cert-tests: test parsing and decoding of GOST private keys

Add a test for parsing and decoding GOST private keys in different formats, incuding encrypted keys. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> 2018-11-13 11:25:17 +0300
committer: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> 2018-11-16 03:42:46 +0300
commit: 8a66a118b80c23b8412582c092fe6d223f335d1f (patch)
tree: 7e6488197375be636bbac60028789948ad16ba5d
parent: c97840a72257122095ccfc6e1806e1afc6e53069 (diff)
download: gnutls-8a66a118b80c23b8412582c092fe6d223f335d1f.tar.gz
15 files changed, 321 insertions, 2 deletions
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index 0d800c24fe..26dd5b22bb 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -94,7 +94,10 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem
 	data/key-invalid3.der data/pkcs8-eddsa.pem data/pkcs8-eddsa.pem.txt \
 	data/rfc4490.p7b data/rfc4490.p7b.out data/gost01.p12 data/gost12.p12 data/gost12-2.p12 \
 	data/ca-crl-invalid.crl data/ca-crl-invalid.pem data/ca-crl-valid.pem data/ca-crl-valid.crl \
-	data/rfc4134-ca-rsa.pem data/rfc4134-4.5.p7b
+	data/rfc4134-ca-rsa.pem data/rfc4134-4.5.p7b \
+	data/key-gost01.p8 data/key-gost01-2.p8 data/key-gost01-2-enc.p8 \
+	data/key-gost12-256.p8 data/key-gost12-256-2.p8 data/key-gost12-256-2-enc.p8 \
+	data/key-gost12-512.p8
 
 dist_check_SCRIPTS = pathlen aki invalid-sig email \
 	pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \
@@ -126,7 +129,7 @@ endif
 if ENABLE_GOST
 dist_check_SCRIPTS += gost
 if !WINDOWS
-dist_check_SCRIPTS += pkcs12-gost
+dist_check_SCRIPTS += pkcs12-gost pkcs8-gost
 endif
 endif
 
diff --git a/tests/cert-tests/data/key-gost01-2-enc.p8 b/tests/cert-tests/data/key-gost01-2-enc.p8
new file mode 100644
index 0000000000..81d8347ad7
--- /dev/null
+++ b/tests/cert-tests/data/key-gost01-2-enc.p8
@@ -0,0 +1,6 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIG4MG0GCSqGSIb3DQEFDTBgMD8GCSqGSIb3DQEFDDAyBCC6bhoitdzE02HJYwrv
+t6fS+JQ/UFHInX9LqJgR/KdF+AICB9AwCgYGKoUDAgIKBQAwHQYGKoUDAgIVMBME
+CJYqb3jDyCMsBgcqhQMCAh8BBEdzhSi7v1vL7sUZpcQSmmpzTCj+Tgkff4uLp6hH
+lHc23xJOF6dcPvVlXPtiRUmNpl56BquVRo7Gb0vx6pKLgR8eJNmbWdoGtA==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost01-2-enc.p8.txt b/tests/cert-tests/data/key-gost01-2-enc.p8.txt
new file mode 100644
index 0000000000..e979dd6348
--- /dev/null
+++ b/tests/cert-tests/data/key-gost01-2-enc.p8.txt
@@ -0,0 +1,40 @@
+PKCS #8 information:
+	Cipher: GOST28147-CPA-CFB
+	Schema: PBES2-GOST28147-89-CPA (1.2.643.2.2.31.1)
+	Salt: ba6e1a22b5dcc4d361c9630aefb7a7d2f8943f5051c89d7f4ba89811fca745f8
+	Salt size: 32
+	Iteration count: 2000
+
+Public Key Info:
+	Public Key Algorithm: GOST R 34.10-2001
+	Key Security Level: High (256 bits)
+
+curve:	CryptoPro-A
+digest:	GOSTR341194
+paramset:	CryptoPro-A
+private key:
+	c9:0d:4a:60:74:4b:6e:f9:dd:b1:f1:d5:e2:34:f0:6c
+	ef:73:74:52:2d:03:91:89:d9:2e:82:dd:cf:41:14:16
+	
+
+x:
+	da:14:e3:09:c9:90:76:36:7e:d2:1e:f2:32:54:62:a0
+	a3:7a:fe:69:16:88:40:1d:28:98:25:00:23:30:52:79
+	
+
+y:
+	92:01:db:d3:34:89:e6:74:86:e1:6c:81:a4:76:aa:d9
+	1d:ac:c9:8a:5e:a2:fa:cf:ad:2e:47:8c:65:ed:c8:7b
+	
+
+
+Public Key PIN:
+	pin-sha256:naEvzBbx6qkKlM3WetsTn09kpou+R1k6eCZvVFxEPc0=
+Public Key ID:
+	sha256:9da12fcc16f1eaa90a94cdd67adb139f4f64a68bbe47593a78266f545c443dcd
+	sha1:56f0aab16eb873a50453b5209b65fe31e6493317
+
+-----BEGIN PRIVATE KEY-----
+MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgFhRBz92CLtmJ
+kQMtUnRz72zwNOLV8bHd+W5LdGBKDck=
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost01-2.p8 b/tests/cert-tests/data/key-gost01-2.p8
new file mode 100644
index 0000000000..88d397efa4
--- /dev/null
+++ b/tests/cert-tests/data/key-gost01-2.p8
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgFhRBz92CLtmJ
+kQMtUnRz72zwNOLV8bHd+W5LdGBKDck=
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost01-2.p8.txt b/tests/cert-tests/data/key-gost01-2.p8.txt
new file mode 100644
index 0000000000..54c5626d29
--- /dev/null
+++ b/tests/cert-tests/data/key-gost01-2.p8.txt
@@ -0,0 +1,33 @@
+Public Key Info:
+	Public Key Algorithm: GOST R 34.10-2001
+	Key Security Level: High (256 bits)
+
+curve:	CryptoPro-A
+digest:	GOSTR341194
+paramset:	CryptoPro-A
+private key:
+	c9:0d:4a:60:74:4b:6e:f9:dd:b1:f1:d5:e2:34:f0:6c
+	ef:73:74:52:2d:03:91:89:d9:2e:82:dd:cf:41:14:16
+	
+
+x:
+	da:14:e3:09:c9:90:76:36:7e:d2:1e:f2:32:54:62:a0
+	a3:7a:fe:69:16:88:40:1d:28:98:25:00:23:30:52:79
+	
+
+y:
+	92:01:db:d3:34:89:e6:74:86:e1:6c:81:a4:76:aa:d9
+	1d:ac:c9:8a:5e:a2:fa:cf:ad:2e:47:8c:65:ed:c8:7b
+	
+
+
+Public Key PIN:
+	pin-sha256:naEvzBbx6qkKlM3WetsTn09kpou+R1k6eCZvVFxEPc0=
+Public Key ID:
+	sha256:9da12fcc16f1eaa90a94cdd67adb139f4f64a68bbe47593a78266f545c443dcd
+	sha1:56f0aab16eb873a50453b5209b65fe31e6493317
+
+-----BEGIN PRIVATE KEY-----
+MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgFhRBz92CLtmJ
+kQMtUnRz72zwNOLV8bHd+W5LdGBKDck=
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost01.p8 b/tests/cert-tests/data/key-gost01.p8
new file mode 100644
index 0000000000..0e4afabdb4
--- /dev/null
+++ b/tests/cert-tests/data/key-gost01.p8
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEUCAQAwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgEEIgIgCyk74FDQCCva
+54VjGmuraPNbQnhtbdpWr68WmJEED3c=
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost01.p8.txt b/tests/cert-tests/data/key-gost01.p8.txt
new file mode 100644
index 0000000000..d0d1323625
--- /dev/null
+++ b/tests/cert-tests/data/key-gost01.p8.txt
@@ -0,0 +1,33 @@
+Public Key Info:
+	Public Key Algorithm: GOST R 34.10-2001
+	Key Security Level: High (256 bits)
+
+curve:	CryptoPro-XchA
+digest:	GOSTR341194
+paramset:	CryptoPro-A
+private key:
+	0b:29:3b:e0:50:d0:08:2b:da:e7:85:63:1a:6b:ab:68
+	f3:5b:42:78:6d:6d:da:56:af:af:16:98:91:04:0f:77
+	
+
+x:
+	57:7e:32:4f:e7:0f:2b:6d:f4:5c:43:7a:03:05:e5:fd
+	2c:89:31:8c:13:cd:08:75:40:1a:02:60:75:68:95:84
+	
+
+y:
+	60:1a:ea:ca:bc:66:0f:df:b0:cb:c7:56:7e:bb:a6:ea
+	8d:e4:0f:ae:85:7c:9a:d0:03:88:95:b9:16:cc:eb:8f
+	
+
+
+Public Key PIN:
+	pin-sha256:zO1bMbwojs1uE302Tl1uAkcXYVw9AW8b3EauBIKNpM4=
+Public Key ID:
+	sha256:cced5b31bc288ecd6e137d364e5d6e024717615c3d016f1bdc46ae04828da4ce
+	sha1:1a0442de4518bb407e6ed5690046839a13fec03d
+
+-----BEGIN PRIVATE KEY-----
+MEUCAQAwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgEEIgQgdw8EkZgWr69W
+2m1teEJb82iraxpjhefaKwjQUOA7KQs=
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost12-256-2-enc.p8 b/tests/cert-tests/data/key-gost12-256-2-enc.p8
new file mode 100644
index 0000000000..204cce8302
--- /dev/null
+++ b/tests/cert-tests/data/key-gost12-256-2-enc.p8
@@ -0,0 +1,7 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIHdMHEGCSqGSIb3DQEFDTBkMEEGCSqGSIb3DQEFDDA0BCD5qZr0TTIsBvdgUoq/
+zFwOzdyJohj6/4Wiyccgj9AK/QICB9AwDAYIKoUDBwEBBAIFADAfBgYqhQMCAhUw
+FQQI3Ip/Vp0IsyIGCSqFAwcBAgUBAQRoSfLhgx9s/zn+BjnhT0ror07vS55Ys5hg
+vVpWDx4mXGWWyez/2sMcaFgSr4H4UTGGwoMynGLpF1IOVo+bGJ0ePqHB+gS5OL9o
+V+PUmZ/ELrRENKlCDqfYWvpSystX29CvCFrnTnDsbBY=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost12-256-2-enc.p8.txt b/tests/cert-tests/data/key-gost12-256-2-enc.p8.txt
new file mode 100644
index 0000000000..949917aceb
--- /dev/null
+++ b/tests/cert-tests/data/key-gost12-256-2-enc.p8.txt
@@ -0,0 +1,40 @@
+PKCS #8 information:
+	Cipher: GOST28147-TC26Z-CFB
+	Schema: PBES2-GOST28147-89-TC26Z (1.2.643.7.1.2.5.1.1)
+	Salt: f9a99af44d322c06f760528abfcc5c0ecddc89a218faff85a2c9c7208fd00afd
+	Salt size: 32
+	Iteration count: 2000
+
+Public Key Info:
+	Public Key Algorithm: GOST R 34.10-2012-256
+	Key Security Level: High (256 bits)
+
+curve:	CryptoPro-A
+digest:	STREEBOG-256
+paramset:	TC26-Z
+private key:
+	2b:ea:34:a3:b0:5d:19:64:5b:8f:41:24:6a:99:50:08
+	23:07:00:fd:00:6b:a6:eb:53:b4:22:55:9c:ef:22:52
+	
+
+x:
+	62:22:79:60:91:29:44:b5:72:73:b1:46:e8:ff:7a:df
+	0e:f7:e5:4c:16:3f:25:58:67:af:6f:4a:9a:f2:1c:d7
+	
+
+y:
+	95:c2:14:be:41:07:b0:80:de:cc:93:07:17:51:e0:d2
+	46:c8:d4:f8:91:57:30:85:44:b8:c0:02:3d:d8:e2:4c
+	
+
+
+Public Key PIN:
+	pin-sha256:WB8JpdrRogkTwsox4PlsGW/xvh/47NjXrKg0yXXXo2Y=
+Public Key ID:
+	sha256:581f09a5dad1a20913c2ca31e0f96c196ff1be1ff8ecd8d7aca834c975d7a366
+	sha1:83fbb2e3aad179fd9e712583c91710ceb157e3e6
+
+-----BEGIN PRIVATE KEY-----
+MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgUiLvnFUi
+tFPrpmsA/QAHIwhQmWokQY9bZBldsKM06is=
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost12-256-2.p8 b/tests/cert-tests/data/key-gost12-256-2.p8
new file mode 100644
index 0000000000..421422b9fc
--- /dev/null
+++ b/tests/cert-tests/data/key-gost12-256-2.p8
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MGYCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEQEYbRu86z+1JFKDcPDN9UbTG
+G2ki9enTqos4KpUU0j9IDpl1UXiaA1YDIwUjlAp+81GkLmyt8Fw6Gt/X5JZySAY=
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost12-256-2.p8.txt b/tests/cert-tests/data/key-gost12-256-2.p8.txt
new file mode 100644
index 0000000000..cb9c6849c8
--- /dev/null
+++ b/tests/cert-tests/data/key-gost12-256-2.p8.txt
@@ -0,0 +1,33 @@
+Public Key Info:
+	Public Key Algorithm: GOST R 34.10-2012-256
+	Key Security Level: High (256 bits)
+
+curve:	CryptoPro-A
+digest:	STREEBOG-256
+paramset:	TC26-Z
+private key:
+	2b:ea:34:a3:b0:5d:19:64:5b:8f:41:24:6a:99:50:08
+	23:07:00:fd:00:6b:a6:eb:53:b4:22:55:9c:ef:22:52
+	
+
+x:
+	62:22:79:60:91:29:44:b5:72:73:b1:46:e8:ff:7a:df
+	0e:f7:e5:4c:16:3f:25:58:67:af:6f:4a:9a:f2:1c:d7
+	
+
+y:
+	95:c2:14:be:41:07:b0:80:de:cc:93:07:17:51:e0:d2
+	46:c8:d4:f8:91:57:30:85:44:b8:c0:02:3d:d8:e2:4c
+	
+
+
+Public Key PIN:
+	pin-sha256:WB8JpdrRogkTwsox4PlsGW/xvh/47NjXrKg0yXXXo2Y=
+Public Key ID:
+	sha256:581f09a5dad1a20913c2ca31e0f96c196ff1be1ff8ecd8d7aca834c975d7a366
+	sha1:83fbb2e3aad179fd9e712583c91710ceb157e3e6
+
+-----BEGIN PRIVATE KEY-----
+MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgUiLvnFUi
+tFPrpmsA/QAHIwhQmWokQY9bZBldsKM06is=
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost12-256.p8 b/tests/cert-tests/data/key-gost12-256.p8
new file mode 100644
index 0000000000..df1b5558f9
--- /dev/null
+++ b/tests/cert-tests/data/key-gost12-256.p8
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEkCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIEIwIhAL/PHWI+
+XN0wMqfG6rtKkjxG5D1kD/6q8sPtOaj6OZkk
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost12-256.p8.txt b/tests/cert-tests/data/key-gost12-256.p8.txt
new file mode 100644
index 0000000000..1f45736bcc
--- /dev/null
+++ b/tests/cert-tests/data/key-gost12-256.p8.txt
@@ -0,0 +1,33 @@
+Public Key Info:
+	Public Key Algorithm: GOST R 34.10-2012-256
+	Key Security Level: High (256 bits)
+
+curve:	CryptoPro-XchA
+digest:	STREEBOG-256
+paramset:	TC26-Z
+private key:
+	bf:cf:1d:62:3e:5c:dd:30:32:a7:c6:ea:bb:4a:92:3c
+	46:e4:3d:64:0f:fe:aa:f2:c3:ed:39:a8:fa:39:99:24
+	
+
+x:
+	97:15:66:ce:da:43:6e:e7:67:8f:7e:07:e8:4e:bb:72
+	17:40:6c:0b:47:47:aa:8f:d2:ab:14:53:c3:d0:df:ba
+	
+
+y:
+	ad:58:73:69:65:94:9f:8e:59:83:0f:8d:e2:0f:c6:c0
+	d1:77:f6:ab:59:98:74:f1:e2:e2:4f:f7:1f:9c:e6:43
+	
+
+
+Public Key PIN:
+	pin-sha256:T1yRU6smDaTNkinx7qvQTgdlWn3wf+NBoRSN0P+kZLU=
+Public Key ID:
+	sha256:4f5c9153ab260da4cd9229f1eeabd04e07655a7df07fe341a1148dd0ffa464b5
+	sha1:6af61bb89223c1fed11cd7cca8afce63112679ae
+
+-----BEGIN PRIVATE KEY-----
+MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIEIgQgJJk5+qg5
+7cPyqv4PZD3kRjySSrvqxqcyMN1cPmIdz78=
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/data/key-gost12-512.p8 b/tests/cert-tests/data/key-gost12-512.p8
new file mode 100644
index 0000000000..6c73a4ece3
--- /dev/null
+++ b/tests/cert-tests/data/key-gost12-512.p8
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MGoCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQICBggqhQMHAQECAwRCAkA/wBzc
+1Oxfly60gndMQeZtt/OAUo3+nmeZK6Ba7kYkNXV1MOZBB3zlh7l2yO60jEj9M/0X
+Xwx95qROAU5rywdL
+-----END PRIVATE KEY-----
diff --git a/tests/cert-tests/pkcs8-gost b/tests/cert-tests/pkcs8-gost
new file mode 100755
index 0000000000..325b47a581
--- /dev/null
+++ b/tests/cert-tests/pkcs8-gost
@@ -0,0 +1,70 @@
+#!/bin/sh
+
+# Copyright (C) 2018 Dmitry Eremin-Solenikov
+# Copyright (C) 2004-2006, 2010, 2012 Free Software Foundation, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+srcdir="${srcdir:-.}"
+CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
+DIFF="${DIFF:-diff -b -B}"
+TMPFILE=pkcs8-gost-decode.$$.tmp
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then
+	echo "Cannot run in FIPS140-2 mode"
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+ret=0
+# key-gost12-512.p8 is not supported for now: it uses curve TC26-512-B
+for p8 in "key-gost01.p8" "key-gost12-256.p8" "key-gost01-2.p8" "key-gost12-256-2.p8" "key-gost01-2-enc.p8 Пароль%20для%20PFX" "key-gost12-256-2-enc.p8 Пароль%20для%20PFX"; do
+	set -- ${p8}
+	file="$1"
+	passwd=$(echo $2|sed 's/%20/ /g')
+	${VALGRIND} "${CERTTOOL}" --key-info --pkcs8 --password "${passwd}" \
+		--infile "${srcdir}/data/${file}" --outfile $TMPFILE \
+		--pkcs-cipher none
+	rc=$?
+	if test ${rc} != 0; then
+		echo "PKCS8 FATAL ${p8}"
+		ret=1
+		continue
+	fi
+
+	${DIFF} "${srcdir}/data/${1}.txt" $TMPFILE
+	rc=$?
+	if test ${rc} != 0; then
+		cat $TMPFILE
+		echo "PKCS8 FATAL TXT ${p8}"
+		ret=1
+	else
+		echo "PKCS8 OK ${p8}"
+	fi
+done
+
+rm -f $TMPFILE
+
+echo "PKCS8 DONE (rc $ret)"
+exit $ret
author	Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>	2018-11-13 11:25:17 +0300
committer	Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>	2018-11-16 03:42:46 +0300
commit	8a66a118b80c23b8412582c092fe6d223f335d1f (patch)
tree	7e6488197375be636bbac60028789948ad16ba5d
parent	c97840a72257122095ccfc6e1806e1afc6e53069 (diff)
download	gnutls-8a66a118b80c23b8412582c092fe6d223f335d1f.tar.gz