mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 10:54:25 +01:00
Parsing of PKCS#8 encrypted private key files added and PKCS#12 basis
PKCS#8 encrypted key file support has been added to x509parse_key() with support for some PCKS#12 PBE functions (pbeWithSHAAnd128BitRC4, pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHAAnd2-KeyTripleDES-CBC)
This commit is contained in:
parent
65a1909dc6
commit
cf6e95d9a8
@ -1,6 +1,10 @@
|
|||||||
PolarSSL ChangeLog
|
PolarSSL ChangeLog
|
||||||
|
|
||||||
= Branch 1.2
|
= Branch 1.2
|
||||||
|
Features
|
||||||
|
* Parsing of PKCS#8 encrypted private key files
|
||||||
|
* PKCS#12 PBE and derivation functions
|
||||||
|
|
||||||
Change
|
Change
|
||||||
* HAVEGE random generator disabled by default
|
* HAVEGE random generator disabled by default
|
||||||
* Internally split up x509parse_key() into a (PEM) handler function
|
* Internally split up x509parse_key() into a (PEM) handler function
|
||||||
|
@ -721,6 +721,22 @@
|
|||||||
#define POLARSSL_PKCS11_C
|
#define POLARSSL_PKCS11_C
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def POLARSSL_PKCS12_C
|
||||||
|
*
|
||||||
|
* Enable PKCS#12 PBE functions
|
||||||
|
* Adds algorithms for parsing PKCS#8 encrypted private keys
|
||||||
|
*
|
||||||
|
* Module: library/pkcs12.c
|
||||||
|
* Caller: library/x509parse.c
|
||||||
|
*
|
||||||
|
* Requires: POLARSSL_ASN1_PARSE_C
|
||||||
|
* Can use: POLARSSL_SHA1_C, POLARSSL_DES_C, POLARSSL_ARC4_C
|
||||||
|
*
|
||||||
|
* This module enables PKCS#12 functions.
|
||||||
|
*/
|
||||||
|
#define POLARSSL_PKCS12_C
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def POLARSSL_RSA_C
|
* \def POLARSSL_RSA_C
|
||||||
*
|
*
|
||||||
|
@ -74,6 +74,7 @@
|
|||||||
* High-level module nr (3 bits - 0x1...-0x8...)
|
* High-level module nr (3 bits - 0x1...-0x8...)
|
||||||
* Name ID Nr of Errors
|
* Name ID Nr of Errors
|
||||||
* PEM 1 9
|
* PEM 1 9
|
||||||
|
* PKCS#12 1 3 (Started from top)
|
||||||
* X509 2 21
|
* X509 2 21
|
||||||
* DHM 3 6
|
* DHM 3 6
|
||||||
* RSA 4 9
|
* RSA 4 9
|
||||||
|
139
include/polarssl/pkcs12.h
Normal file
139
include/polarssl/pkcs12.h
Normal file
@ -0,0 +1,139 @@
|
|||||||
|
/**
|
||||||
|
* \file pkcs12.h
|
||||||
|
*
|
||||||
|
* \brief PKCS#12 Personal Information Exchange Syntax
|
||||||
|
*
|
||||||
|
* Copyright (C) 2006-2013, Brainspark B.V.
|
||||||
|
*
|
||||||
|
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||||
|
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||||
|
*
|
||||||
|
* All rights reserved.
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; either version 2 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License along
|
||||||
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*/
|
||||||
|
#ifndef POLARSSL_PKCS12_H
|
||||||
|
#define POLARSSL_PKCS12_H
|
||||||
|
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
#include "md.h"
|
||||||
|
#include "asn1.h"
|
||||||
|
|
||||||
|
#define POLARSSL_ERR_PKCS12_BAD_INPUT_DATA -0x1F80 /**< Bad input parameters to function. */
|
||||||
|
#define POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00 /**< Feature not available, e.g. unsupported encryption scheme. */
|
||||||
|
#define POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 /**< PBE ASN.1 data not as expected. */
|
||||||
|
|
||||||
|
#define PKCS12_DERIVE_KEY 1 /*< encryption/decryption key */
|
||||||
|
#define PKCS12_DERIVE_IV 2 /*< initialization vector */
|
||||||
|
#define PKCS12_DERIVE_MAC_KEY 3 /*< integrity / MAC key */
|
||||||
|
|
||||||
|
#define PKCS12_PBE_ENCRYPT 1
|
||||||
|
#define PKCS12_PBE_DECRYPT 2
|
||||||
|
|
||||||
|
/*
|
||||||
|
* PKCS#12 PBE types
|
||||||
|
*/
|
||||||
|
#define OID_PKCS12 "\x2a\x86\x48\x86\xf7\x0d\x01\x0c"
|
||||||
|
#define OID_PKCS12_PBE_SHA1_RC4_128 OID_PKCS12 "\x01\x01"
|
||||||
|
#define OID_PKCS12_PBE_SHA1_DES3_EDE_CBC OID_PKCS12 "\x01\x03"
|
||||||
|
#define OID_PKCS12_PBE_SHA1_DES2_EDE_CBC OID_PKCS12 "\x01\x04"
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief PKCS12 Password Based function (encryption / decryption)
|
||||||
|
* for pbeWithSHAAnd128BitRC4
|
||||||
|
*
|
||||||
|
* \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
|
||||||
|
* \param mode either PKCS12_PBE_ENCRYPT or PKCS12_PBE_DECRYPT
|
||||||
|
* \param pwd the password used (may be NULL if no password is used)
|
||||||
|
* \param pwdlen length of the password (may be 0)
|
||||||
|
* \param input the input data
|
||||||
|
* \param len data length
|
||||||
|
* \param output the output buffer
|
||||||
|
*/
|
||||||
|
int pkcs12_pbe_sha1_rc4_128( asn1_buf *pbe_params, int mode,
|
||||||
|
const unsigned char *pwd, size_t pwdlen,
|
||||||
|
const unsigned char *input, size_t len,
|
||||||
|
unsigned char *output );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief PKCS12 Password Based function (encryption / decryption)
|
||||||
|
* for pbeWithSHAAnd3-KeyTripleDES-CBC
|
||||||
|
*
|
||||||
|
* \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
|
||||||
|
* \param mode either PKCS12_PBE_ENCRYPT or PKCS12_PBE_DECRYPT
|
||||||
|
* \param pwd the password used (may be NULL if no password is used)
|
||||||
|
* \param pwdlen length of the password (may be 0)
|
||||||
|
* \param input the input data
|
||||||
|
* \param len data length
|
||||||
|
* \param output the output buffer
|
||||||
|
*/
|
||||||
|
int pkcs12_pbe_sha1_des3_ede_cbc( asn1_buf *pbe_params, int mode,
|
||||||
|
const unsigned char *pwd, size_t pwdlen,
|
||||||
|
const unsigned char *input, size_t len,
|
||||||
|
unsigned char *output );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief PKCS12 Password Based function (encryption / decryption)
|
||||||
|
* for pbeWithSHAAnd2-KeyTripleDES-CBC
|
||||||
|
*
|
||||||
|
* \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
|
||||||
|
* \param mode either PKCS12_PBE_ENCRYPT or PKCS12_PBE_DECRYPT
|
||||||
|
* \param pwd the password used (may be NULL if no password is used)
|
||||||
|
* \param pwdlen length of the password (may be 0)
|
||||||
|
* \param input the input data
|
||||||
|
* \param len data length
|
||||||
|
* \param output the output buffer
|
||||||
|
*/
|
||||||
|
int pkcs12_pbe_sha1_des2_ede_cbc( asn1_buf *pbe_params, int mode,
|
||||||
|
const unsigned char *pwd, size_t pwdlen,
|
||||||
|
const unsigned char *input, size_t len,
|
||||||
|
unsigned char *output );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief The PKCS#12 derivation function uses a password and a salt
|
||||||
|
* to produce pseudo-random bits for a particular "purpose".
|
||||||
|
*
|
||||||
|
* Depending on the given id, this function can produce an
|
||||||
|
* encryption/decryption key, an nitialization vector or an
|
||||||
|
* integrity key.
|
||||||
|
*
|
||||||
|
* \param data buffer to store the derived data in
|
||||||
|
* \param datalen length to fill
|
||||||
|
* \param pwd password to use (may be NULL if no password is used)
|
||||||
|
* \param pwdlen length of the password (may be 0)
|
||||||
|
* \param salt salt buffer to use
|
||||||
|
* \param saltlen length of the salt
|
||||||
|
* \param md md type to use during the derivation
|
||||||
|
* \param id id that describes the purpose (can be PKCS12_DERIVE_KEY,
|
||||||
|
* PKCS12_DERIVE_IV or PKCS12_DERIVE_MAC_KEY)
|
||||||
|
* \param iterations number of iterations
|
||||||
|
*
|
||||||
|
* \return 0 if successful, or a MD, BIGNUM type error.
|
||||||
|
*/
|
||||||
|
int pkcs12_derivation( unsigned char *data, size_t datalen,
|
||||||
|
const unsigned char *pwd, size_t pwdlen,
|
||||||
|
const unsigned char *salt, size_t saltlen,
|
||||||
|
md_type_t md, int id, int iterations );
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#endif /* pkcs12.h */
|
@ -31,6 +31,7 @@ set(src
|
|||||||
pbkdf2.c
|
pbkdf2.c
|
||||||
pem.c
|
pem.c
|
||||||
pkcs11.c
|
pkcs11.c
|
||||||
|
pkcs12.c
|
||||||
rsa.c
|
rsa.c
|
||||||
sha1.c
|
sha1.c
|
||||||
sha2.c
|
sha2.c
|
||||||
|
@ -44,7 +44,7 @@ OBJS= aes.o arc4.o asn1parse.o \
|
|||||||
md.o md_wrap.o md2.o \
|
md.o md_wrap.o md2.o \
|
||||||
md4.o md5.o net.o \
|
md4.o md5.o net.o \
|
||||||
padlock.o pbkdf2.o pem.o \
|
padlock.o pbkdf2.o pem.o \
|
||||||
pkcs11.o \
|
pkcs11.o pkcs12.o \
|
||||||
rsa.o sha1.o sha2.o \
|
rsa.o sha1.o sha2.o \
|
||||||
sha4.o ssl_cache.o ssl_cli.o \
|
sha4.o ssl_cache.o ssl_cli.o \
|
||||||
ssl_srv.o \
|
ssl_srv.o \
|
||||||
|
@ -105,6 +105,10 @@
|
|||||||
#include "polarssl/pem.h"
|
#include "polarssl/pem.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_PKCS12_C)
|
||||||
|
#include "polarssl/pkcs12.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_RSA_C)
|
#if defined(POLARSSL_RSA_C)
|
||||||
#include "polarssl/rsa.h"
|
#include "polarssl/rsa.h"
|
||||||
#endif
|
#endif
|
||||||
@ -216,6 +220,15 @@ void error_strerror( int ret, char *buf, size_t buflen )
|
|||||||
snprintf( buf, buflen, "PEM - Bad input parameters to function" );
|
snprintf( buf, buflen, "PEM - Bad input parameters to function" );
|
||||||
#endif /* POLARSSL_PEM_C */
|
#endif /* POLARSSL_PEM_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_PKCS12_C)
|
||||||
|
if( use_ret == -(POLARSSL_ERR_PKCS12_BAD_INPUT_DATA) )
|
||||||
|
snprintf( buf, buflen, "PKCS12 - Bad input parameters to function" );
|
||||||
|
if( use_ret == -(POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE) )
|
||||||
|
snprintf( buf, buflen, "PKCS12 - Feature not available, e.g. unsupported encryption scheme" );
|
||||||
|
if( use_ret == -(POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT) )
|
||||||
|
snprintf( buf, buflen, "PKCS12 - PBE ASN.1 data not as expected" );
|
||||||
|
#endif /* POLARSSL_PKCS12_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_RSA_C)
|
#if defined(POLARSSL_RSA_C)
|
||||||
if( use_ret == -(POLARSSL_ERR_RSA_BAD_INPUT_DATA) )
|
if( use_ret == -(POLARSSL_ERR_RSA_BAD_INPUT_DATA) )
|
||||||
snprintf( buf, buflen, "RSA - Bad input parameters to function" );
|
snprintf( buf, buflen, "RSA - Bad input parameters to function" );
|
||||||
|
363
library/pkcs12.c
Normal file
363
library/pkcs12.c
Normal file
@ -0,0 +1,363 @@
|
|||||||
|
/*
|
||||||
|
* PKCS#12 Personal Information Exchange Syntax
|
||||||
|
*
|
||||||
|
* Copyright (C) 2006-2013, Brainspark B.V.
|
||||||
|
*
|
||||||
|
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||||
|
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||||
|
*
|
||||||
|
* All rights reserved.
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; either version 2 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License along
|
||||||
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*/
|
||||||
|
/*
|
||||||
|
* The PKCS #12 Personal Information Exchange Syntax Standard v1.1
|
||||||
|
*
|
||||||
|
* http://www.rsa.com/rsalabs/pkcs/files/h11301-wp-pkcs-12v1-1-personal-information-exchange-syntax.pdf
|
||||||
|
* ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1-1.asn
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "polarssl/config.h"
|
||||||
|
|
||||||
|
#if defined(POLARSSL_PKCS12_C)
|
||||||
|
|
||||||
|
#include "polarssl/pkcs12.h"
|
||||||
|
#include "polarssl/asn1.h"
|
||||||
|
|
||||||
|
#if defined(POLARSSL_ARC4_C)
|
||||||
|
#include "polarssl/arc4.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_DES_C)
|
||||||
|
#include "polarssl/des.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
static int pkcs12_parse_pbe_params( unsigned char **p,
|
||||||
|
const unsigned char *end,
|
||||||
|
asn1_buf *salt, int *iterations )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
size_t len = 0;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* pkcs-12PbeParams ::= SEQUENCE {
|
||||||
|
* salt OCTET STRING,
|
||||||
|
* iterations INTEGER
|
||||||
|
* }
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
if( ( ret = asn1_get_tag( p, end, &len,
|
||||||
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
|
{
|
||||||
|
return( POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT + ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
end = *p + len;
|
||||||
|
|
||||||
|
if( ( ret = asn1_get_tag( p, end, &salt->len, ASN1_OCTET_STRING ) ) != 0 )
|
||||||
|
return( POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT + ret );
|
||||||
|
|
||||||
|
salt->p = *p;
|
||||||
|
*p += salt->len;
|
||||||
|
|
||||||
|
if( ( ret = asn1_get_int( p, end, iterations ) ) != 0 )
|
||||||
|
return( POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT + ret );
|
||||||
|
|
||||||
|
if( *p != end )
|
||||||
|
return( POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT +
|
||||||
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
static int pkcs12_pbe_derive_key_iv( asn1_buf *pbe_params,
|
||||||
|
const unsigned char *pwd, size_t pwdlen,
|
||||||
|
unsigned char *key, size_t keylen,
|
||||||
|
unsigned char *iv, size_t ivlen )
|
||||||
|
{
|
||||||
|
int ret, iterations;
|
||||||
|
asn1_buf salt;
|
||||||
|
size_t i;
|
||||||
|
unsigned char *p, *end;
|
||||||
|
unsigned char unipwd[258];
|
||||||
|
|
||||||
|
memset(&salt, 0, sizeof(asn1_buf));
|
||||||
|
memset(&unipwd, 0, sizeof(unipwd));
|
||||||
|
|
||||||
|
p = pbe_params->p;
|
||||||
|
end = p + pbe_params->len;
|
||||||
|
|
||||||
|
if( ( ret = pkcs12_parse_pbe_params( &p, end, &salt, &iterations ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
for(i = 0; i < pwdlen; i++)
|
||||||
|
unipwd[i * 2 + 1] = pwd[i];
|
||||||
|
|
||||||
|
if( ( ret = pkcs12_derivation( key, keylen, unipwd, pwdlen * 2 + 2,
|
||||||
|
salt.p, salt.len, POLARSSL_MD_SHA1,
|
||||||
|
PKCS12_DERIVE_KEY, iterations ) ) != 0 )
|
||||||
|
{
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( iv == NULL || ivlen == 0 )
|
||||||
|
return( 0 );
|
||||||
|
|
||||||
|
if( ( ret = pkcs12_derivation( iv, ivlen, unipwd, pwdlen * 2 + 2,
|
||||||
|
salt.p, salt.len, POLARSSL_MD_SHA1,
|
||||||
|
PKCS12_DERIVE_IV, iterations ) ) != 0 )
|
||||||
|
{
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
int pkcs12_pbe_sha1_rc4_128( asn1_buf *pbe_params, int mode,
|
||||||
|
const unsigned char *pwd, size_t pwdlen,
|
||||||
|
const unsigned char *data, size_t len,
|
||||||
|
unsigned char *output )
|
||||||
|
{
|
||||||
|
#if !defined(POLARSSL_ARC4_C)
|
||||||
|
((void) pbe_params);
|
||||||
|
((void) mode);
|
||||||
|
((void) pwd);
|
||||||
|
((void) pwdlen);
|
||||||
|
((void) data);
|
||||||
|
((void) len);
|
||||||
|
((void) output);
|
||||||
|
return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE );
|
||||||
|
#else
|
||||||
|
int ret;
|
||||||
|
unsigned char key[16];
|
||||||
|
arc4_context ctx;
|
||||||
|
((void) mode);
|
||||||
|
|
||||||
|
if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, pwd, pwdlen,
|
||||||
|
key, 16, NULL, 0 ) ) != 0 )
|
||||||
|
{
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
arc4_setup( &ctx, key, 16 );
|
||||||
|
if( ( ret = arc4_crypt( &ctx, len, data, output ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif /* POLARSSL_ARC4_C */
|
||||||
|
|
||||||
|
int pkcs12_pbe_sha1_des2_ede_cbc( asn1_buf *pbe_params, int mode,
|
||||||
|
const unsigned char *pwd, size_t pwdlen,
|
||||||
|
const unsigned char *data, size_t len,
|
||||||
|
unsigned char *output )
|
||||||
|
{
|
||||||
|
#if !defined(POLARSSL_DES_C)
|
||||||
|
((void) pbe_params);
|
||||||
|
((void) mode);
|
||||||
|
((void) pwd);
|
||||||
|
((void) pwdlen);
|
||||||
|
((void) data);
|
||||||
|
((void) len);
|
||||||
|
((void) output);
|
||||||
|
return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE );
|
||||||
|
#else
|
||||||
|
int ret;
|
||||||
|
unsigned char key[16];
|
||||||
|
unsigned char iv[8];
|
||||||
|
des3_context ctx;
|
||||||
|
|
||||||
|
if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, pwd, pwdlen,
|
||||||
|
key, 16, iv, 8 ) ) != 0 )
|
||||||
|
{
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( mode == PKCS12_PBE_ENCRYPT )
|
||||||
|
{
|
||||||
|
des3_set2key_enc( &ctx, key );
|
||||||
|
des3_crypt_cbc( &ctx, DES_ENCRYPT, len, iv, data, output );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
des3_set2key_dec( &ctx, key );
|
||||||
|
des3_crypt_cbc( &ctx, DES_DECRYPT, len, iv, data, output );
|
||||||
|
}
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif /* POLARSSL_DES_C */
|
||||||
|
|
||||||
|
int pkcs12_pbe_sha1_des3_ede_cbc( asn1_buf *pbe_params, int mode,
|
||||||
|
const unsigned char *pwd, size_t pwdlen,
|
||||||
|
const unsigned char *data, size_t len,
|
||||||
|
unsigned char *output )
|
||||||
|
{
|
||||||
|
#if !defined(POLARSSL_DES_C)
|
||||||
|
((void) pbe_params);
|
||||||
|
((void) mode);
|
||||||
|
((void) pwd);
|
||||||
|
((void) pwdlen);
|
||||||
|
((void) data);
|
||||||
|
((void) len);
|
||||||
|
((void) output);
|
||||||
|
return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE );
|
||||||
|
#else
|
||||||
|
int ret;
|
||||||
|
unsigned char key[24];
|
||||||
|
unsigned char iv[8];
|
||||||
|
des3_context ctx;
|
||||||
|
|
||||||
|
if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, pwd, pwdlen,
|
||||||
|
key, 24, iv, 8 ) ) != 0 )
|
||||||
|
{
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( mode == PKCS12_PBE_ENCRYPT )
|
||||||
|
{
|
||||||
|
des3_set3key_enc( &ctx, key );
|
||||||
|
des3_crypt_cbc( &ctx, DES_ENCRYPT, len, iv, data, output );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
des3_set3key_dec( &ctx, key );
|
||||||
|
des3_crypt_cbc( &ctx, DES_DECRYPT, len, iv, data, output );
|
||||||
|
}
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif /* POLARSSL_DES_C */
|
||||||
|
|
||||||
|
static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
|
||||||
|
const unsigned char *filler, size_t fill_len )
|
||||||
|
{
|
||||||
|
unsigned char *p = data;
|
||||||
|
size_t use_len;
|
||||||
|
|
||||||
|
while( data_len > 0 )
|
||||||
|
{
|
||||||
|
use_len = ( data_len > fill_len ) ? fill_len : data_len;
|
||||||
|
memcpy( p, filler, use_len );
|
||||||
|
p += use_len;
|
||||||
|
data_len -= use_len;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
int pkcs12_derivation( unsigned char *data, size_t datalen,
|
||||||
|
const unsigned char *pwd, size_t pwdlen,
|
||||||
|
const unsigned char *salt, size_t saltlen,
|
||||||
|
md_type_t md_type, int id, int iterations )
|
||||||
|
{
|
||||||
|
int ret, i;
|
||||||
|
unsigned int j;
|
||||||
|
|
||||||
|
unsigned char diversifier[128];
|
||||||
|
unsigned char salt_block[128], pwd_block[128], hash_block[128];
|
||||||
|
unsigned char hash_output[POLARSSL_MD_MAX_SIZE];
|
||||||
|
unsigned char *p;
|
||||||
|
unsigned char c;
|
||||||
|
|
||||||
|
size_t hlen, use_len, v;
|
||||||
|
|
||||||
|
const md_info_t *md_info;
|
||||||
|
md_context_t md_ctx;
|
||||||
|
|
||||||
|
// This version only allows max of 64 bytes of password or salt
|
||||||
|
if( datalen > 128 || pwdlen > 64 || saltlen > 64 )
|
||||||
|
return( POLARSSL_ERR_PKCS12_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
md_info = md_info_from_type( md_type );
|
||||||
|
if( md_info == NULL )
|
||||||
|
return( POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE );
|
||||||
|
|
||||||
|
if ( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
hlen = md_get_size( md_info );
|
||||||
|
|
||||||
|
if( hlen <= 32 )
|
||||||
|
v = 64;
|
||||||
|
else
|
||||||
|
v = 128;
|
||||||
|
|
||||||
|
memset( diversifier, (unsigned char) id, v );
|
||||||
|
|
||||||
|
pkcs12_fill_buffer( salt_block, v, salt, saltlen );
|
||||||
|
pkcs12_fill_buffer( pwd_block, v, pwd, pwdlen );
|
||||||
|
|
||||||
|
p = data;
|
||||||
|
while( datalen > 0 )
|
||||||
|
{
|
||||||
|
// Calculate hash( diversifier || salt_block || pwd_block )
|
||||||
|
if( ( ret = md_starts( &md_ctx ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
if( ( ret = md_update( &md_ctx, diversifier, v ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
if( ( ret = md_update( &md_ctx, salt_block, v ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
if( ( ret = md_update( &md_ctx, pwd_block, v ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
if( ( ret = md_finish( &md_ctx, hash_output ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
// Perform remaining ( iterations - 1 ) recursive hash calculations
|
||||||
|
for( i = 1; i < iterations; i++ )
|
||||||
|
{
|
||||||
|
if( ( ret = md( md_info, hash_output, hlen, hash_output ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
use_len = ( datalen > hlen ) ? hlen : datalen;
|
||||||
|
memcpy( p, hash_output, use_len );
|
||||||
|
datalen -= use_len;
|
||||||
|
p += use_len;
|
||||||
|
|
||||||
|
if( datalen == 0 )
|
||||||
|
break;
|
||||||
|
|
||||||
|
// Concatenating copies of hash_output into hash_block (B)
|
||||||
|
pkcs12_fill_buffer( hash_block, v, hash_output, hlen );
|
||||||
|
|
||||||
|
// B += 1
|
||||||
|
for( i = v; i > 0; i-- )
|
||||||
|
if( ++hash_block[i - 1] != 0 )
|
||||||
|
break;
|
||||||
|
|
||||||
|
// salt_block += B
|
||||||
|
c = 0;
|
||||||
|
for( i = v; i > 0; i-- )
|
||||||
|
{
|
||||||
|
j = salt_block[i - 1] + hash_block[i - 1] + c;
|
||||||
|
c = (unsigned char) (j >> 8);
|
||||||
|
salt_block[i - 1] = j & 0xFF;
|
||||||
|
}
|
||||||
|
|
||||||
|
// pwd_block += B
|
||||||
|
c = 0;
|
||||||
|
for( i = v; i > 0; i-- )
|
||||||
|
{
|
||||||
|
j = pwd_block[i - 1] + hash_block[i - 1] + c;
|
||||||
|
c = (unsigned char) (j >> 8);
|
||||||
|
pwd_block[i - 1] = j & 0xFF;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* POLARSSL_PKCS12_C */
|
@ -61,6 +61,7 @@
|
|||||||
#include "polarssl/sha4.h"
|
#include "polarssl/sha4.h"
|
||||||
#endif
|
#endif
|
||||||
#include "polarssl/dhm.h"
|
#include "polarssl/dhm.h"
|
||||||
|
#include "polarssl/pkcs12.h"
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
@ -78,6 +79,11 @@
|
|||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* Compare a given OID string with an OID x509_buf * */
|
||||||
|
#define OID_CMP(oid_str, oid_buf) \
|
||||||
|
( ( OID_SIZE(oid_str) == (oid_buf)->len ) && \
|
||||||
|
memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) == 0)
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
|
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
|
||||||
*/
|
*/
|
||||||
@ -2189,6 +2195,116 @@ static int x509parse_key_pkcs8_unencrypted_der(
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Parse an unencrypted PKCS#8 encoded private RSA key
|
||||||
|
*/
|
||||||
|
static int x509parse_key_pkcs8_encrypted_der(
|
||||||
|
rsa_context *rsa,
|
||||||
|
const unsigned char *key,
|
||||||
|
size_t keylen,
|
||||||
|
const unsigned char *pwd,
|
||||||
|
size_t pwdlen )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
size_t len;
|
||||||
|
unsigned char *p, *end, *end2;
|
||||||
|
x509_buf pbe_alg_oid, pbe_params;
|
||||||
|
unsigned char buf[2048];
|
||||||
|
|
||||||
|
memset(buf, 0, 2048);
|
||||||
|
|
||||||
|
p = (unsigned char *) key;
|
||||||
|
end = p + keylen;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This function parses the EncryptedPrivatKeyInfo object (PKCS#8)
|
||||||
|
*
|
||||||
|
* EncryptedPrivateKeyInfo ::= SEQUENCE {
|
||||||
|
* encryptionAlgorithm EncryptionAlgorithmIdentifier,
|
||||||
|
* encryptedData EncryptedData
|
||||||
|
* }
|
||||||
|
*
|
||||||
|
* EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
|
||||||
|
*
|
||||||
|
* EncryptedData ::= OCTET STRING
|
||||||
|
*
|
||||||
|
* The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
|
||||||
|
*/
|
||||||
|
if( ( ret = asn1_get_tag( &p, end, &len,
|
||||||
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
|
{
|
||||||
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
end = p + len;
|
||||||
|
|
||||||
|
if( ( ret = asn1_get_tag( &p, end, &len,
|
||||||
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
|
{
|
||||||
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
end2 = p + len;
|
||||||
|
|
||||||
|
if( ( ret = asn1_get_tag( &p, end, &pbe_alg_oid.len, ASN1_OID ) ) != 0 )
|
||||||
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
|
||||||
|
|
||||||
|
pbe_alg_oid.p = p;
|
||||||
|
p += pbe_alg_oid.len;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Store the algorithm parameters
|
||||||
|
*/
|
||||||
|
pbe_params.p = p;
|
||||||
|
pbe_params.len = end2 - p;
|
||||||
|
p += pbe_params.len;
|
||||||
|
|
||||||
|
if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
|
||||||
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
|
||||||
|
|
||||||
|
// buf has been sized to 2048 bytes
|
||||||
|
if( len > 2048 )
|
||||||
|
return( POLARSSL_ERR_X509_INVALID_INPUT );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Decrypt EncryptedData with appropriate PDE
|
||||||
|
*/
|
||||||
|
if( OID_CMP( OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, &pbe_alg_oid ) )
|
||||||
|
{
|
||||||
|
if( ( ret = pkcs12_pbe_sha1_des3_ede_cbc( &pbe_params,
|
||||||
|
PKCS12_PBE_DECRYPT,
|
||||||
|
pwd, pwdlen,
|
||||||
|
p, len, buf ) ) != 0 )
|
||||||
|
{
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if( OID_CMP( OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, &pbe_alg_oid ) )
|
||||||
|
{
|
||||||
|
if( ( ret = pkcs12_pbe_sha1_des2_ede_cbc( &pbe_params,
|
||||||
|
PKCS12_PBE_DECRYPT,
|
||||||
|
pwd, pwdlen,
|
||||||
|
p, len, buf ) ) != 0 )
|
||||||
|
{
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if( OID_CMP( OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) )
|
||||||
|
{
|
||||||
|
if( ( ret = pkcs12_pbe_sha1_rc4_128( &pbe_params,
|
||||||
|
PKCS12_PBE_DECRYPT,
|
||||||
|
pwd, pwdlen,
|
||||||
|
p, len, buf ) ) != 0 )
|
||||||
|
{
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
||||||
|
|
||||||
|
return x509parse_key_pkcs8_unencrypted_der( rsa, buf, len );
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Parse a private RSA key
|
* Parse a private RSA key
|
||||||
*/
|
*/
|
||||||
@ -2243,7 +2359,27 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
|
|||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ret = pem_read_buffer( &pem,
|
||||||
|
"-----BEGIN ENCRYPTED PRIVATE KEY-----",
|
||||||
|
"-----END ENCRYPTED PRIVATE KEY-----",
|
||||||
|
key, NULL, 0, &len );
|
||||||
|
if( ret == 0 )
|
||||||
|
{
|
||||||
|
if( ( ret = x509parse_key_pkcs8_encrypted_der( rsa,
|
||||||
|
pem.buf, pem.buflen,
|
||||||
|
pwd, pwdlen ) ) != 0 )
|
||||||
|
{
|
||||||
|
rsa_free( rsa );
|
||||||
|
}
|
||||||
|
|
||||||
pem_free( &pem );
|
pem_free( &pem );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||||
|
{
|
||||||
|
pem_free( &pem );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
#else
|
#else
|
||||||
((void) pwd);
|
((void) pwd);
|
||||||
((void) pwdlen);
|
((void) pwdlen);
|
||||||
@ -2255,19 +2391,23 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
|
|||||||
// We try the different DER format parsers to see if one passes without
|
// We try the different DER format parsers to see if one passes without
|
||||||
// error
|
// error
|
||||||
//
|
//
|
||||||
if( ( ret = x509parse_key_pkcs8_unencrypted_der( rsa, key, keylen ) ) != 0 )
|
if( ( ret = x509parse_key_pkcs8_encrypted_der( rsa, key, keylen,
|
||||||
|
pwd, pwdlen ) ) == 0 )
|
||||||
{
|
{
|
||||||
rsa_free( rsa );
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
rsa_free( rsa );
|
||||||
|
if( ( ret = x509parse_key_pkcs8_unencrypted_der( rsa, key, keylen ) ) == 0 )
|
||||||
|
return( 0 );
|
||||||
|
|
||||||
|
rsa_free( rsa );
|
||||||
|
if( ( ret = x509parse_key_pkcs1_der( rsa, key, keylen ) ) == 0 )
|
||||||
|
return( 0 );
|
||||||
|
|
||||||
if( ( ret = x509parse_key_pkcs1_der( rsa, key, keylen ) ) != 0 )
|
|
||||||
{
|
|
||||||
rsa_free( rsa );
|
rsa_free( rsa );
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT );
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT );
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
return( 0 );
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Parse a public RSA key
|
* Parse a public RSA key
|
||||||
@ -2726,11 +2866,6 @@ int x509parse_cert_info( char *buf, size_t size, const char *prefix,
|
|||||||
return( (int) ( size - n ) );
|
return( (int) ( size - n ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Compare a given OID string with an OID x509_buf * */
|
|
||||||
#define OID_CMP(oid_str, oid_buf) \
|
|
||||||
( ( OID_SIZE(oid_str) == (oid_buf)->len ) && \
|
|
||||||
memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) == 0)
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Return an informational string describing the given OID
|
* Return an informational string describing the given OID
|
||||||
*/
|
*/
|
||||||
|
@ -12,7 +12,8 @@ my @low_level_modules = ( "AES", "ASN1", "BLOWFISH", "CAMELLIA", "BIGNUM",
|
|||||||
"BASE64", "XTEA", "PBKDF2",
|
"BASE64", "XTEA", "PBKDF2",
|
||||||
"PADLOCK", "DES", "NET", "CTR_DRBG", "ENTROPY",
|
"PADLOCK", "DES", "NET", "CTR_DRBG", "ENTROPY",
|
||||||
"MD2", "MD4", "MD5", "SHA1", "SHA2", "SHA4", "GCM" );
|
"MD2", "MD4", "MD5", "SHA1", "SHA2", "SHA4", "GCM" );
|
||||||
my @high_level_modules = ( "PEM", "X509", "DHM", "RSA", "MD", "CIPHER", "SSL" );
|
my @high_level_modules = ( "PEM", "X509", "DHM", "RSA", "MD", "CIPHER", "SSL",
|
||||||
|
"PKCS12" );
|
||||||
|
|
||||||
my $line_separator = $/;
|
my $line_separator = $/;
|
||||||
undef $/;
|
undef $/;
|
||||||
|
29
tests/data_files/pkcs8_pbe_sha1_2des.key
Normal file
29
tests/data_files/pkcs8_pbe_sha1_2des.key
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||||
|
MIIE6jAcBgoqhkiG9w0BDAEEMA4ECJUO+jJnTjpKAgIIAASCBMi9QFFLgKGYOSDR
|
||||||
|
0zyRMc87RkrvSlyRi8BibyKvTNEDq77jTr6ZEuOF1OeZ9fvdZwJeI4GkTeKkWqTw
|
||||||
|
XDjWATXHbgTX82I3T8R2iBnv6Za9uaFDtDH5gbUYSrSNzMaoyS90hc9PTJ2+TG/Y
|
||||||
|
xUe99kSvzbhAatVQE+0TWpgH+8oACRvGelnHWofw4/CKJXJctUO8l6LdhLht1kwd
|
||||||
|
YXNX0xjxpY/eLGlsUaiDBdb0D9WFjdi4fcZ46IHspqTfBUhYbpDj8IQT1vjH6yjm
|
||||||
|
cPNPstEeyfFnirvgFuHg9LXTH0cf0mJgLzgiclgRVEOel87Lei5icEFI4hDAzWna
|
||||||
|
s3YiTijc926mD5AqQ55QXPN9v6b/uAV1QyKenoYzIWC3Y4phTTeApCyV44f9oMMD
|
||||||
|
wzcYWMZoHzEIiZj/iiCF1uOSamIjunCmpiBXTI7OGXbxXvSSJ3aU9nJHqVT88/ke
|
||||||
|
nj//EzWVYAjMdNYl0bOsWoIONl3eEEnLaUrOYOTVMxGac6yy/oIKR7GP0R26N4V2
|
||||||
|
c434y0aQpn6opT+JYa83N1RwES2/NxwrHs4pcx2WShbTjg1Cw1XMHk8nQYNnM4oJ
|
||||||
|
kXWyns/k1Bay/SXgpl2NRsoWzxCR7BavB2mRcyMz3djbOYscuT4QwpB/Wf6kr6pN
|
||||||
|
gszegRtwLmVBehwvGJwL2SEx2CDHvJNhvoD7vbNiWeTFo1wW1wF4aE7p/Ee7gSRX
|
||||||
|
z14OC8NSbuYV660ntNQ9LB+Z7NDT2d6JTjSnhQHxxLBwy3OnM2/vu0eCd/5+MGjN
|
||||||
|
C4svgFsAH9qnT1VQTzmpwGBJAbD29CVvUUeBF3+up+Mr+IQU9OWWEtUZ2Fm29gs4
|
||||||
|
j4azYJUI4+RLw75yNLVgxS5r4Cc4cKGB/P7qVqdH2CmjrEk0jxyTFT/PE3Df1cz9
|
||||||
|
F8eEprdml2ktrlQ3gCD9fw0kXBsp5vwecpQDS3r2v980vnMxb5Cm7kMTMFb4/hMY
|
||||||
|
z1yaDkarkSHQk3qFYtO5DkEUXhF6fwATyqOgJYwcy/9ynzItqgbsCIYMjpXF7Yww
|
||||||
|
FNa/GQlqIbYRCd4KT64Ahus7I00vVS3b3glcC+KlDkwCJJ0M+glzHrJs3L+PiJMi
|
||||||
|
gm+YT/5FuSqJZ/JI5QP7VMovqSLEw6y6QQHSBCOxh/CGhAL/BZ9A9afvPTRiI9OF
|
||||||
|
fyxAaf8KH1YPI3uKIuDcms0d0gJqQoDmLafdfggd6dwuLF3iQpDORgx80oPbjfl1
|
||||||
|
FEbU8M5DqiH+eOxgEvIL0AhMnPa4mv1brVdlxS3CyojnqxPfecXyEXrhEYJWJdsF
|
||||||
|
aYKR5bU1bY990aN6T3EDRblmHs25Fc328xS2ZJkHNxcJDruwi4EFpQVT+fukOz00
|
||||||
|
hOW2BEMFJLRflE+372LNIgSRVNI536YhF8r4r7O1jrw9McX3hzbJGAtcsXqyIO/k
|
||||||
|
hxC3x5ViqgZbDYgHz/CJJfP2RC8spp2RbZ/uDJu2YI8z8s9OXvcYv0EQmBAJxdt/
|
||||||
|
lyfkzEr/n8oRtDIkrq7lR3rjMUz7AbCfNJpqrEBFol9+qH8+jnmowL8LWBlh0v/A
|
||||||
|
pc3qWIulXOR1pbwXyAELo8wGhnJWL4WmY252S3i0Jn8Gf2kXewMRJsixStairjWD
|
||||||
|
1m0wWUVGSm5CO8Rfon8=
|
||||||
|
-----END ENCRYPTED PRIVATE KEY-----
|
BIN
tests/data_files/pkcs8_pbe_sha1_3des.der
Normal file
BIN
tests/data_files/pkcs8_pbe_sha1_3des.der
Normal file
Binary file not shown.
29
tests/data_files/pkcs8_pbe_sha1_3des.key
Normal file
29
tests/data_files/pkcs8_pbe_sha1_3des.key
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||||
|
MIIE6jAcBgoqhkiG9w0BDAEDMA4ECGhNuQogiktrAgIIAASCBMhfcb+Jt0YOgGni
|
||||||
|
IWnwmmtYT6Nvina/j3FCGzcHCDyUQDqh1rPUtZnmUdM3fyEGlUJdX9wmHh3gUkWx
|
||||||
|
JE00QMzYDQsUbGrt8H3rCQ+aXegCicXAyBgDh0YUhO7bWmgJNSvZOduIeCJ81mnb
|
||||||
|
xtl3CGgaYVOWspr458crtvn1Hlhq0EGs54EUHWBE89PHNxokGHqkFQcdp7QHO9Zm
|
||||||
|
ZvjTn+kR0K5KQbeQwMf3LcboueDV71ueUZsHlTSZ5Qs7WZORRzMBoo2SWV+Mh7U/
|
||||||
|
yAQv4i6CMauVifVqTMbLtfdTyZCts3N57sGstyqIruE1Jwg8m3i+cV/QIh9Fcgo8
|
||||||
|
R+snSlbOZMzCpUIvcuVkEMBP8+89/BtIabXL8SoTsD6v/f/YJfcw9qpOH+AoA3JG
|
||||||
|
UZT+0VxfIk0JUkX8QvM2qMQYY9efX+Dq+N0ODS1vsdP43pKxowOQlQUPKOsqoDch
|
||||||
|
IXW9qDD3uV+clg5L6BqDbX1O98oegcg6L24ZK1yKVzotiTj/eaZVpzTtrNYzWB0+
|
||||||
|
qO9FTwLqOmIRcduKKu5zctC7QlpFY3U2ikbkYpPsam/9GSXVe0LuMRLleiMPQUdU
|
||||||
|
ZJlkZr221OGq5TVhyJ6zEwud26wExB16tLU26ZvEFwExoUPboH/UQwX8L9vd8BKp
|
||||||
|
a32u35n5MOn+54Rfa4qfpU+uLB056CCKL8PwVLN9Xzeg+gJLfWqwEalPmSsylakO
|
||||||
|
7+suOGaUKy1a/uszD97dKk3Abwfoyb0qvbdF131GR04NYIzkQl72CBlxuWqVUt9o
|
||||||
|
pmwsUDAzwoJWi0sKy0dTm3KZHLJ+3OMIydod3beS9uS6Yro6NJBN5EPw3PoByBF5
|
||||||
|
DUkOfW6tV0dlHyXOuwU+JzBd4iwJgO53GVPAap8a/eOGgNCiw72gYM4lcHnwShL0
|
||||||
|
/v969VqntPXb7YF1hMs6ef3zTmLEB4xaXcARynnNkZnpQppxSPeHeXU+KxZCjkLE
|
||||||
|
brzHFnUMr8UJOyra3C/iXfi/OKJcBIURc3oY29Q45GBcV0s/W3n8TVF4qEqtbv3c
|
||||||
|
NbEmgcdzLGA28XiuyUH+pLxK3qP54jlqhd22q5qoN/gz4MKG+hJMMcO00Hj7+4Fb
|
||||||
|
fnxxGE5far3zjHLaxfnRKIfseU9DrQVh6gTg8ibe0kdoUXrptIb51eRcukE7s/yc
|
||||||
|
01Play8GYik4x+kcNAmQT29EslB/3RcrWH3tZExJjjDaC+Ty2atCMmlLGxt7VHOa
|
||||||
|
C3k0QHYSE/TULBldB64S1vVFrZgzLFTlXKGm38mOGCG3t/lQQDTo3IAp0YE+atM3
|
||||||
|
VG6ON3SSU0QRP1aEkZY8t9rf3+/J8Nl8oF4kF9ISzLNhlR/KJlNkmDvG/ic0skJK
|
||||||
|
KYezuuYH8/eEr9ZFfBsb9mRsFCM9iBZl/XqebCCC5/kfXzL/Hpp4f0L7DH4C0f6L
|
||||||
|
LbMCFhvsCNGh+1pdIjN9hbAkv/r2NN8+MaY2xFk0ukLfKgpLp0EfpkkcM0EZcvFn
|
||||||
|
j1JpB7rshCLj4PzM77fLh99H4cffL2qyzXqFF2Y7iW28bW/RQFxYwpyEnowrcRH/
|
||||||
|
11Qi525SdKWRkb9QlTJqFI6wsWe5kmYO/kDqGUpGPGK8+XTRTFjTci7NPLqN+s0w
|
||||||
|
Z4/b5SMVucBKq9sUm6g=
|
||||||
|
-----END ENCRYPTED PRIVATE KEY-----
|
29
tests/data_files/pkcs8_pbe_sha1_rc4_128.key
Normal file
29
tests/data_files/pkcs8_pbe_sha1_rc4_128.key
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||||
|
MIIE4zAcBgoqhkiG9w0BDAEBMA4ECCLhzdwnOXIZAgIIAASCBMG8Wgfn++CFRl37
|
||||||
|
FdQZ90pI+u37yj8v0kFd3rDaDMurEftf10gWwTbm8R8J0eK1edIAHQabkgsF83gD
|
||||||
|
yrxKFp1zhHI1t65gPKHcirhx0t9XuClxAOzEme//iMaw/yf/IKYo9NRqyvA6BKHW
|
||||||
|
2h3J4+JSGLSaCsRUyzhoL6xOzF+VX8zE8PI11TcqfJe7TGs/9G0Pv2XxFpfrG7pz
|
||||||
|
nz5mkAYdckYHcu7+CQGJ09ZUkblV3MYKEEbq5xXEo4Kku/n1YNrh6BEWMLo5XgOU
|
||||||
|
YIAkzhSfnbTt6QrxM+90b4qwk5amrC4w1jUu73ZzaBQs7fhx01pR2y3zTPBD2Dpk
|
||||||
|
G3iLprgEFqsoGCCOqqqEiEF/xDREZEPW0es2RruQ9Tn14LbgTj5XVFI/wBcvp9uZ
|
||||||
|
pjS5chC0/CRbGcRi47A9vx9bjgwiGCDpxx0/Kn68uFCaCeGOAQ687XxAn1UHmBD3
|
||||||
|
esjjb7S16ld9rSKV0oXWugUZKFdoq87AHY8Njhin++biuAEfySu3iH5ajzZV9dEj
|
||||||
|
6JHVwotuL2diVu7NU8mIsfr1kCJoUxIAbWFvoglWNmTtaIBkc5ch+kUTsz9rDtSp
|
||||||
|
lL9fT+wzjN7Q7lyRfIhNOheg2xF9huwF6mqnSlDfvwvEJ8NsQI9+CeooI2c1Zc0a
|
||||||
|
Bh/vDvCzov8TE+1Ma8CnrbaM/aSZ0FIq6PcpWSBLXSDXbLwabEEOLoXQXogOZsc5
|
||||||
|
0sz71l5c8jJPlzXxFYYW8CNuxTsUP+hN2oWvbmL5YLq8P+1tw68jcdbqhTqoqrW1
|
||||||
|
pGEXd2iMRUfCTDuCM6Bn4iIN80qUqqBAuoTC+zCVHnI7+ygmovhf/ykfVzNaDSIW
|
||||||
|
BkDsmZoH6bq3F9HpvOWggh0yK/l1b1E4PDQ6hq7qWNyJMyjYBJEbEdd9O3GW2qev
|
||||||
|
3ARhb0yGulxYH/h3yp2mIfxL+UTfRMcUZD2SobL+phLR/9TMUi6IaHnBAF85snAb
|
||||||
|
rbtAKCp9myFLwG1BujaQ18fKQFgcMjbJY3gLIz+3AC72irLSdgGti2drjP2hDGKp
|
||||||
|
RITAEydZXIwf67JMKkvyuknVWMf9ri9tMOZEvohnU3bW4g9vkv89CUtCLWF8iejM
|
||||||
|
fKIP5hjHOcKRLvvACFbgjYCPt8iPCcQckYe+FZI5T7zYsyQQ47fygS1f7MWZblPJ
|
||||||
|
UKAm8jxWUyySvEzIMHkoZaHtC72OS/L3iCjJ7mkKSZKeCDAzSEJeeQcOl0klVCQ8
|
||||||
|
0P+mXq5wtGakW9MKLhmsOjUIsyN2f3gCO0nESYhWD+3EKFLSW7ZsHbDmwqSDh6bn
|
||||||
|
blFvlQd7cpfYFtlmbxZFcv/l2ijQWPHi93G/0VIhFHxI6LegKt00bIL5iwyF3NpW
|
||||||
|
dNzuE69hweTSKvOPqRsRnWyGv9dVLIaQPwUS+eEfsGGNzM9rbty0j5Bw6KY/uDgt
|
||||||
|
blTfN3yZBcyEsdPwyiVLdi65zMzN8g4VVQBHFhXWPa2N4gJQVq+6q9hQkgFFU7y3
|
||||||
|
f8MX4BrKq8ifwWxsjL2FawcAoDcHUdCZjt/HZ+9/rL3iQvKeHbDbqu4kxlrE1FJn
|
||||||
|
0LHIB21qZIo+6r3fdNMUFkuDRBT9eEh3Wxlg8G35FYCIiOuIwB2ED/Hdnqtnemxj
|
||||||
|
kjRXU176HQ==
|
||||||
|
-----END ENCRYPTED PRIVATE KEY-----
|
@ -114,6 +114,22 @@ X509 Parse Key #9 (PKCS#8 wrapped)
|
|||||||
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO
|
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO
|
||||||
x509parse_keyfile:"data_files/format_gen.key":"":0
|
x509parse_keyfile:"data_files/format_gen.key":"":0
|
||||||
|
|
||||||
|
X509 Parse Key #10 (PKCS#8 encrypted SHA1-3DES)
|
||||||
|
depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO
|
||||||
|
x509parse_keyfile:"data_files/pkcs8_pbe_sha1_3des.key":"PolarSSLTest":0
|
||||||
|
|
||||||
|
X509 Parse Key #11 (PKCS#8 encrypted SHA1-3DES DER)
|
||||||
|
depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_FS_IO
|
||||||
|
x509parse_keyfile:"data_files/pkcs8_pbe_sha1_3des.der":"PolarSSLTest":0
|
||||||
|
|
||||||
|
X509 Parse Key #12 (PKCS#8 encrypted SHA1-2DES)
|
||||||
|
depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO
|
||||||
|
x509parse_keyfile:"data_files/pkcs8_pbe_sha1_2des.key":"PolarSSLTest":0
|
||||||
|
|
||||||
|
X509 Parse Key #13 (PKCS#8 encrypted SHA1-RC4-128)
|
||||||
|
depends_on:POLARSSL_ARC4_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO
|
||||||
|
x509parse_keyfile:"data_files/pkcs8_pbe_sha1_rc4_128.key":"PolarSSLTest":0
|
||||||
|
|
||||||
X509 Parse Public Key #1 (PKCS#8 wrapped)
|
X509 Parse Public Key #1 (PKCS#8 wrapped)
|
||||||
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO
|
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO
|
||||||
x509parse_public_keyfile:"data_files/format_gen.pub":0
|
x509parse_public_keyfile:"data_files/format_gen.pub":0
|
||||||
|
Loading…
Reference in New Issue
Block a user