWqZQ6vT2nERJ+5nplTlZgu0 +58CpLRgRJjDLEgH+rufFBtrE6dt+XiA8UhjMuyn/OD6ZcBGoxVO3Vhr2Ti/EKXxGVODSuo +uQWLBSOjooFyCUeVEMS2XpFPcpU6E5lEAvG4Yl3oy3fYzuiv9GNrHXR7z5mGGsFeLLyJhl +D4LB02/wqSNvBIoPyhZJo6z5L6Nk7TCK2RaITyFJru/bPhZ+B/wJcsu1lZfH9rEXrHi3xI +vCJRoxT3aDgAqxnD8OoOR7zenpol/xm/MFVunYJke7psBn5rUc+aBXbPvUjqigKM1Cd0nx ++uKAl5o7K+1yE0y36We2+3hnQkx8V4WL8zmANXiK0rOvVWgj/8NcOtsb3LzybcqyZBVvA6 +OtkKbY8EDLSULtGu69HnU6XJcyoxIxuXEq91wHsjdhNeFdqFiHTRjnT7ZpZ/sdZq4RqUBS +synvIEH1YrAD+nCjPxgHsT8n3N3ylZT7hPS4kOoydQ9hwXHrtKi0pZMo5An68j7swO4qwm +SKf+0xRlahoW61pgzYeuB4sCLTCdGh/hx8HnUhVFbbOqCPbPXaihrvlwbrtyuwUDp/xZQP +g2mk8YSn9DGO3aqHfCfW7V3E+YKy3nb1GuarE9cnpagDRKD7HbiN64mYyiaMC7KrKH1/5Q +8LZxbW1dcfmv8ZVO7OUSdHWVz6yeOeo2uo7zXsdjvUH/I1K5SrW4k2SplbWfSi9IIqt2AV +7fIH0QlJvG+ddgJrZ7c+Vu0lwftrTnRCFRBhzVx1GgYHzcJz5qwiCKK36pS1HWpy7HPefQ +BboFymLXZ9kADIXB0kB7ACltmWCQsJ9G2fx3xIz6OYI1kaF4l5vnbuXaigu1gIS9OVlXzF +bfTHCmmftJdkKkAatLI2kFiTOy/dibBf2SgKr5pWY7GP7eskyGX97og+o1sWWMPd6gwsPX +H4oZcrVbjmmZUE+z4= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/non-tfm/ssh_rsa_8192_pem b/tests/pem/non-tfm/ssh_rsa_8192_pem new file mode 100755 index 000000000..225ee2d43 --- /dev/null +++ b/tests/pem/non-tfm/ssh_rsa_8192_pem @@ -0,0 +1,99 @@ +-----BEGIN RSA PRIVATE KEY----- +MIISKQIBAAKCBAEAqV97tjVnMe5+B6Hu/wGKiyLWEcHLLW07r3tMk2ehx3MCrOkQ +oQobp0lZ3tn5MXnLi3aYgGTa3Y2u7EMai9MA4vr41rnC5pdIQ0NoqT8uP/OPQ5kH +jVYddaEaFJAOh6SOaEq+S0yRqV4p0/wkTD95VOKDOxl8MjrJRwSbEM98cImYIwvX +bFNOha2S8W8tJ6AeRJBmB1iFO0wAaIFa5fqvGqohSJYuqFFuEBpXn0DW79cp/z9c +ZJPyQ6TewWVu119XGwHNfafjKlbjHpCN+G4xzKFVOXr2OFqprX1kSKKLpwHJQroj +rnv6q2DKF8KOuCazGl9fZyJeuY6w6n4wrUULVquovQ/6Uxdi8xEYBJC1PcVerLSF +ypHKY8hKwa75SpUR3V1oZBjdV6J0yt9hkjzsbA5EbMozgq3zJU5HLjrpyASs6RVh +dDfZuh+o4f5g3Wrb0Nbe9nJYE4ECNa67cYeEc24ik4auxhLkJ+WlY7I/2dKvqnmO +9be5TRdZGmi2uOJD1nJkjKr/brNFPdJoEp/ifyrRZwQQ87OIELJ+eARMmVIRf6jp +eBX6YM0evis3UEX15RmNixR05T23ciZ7AZUbN5Xdlt5YIWzTYuFWbC7dLMg3cmlt +sK92rVpRbKuV8ZBmO/5ckcx5VkQiAG0kmYA8/2lgQXab4OeALSL0ScrDtZ2XXw9G +9TS4w/KBrd4X7VslJ/+v1IoFt+gH6oLCYx5ctpqUlud5WCR5LbKz360AzU9yf0n7 +SqRk41OUcMc+NSUkMBInzOS6JhvzBq8OfpCRnaeBoZUUqn9uZUdwUUo0iOq+6H2D +xjgknPU1o5xIn79R7XB9PJs3fdgbullwlhaV8Xq3/aC0lmJWQy1JfZ8XaXJRmqkM +slV8BViilInrtPsIP7tmK8q0NSYE7AJVhWIfP0qPclsql3MBZCqS9HFn9bEW0U7i +84VCMnN9TDVslTdT/o9RxihL3ilXxk8YmjcfKsRBZbLLDVZhcB7ywe7F+z/ITF42 +cXr03pCi5Ckfv/xBEKfKsIxw5Tj1ptbUD7ijB7Gw3I8cl6hTuhzBCYX3ldDliurQ +TJcqUozPPvH5qhQUoiRplzNUtL//Eug9kP9zq5xQ+VyzrLrm02HkqiTcyGi0jbx7 +xpNbSUanOKkIw0VyPGUPkBmSQZd3ox1DPX9XDTAKQqJuEX3GarytDU3rG+DoRRey +t1fAW+g32Glu+k7SUGLTf7BgMHkq4n812d12gR3pQq4fdZKM8yqxHCWHhrVH0faP +Nt1N6U5OW1+0LxAoC7j+huS/C3OlfFSPIl4VeknxFTfXnMIepy7FB4pqkuSL3cp2 +6kPa49/mYWlUIh5qxdZ9468ZxCGNCFklHVMB+QIDAQABAoIEAEUlMPki9h0hUxxE +lLBQbcH9l80qA4tpE7vBJ3LqFNa68jWq9Fn6KW3y+RiMfjofkeQ+p2WLRvq589aK +UpUQsET51oq6zYGb8ylapKirnXMIOM2M9NNTe7Vg7qfEY9omaOjU0rkk6jZttb/Q +KPVj2GG6E38WGWjcLP2sOK31NsUutwhftjOIEv9p7Bpam+GYcaLmHHEVR1b84RHI +9VX8MG4/VFUw0p1umPND/c+LBfRmL8P/lvWMnJPXBAWKJmUQjBv/cWfCGXBYhmIc ++4iXXAdBOey8cTZydODZ1w38Je0pQoPWP+jkvmImonpuuBsf2XCDzQvqsScpxLoG +iFLEZCue6sU8d6JiYsf+i4KZnRQ5tjvletVHDYwM4dAOYcF7+A4aKxrqN7qmHO4R +oeC0tIQskuyi48KOxzvMqCyMapJ4rip9ywpKHr3oXObeFadvD4xDnESaS7Cyszc9 +PVLM01rYdI8rpcBBSBmtnAaGZ6DCbWq4M4/G0IRTatHoO+hgnvc2PixbRupnj3X8 +pvYrhakKzvAybcU/3uWKKS1P/AF/ypsGV0HqHwxT0SArvmosFYXRF8LWuB46QuD8 +Kq1rtO/NY+hKn0oOBoJQohqKS0sT9ebkeZ5vE5ET1Tf7GLzEiagmYJ45DrQUHplz +9UQhYUWYPG6dQGfhuqcypO5XM+y5Xl3iKTQwh5YAA+mt+LtZdgyFJETyA3wieQSf +NGNV3Ep6i4QoXMUHqNN6yZuaPqr+GXqbDitLug/4n+kRxVlgjcDmK0QM1kZviKKN +fPtoI1bQZ3lNvm8PZgXg5UYXHSkOYmcEIF8uksWAHs+hXHxXZ8Y3MMX3TXlOLYfa +gBHpRjYGe32b2LkNg0z0tHwPBTSjfff64VFqmsCMJyb8bcY5JJRptOLC6mDhbWm3 +5AVcLK6gc+ocuszJPNR71Ltn0mGqxXJRbihMGhEiKtonw4B7zwVGuwhP2UwsaQs3 +6hsLBb8kaqF/+LYwrwr5mdh47pzN0IMVTTTRXz9UrxLmEMvjS5tpKlFA2Rzmw6G1 +3iHX8otLO89ONKBvBJHjUlvl/MkXffALq4sV8WYWT0gs0rBAmEZOtCwfXBXPvnEZ +9MLQJCHmn5VfBsgEUnQeW+mPNr3VH0oRMKKfja+U6KmS+IfywkhjOdH+gHZS7R0B +B4HFgPHB+lJ9+ASqj10J4TION/uT6Ph+TJ4fH4Cuvb+89sC0BmQp2jxLbtA1lsEJ +bS9Wvu/f1lJnsZ4hrqNHhxpfTHScSzrB4zalfArzfbZqJAyzL0TEK5yrXvKUgyBC +M59wPO7iQd25ACsZjiEDlN9zVykLBJ6/RoFEEf3Kk6HxLVI0syr9+nocVAnqdDHS +CCUExLECggIBANP/aI6rw6yeQXfm6Zto14kWuAbiyXvmWvLhV+G6t1mmqsNORFZB +oRysDOpGCVe/mTxwovaAZRABPNFtcJbSE909owK2DgooKqiKnjU4akZAOsxG6w/A +zEXUqbHUJPg3dHd8vg0+pD3yNGNH/xQn3QLfklfljxW3IprDoz0RoGdYPjLMmvn5 +irW0tsRqzQeEob0R7Wd5UtmI/zMdUoj7tX9BgmzYcw7JZkj3U1CPjUDOxP3AWmUb +brcq2WTS6mOea7oH0QyrCBcDYrxCdW9Vhb0sm1BZjPMtRq5weikmPvL98eYc++zj +qRCOHcyr8P/87ILlGhuwB1RkFn8qJpjR0nXDi+/IFCRUWyM147kFOCtu1Cd2s/rj +bCt0xUhNup7YCNb3uexj+fG0b91PqKv137phluoxZPI1qkQoOC1DsL02bCQMYr0n +eEYgaO4WeSozlvOD+TEuMe1PTZJL804UbsyygXN3+FaRU12u0/7XeV+a58zpDlzn +Ax/aOXze/++CNaigwtn77eKik2p+fN/B0DnJUEbR+viHr6IgZTI+z58zCDUNiVsA +Wk9J9j4Cbvy096TSq90tSKwWxBKYQrvKl0uy+QEg+fKZ5Oiywoyaa52x4pgOFP44 +0WhF45TSo31twsepPRhZCBaKR1L8BKLbC3XjoODA3BqdR4vxspNpsdpFAoICAQDM +hzEnPNLT/s9Ntw25QRC1qbOBniavel14BN6DSP6T1kedx8g0kzZ2VutUQC/Gqkor +wUcqY94V4PZ9L70MwwKDEeU+sSBmCTJa0SB6bKa7cF9R0WBCd7lKe12ijyFR3Um7 +8Ju7MsiwmIbQz2h2nejVUfwfm2v5M2YRu1v2mgZ6/6Ye58r8Z8FNCjNCjpJ6aVRA +37hLLCudOMJ/julW2k/QOUjzPFKrWHrx4aFZSIm/a8ZLJI7j6pGPYG+CeSrz6E5M +VCgXRhDQT7hGrO53PgkRPHhLQy/P36Ed0sjgTol4IuNj7M4UGQiw527hO09QTksH +ny9bj4c9w9tqqRKYXT2nONENfeCeamJKRSaVqV+J90mcFtTJ3GMSUnOIeKjnXaB9 +4L7viVZ/R352MVhMYf2smRG/BN1WiM7Tmr2iAqWc0ul9YrfYMruOmeo319Cg3EHz +adfbRRFKxfuRMXO8UeYT/mXBfqHJ3ZtDs5CYENFEX4KJ32rD7x8SdeaSa1Y9abuW +BU26CuF7q3lZVLsxHp1HzEv791IdE+tx05mujiWnZnAy91d/k8wQVhVbyI93ij+w +zcZReA8jWp2ETOXtz7sGnrMbdphLdprwmhlOjf7iTjvX08ZVk5LuaBcIVdCiy6+I +nbpgVQ/9UizVJP2rBCwZN6mdjmIljAqP9bRvF7b+JQKCAgBQ7yU/spuVfyWHXQS6 +bCA9GgtPta0uPBdkulsOtnXhKBvxTCQSuiOECrszhWFzupYJ2QaeDQ6IObC6U4m0 +SqeCw1FEa7SYdBU1GxajQtJv132bF0gOT5Cs6C+Q0Gj8yk8QfvMfo1aYv6r4bDgZ +vc5GlowMOnuR0sTHSQE9A0m1qp60TiCsZnRqQn+0JQH5aM1GnV2BL3RN0Ft9bChi +W5ZC6wOcAlaKwqDmImYQT32hzE6wgYsBJqPyEc3FDDCnr4d5EhrhNzpzbrt3G/gx +dPkF682vs0B4ZkShvBcnNo65vfFn5JDZM2EMDPWbedkcIbc5kbWR9HYX5c4g5jqu +BQzQIMN/22a1J+9TVfOGY1O6YSlll4/GrKRTQtU+cU5Z7igRyamVceWuPTCn0Q2X ++NpdEXzIE+tx/MLwGlq4DSugUPKgIIphpHvqad0laDcBwYhTl4K/H9+3tZrry0sr +9+kFBPEe4CJTClBFZ8VPeXvA4Ca2uBLfrOIoeuuPnKMhERjjM9yv09pRt7eH5JpP +4nJYXV7kaq3hzAtlXfDEae5h3N25Q124/D1+H8J+kfdFSuFwb21llzAzYs2gO7je +cM2p/L3LjIdf8xjNLdHQU/PZ1FupqVaiZ5aqtGPaIUCBVjISf63vaa4IzOnF6Kjs +c6vAahK1O2vMTVdPOgru9F8N8QKCAgEAxPaYnmnTuraT2wqjG7mOJvQjW3r7VFgp +9S/zPUkpaSOdWlQP+JmghDxWao9Zsx9BSHvcVfVQ5Y78sTgs/kI6hBDSzRn00m6e +4Jiuh1dlBfNEyF0zLy9u8Ex3stnVw6mwnV4sCw3v+SkaA7MJrdmKZQyMGcAqLhWS +gRcGjChufzr9NpwQfhxJKjDdhoYYh+wxaDxKlZIW+lSz8fWlvq+E10ijeSKpljsi +Qxf/syTJCt/2WVz+gnzd6s569JJNjBA2fwk4hplCDeoH04AsMgc64i9yxUARpkV9 +OmRIcMMRXfFzPELLfs1Q8lQeEqd0TSjo1pE1IR7Kpe+cuU3TC4oXmpd7s1t62fQn +bdDERLKUwB+18qyGBVPI0Nc4Tb+tIQqoSTELj1CaTP6DybzhhMWFbxcF4QgFQ5WC +YIOPhZq49JqkosxTsc/BkaWlylt6nb8fgBN4/b+41GJvTrbp9vyD7tM6GSojEmzo +Xj1pzRe8//RemPngLop0SOnjvzPBHGlbbjDzVmuuE9Phi+auUrJh0sfqkN7vY/NP +9RFK2bAokNp0yJAr4j9p8H2GGhq+Fue7SEAScViGc4yLTuJjNy6qtMhWQedm6J1y +vqwYHO9f+35N4R4fzT/N6uuw6qUBxBUVmSIUXzrrqA/f/u+dnnjpIuvY21NIL1J6 +xYJgXe/fmUUCggIBAL4Kcka/aAIYxJ2V7Y23CZEE91XpbLPBHUQOxEHG5WpV05Mc +zy+zDHIZr/DqXszGP7vV9K2Pmpl3Yods10sSeo5gkNszE2fmP+e4RVd/5z0zsmG9 +HYqQLKoynMOFGmnFHTRj+/U8VDAkK4lMf4PyB5PSW0fG6LBllvjYptg6Y/PzQGgu +qGi5tAwnwLckfOzwRGenrNCh6Pcy1N+ruIZqHQCN155so63jQ70C7KwJqtlSUp+k +z2DxSA5BcFgdfVLgclDQiBxJpdU9bFzqi/UXht9wmQqrWiZ9LTw5NWTn8siGJiuT +m5jjp92L4FdWCA9BZTm2uedYH7NppJBJxxTXMDPJK/J3IW+O5RbNtbuI33mllT3z +lf2ZwKS8ZzEu0U/0M65rcSB7R5gCLt2IAKKcbhY9D2Ewuo271lPAqvq7j84uKh8Z +jbKwjwhMoRbtt0745xLwu+IYtlUI57vdH8S4E1nG862EG3G51ldziAPF/JEmTt0Q +tkx/PCxEsUk7MG9kybZ7WzvkK/j2guzP3wQy6irTO4WWFQNZXv9q9qBT0gurs3Gz +oXm8H3Otf7bbSkMe8yG30KyCrsdYOT6xrBN6POdObakJgNgyRM3mCKdjQzvCmbaE +nKJS0FlxbsE1MGOtBorSXEsvXW/DSuReSysnVRDNkRu7Y5Y0oGAwQQ4J5Pfj +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/non-tfm/ssh_rsa_8192_pem.pub b/tests/pem/non-tfm/ssh_rsa_8192_pem.pub new file mode 100755 index 000000000..77db74425 --- /dev/null +++ b/tests/pem/non-tfm/ssh_rsa_8192_pem.pub @@ -0,0 +1,24 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIECgKCBAEAqV97tjVnMe5+B6Hu/wGKiyLWEcHLLW07r3tMk2ehx3MCrOkQoQob +p0lZ3tn5MXnLi3aYgGTa3Y2u7EMai9MA4vr41rnC5pdIQ0NoqT8uP/OPQ5kHjVYd +daEaFJAOh6SOaEq+S0yRqV4p0/wkTD95VOKDOxl8MjrJRwSbEM98cImYIwvXbFNO +ha2S8W8tJ6AeRJBmB1iFO0wAaIFa5fqvGqohSJYuqFFuEBpXn0DW79cp/z9cZJPy +Q6TewWVu119XGwHNfafjKlbjHpCN+G4xzKFVOXr2OFqprX1kSKKLpwHJQrojrnv6 +q2DKF8KOuCazGl9fZyJeuY6w6n4wrUULVquovQ/6Uxdi8xEYBJC1PcVerLSFypHK +Y8hKwa75SpUR3V1oZBjdV6J0yt9hkjzsbA5EbMozgq3zJU5HLjrpyASs6RVhdDfZ +uh+o4f5g3Wrb0Nbe9nJYE4ECNa67cYeEc24ik4auxhLkJ+WlY7I/2dKvqnmO9be5 +TRdZGmi2uOJD1nJkjKr/brNFPdJoEp/ifyrRZwQQ87OIELJ+eARMmVIRf6jpeBX6 +YM0evis3UEX15RmNixR05T23ciZ7AZUbN5Xdlt5YIWzTYuFWbC7dLMg3cmltsK92 +rVpRbKuV8ZBmO/5ckcx5VkQiAG0kmYA8/2lgQXab4OeALSL0ScrDtZ2XXw9G9TS4 +w/KBrd4X7VslJ/+v1IoFt+gH6oLCYx5ctpqUlud5WCR5LbKz360AzU9yf0n7SqRk +41OUcMc+NSUkMBInzOS6JhvzBq8OfpCRnaeBoZUUqn9uZUdwUUo0iOq+6H2Dxjgk +nPU1o5xIn79R7XB9PJs3fdgbullwlhaV8Xq3/aC0lmJWQy1JfZ8XaXJRmqkMslV8 +BViilInrtPsIP7tmK8q0NSYE7AJVhWIfP0qPclsql3MBZCqS9HFn9bEW0U7i84VC +MnN9TDVslTdT/o9RxihL3ilXxk8YmjcfKsRBZbLLDVZhcB7ywe7F+z/ITF42cXr0 +3pCi5Ckfv/xBEKfKsIxw5Tj1ptbUD7ijB7Gw3I8cl6hTuhzBCYX3ldDliurQTJcq +UozPPvH5qhQUoiRplzNUtL//Eug9kP9zq5xQ+VyzrLrm02HkqiTcyGi0jbx7xpNb +SUanOKkIw0VyPGUPkBmSQZd3ox1DPX9XDTAKQqJuEX3GarytDU3rG+DoRReyt1fA +W+g32Glu+k7SUGLTf7BgMHkq4n812d12gR3pQq4fdZKM8yqxHCWHhrVH0faPNt1N +6U5OW1+0LxAoC7j+huS/C3OlfFSPIl4VeknxFTfXnMIepy7FB4pqkuSL3cp26kPa +49/mYWlUIh5qxdZ9468ZxCGNCFklHVMB+QIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/tests/pem/non-tfm/ssh_rsa_8192_pem_pw b/tests/pem/non-tfm/ssh_rsa_8192_pem_pw new file mode 100755 index 000000000..a591b0d72 --- /dev/null +++ b/tests/pem/non-tfm/ssh_rsa_8192_pem_pw @@ -0,0 +1,102 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,08E74DA1D2393FDB21570427A7128EA6 + +6hwzv+UuSHy6Uof35kg6rzrSLIPTWUt/6ha0/F9/k8bFg1VTHexi5CnnMqwOBa+o +dVEaF3X/fL/mk8FS2H+n/jjvo2LSaGytrlL3Ns8IH9igRKoJhgia4Cgs8QZDWr5V +NI5JpMebeFjf2Mueeh50pNZoLbyqVnnCuf2pXiHKl3wwGdsoCOmGJtaIdd7TCbcR +jZT5eFr+2Fo1vY045PP8uisCyri+M82HNS/CM1Bt2pMk6AWDqbVFdT1VWOK0iAKC +XCq/+D6StMXS57NIgsoZe7alpsSzEbIWycT5MpCWod0JP/J7zjX0shiOO1jYG/WC +z9aLa2w4ErDVb+51QKfYuPwICMftmnlImLtgSMrdQ0LFpG5KSBtpCF45wLt+va4H +6jtJVFVoDwqlLSKlpe4IS4prHsySNVzabm6xtrt6NER8ER+gPAjvnhOprdU4Q50m +ZsrW+mYQLocbZFVN4KeIafO7XgyXTBP2sDT8VjcXM6wHQXP3o+Mv5UIMZq7eIgsd +A9jZeBD6Hm2NlbKinCL+as1MMpWb2yfLLVurMyjbG/AzF4dV7bFAr0ZVl5iIR4Ei +5IaOY3thKojROcug9J5Ppo2xAf/WWzyNSs0NwtFqueNVQw6e1EQmVU4Xi6V0uiJJ +e7PcP94BD35OhKYPtNFOOfFp1Dizsno3y/BXqnJV4c6POZEPUDA8ZZf2NKFwWdxa +ay8QnIEal5A2odV4C0dp1lfhiQNVnR2siyiIr99jC4vH9NIa9/YwBfenCxw7rkGr +oiNmjaBIkXQKccf4ye4ORV8VQo4r4PTzM1RNchCJ7egqNNCAxaErHKt84/tPvJFQ +fwPjGHeiARHFJFZBBBPXp49oCHGSH2IlZurEUN4C52qiWzrbY2TcjFKSJFOkH/8j +gnNqveauR5tAWhwKqxSEyKixLlB7ab2coI6D2nt9XOgSkXyUUyzWITTPv+Rs+sAJ +tc4aHBpTelyy9V8fjTgaGku/wZRP/kKhSYehXDAoqok9ztuh/QvgaGx016YKg3Rl +OxB12Z4cAB02ZrP0Wr680Zy7/ksVn6897sGogE4BNJpzeSkdbH/FcxgauB8Kdwwo +LEoKQRi9QrJNH9+6IQbn9hqYg4/s7l0N2Ng6jtUcgW1UZ4qNOM66g4how0SCZGHX +F6YKiG/Rt3ySXL9Awd8uPfbH/rp7WQfiqbzbVCnzNWejVLmrXMYQlIwWXaLxCax1 +ZPSseaFBBUJdPfXyWXgVBwGpCDqTlsunp8ag15KBuvdLu74Th5SbAdmnTr/La/b2 +i8MIGANIEkZLRSkRs+C/356iKu3BVFlZMI+eJ+I8u/WoV2KiVRWEzg1Xt2iHjrno +Xhlx+8b2mg3hcxTRJQ2AZF1D8Nym2SAMBJ9xKfyZjCNJc4EhPBgtBhHcqK5f9rPI +DcAhTntwNCqy/FvXaJqpALXjBmbB+LVLS/Pu66xLjM+OFkgyAcJcSu17IUMq+vLq +ogLtizpNAWJMB1Kgz9hfisiApnrz9Mahv92LGhr0ox6sfkW/UagjOvTfuw11e6Yk +eHJjgI7flDgO/S1rEiBjdTJJ5ertjq0LYrDViWp+wrPyHtC4mctz7ZBhWn9+ftxs +zhIq3EPXvqfWzyyhEBm74vn3i3WNLOqq3/rz1iCRmJKzt+LeMYQKARaSDUV7aCq4 +2xFs5XcuEmLrxwR8IZkhKVlfqf9T/qm/1kd5JusKxD8rlMIGxjpQ/vDOlFQvi3Na +22FuedfkNnWkSkXCttolMnOdEG+ZnaQit25kvxSmbXfB8xG4O6LSyZd80pHJ/3h4 +8pvGh19K2tJhK80eBMCpbATjQqPl2PJqUWSNWkCZp9kC+z70dr2Vy+pi5QuOjRuP +Fi6D/YYRvcQEt8AWYmVDs+5pnmBVzcbLylNADipw0jWxokzXH7LjtFokVbYfjgBI +xskTjHWq308mx6RrdyRwgjLySTYclv8yaBbff/KrXG2m6VDpmu4CevfjtFAOunc7 +812M2bpEICcOrU9GXTwZfbSFFFtRkCehmOmO+V7KV3liXCQPQLczcis+V8gAitGE +ZZImygiWaiZ25aA8EtIYYvfCURnkrNSoIStXXJg48Hl+FmwxDKlmLHRNjfAkLfqV +76SLdsVYAXBDk4f46BzVeMlh1IOxGvX2txb1fLsfFeVJ1cSQhkZfduhZMlSQbqw6 +LtHfzisPdVACUt+579ujDor4MIi4iAGihip+/RfyIJHfBoBLT73aWXnrrElmVscA +stVA+A3HrJVrRlpVT6T/pkBXKx3LfkuIkHAI+5o3+uJeFlphghDEpUMDAaNzXzVM +iYwgQZ2FDIB1avSLeDbfUbS+dbC+gXv1Wk2BP8L2mB/ZenyAxukgeFczrfnZ2KTZ +EPvLM8Zo49GLQ1p/MhmR4j2/AljEMdERi7gk1iihv2CwqYOudE9wn/CdOXKCljWe +up01IC5tYXGmpz3JlVG1nM6vNmclDni1s548gtSL+dmme29cJm3688JTW68uxaCp +Rsgw/tb1/hAcUTda8mTKpNIhKaRwXUKL+ZHOXOvSkEF7ztYXrPB7WcDN9BFgsmId +huiMxx9HyYq5ft823DAzsb8f+K/0HDg6nksU8OLRe6pTO6GAuKXv9Jpi+mi2XmUM +7mNxC6kwXhNYBouCT4rzzg1jmwkgnTG/u+JmFSs7SOC9pF0mhN/9OrSahHp1Dr4R +BL+K3kZImD4yCErVSrJ3o3TkRQ6lQeO7Ti2N8JKQeFgfHXZxL1zwRheRyRr0hLRK +NbVFxTUI9Ev/dbVF7TZeIQtwr17up0Aheq7OdkiR8h+RxcFpB/u0x57BLqln/+dB +j8n97gL1TG7mABPu8iQV3tMj2EujO8sjoewYHrr1sPUFWON6ilfASl8Niw7MF76T +E1fyC54iTP2bH5GaEMHTMqvgN68uX73yqYN7xEVPaJDt0aGyVo/fNj5O3EAT119m +b0Gr3XiGEzjmpxCMp2L2JVf8GGHppnBU/NZS5dcU16M7/Zfl7u9uRL/zAgg5y2Pi +yLrxN5vbVST8eSkh0UTsZs9vNOSVEeXxDL/1mT169y01hdoFCdyRsSLXrC0vYDzN +OL+1VguX0I431B/VHogkISAhtAnuVlUTrMLqcGWSLRlDVW3U5PrsFeN2m8SRhbtC +HTBVannV/nalIJJ03brjBj3lvswUoLW/3Q3VGFTM6OdxysHNt+XkBbh5gMBOI2uZ ++lxFO6hVLTELXtciW4IzwwPAmsiPyVPtTmFU7cUI9OHSNTQ7i3zHsPiL0AojHwIs +EG35PY5NqUi3rAvwakPURG4EwYG5ezQXWfdFuw3DFl1ZCPU3E8WFl1PuRF5RUXmu +N16JAg3W087ve+hhK/GbmY4pA9dz88zhxVIUiI23p98n5eHcRDP7Iwk4lNJ6tOUc +qT1W6nszSyAn/7bdqYdZhUIJXnVboB71T8GjBLzAVjUi5iq9uXZBSi1S1cf/ab44 +USFVY5NHCgiQEf99f5AzGZ9mi/1xmcU9G5bShLW6PQ7h+kOETaIuOkzPeJYk/DE8 +UhYHOC3Fnn/Q6PItIt+2GbwA4a1vRpF1/XW5xyuFJNubPTx0NbGZsecOw9HAUH+i +sE+mZ3BQ61P8/ImuO/llBMswwIibxrfa9gJt31wxd3jZSIhOfnCeRbVRnNG8116v +KZdPd5Faz5keuPr1mYtVJ6qK3+cwH/DVXH5Zj9b3sW67joASjx3+/j3/vFLhvsTB +OYWLdTlJesGP/ph5ip72VZvL0+xUcoVeoEM5cRgWmW5XmtXPl1wRRw//BPVuF83Z +zKYwFVPpH856AnKzv7PwMevubi+aQAb54mWdqPb6aSIUCAVJI6IXD7De1EVj8l+H +PBrsXZoLWIVGfo+srpPcR/TRfZe1q5gTirOcGhzzgrPsgQplMYG1uWebbI0kOQDR +4ACAuRbVZeTQU4TINX70vo9w8NOWq5/001t7O317C9HeJuGHjlU163gWtldyzM9R +w7xDfkVTTzfLgFKQTy2dCYM20rt9GK9Cvnt/ncFqU9mqqpPpc3r+8EI2Xx/64Y9U ++0O6Cu1VcBmgMSaJCw+4/1j2irXgFsCKNAX4HZFo4z3k3WO760yIgCEBsuuuk/qI ++Mi+KkAXhfNu3SRSTaWvehwOn9CjoX7Q2IwCqgwK5cEk42FDmBn6d6rqgiaw8uF9 +jdx1kaL5Sz4++8vdVtzyqs1GBRvw411gMe0u2gF2n9IBlpD1uZ1d9/Lx/fULSdA4 +v2bck825yl0MruFMQPo1Qx8rQ0U8R2fnKf5XXaIsbhDgPtAh2rRZ88P2xi7SaSFM +hJwU6rsfjSHiWnEnfynDh7TzcdO8gxuhUACeyRB/SHkD/TOCmXvJitoE3UuVMkL+ +pm8P70Lbk1BNR4RH/unHkKPE3CsNdDDZMtZQzOiCdKurSpK3fCxMlNXvgAdnBCNu +nuBANSi+DlPhjnowCKP6/DNTjbMNaLGIH2afTjkngZKeLx3xGS08789CPHvHFYqe +PJXxoHvWUxHNifzWvvTQQr3HUak18sP2SqrWM3JMQ1cxxNeetx3T4KmINxXPKCtx +bsBPIMqNSmx7Rgzbld8wuokLr+EKJtwP0CCdAs1yOsx9e4uNR8AYMiBNMu/3uZXL +77ajZCl3bsapXk6EtPj/GKT0BexRTj9BLTy7mJFA0Nba3UTOCUsHdtKGQg8lmil0 +r7nksExOanfUx2C2cAPiBPNNYEoKBuHQbOUhckYl+svctujRSr+Vnwzlre7Gcb/X +lqDoWHLdvmkSdVGgTKmIenvgQCshkG3zeIinupuAViAEfy9CWPtkN5E1ylmg3H9W +Z9RfRPpvEmAODHkGy4wTNQjvR9vkDj83K6XJ8k9iks2SR0W1e7/bvEIljTrrCTKC +Vqcs7Y+wIACOOSDYhrVzJb82DLL2famw4vZcfZ5S3Czg4JMu9C1jewFf4Sf0ccCv +Kxy9porL4WoREoTDVLgmVb2zYwsjLMR8iFy5B+V50BAFvj2+C5I9JcLhI90PE3p4 +3yZYoFu4rOQJ0BxYT3UTNI4E63TdUvg8ibDFo16M0ZGb40/Gx09JobvxzRnrzFgR +S8nsZfv3BQNiRPVhppUf4FFj7ei0JWibbPHuASRsyn1ggDJy7wKKwDXU0vJbV/e/ +TPyea6a4m3mVps5Ion2w6l8F8MSrSs/eLZpKK3j/gNY+FfqDB2HDx1K6OJAhcGsQ +06evisjGgSrQVeQjCxG6dlECQG4M2aLX3o/TuJN2wsNj8P3dExFuyJ778n35g8Cr +9epJjB0fKh4dXL7kBBgqqob0ThdnPyQlA2ssWG82d5pPED7ZQe/MKinNADUqvMTT +ZJdJZ7fQAX7s484HDkTI+HtRHrUH0n2IT/3kED9pdUw/Q/2YJ5qRX4jGUJ1kFM18 +L4kI+7NlcdgDat1dhgWzTZc0KLjgvpajLca7Aw8pRccKvW4Lu3sPyZSarWcdCY6X +IfrsXg6lMRE9FOIlcEUrZM4HcOfmaZgP4g4xxs0rhJPDsxLagoWhLRMwfE5+EcxS +06LwAuH6q9ndyz2G3LUrV7kC8AckeGxWVgq5l7oqbzsuImo8eXfNnoAeT6zA0WtG +nLQqfaE2oY9KM+LlHsOX3ASzBccErE1N+k8YT6R1Uxpocipu48esyAZBvMLnlLbu +LnnlvNdqE/m8rj2u1OS/fd+7uyMzWvepICXfa/lwqsS/A/pOCRlt8Vhc8BMjEDSi +psWWqf93n2ccRxcNGQ9RHH8NbCobiDQnv3u8C8qf3EUFFVhfJymKy8tkJxopnH0z +ZL3TufeCZM/DLsajGvFiCtVnb675aTBe+UURbqYezRRaV3aUg454mMiyQEaro3VD +r8r9qjNJbKrWE+2pCuFSftlCfGbc3PpkteyGGxKkt7e30U/RFQLTKBN2kqZaDLWe +dZilAxSDX6zTx9k8LaUjh0FzPX0oPqGm8zfYlejAK03OBSuTGNb/nfMhr9aZRPit +8wL95wI4NC6MwQUVdR15drJ40Cw/HS5Ey+eO0y/FpvLlHGmQLR8eGCXM775cEMTZ +/K4jvSMOvZniBwDQENZ7IitVUvDGH0QCxXJjOA/damiHJLd2zz3bYHpn9I36kBft ++k59FJHtHf412vg5PNmHEngoF0HX9T5UDtPW79tZ/BK34E1rR3vXWRskR5f3+ZiJ +rOYP6b8HQ2jXxj0xvHFWGb3ZbEd7rPGVmZQrq3lPB2kCxR1mvmTflrse+CW5Se3b +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/non-tfm/ssh_rsa_8192_pkcs8 b/tests/pem/non-tfm/ssh_rsa_8192_pkcs8 new file mode 100755 index 000000000..c24c441d0 --- /dev/null +++ b/tests/pem/non-tfm/ssh_rsa_8192_pkcs8 @@ -0,0 +1,100 @@ +-----BEGIN PRIVATE KEY----- +MIISQwIBADANBgkqhkiG9w0BAQEFAASCEi0wghIpAgEAAoIEAQCpX3u2NWcx7n4H +oe7/AYqLItYRwcstbTuve0yTZ6HHcwKs6RChChunSVne2fkxecuLdpiAZNrdja7s +QxqL0wDi+vjWucLml0hDQ2ipPy4/849DmQeNVh11oRoUkA6HpI5oSr5LTJGpXinT +/CRMP3lU4oM7GXwyOslHBJsQz3xwiZgjC9dsU06FrZLxby0noB5EkGYHWIU7TABo +gVrl+q8aqiFIli6oUW4QGlefQNbv1yn/P1xkk/JDpN7BZW7XX1cbAc19p+MqVuMe +kI34bjHMoVU5evY4WqmtfWRIoounAclCuiOue/qrYMoXwo64JrMaX19nIl65jrDq +fjCtRQtWq6i9D/pTF2LzERgEkLU9xV6stIXKkcpjyErBrvlKlRHdXWhkGN1XonTK +32GSPOxsDkRsyjOCrfMlTkcuOunIBKzpFWF0N9m6H6jh/mDdatvQ1t72clgTgQI1 +rrtxh4RzbiKThq7GEuQn5aVjsj/Z0q+qeY71t7lNF1kaaLa44kPWcmSMqv9us0U9 +0mgSn+J/KtFnBBDzs4gQsn54BEyZUhF/qOl4FfpgzR6+KzdQRfXlGY2LFHTlPbdy +JnsBlRs3ld2W3lghbNNi4VZsLt0syDdyaW2wr3atWlFsq5XxkGY7/lyRzHlWRCIA +bSSZgDz/aWBBdpvg54AtIvRJysO1nZdfD0b1NLjD8oGt3hftWyUn/6/UigW36Afq +gsJjHly2mpSW53lYJHktsrPfrQDNT3J/SftKpGTjU5Rwxz41JSQwEifM5LomG/MG +rw5+kJGdp4GhlRSqf25lR3BRSjSI6r7ofYPGOCSc9TWjnEifv1HtcH08mzd92Bu6 +WXCWFpXxerf9oLSWYlZDLUl9nxdpclGaqQyyVXwFWKKUieu0+wg/u2YryrQ1JgTs +AlWFYh8/So9yWyqXcwFkKpL0cWf1sRbRTuLzhUIyc31MNWyVN1P+j1HGKEveKVfG +TxiaNx8qxEFlsssNVmFwHvLB7sX7P8hMXjZxevTekKLkKR+//EEQp8qwjHDlOPWm +1tQPuKMHsbDcjxyXqFO6HMEJhfeV0OWK6tBMlypSjM8+8fmqFBSiJGmXM1S0v/8S +6D2Q/3OrnFD5XLOsuubTYeSqJNzIaLSNvHvGk1tJRqc4qQjDRXI8ZQ+QGZJBl3ej +HUM9f1cNMApCom4RfcZqvK0NTesb4OhFF7K3V8Bb6DfYaW76TtJQYtN/sGAweSri +fzXZ3XaBHelCrh91kozzKrEcJYeGtUfR9o823U3pTk5bX7QvECgLuP6G5L8Lc6V8 +VI8iXhV6SfEVN9ecwh6nLsUHimqS5IvdynbqQ9rj3+ZhaVQiHmrF1n3jrxnEIY0I +WSUdUwH5AgMBAAECggQARSUw+SL2HSFTHESUsFBtwf2XzSoDi2kTu8EncuoU1rry +Nar0WfopbfL5GIx+Oh+R5D6nZYtG+rnz1opSlRCwRPnWirrNgZvzKVqkqKudcwg4 +zYz001N7tWDup8Rj2iZo6NTSuSTqNm21v9Ao9WPYYboTfxYZaNws/aw4rfU2xS63 +CF+2M4gS/2nsGlqb4ZhxouYccRVHVvzhEcj1Vfwwbj9UVTDSnW6Y80P9z4sF9GYv +w/+W9Yyck9cEBYomZRCMG/9xZ8IZcFiGYhz7iJdcB0E57LxxNnJ04NnXDfwl7SlC +g9Y/6OS+Yiaiem64Gx/ZcIPNC+qxJynEugaIUsRkK57qxTx3omJix/6LgpmdFDm2 +O+V61UcNjAzh0A5hwXv4DhorGuo3uqYc7hGh4LS0hCyS7KLjwo7HO8yoLIxqkniu +Kn3LCkoevehc5t4Vp28PjEOcRJpLsLKzNz09UszTWth0jyulwEFIGa2cBoZnoMJt +argzj8bQhFNq0eg76GCe9zY+LFtG6mePdfym9iuFqQrO8DJtxT/e5YopLU/8AX/K +mwZXQeofDFPRICu+aiwVhdEXwta4HjpC4PwqrWu0781j6EqfSg4GglCiGopLSxP1 +5uR5nm8TkRPVN/sYvMSJqCZgnjkOtBQemXP1RCFhRZg8bp1AZ+G6pzKk7lcz7Lle +XeIpNDCHlgAD6a34u1l2DIUkRPIDfCJ5BJ80Y1XcSnqLhChcxQeo03rJm5o+qv4Z +epsOK0u6D/if6RHFWWCNwOYrRAzWRm+Ioo18+2gjVtBneU2+bw9mBeDlRhcdKQ5i +ZwQgXy6SxYAez6FcfFdnxjcwxfdNeU4th9qAEelGNgZ7fZvYuQ2DTPS0fA8FNKN9 +9/rhUWqawIwnJvxtxjkklGm04sLqYOFtabfkBVwsrqBz6hy6zMk81HvUu2fSYarF +clFuKEwaESIq2ifDgHvPBUa7CE/ZTCxpCzfqGwsFvyRqoX/4tjCvCvmZ2HjunM3Q +gxVNNNFfP1SvEuYQy+NLm2kqUUDZHObDobXeIdfyi0s7z040oG8EkeNSW+X8yRd9 +8AurixXxZhZPSCzSsECYRk60LB9cFc++cRn0wtAkIeaflV8GyARSdB5b6Y82vdUf +ShEwop+Nr5ToqZL4h/LCSGM50f6AdlLtHQEHgcWA8cH6Un34BKqPXQnhMg43+5Po ++H5Mnh8fgK69v7z2wLQGZCnaPEtu0DWWwQltL1a+79/WUmexniGuo0eHGl9MdJxL +OsHjNqV8CvN9tmokDLMvRMQrnKte8pSDIEIzn3A87uJB3bkAKxmOIQOU33NXKQsE +nr9GgUQR/cqTofEtUjSzKv36ehxUCep0MdIIJQTEsQKCAgEA0/9ojqvDrJ5Bd+bp +m2jXiRa4BuLJe+Za8uFX4bq3Waaqw05EVkGhHKwM6kYJV7+ZPHCi9oBlEAE80W1w +ltIT3T2jArYOCigqqIqeNThqRkA6zEbrD8DMRdSpsdQk+Dd0d3y+DT6kPfI0Y0f/ +FCfdAt+SV+WPFbcimsOjPRGgZ1g+Msya+fmKtbS2xGrNB4ShvRHtZ3lS2Yj/Mx1S +iPu1f0GCbNhzDslmSPdTUI+NQM7E/cBaZRtutyrZZNLqY55rugfRDKsIFwNivEJ1 +b1WFvSybUFmM8y1GrnB6KSY+8v3x5hz77OOpEI4dzKvw//zsguUaG7AHVGQWfyom +mNHSdcOL78gUJFRbIzXjuQU4K27UJ3az+uNsK3TFSE26ntgI1ve57GP58bRv3U+o +q/XfumGW6jFk8jWqRCg4LUOwvTZsJAxivSd4RiBo7hZ5KjOW84P5MS4x7U9Nkkvz +ThRuzLKBc3f4VpFTXa7T/td5X5rnzOkOXOcDH9o5fN7/74I1qKDC2fvt4qKTan58 +38HQOclQRtH6+IevoiBlMj7PnzMINQ2JWwBaT0n2PgJu/LT3pNKr3S1IrBbEEphC +u8qXS7L5ASD58pnk6LLCjJprnbHimA4U/jjRaEXjlNKjfW3Cx6k9GFkIFopHUvwE +otsLdeOg4MDcGp1Hi/Gyk2mx2kUCggIBAMyHMSc80tP+z023DblBELWps4GeJq96 +XXgE3oNI/pPWR53HyDSTNnZW61RAL8aqSivBRypj3hXg9n0vvQzDAoMR5T6xIGYJ +MlrRIHpsprtwX1HRYEJ3uUp7XaKPIVHdSbvwm7syyLCYhtDPaHad6NVR/B+ba/kz +ZhG7W/aaBnr/ph7nyvxnwU0KM0KOknppVEDfuEssK504wn+O6VbaT9A5SPM8UqtY +evHhoVlIib9rxkskjuPqkY9gb4J5KvPoTkxUKBdGENBPuEas7nc+CRE8eEtDL8/f +oR3SyOBOiXgi42PszhQZCLDnbuE7T1BOSwefL1uPhz3D22qpEphdPac40Q194J5q +YkpFJpWpX4n3SZwW1MncYxJSc4h4qOddoH3gvu+JVn9HfnYxWExh/ayZEb8E3VaI +ztOavaICpZzS6X1it9gyu46Z6jfX0KDcQfNp19tFEUrF+5Exc7xR5hP+ZcF+ocnd +m0OzkJgQ0URfgonfasPvHxJ15pJrVj1pu5YFTboK4XureVlUuzEenUfMS/v3Uh0T +63HTma6OJadmcDL3V3+TzBBWFVvIj3eKP7DNxlF4DyNanYRM5e3Puwaesxt2mEt2 +mvCaGU6N/uJOO9fTxlWTku5oFwhV0KLLr4idumBVD/1SLNUk/asELBk3qZ2OYiWM +Co/1tG8Xtv4lAoICAFDvJT+ym5V/JYddBLpsID0aC0+1rS48F2S6Ww62deEoG/FM +JBK6I4QKuzOFYXO6lgnZBp4NDog5sLpTibRKp4LDUURrtJh0FTUbFqNC0m/XfZsX +SA5PkKzoL5DQaPzKTxB+8x+jVpi/qvhsOBm9zkaWjAw6e5HSxMdJAT0DSbWqnrRO +IKxmdGpCf7QlAflozUadXYEvdE3QW31sKGJblkLrA5wCVorCoOYiZhBPfaHMTrCB +iwEmo/IRzcUMMKevh3kSGuE3OnNuu3cb+DF0+QXrza+zQHhmRKG8Fyc2jrm98Wfk +kNkzYQwM9Zt52RwhtzmRtZH0dhflziDmOq4FDNAgw3/bZrUn71NV84ZjU7phKWWX +j8aspFNC1T5xTlnuKBHJqZVx5a49MKfRDZf42l0RfMgT63H8wvAaWrgNK6BQ8qAg +imGke+pp3SVoNwHBiFOXgr8f37e1muvLSyv36QUE8R7gIlMKUEVnxU95e8DgJra4 +Et+s4ih664+coyERGOMz3K/T2lG3t4fkmk/iclhdXuRqreHMC2Vd8MRp7mHc3blD +Xbj8PX4fwn6R90VK4XBvbWWXMDNizaA7uN5wzan8vcuMh1/zGM0t0dBT89nUW6mp +VqJnlqq0Y9ohQIFWMhJ/re9prgjM6cXoqOxzq8BqErU7a8xNV086Cu70Xw3xAoIC +AQDE9pieadO6tpPbCqMbuY4m9CNbevtUWCn1L/M9SSlpI51aVA/4maCEPFZqj1mz +H0FIe9xV9VDljvyxOCz+QjqEENLNGfTSbp7gmK6HV2UF80TIXTMvL27wTHey2dXD +qbCdXiwLDe/5KRoDswmt2YplDIwZwCouFZKBFwaMKG5/Ov02nBB+HEkqMN2GhhiH +7DFoPEqVkhb6VLPx9aW+r4TXSKN5IqmWOyJDF/+zJMkK3/ZZXP6CfN3qznr0kk2M +EDZ/CTiGmUIN6gfTgCwyBzriL3LFQBGmRX06ZEhwwxFd8XM8Qst+zVDyVB4Sp3RN +KOjWkTUhHsql75y5TdMLiheal3uzW3rZ9Cdt0MREspTAH7XyrIYFU8jQ1zhNv60h +CqhJMQuPUJpM/oPJvOGExYVvFwXhCAVDlYJgg4+Fmrj0mqSizFOxz8GRpaXKW3qd +vx+AE3j9v7jUYm9Otun2/IPu0zoZKiMSbOhePWnNF7z/9F6Y+eAuinRI6eO/M8Ec +aVtuMPNWa64T0+GL5q5SsmHSx+qQ3u9j80/1EUrZsCiQ2nTIkCviP2nwfYYaGr4W +57tIQBJxWIZzjItO4mM3Lqq0yFZB52bonXK+rBgc71/7fk3hHh/NP83q67DqpQHE +FRWZIhRfOuuoD9/+752eeOki69jbU0gvUnrFgmBd79+ZRQKCAgEAvgpyRr9oAhjE +nZXtjbcJkQT3Velss8EdRA7EQcblalXTkxzPL7MMchmv8OpezMY/u9X0rY+amXdi +h2zXSxJ6jmCQ2zMTZ+Y/57hFV3/nPTOyYb0dipAsqjKcw4UaacUdNGP79TxUMCQr +iUx/g/IHk9JbR8bosGWW+Nim2Dpj8/NAaC6oaLm0DCfAtyR87PBEZ6es0KHo9zLU +36u4hmodAI3XnmyjreNDvQLsrAmq2VJSn6TPYPFIDkFwWB19UuByUNCIHEml1T1s +XOqL9ReG33CZCqtaJn0tPDk1ZOfyyIYmK5ObmOOn3YvgV1YID0FlOba551gfs2mk +kEnHFNcwM8kr8nchb47lFs21u4jfeaWVPfOV/ZnApLxnMS7RT/QzrmtxIHtHmAIu +3YgAopxuFj0PYTC6jbvWU8Cq+ruPzi4qHxmNsrCPCEyhFu23TvjnEvC74hi2VQjn +u90fxLgTWcbzrYQbcbnWV3OIA8X8kSZO3RC2TH88LESxSTswb2TJtntbO+Qr+PaC +7M/fBDLqKtM7hZYVA1le/2r2oFPSC6uzcbOhebwfc61/tttKQx7zIbfQrIKux1g5 +PrGsE3o8505tqQmA2DJEzeYIp2NDO8KZtoScolLQWXFuwTUwY60GitJcSy9db8NK +5F5LKydVEM2RG7tjljSgYDBBDgnk9+M= +-----END PRIVATE KEY----- diff --git a/tests/pem/non-tfm/ssh_rsa_8192_pkcs8.pub b/tests/pem/non-tfm/ssh_rsa_8192_pkcs8.pub new file mode 100755 index 000000000..2996f3747 --- /dev/null +++ b/tests/pem/non-tfm/ssh_rsa_8192_pkcs8.pub @@ -0,0 +1,25 @@ +-----BEGIN PUBLIC KEY----- +MIIEIjANBgkqhkiG9w0BAQEFAAOCBA8AMIIECgKCBAEAqV97tjVnMe5+B6Hu/wGK +iyLWEcHLLW07r3tMk2ehx3MCrOkQoQobp0lZ3tn5MXnLi3aYgGTa3Y2u7EMai9MA +4vr41rnC5pdIQ0NoqT8uP/OPQ5kHjVYddaEaFJAOh6SOaEq+S0yRqV4p0/wkTD95 +VOKDOxl8MjrJRwSbEM98cImYIwvXbFNOha2S8W8tJ6AeRJBmB1iFO0wAaIFa5fqv +GqohSJYuqFFuEBpXn0DW79cp/z9cZJPyQ6TewWVu119XGwHNfafjKlbjHpCN+G4x +zKFVOXr2OFqprX1kSKKLpwHJQrojrnv6q2DKF8KOuCazGl9fZyJeuY6w6n4wrUUL +VquovQ/6Uxdi8xEYBJC1PcVerLSFypHKY8hKwa75SpUR3V1oZBjdV6J0yt9hkjzs +bA5EbMozgq3zJU5HLjrpyASs6RVhdDfZuh+o4f5g3Wrb0Nbe9nJYE4ECNa67cYeE +c24ik4auxhLkJ+WlY7I/2dKvqnmO9be5TRdZGmi2uOJD1nJkjKr/brNFPdJoEp/i +fyrRZwQQ87OIELJ+eARMmVIRf6jpeBX6YM0evis3UEX15RmNixR05T23ciZ7AZUb +N5Xdlt5YIWzTYuFWbC7dLMg3cmltsK92rVpRbKuV8ZBmO/5ckcx5VkQiAG0kmYA8 +/2lgQXab4OeALSL0ScrDtZ2XXw9G9TS4w/KBrd4X7VslJ/+v1IoFt+gH6oLCYx5c +tpqUlud5WCR5LbKz360AzU9yf0n7SqRk41OUcMc+NSUkMBInzOS6JhvzBq8OfpCR +naeBoZUUqn9uZUdwUUo0iOq+6H2DxjgknPU1o5xIn79R7XB9PJs3fdgbullwlhaV +8Xq3/aC0lmJWQy1JfZ8XaXJRmqkMslV8BViilInrtPsIP7tmK8q0NSYE7AJVhWIf +P0qPclsql3MBZCqS9HFn9bEW0U7i84VCMnN9TDVslTdT/o9RxihL3ilXxk8Ymjcf +KsRBZbLLDVZhcB7ywe7F+z/ITF42cXr03pCi5Ckfv/xBEKfKsIxw5Tj1ptbUD7ij +B7Gw3I8cl6hTuhzBCYX3ldDliurQTJcqUozPPvH5qhQUoiRplzNUtL//Eug9kP9z +q5xQ+VyzrLrm02HkqiTcyGi0jbx7xpNbSUanOKkIw0VyPGUPkBmSQZd3ox1DPX9X +DTAKQqJuEX3GarytDU3rG+DoRReyt1fAW+g32Glu+k7SUGLTf7BgMHkq4n812d12 +gR3pQq4fdZKM8yqxHCWHhrVH0faPNt1N6U5OW1+0LxAoC7j+huS/C3OlfFSPIl4V +eknxFTfXnMIepy7FB4pqkuSL3cp26kPa49/mYWlUIh5qxdZ9468ZxCGNCFklHVMB ++QIDAQAB +-----END PUBLIC KEY----- diff --git a/tests/pem/non-tfm/ssh_rsa_8192_pkcs8_pw b/tests/pem/non-tfm/ssh_rsa_8192_pkcs8_pw new file mode 100755 index 000000000..e9e43fa79 --- /dev/null +++ b/tests/pem/non-tfm/ssh_rsa_8192_pkcs8_pw @@ -0,0 +1,102 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIISrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI2doDzjPpbFYCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAECBBAoRx/C3FObs8siwEyNKIT9BIIS +UIj1zexhRjGE0dMpGuwzSjYUqRDoRiDbshEzI+oAwivi5wkHC0am6CbHr3e3aYRn +iXfZSqjK9fo7K1sevy/CnYqBGwh/PG4wxiTQr+yM/rlgZ4NKSkF1xG5UHhpZh/Y9 +s/jj6t+co6/tkSFnQXw09ZL64tPkWv3p42FKtR5MINzlxuS6EraF2HdDkELdYciG +4vzXDAK9O5VSH/ad7gfIjOe3erHQTqPVJMqaTgvENcA9pCDRx9OHZdWY0QAT1CSM +A58T6oa4bNHJ/+rTzxfUecmhgjxIOtwX2NYD+YgMUTmBz2FIzvQJMuLigSGBe9MV +msaa/Aph8rvtfJihgFdzXvDW7F6gAMd0B+MaTxyB9iwmGRj4kGawTOTA4eax3d3O +J50mInJwYg+a/SIHFYqXeAP+OupEi8MR8I84yP/ZxLmWNgsoD5wV84gDfQ92jdgL +BNkqLnZFAedMTa7SFJhz8eXEz15W3ILSUVE2+gGJbuLNczJN7reSc5schwFq+MLD ++9xgMQU1Pl/6htHG85Vqx/wOrQNfG7PTep7gHfJWpMuZ59Q2TtOO7M8SxK7WDmhB +ni5eNQETZkixg2F3pejPFDMETcL4GrUc8RgkU8ArXV8GQo7blQpWK3f6xtZ3JdEs +VkElAPWr37o+5dff53mG+lU7F1Bx/kskugbM4nJalkFbp2v4KUOGWW1Tdnxp3wFL +QOWwIYoikoYyK3IWSq0x+7UPoo9d35+AT8f4kj0xct7euOR27g+Qag3J/Z4cDY30 +EvrDAo2ddrVCZAuMl3hC87BA6nY9sdXCVSDpNV+IdqHhr3844+dzpAXiEFKkgfzx +5HHD280HBVNiTMVxXCpQ6CZIKPSHwoZjbeC1XFxcL94te8mZdjIr8VqDlgNRV9ox +i6K+JVTuISjKlC3nNE3fQgcT+aIdpNP/0qKgwcVoSUJGiLa16MEtMzHSD7ttnhEP +LOTL9g+0HdV2KJzbiOE+Kjjoc4DI+SjQ4BxoL2GAvMPLr/9w+ah2+K3qB2WD2Ght +NKIulITS0s2IxyzanXdgnzkIT9rG6qoluFl88n+bgbykd2yy5ZDlOUse/vE+p65b +uIOhG4vp74oiy/QYaBj2vHdNraAhy5m7sj/pOXsyjWh8QpHIyU8XtvjmIWLGwNY5 +/xHwsxMWwaQSy0ovmQFepLAMDXYDwtZRJhlCC+1n0qUKK7911Kv2kTCshwOdUHlP +NSQWS+acJ0728kMeAMqHm/S6zlFCADD5mpLCEATvzpIIByfUPaYZ+FxoNv+NQ2K0 +6uwneQmJhd+DGZzz8MqX/p0R3GMoNWC4Tw0VMfhaliNP9fwDRUCoMVGBAoq2Tl3w +QmpwvnpQEPD2hduaNTK2GqUZnEE4lMaCSA6fidgIC+E+qTE1HX5g9u8HjPdiDYIJ +IHxzib06D4+KItUH8k9s5g52rFJY8TY1S/O3cDpRzawsoadZZX/cifWNLrEcFu5u +pPKP0ey27fOiVyO4KhjQ9fPjNhyQ2NIgwgtFAM/7dccrzxc0QOmHMs55S9zU7KeP ++IuwBnfitfLFVMJPhV5id6uEjH3E+MqclKYPQyfgzBJxreohk5mn3p3MrHdTSHkt +kAcrCZGsZ3AFMkZ2KgKvzf0h/ZD6XfNqB7WaEXDM7hWWQWqsSYdO6BRwD0+p9ukr +mvgQUJj2PJCUHp0PFx+IZrAe7bBC20Bif7l1nWYzSLMDfDqadAWVSSkEm+t89Wbk +Ajj5Oj4T21zrP+5DMCdz64cHD8eGKHMwTMU9Y/ZqLTh7+YAn1X2Q907ZY8TBzRbL +n4zxwu+WzNuafpSyGOshhCmQAjIKzSxvK866sBnzBVDyMgvTd4IX7GAYzC+Mn3Ca +akvLAmhbojUKB1ZKKjMToIuq92zfGQutVn2jOxfFsEMiG6V7Z0101mcF1ZJcmyoL +vcGDHGoqXiOK4E+x40V7E7KF6kPGp5jUta8UjaePv7RPJ6W66moK8tt0t85leiUX +bpBIWy7RoJf9PB3ZxhBStbwXhOAdaOHas4vBp0ZBUCUthdeKRds4lacHaoNuP4F3 +H4en4arSiWmpTt30LeprYP7Goth8ymRE6Rz733aNFN+fY9KoiYc+UGtqVEUBeKbK +MRdLqbBTrljxh232rJjp2rG+uBM1bDvPuAIcTiOuQRq9R+H24a6oFhFsqatrLmF/ +XDFkS9/rMe2GX8D7oZaS7K9WNqGgn26jPCYZpBIsXivjTYxXSpDk9z1hSlhy2y2/ +XhFZ50toieLOXLAWL3i5GtcQNkwYPW9/O/xrYwjG+edOILqv+SdKbsVwehnRwClZ +4Nof3jtnLuA2wbiu+ALa5wepSxgcqe2i2rN3+Q5BQNKhhE2Xqy+JUs5XSQ8PXDBV +BTBSCa9FoBTlnm/+qehnMYzZBi4nUxsmqWRp4jQIbfx12fmFniD3+4xL0+pUuI1x +SqwIxE3D8+Oi3RkBrnBAMVhveRUUTOQVQ6AQEaHhCDRZEx3F7eZB/gkNDDA0vd4j +Zc9HIJFhZigqY3KZ5zj1auPmwYstVpprhQTVtd5uYlMbw2e+a7Fw0U2X1yLavVNv +zLG4c877n8TOsSgGNqomWUNA9DTUzP7zFvzEtnc1dwz63CmK6PIE62AtbAvYBt21 +YE5LSY2IBEpNvEEFctsPLPStyd9rFcU06pEspApWbb+yd/wqu7SIEfIBT2z0JQe/ +UKhb+eGm1fHchv+VWJiaqDEyaj2hyj9bKOJNTrKbxXGQ3edSrUJbvZ3Vi8F2PseP +D++cazE2VitnJYTwZBhZOT8LVbxd9w7GQriWSfUdxZRRtDodOpZ09oDc5aoG8ag5 +Fp0xS0+BVFZcwwxm9QO2Z4ydfJEdlcsX8yqhC2rjd04TBBs351vpUkItEWimQ+/o +xgqVrbYu7+HPJbCrrp7dyV6ygJ9HtYXadba0X5rEHv/VrJ3Brqcx0sypscMYVMot +pBFxQif57yJzgnxOIWOOjV5TgTxCykjwm4gjhSxrhKeuptHQWRm+PHjWTqStO3aK +JRmpYuV0xSWl8CRLifK7U5dkiAQHi7xrhwCdr+Jd0VtQu9AQ8eGRaUfrxsM6pqhh +TpOvylwHCXr2xK4wU9dknGBHKBrzLqr2uEsKfltbZWAH+BBgMDyWXKMU5s1L+EXJ +KgvtnWqGTjK9OOlWqYiH47GJL1J0NABxH+PUywQ1GclHGtQ1VncWem/BXpcZ21GO +a2nT8UPCgdq3FWGexNknRIFuLgjR3OhvQe3ug/5XElFFJWMfzJWST+ig773WKeBL +bSmBQceX4zNpGJFTeggfYw1xLnU9sZzVpzbX1HzacjCSEnxhWPfiJlxRKHGnxmju +NuLlP5Cm/RYe1VA2C7AgtgOHsebB9vCbgfHabjtkwPgkFsEADmXNqqoaV8E7bQVy +cj7sme3C71FZQLUjBGmH1JBz/txzZzIFsdgTapvyURk7sPyJrjPpZ11FqKTSMqFm +bLxCvOn3TgP+tF4efGsDmFB5OUj+19b+3fZ190IJ5u8uHwmTwxTING7DPk+ds6OA +opursyvZl/snvRZIwYNSeM3AxXSOTO4tE69W7YBSY6yvaJUp/7Xwf8ukE22b2K99 +byi1zUkspYVy4ncDCXGpCN435wBlfw7N/py1SyYcA5ACxnphrID6tzVeOEbrRP/h +f7XB9uUvCFEtdqSxV2KZlX46G4WwzeeFRTexYVpKhGnvvg4+gwGbctU0vZX6hug6 +cOM7BU7KndbplHjcUZMfCuuayX6Xqv4NbW6j0YvQNCYh595mFgTTU5QmG8Q0YpfR +Tic0COZvOB2xqZitZv6FUoKCgGDSWp5q5ZWHywY4aamrMTM29SlB2qboJHX/Lim+ +Tdpqc7y29+XRF7X6sM68t8gAtHwXwFK16DnZR6G3tTEtX/WnWxAwu1rm5zVOUl47 +t4BH0rxwlBPDGZCXoGITL2opCRkgcj5xx1UFE2TAy7uV3Fx6MAsy2oQOUk6CBmEB +3VMDxgXwXBOb6iqw24hvtcxpSbX31TzOG7cR420kkErIy7iA8vcTA3empALqgylp +No07/zPz9U07xt7gHd+v/zQS9M5FUvKQJan60frC1hzKrtJEOABi/+dPnAfJs2Mj +QwMWbGCnT6jcauAi4iYT1fRYJxIDGwjh97+7eRuJJCVV6a5ukt+4h2lTJkGQlrJF +DOL7EKk0EXR4HeANuaKJKJV8Y+qdvE/ZgVDqTgezcRCtrUsiuEwRz9mCvXqpaNf2 +lj4H/pk68R86bOfifZxpINHQ6sYcAsQawZELgYWl9kTmNxyySzlt29PCEAcXFZDa +bAIQ3H9RlitUUMCyXyDYUcsEeETX3mdk8yWzavn/usefADxlFcNXunaxhEBi3BbZ +VeBeastodIARbycgIcIY8oZEJToZNEqcgrihYo480b+CX8ihugR0DkmcWrWIaPgz +aVHlrqW5Mi3eszSCow324TafQ525yPMZqqHzqjPa7cRkpS+zSRnbqzPQCxIeC+Pg +IMopmjXDWsdZ9xSBGZqbATY3yTYz9e/jeZoK+Xd0QdfIPxm3DYi40AWdNRBc5X30 +ZZc5kYe7P3BAxaeQKoktpg+7h2Vli7RKSvHWCNOpV8giwMzwgohyAjt8vxX5U3QR +/TKTz6yxRqa27d+2wSioETKdR2oxVHvS9OxWcQg45kMVj7aEXNqujTlVRvcfpUYI +766ARAUm8BaXbUjYsMy8v6fH6oqHWgYnjBmAN1AX1LL84Zb5rPg3JnXNHfo+RAfR +E6RjhUMxmYBVvFqKPX7ltmTbCyWZhBo09SJ4W78UbV2WSN7kuGx6qrL9PjHYZ8X4 +EZUhIrzpeF+V+GrQyfTMXMSfK1B0s1zRvBB5AaLeubst9yVqXLxkvJ6iLBu0syEv +mJgUqMybVS1t25eJknfUZs+MU2MBbFn6eECBrNpZHAcmT1VIe+aEg1C+riDgxuM5 +Gk0tZM7IIFgAwl3E8Lz48qZOWWFE72QEjfHM+BI+E9FGTQ1lr4QUufOQd4UxIiH9 +4I4L4DSaX1X0JH3ln02hKG1y+cMlYPL/t2DgGgt1ej84asZjWV/inrflQMC3tggU +c7SuN9ByX9C4HUXIqK3vrfzWu3GxeuiG34xidxUpLP77FIisdQDkhFf7kBi9D5jj +5vxoGDYJGtaM4WC+nwKJLBaAqQVHzH2sqoVoi4mf4JXnIJmbox24Pe7B9FkKXuLj +oGBwDgl+UeVNZyZ1/1APUz6rNxI8a4LsJ1JqUXrsl9DMj0ieGGbyNee+I1ufSrve +tLtl+S3/tdkbs5nJv9JTWbwc15apbPCZpesLUct1ONSMUgkh/L8hzRG5a/gl71O6 +Me+/P7aX55q2fJbt7y83Z9IHm8oW6Pez1Xny3qozwWhYDqIfPIrQN9SRc/TRg6P8 +S3pGpjE+F3tVDHNrrpdnM/cFO+rJeDXt3ZfUWCE4dW5u0hjZYC1JQoj9ABBpX3/W +GzAy5E4cbux310Pd0UL9BVkcClbMeQB7SF9BEDi679/x+IhfZ8BYg0o0kax8gVg2 +waDHxFo+F+ucbEKTBfpvcAfAjHQEH+5aA8aapd9glA+lI1L8Fn0+QiwHSChiLqsO +LIAYSo50FrD1g3w5ahGYJ0XLuQ28J1OdJ+igGqTWk/R5v3XUUFvBluPR+PqukY65 +vTLAnLatWW5goXs3HdjZ6wUfHI4mat5ataeRi7PdmdsO+ieS2DobaHjKO07Aoz7m +dYASdkNlepGU6Uj8IPtSnDzx8mq09XAjFrYs52X7ld2aBoY9G05kcCZ3SSqfgNXt +9HDiNtuYZj25oj88Y9Z+pUZYMxLP+jILLJVIxVTHICemaoYs4MJKIdDvgwKXZgmH +146PYlAMe25qe7aBzmLdFiDqyGQ5cIg94GEDbBkztgxPAUhh3yiRznt/1y32TUa3 +60ZTAyIIQ2l9Vl88ikSZ8bqALTLN2N4o/pnXgcpL1Mq4+7XX6sFS+popQxuOb4YF +KD6qlSZDDc0EvNgDCmtQoC+UF4ySAheJjG2uaQ5bdNmeW6br6SiU2D9UMhRjXfTh +23mb8WdxlQNJm+tlNnjdJODXxgU9ssGD2Cfllj9GWbzQVs+PcGDVzDanHzffBU0n +NIw7JN3A7504KxuqpcaIR8GnwyUeHTjxEbTqmua7wqLLk8GzxJfBipe2nGiug4rj +nhha38O6NmQ/EYEVFMKf/pHTApDHdPFxVGQO/T9EcXZLC3oAAyzrH5MCA4LU+5+X +uH1o1mvXXfvqM3RB458IHvYMjPSL//a9eDTi7wDDovcZ +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem/non-tfm/ssh_rsa_8192_rfc4716.pub b/tests/pem/non-tfm/ssh_rsa_8192_rfc4716.pub new file mode 100755 index 000000000..3ca5bc104 --- /dev/null +++ b/tests/pem/non-tfm/ssh_rsa_8192_rfc4716.pub @@ -0,0 +1,23 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +Comment: "8192-bit RSA, converted by miko@YUE from OpenSSH" +AAAAB3NzaC1yc2EAAAADAQABAAAEAQCpX3u2NWcx7n4Hoe7/AYqLItYRwcstbTuve0yTZ6 +HHcwKs6RChChunSVne2fkxecuLdpiAZNrdja7sQxqL0wDi+vjWucLml0hDQ2ipPy4/849D +mQeNVh11oRoUkA6HpI5oSr5LTJGpXinT/CRMP3lU4oM7GXwyOslHBJsQz3xwiZgjC9dsU0 +6FrZLxby0noB5EkGYHWIU7TABogVrl+q8aqiFIli6oUW4QGlefQNbv1yn/P1xkk/JDpN7B +ZW7XX1cbAc19p+MqVuMekI34bjHMoVU5evY4WqmtfWRIoounAclCuiOue/qrYMoXwo64Jr +MaX19nIl65jrDqfjCtRQtWq6i9D/pTF2LzERgEkLU9xV6stIXKkcpjyErBrvlKlRHdXWhk +GN1XonTK32GSPOxsDkRsyjOCrfMlTkcuOunIBKzpFWF0N9m6H6jh/mDdatvQ1t72clgTgQ +I1rrtxh4RzbiKThq7GEuQn5aVjsj/Z0q+qeY71t7lNF1kaaLa44kPWcmSMqv9us0U90mgS +n+J/KtFnBBDzs4gQsn54BEyZUhF/qOl4FfpgzR6+KzdQRfXlGY2LFHTlPbdyJnsBlRs3ld +2W3lghbNNi4VZsLt0syDdyaW2wr3atWlFsq5XxkGY7/lyRzHlWRCIAbSSZgDz/aWBBdpvg +54AtIvRJysO1nZdfD0b1NLjD8oGt3hftWyUn/6/UigW36AfqgsJjHly2mpSW53lYJHktsr +PfrQDNT3J/SftKpGTjU5Rwxz41JSQwEifM5LomG/MGrw5+kJGdp4GhlRSqf25lR3BRSjSI +6r7ofYPGOCSc9TWjnEifv1HtcH08mzd92Bu6WXCWFpXxerf9oLSWYlZDLUl9nxdpclGaqQ +yyVXwFWKKUieu0+wg/u2YryrQ1JgTsAlWFYh8/So9yWyqXcwFkKpL0cWf1sRbRTuLzhUIy +c31MNWyVN1P+j1HGKEveKVfGTxiaNx8qxEFlsssNVmFwHvLB7sX7P8hMXjZxevTekKLkKR ++//EEQp8qwjHDlOPWm1tQPuKMHsbDcjxyXqFO6HMEJhfeV0OWK6tBMlypSjM8+8fmqFBSi +JGmXM1S0v/8S6D2Q/3OrnFD5XLOsuubTYeSqJNzIaLSNvHvGk1tJRqc4qQjDRXI8ZQ+QGZ +JBl3ejHUM9f1cNMApCom4RfcZqvK0NTesb4OhFF7K3V8Bb6DfYaW76TtJQYtN/sGAweSri +fzXZ3XaBHelCrh91kozzKrEcJYeGtUfR9o823U3pTk5bX7QvECgLuP6G5L8Lc6V8VI8iXh +V6SfEVN9ecwh6nLsUHimqS5IvdynbqQ9rj3+ZhaVQiHmrF1n3jrxnEIY0IWSUdUwH5 +---- END SSH2 PUBLIC KEY ---- diff --git a/tests/pem/dh-encrypted.pk8 b/tests/pem/pkcs/dh-encrypted.pk8 similarity index 100% rename from tests/pem/dh-encrypted.pk8 rename to tests/pem/pkcs/dh-encrypted.pk8 diff --git a/tests/pem/dh.pk8 b/tests/pem/pkcs/dh.pk8 similarity index 100% rename from tests/pem/dh.pk8 rename to tests/pem/pkcs/dh.pk8 diff --git a/tests/pem/dsa-encrypted.pem b/tests/pem/pkcs/dsa-encrypted.pem similarity index 100% rename from tests/pem/dsa-encrypted.pem rename to tests/pem/pkcs/dsa-encrypted.pem diff --git a/tests/pem/dsa-encrypted.pk8 b/tests/pem/pkcs/dsa-encrypted.pk8 similarity index 100% rename from tests/pem/dsa-encrypted.pk8 rename to tests/pem/pkcs/dsa-encrypted.pk8 diff --git a/tests/pem/dsa-pub.pem b/tests/pem/pkcs/dsa-pub.pem similarity index 100% rename from tests/pem/dsa-pub.pem rename to tests/pem/pkcs/dsa-pub.pem diff --git a/tests/pem/dsa.pem b/tests/pem/pkcs/dsa.pem similarity index 100% rename from tests/pem/dsa.pem rename to tests/pem/pkcs/dsa.pem diff --git a/tests/pem/dsa.pk8 b/tests/pem/pkcs/dsa.pk8 similarity index 100% rename from tests/pem/dsa.pk8 rename to tests/pem/pkcs/dsa.pk8 diff --git a/tests/pem/ecc-encrypted.pem b/tests/pem/pkcs/ecc-encrypted.pem similarity index 100% rename from tests/pem/ecc-encrypted.pem rename to tests/pem/pkcs/ecc-encrypted.pem diff --git a/tests/pem/ecc-encrypted.pk8 b/tests/pem/pkcs/ecc-encrypted.pk8 similarity index 100% rename from tests/pem/ecc-encrypted.pk8 rename to tests/pem/pkcs/ecc-encrypted.pk8 diff --git a/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbe_md5_des.pem b/tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbe_md5_des.pem similarity index 100% rename from tests/pem/ecc-pkcs8/long_pri_pkcs8_pbe_md5_des.pem rename to tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbe_md5_des.pem diff --git a/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbe_md5_rc2_64.pem b/tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbe_md5_rc2_64.pem similarity index 100% rename from tests/pem/ecc-pkcs8/long_pri_pkcs8_pbe_md5_rc2_64.pem rename to tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbe_md5_rc2_64.pem diff --git a/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbe_sha1_des.pem b/tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbe_sha1_des.pem similarity index 100% rename from tests/pem/ecc-pkcs8/long_pri_pkcs8_pbe_sha1_des.pem rename to tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbe_sha1_des.pem diff --git a/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbe_sha1_rc2_64.pem b/tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbe_sha1_rc2_64.pem similarity index 100% rename from tests/pem/ecc-pkcs8/long_pri_pkcs8_pbe_sha1_rc2_64.pem rename to tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbe_sha1_rc2_64.pem diff --git a/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_cbc.pem b/tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_cbc.pem similarity index 100% rename from tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_cbc.pem rename to tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_cbc.pem diff --git a/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem b/tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem similarity index 100% rename from tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem rename to tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbkdf2_des_ede3_cbc.pem diff --git a/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_rc2_cbc.pem b/tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbkdf2_rc2_cbc.pem similarity index 100% rename from tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_rc2_cbc.pem rename to tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbkdf2_rc2_cbc.pem diff --git a/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem b/tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem similarity index 100% rename from tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem rename to tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha224_des_ede3_cbc.pem diff --git a/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem b/tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem similarity index 100% rename from tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem rename to tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha256_des_ede3_cbc.pem diff --git a/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem b/tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem similarity index 100% rename from tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem rename to tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha384_des_ede3_cbc.pem diff --git a/tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem b/tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem similarity index 100% rename from tests/pem/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem rename to tests/pem/pkcs/ecc-pkcs8/long_pri_pkcs8_pbkdf2_sha512_des_ede3_cbc.pem diff --git a/tests/pem/ecc-pub.pem b/tests/pem/pkcs/ecc-pub.pem similarity index 100% rename from tests/pem/ecc-pub.pem rename to tests/pem/pkcs/ecc-pub.pem diff --git a/tests/pem/ecc.pem b/tests/pem/pkcs/ecc.pem similarity index 100% rename from tests/pem/ecc.pem rename to tests/pem/pkcs/ecc.pem diff --git a/tests/pem/ecc.pk8 b/tests/pem/pkcs/ecc.pk8 similarity index 100% rename from tests/pem/ecc.pk8 rename to tests/pem/pkcs/ecc.pk8 diff --git a/tests/pem/ed25519-pub.pem b/tests/pem/pkcs/ed25519-pub.pem similarity index 100% rename from tests/pem/ed25519-pub.pem rename to tests/pem/pkcs/ed25519-pub.pem diff --git a/tests/pem/ed25519.pem b/tests/pem/pkcs/ed25519.pem similarity index 100% rename from tests/pem/ed25519.pem rename to tests/pem/pkcs/ed25519.pem diff --git a/tests/pem/ed25519_attrs.pem b/tests/pem/pkcs/ed25519_attrs.pem similarity index 100% rename from tests/pem/ed25519_attrs.pem rename to tests/pem/pkcs/ed25519_attrs.pem diff --git a/tests/pem/extra/ed25519-cryptx.pem b/tests/pem/pkcs/extra/ed25519-cryptx.pem similarity index 100% rename from tests/pem/extra/ed25519-cryptx.pem rename to tests/pem/pkcs/extra/ed25519-cryptx.pem diff --git a/tests/pem/extra/ed25519-selfsigned.pem b/tests/pem/pkcs/extra/ed25519-selfsigned.pem similarity index 100% rename from tests/pem/extra/ed25519-selfsigned.pem rename to tests/pem/pkcs/extra/ed25519-selfsigned.pem diff --git a/tests/pem/extra/rsa.pem b/tests/pem/pkcs/extra/rsa.pem similarity index 100% rename from tests/pem/extra/rsa.pem rename to tests/pem/pkcs/extra/rsa.pem diff --git a/tests/pem/rsa-aes-128-cbc.pem b/tests/pem/pkcs/rsa-aes-128-cbc.pem similarity index 100% rename from tests/pem/rsa-aes-128-cbc.pem rename to tests/pem/pkcs/rsa-aes-128-cbc.pem diff --git a/tests/pem/rsa-aes-128-cfb.pem b/tests/pem/pkcs/rsa-aes-128-cfb.pem similarity index 100% rename from tests/pem/rsa-aes-128-cfb.pem rename to tests/pem/pkcs/rsa-aes-128-cfb.pem diff --git a/tests/pem/rsa-aes-128-ctr.pem b/tests/pem/pkcs/rsa-aes-128-ctr.pem similarity index 100% rename from tests/pem/rsa-aes-128-ctr.pem rename to tests/pem/pkcs/rsa-aes-128-ctr.pem diff --git a/tests/pem/rsa-aes-128-ofb.pem b/tests/pem/pkcs/rsa-aes-128-ofb.pem similarity index 100% rename from tests/pem/rsa-aes-128-ofb.pem rename to tests/pem/pkcs/rsa-aes-128-ofb.pem diff --git a/tests/pem/rsa-aes-192-cbc.pem b/tests/pem/pkcs/rsa-aes-192-cbc.pem similarity index 100% rename from tests/pem/rsa-aes-192-cbc.pem rename to tests/pem/pkcs/rsa-aes-192-cbc.pem diff --git a/tests/pem/rsa-aes-192-cfb.pem b/tests/pem/pkcs/rsa-aes-192-cfb.pem similarity index 100% rename from tests/pem/rsa-aes-192-cfb.pem rename to tests/pem/pkcs/rsa-aes-192-cfb.pem diff --git a/tests/pem/rsa-aes-192-ctr.pem b/tests/pem/pkcs/rsa-aes-192-ctr.pem similarity index 100% rename from tests/pem/rsa-aes-192-ctr.pem rename to tests/pem/pkcs/rsa-aes-192-ctr.pem diff --git a/tests/pem/rsa-aes-192-ofb.pem b/tests/pem/pkcs/rsa-aes-192-ofb.pem similarity index 100% rename from tests/pem/rsa-aes-192-ofb.pem rename to tests/pem/pkcs/rsa-aes-192-ofb.pem diff --git a/tests/pem/rsa-aes-256-cbc.pem b/tests/pem/pkcs/rsa-aes-256-cbc.pem similarity index 100% rename from tests/pem/rsa-aes-256-cbc.pem rename to tests/pem/pkcs/rsa-aes-256-cbc.pem diff --git a/tests/pem/rsa-aes-256-cfb.pem b/tests/pem/pkcs/rsa-aes-256-cfb.pem similarity index 100% rename from tests/pem/rsa-aes-256-cfb.pem rename to tests/pem/pkcs/rsa-aes-256-cfb.pem diff --git a/tests/pem/rsa-aes-256-ctr.pem b/tests/pem/pkcs/rsa-aes-256-ctr.pem similarity index 100% rename from tests/pem/rsa-aes-256-ctr.pem rename to tests/pem/pkcs/rsa-aes-256-ctr.pem diff --git a/tests/pem/rsa-aes-256-ofb.pem b/tests/pem/pkcs/rsa-aes-256-ofb.pem similarity index 100% rename from tests/pem/rsa-aes-256-ofb.pem rename to tests/pem/pkcs/rsa-aes-256-ofb.pem diff --git a/tests/pem/rsa-bf-cbc.pem b/tests/pem/pkcs/rsa-bf-cbc.pem similarity index 100% rename from tests/pem/rsa-bf-cbc.pem rename to tests/pem/pkcs/rsa-bf-cbc.pem diff --git a/tests/pem/rsa-bf-cfb.pem b/tests/pem/pkcs/rsa-bf-cfb.pem similarity index 100% rename from tests/pem/rsa-bf-cfb.pem rename to tests/pem/pkcs/rsa-bf-cfb.pem diff --git a/tests/pem/rsa-bf-ofb.pem b/tests/pem/pkcs/rsa-bf-ofb.pem similarity index 100% rename from tests/pem/rsa-bf-ofb.pem rename to tests/pem/pkcs/rsa-bf-ofb.pem diff --git a/tests/pem/rsa-camellia-128-cbc.pem b/tests/pem/pkcs/rsa-camellia-128-cbc.pem similarity index 100% rename from tests/pem/rsa-camellia-128-cbc.pem rename to tests/pem/pkcs/rsa-camellia-128-cbc.pem diff --git a/tests/pem/rsa-camellia-128-cfb.pem b/tests/pem/pkcs/rsa-camellia-128-cfb.pem similarity index 100% rename from tests/pem/rsa-camellia-128-cfb.pem rename to tests/pem/pkcs/rsa-camellia-128-cfb.pem diff --git a/tests/pem/rsa-camellia-128-ctr.pem b/tests/pem/pkcs/rsa-camellia-128-ctr.pem similarity index 100% rename from tests/pem/rsa-camellia-128-ctr.pem rename to tests/pem/pkcs/rsa-camellia-128-ctr.pem diff --git a/tests/pem/rsa-camellia-128-ofb.pem b/tests/pem/pkcs/rsa-camellia-128-ofb.pem similarity index 100% rename from tests/pem/rsa-camellia-128-ofb.pem rename to tests/pem/pkcs/rsa-camellia-128-ofb.pem diff --git a/tests/pem/rsa-camellia-192-cbc.pem b/tests/pem/pkcs/rsa-camellia-192-cbc.pem similarity index 100% rename from tests/pem/rsa-camellia-192-cbc.pem rename to tests/pem/pkcs/rsa-camellia-192-cbc.pem diff --git a/tests/pem/rsa-camellia-192-cfb.pem b/tests/pem/pkcs/rsa-camellia-192-cfb.pem similarity index 100% rename from tests/pem/rsa-camellia-192-cfb.pem rename to tests/pem/pkcs/rsa-camellia-192-cfb.pem diff --git a/tests/pem/rsa-camellia-192-ctr.pem b/tests/pem/pkcs/rsa-camellia-192-ctr.pem similarity index 100% rename from tests/pem/rsa-camellia-192-ctr.pem rename to tests/pem/pkcs/rsa-camellia-192-ctr.pem diff --git a/tests/pem/rsa-camellia-192-ofb.pem b/tests/pem/pkcs/rsa-camellia-192-ofb.pem similarity index 100% rename from tests/pem/rsa-camellia-192-ofb.pem rename to tests/pem/pkcs/rsa-camellia-192-ofb.pem diff --git a/tests/pem/rsa-camellia-256-cbc.pem b/tests/pem/pkcs/rsa-camellia-256-cbc.pem similarity index 100% rename from tests/pem/rsa-camellia-256-cbc.pem rename to tests/pem/pkcs/rsa-camellia-256-cbc.pem diff --git a/tests/pem/rsa-camellia-256-cfb.pem b/tests/pem/pkcs/rsa-camellia-256-cfb.pem similarity index 100% rename from tests/pem/rsa-camellia-256-cfb.pem rename to tests/pem/pkcs/rsa-camellia-256-cfb.pem diff --git a/tests/pem/rsa-camellia-256-ctr.pem b/tests/pem/pkcs/rsa-camellia-256-ctr.pem similarity index 100% rename from tests/pem/rsa-camellia-256-ctr.pem rename to tests/pem/pkcs/rsa-camellia-256-ctr.pem diff --git a/tests/pem/rsa-camellia-256-ofb.pem b/tests/pem/pkcs/rsa-camellia-256-ofb.pem similarity index 100% rename from tests/pem/rsa-camellia-256-ofb.pem rename to tests/pem/pkcs/rsa-camellia-256-ofb.pem diff --git a/tests/pem/rsa-cast5-cbc.pem b/tests/pem/pkcs/rsa-cast5-cbc.pem similarity index 100% rename from tests/pem/rsa-cast5-cbc.pem rename to tests/pem/pkcs/rsa-cast5-cbc.pem diff --git a/tests/pem/rsa-cast5-cfb.pem b/tests/pem/pkcs/rsa-cast5-cfb.pem similarity index 100% rename from tests/pem/rsa-cast5-cfb.pem rename to tests/pem/pkcs/rsa-cast5-cfb.pem diff --git a/tests/pem/rsa-cast5-ofb.pem b/tests/pem/pkcs/rsa-cast5-ofb.pem similarity index 100% rename from tests/pem/rsa-cast5-ofb.pem rename to tests/pem/pkcs/rsa-cast5-ofb.pem diff --git a/tests/pem/rsa-des-cbc.pem b/tests/pem/pkcs/rsa-des-cbc.pem similarity index 100% rename from tests/pem/rsa-des-cbc.pem rename to tests/pem/pkcs/rsa-des-cbc.pem diff --git a/tests/pem/rsa-des-cfb.pem b/tests/pem/pkcs/rsa-des-cfb.pem similarity index 100% rename from tests/pem/rsa-des-cfb.pem rename to tests/pem/pkcs/rsa-des-cfb.pem diff --git a/tests/pem/rsa-des-ede3-cbc.pem b/tests/pem/pkcs/rsa-des-ede3-cbc.pem similarity index 100% rename from tests/pem/rsa-des-ede3-cbc.pem rename to tests/pem/pkcs/rsa-des-ede3-cbc.pem diff --git a/tests/pem/rsa-des-ede3-cfb.pem b/tests/pem/pkcs/rsa-des-ede3-cfb.pem similarity index 100% rename from tests/pem/rsa-des-ede3-cfb.pem rename to tests/pem/pkcs/rsa-des-ede3-cfb.pem diff --git a/tests/pem/rsa-des-ede3-ofb.pem b/tests/pem/pkcs/rsa-des-ede3-ofb.pem similarity index 100% rename from tests/pem/rsa-des-ede3-ofb.pem rename to tests/pem/pkcs/rsa-des-ede3-ofb.pem diff --git a/tests/pem/rsa-des-ofb.pem b/tests/pem/pkcs/rsa-des-ofb.pem similarity index 100% rename from tests/pem/rsa-des-ofb.pem rename to tests/pem/pkcs/rsa-des-ofb.pem diff --git a/tests/pem/rsa-encrypted.pk8 b/tests/pem/pkcs/rsa-encrypted.pk8 similarity index 100% rename from tests/pem/rsa-encrypted.pk8 rename to tests/pem/pkcs/rsa-encrypted.pk8 diff --git a/tests/pem/rsa-idea-cbc.pem b/tests/pem/pkcs/rsa-idea-cbc.pem similarity index 100% rename from tests/pem/rsa-idea-cbc.pem rename to tests/pem/pkcs/rsa-idea-cbc.pem diff --git a/tests/pem/rsa-idea-cfb.pem b/tests/pem/pkcs/rsa-idea-cfb.pem similarity index 100% rename from tests/pem/rsa-idea-cfb.pem rename to tests/pem/pkcs/rsa-idea-cfb.pem diff --git a/tests/pem/rsa-idea-ofb.pem b/tests/pem/pkcs/rsa-idea-ofb.pem similarity index 100% rename from tests/pem/rsa-idea-ofb.pem rename to tests/pem/pkcs/rsa-idea-ofb.pem diff --git a/tests/pem/rsa-pub.pem b/tests/pem/pkcs/rsa-pub.pem similarity index 100% rename from tests/pem/rsa-pub.pem rename to tests/pem/pkcs/rsa-pub.pem diff --git a/tests/pem/rsa-rc2-40-cbc.pem b/tests/pem/pkcs/rsa-rc2-40-cbc.pem similarity index 100% rename from tests/pem/rsa-rc2-40-cbc.pem rename to tests/pem/pkcs/rsa-rc2-40-cbc.pem diff --git a/tests/pem/rsa-rc2-64-cbc.pem b/tests/pem/pkcs/rsa-rc2-64-cbc.pem similarity index 100% rename from tests/pem/rsa-rc2-64-cbc.pem rename to tests/pem/pkcs/rsa-rc2-64-cbc.pem diff --git a/tests/pem/rsa-rc2-cbc.pem b/tests/pem/pkcs/rsa-rc2-cbc.pem similarity index 100% rename from tests/pem/rsa-rc2-cbc.pem rename to tests/pem/pkcs/rsa-rc2-cbc.pem diff --git a/tests/pem/rsa-rc2-cfb.pem b/tests/pem/pkcs/rsa-rc2-cfb.pem similarity index 100% rename from tests/pem/rsa-rc2-cfb.pem rename to tests/pem/pkcs/rsa-rc2-cfb.pem diff --git a/tests/pem/rsa-rc2-ofb.pem b/tests/pem/pkcs/rsa-rc2-ofb.pem similarity index 100% rename from tests/pem/rsa-rc2-ofb.pem rename to tests/pem/pkcs/rsa-rc2-ofb.pem diff --git a/tests/pem/rsa-rc5-cbc.pem b/tests/pem/pkcs/rsa-rc5-cbc.pem similarity index 100% rename from tests/pem/rsa-rc5-cbc.pem rename to tests/pem/pkcs/rsa-rc5-cbc.pem diff --git a/tests/pem/rsa-rc5-cfb.pem b/tests/pem/pkcs/rsa-rc5-cfb.pem similarity index 100% rename from tests/pem/rsa-rc5-cfb.pem rename to tests/pem/pkcs/rsa-rc5-cfb.pem diff --git a/tests/pem/rsa-rc5-ofb.pem b/tests/pem/pkcs/rsa-rc5-ofb.pem similarity index 100% rename from tests/pem/rsa-rc5-ofb.pem rename to tests/pem/pkcs/rsa-rc5-ofb.pem diff --git a/tests/pem/rsa-seed-cbc.pem b/tests/pem/pkcs/rsa-seed-cbc.pem similarity index 100% rename from tests/pem/rsa-seed-cbc.pem rename to tests/pem/pkcs/rsa-seed-cbc.pem diff --git a/tests/pem/rsa-seed-cfb.pem b/tests/pem/pkcs/rsa-seed-cfb.pem similarity index 100% rename from tests/pem/rsa-seed-cfb.pem rename to tests/pem/pkcs/rsa-seed-cfb.pem diff --git a/tests/pem/rsa-seed-ofb.pem b/tests/pem/pkcs/rsa-seed-ofb.pem similarity index 100% rename from tests/pem/rsa-seed-ofb.pem rename to tests/pem/pkcs/rsa-seed-ofb.pem diff --git a/tests/pem/rsa.pem b/tests/pem/pkcs/rsa.pem similarity index 100% rename from tests/pem/rsa.pem rename to tests/pem/pkcs/rsa.pem diff --git a/tests/pem/rsa.pk8 b/tests/pem/pkcs/rsa.pk8 similarity index 100% rename from tests/pem/rsa.pk8 rename to tests/pem/pkcs/rsa.pk8 diff --git a/tests/pem/unsupported/rsa-aes-128-cfb1.pem b/tests/pem/pkcs/unsupported/rsa-aes-128-cfb1.pem similarity index 100% rename from tests/pem/unsupported/rsa-aes-128-cfb1.pem rename to tests/pem/pkcs/unsupported/rsa-aes-128-cfb1.pem diff --git a/tests/pem/unsupported/rsa-aes-128-cfb8.pem b/tests/pem/pkcs/unsupported/rsa-aes-128-cfb8.pem similarity index 100% rename from tests/pem/unsupported/rsa-aes-128-cfb8.pem rename to tests/pem/pkcs/unsupported/rsa-aes-128-cfb8.pem diff --git a/tests/pem/unsupported/rsa-aes-192-cfb1.pem b/tests/pem/pkcs/unsupported/rsa-aes-192-cfb1.pem similarity index 100% rename from tests/pem/unsupported/rsa-aes-192-cfb1.pem rename to tests/pem/pkcs/unsupported/rsa-aes-192-cfb1.pem diff --git a/tests/pem/unsupported/rsa-aes-192-cfb8.pem b/tests/pem/pkcs/unsupported/rsa-aes-192-cfb8.pem similarity index 100% rename from tests/pem/unsupported/rsa-aes-192-cfb8.pem rename to tests/pem/pkcs/unsupported/rsa-aes-192-cfb8.pem diff --git a/tests/pem/unsupported/rsa-aes-256-cfb1.pem b/tests/pem/pkcs/unsupported/rsa-aes-256-cfb1.pem similarity index 100% rename from tests/pem/unsupported/rsa-aes-256-cfb1.pem rename to tests/pem/pkcs/unsupported/rsa-aes-256-cfb1.pem diff --git a/tests/pem/unsupported/rsa-aes-256-cfb8.pem b/tests/pem/pkcs/unsupported/rsa-aes-256-cfb8.pem similarity index 100% rename from tests/pem/unsupported/rsa-aes-256-cfb8.pem rename to tests/pem/pkcs/unsupported/rsa-aes-256-cfb8.pem diff --git a/tests/pem/unsupported/rsa-aria-128-cbc.pem b/tests/pem/pkcs/unsupported/rsa-aria-128-cbc.pem similarity index 100% rename from tests/pem/unsupported/rsa-aria-128-cbc.pem rename to tests/pem/pkcs/unsupported/rsa-aria-128-cbc.pem diff --git a/tests/pem/unsupported/rsa-aria-128-cfb.pem b/tests/pem/pkcs/unsupported/rsa-aria-128-cfb.pem similarity index 100% rename from tests/pem/unsupported/rsa-aria-128-cfb.pem rename to tests/pem/pkcs/unsupported/rsa-aria-128-cfb.pem diff --git a/tests/pem/unsupported/rsa-aria-128-cfb1.pem b/tests/pem/pkcs/unsupported/rsa-aria-128-cfb1.pem similarity index 100% rename from tests/pem/unsupported/rsa-aria-128-cfb1.pem rename to tests/pem/pkcs/unsupported/rsa-aria-128-cfb1.pem diff --git a/tests/pem/unsupported/rsa-aria-128-cfb8.pem b/tests/pem/pkcs/unsupported/rsa-aria-128-cfb8.pem similarity index 100% rename from tests/pem/unsupported/rsa-aria-128-cfb8.pem rename to tests/pem/pkcs/unsupported/rsa-aria-128-cfb8.pem diff --git a/tests/pem/unsupported/rsa-aria-128-ctr.pem b/tests/pem/pkcs/unsupported/rsa-aria-128-ctr.pem similarity index 100% rename from tests/pem/unsupported/rsa-aria-128-ctr.pem rename to tests/pem/pkcs/unsupported/rsa-aria-128-ctr.pem diff --git a/tests/pem/unsupported/rsa-aria-128-ofb.pem b/tests/pem/pkcs/unsupported/rsa-aria-128-ofb.pem similarity index 100% rename from tests/pem/unsupported/rsa-aria-128-ofb.pem rename to tests/pem/pkcs/unsupported/rsa-aria-128-ofb.pem diff --git a/tests/pem/unsupported/rsa-aria-192-cbc.pem b/tests/pem/pkcs/unsupported/rsa-aria-192-cbc.pem similarity index 100% rename from tests/pem/unsupported/rsa-aria-192-cbc.pem rename to tests/pem/pkcs/unsupported/rsa-aria-192-cbc.pem diff --git a/tests/pem/unsupported/rsa-aria-192-cfb.pem b/tests/pem/pkcs/unsupported/rsa-aria-192-cfb.pem similarity index 100% rename from tests/pem/unsupported/rsa-aria-192-cfb.pem rename to tests/pem/pkcs/unsupported/rsa-aria-192-cfb.pem diff --git a/tests/pem/unsupported/rsa-aria-192-cfb1.pem b/tests/pem/pkcs/unsupported/rsa-aria-192-cfb1.pem similarity index 100% rename from tests/pem/unsupported/rsa-aria-192-cfb1.pem rename to tests/pem/pkcs/unsupported/rsa-aria-192-cfb1.pem diff --git a/tests/pem/unsupported/rsa-aria-192-cfb8.pem b/tests/pem/pkcs/unsupported/rsa-aria-192-cfb8.pem similarity index 100% rename from tests/pem/unsupported/rsa-aria-192-cfb8.pem rename to tests/pem/pkcs/unsupported/rsa-aria-192-cfb8.pem diff --git a/tests/pem/unsupported/rsa-aria-192-ctr.pem b/tests/pem/pkcs/unsupported/rsa-aria-192-ctr.pem similarity index 100% rename from tests/pem/unsupported/rsa-aria-192-ctr.pem rename to tests/pem/pkcs/unsupported/rsa-aria-192-ctr.pem diff --git a/tests/pem/unsupported/rsa-aria-192-ofb.pem b/tests/pem/pkcs/unsupported/rsa-aria-192-ofb.pem similarity index 100% rename from tests/pem/unsupported/rsa-aria-192-ofb.pem rename to tests/pem/pkcs/unsupported/rsa-aria-192-ofb.pem diff --git a/tests/pem/unsupported/rsa-aria-256-cbc.pem b/tests/pem/pkcs/unsupported/rsa-aria-256-cbc.pem similarity index 100% rename from tests/pem/unsupported/rsa-aria-256-cbc.pem rename to tests/pem/pkcs/unsupported/rsa-aria-256-cbc.pem diff --git a/tests/pem/unsupported/rsa-aria-256-cfb.pem b/tests/pem/pkcs/unsupported/rsa-aria-256-cfb.pem similarity index 100% rename from tests/pem/unsupported/rsa-aria-256-cfb.pem rename to tests/pem/pkcs/unsupported/rsa-aria-256-cfb.pem diff --git a/tests/pem/unsupported/rsa-aria-256-cfb1.pem b/tests/pem/pkcs/unsupported/rsa-aria-256-cfb1.pem similarity index 100% rename from tests/pem/unsupported/rsa-aria-256-cfb1.pem rename to tests/pem/pkcs/unsupported/rsa-aria-256-cfb1.pem diff --git a/tests/pem/unsupported/rsa-aria-256-cfb8.pem b/tests/pem/pkcs/unsupported/rsa-aria-256-cfb8.pem similarity index 100% rename from tests/pem/unsupported/rsa-aria-256-cfb8.pem rename to tests/pem/pkcs/unsupported/rsa-aria-256-cfb8.pem diff --git a/tests/pem/unsupported/rsa-aria-256-ctr.pem b/tests/pem/pkcs/unsupported/rsa-aria-256-ctr.pem similarity index 100% rename from tests/pem/unsupported/rsa-aria-256-ctr.pem rename to tests/pem/pkcs/unsupported/rsa-aria-256-ctr.pem diff --git a/tests/pem/unsupported/rsa-aria-256-ofb.pem b/tests/pem/pkcs/unsupported/rsa-aria-256-ofb.pem similarity index 100% rename from tests/pem/unsupported/rsa-aria-256-ofb.pem rename to tests/pem/pkcs/unsupported/rsa-aria-256-ofb.pem diff --git a/tests/pem/unsupported/rsa-camellia-128-cfb1.pem b/tests/pem/pkcs/unsupported/rsa-camellia-128-cfb1.pem similarity index 100% rename from tests/pem/unsupported/rsa-camellia-128-cfb1.pem rename to tests/pem/pkcs/unsupported/rsa-camellia-128-cfb1.pem diff --git a/tests/pem/unsupported/rsa-camellia-128-cfb8.pem b/tests/pem/pkcs/unsupported/rsa-camellia-128-cfb8.pem similarity index 100% rename from tests/pem/unsupported/rsa-camellia-128-cfb8.pem rename to tests/pem/pkcs/unsupported/rsa-camellia-128-cfb8.pem diff --git a/tests/pem/unsupported/rsa-camellia-192-cfb1.pem b/tests/pem/pkcs/unsupported/rsa-camellia-192-cfb1.pem similarity index 100% rename from tests/pem/unsupported/rsa-camellia-192-cfb1.pem rename to tests/pem/pkcs/unsupported/rsa-camellia-192-cfb1.pem diff --git a/tests/pem/unsupported/rsa-camellia-192-cfb8.pem b/tests/pem/pkcs/unsupported/rsa-camellia-192-cfb8.pem similarity index 100% rename from tests/pem/unsupported/rsa-camellia-192-cfb8.pem rename to tests/pem/pkcs/unsupported/rsa-camellia-192-cfb8.pem diff --git a/tests/pem/unsupported/rsa-camellia-256-cfb1.pem b/tests/pem/pkcs/unsupported/rsa-camellia-256-cfb1.pem similarity index 100% rename from tests/pem/unsupported/rsa-camellia-256-cfb1.pem rename to tests/pem/pkcs/unsupported/rsa-camellia-256-cfb1.pem diff --git a/tests/pem/unsupported/rsa-camellia-256-cfb8.pem b/tests/pem/pkcs/unsupported/rsa-camellia-256-cfb8.pem similarity index 100% rename from tests/pem/unsupported/rsa-camellia-256-cfb8.pem rename to tests/pem/pkcs/unsupported/rsa-camellia-256-cfb8.pem diff --git a/tests/pem/unsupported/rsa-chacha20.pem b/tests/pem/pkcs/unsupported/rsa-chacha20.pem similarity index 100% rename from tests/pem/unsupported/rsa-chacha20.pem rename to tests/pem/pkcs/unsupported/rsa-chacha20.pem diff --git a/tests/pem/unsupported/rsa-des-cfb1.pem b/tests/pem/pkcs/unsupported/rsa-des-cfb1.pem similarity index 100% rename from tests/pem/unsupported/rsa-des-cfb1.pem rename to tests/pem/pkcs/unsupported/rsa-des-cfb1.pem diff --git a/tests/pem/unsupported/rsa-des-cfb8.pem b/tests/pem/pkcs/unsupported/rsa-des-cfb8.pem similarity index 100% rename from tests/pem/unsupported/rsa-des-cfb8.pem rename to tests/pem/pkcs/unsupported/rsa-des-cfb8.pem diff --git a/tests/pem/unsupported/rsa-des-ede-cbc.pem b/tests/pem/pkcs/unsupported/rsa-des-ede-cbc.pem similarity index 100% rename from tests/pem/unsupported/rsa-des-ede-cbc.pem rename to tests/pem/pkcs/unsupported/rsa-des-ede-cbc.pem diff --git a/tests/pem/unsupported/rsa-des-ede-cfb.pem b/tests/pem/pkcs/unsupported/rsa-des-ede-cfb.pem similarity index 100% rename from tests/pem/unsupported/rsa-des-ede-cfb.pem rename to tests/pem/pkcs/unsupported/rsa-des-ede-cfb.pem diff --git a/tests/pem/unsupported/rsa-des-ede-ofb.pem b/tests/pem/pkcs/unsupported/rsa-des-ede-ofb.pem similarity index 100% rename from tests/pem/unsupported/rsa-des-ede-ofb.pem rename to tests/pem/pkcs/unsupported/rsa-des-ede-ofb.pem diff --git a/tests/pem/unsupported/rsa-des-ede3-cfb1.pem b/tests/pem/pkcs/unsupported/rsa-des-ede3-cfb1.pem similarity index 100% rename from tests/pem/unsupported/rsa-des-ede3-cfb1.pem rename to tests/pem/pkcs/unsupported/rsa-des-ede3-cfb1.pem diff --git a/tests/pem/unsupported/rsa-des-ede3-cfb8.pem b/tests/pem/pkcs/unsupported/rsa-des-ede3-cfb8.pem similarity index 100% rename from tests/pem/unsupported/rsa-des-ede3-cfb8.pem rename to tests/pem/pkcs/unsupported/rsa-des-ede3-cfb8.pem diff --git a/tests/pem/unsupported/rsa-desx-cbc.pem b/tests/pem/pkcs/unsupported/rsa-desx-cbc.pem similarity index 100% rename from tests/pem/unsupported/rsa-desx-cbc.pem rename to tests/pem/pkcs/unsupported/rsa-desx-cbc.pem diff --git a/tests/pem/x25519-encrypted.pk8 b/tests/pem/pkcs/x25519-encrypted.pk8 similarity index 100% rename from tests/pem/x25519-encrypted.pk8 rename to tests/pem/pkcs/x25519-encrypted.pk8 diff --git a/tests/pem/x25519-pub.pem b/tests/pem/pkcs/x25519-pub.pem similarity index 100% rename from tests/pem/x25519-pub.pem rename to tests/pem/pkcs/x25519-pub.pem diff --git a/tests/pem/pubkeys/ssh_dsa_1024_openssh.pub b/tests/pem/pubkeys/ssh_dsa_1024_openssh.pub new file mode 100755 index 000000000..db98529d0 --- /dev/null +++ b/tests/pem/pubkeys/ssh_dsa_1024_openssh.pub @@ -0,0 +1 @@ +ssh-dss AAAAB3NzaC1kc3MAAACBAKU8/avmkFeGnSqwYG7dZnQlG+01QNaxu3F5v0NcL/SRUW7IdpUq8t14siK0mA6yjphLhOf5t8gugTEVBllP86ANSbFigH7WN3v6ydJWqm60pNhNHN//50cnNtIsXbxeq3VtsI64pkH1OJqeZDHLmu73k4T0EKOzsylSfF/wtVBJAAAAFQChpubLHViwPB+jSvUb8e4THS7PBQAAAIAJD1PMCiTCQa1xyD/NCWOajCufTOIzKAhm6l+nlBVPiKI+262XpYt127Ke4mPL8XJBizoTjSQN08uHMg/8L6W/cdO2aZ+mhkBnS1xAm83DAwqLrDraR1w/4QRFxr5Vbyy8qnejrPjTJobBN1BGsv84wHkjmoCn6pFIfkGYeATlJgAAAIAHYPU1zMVBTDWru7SNC4G2UyWGWYYLjLytBVHfQmBa51CmqrSs2kCfGLGA1ynfYENsxcJq9nsXrb4i17H5BHJFkH0g7BUDpeBeLr8gsK3WgfqWwtZsDkltObw9chUD/siK6q/dk/fSIB2Ho0inev7k68Z5ZkNI4XOwuEssAVhmwA== This is a test key! diff --git a/tests/pem/pubkeys/ssh_dsa_1024_pkcs8.pub b/tests/pem/pubkeys/ssh_dsa_1024_pkcs8.pub new file mode 100755 index 000000000..40b1e3b3d --- /dev/null +++ b/tests/pem/pubkeys/ssh_dsa_1024_pkcs8.pub @@ -0,0 +1,12 @@ +-----BEGIN PUBLIC KEY----- +MIIBtjCCASsGByqGSM44BAEwggEeAoGBAKU8/avmkFeGnSqwYG7dZnQlG+01QNax +u3F5v0NcL/SRUW7IdpUq8t14siK0mA6yjphLhOf5t8gugTEVBllP86ANSbFigH7W +N3v6ydJWqm60pNhNHN//50cnNtIsXbxeq3VtsI64pkH1OJqeZDHLmu73k4T0EKOz +sylSfF/wtVBJAhUAoabmyx1YsDwfo0r1G/HuEx0uzwUCgYAJD1PMCiTCQa1xyD/N +CWOajCufTOIzKAhm6l+nlBVPiKI+262XpYt127Ke4mPL8XJBizoTjSQN08uHMg/8 +L6W/cdO2aZ+mhkBnS1xAm83DAwqLrDraR1w/4QRFxr5Vbyy8qnejrPjTJobBN1BG +sv84wHkjmoCn6pFIfkGYeATlJgOBhAACgYAHYPU1zMVBTDWru7SNC4G2UyWGWYYL +jLytBVHfQmBa51CmqrSs2kCfGLGA1ynfYENsxcJq9nsXrb4i17H5BHJFkH0g7BUD +peBeLr8gsK3WgfqWwtZsDkltObw9chUD/siK6q/dk/fSIB2Ho0inev7k68Z5ZkNI +4XOwuEssAVhmwA== +-----END PUBLIC KEY----- diff --git a/tests/pem/pubkeys/ssh_dsa_1024_rfc4716.pub b/tests/pem/pubkeys/ssh_dsa_1024_rfc4716.pub new file mode 100755 index 000000000..f0c3d6f5f --- /dev/null +++ b/tests/pem/pubkeys/ssh_dsa_1024_rfc4716.pub @@ -0,0 +1,12 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +Comment: "1024-bit DSA, converted by miko@YUE from OpenSSH" +AAAAB3NzaC1kc3MAAACBAKU8/avmkFeGnSqwYG7dZnQlG+01QNaxu3F5v0NcL/SRUW7Idp +Uq8t14siK0mA6yjphLhOf5t8gugTEVBllP86ANSbFigH7WN3v6ydJWqm60pNhNHN//50cn +NtIsXbxeq3VtsI64pkH1OJqeZDHLmu73k4T0EKOzsylSfF/wtVBJAAAAFQChpubLHViwPB ++jSvUb8e4THS7PBQAAAIAJD1PMCiTCQa1xyD/NCWOajCufTOIzKAhm6l+nlBVPiKI+262X +pYt127Ke4mPL8XJBizoTjSQN08uHMg/8L6W/cdO2aZ+mhkBnS1xAm83DAwqLrDraR1w/4Q +RFxr5Vbyy8qnejrPjTJobBN1BGsv84wHkjmoCn6pFIfkGYeATlJgAAAIAHYPU1zMVBTDWr +u7SNC4G2UyWGWYYLjLytBVHfQmBa51CmqrSs2kCfGLGA1ynfYENsxcJq9nsXrb4i17H5BH +JFkH0g7BUDpeBeLr8gsK3WgfqWwtZsDkltObw9chUD/siK6q/dk/fSIB2Ho0inev7k68Z5 +ZkNI4XOwuEssAVhmwA== +---- END SSH2 PUBLIC KEY ---- diff --git a/tests/pem/pubkeys/ssh_ecdsa_256_openssh.pub b/tests/pem/pubkeys/ssh_ecdsa_256_openssh.pub new file mode 100755 index 000000000..703b53d2b --- /dev/null +++ b/tests/pem/pubkeys/ssh_ecdsa_256_openssh.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI4QIXX6Mg0NWD6OvWqb/L88sTs56hqs5sXkAh6vr9NleFczaijCUyn/9qLz/CfWg1pqj3KgOiFZ4ByT3xYfJIs= This is a test key! diff --git a/tests/pem/pubkeys/ssh_ecdsa_256_pkcs8.pub b/tests/pem/pubkeys/ssh_ecdsa_256_pkcs8.pub new file mode 100755 index 000000000..9bfb613fe --- /dev/null +++ b/tests/pem/pubkeys/ssh_ecdsa_256_pkcs8.pub @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjhAhdfoyDQ1YPo69apv8vzyxOznq +GqzmxeQCHq+v02V4VzNqKMJTKf/2ovP8J9aDWmqPcqA6IVngHJPfFh8kiw== +-----END PUBLIC KEY----- diff --git a/tests/ssh/extra/ecdsa256-public.pem b/tests/pem/pubkeys/ssh_ecdsa_256_rfc4716.pub old mode 100644 new mode 100755 similarity index 100% rename from tests/ssh/extra/ecdsa256-public.pem rename to tests/pem/pubkeys/ssh_ecdsa_256_rfc4716.pub diff --git a/tests/pem/pubkeys/ssh_ecdsa_384_openssh.pub b/tests/pem/pubkeys/ssh_ecdsa_384_openssh.pub new file mode 100755 index 000000000..e9d932ed4 --- /dev/null +++ b/tests/pem/pubkeys/ssh_ecdsa_384_openssh.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJZCFyqAiU2okJefOdynhpMGIakbXkkmywbUzl4jfAdCUaQg+lFDVrO5GSk4NlERd8iFqT++/fvydsCc2gkTr2H7HCLVbiEezPiqXBq0dckzBymK2LCHM9BkJtuOm4hmNA== This is a test key! diff --git a/tests/pem/pubkeys/ssh_ecdsa_384_pkcs8.pub b/tests/pem/pubkeys/ssh_ecdsa_384_pkcs8.pub new file mode 100755 index 000000000..df2cbfb4d --- /dev/null +++ b/tests/pem/pubkeys/ssh_ecdsa_384_pkcs8.pub @@ -0,0 +1,5 @@ +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAElkIXKoCJTaiQl5853KeGkwYhqRteSSbL +BtTOXiN8B0JRpCD6UUNWs7kZKTg2URF3yIWpP779+/J2wJzaCROvYfscItVuIR7M ++KpcGrR1yTMHKYrYsIcz0GQm246biGY0 +-----END PUBLIC KEY----- diff --git a/tests/pem/pubkeys/ssh_ecdsa_384_rfc4716.pub b/tests/pem/pubkeys/ssh_ecdsa_384_rfc4716.pub new file mode 100755 index 000000000..8f1530e90 --- /dev/null +++ b/tests/pem/pubkeys/ssh_ecdsa_384_rfc4716.pub @@ -0,0 +1,6 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +Comment: "384-bit ECDSA, converted by miko@YUE from OpenSSH" +AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJZCFyqAiU2okJefOd +ynhpMGIakbXkkmywbUzl4jfAdCUaQg+lFDVrO5GSk4NlERd8iFqT++/fvydsCc2gkTr2H7 +HCLVbiEezPiqXBq0dckzBymK2LCHM9BkJtuOm4hmNA== +---- END SSH2 PUBLIC KEY ---- diff --git a/tests/pem/pubkeys/ssh_ecdsa_521_openssh.pub b/tests/pem/pubkeys/ssh_ecdsa_521_openssh.pub new file mode 100755 index 000000000..b2c6e5b43 --- /dev/null +++ b/tests/pem/pubkeys/ssh_ecdsa_521_openssh.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFk35srteP9twCwYKvU9ovMBi77Dd6lEBPrFaMEb0CZdZ5MC3nSqflGHRWkSbUpjdPdO7cYQNpK9YXHbNSO5hbU1gFZgyiGFxwJYYz8NAjedBXMgyH4JWplK5FQm5P5cvaglItC9qkKioUXhCc67YMYBtivXlUe0PgIq6kbHTqbX6+5Nw== This is a test key! diff --git a/tests/pem/pubkeys/ssh_ecdsa_521_pkcs8.pub b/tests/pem/pubkeys/ssh_ecdsa_521_pkcs8.pub new file mode 100755 index 000000000..a84b585b0 --- /dev/null +++ b/tests/pem/pubkeys/ssh_ecdsa_521_pkcs8.pub @@ -0,0 +1,6 @@ +-----BEGIN PUBLIC KEY----- +MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBZN+bK7Xj/bcAsGCr1PaLzAYu+w3e +pRAT6xWjBG9AmXWeTAt50qn5Rh0VpEm1KY3T3Tu3GEDaSvWFx2zUjuYW1NYBWYMo +hhccCWGM/DQI3nQVzIMh+CVqZSuRUJuT+XL2oJSLQvapCoqFF4QnOu2DGAbYr15V +HtD4CKupGx06m1+vuTc= +-----END PUBLIC KEY----- diff --git a/tests/pem/pubkeys/ssh_ecdsa_521_rfc4716.pub b/tests/pem/pubkeys/ssh_ecdsa_521_rfc4716.pub new file mode 100755 index 000000000..dd00a57cf --- /dev/null +++ b/tests/pem/pubkeys/ssh_ecdsa_521_rfc4716.pub @@ -0,0 +1,7 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +Comment: "521-bit ECDSA, converted by miko@YUE from OpenSSH" +AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFk35srteP9twCwYK +vU9ovMBi77Dd6lEBPrFaMEb0CZdZ5MC3nSqflGHRWkSbUpjdPdO7cYQNpK9YXHbNSO5hbU +1gFZgyiGFxwJYYz8NAjedBXMgyH4JWplK5FQm5P5cvaglItC9qkKioUXhCc67YMYBtivXl +Ue0PgIq6kbHTqbX6+5Nw== +---- END SSH2 PUBLIC KEY ---- diff --git a/tests/pem/pubkeys/ssh_ed25519_openssh.pub b/tests/pem/pubkeys/ssh_ed25519_openssh.pub new file mode 100755 index 000000000..2727b1f7f --- /dev/null +++ b/tests/pem/pubkeys/ssh_ed25519_openssh.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0XsiFcRDp6Hpsoak8OdiiBMJhM2UKszNTxoGS7dJ++ This is a test key! diff --git a/tests/pem/pubkeys/ssh_ed25519_rfc4716.pub b/tests/pem/pubkeys/ssh_ed25519_rfc4716.pub new file mode 100755 index 000000000..7a6fec195 --- /dev/null +++ b/tests/pem/pubkeys/ssh_ed25519_rfc4716.pub @@ -0,0 +1,4 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +Comment: "256-bit ED25519, converted by miko@YUE from OpenSSH" +AAAAC3NzaC1lZDI1NTE5AAAAIL0XsiFcRDp6Hpsoak8OdiiBMJhM2UKszNTxoGS7dJ++ +---- END SSH2 PUBLIC KEY ---- diff --git a/tests/pem/pubkeys/ssh_rsa_1024_openssh.pub b/tests/pem/pubkeys/ssh_rsa_1024_openssh.pub new file mode 100755 index 000000000..4882f64c0 --- /dev/null +++ b/tests/pem/pubkeys/ssh_rsa_1024_openssh.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC458k0igFgcvkrDjUKo0gIgPW0+7QEPck7/DXIpGAkHzHDTQLu7/IzxBDCL7iQhF2eQwaR/s9SXjs2DV/OT3SXM3QjJO4PS3nHkzfP7Zjqm9LGSicBgR8x5LPmxoNVA3qOInMP5xhhgbKYYusuBMAlpEgq/T9uCvLIuvRnGhBTDw== This is a test key! diff --git a/tests/pem/pubkeys/ssh_rsa_1024_pkcs8.pub b/tests/pem/pubkeys/ssh_rsa_1024_pkcs8.pub new file mode 100755 index 000000000..f363b2071 --- /dev/null +++ b/tests/pem/pubkeys/ssh_rsa_1024_pkcs8.pub @@ -0,0 +1,6 @@ +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC458k0igFgcvkrDjUKo0gIgPW0 ++7QEPck7/DXIpGAkHzHDTQLu7/IzxBDCL7iQhF2eQwaR/s9SXjs2DV/OT3SXM3Qj +JO4PS3nHkzfP7Zjqm9LGSicBgR8x5LPmxoNVA3qOInMP5xhhgbKYYusuBMAlpEgq +/T9uCvLIuvRnGhBTDwIDAQAB +-----END PUBLIC KEY----- diff --git a/tests/ssh/extra/rsa-public.pem b/tests/pem/pubkeys/ssh_rsa_1024_rfc4716.pub old mode 100644 new mode 100755 similarity index 100% rename from tests/ssh/extra/rsa-public.pem rename to tests/pem/pubkeys/ssh_rsa_1024_rfc4716.pub diff --git a/tests/pem/pubkeys/ssh_rsa_1536_openssh.pub b/tests/pem/pubkeys/ssh_rsa_1536_openssh.pub new file mode 100755 index 000000000..d0572a345 --- /dev/null +++ b/tests/pem/pubkeys/ssh_rsa_1536_openssh.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAwQCkYHef/kFhdtEwG4YZfanYY92cmDX9gqw7OE2dxMyQyj5Eyn/ztaIIERJGv2BG7TlEi8Gd83wFvSrqk4diHycQm2FbLtp258buy/PYCY3cvxYL1imUxt6aPeLphzxQpt2dSwCom6M5Dq/sxB4YV+lvVpWZEuIFzsfGtqiLO7U4x80lXC1430MtN5Z6nYTOVtktYkFJCmMSThYice6L4RHdTNejQZlmKGfLEKeR3wTwBIfLO9XFkSlHz2Uk4q/Clr0= This is a test key! diff --git a/tests/pem/pubkeys/ssh_rsa_1536_pkcs8.pub b/tests/pem/pubkeys/ssh_rsa_1536_pkcs8.pub new file mode 100755 index 000000000..05df4c678 --- /dev/null +++ b/tests/pem/pubkeys/ssh_rsa_1536_pkcs8.pub @@ -0,0 +1,7 @@ +-----BEGIN PUBLIC KEY----- +MIHfMA0GCSqGSIb3DQEBAQUAA4HNADCByQKBwQCkYHef/kFhdtEwG4YZfanYY92c +mDX9gqw7OE2dxMyQyj5Eyn/ztaIIERJGv2BG7TlEi8Gd83wFvSrqk4diHycQm2Fb +Ltp258buy/PYCY3cvxYL1imUxt6aPeLphzxQpt2dSwCom6M5Dq/sxB4YV+lvVpWZ +EuIFzsfGtqiLO7U4x80lXC1430MtN5Z6nYTOVtktYkFJCmMSThYice6L4RHdTNej +QZlmKGfLEKeR3wTwBIfLO9XFkSlHz2Uk4q/Clr0CAwEAAQ== +-----END PUBLIC KEY----- diff --git a/tests/pem/pubkeys/ssh_rsa_1536_rfc4716.pub b/tests/pem/pubkeys/ssh_rsa_1536_rfc4716.pub new file mode 100755 index 000000000..b5ed41451 --- /dev/null +++ b/tests/pem/pubkeys/ssh_rsa_1536_rfc4716.pub @@ -0,0 +1,8 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +Comment: "1536-bit RSA, converted by miko@YUE from OpenSSH" +AAAAB3NzaC1yc2EAAAADAQABAAAAwQCkYHef/kFhdtEwG4YZfanYY92cmDX9gqw7OE2dxM +yQyj5Eyn/ztaIIERJGv2BG7TlEi8Gd83wFvSrqk4diHycQm2FbLtp258buy/PYCY3cvxYL +1imUxt6aPeLphzxQpt2dSwCom6M5Dq/sxB4YV+lvVpWZEuIFzsfGtqiLO7U4x80lXC1430 +MtN5Z6nYTOVtktYkFJCmMSThYice6L4RHdTNejQZlmKGfLEKeR3wTwBIfLO9XFkSlHz2Uk +4q/Clr0= +---- END SSH2 PUBLIC KEY ---- diff --git a/tests/pem/pubkeys/ssh_rsa_2048_openssh.pub b/tests/pem/pubkeys/ssh_rsa_2048_openssh.pub new file mode 100755 index 000000000..9829973d0 --- /dev/null +++ b/tests/pem/pubkeys/ssh_rsa_2048_openssh.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdxjN0+2xc7pdreBqYc/mDRC8OuWrS7wre5fEUBpylorQjbhtUVUU+Ox/6RSZbbeNg3EvcWTT7NQY71w7LGSgiNK9bgU1K1516zpvY0F2IGgx9xZvvIJVELSXQRFgIBSFesamVZvJRd5+szgq1jmMTibo9fyPJoZLPys5SFxPHDeyKUz8lzYHVmuOhzOhSjSNHQGVP0Hoe8N7dQaFU40A8JSsUh567vgjXlts13KErGaBey244oe4J+xlwzWHsigAj1DoCGMaDdSQ8WfE/BEUJq5mNEp+GxQe4hHMwbbg2RJZZ8kFRKOiCUicQkVCFA3yWao+5odcgyI03sqfnrgkb This is a test key! diff --git a/tests/pem/pubkeys/ssh_rsa_2048_pkcs8.pub b/tests/pem/pubkeys/ssh_rsa_2048_pkcs8.pub new file mode 100755 index 000000000..9c1695be8 --- /dev/null +++ b/tests/pem/pubkeys/ssh_rsa_2048_pkcs8.pub @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3cYzdPtsXO6Xa3gamHP5 +g0QvDrlq0u8K3uXxFAacpaK0I24bVFVFPjsf+kUmW23jYNxL3Fk0+zUGO9cOyxko +IjSvW4FNStedes6b2NBdiBoMfcWb7yCVRC0l0ERYCAUhXrGplWbyUXefrM4KtY5j +E4m6PX8jyaGSz8rOUhcTxw3silM/Jc2B1ZrjoczoUo0jR0BlT9B6HvDe3UGhVONA +PCUrFIeeu74I15bbNdyhKxmgXstuOKHuCfsZcM1h7IoAI9Q6AhjGg3UkPFnxPwRF +CauZjRKfhsUHuIRzMG24NkSWWfJBUSjoglInEJFQhQN8lmqPuaHXIMiNN7Kn564J +GwIDAQAB +-----END PUBLIC KEY----- diff --git a/tests/pem/pubkeys/ssh_rsa_2048_rfc4716.pub b/tests/pem/pubkeys/ssh_rsa_2048_rfc4716.pub new file mode 100755 index 000000000..f1d63d89d --- /dev/null +++ b/tests/pem/pubkeys/ssh_rsa_2048_rfc4716.pub @@ -0,0 +1,9 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +Comment: "2048-bit RSA, converted by miko@YUE from OpenSSH" +AAAAB3NzaC1yc2EAAAADAQABAAABAQDdxjN0+2xc7pdreBqYc/mDRC8OuWrS7wre5fEUBp +ylorQjbhtUVUU+Ox/6RSZbbeNg3EvcWTT7NQY71w7LGSgiNK9bgU1K1516zpvY0F2IGgx9 +xZvvIJVELSXQRFgIBSFesamVZvJRd5+szgq1jmMTibo9fyPJoZLPys5SFxPHDeyKUz8lzY +HVmuOhzOhSjSNHQGVP0Hoe8N7dQaFU40A8JSsUh567vgjXlts13KErGaBey244oe4J+xlw +zWHsigAj1DoCGMaDdSQ8WfE/BEUJq5mNEp+GxQe4hHMwbbg2RJZZ8kFRKOiCUicQkVCFA3 +yWao+5odcgyI03sqfnrgkb +---- END SSH2 PUBLIC KEY ---- diff --git a/tests/pem/pubkeys/ssh_rsa_4096_openssh.pub b/tests/pem/pubkeys/ssh_rsa_4096_openssh.pub new file mode 100755 index 000000000..e36f673d9 --- /dev/null +++ b/tests/pem/pubkeys/ssh_rsa_4096_openssh.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjoUqRX9tJ6YVj+E7Y0D9oy2SCUtoLmNqovMOc/bWB+Fg8GgEQNp99XvH6p+/XDIY4Mm91Q9o1rydWnAnHKs/9LOySpOUNbbflDsFstN8ZrqqyuPiIoZqawQvYexk0/0ZyNckA9fWAKZDJom1N5DutBK55Dgq40yHkpAB6nlqdWLY8Iab0V4LKTtNBGydrdPR8A10I54kDkFxx82NOZNJ9hq7QYYJDsL5Le/fB+PqIksP5qo2lfaPJe9xtx7m4+FIJRQQOLrFef/K0tO1Zv0U5dVNHmWWhyTN4tnwoEX4pZ7YkHHemcBFiX4xt70/zpvG5cuIPMwJIA5P72w7A5ifKSoTLrkQGy7yW/ezyxrm42Ng5jNQb+jsiuQhcnU/IKip7xO1K2zxSPhcwDRRIPGGwkCfMrr5PG4EVn9PJCeW/ydQpOm4ysJay8AZxyQohP1jRasus+qUGovOHD6rjiDrg0lDpJY7Cf6EtPU/Z0GFyf5WY4952lRiawIXLi0VOAexG/s/n+eIiwTiFOtnmURjRjLJ3TlkVy/C9Iw6TBaJsF9DW/MN4BeYMSAVodVjqWJyLQc7ulbymguMuNnkhDjQ1XR0SXNw9fzT9lE+NC+EOwxysOu+y9ErV6lA8mExwtmu/a9zHUnyunXUz8ZVFh6mUhP0Tc7X/F/Q2XTTxzzC4jw== This is a test key! diff --git a/tests/pem/pubkeys/ssh_rsa_768_openssh.pub b/tests/pem/pubkeys/ssh_rsa_768_openssh.pub new file mode 100644 index 000000000..babf94658 --- /dev/null +++ b/tests/pem/pubkeys/ssh_rsa_768_openssh.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAYQDYebeGQFCnlQiNRE7r9UEbjr+DQMTdw1ZHGB2w6xD/DzKem8761GdCpqsLrGaw2D7aSIoP1B5Sz870YoVWHn6Ao7Hvm17V3Kxfn4B01GNQTM5+L26mdYs5iJNGu/ltUdc= comment for rsa/768 key diff --git a/tests/pem/pubkeys/ssh_rsa_768_pkcs8.pub b/tests/pem/pubkeys/ssh_rsa_768_pkcs8.pub new file mode 100644 index 000000000..d671a61ce --- /dev/null +++ b/tests/pem/pubkeys/ssh_rsa_768_pkcs8.pub @@ -0,0 +1,5 @@ +-----BEGIN PUBLIC KEY----- +MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhANh5t4ZAUKeVCI1ETuv1QRuOv4NAxN3D +VkcYHbDrEP8PMp6bzvrUZ0KmqwusZrDYPtpIig/UHlLPzvRihVYefoCjse+bXtXc +rF+fgHTUY1BMzn4vbqZ1izmIk0a7+W1R1wIDAQAB +-----END PUBLIC KEY----- diff --git a/tests/pem/pubkeys/ssh_rsa_768_rfc4716.pub b/tests/pem/pubkeys/ssh_rsa_768_rfc4716.pub new file mode 100644 index 000000000..fb889631b --- /dev/null +++ b/tests/pem/pubkeys/ssh_rsa_768_rfc4716.pub @@ -0,0 +1,6 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +Comment: "768-bit RSA, converted by miko@HIROKO from OpenSSH" +AAAAB3NzaC1yc2EAAAADAQABAAAAYQDYebeGQFCnlQiNRE7r9UEbjr+DQMTdw1ZHGB2w6x +D/DzKem8761GdCpqsLrGaw2D7aSIoP1B5Sz870YoVWHn6Ao7Hvm17V3Kxfn4B01GNQTM5+ +L26mdYs5iJNGu/ltUdc= +---- END SSH2 PUBLIC KEY ---- diff --git a/tests/pem/pubkeys/ssh_rsa_8192_openssh.pub b/tests/pem/pubkeys/ssh_rsa_8192_openssh.pub new file mode 100755 index 000000000..65a15e1a2 --- /dev/null +++ b/tests/pem/pubkeys/ssh_rsa_8192_openssh.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCpX3u2NWcx7n4Hoe7/AYqLItYRwcstbTuve0yTZ6HHcwKs6RChChunSVne2fkxecuLdpiAZNrdja7sQxqL0wDi+vjWucLml0hDQ2ipPy4/849DmQeNVh11oRoUkA6HpI5oSr5LTJGpXinT/CRMP3lU4oM7GXwyOslHBJsQz3xwiZgjC9dsU06FrZLxby0noB5EkGYHWIU7TABogVrl+q8aqiFIli6oUW4QGlefQNbv1yn/P1xkk/JDpN7BZW7XX1cbAc19p+MqVuMekI34bjHMoVU5evY4WqmtfWRIoounAclCuiOue/qrYMoXwo64JrMaX19nIl65jrDqfjCtRQtWq6i9D/pTF2LzERgEkLU9xV6stIXKkcpjyErBrvlKlRHdXWhkGN1XonTK32GSPOxsDkRsyjOCrfMlTkcuOunIBKzpFWF0N9m6H6jh/mDdatvQ1t72clgTgQI1rrtxh4RzbiKThq7GEuQn5aVjsj/Z0q+qeY71t7lNF1kaaLa44kPWcmSMqv9us0U90mgSn+J/KtFnBBDzs4gQsn54BEyZUhF/qOl4FfpgzR6+KzdQRfXlGY2LFHTlPbdyJnsBlRs3ld2W3lghbNNi4VZsLt0syDdyaW2wr3atWlFsq5XxkGY7/lyRzHlWRCIAbSSZgDz/aWBBdpvg54AtIvRJysO1nZdfD0b1NLjD8oGt3hftWyUn/6/UigW36AfqgsJjHly2mpSW53lYJHktsrPfrQDNT3J/SftKpGTjU5Rwxz41JSQwEifM5LomG/MGrw5+kJGdp4GhlRSqf25lR3BRSjSI6r7ofYPGOCSc9TWjnEifv1HtcH08mzd92Bu6WXCWFpXxerf9oLSWYlZDLUl9nxdpclGaqQyyVXwFWKKUieu0+wg/u2YryrQ1JgTsAlWFYh8/So9yWyqXcwFkKpL0cWf1sRbRTuLzhUIyc31MNWyVN1P+j1HGKEveKVfGTxiaNx8qxEFlsssNVmFwHvLB7sX7P8hMXjZxevTekKLkKR+//EEQp8qwjHDlOPWm1tQPuKMHsbDcjxyXqFO6HMEJhfeV0OWK6tBMlypSjM8+8fmqFBSiJGmXM1S0v/8S6D2Q/3OrnFD5XLOsuubTYeSqJNzIaLSNvHvGk1tJRqc4qQjDRXI8ZQ+QGZJBl3ejHUM9f1cNMApCom4RfcZqvK0NTesb4OhFF7K3V8Bb6DfYaW76TtJQYtN/sGAweSrifzXZ3XaBHelCrh91kozzKrEcJYeGtUfR9o823U3pTk5bX7QvECgLuP6G5L8Lc6V8VI8iXhV6SfEVN9ecwh6nLsUHimqS5IvdynbqQ9rj3+ZhaVQiHmrF1n3jrxnEIY0IWSUdUwH5 This is a test key! diff --git a/tests/ssh/extra/dsa-private.pem b/tests/pem/ssh/extra/dsa-private.pem similarity index 100% rename from tests/ssh/extra/dsa-private.pem rename to tests/pem/ssh/extra/dsa-private.pem diff --git a/tests/ssh/extra/dsa-public.pem b/tests/pem/ssh/extra/dsa-public.pem similarity index 100% rename from tests/ssh/extra/dsa-public.pem rename to tests/pem/ssh/extra/dsa-public.pem diff --git a/tests/pem/ssh/extra/ecdsa256-public.pem b/tests/pem/ssh/extra/ecdsa256-public.pem new file mode 100644 index 000000000..f7c3e9b94 --- /dev/null +++ b/tests/pem/ssh/extra/ecdsa256-public.pem @@ -0,0 +1,5 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +Comment: "256-bit ECDSA, converted by miko@YUE from OpenSSH" +AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI4QIXX6Mg0NWD6OvW +qb/L88sTs56hqs5sXkAh6vr9NleFczaijCUyn/9qLz/CfWg1pqj3KgOiFZ4ByT3xYfJIs= +---- END SSH2 PUBLIC KEY ---- diff --git a/tests/pem/ssh/extra/rsa-public.pem b/tests/pem/ssh/extra/rsa-public.pem new file mode 100644 index 000000000..cb051bb4f --- /dev/null +++ b/tests/pem/ssh/extra/rsa-public.pem @@ -0,0 +1,6 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +Comment: "1024-bit RSA, converted by miko@YUE from OpenSSH" +AAAAB3NzaC1yc2EAAAADAQABAAAAgQC458k0igFgcvkrDjUKo0gIgPW0+7QEPck7/DXIpG +AkHzHDTQLu7/IzxBDCL7iQhF2eQwaR/s9SXjs2DV/OT3SXM3QjJO4PS3nHkzfP7Zjqm9LG +SicBgR8x5LPmxoNVA3qOInMP5xhhgbKYYusuBMAlpEgq/T9uCvLIuvRnGhBTDw== +---- END SSH2 PUBLIC KEY ---- diff --git a/tests/ssh/ssh-rsa-3des-cbc b/tests/pem/ssh/ssh-rsa-3des-cbc similarity index 100% rename from tests/ssh/ssh-rsa-3des-cbc rename to tests/pem/ssh/ssh-rsa-3des-cbc diff --git a/tests/ssh/ssh-rsa-aes128-cbc b/tests/pem/ssh/ssh-rsa-aes128-cbc similarity index 100% rename from tests/ssh/ssh-rsa-aes128-cbc rename to tests/pem/ssh/ssh-rsa-aes128-cbc diff --git a/tests/ssh/ssh-rsa-aes128-ctr b/tests/pem/ssh/ssh-rsa-aes128-ctr similarity index 100% rename from tests/ssh/ssh-rsa-aes128-ctr rename to tests/pem/ssh/ssh-rsa-aes128-ctr diff --git a/tests/ssh/ssh-rsa-aes192-cbc b/tests/pem/ssh/ssh-rsa-aes192-cbc similarity index 100% rename from tests/ssh/ssh-rsa-aes192-cbc rename to tests/pem/ssh/ssh-rsa-aes192-cbc diff --git a/tests/ssh/ssh-rsa-aes192-ctr b/tests/pem/ssh/ssh-rsa-aes192-ctr similarity index 100% rename from tests/ssh/ssh-rsa-aes192-ctr rename to tests/pem/ssh/ssh-rsa-aes192-ctr diff --git a/tests/ssh/ssh-rsa-aes256-cbc b/tests/pem/ssh/ssh-rsa-aes256-cbc similarity index 100% rename from tests/ssh/ssh-rsa-aes256-cbc rename to tests/pem/ssh/ssh-rsa-aes256-cbc diff --git a/tests/ssh/ssh-rsa-aes256-ctr b/tests/pem/ssh/ssh-rsa-aes256-ctr similarity index 100% rename from tests/ssh/ssh-rsa-aes256-ctr rename to tests/pem/ssh/ssh-rsa-aes256-ctr diff --git a/tests/ssh/ssh-testkey-ecdsa-521 b/tests/pem/ssh/ssh-testkey-ecdsa-521 similarity index 100% rename from tests/ssh/ssh-testkey-ecdsa-521 rename to tests/pem/ssh/ssh-testkey-ecdsa-521 diff --git a/tests/ssh/ssh-testkey-ecdsa-521-plain b/tests/pem/ssh/ssh-testkey-ecdsa-521-plain similarity index 100% rename from tests/ssh/ssh-testkey-ecdsa-521-plain rename to tests/pem/ssh/ssh-testkey-ecdsa-521-plain diff --git a/tests/ssh/ssh-testkey-ed25519 b/tests/pem/ssh/ssh-testkey-ed25519 similarity index 100% rename from tests/ssh/ssh-testkey-ed25519 rename to tests/pem/ssh/ssh-testkey-ed25519 diff --git a/tests/ssh/ssh-testkey-ed25519-aesctr b/tests/pem/ssh/ssh-testkey-ed25519-aesctr similarity index 100% rename from tests/ssh/ssh-testkey-ed25519-aesctr rename to tests/pem/ssh/ssh-testkey-ed25519-aesctr diff --git a/tests/ssh/ssh-testkey-ed25519-plain b/tests/pem/ssh/ssh-testkey-ed25519-plain similarity index 100% rename from tests/ssh/ssh-testkey-ed25519-plain rename to tests/pem/ssh/ssh-testkey-ed25519-plain diff --git a/tests/ssh/ssh-testkey-ed25519-pub b/tests/pem/ssh/ssh-testkey-ed25519-pub similarity index 100% rename from tests/ssh/ssh-testkey-ed25519-pub rename to tests/pem/ssh/ssh-testkey-ed25519-pub diff --git a/tests/ssh/ssh-testkey-rsa b/tests/pem/ssh/ssh-testkey-rsa similarity index 100% rename from tests/ssh/ssh-testkey-rsa rename to tests/pem/ssh/ssh-testkey-rsa diff --git a/tests/ssh/ssh-testkey-rsa-8192 b/tests/pem/ssh/ssh-testkey-rsa-8192 similarity index 100% rename from tests/ssh/ssh-testkey-rsa-8192 rename to tests/pem/ssh/ssh-testkey-rsa-8192 diff --git a/tests/ssh/ssh-testkey-rsa-8192-plain b/tests/pem/ssh/ssh-testkey-rsa-8192-plain similarity index 100% rename from tests/ssh/ssh-testkey-rsa-8192-plain rename to tests/pem/ssh/ssh-testkey-rsa-8192-plain diff --git a/tests/ssh/ssh-testkey-rsa-plain b/tests/pem/ssh/ssh-testkey-rsa-plain similarity index 100% rename from tests/ssh/ssh-testkey-rsa-plain rename to tests/pem/ssh/ssh-testkey-rsa-plain diff --git a/tests/ssh/unsupported/ssh-rsa-3des-cbc.pub b/tests/pem/ssh/unsupported/ssh-rsa-3des-cbc.pub similarity index 100% rename from tests/ssh/unsupported/ssh-rsa-3des-cbc.pub rename to tests/pem/ssh/unsupported/ssh-rsa-3des-cbc.pub diff --git a/tests/ssh/unsupported/ssh-rsa-aes128-cbc.pub b/tests/pem/ssh/unsupported/ssh-rsa-aes128-cbc.pub similarity index 100% rename from tests/ssh/unsupported/ssh-rsa-aes128-cbc.pub rename to tests/pem/ssh/unsupported/ssh-rsa-aes128-cbc.pub diff --git a/tests/ssh/unsupported/ssh-rsa-aes128-ctr.pub b/tests/pem/ssh/unsupported/ssh-rsa-aes128-ctr.pub similarity index 100% rename from tests/ssh/unsupported/ssh-rsa-aes128-ctr.pub rename to tests/pem/ssh/unsupported/ssh-rsa-aes128-ctr.pub diff --git a/tests/ssh/unsupported/ssh-rsa-aes128-gcm b/tests/pem/ssh/unsupported/ssh-rsa-aes128-gcm similarity index 100% rename from tests/ssh/unsupported/ssh-rsa-aes128-gcm rename to tests/pem/ssh/unsupported/ssh-rsa-aes128-gcm diff --git a/tests/ssh/unsupported/ssh-rsa-aes128-gcm.pub b/tests/pem/ssh/unsupported/ssh-rsa-aes128-gcm.pub similarity index 100% rename from tests/ssh/unsupported/ssh-rsa-aes128-gcm.pub rename to tests/pem/ssh/unsupported/ssh-rsa-aes128-gcm.pub diff --git a/tests/ssh/unsupported/ssh-rsa-aes192-cbc.pub b/tests/pem/ssh/unsupported/ssh-rsa-aes192-cbc.pub similarity index 100% rename from tests/ssh/unsupported/ssh-rsa-aes192-cbc.pub rename to tests/pem/ssh/unsupported/ssh-rsa-aes192-cbc.pub diff --git a/tests/ssh/unsupported/ssh-rsa-aes192-ctr.pub b/tests/pem/ssh/unsupported/ssh-rsa-aes192-ctr.pub similarity index 100% rename from tests/ssh/unsupported/ssh-rsa-aes192-ctr.pub rename to tests/pem/ssh/unsupported/ssh-rsa-aes192-ctr.pub diff --git a/tests/ssh/unsupported/ssh-rsa-aes256-cbc.pub b/tests/pem/ssh/unsupported/ssh-rsa-aes256-cbc.pub similarity index 100% rename from tests/ssh/unsupported/ssh-rsa-aes256-cbc.pub rename to tests/pem/ssh/unsupported/ssh-rsa-aes256-cbc.pub diff --git a/tests/ssh/unsupported/ssh-rsa-aes256-ctr.pub b/tests/pem/ssh/unsupported/ssh-rsa-aes256-ctr.pub similarity index 100% rename from tests/ssh/unsupported/ssh-rsa-aes256-ctr.pub rename to tests/pem/ssh/unsupported/ssh-rsa-aes256-ctr.pub diff --git a/tests/ssh/unsupported/ssh-rsa-aes256-gcm b/tests/pem/ssh/unsupported/ssh-rsa-aes256-gcm similarity index 100% rename from tests/ssh/unsupported/ssh-rsa-aes256-gcm rename to tests/pem/ssh/unsupported/ssh-rsa-aes256-gcm diff --git a/tests/ssh/unsupported/ssh-rsa-aes256-gcm.pub b/tests/pem/ssh/unsupported/ssh-rsa-aes256-gcm.pub similarity index 100% rename from tests/ssh/unsupported/ssh-rsa-aes256-gcm.pub rename to tests/pem/ssh/unsupported/ssh-rsa-aes256-gcm.pub diff --git a/tests/ssh/unsupported/ssh-rsa-chacha20-poly1305 b/tests/pem/ssh/unsupported/ssh-rsa-chacha20-poly1305 similarity index 100% rename from tests/ssh/unsupported/ssh-rsa-chacha20-poly1305 rename to tests/pem/ssh/unsupported/ssh-rsa-chacha20-poly1305 diff --git a/tests/ssh/unsupported/ssh-rsa-chacha20-poly1305.pub b/tests/pem/ssh/unsupported/ssh-rsa-chacha20-poly1305.pub similarity index 100% rename from tests/ssh/unsupported/ssh-rsa-chacha20-poly1305.pub rename to tests/pem/ssh/unsupported/ssh-rsa-chacha20-poly1305.pub diff --git a/tests/pem/ssh_dsa_1024_openssh b/tests/pem/ssh_dsa_1024_openssh new file mode 100755 index 000000000..6b4efa4b0 --- /dev/null +++ b/tests/pem/ssh_dsa_1024_openssh @@ -0,0 +1,21 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABsQAAAAdzc2gtZH +NzAAAAgQClPP2r5pBXhp0qsGBu3WZ0JRvtNUDWsbtxeb9DXC/0kVFuyHaVKvLdeLIitJgO +so6YS4Tn+bfILoExFQZZT/OgDUmxYoB+1jd7+snSVqputKTYTRzf/+dHJzbSLF28Xqt1bb +COuKZB9TianmQxy5ru95OE9BCjs7MpUnxf8LVQSQAAABUAoabmyx1YsDwfo0r1G/HuEx0u +zwUAAACACQ9TzAokwkGtccg/zQljmowrn0ziMygIZupfp5QVT4iiPtutl6WLdduynuJjy/ +FyQYs6E40kDdPLhzIP/C+lv3HTtmmfpoZAZ0tcQJvNwwMKi6w62kdcP+EERca+VW8svKp3 +o6z40yaGwTdQRrL/OMB5I5qAp+qRSH5BmHgE5SYAAACAB2D1NczFQUw1q7u0jQuBtlMlhl +mGC4y8rQVR30JgWudQpqq0rNpAnxixgNcp32BDbMXCavZ7F62+Itex+QRyRZB9IOwVA6Xg +Xi6/ILCt1oH6lsLWbA5JbTm8PXIVA/7Iiuqv3ZP30iAdh6NIp3r+5OvGeWZDSOFzsLhLLA +FYZsAAAAHwKUeNkClHjZAAAAAHc3NoLWRzcwAAAIEApTz9q+aQV4adKrBgbt1mdCUb7TVA +1rG7cXm/Q1wv9JFRbsh2lSry3XiyIrSYDrKOmEuE5/m3yC6BMRUGWU/zoA1JsWKAftY3e/ +rJ0laqbrSk2E0c3//nRyc20ixdvF6rdW2wjrimQfU4mp5kMcua7veThPQQo7OzKVJ8X/C1 +UEkAAAAVAKGm5ssdWLA8H6NK9Rvx7hMdLs8FAAAAgAkPU8wKJMJBrXHIP80JY5qMK59M4j +MoCGbqX6eUFU+Ioj7brZeli3Xbsp7iY8vxckGLOhONJA3Ty4cyD/wvpb9x07Zpn6aGQGdL +XECbzcMDCousOtpHXD/hBEXGvlVvLLyqd6Os+NMmhsE3UEay/zjAeSOagKfqkUh+QZh4BO +UmAAAAgAdg9TXMxUFMNau7tI0LgbZTJYZZhguMvK0FUd9CYFrnUKaqtKzaQJ8YsYDXKd9g +Q2zFwmr2exetviLXsfkEckWQfSDsFQOl4F4uvyCwrdaB+pbC1mwOSW05vD1yFQP+yIrqr9 +2T99IgHYejSKd6/uTrxnlmQ0jhc7C4SywBWGbAAAAAFQCYwb2dlv1ktqrIWBTO+Hn+CJ4w +RAAAABNUaGlzIGlzIGEgdGVzdCBrZXkhAQIDBAUGBw== +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/ssh_dsa_1024_openssh_pw b/tests/pem/ssh_dsa_1024_openssh_pw new file mode 100755 index 000000000..d3eac10de --- /dev/null +++ b/tests/pem/ssh_dsa_1024_openssh_pw @@ -0,0 +1,22 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABD+6VzZi/ +RWtIVvbzvZfeDvAAAAEAAAAAEAAAGxAAAAB3NzaC1kc3MAAACBAKU8/avmkFeGnSqwYG7d +ZnQlG+01QNaxu3F5v0NcL/SRUW7IdpUq8t14siK0mA6yjphLhOf5t8gugTEVBllP86ANSb +FigH7WN3v6ydJWqm60pNhNHN//50cnNtIsXbxeq3VtsI64pkH1OJqeZDHLmu73k4T0EKOz +sylSfF/wtVBJAAAAFQChpubLHViwPB+jSvUb8e4THS7PBQAAAIAJD1PMCiTCQa1xyD/NCW +OajCufTOIzKAhm6l+nlBVPiKI+262XpYt127Ke4mPL8XJBizoTjSQN08uHMg/8L6W/cdO2 +aZ+mhkBnS1xAm83DAwqLrDraR1w/4QRFxr5Vbyy8qnejrPjTJobBN1BGsv84wHkjmoCn6p +FIfkGYeATlJgAAAIAHYPU1zMVBTDWru7SNC4G2UyWGWYYLjLytBVHfQmBa51CmqrSs2kCf +GLGA1ynfYENsxcJq9nsXrb4i17H5BHJFkH0g7BUDpeBeLr8gsK3WgfqWwtZsDkltObw9ch +UD/siK6q/dk/fSIB2Ho0inev7k68Z5ZkNI4XOwuEssAVhmwAAAAfBwVCKgoMm2RK7ECBww +7k8irQcalhpJ9JtGRxIn2GPww1IR60ZMCOcRru1jji/zzdkfeKSA30VfwYK9FjOOcvi5OD +I6HyO8JYHRsCv4BW8G18r4c8Ew9IZbkv0nHNniCT24tJ28JG7JgMfv88SEo2MQDjCqyrXs ++SeNMZL938Ff7twEpaSGgQ3LD4af4uKWmcbUmrPyRGmSUsbCteTQ6clDBuJdP4Qyl1EcP2 +u/t3Ui5Wy3VU1P8hb8NgDQ1DHP6Oj8D+Ui4ulahrQSpjIUA+hm5fcvWp81DAwjMYJqEI/t +b+jm+HhGCmPkOF5EMjrkoiOjdRcNj7QWyiMg+a+xxcfrtPG+LqewGT1ERo3XtZ3/690zwX +RVzCfz3ad7dJwDA1xyuX3E4rFlNuxEYxQEq0i+DT65jHYY1yAJHzV28EFO9qxOLX17S4Da +YT+xwpXqbR3QZ33sKESPWoT1n09s8FEm0byRbvwbzojjFbaL5I03eRph7Rao2lQkDlYAFw +gGAmCrR1T+DBgRprVQy/WHHF3MfvUnWnwVE4a7Iul9N3724DFGz/dQZY8XenXIqgvr7Jas +LXWSz96CQ6YjKIKLaQaMPt9xucgzUV9YTn3DAq1aR+F0KYEUz4RR7sCh6N419QbPTjXXH5 +rSNFYIpHOfy9rQ +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/ssh_dsa_1024_pem b/tests/pem/ssh_dsa_1024_pem new file mode 100755 index 000000000..efd234b46 --- /dev/null +++ b/tests/pem/ssh_dsa_1024_pem @@ -0,0 +1,12 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBuwIBAAKBgQClPP2r5pBXhp0qsGBu3WZ0JRvtNUDWsbtxeb9DXC/0kVFuyHaV +KvLdeLIitJgOso6YS4Tn+bfILoExFQZZT/OgDUmxYoB+1jd7+snSVqputKTYTRzf +/+dHJzbSLF28Xqt1bbCOuKZB9TianmQxy5ru95OE9BCjs7MpUnxf8LVQSQIVAKGm +5ssdWLA8H6NK9Rvx7hMdLs8FAoGACQ9TzAokwkGtccg/zQljmowrn0ziMygIZupf +p5QVT4iiPtutl6WLdduynuJjy/FyQYs6E40kDdPLhzIP/C+lv3HTtmmfpoZAZ0tc +QJvNwwMKi6w62kdcP+EERca+VW8svKp3o6z40yaGwTdQRrL/OMB5I5qAp+qRSH5B +mHgE5SYCgYAHYPU1zMVBTDWru7SNC4G2UyWGWYYLjLytBVHfQmBa51CmqrSs2kCf +GLGA1ynfYENsxcJq9nsXrb4i17H5BHJFkH0g7BUDpeBeLr8gsK3WgfqWwtZsDklt +Obw9chUD/siK6q/dk/fSIB2Ho0inev7k68Z5ZkNI4XOwuEssAVhmwAIVAJjBvZ2W +/WS2qshYFM74ef4InjBE +-----END DSA PRIVATE KEY----- diff --git a/tests/pem/ssh_dsa_1024_pem_pw b/tests/pem/ssh_dsa_1024_pem_pw new file mode 100755 index 000000000..acec61e14 --- /dev/null +++ b/tests/pem/ssh_dsa_1024_pem_pw @@ -0,0 +1,15 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,FC53412322B9C202AED2949BF06265AD + +ohmK3nDoFdyf6WPogk70WVUp2LdIJK4pRaCRp717Idj8veVXn+RLiojuFIcrViWF +Hlmzold9A/pYegoXEwcKJCvoJm9UZf0sfBANMhe/MuauwyRelDnnA4OPoeyHnTV3 +HV6nHE/p0sJQtxDJ+QTG4eMHjX1MgurMVY+9W3iuu3vrWc3iBa8O61+AthNSWSWa +upy6t40Yu5BIwZYEyOY1nyJY8OWUvMj5uc3zTACa+Ua4GJ5L0eY7H5N8gn5ifN8W +itQBB2TEOjJc5ixTgJf/G+bZikLiK/7xJGAAlecPa+TWCy/c/rXZA4acBn0Ax3PZ +bZT3m5/9Xa3d/BIkScwSHLIyM7K/wL2DnFnNY2xZempIYW7FFnpexTfBOilr1YoY +2EYxuVZv8KcACRv4c6yC30MEE6r6MiemvvIwgs2HCbx+krpr0Dvxqxo3IoapSdO4 +CrxGGu490+v+ZqTQZH+pfAmrr8RdMFEwVdRNT7UN+ZwaqD/bAMlcUjIErNq5/Yf9 +hSl6Bi3ekOlJMyt53N/rpAa7f4RNPAuOBsHkIavCA09jjnmDawZtfChiQg+Lb27n +6/pfxpqEiejCIttRCW8/dQ== +-----END DSA PRIVATE KEY----- diff --git a/tests/pem/ssh_dsa_1024_pkcs8 b/tests/pem/ssh_dsa_1024_pkcs8 new file mode 100755 index 000000000..8192fa03b --- /dev/null +++ b/tests/pem/ssh_dsa_1024_pkcs8 @@ -0,0 +1,9 @@ +-----BEGIN PRIVATE KEY----- +MIIBSwIBADCCASsGByqGSM44BAEwggEeAoGBAKU8/avmkFeGnSqwYG7dZnQlG+01 +QNaxu3F5v0NcL/SRUW7IdpUq8t14siK0mA6yjphLhOf5t8gugTEVBllP86ANSbFi +gH7WN3v6ydJWqm60pNhNHN//50cnNtIsXbxeq3VtsI64pkH1OJqeZDHLmu73k4T0 +EKOzsylSfF/wtVBJAhUAoabmyx1YsDwfo0r1G/HuEx0uzwUCgYAJD1PMCiTCQa1x +yD/NCWOajCufTOIzKAhm6l+nlBVPiKI+262XpYt127Ke4mPL8XJBizoTjSQN08uH +Mg/8L6W/cdO2aZ+mhkBnS1xAm83DAwqLrDraR1w/4QRFxr5Vbyy8qnejrPjTJobB +N1BGsv84wHkjmoCn6pFIfkGYeATlJgQXAhUAmMG9nZb9ZLaqyFgUzvh5/gieMEQ= +-----END PRIVATE KEY----- diff --git a/tests/pem/ssh_dsa_1024_pkcs8_pw b/tests/pem/ssh_dsa_1024_pkcs8_pw new file mode 100755 index 000000000..bf6271abd --- /dev/null +++ b/tests/pem/ssh_dsa_1024_pkcs8_pw @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIC1Dl0imCfgMCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAECBBChlIQxZfVu1iB5k+1BDnkyBIIB +UNCHjRWVQROFx7kHHqLIFP8riXrATt0CbYcyOMaJsFSIoIRz6G9UDBCgdYmVHe19 +LfmXMQ+IuXVc0IP3HJnoDNfXvbKmqdEtCZfg2efcLeWNTP+ck2jZmoXsq+tsFl5Y +4cB/5MEJah9R7/ashHJ22X0VpQBXzqcXaHiqCzudPYOmGT32CD8ECs1dkHVIHQIB +rhqlU4j3Lf+1C/ui1tG6gJRQkKaMmU9Rtgn3BcLf7iKRJZGFcmc1ND13mAqaS0II +aBvsRUao10ItfN5M0llaQrJoC2RFCg/3Mif0VOXJy5XUOE60JOVsLAdNBtaUtDD/ +8w6qlJf9c7qud2gNN4Ct2viXsOEZ+D83EmuGowIcJABMaHFKdBVfzO9kbUw6HAV1 +scIcbCsYzczr5fJXd/wQ5/jWYEvGLZZeFcddkwjnGkg5GZCgxVoC+b272BLqSsfo +7w== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem/ssh_ecdsa_256_openssh b/tests/pem/ssh_ecdsa_256_openssh new file mode 100755 index 000000000..168e4201e --- /dev/null +++ b/tests/pem/ssh_ecdsa_256_openssh @@ -0,0 +1,9 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS +1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQSOECF1+jINDVg+jr1qm/y/PLE7Oeoa +rObF5AIer6/TZXhXM2oowlMp//ai8/wn1oNaao9yoDohWeAck98WHySLAAAAsDnMKZ45zC +meAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI4QIXX6Mg0NWD6O +vWqb/L88sTs56hqs5sXkAh6vr9NleFczaijCUyn/9qLz/CfWg1pqj3KgOiFZ4ByT3xYfJI +sAAAAgawKIwHs3k5dhRXIdHgA+9C6labiTG/M+XejrsL4lqiMAAAATVGhpcyBpcyBhIHRl +c3Qga2V5IQECAwQF +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/ssh_ecdsa_256_openssh_pw b/tests/pem/ssh_ecdsa_256_openssh_pw new file mode 100755 index 000000000..857bee5ca --- /dev/null +++ b/tests/pem/ssh_ecdsa_256_openssh_pw @@ -0,0 +1,9 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAn5/9Dp+ +3e5/CONojF0m0zAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz +dHAyNTYAAABBBI4QIXX6Mg0NWD6OvWqb/L88sTs56hqs5sXkAh6vr9NleFczaijCUyn/9q +Lz/CfWg1pqj3KgOiFZ4ByT3xYfJIsAAACwdmVChYQWUHPXdRjHIakF5mpsXJCuad7ytcaP +Hfi4EpadWiB08WtFpfmefLLaICd5b7dqJyVqTLOi1euFQOtOOjkn9kFfIUZiS97RgTDJX1 +YpVgDr30M4rj83SdeaCsmkp4/cAqF3NGjzljMX6wpaSAFpTsCjnp7Cm4wcT02DRTJ/7/KG +OcvrFyuab2vtVWSBU4lmNs4Xg9GFstkp0ecf5ThbGhQkYkkSILM1sMnBmoA= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/ssh_ecdsa_256_pem b/tests/pem/ssh_ecdsa_256_pem new file mode 100755 index 000000000..2a614ea9d --- /dev/null +++ b/tests/pem/ssh_ecdsa_256_pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIGsCiMB7N5OXYUVyHR4APvQupWm4kxvzPl3o67C+JaojoAoGCCqGSM49 +AwEHoUQDQgAEjhAhdfoyDQ1YPo69apv8vzyxOznqGqzmxeQCHq+v02V4VzNqKMJT +Kf/2ovP8J9aDWmqPcqA6IVngHJPfFh8kiw== +-----END EC PRIVATE KEY----- diff --git a/tests/pem/ssh_ecdsa_256_pem_pw b/tests/pem/ssh_ecdsa_256_pem_pw new file mode 100755 index 000000000..1d328a3da --- /dev/null +++ b/tests/pem/ssh_ecdsa_256_pem_pw @@ -0,0 +1,8 @@ +-----BEGIN EC PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,9D82B6C20F99509D97334341A49FB673 + +v81D80E80YvIpPvV7k+e1TC1AQ4McvsmS3WavIAC8bN60seWSN0Q0A6tD+q6SET2 +MHM8Op660IeoZ8BdTfKjH8CwiRlDBiSKl2zpAb+R3wiq9M4XdbG0h5+NiztoErB6 +VPeHeML4pd4fFt5fyOliMgw9VW7ZAhH2akXcZumtsME= +-----END EC PRIVATE KEY----- diff --git a/tests/pem/ssh_ecdsa_256_pkcs8 b/tests/pem/ssh_ecdsa_256_pkcs8 new file mode 100755 index 000000000..ad21c4481 --- /dev/null +++ b/tests/pem/ssh_ecdsa_256_pkcs8 @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgawKIwHs3k5dhRXId +HgA+9C6labiTG/M+XejrsL4lqiOhRANCAASOECF1+jINDVg+jr1qm/y/PLE7Oeoa +rObF5AIer6/TZXhXM2oowlMp//ai8/wn1oNaao9yoDohWeAck98WHySL +-----END PRIVATE KEY----- diff --git a/tests/pem/ssh_ecdsa_256_pkcs8_pw b/tests/pem/ssh_ecdsa_256_pkcs8_pw new file mode 100755 index 000000000..e25bfd7a4 --- /dev/null +++ b/tests/pem/ssh_ecdsa_256_pkcs8_pw @@ -0,0 +1,7 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHsMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAjv0zzuInVzRQICCAAw +DAYIKoZIhvcNAgkFADAdBglghkgBZQMEAQIEEK/HPCZMTSzrXy+kuS337CoEgZBX +nUxLaCttKGUGwBTPAXFmihMfI54wNG3rSPCI1YQ0vs197hGST+V6EChSRVJWG2Zq +9vbdqsZUGaAqfNwd4e0vq8dkG45+mnYapI9p1QT2+kpFT1Vfgf7BdZiwunNHyT1H +2bxbs4dy4WNqVjOGIl7HW6G1wuqTTxkEBKuk68aBvJiYDq92ccXzUMuL+kv8eJE= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem/ssh_ecdsa_384_openssh b/tests/pem/ssh_ecdsa_384_openssh new file mode 100755 index 000000000..7462e0b39 --- /dev/null +++ b/tests/pem/ssh_ecdsa_384_openssh @@ -0,0 +1,10 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAiAAAABNlY2RzYS +1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQSWQhcqgIlNqJCXnzncp4aTBiGpG15J +JssG1M5eI3wHQlGkIPpRQ1azuRkpODZREXfIhak/vv378nbAnNoJE69h+xwi1W4hHsz4ql +watHXJMwcpitiwhzPQZCbbjpuIZjQAAADgAwOSlwMDkpcAAAATZWNkc2Etc2hhMi1uaXN0 +cDM4NAAAAAhuaXN0cDM4NAAAAGEElkIXKoCJTaiQl5853KeGkwYhqRteSSbLBtTOXiN8B0 +JRpCD6UUNWs7kZKTg2URF3yIWpP779+/J2wJzaCROvYfscItVuIR7M+KpcGrR1yTMHKYrY +sIcz0GQm246biGY0AAAAMQD3dcLYMCsBbWxLYEQybGLLM6eUtV3ANwkys6qIxd39ZBIJOX +Q6Rh53xIuu1X8HFlwAAAATVGhpcyBpcyBhIHRlc3Qga2V5IQECAwQ= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/ssh_ecdsa_384_openssh_pw b/tests/pem/ssh_ecdsa_384_openssh_pw new file mode 100755 index 000000000..84e4596fc --- /dev/null +++ b/tests/pem/ssh_ecdsa_384_openssh_pw @@ -0,0 +1,11 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBsDCK4+N +u8awAwogYgkan4AAAAEAAAAAEAAACIAAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlz +dHAzODQAAABhBJZCFyqAiU2okJefOdynhpMGIakbXkkmywbUzl4jfAdCUaQg+lFDVrO5GS +k4NlERd8iFqT++/fvydsCc2gkTr2H7HCLVbiEezPiqXBq0dckzBymK2LCHM9BkJtuOm4hm +NAAAAOCP90SKhFjPa4AQkGEBDdUgE9XeFIcfF6LMGU9kAvcxQEMzrgNyH8HqB2eaqmp/u4 +5+HuE/MUhS4f245E40AMCqD3RnQuQDw9j+M/YzV15xadIz/Ks2TAL0aKlagyxfzRpJWhFq +g+7V6bu3gc60ktvxM3kNcvc5w9uATfVPc0K4ZqRyYMYBoMoR/MFhwurTK8xBU1bldu1T7k +xWy3N0+OUA6kCx7CPHV2Wf5PTFkX98l5KjU/E4vqrr6z5QpiGcnrIJ4V5C3BjToqdrTR50 +QI624LZ3MHyL060gUXgMbSlnkg== +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/ssh_ecdsa_384_pem b/tests/pem/ssh_ecdsa_384_pem new file mode 100755 index 000000000..651e71f9d --- /dev/null +++ b/tests/pem/ssh_ecdsa_384_pem @@ -0,0 +1,6 @@ +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDD3dcLYMCsBbWxLYEQybGLLM6eUtV3ANwkys6qIxd39ZBIJOXQ6Rh53 +xIuu1X8HFlygBwYFK4EEACKhZANiAASWQhcqgIlNqJCXnzncp4aTBiGpG15JJssG +1M5eI3wHQlGkIPpRQ1azuRkpODZREXfIhak/vv378nbAnNoJE69h+xwi1W4hHsz4 +qlwatHXJMwcpitiwhzPQZCbbjpuIZjQ= +-----END EC PRIVATE KEY----- diff --git a/tests/pem/ssh_ecdsa_384_pem_pw b/tests/pem/ssh_ecdsa_384_pem_pw new file mode 100755 index 000000000..25a033a66 --- /dev/null +++ b/tests/pem/ssh_ecdsa_384_pem_pw @@ -0,0 +1,9 @@ +-----BEGIN EC PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,578CCBDEBACEA1887BD7E416B5644199 + +55LvNV4jryWi7gkFMIRChGAoI18K+3GDuqBnRQ5GosqtVDa94XGZ38UcbY9BEqas +G6S5JgS00UKFUVOvYiwcZ+hGG4LW38Q6eDo82notKIrVd1GSlXkAEInrXNwuK0kl +OTQ3wSRrbjlndB4Taut3YKu3LqpNfAcA1q/KabjXTsLX80tj2ONMrLMikSqut1tr +uKaNYDsxhW+wm1seFKYxUOHJ7M3eRhd7DPL5LuyIXR0= +-----END EC PRIVATE KEY----- diff --git a/tests/pem/ssh_ecdsa_384_pkcs8 b/tests/pem/ssh_ecdsa_384_pkcs8 new file mode 100755 index 000000000..45b79f963 --- /dev/null +++ b/tests/pem/ssh_ecdsa_384_pkcs8 @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDD3dcLYMCsBbWxLYEQy +bGLLM6eUtV3ANwkys6qIxd39ZBIJOXQ6Rh53xIuu1X8HFlyhZANiAASWQhcqgIlN +qJCXnzncp4aTBiGpG15JJssG1M5eI3wHQlGkIPpRQ1azuRkpODZREXfIhak/vv37 +8nbAnNoJE69h+xwi1W4hHsz4qlwatHXJMwcpitiwhzPQZCbbjpuIZjQ= +-----END PRIVATE KEY----- diff --git a/tests/pem/ssh_ecdsa_384_pkcs8_pw b/tests/pem/ssh_ecdsa_384_pkcs8_pw new file mode 100755 index 000000000..9dba0242b --- /dev/null +++ b/tests/pem/ssh_ecdsa_384_pkcs8_pw @@ -0,0 +1,8 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBHDBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIohYB0kuf38cCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAECBBDU9x93yJ82oFkEaN8CK4BTBIHA +74OxXzZLYTPnedtq5wq6j4Dq4TNtyp6zqKPTiB3nva6QsrO8ekzf+lc4rj3+Tald +GuAIysEKglscGLb4er53tuzceYE0R18yMQgK3/RAHcf9K9UkfeXkAlVTJGAwj0LE +tBD2b/q5B4lf6ofGs+UCbQdJMFEGa4fcPUAeSmp4ftoLoCmizEo2AtnWBoR6DQH6 +wUDaC3/xMZpz70CBeNw06KAqO75lQgFtQS5MDz/OvBIu6jaYs46Dpg6qCi+3R35J +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem/ssh_ecdsa_521_openssh b/tests/pem/ssh_ecdsa_521_openssh new file mode 100755 index 000000000..0db5a744b --- /dev/null +++ b/tests/pem/ssh_ecdsa_521_openssh @@ -0,0 +1,12 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAArAAAABNlY2RzYS +1zaGEyLW5pc3RwNTIxAAAACG5pc3RwNTIxAAAAhQQBZN+bK7Xj/bcAsGCr1PaLzAYu+w3e +pRAT6xWjBG9AmXWeTAt50qn5Rh0VpEm1KY3T3Tu3GEDaSvWFx2zUjuYW1NYBWYMohhccCW +GM/DQI3nQVzIMh+CVqZSuRUJuT+XL2oJSLQvapCoqFF4QnOu2DGAbYr15VHtD4CKupGx06 +m1+vuTcAAAEY56EKgOehCoAAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQ +AAAIUEAWTfmyu14/23ALBgq9T2i8wGLvsN3qUQE+sVowRvQJl1nkwLedKp+UYdFaRJtSmN +0907txhA2kr1hcds1I7mFtTWAVmDKIYXHAlhjPw0CN50FcyDIfglamUrkVCbk/ly9qCUi0 +L2qQqKhReEJzrtgxgG2K9eVR7Q+AirqRsdOptfr7k3AAAAQgDeJefvwF/LJrhUok7XvKgI +WcZ2BoXq2ebXKSDC4GyYElLhjLtz4eIxp0kySKDqvw0RrelJV7dqbiItueACXH5uDgAAAB +NUaGlzIGlzIGEgdGVzdCBrZXkhAQIDBAUGBw== +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/ssh_ecdsa_521_openssh_pw b/tests/pem/ssh_ecdsa_521_openssh_pw new file mode 100755 index 000000000..ce9c38bc1 --- /dev/null +++ b/tests/pem/ssh_ecdsa_521_openssh_pw @@ -0,0 +1,13 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCH9NIw7T +kdQ3+vJ7X7mK9mAAAAEAAAAAEAAACsAAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlz +dHA1MjEAAACFBAFk35srteP9twCwYKvU9ovMBi77Dd6lEBPrFaMEb0CZdZ5MC3nSqflGHR +WkSbUpjdPdO7cYQNpK9YXHbNSO5hbU1gFZgyiGFxwJYYz8NAjedBXMgyH4JWplK5FQm5P5 +cvaglItC9qkKioUXhCc67YMYBtivXlUe0PgIq6kbHTqbX6+5NwAAASBhW6bs4n2BCSwr/d +36a0+zTe0UZIrEPZR1bVKIdUvsGzT6m9vt+X72Qzx+RtatepwcddgU7Y9MnO0Idn6N24DM +YeG75MHMX4kVOpaLDyCQe6xlFJevAJUnsv+cLLih3kv+YSg3sTb3GIYLrxwgngPKkCiG+F +69gbLh/nxxqbLzl67Xt5Yblmy6lV+sZRJMrNUQT66+2WX4aN2MLfAM0Umaue+aq4ijwV4+ +RNXNwXv/Eyhac2jDQW2+UgdWVSjqNwWmgaSi6m2gXKXIWxggdwgJlklVIQJIPkTZHd5r4P +KI5MysGGZYoFU209vyiii4nY2zckbuyM1j1AwzHwfqIMka/+Zy+h4yVupwljm+NncOy82q +5x/hgkh3zs+zCkZPPt8= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/ssh_ecdsa_521_pem b/tests/pem/ssh_ecdsa_521_pem new file mode 100755 index 000000000..cbadfea18 --- /dev/null +++ b/tests/pem/ssh_ecdsa_521_pem @@ -0,0 +1,7 @@ +-----BEGIN EC PRIVATE KEY----- +MIHcAgEBBEIA3iXn78Bfyya4VKJO17yoCFnGdgaF6tnm1ykgwuBsmBJS4Yy7c+Hi +MadJMkig6r8NEa3pSVe3am4iLbngAlx+bg6gBwYFK4EEACOhgYkDgYYABAFk35sr +teP9twCwYKvU9ovMBi77Dd6lEBPrFaMEb0CZdZ5MC3nSqflGHRWkSbUpjdPdO7cY +QNpK9YXHbNSO5hbU1gFZgyiGFxwJYYz8NAjedBXMgyH4JWplK5FQm5P5cvaglItC +9qkKioUXhCc67YMYBtivXlUe0PgIq6kbHTqbX6+5Nw== +-----END EC PRIVATE KEY----- diff --git a/tests/pem/ssh_ecdsa_521_pem_pw b/tests/pem/ssh_ecdsa_521_pem_pw new file mode 100755 index 000000000..dea181569 --- /dev/null +++ b/tests/pem/ssh_ecdsa_521_pem_pw @@ -0,0 +1,10 @@ +-----BEGIN EC PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,CDE898660DF24DC4638A0C291D395218 + +ZQz9iMCd17RSwBBzi5dMk4hom1b9KKsfwCMOhfnh5bNtmMmwy00GoCDZgNmAsezC +vQ/t5f0S8ZNtJaUOr2JgQl30wPP7GAWcc7BCJP3Qp8wqqF4ByEbsIvcX5nmIT4ft +RK6SjBEU5HrsZEB5hOyl81C1ZwiqK8QgYOb034y2scT+CunraBOvXKiffuDUs0NO +hyulD92+jmfGlReoLFZjcPFH+H099QvZwKCoQ57hxrnVHsmozRAaPoPdWAMNHrkq +B6OLFk5UMge5Ctolb8JEK8fNdRj5xTNT7Xh99G8edT8= +-----END EC PRIVATE KEY----- diff --git a/tests/pem/ssh_ecdsa_521_pkcs8 b/tests/pem/ssh_ecdsa_521_pkcs8 new file mode 100755 index 000000000..2dbbbfbb3 --- /dev/null +++ b/tests/pem/ssh_ecdsa_521_pkcs8 @@ -0,0 +1,8 @@ +-----BEGIN PRIVATE KEY----- +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIA3iXn78Bfyya4VKJO +17yoCFnGdgaF6tnm1ykgwuBsmBJS4Yy7c+HiMadJMkig6r8NEa3pSVe3am4iLbng +Alx+bg6hgYkDgYYABAFk35srteP9twCwYKvU9ovMBi77Dd6lEBPrFaMEb0CZdZ5M +C3nSqflGHRWkSbUpjdPdO7cYQNpK9YXHbNSO5hbU1gFZgyiGFxwJYYz8NAjedBXM +gyH4JWplK5FQm5P5cvaglItC9qkKioUXhCc67YMYBtivXlUe0PgIq6kbHTqbX6+5 +Nw== +-----END PRIVATE KEY----- diff --git a/tests/pem/ssh_ecdsa_521_pkcs8_pw b/tests/pem/ssh_ecdsa_521_pkcs8_pw new file mode 100755 index 000000000..a48191d29 --- /dev/null +++ b/tests/pem/ssh_ecdsa_521_pkcs8_pw @@ -0,0 +1,10 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBXTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIj/klIHUYLiQCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAECBBA7Rd+K0DxULl6ZqNjQB0QiBIIB +AKnis0COKrS7sq9kRq08FksIbkGJi+i0z/JQ3txzqWIE6NLgAkiZ7EJjk2DyTj5+ +XbNQwZB456Wt+6LxJQesRxL2DYrRZkWbmUIRIurdO0t2b0ibdAPoubEKW+SvhS6l +GihBpM3njn/C6z67P7DekGmWBWdkk36qaBKaYVQsE53sQ2whAtZt2EKrJxjONKBI +z5Yak6S00tgjHTf/DBSVLnh/2Y+Q1uGxmzgJORmtexssmqeVmF/uJhyOcshyIPQn +frpJ6Rw/4aLckxjZ5nwlULFM1B/3hGi/IH+rfcQOg0Jv7WnP/arfQyylWnPq4V8P +ztPdEmIvZ5+OADu9zhbZHX4= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem/ssh_ed25519_openssh b/tests/pem/ssh_ed25519_openssh new file mode 100755 index 000000000..6574a1a74 --- /dev/null +++ b/tests/pem/ssh_ed25519_openssh @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACC9F7IhXEQ6eh6bKGpPDnYogTCYTNlCrMzU8aBku3SfvgAAAJiavUZAmr1G +QAAAAAtzc2gtZWQyNTUxOQAAACC9F7IhXEQ6eh6bKGpPDnYogTCYTNlCrMzU8aBku3Sfvg +AAAEDVvPqQHjnRzlV/e2kq+R5egY12xCIw9mJIuVWBm05ZBL0XsiFcRDp6Hpsoak8OdiiB +MJhM2UKszNTxoGS7dJ++AAAAE1RoaXMgaXMgYSB0ZXN0IGtleSEBAg== +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/ssh_ed25519_openssh_pw b/tests/pem/ssh_ed25519_openssh_pw new file mode 100755 index 000000000..1b6ff85a6 --- /dev/null +++ b/tests/pem/ssh_ed25519_openssh_pw @@ -0,0 +1,8 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBS5x65zJ +2KlBbJ8giugjyEAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIL0XsiFcRDp6Hpso +ak8OdiiBMJhM2UKszNTxoGS7dJ++AAAAoIG2oeen4YUUXyDj3RS2qGYLFhXBg5zjs6eWUt +f/f7o7o41LkZavIAC3bBc8PTPQwXg6QnGtGNkQaHae1Xe1Ca0dFDivSiOtrKSWzvgObcFG +JhEuxuPnFtNBVzpJGxJf3bCXZujIWobOQM5tNgJuVzpUUzWl0yYFUILAHS9AXwVnO1zUZ2 +Ddv7nyEbUXx1fGK4WFFBFGFxk9HDDQFxXqfiw= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_1024_openssh b/tests/pem/ssh_rsa_1024_openssh new file mode 100755 index 000000000..e70b2214d --- /dev/null +++ b/tests/pem/ssh_rsa_1024_openssh @@ -0,0 +1,16 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAlwAAAAdzc2gtcn +NhAAAAAwEAAQAAAIEAuOfJNIoBYHL5Kw41CqNICID1tPu0BD3JO/w1yKRgJB8xw00C7u/y +M8QQwi+4kIRdnkMGkf7PUl47Ng1fzk90lzN0IyTuD0t5x5M3z+2Y6pvSxkonAYEfMeSz5s +aDVQN6jiJzD+cYYYGymGLrLgTAJaRIKv0/bgryyLr0ZxoQUw8AAAII7z6CTO8+gkwAAAAH +c3NoLXJzYQAAAIEAuOfJNIoBYHL5Kw41CqNICID1tPu0BD3JO/w1yKRgJB8xw00C7u/yM8 +QQwi+4kIRdnkMGkf7PUl47Ng1fzk90lzN0IyTuD0t5x5M3z+2Y6pvSxkonAYEfMeSz5saD +VQN6jiJzD+cYYYGymGLrLgTAJaRIKv0/bgryyLr0ZxoQUw8AAAADAQABAAAAgA+VIQS3eK +Q7LDpvqRKrbf+hdpN4/tO4rUPL3nB5QczpgBUYYV3nhL7OECd9RA2Ryh3zQhN9qNUlMdI9 +UEyfr5CFh3EJi0fPXC0TpQeHMm/nuJIuPN0Tq+p4gzYZ4inmnlvUBjBByAG3/FG4LgNr1O +KfvcHHpjYhVCXMIkO+NMzRAAAAQAxffrTSdcbVtc/8Ev7tSBk5DC2AKcqlDH9nsH+crw/M +sR+DxHmBAvevpJ+m3RBK5OrLDj9jtZ/Y8CJUcmYHCjoAAABBAPYbLJBvMRRuKLAaMZsfXf +VpW87YW1ilhZyRCGB+sF3CQsQJQNEviCCoak6COcXhYVdrZQL8G8vJIASN/AGFTLcAAABB +AMBWwig0FiG5a0KAnhR1O+XwEmwl8BBrTCDv/hk/YXKVAAeYkI8DngDEBG7O2ns0rnxmyM +lFC+gCQRqERkVXBGkAAAATVGhpcyBpcyBhIHRlc3Qga2V5IQ== +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_1024_openssh_pw b/tests/pem/ssh_rsa_1024_openssh_pw new file mode 100755 index 000000000..1410eb956 --- /dev/null +++ b/tests/pem/ssh_rsa_1024_openssh_pw @@ -0,0 +1,17 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBv0NW04p ++2tpZ2NtlcxyGfAAAAEAAAAAEAAACXAAAAB3NzaC1yc2EAAAADAQABAAAAgQC458k0igFg +cvkrDjUKo0gIgPW0+7QEPck7/DXIpGAkHzHDTQLu7/IzxBDCL7iQhF2eQwaR/s9SXjs2DV +/OT3SXM3QjJO4PS3nHkzfP7Zjqm9LGSicBgR8x5LPmxoNVA3qOInMP5xhhgbKYYusuBMAl +pEgq/T9uCvLIuvRnGhBTDwAAAhA6fF+4MQPLd7eHJrlLpmk1nBZcGkFxa8zwLHMQdT/xiM +VcOgfvuNowCbMPY4+vG5cxUcU5WSK2vE5JsnPKpNflcM+qcGtR6EBcTEHS6YFhJv5gWBuT +uT+kdTzpcsipcYpjo5oVIIeZbWziWBPKH6tq5XyFFEzKIipkIsluuvk5SqMwJAVJeOwutR +hWtAUyv/015L30WH1VVZ8jMYJDENiRqUkxwj7gCLNjLhARbm0ZgGXGBtwUL1Ni9Irzoei6 +xd/7PAwJeuQXgJpm4a12ueGDjZDGWndxOrzrNO5H/pJy/ExtYQN0Y3W7zlPOhVQl44bAcz +QixvEJNyHCpz+szKubtfix5g9ZlbnK887mm53M5boTB99B1KErXOvfjY41OYXpQprKyqku +7GffaG7xNDktXPhv0Qd4Oc1IBhqHwm/V7d1DZ2Ugu2Mib3wqg9f8I3VD5hA52wFG5A9pjb +ffbymsJAvx5xs/q026tElU3W3VL8+eQKOvMIEYDhqazcDY1l8MNCA6O7YNqhqQC78dA41m +9D64fdcJnmHsJjuKgCx1JdKNm2dMOiNs5wrdag0TEOe+nwwTV9/y6yZlerWac2Qhdu8hJD +aW55yDClwJdVwGLEPz1xyyQM3t70j4XuEdYOHruT5KKWDfG5zfWaitAS019iGcJOqiMDD7 +/wl9KNjIglXTX/wmCOK4veSjQBe4/Gs= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_1024_pem b/tests/pem/ssh_rsa_1024_pem new file mode 100755 index 000000000..384304913 --- /dev/null +++ b/tests/pem/ssh_rsa_1024_pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQC458k0igFgcvkrDjUKo0gIgPW0+7QEPck7/DXIpGAkHzHDTQLu +7/IzxBDCL7iQhF2eQwaR/s9SXjs2DV/OT3SXM3QjJO4PS3nHkzfP7Zjqm9LGSicB +gR8x5LPmxoNVA3qOInMP5xhhgbKYYusuBMAlpEgq/T9uCvLIuvRnGhBTDwIDAQAB +AoGAD5UhBLd4pDssOm+pEqtt/6F2k3j+07itQ8vecHlBzOmAFRhhXeeEvs4QJ31E +DZHKHfNCE32o1SUx0j1QTJ+vkIWHcQmLR89cLROlB4cyb+e4ki483ROr6niDNhni +KeaeW9QGMEHIAbf8UbguA2vU4p+9wcemNiFUJcwiQ740zNECQQD2GyyQbzEUbiiw +GjGbH131aVvO2FtYpYWckQhgfrBdwkLECUDRL4ggqGpOgjnF4WFXa2UC/BvLySAE +jfwBhUy3AkEAwFbCKDQWIblrQoCeFHU75fASbCXwEGtMIO/+GT9hcpUAB5iQjwOe +AMQEbs7aezSufGbIyUUL6AJBGoRGRVcEaQJALwEPqOJjyFgl00Sddtgt1OJzk3UF +NVAfzcBxjiSEQNQKdnCh/ZILeNlRvH7o099w/QZY+5H1KR3XzKblm9C+zwJAavKS +6Tn1KHFqg8Lyo1uAn9160OnTb73JyfLIbo+Ahu704kRh9TPEspZMBLU+ZQ2pDAE3 +GjsrYKmIO89bJ4k4KQJADF9+tNJ1xtW1z/wS/u1IGTkMLYApyqUMf2ewf5yvD8yx +H4PEeYEC96+kn6bdEErk6ssOP2O1n9jwIlRyZgcKOg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_1024_pem.pub b/tests/pem/ssh_rsa_1024_pem.pub new file mode 100755 index 000000000..89892c7ad --- /dev/null +++ b/tests/pem/ssh_rsa_1024_pem.pub @@ -0,0 +1,5 @@ +-----BEGIN RSA PUBLIC KEY----- +MIGJAoGBALjnyTSKAWBy+SsONQqjSAiA9bT7tAQ9yTv8NcikYCQfMcNNAu7v8jPE +EMIvuJCEXZ5DBpH+z1JeOzYNX85PdJczdCMk7g9LeceTN8/tmOqb0sZKJwGBHzHk +s+bGg1UDeo4icw/nGGGBsphi6y4EwCWkSCr9P24K8si69GcaEFMPAgMBAAE= +-----END RSA PUBLIC KEY----- diff --git a/tests/pem/ssh_rsa_1024_pem_pw b/tests/pem/ssh_rsa_1024_pem_pw new file mode 100755 index 000000000..57db65608 --- /dev/null +++ b/tests/pem/ssh_rsa_1024_pem_pw @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,E477849D4A0566B706D2DFDD516E2F3E + +mkf+MOS5kcOUMqKEyiBiBgrB3Lv4KFQyc7V26EkYIziNwriuKArhBv8Vt5SBmrzk +z9nVqPVw/CgpTlf/4BkR78EHkV4DoCgt8JIOKz1kDl9GLyRPsHIPL+g0IpBg1+LK +B0uDFoP5/aQfSl+5t1RODd11wrUg6T1BSRzRTJvzvXagrelVrZlxieTNYHd0B5AX +eJyX39DpaEIoOfyfaQFWQIaMns2Vd1y0uYdhUd8DdTHyD176KNBW10qrbzjNrIDl +3TTx6RtU0m7qxRC1++BZ/ZeKo1EnUdzPzeFNq2mO2Th2i7n2VaSuYIrArAtewYCw +CiZPVFFZhwWc6PqR27hqC5wn8nX2NrlmBHiJ16Jrkb1jLW6jUMOJRITtEjCEjcQO +05Jcj+dk60VduXG25N6EfH3Ff1P256fRZfJOaN1abyc9TlFPO701OStTLiKm/O8O +CwOSHK75CAnvbeHeLxA7r5s+y10toEZw2eR6lbUnMsu9WkwF0J/6GbQh44sVfCIQ +WNqwX76qCPxZWzMY2mLdNAl0noNMNZVlYlw1t6a23P7lzWXOOI/nO42braR/OApQ +Xn6wiLh1CzL3CvgraDocbYEBGrx0wIiz/emKJKHDTuxbcR8QNYzcr1k7z6WWQP/8 +tiV/8xqneg4f4BM8zPat8fJXnr50ZB1u7UcLwDOK6ergkksRgIA7wJeL7yhZVJP8 +s39x8w57HSFY0JWIlap7hJDD7MnnLNbQzdJ4d4HyY53uOEtYA/hFzOPGEsWL+c90 +ulbWwNz2ew2VCUuTg4CDnsckR0OUGSXQIY4xUzcTwcw= +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_1024_pkcs8 b/tests/pem/ssh_rsa_1024_pkcs8 new file mode 100755 index 000000000..cbc351404 --- /dev/null +++ b/tests/pem/ssh_rsa_1024_pkcs8 @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALjnyTSKAWBy+SsO +NQqjSAiA9bT7tAQ9yTv8NcikYCQfMcNNAu7v8jPEEMIvuJCEXZ5DBpH+z1JeOzYN +X85PdJczdCMk7g9LeceTN8/tmOqb0sZKJwGBHzHks+bGg1UDeo4icw/nGGGBsphi +6y4EwCWkSCr9P24K8si69GcaEFMPAgMBAAECgYAPlSEEt3ikOyw6b6kSq23/oXaT +eP7TuK1Dy95weUHM6YAVGGFd54S+zhAnfUQNkcod80ITfajVJTHSPVBMn6+QhYdx +CYtHz1wtE6UHhzJv57iSLjzdE6vqeIM2GeIp5p5b1AYwQcgBt/xRuC4Da9Tin73B +x6Y2IVQlzCJDvjTM0QJBAPYbLJBvMRRuKLAaMZsfXfVpW87YW1ilhZyRCGB+sF3C +QsQJQNEviCCoak6COcXhYVdrZQL8G8vJIASN/AGFTLcCQQDAVsIoNBYhuWtCgJ4U +dTvl8BJsJfAQa0wg7/4ZP2FylQAHmJCPA54AxARuztp7NK58ZsjJRQvoAkEahEZF +VwRpAkAvAQ+o4mPIWCXTRJ122C3U4nOTdQU1UB/NwHGOJIRA1Ap2cKH9kgt42VG8 +fujT33D9Blj7kfUpHdfMpuWb0L7PAkBq8pLpOfUocWqDwvKjW4Cf3XrQ6dNvvcnJ +8shuj4CG7vTiRGH1M8SylkwEtT5lDakMATcaOytgqYg7z1sniTgpAkAMX3600nXG +1bXP/BL+7UgZOQwtgCnKpQx/Z7B/nK8PzLEfg8R5gQL3r6Sfpt0QSuTqyw4/Y7Wf +2PAiVHJmBwo6 +-----END PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_1024_pkcs8_pw b/tests/pem/ssh_rsa_1024_pkcs8_pw new file mode 100755 index 000000000..2af829267 --- /dev/null +++ b/tests/pem/ssh_rsa_1024_pkcs8_pw @@ -0,0 +1,18 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIC3TBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI2Sks1nL15TMCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAECBBC04izjwickhqod+XNYhY7SBIIC +gBHoX9NakaLvJUH2rFMvrGEXsrt1FinzUDK1u2UOUfIfjcpA2cupAs8FR7kE0plQ +e55t1PW6lBpyCJTKhTxUxCKfDHPCnTSbvpVK9vdizbUDohX/fXpY03RawGcaBnDA +SchpegP1j6pbmgyCEXJP6e/mn/CYbsnWMiVXtlaFizEeJkSRn6mbl0Cq9KRwXqkI +GUZ9wdqyoHlXuAggWAXBpkvAXQ+KZbRQuQOJOHo4gL4FMnS4jXDpVswVg0voPZFb +EBzk6wUQJQSEUjN3l/Fshp9hzTOEKt8pgUIopKCVyrvuyY2gaUcOlHmNvCA/grsz +DUqV2je1wFQAoe+Wf/aa6WjMdc7WPsmaqPwHyOgk7qrYqH9XMx3IEHgV90LNrqzf +44qJlclsNl83ZFxjMcAOM4zzyoxfeq6crDRzzJeMzJVawlUmnAq1C3SMX0tHS2ax +l5NOjWOQxch3b8xAPDBQAp1xcepY4P3vzCG2o98rAJEJ4rlt/3NtklyXfXaaLsl/ +YsY1JKFZhlCtJ2uRRsp1ODKHiEBx2UAtQhPn5OVbVQwUmyUtldbnhX0KG6P8sJDU +XwzaS6QEYyqhXwuytAPzhoUyJdRop9+k5QYiQ4Z8t+xRq8+yhfhj3RJpoN1zoP/L +Anuogu1VRtwKZyLrEROSarCV47yz7ZpnNnfuaRYcHHwH5ayZ0P29iwXHIiQd6tCo +Y+0M05PkZTFcpsDmMjg5uGSSvo9kvBhg+1vwxC9CbfgL45G8ZXsrUOuMN5+HTrS5 +Qo9wzAwHvYrPFmaVTGhoZHmP2mupSnqg/ne1YdVfXzXRZpFPMPvj2YrawNOpM7T6 +PaQB/0Sn+vWbYsuyKzjH154= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_1536_openssh b/tests/pem/ssh_rsa_1536_openssh new file mode 100755 index 000000000..c341b86e7 --- /dev/null +++ b/tests/pem/ssh_rsa_1536_openssh @@ -0,0 +1,22 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAA1wAAAAdzc2gtcn +NhAAAAAwEAAQAAAMEApGB3n/5BYXbRMBuGGX2p2GPdnJg1/YKsOzhNncTMkMo+RMp/87Wi +CBESRr9gRu05RIvBnfN8Bb0q6pOHYh8nEJthWy7adufG7svz2AmN3L8WC9YplMbemj3i6Y +c8UKbdnUsAqJujOQ6v7MQeGFfpb1aVmRLiBc7Hxraoizu1OMfNJVwteN9DLTeWep2EzlbZ +LWJBSQpjEk4WInHui+ER3UzXo0GZZihnyxCnkd8E8ASHyzvVxZEpR89lJOKvwpa9AAAC6F +7vujVe77o1AAAAB3NzaC1yc2EAAADBAKRgd5/+QWF20TAbhhl9qdhj3ZyYNf2CrDs4TZ3E +zJDKPkTKf/O1oggREka/YEbtOUSLwZ3zfAW9KuqTh2IfJxCbYVsu2nbnxu7L89gJjdy/Fg +vWKZTG3po94umHPFCm3Z1LAKibozkOr+zEHhhX6W9WlZkS4gXOx8a2qIs7tTjHzSVcLXjf +Qy03lnqdhM5W2S1iQUkKYxJOFiJx7ovhEd1M16NBmWYoZ8sQp5HfBPAEh8s71cWRKUfPZS +Tir8KWvQAAAAMBAAEAAADAfd03/BRt77lROGr65a3pTb46RNvwC2vxgW79T58PnJaf04DT +NMORjGe1/OIxUF35CdmRqeZ0wtg0cmYAtktwWDEB/RYFRiL3moYk8vlt3Oecc/fK4xbcAH +L+ux5IOuFpeg6nEVuLZ0Dc7KZEKAdcmRbdCUnKp+IYuUV1m05MJ2BBWuTz1x4oPZVkDTu+ +CyjLU7u3RboaOGCfLPvupcjRSTMVBORmfhzAopaLx6eDX4DFISjNgzHPpEfqb2P80q2pAA +AAYEZkrc//Bi+o7NQdMXuQDNJYMy9BOxZddy4VrB2W+KqeEXYrXBBZp8i0iHDWMl7wI+Uh +hrW8KYGWP/8PAvQRYbNrxig90FpRw5AqTjIKM0bb0BI+zFhJu5fcHY9I6UjISgAAAGEAzb +3spw8U81xstli3roBHN+hSeEeGiv0Xz9rf/meJvcQa1AAInDOoU151GI5c8B7fDMKY0fsN +p715kxOb7O/SBXTgI9tx7cpQtJZ9VrZna8K+ZP0dPd3i1aSEm1O+mzhHAAAAYQDMh8bxm+ +rZVJQ3MFobd2WmaPTCV53KMYpHNINhid17N2ajJ5sP0TniYS/662X9GTPnTxIbvL3kILA+ +TRJS6dOR/jIfmN2UFRW7846GMbDLe4BGndF54P1sciksz+xF/tsAAAATVGhpcyBpcyBhIH +Rlc3Qga2V5IQ== +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_1536_openssh_pw b/tests/pem/ssh_rsa_1536_openssh_pw new file mode 100755 index 000000000..3c0413288 --- /dev/null +++ b/tests/pem/ssh_rsa_1536_openssh_pw @@ -0,0 +1,22 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAybv501Y +8iWmZWeJtBAfWtAAAAEAAAAAEAAADXAAAAB3NzaC1yc2EAAAADAQABAAAAwQCkYHef/kFh +dtEwG4YZfanYY92cmDX9gqw7OE2dxMyQyj5Eyn/ztaIIERJGv2BG7TlEi8Gd83wFvSrqk4 +diHycQm2FbLtp258buy/PYCY3cvxYL1imUxt6aPeLphzxQpt2dSwCom6M5Dq/sxB4YV+lv +VpWZEuIFzsfGtqiLO7U4x80lXC1430MtN5Z6nYTOVtktYkFJCmMSThYice6L4RHdTNejQZ +lmKGfLEKeR3wTwBIfLO9XFkSlHz2Uk4q/Clr0AAALwd8Mc5VGKGi3PsF5/Tjo4V8VydbWF +IrFr+vEY/8jgS2VlzHDOi/yK4UdrsvL3xcSTZlt5RMLlT0kE7VGd/SX1/x0fi1P1Z8Uknw +/4qJDGy7Anx6YccTeUtWoKs2NSZ9A0fuRotNOp0jDq7Z+1zQ8eK0GwnvPWasbFgSnYxtrn +CIBxhL08Qy3CmD0+Ajy9EEpyELHHD36wKznpxVyoEXRRO3Hq7NRnie3SBvgKBbPxHlUxNM +if6538VhA2HIG5vdADzg31U4HnIjiuykze4AGHJnPhc9gTtpOmX5CYdVZX6KDOtUcfgfsw +L+CDqSxlPnm++VGIz7fzXmnaUUxD4Pyrr/bvTxBptXc3p1+oU9QLoBMBO0dkenhIDtEfQe +ENEmQxZD3sQflh8XhEtd7BUG9SAKRXWQSds5gLmTYQXo26RpsyKjTd4iAa9/lF/+gTSVBC +3PU0Qjw9zx4Pp7riLg5z8M6j1umOmBtnN4mO58LAOETnR9IK8WN6ZaWE3nFfhBodHDpkqZ +/LELo171IqZV8iKjMj5TV57nstnF6ME7SdPTWM/juhGj03hJc2r/Mg3mSU7eeVJefe9VNN +G5N1slfu40YvWYmfTX3lKRIfIJqkrdgjv45KcBQWpoS+jjWeE8RE9wfjhlfVrFoJOYN56n +3m7Jn9jtfqBNHyCoVbP1DEbn6bbaKsprrDUYswYcHPCDEx9N2WNLxzqq7PegHYwqS5Hyv7 +c56iqRdBYv0KsAhLYBb6to/Kpi6KlPJ/sNes4Fo+Q3PMVNmJS8qhFRTvwUVdqqRyy9S63P +Us8uEcD6w61sGBFTw0CTpHqRTbMqvaC+KCXQixsXS0CCSm7PQm0CQIfiV6gS4wfQVrBQ8g +uQPpQ25PZfDPJ8ez+na/HBcoyZrg+v9/kPP52FEZ/g5s4Oe+0O6WCw9hc+nzzFIFqtAlxL +ZIJUdOA5geshBuiBCJ2U6Tr8T/mOk7IwglKRZOW01NGekVhpEiP5QJTNVguLDYvsI= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_1536_pem b/tests/pem/ssh_rsa_1536_pem new file mode 100755 index 000000000..7b2451a26 --- /dev/null +++ b/tests/pem/ssh_rsa_1536_pem @@ -0,0 +1,21 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIDewIBAAKBwQCkYHef/kFhdtEwG4YZfanYY92cmDX9gqw7OE2dxMyQyj5Eyn/z +taIIERJGv2BG7TlEi8Gd83wFvSrqk4diHycQm2FbLtp258buy/PYCY3cvxYL1imU +xt6aPeLphzxQpt2dSwCom6M5Dq/sxB4YV+lvVpWZEuIFzsfGtqiLO7U4x80lXC14 +30MtN5Z6nYTOVtktYkFJCmMSThYice6L4RHdTNejQZlmKGfLEKeR3wTwBIfLO9XF +kSlHz2Uk4q/Clr0CAwEAAQKBwH3dN/wUbe+5UThq+uWt6U2+OkTb8Atr8YFu/U+f +D5yWn9OA0zTDkYxntfziMVBd+QnZkanmdMLYNHJmALZLcFgxAf0WBUYi95qGJPL5 +bdznnHP3yuMW3ABy/rseSDrhaXoOpxFbi2dA3OymRCgHXJkW3QlJyqfiGLlFdZtO +TCdgQVrk89ceKD2VZA07vgsoy1O7t0W6Gjhgnyz77qXI0UkzFQTkZn4cwKKWi8en +g1+AxSEozYMxz6RH6m9j/NKtqQJhAM297KcPFPNcbLZYt66ARzfoUnhHhor9F8/a +3/5nib3EGtQACJwzqFNedRiOXPAe3wzCmNH7Dae9eZMTm+zv0gV04CPbce3KULSW +fVa2Z2vCvmT9HT3d4tWkhJtTvps4RwJhAMyHxvGb6tlUlDcwWht3ZaZo9MJXncox +ikc0g2GJ3Xs3ZqMnmw/ROeJhL/rrZf0ZM+dPEhu8veQgsD5NElLp05H+Mh+Y3ZQV +FbvzjoYxsMt7gEad0Xng/WxyKSzP7EX+2wJgGn/A0E+P+jxIQEAzAEXDZn8EyDsm +KBarD3l4ajL5ubhdYDrU4RGCN6Kt4EjNzZucTO9vcXQtcRJlaz0WUzEcUtmX2OZ1 +yRPKy0eqwxVhQq7liOpU7tf6VFwJPFxP63wXAmBMNfunY5WqzZ08w0OQIHk7/LfX +ApbFFJiV17dszNY+Z3JTMRrSVf/fnp8mPDiQiqeQdSImO7n2G0gQrt85De/L4pAC +vg8ycnjaw/JDhph9+dLefUfkxjUoB5HYJNHBcykCYEZkrc//Bi+o7NQdMXuQDNJY +My9BOxZddy4VrB2W+KqeEXYrXBBZp8i0iHDWMl7wI+UhhrW8KYGWP/8PAvQRYbNr +xig90FpRw5AqTjIKM0bb0BI+zFhJu5fcHY9I6UjISg== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_1536_pem.pub b/tests/pem/ssh_rsa_1536_pem.pub new file mode 100755 index 000000000..b6399f2a1 --- /dev/null +++ b/tests/pem/ssh_rsa_1536_pem.pub @@ -0,0 +1,7 @@ +-----BEGIN RSA PUBLIC KEY----- +MIHJAoHBAKRgd5/+QWF20TAbhhl9qdhj3ZyYNf2CrDs4TZ3EzJDKPkTKf/O1oggR +Eka/YEbtOUSLwZ3zfAW9KuqTh2IfJxCbYVsu2nbnxu7L89gJjdy/FgvWKZTG3po9 +4umHPFCm3Z1LAKibozkOr+zEHhhX6W9WlZkS4gXOx8a2qIs7tTjHzSVcLXjfQy03 +lnqdhM5W2S1iQUkKYxJOFiJx7ovhEd1M16NBmWYoZ8sQp5HfBPAEh8s71cWRKUfP +ZSTir8KWvQIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/tests/pem/ssh_rsa_1536_pem_pw b/tests/pem/ssh_rsa_1536_pem_pw new file mode 100755 index 000000000..c4eca3390 --- /dev/null +++ b/tests/pem/ssh_rsa_1536_pem_pw @@ -0,0 +1,24 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,DA5298F957F4BABAD26D9242D8D2FEEA + +RC9S5yEOPNePdHGCAWk8601b2glss7wSrb//kphbt4gnpxqq9OqNuZP2IlUjU6uM +/9dW4AK82pekBkywDI/zVpWBTh2FGxKOdXEcfB2IPe6HPhr9x+A0zEWJavpDjyyP +3GDU/V/A/jt5YmeEjtp0sN65xMHynl1sT7VJvGqvLqCk1p4S5Eans84+umn11XbP +s+GdP5zKkzQI0dLnf9cXYg0wLIZ5fseX1TP2m8dpx7PKH1t/eH7mWOcO1uAuCrAO +8pvfQ5GXs1g8nkwmXD7qZgxZobiQT6V+eXxAqYQy/Jqlq+zUUpd8tsJ5iwlzPNgZ +MtUzYZogNsReolQ4Rd8u6S7TLjAc3cYMXpt1W0vEpm0yB01dfmDfmsWrBfKdDX8d +bo3FLxBQXkHULTqEJXW5Gv+paltssXi/m7liPfsUbxVlJZ7mFmivSa1rQTV/pPm1 +AZyDMs/jzFn8jf/UZQWbtR2zeFCueq70N6JQTHqgEjitDHMEZcIZLLlXjw3PWaOC +xl1E5McO+p9D3ZYUdvTmYTx9DWRPRemDKrA7OFODCRyG0VlGgB6RMnRetgAcG9aD +P2kIEIDIYDAz+Y83ZTguauE44RMRNFAi735stbo5XGpQVUl7OxvlvKsUNyIVX58x +E7cIJne/QRz7NFN/52ShGjXZApKpRcpm1eH/uvsjYdA0jipU0MtkpP+HqxbMYwrr +BJ5RAjUlIYvWbz+UnW5Dnsmua0XRVTdk1GN/QDhbnHlybkk5KcJrVJlMswul2uvm +RPnyds4o0UTteqJvvpsdtkXSd1LPc0vPwbxHKNgjhF7BHxIdG16jjVfOqD5NaFzG +m+Mr9TqS/3CWI9dFkTJPjmo1NSr4vcWf2AA8KuaP+bEOx482+tZ0FwogSMbgmymX +RwvTf7O5uqo7mN44rLYe//PiC9zcZ2f+tmNWlCsz5FYxCNS5x+zpZB4fPt49S2c5 +ZhF+LqNdlh77fFyEM74pz1fcxveCKn6tx2lB/K511vXwThHJNOW+cwFfZOgqwosq +pSxqq3YtYJS5PdtRmiEnvz82PWmp7nOcTat7jnoPKhWhN24LPfygq2CWT1HM8KYC +XPIReyX3ney2bpt6cleg31kEyOnbcE7e/+vZEwwQpfUgdTzxdjyVlZTFu3yFji6E +Mjm/F3a6T4kwxgSeXEPBfie5J9RInjW8dT4W7H3PfmQ= +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_1536_pkcs8 b/tests/pem/ssh_rsa_1536_pkcs8 new file mode 100755 index 000000000..f1061e98f --- /dev/null +++ b/tests/pem/ssh_rsa_1536_pkcs8 @@ -0,0 +1,22 @@ +-----BEGIN PRIVATE KEY----- +MIIDlQIBADANBgkqhkiG9w0BAQEFAASCA38wggN7AgEAAoHBAKRgd5/+QWF20TAb +hhl9qdhj3ZyYNf2CrDs4TZ3EzJDKPkTKf/O1oggREka/YEbtOUSLwZ3zfAW9KuqT +h2IfJxCbYVsu2nbnxu7L89gJjdy/FgvWKZTG3po94umHPFCm3Z1LAKibozkOr+zE +HhhX6W9WlZkS4gXOx8a2qIs7tTjHzSVcLXjfQy03lnqdhM5W2S1iQUkKYxJOFiJx +7ovhEd1M16NBmWYoZ8sQp5HfBPAEh8s71cWRKUfPZSTir8KWvQIDAQABAoHAfd03 +/BRt77lROGr65a3pTb46RNvwC2vxgW79T58PnJaf04DTNMORjGe1/OIxUF35CdmR +qeZ0wtg0cmYAtktwWDEB/RYFRiL3moYk8vlt3Oecc/fK4xbcAHL+ux5IOuFpeg6n +EVuLZ0Dc7KZEKAdcmRbdCUnKp+IYuUV1m05MJ2BBWuTz1x4oPZVkDTu+CyjLU7u3 +RboaOGCfLPvupcjRSTMVBORmfhzAopaLx6eDX4DFISjNgzHPpEfqb2P80q2pAmEA +zb3spw8U81xstli3roBHN+hSeEeGiv0Xz9rf/meJvcQa1AAInDOoU151GI5c8B7f +DMKY0fsNp715kxOb7O/SBXTgI9tx7cpQtJZ9VrZna8K+ZP0dPd3i1aSEm1O+mzhH +AmEAzIfG8Zvq2VSUNzBaG3dlpmj0wledyjGKRzSDYYndezdmoyebD9E54mEv+utl +/Rkz508SG7y95CCwPk0SUunTkf4yH5jdlBUVu/OOhjGwy3uARp3ReeD9bHIpLM/s +Rf7bAmAaf8DQT4/6PEhAQDMARcNmfwTIOyYoFqsPeXhqMvm5uF1gOtThEYI3oq3g +SM3Nm5xM729xdC1xEmVrPRZTMRxS2ZfY5nXJE8rLR6rDFWFCruWI6lTu1/pUXAk8 +XE/rfBcCYEw1+6djlarNnTzDQ5AgeTv8t9cClsUUmJXXt2zM1j5nclMxGtJV/9+e +nyY8OJCKp5B1IiY7ufYbSBCu3zkN78vikAK+DzJyeNrD8kOGmH350t59R+TGNSgH +kdgk0cFzKQJgRmStz/8GL6js1B0xe5AM0lgzL0E7Fl13LhWsHZb4qp4RditcEFmn +yLSIcNYyXvAj5SGGtbwpgZY//w8C9BFhs2vGKD3QWlHDkCpOMgozRtvQEj7MWEm7 +l9wdj0jpSMhK +-----END PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_1536_pkcs8_pw b/tests/pem/ssh_rsa_1536_pkcs8_pw new file mode 100755 index 000000000..d757d6d29 --- /dev/null +++ b/tests/pem/ssh_rsa_1536_pkcs8_pw @@ -0,0 +1,24 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIID/TBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIVsofOnml2ugCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAECBBDuzw8XM1SrQmf7uDdU0B0wBIID +oGYDAsp3pnCzRnhbx/ouBA4uY4McoxM84DQLDmtRko8i3tMnowXFpvU4WzMhjPEO +lJ/i2bm4UWAbEkwxkhMz8efP6taD7ofsFjPQ6pTPUYjrOr9ul9K5Y/QuMJ+nC7WI +SgireB79vhp5iKGdUwNbfETf0JbJTdgQORP3CbI4UkBLM+M+gUPuBhzyS8TkyNUl +uCR4xyx7fEXsjL2csICyMIgnQFTy5aTOCW2PHwLOgnRvwkwckphQa71YOSp5/IBP +JPiZ8j/4bU2B94CatblFlyvu94R3VTKx0wV+sEQGSdMLiu/B0NF66VhbpZ27bqoc +ExbilhD1SWSHLthUhLwHpLfO1CVTBJEuVfyqF1ok/ywzVqVrNyJVHWzI5vPxuC3D +n1vaLUupOi8kh3+Igy0qKTORrrm6RQEVxiaaH1XBGhpVAKR1O7e83GwJF+SEKDUN +F/Y60T/B5nASfusHS9sOjXHjGECfOKrhVY8TkTLh4Eual8CEVYWJcO6YW2wGAFK6 +OAR9gFt50okyk8JkgcT3ocSncAv8l1E9+C8ZYlOf3YjnZVJ3WIDflz0TSHiJvj4b +zaMDjZWO9yZZmOw9Vztiwob6fDtjWvOFo8iNUG9V1hc74QbGffwPi5ak3ZPhfTJn ++vL5JhOZQw+V7gQOyy8xMiZrUsz1aN5KrXriAT2JvCe3+TV+Q3TMK9CMHnfkliXr +oKS+3IbXfm9KhnJdOAYcFmoLlntgADmK4yZvSPs9vOhn4qHjoHdnXp67MnBSX2WV +rLbar3Jf2PReei+rC/v55jOO/kxSUNPO1ndjcRHPi5Mjw5SI4NpuI/QCnV2i/M5N +whbtyFql2URL0Mv9ZblpeiJkpAsOFtYE+eA0WvZbo2yFbKDKqdGIbkiX65GPtcwM +U4cgh72Gj6/Rt4hKOljI7udS9i5QCwFz/u5tzkFVo3cYa+TqyfzVUhjDe4c6L5ei +bbJ7fgVRr8Oqwxa9FE6jvKrvHHwF543i2/ml8EUgZyvV7/Ogbz7E8h+bjqdKimye +evzGgiqcPPlFS8UIeO/gYocSYxQvdpBUT3UK1eBa6uM3rLO8zORalADit1Rrm3QA +8gYWMLUjkw5yTxeML6zRe1270E6WUhKlt+ZiS2lCM20nikzdeIJHBJiyN9yXvNMy +Cvj+sFWfIQU7shhVolKvTkEhWCa0raqtwFS0/lZjnb0OzHYRD0uMjyO/aNKcAeyW +Zlxinl0oqwmdHqWKwt/nDsw= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_2048_openssh b/tests/pem/ssh_rsa_2048_openssh new file mode 100755 index 000000000..57bcae824 --- /dev/null +++ b/tests/pem/ssh_rsa_2048_openssh @@ -0,0 +1,27 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn +NhAAAAAwEAAQAAAQEA3cYzdPtsXO6Xa3gamHP5g0QvDrlq0u8K3uXxFAacpaK0I24bVFVF +Pjsf+kUmW23jYNxL3Fk0+zUGO9cOyxkoIjSvW4FNStedes6b2NBdiBoMfcWb7yCVRC0l0E +RYCAUhXrGplWbyUXefrM4KtY5jE4m6PX8jyaGSz8rOUhcTxw3silM/Jc2B1ZrjoczoUo0j +R0BlT9B6HvDe3UGhVONAPCUrFIeeu74I15bbNdyhKxmgXstuOKHuCfsZcM1h7IoAI9Q6Ah +jGg3UkPFnxPwRFCauZjRKfhsUHuIRzMG24NkSWWfJBUSjoglInEJFQhQN8lmqPuaHXIMiN +N7Kn564JGwAAA8jwkIH78JCB+wAAAAdzc2gtcnNhAAABAQDdxjN0+2xc7pdreBqYc/mDRC +8OuWrS7wre5fEUBpylorQjbhtUVUU+Ox/6RSZbbeNg3EvcWTT7NQY71w7LGSgiNK9bgU1K +1516zpvY0F2IGgx9xZvvIJVELSXQRFgIBSFesamVZvJRd5+szgq1jmMTibo9fyPJoZLPys +5SFxPHDeyKUz8lzYHVmuOhzOhSjSNHQGVP0Hoe8N7dQaFU40A8JSsUh567vgjXlts13KEr +GaBey244oe4J+xlwzWHsigAj1DoCGMaDdSQ8WfE/BEUJq5mNEp+GxQe4hHMwbbg2RJZZ8k +FRKOiCUicQkVCFA3yWao+5odcgyI03sqfnrgkbAAAAAwEAAQAAAQBDed6GJUlfLSjdBfnx +kLfF/KTksf2SmDCSiRvEoA5hRxPQA9xE2Hzs5khgeVGmV9Tqz5w1Ot8n34Y6BsD1gn33il +ggW0MNFnVPvDUmzp7mniZWzh0XsK45xBLRPzoZlpYEncGfN2da6i6nATm4682xUCJeO6TD +4Gku1+HWkDbwRPcr8oIkf8JH3wbk1wGhitv3iQKsXTdKWCb7VPh4PyBaEwTzntxUQ0RYq7 +omT3DNmV6TSk3lzwj3d7ldj8kNHoWF2uTeUM32Sc61DryVlYKFDPk3aS+y9rf1G3XEzgXx +IVocoLF7ycwB0UKKTuzRJGFkg7nn3AP2K5jhhiJzefIhAAAAgCQfYfqMrNht5sNlrA9irs +AkTlrEV0C5qGdCc9a4zMXuCaBiOdPwQipzUBHzb0vuQ+qo6PEH1u3JpUlpPWS4U+MThdot +mAmCAEbb4jdG6CbNNIVV5k8nR9J3zIdjBj6/A3HYVgI7mOFjKPP2r9a1SLxblmhnSs/ta5 +NQdzj1yhqAAAAAgQD32kbZ89Nf1md3cSjFZrgJ76ntAElI8qvWQqF/hn3MJ1yH5RPfXDhk +P+zdxcrpc6WPzKANXPFWbggM9LM8YN7J55iDuFusmK8GfFQqgcFLEpwejsK/oeGnOuFXvN +h1VCEVu+ox/6Pu8rO2XzVoiRTZNV3W7y85+xuUbSJc55SxhwAAAIEA5RB4Q2rAEShRlVOJ +myJQEpWCGvuQzLrjFZprs70lgowwpFUl/4aOaqp1aye+BZt9JvPvsI7nTM43VscQdWO4h6 +2Q+efjQPUzpELNhcW1SgtnNyZWW0vFTBr+U5P9eYjyHApnZbCVxS9QU3pXCe2j79V0ejIO +OA3nhxQ3z2v9IM0AAAATVGhpcyBpcyBhIHRlc3Qga2V5IQ== +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_2048_openssh_pw b/tests/pem/ssh_rsa_2048_openssh_pw new file mode 100755 index 000000000..218e5cf77 --- /dev/null +++ b/tests/pem/ssh_rsa_2048_openssh_pw @@ -0,0 +1,28 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABA8qUXOxc +3OrqTc3UI10qjAAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQDdxjN0+2xc +7pdreBqYc/mDRC8OuWrS7wre5fEUBpylorQjbhtUVUU+Ox/6RSZbbeNg3EvcWTT7NQY71w +7LGSgiNK9bgU1K1516zpvY0F2IGgx9xZvvIJVELSXQRFgIBSFesamVZvJRd5+szgq1jmMT +ibo9fyPJoZLPys5SFxPHDeyKUz8lzYHVmuOhzOhSjSNHQGVP0Hoe8N7dQaFU40A8JSsUh5 +67vgjXlts13KErGaBey244oe4J+xlwzWHsigAj1DoCGMaDdSQ8WfE/BEUJq5mNEp+GxQe4 +hHMwbbg2RJZZ8kFRKOiCUicQkVCFA3yWao+5odcgyI03sqfnrgkbAAAD0LSbVnqqelotuL +f5dDjrKG1xpnMQJ+51P9Y0az9rjMBG/kNgILY/CuBOXo4QJ6bO5+Gm79UEU1V6X1yrrupG +GgpbE9NW7deP/8LySDeX5HqeLb9a9/6Z8PMvHzVD5hvyFYGrpRFCj+0gWOXQmOb1lZdzUW +TW6vAnRAEAgOj99oe9W4OUw/6w/8CMMdLPXpYDwY32M4YdN/Dy5QzLQAdsDrXaTZvHSTvl +kaPr5VpfFcMUlrWEZaAm+9Ph1zPBC0DidJ6s/2bk9/P2T0tBy6OEho4tFUshcNrKO4eZ+O +iY08ZNno15MLjNSvLgxmKtIoUWlKVgbPa3SXi+9KDE6KInz4dg18OAG8gs2YjAqMmR0rqk +xHExKOrCgFRNVymq8xrIyhq4V3vzagqCEHn+stk4ovCkgdaHc5+xR6zlFcw7DSQqYbqetZ +8ig1qpPQrNa7PuOcln7icG2WxBRV9ylUfRdQ3pT743+7orts3gPcMLYwLDOGfy36fk00nO +2weEeblDdX5RtdnIX/Uv4C/N6Ajz3ZfRH1yl7tjKyB152ybRUUqeFswyQQJCT+WhDlJZui +aSPVAt+/Qtpg7IDRSf6S1QkkA4BlBcdvLZnjg/dw2iRmoa/ZlzWmxoJsZZUgsjdnMz/92D +6j2v8F0AQJCtwlZnqYH3L5ur/U80g95eOrni+5gJVrl/Aqw/ZLv9mB5dyuVKf22RKqT6fb ++qPe5mwvQA7VgfUwhX7Duz40l6vGesjRR7ycCvkGvXXZzVWzJWbIF47TtY6aP8/88J4smI +nAo73v7t+Z5OiPj6WL/qJBIgNw2hDwZAzdD4IChBgrq57PREvl4d3OiMDLpV0hCrJaHnVp +IDhOoapf1qHCP9I2AcfPh6QnklvHlZKcdqQnYo2uLxGFa2bX30OE9zYOB1tj5daN07/hMH +5n4jnzuzAa5Wr6s6sZS59uJJ+PCRMyZujt174yIjaJeblmlfLMUMu2+5fjfNE6cUxuq8cE +kEft08acO74Q451Lw9KxziVhMNXNddQR0PnVL4cNC3dBZNvGTs/bLgBQwvysoPedbwxOZD +nd1z0treGr/euYSn5Rh8c00aPeC20pnWIFylkAtXW3JhQQcFzaAc/E0FGcRFocCl5WwZoK +C9Nu41t2V5H68pb5Nz3jY1CyK0d0OrvR0d1UyCftnmZXfBvCftvtXcNTykRKpfIcQ8b2ki +5ut5LtNCG+goSPibE8AFUkejjG9+ZWivD90Mb+54LWERKiAM67/ZpB+X05bUJRLRyejzYw +aNYsLAOlYRhvcD0h+Dg6XVE66SVc4= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_2048_pem b/tests/pem/ssh_rsa_2048_pem new file mode 100755 index 000000000..ac227d7dc --- /dev/null +++ b/tests/pem/ssh_rsa_2048_pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEA3cYzdPtsXO6Xa3gamHP5g0QvDrlq0u8K3uXxFAacpaK0I24b +VFVFPjsf+kUmW23jYNxL3Fk0+zUGO9cOyxkoIjSvW4FNStedes6b2NBdiBoMfcWb +7yCVRC0l0ERYCAUhXrGplWbyUXefrM4KtY5jE4m6PX8jyaGSz8rOUhcTxw3silM/ +Jc2B1ZrjoczoUo0jR0BlT9B6HvDe3UGhVONAPCUrFIeeu74I15bbNdyhKxmgXstu +OKHuCfsZcM1h7IoAI9Q6AhjGg3UkPFnxPwRFCauZjRKfhsUHuIRzMG24NkSWWfJB +USjoglInEJFQhQN8lmqPuaHXIMiNN7Kn564JGwIDAQABAoIBAEN53oYlSV8tKN0F ++fGQt8X8pOSx/ZKYMJKJG8SgDmFHE9AD3ETYfOzmSGB5UaZX1OrPnDU63yffhjoG +wPWCffeKWCBbQw0WdU+8NSbOnuaeJlbOHRewrjnEEtE/OhmWlgSdwZ83Z1rqLqcB +ObjrzbFQIl47pMPgaS7X4daQNvBE9yvygiR/wkffBuTXAaGK2/eJAqxdN0pYJvtU ++Hg/IFoTBPOe3FRDRFiruiZPcM2ZXpNKTeXPCPd3uV2PyQ0ehYXa5N5QzfZJzrUO +vJWVgoUM+TdpL7L2t/UbdcTOBfEhWhygsXvJzAHRQopO7NEkYWSDuefcA/YrmOGG +InN58iECgYEA99pG2fPTX9Znd3EoxWa4Ce+p7QBJSPKr1kKhf4Z9zCdch+UT31w4 +ZD/s3cXK6XOlj8ygDVzxVm4IDPSzPGDeyeeYg7hbrJivBnxUKoHBSxKcHo7Cv6Hh +pzrhV7zYdVQhFbvqMf+j7vKztl81aIkU2TVd1u8vOfsblG0iXOeUsYcCgYEA5RB4 +Q2rAEShRlVOJmyJQEpWCGvuQzLrjFZprs70lgowwpFUl/4aOaqp1aye+BZt9JvPv +sI7nTM43VscQdWO4h62Q+efjQPUzpELNhcW1SgtnNyZWW0vFTBr+U5P9eYjyHApn +ZbCVxS9QU3pXCe2j79V0ejIOOA3nhxQ3z2v9IM0CgYBMdFCWutfhIEoaVhW1jtIG +fp90NDpm/jRzi2o15E65wwqQAOH4bIIYqn9uiazmBn5ztTNJ6/mmJ5rkJDeF0Hvo +3D/3oc7lltOmtINh+VSey8bMxkzcwBrTcx4/6kj7KFBsW+MKOUlgVA2LnCLldCOy +PPwNaQqwX/1J88A92FHN0QKBgDYocbbG24hy9u8OZD+ImlP6g1tr1S2ClkQ6UXKa +qu61xJ5l/2jt4Gg5yy89o0DiJXH7RNWCxA81xoG+6RZIMI3rrJZZjDKEhuQ0YzFY +sGdEUPAKIWrOfGRlEXKjT8/XYB7fGtlBKfgIGr7R8xhG1nbTCgoGIbSBHRej4Roq +lxuVAoGAJB9h+oys2G3mw2WsD2KuwCROWsRXQLmoZ0Jz1rjMxe4JoGI50/BCKnNQ +EfNvS+5D6qjo8QfW7cmlSWk9ZLhT4xOF2i2YCYIARtviN0boJs00hVXmTydH0nfM +h2MGPr8DcdhWAjuY4WMo8/av1rVIvFuWaGdKz+1rk1B3OPXKGoA= +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_2048_pem.pub b/tests/pem/ssh_rsa_2048_pem.pub new file mode 100755 index 000000000..dc193fa92 --- /dev/null +++ b/tests/pem/ssh_rsa_2048_pem.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA3cYzdPtsXO6Xa3gamHP5g0QvDrlq0u8K3uXxFAacpaK0I24bVFVF +Pjsf+kUmW23jYNxL3Fk0+zUGO9cOyxkoIjSvW4FNStedes6b2NBdiBoMfcWb7yCV +RC0l0ERYCAUhXrGplWbyUXefrM4KtY5jE4m6PX8jyaGSz8rOUhcTxw3silM/Jc2B +1ZrjoczoUo0jR0BlT9B6HvDe3UGhVONAPCUrFIeeu74I15bbNdyhKxmgXstuOKHu +CfsZcM1h7IoAI9Q6AhjGg3UkPFnxPwRFCauZjRKfhsUHuIRzMG24NkSWWfJBUSjo +glInEJFQhQN8lmqPuaHXIMiNN7Kn564JGwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/tests/pem/ssh_rsa_2048_pem_pw b/tests/pem/ssh_rsa_2048_pem_pw new file mode 100755 index 000000000..87f2f34cb --- /dev/null +++ b/tests/pem/ssh_rsa_2048_pem_pw @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,48BE75603CC92D6548DDFAEEE3C83DCD + +v/4FWfk2XRSTEjU5nIaahG2P2BisO0B/sn3PrICjbLOGTQ1iX6Na+7iFahpCDp7j +AU9xj9JnQ4gQfH7TNWiE4h0+wWSX5DgAkZWTmA9bzsVElJkXe2EfId7D5LMVyP9F +2iVMQ4q8uvQRM3M349A/YRZM7X/+uOz6fzVbscTSjke0WzSIdcDDlWy0FrG5MICY +inMUgqhilmIaU3SWmXaDQ69uK5OYgQHG0F8XDUYMvMstU+I214+qQyGlppitSTR7 +34JKOJSZDx82Kgu6F+OrIpXRhATyTMx26h8aDWd9C77OnCuCmimhxAnnCJjWmB1Q +thJy2UQPp4fFq4GYEeRxQKScCi/1equ3lhPjJK514pUWjfbzBMD/ntZUVNA+zJuy +Y51OodQERwap4Emj5/nl6DjXzl5vgliqFjE/IjY/hyv6I/o44kHx2Agd/Yc1UK/q +azds1qPAZmfmGj/tbBg4yOAVqfoF7xunL7cdF18tjLZ43nB6elZkLp/o78PUFTX9 +ji2kStRF03DRczWgP4U8xsElDedNxLshqbL/jWUHxS+9yMW3VPcycKfAPxlDUFxH +c2Dbbdjk0zhNcA+yCtuntWovHYvKSvev17T+LnaX5ICymM8xc0bBj7nlsBpkofap +u22p6sReLma2US+qsv+Y9YRE4yUUsxOEsPtIsF9UjOi1ExDlPjpKcAiqY8hLdUKt +vEIovX5yJNI9s/LOOaGcfM1eHO7law+UD2B5NVdlx7nvtY7iA6TaxDDnoq8vm+zo +W538NMa3fFlgH6hfIR7eUjeNGAk0yINH/Hm8MnR6k9RK87bMUo6hREY57v7MnBqA +LpyislhSzx0qL4zT3jRXStUGXZkKxm9HG1vXYZmCbdjmcUIo1jbshdJLg7lkxe00 +UrNN5DI4K+45uTBg/ULq2E1+LO/CwKjQDnHgVoVl9ueQjkouEj8zzBbWbzYYvdx+ ++yLA55VUvLHIq4WSkNbSFArj67Y8a2lRId3Fm3mKscgiiAGOETBmoFmHw1MkqVsa +1SjRPRxpi57fjIDdrDybz6LyXwmAWuuUNhloTU02zSXWWKRbnqy1I1blvzA4mbJ8 +3LTqMldUDZrRqcz4kN+6QUPI/lZ6komC/6eMmkeiZVDKYZgFNkxiVsX1PZJjga2L +6S+7as3xnv2vHNPfMRNaCsn2fmFSlMhLooYMMFo5sisdXhK9uwGkmemfkwW7SrU4 +wjNCPExoV3CDriikN1dHmScbhAnfahBn4u5N5ThIh7E4Ge1qBc09uc7VpAJyFOZr +H5oJnDA1gulWdkl/ONixMNYI1VORWuD4CZOvkGdQ5Ozx9jKEwRauhSx3sxXLtloh +hhqcJ44qjYbOYH9QH+/L4W7Cdg0C9qNDnUsBG8VQTN5XbtbGAaxiZ/zmEPl0/ZdM +z5NMNifm/WqdmrBgN7XXdxcyG1Hrbprf0GsT6dRNPgZTgjCL/VJLD68VBv3S7Z0u +UJepHEDITOgmqILGSDhlBlGYlDF+x+Iv6H4Pkx9/akGcg/vFCbL1S4Ot+UwCVpsI +A9vKX4HhSPqMxmfF96hg50nSqIsjvAsSRXBIP9f+kPo8NoPZDqFU8aWI/AzNDolT +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_2048_pkcs8 b/tests/pem/ssh_rsa_2048_pkcs8 new file mode 100755 index 000000000..ae67ce102 --- /dev/null +++ b/tests/pem/ssh_rsa_2048_pkcs8 @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDdxjN0+2xc7pdr +eBqYc/mDRC8OuWrS7wre5fEUBpylorQjbhtUVUU+Ox/6RSZbbeNg3EvcWTT7NQY7 +1w7LGSgiNK9bgU1K1516zpvY0F2IGgx9xZvvIJVELSXQRFgIBSFesamVZvJRd5+s +zgq1jmMTibo9fyPJoZLPys5SFxPHDeyKUz8lzYHVmuOhzOhSjSNHQGVP0Hoe8N7d +QaFU40A8JSsUh567vgjXlts13KErGaBey244oe4J+xlwzWHsigAj1DoCGMaDdSQ8 +WfE/BEUJq5mNEp+GxQe4hHMwbbg2RJZZ8kFRKOiCUicQkVCFA3yWao+5odcgyI03 +sqfnrgkbAgMBAAECggEAQ3nehiVJXy0o3QX58ZC3xfyk5LH9kpgwkokbxKAOYUcT +0APcRNh87OZIYHlRplfU6s+cNTrfJ9+GOgbA9YJ994pYIFtDDRZ1T7w1Js6e5p4m +Vs4dF7CuOcQS0T86GZaWBJ3BnzdnWuoupwE5uOvNsVAiXjukw+BpLtfh1pA28ET3 +K/KCJH/CR98G5NcBoYrb94kCrF03Slgm+1T4eD8gWhME857cVENEWKu6Jk9wzZle +k0pN5c8I93e5XY/JDR6Fhdrk3lDN9knOtQ68lZWChQz5N2kvsva39Rt1xM4F8SFa +HKCxe8nMAdFCik7s0SRhZIO559wD9iuY4YYic3nyIQKBgQD32kbZ89Nf1md3cSjF +ZrgJ76ntAElI8qvWQqF/hn3MJ1yH5RPfXDhkP+zdxcrpc6WPzKANXPFWbggM9LM8 +YN7J55iDuFusmK8GfFQqgcFLEpwejsK/oeGnOuFXvNh1VCEVu+ox/6Pu8rO2XzVo +iRTZNV3W7y85+xuUbSJc55SxhwKBgQDlEHhDasARKFGVU4mbIlASlYIa+5DMuuMV +mmuzvSWCjDCkVSX/ho5qqnVrJ74Fm30m8++wjudMzjdWxxB1Y7iHrZD55+NA9TOk +Qs2FxbVKC2c3JlZbS8VMGv5Tk/15iPIcCmdlsJXFL1BTelcJ7aPv1XR6Mg44DeeH +FDfPa/0gzQKBgEx0UJa61+EgShpWFbWO0gZ+n3Q0Omb+NHOLajXkTrnDCpAA4fhs +ghiqf26JrOYGfnO1M0nr+aYnmuQkN4XQe+jcP/ehzuWW06a0g2H5VJ7LxszGTNzA +GtNzHj/qSPsoUGxb4wo5SWBUDYucIuV0I7I8/A1pCrBf/UnzwD3YUc3RAoGANihx +tsbbiHL27w5kP4iaU/qDW2vVLYKWRDpRcpqq7rXEnmX/aO3gaDnLLz2jQOIlcftE +1YLEDzXGgb7pFkgwjeusllmMMoSG5DRjMViwZ0RQ8Aohas58ZGURcqNPz9dgHt8a +2UEp+AgavtHzGEbWdtMKCgYhtIEdF6PhGiqXG5UCgYAkH2H6jKzYbebDZawPYq7A +JE5axFdAuahnQnPWuMzF7gmgYjnT8EIqc1AR829L7kPqqOjxB9btyaVJaT1kuFPj +E4XaLZgJggBG2+I3RugmzTSFVeZPJ0fSd8yHYwY+vwNx2FYCO5jhYyjz9q/WtUi8 +W5ZoZ0rP7WuTUHc49coagA== +-----END PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_2048_pkcs8_pw b/tests/pem/ssh_rsa_2048_pkcs8_pw new file mode 100755 index 000000000..057db4292 --- /dev/null +++ b/tests/pem/ssh_rsa_2048_pkcs8_pw @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQItFm0FeTcjJgCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAECBBCBMDX93ZyUNlXHGQJ5FEF8BIIE +0J/YSliZKBiMp92txIXNWyMhQteWQHVW6gAn4TFTw14mQtTXWzkhX5xjjYal/uI8 +t7KWOjS9LODairbmCjShuD9sD+JR9pdvwADEbQYOh3WVwtoybDf042MEnaWs8Fsq +aL/S17OTI3mB3MVVCj7Tss3/zotcyaFZkgA6B1W6iVOsj1rihYMPmLZtL6q8EiYa +MVu4Hak1MnqzBzMWFyzJGPGg4qMxA3DiImx4N/zgwoKScpp2LJTezb2NndoekGc/ +onZd5qxGg5rwifx1ssrVFu0KDwFEe/0jenC7Fi2I5akPwl1EYS9FvYF+NwxonLT2 +75WlVrA8VxcH6l+mSr9bdSRYtUaKcyZf96IzmUbyPvXPFa25WOl3iPZOzd7rhw7T +sMe9W3s4YJbH5OpptUu7bUbGtEEbLExnQfFuRaD5Sa+Loeh9Om397XZjW9fJLZwS +BgqS4TRvuuh2Stq7cih/uOyo9631X+zRmFC14SvCbcQMIoZrIP4+pq3hgIJHMCOs +pGfePvNg50ZpVIxBkLYXMIO7uM8A4iiCwmEc7xt1lrN2B3FGRS1boVYyryFPmQFZ +xQ62zEyuDmvoWqYfxg06TL8yfqkYoW4Advaebt4FRprfHHD3u2ggVRg1PeSBq1nr +NQmCirJt4MsK9vnHEh8DId8p25ltPfs/8QtRihCYiZ6+BH0OYeYeWogoCF/VbZic +gcXmxYKJXz2Cy8U3N71awBIsOH3aSd/ib+6VnsqKPhNbz6WBurOHctqTZWc4+4vd +tCWD7NFQ3/4+OEcNaPMJTepMGToaVNLS8UHI4+4Ja2X2YABLB1cjNyGN2B0WBYnf +IuHvzLF0PV2KxuyqZ3uVyrUIeXybvUyGVYb1957dIFZL6j4KLQP0GX9q4EhyMIlK +z+x+2hWPVwCOvVXwsgWsUclUTaQ+3TQK7Vk3g6crGYNHeWsxf1khux7fif7odRer +7tJcI0KI9nga5THnd+F8dio05+lbUYYB+gB3MZrQoo842IOBpyZLwP3UM51gRaW1 +8ouBGe2bIJapoeyqzY5r93dROkZJbxUKafIg9DAOLZaO3SufG8vYoX/YgZCiWC0d +NDJFVvlDT9GPPNoyYPKjjLYWwmlrN4Ekqk26Zi+0CdvwH8F3gl1Bw+T2arlWm4Lf +uPwWOtXFn+ymuUkQiZOt5Hkhjl4BiqUUpKyzqy37ipoOG1pKGKBm8l9dlcBYMysv +XQDcYMEDZzG4S0GOMoUUs12ejcO1o5PO9F6O1Mf8VFmlPc3q5GTF6/b3ce3Pb45V +XEDewWd3AxUu+2a968r9hnrBY8pLjALVqwEHaFouiv9tW+n4A6kOf+LJ5J3oUN9E +oBlucLBrccq17Ml6UKA7reos1FIS96T+lnOhUIdUX52h1Z3WB+Jq7XecFPc7XXae +6jTFR7KHsWsZf8Gmac7ElrMPIzSZRXqaI/C3kS8KWUSTe5DQ0gUTwg9fZQgYfPrm +YqAfDV44OwUuVqbbBFGr8BFYlU7Urz6VOUjcHZScyEMiuT+IBtcitXzSWUOugJZ6 +2eqs06jTh/K1xEaex4NdAHy7ejSe6MP3QiewUOQhL2vItZGP5Ca/JjvDZNrR5T/r +3Glk2w/+jf5rz3Q5PeTpYmolXIvYBeKYOcMDT7OjnXcE +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_768_openssh b/tests/pem/ssh_rsa_768_openssh new file mode 100755 index 000000000..d127f5cc0 --- /dev/null +++ b/tests/pem/ssh_rsa_768_openssh @@ -0,0 +1,15 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAdwAAAAdz +c2gtcnNhAAAAAwEAAQAAAGEA2Hm3hkBQp5UIjURO6/VBG46/g0DE3cNWRxgdsOsQ +/w8ynpvO+tRnQqarC6xmsNg+2kiKD9QeUs/O9GKFVh5+gKOx75te1dysX5+AdNRj +UEzOfi9upnWLOYiTRrv5bVHXAAABoBEnz2cRJ89nAAAAB3NzaC1yc2EAAABhANh5 +t4ZAUKeVCI1ETuv1QRuOv4NAxN3DVkcYHbDrEP8PMp6bzvrUZ0KmqwusZrDYPtpI +ig/UHlLPzvRihVYefoCjse+bXtXcrF+fgHTUY1BMzn4vbqZ1izmIk0a7+W1R1wAA +AAMBAAEAAABhAKvBNwm/sb6lEpnzHqM8fiH9Spo7I3fIaoYR7kzW1S9pwYHyoXCG +Yj+RuZiTew7JIu+4Kl5DZNnuP4V3swURYFvX/ufD++5Qs4kNmu39uFBiX3y2sW8C +uySjsjjcgb+vAQAAADAEjSqGRZ0zY1NzZ2pxqlpOJVYT5+cebGlBxCbR+AJ1/IFh +Pi5sQOp8N3nzPDbcUqIAAAAxAO7sYlU1v/3oyV8QjvqRXgmeB0wuxOGFImzox4sO +0HBeAxfCxYcQfZiC4uVSxF5glwAAADEA5/KZlRMxLcRTSJ6Yco0C8GOFH8+jqWMU +aUez5zzukKy3D8ivg7Xc69oLf2FWPYDBAAAAE1RoaXMgaXMgYSB0ZXN0IGtleSEB +AgMEBQYH +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_768_openssh_pw b/tests/pem/ssh_rsa_768_openssh_pw new file mode 100755 index 000000000..8947e9eb2 --- /dev/null +++ b/tests/pem/ssh_rsa_768_openssh_pw @@ -0,0 +1,15 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAC +J8hSzoIyLx3E5jPIB2+dAAAAEAAAAAEAAAB3AAAAB3NzaC1yc2EAAAADAQABAAAA +YQDYebeGQFCnlQiNRE7r9UEbjr+DQMTdw1ZHGB2w6xD/DzKem8761GdCpqsLrGaw +2D7aSIoP1B5Sz870YoVWHn6Ao7Hvm17V3Kxfn4B01GNQTM5+L26mdYs5iJNGu/lt +UdcAAAGg5KEoKEGcbJHtDO+YEzKTpVbR3vJgiVQa+uZRbxxF4MSa/8/4KmXVAe4F +hcLVJ+lmuebATIlH/3E1nefqrshZNbStiJIDf810UBd0b4C56CPCgb3SUmS0FWeh +TTFdqXmJhMFlhLlCNVYxJrTEAmpFIBuhmz9Unj2B/qhhwgtDJny6RXwNklfwdAh+ +0K2xI7nQMY+9n/80PrIetXxdrI9Rauh4MIIhVzgif5ps02VbJ8Ts2BMpFBzaS6gY ++G/5IXqM2vmqIpe1zetvRCJP1WRTmaYGJ6El57m0OQ8ZwzCBGNGEfp74ouEIlS2A +LMuhSUwCfHfUK19t5lzrjBvjQp4XutST/bbjKhIRdQOwK1nusZazivxNocLLEYzD +UIL6OECmIRdeUVJZzQlYUvJR8oYVXvGX/cF/kA6ppyzZhoonBtGRwALplo6OfdOt +pNPk/ZmlyIUmV+Eil522Q9WO3a+e7sCGxGbj/Ua8/C8NJHs/rRvyZ8yfL6lvJKMi +Yk96FZiXS7rEi1p63A8oxgO4rYbghwIfXAN6UDgRpaM7ulC4Lao= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_768_pem b/tests/pem/ssh_rsa_768_pem new file mode 100644 index 000000000..021f1b52f --- /dev/null +++ b/tests/pem/ssh_rsa_768_pem @@ -0,0 +1,12 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBywIBAAJhANh5t4ZAUKeVCI1ETuv1QRuOv4NAxN3DVkcYHbDrEP8PMp6bzvrU +Z0KmqwusZrDYPtpIig/UHlLPzvRihVYefoCjse+bXtXcrF+fgHTUY1BMzn4vbqZ1 +izmIk0a7+W1R1wIDAQABAmEAq8E3Cb+xvqUSmfMeozx+If1Kmjsjd8hqhhHuTNbV +L2nBgfKhcIZiP5G5mJN7Dski77gqXkNk2e4/hXezBRFgW9f+58P77lCziQ2a7f24 +UGJffLaxbwK7JKOyONyBv68BAjEA7uxiVTW//ejJXxCO+pFeCZ4HTC7E4YUibOjH +iw7QcF4DF8LFhxB9mILi5VLEXmCXAjEA5/KZlRMxLcRTSJ6Yco0C8GOFH8+jqWMU +aUez5zzukKy3D8ivg7Xc69oLf2FWPYDBAjAz9+i/ngxfvzWl3uUqrVnl/6CYuoeK +gjnltJBKt/MwrdJAZdYvNbAL71RJC0K5QIsCMQDTAoQv947E6RcvOIDNrXUgBhmk +z/w+7BE0mfOTiX4rBcVgSZ1KwFckBXBySLXxK8ECMASNKoZFnTNjU3NnanGqWk4l +VhPn5x5saUHEJtH4AnX8gWE+LmxA6nw3efM8NtxSog== +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_768_pem.pub b/tests/pem/ssh_rsa_768_pem.pub new file mode 100644 index 000000000..9fee21941 --- /dev/null +++ b/tests/pem/ssh_rsa_768_pem.pub @@ -0,0 +1,5 @@ +-----BEGIN RSA PUBLIC KEY----- +MGgCYQDYebeGQFCnlQiNRE7r9UEbjr+DQMTdw1ZHGB2w6xD/DzKem8761GdCpqsL +rGaw2D7aSIoP1B5Sz870YoVWHn6Ao7Hvm17V3Kxfn4B01GNQTM5+L26mdYs5iJNG +u/ltUdcCAwEAAQ== +-----END RSA PUBLIC KEY----- diff --git a/tests/pem/ssh_rsa_768_pem_pw b/tests/pem/ssh_rsa_768_pem_pw new file mode 100644 index 000000000..3b3590ce4 --- /dev/null +++ b/tests/pem/ssh_rsa_768_pem_pw @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,B8B44B077A4C4A63144875D0A8319272 + +4S9dwwHP6kvCq+PHpCOEuJV9eFZo30ujR4V4ju2GEDxoNzl+RvBurSABRv+MOwOO ++7cXxFOCNFOnhKxvwENLyJ/wvkO7X0al1lF0yFHoF5scWFG1LRxQKp3kpW+k/ncW ++eO72S7Er0fv3DbMC7ZqXXecHc5RauC16quRWqHrYuRHpGj8VqzveEz2r4XAg0zB +OBq+osTF/fxydpncrtChRwcgyCZ7Er9eMEID0T+vlJFmuNEUYvYW9j4BVqMcmoKA +qKr5vr95ss4Hq8lOnha4OQlVzod883QzB3MCMLFkE3e9x3DyvyfGgm0CIIZzz/I4 +3w40pmq1tB/yrp2V8PvdC+ksWHx/2MFuzhcgeugfnrE0my9khsGLkaS2k1fbueBl +s83tIODLBbvjS26KxrADo5vHltwGD9GK6CpnAbL4tS2YVHiOaaI8fqWjNNq8EoXI +tmMve/dEej0HILbjIp0IqKs/rOtrTxf4UBKAhf+j2S8VxDq1gf28YR34zHEpzM3p +bMTPlg0KZRYJ9x7VNz818a4FSBJOWMI8VXBbb7lW/iSQwvQ3orX5rhNrdkHa4B2W +aYaiT78/MwUzjmexGRSgNhymDmHrNx76cg40MeWV6vU= +-----END RSA PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_768_pkcs8 b/tests/pem/ssh_rsa_768_pkcs8 new file mode 100644 index 000000000..bcebb7046 --- /dev/null +++ b/tests/pem/ssh_rsa_768_pkcs8 @@ -0,0 +1,13 @@ +-----BEGIN PRIVATE KEY----- +MIIB5QIBADANBgkqhkiG9w0BAQEFAASCAc8wggHLAgEAAmEA2Hm3hkBQp5UIjURO +6/VBG46/g0DE3cNWRxgdsOsQ/w8ynpvO+tRnQqarC6xmsNg+2kiKD9QeUs/O9GKF +Vh5+gKOx75te1dysX5+AdNRjUEzOfi9upnWLOYiTRrv5bVHXAgMBAAECYQCrwTcJ +v7G+pRKZ8x6jPH4h/UqaOyN3yGqGEe5M1tUvacGB8qFwhmI/kbmYk3sOySLvuCpe +Q2TZ7j+Fd7MFEWBb1/7nw/vuULOJDZrt/bhQYl98trFvArsko7I43IG/rwECMQDu +7GJVNb/96MlfEI76kV4JngdMLsThhSJs6MeLDtBwXgMXwsWHEH2YguLlUsReYJcC +MQDn8pmVEzEtxFNInphyjQLwY4Ufz6OpYxRpR7PnPO6QrLcPyK+Dtdzr2gt/YVY9 +gMECMDP36L+eDF+/NaXe5SqtWeX/oJi6h4qCOeW0kEq38zCt0kBl1i81sAvvVEkL +QrlAiwIxANMChC/3jsTpFy84gM2tdSAGGaTP/D7sETSZ85OJfisFxWBJnUrAVyQF +cHJItfErwQIwBI0qhkWdM2NTc2dqcapaTiVWE+fnHmxpQcQm0fgCdfyBYT4ubEDq +fDd58zw23FKi +-----END PRIVATE KEY----- diff --git a/tests/pem/ssh_rsa_768_pkcs8_pw b/tests/pem/ssh_rsa_768_pkcs8_pw new file mode 100644 index 000000000..1d34b244c --- /dev/null +++ b/tests/pem/ssh_rsa_768_pkcs8_pw @@ -0,0 +1,15 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICTTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIEaKL7XuBIEICAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBCZ+XyUGrg7gYyFqeguoe1NBIIB +8Go4EfQEXAYL36fZ4VFayZ+TsC788ISC4fPlpw9mGDH2rzC0TvB8qAUhMaGkKyx3 +jxCs0jPObG3cW1W7R54ZN7Vc3HgXnqizEsImab8nejjJZc/MdgUU7vvUg+gPg6s2 +KdVIyJb5fQqKVR/412UEnZ5HZtKsi+L2EMBaorOWav7ZexEnJo9UTgdW1Fxt1LVy +qZmwJgZ6M0tlniWlBJXmTlsiaUW8rgXi7X+0YQLYslboSQdRw+Wkkjks/mHi2720 +fuoc/n4gR+Ijc8p8VrB8cjvTVNRJ2Ldi1ecmZqnpY2nZ5+7rVAbMzb+1LrJjYxuI +LICjRrJqI12/HGic1GQEz89pBKLQrO2S3yEDQfz88I5oEfG4tisKD4vctiWyp9BQ +AT3NWGuOS1jYMXwLGGQOPbC84GzZbzrtdHXKvboLlPg5RX5Chhw05na53rue5XI+ +pLRPr+ohw77Q9Dv0A4LZIJlDowdzmEzOl2fYluEHbFm0Qega+Dub+8U8eCejb9S4 +qBvZWpfNjNpcAypwHi9PHL7pHdY1w/l/Mwj/pn/4cN0dLz33u65sgDz590nkDVfG +peomL/xbDKMHHFIG/217RpDkIPS0sRbIdO3DgnUIjTle4OGRTpCsMW6VKfPy4liv +cRCMx2Tt+IfOdLWW38hi6u4= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/pem_test.c b/tests/pem_test.c index eea300046..14c0a7ce7 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -74,23 +74,23 @@ static int s_key_cmp(ltc_pka_key *key) return CRYPT_INVALID_ARG; } -static int s_pem_only_decode(const void *in, unsigned long inlen, void *key) +static int s_pem_only_decode_pkcs(const void *in, unsigned long inlen, void *key) { password_ctx pw_ctx; pw_ctx.callback = password_get; return pem_decode_pkcs(in, inlen, key, &pw_ctx); } -static int s_pem_decode(const void *in, unsigned long inlen, void *key) +static int s_pem_decode_pkcs(const void *in, unsigned long inlen, void *key) { int err; - if ((err = s_pem_only_decode(in, inlen, key)) != CRYPT_OK) { + if ((err = s_pem_only_decode_pkcs(in, inlen, key)) != CRYPT_OK) { return err; } return s_key_cmp(key); } -static int s_pem_decode_f(FILE *f, void *key) +static int s_pem_decode_pkcs_f(FILE *f, void *key) { password_ctx pw_ctx; int err; @@ -101,6 +101,26 @@ static int s_pem_decode_f(FILE *f, void *key) return s_key_cmp(key); } +static int s_pem_only_decode(const void *in, unsigned long inlen, void *key) +{ + password_ctx pw_ctx; + pw_ctx.callback = password_get; + if ((strcmp(ltc_mp.name, "TomsFastMath") == 0) && (inlen > 2048)) { +#if defined(LTC_TEST_DBG) && LTC_TEST_DBG > 1 + fprintf(stderr, "Skipping testcase because of TomsFastMath\n"); +#endif + return CRYPT_NOP; + } + return pem_decode(in, inlen, key, &pw_ctx); +} + +static int s_pem_only_decode_f(FILE *f, void *key) +{ + password_ctx pw_ctx; + pw_ctx.callback = password_get; + return pem_decode_filehandle(f, key, &pw_ctx); +} + int pem_test(void) { ltc_pka_key key; @@ -118,16 +138,22 @@ int pem_test(void) #endif - DO(test_process_dir("tests/pem", &key, s_pem_decode, NULL, (dir_cleanup_cb)pka_key_free, "pem_test")); - DO(test_process_dir("tests/pem", &key, NULL, s_pem_decode_f, (dir_cleanup_cb)pka_key_free, "pem_test_filehandle")); - DO(test_process_dir("tests/pem/ecc-pkcs8", &key, s_pem_decode, NULL, (dir_cleanup_cb)pka_key_free, "pem_test+ecc")); - DO(test_process_dir("tests/pem/ecc-pkcs8", &key, NULL, s_pem_decode_f, (dir_cleanup_cb)pka_key_free, "pem_test_filehandle+ecc")); - DO(test_process_dir("tests/pem/extra", &key, s_pem_only_decode, NULL, (dir_cleanup_cb)pka_key_free, "pem_test+extra")); + DO(test_process_dir("tests/pem/pkcs", &key, s_pem_decode_pkcs, NULL, (dir_cleanup_cb)pka_key_free, "pem_pkcs_test")); + DO(test_process_dir("tests/pem/pkcs", &key, NULL, s_pem_decode_pkcs_f, (dir_cleanup_cb)pka_key_free, "pem_pkcs_test_filehandle")); + DO(test_process_dir("tests/pem/pkcs/ecc-pkcs8", &key, s_pem_decode_pkcs, NULL, (dir_cleanup_cb)pka_key_free, "pem_pkcs_test+ecc")); + DO(test_process_dir("tests/pem/pkcs/ecc-pkcs8", &key, NULL, s_pem_decode_pkcs_f, (dir_cleanup_cb)pka_key_free, "pem_pkcs_test_filehandle+ecc")); + DO(test_process_dir("tests/pem/pkcs/extra", &key, s_pem_only_decode_pkcs, NULL, (dir_cleanup_cb)pka_key_free, "pem_pkcs_test+extra")); #ifdef LTC_SSH - DO(test_process_dir("tests/ssh", &key, s_pem_decode_ssh, NULL, (dir_cleanup_cb)pka_key_free, "pem_test+ssh")); - DO(test_process_dir("tests/ssh", &key, NULL, s_pem_decode_ssh_f, (dir_cleanup_cb)pka_key_free, "pem_test_filehandle+ssh")); - DO(test_process_dir("tests/ssh/extra", &key, s_pem_decode_ssh, NULL, (dir_cleanup_cb)pka_key_free, "pem_test+ssh+extra")); + DO(test_process_dir("tests/pem/ssh", &key, s_pem_decode_ssh, NULL, (dir_cleanup_cb)pka_key_free, "pem_ssh_test")); + DO(test_process_dir("tests/pem/ssh", &key, NULL, s_pem_decode_ssh_f, (dir_cleanup_cb)pka_key_free, "pem_ssh_test_filehandle")); + DO(test_process_dir("tests/pem/ssh/extra", &key, s_pem_decode_ssh, NULL, (dir_cleanup_cb)pka_key_free, "pem_ssh_test+extra")); #endif + DO(test_process_dir("tests/pem", &key, s_pem_only_decode, NULL, (dir_cleanup_cb)pka_key_free, "pem_test")); + DO(test_process_dir("tests/pem", &key, NULL, s_pem_only_decode_f, (dir_cleanup_cb)pka_key_free, "pem_test_filehandle")); + if (strcmp(ltc_mp.name, "TomsFastMath") != 0) { + DO(test_process_dir("tests/pem/non-tfm", &key, s_pem_only_decode, NULL, (dir_cleanup_cb)pka_key_free, "pem_test")); + DO(test_process_dir("tests/pem/non-tfm", &key, NULL, s_pem_only_decode_f, (dir_cleanup_cb)pka_key_free, "pem_test_filehandle")); + } #if defined(LTC_MDSA) dsa_free(&s_dsa_key_should); From 03515d56111e5135cae71f0556d645bc75e1f87c Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 17 Oct 2023 11:27:32 +0200 Subject: [PATCH 40/51] Move password buffer into the library The design before was not completely fine. The user had to allocate the buffer and passed ownership to the library. As of [0] this seems to be a problem in some environments. [0] https://github.com/libtom/libtomcrypt/pull/587#issuecomment-1765324724 Signed-off-by: Steffen Jaeckel --- demos/openssh-privkey.c | 23 ++++++++++------------- src/headers/tomcrypt_custom.h | 4 ++++ src/headers/tomcrypt_pk.h | 11 +++-------- src/headers/tomcrypt_private.h | 19 +++++++++---------- src/misc/crypt/crypt.c | 3 +++ src/misc/pbes/pbes.c | 2 +- src/misc/pem/pem_pkcs.c | 11 ++++------- src/misc/pem/pem_ssh.c | 7 ++++--- src/pk/asn1/pkcs8/pkcs8_decode_flexi.c | 12 +++++------- tests/ecc_test.c | 8 +++++--- tests/ed25519_test.c | 8 +++++--- tests/pem_test.c | 16 ++++++++++------ tests/rsa_test.c | 8 +++++--- tests/x25519_test.c | 13 ++++++++----- 14 files changed, 76 insertions(+), 69 deletions(-) diff --git a/demos/openssh-privkey.c b/demos/openssh-privkey.c index 9a2aca0ff..4e8fa5765 100644 --- a/demos/openssh-privkey.c +++ b/demos/openssh-privkey.c @@ -29,15 +29,11 @@ static void die_(int err, int line) #define die(i) do { die_(i, __LINE__); } while(0) #define DIE(s, ...) do { print_err("%3d: " s "\n", __LINE__, ##__VA_ARGS__); exit(EXIT_FAILURE); } while(0) -static char* getpassword(const char *prompt, size_t maxlen) +static int getpassword(const char *prompt, char *pass, unsigned long *len) { - char *wr, *end, *pass = XCALLOC(1, maxlen + 1); struct termios tio; tcflag_t c_lflag; - if (pass == NULL) - return NULL; - wr = pass; - end = pass + maxlen; + unsigned long maxlen = *len, wr = 0; tcgetattr(0, &tio); c_lflag = tio.c_lflag; @@ -46,24 +42,25 @@ static char* getpassword(const char *prompt, size_t maxlen) printf("%s", prompt); fflush(stdout); - while (pass < end) { + while (1) { int c = getchar(); if (c == '\r' || c == '\n' || c == -1) break; - *wr++ = c; + if (wr < maxlen) + pass[wr] = c; + wr++; } + *len = wr; tio.c_lflag = c_lflag; tcsetattr(0, TCSAFLUSH, &tio); printf("\n"); - return pass; + return wr <= maxlen; } -static int password_get(void **p, unsigned long *l, void *u) +static int password_get(void *p, unsigned long *l, void *u) { (void)u; - *p = getpassword("Enter passphrase: ", 256); - *l = strlen(*p); - return 0; + return getpassword("Enter passphrase: ", p, l); } static void print(ltc_pka_key *k) diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h index 7dd17c3e2..2cb442271 100644 --- a/src/headers/tomcrypt_custom.h +++ b/src/headers/tomcrypt_custom.h @@ -627,6 +627,10 @@ #define LTC_PBES #endif +#if defined(LTC_PEM) || defined(LTC_PKCS_8) && !defined(LTC_MAX_PASSWORD_LEN) + #define LTC_MAX_PASSWORD_LEN 256 +#endif + #if defined(LTC_CLEAN_STACK) /* if you're sure that you want to use it, remove the line below */ #error LTC_CLEAN_STACK is considered as broken diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index cb309618d..f75040255 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -5,17 +5,12 @@ typedef struct { /** Callback function that is called when a password is required. - Please be aware that the library takes ownership of the pointer that is - returned to the library via `str`. - `str` shall be allocated via the same function as `XMALLOC` points to. - The data will be zeroed and `XFREE`'d as soon as it isn't required anymore. - - @param str Pointer to pointer where the password will be stored. - @param len Pointer to the length of the password. + @param str Pointer to where the password shall be stored. + @param len [in/out] The max length resp. resulting length of the password. @param userdata `userdata` that was passed in the `password_ctx` struct. @return CRYPT_OK on success */ - int (*callback)(void **str, unsigned long *len, void *userdata); + int (*callback)(void *str, unsigned long *len, void *userdata); /** Opaque `userdata` pointer passed when the callback is called */ void *userdata; } password_ctx; diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 69d405929..a5f1ceba2 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -83,11 +83,18 @@ typedef struct { unsigned long blocklen; } pbes_properties; +struct password { + /* usually a `char*` but could also contain binary data + * so use a `void*` + length to be on the safe side. + */ + unsigned char pw[LTC_MAX_PASSWORD_LEN]; + unsigned long l; +}; + typedef struct { pbes_properties type; - void *pwd; - unsigned long pwdlen; + struct password pwd; ltc_asn1_list *enc_data; ltc_asn1_list *salt; ltc_asn1_list *iv; @@ -259,14 +266,6 @@ enum cipher_mode { cm_none, cm_cbc, cm_cfb, cm_ctr, cm_ofb, cm_stream, cm_gcm }; -struct password { - /* usually a `char*` but could also contain binary data - * so use a `void*` + length to be on the safe side. - */ - void *pw; - unsigned long l; -}; - struct blockcipher_info { const char *name; const char *algo; diff --git a/src/misc/crypt/crypt.c b/src/misc/crypt/crypt.c index bf2c3ecf3..af1e23c85 100644 --- a/src/misc/crypt/crypt.c +++ b/src/misc/crypt/crypt.c @@ -470,6 +470,9 @@ const char *crypt_build_settings = " PBES1 " " PBES2 " #endif +#if defined(LTC_MAX_PASSWORD_LEN) + " " NAME_VALUE(LTC_MAX_PASSWORD_LEN) " " +#endif #if defined(LTC_PEM) " PEM " " " NAME_VALUE(LTC_PEM_DECODE_BUFSZ) " " diff --git a/src/misc/pbes/pbes.c b/src/misc/pbes/pbes.c index 34be01c4e..e374ff39d 100644 --- a/src/misc/pbes/pbes.c +++ b/src/misc/pbes/pbes.c @@ -50,7 +50,7 @@ int pbes_decrypt(const pbes_arg *arg, unsigned char *dec_data, unsigned long *d if (klen > sizeof(k)) return CRYPT_INVALID_ARG; - if ((err = arg->type.kdf(arg->pwd, arg->pwdlen, arg->salt->data, arg->salt->size, arg->iterations, hid, k, &klen)) != CRYPT_OK) goto LBL_ERROR; + if ((err = arg->type.kdf(arg->pwd.pw, arg->pwd.l, arg->salt->data, arg->salt->size, arg->iterations, hid, k, &klen)) != CRYPT_OK) goto LBL_ERROR; if ((err = cbc_start(cid, iv, k, keylen, 0, &cbc)) != CRYPT_OK) goto LBL_ERROR; if ((err = cbc_decrypt(arg->enc_data->data, dec_data, arg->enc_data->size, &cbc)) != CRYPT_OK) goto LBL_ERROR; if ((err = cbc_done(&cbc)) != CRYPT_OK) goto LBL_ERROR; diff --git a/src/misc/pem/pem_pkcs.c b/src/misc/pem/pem_pkcs.c index f189faf2e..2e0962157 100644 --- a/src/misc/pem/pem_pkcs.c +++ b/src/misc/pem/pem_pkcs.c @@ -25,9 +25,6 @@ static int s_decrypt_pem(unsigned char *pem, unsigned long *l, const struct pem_ if (hdr->info.keylen > sizeof(key)) { return CRYPT_BUFFER_OVERFLOW; } - if (!hdr->pw->pw) { - return CRYPT_INVALID_ARG; - } ivlen = sizeof(iv); if ((err = base16_decode(hdr->info.iv, XSTRLEN(hdr->info.iv), iv, &ivlen)) != CRYPT_OK) { @@ -202,7 +199,7 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_c unsigned long w, l, n; int err = CRYPT_ERROR; struct pem_headers hdr = { 0 }; - struct password pw; + struct password pw = { 0 }; enum ltc_pka_id pka; XMEMSET(k, 0, sizeof(*k)); w = LTC_PEM_READ_BUFSIZE * 2; @@ -241,7 +238,8 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_c } hdr.pw = &pw; - if (pw_ctx->callback(&hdr.pw->pw, &hdr.pw->l, pw_ctx->userdata)) { + hdr.pw->l = LTC_MAX_PASSWORD_LEN; + if (pw_ctx->callback(hdr.pw->pw, &hdr.pw->l, pw_ctx->userdata)) { err = CRYPT_ERROR; goto cleanup; } @@ -266,8 +264,7 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_c cleanup: if (hdr.pw) { - zeromem(hdr.pw->pw, hdr.pw->l); - XFREE(hdr.pw->pw); + zeromem(hdr.pw->pw, sizeof(hdr.pw->pw)); } XFREE(pem); return err; diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c index ca423a086..3ddd76720 100644 --- a/src/misc/pem/pem_ssh.c +++ b/src/misc/pem/pem_ssh.c @@ -570,7 +570,8 @@ static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, const password_c err = CRYPT_PW_CTX_MISSING; goto cleanup; } - if (pw_ctx->callback(&opts.pw.pw, &opts.pw.l, pw_ctx->userdata)) { + opts.pw.l = LTC_MAX_PASSWORD_LEN; + if (pw_ctx->callback(opts.pw.pw, &opts.pw.l, pw_ctx->userdata)) { err = CRYPT_ERROR; goto cleanup; } @@ -589,8 +590,8 @@ static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, const password_c } cleanup: - if (opts.pw.pw) { - XFREE(opts.pw.pw); + if (opts.pw.l) { + zeromem(&opts.pw, sizeof(opts.pw)); } if (privkey) { zeromem(privkey, privkey_len); diff --git a/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c b/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c index 0256e7755..e21e24a5a 100644 --- a/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c +++ b/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c @@ -23,13 +23,11 @@ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, unsigned char *dec_data = NULL; ltc_asn1_list *l = NULL; int err; - pbes_arg pbes; + pbes_arg pbes = { 0 }; LTC_ARGCHK(in != NULL); LTC_ARGCHK(decoded_list != NULL); - XMEMSET(&pbes, 0, sizeof(pbes)); - *decoded_list = NULL; if ((err = der_decode_sequence_flexi(in, &len, &l)) == CRYPT_OK) { /* the following "if" detects whether it is encrypted or not */ @@ -63,7 +61,8 @@ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, goto LBL_DONE; } - if (pw_ctx->callback(&pbes.pwd, &pbes.pwdlen, pw_ctx->userdata)) { + pbes.pwd.l = LTC_MAX_PASSWORD_LEN; + if (pw_ctx->callback(pbes.pwd.pw, &pbes.pwd.l, pw_ctx->userdata)) { err = CRYPT_ERROR; goto LBL_DONE; } @@ -95,9 +94,8 @@ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, LBL_DONE: if (l) der_free_sequence_flexi(l); - if (pbes.pwd) { - zeromem(pbes.pwd, pbes.pwdlen); - XFREE(pbes.pwd); + if (pbes.pwd.l) { + zeromem(&pbes.pwd, sizeof(pbes.pwd)); } if (dec_data) { zeromem(dec_data, dec_size); diff --git a/tests/ecc_test.c b/tests/ecc_test.c index c31a50c03..18cae7cbf 100644 --- a/tests/ecc_test.c +++ b/tests/ecc_test.c @@ -660,12 +660,14 @@ static int s_ecc_new_api(void) } -static int password_get(void **p, unsigned long *l, void *u) +static int password_get(void *p, unsigned long *l, void *u) { + int ret = *l < 6; LTC_UNUSED_PARAM(u); - *p = strdup("secret"); + if (!ret) + XMEMCPY(p, "secret", 6); *l = 6; - return 0; + return ret; } static int s_ecc_import_export(void) { diff --git a/tests/ed25519_test.c b/tests/ed25519_test.c index 580b98cae..c2abfca4f 100644 --- a/tests/ed25519_test.c +++ b/tests/ed25519_test.c @@ -16,12 +16,14 @@ static void xor_shuffle(unsigned char *buf, unsigned long size, unsigned char ch buf[i] ^= change; } -static int password_get(void **p, unsigned long *l, void *u) +static int password_get(void *p, unsigned long *l, void *u) { + int ret = *l < 6; LTC_UNUSED_PARAM(u); - *p = strdup("123456"); + if (!ret) + XMEMCPY(p, "123456", 6); *l = 6; - return 0; + return ret; } static int s_rfc_8410_10_test(void) diff --git a/tests/pem_test.c b/tests/pem_test.c index 14c0a7ce7..d687773bc 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -6,12 +6,14 @@ #ifdef LTC_SSH -static int password_get_ssh(void **p, unsigned long *l, void *u) +static int password_get_ssh(void *p, unsigned long *l, void *u) { + int ret = *l < 6; LTC_UNUSED_PARAM(u); - *p = strdup("abc123"); + if (!ret) + XMEMCPY(p, "abc123", 6); *l = 6; - return 0; + return ret; } static int s_pem_decode_ssh(const void *in, unsigned long inlen, void *key) { @@ -28,12 +30,14 @@ static int s_pem_decode_ssh_f(FILE *f, void *key) #endif -static int password_get(void **p, unsigned long *l, void *u) +static int password_get(void *p, unsigned long *l, void *u) { + int ret = *l < 6; LTC_UNUSED_PARAM(u); - *p = strdup("secret"); + if (!ret) + XMEMCPY(p, "secret", 6); *l = 6; - return 0; + return ret; } #if defined(LTC_MDSA) diff --git a/tests/rsa_test.c b/tests/rsa_test.c index 347093429..0743fe0ec 100644 --- a/tests/rsa_test.c +++ b/tests/rsa_test.c @@ -432,12 +432,14 @@ static int s_rsa_import_x509(const void *in, unsigned long inlen, void *key) } #if defined(LTC_MD2) && defined(LTC_MD5) && defined(LTC_RC2) -static int password_get(void **p, unsigned long *l, void *u) +static int password_get(void *p, unsigned long *l, void *u) { + int ret = *l < 6; LTC_UNUSED_PARAM(u); - *p = strdup("secret"); + if (!ret) + XMEMCPY(p, "secret", 6); *l = 6; - return 0; + return ret; } static int s_rsa_import_pkcs8(const void *in, unsigned long inlen, void *key) diff --git a/tests/x25519_test.c b/tests/x25519_test.c index 113b071b1..7f228f3be 100644 --- a/tests/x25519_test.c +++ b/tests/x25519_test.c @@ -139,11 +139,14 @@ static int s_rfc_8410_10_test(void) return CRYPT_OK; } -static int password_get(void **p, unsigned long *l, void *u) +static int password_get(void *p, unsigned long *l, void *u) { - *p = strdup(u); - *l = strlen(*p); - return 0; + unsigned long sl = strlen(u); + int ret = *l < sl; + if (!ret) + XMEMCPY(p, u, sl); + *l = sl; + return ret; } static int s_x25519_pkcs8_test(void) @@ -162,7 +165,7 @@ static int s_x25519_pkcs8_test(void) /* `openssl genpkey -algorithm x25519 -pass stdin` */ { "MC4CAQAwBQYDK2VuBCIEIEAInaUdx+fQFfghpCzw/WdItRT3+FnPSkrU9TcIZTZW", - NULL + "" }, }; unsigned n; From 9db30dfdc57eb6bbe8c1b239ae64cbfdc272bffc Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 17 Oct 2023 12:50:13 +0200 Subject: [PATCH 41/51] Make everything compile on MSVC Signed-off-by: Steffen Jaeckel --- src/headers/tomcrypt_custom.h | 7 ------- src/headers/tomcrypt_private.h | 2 +- src/prngs/rng_get_bytes.c | 2 +- 3 files changed, 2 insertions(+), 9 deletions(-) diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h index 2cb442271..87b475567 100644 --- a/src/headers/tomcrypt_custom.h +++ b/src/headers/tomcrypt_custom.h @@ -777,11 +777,4 @@ #undef LTC_ECC521 #endif -/* MSVC can't build PEM */ -#if defined(LTC_PEM) && defined(_MSC_VER) -#undef LTC_PEM -#undef LTC_PEM_DECODE_BUFSZ -#undef LTC_PEM_READ_BUFSIZE -#endif - #endif /* TOMCRYPT_CUSTOM_H_ */ diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index a5f1ceba2..d80c6200a 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -282,7 +282,7 @@ struct str { }; #define SET_STR(n, s) n.p = s, n.len = XSTRLEN(s) -#define SET_CSTR(n, s) n.p = (char*)s, n.len = XSTRLEN(s) +#define SET_CSTR(n, s) n.p = (char*)s, n.len = (sizeof s) - 1 #define COPY_STR(n, s, l) do { XMEMCPY(n.p, s, l); n.len = l; } while(0) #define RESET_STR(n) do { n.p = NULL; n.len = 0; } while(0) diff --git a/src/prngs/rng_get_bytes.c b/src/prngs/rng_get_bytes.c index 9a1221021..ecb1ed56c 100644 --- a/src/prngs/rng_get_bytes.c +++ b/src/prngs/rng_get_bytes.c @@ -112,9 +112,9 @@ static unsigned long s_rng_win32(unsigned char *buf, unsigned long len, static unsigned long s_rng_win32(unsigned char *buf, unsigned long len, void (*callback)(void)) { + static HCRYPTPROV hProv = 0; LTC_UNUSED_PARAM(callback); - static HCRYPTPROV hProv = 0; if (hProv == 0) { HCRYPTPROV h = 0; if (!CryptAcquireContextW(&h, NULL, MS_DEF_PROV_W, PROV_RSA_FULL, From 02cb0c49576b03f537922a437b4929b1412d58c2 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 19 Oct 2023 11:55:11 +0200 Subject: [PATCH 42/51] Revert "Move password buffer into the library" This reverts commit d840323bc1d3bc35bc72271e55ffa644f02b4582 --- demos/openssh-privkey.c | 23 +++++++++++++---------- src/headers/tomcrypt_custom.h | 4 ---- src/headers/tomcrypt_pk.h | 11 ++++++++--- src/headers/tomcrypt_private.h | 19 ++++++++++--------- src/misc/crypt/crypt.c | 3 --- src/misc/pbes/pbes.c | 2 +- src/misc/pem/pem_pkcs.c | 11 +++++++---- src/misc/pem/pem_ssh.c | 7 +++---- src/pk/asn1/pkcs8/pkcs8_decode_flexi.c | 12 +++++++----- tests/ecc_test.c | 8 +++----- tests/ed25519_test.c | 8 +++----- tests/pem_test.c | 16 ++++++---------- tests/rsa_test.c | 8 +++----- tests/x25519_test.c | 13 +++++-------- 14 files changed, 69 insertions(+), 76 deletions(-) diff --git a/demos/openssh-privkey.c b/demos/openssh-privkey.c index 4e8fa5765..9a2aca0ff 100644 --- a/demos/openssh-privkey.c +++ b/demos/openssh-privkey.c @@ -29,11 +29,15 @@ static void die_(int err, int line) #define die(i) do { die_(i, __LINE__); } while(0) #define DIE(s, ...) do { print_err("%3d: " s "\n", __LINE__, ##__VA_ARGS__); exit(EXIT_FAILURE); } while(0) -static int getpassword(const char *prompt, char *pass, unsigned long *len) +static char* getpassword(const char *prompt, size_t maxlen) { + char *wr, *end, *pass = XCALLOC(1, maxlen + 1); struct termios tio; tcflag_t c_lflag; - unsigned long maxlen = *len, wr = 0; + if (pass == NULL) + return NULL; + wr = pass; + end = pass + maxlen; tcgetattr(0, &tio); c_lflag = tio.c_lflag; @@ -42,25 +46,24 @@ static int getpassword(const char *prompt, char *pass, unsigned long *len) printf("%s", prompt); fflush(stdout); - while (1) { + while (pass < end) { int c = getchar(); if (c == '\r' || c == '\n' || c == -1) break; - if (wr < maxlen) - pass[wr] = c; - wr++; + *wr++ = c; } - *len = wr; tio.c_lflag = c_lflag; tcsetattr(0, TCSAFLUSH, &tio); printf("\n"); - return wr <= maxlen; + return pass; } -static int password_get(void *p, unsigned long *l, void *u) +static int password_get(void **p, unsigned long *l, void *u) { (void)u; - return getpassword("Enter passphrase: ", p, l); + *p = getpassword("Enter passphrase: ", 256); + *l = strlen(*p); + return 0; } static void print(ltc_pka_key *k) diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h index 87b475567..bea0ea501 100644 --- a/src/headers/tomcrypt_custom.h +++ b/src/headers/tomcrypt_custom.h @@ -627,10 +627,6 @@ #define LTC_PBES #endif -#if defined(LTC_PEM) || defined(LTC_PKCS_8) && !defined(LTC_MAX_PASSWORD_LEN) - #define LTC_MAX_PASSWORD_LEN 256 -#endif - #if defined(LTC_CLEAN_STACK) /* if you're sure that you want to use it, remove the line below */ #error LTC_CLEAN_STACK is considered as broken diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index f75040255..cb309618d 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -5,12 +5,17 @@ typedef struct { /** Callback function that is called when a password is required. - @param str Pointer to where the password shall be stored. - @param len [in/out] The max length resp. resulting length of the password. + Please be aware that the library takes ownership of the pointer that is + returned to the library via `str`. + `str` shall be allocated via the same function as `XMALLOC` points to. + The data will be zeroed and `XFREE`'d as soon as it isn't required anymore. + + @param str Pointer to pointer where the password will be stored. + @param len Pointer to the length of the password. @param userdata `userdata` that was passed in the `password_ctx` struct. @return CRYPT_OK on success */ - int (*callback)(void *str, unsigned long *len, void *userdata); + int (*callback)(void **str, unsigned long *len, void *userdata); /** Opaque `userdata` pointer passed when the callback is called */ void *userdata; } password_ctx; diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index d80c6200a..1fcba1d31 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -83,18 +83,11 @@ typedef struct { unsigned long blocklen; } pbes_properties; -struct password { - /* usually a `char*` but could also contain binary data - * so use a `void*` + length to be on the safe side. - */ - unsigned char pw[LTC_MAX_PASSWORD_LEN]; - unsigned long l; -}; - typedef struct { pbes_properties type; - struct password pwd; + void *pwd; + unsigned long pwdlen; ltc_asn1_list *enc_data; ltc_asn1_list *salt; ltc_asn1_list *iv; @@ -266,6 +259,14 @@ enum cipher_mode { cm_none, cm_cbc, cm_cfb, cm_ctr, cm_ofb, cm_stream, cm_gcm }; +struct password { + /* usually a `char*` but could also contain binary data + * so use a `void*` + length to be on the safe side. + */ + void *pw; + unsigned long l; +}; + struct blockcipher_info { const char *name; const char *algo; diff --git a/src/misc/crypt/crypt.c b/src/misc/crypt/crypt.c index af1e23c85..bf2c3ecf3 100644 --- a/src/misc/crypt/crypt.c +++ b/src/misc/crypt/crypt.c @@ -470,9 +470,6 @@ const char *crypt_build_settings = " PBES1 " " PBES2 " #endif -#if defined(LTC_MAX_PASSWORD_LEN) - " " NAME_VALUE(LTC_MAX_PASSWORD_LEN) " " -#endif #if defined(LTC_PEM) " PEM " " " NAME_VALUE(LTC_PEM_DECODE_BUFSZ) " " diff --git a/src/misc/pbes/pbes.c b/src/misc/pbes/pbes.c index e374ff39d..34be01c4e 100644 --- a/src/misc/pbes/pbes.c +++ b/src/misc/pbes/pbes.c @@ -50,7 +50,7 @@ int pbes_decrypt(const pbes_arg *arg, unsigned char *dec_data, unsigned long *d if (klen > sizeof(k)) return CRYPT_INVALID_ARG; - if ((err = arg->type.kdf(arg->pwd.pw, arg->pwd.l, arg->salt->data, arg->salt->size, arg->iterations, hid, k, &klen)) != CRYPT_OK) goto LBL_ERROR; + if ((err = arg->type.kdf(arg->pwd, arg->pwdlen, arg->salt->data, arg->salt->size, arg->iterations, hid, k, &klen)) != CRYPT_OK) goto LBL_ERROR; if ((err = cbc_start(cid, iv, k, keylen, 0, &cbc)) != CRYPT_OK) goto LBL_ERROR; if ((err = cbc_decrypt(arg->enc_data->data, dec_data, arg->enc_data->size, &cbc)) != CRYPT_OK) goto LBL_ERROR; if ((err = cbc_done(&cbc)) != CRYPT_OK) goto LBL_ERROR; diff --git a/src/misc/pem/pem_pkcs.c b/src/misc/pem/pem_pkcs.c index 2e0962157..f189faf2e 100644 --- a/src/misc/pem/pem_pkcs.c +++ b/src/misc/pem/pem_pkcs.c @@ -25,6 +25,9 @@ static int s_decrypt_pem(unsigned char *pem, unsigned long *l, const struct pem_ if (hdr->info.keylen > sizeof(key)) { return CRYPT_BUFFER_OVERFLOW; } + if (!hdr->pw->pw) { + return CRYPT_INVALID_ARG; + } ivlen = sizeof(iv); if ((err = base16_decode(hdr->info.iv, XSTRLEN(hdr->info.iv), iv, &ivlen)) != CRYPT_OK) { @@ -199,7 +202,7 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_c unsigned long w, l, n; int err = CRYPT_ERROR; struct pem_headers hdr = { 0 }; - struct password pw = { 0 }; + struct password pw; enum ltc_pka_id pka; XMEMSET(k, 0, sizeof(*k)); w = LTC_PEM_READ_BUFSIZE * 2; @@ -238,8 +241,7 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_c } hdr.pw = &pw; - hdr.pw->l = LTC_MAX_PASSWORD_LEN; - if (pw_ctx->callback(hdr.pw->pw, &hdr.pw->l, pw_ctx->userdata)) { + if (pw_ctx->callback(&hdr.pw->pw, &hdr.pw->l, pw_ctx->userdata)) { err = CRYPT_ERROR; goto cleanup; } @@ -264,7 +266,8 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_c cleanup: if (hdr.pw) { - zeromem(hdr.pw->pw, sizeof(hdr.pw->pw)); + zeromem(hdr.pw->pw, hdr.pw->l); + XFREE(hdr.pw->pw); } XFREE(pem); return err; diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c index 3ddd76720..ca423a086 100644 --- a/src/misc/pem/pem_ssh.c +++ b/src/misc/pem/pem_ssh.c @@ -570,8 +570,7 @@ static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, const password_c err = CRYPT_PW_CTX_MISSING; goto cleanup; } - opts.pw.l = LTC_MAX_PASSWORD_LEN; - if (pw_ctx->callback(opts.pw.pw, &opts.pw.l, pw_ctx->userdata)) { + if (pw_ctx->callback(&opts.pw.pw, &opts.pw.l, pw_ctx->userdata)) { err = CRYPT_ERROR; goto cleanup; } @@ -590,8 +589,8 @@ static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, const password_c } cleanup: - if (opts.pw.l) { - zeromem(&opts.pw, sizeof(opts.pw)); + if (opts.pw.pw) { + XFREE(opts.pw.pw); } if (privkey) { zeromem(privkey, privkey_len); diff --git a/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c b/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c index e21e24a5a..0256e7755 100644 --- a/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c +++ b/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c @@ -23,11 +23,13 @@ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, unsigned char *dec_data = NULL; ltc_asn1_list *l = NULL; int err; - pbes_arg pbes = { 0 }; + pbes_arg pbes; LTC_ARGCHK(in != NULL); LTC_ARGCHK(decoded_list != NULL); + XMEMSET(&pbes, 0, sizeof(pbes)); + *decoded_list = NULL; if ((err = der_decode_sequence_flexi(in, &len, &l)) == CRYPT_OK) { /* the following "if" detects whether it is encrypted or not */ @@ -61,8 +63,7 @@ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, goto LBL_DONE; } - pbes.pwd.l = LTC_MAX_PASSWORD_LEN; - if (pw_ctx->callback(pbes.pwd.pw, &pbes.pwd.l, pw_ctx->userdata)) { + if (pw_ctx->callback(&pbes.pwd, &pbes.pwdlen, pw_ctx->userdata)) { err = CRYPT_ERROR; goto LBL_DONE; } @@ -94,8 +95,9 @@ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, LBL_DONE: if (l) der_free_sequence_flexi(l); - if (pbes.pwd.l) { - zeromem(&pbes.pwd, sizeof(pbes.pwd)); + if (pbes.pwd) { + zeromem(pbes.pwd, pbes.pwdlen); + XFREE(pbes.pwd); } if (dec_data) { zeromem(dec_data, dec_size); diff --git a/tests/ecc_test.c b/tests/ecc_test.c index 18cae7cbf..c31a50c03 100644 --- a/tests/ecc_test.c +++ b/tests/ecc_test.c @@ -660,14 +660,12 @@ static int s_ecc_new_api(void) } -static int password_get(void *p, unsigned long *l, void *u) +static int password_get(void **p, unsigned long *l, void *u) { - int ret = *l < 6; LTC_UNUSED_PARAM(u); - if (!ret) - XMEMCPY(p, "secret", 6); + *p = strdup("secret"); *l = 6; - return ret; + return 0; } static int s_ecc_import_export(void) { diff --git a/tests/ed25519_test.c b/tests/ed25519_test.c index c2abfca4f..580b98cae 100644 --- a/tests/ed25519_test.c +++ b/tests/ed25519_test.c @@ -16,14 +16,12 @@ static void xor_shuffle(unsigned char *buf, unsigned long size, unsigned char ch buf[i] ^= change; } -static int password_get(void *p, unsigned long *l, void *u) +static int password_get(void **p, unsigned long *l, void *u) { - int ret = *l < 6; LTC_UNUSED_PARAM(u); - if (!ret) - XMEMCPY(p, "123456", 6); + *p = strdup("123456"); *l = 6; - return ret; + return 0; } static int s_rfc_8410_10_test(void) diff --git a/tests/pem_test.c b/tests/pem_test.c index d687773bc..14c0a7ce7 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -6,14 +6,12 @@ #ifdef LTC_SSH -static int password_get_ssh(void *p, unsigned long *l, void *u) +static int password_get_ssh(void **p, unsigned long *l, void *u) { - int ret = *l < 6; LTC_UNUSED_PARAM(u); - if (!ret) - XMEMCPY(p, "abc123", 6); + *p = strdup("abc123"); *l = 6; - return ret; + return 0; } static int s_pem_decode_ssh(const void *in, unsigned long inlen, void *key) { @@ -30,14 +28,12 @@ static int s_pem_decode_ssh_f(FILE *f, void *key) #endif -static int password_get(void *p, unsigned long *l, void *u) +static int password_get(void **p, unsigned long *l, void *u) { - int ret = *l < 6; LTC_UNUSED_PARAM(u); - if (!ret) - XMEMCPY(p, "secret", 6); + *p = strdup("secret"); *l = 6; - return ret; + return 0; } #if defined(LTC_MDSA) diff --git a/tests/rsa_test.c b/tests/rsa_test.c index 0743fe0ec..347093429 100644 --- a/tests/rsa_test.c +++ b/tests/rsa_test.c @@ -432,14 +432,12 @@ static int s_rsa_import_x509(const void *in, unsigned long inlen, void *key) } #if defined(LTC_MD2) && defined(LTC_MD5) && defined(LTC_RC2) -static int password_get(void *p, unsigned long *l, void *u) +static int password_get(void **p, unsigned long *l, void *u) { - int ret = *l < 6; LTC_UNUSED_PARAM(u); - if (!ret) - XMEMCPY(p, "secret", 6); + *p = strdup("secret"); *l = 6; - return ret; + return 0; } static int s_rsa_import_pkcs8(const void *in, unsigned long inlen, void *key) diff --git a/tests/x25519_test.c b/tests/x25519_test.c index 7f228f3be..113b071b1 100644 --- a/tests/x25519_test.c +++ b/tests/x25519_test.c @@ -139,14 +139,11 @@ static int s_rfc_8410_10_test(void) return CRYPT_OK; } -static int password_get(void *p, unsigned long *l, void *u) +static int password_get(void **p, unsigned long *l, void *u) { - unsigned long sl = strlen(u); - int ret = *l < sl; - if (!ret) - XMEMCPY(p, u, sl); - *l = sl; - return ret; + *p = strdup(u); + *l = strlen(*p); + return 0; } static int s_x25519_pkcs8_test(void) @@ -165,7 +162,7 @@ static int s_x25519_pkcs8_test(void) /* `openssl genpkey -algorithm x25519 -pass stdin` */ { "MC4CAQAwBQYDK2VuBCIEIEAInaUdx+fQFfghpCzw/WdItRT3+FnPSkrU9TcIZTZW", - "" + NULL }, }; unsigned n; From 95790221fb3fc0c049c461da54bf8602af99a5a8 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Fri, 20 Oct 2023 14:11:56 +0200 Subject: [PATCH 43/51] Add `free()` function to `password_ctx` The user can now pass a `free()` function pointer that will be used to free the memory that has been allocated by the `callback()`. If `free()` is NULL, the library will still call `XFREE()`. Signed-off-by: Steffen Jaeckel --- helper.pl | 2 +- src/headers/tomcrypt_pk.h | 16 ++++++++++++--- src/headers/tomcrypt_private.h | 24 +++++++++++----------- src/misc/password_free.c | 28 ++++++++++++++++++++++++++ src/misc/pbes/pbes.c | 2 +- src/misc/pbes/pbes1.c | 22 ++++++++++---------- src/misc/pbes/pbes2.c | 20 ++++++++++++------ src/misc/pem/pem_pkcs.c | 7 ++----- src/misc/pem/pem_ssh.c | 4 +--- src/pk/asn1/pkcs8/pkcs8_decode_flexi.c | 9 +++------ tests/ecc_test.c | 3 +-- tests/ed25519_test.c | 3 +-- tests/pem_test.c | 18 ++++++----------- tests/rsa_test.c | 3 +-- tests/x25519_test.c | 3 +-- 15 files changed, 96 insertions(+), 68 deletions(-) create mode 100644 src/misc/password_free.c diff --git a/helper.pl b/helper.pl index 7262f0685..7dbfe1043 100755 --- a/helper.pl +++ b/helper.pl @@ -47,7 +47,7 @@ sub check_source { push @{$troubles->{unwanted_malloc}}, $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bmalloc\s*\(/; push @{$troubles->{unwanted_realloc}}, $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\brealloc\s*\(/; push @{$troubles->{unwanted_calloc}}, $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bcalloc\s*\(/; - push @{$troubles->{unwanted_free}}, $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bfree\s*\(/; + push @{$troubles->{unwanted_free}}, $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /[^>.]\bfree\s*\(/; push @{$troubles->{unwanted_memset}}, $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bmemset\s*\(/; push @{$troubles->{unwanted_memcpy}}, $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bmemcpy\s*\(/; push @{$troubles->{unwanted_memmove}}, $lineno if $file =~ /^src\/.*\.c$/ && $l =~ /\bmemmove\s*\(/; diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index cb309618d..99df0bcb9 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -1,14 +1,14 @@ /* LibTomCrypt, modular cryptographic library -- Tom St Denis */ /* SPDX-License-Identifier: Unlicense */ -typedef struct { +typedef struct password_ctx { /** Callback function that is called when a password is required. Please be aware that the library takes ownership of the pointer that is returned to the library via `str`. - `str` shall be allocated via the same function as `XMALLOC` points to. - The data will be zeroed and `XFREE`'d as soon as it isn't required anymore. + The data will be zeroed and `free()`'d as soon as it isn't required anymore. + c.f. the documentation of the `free()` function pointer for details. @param str Pointer to pointer where the password will be stored. @param len Pointer to the length of the password. @@ -16,6 +16,16 @@ typedef struct { @return CRYPT_OK on success */ int (*callback)(void **str, unsigned long *len, void *userdata); + /** + Optional free function to free the allocated buffer. + + At the point where the value returned by `callback()` is not required + anymore the library will free it by either calling this `free()` function + or `XFREE()` in case this `free()` function is set to `NULL`. + + @param str Pointer to the buffer to be free'd. + */ + void (*free)(void *str); /** Opaque `userdata` pointer passed when the callback is called */ void *userdata; } password_ctx; diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index 1fcba1d31..bdcf3124c 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -66,8 +66,16 @@ typedef struct { } ltc_dh_set_type; -typedef int (*fn_kdf_t)(const unsigned char *password, unsigned long password_len, - const unsigned char *salt, unsigned long salt_len, +struct password { + /* usually a `char*` but could also contain binary data + * so use a `void*` + length to be on the safe side. + */ + void *pw; + unsigned long l; +}; + +typedef int (*fn_kdf_t)(const struct password *pwd, + const unsigned char *salt, unsigned long salt_len, int iteration_count, int hash_idx, unsigned char *out, unsigned long *outlen); @@ -86,8 +94,7 @@ typedef struct { typedef struct { pbes_properties type; - void *pwd; - unsigned long pwdlen; + struct password pw; ltc_asn1_list *enc_data; ltc_asn1_list *salt; ltc_asn1_list *iv; @@ -259,14 +266,6 @@ enum cipher_mode { cm_none, cm_cbc, cm_cfb, cm_ctr, cm_ofb, cm_stream, cm_gcm }; -struct password { - /* usually a `char*` but could also contain binary data - * so use a `void*` + length to be on the safe side. - */ - void *pw; - unsigned long l; -}; - struct blockcipher_info { const char *name; const char *algo; @@ -341,6 +340,7 @@ struct get_char { /* others */ void copy_or_zeromem(const unsigned char* src, unsigned char* dest, unsigned long len, int coz); +void password_free(struct password *pw, const struct password_ctx *ctx); int pbes_decrypt(const pbes_arg *arg, unsigned char *dec_data, unsigned long *dec_size); diff --git a/src/misc/password_free.c b/src/misc/password_free.c new file mode 100644 index 000000000..e88b700cf --- /dev/null +++ b/src/misc/password_free.c @@ -0,0 +1,28 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + +/** + @file password_free.c + Free the password inside a `struct password`, Steffen Jaeckel +*/ + +/** + Free a password + @param pw The password to be free'd + @param ctx The password context +*/ +void password_free(struct password *pw, const struct password_ctx *ctx) +{ + if (!ctx || !pw || !pw->pw) + return; + + zeromem(pw->pw, pw->l); + if (ctx->free) { + ctx->free(pw->pw); + } else { + XFREE(pw->pw); + } + pw->pw = NULL; + pw->l = 0; +} diff --git a/src/misc/pbes/pbes.c b/src/misc/pbes/pbes.c index 34be01c4e..b4231234a 100644 --- a/src/misc/pbes/pbes.c +++ b/src/misc/pbes/pbes.c @@ -50,7 +50,7 @@ int pbes_decrypt(const pbes_arg *arg, unsigned char *dec_data, unsigned long *d if (klen > sizeof(k)) return CRYPT_INVALID_ARG; - if ((err = arg->type.kdf(arg->pwd, arg->pwdlen, arg->salt->data, arg->salt->size, arg->iterations, hid, k, &klen)) != CRYPT_OK) goto LBL_ERROR; + if ((err = arg->type.kdf(&arg->pw, arg->salt->data, arg->salt->size, arg->iterations, hid, k, &klen)) != CRYPT_OK) goto LBL_ERROR; if ((err = cbc_start(cid, iv, k, keylen, 0, &cbc)) != CRYPT_OK) goto LBL_ERROR; if ((err = cbc_decrypt(arg->enc_data->data, dec_data, arg->enc_data->size, &cbc)) != CRYPT_OK) goto LBL_ERROR; if ((err = cbc_done(&cbc)) != CRYPT_OK) goto LBL_ERROR; diff --git a/src/misc/pbes/pbes1.c b/src/misc/pbes/pbes1.c index f33a00959..36e09070f 100644 --- a/src/misc/pbes/pbes1.c +++ b/src/misc/pbes/pbes1.c @@ -4,28 +4,28 @@ #ifdef LTC_PBES -static int s_pkcs_5_alg1_wrap(const unsigned char *password, unsigned long password_len, - const unsigned char *salt, unsigned long salt_len, - int iteration_count, int hash_idx, - unsigned char *out, unsigned long *outlen) +static int s_pkcs_5_alg1_wrap(const struct password *pwd, + const unsigned char *salt, unsigned long salt_len, + int iteration_count, int hash_idx, + unsigned char *out, unsigned long *outlen) { LTC_UNUSED_PARAM(salt_len); - return pkcs_5_alg1(password, password_len, salt, iteration_count, hash_idx, out, outlen); + return pkcs_5_alg1(pwd->pw, pwd->l, salt, iteration_count, hash_idx, out, outlen); } -static int s_pkcs_12_wrap(const unsigned char *password, unsigned long password_len, - const unsigned char *salt, unsigned long salt_len, - int iteration_count, int hash_idx, - unsigned char *out, unsigned long *outlen) +static int s_pkcs_12_wrap(const struct password *pwd, + const unsigned char *salt, unsigned long salt_len, + int iteration_count, int hash_idx, + unsigned char *out, unsigned long *outlen) { int err; /* convert password to unicode/utf16-be */ - unsigned long pwlen = password_len * 2; + unsigned long pwlen = pwd->l * 2; unsigned char* pw; if (*outlen < 32) return CRYPT_INVALID_ARG; pw = XMALLOC(pwlen + 2); if (pw == NULL) return CRYPT_MEM; - if ((err = pkcs12_utf8_to_utf16(password, password_len, pw, &pwlen)) != CRYPT_OK) goto LBL_ERROR; + if ((err = pkcs12_utf8_to_utf16(pwd->pw, pwd->l, pw, &pwlen)) != CRYPT_OK) goto LBL_ERROR; pw[pwlen++] = 0; pw[pwlen++] = 0; /* derive KEY */ diff --git a/src/misc/pbes/pbes2.c b/src/misc/pbes/pbes2.c index 3378cd660..e3eeb94ac 100644 --- a/src/misc/pbes/pbes2.c +++ b/src/misc/pbes/pbes2.c @@ -22,13 +22,21 @@ static const oid_id_st s_hmac_oid_names[] = { { "1.2.840.113549.2.13", "sha512-256" }, }; +static int s_pkcs_5_alg2_wrap(const struct password *pwd, + const unsigned char *salt, unsigned long salt_len, + int iteration_count, int hash_idx, + unsigned char *out, unsigned long *outlen) +{ + return pkcs_5_alg2(pwd->pw, pwd->l, salt, salt_len, iteration_count, hash_idx, out, outlen); +} + static const pbes_properties s_pbes2_default_types[] = { - { pkcs_5_alg2, "sha1", "des", 8, 0 }, - { pkcs_5_alg2, "sha1", "rc2", 4, 0 }, - { pkcs_5_alg2, "sha1", "3des", 24, 0 }, - { pkcs_5_alg2, "sha1", "aes", 16, 0 }, - { pkcs_5_alg2, "sha1", "aes", 24, 0 }, - { pkcs_5_alg2, "sha1", "aes", 32, 0 }, + { s_pkcs_5_alg2_wrap, "sha1", "des", 8, 0 }, + { s_pkcs_5_alg2_wrap, "sha1", "rc2", 4, 0 }, + { s_pkcs_5_alg2_wrap, "sha1", "3des", 24, 0 }, + { s_pkcs_5_alg2_wrap, "sha1", "aes", 16, 0 }, + { s_pkcs_5_alg2_wrap, "sha1", "aes", 24, 0 }, + { s_pkcs_5_alg2_wrap, "sha1", "aes", 32, 0 }, }; typedef struct { diff --git a/src/misc/pem/pem_pkcs.c b/src/misc/pem/pem_pkcs.c index f189faf2e..f4831dd13 100644 --- a/src/misc/pem/pem_pkcs.c +++ b/src/misc/pem/pem_pkcs.c @@ -202,7 +202,7 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_c unsigned long w, l, n; int err = CRYPT_ERROR; struct pem_headers hdr = { 0 }; - struct password pw; + struct password pw = { 0 }; enum ltc_pka_id pka; XMEMSET(k, 0, sizeof(*k)); w = LTC_PEM_READ_BUFSIZE * 2; @@ -265,10 +265,7 @@ static int s_decode(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_c } cleanup: - if (hdr.pw) { - zeromem(hdr.pw->pw, hdr.pw->l); - XFREE(hdr.pw->pw); - } + password_free(hdr.pw, pw_ctx); XFREE(pem); return err; } diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c index ca423a086..edf271fac 100644 --- a/src/misc/pem/pem_ssh.c +++ b/src/misc/pem/pem_ssh.c @@ -589,9 +589,7 @@ static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, const password_c } cleanup: - if (opts.pw.pw) { - XFREE(opts.pw.pw); - } + password_free(&opts.pw, pw_ctx); if (privkey) { zeromem(privkey, privkey_len); XFREE(privkey); diff --git a/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c b/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c index 0256e7755..42eac451e 100644 --- a/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c +++ b/src/pk/asn1/pkcs8/pkcs8_decode_flexi.c @@ -63,7 +63,7 @@ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, goto LBL_DONE; } - if (pw_ctx->callback(&pbes.pwd, &pbes.pwdlen, pw_ctx->userdata)) { + if (pw_ctx->callback(&pbes.pw.pw, &pbes.pw.l, pw_ctx->userdata)) { err = CRYPT_ERROR; goto LBL_DONE; } @@ -94,15 +94,12 @@ int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, } LBL_DONE: - if (l) der_free_sequence_flexi(l); - if (pbes.pwd) { - zeromem(pbes.pwd, pbes.pwdlen); - XFREE(pbes.pwd); - } if (dec_data) { zeromem(dec_data, dec_size); XFREE(dec_data); } + password_free(&pbes.pw, pw_ctx); + if (l) der_free_sequence_flexi(l); return err; } diff --git a/tests/ecc_test.c b/tests/ecc_test.c index c31a50c03..869fa10d9 100644 --- a/tests/ecc_test.c +++ b/tests/ecc_test.c @@ -1329,8 +1329,7 @@ static int s_ecc_import_export(void) { 0x9d, 0x7b, 0x70, 0x3e, 0xf5, 0x7d, 0xa4, 0xfd, 0x3c, 0xc6, 0x49, 0x93, 0xd3, 0x5b, 0xef, 0xc9, 0xae, 0x97, 0xaf, 0x64, 0x64, 0xf9, 0x69, 0xd8 }; - password_ctx pw_ctx; - pw_ctx.callback = password_get; + password_ctx pw_ctx = { .callback = password_get }; if (ltc_mp.sqrtmod_prime == NULL) return CRYPT_NOP; /* we need compressed points which requires sqrtmod_prime */ diff --git a/tests/ed25519_test.c b/tests/ed25519_test.c index 580b98cae..d2e432165 100644 --- a/tests/ed25519_test.c +++ b/tests/ed25519_test.c @@ -65,8 +65,7 @@ static int s_rfc_8410_10_test(void) unsigned char buf[1024]; char tmp[512]; unsigned long buflen, tmplen; - password_ctx pw_ctx; - pw_ctx.callback = password_get; + password_ctx pw_ctx = { .callback = password_get }; for (n = 0; n < sizeof(rfc_8410_10)/sizeof(rfc_8410_10[0]); ++n) { buflen = sizeof(buf); DO(base64_decode(rfc_8410_10[n].b64, XSTRLEN(rfc_8410_10[n].b64), buf, &buflen)); diff --git a/tests/pem_test.c b/tests/pem_test.c index 14c0a7ce7..4ef2bc999 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -15,14 +15,12 @@ static int password_get_ssh(void **p, unsigned long *l, void *u) } static int s_pem_decode_ssh(const void *in, unsigned long inlen, void *key) { - password_ctx pw_ctx; - pw_ctx.callback = password_get_ssh; + password_ctx pw_ctx = { .callback = password_get_ssh }; return pem_decode_openssh(in, inlen, key, &pw_ctx); } static int s_pem_decode_ssh_f(FILE *f, void *key) { - password_ctx pw_ctx; - pw_ctx.callback = password_get_ssh; + password_ctx pw_ctx = { .callback = password_get_ssh }; return pem_decode_openssh_filehandle(f, key, &pw_ctx); } @@ -76,8 +74,7 @@ static int s_key_cmp(ltc_pka_key *key) static int s_pem_only_decode_pkcs(const void *in, unsigned long inlen, void *key) { - password_ctx pw_ctx; - pw_ctx.callback = password_get; + password_ctx pw_ctx = { .callback = password_get }; return pem_decode_pkcs(in, inlen, key, &pw_ctx); } @@ -92,9 +89,8 @@ static int s_pem_decode_pkcs(const void *in, unsigned long inlen, void *key) static int s_pem_decode_pkcs_f(FILE *f, void *key) { - password_ctx pw_ctx; int err; - pw_ctx.callback = password_get; + password_ctx pw_ctx = { .callback = password_get }; if ((err = pem_decode_pkcs_filehandle(f, key, &pw_ctx)) != CRYPT_OK) { return err; } @@ -103,8 +99,7 @@ static int s_pem_decode_pkcs_f(FILE *f, void *key) static int s_pem_only_decode(const void *in, unsigned long inlen, void *key) { - password_ctx pw_ctx; - pw_ctx.callback = password_get; + password_ctx pw_ctx = { .callback = password_get }; if ((strcmp(ltc_mp.name, "TomsFastMath") == 0) && (inlen > 2048)) { #if defined(LTC_TEST_DBG) && LTC_TEST_DBG > 1 fprintf(stderr, "Skipping testcase because of TomsFastMath\n"); @@ -116,8 +111,7 @@ static int s_pem_only_decode(const void *in, unsigned long inlen, void *key) static int s_pem_only_decode_f(FILE *f, void *key) { - password_ctx pw_ctx; - pw_ctx.callback = password_get; + password_ctx pw_ctx = { .callback = password_get }; return pem_decode_filehandle(f, key, &pw_ctx); } diff --git a/tests/rsa_test.c b/tests/rsa_test.c index 347093429..266d395d7 100644 --- a/tests/rsa_test.c +++ b/tests/rsa_test.c @@ -442,8 +442,7 @@ static int password_get(void **p, unsigned long *l, void *u) static int s_rsa_import_pkcs8(const void *in, unsigned long inlen, void *key) { - password_ctx pw_ctx; - pw_ctx.callback = password_get; + password_ctx pw_ctx = { .callback = password_get }; return rsa_import_pkcs8(in, inlen, &pw_ctx, key); } #endif diff --git a/tests/x25519_test.c b/tests/x25519_test.c index 113b071b1..1ea2b4fdb 100644 --- a/tests/x25519_test.c +++ b/tests/x25519_test.c @@ -169,8 +169,7 @@ static int s_x25519_pkcs8_test(void) curve25519_key key; unsigned char buf[1024]; unsigned long buflen; - password_ctx pw_ctx, *p_pw_ctx; - pw_ctx.callback = password_get; + password_ctx *p_pw_ctx, pw_ctx = { .callback = password_get }; for (n = 0; n < sizeof(s_x25519_pkcs8)/sizeof(s_x25519_pkcs8[0]); ++n) { buflen = sizeof(buf); DO(base64_decode(s_x25519_pkcs8[n].b64, XSTRLEN(s_x25519_pkcs8[n].b64), buf, &buflen)); From 65e05bfa56c8b5716ec001ab524609ade56dd0e7 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Mon, 26 Feb 2024 19:20:13 +0100 Subject: [PATCH 44/51] Update docs Signed-off-by: Steffen Jaeckel --- .ci/meta_builds.sh | 8 ++ .gitignore | 2 + demos/pem-info.c | 85 ++++++++++++++ doc/crypt.tex | 232 +++++++++++++++++++++++++++----------- makefile_include.mk | 2 +- src/headers/tomcrypt_pk.h | 3 +- src/misc/pem/pem_pkcs.c | 2 +- src/misc/pem/pem_ssh.c | 3 +- updatemakes.sh | 2 +- 9 files changed, 269 insertions(+), 70 deletions(-) create mode 100644 demos/pem-info.c diff --git a/.ci/meta_builds.sh b/.ci/meta_builds.sh index 2ba99a9e7..8c029d6c5 100755 --- a/.ci/meta_builds.sh +++ b/.ci/meta_builds.sh @@ -22,6 +22,14 @@ fi function run_gcc() { bash .ci/check_source.sh "CHECK_SOURCES" "$2" "$3" "$4" "$5" + make -j$(nproc) pem-info V=0 + + echo "verify docs..." + while read -r line; do + grep -q -e "$line" doc/crypt.tex || { echo "Failed to find \"$line\" in doc/crypt.tex"; exit 1; } + done < <(./pem-info | grep '^\\' | sed 's@\\@\\\\@g') + echo "docs OK" + make clean &>/dev/null echo diff --git a/.gitignore b/.gitignore index 217b03fdf..e1ee3c4ef 100644 --- a/.gitignore +++ b/.gitignore @@ -36,6 +36,8 @@ openssl-enc openssl-enc.exe openssh-privkey openssh-privkey.exe +pem-info +pem-info.exe sizes sizes.exe small diff --git a/demos/pem-info.c b/demos/pem-info.c new file mode 100644 index 000000000..e72d497da --- /dev/null +++ b/demos/pem-info.c @@ -0,0 +1,85 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +/* print all PEM related infos */ +#include "tomcrypt_private.h" + +#if defined(LTC_PEM_SSH) +extern const struct blockcipher_info pem_dek_infos[]; +extern const unsigned long pem_dek_infos_num; + +extern const struct blockcipher_info ssh_ciphers[]; +extern const unsigned long ssh_ciphers_num; + +static const struct { + const char *is, *should; +} cipher_name_map[] = { + { "", "none" }, + { "aes", "AES" }, + { "blowfish", "Blowfish" }, + { "camellia", "Camellia" }, + { "cast5", "CAST5" }, + { "3des", "3DES (EDE)" }, + { "des", "DES" }, + { "idea", "IDEA" }, + { "rc5", "RC5" }, + { "rc2", "RC2" }, + { "seed", "SEED" }, + { "serpent", "Serpent" }, + { "twofish", "Twofish" }, +}; + +static const char *s_map_cipher(const char *name) +{ + unsigned long n; + for (n = 0; n < sizeof(cipher_name_map)/sizeof(cipher_name_map[0]); ++n) { + if (strcmp(name, cipher_name_map[n].is) == 0) + return cipher_name_map[n].should; + } + fprintf(stderr, "Error: Can't map %s\n", name); + exit(1); +} + +static const char *cipher_mode_map[] = { + "none", "CBC", "CFB", "CTR", "OFB", "STREAM", "GCM" +}; + +static const char *s_map_mode(enum cipher_mode mode) +{ + if (mode >= 0 && mode <= sizeof(cipher_mode_map)/sizeof(cipher_mode_map[0])) + return cipher_mode_map[mode]; + fprintf(stderr, "Error: Can't map cipher_mode %d\n", mode); + exit(1); +} + +int main(void) +{ + unsigned long n; + printf("PEM ciphers:\n\n"); + for (n = 0; n < pem_dek_infos_num; ++n) { + char nbuf[20] = {0}; + size_t nlen = strlen(pem_dek_infos[n].name); + memcpy(nbuf, pem_dek_infos[n].name, nlen); + nbuf[nlen-1] = '}'; + printf("\\hline \\texttt{%-18s & %-15s & %-25ld & %s \\\\\n", + nbuf, s_map_cipher(pem_dek_infos[n].algo), + pem_dek_infos[n].keylen * 8, + s_map_mode(pem_dek_infos[n].mode)); + } + + printf("\nSSH ciphers:\n\n"); + for (n = 0; n < ssh_ciphers_num; ++n) { + char nbuf[20] = {0}; + size_t nlen = strlen(ssh_ciphers[n].name); + memcpy(nbuf, ssh_ciphers[n].name, nlen); + nbuf[nlen] = '}'; + printf("\\hline \\texttt{%-18s & %-15s & %-25ld & %-4s \\\\\n", + nbuf, s_map_cipher(ssh_ciphers[n].algo), + ssh_ciphers[n].keylen * 8, + s_map_mode(ssh_ciphers[n].mode)); + } + + return 0; +} +#else +int main(void) { return EXIT_FAILURE; } +#endif diff --git a/doc/crypt.tex b/doc/crypt.tex index d7d625887..a64479636 100644 --- a/doc/crypt.tex +++ b/doc/crypt.tex @@ -5117,7 +5117,7 @@ \chapter{Elliptic Curve Cryptography - $GF(p)$} analogy for digital signatures (also known as \textit{ECDSA}). \mysection{Supported Curves} -\label{supported-curvers} +\label{supported-curves} The following table \ref{fig:builtincurves} shows all built--in curves supported by the library. On top of that one can also use a custom curve defined by own parameters (the only limitation is that the curve must be based on equation \ref{ecc-gf-p-equation}). @@ -6344,6 +6344,62 @@ \subsection{DSA Key Import} This function generates a private DSA key containing both \textit{x} and \textit{y} parts. +\chapter{The PKA Union} +\index{ltc\_pka\_key} + +To be able to refer to all the potential public key algorithms via a central API, +a tagged union \texttt{ltc\_pka\_key} is used. + +\begin{small} +\begin{verbatim} +enum ltc_pka_id { + LTC_PKA_UNDEF = 0, + LTC_PKA_RSA, + LTC_PKA_DSA, + LTC_PKA_EC, + LTC_PKA_X25519, + LTC_PKA_ED25519, + LTC_PKA_DH, +}; + +typedef struct { + union { +#ifdef LTC_CURVE25519 + curve25519_key x25519; + curve25519_key ed25519; +#endif +#ifdef LTC_MDH + dh_key dh; +#endif +#ifdef LTC_MDSA + dsa_key dsa; +#endif +#ifdef LTC_MECC + ecc_key ecc; +#endif +#ifdef LTC_MRSA + rsa_key rsa; +#endif + } u; + enum ltc_pka_id id; +} ltc_pka_key; +\end{verbatim} +\end{small} + +\index{pka\_key\_free} +To free such a union the following API function is provided: + +\begin{verbatim} +void pka_key_free(ltc_pka_key *key); +\end{verbatim} + +\index{pka\_key\_destroy} +To free\&destroy a dynamically allocated instance of such a union the following API function is provided: + +\begin{verbatim} +void pka_key_destroy(ltc_pka_key **key); +\end{verbatim} + \chapter{Standards Support} \mysection{ASN.1 Formats} LibTomCrypt supports a variety of ASN.1 data types encoded with the Distinguished Encoding Rules (DER) suitable for various cryptographic protocols. The data types @@ -7440,9 +7496,10 @@ \subsection{De- and Encoding with Multiple Argument Lists} \mysection{PEM Files} +\index{PEM} \label{pem-files} \subsection{Introduction} -LibTomCrypt supports reading of asymmetric cryptography private keys out of +LibTomCrypt supports reading of asymmetric cryptography keys out of PEM files in multiple formats. The library provides support for: @@ -7454,50 +7511,18 @@ \subsection{Introduction} There is no support for PKCS \#12 containers/PFX files implemented. -\subsection{The PKA Union} +\subsection{Generic PEM API} -To be able to return all the potential public key algorithms via a central API, -a tagged union \texttt{ltc\_pka\_key} is used. +\index{pem\_decode\_filehandle} +\index{pem\_decode} +The generic API functions provided to decode a PEM file into the \texttt{ltc\_pka\_key} union are: \begin{verbatim} -enum ltc_pka_id { - LTC_PKA_UNDEF = 0, - LTC_PKA_RSA, - LTC_PKA_DSA, - LTC_PKA_EC, - LTC_PKA_X25519, - LTC_PKA_ED25519, - LTC_PKA_DH, -}; - -typedef struct { - union { -#ifdef LTC_CURVE25519 - curve25519_key x25519; - curve25519_key ed25519; -#endif -#ifdef LTC_MDH - dh_key dh; -#endif -#ifdef LTC_MDSA - dsa_key dsa; -#endif -#ifdef LTC_MECC - ecc_key ecc; -#endif -#ifdef LTC_MRSA - rsa_key rsa; -#endif - } u; - enum ltc_pka_id id; -} ltc_pka_key; +int pem_decode_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx); +int pem_decode(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx); \end{verbatim} -To free such a union the following API function is provided: - -\begin{verbatim} -void pka_key_free(ltc_pka_key *key); -\end{verbatim} +Additional to that, there exist specific API functions for the two supported classes of PEM files. \subsection{PKCS PEM files} @@ -7514,46 +7539,89 @@ \subsection{PKCS PEM files} The identifiers in the PEM headers recognized are as follows: \begin{table}[H] -\begin{center} \begin{small} -\begin{tabular}{|l|l|l|l|} -\hline \textbf{Identifier} & \textbf{Encrypted} & \textbf{Standard} & \textbf{Type} \\ -\hline \texttt{BEGIN ENCRYPTED PRIVATE KEY} & Yes & \texttt{PKCS \#8} & DSA, ECC, Ed25519, RSA, X25519 \\ -\hline \texttt{BEGIN PRIVATE KEY} & No & \texttt{PKCS \#8} & DSA, ECC, Ed25519, RSA, X25519 \\ -\hline \texttt{BEGIN DSA PRIVATE KEY} & Maybe & \texttt{PKCS \#1} & DSA \\ -\hline \texttt{BEGIN EC PRIVATE KEY} & Maybe & \texttt{RFC 5915} & ECC \\ -\hline \texttt{BEGIN RSA PRIVATE KEY} & Maybe & \texttt{PKCS \#1} & RSA \\ +\begin{tabular}{|l|l|l|l|l|} +\hline \textbf{Identifier} & \textbf{Key type} & \textbf{File content} & \textbf{Standard} & \textbf{Algorithm} \\ +\hline \texttt{BEGIN CERTIFICATE} & Public & Plain & \texttt{X.509} & DH, DSA, ECC, Ed25519, RSA, X25519 \\ +\hline \texttt{BEGIN DSA PRIVATE KEY} & Private & Maybe encrypted & \texttt{PKCS \#1} & DSA \\ +\hline \texttt{BEGIN EC PRIVATE KEY} & Private & Maybe encrypted & \texttt{RFC 5915} & ECC \\ +\hline \texttt{BEGIN ENCRYPTED PRIVATE KEY} & Private & Encrypted & \texttt{PKCS \#8} & DH, DSA, ECC, Ed25519, RSA, X25519 \\ +\hline \texttt{BEGIN PRIVATE KEY} & Private & Plain & \texttt{PKCS \#8} & DH, DSA, ECC, Ed25519, RSA, X25519 \\ +\hline \texttt{BEGIN PUBLIC KEY} & Public & Plain & \texttt{PKCS \#8} & DH, DSA, ECC, Ed25519, RSA, X25519 \\ +\hline \texttt{BEGIN RSA PRIVATE KEY} & Private & Maybe encrypted & \texttt{PKCS \#1} & RSA \\ +\hline \texttt{BEGIN RSA PUBLIC KEY} & Public & Plain & \texttt{PKCS \#1} & RSA \\ \hline \end{tabular} \end{small} -\end{center} -\caption{List of supported PKCS private key types} -\label{supported-pkcs-private-key-types} +\caption{List of supported PEM headers} +\label{supported-PEM-headers} \end{table} When dealing with PEM formatted private keys the following encryption algorithms are supported: \begin{table}[H] -\begin{center} \begin{small} \begin{tabular}{|l|l|l|l|} \hline \textbf{Identifier} & \textbf{Cipher} & \textbf{Key size in bits} & \textbf{Mode} \\ \hline \texttt{AES-128-CBC} & AES & 128 & CBC \\ \hline \texttt{AES-192-CBC} & AES & 192 & CBC \\ \hline \texttt{AES-256-CBC} & AES & 256 & CBC \\ +\hline \texttt{AES-128-CFB} & AES & 128 & CFB \\ +\hline \texttt{AES-192-CFB} & AES & 192 & CFB \\ +\hline \texttt{AES-256-CFB} & AES & 256 & CFB \\ +\hline \texttt{AES-128-CTR} & AES & 128 & CTR \\ +\hline \texttt{AES-192-CTR} & AES & 192 & CTR \\ +\hline \texttt{AES-256-CTR} & AES & 256 & CTR \\ +\hline \texttt{AES-128-OFB} & AES & 128 & OFB \\ +\hline \texttt{AES-192-OFB} & AES & 192 & OFB \\ +\hline \texttt{AES-256-OFB} & AES & 256 & OFB \\ +\hline \texttt{BF-CBC} & Blowfish & 128 & CBC \\ +\hline \texttt{BF-CFB} & Blowfish & 128 & CFB \\ +\hline \texttt{BF-OFB} & Blowfish & 128 & OFB \\ \hline \texttt{CAMELLIA-128-CBC} & Camellia & 128 & CBC \\ \hline \texttt{CAMELLIA-192-CBC} & Camellia & 192 & CBC \\ \hline \texttt{CAMELLIA-256-CBC} & Camellia & 256 & CBC \\ +\hline \texttt{CAMELLIA-128-CFB} & Camellia & 128 & CFB \\ +\hline \texttt{CAMELLIA-192-CFB} & Camellia & 192 & CFB \\ +\hline \texttt{CAMELLIA-256-CFB} & Camellia & 256 & CFB \\ +\hline \texttt{CAMELLIA-128-CTR} & Camellia & 128 & CTR \\ +\hline \texttt{CAMELLIA-192-CTR} & Camellia & 192 & CTR \\ +\hline \texttt{CAMELLIA-256-CTR} & Camellia & 256 & CTR \\ +\hline \texttt{CAMELLIA-128-OFB} & Camellia & 128 & OFB \\ +\hline \texttt{CAMELLIA-192-OFB} & Camellia & 192 & OFB \\ +\hline \texttt{CAMELLIA-256-OFB} & Camellia & 256 & OFB \\ +\hline \texttt{CAST5-CBC} & CAST5 & 128 & CBC \\ +\hline \texttt{CAST5-CFB} & CAST5 & 128 & CFB \\ +\hline \texttt{CAST5-OFB} & CAST5 & 128 & OFB \\ \hline \texttt{DES-EDE3-CBC} & 3DES (EDE) & 192 & CBC \\ -\hline \texttt{DES-CBC} & DES & 64 & CBC \\ +\hline \texttt{DES-EDE3-CFB} & 3DES (EDE) & 192 & CFB \\ +\hline \texttt{DES-EDE3-OFB} & 3DES (EDE) & 192 & OFB \\ +\hline \texttt{DES-CBC} & DES & 64 & CBC \\ +\hline \texttt{DES-CFB} & DES & 64 & CFB \\ +\hline \texttt{DES-OFB} & DES & 64 & OFB \\ +\hline \texttt{IDEA-CBC} & IDEA & 128 & CBC \\ +\hline \texttt{IDEA-CFB} & IDEA & 128 & CFB \\ +\hline \texttt{IDEA-OFB} & IDEA & 128 & OFB \\ +\hline \texttt{RC5-CBC} & RC5 & 128 & CBC \\ +\hline \texttt{RC5-CFB} & RC5 & 128 & CFB \\ +\hline \texttt{RC5-OFB} & RC5 & 128 & OFB \\ +\hline \texttt{RC2-40-CBC} & RC2 & 40 & CBC \\ +\hline \texttt{RC2-64-CBC} & RC2 & 64 & CBC \\ +\hline \texttt{RC2-CBC} & RC2 & 128 & CBC \\ +\hline \texttt{RC2-CFB} & RC2 & 128 & CFB \\ +\hline \texttt{RC2-OFB} & RC2 & 128 & OFB \\ +\hline \texttt{SEED-CBC} & SEED & 128 & CBC \\ +\hline \texttt{SEED-CFB} & SEED & 128 & CFB \\ +\hline \texttt{SEED-OFB} & SEED & 128 & OFB \\ \hline \end{tabular} \end{small} -\end{center} \caption{List of supported PEM DEK algorithms} \label{supported-pem-dek-algorithms} \end{table} +\index{pem\_decode\_pkcs\_filehandle} +\index{pem\_decode\_pkcs} The API functions provided to decode a PEM file into the \texttt{ltc\_pka\_key} union are: \begin{verbatim} @@ -7566,28 +7634,64 @@ \subsection{OpenSSH PEM files} OpenSSH PEM files can contain private keys of the following types: \begin{table}[H] -\begin{center} \begin{small} \begin{tabular}{|l|l|} \hline \textbf{Identifier} & \textbf{Type} \\ \hline \texttt{ecdsa-sha2-*} & ECC keys \\ +\hline \texttt{ssh-dss} & DSA \\ \hline \texttt{ssh-ed25519} & Curve25519 \\ \hline \texttt{ssh-rsa} & RSA \\ \hline \end{tabular} \end{small} -\end{center} \caption{List of supported OpenSSH private key types} \label{supported-openssh-private-key-types} \end{table} C.f. \href{https://datatracker.ietf.org/doc/html/rfc5656}{\texttt{RFC 5656}} for details on ECC keys in OpenSSH. LibTomCrypt should be able to handle all the ECC curves supported by the library, -c.f. Ch. \ref{supported-curvers} for details. +c.f. Ch. \ref{supported-curves} for details. -OpenSSH PEM files can either not be encrypted, or the encryption is done via \texttt{aes256-cbc} -and key derivation via \texttt{bcrypt}, c.f. Ch. \ref{bcrypt}. +When dealing with SSH formatted private keys the following encryption algorithms are supported: +\begin{table}[H] +\begin{small} +\begin{tabular}{|l|l|l|l|} +\hline \textbf{Identifier} & \textbf{Cipher} & \textbf{Key size in bits} & \textbf{Mode} \\ +\hline \texttt{none} & none & 0 & none \\ +\hline \texttt{aes128-cbc} & AES & 128 & CBC \\ +\hline \texttt{aes128-ctr} & AES & 128 & CTR \\ +\hline \texttt{aes192-cbc} & AES & 192 & CBC \\ +\hline \texttt{aes192-ctr} & AES & 192 & CTR \\ +\hline \texttt{aes256-cbc} & AES & 256 & CBC \\ +\hline \texttt{aes256-ctr} & AES & 256 & CTR \\ +\hline \texttt{blowfish128-cbc} & Blowfish & 128 & CBC \\ +\hline \texttt{blowfish128-ctr} & Blowfish & 128 & CTR \\ +\hline \texttt{des-cbc} & DES & 64 & CBC \\ +\hline \texttt{3des-cbc} & 3DES (EDE) & 192 & CBC \\ +\hline \texttt{3des-ctr} & 3DES (EDE) & 192 & CTR \\ +\hline \texttt{serpent128-cbc} & Serpent & 128 & CBC \\ +\hline \texttt{serpent128-ctr} & Serpent & 128 & CTR \\ +\hline \texttt{serpent192-cbc} & Serpent & 192 & CBC \\ +\hline \texttt{serpent192-ctr} & Serpent & 192 & CTR \\ +\hline \texttt{serpent256-cbc} & Serpent & 256 & CBC \\ +\hline \texttt{serpent256-ctr} & Serpent & 256 & CTR \\ +\hline \texttt{twofish128-cbc} & Twofish & 128 & CBC \\ +\hline \texttt{twofish128-ctr} & Twofish & 128 & CTR \\ +\hline \texttt{twofish192-cbc} & Twofish & 192 & CBC \\ +\hline \texttt{twofish192-ctr} & Twofish & 192 & CTR \\ +\hline \texttt{twofish-cbc} & Twofish & 256 & CBC \\ +\hline \texttt{twofish256-cbc} & Twofish & 256 & CBC \\ +\hline \texttt{twofish256-ctr} & Twofish & 256 & CTR \\ +\hline +\end{tabular} +\end{small} +\caption{List of supported SSH Encryption algorithms} +\label{supported-ssh-encryption-algorithms} +\end{table} + +\index{pem\_decode\_openssh\_filehandle} +\index{pem\_decode\_openssh} The API functions provided to decode an OpenSSH PEM file into the \texttt{ltc\_pka\_key} union are: \begin{verbatim} @@ -7596,8 +7700,6 @@ \subsection{OpenSSH PEM files} \end{verbatim} - - \chapter{Miscellaneous} \mysection{Base64 Encoding and Decoding} The library provides functions to encode and decode a RFC 4648 Base64 coding scheme. @@ -9867,9 +9969,9 @@ \subsection{After v1.18.0} These three MPI init functions have been introduced in version 1.18.0 and have been deprecated in the same version in favor of \textit{crypt\_mp\_init()}. -\newpage -\markboth{Index}{Index} -\input{crypt.ind} +\clearpage +\addcontentsline{toc}{chapter}{Index} +\printindex \end{document} diff --git a/makefile_include.mk b/makefile_include.mk index 62a340bdd..c53fc9fcc 100644 --- a/makefile_include.mk +++ b/makefile_include.mk @@ -168,7 +168,7 @@ TEST=test USEFUL_DEMOS = hashsum # Demos that are usable but only rarely make sense to be installed -USEABLE_DEMOS = ltcrypt sizes constants +USEABLE_DEMOS = ltcrypt sizes constants pem-info # Demos that are used for testing or measuring TEST_DEMOS = small tv_gen diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 99df0bcb9..1189d0543 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -527,7 +527,7 @@ int dsa_shared_secret(void *private_key, void *base, #endif /* LTC_MDSA */ /* - * LibTomCrypt Public Key Algorithm descriptor + * LibTomCrypt tagged-union for holding a Public Key */ typedef struct { @@ -548,6 +548,7 @@ typedef struct { #ifdef LTC_MRSA rsa_key rsa; #endif + char dummy; } u; enum ltc_pka_id id; } ltc_pka_key; diff --git a/src/misc/pem/pem_pkcs.c b/src/misc/pem/pem_pkcs.c index f4831dd13..9378e0654 100644 --- a/src/misc/pem/pem_pkcs.c +++ b/src/misc/pem/pem_pkcs.c @@ -168,7 +168,7 @@ static int s_import_pkcs8(unsigned char *pem, unsigned long l, ltc_pka_key *k, c return err; } -int s_extract_pka(unsigned char *pem, unsigned long w, enum ltc_pka_id *pka) +static int s_extract_pka(unsigned char *pem, unsigned long w, enum ltc_pka_id *pka) { ltc_asn1_list *pub; int err = CRYPT_ERROR; diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c index edf271fac..a6c964f35 100644 --- a/src/misc/pem/pem_ssh.c +++ b/src/misc/pem/pem_ssh.c @@ -43,6 +43,7 @@ const struct blockcipher_info ssh_ciphers[] = { .name = "twofish256-cbc", .algo = "twofish", .keylen = 256 / 8, .mode = cm_cbc }, { .name = "twofish256-ctr", .algo = "twofish", .keylen = 256 / 8, .mode = cm_ctr }, }; +const unsigned long ssh_ciphers_num = sizeof(ssh_ciphers)/sizeof(ssh_ciphers[0]); struct kdf_options { const char *name; @@ -470,7 +471,7 @@ static int s_decode_header(unsigned char *in, unsigned long *inlen, struct kdf_o *inlen = len + slen + 1; - for (i = 0; i < sizeof(ssh_ciphers)/sizeof(ssh_ciphers[0]); ++i) { + for (i = 0; i < ssh_ciphers_num; ++i) { if (XSTRCMP((char*)ciphername, ssh_ciphers[i].name) == 0) { opts->cipher = &ssh_ciphers[i]; break; diff --git a/updatemakes.sh b/updatemakes.sh index 5acb95308..3fcd0e909 100755 --- a/updatemakes.sh +++ b/updatemakes.sh @@ -2,7 +2,7 @@ ./helper.pl --update-makefiles || exit 1 -makefiles=(makefile makefile_include.mk makefile.shared makefile.unix makefile.mingw makefile.msvc) +makefiles=(makefile makefile_include.mk makefile.shared makefile.unix makefile.mingw makefile.msvc sources.cmake tests/sources.cmake) vcproj=(libtomcrypt_VS2008.vcproj) if [ $# -eq 1 ] && [ "$1" == "-c" ]; then From c0be0aa0bf48827b3a3c4090db64a37b542134f4 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 28 Feb 2024 22:26:39 +0100 Subject: [PATCH 45/51] Add support for more types of encrypted PEM files 1. ChaCha20, two-key 3DES and DES-X encrypted OpenSSL PEM files 2. AES-GCM and Chacha20+Poly1305 encrypted SSH keys * OpenSSH uses a slightly different algorithm for its `chacha20-poly1305@openssh.com` than defined in the RFC. Therefore add an `openssh_compat` flag to `chacha20poly1305_state`. * Add the option to give a 16byte IV and no counter, when calling `chacha20poly1305_memory()` * Add support for DES-X Signed-off-by: Steffen Jaeckel --- demos/pem-info.c | 32 +++- doc/crypt.tex | 176 ++++++++++-------- notes/cipher_tv.txt | 54 ++++++ notes/eax_tv.txt | 19 ++ notes/ocb_tv.txt | 19 ++ notes/omac_tv.txt | 19 ++ notes/pmac_tv.txt | 19 ++ src/ciphers/des.c | 163 +++++++++++++++- .../chachapoly/chacha20poly1305_done.c | 14 +- .../chachapoly/chacha20poly1305_init.c | 1 + .../chachapoly/chacha20poly1305_memory.c | 4 + src/headers/tomcrypt_cipher.h | 14 +- src/headers/tomcrypt_mac.h | 7 +- src/headers/tomcrypt_private.h | 15 +- src/misc/crypt/crypt.c | 2 + src/misc/crypt/crypt_register_all_ciphers.c | 1 + src/misc/pem/pem.c | 161 ++++++++++------ src/misc/pem/pem_pkcs.c | 8 +- src/misc/pem/pem_ssh.c | 95 ++++++---- src/stream/chacha/chacha_memory.c | 20 +- .../pkcs/{unsupported => }/rsa-chacha20.pem | 0 .../{unsupported => }/rsa-des-ede-cbc.pem | 0 .../{unsupported => }/rsa-des-ede-cfb.pem | 0 .../{unsupported => }/rsa-des-ede-ofb.pem | 0 .../pkcs/{unsupported => }/rsa-desx-cbc.pem | 0 .../ssh_dsa_1024_openssh.pub | 0 .../ssh_ecdsa_256_openssh.pub | 0 .../ssh_ecdsa_384_openssh.pub | 0 .../ssh_ecdsa_521_openssh.pub | 0 .../ssh_ed25519_openssh.pub | 0 .../ssh_rsa_1024_openssh.pub | 0 .../ssh_rsa_1536_openssh.pub | 0 .../ssh_rsa_2048_openssh.pub | 0 .../ssh_rsa_4096_openssh.pub | 0 .../ssh_rsa_768_openssh.pub | 0 .../ssh_rsa_8192_openssh.pub | 0 .../ssh-rsa-3des-cbc.pub | 0 .../ssh-rsa-aes128-cbc.pub | 0 .../ssh-rsa-aes128-ctr.pub | 0 .../ssh-rsa-aes128-gcm.pub | 0 .../ssh-rsa-aes192-cbc.pub | 0 .../ssh-rsa-aes192-ctr.pub | 0 .../ssh-rsa-aes256-cbc.pub | 0 .../ssh-rsa-aes256-ctr.pub | 0 .../ssh-rsa-aes256-gcm.pub | 0 .../ssh-rsa-chacha20-poly1305.pub | 0 .../ssh/{unsupported => }/ssh-rsa-aes128-gcm | 0 .../ssh/{unsupported => }/ssh-rsa-aes256-gcm | 0 .../ssh-rsa-chacha20-poly1305 | 0 tests/pem_test.c | 2 + tests/test.c | 1 + 51 files changed, 638 insertions(+), 208 deletions(-) rename tests/pem/pkcs/{unsupported => }/rsa-chacha20.pem (100%) rename tests/pem/pkcs/{unsupported => }/rsa-des-ede-cbc.pem (100%) rename tests/pem/pkcs/{unsupported => }/rsa-des-ede-cfb.pem (100%) rename tests/pem/pkcs/{unsupported => }/rsa-des-ede-ofb.pem (100%) rename tests/pem/pkcs/{unsupported => }/rsa-desx-cbc.pem (100%) rename tests/pem/pubkeys/{ => authorized_keys}/ssh_dsa_1024_openssh.pub (100%) rename tests/pem/pubkeys/{ => authorized_keys}/ssh_ecdsa_256_openssh.pub (100%) rename tests/pem/pubkeys/{ => authorized_keys}/ssh_ecdsa_384_openssh.pub (100%) rename tests/pem/pubkeys/{ => authorized_keys}/ssh_ecdsa_521_openssh.pub (100%) rename tests/pem/pubkeys/{ => authorized_keys}/ssh_ed25519_openssh.pub (100%) rename tests/pem/pubkeys/{ => authorized_keys}/ssh_rsa_1024_openssh.pub (100%) rename tests/pem/pubkeys/{ => authorized_keys}/ssh_rsa_1536_openssh.pub (100%) rename tests/pem/pubkeys/{ => authorized_keys}/ssh_rsa_2048_openssh.pub (100%) rename tests/pem/pubkeys/{ => authorized_keys}/ssh_rsa_4096_openssh.pub (100%) rename tests/pem/pubkeys/{ => authorized_keys}/ssh_rsa_768_openssh.pub (100%) rename tests/pem/pubkeys/{ => authorized_keys}/ssh_rsa_8192_openssh.pub (100%) rename tests/pem/ssh/{unsupported => authorized_keys}/ssh-rsa-3des-cbc.pub (100%) rename tests/pem/ssh/{unsupported => authorized_keys}/ssh-rsa-aes128-cbc.pub (100%) rename tests/pem/ssh/{unsupported => authorized_keys}/ssh-rsa-aes128-ctr.pub (100%) rename tests/pem/ssh/{unsupported => authorized_keys}/ssh-rsa-aes128-gcm.pub (100%) rename tests/pem/ssh/{unsupported => authorized_keys}/ssh-rsa-aes192-cbc.pub (100%) rename tests/pem/ssh/{unsupported => authorized_keys}/ssh-rsa-aes192-ctr.pub (100%) rename tests/pem/ssh/{unsupported => authorized_keys}/ssh-rsa-aes256-cbc.pub (100%) rename tests/pem/ssh/{unsupported => authorized_keys}/ssh-rsa-aes256-ctr.pub (100%) rename tests/pem/ssh/{unsupported => authorized_keys}/ssh-rsa-aes256-gcm.pub (100%) rename tests/pem/ssh/{unsupported => authorized_keys}/ssh-rsa-chacha20-poly1305.pub (100%) rename tests/pem/ssh/{unsupported => }/ssh-rsa-aes128-gcm (100%) rename tests/pem/ssh/{unsupported => }/ssh-rsa-aes256-gcm (100%) rename tests/pem/ssh/{unsupported => }/ssh-rsa-chacha20-poly1305 (100%) diff --git a/demos/pem-info.c b/demos/pem-info.c index e72d497da..5c09ae9e0 100644 --- a/demos/pem-info.c +++ b/demos/pem-info.c @@ -16,10 +16,13 @@ static const struct { { "", "none" }, { "aes", "AES" }, { "blowfish", "Blowfish" }, + { "c20p1305", "ChaCha20Poly1305" }, { "camellia", "Camellia" }, { "cast5", "CAST5" }, + { "chacha20", "ChaCha20" }, { "3des", "3DES (EDE)" }, { "des", "DES" }, + { "desx", "DES-X" }, { "idea", "IDEA" }, { "rc5", "RC5" }, { "rc2", "RC2" }, @@ -39,14 +42,27 @@ static const char *s_map_cipher(const char *name) exit(1); } -static const char *cipher_mode_map[] = { - "none", "CBC", "CFB", "CTR", "OFB", "STREAM", "GCM" +static const struct { + enum cipher_mode mode; + const char *name; +} cipher_mode_map[] = { + { cm_none, "none", }, + { cm_cbc, "CBC", }, + { cm_cfb, "CFB", }, + { cm_ctr, "CTR", }, + { cm_ofb, "OFB", }, + { cm_stream, "STREAM", }, + { cm_gcm, "GCM", }, }; static const char *s_map_mode(enum cipher_mode mode) { - if (mode >= 0 && mode <= sizeof(cipher_mode_map)/sizeof(cipher_mode_map[0])) - return cipher_mode_map[mode]; + size_t n; + mode &= cm_modes; + for (n = 0; n < sizeof(cipher_mode_map)/sizeof(cipher_mode_map[0]); ++n) { + if (cipher_mode_map[n].mode == mode) + return cipher_mode_map[n].name; + } fprintf(stderr, "Error: Can't map cipher_mode %d\n", mode); exit(1); } @@ -56,11 +72,11 @@ int main(void) unsigned long n; printf("PEM ciphers:\n\n"); for (n = 0; n < pem_dek_infos_num; ++n) { - char nbuf[20] = {0}; + char nbuf[32] = {0}; size_t nlen = strlen(pem_dek_infos[n].name); memcpy(nbuf, pem_dek_infos[n].name, nlen); nbuf[nlen-1] = '}'; - printf("\\hline \\texttt{%-18s & %-15s & %-25ld & %s \\\\\n", + printf("\\hline \\texttt{%-18s & %-15s & %-25ld & %-6s \\\\\n", nbuf, s_map_cipher(pem_dek_infos[n].algo), pem_dek_infos[n].keylen * 8, s_map_mode(pem_dek_infos[n].mode)); @@ -68,11 +84,11 @@ int main(void) printf("\nSSH ciphers:\n\n"); for (n = 0; n < ssh_ciphers_num; ++n) { - char nbuf[20] = {0}; + char nbuf[32] = {0}; size_t nlen = strlen(ssh_ciphers[n].name); memcpy(nbuf, ssh_ciphers[n].name, nlen); nbuf[nlen] = '}'; - printf("\\hline \\texttt{%-18s & %-15s & %-25ld & %-4s \\\\\n", + printf("\\hline \\texttt{%-30s & %-16s & %-24ld & %-6s \\\\\n", nbuf, s_map_cipher(ssh_ciphers[n].algo), ssh_ciphers[n].keylen * 8, s_map_mode(ssh_ciphers[n].mode)); diff --git a/doc/crypt.tex b/doc/crypt.tex index a64479636..1b18197ef 100644 --- a/doc/crypt.tex +++ b/doc/crypt.tex @@ -2422,9 +2422,15 @@ \subsection{Example Usage} \end{small} \mysection{ChaCha20--Poly1305} +\label{chacha20poly1305} -This authenticated encryption is based on ChaCha20 stream cipher and Poly1305 authenticator. -It is defined by \url{https://tools.ietf.org/html/rfc7539}. +This authenticated encryption is based on the ChaCha20 stream cipher and Poly1305 authenticator. +It is defined by \url{https://tools.ietf.org/html/rfc8439}. + +IMPORTANT NOTICE: The Chacha20--Poly1305 implementation of LibTomCrypt is compliant to \textbf{RFC8439}, which differs slightly +to what OpenSSH defined as \textbf{chacha20-poly1305@openssh.com}. The OpenSSH compatibility mode can be enabled +by setting the \textit{openssh\_compat} element of \textit{chacha20poly1305\_state} to \textit{1}, +after calling \textit{chacha20poly1305\_init()}. \subsection{Initialization} To initialize the ChaCha20--Poly1305 context with a secret key call the following function. @@ -2529,9 +2535,13 @@ \subsection{One--Shot Packet} \textbf{CHACHA20POLY1305\_DECRYPT}) the message text and store the final message tag. The definition of the variables is the same as it is for all the manual functions. -IMPORTANT NOTICE: for \textit{direction == CHACHA20POLY1305\_DECRYPT} the caller has to fill \textit{tag} and \textit{taglen} with expected +IMPORTANT NOTICE 1: for \textit{direction == CHACHA20POLY1305\_DECRYPT} the caller has to fill \textit{tag} and \textit{taglen} with expected tag value. The \textit{chacha20poly1305\_memory} in decrypt mode validates the \textit{tag} value and returns \textit{CRYPT\_ERROR} on mismatch. +IMPORTANT NOTICE 2: As mentioned in \ref{chacha20poly1305} there exists a discrepancy between the RFC and OpenSSH versions of the algorithm. +In order to enable OpenSSH compatibility, the flag \textit{CHACHA20POLY1305\_OPENSSH\_COMPAT} has to be \textbf{OR}'ed into +the \textit{direction} parameter. + \chapter{One-Way Cryptographic Hash Functions} \mysection{Core Functions} Like the ciphers, there are hash core functions and a universal data type to hold the hash state called \textit{hash\_state}. To initialize hash @@ -7563,56 +7573,61 @@ \subsection{PKCS PEM files} \begin{small} \begin{tabular}{|l|l|l|l|} \hline \textbf{Identifier} & \textbf{Cipher} & \textbf{Key size in bits} & \textbf{Mode} \\ -\hline \texttt{AES-128-CBC} & AES & 128 & CBC \\ -\hline \texttt{AES-192-CBC} & AES & 192 & CBC \\ -\hline \texttt{AES-256-CBC} & AES & 256 & CBC \\ -\hline \texttt{AES-128-CFB} & AES & 128 & CFB \\ -\hline \texttt{AES-192-CFB} & AES & 192 & CFB \\ -\hline \texttt{AES-256-CFB} & AES & 256 & CFB \\ -\hline \texttt{AES-128-CTR} & AES & 128 & CTR \\ -\hline \texttt{AES-192-CTR} & AES & 192 & CTR \\ -\hline \texttt{AES-256-CTR} & AES & 256 & CTR \\ -\hline \texttt{AES-128-OFB} & AES & 128 & OFB \\ -\hline \texttt{AES-192-OFB} & AES & 192 & OFB \\ -\hline \texttt{AES-256-OFB} & AES & 256 & OFB \\ -\hline \texttt{BF-CBC} & Blowfish & 128 & CBC \\ -\hline \texttt{BF-CFB} & Blowfish & 128 & CFB \\ -\hline \texttt{BF-OFB} & Blowfish & 128 & OFB \\ -\hline \texttt{CAMELLIA-128-CBC} & Camellia & 128 & CBC \\ -\hline \texttt{CAMELLIA-192-CBC} & Camellia & 192 & CBC \\ -\hline \texttt{CAMELLIA-256-CBC} & Camellia & 256 & CBC \\ -\hline \texttt{CAMELLIA-128-CFB} & Camellia & 128 & CFB \\ -\hline \texttt{CAMELLIA-192-CFB} & Camellia & 192 & CFB \\ -\hline \texttt{CAMELLIA-256-CFB} & Camellia & 256 & CFB \\ -\hline \texttt{CAMELLIA-128-CTR} & Camellia & 128 & CTR \\ -\hline \texttt{CAMELLIA-192-CTR} & Camellia & 192 & CTR \\ -\hline \texttt{CAMELLIA-256-CTR} & Camellia & 256 & CTR \\ -\hline \texttt{CAMELLIA-128-OFB} & Camellia & 128 & OFB \\ -\hline \texttt{CAMELLIA-192-OFB} & Camellia & 192 & OFB \\ -\hline \texttt{CAMELLIA-256-OFB} & Camellia & 256 & OFB \\ -\hline \texttt{CAST5-CBC} & CAST5 & 128 & CBC \\ -\hline \texttt{CAST5-CFB} & CAST5 & 128 & CFB \\ -\hline \texttt{CAST5-OFB} & CAST5 & 128 & OFB \\ -\hline \texttt{DES-EDE3-CBC} & 3DES (EDE) & 192 & CBC \\ -\hline \texttt{DES-EDE3-CFB} & 3DES (EDE) & 192 & CFB \\ -\hline \texttt{DES-EDE3-OFB} & 3DES (EDE) & 192 & OFB \\ -\hline \texttt{DES-CBC} & DES & 64 & CBC \\ -\hline \texttt{DES-CFB} & DES & 64 & CFB \\ -\hline \texttt{DES-OFB} & DES & 64 & OFB \\ -\hline \texttt{IDEA-CBC} & IDEA & 128 & CBC \\ -\hline \texttt{IDEA-CFB} & IDEA & 128 & CFB \\ -\hline \texttt{IDEA-OFB} & IDEA & 128 & OFB \\ -\hline \texttt{RC5-CBC} & RC5 & 128 & CBC \\ -\hline \texttt{RC5-CFB} & RC5 & 128 & CFB \\ -\hline \texttt{RC5-OFB} & RC5 & 128 & OFB \\ -\hline \texttt{RC2-40-CBC} & RC2 & 40 & CBC \\ -\hline \texttt{RC2-64-CBC} & RC2 & 64 & CBC \\ -\hline \texttt{RC2-CBC} & RC2 & 128 & CBC \\ -\hline \texttt{RC2-CFB} & RC2 & 128 & CFB \\ -\hline \texttt{RC2-OFB} & RC2 & 128 & OFB \\ -\hline \texttt{SEED-CBC} & SEED & 128 & CBC \\ -\hline \texttt{SEED-CFB} & SEED & 128 & CFB \\ -\hline \texttt{SEED-OFB} & SEED & 128 & OFB \\ +\hline \texttt{AES-128-CBC} & AES & 128 & CBC \\ +\hline \texttt{AES-192-CBC} & AES & 192 & CBC \\ +\hline \texttt{AES-256-CBC} & AES & 256 & CBC \\ +\hline \texttt{AES-128-CFB} & AES & 128 & CFB \\ +\hline \texttt{AES-192-CFB} & AES & 192 & CFB \\ +\hline \texttt{AES-256-CFB} & AES & 256 & CFB \\ +\hline \texttt{AES-128-CTR} & AES & 128 & CTR \\ +\hline \texttt{AES-192-CTR} & AES & 192 & CTR \\ +\hline \texttt{AES-256-CTR} & AES & 256 & CTR \\ +\hline \texttt{AES-128-OFB} & AES & 128 & OFB \\ +\hline \texttt{AES-192-OFB} & AES & 192 & OFB \\ +\hline \texttt{AES-256-OFB} & AES & 256 & OFB \\ +\hline \texttt{BF-CBC} & Blowfish & 128 & CBC \\ +\hline \texttt{BF-CFB} & Blowfish & 128 & CFB \\ +\hline \texttt{BF-OFB} & Blowfish & 128 & OFB \\ +\hline \texttt{CAMELLIA-128-CBC} & Camellia & 128 & CBC \\ +\hline \texttt{CAMELLIA-192-CBC} & Camellia & 192 & CBC \\ +\hline \texttt{CAMELLIA-256-CBC} & Camellia & 256 & CBC \\ +\hline \texttt{CAMELLIA-128-CFB} & Camellia & 128 & CFB \\ +\hline \texttt{CAMELLIA-192-CFB} & Camellia & 192 & CFB \\ +\hline \texttt{CAMELLIA-256-CFB} & Camellia & 256 & CFB \\ +\hline \texttt{CAMELLIA-128-CTR} & Camellia & 128 & CTR \\ +\hline \texttt{CAMELLIA-192-CTR} & Camellia & 192 & CTR \\ +\hline \texttt{CAMELLIA-256-CTR} & Camellia & 256 & CTR \\ +\hline \texttt{CAMELLIA-128-OFB} & Camellia & 128 & OFB \\ +\hline \texttt{CAMELLIA-192-OFB} & Camellia & 192 & OFB \\ +\hline \texttt{CAMELLIA-256-OFB} & Camellia & 256 & OFB \\ +\hline \texttt{CAST5-CBC} & CAST5 & 128 & CBC \\ +\hline \texttt{CAST5-CFB} & CAST5 & 128 & CFB \\ +\hline \texttt{CAST5-OFB} & CAST5 & 128 & OFB \\ +\hline \texttt{ChaCha20} & ChaCha20 & 256 & STREAM \\ +\hline \texttt{DES-EDE-CBC} & 3DES (EDE) & 128 & CBC \\ +\hline \texttt{DES-EDE-CFB} & 3DES (EDE) & 128 & CFB \\ +\hline \texttt{DES-EDE-OFB} & 3DES (EDE) & 128 & OFB \\ +\hline \texttt{DES-EDE3-CBC} & 3DES (EDE) & 192 & CBC \\ +\hline \texttt{DES-EDE3-CFB} & 3DES (EDE) & 192 & CFB \\ +\hline \texttt{DES-EDE3-OFB} & 3DES (EDE) & 192 & OFB \\ +\hline \texttt{DES-CBC} & DES & 64 & CBC \\ +\hline \texttt{DES-CFB} & DES & 64 & CFB \\ +\hline \texttt{DES-OFB} & DES & 64 & OFB \\ +\hline \texttt{DESX-CBC} & DES-X & 192 & CBC \\ +\hline \texttt{IDEA-CBC} & IDEA & 128 & CBC \\ +\hline \texttt{IDEA-CFB} & IDEA & 128 & CFB \\ +\hline \texttt{IDEA-OFB} & IDEA & 128 & OFB \\ +\hline \texttt{RC5-CBC} & RC5 & 128 & CBC \\ +\hline \texttt{RC5-CFB} & RC5 & 128 & CFB \\ +\hline \texttt{RC5-OFB} & RC5 & 128 & OFB \\ +\hline \texttt{RC2-40-CBC} & RC2 & 40 & CBC \\ +\hline \texttt{RC2-64-CBC} & RC2 & 64 & CBC \\ +\hline \texttt{RC2-CBC} & RC2 & 128 & CBC \\ +\hline \texttt{RC2-CFB} & RC2 & 128 & CFB \\ +\hline \texttt{RC2-OFB} & RC2 & 128 & OFB \\ +\hline \texttt{SEED-CBC} & SEED & 128 & CBC \\ +\hline \texttt{SEED-CFB} & SEED & 128 & CFB \\ +\hline \texttt{SEED-OFB} & SEED & 128 & OFB \\ \hline \end{tabular} \end{small} @@ -7657,32 +7672,35 @@ \subsection{OpenSSH PEM files} \begin{table}[H] \begin{small} \begin{tabular}{|l|l|l|l|} -\hline \textbf{Identifier} & \textbf{Cipher} & \textbf{Key size in bits} & \textbf{Mode} \\ -\hline \texttt{none} & none & 0 & none \\ -\hline \texttt{aes128-cbc} & AES & 128 & CBC \\ -\hline \texttt{aes128-ctr} & AES & 128 & CTR \\ -\hline \texttt{aes192-cbc} & AES & 192 & CBC \\ -\hline \texttt{aes192-ctr} & AES & 192 & CTR \\ -\hline \texttt{aes256-cbc} & AES & 256 & CBC \\ -\hline \texttt{aes256-ctr} & AES & 256 & CTR \\ -\hline \texttt{blowfish128-cbc} & Blowfish & 128 & CBC \\ -\hline \texttt{blowfish128-ctr} & Blowfish & 128 & CTR \\ -\hline \texttt{des-cbc} & DES & 64 & CBC \\ -\hline \texttt{3des-cbc} & 3DES (EDE) & 192 & CBC \\ -\hline \texttt{3des-ctr} & 3DES (EDE) & 192 & CTR \\ -\hline \texttt{serpent128-cbc} & Serpent & 128 & CBC \\ -\hline \texttt{serpent128-ctr} & Serpent & 128 & CTR \\ -\hline \texttt{serpent192-cbc} & Serpent & 192 & CBC \\ -\hline \texttt{serpent192-ctr} & Serpent & 192 & CTR \\ -\hline \texttt{serpent256-cbc} & Serpent & 256 & CBC \\ -\hline \texttt{serpent256-ctr} & Serpent & 256 & CTR \\ -\hline \texttt{twofish128-cbc} & Twofish & 128 & CBC \\ -\hline \texttt{twofish128-ctr} & Twofish & 128 & CTR \\ -\hline \texttt{twofish192-cbc} & Twofish & 192 & CBC \\ -\hline \texttt{twofish192-ctr} & Twofish & 192 & CTR \\ -\hline \texttt{twofish-cbc} & Twofish & 256 & CBC \\ -\hline \texttt{twofish256-cbc} & Twofish & 256 & CBC \\ -\hline \texttt{twofish256-ctr} & Twofish & 256 & CTR \\ +\hline \textbf{Identifier} & \textbf{Cipher} & \textbf{Key size in bits} & \textbf{Mode} \\ +\hline \texttt{none} & none & 0 & none \\ +\hline \texttt{aes128-cbc} & AES & 128 & CBC \\ +\hline \texttt{aes128-ctr} & AES & 128 & CTR \\ +\hline \texttt{aes192-cbc} & AES & 192 & CBC \\ +\hline \texttt{aes192-ctr} & AES & 192 & CTR \\ +\hline \texttt{aes256-cbc} & AES & 256 & CBC \\ +\hline \texttt{aes256-ctr} & AES & 256 & CTR \\ +\hline \texttt{aes128-gcm@openssh.com} & AES & 128 & GCM \\ +\hline \texttt{aes256-gcm@openssh.com} & AES & 256 & GCM \\ +\hline \texttt{blowfish128-cbc} & Blowfish & 128 & CBC \\ +\hline \texttt{blowfish128-ctr} & Blowfish & 128 & CTR \\ +\hline \texttt{chacha20-poly1305@openssh.com} & ChaCha20Poly1305 & 256 & STREAM \\ +\hline \texttt{des-cbc} & DES & 64 & CBC \\ +\hline \texttt{3des-cbc} & 3DES (EDE) & 192 & CBC \\ +\hline \texttt{3des-ctr} & 3DES (EDE) & 192 & CTR \\ +\hline \texttt{serpent128-cbc} & Serpent & 128 & CBC \\ +\hline \texttt{serpent128-ctr} & Serpent & 128 & CTR \\ +\hline \texttt{serpent192-cbc} & Serpent & 192 & CBC \\ +\hline \texttt{serpent192-ctr} & Serpent & 192 & CTR \\ +\hline \texttt{serpent256-cbc} & Serpent & 256 & CBC \\ +\hline \texttt{serpent256-ctr} & Serpent & 256 & CTR \\ +\hline \texttt{twofish128-cbc} & Twofish & 128 & CBC \\ +\hline \texttt{twofish128-ctr} & Twofish & 128 & CTR \\ +\hline \texttt{twofish192-cbc} & Twofish & 192 & CBC \\ +\hline \texttt{twofish192-ctr} & Twofish & 192 & CTR \\ +\hline \texttt{twofish-cbc} & Twofish & 256 & CBC \\ +\hline \texttt{twofish256-cbc} & Twofish & 256 & CBC \\ +\hline \texttt{twofish256-ctr} & Twofish & 256 & CTR \\ \hline \end{tabular} \end{small} diff --git a/notes/cipher_tv.txt b/notes/cipher_tv.txt index 394506b2d..ff74dd46e 100644 --- a/notes/cipher_tv.txt +++ b/notes/cipher_tv.txt @@ -1433,6 +1433,60 @@ Key Size: 8 bytes 49: 6B901B2B79B6950C +Cipher: desx +Key Size: 24 bytes + 0: F490BAC08301C6C9 + 1: 5668E3676102907F + 2: 5BA2BFCC35AED470 + 3: B2CC7DBA467E62C6 + 4: B4BF359A876FAC3E + 5: 2EF94EA88C1ACE79 + 6: 9C175106D3484502 + 7: 38F466A89DFA587F + 8: 745F3EB5BEDE929C + 9: 9EBA1D104A86E113 +10: 561DC144F7A2CB5F +11: E1EBF96BD996F292 +12: 4D96B8CD7D26DA9C +13: DA59711131B18AF3 +14: F5EEC897F79D3597 +15: 3A39A7F0060373CB +16: DA95839AA553147F +17: 8A0BBA6804BDFFF2 +18: B0A0881F389062B5 +19: C6878531FF4888EC +20: 9C73653BDB9EBFFD +21: EF81557E5B539A4C +22: 959ADE9663CC395D +23: D22C6460C0580E1B +24: E3B7EFC7DC2EEB28 +25: ACF66715DFE81D84 +26: CD2FC182D9A0F565 +27: 34F6DED980E437FA +28: 313DE7369F9D1BB9 +29: 554A743622A42A3D +30: 6F460E480078F091 +31: E752181D34A8FED2 +32: E0C7F0F53F84830B +33: 1159C652EB6460E1 +34: 2A68847D986CBF7D +35: B3CB050C29C86EFC +36: 2C0EB50DBCA918EA +37: CA1D0D17D185D9BE +38: 3CB9EB47E1E05CC1 +39: 2AA3DE0A38F3A0F5 +40: EA43C7125932D2A7 +41: 79A23C0EA9E6C11E +42: B711BFC1DE05D9B0 +43: BCF5ADD7751EED39 +44: 7A41A2FE64720CA2 +45: DC43A35EB0489FE9 +46: 9353A9FBD060B991 +47: 19DD74A5D948AC15 +48: F0E3B7B2D6E328F5 +49: 77C25E387D80E071 + + Cipher: 3des Key Size: 16 bytes 0: DF0B6C9C31CD0CE4 diff --git a/notes/eax_tv.txt b/notes/eax_tv.txt index 19ae04d3b..05d0ef7d8 100644 --- a/notes/eax_tv.txt +++ b/notes/eax_tv.txt @@ -313,6 +313,25 @@ EAX-des (8 byte key) 15: 8D1A1E888BBB8648E638C4E74E11B8, 685E006C441448B8 16: 93AE906B8BE4EAC8ED6D8F48F04A7AFF, 71DD7AF752FE28FB +EAX-desx (24 byte key) + 0: , FA66F07E473109A2 + 1: 4B, 576970495248BB09 + 2: D81C, 3AE9E470ABFBEEB1 + 3: 5B2442, F6B3BDC55CBD01A2 + 4: B1A495A8, AAD2D78BC0525DA2 + 5: 7723413A8D, 51D3134CBC32AD9B + 6: 6F9D40815E10, 552C146A7A769E9E + 7: B3292E406C9B92, D3ACE79B2D69877B + 8: EF7513D71D52C33A, 64935E1AE8C416B1 + 9: 068AEDE3E0E1B0DC11, 2C5698925FFC70BF + 10: 76A5664A3D5DF553BAC4, 52B9D560C0D9BB0D + 11: CC6128B6BD0035354CF3A3, A8BA535862B221BD + 12: CB499A58CF55D016B79192EF, 76842391A45C6674 + 13: 4903FBC696A256D4AC16A3EFD2, 39978842103FE097 + 14: 9CD5671BEDF4EB8D519A72310A37, F00809AA017E81C5 + 15: 9F62AB705A285EBF998FCF401166BA, 506244F55C4EAD84 + 16: 110161EEF9B3CE543DB12EA8682866D4, 7A12BE4371963521 + EAX-3des (24 byte key) 0: , 8914311BB990B725 1: D8, 2094EDC5D03E54B1 diff --git a/notes/ocb_tv.txt b/notes/ocb_tv.txt index b85aa00f6..3ccf18d4b 100644 --- a/notes/ocb_tv.txt +++ b/notes/ocb_tv.txt @@ -313,6 +313,25 @@ OCB-des (8 byte key) 15: FB3BCC650B29F418930A467EA4FB73, 64D12723E100F08B 16: DE1C27E9B3C391AF5DF403291F2C084A, 6BADE4638AE46BE2 +OCB-desx (24 byte key) + 0: , 972B4CC480AEA6A9 + 1: CB, C46CC58DE9615963 + 2: 2911, 9B5117BF9530018F + 3: 844501, 308F0F36D3313B67 + 4: 0C8CB549, 3F72789FB54CC9B1 + 5: 581FA34114, 1B86E66203EBF9EE + 6: D0BBE3E43961, 59F730D5ABF13265 + 7: 046529AB0EDD17, 240FF6134AA5327B + 8: FF4F32C3A96D61D9, 5DE9B81CC39ACC61 + 9: E94A99D609BE5B1A6D, 443F4948DE64E6A0 + 10: B3E783B59853EE1EBD36, F04B41EAAB9CDE18 + 11: 0BB36CE35BB8050169F6F2, 598A0705C800BC04 + 12: BE946B1CB03E7E5DA1CC12B8, 288B827CEA810662 + 13: 3FEC137C657FF1F2B34F4C5E56, F9248F59D1033253 + 14: 626DC4527055E80E68A6A1FE0F78, D8AA67D5ABD0B6A5 + 15: 476247537A509BC42BCD6DEC7F9506, 2C2D0385066B4815 + 16: 5D32BFE0B9ACB62B6AC29D43A0535A25, DE247F5F809C6CEC + OCB-3des (24 byte key) 0: , 9CB7074F93CD37DD 1: 4D, 51541A838A154E0B diff --git a/notes/omac_tv.txt b/notes/omac_tv.txt index 8ec263b0b..2f13110b0 100644 --- a/notes/omac_tv.txt +++ b/notes/omac_tv.txt @@ -313,6 +313,25 @@ OMAC-des (8 byte key) 15: 7FB7CE0862958B37 16: 55097816B10C549B +OMAC-desx (24 byte key) + 0: 3DCD366D8E4D6EB8 + 1: AD1DF426B344F922 + 2: C50DD51B953E37EF + 3: F732DD355496D72F + 4: B8A9D3819024AD6E + 5: 7C4624125A33C0DF + 6: 378D83372E82296F + 7: 974C7613AF191E95 + 8: C856C3F7B1A944FA + 9: F7898CFD34AFECE2 + 10: 9B5B09251EB0F44B + 11: 369D0AC2E71641E8 + 12: B798AFD13EDFD831 + 13: 066207F46EA9B6F2 + 14: 4083189F5CE42C5F + 15: 6D04E4B9E2ECA8DB + 16: 9D9EE9A8B5AC27C2 + OMAC-3des (24 byte key) 0: 7F07A9EA8ECEDF9E 1: 4E2A652EB5FBF5F8 diff --git a/notes/pmac_tv.txt b/notes/pmac_tv.txt index 0594e635e..8f835abfe 100644 --- a/notes/pmac_tv.txt +++ b/notes/pmac_tv.txt @@ -313,6 +313,25 @@ PMAC-des (8 byte key) 15: FCE22E6CAD528B49 16: 993884FB9B3FB620 +PMAC-desx (24 byte key) + 0: CFC3AC7F6B9BC6C4 + 1: 15F83A2E582CA5DB + 2: 648B0A54C2A44D96 + 3: 76BD5FCA60D3E0D8 + 4: 59E994CED4C82509 + 5: 15B6B80165023A25 + 6: 095AEDA02E235237 + 7: FDEEF329DD64EE7D + 8: 1FE317FD5338ADEF + 9: 0E0530FC5984E574 + 10: 7D670A434BDF5E6E + 11: AD0C2D07F449969F + 12: 023D921C2523A41D + 13: E98F2BE666A5749D + 14: FA9DB0029446CA31 + 15: AF3350DCF2A5D6AC + 16: E72861AE67EF88E2 + PMAC-3des (24 byte key) 0: E42CCBC9C9457DF6 1: FE766F7930557708 diff --git a/src/ciphers/des.c b/src/ciphers/des.c index 5d00720c1..eca87e576 100644 --- a/src/ciphers/des.c +++ b/src/ciphers/des.c @@ -40,6 +40,20 @@ const struct ltc_cipher_descriptor des3_desc = NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; +const struct ltc_cipher_descriptor desx_desc = +{ + "desx", + 27, + 24, 24, 8, 16, + &desx_setup, + &desx_ecb_encrypt, + &desx_ecb_decrypt, + &desx_test, + &desx_done, + &desx_keysize, + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL +}; + static const ulong32 bytebit[8] = { 0200, 0100, 040, 020, 010, 04, 02, 01 @@ -1511,7 +1525,7 @@ static void desfunc(ulong32 *block, const ulong32 *keys) #endif /** - Initialize the LTC_DES block cipher + Initialize the DES block cipher @param key The symmetric key you wish to pass @param keylen The key length in bytes @param num_rounds The number of rounds desired (0 for default) @@ -1538,7 +1552,36 @@ int des_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke } /** - Initialize the 3LTC_DES-EDE block cipher + Initialize the DES-X block cipher + @param key The symmetric key you wish to pass + @param keylen The key length in bytes + @param num_rounds The number of rounds desired (0 for default) + @param skey The key in as scheduled by this function. + @return CRYPT_OK if successful + */ +int desx_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) +{ + if(num_rounds != 0 && num_rounds != 16) { + return CRYPT_INVALID_ROUNDS; + } + + if (keylen != 24) { + return CRYPT_INVALID_KEYSIZE; + } + + deskey(key, EN0, skey->desx.ek); + deskey(key, DE1, skey->desx.dk); + + LOAD32H(skey->desx.k[0][0], key + 8); + LOAD32H(skey->desx.k[0][1], key + 12); + LOAD32H(skey->desx.k[1][0], key + 16); + LOAD32H(skey->desx.k[1][1], key + 20); + + return CRYPT_OK; +} + + /** + Initialize the 3DES-EDE block cipher @param key The symmetric key you wish to pass @param keylen The key length in bytes @param num_rounds The number of rounds desired (0 for default) @@ -1580,7 +1623,7 @@ int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_k } /** - Encrypts a block of text with LTC_DES + Encrypts a block of text with DES @param pt The input plaintext (8 bytes) @param ct The output ciphertext (8 bytes) @param skey The key as scheduled @@ -1601,7 +1644,7 @@ int des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_ } /** - Decrypts a block of text with LTC_DES + Decrypts a block of text with DES @param ct The input ciphertext (8 bytes) @param pt The output plaintext (8 bytes) @param skey The key as scheduled @@ -1622,7 +1665,57 @@ int des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_ } /** - Encrypts a block of text with 3LTC_DES-EDE + Encrypts a block of text with DES-X + @param pt The input plaintext (8 bytes) + @param ct The output ciphertext (8 bytes) + @param skey The key as scheduled + @return CRYPT_OK if successful +*/ +int desx_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey) +{ + ulong32 work[2]; + LTC_ARGCHK(pt != NULL); + LTC_ARGCHK(ct != NULL); + LTC_ARGCHK(skey != NULL); + LOAD32H(work[0], pt+0); + LOAD32H(work[1], pt+4); + work[0] ^= skey->desx.k[0][0]; + work[1] ^= skey->desx.k[0][1]; + desfunc(work, skey->desx.ek); + work[0] ^= skey->desx.k[1][0]; + work[1] ^= skey->desx.k[1][1]; + STORE32H(work[0],ct+0); + STORE32H(work[1],ct+4); + return CRYPT_OK; +} + +/** + Decrypts a block of text with DES-X + @param ct The input ciphertext (8 bytes) + @param pt The output plaintext (8 bytes) + @param skey The key as scheduled + @return CRYPT_OK if successful +*/ +int desx_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) +{ + ulong32 work[2]; + LTC_ARGCHK(pt != NULL); + LTC_ARGCHK(ct != NULL); + LTC_ARGCHK(skey != NULL); + LOAD32H(work[0], ct+0); + LOAD32H(work[1], ct+4); + work[0] ^= skey->desx.k[1][0]; + work[1] ^= skey->desx.k[1][1]; + desfunc(work, skey->des.dk); + work[0] ^= skey->desx.k[0][0]; + work[1] ^= skey->desx.k[0][1]; + STORE32H(work[0],pt+0); + STORE32H(work[1],pt+4); + return CRYPT_OK; +} + +/** + Encrypts a block of text with 3DES-EDE @param pt The input plaintext (8 bytes) @param ct The output ciphertext (8 bytes) @param skey The key as scheduled @@ -1646,7 +1739,7 @@ int des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric } /** - Decrypts a block of text with 3LTC_DES-EDE + Decrypts a block of text with 3DES-EDE @param ct The input ciphertext (8 bytes) @param pt The output plaintext (8 bytes) @param skey The key as scheduled @@ -1669,7 +1762,7 @@ int des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric } /** - Performs a self-test of the LTC_DES block cipher + Performs a self-test of the DES block cipher @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled */ int des_test(void) @@ -1964,6 +2057,39 @@ int des_test(void) #endif } +int desx_test(void) +{ + #ifndef LTC_TEST + return CRYPT_NOP; + #else + unsigned char key[24], pt[8], tmp[8]; + symmetric_key skey; + int i, err; + + if ((err = des_test()) != CRYPT_OK) { + return err; + } + + /* See if we can encrypt all zero bytes 1000 times, decrypt and come back to where we started */ + + for (i = 0; i < 24; i++) key[i] = i; + + if ((err = desx_setup(key, 24, 0, &skey)) != CRYPT_OK) { + return err; + } + + for (i = 0; i < 8; i++) pt[i] = tmp[i] = 0; + for (i = 0; i < 1000; i++) desx_ecb_encrypt(tmp, tmp, &skey); + for (i = 0; i < 1000; i++) desx_ecb_decrypt(tmp, tmp, &skey); + + if (compare_testvector(tmp, 8, pt, 8, "DES-X", 0) != 0) { + return CRYPT_FAIL_TESTVECTOR; + } + + return CRYPT_OK; + #endif +} + int des3_test(void) { #ifndef LTC_TEST @@ -2046,6 +2172,14 @@ void des_done(symmetric_key *skey) LTC_UNUSED_PARAM(skey); } +/** Terminate the context + @param skey The scheduled key +*/ +void desx_done(symmetric_key *skey) +{ + LTC_UNUSED_PARAM(skey); +} + /** Terminate the context @param skey The scheduled key */ @@ -2070,6 +2204,21 @@ int des_keysize(int *keysize) return CRYPT_OK; } +/** + Gets suitable key size + @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. + @return CRYPT_OK if the input key size is acceptable. +*/ +int desx_keysize(int *keysize) +{ + LTC_ARGCHK(keysize != NULL); + if(*keysize < 24) { + return CRYPT_INVALID_KEYSIZE; + } + *keysize = 24; + return CRYPT_OK; +} + /** Gets suitable key size @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. diff --git a/src/encauth/chachapoly/chacha20poly1305_done.c b/src/encauth/chachapoly/chacha20poly1305_done.c index 19d164014..b27ae661a 100644 --- a/src/encauth/chachapoly/chacha20poly1305_done.c +++ b/src/encauth/chachapoly/chacha20poly1305_done.c @@ -21,13 +21,15 @@ int chacha20poly1305_done(chacha20poly1305_state *st, unsigned char *tag, unsign LTC_ARGCHK(st != NULL); - padlen = 16 - (unsigned long)(st->ctlen % 16); - if (padlen < 16) { - if ((err = poly1305_process(&st->poly, padzero, padlen)) != CRYPT_OK) return err; + if (!st->openssh_compat) { + padlen = 16 - (unsigned long)(st->ctlen % 16); + if (padlen < 16) { + if ((err = poly1305_process(&st->poly, padzero, padlen)) != CRYPT_OK) return err; + } + STORE64L(st->aadlen, buf); + STORE64L(st->ctlen, buf + 8); + if ((err = poly1305_process(&st->poly, buf, 16)) != CRYPT_OK) return err; } - STORE64L(st->aadlen, buf); - STORE64L(st->ctlen, buf + 8); - if ((err = poly1305_process(&st->poly, buf, 16)) != CRYPT_OK) return err; if ((err = poly1305_done(&st->poly, tag, taglen)) != CRYPT_OK) return err; if ((err = chacha_done(&st->chacha)) != CRYPT_OK) return err; return CRYPT_OK; diff --git a/src/encauth/chachapoly/chacha20poly1305_init.c b/src/encauth/chachapoly/chacha20poly1305_init.c index 2654f4dae..14ddb6c1d 100644 --- a/src/encauth/chachapoly/chacha20poly1305_init.c +++ b/src/encauth/chachapoly/chacha20poly1305_init.c @@ -14,6 +14,7 @@ */ int chacha20poly1305_init(chacha20poly1305_state *st, const unsigned char *key, unsigned long keylen) { + XMEMSET(st, 0, sizeof(*st)); return chacha_setup(&st->chacha, key, keylen, 20); } diff --git a/src/encauth/chachapoly/chacha20poly1305_memory.c b/src/encauth/chachapoly/chacha20poly1305_memory.c index 6e3bf2458..5adca427d 100644 --- a/src/encauth/chachapoly/chacha20poly1305_memory.c +++ b/src/encauth/chachapoly/chacha20poly1305_memory.c @@ -40,6 +40,10 @@ int chacha20poly1305_memory(const unsigned char *key, unsigned long keylen, LTC_ARGCHK(taglen != NULL); if ((err = chacha20poly1305_init(&st, key, keylen)) != CRYPT_OK) { goto LBL_ERR; } + + st.openssh_compat = (direction & CHACHA20POLY1305_OPENSSH_COMPAT) ? 1 : 0; + direction &= ~(CHACHA20POLY1305_OPENSSH_COMPAT); + if ((err = chacha20poly1305_setiv(&st, iv, ivlen)) != CRYPT_OK) { goto LBL_ERR; } if (aad && aadlen > 0) { if ((err = chacha20poly1305_add_aad(&st, aad, aadlen)) != CRYPT_OK) { goto LBL_ERR; } diff --git a/src/headers/tomcrypt_cipher.h b/src/headers/tomcrypt_cipher.h index aeee34355..759c9aa8f 100644 --- a/src/headers/tomcrypt_cipher.h +++ b/src/headers/tomcrypt_cipher.h @@ -97,6 +97,11 @@ struct des_key { ulong32 ek[32], dk[32]; }; +struct desx_key { + ulong32 ek[32], dk[32]; + ulong32 k[2][2]; +}; + struct des3_key { ulong32 ek[3][32], dk[3][32]; }; @@ -176,6 +181,7 @@ struct tea_key { typedef union Symmetric_key { #ifdef LTC_DES struct des_key des; + struct desx_key desx; struct des3_key des3; #endif #ifdef LTC_RC2 @@ -757,13 +763,19 @@ int des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_ int des_test(void); void des_done(symmetric_key *skey); int des_keysize(int *keysize); +int desx_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); +int desx_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey); +int desx_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey); +int desx_test(void); +void desx_done(symmetric_key *skey); +int desx_keysize(int *keysize); int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); int des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey); int des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey); int des3_test(void); void des3_done(symmetric_key *skey); int des3_keysize(int *keysize); -extern const struct ltc_cipher_descriptor des_desc, des3_desc; +extern const struct ltc_cipher_descriptor des_desc, desx_desc, des3_desc; #endif #ifdef LTC_CAST5 diff --git a/src/headers/tomcrypt_mac.h b/src/headers/tomcrypt_mac.h index f6738f697..fb1e5a75b 100644 --- a/src/headers/tomcrypt_mac.h +++ b/src/headers/tomcrypt_mac.h @@ -541,11 +541,12 @@ typedef struct { chacha_state chacha; ulong64 aadlen; ulong64 ctlen; - int aadflg; + int aadflg, openssh_compat; } chacha20poly1305_state; -#define CHACHA20POLY1305_ENCRYPT LTC_ENCRYPT -#define CHACHA20POLY1305_DECRYPT LTC_DECRYPT +#define CHACHA20POLY1305_ENCRYPT LTC_ENCRYPT +#define CHACHA20POLY1305_DECRYPT LTC_DECRYPT +#define CHACHA20POLY1305_OPENSSH_COMPAT 2 int chacha20poly1305_init(chacha20poly1305_state *st, const unsigned char *key, unsigned long keylen); int chacha20poly1305_setiv(chacha20poly1305_state *st, const unsigned char *iv, unsigned long ivlen); diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index bdcf3124c..d58e9ba2f 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -263,7 +263,19 @@ int base64_encode_pem(const unsigned char *in, unsigned long inlen, #ifdef LTC_PEM enum cipher_mode { - cm_none, cm_cbc, cm_cfb, cm_ctr, cm_ofb, cm_stream, cm_gcm + cm_modes = 0x00ff, + cm_flags = 0xff00, + /* Flags */ + cm_openssh = 0x0100, + /* Modes */ + cm_none = 0x0000, + cm_cbc = 0x0001, + cm_cfb = 0x0002, + cm_ctr = 0x0003, + cm_ofb = 0x0004, + cm_stream = 0x0005, + cm_gcm = 0x0006, + cm_stream_openssh = cm_stream | cm_openssh, }; struct blockcipher_info { @@ -350,6 +362,7 @@ int pbes2_extract(const ltc_asn1_list *s, pbes_arg *res); int pem_decrypt(unsigned char *data, unsigned long *datalen, unsigned char *key, unsigned long keylen, unsigned char *iv, unsigned long ivlen, + unsigned char *tag, unsigned long taglen, const struct blockcipher_info *info, enum padding_type padding); #ifndef LTC_NO_FILE diff --git a/src/misc/crypt/crypt.c b/src/misc/crypt/crypt.c index bf2c3ecf3..a215b6a1f 100644 --- a/src/misc/crypt/crypt.c +++ b/src/misc/crypt/crypt.c @@ -84,6 +84,8 @@ const char *crypt_build_settings = #endif #if defined(LTC_DES) " DES\n" + " DES-X\n" + " 3DES\n" #endif #if defined(LTC_CAST5) " CAST5\n" diff --git a/src/misc/crypt/crypt_register_all_ciphers.c b/src/misc/crypt/crypt_register_all_ciphers.c index bfed2e68d..da46051c8 100644 --- a/src/misc/crypt/crypt_register_all_ciphers.c +++ b/src/misc/crypt/crypt_register_all_ciphers.c @@ -58,6 +58,7 @@ int register_all_ciphers(void) #endif #ifdef LTC_DES REGISTER_CIPHER(&des_desc); + REGISTER_CIPHER(&desx_desc); REGISTER_CIPHER(&des3_desc); #endif #ifdef LTC_CAST5 diff --git a/src/misc/pem/pem.c b/src/misc/pem/pem.c index 5a14a2c76..18356a575 100644 --- a/src/misc/pem/pem.c +++ b/src/misc/pem/pem.c @@ -75,66 +75,72 @@ const struct str pem_ssh_comment = { SET_CSTR(, "Comment: ") }; const struct str pem_dek_info_start = { SET_CSTR(, "DEK-Info: ") }; const struct blockcipher_info pem_dek_infos[] = { - { .name = "AES-128-CBC,", .algo = "aes", .keylen = 128 / 8, .mode = cm_cbc, }, - { .name = "AES-192-CBC,", .algo = "aes", .keylen = 192 / 8, .mode = cm_cbc, }, - { .name = "AES-256-CBC,", .algo = "aes", .keylen = 256 / 8, .mode = cm_cbc, }, - { .name = "AES-128-CFB,", .algo = "aes", .keylen = 128 / 8, .mode = cm_cfb, }, - { .name = "AES-192-CFB,", .algo = "aes", .keylen = 192 / 8, .mode = cm_cfb, }, - { .name = "AES-256-CFB,", .algo = "aes", .keylen = 256 / 8, .mode = cm_cfb, }, - { .name = "AES-128-CTR,", .algo = "aes", .keylen = 128 / 8, .mode = cm_ctr, }, - { .name = "AES-192-CTR,", .algo = "aes", .keylen = 192 / 8, .mode = cm_ctr, }, - { .name = "AES-256-CTR,", .algo = "aes", .keylen = 256 / 8, .mode = cm_ctr, }, - { .name = "AES-128-OFB,", .algo = "aes", .keylen = 128 / 8, .mode = cm_ofb, }, - { .name = "AES-192-OFB,", .algo = "aes", .keylen = 192 / 8, .mode = cm_ofb, }, - { .name = "AES-256-OFB,", .algo = "aes", .keylen = 256 / 8, .mode = cm_ofb, }, - { .name = "BF-CBC,", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_cbc, }, - { .name = "BF-CFB,", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_cfb, }, - { .name = "BF-OFB,", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_ofb, }, - { .name = "CAMELLIA-128-CBC,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_cbc, }, - { .name = "CAMELLIA-192-CBC,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_cbc, }, - { .name = "CAMELLIA-256-CBC,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_cbc, }, - { .name = "CAMELLIA-128-CFB,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_cfb, }, - { .name = "CAMELLIA-192-CFB,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_cfb, }, - { .name = "CAMELLIA-256-CFB,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_cfb, }, - { .name = "CAMELLIA-128-CTR,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_ctr, }, - { .name = "CAMELLIA-192-CTR,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_ctr, }, - { .name = "CAMELLIA-256-CTR,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_ctr, }, - { .name = "CAMELLIA-128-OFB,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_ofb, }, - { .name = "CAMELLIA-192-OFB,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_ofb, }, - { .name = "CAMELLIA-256-OFB,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_ofb, }, - { .name = "CAST5-CBC,", .algo = "cast5", .keylen = 128 / 8, .mode = cm_cbc, }, - { .name = "CAST5-CFB,", .algo = "cast5", .keylen = 128 / 8, .mode = cm_cfb, }, - { .name = "CAST5-OFB,", .algo = "cast5", .keylen = 128 / 8, .mode = cm_ofb, }, - { .name = "DES-EDE3-CBC,", .algo = "3des", .keylen = 192 / 8, .mode = cm_cbc, }, - { .name = "DES-EDE3-CFB,", .algo = "3des", .keylen = 192 / 8, .mode = cm_cfb, }, - { .name = "DES-EDE3-OFB,", .algo = "3des", .keylen = 192 / 8, .mode = cm_ofb, }, - { .name = "DES-CBC,", .algo = "des", .keylen = 64 / 8, .mode = cm_cbc, }, - { .name = "DES-CFB,", .algo = "des", .keylen = 64 / 8, .mode = cm_cfb, }, - { .name = "DES-OFB,", .algo = "des", .keylen = 64 / 8, .mode = cm_ofb, }, - { .name = "IDEA-CBC,", .algo = "idea", .keylen = 128 / 8, .mode = cm_cbc, }, - { .name = "IDEA-CFB,", .algo = "idea", .keylen = 128 / 8, .mode = cm_cfb, }, - { .name = "IDEA-OFB,", .algo = "idea", .keylen = 128 / 8, .mode = cm_ofb, }, - { .name = "RC5-CBC,", .algo = "rc5", .keylen = 128 / 8, .mode = cm_cbc, }, - { .name = "RC5-CFB,", .algo = "rc5", .keylen = 128 / 8, .mode = cm_cfb, }, - { .name = "RC5-OFB,", .algo = "rc5", .keylen = 128 / 8, .mode = cm_ofb, }, - { .name = "RC2-40-CBC,", .algo = "rc2", .keylen = 40 / 8, .mode = cm_cbc, }, - { .name = "RC2-64-CBC,", .algo = "rc2", .keylen = 64 / 8, .mode = cm_cbc, }, - { .name = "RC2-CBC,", .algo = "rc2", .keylen = 128 / 8, .mode = cm_cbc, }, - { .name = "RC2-CFB,", .algo = "rc2", .keylen = 128 / 8, .mode = cm_cfb, }, - { .name = "RC2-OFB,", .algo = "rc2", .keylen = 128 / 8, .mode = cm_ofb, }, - { .name = "SEED-CBC,", .algo = "seed", .keylen = 128 / 8, .mode = cm_cbc, }, - { .name = "SEED-CFB,", .algo = "seed", .keylen = 128 / 8, .mode = cm_cfb, }, - { .name = "SEED-OFB,", .algo = "seed", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "AES-128-CBC,", .algo = "aes", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "AES-192-CBC,", .algo = "aes", .keylen = 192 / 8, .mode = cm_cbc, }, + { .name = "AES-256-CBC,", .algo = "aes", .keylen = 256 / 8, .mode = cm_cbc, }, + { .name = "AES-128-CFB,", .algo = "aes", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "AES-192-CFB,", .algo = "aes", .keylen = 192 / 8, .mode = cm_cfb, }, + { .name = "AES-256-CFB,", .algo = "aes", .keylen = 256 / 8, .mode = cm_cfb, }, + { .name = "AES-128-CTR,", .algo = "aes", .keylen = 128 / 8, .mode = cm_ctr, }, + { .name = "AES-192-CTR,", .algo = "aes", .keylen = 192 / 8, .mode = cm_ctr, }, + { .name = "AES-256-CTR,", .algo = "aes", .keylen = 256 / 8, .mode = cm_ctr, }, + { .name = "AES-128-OFB,", .algo = "aes", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "AES-192-OFB,", .algo = "aes", .keylen = 192 / 8, .mode = cm_ofb, }, + { .name = "AES-256-OFB,", .algo = "aes", .keylen = 256 / 8, .mode = cm_ofb, }, + { .name = "BF-CBC,", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "BF-CFB,", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "BF-OFB,", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "CAMELLIA-128-CBC,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "CAMELLIA-192-CBC,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_cbc, }, + { .name = "CAMELLIA-256-CBC,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_cbc, }, + { .name = "CAMELLIA-128-CFB,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "CAMELLIA-192-CFB,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_cfb, }, + { .name = "CAMELLIA-256-CFB,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_cfb, }, + { .name = "CAMELLIA-128-CTR,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_ctr, }, + { .name = "CAMELLIA-192-CTR,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_ctr, }, + { .name = "CAMELLIA-256-CTR,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_ctr, }, + { .name = "CAMELLIA-128-OFB,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "CAMELLIA-192-OFB,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_ofb, }, + { .name = "CAMELLIA-256-OFB,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_ofb, }, + { .name = "CAST5-CBC,", .algo = "cast5", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "CAST5-CFB,", .algo = "cast5", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "CAST5-OFB,", .algo = "cast5", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "ChaCha20,", .algo = "chacha20", .keylen = 256 / 8, .mode = cm_stream, }, + { .name = "DES-EDE-CBC,", .algo = "3des", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "DES-EDE-CFB,", .algo = "3des", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "DES-EDE-OFB,", .algo = "3des", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "DES-EDE3-CBC,", .algo = "3des", .keylen = 192 / 8, .mode = cm_cbc, }, + { .name = "DES-EDE3-CFB,", .algo = "3des", .keylen = 192 / 8, .mode = cm_cfb, }, + { .name = "DES-EDE3-OFB,", .algo = "3des", .keylen = 192 / 8, .mode = cm_ofb, }, + { .name = "DES-CBC,", .algo = "des", .keylen = 64 / 8, .mode = cm_cbc, }, + { .name = "DES-CFB,", .algo = "des", .keylen = 64 / 8, .mode = cm_cfb, }, + { .name = "DES-OFB,", .algo = "des", .keylen = 64 / 8, .mode = cm_ofb, }, + { .name = "DESX-CBC,", .algo = "desx", .keylen = 192 / 8, .mode = cm_cbc, }, + { .name = "IDEA-CBC,", .algo = "idea", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "IDEA-CFB,", .algo = "idea", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "IDEA-OFB,", .algo = "idea", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "RC5-CBC,", .algo = "rc5", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "RC5-CFB,", .algo = "rc5", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "RC5-OFB,", .algo = "rc5", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "RC2-40-CBC,", .algo = "rc2", .keylen = 40 / 8, .mode = cm_cbc, }, + { .name = "RC2-64-CBC,", .algo = "rc2", .keylen = 64 / 8, .mode = cm_cbc, }, + { .name = "RC2-CBC,", .algo = "rc2", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "RC2-CFB,", .algo = "rc2", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "RC2-OFB,", .algo = "rc2", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "SEED-CBC,", .algo = "seed", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "SEED-CFB,", .algo = "seed", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "SEED-OFB,", .algo = "seed", .keylen = 128 / 8, .mode = cm_ofb, }, }; const unsigned long pem_dek_infos_num = sizeof(pem_dek_infos)/sizeof(pem_dek_infos[0]); int pem_decrypt(unsigned char *data, unsigned long *datalen, unsigned char *key, unsigned long keylen, unsigned char *iv, unsigned long ivlen, + unsigned char *tag, unsigned long taglen, const struct blockcipher_info *info, enum padding_type padding) { - int err, cipher; + int err, cipher = -1; struct { union { #ifdef LTC_CBC_MODE @@ -151,10 +157,13 @@ int pem_decrypt(unsigned char *data, unsigned long *datalen, #endif } ctx; } s; + enum cipher_mode mode = info->mode & cm_modes; - cipher = find_cipher(info->algo); - if (cipher == -1) { - return CRYPT_INVALID_CIPHER; + if (mode != cm_stream) { + cipher = find_cipher(info->algo); + if (cipher == -1) { + return CRYPT_INVALID_CIPHER; + } } switch (info->mode) { @@ -222,6 +231,50 @@ int pem_decrypt(unsigned char *data, unsigned long *datalen, } #else return CRYPT_INVALID_CIPHER; +#endif + break; + case cm_gcm: +#ifdef LTC_GCM_MODE + if ((err = gcm_memory(cipher, + key, keylen, + iv, ivlen, + NULL, 0, + data, *datalen, data, + tag, &taglen, + GCM_DECRYPT)) != CRYPT_OK) { + goto error_out; + } +#else + LTC_UNUSED_PARAM(tag); + LTC_UNUSED_PARAM(taglen); + return CRYPT_INVALID_CIPHER; +#endif + break; + case cm_stream: +#ifdef LTC_CHACHA + LTC_ARGCHK(ivlen == 16); + + if ((err = chacha_memory(key, keylen, 20, + iv, ivlen, 0, + data, *datalen, data)) != CRYPT_OK) { + goto error_out; + } +#else + return CRYPT_INVALID_CIPHER; +#endif + break; + case cm_stream_openssh: +#ifdef LTC_CHACHA20POLY1305_MODE + if ((err = chacha20poly1305_memory(key, 32, + iv, ivlen, + NULL, 0, + data, *datalen, data, + tag, &taglen, + CHACHA20POLY1305_DECRYPT | CHACHA20POLY1305_OPENSSH_COMPAT)) != CRYPT_OK) { + goto error_out; + } +#else + return CRYPT_INVALID_CIPHER; #endif break; default: diff --git a/src/misc/pem/pem_pkcs.c b/src/misc/pem/pem_pkcs.c index 9378e0654..fdc136182 100644 --- a/src/misc/pem/pem_pkcs.c +++ b/src/misc/pem/pem_pkcs.c @@ -16,12 +16,8 @@ static int s_decrypt_pem(unsigned char *pem, unsigned long *l, const struct pem_ { unsigned char iv[MAXBLOCKSIZE], key[MAXBLOCKSIZE]; unsigned long ivlen, klen; - int err, cipher; + int err; - cipher = find_cipher(hdr->info.algo); - if (cipher == -1) { - return CRYPT_INVALID_CIPHER; - } if (hdr->info.keylen > sizeof(key)) { return CRYPT_BUFFER_OVERFLOW; } @@ -38,7 +34,7 @@ static int s_decrypt_pem(unsigned char *pem, unsigned long *l, const struct pem_ return err; } - err = pem_decrypt(pem, l, key, klen, iv, ivlen, &hdr->info, LTC_PAD_PKCS7); + err = pem_decrypt(pem, l, key, klen, iv, ivlen, NULL, 0, &hdr->info, LTC_PAD_PKCS7); zeromem(key, sizeof(key)); zeromem(iv, sizeof(iv)); diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c index a6c964f35..df4211396 100644 --- a/src/misc/pem/pem_ssh.c +++ b/src/misc/pem/pem_ssh.c @@ -17,31 +17,35 @@ */ const struct blockcipher_info ssh_ciphers[] = { - { .name = "none", .algo = "", .keylen = 0, .mode = cm_none }, - { .name = "aes128-cbc", .algo = "aes", .keylen = 128 / 8, .mode = cm_cbc }, - { .name = "aes128-ctr", .algo = "aes", .keylen = 128 / 8, .mode = cm_ctr }, - { .name = "aes192-cbc", .algo = "aes", .keylen = 192 / 8, .mode = cm_cbc }, - { .name = "aes192-ctr", .algo = "aes", .keylen = 192 / 8, .mode = cm_ctr }, - { .name = "aes256-cbc", .algo = "aes", .keylen = 256 / 8, .mode = cm_cbc }, - { .name = "aes256-ctr", .algo = "aes", .keylen = 256 / 8, .mode = cm_ctr }, - { .name = "blowfish128-cbc", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_cbc }, - { .name = "blowfish128-ctr", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_ctr }, - { .name = "des-cbc", .algo = "des", .keylen = 64 / 8, .mode = cm_cbc }, - { .name = "3des-cbc", .algo = "3des", .keylen = 192 / 8, .mode = cm_cbc }, - { .name = "3des-ctr", .algo = "3des", .keylen = 192 / 8, .mode = cm_ctr }, - { .name = "serpent128-cbc", .algo = "serpent", .keylen = 128 / 8, .mode = cm_cbc }, - { .name = "serpent128-ctr", .algo = "serpent", .keylen = 128 / 8, .mode = cm_ctr }, - { .name = "serpent192-cbc", .algo = "serpent", .keylen = 192 / 8, .mode = cm_cbc }, - { .name = "serpent192-ctr", .algo = "serpent", .keylen = 192 / 8, .mode = cm_ctr }, - { .name = "serpent256-cbc", .algo = "serpent", .keylen = 256 / 8, .mode = cm_cbc }, - { .name = "serpent256-ctr", .algo = "serpent", .keylen = 256 / 8, .mode = cm_ctr }, - { .name = "twofish128-cbc", .algo = "twofish", .keylen = 128 / 8, .mode = cm_cbc }, - { .name = "twofish128-ctr", .algo = "twofish", .keylen = 128 / 8, .mode = cm_ctr }, - { .name = "twofish192-cbc", .algo = "twofish", .keylen = 192 / 8, .mode = cm_cbc }, - { .name = "twofish192-ctr", .algo = "twofish", .keylen = 192 / 8, .mode = cm_ctr }, - { .name = "twofish-cbc", .algo = "twofish", .keylen = 256 / 8, .mode = cm_cbc }, - { .name = "twofish256-cbc", .algo = "twofish", .keylen = 256 / 8, .mode = cm_cbc }, - { .name = "twofish256-ctr", .algo = "twofish", .keylen = 256 / 8, .mode = cm_ctr }, + { .name = "none", .algo = "", .keylen = 0, .mode = cm_none }, + { .name = "aes128-cbc", .algo = "aes", .keylen = 128 / 8, .mode = cm_cbc }, + { .name = "aes128-ctr", .algo = "aes", .keylen = 128 / 8, .mode = cm_ctr }, + { .name = "aes192-cbc", .algo = "aes", .keylen = 192 / 8, .mode = cm_cbc }, + { .name = "aes192-ctr", .algo = "aes", .keylen = 192 / 8, .mode = cm_ctr }, + { .name = "aes256-cbc", .algo = "aes", .keylen = 256 / 8, .mode = cm_cbc }, + { .name = "aes256-ctr", .algo = "aes", .keylen = 256 / 8, .mode = cm_ctr }, + { .name = "aes128-gcm@openssh.com", .algo = "aes", .keylen = 128 / 8, .mode = cm_gcm }, + { .name = "aes256-gcm@openssh.com", .algo = "aes", .keylen = 256 / 8, .mode = cm_gcm }, + { .name = "blowfish128-cbc", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_cbc }, + { .name = "blowfish128-ctr", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_ctr }, + /* The algo name doesn't matter, it's only used in pem-info */ + { .name = "chacha20-poly1305@openssh.com", .algo = "c20p1305", .keylen = 256 / 8, .mode = cm_stream | cm_openssh }, + { .name = "des-cbc", .algo = "des", .keylen = 64 / 8, .mode = cm_cbc }, + { .name = "3des-cbc", .algo = "3des", .keylen = 192 / 8, .mode = cm_cbc }, + { .name = "3des-ctr", .algo = "3des", .keylen = 192 / 8, .mode = cm_ctr }, + { .name = "serpent128-cbc", .algo = "serpent", .keylen = 128 / 8, .mode = cm_cbc }, + { .name = "serpent128-ctr", .algo = "serpent", .keylen = 128 / 8, .mode = cm_ctr }, + { .name = "serpent192-cbc", .algo = "serpent", .keylen = 192 / 8, .mode = cm_cbc }, + { .name = "serpent192-ctr", .algo = "serpent", .keylen = 192 / 8, .mode = cm_ctr }, + { .name = "serpent256-cbc", .algo = "serpent", .keylen = 256 / 8, .mode = cm_cbc }, + { .name = "serpent256-ctr", .algo = "serpent", .keylen = 256 / 8, .mode = cm_ctr }, + { .name = "twofish128-cbc", .algo = "twofish", .keylen = 128 / 8, .mode = cm_cbc }, + { .name = "twofish128-ctr", .algo = "twofish", .keylen = 128 / 8, .mode = cm_ctr }, + { .name = "twofish192-cbc", .algo = "twofish", .keylen = 192 / 8, .mode = cm_cbc }, + { .name = "twofish192-ctr", .algo = "twofish", .keylen = 192 / 8, .mode = cm_ctr }, + { .name = "twofish-cbc", .algo = "twofish", .keylen = 256 / 8, .mode = cm_cbc }, + { .name = "twofish256-cbc", .algo = "twofish", .keylen = 256 / 8, .mode = cm_cbc }, + { .name = "twofish256-ctr", .algo = "twofish", .keylen = 256 / 8, .mode = cm_ctr }, }; const unsigned long ssh_ciphers_num = sizeof(ssh_ciphers)/sizeof(ssh_ciphers[0]); @@ -403,21 +407,33 @@ static int s_decode_key(const unsigned char *in, unsigned long *inlen, ltc_pka_k return remaining ? padding_depad(p, &remaining, LTC_PAD_SSH) : CRYPT_OK; } -static int s_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struct kdf_options *opts) +static int s_decrypt_private_keys(unsigned char *in, unsigned long *inlen, + unsigned char *tag, unsigned long taglen, + struct kdf_options *opts) { int err, cipher; - unsigned long symkey_len; - unsigned char symkey[MAXBLOCKSIZE]; + unsigned long symkey_len, iv_len; + unsigned char symkey[MAXBLOCKSIZE], *iv, iv_[8] = { 0 }; + enum cipher_mode mode = opts->cipher->mode & cm_modes; LTC_ARGCHK(in != NULL); LTC_ARGCHK(inlen != NULL); LTC_ARGCHK(opts != NULL); - cipher = find_cipher(opts->cipher->algo); - if (cipher == -1) { - return CRYPT_INVALID_CIPHER; + if (mode != cm_stream) { + cipher = find_cipher(opts->cipher->algo); + if (cipher == -1) { + return CRYPT_INVALID_CIPHER; + } + + iv = symkey + opts->cipher->keylen; + iv_len = mode == cm_gcm ? 12 : cipher_descriptor[cipher].block_length; + symkey_len = opts->cipher->keylen + iv_len; + } else { + iv = iv_; + iv_len = sizeof(iv_); + symkey_len = 64; } - symkey_len = opts->cipher->keylen + cipher_descriptor[cipher].block_length; if (sizeof(symkey) < symkey_len) { return CRYPT_OVERFLOW; @@ -427,12 +443,11 @@ static int s_decrypt_private_keys(unsigned char *in, unsigned long *inlen, struc opts->num_rounds, find_hash("sha512"), symkey, &symkey_len)) != CRYPT_OK) { return err; } - err = pem_decrypt(in, inlen, symkey, opts->cipher->keylen, - symkey + opts->cipher->keylen, cipher_descriptor[cipher].block_length, + iv, iv_len, + tag, taglen, opts->cipher, LTC_PAD_SSH); - zeromem(symkey, sizeof(symkey)); return err; @@ -522,8 +537,8 @@ static const unsigned long pem_openssh_num = sizeof(pem_openssh)/sizeof(pem_open static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, const password_ctx *pw_ctx) { - unsigned char *pem = NULL, *p, *privkey = NULL; - unsigned long n, w, l, privkey_len; + unsigned char *pem = NULL, *p, *privkey = NULL, *tag; + unsigned long n, w, l, privkey_len, taglen; int err; struct pem_headers hdr; struct kdf_options opts = { 0 }; @@ -575,8 +590,12 @@ static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, const password_c err = CRYPT_ERROR; goto cleanup; } + tag = p + w; + taglen = l - w; w = privkey_len; - if ((err = s_decrypt_private_keys(privkey, &privkey_len, &opts)) != CRYPT_OK) { + if ((err = s_decrypt_private_keys(privkey, &privkey_len, + tag, taglen, + &opts)) != CRYPT_OK) { goto cleanup; } zeromem(opts.pw.pw, opts.pw.l); diff --git a/src/stream/chacha/chacha_memory.c b/src/stream/chacha/chacha_memory.c index e73a038c4..957af0f33 100644 --- a/src/stream/chacha/chacha_memory.c +++ b/src/stream/chacha/chacha_memory.c @@ -9,11 +9,12 @@ Encrypt (or decrypt) bytes of ciphertext (or plaintext) with ChaCha @param key The key @param keylen The key length + @param rounds The number of rounds @param iv The initial vector @param ivlen The initial vector length + @param counter initial counter value, either ignored, 32- or 64-bit, depending on ivlen @param datain The plaintext (or ciphertext) @param datalen The length of the input and output (octets) - @param rounds The number of rounds @param dataout [out] The ciphertext (or plaintext) @return CRYPT_OK if successful */ @@ -23,14 +24,23 @@ int chacha_memory(const unsigned char *key, unsigned long keylen, unsigned l { chacha_state st; int err; + const unsigned char *iv_ = iv; + unsigned long ivlen_ = ivlen; + ulong64 counter_ = counter; + + if (ivlen == 16) { + LOAD64L(counter_, iv); + iv_ += 8; + ivlen_ -=8; + } - LTC_ARGCHK(ivlen <= 8 || counter < 4294967296); /* 2**32 */ + LTC_ARGCHK(ivlen_ <= 8 || counter_ < CONST64(4294967296)); /* 2**32 */ if ((err = chacha_setup(&st, key, keylen, rounds)) != CRYPT_OK) goto WIPE_KEY; - if (ivlen > 8) { - if ((err = chacha_ivctr32(&st, iv, ivlen, (ulong32)counter)) != CRYPT_OK) goto WIPE_KEY; + if (ivlen_ > 8) { + if ((err = chacha_ivctr32(&st, iv_, ivlen_, (ulong32)counter_)) != CRYPT_OK) goto WIPE_KEY; } else { - if ((err = chacha_ivctr64(&st, iv, ivlen, counter)) != CRYPT_OK) goto WIPE_KEY; + if ((err = chacha_ivctr64(&st, iv_, ivlen_, counter_)) != CRYPT_OK) goto WIPE_KEY; } err = chacha_crypt(&st, datain, datalen, dataout); WIPE_KEY: diff --git a/tests/pem/pkcs/unsupported/rsa-chacha20.pem b/tests/pem/pkcs/rsa-chacha20.pem similarity index 100% rename from tests/pem/pkcs/unsupported/rsa-chacha20.pem rename to tests/pem/pkcs/rsa-chacha20.pem diff --git a/tests/pem/pkcs/unsupported/rsa-des-ede-cbc.pem b/tests/pem/pkcs/rsa-des-ede-cbc.pem similarity index 100% rename from tests/pem/pkcs/unsupported/rsa-des-ede-cbc.pem rename to tests/pem/pkcs/rsa-des-ede-cbc.pem diff --git a/tests/pem/pkcs/unsupported/rsa-des-ede-cfb.pem b/tests/pem/pkcs/rsa-des-ede-cfb.pem similarity index 100% rename from tests/pem/pkcs/unsupported/rsa-des-ede-cfb.pem rename to tests/pem/pkcs/rsa-des-ede-cfb.pem diff --git a/tests/pem/pkcs/unsupported/rsa-des-ede-ofb.pem b/tests/pem/pkcs/rsa-des-ede-ofb.pem similarity index 100% rename from tests/pem/pkcs/unsupported/rsa-des-ede-ofb.pem rename to tests/pem/pkcs/rsa-des-ede-ofb.pem diff --git a/tests/pem/pkcs/unsupported/rsa-desx-cbc.pem b/tests/pem/pkcs/rsa-desx-cbc.pem similarity index 100% rename from tests/pem/pkcs/unsupported/rsa-desx-cbc.pem rename to tests/pem/pkcs/rsa-desx-cbc.pem diff --git a/tests/pem/pubkeys/ssh_dsa_1024_openssh.pub b/tests/pem/pubkeys/authorized_keys/ssh_dsa_1024_openssh.pub similarity index 100% rename from tests/pem/pubkeys/ssh_dsa_1024_openssh.pub rename to tests/pem/pubkeys/authorized_keys/ssh_dsa_1024_openssh.pub diff --git a/tests/pem/pubkeys/ssh_ecdsa_256_openssh.pub b/tests/pem/pubkeys/authorized_keys/ssh_ecdsa_256_openssh.pub similarity index 100% rename from tests/pem/pubkeys/ssh_ecdsa_256_openssh.pub rename to tests/pem/pubkeys/authorized_keys/ssh_ecdsa_256_openssh.pub diff --git a/tests/pem/pubkeys/ssh_ecdsa_384_openssh.pub b/tests/pem/pubkeys/authorized_keys/ssh_ecdsa_384_openssh.pub similarity index 100% rename from tests/pem/pubkeys/ssh_ecdsa_384_openssh.pub rename to tests/pem/pubkeys/authorized_keys/ssh_ecdsa_384_openssh.pub diff --git a/tests/pem/pubkeys/ssh_ecdsa_521_openssh.pub b/tests/pem/pubkeys/authorized_keys/ssh_ecdsa_521_openssh.pub similarity index 100% rename from tests/pem/pubkeys/ssh_ecdsa_521_openssh.pub rename to tests/pem/pubkeys/authorized_keys/ssh_ecdsa_521_openssh.pub diff --git a/tests/pem/pubkeys/ssh_ed25519_openssh.pub b/tests/pem/pubkeys/authorized_keys/ssh_ed25519_openssh.pub similarity index 100% rename from tests/pem/pubkeys/ssh_ed25519_openssh.pub rename to tests/pem/pubkeys/authorized_keys/ssh_ed25519_openssh.pub diff --git a/tests/pem/pubkeys/ssh_rsa_1024_openssh.pub b/tests/pem/pubkeys/authorized_keys/ssh_rsa_1024_openssh.pub similarity index 100% rename from tests/pem/pubkeys/ssh_rsa_1024_openssh.pub rename to tests/pem/pubkeys/authorized_keys/ssh_rsa_1024_openssh.pub diff --git a/tests/pem/pubkeys/ssh_rsa_1536_openssh.pub b/tests/pem/pubkeys/authorized_keys/ssh_rsa_1536_openssh.pub similarity index 100% rename from tests/pem/pubkeys/ssh_rsa_1536_openssh.pub rename to tests/pem/pubkeys/authorized_keys/ssh_rsa_1536_openssh.pub diff --git a/tests/pem/pubkeys/ssh_rsa_2048_openssh.pub b/tests/pem/pubkeys/authorized_keys/ssh_rsa_2048_openssh.pub similarity index 100% rename from tests/pem/pubkeys/ssh_rsa_2048_openssh.pub rename to tests/pem/pubkeys/authorized_keys/ssh_rsa_2048_openssh.pub diff --git a/tests/pem/pubkeys/ssh_rsa_4096_openssh.pub b/tests/pem/pubkeys/authorized_keys/ssh_rsa_4096_openssh.pub similarity index 100% rename from tests/pem/pubkeys/ssh_rsa_4096_openssh.pub rename to tests/pem/pubkeys/authorized_keys/ssh_rsa_4096_openssh.pub diff --git a/tests/pem/pubkeys/ssh_rsa_768_openssh.pub b/tests/pem/pubkeys/authorized_keys/ssh_rsa_768_openssh.pub similarity index 100% rename from tests/pem/pubkeys/ssh_rsa_768_openssh.pub rename to tests/pem/pubkeys/authorized_keys/ssh_rsa_768_openssh.pub diff --git a/tests/pem/pubkeys/ssh_rsa_8192_openssh.pub b/tests/pem/pubkeys/authorized_keys/ssh_rsa_8192_openssh.pub similarity index 100% rename from tests/pem/pubkeys/ssh_rsa_8192_openssh.pub rename to tests/pem/pubkeys/authorized_keys/ssh_rsa_8192_openssh.pub diff --git a/tests/pem/ssh/unsupported/ssh-rsa-3des-cbc.pub b/tests/pem/ssh/authorized_keys/ssh-rsa-3des-cbc.pub similarity index 100% rename from tests/pem/ssh/unsupported/ssh-rsa-3des-cbc.pub rename to tests/pem/ssh/authorized_keys/ssh-rsa-3des-cbc.pub diff --git a/tests/pem/ssh/unsupported/ssh-rsa-aes128-cbc.pub b/tests/pem/ssh/authorized_keys/ssh-rsa-aes128-cbc.pub similarity index 100% rename from tests/pem/ssh/unsupported/ssh-rsa-aes128-cbc.pub rename to tests/pem/ssh/authorized_keys/ssh-rsa-aes128-cbc.pub diff --git a/tests/pem/ssh/unsupported/ssh-rsa-aes128-ctr.pub b/tests/pem/ssh/authorized_keys/ssh-rsa-aes128-ctr.pub similarity index 100% rename from tests/pem/ssh/unsupported/ssh-rsa-aes128-ctr.pub rename to tests/pem/ssh/authorized_keys/ssh-rsa-aes128-ctr.pub diff --git a/tests/pem/ssh/unsupported/ssh-rsa-aes128-gcm.pub b/tests/pem/ssh/authorized_keys/ssh-rsa-aes128-gcm.pub similarity index 100% rename from tests/pem/ssh/unsupported/ssh-rsa-aes128-gcm.pub rename to tests/pem/ssh/authorized_keys/ssh-rsa-aes128-gcm.pub diff --git a/tests/pem/ssh/unsupported/ssh-rsa-aes192-cbc.pub b/tests/pem/ssh/authorized_keys/ssh-rsa-aes192-cbc.pub similarity index 100% rename from tests/pem/ssh/unsupported/ssh-rsa-aes192-cbc.pub rename to tests/pem/ssh/authorized_keys/ssh-rsa-aes192-cbc.pub diff --git a/tests/pem/ssh/unsupported/ssh-rsa-aes192-ctr.pub b/tests/pem/ssh/authorized_keys/ssh-rsa-aes192-ctr.pub similarity index 100% rename from tests/pem/ssh/unsupported/ssh-rsa-aes192-ctr.pub rename to tests/pem/ssh/authorized_keys/ssh-rsa-aes192-ctr.pub diff --git a/tests/pem/ssh/unsupported/ssh-rsa-aes256-cbc.pub b/tests/pem/ssh/authorized_keys/ssh-rsa-aes256-cbc.pub similarity index 100% rename from tests/pem/ssh/unsupported/ssh-rsa-aes256-cbc.pub rename to tests/pem/ssh/authorized_keys/ssh-rsa-aes256-cbc.pub diff --git a/tests/pem/ssh/unsupported/ssh-rsa-aes256-ctr.pub b/tests/pem/ssh/authorized_keys/ssh-rsa-aes256-ctr.pub similarity index 100% rename from tests/pem/ssh/unsupported/ssh-rsa-aes256-ctr.pub rename to tests/pem/ssh/authorized_keys/ssh-rsa-aes256-ctr.pub diff --git a/tests/pem/ssh/unsupported/ssh-rsa-aes256-gcm.pub b/tests/pem/ssh/authorized_keys/ssh-rsa-aes256-gcm.pub similarity index 100% rename from tests/pem/ssh/unsupported/ssh-rsa-aes256-gcm.pub rename to tests/pem/ssh/authorized_keys/ssh-rsa-aes256-gcm.pub diff --git a/tests/pem/ssh/unsupported/ssh-rsa-chacha20-poly1305.pub b/tests/pem/ssh/authorized_keys/ssh-rsa-chacha20-poly1305.pub similarity index 100% rename from tests/pem/ssh/unsupported/ssh-rsa-chacha20-poly1305.pub rename to tests/pem/ssh/authorized_keys/ssh-rsa-chacha20-poly1305.pub diff --git a/tests/pem/ssh/unsupported/ssh-rsa-aes128-gcm b/tests/pem/ssh/ssh-rsa-aes128-gcm similarity index 100% rename from tests/pem/ssh/unsupported/ssh-rsa-aes128-gcm rename to tests/pem/ssh/ssh-rsa-aes128-gcm diff --git a/tests/pem/ssh/unsupported/ssh-rsa-aes256-gcm b/tests/pem/ssh/ssh-rsa-aes256-gcm similarity index 100% rename from tests/pem/ssh/unsupported/ssh-rsa-aes256-gcm rename to tests/pem/ssh/ssh-rsa-aes256-gcm diff --git a/tests/pem/ssh/unsupported/ssh-rsa-chacha20-poly1305 b/tests/pem/ssh/ssh-rsa-chacha20-poly1305 similarity index 100% rename from tests/pem/ssh/unsupported/ssh-rsa-chacha20-poly1305 rename to tests/pem/ssh/ssh-rsa-chacha20-poly1305 diff --git a/tests/pem_test.c b/tests/pem_test.c index 4ef2bc999..35a90fcb6 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -141,6 +141,8 @@ int pem_test(void) DO(test_process_dir("tests/pem/ssh", &key, s_pem_decode_ssh, NULL, (dir_cleanup_cb)pka_key_free, "pem_ssh_test")); DO(test_process_dir("tests/pem/ssh", &key, NULL, s_pem_decode_ssh_f, (dir_cleanup_cb)pka_key_free, "pem_ssh_test_filehandle")); DO(test_process_dir("tests/pem/ssh/extra", &key, s_pem_decode_ssh, NULL, (dir_cleanup_cb)pka_key_free, "pem_ssh_test+extra")); + DO(test_process_dir("tests/pem/pubkeys", &key, s_pem_only_decode, NULL, (dir_cleanup_cb)pka_key_free, "pem_pubkeys_test")); + DO(test_process_dir("tests/pem/pubkeys", &key, NULL, s_pem_only_decode_f, (dir_cleanup_cb)pka_key_free, "pem_pubkeys_test_filehandle")); #endif DO(test_process_dir("tests/pem", &key, s_pem_only_decode, NULL, (dir_cleanup_cb)pka_key_free, "pem_test")); DO(test_process_dir("tests/pem", &key, NULL, s_pem_only_decode_f, (dir_cleanup_cb)pka_key_free, "pem_test_filehandle")); diff --git a/tests/test.c b/tests/test.c index 3db5c8a2d..25cacaf17 100644 --- a/tests/test.c +++ b/tests/test.c @@ -149,6 +149,7 @@ static void s_unregister_all(void) #endif #ifdef LTC_DES unregister_cipher(&des_desc); + unregister_cipher(&desx_desc); unregister_cipher(&des3_desc); #endif #ifdef LTC_CAST5 From 478f43fc569e9f748f984e6a8947554857f23833 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 29 Feb 2024 21:06:27 +0100 Subject: [PATCH 46/51] Add support for reading `authorized_keys` files This also changes the requirements when calling `ecc_find_curve()` that the `cu` argument can be NULL. Signed-off-by: Steffen Jaeckel --- doc/crypt.tex | 33 +++ src/headers/tomcrypt_misc.h | 30 ++- src/headers/tomcrypt_pk.h | 1 + src/misc/pem/pem_ssh.c | 243 ++++++++++++++++-- src/pk/ecc/ecc_find_curve.c | 5 +- src/pk/{pka_key_free.c => pka_key.c} | 13 + tests/pem/pubkeys/authorized_keys/all.pub | 11 + .../ssh_ed25519_openssh-no_comment.pub | 1 + .../ssh_ed25519_openssh-wrong_type.pub | 1 + tests/pem_test.c | 26 ++ 10 files changed, 340 insertions(+), 24 deletions(-) rename src/pk/{pka_key_free.c => pka_key.c} (77%) create mode 100644 tests/pem/pubkeys/authorized_keys/all.pub create mode 100755 tests/pem/pubkeys/authorized_keys/ssh_ed25519_openssh-no_comment.pub create mode 100755 tests/pem/ssh/authorized_keys-invalid/ssh_ed25519_openssh-wrong_type.pub diff --git a/doc/crypt.tex b/doc/crypt.tex index 1b18197ef..ca7e641f6 100644 --- a/doc/crypt.tex +++ b/doc/crypt.tex @@ -7504,6 +7504,39 @@ \subsection{De- and Encoding with Multiple Argument Lists} +\subsection{OpenSSH authorized\_keys files} + +\index{authorized\_keys} +\index{ssh\_read\_authorized\_keys\_filehandle} +\index{ssh\_read\_authorized\_keys} +OpenSSH uses a simple storage format for public keys, which stores a public key per line in a regular text file. +To process such a file the following API can be used. + +\begin{verbatim} +int ssh_read_authorized_keys_filehandle(FILE *f, + ssh_authorized_key_cb cb, void *ctx); +int ssh_read_authorized_keys(const void *buf, unsigned long len, + ssh_authorized_key_cb cb, void *ctx); +\end{verbatim} + +\index{ssh\_authorized\_key\_cb} +For each key found in the file the callback as described below will be called. + +\begin{verbatim} +/** + Callback function for each key in an `authorized_keys` file. + + This function takes ownership of the `k` parameter passed. + `k` must be free'd by calling `pka_key_destroy(&k)`. + + @param k Pointer to the PKA key. + @param comment Pointer to a string with the comment. + @param ctx The `ctx` pointer as passed to the read function. +*/ +typedef int (*ssh_authorized_key_cb)(ltc_pka_key *k, const char *comment, void *ctx); +\end{verbatim} + + \mysection{PEM Files} \index{PEM} diff --git a/src/headers/tomcrypt_misc.h b/src/headers/tomcrypt_misc.h index e65148741..1d25e1688 100644 --- a/src/headers/tomcrypt_misc.h +++ b/src/headers/tomcrypt_misc.h @@ -160,16 +160,36 @@ int padding_depad(const unsigned char *data, unsigned long *length, unsigned lon #endif /* LTC_PADDING */ #ifdef LTC_PEM -int pem_decode_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx); +/* Buffer-based API */ int pem_decode(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx); - -int pem_decode_pkcs_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx); int pem_decode_pkcs(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx); #ifdef LTC_SSH -int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx); +/** + Callback function for each key in an `authorized_keys` file. + + This function takes ownership of the `k` parameter passed. + `k` must be free'd by calling `pka_key_destroy(&k)`. + + @param k Pointer to the PKA key. + @param comment Pointer to a string with the comment. + @param ctx The `ctx` pointer as passed to the read function. +*/ +typedef int (*ssh_authorized_key_cb)(ltc_pka_key *k, const char *comment, void *ctx); + int pem_decode_openssh(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx); -#endif +int ssh_read_authorized_keys(const void *buf, unsigned long len, ssh_authorized_key_cb cb, void *ctx); +#endif /* LTC_SSH */ + +/* FILE*-based API */ +#ifndef LTC_NO_FILE +int pem_decode_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx); +int pem_decode_pkcs_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx); +#ifdef LTC_SSH +int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx); +int ssh_read_authorized_keys_filehandle(FILE *f, ssh_authorized_key_cb cb, void *ctx); +#endif /* LTC_SSH */ +#endif /* LTC_NO_FILE */ #endif /* LTC_PEM */ diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 1189d0543..dcf714d7d 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -554,6 +554,7 @@ typedef struct { } ltc_pka_key; void pka_key_free(ltc_pka_key *key); +void pka_key_destroy(ltc_pka_key **key); #ifdef LTC_DER /* DER handling */ diff --git a/src/misc/pem/pem_ssh.c b/src/misc/pem/pem_ssh.c index df4211396..123a584ca 100644 --- a/src/misc/pem/pem_ssh.c +++ b/src/misc/pem/pem_ssh.c @@ -59,14 +59,21 @@ struct kdf_options { }; #ifdef LTC_MECC -static int s_ssh_find_init_ecc(const char *pka, ltc_pka_key *key) +static int s_ssh_find_ecc(const char *pka, const ltc_ecc_curve **curve) { int err; const char* prefix = "ecdsa-sha2-"; unsigned long prefixlen = XSTRLEN(prefix); - const ltc_ecc_curve *cu; if (strstr(pka, prefix) == NULL) return CRYPT_PK_INVALID_TYPE; - if ((err = ecc_find_curve(pka + prefixlen, &cu)) != CRYPT_OK) return err; + if ((err = ecc_find_curve(pka + prefixlen, curve)) != CRYPT_OK) return err; + return CRYPT_OK; +} + +static int s_ssh_find_init_ecc(const char *pka, ltc_pka_key *key) +{ + int err; + const ltc_ecc_curve *cu; + if ((err = s_ssh_find_ecc(pka, &cu)) != CRYPT_OK) return err; return ecc_set_curve(cu, &key->u.ecc); } @@ -310,32 +317,50 @@ static int s_ssh_decode_rsa(const unsigned char *in, unsigned long *inlen, ltc_p #endif struct ssh_pka { - const char *name; + struct str name; + enum ltc_pka_id id; + int (*find)(const char*, const ltc_ecc_curve **); int (*init)(const char*, ltc_pka_key*); int (*decode)(const unsigned char*, unsigned long*, ltc_pka_key*, enum pem_flags); }; struct ssh_pka ssh_pkas[] = { #ifdef LTC_CURVE25519 - { "ssh-ed25519", NULL, s_ssh_decode_ed25519 }, + { SET_CSTR(.name, "ssh-ed25519"), + LTC_PKA_ED25519, + NULL, + NULL, + s_ssh_decode_ed25519 }, #endif #ifdef LTC_MRSA - { "ssh-rsa", NULL, s_ssh_decode_rsa }, + { SET_CSTR(.name, "ssh-rsa"), + LTC_PKA_RSA, + NULL, + NULL, + s_ssh_decode_rsa }, #endif #ifdef LTC_MDSA - { "ssh-dss", NULL, s_ssh_decode_dsa }, + { SET_CSTR(.name, "ssh-dss"), + LTC_PKA_DSA, + NULL, + NULL, + s_ssh_decode_dsa }, #endif #ifdef LTC_MECC - { NULL, s_ssh_find_init_ecc, s_ssh_decode_ecdsa }, + { { NULL, 0 }, + LTC_PKA_EC, + s_ssh_find_ecc, + s_ssh_find_init_ecc, + s_ssh_decode_ecdsa }, #endif }; -static int s_decode_key(const unsigned char *in, unsigned long *inlen, ltc_pka_key *key, enum pem_flags type) +static int s_decode_key(const unsigned char *in, unsigned long *inlen, ltc_pka_key *key, char **comment, enum pem_flags type) { int err; ulong32 check1, check2; - unsigned char pka[64], comment[256]; - unsigned long pkalen = sizeof(pka), commentlen = sizeof(comment); + unsigned char pka[64]; + unsigned long pkalen = sizeof(pka); unsigned long remaining, cur_len; const unsigned char *p; unsigned long n; @@ -374,8 +399,9 @@ static int s_decode_key(const unsigned char *in, unsigned long *inlen, ltc_pka_k cur_len = remaining; for (n = 0; n < sizeof(ssh_pkas)/sizeof(ssh_pkas[0]); ++n) { - if (ssh_pkas[n].name != NULL) { - if (XSTRCMP((char*)pka, ssh_pkas[n].name) != 0) continue; + if (ssh_pkas[n].name.p != NULL) { + if (pkalen != ssh_pkas[n].name.len + || XMEMCMP(pka, ssh_pkas[n].name.p, ssh_pkas[n].name.len) != 0) continue; } else { if ((ssh_pkas[n].init == NULL) || (ssh_pkas[n].init((char*)pka, key) != CRYPT_OK)) continue; @@ -393,12 +419,22 @@ static int s_decode_key(const unsigned char *in, unsigned long *inlen, ltc_pka_k remaining -= cur_len; cur_len = remaining; - if (cur_len != 0) { + if (cur_len != 0 && comment) { + unsigned long commentlen = cur_len; + char *c = XMALLOC(commentlen); + if (c == NULL) { + return CRYPT_MEM; + } if ((err = ssh_decode_sequence_multi(p, &cur_len, - LTC_SSHDATA_STRING, comment, &commentlen, + LTC_SSHDATA_STRING, c, &commentlen, LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { return err; } + if (commentlen == 0) { + XFREE(c); + } else { + *comment = c; + } } p += cur_len; @@ -407,6 +443,144 @@ static int s_decode_key(const unsigned char *in, unsigned long *inlen, ltc_pka_k return remaining ? padding_depad(p, &remaining, LTC_PAD_SSH) : CRYPT_OK; } +static LTC_INLINE void skip_spaces(char **r, unsigned long *l) +{ + while(*l && (**r == ' ' || **r == '\t')) { + (*r)++; + (*l)--; + } +} + +static LTC_INLINE void skip_chars(char **r, unsigned long *l) +{ + while(*l && (**r != ' ' && **r != '\t')) { + (*l)--; + if (**r == '\n' || **r == '\r') { + *l = 0; + } else { + (*r)++; + } + } +} + +static LTC_INLINE void skip_to_eol(char **r, unsigned long *l) +{ + while(*l && (**r != '\n' && **r != '\r')) { + (*l)--; + (*r)++; + } +} + +static int s_parse_line(char *line, unsigned long *len, ltc_pka_key *key, char **comment) +{ + int err; + unsigned long n, rlen, olen; + enum authorized_keys_elements { + ake_algo_name = 0, + ake_b64_encoded_key = 1, + ake_comment = 2 + }; + struct str elements[3] = { 0 }; + char *r = line; + unsigned char *buf = NULL; + + rlen = *len; + /* Chop up string into the three authorized_keys_elements */ + for (n = 0; n < sizeof(elements)/sizeof(elements[0]) && rlen; ++n) { + skip_spaces(&r, &rlen); + elements[n].p = r; + if (n != 2) + skip_chars(&r, &rlen); + else + skip_to_eol(&r, &rlen); + elements[n].len = r - elements[n].p; + *r = '\0'; + r++; + } + + for (n = 0; n < sizeof(ssh_pkas)/sizeof(ssh_pkas[0]); ++n) { + if (ssh_pkas[n].name.p != NULL) { + if (elements[ake_algo_name].len != ssh_pkas[n].name.len + || XMEMCMP(elements[ake_algo_name].p, ssh_pkas[n].name.p, ssh_pkas[n].name.len) != 0) continue; + } else { + if ((ssh_pkas[n].find == NULL) || + (ssh_pkas[n].find(elements[ake_algo_name].p, NULL) != CRYPT_OK)) continue; + } + olen = elements[ake_b64_encoded_key].len; + buf = XMALLOC(olen); + if (buf == NULL) { + return CRYPT_MEM; + } + if ((err = base64_strict_decode(elements[ake_b64_encoded_key].p, elements[ake_b64_encoded_key].len, buf, &olen)) == CRYPT_OK) { + err = s_decode_key(buf, &olen, key, comment, pf_public); + if (err == CRYPT_OK && key->id != ssh_pkas[n].id) { + err = CRYPT_PK_INVALID_TYPE; + } + } + XFREE(buf); + + if (err == CRYPT_OK) { + /* Only use the comment that was maybe in the text we just processed, in case when + * there was no comment inside the SSH key. + */ + if (*comment == NULL && elements[ake_comment].p) { + *comment = XMALLOC(elements[ake_comment].len + 1); + if (*comment == NULL) { + return CRYPT_MEM; + } + XMEMCPY(*comment, elements[ake_comment].p, elements[ake_comment].len); + (*comment)[elements[ake_comment].len] = '\0'; + } + *len = r - line; + return CRYPT_OK; + } + } + return CRYPT_PK_INVALID_TYPE; +} + +static int s_read_authorized_keys(const void *buf, unsigned long len, ssh_authorized_key_cb cb, void *ctx) +{ + char *s; + int err; + unsigned long clen = len; + ltc_pka_key *key = XCALLOC(1, sizeof(*key)); + char *comment = NULL; + void *cpy = XMALLOC(len); + if (key == NULL || cpy == NULL) { + if (cpy) + XFREE(cpy); + if (key) + XFREE(key); + return CRYPT_MEM; + } + XMEMCPY(cpy, buf, len); + s = cpy; + while (clen && (err = s_parse_line(s, &clen, key, &comment)) == CRYPT_OK) { + if (cb(key, comment, ctx)) { + break; + } + s += clen; + len -= clen; + clen = len; + key = XCALLOC(1, sizeof(*key)); + if (key == NULL) { + err = CRYPT_MEM; + break; + } + if (comment) { + XFREE(comment); + comment = NULL; + } + } + if (comment) + XFREE(comment); + if (cpy) + XFREE(cpy); + if (key) + XFREE(key); + return err; +} + static int s_decrypt_private_keys(unsigned char *in, unsigned long *inlen, unsigned char *tag, unsigned long taglen, struct kdf_options *opts) @@ -574,6 +748,9 @@ static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, const password_c privkey_len = l; privkey = XMALLOC(privkey_len); + if (privkey == NULL) { + return CRYPT_MEM; + } if ((err = ssh_decode_sequence_multi(p, &w, LTC_SSHDATA_STRING, privkey, &privkey_len, @@ -604,7 +781,7 @@ static int s_decode_openssh(struct get_char *g, ltc_pka_key *k, const password_c p = privkey; w = privkey_len; } - if ((err = s_decode_key(p, &w, k, hdr.id->flags)) != CRYPT_OK) { + if ((err = s_decode_key(p, &w, k, NULL, hdr.id->flags)) != CRYPT_OK) { goto cleanup; } @@ -628,6 +805,32 @@ int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *p return s_decode_openssh(&g, k, pw_ctx); } } + +int ssh_read_authorized_keys_filehandle(FILE *f, ssh_authorized_key_cb cb, void *ctx) +{ + size_t tot_data; + void *buf; + int err; + + LTC_ARGCHK(f != NULL); + LTC_ARGCHK(cb != NULL); + + fseek(f, 0, SEEK_END); + tot_data = ftell(f); + rewind(f); + buf = XMALLOC(tot_data); + if (buf == NULL) { + return CRYPT_MEM; + } + if (fread(buf, 1, tot_data, f) != tot_data) { + err = CRYPT_ERROR; + } else { + err = s_read_authorized_keys(buf, tot_data, cb, ctx); + } + XFREE(buf); + + return err; +} #endif /* LTC_NO_FILE */ int pem_decode_openssh(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx) @@ -641,4 +844,12 @@ int pem_decode_openssh(const void *buf, unsigned long len, ltc_pka_key *k, const } } +int ssh_read_authorized_keys(const void *buf, unsigned long len, ssh_authorized_key_cb cb, void *ctx) +{ + LTC_ARGCHK(buf != NULL); + LTC_ARGCHK(len != 0); + LTC_ARGCHK(cb != NULL); + + return s_read_authorized_keys(buf, len, cb, ctx); +} #endif /* defined(LTC_PEM_SSH) */ diff --git a/src/pk/ecc/ecc_find_curve.c b/src/pk/ecc/ecc_find_curve.c index 0279c7af0..87d63443d 100644 --- a/src/pk/ecc/ecc_find_curve.c +++ b/src/pk/ecc/ecc_find_curve.c @@ -211,10 +211,9 @@ int ecc_find_curve(const char *name_or_oid, const ltc_ecc_curve **cu) int i, j; const char *OID = NULL; - LTC_ARGCHK(cu != NULL); LTC_ARGCHK(name_or_oid != NULL); - *cu = NULL; + if (cu) *cu = NULL; for (i = 0; s_curve_names[i].OID != NULL && !OID; i++) { if (XSTRCMP(s_curve_names[i].OID, name_or_oid) == 0) { @@ -230,7 +229,7 @@ int ecc_find_curve(const char *name_or_oid, const ltc_ecc_curve **cu) if (OID != NULL) { for (i = 0; ltc_ecc_curves[i].prime != NULL; i++) { if (XSTRCMP(ltc_ecc_curves[i].OID, OID) == 0) { - *cu = <c_ecc_curves[i]; + if (cu) *cu = <c_ecc_curves[i]; return CRYPT_OK; } } diff --git a/src/pk/pka_key_free.c b/src/pk/pka_key.c similarity index 77% rename from src/pk/pka_key_free.c rename to src/pk/pka_key.c index 479a933dd..d88ee3d30 100644 --- a/src/pk/pka_key_free.c +++ b/src/pk/pka_key.c @@ -2,6 +2,19 @@ /* SPDX-License-Identifier: Unlicense */ #include "tomcrypt_private.h" +void pka_key_destroy(ltc_pka_key **key) +{ + LTC_ARGCHKVD(key != NULL); + + if (!*key) + return; + + pka_key_free(*key); + zeromem(*key, sizeof(**key)); + XFREE(*key); + *key = NULL; +} + void pka_key_free(ltc_pka_key *key) { LTC_ARGCHKVD(key != NULL); diff --git a/tests/pem/pubkeys/authorized_keys/all.pub b/tests/pem/pubkeys/authorized_keys/all.pub new file mode 100644 index 000000000..2e598c38b --- /dev/null +++ b/tests/pem/pubkeys/authorized_keys/all.pub @@ -0,0 +1,11 @@ +ssh-dss AAAAB3NzaC1kc3MAAACBAKU8/avmkFeGnSqwYG7dZnQlG+01QNaxu3F5v0NcL/SRUW7IdpUq8t14siK0mA6yjphLhOf5t8gugTEVBllP86ANSbFigH7WN3v6ydJWqm60pNhNHN//50cnNtIsXbxeq3VtsI64pkH1OJqeZDHLmu73k4T0EKOzsylSfF/wtVBJAAAAFQChpubLHViwPB+jSvUb8e4THS7PBQAAAIAJD1PMCiTCQa1xyD/NCWOajCufTOIzKAhm6l+nlBVPiKI+262XpYt127Ke4mPL8XJBizoTjSQN08uHMg/8L6W/cdO2aZ+mhkBnS1xAm83DAwqLrDraR1w/4QRFxr5Vbyy8qnejrPjTJobBN1BGsv84wHkjmoCn6pFIfkGYeATlJgAAAIAHYPU1zMVBTDWru7SNC4G2UyWGWYYLjLytBVHfQmBa51CmqrSs2kCfGLGA1ynfYENsxcJq9nsXrb4i17H5BHJFkH0g7BUDpeBeLr8gsK3WgfqWwtZsDkltObw9chUD/siK6q/dk/fSIB2Ho0inev7k68Z5ZkNI4XOwuEssAVhmwA== This is a test key! +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI4QIXX6Mg0NWD6OvWqb/L88sTs56hqs5sXkAh6vr9NleFczaijCUyn/9qLz/CfWg1pqj3KgOiFZ4ByT3xYfJIs= This is a test key! +ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJZCFyqAiU2okJefOdynhpMGIakbXkkmywbUzl4jfAdCUaQg+lFDVrO5GSk4NlERd8iFqT++/fvydsCc2gkTr2H7HCLVbiEezPiqXBq0dckzBymK2LCHM9BkJtuOm4hmNA== This is a test key! +ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFk35srteP9twCwYKvU9ovMBi77Dd6lEBPrFaMEb0CZdZ5MC3nSqflGHRWkSbUpjdPdO7cYQNpK9YXHbNSO5hbU1gFZgyiGFxwJYYz8NAjedBXMgyH4JWplK5FQm5P5cvaglItC9qkKioUXhCc67YMYBtivXlUe0PgIq6kbHTqbX6+5Nw== This is a test key! +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0XsiFcRDp6Hpsoak8OdiiBMJhM2UKszNTxoGS7dJ++ This is a test key! +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC458k0igFgcvkrDjUKo0gIgPW0+7QEPck7/DXIpGAkHzHDTQLu7/IzxBDCL7iQhF2eQwaR/s9SXjs2DV/OT3SXM3QjJO4PS3nHkzfP7Zjqm9LGSicBgR8x5LPmxoNVA3qOInMP5xhhgbKYYusuBMAlpEgq/T9uCvLIuvRnGhBTDw== This is a test key! +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAwQCkYHef/kFhdtEwG4YZfanYY92cmDX9gqw7OE2dxMyQyj5Eyn/ztaIIERJGv2BG7TlEi8Gd83wFvSrqk4diHycQm2FbLtp258buy/PYCY3cvxYL1imUxt6aPeLphzxQpt2dSwCom6M5Dq/sxB4YV+lvVpWZEuIFzsfGtqiLO7U4x80lXC1430MtN5Z6nYTOVtktYkFJCmMSThYice6L4RHdTNejQZlmKGfLEKeR3wTwBIfLO9XFkSlHz2Uk4q/Clr0= This is a test key! +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdxjN0+2xc7pdreBqYc/mDRC8OuWrS7wre5fEUBpylorQjbhtUVUU+Ox/6RSZbbeNg3EvcWTT7NQY71w7LGSgiNK9bgU1K1516zpvY0F2IGgx9xZvvIJVELSXQRFgIBSFesamVZvJRd5+szgq1jmMTibo9fyPJoZLPys5SFxPHDeyKUz8lzYHVmuOhzOhSjSNHQGVP0Hoe8N7dQaFU40A8JSsUh567vgjXlts13KErGaBey244oe4J+xlwzWHsigAj1DoCGMaDdSQ8WfE/BEUJq5mNEp+GxQe4hHMwbbg2RJZZ8kFRKOiCUicQkVCFA3yWao+5odcgyI03sqfnrgkb This is a test key! +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjoUqRX9tJ6YVj+E7Y0D9oy2SCUtoLmNqovMOc/bWB+Fg8GgEQNp99XvH6p+/XDIY4Mm91Q9o1rydWnAnHKs/9LOySpOUNbbflDsFstN8ZrqqyuPiIoZqawQvYexk0/0ZyNckA9fWAKZDJom1N5DutBK55Dgq40yHkpAB6nlqdWLY8Iab0V4LKTtNBGydrdPR8A10I54kDkFxx82NOZNJ9hq7QYYJDsL5Le/fB+PqIksP5qo2lfaPJe9xtx7m4+FIJRQQOLrFef/K0tO1Zv0U5dVNHmWWhyTN4tnwoEX4pZ7YkHHemcBFiX4xt70/zpvG5cuIPMwJIA5P72w7A5ifKSoTLrkQGy7yW/ezyxrm42Ng5jNQb+jsiuQhcnU/IKip7xO1K2zxSPhcwDRRIPGGwkCfMrr5PG4EVn9PJCeW/ydQpOm4ysJay8AZxyQohP1jRasus+qUGovOHD6rjiDrg0lDpJY7Cf6EtPU/Z0GFyf5WY4952lRiawIXLi0VOAexG/s/n+eIiwTiFOtnmURjRjLJ3TlkVy/C9Iw6TBaJsF9DW/MN4BeYMSAVodVjqWJyLQc7ulbymguMuNnkhDjQ1XR0SXNw9fzT9lE+NC+EOwxysOu+y9ErV6lA8mExwtmu/a9zHUnyunXUz8ZVFh6mUhP0Tc7X/F/Q2XTTxzzC4jw== This is a test key! +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAYQDYebeGQFCnlQiNRE7r9UEbjr+DQMTdw1ZHGB2w6xD/DzKem8761GdCpqsLrGaw2D7aSIoP1B5Sz870YoVWHn6Ao7Hvm17V3Kxfn4B01GNQTM5+L26mdYs5iJNGu/ltUdc= comment for rsa/768 key +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCpX3u2NWcx7n4Hoe7/AYqLItYRwcstbTuve0yTZ6HHcwKs6RChChunSVne2fkxecuLdpiAZNrdja7sQxqL0wDi+vjWucLml0hDQ2ipPy4/849DmQeNVh11oRoUkA6HpI5oSr5LTJGpXinT/CRMP3lU4oM7GXwyOslHBJsQz3xwiZgjC9dsU06FrZLxby0noB5EkGYHWIU7TABogVrl+q8aqiFIli6oUW4QGlefQNbv1yn/P1xkk/JDpN7BZW7XX1cbAc19p+MqVuMekI34bjHMoVU5evY4WqmtfWRIoounAclCuiOue/qrYMoXwo64JrMaX19nIl65jrDqfjCtRQtWq6i9D/pTF2LzERgEkLU9xV6stIXKkcpjyErBrvlKlRHdXWhkGN1XonTK32GSPOxsDkRsyjOCrfMlTkcuOunIBKzpFWF0N9m6H6jh/mDdatvQ1t72clgTgQI1rrtxh4RzbiKThq7GEuQn5aVjsj/Z0q+qeY71t7lNF1kaaLa44kPWcmSMqv9us0U90mgSn+J/KtFnBBDzs4gQsn54BEyZUhF/qOl4FfpgzR6+KzdQRfXlGY2LFHTlPbdyJnsBlRs3ld2W3lghbNNi4VZsLt0syDdyaW2wr3atWlFsq5XxkGY7/lyRzHlWRCIAbSSZgDz/aWBBdpvg54AtIvRJysO1nZdfD0b1NLjD8oGt3hftWyUn/6/UigW36AfqgsJjHly2mpSW53lYJHktsrPfrQDNT3J/SftKpGTjU5Rwxz41JSQwEifM5LomG/MGrw5+kJGdp4GhlRSqf25lR3BRSjSI6r7ofYPGOCSc9TWjnEifv1HtcH08mzd92Bu6WXCWFpXxerf9oLSWYlZDLUl9nxdpclGaqQyyVXwFWKKUieu0+wg/u2YryrQ1JgTsAlWFYh8/So9yWyqXcwFkKpL0cWf1sRbRTuLzhUIyc31MNWyVN1P+j1HGKEveKVfGTxiaNx8qxEFlsssNVmFwHvLB7sX7P8hMXjZxevTekKLkKR+//EEQp8qwjHDlOPWm1tQPuKMHsbDcjxyXqFO6HMEJhfeV0OWK6tBMlypSjM8+8fmqFBSiJGmXM1S0v/8S6D2Q/3OrnFD5XLOsuubTYeSqJNzIaLSNvHvGk1tJRqc4qQjDRXI8ZQ+QGZJBl3ejHUM9f1cNMApCom4RfcZqvK0NTesb4OhFF7K3V8Bb6DfYaW76TtJQYtN/sGAweSrifzXZ3XaBHelCrh91kozzKrEcJYeGtUfR9o823U3pTk5bX7QvECgLuP6G5L8Lc6V8VI8iXhV6SfEVN9ecwh6nLsUHimqS5IvdynbqQ9rj3+ZhaVQiHmrF1n3jrxnEIY0IWSUdUwH5 This is a test key! diff --git a/tests/pem/pubkeys/authorized_keys/ssh_ed25519_openssh-no_comment.pub b/tests/pem/pubkeys/authorized_keys/ssh_ed25519_openssh-no_comment.pub new file mode 100755 index 000000000..b961d2ad3 --- /dev/null +++ b/tests/pem/pubkeys/authorized_keys/ssh_ed25519_openssh-no_comment.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0XsiFcRDp6Hpsoak8OdiiBMJhM2UKszNTxoGS7dJ++ diff --git a/tests/pem/ssh/authorized_keys-invalid/ssh_ed25519_openssh-wrong_type.pub b/tests/pem/ssh/authorized_keys-invalid/ssh_ed25519_openssh-wrong_type.pub new file mode 100755 index 000000000..7b2053878 --- /dev/null +++ b/tests/pem/ssh/authorized_keys-invalid/ssh_ed25519_openssh-wrong_type.pub @@ -0,0 +1 @@ +ssh-rsa AAAAC3NzaC1lZDI1NTE5AAAAIL0XsiFcRDp6Hpsoak8OdiiBMJhM2UKszNTxoGS7dJ++ diff --git a/tests/pem_test.c b/tests/pem_test.c index 35a90fcb6..7f82ae624 100644 --- a/tests/pem_test.c +++ b/tests/pem_test.c @@ -24,6 +24,27 @@ static int s_pem_decode_ssh_f(FILE *f, void *key) return pem_decode_openssh_filehandle(f, key, &pw_ctx); } +int s_authorized_key_cb(ltc_pka_key *k, const char *comment, void *ctx) +{ + LTC_UNUSED_PARAM(comment); + LTC_UNUSED_PARAM(ctx); + pka_key_destroy(&k); + return 0; +} +static int s_read_authorized_keys(const void *in, unsigned long inlen, void *ctx) +{ + return ssh_read_authorized_keys(in, inlen, s_authorized_key_cb, ctx); +} +static int s_read_authorized_keys_f(FILE *f, void *ctx) +{ + return ssh_read_authorized_keys_filehandle(f, s_authorized_key_cb, ctx); +} +static int s_read_invalid_authorized_keys(const void *in, unsigned long inlen, void *ctx) +{ + SHOULD_FAIL(ssh_read_authorized_keys(in, inlen, s_authorized_key_cb, ctx)); + return CRYPT_OK; +} + #endif static int password_get(void **p, unsigned long *l, void *u) @@ -140,9 +161,14 @@ int pem_test(void) #ifdef LTC_SSH DO(test_process_dir("tests/pem/ssh", &key, s_pem_decode_ssh, NULL, (dir_cleanup_cb)pka_key_free, "pem_ssh_test")); DO(test_process_dir("tests/pem/ssh", &key, NULL, s_pem_decode_ssh_f, (dir_cleanup_cb)pka_key_free, "pem_ssh_test_filehandle")); + DO(test_process_dir("tests/pem/ssh/authorized_keys", &key, s_read_authorized_keys, NULL, (dir_cleanup_cb)pka_key_free, "pem_ssh_authorized_keys_test")); + DO(test_process_dir("tests/pem/ssh/authorized_keys", &key, NULL, s_read_authorized_keys_f, (dir_cleanup_cb)pka_key_free, "pem_ssh_authorized_keys_test")); + DO(test_process_dir("tests/pem/ssh/authorized_keys-invalid", &key, s_read_invalid_authorized_keys, NULL, NULL, "pem_ssh_authorized_keys_invalid_test")); DO(test_process_dir("tests/pem/ssh/extra", &key, s_pem_decode_ssh, NULL, (dir_cleanup_cb)pka_key_free, "pem_ssh_test+extra")); DO(test_process_dir("tests/pem/pubkeys", &key, s_pem_only_decode, NULL, (dir_cleanup_cb)pka_key_free, "pem_pubkeys_test")); DO(test_process_dir("tests/pem/pubkeys", &key, NULL, s_pem_only_decode_f, (dir_cleanup_cb)pka_key_free, "pem_pubkeys_test_filehandle")); + DO(test_process_dir("tests/pem/pubkeys/authorized_keys", &key, s_read_authorized_keys, NULL, (dir_cleanup_cb)pka_key_free, "pem_pubkeys_authorized_keys_test")); + DO(test_process_dir("tests/pem/pubkeys/authorized_keys", &key, NULL, s_read_authorized_keys_f, (dir_cleanup_cb)pka_key_free, "pem_pubkeys_authorized_keys_test")); #endif DO(test_process_dir("tests/pem", &key, s_pem_only_decode, NULL, (dir_cleanup_cb)pka_key_free, "pem_test")); DO(test_process_dir("tests/pem", &key, NULL, s_pem_only_decode_f, (dir_cleanup_cb)pka_key_free, "pem_test_filehandle")); From ec8ffbb5bd2142eefd1ea10a9787f409effdd742 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 29 Feb 2024 22:51:34 +0100 Subject: [PATCH 47/51] Update makefiles --- libtomcrypt_VS2008.vcproj | 54 ++++++++++++++++++++++++++++++++++++++- makefile.mingw | 42 ++++++++++++++++-------------- makefile.msvc | 42 ++++++++++++++++-------------- makefile.unix | 42 ++++++++++++++++-------------- makefile_include.mk | 42 ++++++++++++++++-------------- sources.cmake | 14 +++++++++- tests/sources.cmake | 1 + 7 files changed, 159 insertions(+), 78 deletions(-) diff --git a/libtomcrypt_VS2008.vcproj b/libtomcrypt_VS2008.vcproj index ff4cf5f96..06fe0115d 100644 --- a/libtomcrypt_VS2008.vcproj +++ b/libtomcrypt_VS2008.vcproj @@ -1383,6 +1383,10 @@ RelativePath="src\misc\mem_neq.c" > + + @@ -1599,6 +1603,26 @@ > + + + + + + + + + + @@ -1879,6 +1903,10 @@ + + @@ -2100,6 +2128,10 @@ RelativePath="src\pk\asn1\der\sequence\der_encode_sequence_multi.c" > + + @@ -2190,7 +2222,7 @@ Name="oid" > + + + + @@ -2258,6 +2298,10 @@ RelativePath="src\pk\dh\dh_import.c" > + + @@ -2302,6 +2346,14 @@ RelativePath="src\pk\dsa\dsa_import.c" > + + + + diff --git a/makefile.mingw b/makefile.mingw index 4c9af5946..a4d70da14 100644 --- a/makefile.mingw +++ b/makefile.mingw @@ -111,16 +111,17 @@ src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o src/mi src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \ src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o src/misc/hkdf/hkdf.o \ src/misc/hkdf/hkdf_test.o src/misc/mem_neq.o src/misc/padding/padding_depad.o \ -src/misc/padding/padding_pad.o src/misc/pbes/pbes.o src/misc/pbes/pbes1.o src/misc/pbes/pbes2.o \ -src/misc/pkcs12/pkcs12_kdf.o src/misc/pkcs12/pkcs12_utf8_to_utf16.o src/misc/pkcs5/pkcs_5_1.o \ -src/misc/pkcs5/pkcs_5_2.o src/misc/pkcs5/pkcs_5_test.o src/misc/ssh/ssh_decode_sequence_multi.o \ -src/misc/ssh/ssh_encode_sequence_multi.o src/misc/zeromem.o src/modes/cbc/cbc_decrypt.o \ -src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \ -src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \ -src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o \ -src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o \ -src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o src/modes/ctr/ctr_getiv.o \ -src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \ +src/misc/padding/padding_pad.o src/misc/password_free.o src/misc/pbes/pbes.o src/misc/pbes/pbes1.o \ +src/misc/pbes/pbes2.o src/misc/pem/pem.o src/misc/pem/pem_pkcs.o src/misc/pem/pem_read.o \ +src/misc/pem/pem_ssh.o src/misc/pkcs12/pkcs12_kdf.o src/misc/pkcs12/pkcs12_utf8_to_utf16.o \ +src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/pkcs5/pkcs_5_test.o \ +src/misc/ssh/ssh_decode_sequence_multi.o src/misc/ssh/ssh_encode_sequence_multi.o src/misc/zeromem.o \ +src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \ +src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \ +src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \ +src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \ +src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \ +src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \ src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \ src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o src/modes/f8/f8_encrypt.o \ src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o src/modes/f8/f8_test_mode.o \ @@ -159,7 +160,8 @@ src/pk/asn1/der/sequence/der_decode_sequence_ex.o \ src/pk/asn1/der/sequence/der_decode_sequence_flexi.o \ src/pk/asn1/der/sequence/der_decode_sequence_multi.o \ src/pk/asn1/der/sequence/der_encode_sequence_ex.o \ -src/pk/asn1/der/sequence/der_encode_sequence_multi.o src/pk/asn1/der/sequence/der_length_sequence.o \ +src/pk/asn1/der/sequence/der_encode_sequence_multi.o \ +src/pk/asn1/der/sequence/der_flexi_sequence_cmp.o src/pk/asn1/der/sequence/der_length_sequence.o \ src/pk/asn1/der/sequence/der_sequence_free.o src/pk/asn1/der/sequence/der_sequence_shrink.o \ src/pk/asn1/der/set/der_encode_set.o src/pk/asn1/der/set/der_encode_setof.o \ src/pk/asn1/der/short_integer/der_decode_short_integer.o \ @@ -170,15 +172,17 @@ src/pk/asn1/der/teletex_string/der_length_teletex_string.o \ src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \ src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \ src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \ -src/pk/asn1/oid/pk_get_oid.o src/pk/asn1/oid/pk_oid_cmp.o src/pk/asn1/oid/pk_oid_str.o \ -src/pk/asn1/pkcs8/pkcs8_decode_flexi.o src/pk/asn1/x509/x509_decode_public_key_from_certificate.o \ +src/pk/asn1/oid/pk_get.o src/pk/asn1/oid/pk_oid_cmp.o src/pk/asn1/oid/pk_oid_str.o \ +src/pk/asn1/pkcs8/pkcs8_decode_flexi.o src/pk/asn1/pkcs8/pkcs8_get.o \ +src/pk/asn1/x509/x509_decode_public_key_from_certificate.o src/pk/asn1/x509/x509_decode_spki.o \ src/pk/asn1/x509/x509_decode_subject_public_key_info.o \ src/pk/asn1/x509/x509_encode_subject_public_key_info.o src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o \ src/pk/dh/dh_export.o src/pk/dh/dh_export_key.o src/pk/dh/dh_free.o src/pk/dh/dh_generate_key.o \ -src/pk/dh/dh_import.o src/pk/dh/dh_set.o src/pk/dh/dh_set_pg_dhparam.o src/pk/dh/dh_shared_secret.o \ -src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \ -src/pk/dsa/dsa_generate_key.o src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o \ -src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_set_pqg_dsaparam.o \ +src/pk/dh/dh_import.o src/pk/dh/dh_import_pkcs8.o src/pk/dh/dh_set.o src/pk/dh/dh_set_pg_dhparam.o \ +src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o \ +src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_generate_key.o \ +src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_import_pkcs8.o \ +src/pk/dsa/dsa_init.o src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_set_pqg_dsaparam.o \ src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \ src/pk/dsa/dsa_verify_key.o src/pk/ec25519/ec25519_crypto_ctx.o src/pk/ec25519/ec25519_export.o \ src/pk/ec25519/ec25519_import_pkcs8.o src/pk/ec25519/tweetnacl.o src/pk/ecc/ecc.o \ @@ -197,7 +201,7 @@ src/pk/ecc/ltc_ecc_projective_add_point.o src/pk/ecc/ltc_ecc_projective_dbl_poin src/pk/ecc/ltc_ecc_verify_key.o src/pk/ed25519/ed25519_export.o src/pk/ed25519/ed25519_import.o \ src/pk/ed25519/ed25519_import_pkcs8.o src/pk/ed25519/ed25519_import_raw.o \ src/pk/ed25519/ed25519_import_x509.o src/pk/ed25519/ed25519_make_key.o src/pk/ed25519/ed25519_sign.o \ -src/pk/ed25519/ed25519_verify.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \ +src/pk/ed25519/ed25519_verify.o src/pk/pka_key.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \ src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \ src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \ src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \ @@ -228,7 +232,7 @@ TOBJECTS=tests/base16_test.o tests/base32_test.o tests/base64_test.o tests/bcryp tests/cipher_hash_test.o tests/common.o tests/der_test.o tests/dh_test.o tests/dsa_test.o \ tests/ecc_test.o tests/ed25519_test.o tests/file_test.o tests/mac_test.o tests/misc_test.o \ tests/modes_test.o tests/mpi_test.o tests/multi_test.o tests/no_null_termination_check_test.o \ -tests/no_prng.o tests/padding_test.o tests/pkcs_1_eme_test.o tests/pkcs_1_emsa_test.o \ +tests/no_prng.o tests/padding_test.o tests/pem_test.o tests/pkcs_1_eme_test.o tests/pkcs_1_emsa_test.o \ tests/pkcs_1_oaep_test.o tests/pkcs_1_pss_test.o tests/pkcs_1_test.o tests/prng_test.o \ tests/rotate_test.o tests/rsa_test.o tests/ssh_test.o tests/store_test.o tests/test.o tests/x25519_test.o diff --git a/makefile.msvc b/makefile.msvc index ad65eb698..05fdc6200 100644 --- a/makefile.msvc +++ b/makefile.msvc @@ -104,16 +104,17 @@ src/misc/crypt/crypt_register_hash.obj src/misc/crypt/crypt_register_prng.obj sr src/misc/crypt/crypt_unregister_cipher.obj src/misc/crypt/crypt_unregister_hash.obj \ src/misc/crypt/crypt_unregister_prng.obj src/misc/error_to_string.obj src/misc/hkdf/hkdf.obj \ src/misc/hkdf/hkdf_test.obj src/misc/mem_neq.obj src/misc/padding/padding_depad.obj \ -src/misc/padding/padding_pad.obj src/misc/pbes/pbes.obj src/misc/pbes/pbes1.obj src/misc/pbes/pbes2.obj \ -src/misc/pkcs12/pkcs12_kdf.obj src/misc/pkcs12/pkcs12_utf8_to_utf16.obj src/misc/pkcs5/pkcs_5_1.obj \ -src/misc/pkcs5/pkcs_5_2.obj src/misc/pkcs5/pkcs_5_test.obj src/misc/ssh/ssh_decode_sequence_multi.obj \ -src/misc/ssh/ssh_encode_sequence_multi.obj src/misc/zeromem.obj src/modes/cbc/cbc_decrypt.obj \ -src/modes/cbc/cbc_done.obj src/modes/cbc/cbc_encrypt.obj src/modes/cbc/cbc_getiv.obj \ -src/modes/cbc/cbc_setiv.obj src/modes/cbc/cbc_start.obj src/modes/cfb/cfb_decrypt.obj \ -src/modes/cfb/cfb_done.obj src/modes/cfb/cfb_encrypt.obj src/modes/cfb/cfb_getiv.obj \ -src/modes/cfb/cfb_setiv.obj src/modes/cfb/cfb_start.obj src/modes/ctr/ctr_decrypt.obj \ -src/modes/ctr/ctr_done.obj src/modes/ctr/ctr_encrypt.obj src/modes/ctr/ctr_getiv.obj \ -src/modes/ctr/ctr_setiv.obj src/modes/ctr/ctr_start.obj src/modes/ctr/ctr_test.obj \ +src/misc/padding/padding_pad.obj src/misc/password_free.obj src/misc/pbes/pbes.obj src/misc/pbes/pbes1.obj \ +src/misc/pbes/pbes2.obj src/misc/pem/pem.obj src/misc/pem/pem_pkcs.obj src/misc/pem/pem_read.obj \ +src/misc/pem/pem_ssh.obj src/misc/pkcs12/pkcs12_kdf.obj src/misc/pkcs12/pkcs12_utf8_to_utf16.obj \ +src/misc/pkcs5/pkcs_5_1.obj src/misc/pkcs5/pkcs_5_2.obj src/misc/pkcs5/pkcs_5_test.obj \ +src/misc/ssh/ssh_decode_sequence_multi.obj src/misc/ssh/ssh_encode_sequence_multi.obj src/misc/zeromem.obj \ +src/modes/cbc/cbc_decrypt.obj src/modes/cbc/cbc_done.obj src/modes/cbc/cbc_encrypt.obj \ +src/modes/cbc/cbc_getiv.obj src/modes/cbc/cbc_setiv.obj src/modes/cbc/cbc_start.obj \ +src/modes/cfb/cfb_decrypt.obj src/modes/cfb/cfb_done.obj src/modes/cfb/cfb_encrypt.obj \ +src/modes/cfb/cfb_getiv.obj src/modes/cfb/cfb_setiv.obj src/modes/cfb/cfb_start.obj \ +src/modes/ctr/ctr_decrypt.obj src/modes/ctr/ctr_done.obj src/modes/ctr/ctr_encrypt.obj \ +src/modes/ctr/ctr_getiv.obj src/modes/ctr/ctr_setiv.obj src/modes/ctr/ctr_start.obj src/modes/ctr/ctr_test.obj \ src/modes/ecb/ecb_decrypt.obj src/modes/ecb/ecb_done.obj src/modes/ecb/ecb_encrypt.obj \ src/modes/ecb/ecb_start.obj src/modes/f8/f8_decrypt.obj src/modes/f8/f8_done.obj src/modes/f8/f8_encrypt.obj \ src/modes/f8/f8_getiv.obj src/modes/f8/f8_setiv.obj src/modes/f8/f8_start.obj src/modes/f8/f8_test_mode.obj \ @@ -152,7 +153,8 @@ src/pk/asn1/der/sequence/der_decode_sequence_ex.obj \ src/pk/asn1/der/sequence/der_decode_sequence_flexi.obj \ src/pk/asn1/der/sequence/der_decode_sequence_multi.obj \ src/pk/asn1/der/sequence/der_encode_sequence_ex.obj \ -src/pk/asn1/der/sequence/der_encode_sequence_multi.obj src/pk/asn1/der/sequence/der_length_sequence.obj \ +src/pk/asn1/der/sequence/der_encode_sequence_multi.obj \ +src/pk/asn1/der/sequence/der_flexi_sequence_cmp.obj src/pk/asn1/der/sequence/der_length_sequence.obj \ src/pk/asn1/der/sequence/der_sequence_free.obj src/pk/asn1/der/sequence/der_sequence_shrink.obj \ src/pk/asn1/der/set/der_encode_set.obj src/pk/asn1/der/set/der_encode_setof.obj \ src/pk/asn1/der/short_integer/der_decode_short_integer.obj \ @@ -163,15 +165,17 @@ src/pk/asn1/der/teletex_string/der_length_teletex_string.obj \ src/pk/asn1/der/utctime/der_decode_utctime.obj src/pk/asn1/der/utctime/der_encode_utctime.obj \ src/pk/asn1/der/utctime/der_length_utctime.obj src/pk/asn1/der/utf8/der_decode_utf8_string.obj \ src/pk/asn1/der/utf8/der_encode_utf8_string.obj src/pk/asn1/der/utf8/der_length_utf8_string.obj \ -src/pk/asn1/oid/pk_get_oid.obj src/pk/asn1/oid/pk_oid_cmp.obj src/pk/asn1/oid/pk_oid_str.obj \ -src/pk/asn1/pkcs8/pkcs8_decode_flexi.obj src/pk/asn1/x509/x509_decode_public_key_from_certificate.obj \ +src/pk/asn1/oid/pk_get.obj src/pk/asn1/oid/pk_oid_cmp.obj src/pk/asn1/oid/pk_oid_str.obj \ +src/pk/asn1/pkcs8/pkcs8_decode_flexi.obj src/pk/asn1/pkcs8/pkcs8_get.obj \ +src/pk/asn1/x509/x509_decode_public_key_from_certificate.obj src/pk/asn1/x509/x509_decode_spki.obj \ src/pk/asn1/x509/x509_decode_subject_public_key_info.obj \ src/pk/asn1/x509/x509_encode_subject_public_key_info.obj src/pk/dh/dh.obj src/pk/dh/dh_check_pubkey.obj \ src/pk/dh/dh_export.obj src/pk/dh/dh_export_key.obj src/pk/dh/dh_free.obj src/pk/dh/dh_generate_key.obj \ -src/pk/dh/dh_import.obj src/pk/dh/dh_set.obj src/pk/dh/dh_set_pg_dhparam.obj src/pk/dh/dh_shared_secret.obj \ -src/pk/dsa/dsa_decrypt_key.obj src/pk/dsa/dsa_encrypt_key.obj src/pk/dsa/dsa_export.obj src/pk/dsa/dsa_free.obj \ -src/pk/dsa/dsa_generate_key.obj src/pk/dsa/dsa_generate_pqg.obj src/pk/dsa/dsa_import.obj \ -src/pk/dsa/dsa_make_key.obj src/pk/dsa/dsa_set.obj src/pk/dsa/dsa_set_pqg_dsaparam.obj \ +src/pk/dh/dh_import.obj src/pk/dh/dh_import_pkcs8.obj src/pk/dh/dh_set.obj src/pk/dh/dh_set_pg_dhparam.obj \ +src/pk/dh/dh_shared_secret.obj src/pk/dsa/dsa_decrypt_key.obj src/pk/dsa/dsa_encrypt_key.obj \ +src/pk/dsa/dsa_export.obj src/pk/dsa/dsa_free.obj src/pk/dsa/dsa_generate_key.obj \ +src/pk/dsa/dsa_generate_pqg.obj src/pk/dsa/dsa_import.obj src/pk/dsa/dsa_import_pkcs8.obj \ +src/pk/dsa/dsa_init.obj src/pk/dsa/dsa_make_key.obj src/pk/dsa/dsa_set.obj src/pk/dsa/dsa_set_pqg_dsaparam.obj \ src/pk/dsa/dsa_shared_secret.obj src/pk/dsa/dsa_sign_hash.obj src/pk/dsa/dsa_verify_hash.obj \ src/pk/dsa/dsa_verify_key.obj src/pk/ec25519/ec25519_crypto_ctx.obj src/pk/ec25519/ec25519_export.obj \ src/pk/ec25519/ec25519_import_pkcs8.obj src/pk/ec25519/tweetnacl.obj src/pk/ecc/ecc.obj \ @@ -190,7 +194,7 @@ src/pk/ecc/ltc_ecc_projective_add_point.obj src/pk/ecc/ltc_ecc_projective_dbl_po src/pk/ecc/ltc_ecc_verify_key.obj src/pk/ed25519/ed25519_export.obj src/pk/ed25519/ed25519_import.obj \ src/pk/ed25519/ed25519_import_pkcs8.obj src/pk/ed25519/ed25519_import_raw.obj \ src/pk/ed25519/ed25519_import_x509.obj src/pk/ed25519/ed25519_make_key.obj src/pk/ed25519/ed25519_sign.obj \ -src/pk/ed25519/ed25519_verify.obj src/pk/pkcs1/pkcs_1_i2osp.obj src/pk/pkcs1/pkcs_1_mgf1.obj \ +src/pk/ed25519/ed25519_verify.obj src/pk/pka_key.obj src/pk/pkcs1/pkcs_1_i2osp.obj src/pk/pkcs1/pkcs_1_mgf1.obj \ src/pk/pkcs1/pkcs_1_oaep_decode.obj src/pk/pkcs1/pkcs_1_oaep_encode.obj src/pk/pkcs1/pkcs_1_os2ip.obj \ src/pk/pkcs1/pkcs_1_pss_decode.obj src/pk/pkcs1/pkcs_1_pss_encode.obj src/pk/pkcs1/pkcs_1_v1_5_decode.obj \ src/pk/pkcs1/pkcs_1_v1_5_encode.obj src/pk/rsa/rsa_decrypt_key.obj src/pk/rsa/rsa_encrypt_key.obj \ @@ -221,7 +225,7 @@ TOBJECTS=tests/base16_test.obj tests/base32_test.obj tests/base64_test.obj tests tests/cipher_hash_test.obj tests/common.obj tests/der_test.obj tests/dh_test.obj tests/dsa_test.obj \ tests/ecc_test.obj tests/ed25519_test.obj tests/file_test.obj tests/mac_test.obj tests/misc_test.obj \ tests/modes_test.obj tests/mpi_test.obj tests/multi_test.obj tests/no_null_termination_check_test.obj \ -tests/no_prng.obj tests/padding_test.obj tests/pkcs_1_eme_test.obj tests/pkcs_1_emsa_test.obj \ +tests/no_prng.obj tests/padding_test.obj tests/pem_test.obj tests/pkcs_1_eme_test.obj tests/pkcs_1_emsa_test.obj \ tests/pkcs_1_oaep_test.obj tests/pkcs_1_pss_test.obj tests/pkcs_1_test.obj tests/prng_test.obj \ tests/rotate_test.obj tests/rsa_test.obj tests/ssh_test.obj tests/store_test.obj tests/test.obj tests/x25519_test.obj diff --git a/makefile.unix b/makefile.unix index a46736c28..75233cd19 100644 --- a/makefile.unix +++ b/makefile.unix @@ -125,16 +125,17 @@ src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o src/mi src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \ src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o src/misc/hkdf/hkdf.o \ src/misc/hkdf/hkdf_test.o src/misc/mem_neq.o src/misc/padding/padding_depad.o \ -src/misc/padding/padding_pad.o src/misc/pbes/pbes.o src/misc/pbes/pbes1.o src/misc/pbes/pbes2.o \ -src/misc/pkcs12/pkcs12_kdf.o src/misc/pkcs12/pkcs12_utf8_to_utf16.o src/misc/pkcs5/pkcs_5_1.o \ -src/misc/pkcs5/pkcs_5_2.o src/misc/pkcs5/pkcs_5_test.o src/misc/ssh/ssh_decode_sequence_multi.o \ -src/misc/ssh/ssh_encode_sequence_multi.o src/misc/zeromem.o src/modes/cbc/cbc_decrypt.o \ -src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \ -src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \ -src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o \ -src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o \ -src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o src/modes/ctr/ctr_getiv.o \ -src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \ +src/misc/padding/padding_pad.o src/misc/password_free.o src/misc/pbes/pbes.o src/misc/pbes/pbes1.o \ +src/misc/pbes/pbes2.o src/misc/pem/pem.o src/misc/pem/pem_pkcs.o src/misc/pem/pem_read.o \ +src/misc/pem/pem_ssh.o src/misc/pkcs12/pkcs12_kdf.o src/misc/pkcs12/pkcs12_utf8_to_utf16.o \ +src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/pkcs5/pkcs_5_test.o \ +src/misc/ssh/ssh_decode_sequence_multi.o src/misc/ssh/ssh_encode_sequence_multi.o src/misc/zeromem.o \ +src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \ +src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \ +src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \ +src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \ +src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \ +src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \ src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \ src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o src/modes/f8/f8_encrypt.o \ src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o src/modes/f8/f8_test_mode.o \ @@ -173,7 +174,8 @@ src/pk/asn1/der/sequence/der_decode_sequence_ex.o \ src/pk/asn1/der/sequence/der_decode_sequence_flexi.o \ src/pk/asn1/der/sequence/der_decode_sequence_multi.o \ src/pk/asn1/der/sequence/der_encode_sequence_ex.o \ -src/pk/asn1/der/sequence/der_encode_sequence_multi.o src/pk/asn1/der/sequence/der_length_sequence.o \ +src/pk/asn1/der/sequence/der_encode_sequence_multi.o \ +src/pk/asn1/der/sequence/der_flexi_sequence_cmp.o src/pk/asn1/der/sequence/der_length_sequence.o \ src/pk/asn1/der/sequence/der_sequence_free.o src/pk/asn1/der/sequence/der_sequence_shrink.o \ src/pk/asn1/der/set/der_encode_set.o src/pk/asn1/der/set/der_encode_setof.o \ src/pk/asn1/der/short_integer/der_decode_short_integer.o \ @@ -184,15 +186,17 @@ src/pk/asn1/der/teletex_string/der_length_teletex_string.o \ src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \ src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \ src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \ -src/pk/asn1/oid/pk_get_oid.o src/pk/asn1/oid/pk_oid_cmp.o src/pk/asn1/oid/pk_oid_str.o \ -src/pk/asn1/pkcs8/pkcs8_decode_flexi.o src/pk/asn1/x509/x509_decode_public_key_from_certificate.o \ +src/pk/asn1/oid/pk_get.o src/pk/asn1/oid/pk_oid_cmp.o src/pk/asn1/oid/pk_oid_str.o \ +src/pk/asn1/pkcs8/pkcs8_decode_flexi.o src/pk/asn1/pkcs8/pkcs8_get.o \ +src/pk/asn1/x509/x509_decode_public_key_from_certificate.o src/pk/asn1/x509/x509_decode_spki.o \ src/pk/asn1/x509/x509_decode_subject_public_key_info.o \ src/pk/asn1/x509/x509_encode_subject_public_key_info.o src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o \ src/pk/dh/dh_export.o src/pk/dh/dh_export_key.o src/pk/dh/dh_free.o src/pk/dh/dh_generate_key.o \ -src/pk/dh/dh_import.o src/pk/dh/dh_set.o src/pk/dh/dh_set_pg_dhparam.o src/pk/dh/dh_shared_secret.o \ -src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \ -src/pk/dsa/dsa_generate_key.o src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o \ -src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_set_pqg_dsaparam.o \ +src/pk/dh/dh_import.o src/pk/dh/dh_import_pkcs8.o src/pk/dh/dh_set.o src/pk/dh/dh_set_pg_dhparam.o \ +src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o \ +src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_generate_key.o \ +src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_import_pkcs8.o \ +src/pk/dsa/dsa_init.o src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_set_pqg_dsaparam.o \ src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \ src/pk/dsa/dsa_verify_key.o src/pk/ec25519/ec25519_crypto_ctx.o src/pk/ec25519/ec25519_export.o \ src/pk/ec25519/ec25519_import_pkcs8.o src/pk/ec25519/tweetnacl.o src/pk/ecc/ecc.o \ @@ -211,7 +215,7 @@ src/pk/ecc/ltc_ecc_projective_add_point.o src/pk/ecc/ltc_ecc_projective_dbl_poin src/pk/ecc/ltc_ecc_verify_key.o src/pk/ed25519/ed25519_export.o src/pk/ed25519/ed25519_import.o \ src/pk/ed25519/ed25519_import_pkcs8.o src/pk/ed25519/ed25519_import_raw.o \ src/pk/ed25519/ed25519_import_x509.o src/pk/ed25519/ed25519_make_key.o src/pk/ed25519/ed25519_sign.o \ -src/pk/ed25519/ed25519_verify.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \ +src/pk/ed25519/ed25519_verify.o src/pk/pka_key.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \ src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \ src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \ src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \ @@ -242,7 +246,7 @@ TOBJECTS=tests/base16_test.o tests/base32_test.o tests/base64_test.o tests/bcryp tests/cipher_hash_test.o tests/common.o tests/der_test.o tests/dh_test.o tests/dsa_test.o \ tests/ecc_test.o tests/ed25519_test.o tests/file_test.o tests/mac_test.o tests/misc_test.o \ tests/modes_test.o tests/mpi_test.o tests/multi_test.o tests/no_null_termination_check_test.o \ -tests/no_prng.o tests/padding_test.o tests/pkcs_1_eme_test.o tests/pkcs_1_emsa_test.o \ +tests/no_prng.o tests/padding_test.o tests/pem_test.o tests/pkcs_1_eme_test.o tests/pkcs_1_emsa_test.o \ tests/pkcs_1_oaep_test.o tests/pkcs_1_pss_test.o tests/pkcs_1_test.o tests/prng_test.o \ tests/rotate_test.o tests/rsa_test.o tests/ssh_test.o tests/store_test.o tests/test.o tests/x25519_test.o diff --git a/makefile_include.mk b/makefile_include.mk index c53fc9fcc..c10bd1fa9 100644 --- a/makefile_include.mk +++ b/makefile_include.mk @@ -290,16 +290,17 @@ src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o src/mi src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \ src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o src/misc/hkdf/hkdf.o \ src/misc/hkdf/hkdf_test.o src/misc/mem_neq.o src/misc/padding/padding_depad.o \ -src/misc/padding/padding_pad.o src/misc/pbes/pbes.o src/misc/pbes/pbes1.o src/misc/pbes/pbes2.o \ -src/misc/pkcs12/pkcs12_kdf.o src/misc/pkcs12/pkcs12_utf8_to_utf16.o src/misc/pkcs5/pkcs_5_1.o \ -src/misc/pkcs5/pkcs_5_2.o src/misc/pkcs5/pkcs_5_test.o src/misc/ssh/ssh_decode_sequence_multi.o \ -src/misc/ssh/ssh_encode_sequence_multi.o src/misc/zeromem.o src/modes/cbc/cbc_decrypt.o \ -src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \ -src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \ -src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o \ -src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o \ -src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o src/modes/ctr/ctr_getiv.o \ -src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \ +src/misc/padding/padding_pad.o src/misc/password_free.o src/misc/pbes/pbes.o src/misc/pbes/pbes1.o \ +src/misc/pbes/pbes2.o src/misc/pem/pem.o src/misc/pem/pem_pkcs.o src/misc/pem/pem_read.o \ +src/misc/pem/pem_ssh.o src/misc/pkcs12/pkcs12_kdf.o src/misc/pkcs12/pkcs12_utf8_to_utf16.o \ +src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/pkcs5/pkcs_5_test.o \ +src/misc/ssh/ssh_decode_sequence_multi.o src/misc/ssh/ssh_encode_sequence_multi.o src/misc/zeromem.o \ +src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \ +src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \ +src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \ +src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \ +src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \ +src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o src/modes/ctr/ctr_test.o \ src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \ src/modes/ecb/ecb_start.o src/modes/f8/f8_decrypt.o src/modes/f8/f8_done.o src/modes/f8/f8_encrypt.o \ src/modes/f8/f8_getiv.o src/modes/f8/f8_setiv.o src/modes/f8/f8_start.o src/modes/f8/f8_test_mode.o \ @@ -338,7 +339,8 @@ src/pk/asn1/der/sequence/der_decode_sequence_ex.o \ src/pk/asn1/der/sequence/der_decode_sequence_flexi.o \ src/pk/asn1/der/sequence/der_decode_sequence_multi.o \ src/pk/asn1/der/sequence/der_encode_sequence_ex.o \ -src/pk/asn1/der/sequence/der_encode_sequence_multi.o src/pk/asn1/der/sequence/der_length_sequence.o \ +src/pk/asn1/der/sequence/der_encode_sequence_multi.o \ +src/pk/asn1/der/sequence/der_flexi_sequence_cmp.o src/pk/asn1/der/sequence/der_length_sequence.o \ src/pk/asn1/der/sequence/der_sequence_free.o src/pk/asn1/der/sequence/der_sequence_shrink.o \ src/pk/asn1/der/set/der_encode_set.o src/pk/asn1/der/set/der_encode_setof.o \ src/pk/asn1/der/short_integer/der_decode_short_integer.o \ @@ -349,15 +351,17 @@ src/pk/asn1/der/teletex_string/der_length_teletex_string.o \ src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \ src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \ src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \ -src/pk/asn1/oid/pk_get_oid.o src/pk/asn1/oid/pk_oid_cmp.o src/pk/asn1/oid/pk_oid_str.o \ -src/pk/asn1/pkcs8/pkcs8_decode_flexi.o src/pk/asn1/x509/x509_decode_public_key_from_certificate.o \ +src/pk/asn1/oid/pk_get.o src/pk/asn1/oid/pk_oid_cmp.o src/pk/asn1/oid/pk_oid_str.o \ +src/pk/asn1/pkcs8/pkcs8_decode_flexi.o src/pk/asn1/pkcs8/pkcs8_get.o \ +src/pk/asn1/x509/x509_decode_public_key_from_certificate.o src/pk/asn1/x509/x509_decode_spki.o \ src/pk/asn1/x509/x509_decode_subject_public_key_info.o \ src/pk/asn1/x509/x509_encode_subject_public_key_info.o src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o \ src/pk/dh/dh_export.o src/pk/dh/dh_export_key.o src/pk/dh/dh_free.o src/pk/dh/dh_generate_key.o \ -src/pk/dh/dh_import.o src/pk/dh/dh_set.o src/pk/dh/dh_set_pg_dhparam.o src/pk/dh/dh_shared_secret.o \ -src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \ -src/pk/dsa/dsa_generate_key.o src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o \ -src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_set_pqg_dsaparam.o \ +src/pk/dh/dh_import.o src/pk/dh/dh_import_pkcs8.o src/pk/dh/dh_set.o src/pk/dh/dh_set_pg_dhparam.o \ +src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o \ +src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_generate_key.o \ +src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_import_pkcs8.o \ +src/pk/dsa/dsa_init.o src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_set_pqg_dsaparam.o \ src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \ src/pk/dsa/dsa_verify_key.o src/pk/ec25519/ec25519_crypto_ctx.o src/pk/ec25519/ec25519_export.o \ src/pk/ec25519/ec25519_import_pkcs8.o src/pk/ec25519/tweetnacl.o src/pk/ecc/ecc.o \ @@ -376,7 +380,7 @@ src/pk/ecc/ltc_ecc_projective_add_point.o src/pk/ecc/ltc_ecc_projective_dbl_poin src/pk/ecc/ltc_ecc_verify_key.o src/pk/ed25519/ed25519_export.o src/pk/ed25519/ed25519_import.o \ src/pk/ed25519/ed25519_import_pkcs8.o src/pk/ed25519/ed25519_import_raw.o \ src/pk/ed25519/ed25519_import_x509.o src/pk/ed25519/ed25519_make_key.o src/pk/ed25519/ed25519_sign.o \ -src/pk/ed25519/ed25519_verify.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \ +src/pk/ed25519/ed25519_verify.o src/pk/pka_key.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \ src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \ src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \ src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \ @@ -407,7 +411,7 @@ TOBJECTS=tests/base16_test.o tests/base32_test.o tests/base64_test.o tests/bcryp tests/cipher_hash_test.o tests/common.o tests/der_test.o tests/dh_test.o tests/dsa_test.o \ tests/ecc_test.o tests/ed25519_test.o tests/file_test.o tests/mac_test.o tests/misc_test.o \ tests/modes_test.o tests/mpi_test.o tests/multi_test.o tests/no_null_termination_check_test.o \ -tests/no_prng.o tests/padding_test.o tests/pkcs_1_eme_test.o tests/pkcs_1_emsa_test.o \ +tests/no_prng.o tests/padding_test.o tests/pem_test.o tests/pkcs_1_eme_test.o tests/pkcs_1_emsa_test.o \ tests/pkcs_1_oaep_test.o tests/pkcs_1_pss_test.o tests/pkcs_1_test.o tests/prng_test.o \ tests/rotate_test.o tests/rsa_test.o tests/ssh_test.o tests/store_test.o tests/test.o tests/x25519_test.o diff --git a/sources.cmake b/sources.cmake index 3e46235c6..ab62ea8cd 100644 --- a/sources.cmake +++ b/sources.cmake @@ -236,9 +236,14 @@ src/misc/hkdf/hkdf_test.c src/misc/mem_neq.c src/misc/padding/padding_depad.c src/misc/padding/padding_pad.c +src/misc/password_free.c src/misc/pbes/pbes.c src/misc/pbes/pbes1.c src/misc/pbes/pbes2.c +src/misc/pem/pem.c +src/misc/pem/pem_pkcs.c +src/misc/pem/pem_read.c +src/misc/pem/pem_ssh.c src/misc/pkcs12/pkcs12_kdf.c src/misc/pkcs12/pkcs12_utf8_to_utf16.c src/misc/pkcs5/pkcs_5_1.c @@ -339,6 +344,7 @@ src/pk/asn1/der/sequence/der_decode_sequence_flexi.c src/pk/asn1/der/sequence/der_decode_sequence_multi.c src/pk/asn1/der/sequence/der_encode_sequence_ex.c src/pk/asn1/der/sequence/der_encode_sequence_multi.c +src/pk/asn1/der/sequence/der_flexi_sequence_cmp.c src/pk/asn1/der/sequence/der_length_sequence.c src/pk/asn1/der/sequence/der_sequence_free.c src/pk/asn1/der/sequence/der_sequence_shrink.c @@ -355,11 +361,13 @@ src/pk/asn1/der/utctime/der_length_utctime.c src/pk/asn1/der/utf8/der_decode_utf8_string.c src/pk/asn1/der/utf8/der_encode_utf8_string.c src/pk/asn1/der/utf8/der_length_utf8_string.c -src/pk/asn1/oid/pk_get_oid.c +src/pk/asn1/oid/pk_get.c src/pk/asn1/oid/pk_oid_cmp.c src/pk/asn1/oid/pk_oid_str.c src/pk/asn1/pkcs8/pkcs8_decode_flexi.c +src/pk/asn1/pkcs8/pkcs8_get.c src/pk/asn1/x509/x509_decode_public_key_from_certificate.c +src/pk/asn1/x509/x509_decode_spki.c src/pk/asn1/x509/x509_decode_subject_public_key_info.c src/pk/asn1/x509/x509_encode_subject_public_key_info.c src/pk/dh/dh.c @@ -369,6 +377,7 @@ src/pk/dh/dh_export_key.c src/pk/dh/dh_free.c src/pk/dh/dh_generate_key.c src/pk/dh/dh_import.c +src/pk/dh/dh_import_pkcs8.c src/pk/dh/dh_set.c src/pk/dh/dh_set_pg_dhparam.c src/pk/dh/dh_shared_secret.c @@ -379,6 +388,8 @@ src/pk/dsa/dsa_free.c src/pk/dsa/dsa_generate_key.c src/pk/dsa/dsa_generate_pqg.c src/pk/dsa/dsa_import.c +src/pk/dsa/dsa_import_pkcs8.c +src/pk/dsa/dsa_init.c src/pk/dsa/dsa_make_key.c src/pk/dsa/dsa_set.c src/pk/dsa/dsa_set_pqg_dsaparam.c @@ -436,6 +447,7 @@ src/pk/ed25519/ed25519_import_x509.c src/pk/ed25519/ed25519_make_key.c src/pk/ed25519/ed25519_sign.c src/pk/ed25519/ed25519_verify.c +src/pk/pka_key.c src/pk/pkcs1/pkcs_1_i2osp.c src/pk/pkcs1/pkcs_1_mgf1.c src/pk/pkcs1/pkcs_1_oaep_decode.c diff --git a/tests/sources.cmake b/tests/sources.cmake index d63a1cc47..b384305b0 100644 --- a/tests/sources.cmake +++ b/tests/sources.cmake @@ -19,6 +19,7 @@ multi_test.c no_null_termination_check_test.c no_prng.c padding_test.c +pem_test.c pkcs_1_eme_test.c pkcs_1_emsa_test.c pkcs_1_oaep_test.c From 5dec1ee02d49a9f34980019beb4bb47d429e7599 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Fri, 1 Mar 2024 09:16:42 +0100 Subject: [PATCH 48/51] Fix `make tvs`, add `make pr-check` Fixup of 5ad1681ccb2b76fda28d9436f7fead37fc9f1834 Signed-off-by: Steffen Jaeckel --- makefile_include.mk | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/makefile_include.mk b/makefile_include.mk index c10bd1fa9..e8e77bff7 100644 --- a/makefile_include.mk +++ b/makefile_include.mk @@ -451,11 +451,14 @@ bins: $(call print-help,bins,Builds the library and all useful demos) $(USEFUL_D check: test ./test -tvs: sizes constants tv_gen +tvs: hashsum sizes constants tv_gen ./tv_gen ./.ci/coverage_more.sh mv *_tv.txt notes/ +pr-check: tvs + ./helper.pl -a -u + #build the doxy files (requires Doxygen, tetex and patience) doxygen: $(call print-help,doxygen,Builds the doxygen html documentation) $(MAKE) -C doc/ $@ V=$(V) From cf79facfb946a9134884d3795b2552b3b6ea50d3 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sun, 3 Mar 2024 18:45:42 +0100 Subject: [PATCH 49/51] Add support for CFB1 and CFB8 Signed-off-by: Steffen Jaeckel --- doc/crypt.tex | 52 ++++++++++++++++----- src/headers/tomcrypt_cipher.h | 4 ++ src/modes/cfb/cfb_decrypt.c | 74 +++++++++++++++++++++++++++--- src/modes/cfb/cfb_encrypt.c | 85 ++++++++++++++++++++++++++++++----- src/modes/cfb/cfb_getiv.c | 2 +- src/modes/cfb/cfb_setiv.c | 1 + src/modes/cfb/cfb_start.c | 46 ++++++++++++++++--- tests/modes_test.c | 60 ++++++++++++++++++++----- 8 files changed, 281 insertions(+), 43 deletions(-) diff --git a/doc/crypt.tex b/doc/crypt.tex index ca7e641f6..62dddb849 100644 --- a/doc/crypt.tex +++ b/doc/crypt.tex @@ -799,7 +799,7 @@ \subsection{Background} $P$ under the key $k$ as $E_k(P)$. In some modes there exists an initialization vector denoted as $C_{-1}$. \subsubsection{ECB Mode} -\index{ECB mode} +\index{ECB Mode} ECB or Electronic Codebook Mode is the simplest method to use. It is given as: \begin{equation} C_i = E_k(P_i) @@ -808,7 +808,7 @@ \subsubsection{ECB Mode} than once. \subsubsection{CBC Mode} -\index{CBC mode} +\index{CBC Mode} CBC or Cipher Block Chaining mode is a simple mode designed to prevent trivial forms of replay and swap attacks on ciphers. It is given as: \begin{equation} @@ -817,7 +817,7 @@ \subsubsection{CBC Mode} It is important that the initialization vector be unique and preferably random for each message encrypted under the same key. \subsubsection{CTR Mode} -\index{CTR mode} +\index{CTR Mode} CTR or Counter Mode is a mode which only uses the encryption function of the cipher. Given a initialization vector which is treated as a large binary counter the CTR mode is given as: \begin{eqnarray} @@ -829,24 +829,24 @@ \subsubsection{CTR Mode} as the block cipher is under a chosen plaintext attack (provided the initialization vector is unique). \subsubsection{CFB Mode} -\index{CFB mode} +\index{CFB Mode} CFB or Ciphertext Feedback Mode is a mode akin to CBC. It is given as: \begin{eqnarray} C_i = P_i \oplus C_{-1} \nonumber \\ C_{-1} = E_k(C_i) \end{eqnarray} -Note that in this library the output feedback width is equal to the size of the block cipher. That is this mode is used -to encrypt whole blocks at a time. However, the library will buffer data allowing the user to encrypt or decrypt partial +The library supports all output feedback widths as specified in NIST SP 800-38A: CFB1, CFB8, and CFB64 resp. CFB128, i.e. equal +to the size of the block cipher. The library will buffer data allowing the user to encrypt or decrypt partial blocks without a delay. When this mode is first setup it will initially encrypt the initialization vector as required. \subsubsection{OFB Mode} -\index{OFB mode} +\index{OFB Mode} OFB or Output Feedback Mode is a mode akin to CBC as well. It is given as: \begin{eqnarray} C_{-1} = E_k(C_{-1}) \nonumber \\ C_i = P_i \oplus C_{-1} \end{eqnarray} -Like the CFB mode the output width in CFB mode is the same as the width of the block cipher. OFB mode will also +The output width in OFB mode is the same as the width of the block cipher. OFB mode will also buffer the output which will allow you to encrypt or decrypt partial blocks without delay. \subsection{Choice of Mode} @@ -874,8 +874,8 @@ \subsection{Ciphertext Stealing} The more sane way to deal with partial blocks is to pad them with zeroes, and then use CBC normally. \subsection{Initialization} -\index{CBC Mode} \index{CTR Mode} -\index{OFB Mode} \index{CFB Mode} +\index{CBC Initialization} \index{CTR Initialization} +\index{OFB Initialization} \index{CFB Initialization} The library provides simple support routines for handling CBC, CTR, CFB, OFB and ECB encoded messages. Assuming the mode you want is XXX there is a structure called \textit{symmetric\_XXX} that will contain the information required to use that mode. They have identical setup routines (except CTR and ECB mode): @@ -913,6 +913,7 @@ \subsection{Initialization} The routines return {\bf CRYPT\_OK} if the cipher initialized correctly, otherwise, they return an error code. \subsubsection{CTR Mode} +\index{CTR Initialization - specific} In the case of CTR mode there is an additional parameter \textit{ctr\_mode} which specifies the mode that the counter is to be used in. If \textbf{CTR\_COUNTER\_ LITTLE\_ENDIAN} was specified then the counter will be treated as a little endian value. Otherwise, if \textbf{CTR\_COUNTER\_BIG\_ENDIAN} was specified the counter will be treated as a big endian value. As of v1.15 the RFC 3686 style of @@ -942,6 +943,37 @@ \subsubsection{CTR Mode} Changing the counter size has little (really no) effect on the performance of the CTR chaining mode. It is provided for compatibility with other software (and hardware) which have smaller fixed sized counters. +\subsubsection{CFB Mode} +\index{CFB Initialization - specific} + +In the case of the CFB mode there are multiple segment sizes possible. The most common one, where each processed segment equals the +block size of the underlying cipher, and two speciality modes. 1-bit CFB mode and 8-bit CFB mode, where each processed segment is +either 1 or 8 bits wide. Each segment denotes here one block cipher operation. +To produce 16 bytes AES-CFB output, a single AES operation is required. +To produce 16 bytes AES-CFB8 output, 16 AES operations are required. +To produce 16 bytes AES-CFB1 output, 128 AES operations are required. + +The extended setup API looks as follows and accepts the values \textit{0, 1, 8 and 64 or 128}. Whether \textit{64} or \textit{128} is +accepted depends on the block size of the underlying cipher, \textit{0} will automatically select the block size as width. + +\begin{small} +\begin{verbatim} +/** + Extended initialization of a CFB context + @param cipher The index of the cipher desired + @param IV The initialization vector + @param key The secret key + @param keylen The length of the secret key (octets) + @param num_rounds Number of rounds in the cipher desired (0 for default) + @param width The width of the mode (0 for default) + @param cfb The CFB state to initialize + @return CRYPT_OK if successful +*/ +int cfb_start_ex(int cipher, const unsigned char *IV, const unsigned char *key, + int keylen, int num_rounds, int width, symmetric_CFB *cfb); +\end{verbatim} +\end{small} + \subsection{Encryption and Decryption} To actually encrypt or decrypt the following routines are provided: \index{ecb\_encrypt()} \index{ecb\_decrypt()} \index{cfb\_encrypt()} \index{cfb\_decrypt()} diff --git a/src/headers/tomcrypt_cipher.h b/src/headers/tomcrypt_cipher.h index 759c9aa8f..074e55900 100644 --- a/src/headers/tomcrypt_cipher.h +++ b/src/headers/tomcrypt_cipher.h @@ -275,6 +275,8 @@ typedef struct { int cipher, /** The block size of the given cipher */ blocklen, + /** The width of the mode: 1, 8, 64, or 128 */ + width, /** The padding offset */ padlen; } symmetric_CFB; @@ -910,6 +912,8 @@ int ecb_done(symmetric_ECB *ecb); #ifdef LTC_CFB_MODE int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key, int keylen, int num_rounds, symmetric_CFB *cfb); +int cfb_start_ex(int cipher, const unsigned char *IV, const unsigned char *key, + int keylen, int num_rounds, int width, symmetric_CFB *cfb); int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CFB *cfb); int cfb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CFB *cfb); int cfb_getiv(unsigned char *IV, unsigned long *len, const symmetric_CFB *cfb); diff --git a/src/modes/cfb/cfb_decrypt.c b/src/modes/cfb/cfb_decrypt.c index b61dc036e..1c6d3fa44 100644 --- a/src/modes/cfb/cfb_decrypt.c +++ b/src/modes/cfb/cfb_decrypt.c @@ -9,6 +9,28 @@ #ifdef LTC_CFB_MODE +static LTC_INLINE void s_shift1left_64(unsigned char *b, unsigned char v) +{ + ulong64 bval; + LOAD64H(bval, b); + bval <<= 1; + bval |= v & 0x01u; + STORE64H(bval, b); +} + +static LTC_INLINE void s_shift1left_128(unsigned char *b, unsigned char v) +{ + ulong64 bval[2]; + LOAD64H(bval[0], b); + LOAD64H(bval[1], b + 8); + bval[0] <<= 1; + bval[0] |= (bval[1] >> 63) & 0x01u; + bval[1] <<= 1; + bval[1] |= v & 0x01u; + STORE64H(bval[0], b); + STORE64H(bval[1], b + 8); +} + /** CFB decrypt @param ct Ciphertext @@ -20,11 +42,18 @@ int cfb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CFB *cfb) { int err; + ulong64 bitlen = len * 8, bits_per_round; + unsigned int cur_bit = 0; + unsigned char pt_ = 0, ct_ = 0; LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(cfb != NULL); + if (bitlen < len) { + return CRYPT_OVERFLOW; + } + if ((err = cipher_is_valid(cfb->cipher)) != CRYPT_OK) { return err; } @@ -35,18 +64,51 @@ int cfb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, s return CRYPT_INVALID_ARG; } - while (len-- > 0) { + bits_per_round = cfb->width == 1 ? 1 : 8; + + while (bitlen > 0) { if (cfb->padlen == cfb->blocklen) { if ((err = cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->pad, cfb->IV, &cfb->key)) != CRYPT_OK) { return err; } cfb->padlen = 0; } - cfb->pad[cfb->padlen] = *ct; - *pt = *ct ^ cfb->IV[cfb->padlen]; - ++pt; - ++ct; - ++(cfb->padlen); + switch (cfb->width) { + case 1: + if (cur_bit++ % 8 == 0) { + ct_ = *ct++; + pt_ = 0; + } else { + ct_ <<= 1; + pt_ <<= 1; + } + if (cfb->blocklen == 16) + s_shift1left_128(cfb->pad, ct_ >> 7); + else + s_shift1left_64(cfb->pad, ct_ >> 7); + pt_ |= ((ct_ ^ cfb->IV[0]) >> 7) & 0x01u; + cfb->padlen = cfb->blocklen; + if (cur_bit % 8 == 0) { + *pt++ = pt_; + cur_bit = 0; + } + break; + case 8: + XMEMMOVE(cfb->pad, cfb->pad + 1, cfb->blocklen - 1); + cfb->pad[cfb->blocklen - 1] = *ct; + *pt++ = *ct++ ^ cfb->IV[0]; + cfb->padlen = cfb->blocklen; + break; + case 64: + case 128: + cfb->pad[cfb->padlen] = *ct; + *pt++ = *ct++ ^ cfb->IV[cfb->padlen]; + ++(cfb->padlen); + break; + default: + return CRYPT_INVALID_ARG; + } + bitlen -= bits_per_round; } return CRYPT_OK; } diff --git a/src/modes/cfb/cfb_encrypt.c b/src/modes/cfb/cfb_encrypt.c index 315a4f76a..22f8dd2f5 100644 --- a/src/modes/cfb/cfb_encrypt.c +++ b/src/modes/cfb/cfb_encrypt.c @@ -9,6 +9,28 @@ #ifdef LTC_CFB_MODE +static LTC_INLINE void s_shift1left_64(unsigned char *b, unsigned char v) +{ + ulong64 bval; + LOAD64H(bval, b); + bval <<= 1; + bval |= v & 0x01u; + STORE64H(bval, b); +} + +static LTC_INLINE void s_shift1left_128(unsigned char *b, unsigned char v) +{ + ulong64 bval[2]; + LOAD64H(bval[0], b); + LOAD64H(bval[1], b + 8); + bval[0] <<= 1; + bval[0] |= (bval[1] >> 63) & 0x01u; + bval[1] <<= 1; + bval[1] |= v & 0x01u; + STORE64H(bval[0], b); + STORE64H(bval[1], b + 8); +} + /** CFB encrypt @param pt Plaintext @@ -20,11 +42,18 @@ int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CFB *cfb) { int err; + ulong64 bitlen = len * 8, bits_per_round; + unsigned int cur_bit = 0; + unsigned char pt_ = 0, ct_ = 0; LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(cfb != NULL); + if (bitlen < len) { + return CRYPT_OVERFLOW; + } + if ((err = cipher_is_valid(cfb->cipher)) != CRYPT_OK) { return err; } @@ -35,17 +64,51 @@ int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s return CRYPT_INVALID_ARG; } - while (len-- > 0) { - if (cfb->padlen == cfb->blocklen) { - if ((err = cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->pad, cfb->IV, &cfb->key)) != CRYPT_OK) { - return err; - } - cfb->padlen = 0; - } - cfb->pad[cfb->padlen] = (*ct = *pt ^ cfb->IV[cfb->padlen]); - ++pt; - ++ct; - ++(cfb->padlen); + bits_per_round = cfb->width == 1 ? 1 : 8; + + while (bitlen > 0) { + if (cfb->padlen == cfb->blocklen) { + if ((err = cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->pad, cfb->IV, &cfb->key)) != CRYPT_OK) { + return err; + } + cfb->padlen = 0; + } + switch (cfb->width) { + case 1: + if (cur_bit++ % 8 == 0) { + pt_ = *pt++; + ct_ = 0; + } else { + pt_ <<= 1; + ct_ <<= 1; + } + ct_ |= ((pt_ ^ cfb->IV[0]) >> 7) & 0x01u; + if (cfb->blocklen == 16) + s_shift1left_128(cfb->pad, ct_); + else + s_shift1left_64(cfb->pad, ct_); + cfb->padlen = cfb->blocklen; + if (cur_bit % 8 == 0) { + *ct++ = ct_; + cur_bit = 0; + } + break; + case 8: + XMEMMOVE(cfb->pad, cfb->pad + 1, cfb->blocklen - 1); + cfb->pad[cfb->blocklen - 1] = (*ct = *pt ^ cfb->IV[0]); + ++pt; + ++ct; + cfb->padlen = cfb->blocklen; + break; + case 64: + case 128: + cfb->pad[cfb->padlen] = (*ct = *pt ^ cfb->IV[cfb->padlen]); + ++pt; + ++ct; + ++(cfb->padlen); + break; + } + bitlen -= bits_per_round; } return CRYPT_OK; } diff --git a/src/modes/cfb/cfb_getiv.c b/src/modes/cfb/cfb_getiv.c index 9dc2e8612..ca72dd6fd 100644 --- a/src/modes/cfb/cfb_getiv.c +++ b/src/modes/cfb/cfb_getiv.c @@ -25,7 +25,7 @@ int cfb_getiv(unsigned char *IV, unsigned long *len, const symmetric_CFB *cfb) *len = cfb->blocklen; return CRYPT_BUFFER_OVERFLOW; } - XMEMCPY(IV, cfb->IV, cfb->blocklen); + XMEMCPY(IV, cfb->pad, cfb->blocklen); *len = cfb->blocklen; return CRYPT_OK; diff --git a/src/modes/cfb/cfb_setiv.c b/src/modes/cfb/cfb_setiv.c index c5481ada7..60572de23 100644 --- a/src/modes/cfb/cfb_setiv.c +++ b/src/modes/cfb/cfb_setiv.c @@ -33,6 +33,7 @@ int cfb_setiv(const unsigned char *IV, unsigned long len, symmetric_CFB *cfb) /* force next block */ cfb->padlen = 0; + XMEMCPY(cfb->pad, IV, len); return cipher_descriptor[cfb->cipher].ecb_encrypt(IV, cfb->IV, &cfb->key); } diff --git a/src/modes/cfb/cfb_start.c b/src/modes/cfb/cfb_start.c index cd5ffe793..c95a657c2 100644 --- a/src/modes/cfb/cfb_start.c +++ b/src/modes/cfb/cfb_start.c @@ -10,18 +10,20 @@ #ifdef LTC_CFB_MODE + /** - Initialize a CFB context + Extended initialization of a CFB context @param cipher The index of the cipher desired @param IV The initialization vector @param key The secret key @param keylen The length of the secret key (octets) @param num_rounds Number of rounds in the cipher desired (0 for default) + @param width The width of the mode in bits (0 for default) @param cfb The CFB state to initialize @return CRYPT_OK if successful */ -int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key, - int keylen, int num_rounds, symmetric_CFB *cfb) +int cfb_start_ex(int cipher, const unsigned char *IV, const unsigned char *key, + int keylen, int num_rounds, int width, symmetric_CFB *cfb) { int x, err; @@ -33,12 +35,30 @@ int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key, return err; } + switch (width) { + case 0: + width = cipher_descriptor[cipher].block_length * 8; + break; + case 1: + case 8: + LTC_ARGCHK(cipher_descriptor[cipher].block_length == 8 + || cipher_descriptor[cipher].block_length == 16); + break; + case 64: + case 128: + LTC_ARGCHK(width == cipher_descriptor[cipher].block_length * 8); + break; + default: + return CRYPT_INVALID_ARG; + } + /* copy data */ cfb->cipher = cipher; + cfb->width = width; cfb->blocklen = cipher_descriptor[cipher].block_length; for (x = 0; x < cfb->blocklen; x++) { - cfb->IV[x] = IV[x]; + cfb->pad[x] = IV[x]; } /* init the cipher */ @@ -48,7 +68,23 @@ int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key, /* encrypt the IV */ cfb->padlen = 0; - return cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->IV, cfb->IV, &cfb->key); + return cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->pad, cfb->IV, &cfb->key); +} + +/** + Initialize a CFB context + @param cipher The index of the cipher desired + @param IV The initialization vector + @param key The secret key + @param keylen The length of the secret key (octets) + @param num_rounds Number of rounds in the cipher desired (0 for default) + @param cfb The CFB state to initialize + @return CRYPT_OK if successful +*/ +int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key, + int keylen, int num_rounds, symmetric_CFB *cfb) +{ + return cfb_start_ex(cipher, IV, key, keylen, num_rounds, 0, cfb); } #endif diff --git a/tests/modes_test.c b/tests/modes_test.c index 7b672a530..67b728f58 100644 --- a/tests/modes_test.c +++ b/tests/modes_test.c @@ -3,18 +3,42 @@ /* test CFB/OFB/CBC modes */ #include +#ifdef LTC_CFB_MODE +static const struct { + int width; + const char *key, *iv, *pt, *ct; +} cfb_testvectors[] = { + { + 1, + "2b7e151628aed2a6abf7158809cf4f3c", + "000102030405060708090a0b0c0d0e0f", + "6bc1", + "68b3", + }, + { + 8, + "2b7e151628aed2a6abf7158809cf4f3c", + "000102030405060708090a0b0c0d0e0f", + "6bc1b3e22e409f96e93d7e117393172aae2d", + "3b79424c9c0dd436bace9e0ed4586a4f32b9", + }, +}; +#endif + int modes_test(void) { int ret = CRYPT_NOP; #ifdef LTC_CBC_MODE symmetric_CBC cbc; #endif -#ifdef LTC_CFB_MODE - symmetric_CFB cfb; -#endif #ifdef LTC_OFB_MODE symmetric_OFB ofb; #endif +#ifdef LTC_CFB_MODE + symmetric_CFB cfb; + unsigned char tmp2[64]; + unsigned long n; +#endif #if defined(LTC_CBC_MODE) || defined(LTC_CFB_MODE) || defined(LTC_OFB_MODE) unsigned char pt[64], ct[64], tmp[64], key[16], iv[16], iv2[16]; int cipher_idx; @@ -70,19 +94,35 @@ int modes_test(void) l = sizeof(iv2); DO(ret = cfb_getiv(iv2, &l, &cfb)); /* note we don't memcmp iv2/iv since cfb_start processes the IV for the first block */ - if (l != 16) { - fprintf(stderr, "cfb_getiv failed"); - return 1; - } + ENSURE(l == 16); DO(ret = cfb_encrypt(pt, ct, 64, &cfb)); /* decode the block */ DO(ret = cfb_setiv(iv, l, &cfb)); zeromem(tmp, sizeof(tmp)); DO(ret = cfb_decrypt(ct, tmp, 64, &cfb)); - if (memcmp(tmp, pt, 64) != 0) { - fprintf(stderr, "CFB failed"); - return 1; + COMPARE_TESTVECTOR(tmp, 64, pt, 64, "cfb128-enc-dec", 0); + cfb_done(&cfb); + XMEMSET(&cfb, 0, sizeof(cfb)); +#define b16(e, w) do { \ + l = sizeof(w); \ + DO(base16_decode(e . w, XSTRLEN(e . w), w, &l)); \ +} while(0) + for (n = 0; n < sizeof(cfb_testvectors)/sizeof(cfb_testvectors[0]); ++n) { + b16(cfb_testvectors[n], key); + b16(cfb_testvectors[n], iv); + b16(cfb_testvectors[n], pt); + b16(cfb_testvectors[n], ct); + + DO(cfb_start_ex(cipher_idx, iv, key, 16, 0, cfb_testvectors[n].width, &cfb)); + l = sizeof(iv2); + DO(cfb_getiv(iv2, &l, &cfb)); + ENSURE(l == 16); + DO(ret = cfb_encrypt(pt, tmp, 2, &cfb)); + COMPARE_TESTVECTOR(tmp, 2, ct, 2, "cfb-enc", n); + DO(cfb_setiv(iv2, l, &cfb)); + DO(ret = cfb_decrypt(tmp, tmp2, 2, &cfb)); + COMPARE_TESTVECTOR(tmp2, 2, pt, 2, "cfb-dec", n); } #endif From 2613264ceff394847df7119eeb56a7b1803ca5ba Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Fri, 1 Mar 2024 12:07:53 +0100 Subject: [PATCH 50/51] We can now also decrypt PEM files encrypted in CFB1 and CFB8 mode Signed-off-by: Steffen Jaeckel --- doc/crypt.tex | 16 ++ src/headers/tomcrypt_private.h | 4 + src/misc/pem/pem.c | 138 ++++++++++-------- .../{unsupported => }/rsa-aes-128-cfb1.pem | 0 .../{unsupported => }/rsa-aes-128-cfb8.pem | 0 .../{unsupported => }/rsa-aes-192-cfb1.pem | 0 .../{unsupported => }/rsa-aes-192-cfb8.pem | 0 .../{unsupported => }/rsa-aes-256-cfb1.pem | 0 .../{unsupported => }/rsa-aes-256-cfb8.pem | 0 .../rsa-camellia-128-cfb1.pem | 0 .../rsa-camellia-128-cfb8.pem | 0 .../rsa-camellia-192-cfb1.pem | 0 .../rsa-camellia-192-cfb8.pem | 0 .../rsa-camellia-256-cfb1.pem | 0 .../rsa-camellia-256-cfb8.pem | 0 .../pkcs/{unsupported => }/rsa-des-cfb1.pem | 0 .../pkcs/{unsupported => }/rsa-des-cfb8.pem | 0 .../{unsupported => }/rsa-des-ede3-cfb1.pem | 0 .../{unsupported => }/rsa-des-ede3-cfb8.pem | 0 19 files changed, 101 insertions(+), 57 deletions(-) rename tests/pem/pkcs/{unsupported => }/rsa-aes-128-cfb1.pem (100%) rename tests/pem/pkcs/{unsupported => }/rsa-aes-128-cfb8.pem (100%) rename tests/pem/pkcs/{unsupported => }/rsa-aes-192-cfb1.pem (100%) rename tests/pem/pkcs/{unsupported => }/rsa-aes-192-cfb8.pem (100%) rename tests/pem/pkcs/{unsupported => }/rsa-aes-256-cfb1.pem (100%) rename tests/pem/pkcs/{unsupported => }/rsa-aes-256-cfb8.pem (100%) rename tests/pem/pkcs/{unsupported => }/rsa-camellia-128-cfb1.pem (100%) rename tests/pem/pkcs/{unsupported => }/rsa-camellia-128-cfb8.pem (100%) rename tests/pem/pkcs/{unsupported => }/rsa-camellia-192-cfb1.pem (100%) rename tests/pem/pkcs/{unsupported => }/rsa-camellia-192-cfb8.pem (100%) rename tests/pem/pkcs/{unsupported => }/rsa-camellia-256-cfb1.pem (100%) rename tests/pem/pkcs/{unsupported => }/rsa-camellia-256-cfb8.pem (100%) rename tests/pem/pkcs/{unsupported => }/rsa-des-cfb1.pem (100%) rename tests/pem/pkcs/{unsupported => }/rsa-des-cfb8.pem (100%) rename tests/pem/pkcs/{unsupported => }/rsa-des-ede3-cfb1.pem (100%) rename tests/pem/pkcs/{unsupported => }/rsa-des-ede3-cfb8.pem (100%) diff --git a/doc/crypt.tex b/doc/crypt.tex index 62dddb849..91cb0c3e8 100644 --- a/doc/crypt.tex +++ b/doc/crypt.tex @@ -7644,6 +7644,12 @@ \subsection{PKCS PEM files} \hline \texttt{AES-128-CFB} & AES & 128 & CFB \\ \hline \texttt{AES-192-CFB} & AES & 192 & CFB \\ \hline \texttt{AES-256-CFB} & AES & 256 & CFB \\ +\hline \texttt{AES-128-CFB1} & AES & 128 & CFB \\ +\hline \texttt{AES-192-CFB1} & AES & 192 & CFB \\ +\hline \texttt{AES-256-CFB1} & AES & 256 & CFB \\ +\hline \texttt{AES-128-CFB8} & AES & 128 & CFB \\ +\hline \texttt{AES-192-CFB8} & AES & 192 & CFB \\ +\hline \texttt{AES-256-CFB8} & AES & 256 & CFB \\ \hline \texttt{AES-128-CTR} & AES & 128 & CTR \\ \hline \texttt{AES-192-CTR} & AES & 192 & CTR \\ \hline \texttt{AES-256-CTR} & AES & 256 & CTR \\ @@ -7659,6 +7665,12 @@ \subsection{PKCS PEM files} \hline \texttt{CAMELLIA-128-CFB} & Camellia & 128 & CFB \\ \hline \texttt{CAMELLIA-192-CFB} & Camellia & 192 & CFB \\ \hline \texttt{CAMELLIA-256-CFB} & Camellia & 256 & CFB \\ +\hline \texttt{CAMELLIA-128-CFB1} & Camellia & 128 & CFB \\ +\hline \texttt{CAMELLIA-192-CFB1} & Camellia & 192 & CFB \\ +\hline \texttt{CAMELLIA-256-CFB1} & Camellia & 256 & CFB \\ +\hline \texttt{CAMELLIA-128-CFB8} & Camellia & 128 & CFB \\ +\hline \texttt{CAMELLIA-192-CFB8} & Camellia & 192 & CFB \\ +\hline \texttt{CAMELLIA-256-CFB8} & Camellia & 256 & CFB \\ \hline \texttt{CAMELLIA-128-CTR} & Camellia & 128 & CTR \\ \hline \texttt{CAMELLIA-192-CTR} & Camellia & 192 & CTR \\ \hline \texttt{CAMELLIA-256-CTR} & Camellia & 256 & CTR \\ @@ -7674,9 +7686,13 @@ \subsection{PKCS PEM files} \hline \texttt{DES-EDE-OFB} & 3DES (EDE) & 128 & OFB \\ \hline \texttt{DES-EDE3-CBC} & 3DES (EDE) & 192 & CBC \\ \hline \texttt{DES-EDE3-CFB} & 3DES (EDE) & 192 & CFB \\ +\hline \texttt{DES-EDE3-CFB1} & 3DES (EDE) & 192 & CFB \\ +\hline \texttt{DES-EDE3-CFB8} & 3DES (EDE) & 192 & CFB \\ \hline \texttt{DES-EDE3-OFB} & 3DES (EDE) & 192 & OFB \\ \hline \texttt{DES-CBC} & DES & 64 & CBC \\ \hline \texttt{DES-CFB} & DES & 64 & CFB \\ +\hline \texttt{DES-CFB1} & DES & 64 & CFB \\ +\hline \texttt{DES-CFB8} & DES & 64 & CFB \\ \hline \texttt{DES-OFB} & DES & 64 & OFB \\ \hline \texttt{DESX-CBC} & DES-X & 192 & CBC \\ \hline \texttt{IDEA-CBC} & IDEA & 128 & CBC \\ diff --git a/src/headers/tomcrypt_private.h b/src/headers/tomcrypt_private.h index d58e9ba2f..2617e3aae 100644 --- a/src/headers/tomcrypt_private.h +++ b/src/headers/tomcrypt_private.h @@ -267,6 +267,8 @@ enum cipher_mode { cm_flags = 0xff00, /* Flags */ cm_openssh = 0x0100, + cm_1bit = 0x0200, + cm_8bit = 0x0400, /* Modes */ cm_none = 0x0000, cm_cbc = 0x0001, @@ -275,6 +277,8 @@ enum cipher_mode { cm_ofb = 0x0004, cm_stream = 0x0005, cm_gcm = 0x0006, + cm_cfb1 = cm_cfb | cm_1bit, + cm_cfb8 = cm_cfb | cm_8bit, cm_stream_openssh = cm_stream | cm_openssh, }; diff --git a/src/misc/pem/pem.c b/src/misc/pem/pem.c index 18356a575..d81536932 100644 --- a/src/misc/pem/pem.c +++ b/src/misc/pem/pem.c @@ -75,61 +75,77 @@ const struct str pem_ssh_comment = { SET_CSTR(, "Comment: ") }; const struct str pem_dek_info_start = { SET_CSTR(, "DEK-Info: ") }; const struct blockcipher_info pem_dek_infos[] = { - { .name = "AES-128-CBC,", .algo = "aes", .keylen = 128 / 8, .mode = cm_cbc, }, - { .name = "AES-192-CBC,", .algo = "aes", .keylen = 192 / 8, .mode = cm_cbc, }, - { .name = "AES-256-CBC,", .algo = "aes", .keylen = 256 / 8, .mode = cm_cbc, }, - { .name = "AES-128-CFB,", .algo = "aes", .keylen = 128 / 8, .mode = cm_cfb, }, - { .name = "AES-192-CFB,", .algo = "aes", .keylen = 192 / 8, .mode = cm_cfb, }, - { .name = "AES-256-CFB,", .algo = "aes", .keylen = 256 / 8, .mode = cm_cfb, }, - { .name = "AES-128-CTR,", .algo = "aes", .keylen = 128 / 8, .mode = cm_ctr, }, - { .name = "AES-192-CTR,", .algo = "aes", .keylen = 192 / 8, .mode = cm_ctr, }, - { .name = "AES-256-CTR,", .algo = "aes", .keylen = 256 / 8, .mode = cm_ctr, }, - { .name = "AES-128-OFB,", .algo = "aes", .keylen = 128 / 8, .mode = cm_ofb, }, - { .name = "AES-192-OFB,", .algo = "aes", .keylen = 192 / 8, .mode = cm_ofb, }, - { .name = "AES-256-OFB,", .algo = "aes", .keylen = 256 / 8, .mode = cm_ofb, }, - { .name = "BF-CBC,", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_cbc, }, - { .name = "BF-CFB,", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_cfb, }, - { .name = "BF-OFB,", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_ofb, }, - { .name = "CAMELLIA-128-CBC,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_cbc, }, - { .name = "CAMELLIA-192-CBC,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_cbc, }, - { .name = "CAMELLIA-256-CBC,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_cbc, }, - { .name = "CAMELLIA-128-CFB,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_cfb, }, - { .name = "CAMELLIA-192-CFB,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_cfb, }, - { .name = "CAMELLIA-256-CFB,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_cfb, }, - { .name = "CAMELLIA-128-CTR,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_ctr, }, - { .name = "CAMELLIA-192-CTR,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_ctr, }, - { .name = "CAMELLIA-256-CTR,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_ctr, }, - { .name = "CAMELLIA-128-OFB,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_ofb, }, - { .name = "CAMELLIA-192-OFB,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_ofb, }, - { .name = "CAMELLIA-256-OFB,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_ofb, }, - { .name = "CAST5-CBC,", .algo = "cast5", .keylen = 128 / 8, .mode = cm_cbc, }, - { .name = "CAST5-CFB,", .algo = "cast5", .keylen = 128 / 8, .mode = cm_cfb, }, - { .name = "CAST5-OFB,", .algo = "cast5", .keylen = 128 / 8, .mode = cm_ofb, }, - { .name = "ChaCha20,", .algo = "chacha20", .keylen = 256 / 8, .mode = cm_stream, }, - { .name = "DES-EDE-CBC,", .algo = "3des", .keylen = 128 / 8, .mode = cm_cbc, }, - { .name = "DES-EDE-CFB,", .algo = "3des", .keylen = 128 / 8, .mode = cm_cfb, }, - { .name = "DES-EDE-OFB,", .algo = "3des", .keylen = 128 / 8, .mode = cm_ofb, }, - { .name = "DES-EDE3-CBC,", .algo = "3des", .keylen = 192 / 8, .mode = cm_cbc, }, - { .name = "DES-EDE3-CFB,", .algo = "3des", .keylen = 192 / 8, .mode = cm_cfb, }, - { .name = "DES-EDE3-OFB,", .algo = "3des", .keylen = 192 / 8, .mode = cm_ofb, }, - { .name = "DES-CBC,", .algo = "des", .keylen = 64 / 8, .mode = cm_cbc, }, - { .name = "DES-CFB,", .algo = "des", .keylen = 64 / 8, .mode = cm_cfb, }, - { .name = "DES-OFB,", .algo = "des", .keylen = 64 / 8, .mode = cm_ofb, }, - { .name = "DESX-CBC,", .algo = "desx", .keylen = 192 / 8, .mode = cm_cbc, }, - { .name = "IDEA-CBC,", .algo = "idea", .keylen = 128 / 8, .mode = cm_cbc, }, - { .name = "IDEA-CFB,", .algo = "idea", .keylen = 128 / 8, .mode = cm_cfb, }, - { .name = "IDEA-OFB,", .algo = "idea", .keylen = 128 / 8, .mode = cm_ofb, }, - { .name = "RC5-CBC,", .algo = "rc5", .keylen = 128 / 8, .mode = cm_cbc, }, - { .name = "RC5-CFB,", .algo = "rc5", .keylen = 128 / 8, .mode = cm_cfb, }, - { .name = "RC5-OFB,", .algo = "rc5", .keylen = 128 / 8, .mode = cm_ofb, }, - { .name = "RC2-40-CBC,", .algo = "rc2", .keylen = 40 / 8, .mode = cm_cbc, }, - { .name = "RC2-64-CBC,", .algo = "rc2", .keylen = 64 / 8, .mode = cm_cbc, }, - { .name = "RC2-CBC,", .algo = "rc2", .keylen = 128 / 8, .mode = cm_cbc, }, - { .name = "RC2-CFB,", .algo = "rc2", .keylen = 128 / 8, .mode = cm_cfb, }, - { .name = "RC2-OFB,", .algo = "rc2", .keylen = 128 / 8, .mode = cm_ofb, }, - { .name = "SEED-CBC,", .algo = "seed", .keylen = 128 / 8, .mode = cm_cbc, }, - { .name = "SEED-CFB,", .algo = "seed", .keylen = 128 / 8, .mode = cm_cfb, }, - { .name = "SEED-OFB,", .algo = "seed", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "AES-128-CBC,", .algo = "aes", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "AES-192-CBC,", .algo = "aes", .keylen = 192 / 8, .mode = cm_cbc, }, + { .name = "AES-256-CBC,", .algo = "aes", .keylen = 256 / 8, .mode = cm_cbc, }, + { .name = "AES-128-CFB,", .algo = "aes", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "AES-192-CFB,", .algo = "aes", .keylen = 192 / 8, .mode = cm_cfb, }, + { .name = "AES-256-CFB,", .algo = "aes", .keylen = 256 / 8, .mode = cm_cfb, }, + { .name = "AES-128-CFB1,", .algo = "aes", .keylen = 128 / 8, .mode = cm_cfb1, }, + { .name = "AES-192-CFB1,", .algo = "aes", .keylen = 192 / 8, .mode = cm_cfb1, }, + { .name = "AES-256-CFB1,", .algo = "aes", .keylen = 256 / 8, .mode = cm_cfb1, }, + { .name = "AES-128-CFB8,", .algo = "aes", .keylen = 128 / 8, .mode = cm_cfb8, }, + { .name = "AES-192-CFB8,", .algo = "aes", .keylen = 192 / 8, .mode = cm_cfb8, }, + { .name = "AES-256-CFB8,", .algo = "aes", .keylen = 256 / 8, .mode = cm_cfb8, }, + { .name = "AES-128-CTR,", .algo = "aes", .keylen = 128 / 8, .mode = cm_ctr, }, + { .name = "AES-192-CTR,", .algo = "aes", .keylen = 192 / 8, .mode = cm_ctr, }, + { .name = "AES-256-CTR,", .algo = "aes", .keylen = 256 / 8, .mode = cm_ctr, }, + { .name = "AES-128-OFB,", .algo = "aes", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "AES-192-OFB,", .algo = "aes", .keylen = 192 / 8, .mode = cm_ofb, }, + { .name = "AES-256-OFB,", .algo = "aes", .keylen = 256 / 8, .mode = cm_ofb, }, + { .name = "BF-CBC,", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "BF-CFB,", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "BF-OFB,", .algo = "blowfish", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "CAMELLIA-128-CBC,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "CAMELLIA-192-CBC,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_cbc, }, + { .name = "CAMELLIA-256-CBC,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_cbc, }, + { .name = "CAMELLIA-128-CFB,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "CAMELLIA-192-CFB,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_cfb, }, + { .name = "CAMELLIA-256-CFB,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_cfb, }, + { .name = "CAMELLIA-128-CFB1,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_cfb1, }, + { .name = "CAMELLIA-192-CFB1,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_cfb1, }, + { .name = "CAMELLIA-256-CFB1,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_cfb1, }, + { .name = "CAMELLIA-128-CFB8,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_cfb8, }, + { .name = "CAMELLIA-192-CFB8,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_cfb8, }, + { .name = "CAMELLIA-256-CFB8,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_cfb8, }, + { .name = "CAMELLIA-128-CTR,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_ctr, }, + { .name = "CAMELLIA-192-CTR,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_ctr, }, + { .name = "CAMELLIA-256-CTR,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_ctr, }, + { .name = "CAMELLIA-128-OFB,", .algo = "camellia", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "CAMELLIA-192-OFB,", .algo = "camellia", .keylen = 192 / 8, .mode = cm_ofb, }, + { .name = "CAMELLIA-256-OFB,", .algo = "camellia", .keylen = 256 / 8, .mode = cm_ofb, }, + { .name = "CAST5-CBC,", .algo = "cast5", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "CAST5-CFB,", .algo = "cast5", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "CAST5-OFB,", .algo = "cast5", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "ChaCha20,", .algo = "chacha20", .keylen = 256 / 8, .mode = cm_stream, }, + { .name = "DES-EDE-CBC,", .algo = "3des", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "DES-EDE-CFB,", .algo = "3des", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "DES-EDE-OFB,", .algo = "3des", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "DES-EDE3-CBC,", .algo = "3des", .keylen = 192 / 8, .mode = cm_cbc, }, + { .name = "DES-EDE3-CFB,", .algo = "3des", .keylen = 192 / 8, .mode = cm_cfb, }, + { .name = "DES-EDE3-CFB1,", .algo = "3des", .keylen = 192 / 8, .mode = cm_cfb1, }, + { .name = "DES-EDE3-CFB8,", .algo = "3des", .keylen = 192 / 8, .mode = cm_cfb8, }, + { .name = "DES-EDE3-OFB,", .algo = "3des", .keylen = 192 / 8, .mode = cm_ofb, }, + { .name = "DES-CBC,", .algo = "des", .keylen = 64 / 8, .mode = cm_cbc, }, + { .name = "DES-CFB,", .algo = "des", .keylen = 64 / 8, .mode = cm_cfb, }, + { .name = "DES-CFB1,", .algo = "des", .keylen = 64 / 8, .mode = cm_cfb1, }, + { .name = "DES-CFB8,", .algo = "des", .keylen = 64 / 8, .mode = cm_cfb8, }, + { .name = "DES-OFB,", .algo = "des", .keylen = 64 / 8, .mode = cm_ofb, }, + { .name = "DESX-CBC,", .algo = "desx", .keylen = 192 / 8, .mode = cm_cbc, }, + { .name = "IDEA-CBC,", .algo = "idea", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "IDEA-CFB,", .algo = "idea", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "IDEA-OFB,", .algo = "idea", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "RC5-CBC,", .algo = "rc5", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "RC5-CFB,", .algo = "rc5", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "RC5-OFB,", .algo = "rc5", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "RC2-40-CBC,", .algo = "rc2", .keylen = 40 / 8, .mode = cm_cbc, }, + { .name = "RC2-64-CBC,", .algo = "rc2", .keylen = 64 / 8, .mode = cm_cbc, }, + { .name = "RC2-CBC,", .algo = "rc2", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "RC2-CFB,", .algo = "rc2", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "RC2-OFB,", .algo = "rc2", .keylen = 128 / 8, .mode = cm_ofb, }, + { .name = "SEED-CBC,", .algo = "seed", .keylen = 128 / 8, .mode = cm_cbc, }, + { .name = "SEED-CFB,", .algo = "seed", .keylen = 128 / 8, .mode = cm_cfb, }, + { .name = "SEED-OFB,", .algo = "seed", .keylen = 128 / 8, .mode = cm_ofb, }, }; const unsigned long pem_dek_infos_num = sizeof(pem_dek_infos)/sizeof(pem_dek_infos[0]); @@ -189,9 +205,17 @@ int pem_decrypt(unsigned char *data, unsigned long *datalen, #endif break; case cm_cfb: + case cm_cfb1: + case cm_cfb8: #ifdef LTC_CFB_MODE - if ((err = cfb_start(cipher, iv, key, keylen, 0, &s.ctx.cfb)) != CRYPT_OK) { - goto error_out; + if (info->mode == cm_cfb) { + if ((err = cfb_start(cipher, iv, key, keylen, 0, &s.ctx.cfb)) != CRYPT_OK) { + goto error_out; + } + } else { + if ((err = cfb_start_ex(cipher, iv, key, keylen, 0, info->mode == cm_cfb1 ? 1 : 8, &s.ctx.cfb)) != CRYPT_OK) { + goto error_out; + } } if ((err = cfb_decrypt(data, data, *datalen, &s.ctx.cfb)) != CRYPT_OK) { goto error_out; diff --git a/tests/pem/pkcs/unsupported/rsa-aes-128-cfb1.pem b/tests/pem/pkcs/rsa-aes-128-cfb1.pem similarity index 100% rename from tests/pem/pkcs/unsupported/rsa-aes-128-cfb1.pem rename to tests/pem/pkcs/rsa-aes-128-cfb1.pem diff --git a/tests/pem/pkcs/unsupported/rsa-aes-128-cfb8.pem b/tests/pem/pkcs/rsa-aes-128-cfb8.pem similarity index 100% rename from tests/pem/pkcs/unsupported/rsa-aes-128-cfb8.pem rename to tests/pem/pkcs/rsa-aes-128-cfb8.pem diff --git a/tests/pem/pkcs/unsupported/rsa-aes-192-cfb1.pem b/tests/pem/pkcs/rsa-aes-192-cfb1.pem similarity index 100% rename from tests/pem/pkcs/unsupported/rsa-aes-192-cfb1.pem rename to tests/pem/pkcs/rsa-aes-192-cfb1.pem diff --git a/tests/pem/pkcs/unsupported/rsa-aes-192-cfb8.pem b/tests/pem/pkcs/rsa-aes-192-cfb8.pem similarity index 100% rename from tests/pem/pkcs/unsupported/rsa-aes-192-cfb8.pem rename to tests/pem/pkcs/rsa-aes-192-cfb8.pem diff --git a/tests/pem/pkcs/unsupported/rsa-aes-256-cfb1.pem b/tests/pem/pkcs/rsa-aes-256-cfb1.pem similarity index 100% rename from tests/pem/pkcs/unsupported/rsa-aes-256-cfb1.pem rename to tests/pem/pkcs/rsa-aes-256-cfb1.pem diff --git a/tests/pem/pkcs/unsupported/rsa-aes-256-cfb8.pem b/tests/pem/pkcs/rsa-aes-256-cfb8.pem similarity index 100% rename from tests/pem/pkcs/unsupported/rsa-aes-256-cfb8.pem rename to tests/pem/pkcs/rsa-aes-256-cfb8.pem diff --git a/tests/pem/pkcs/unsupported/rsa-camellia-128-cfb1.pem b/tests/pem/pkcs/rsa-camellia-128-cfb1.pem similarity index 100% rename from tests/pem/pkcs/unsupported/rsa-camellia-128-cfb1.pem rename to tests/pem/pkcs/rsa-camellia-128-cfb1.pem diff --git a/tests/pem/pkcs/unsupported/rsa-camellia-128-cfb8.pem b/tests/pem/pkcs/rsa-camellia-128-cfb8.pem similarity index 100% rename from tests/pem/pkcs/unsupported/rsa-camellia-128-cfb8.pem rename to tests/pem/pkcs/rsa-camellia-128-cfb8.pem diff --git a/tests/pem/pkcs/unsupported/rsa-camellia-192-cfb1.pem b/tests/pem/pkcs/rsa-camellia-192-cfb1.pem similarity index 100% rename from tests/pem/pkcs/unsupported/rsa-camellia-192-cfb1.pem rename to tests/pem/pkcs/rsa-camellia-192-cfb1.pem diff --git a/tests/pem/pkcs/unsupported/rsa-camellia-192-cfb8.pem b/tests/pem/pkcs/rsa-camellia-192-cfb8.pem similarity index 100% rename from tests/pem/pkcs/unsupported/rsa-camellia-192-cfb8.pem rename to tests/pem/pkcs/rsa-camellia-192-cfb8.pem diff --git a/tests/pem/pkcs/unsupported/rsa-camellia-256-cfb1.pem b/tests/pem/pkcs/rsa-camellia-256-cfb1.pem similarity index 100% rename from tests/pem/pkcs/unsupported/rsa-camellia-256-cfb1.pem rename to tests/pem/pkcs/rsa-camellia-256-cfb1.pem diff --git a/tests/pem/pkcs/unsupported/rsa-camellia-256-cfb8.pem b/tests/pem/pkcs/rsa-camellia-256-cfb8.pem similarity index 100% rename from tests/pem/pkcs/unsupported/rsa-camellia-256-cfb8.pem rename to tests/pem/pkcs/rsa-camellia-256-cfb8.pem diff --git a/tests/pem/pkcs/unsupported/rsa-des-cfb1.pem b/tests/pem/pkcs/rsa-des-cfb1.pem similarity index 100% rename from tests/pem/pkcs/unsupported/rsa-des-cfb1.pem rename to tests/pem/pkcs/rsa-des-cfb1.pem diff --git a/tests/pem/pkcs/unsupported/rsa-des-cfb8.pem b/tests/pem/pkcs/rsa-des-cfb8.pem similarity index 100% rename from tests/pem/pkcs/unsupported/rsa-des-cfb8.pem rename to tests/pem/pkcs/rsa-des-cfb8.pem diff --git a/tests/pem/pkcs/unsupported/rsa-des-ede3-cfb1.pem b/tests/pem/pkcs/rsa-des-ede3-cfb1.pem similarity index 100% rename from tests/pem/pkcs/unsupported/rsa-des-ede3-cfb1.pem rename to tests/pem/pkcs/rsa-des-ede3-cfb1.pem diff --git a/tests/pem/pkcs/unsupported/rsa-des-ede3-cfb8.pem b/tests/pem/pkcs/rsa-des-ede3-cfb8.pem similarity index 100% rename from tests/pem/pkcs/unsupported/rsa-des-ede3-cfb8.pem rename to tests/pem/pkcs/rsa-des-ede3-cfb8.pem From 2594f3a7d27aad89e2eb870c4a923991aedfc73f Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Sun, 18 Aug 2024 14:56:14 +0200 Subject: [PATCH 51/51] Update docs Signed-off-by: Steffen Jaeckel --- doc/crypt.tex | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/doc/crypt.tex b/doc/crypt.tex index 91cb0c3e8..8f4e53bd2 100644 --- a/doc/crypt.tex +++ b/doc/crypt.tex @@ -620,6 +620,7 @@ \subsection{Simple Encryption Demonstration} (only on x86 with SSE4.1) &&&&& \\ \hline Twofish & twofish\_desc & 16 & 16, 24, 32 & 16 & 7 \\ \hline DES & des\_desc & 8 & 8 & 16 & 13 \\ + \hline DES-X & desx\_desc & 8 & 24 & 24 & 27 \\ \hline 3DES (EDE mode) & des3\_desc & 8 & 16, 24 & 16 & 14 \\ \hline CAST5 (CAST-128) & cast5\_desc & 8 & 5 $\ldots$ 16 & 12, 16 & 15 \\ \hline Noekeon & noekeon\_desc & 16 & 16 & 16 & 16 \\ @@ -8028,16 +8029,31 @@ \subsection{Depadding} The following struct is used in various parts of the library that deals with user-passwords. \begin{verbatim} -typedef struct { +typedef struct password_ctx { /** Callback function that is called when a password is required. + Please be aware that the library takes ownership of the pointer that is + returned to the library via `str`. + The data will be zeroed and `free()`'d as soon as it isn't required anymore. + c.f. the documentation of the `free()` function pointer for details. + @param str Pointer to pointer where the password will be stored. @param len Pointer to the length of the password. @param userdata `userdata` that was passed in the `password_ctx` struct. @return CRYPT_OK on success */ int (*callback)(void **str, unsigned long *len, void *userdata); + /** + Optional free function to free the allocated buffer. + + At the point where the value returned by `callback()` is not required + anymore the library will free it by either calling this `free()` function + or `XFREE()` in case this `free()` function is set to `NULL`. + + @param str Pointer to the buffer to be free'd. + */ + void (*free)(void *str); /** Opaque `userdata` pointer passed when the callback is called */ void *userdata; } password_ctx; @@ -8049,12 +8065,17 @@ \subsection{Depadding} the \textit{callback} pointer inside is \textit{NULL}. The \textit{str} pointer is declared as a \textit{void} pointer, since passwords are not necessarily -always representable as a NUL-terminated C string. Therefor the user also has to provide the length of the +always representable as a NUL-terminated C string. Therefore the user also has to provide the length of the password via \textit{len}. In order to prevent arbitrary limitations of the length of a password, the user is responsible for the dynamic allocation of the buffer that holds the password. The library takes ownership of said buffer -and will zeroize it and call \texttt{XFREE} on it as soon as it doesn't require it anymore. +and will zeroize it and will free it as soon as it doesn't require it anymore. +Since the user can not necessarily ensure the usage of the same dynamic memory allocation API, as used +within the library, the library provides a way to pass a custom `free()` function within the password context. +In case the \textit{free} function pointer is set, the library will use said function to free +the string \textit{str}. In case \textit{free} is NULL, the default `XFREE()` function will be used. + An example usage is as follows: