From 401d6dc66c3f6d86d9a9a757ac1023e01a9b52ac Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Apr 2024 15:35:04 +0200 Subject: [PATCH 1/8] Remove redundant dependency In the test data, remove a dependency that is already present on the function. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_x509parse.data | 34 +++++++++++++------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 89d4578af5..500c6764d1 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -239,71 +239,71 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SE x509_parse_san:"data_files/server5-tricky-ip-san-malformed-len.crt.der":"":MBEDTLS_ERR_X509_BAD_INPUT_DATA X509 CRL information #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/parse_input/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" X509 CRL Information MD5 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_MD5:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_MD5:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/parse_input/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n" X509 CRL Information SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/parse_input/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" X509 CRL Information SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/parse_input/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n" X509 CRL Information SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/parse_input/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n" X509 CRL Information SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/parse_input/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n" X509 CRL Information SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/parse_input/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n" X509 CRL information RSA-PSS, SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA1 mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n" X509 CRL information RSA-PSS, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA224 mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n" X509 CRL information RSA-PSS, SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA256 mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n" X509 CRL information RSA-PSS, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA384 mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n" X509 CRL information RSA-PSS, SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA512:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA512 mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n" X509 CRL Information EC, SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_SOME mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n" X509 CRL Information EC, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PK_CAN_ECDSA_SOME mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n" X509 CRL Information EC, SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n" X509 CRL Information EC, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PK_CAN_ECDSA_SOME mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n" X509 CRL Information EC, SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PK_CAN_ECDSA_SOME mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n" X509 CRL Malformed Input (trailing spaces at end of file) From e6b6c140810284f2ab4d1705bb1d8735f80aa701 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Apr 2024 17:18:13 +0200 Subject: [PATCH 2/8] Allow PSA to not support RSA keys with non-byte-aligned sizes Work around https://github.com/Mbed-TLS/mbedtls/issues/9048 Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pkparse.function | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index a06fc30bc8..63ff092160 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -47,7 +47,19 @@ static int test_psa_bridge(const mbedtls_pk_context *ctx, int ok = 0; TEST_EQUAL(mbedtls_pk_get_psa_attributes(ctx, usage_flag, &attributes), 0); - TEST_EQUAL(mbedtls_pk_import_into_psa(ctx, &attributes, &psa_key), 0); + int ret = mbedtls_pk_import_into_psa(ctx, &attributes, &psa_key); + if (mbedtls_pk_get_type(ctx) == MBEDTLS_PK_RSA && + mbedtls_pk_get_bitlen(ctx) % 8 != 0 && + ret == MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) { + /* There is a historical limitation with support for RSA keys in PSA: + * only byte-aligned sizes are supported. + * https://github.com/Mbed-TLS/mbedtls/issues/9048 + * For now, for such keys, treat not-supported from PSA as a success. + */ + ok = 1; + goto exit; + } + TEST_EQUAL(ret, 0); if (!mbedtls_test_key_consistency_psa_pk(psa_key, ctx)) { goto exit; } From 09569d1dfea6bce02f331bbf3fc7da3b65a3f537 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Apr 2024 17:18:53 +0200 Subject: [PATCH 3/8] Fix misspelled dependency: there is no MBEDTLS_PEM_C Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pkparse.data | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 1650f51b3a..bec6f4b901 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -915,19 +915,19 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C: pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der":"PolarSSLTest":0 Parse RSA Key #100.1 (512-bit) -depends_on:MBEDTLS_PEM_C +depends_on:MBEDTLS_PEM_PARSE_C pk_parse_keyfile_rsa:"data_files/rsa512.key":"":0 Parse RSA Key #100.1 (521-bit) -depends_on:MBEDTLS_PEM_C +depends_on:MBEDTLS_PEM_PARSE_C pk_parse_keyfile_rsa:"data_files/rsa521.key":"":0 Parse RSA Key #100.1 (522-bit) -depends_on:MBEDTLS_PEM_C +depends_on:MBEDTLS_PEM_PARSE_C pk_parse_keyfile_rsa:"data_files/rsa522.key":"":0 Parse RSA Key #100.1 (528-bit) -depends_on:MBEDTLS_PEM_C +depends_on:MBEDTLS_PEM_PARSE_C pk_parse_keyfile_rsa:"data_files/rsa528.key":"":0 Parse Public RSA Key #1 (PKCS#8 wrapped) From dfb7afe67e847939aebaebbd1e302887e2f5f8f1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 24 Apr 2024 16:20:52 +0200 Subject: [PATCH 4/8] Cleartext RSA keys: also make DER formats available We can use DER keys in builds without PEM, so it's good to have them around. Signed-off-by: Gilles Peskine --- tests/data_files/Makefile | 23 +++++++++++++++------- tests/data_files/rsa_pkcs1_1024_clear.der | Bin 0 -> 634 bytes tests/data_files/rsa_pkcs1_2048_clear.der | Bin 0 -> 1218 bytes tests/data_files/rsa_pkcs1_4096_clear.der | Bin 0 -> 2374 bytes 4 files changed, 16 insertions(+), 7 deletions(-) create mode 100644 tests/data_files/rsa_pkcs1_1024_clear.der create mode 100644 tests/data_files/rsa_pkcs1_2048_clear.der create mode 100644 tests/data_files/rsa_pkcs1_4096_clear.der diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 01d2379d1e..1fefc48fbb 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -710,13 +710,21 @@ keys_rsa_pkcs8_pwd = PolarSSLTest ### all other encrypted RSA keys are derived. rsa_pkcs1_1024_clear.pem: $(OPENSSL) genrsa -out $@ 1024 -all_final += rsa_pkcs1_1024_clear.pem +keys_rsa_base += rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem: $(OPENSSL) genrsa -out $@ 2048 -all_final += rsa_pkcs1_2048_clear.pem +keys_rsa_base += rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem: $(OPENSSL) genrsa -out $@ 4096 -all_final += rsa_pkcs1_4096_clear.pem +keys_rsa_base += rsa_pkcs1_4096_clear.pem + +all_final += $(keys_rsa_base) + +### PKCS1-encoded, plaintext RSA keys in derived forms + +rsa_pkcs1_%.der: rsa_pkcs1_%.pem + $(OPENSSL) rsa -inform PEM -in $< -outform DER -out $@ +all_final += $(keys_rsa_base:.pem=.der) ### ### PKCS1-encoded, encrypted RSA keys @@ -1170,8 +1178,8 @@ keys_rsa_enc_pkcs8_v2_4096_sha512: keys_rsa_enc_pkcs8_v2_4096_3des_sha512 keys_r ### Rules to generate all RSA keys from a particular class ### -### Generate basic unencrypted RSA keys -keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem +### Generate cleartext RSA keys in derived formats +keys_rsa_cleartext: $(keys_rsa_base) $(keys_rsa_base:.pem=.der) ### Generate PKCS1-encoded encrypted RSA keys keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 @@ -1183,7 +1191,8 @@ keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 key keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 keys_rsa_enc_pkcs8_v2_1024_sha224 keys_rsa_enc_pkcs8_v2_2048_sha224 keys_rsa_enc_pkcs8_v2_4096_sha224 keys_rsa_enc_pkcs8_v2_1024_sha256 keys_rsa_enc_pkcs8_v2_2048_sha256 keys_rsa_enc_pkcs8_v2_4096_sha256 keys_rsa_enc_pkcs8_v2_1024_sha384 keys_rsa_enc_pkcs8_v2_2048_sha384 keys_rsa_enc_pkcs8_v2_4096_sha384 keys_rsa_enc_pkcs8_v2_1024_sha512 keys_rsa_enc_pkcs8_v2_2048_sha512 keys_rsa_enc_pkcs8_v2_4096_sha512 ### Generate all RSA keys -keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 +keys_rsa_all: keys_rsa_base keys_rsa_cleartext +keys_rsa_all: keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 ################################################################ #### Generate various EC keys @@ -2177,7 +2186,7 @@ all: $(all_intermediate) $(all_final) .PHONY: default all_final all .PHONY: keys_rsa_all -.PHONY: keys_rsa_unenc keys_rsa_enc_basic +.PHONY: keys_rsa_enc_basic .PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 .PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 .PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024 diff --git a/tests/data_files/rsa_pkcs1_1024_clear.der b/tests/data_files/rsa_pkcs1_1024_clear.der new file mode 100644 index 0000000000000000000000000000000000000000..8dfb09fb8407c69ab2501c2b5738b754aa594704 GIT binary patch literal 634 zcmV-=0)_oBf&z8|0RS)!1_>&LNQUpU@(FLTmk_A0)c@5$2gM3!}M?v z2y6HgHSF^N9Ev3mm4Y@NsvedSRT`}Ldv!Ala91;&*_H84Ohh-xzQmwEpuB{xNx8 zX1)E7&I}Gm!xMF}XmsR=>fc+2kg}&j=keq-8GCM8!TM^lY{-&*Corqc;yCii%>qFH z`d9`?^Kw{rRufF!w>j?`m{=(DE)7J+&TU{#ohW+Fs*b)61KPvf)W#iEwG~q8>v>*I zDvI*MlDL;{A*+_-0zm-FxZ7SW$`E_oKyEC4?+;0WDk^giM+CSBU)<3imvWiLal_yO zzQyQ-d{C^k$T_&cjV?r?8Z#N^GhalCv3;)sKr&-nNPVxXJdRMVEe1a$@IP;-He)l2 ze^qx-W$xDj`0V|3C6EIRUpjbk*%@r4R^oJcRn=TbMza=jY*}2FF9JX}tt!snX2k%6 zm}Eod;Q-~29AyKO9!{*--y0)O;07Z8xFXj(2-aW7t&IZKS&n4x!shKfwnJA1_vJ=^ zJt*S>KnwyF2HC0K)eKyonyd_D1?l;XN4#g5BT8%D@JY<=);jVU(5ECPzjsnJx*{mw UpDewlX^JGbN)X4t0@RTXEm)x;3jhEB literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs1_2048_clear.der b/tests/data_files/rsa_pkcs1_2048_clear.der new file mode 100644 index 0000000000000000000000000000000000000000..137395e2a392d435aceb82d0983ab9ff9af5757d GIT binary patch literal 1218 zcmV;z1U>sOf&{(-0RS)!1_>&LNQUrs4#*Aqyhl|0)hbn0H{@G`LduK zG{zNW9`^IWFh&?+Vs`pVi*&4Y6)`Buh`@(Kmn|BKJ)<#@)THy;3 zIoarFf~mW88*VlZu4EEje8iDBm%zlxv3&eV$y!B&VIJA<=puk3ZEQ^b8r*D#cr3wN zjWd#ST!A`=qoQ{dyfpwrSc#+rd3uvO8n-Z2rqFZ+ppdvA(D~sQfJ7=g`l4R>s*D)? z2qQEET@nygR|ei&)bdp_O!{7dhW0y*-A1s4>|m(`7q#EBW+lcf?jPs_ht*6gf5z{X9123!=RO|u6UAw<}G?FCpet~ji=L2eJe;* zP{<+TjX@HANcn@=I!S;^!&HZ?+na8!$*6&yPCL2g1poh$JS5LdjvhP_x$<$YL}!~C zmrk40j@*Hurq48(0OwUgH$gbu!3kK_ksfIdg)#n?rThg;J1h^Sl9ll&R2c$+fdJC< zLM-dshAAItpr-;xfnr!^YfwnvXb)?To4_KjrJ^<}UG7E`(9Z$Sc^yseRUjn5NTdCP2G#5-i`6}v%%Oa(ZT$E zThkF{nTbOgrKj?w(jIaC)G)}qqLTuFfdI@$Pka3GOmzrSmI&bKL;NqM2yu=YaP3rX zQ6K}&IwkH7$VLV0P=Dd33g0|NG5H%l5iaH-IRXkfyG%zrAP>bG#2OK{Y!d?3m;LYS zW+l3iNGX>9J7r({pa9MUN}+$2Gr74yv^`Zz+{0eJnV~m{R%Ucm$x2-JcftwT_?H5K zfM8(+Qth`e23@&1oYUt{d6pJA>qbBOl>hl|nM=PbA%97~{Cd0B{c8gA|0G8MZpPKh5@;b#4Iaw>GA}{4Y(&>gM z;di-4dWV!EUL)QTk#dQH77Kt|0^v1GZIEhGvH1y$SujV{K+I60szP}1WB0UYHQJ!B z_qr5shiI;5J0IWi{5RH39*Y93L3uxB&b&88VGR9A^^%_0KQ0Yo8KKF7B0*>qtlKSf z-2#Du0L9c-e+Hz2C=J##PqzjB%)5zr&?2VJF=86+>nIx+`Ws3k_iTktU1k*_}zgW)UQ@sVz6GwZNnS0F(2}~ gZQJH(unKUZ;^V5;|NmZV@F&WNLW4zvPu$>5*v6|p)Bpeg literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs1_4096_clear.der b/tests/data_files/rsa_pkcs1_4096_clear.der new file mode 100644 index 0000000000000000000000000000000000000000..c65a2325b5363ff811ae440b3924e246e0efc7de GIT binary patch literal 2374 zcmV-M3Ay$#f(b$b0RS)!1_>&LNQUwEHHuzC;|Zh0)heo0M3Kwsfd5< zM8=uZR&mVg?{QZ9;onMaPj%vIi`8Xm0q>iH*@ivIWD0kS55vg;Vkk65!s!ccx)!Yt zZ5nwj5^IZDh@zdKrvjBrsth-ByuwTx4qk+C%0FfkvOEuCa*P}rlk_*5cIpC)ja1u2 z*LPA~^NdoJUmWePrV8AJquz$01<<5;hhWk-Tf+8U_NX0)BW z=XCrJb%u7EiZ$Nzp;u6+ccnRnwSOD;n>? zlwIs!wxlmVCHsLEL*CkOWHy3>=T0(U*_m@@R-+W z%J$&o20Cyrg8ckcMM%KgswHI#d@7L!VSej#fIhe&%(Mq#VQ%)1GwrrGK?hVu_J*&< zZq734qtHKvZ6RmAQn6vsRR~8+TF7b46XxZ_J&(uQ3EZkl*ntN2>2b7m-Y+~kjsUsy zi#WhibMYO6FZk@$*3DidkY;mEYV8Ty%Jc6Hmllm_xNKPUO9BG{009Dm0sv|J@{wfM z+K08V&hRI>w!Ny_tgTS*9>~x{qR=09OMOk=@Ib$h$YV;U?YruXr{o)?Fv#iH4?O%- zR{9acET&6=nlkX(n@{_gY1`c=JOH|DT38d5KU&>P<3R6dDsJeHr|4BjkVFM{#_fY9 zf#6zYSBZxlAL_SN^?Tx~`+JL`d+juUHF3siOdbO|UM zJ&;|=UD(Yv-|L&Lq5j`#LDu_H^~TLjk&xeN{qwAKaeJSPVr&akGcbcnbTA-3Y$ILZ zBO3@}lF#cMaqvtwv;HIF6<^3Ze@_Ue0sx&A0a>{2NQiS)pbDDqV4MJv`A}DF7DR6j z8)WzLCCpz}q;G+LtMHbEF#ORR&NeeNxXJ=~b$yaTflYdH-jzeFtVdwiM>AseQsRMP zSVS-WuY>P7GxSUzMTy>wwD1~{y?Oc9s!~Wm8n3`J=;=p1YK%-PySSeNpVshgm1O& znt3z&VNx(_sn{SX(~I$S)9;G}lg9-$gIn;`j()SDUKR#Z3(p?{++ZkNGY{X#i8tmY zchD)GRNq$rvc#c@q?Cfox5I)u`n6LGe8gp&(2364orD1u6&P30cF|&cl>YY+AIW6& z)&mKSd;82<&Bs4A)-8pQ4RsYxUqcmHSaC+NtU^#xD8Ax#%mfz#f&l>l*ni^IujpNH zEGO~Z2&G`*jom11*SgTnB;oMwM9(<~PFBAQ1E^xR;QG!)WiKIxV{MnJTp01Ew3TUN z`OtuE_n&l%4MPR<{H+Dnhx7CxoT#utamw$Y9)2yR{Yp;Q5WYyrJkVM<_f0S_?%h` zb>!A)*R3hv=kzj=uIc^mn9UwWlI*>lW*%iwn=LJQ?bjo&w5pYM^{ zpn%bfvyF(ZIL1P9^`L6{kuw>@B4=PP+L46l7`db23VfXf^_ra=AbHILJFL&G+bwJ9 z;bm*C-b|Bd@0;FDskN*k(WW`FsKHK=;&7?}bj3~8$wMtgoyzp@tcMLQ5;$HS_XXTt z=SF!ezB2=CmtuXdt2)9PO!V&FA`8aav=X-Rc%4osxVa-hNIy`}$f5za#P}>_hw2ca z>M#a`y$rKJ{1YCu;dK0AfFP0h9IaL~CdTl5=X{Ecs>hQll}=jeARILW`LZPzI1+v~ z!`6EDqLxDH4;+%mi#0jNVXF^BZyrp?2bRTNe*N(=D-jpVEr?HUX##=)01>Hqzju*| zGjAs_kePSF%7Q$G@{oKnSXx}r9q{7l89)UXw~-{v>-|P{|8oG8=X9yc zJ?1#x1fxw|&ur$|-G0~cOMoNXiPb!t83LxNQ}Zz;Vg$nO(3Xy1ESjG{f=QJO2g7Og zbcT}r4R!&&k34FRrSD_x{el?xefUB0jyF&BPa#Nnox%qnr$SDKj93iMSO&mofg1uj z@6MrxPK4sD5zvCw$~6jpvdQgaPyqU`ch{=Hg@(ul!CV|RIx5U%oK;ISJBH`ok<_W%F@ literal 0 HcmV?d00001 From 0a2d48290b8cae6838a3560b063d0666f822c0fc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 24 Apr 2024 16:21:59 +0200 Subject: [PATCH 5/8] Add some test RSA keys of sizes 768 and up These are sufficiently large for PKCS#1v1.5 signature with SHA-512 or SHA3-512. Cover some non-word-aligned sizes. Signed-off-by: Gilles Peskine --- tests/data_files/Makefile | 18 +++++++++++++++++- tests/data_files/rsa_pkcs1_768_clear.der | Bin 0 -> 489 bytes tests/data_files/rsa_pkcs1_768_clear.pem | 13 +++++++++++++ tests/data_files/rsa_pkcs1_769_clear.der | Bin 0 -> 490 bytes tests/data_files/rsa_pkcs1_769_clear.pem | 13 +++++++++++++ tests/data_files/rsa_pkcs1_770_clear.der | Bin 0 -> 491 bytes tests/data_files/rsa_pkcs1_770_clear.pem | 13 +++++++++++++ tests/data_files/rsa_pkcs1_776_clear.der | Bin 0 -> 492 bytes tests/data_files/rsa_pkcs1_776_clear.pem | 13 +++++++++++++ tests/data_files/rsa_pkcs1_784_clear.der | Bin 0 -> 497 bytes tests/data_files/rsa_pkcs1_784_clear.pem | 13 +++++++++++++ 11 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 tests/data_files/rsa_pkcs1_768_clear.der create mode 100644 tests/data_files/rsa_pkcs1_768_clear.pem create mode 100644 tests/data_files/rsa_pkcs1_769_clear.der create mode 100644 tests/data_files/rsa_pkcs1_769_clear.pem create mode 100644 tests/data_files/rsa_pkcs1_770_clear.der create mode 100644 tests/data_files/rsa_pkcs1_770_clear.pem create mode 100644 tests/data_files/rsa_pkcs1_776_clear.der create mode 100644 tests/data_files/rsa_pkcs1_776_clear.pem create mode 100644 tests/data_files/rsa_pkcs1_784_clear.der create mode 100644 tests/data_files/rsa_pkcs1_784_clear.pem diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 1fefc48fbb..0fbdfe513d 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -706,8 +706,24 @@ keys_rsa_basic_pwd = testkey ### Password used for PKCS8-encoded encrypted RSA keys keys_rsa_pkcs8_pwd = PolarSSLTest -### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which +### Basic unencrypted RSA keys from which ### all other encrypted RSA keys are derived. +keys_rsa_base = +rsa_pkcs1_768_clear.pem: + $(OPENSSL) genrsa -out $@ 768 +keys_rsa_base += rsa_pkcs1_768_clear.pem +rsa_pkcs1_769_clear.pem: + $(OPENSSL) genrsa -out $@ 769 +keys_rsa_base += rsa_pkcs1_769_clear.pem +rsa_pkcs1_770_clear.pem: + $(OPENSSL) genrsa -out $@ 770 +keys_rsa_base += rsa_pkcs1_770_clear.pem +rsa_pkcs1_776_clear.pem: + $(OPENSSL) genrsa -out $@ 776 +keys_rsa_base += rsa_pkcs1_776_clear.pem +rsa_pkcs1_784_clear.pem: + $(OPENSSL) genrsa -out $@ 784 +keys_rsa_base += rsa_pkcs1_784_clear.pem rsa_pkcs1_1024_clear.pem: $(OPENSSL) genrsa -out $@ 1024 keys_rsa_base += rsa_pkcs1_1024_clear.pem diff --git a/tests/data_files/rsa_pkcs1_768_clear.der b/tests/data_files/rsa_pkcs1_768_clear.der new file mode 100644 index 0000000000000000000000000000000000000000..7fbd8b221f51a9fc3888347103dbd00bfb40d411 GIT binary patch literal 489 zcmV&LNQUo&oF`k%K`xa0$~8ziDRKp3|%Ox z0SO5z)5qttd?h@n9*w|VlB&94h7?5!hKz`(pluaF;*hb7YQr;VuEJ9?*$RoHgwjug zAThGI;qkkCc&Ye^L;g}geJcy+rb^Fr{kB>l;Za7)a!c0&0|5X50$~7*9X1l&J9c%B z1)#7>>4n7el5W|S-?t^iABW%UnA6R3$vP8z1eLxoWup}N0DB=Fi*`TfI?7hmP(^xX z5Vx2*m@&(cnSN;}Vr?a3qBXiho`h5l3 zzu()yxyPyGO;a(zD+iz&LNQUo&@h4l%mM)b0$~BQGpW|Qo$eGH zFuKs$4FP;!!e8a>epc4UFIfdjZpds&3I}lGu_fDIg&O$+0|5X50$~8v7z|YWcUqow zE=e#LO6`ew3Ri)XLp%aaZFhf5t2u`T2Ap5o!>6rjAojh{kf~tXmk8vAOmD&A9@(&{ zY+IOJJkIW3;FkBzq#~T0*5J#CWwWgXv6tk(qr9(NlCzpCv!)yk3bJGGb0Q;8;seY||r7$%gJpSsy z8V{4*iz+tGE#}@wxNAEC#v{`Z(@ycku#6g_@Pxn;g90#8OgNT9EdAqL@%Mu|E*~5Q zi147271)_3L8(17^jw$_Bd#Y6noxYXX#7eOxGi}CF#zMy%^cX09*MHjm%H;7{pee4 z$up>dLP&grk*s8;W(cSb3vpdeK8~aR#>PiqY9j(M0jxo06?vXF5~==Wgq~ltvlfYT g1k9tnrPHJ==c-SBb5#84&qBjwUH`L7CS&Fq9s?xawEzGB literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs1_769_clear.pem b/tests/data_files/rsa_pkcs1_769_clear.pem new file mode 100644 index 0000000000..a04b2c1b2e --- /dev/null +++ b/tests/data_files/rsa_pkcs1_769_clear.pem @@ -0,0 +1,13 @@ +-----BEGIN PRIVATE KEY----- +MIIB5gIBADANBgkqhkiG9w0BAQEFAASCAdAwggHMAgEAAmEBtTOp1rud7hQbMLrQ +2Q0BfF7CX+XtflbWxy9ZBUpuyGxJCgdw4+PXZGa64DaxHozNM3EHGxvnYc1uuWpl +g3kvTu5qfAzZuKjnGXVIVc3aneHMTYQeUzWcGrSxJdtfhRr5AgMBAAECYQDVGAxU +/HdannQuSTAYSu2JeApXgZNDPAJNbXd/S6s5hwYGnF/aw6etaSD2vdGQqWDblwjk +hUxvweEe2bCobFuYXTzO7l7glvfNpHn2VOy44SFW51YG1JGyJ3qpm6DQ+30CMQG8 +3YQ7tWfTExA+mE7AxHuG1XPHGwANEEeZL7WmmkIUs6nCpUM5tyeXelXDbAZ3c9MC +MQD7lwqpfq18pTA1Hzz+6sAaD5Pdiyo2zi3m3ke4azsCxiPTENNO8cSwjBqi8ITA +EoMCMFJMOJZDLP3jXPH3gzouHxwGiPCgkhXYmSZBqT009FyYECOuJw2aUHy5aPxK +E7gteQIxAOPRzRzYkh6JstKXu/MV/ehbbMkzqIFCSHyDkaxkpWYIqA4LcV1OPo6j +/8bGR19qIwIxAaxBZhV5njcSqf5lhJ5ftLMWiXQEzKO8pdOkLOeqT35zVPzpz0LD +ZF3/s0smY+YZHg== +-----END PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_770_clear.der b/tests/data_files/rsa_pkcs1_770_clear.der new file mode 100644 index 0000000000000000000000000000000000000000..f9e6c8be95eb6918e631124c2db71e1fa10dfcf4 GIT binary patch literal 491 zcmV&LNQUo(J+Dm%>n@c0$~G7YukUw;P?$T z8Oe6{RT@|}h9C+lVEd7W7Z^rhKBV$vTGcc^Dx#u0pVA44E&$SBjqX-lcx7m`$p3Wq zH4QTsPfbm*LRW{5A#))1`-%F zV7gsNTdMw^iew#=8OHrMb?AA9PG z8oGalXQ;6_UEH?eVBfkmTRUM%ErfuHYlPW+E^5g8i2^YJ#Oq^D`^BRh3;o6{>nWZG zXuwxGlRHDiaI={5{OJ?5dePyAfbH#SOFmFllh~q(0xEHm8JvN_5lgnv0N)WMVTJY%tF#&jEzK*cq&!(s+x1?*rOvD9; hxw*7Z`z!2{3t=lURw6}Mg+{=LCnZh|%f&e^7t%Hb-v9sr literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs1_770_clear.pem b/tests/data_files/rsa_pkcs1_770_clear.pem new file mode 100644 index 0000000000..6e90126f86 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_770_clear.pem @@ -0,0 +1,13 @@ +-----BEGIN PRIVATE KEY----- +MIIB5wIBADANBgkqhkiG9w0BAQEFAASCAdEwggHNAgEAAmEDS2vbf8jg+A02Gcl2 +91UaWDaGIAopYPuRhxcYRmA+pPJjWtU0Pyqiojuf0gmILgDSX43uVlx4ZWi0yP90 +9jUNMxZPTU2wQleHjuVAk10eGknKxnKh2YX43vWyy1zaLKcxAgMBAAECYQEY6b+d +/AYSGDRgul1JW6r+nopluXy2tJNv7x1Cs2OqBKFa65APSeAJMNq2Vj5pNBOnzaHK +NPv4S0Z/HOh8DylYdJXW6+4lVZqYrLwC1XVhejmVERnKNOB0nO4qPAjHTQECMQHh +c8/cL9618nOYJwJigr5NiNIJ1h0htUhllNHzGBqtQG7YrN50p9x1HQfzKSVGnGkC +MQHAd7y2zJenNtfwTR976ooaun+FZ6ixOF3ctuFg37o1WzthSS2EgIlrhNl8LmrI ++4kCMQHE62NO+8WjGwv9xizrKZ4HaMBXOpM7Q8Rws5jy/OkTtXrR4YaA7e1qSz5Q +VZPYookCMQCEIYMjZKIl7R2wOjjVfKPV/i7GMmVcWZwmBGfg7+ngAJI9Np9Hk8tp +N0oQsWha8OkCMQF4Y76OsODPpqgnt6RrwkzEBYe5ubRQ+yvskgthKzFWIkVYhUbA +iCclTg3LxTkuF9I= +-----END PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_776_clear.der b/tests/data_files/rsa_pkcs1_776_clear.der new file mode 100644 index 0000000000000000000000000000000000000000..85118811e75c94eb94665191c3e764ac924969df GIT binary patch literal 492 zcmV&LNQUo(lCMn&H@1d0%8E!*F`~$>zBSH zfjIL&3-$a~h>F2|_l3%P1&SUegj&d!B;Whua!21KN5sY~?J?LYEPcPPJ;nR^vt7QU zr{1o2HO3egc%kfTjUC{>1Pci1&PUjE_eTxO2$R8+{Fj7V0s{d60Rmw^{9RdHy)C;c z8Pd{_C_z5AWH0TR#DvA}(6_r6CId`+-K6y8l+VkVwY2oe>3al>;pJr67*a}}Y$Sk_ z;&7rb9x^(ldOGs$A9hF)F})mNOBN&+CO0!sF;MMfo75R$0x=IgxhXzrjoH_k#ps`m zBeI!hDpglTjJ4D#?vS$CEQ3D4wX~iXq_aS*tkybJHw)7OF%C-s2%YRP5|D94zc9I| ztufQRUSh4Ht6?rc(e3+Vh`)n%L?*n}X*%^5l8iF|_*num2=8#*qd=1HLLFZZ@M+?U z)UP(?ZIWp4IRE}lO6^n8W;*E1iCcX`vIz$ i-lT+2ySwEV6W!zIX`2aukg$5`L$y&LNQUo*D!(s(*gki0%HKZvDvpMWVB1$ zSQl|?6(*SS>y-PqsceJ(<)Mb&W`YdWfSZ8ku#a~(Zb*}%&UcerB3_l!FE>cY@UOG9 z=Ju^-G&kOP)K(U2j>k)&fn#uW8ROZ93w`N?uGO&%6;jKIGLjeLZ0NwTKKcqaa4ptLn zU36D~8HDD2pw#sdhw*7nNOy-X}J zQYkHhy3X=IC{DJMBi?B4US zP9Mc7pvVVsx%g?&(!q!}CIC0VHvhO*rLrWvm6gbuB&J+R9|AEq%e-k;IkTsAw*Dhh nD*#qZ;_|yribGA{Kud4Ae1wyuar?_6&(ufCGN(ko2h9^bGPmq6 literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs1_784_clear.pem b/tests/data_files/rsa_pkcs1_784_clear.pem new file mode 100644 index 0000000000..03eb10e126 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_784_clear.pem @@ -0,0 +1,13 @@ +-----BEGIN PRIVATE KEY----- +MIIB7QIBADANBgkqhkiG9w0BAQEFAASCAdcwggHTAgEAAmMAvbHZtyhktEvbWBdx +axUmmPLrlPu3qWyD/uWhht5mggzVgJuA5rCPdzZuSJOhzneTWyJeldIvN0jI8K+z +tOb2rWY0eLikyaI5T/j3BcpnMSvz6Igwdd8ZXHKxsixyH/Wb/JMCAwEAAQJiGxeb +kJ0kRNvQp/QxLqoGqTGIk+6ffIMTFwSU3T5GRayvkX6kGk59LvmHJrZvFZ3eXZbI +QDclNOS96CGaw7LdTM8L8iFAsYVg6xGDqJrJ+VRU5sOut2ZcvTKwjZXhrTvvQwEC +MgDd9eo/pDyuDlYTZF10V4AZhOZ9oNT1EYfx57jDSQhNNc6vbdYcSAhi6ykowHTW +C+D5AjIA2skwnxXPAl16rbwpIFMK1BrAsYeZfPOxpKIPXiGMQNCdVOQERYyG1vK5 +2bQ1eO446wIxePaABtb2ytS9TCwyUiktgrrO8kAoTraTI95o7uRqRcnBLhHp0dff +2ijWcYMRKWWn4QIyAMoS9yCIcRm7I1siJk4fxSmgyAdwufhp0NLBiDYmADfBNv+4 +VqWyJLyVlciZJKZcSR8CMTfLvGlWObOndbb+I1IrAFZM4vK7TopDTeBAS2+5fIST +o3H7yyLP1EfKMqdEvgfNEz0= +-----END PRIVATE KEY----- From 786dff670172ad6bcb4eaa0197ed9df4afea1fcc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 24 Apr 2024 16:23:06 +0200 Subject: [PATCH 6/8] Use large enough keys when testing parsing of non-word-aligned RSA sizes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When PSA is available, we exercise the parsed RSA key with PKCS#1v1.5 signature, which requires the modulus size in bytes to be at least tLen + 11 (per RFC 8017 ยง9.2) where tLen = hLen + oidLen + 6 and hLen = 32, oidLen = 9 for SHA-512 or SHA3-512. 10 is the DER overhead (3 ASN.1 type-length headers with lengths <128). Replace 512-bit test cases (good enough for SHA-256 but not SHA-384 and up) by 768-bit and up (good enough for SHA-512). Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pkparse.data | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index bec6f4b901..d170e1e089 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -914,21 +914,23 @@ Parse RSA Key #99.8 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384 DER, depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der":"PolarSSLTest":0 -Parse RSA Key #100.1 (512-bit) -depends_on:MBEDTLS_PEM_PARSE_C -pk_parse_keyfile_rsa:"data_files/rsa512.key":"":0 +# Test keys with non-word-aligned sizes. +# We use sizes that are large enough to exercise PKCS#1 v1.5 signature with +# the largest supported hashes (SHA-512 and SHA3-512.) +Parse RSA Key #100 (768-bit) +pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_768_clear.der":"":0 -Parse RSA Key #100.1 (521-bit) -depends_on:MBEDTLS_PEM_PARSE_C -pk_parse_keyfile_rsa:"data_files/rsa521.key":"":0 +Parse RSA Key #100 (769-bit) +pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_769_clear.der":"":0 -Parse RSA Key #100.1 (522-bit) -depends_on:MBEDTLS_PEM_PARSE_C -pk_parse_keyfile_rsa:"data_files/rsa522.key":"":0 +Parse RSA Key #100 (770-bit) +pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_770_clear.der":"":0 -Parse RSA Key #100.1 (528-bit) -depends_on:MBEDTLS_PEM_PARSE_C -pk_parse_keyfile_rsa:"data_files/rsa528.key":"":0 +Parse RSA Key #100 (776-bit) +pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_776_clear.der":"":0 + +Parse RSA Key #100 (784-bit) +pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_784_clear.der":"":0 Parse Public RSA Key #1 (PKCS#8 wrapped) depends_on:MBEDTLS_PEM_PARSE_C From 69eba519f0016d1dda72761e24a4e2f4703937c8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Apr 2024 16:02:13 +0200 Subject: [PATCH 7/8] Fix rsa_pkcs1_*_clear.der to actually be PKCS#1 files With OpenSSL 3.0.2 (which I used to generate the previous set of "pkcs1" DER files), the output of `openssl rsa -outform DER` is actually a PKCS#8-encoded key, despite what the documentation says. This is a change from OpenSSL 1.x, where the output is a PKCS#1-encoded key. OpenSSL 3.0.8 documents the output as PKCS#8. Change to `openssl pkey`, which seems more reliable. The documentation states that the output is PKCS#8, but the output is actually consistently PKCS#1 at least from 1.0.2g to 3.3.0. Signed-off-by: Gilles Peskine --- tests/data_files/Makefile | 2 +- tests/data_files/rsa_pkcs1_1024_clear.der | Bin 634 -> 608 bytes tests/data_files/rsa_pkcs1_2048_clear.der | Bin 1218 -> 1192 bytes tests/data_files/rsa_pkcs1_4096_clear.der | Bin 2374 -> 2348 bytes tests/data_files/rsa_pkcs1_768_clear.der | Bin 489 -> 463 bytes tests/data_files/rsa_pkcs1_769_clear.der | Bin 490 -> 464 bytes tests/data_files/rsa_pkcs1_770_clear.der | Bin 491 -> 465 bytes tests/data_files/rsa_pkcs1_776_clear.der | Bin 492 -> 466 bytes tests/data_files/rsa_pkcs1_784_clear.der | Bin 497 -> 471 bytes 9 files changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 0fbdfe513d..fa30cf57b0 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -739,7 +739,7 @@ all_final += $(keys_rsa_base) ### PKCS1-encoded, plaintext RSA keys in derived forms rsa_pkcs1_%.der: rsa_pkcs1_%.pem - $(OPENSSL) rsa -inform PEM -in $< -outform DER -out $@ + $(OPENSSL) pkey -inform PEM -in $< -outform DER -out $@ all_final += $(keys_rsa_base:.pem=.der) ### diff --git a/tests/data_files/rsa_pkcs1_1024_clear.der b/tests/data_files/rsa_pkcs1_1024_clear.der index 8dfb09fb8407c69ab2501c2b5738b754aa594704..cec2c30117d6e3ddc6492c5354bace376c84bd2c 100644 GIT binary patch delta 8 Pcmeyx@_=QdR00zK5gY>$ delta 34 pcmaFB@{2{vpoyuBiIKs8myJ`a&7CIFS!2l@a2 diff --git a/tests/data_files/rsa_pkcs1_2048_clear.der b/tests/data_files/rsa_pkcs1_2048_clear.der index 137395e2a392d435aceb82d0983ab9ff9af5757d..667051bd80aa77abb5164bfb2dd1d3d6527d2b62 100644 GIT binary patch delta 8 PcmX@axq@?})Cv{=4%!0r delta 34 qcmZ3%d5BZWpowK46C;BGFB_*;n@8JsUPeYnRtAmv_@#7lny5V4vPYp delta 34 pcmZ1@bWBLfpo!CoiIKs8myJ`a&7{EAu1po#Gr6C;BGFB_*;n@8JsUPeYnRtA Date: Fri, 26 Apr 2024 11:51:08 +0200 Subject: [PATCH 8/8] Convert recent RSA key files in PEM format from PKCS8 to PKCS1 Like `openssl rsa`, `openssl genrsa` changed its output format from PKCS8 to PKCS1 in OpenSSL 3.0. Note that the makefile instructions assume older OpenSSL. Convert the files that were generated with OpenSSL 3.x and hence were not in the intended format. The files are converted, not regenerated, so the key material is the same. Signed-off-by: Gilles Peskine --- tests/data_files/Makefile | 2 ++ tests/data_files/rsa_pkcs1_768_clear.pem | 25 ++++++++++++------------ tests/data_files/rsa_pkcs1_769_clear.pem | 25 ++++++++++++------------ tests/data_files/rsa_pkcs1_770_clear.pem | 25 ++++++++++++------------ tests/data_files/rsa_pkcs1_776_clear.pem | 25 ++++++++++++------------ tests/data_files/rsa_pkcs1_784_clear.pem | 25 ++++++++++++------------ 6 files changed, 62 insertions(+), 65 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index fa30cf57b0..bbbfa9cd9c 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -709,6 +709,8 @@ keys_rsa_pkcs8_pwd = PolarSSLTest ### Basic unencrypted RSA keys from which ### all other encrypted RSA keys are derived. keys_rsa_base = +### TODO: the commands require OpenSSL 1.x to work as desired. With +### OpenSSL 3.x, they produce pkcs8 files. rsa_pkcs1_768_clear.pem: $(OPENSSL) genrsa -out $@ 768 keys_rsa_base += rsa_pkcs1_768_clear.pem diff --git a/tests/data_files/rsa_pkcs1_768_clear.pem b/tests/data_files/rsa_pkcs1_768_clear.pem index 0e2d52e05d..33140c3c71 100644 --- a/tests/data_files/rsa_pkcs1_768_clear.pem +++ b/tests/data_files/rsa_pkcs1_768_clear.pem @@ -1,13 +1,12 @@ ------BEGIN PRIVATE KEY----- -MIIB5QIBADANBgkqhkiG9w0BAQEFAASCAc8wggHLAgEAAmEA2YljoU8MXSipAQkJ -KtPH57N8JTyoHo3AXZKqumGGFEUJhoyIp6BtFUHikLGMasMzaK7CUzLZComjhNJP -gyAxsrjh8bt8eKn4iEP+UkB9KwvnpkrPdP22WiDhUUbKckvXAgMBAAECYQCMHTYS -3Dt2dY4FoLBK6YXE85Ju2ZbftyXEH4ff7JjTzXPJOhN7BJW+L2WjFPkAeyEdi3Y/ -5zrKVtRQRXpmELeYOpgxy5CZfmknYyForhNwKKGL14GFE4/O50nbsnHzjAECMQD0 -IqQbfR334+BtSn4qczFm5q8QbhTjkQMRQ4bn4xGBKdGU/PwmyJj5DpF54FoRmIEC -MQDkG9OgZo8VKRsVPUeJXjMQQNChes1Q7+W8A/qnt8IuHaedohEjC4fDFNSEbyl7 -eFcCMQDMokC2PeChySNz2G36fQXav9/bwLnHqeRNUzHAKwegIYJoBMoCZEA8+uYb -p183woECMBzA2TM92klbjhtmRw8svZkN4n6IYTsTkkzZ342mnyZ6/HblR+239VwE -0ykCbiMvLwIwcJxV2F1UXJ2wvwNJhGdYPzHW2fWelsB7KIwcHHKEMX0Q/WZ7usQe -8nhaXrUdJdA0 ------END PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIIBywIBAAJhANmJY6FPDF0oqQEJCSrTx+ezfCU8qB6NwF2SqrphhhRFCYaMiKeg +bRVB4pCxjGrDM2iuwlMy2QqJo4TST4MgMbK44fG7fHip+IhD/lJAfSsL56ZKz3T9 +tlog4VFGynJL1wIDAQABAmEAjB02Etw7dnWOBaCwSumFxPOSbtmW37clxB+H3+yY +081zyToTewSVvi9loxT5AHshHYt2P+c6ylbUUEV6ZhC3mDqYMcuQmX5pJ2MhaK4T +cCihi9eBhROPzudJ27Jx84wBAjEA9CKkG30d9+PgbUp+KnMxZuavEG4U45EDEUOG +5+MRgSnRlPz8JsiY+Q6ReeBaEZiBAjEA5BvToGaPFSkbFT1HiV4zEEDQoXrNUO/l +vAP6p7fCLh2nnaIRIwuHwxTUhG8pe3hXAjEAzKJAtj3gockjc9ht+n0F2r/f28C5 +x6nkTVMxwCsHoCGCaATKAmRAPPrmG6dfN8KBAjAcwNkzPdpJW44bZkcPLL2ZDeJ+ +iGE7E5JM2d+Npp8mevx25Uftt/VcBNMpAm4jLy8CMHCcVdhdVFydsL8DSYRnWD8x +1tn1npbAeyiMHBxyhDF9EP1me7rEHvJ4Wl61HSXQNA== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_769_clear.pem b/tests/data_files/rsa_pkcs1_769_clear.pem index a04b2c1b2e..25e12bde55 100644 --- a/tests/data_files/rsa_pkcs1_769_clear.pem +++ b/tests/data_files/rsa_pkcs1_769_clear.pem @@ -1,13 +1,12 @@ ------BEGIN PRIVATE KEY----- -MIIB5gIBADANBgkqhkiG9w0BAQEFAASCAdAwggHMAgEAAmEBtTOp1rud7hQbMLrQ -2Q0BfF7CX+XtflbWxy9ZBUpuyGxJCgdw4+PXZGa64DaxHozNM3EHGxvnYc1uuWpl -g3kvTu5qfAzZuKjnGXVIVc3aneHMTYQeUzWcGrSxJdtfhRr5AgMBAAECYQDVGAxU -/HdannQuSTAYSu2JeApXgZNDPAJNbXd/S6s5hwYGnF/aw6etaSD2vdGQqWDblwjk -hUxvweEe2bCobFuYXTzO7l7glvfNpHn2VOy44SFW51YG1JGyJ3qpm6DQ+30CMQG8 -3YQ7tWfTExA+mE7AxHuG1XPHGwANEEeZL7WmmkIUs6nCpUM5tyeXelXDbAZ3c9MC -MQD7lwqpfq18pTA1Hzz+6sAaD5Pdiyo2zi3m3ke4azsCxiPTENNO8cSwjBqi8ITA -EoMCMFJMOJZDLP3jXPH3gzouHxwGiPCgkhXYmSZBqT009FyYECOuJw2aUHy5aPxK -E7gteQIxAOPRzRzYkh6JstKXu/MV/ehbbMkzqIFCSHyDkaxkpWYIqA4LcV1OPo6j -/8bGR19qIwIxAaxBZhV5njcSqf5lhJ5ftLMWiXQEzKO8pdOkLOeqT35zVPzpz0LD -ZF3/s0smY+YZHg== ------END PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIIBzAIBAAJhAbUzqda7ne4UGzC60NkNAXxewl/l7X5W1scvWQVKbshsSQoHcOPj +12RmuuA2sR6MzTNxBxsb52HNbrlqZYN5L07uanwM2bio5xl1SFXN2p3hzE2EHlM1 +nBq0sSXbX4Ua+QIDAQABAmEA1RgMVPx3Wp50LkkwGErtiXgKV4GTQzwCTW13f0ur +OYcGBpxf2sOnrWkg9r3RkKlg25cI5IVMb8HhHtmwqGxbmF08zu5e4Jb3zaR59lTs +uOEhVudWBtSRsid6qZug0Pt9AjEBvN2EO7Vn0xMQPphOwMR7htVzxxsADRBHmS+1 +pppCFLOpwqVDObcnl3pVw2wGd3PTAjEA+5cKqX6tfKUwNR88/urAGg+T3YsqNs4t +5t5HuGs7AsYj0xDTTvHEsIwaovCEwBKDAjBSTDiWQyz941zx94M6Lh8cBojwoJIV +2JkmQak9NPRcmBAjricNmlB8uWj8ShO4LXkCMQDj0c0c2JIeibLSl7vzFf3oW2zJ +M6iBQkh8g5GsZKVmCKgOC3FdTj6Oo//GxkdfaiMCMQGsQWYVeZ43Eqn+ZYSeX7Sz +Fol0BMyjvKXTpCznqk9+c1T86c9Cw2Rd/7NLJmPmGR4= +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_770_clear.pem b/tests/data_files/rsa_pkcs1_770_clear.pem index 6e90126f86..0a707a8b7e 100644 --- a/tests/data_files/rsa_pkcs1_770_clear.pem +++ b/tests/data_files/rsa_pkcs1_770_clear.pem @@ -1,13 +1,12 @@ ------BEGIN PRIVATE KEY----- -MIIB5wIBADANBgkqhkiG9w0BAQEFAASCAdEwggHNAgEAAmEDS2vbf8jg+A02Gcl2 -91UaWDaGIAopYPuRhxcYRmA+pPJjWtU0Pyqiojuf0gmILgDSX43uVlx4ZWi0yP90 -9jUNMxZPTU2wQleHjuVAk10eGknKxnKh2YX43vWyy1zaLKcxAgMBAAECYQEY6b+d -/AYSGDRgul1JW6r+nopluXy2tJNv7x1Cs2OqBKFa65APSeAJMNq2Vj5pNBOnzaHK -NPv4S0Z/HOh8DylYdJXW6+4lVZqYrLwC1XVhejmVERnKNOB0nO4qPAjHTQECMQHh -c8/cL9618nOYJwJigr5NiNIJ1h0htUhllNHzGBqtQG7YrN50p9x1HQfzKSVGnGkC -MQHAd7y2zJenNtfwTR976ooaun+FZ6ixOF3ctuFg37o1WzthSS2EgIlrhNl8LmrI -+4kCMQHE62NO+8WjGwv9xizrKZ4HaMBXOpM7Q8Rws5jy/OkTtXrR4YaA7e1qSz5Q -VZPYookCMQCEIYMjZKIl7R2wOjjVfKPV/i7GMmVcWZwmBGfg7+ngAJI9Np9Hk8tp -N0oQsWha8OkCMQF4Y76OsODPpqgnt6RrwkzEBYe5ubRQ+yvskgthKzFWIkVYhUbA -iCclTg3LxTkuF9I= ------END PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIIBzQIBAAJhA0tr23/I4PgNNhnJdvdVGlg2hiAKKWD7kYcXGEZgPqTyY1rVND8q +oqI7n9IJiC4A0l+N7lZceGVotMj/dPY1DTMWT01NsEJXh47lQJNdHhpJysZyodmF ++N71sstc2iynMQIDAQABAmEBGOm/nfwGEhg0YLpdSVuq/p6KZbl8trSTb+8dQrNj +qgShWuuQD0ngCTDatlY+aTQTp82hyjT7+EtGfxzofA8pWHSV1uvuJVWamKy8AtV1 +YXo5lREZyjTgdJzuKjwIx00BAjEB4XPP3C/etfJzmCcCYoK+TYjSCdYdIbVIZZTR +8xgarUBu2KzedKfcdR0H8yklRpxpAjEBwHe8tsyXpzbX8E0fe+qKGrp/hWeosThd +3LbhYN+6NVs7YUkthICJa4TZfC5qyPuJAjEBxOtjTvvFoxsL/cYs6ymeB2jAVzqT +O0PEcLOY8vzpE7V60eGGgO3taks+UFWT2KKJAjEAhCGDI2SiJe0dsDo41Xyj1f4u +xjJlXFmcJgRn4O/p4ACSPTafR5PLaTdKELFoWvDpAjEBeGO+jrDgz6aoJ7eka8JM +xAWHubm0UPsr7JILYSsxViJFWIVGwIgnJU4Ny8U5LhfS +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_776_clear.pem b/tests/data_files/rsa_pkcs1_776_clear.pem index cbf421f2ef..e62f7b195b 100644 --- a/tests/data_files/rsa_pkcs1_776_clear.pem +++ b/tests/data_files/rsa_pkcs1_776_clear.pem @@ -1,13 +1,12 @@ ------BEGIN PRIVATE KEY----- -MIIB6AIBADANBgkqhkiG9w0BAQEFAASCAdIwggHOAgEAAmIA2ddFQYzrl74kgTjz -Pwv1/FaIisF994XKewWKHiWEWsiWJN/74nJH3yVHxMYs7THYKix9v689xfv5s12+ -o6fernc1xhgWeKHsa40d4L8ECwjpzkfYdPdHDcsIk8GT/JeEWwIDAQABAmE//F1Z -Xb0tuyoZ0tKQKEE+t2Qv7ZnEhMXu0Le7FyYDTHvdpPTllM/LmbW09MjpewSM4eVk -2RhSSp5sJICT4nCiLx4yOqR6OvLtH3ZIETG9HGFLFiQWJjczUDFQ7WSb1BlhAjEP -PbkpPmmN2deZxeifjCOymWYqVVdGjLXUKO6Qstksgz7AtbSeGKSzQKys1jpVNwvT -AjEOSwEInewxEpBxRb8wuaitMdO9XmKtoqthLkDR7ftjiL+DdUQmvNZpOvUWkowz -APhZAjEI73Dco0CS70IdXw/waeKL1K825m2SaPA4//5NSu1T0WY66MyJW31DsgkK -E1aDmxANAjEEyKfU6X53Qj5kGzMNrOY+6bFz7VZbxVlVEnURjnSYcNmgtywTRxsA -Z4JGhtAz9fwpAjEBs5I5adCIv7hC5jmtDTlbYEvepIRPu7vlFxPd4+dpmwl/kLB6 -6UO1U5XLxyraxdBb ------END PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIIBzgIBAAJiANnXRUGM65e+JIE48z8L9fxWiIrBffeFynsFih4lhFrIliTf++Jy +R98lR8TGLO0x2Cosfb+vPcX7+bNdvqOn3q53NcYYFnih7GuNHeC/BAsI6c5H2HT3 +Rw3LCJPBk/yXhFsCAwEAAQJhP/xdWV29LbsqGdLSkChBPrdkL+2ZxITF7tC3uxcm +A0x73aT05ZTPy5m1tPTI6XsEjOHlZNkYUkqebCSAk+Jwoi8eMjqkejry7R92SBEx +vRxhSxYkFiY3M1AxUO1km9QZYQIxDz25KT5pjdnXmcXon4wjsplmKlVXRoy11Cju +kLLZLIM+wLW0nhiks0CsrNY6VTcL0wIxDksBCJ3sMRKQcUW/MLmorTHTvV5iraKr +YS5A0e37Y4i/g3VEJrzWaTr1FpKMMwD4WQIxCO9w3KNAku9CHV8P8Gnii9SvNuZt +kmjwOP/+TUrtU9FmOujMiVt9Q7IJChNWg5sQDQIxBMin1Ol+d0I+ZBszDazmPumx +c+1WW8VZVRJ1EY50mHDZoLcsE0cbAGeCRobQM/X8KQIxAbOSOWnQiL+4QuY5rQ05 +W2BL3qSET7u75RcT3ePnaZsJf5CweulDtVOVy8cq2sXQWw== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_784_clear.pem b/tests/data_files/rsa_pkcs1_784_clear.pem index 03eb10e126..b7b424b02b 100644 --- a/tests/data_files/rsa_pkcs1_784_clear.pem +++ b/tests/data_files/rsa_pkcs1_784_clear.pem @@ -1,13 +1,12 @@ ------BEGIN PRIVATE KEY----- -MIIB7QIBADANBgkqhkiG9w0BAQEFAASCAdcwggHTAgEAAmMAvbHZtyhktEvbWBdx -axUmmPLrlPu3qWyD/uWhht5mggzVgJuA5rCPdzZuSJOhzneTWyJeldIvN0jI8K+z -tOb2rWY0eLikyaI5T/j3BcpnMSvz6Igwdd8ZXHKxsixyH/Wb/JMCAwEAAQJiGxeb -kJ0kRNvQp/QxLqoGqTGIk+6ffIMTFwSU3T5GRayvkX6kGk59LvmHJrZvFZ3eXZbI -QDclNOS96CGaw7LdTM8L8iFAsYVg6xGDqJrJ+VRU5sOut2ZcvTKwjZXhrTvvQwEC -MgDd9eo/pDyuDlYTZF10V4AZhOZ9oNT1EYfx57jDSQhNNc6vbdYcSAhi6ykowHTW -C+D5AjIA2skwnxXPAl16rbwpIFMK1BrAsYeZfPOxpKIPXiGMQNCdVOQERYyG1vK5 -2bQ1eO446wIxePaABtb2ytS9TCwyUiktgrrO8kAoTraTI95o7uRqRcnBLhHp0dff -2ijWcYMRKWWn4QIyAMoS9yCIcRm7I1siJk4fxSmgyAdwufhp0NLBiDYmADfBNv+4 -VqWyJLyVlciZJKZcSR8CMTfLvGlWObOndbb+I1IrAFZM4vK7TopDTeBAS2+5fIST -o3H7yyLP1EfKMqdEvgfNEz0= ------END PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIIB0wIBAAJjAL2x2bcoZLRL21gXcWsVJpjy65T7t6lsg/7loYbeZoIM1YCbgOaw +j3c2bkiToc53k1siXpXSLzdIyPCvs7Tm9q1mNHi4pMmiOU/49wXKZzEr8+iIMHXf +GVxysbIsch/1m/yTAgMBAAECYhsXm5CdJETb0Kf0MS6qBqkxiJPun3yDExcElN0+ +RkWsr5F+pBpOfS75hya2bxWd3l2WyEA3JTTkveghmsOy3UzPC/IhQLGFYOsRg6ia +yflUVObDrrdmXL0ysI2V4a0770MBAjIA3fXqP6Q8rg5WE2RddFeAGYTmfaDU9RGH +8ee4w0kITTXOr23WHEgIYuspKMB01gvg+QIyANrJMJ8VzwJdeq28KSBTCtQawLGH +mXzzsaSiD14hjEDQnVTkBEWMhtbyudm0NXjuOOsCMXj2gAbW9srUvUwsMlIpLYK6 +zvJAKE62kyPeaO7kakXJwS4R6dHX39oo1nGDESllp+ECMgDKEvcgiHEZuyNbIiZO +H8UpoMgHcLn4adDSwYg2JgA3wTb/uFalsiS8lZXImSSmXEkfAjE3y7xpVjmzp3W2 +/iNSKwBWTOLyu06KQ03gQEtvuXyEk6Nx+8siz9RHyjKnRL4HzRM9 +-----END RSA PRIVATE KEY-----