From 8a66a118b80c23b8412582c092fe6d223f335d1f Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov Date: Tue, 13 Nov 2018 11:25:17 +0300 Subject: cert-tests: test parsing and decoding of GOST private keys Add a test for parsing and decoding GOST private keys in different formats, incuding encrypted keys. Signed-off-by: Dmitry Eremin-Solenikov --- tests/cert-tests/Makefile.am | 7 ++- tests/cert-tests/data/key-gost01-2-enc.p8 | 6 ++ tests/cert-tests/data/key-gost01-2-enc.p8.txt | 40 +++++++++++++ tests/cert-tests/data/key-gost01-2.p8 | 4 ++ tests/cert-tests/data/key-gost01-2.p8.txt | 33 +++++++++++ tests/cert-tests/data/key-gost01.p8 | 4 ++ tests/cert-tests/data/key-gost01.p8.txt | 33 +++++++++++ tests/cert-tests/data/key-gost12-256-2-enc.p8 | 7 +++ tests/cert-tests/data/key-gost12-256-2-enc.p8.txt | 40 +++++++++++++ tests/cert-tests/data/key-gost12-256-2.p8 | 4 ++ tests/cert-tests/data/key-gost12-256-2.p8.txt | 33 +++++++++++ tests/cert-tests/data/key-gost12-256.p8 | 4 ++ tests/cert-tests/data/key-gost12-256.p8.txt | 33 +++++++++++ tests/cert-tests/data/key-gost12-512.p8 | 5 ++ tests/cert-tests/pkcs8-gost | 70 +++++++++++++++++++++++ 15 files changed, 321 insertions(+), 2 deletions(-) create mode 100644 tests/cert-tests/data/key-gost01-2-enc.p8 create mode 100644 tests/cert-tests/data/key-gost01-2-enc.p8.txt create mode 100644 tests/cert-tests/data/key-gost01-2.p8 create mode 100644 tests/cert-tests/data/key-gost01-2.p8.txt create mode 100644 tests/cert-tests/data/key-gost01.p8 create mode 100644 tests/cert-tests/data/key-gost01.p8.txt create mode 100644 tests/cert-tests/data/key-gost12-256-2-enc.p8 create mode 100644 tests/cert-tests/data/key-gost12-256-2-enc.p8.txt create mode 100644 tests/cert-tests/data/key-gost12-256-2.p8 create mode 100644 tests/cert-tests/data/key-gost12-256-2.p8.txt create mode 100644 tests/cert-tests/data/key-gost12-256.p8 create mode 100644 tests/cert-tests/data/key-gost12-256.p8.txt create mode 100644 tests/cert-tests/data/key-gost12-512.p8 create mode 100755 tests/cert-tests/pkcs8-gost diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 0d800c24fe..26dd5b22bb 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -94,7 +94,10 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem data/key-invalid3.der data/pkcs8-eddsa.pem data/pkcs8-eddsa.pem.txt \ data/rfc4490.p7b data/rfc4490.p7b.out data/gost01.p12 data/gost12.p12 data/gost12-2.p12 \ data/ca-crl-invalid.crl data/ca-crl-invalid.pem data/ca-crl-valid.pem data/ca-crl-valid.crl \ - data/rfc4134-ca-rsa.pem data/rfc4134-4.5.p7b + data/rfc4134-ca-rsa.pem data/rfc4134-4.5.p7b \ + data/key-gost01.p8 data/key-gost01-2.p8 data/key-gost01-2-enc.p8 \ + data/key-gost12-256.p8 data/key-gost12-256-2.p8 data/key-gost12-256-2-enc.p8 \ + data/key-gost12-512.p8 dist_check_SCRIPTS = pathlen aki invalid-sig email \ pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \ @@ -126,7 +129,7 @@ endif if ENABLE_GOST dist_check_SCRIPTS += gost if !WINDOWS -dist_check_SCRIPTS += pkcs12-gost +dist_check_SCRIPTS += pkcs12-gost pkcs8-gost endif endif diff --git a/tests/cert-tests/data/key-gost01-2-enc.p8 b/tests/cert-tests/data/key-gost01-2-enc.p8 new file mode 100644 index 0000000000..81d8347ad7 --- /dev/null +++ b/tests/cert-tests/data/key-gost01-2-enc.p8 @@ -0,0 +1,6 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIG4MG0GCSqGSIb3DQEFDTBgMD8GCSqGSIb3DQEFDDAyBCC6bhoitdzE02HJYwrv +t6fS+JQ/UFHInX9LqJgR/KdF+AICB9AwCgYGKoUDAgIKBQAwHQYGKoUDAgIVMBME +CJYqb3jDyCMsBgcqhQMCAh8BBEdzhSi7v1vL7sUZpcQSmmpzTCj+Tgkff4uLp6hH +lHc23xJOF6dcPvVlXPtiRUmNpl56BquVRo7Gb0vx6pKLgR8eJNmbWdoGtA== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost01-2-enc.p8.txt b/tests/cert-tests/data/key-gost01-2-enc.p8.txt new file mode 100644 index 0000000000..e979dd6348 --- /dev/null +++ b/tests/cert-tests/data/key-gost01-2-enc.p8.txt @@ -0,0 +1,40 @@ +PKCS #8 information: + Cipher: GOST28147-CPA-CFB + Schema: PBES2-GOST28147-89-CPA (1.2.643.2.2.31.1) + Salt: ba6e1a22b5dcc4d361c9630aefb7a7d2f8943f5051c89d7f4ba89811fca745f8 + Salt size: 32 + Iteration count: 2000 + +Public Key Info: + Public Key Algorithm: GOST R 34.10-2001 + Key Security Level: High (256 bits) + +curve: CryptoPro-A +digest: GOSTR341194 +paramset: CryptoPro-A +private key: + c9:0d:4a:60:74:4b:6e:f9:dd:b1:f1:d5:e2:34:f0:6c + ef:73:74:52:2d:03:91:89:d9:2e:82:dd:cf:41:14:16 + + +x: + da:14:e3:09:c9:90:76:36:7e:d2:1e:f2:32:54:62:a0 + a3:7a:fe:69:16:88:40:1d:28:98:25:00:23:30:52:79 + + +y: + 92:01:db:d3:34:89:e6:74:86:e1:6c:81:a4:76:aa:d9 + 1d:ac:c9:8a:5e:a2:fa:cf:ad:2e:47:8c:65:ed:c8:7b + + + +Public Key PIN: + pin-sha256:naEvzBbx6qkKlM3WetsTn09kpou+R1k6eCZvVFxEPc0= +Public Key ID: + sha256:9da12fcc16f1eaa90a94cdd67adb139f4f64a68bbe47593a78266f545c443dcd + sha1:56f0aab16eb873a50453b5209b65fe31e6493317 + +-----BEGIN PRIVATE KEY----- +MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgFhRBz92CLtmJ +kQMtUnRz72zwNOLV8bHd+W5LdGBKDck= +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost01-2.p8 b/tests/cert-tests/data/key-gost01-2.p8 new file mode 100644 index 0000000000..88d397efa4 --- /dev/null +++ b/tests/cert-tests/data/key-gost01-2.p8 @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgFhRBz92CLtmJ +kQMtUnRz72zwNOLV8bHd+W5LdGBKDck= +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost01-2.p8.txt b/tests/cert-tests/data/key-gost01-2.p8.txt new file mode 100644 index 0000000000..54c5626d29 --- /dev/null +++ b/tests/cert-tests/data/key-gost01-2.p8.txt @@ -0,0 +1,33 @@ +Public Key Info: + Public Key Algorithm: GOST R 34.10-2001 + Key Security Level: High (256 bits) + +curve: CryptoPro-A +digest: GOSTR341194 +paramset: CryptoPro-A +private key: + c9:0d:4a:60:74:4b:6e:f9:dd:b1:f1:d5:e2:34:f0:6c + ef:73:74:52:2d:03:91:89:d9:2e:82:dd:cf:41:14:16 + + +x: + da:14:e3:09:c9:90:76:36:7e:d2:1e:f2:32:54:62:a0 + a3:7a:fe:69:16:88:40:1d:28:98:25:00:23:30:52:79 + + +y: + 92:01:db:d3:34:89:e6:74:86:e1:6c:81:a4:76:aa:d9 + 1d:ac:c9:8a:5e:a2:fa:cf:ad:2e:47:8c:65:ed:c8:7b + + + +Public Key PIN: + pin-sha256:naEvzBbx6qkKlM3WetsTn09kpou+R1k6eCZvVFxEPc0= +Public Key ID: + sha256:9da12fcc16f1eaa90a94cdd67adb139f4f64a68bbe47593a78266f545c443dcd + sha1:56f0aab16eb873a50453b5209b65fe31e6493317 + +-----BEGIN PRIVATE KEY----- +MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgFhRBz92CLtmJ +kQMtUnRz72zwNOLV8bHd+W5LdGBKDck= +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost01.p8 b/tests/cert-tests/data/key-gost01.p8 new file mode 100644 index 0000000000..0e4afabdb4 --- /dev/null +++ b/tests/cert-tests/data/key-gost01.p8 @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEUCAQAwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgEEIgIgCyk74FDQCCva +54VjGmuraPNbQnhtbdpWr68WmJEED3c= +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost01.p8.txt b/tests/cert-tests/data/key-gost01.p8.txt new file mode 100644 index 0000000000..d0d1323625 --- /dev/null +++ b/tests/cert-tests/data/key-gost01.p8.txt @@ -0,0 +1,33 @@ +Public Key Info: + Public Key Algorithm: GOST R 34.10-2001 + Key Security Level: High (256 bits) + +curve: CryptoPro-XchA +digest: GOSTR341194 +paramset: CryptoPro-A +private key: + 0b:29:3b:e0:50:d0:08:2b:da:e7:85:63:1a:6b:ab:68 + f3:5b:42:78:6d:6d:da:56:af:af:16:98:91:04:0f:77 + + +x: + 57:7e:32:4f:e7:0f:2b:6d:f4:5c:43:7a:03:05:e5:fd + 2c:89:31:8c:13:cd:08:75:40:1a:02:60:75:68:95:84 + + +y: + 60:1a:ea:ca:bc:66:0f:df:b0:cb:c7:56:7e:bb:a6:ea + 8d:e4:0f:ae:85:7c:9a:d0:03:88:95:b9:16:cc:eb:8f + + + +Public Key PIN: + pin-sha256:zO1bMbwojs1uE302Tl1uAkcXYVw9AW8b3EauBIKNpM4= +Public Key ID: + sha256:cced5b31bc288ecd6e137d364e5d6e024717615c3d016f1bdc46ae04828da4ce + sha1:1a0442de4518bb407e6ed5690046839a13fec03d + +-----BEGIN PRIVATE KEY----- +MEUCAQAwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgEEIgQgdw8EkZgWr69W +2m1teEJb82iraxpjhefaKwjQUOA7KQs= +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost12-256-2-enc.p8 b/tests/cert-tests/data/key-gost12-256-2-enc.p8 new file mode 100644 index 0000000000..204cce8302 --- /dev/null +++ b/tests/cert-tests/data/key-gost12-256-2-enc.p8 @@ -0,0 +1,7 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHdMHEGCSqGSIb3DQEFDTBkMEEGCSqGSIb3DQEFDDA0BCD5qZr0TTIsBvdgUoq/ +zFwOzdyJohj6/4Wiyccgj9AK/QICB9AwDAYIKoUDBwEBBAIFADAfBgYqhQMCAhUw +FQQI3Ip/Vp0IsyIGCSqFAwcBAgUBAQRoSfLhgx9s/zn+BjnhT0ror07vS55Ys5hg +vVpWDx4mXGWWyez/2sMcaFgSr4H4UTGGwoMynGLpF1IOVo+bGJ0ePqHB+gS5OL9o +V+PUmZ/ELrRENKlCDqfYWvpSystX29CvCFrnTnDsbBY= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost12-256-2-enc.p8.txt b/tests/cert-tests/data/key-gost12-256-2-enc.p8.txt new file mode 100644 index 0000000000..949917aceb --- /dev/null +++ b/tests/cert-tests/data/key-gost12-256-2-enc.p8.txt @@ -0,0 +1,40 @@ +PKCS #8 information: + Cipher: GOST28147-TC26Z-CFB + Schema: PBES2-GOST28147-89-TC26Z (1.2.643.7.1.2.5.1.1) + Salt: f9a99af44d322c06f760528abfcc5c0ecddc89a218faff85a2c9c7208fd00afd + Salt size: 32 + Iteration count: 2000 + +Public Key Info: + Public Key Algorithm: GOST R 34.10-2012-256 + Key Security Level: High (256 bits) + +curve: CryptoPro-A +digest: STREEBOG-256 +paramset: TC26-Z +private key: + 2b:ea:34:a3:b0:5d:19:64:5b:8f:41:24:6a:99:50:08 + 23:07:00:fd:00:6b:a6:eb:53:b4:22:55:9c:ef:22:52 + + +x: + 62:22:79:60:91:29:44:b5:72:73:b1:46:e8:ff:7a:df + 0e:f7:e5:4c:16:3f:25:58:67:af:6f:4a:9a:f2:1c:d7 + + +y: + 95:c2:14:be:41:07:b0:80:de:cc:93:07:17:51:e0:d2 + 46:c8:d4:f8:91:57:30:85:44:b8:c0:02:3d:d8:e2:4c + + + +Public Key PIN: + pin-sha256:WB8JpdrRogkTwsox4PlsGW/xvh/47NjXrKg0yXXXo2Y= +Public Key ID: + sha256:581f09a5dad1a20913c2ca31e0f96c196ff1be1ff8ecd8d7aca834c975d7a366 + sha1:83fbb2e3aad179fd9e712583c91710ceb157e3e6 + +-----BEGIN PRIVATE KEY----- +MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgUiLvnFUi +tFPrpmsA/QAHIwhQmWokQY9bZBldsKM06is= +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost12-256-2.p8 b/tests/cert-tests/data/key-gost12-256-2.p8 new file mode 100644 index 0000000000..421422b9fc --- /dev/null +++ b/tests/cert-tests/data/key-gost12-256-2.p8 @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MGYCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEQEYbRu86z+1JFKDcPDN9UbTG +G2ki9enTqos4KpUU0j9IDpl1UXiaA1YDIwUjlAp+81GkLmyt8Fw6Gt/X5JZySAY= +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost12-256-2.p8.txt b/tests/cert-tests/data/key-gost12-256-2.p8.txt new file mode 100644 index 0000000000..cb9c6849c8 --- /dev/null +++ b/tests/cert-tests/data/key-gost12-256-2.p8.txt @@ -0,0 +1,33 @@ +Public Key Info: + Public Key Algorithm: GOST R 34.10-2012-256 + Key Security Level: High (256 bits) + +curve: CryptoPro-A +digest: STREEBOG-256 +paramset: TC26-Z +private key: + 2b:ea:34:a3:b0:5d:19:64:5b:8f:41:24:6a:99:50:08 + 23:07:00:fd:00:6b:a6:eb:53:b4:22:55:9c:ef:22:52 + + +x: + 62:22:79:60:91:29:44:b5:72:73:b1:46:e8:ff:7a:df + 0e:f7:e5:4c:16:3f:25:58:67:af:6f:4a:9a:f2:1c:d7 + + +y: + 95:c2:14:be:41:07:b0:80:de:cc:93:07:17:51:e0:d2 + 46:c8:d4:f8:91:57:30:85:44:b8:c0:02:3d:d8:e2:4c + + + +Public Key PIN: + pin-sha256:WB8JpdrRogkTwsox4PlsGW/xvh/47NjXrKg0yXXXo2Y= +Public Key ID: + sha256:581f09a5dad1a20913c2ca31e0f96c196ff1be1ff8ecd8d7aca834c975d7a366 + sha1:83fbb2e3aad179fd9e712583c91710ceb157e3e6 + +-----BEGIN PRIVATE KEY----- +MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgUiLvnFUi +tFPrpmsA/QAHIwhQmWokQY9bZBldsKM06is= +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost12-256.p8 b/tests/cert-tests/data/key-gost12-256.p8 new file mode 100644 index 0000000000..df1b5558f9 --- /dev/null +++ b/tests/cert-tests/data/key-gost12-256.p8 @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEkCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIEIwIhAL/PHWI+ +XN0wMqfG6rtKkjxG5D1kD/6q8sPtOaj6OZkk +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost12-256.p8.txt b/tests/cert-tests/data/key-gost12-256.p8.txt new file mode 100644 index 0000000000..1f45736bcc --- /dev/null +++ b/tests/cert-tests/data/key-gost12-256.p8.txt @@ -0,0 +1,33 @@ +Public Key Info: + Public Key Algorithm: GOST R 34.10-2012-256 + Key Security Level: High (256 bits) + +curve: CryptoPro-XchA +digest: STREEBOG-256 +paramset: TC26-Z +private key: + bf:cf:1d:62:3e:5c:dd:30:32:a7:c6:ea:bb:4a:92:3c + 46:e4:3d:64:0f:fe:aa:f2:c3:ed:39:a8:fa:39:99:24 + + +x: + 97:15:66:ce:da:43:6e:e7:67:8f:7e:07:e8:4e:bb:72 + 17:40:6c:0b:47:47:aa:8f:d2:ab:14:53:c3:d0:df:ba + + +y: + ad:58:73:69:65:94:9f:8e:59:83:0f:8d:e2:0f:c6:c0 + d1:77:f6:ab:59:98:74:f1:e2:e2:4f:f7:1f:9c:e6:43 + + + +Public Key PIN: + pin-sha256:T1yRU6smDaTNkinx7qvQTgdlWn3wf+NBoRSN0P+kZLU= +Public Key ID: + sha256:4f5c9153ab260da4cd9229f1eeabd04e07655a7df07fe341a1148dd0ffa464b5 + sha1:6af61bb89223c1fed11cd7cca8afce63112679ae + +-----BEGIN PRIVATE KEY----- +MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIEIgQgJJk5+qg5 +7cPyqv4PZD3kRjySSrvqxqcyMN1cPmIdz78= +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost12-512.p8 b/tests/cert-tests/data/key-gost12-512.p8 new file mode 100644 index 0000000000..6c73a4ece3 --- /dev/null +++ b/tests/cert-tests/data/key-gost12-512.p8 @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MGoCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQICBggqhQMHAQECAwRCAkA/wBzc +1Oxfly60gndMQeZtt/OAUo3+nmeZK6Ba7kYkNXV1MOZBB3zlh7l2yO60jEj9M/0X +Xwx95qROAU5rywdL +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/pkcs8-gost b/tests/cert-tests/pkcs8-gost new file mode 100755 index 0000000000..325b47a581 --- /dev/null +++ b/tests/cert-tests/pkcs8-gost @@ -0,0 +1,70 @@ +#!/bin/sh + +# Copyright (C) 2018 Dmitry Eremin-Solenikov +# Copyright (C) 2004-2006, 2010, 2012 Free Software Foundation, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +srcdir="${srcdir:-.}" +CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +DIFF="${DIFF:-diff -b -B}" +TMPFILE=pkcs8-gost-decode.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +ret=0 +# key-gost12-512.p8 is not supported for now: it uses curve TC26-512-B +for p8 in "key-gost01.p8" "key-gost12-256.p8" "key-gost01-2.p8" "key-gost12-256-2.p8" "key-gost01-2-enc.p8 Пароль%20для%20PFX" "key-gost12-256-2-enc.p8 Пароль%20для%20PFX"; do + set -- ${p8} + file="$1" + passwd=$(echo $2|sed 's/%20/ /g') + ${VALGRIND} "${CERTTOOL}" --key-info --pkcs8 --password "${passwd}" \ + --infile "${srcdir}/data/${file}" --outfile $TMPFILE \ + --pkcs-cipher none + rc=$? + if test ${rc} != 0; then + echo "PKCS8 FATAL ${p8}" + ret=1 + continue + fi + + ${DIFF} "${srcdir}/data/${1}.txt" $TMPFILE + rc=$? + if test ${rc} != 0; then + cat $TMPFILE + echo "PKCS8 FATAL TXT ${p8}" + ret=1 + else + echo "PKCS8 OK ${p8}" + fi +done + +rm -f $TMPFILE + +echo "PKCS8 DONE (rc $ret)" +exit $ret -- cgit v1.2.1